npm - fengming - Versions diffs - 0.3.4 → 0.3.5 - Mend

fengming 0.3.4 → 0.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2016) hide show

package/CHANGELOG.md +3 -2
package/dist/abort-CjCDVBbH.js +277 -0
package/dist/abort.runtime-DxJ8129J.js +2 -0
package/dist/abort.runtime.js +1 -1
package/dist/accounts-Cyn0sm_v.js +423 -0
package/dist/accounts-DzcLKcN5.js +2 -0
package/dist/acp/control-plane/manager.js +1 -1
package/dist/acp-spawn-4lfz_3K9.js +1286 -0
package/dist/acp-spawn-BCUjuO6L.js +2 -0
package/dist/acp-stateful-target-driver-Bv99uwEA.js +89 -0
package/dist/action-info-CP-p6RHS.js +75 -0
package/dist/active-runtime-registry-DjKe53a5.js +62 -0
package/dist/active-tool-schema-warnings-p7CqUnu1.js +105 -0
package/dist/active-tool-schema-warnings-pGI92yka.js +2 -0
package/dist/agent-B77yluip.js +1825 -0
package/dist/agent-BooUvZnR.js +2 -0
package/dist/agent-bundle-lsp-runtime-3ieSgTgo.js +389 -0
package/dist/agent-bundle-lsp-runtime-CkJ0XJK7.js +2 -0
package/dist/agent-bundle-mcp-materialize-BH-esGZL.js +124 -0
package/dist/agent-bundle-mcp-tools-DkixTTnL.js +3 -0
package/dist/agent-command-BJKcnQy6.js +1435 -0
package/dist/agent-delivery-CEfe_Zzt.js +117 -0
package/dist/agent-harness-runtime-R_Ae6o9C.js +207 -0
package/dist/agent-kWSaRcQt.js +3 -0
package/dist/agent-model-discovery-C49swEgd.js +238 -0
package/dist/agent-model-discovery-DZbixJQs.js +3 -0
package/dist/agent-runner-utils-BChpi9Ec.js +267 -0
package/dist/agent-runner.runtime-3LOdt215.js +3784 -0
package/dist/agent-runner.runtime.js +1 -1
package/dist/agent-runtime-3jsv8b7Y.js +199 -0
package/dist/agent-runtime-label-uoFI4ovH.js +30 -0
package/dist/agent-runtime-metadata-BhFt6kLt.js +53 -0
package/dist/agent-tool-result-middleware-loader-BxYJNC1i.js +55 -0
package/dist/agent-tools-COLEG7aL.js +2506 -0
package/dist/agent-tools.before-tool-call--rMZI5Rd.js +1274 -0
package/dist/agent-tools.before-tool-call-CbX2sfP4.js +2 -0
package/dist/agent-via-gateway-DfKij3De.js +486 -0
package/dist/agent-wait-dedupe-BAUSJotw.js +180 -0
package/dist/agents/agent-bundle-mcp-materialize.js +1 -1
package/dist/agents/auth-profiles.runtime.js +1 -1
package/dist/agents/compaction-planning.worker.js +1 -1
package/dist/agents/embedded-agent-runner/effective-tool-policy.js +1 -1
package/dist/agents/embedded-agent-runner/tool-split.js +1 -1
package/dist/agents/model-catalog.runtime.js +1 -1
package/dist/agents/model-provider-auth.worker.js +3 -3
package/dist/agents/models-config.runtime.js +1 -1
package/dist/agents-CZSNDJWD.js +632 -0
package/dist/agents.command-shared-DgbjfH23.js +16 -0
package/dist/agents.commands.add-DknGM1oz.js +304 -0
package/dist/agents.commands.bind-DDVI0yDe.js +265 -0
package/dist/agents.commands.delete-Dv4RHEhc.js +128 -0
package/dist/agents.commands.identity-BSZbc1QR.js +143 -0
package/dist/agents.commands.list-CA0OTw59.js +235 -0
package/dist/aliases-EY1GbfwT.js +97 -0
package/dist/api-CY0oKcRz.js +3 -0
package/dist/api-DgjY0gIl.js +6 -0
package/dist/api-VyMyAYze.js +2 -0
package/dist/api-key-rotation-DxPKIdmC.js +167 -0
package/dist/app-registration-BBDxCbFo.js +194 -0
package/dist/apply-DMYy7tc3.js +544 -0
package/dist/apply-Dd0n97MD.js +2 -0
package/dist/apply-bHIT1nMp.js +416 -0
package/dist/apply-g8x7Z83S.js +510 -0
package/dist/apply-nnbx9TaB.js +2 -0
package/dist/approval-native-helpers-CjaYvOaZ.js +398 -0
package/dist/artifacts-B55YR-uA.js +368 -0
package/dist/assistant-hJaOgfKl.js +291 -0
package/dist/attachment-normalize-COsastJx.js +213 -0
package/dist/attempt-execution-fDWDWcWe.js +584 -0
package/dist/attempt-execution.helpers-Cze5xPim.js +969 -0
package/dist/attempt-execution.runtime-B1iCG6LN.js +3 -0
package/dist/attempt-execution.runtime.js +1 -1
package/dist/attempt.prompt-helpers-CkBYHBBo.js +543 -0
package/dist/attempt.tool-run-context-DzfRK5pV.js +1240 -0
package/dist/audio-preflight.runtime-rjWd9uyk.js +7 -0
package/dist/audio-preflight.runtime.js +1 -1
package/dist/audit-DgFtNg3U.js +1108 -0
package/dist/audit-L8EC3WhV.js +477 -0
package/dist/audit.nondeep.runtime-D0sQ6bO2.js +1416 -0
package/dist/audit.nondeep.runtime.js +1 -1
package/dist/audit.runtime-CiG82F31.js +7 -0
package/dist/audit.runtime.js +1 -1
package/dist/auth-CzPdsZVM.js +567 -0
package/dist/auth-choice-BNzS9QBI.js +3 -0
package/dist/auth-choice-Cwr5kgcD.js +110 -0
package/dist/auth-choice-DW9qPpMS.js +400 -0
package/dist/auth-choice.apply.api-providers-C68tOdqj.js +34 -0
package/dist/auth-choice.apply.api-providers-DSRK0gYo.js +2 -0
package/dist/auth-choice.plugin-providers.runtime-BJ9VyO1C.js +11 -0
package/dist/auth-choice.plugin-providers.runtime.js +1 -1
package/dist/auth-health-BanKwsTW.js +219 -0
package/dist/auth-list-Dq8obVno.js +115 -0
package/dist/auth-order-VXqoAroP.js +105 -0
package/dist/auth-profiles-6VFEdgC-.js +73 -0
package/dist/auth-profiles-a0M4JYYg.js +14 -0
package/dist/backend-config-COaTdVnN.js +259 -0
package/dist/bash-tools-BMAquSiM.js +3 -0
package/dist/bash-tools-DLiUXfaS.js +3497 -0
package/dist/binding-routing-Bwvdx_7S.js +113 -0
package/dist/binding-targets-Z_d0mK_1.js +121 -0
package/dist/bootstrap-files-CoCV_zqu.js +202 -0
package/dist/bootstrap-files-_T3VoTrV.js +3 -0
package/dist/bridge-server-BIaNurGa.js +113 -0
package/dist/browser-cli-D4wL8NU9.js +230 -0
package/dist/browser-cli-actions-input-z40PGiYI.js +522 -0
package/dist/browser-cli-actions-observe-C4TeyNke.js +81 -0
package/dist/browser-cli-debug-Dv0gH-c8.js +137 -0
package/dist/browser-cli-inspect-BUXeITYc.js +117 -0
package/dist/browser-cli-manage-qMb3Yw5Y.js +446 -0
package/dist/browser-cli-resize-CZWnGwGz.js +32 -0
package/dist/browser-cli-shared-BpinhvE3.js +69 -0
package/dist/browser-cli-state-CBbKqqgP.js +371 -0
package/dist/browser-cli-uI5GGX51.js +2 -0
package/dist/browser-control-auth-CFPJXdN_.js +2 -0
package/dist/browser-profiles-D4ni3t4J.js +2 -0
package/dist/browser-runtime-Dm5D_PLf.js +389 -0
package/dist/browser-tool.schema-Bek02ox5.js +132 -0
package/dist/btw-command-DdrwvCK4.js +18 -0
package/dist/build-DkEeJ9sO.js +261 -0
package/dist/build-info.json +2 -2
package/dist/bundled/boot-md/handler.js +2 -2
package/dist/bundled/session-memory/handler.js +1 -1
package/dist/bundled-channel-config-schema-BeowdkHi.d.ts +3168 -0
package/dist/canvas-host/a2ui/.bundle.hash +1 -1
package/dist/capability-cli-DTRuKZJC.js +1809 -0
package/dist/capability-provider-runtime-Cpp-Jq9g.js +346 -0
package/dist/cdp.helpers-GfQkB-B5.js +637 -0
package/dist/channel-BRehZ4Cg.js +2309 -0
package/dist/channel-actions-hdQKe_se.js +46 -0
package/dist/channel-bootstrap.runtime-BzjlNG_j.js +38 -0
package/dist/channel-bootstrap.runtime-CmNNVl40.js +2 -0
package/dist/channel-bootstrap.runtime.js +1 -1
package/dist/channel-core-BLcWqSk-.js +5 -0
package/dist/channel-inbound-pR1B7HTU.js +121 -0
package/dist/channel-message-W0VurpjH.js +12 -0
package/dist/channel-outbound-DO4HI6E_.js +436 -0
package/dist/channel-plugin-resolution-CLA7S5_A.js +2 -0
package/dist/channel-plugin-resolution-DzwVj01h.js +135 -0
package/dist/channel-resolution-DOPyiG4k.js +46 -0
package/dist/channel-selection-kwoWZDQ3.js +171 -0
package/dist/channel-selection.runtime-LiDliif9.js +2 -0
package/dist/channel-selection.runtime.js +1 -1
package/dist/channel.runtime-DDt3PayH.js +697 -0
package/dist/channel.runtime.js +1 -1
package/dist/channels-CKJd4eUz.js +1004 -0
package/dist/channels-cli-DLAPi8pX.js +331 -0
package/dist/chat-6WsYrS9m.js +3 -0
package/dist/chat-DpsCEXAx.js +2940 -0
package/dist/chrome-BWHc9vYG.js +1517 -0
package/dist/chrome-mcp-BGKgR8A_.js +2 -0
package/dist/chrome-mcp-Bg5D5PDc.js +864 -0
package/dist/claude-live-session-BLCZnv-A.js +2 -0
package/dist/claude-live-session-CGnB64D6.js +1338 -0
package/dist/clawbot-cli-ynXzgp8B.js +9 -0
package/dist/cli/daemon-cli.js +3 -3
package/dist/cli/gateway-lifecycle.runtime.js +4 -4
package/dist/cli/run-main.js +12 -12
package/dist/cli-B4Ttnj0P.js +2 -0
package/dist/cli-BjVgdamH.js +2 -0
package/dist/cli-CNqBrHLU.js +293 -0
package/dist/cli-backends.runtime-DoxtCrow.js +7 -0
package/dist/cli-backends.runtime.js +1 -1
package/dist/cli-compaction-BCuLbs75.js +363 -0
package/dist/cli-mthNIkji.js +141 -0
package/dist/cli-registry-loader-B2sNTdgY.js +2 -0
package/dist/cli-registry-loader-Dz9YFrjw.js +193 -0
package/dist/cli-runner-C9t-9-Io.js +597 -0
package/dist/cli-runner-D21qMGk7.js +2 -0
package/dist/cli-runner.runtime-BNqbJFgu.js +3 -0
package/dist/cli-runner.runtime-Dv50IEvH.js +4 -0
package/dist/cli-runner.runtime.js +1 -1
package/dist/cli-session-jBtClYfT.js +119 -0
package/dist/cli-startup-metadata.json +9 -9
package/dist/cli.runtime-CGBzSGAG.js +1276 -0
package/dist/cli.runtime.js +1 -1
package/dist/codex-native-web-search-B3C-srtm.js +20 -0
package/dist/codex-native-web-search-B7xh2Xcb.js +4 -0
package/dist/codex-native-web-search-core-CrwANQg5.js +106 -0
package/dist/command-auth-Dz_pdczs.js +135 -0
package/dist/command-config-resolution-XCA63Yv8.js +25 -0
package/dist/command-config-resolution-xtKMDTG9.js +2 -0
package/dist/command-config-resolution.runtime-xtKMDTG9.js +2 -0
package/dist/command-config-resolution.runtime.js +1 -1
package/dist/command-execution-startup-CasEqEXh.js +90 -0
package/dist/command-primitives-runtime-DC9gtSI3.js +3 -0
package/dist/command-registry-BQnMdca9.js +9 -0
package/dist/command-registry-core-hx2t1jQP.js +114 -0
package/dist/command-registry-rbKA-L_8.js +4 -0
package/dist/command-secret-gateway-7oveYQCx.js +589 -0
package/dist/command-secret-targets-B7M1Us_C.js +2 -0
package/dist/command-status-builders-DrSoZhiI.js +147 -0
package/dist/command-status.runtime-By0071-y.js +90 -0
package/dist/command-status.runtime.js +1 -1
package/dist/commands/status.summary.runtime.js +3 -3
package/dist/commands-B1MnUj5-.js +161 -0
package/dist/commands-compact.runtime-DELj3JaW.js +10 -0
package/dist/commands-compact.runtime.js +1 -1
package/dist/commands-core.runtime-Zw0grrkC.js +2 -0
package/dist/commands-core.runtime.js +1 -1
package/dist/commands-handlers.runtime-BCl_ZHJZ.js +6327 -0
package/dist/commands-handlers.runtime.js +1 -1
package/dist/commands-models-Uurm-0C3.js +448 -0
package/dist/commands-registry-Bo1AeDcq.js +195 -0
package/dist/commands-registry.runtime-C9DBHyhh.js +4 -0
package/dist/commands-registry.runtime.js +1 -1
package/dist/commands-status-BoAXH-wg.js +16 -0
package/dist/commands-status-CNALMTN9.js +3 -0
package/dist/commands-status.runtime-CNALMTN9.js +3 -0
package/dist/commands-status.runtime.js +1 -1
package/dist/commands-subagents-control.runtime-Dl4IuTzV.js +2 -0
package/dist/commands-subagents-control.runtime.js +1 -1
package/dist/commands-system-prompt-BPzpLmUp.js +2 -0
package/dist/commands-system-prompt-DCOZSNh5.js +161 -0
package/dist/commands.runtime-bfCLM0Sg.js +175 -0
package/dist/commands.runtime.js +1 -1
package/dist/commitments/runtime.js +1 -1
package/dist/common-CoOYhmSg.js +286 -0
package/dist/compact-yqaUOESq.js +1165 -0
package/dist/compact.runtime-Y91AFZVE.js +12 -0
package/dist/compact.runtime.js +1 -1
package/dist/compaction-planning-DVnykwzd.js +202 -0
package/dist/completion-cli-BJjq_g_B.js +393 -0
package/dist/config-CsmSEaNn.js +374 -0
package/dist/config-CtNXZ0iy.js +610 -0
package/dist/config-cli-CNpIVdqp.js +1703 -0
package/dist/config-mutation-B-SErGM0.js +5 -0
package/dist/config-mutations-Bu3ahkX8.js +161 -0
package/dist/config-utils-Bv0Nisds.js +141 -0
package/dist/config-validation-DitvTYD8.js +33 -0
package/dist/configure-CdjbRKTg.js +771 -0
package/dist/configure-Cvi-5ml4.js +3 -0
package/dist/configure.commands-BJii4733.js +1253 -0
package/dist/configure.commands-tJzVFJ0o.js +2 -0
package/dist/context-D1N9oPds.js +2 -0
package/dist/context-XMtJ9b3v.js +248 -0
package/dist/context-engine-host-compat-3QznbSaW.js +280 -0
package/dist/context-engine-host-compat-DquSpnKD.js +2 -0
package/dist/context-engine-lifecycle-Bqdhy9JU.js +627 -0
package/dist/control-auth-CMW_9jmY.js +114 -0
package/dist/control-service-D-r3k91q.js +40 -0
package/dist/control-service-uIPYrp9F.js +3 -0
package/dist/control-ui/assets/activity-DgMhyllD.js +124 -0
package/dist/control-ui/assets/agents-CsRhxO2O.js +1030 -0
package/dist/control-ui/assets/channels-Dq8bzpMg.js +120 -0
package/dist/control-ui/assets/cron-Dk5bqYwg.js +1016 -0
package/dist/control-ui/assets/debug-CNIwFEQO.js +97 -0
package/dist/control-ui/assets/index-CV2NsPlu.js +7214 -0
package/dist/control-ui/assets/instances-DLr0iEvT.js +57 -0
package/dist/control-ui/assets/nodes-D3JEksjl.js +444 -0
package/dist/control-ui/assets/sessions-nbXWGlHZ.js +425 -0
package/dist/control-ui/assets/skills-tBOi8OBq.js +362 -0
package/dist/control-ui/assets/workboard-ClTo7wmK.js +402 -0
package/dist/control-ui/index.html +1 -1
package/dist/control-ui/sw.js +1 -1
package/dist/control-ui-AkRMsk9S.js +750 -0
package/dist/conversation-label-generator-DHtcgSBn.js +72 -0
package/dist/conversation-runtime-BEgHW4ta.js +31 -0
package/dist/core-Bslrvfnp.js +284 -0
package/dist/core-api-BOlUb7G8.js +5 -0
package/dist/core-api-CiBoGa2I.js +2 -0
package/dist/crestodian/crestodian.js +1 -1
package/dist/crestodian/rescue-message.js +1 -1
package/dist/crestodian-mXnyuHx9.js +55 -0
package/dist/cron-PbdpyFrD.js +453 -0
package/dist/daemon-install-C-d4dFvn.js +66 -0
package/dist/daemon-install-auth-profiles-store.runtime-CvE2EVVo.js +2 -0
package/dist/daemon-install-auth-profiles-store.runtime.js +1 -1
package/dist/dashboard-Ey5dnvMI.js +263 -0
package/dist/defaults-CsRAv-qE.js +130 -0
package/dist/defaults-DHZBSNHC.js +3 -0
package/dist/defaults.constants-CR4S_tvw.js +76 -0
package/dist/deliver-BkuuFBlm.js +1399 -0
package/dist/deliver-P4upyes7.js +3 -0
package/dist/deliver-runtime-CjnLI_nC.js +2 -0
package/dist/delivery-outbound.runtime-fcJ-M8qj.js +7 -0
package/dist/delivery-outbound.runtime.js +1 -1
package/dist/delivery-queue-BqgHvNlY.js +863 -0
package/dist/delivery-queue-CfsRscJb.js +2 -0
package/dist/delivery-queue-runtime-D0PKG1Bv.js +16 -0
package/dist/delivery-target.runtime-C5e8d0WH.js +45 -0
package/dist/delivery-target.runtime.js +1 -1
package/dist/delivery.runtime-2Ut8xM3P.js +470 -0
package/dist/delivery.runtime.js +1 -1
package/dist/detached-task-runtime-OOZBqRy-.js +86 -0
package/dist/diagnostics-zf6WQ2h7.js +168 -0
package/dist/dialogue-C8IOya-l.js +37 -0
package/dist/direct-dm-wPF-KfNb.js +81 -0
package/dist/directive-handling.defaults-C-1lmFYo.js +22 -0
package/dist/directive-handling.fast-lane-DENPMtYI.js +70 -0
package/dist/directive-handling.impl-C1p5t3qA.js +2 -0
package/dist/directive-handling.impl-DOo2Sa7C.js +823 -0
package/dist/directive-handling.model-selection-6gC-fr_g.js +122 -0
package/dist/directive-handling.persist.runtime-CuhUd2kW.js +274 -0
package/dist/directive-handling.persist.runtime.js +1 -1
package/dist/directives-BIKSyN8C.js +319 -0
package/dist/directory-cli-DZ0PU0Rv.js +239 -0
package/dist/dispatch-DQLImAqt.js +2057 -0
package/dist/dispatch-acp-DzyX7wsq.js +1102 -0
package/dist/dispatch-acp-manager.runtime-CoAfs4O1.js +3 -0
package/dist/dispatch-acp-manager.runtime.js +1 -1
package/dist/dispatch-acp-media.runtime-7uUP_jr9.js +4 -0
package/dist/dispatch-acp-media.runtime.js +1 -1
package/dist/dispatch-acp-transcript.runtime-BUlmV_h0.js +40 -0
package/dist/dispatch-acp-transcript.runtime.js +1 -1
package/dist/dispatch-acp-tts.runtime-ChBnVkNt.js +3 -0
package/dist/dispatch-acp-tts.runtime.js +1 -1
package/dist/dispatch-acp.runtime-DAexFaBu.js +18 -0
package/dist/dispatch-acp.runtime.js +1 -1
package/dist/dispatcher-D3IQEbf9.js +106 -0
package/dist/doctor-BSqEqfb6.js +760 -0
package/dist/doctor-auth-flat-profiles-BIZ4wsYP.js +2 -0
package/dist/doctor-auth-flat-profiles-DXtD5LfC.js +516 -0
package/dist/doctor-auth-legacy-oauth-DwFbRYTP.js +48 -0
package/dist/doctor-auth-oauth-sidecar-6I3FEJbi.js +2 -0
package/dist/doctor-auth-oauth-sidecar-BSC3rnDM.js +177 -0
package/dist/doctor-auth-tVGsUiM6.js +216 -0
package/dist/doctor-bootstrap-size-B0q6bdkO.js +57 -0
package/dist/doctor-claude-cli-Bn79OuBT.js +150 -0
package/dist/doctor-config-flow-CCwocXpV.js +1819 -0
package/dist/doctor-core-checks-D7-1l8jy.js +666 -0
package/dist/doctor-core-checks-eM8FNi8B.js +2 -0
package/dist/doctor-core-checks.runtime-Dc03aeoU.js +278 -0
package/dist/doctor-core-checks.runtime.js +1 -1
package/dist/doctor-gRYfpEbB.js +6 -0
package/dist/doctor-gateway-daemon-flow-KTnHAdeV.js +349 -0
package/dist/doctor-gateway-services-BByDQtjY.js +465 -0
package/dist/doctor-health-CnoM718z.js +65 -0
package/dist/doctor-health-contributions-flVKMQwr.js +874 -0
package/dist/doctor-lint-BBm6gtBa.js +95 -0
package/dist/doctor-memory-search-DjHVDCGo.js +407 -0
package/dist/doctor-state-integrity-Bgw25cz1.js +1257 -0
package/dist/doctor-tool-result-cap-advice-B8wTpiTO.js +27 -0
package/dist/doctor-workspace-status-DcjeJIpT.js +76 -0
package/dist/dreaming-BE4t8DVf.js +523 -0
package/dist/dreaming-command-DWm1lB-Z.js +101 -0
package/dist/dreaming-narrative-8DM-OMrm.js +721 -0
package/dist/dreaming-narrative-CcFfheQI.js +2 -0
package/dist/dreaming-phases-CqOhhTdZ.js +2 -0
package/dist/dreaming-phases-D9eT6Kk0.js +1162 -0
package/dist/drive-D2M5B7-2.js +899 -0
package/dist/echo-transcript-B-wl5MoX.js +52 -0
package/dist/effective-tool-policy-Cx8mC5aA.js +89 -0
package/dist/embedded-agent-BTvtoOe_.js +4 -0
package/dist/embedded-agent-CGmSKuNM.js +4074 -0
package/dist/embedded-agent-helpers-CboIPx57.js +6 -0
package/dist/embedded-agent-helpers-cw0InMDZ.js +1037 -0
package/dist/embedded-agent.runtime-Bfe4bjyF.js +4 -0
package/dist/embedded-agent.runtime.js +1 -1
package/dist/embedded-backend-D-EshN85.js +744 -0
package/dist/embedded-gateway-stub.runtime-Cx9qs0KV.js +12 -0
package/dist/embedded-gateway-stub.runtime.js +1 -1
package/dist/embedding-provider-runtime-DaXfsUPo.js +86 -0
package/dist/embedding-providers-CdU99clu.js +2 -0
package/dist/embeddings-http-BQnlTr-1.js +222 -0
package/dist/engine-qmd-5jbjGywA.js +708 -0
package/dist/engine-storage-CfAgwoDp.js +203 -0
package/dist/entry.js +1 -1
package/dist/errors-C0AUxo3P.js +2 -0
package/dist/exec-approval-forwarder.runtime-BvR47p5Z.js +4 -0
package/dist/exec-approval-forwarder.runtime.js +1 -1
package/dist/exec-approval-session-target-CCqYgaVa.js +177 -0
package/dist/exec-auto-reviewer-BfJaNkNy.js +2 -0
package/dist/exec-auto-reviewer-Dqx7I88Z.js +241 -0
package/dist/execute.runtime-Qb6Z75sG.js +579 -0
package/dist/execute.runtime.js +1 -1
package/dist/extensionAPI.js +2 -2
package/dist/extensions/active-memory/index.js +3 -3
package/dist/extensions/admin-http-rpc/index.js +1 -1
package/dist/extensions/alibaba/index.js +1 -1
package/dist/extensions/alibaba/video-generation-provider.js +1 -1
package/dist/extensions/baichuan/index.js +1 -1
package/dist/extensions/browser/browser-bridge.js +1 -1
package/dist/extensions/browser/browser-cdp.js +1 -1
package/dist/extensions/browser/browser-config.js +5 -5
package/dist/extensions/browser/browser-control-auth.js +2 -2
package/dist/extensions/browser/browser-doctor.js +3 -3
package/dist/extensions/browser/browser-maintenance.js +1 -1
package/dist/extensions/browser/browser-profiles.js +3 -3
package/dist/extensions/browser/browser-runtime-api.js +14 -14
package/dist/extensions/browser/cli-metadata.js +1 -1
package/dist/extensions/browser/index.js +1 -1
package/dist/extensions/browser/plugin-registration.js +1 -1
package/dist/extensions/browser/register.runtime.js +4 -4
package/dist/extensions/browser/runtime-api.js +16 -16
package/dist/extensions/byteplus/index.js +3 -3
package/dist/extensions/byteplus/video-generation-provider.js +1 -1
package/dist/extensions/canvas/index.js +3 -3
package/dist/extensions/canvas/runtime-api.js +2 -2
package/dist/extensions/deepseek/index.js +1 -1
package/dist/extensions/device-pair/api.js +2 -2
package/dist/extensions/device-pair/pair-command-approve.js +1 -1
package/dist/extensions/device-pair/qr-image.js +2 -2
package/dist/extensions/longcat/index.js +1 -1
package/dist/extensions/memory-core/api.js +3 -3
package/dist/extensions/memory-core/cli-metadata.js +1 -1
package/dist/extensions/memory-core/cli.js +2 -2
package/dist/extensions/memory-core/index.js +11 -11
package/dist/extensions/memory-core/manager-runtime.js +1 -1
package/dist/extensions/memory-core/runtime-api.js +6 -6
package/dist/extensions/minimax/image-generation-provider.js +1 -1
package/dist/extensions/minimax/index.js +7 -7
package/dist/extensions/minimax/media-understanding-provider.js +1 -1
package/dist/extensions/minimax/music-generation-provider.js +1 -1
package/dist/extensions/minimax/oauth.js +1 -1
package/dist/extensions/minimax/oauth.runtime.js +1 -1
package/dist/extensions/minimax/provider-registration.js +1 -1
package/dist/extensions/minimax/speech-provider.js +1 -1
package/dist/extensions/minimax/video-generation-provider.js +1 -1
package/dist/extensions/minimax/web-search-provider.js +1 -1
package/dist/extensions/moonshot/index.js +5 -5
package/dist/extensions/moonshot/media-understanding-provider.js +1 -1
package/dist/extensions/moonshot/web-search-provider.js +1 -1
package/dist/extensions/qianfan/index.js +1 -1
package/dist/extensions/qwen/index.js +5 -5
package/dist/extensions/qwen/media-understanding-provider.js +1 -1
package/dist/extensions/qwen/video-generation-provider.js +1 -1
package/dist/extensions/sensenova/index.js +1 -1
package/dist/extensions/skill-workshop/api.js +2 -2
package/dist/extensions/skill-workshop/index.js +4 -4
package/dist/extensions/stepfun/index.js +2 -2
package/dist/extensions/tavily/index.js +1 -1
package/dist/extensions/tavily/web-search-provider.js +1 -1
package/dist/extensions/tencent/index.js +2 -2
package/dist/extensions/tiangong/index.js +1 -1
package/dist/extensions/volcengine/index.js +3 -3
package/dist/extensions/volcengine/speech-provider.js +1 -1
package/dist/extensions/webhooks/api.js +1 -1
package/dist/extensions/webhooks/index.js +1 -1
package/dist/extensions/weixin/index.js +3 -3
package/dist/extensions/workboard/index.js +2 -2
package/dist/extensions/xiaomi/index.js +4 -4
package/dist/extensions/xiaomi/speech-provider.js +1 -1
package/dist/extensions/xingchen/index.js +1 -1
package/dist/extensions/yi/index.js +1 -1
package/dist/extensions/zai/index.js +4 -4
package/dist/extensions/zai/media-understanding-provider.js +1 -1
package/dist/extensions/zhinao/index.js +1 -1
package/dist/external-cli-auth-selection-CM_aOUJw.js +113 -0
package/dist/extra-params-Bm1eLWN9.js +615 -0
package/dist/fallback-notice-state-v1kyWACv.js +15 -0
package/dist/fallbacks-CDllk2g1.js +31 -0
package/dist/fallbacks-shared-DdMKEmAC.js +116 -0
package/dist/fengming-runtime-DSv30J04.js +33 -0
package/dist/fengming-runtime-config-BE-DquuY.js +2 -0
package/dist/fengming-runtime-memory-BE-DquuY.js +2 -0
package/dist/fengming-runtime-session-BE-DquuY.js +2 -0
package/dist/fengming-tools-DHb-ZeDC.js +12221 -0
package/dist/flows-Cz3y10A9.js +189 -0
package/dist/fs-utils-D05rps7O.js +9 -0
package/dist/gateway/protocol/index.d.ts +1 -1
package/dist/gateway-DTi2D7ZS.js +133 -0
package/dist/gateway-cli-DT2fL2fX.js +443 -0
package/dist/gateway-install-token-CJhAycOA.js +136 -0
package/dist/gateway-method-runtime-BuiYTDQk.js +21 -0
package/dist/gateway-runtime-C5_cVlSW.js +23 -0
package/dist/get-reply-Cz-dUrWm.js +5198 -0
package/dist/get-reply-from-config.runtime-BC1HT67i.js +2 -0
package/dist/get-reply-from-config.runtime.js +1 -1
package/dist/github-copilot-token-09lxV3kH.js +2 -0
package/dist/health-CmihbcqN.js +621 -0
package/dist/health-D8L37hBZ.js +111 -0
package/dist/health-DU7I9RrJ.js +3 -0
package/dist/health-state-QZ2E6xGQ.js +106 -0
package/dist/heartbeat-runner-Bz5PMzEI.js +1930 -0
package/dist/heartbeat-runner-DfqqQ_8w.js +5 -0
package/dist/heartbeat-runner.runtime-8BshUhoS.js +3 -0
package/dist/heartbeat-runner.runtime.js +1 -1
package/dist/helpers-Bkq4POdX.js +406 -0
package/dist/hook-helpers-nmDwt3Fa.js +44 -0
package/dist/hooks-9FOcRqfu.js +536 -0
package/dist/hooks-cli-CrQelcwo.js +465 -0
package/dist/http-endpoint-helpers-BD5u6YsT.js +37 -0
package/dist/http-utils-RcKuBJ0I.js +98 -0
package/dist/image-DwNoypK2.js +385 -0
package/dist/image-fallbacks-BUyDnmUX.js +31 -0
package/dist/image-generation-core.auth.runtime-CA8miEMh.js +2 -0
package/dist/image-generation-core.auth.runtime.js +1 -1
package/dist/image-generation-provider-DXMW5EmB.js +152 -0
package/dist/image-runtime-D5QpNNzz.js +9 -0
package/dist/image-tool.helpers-6vGxo1Y0.js +150 -0
package/dist/images-BGWLzQEJ.js +416 -0
package/dist/images-Db4UB3JG.js +2 -0
package/dist/inbound-reply-dispatch-DRF6ZmQg.js +2 -0
package/dist/inbound-reply-dispatch-RAKLqow4.js +147 -0
package/dist/index-DhOQs6M_.d.ts +1497 -0
package/dist/index.js +1 -1
package/dist/infra-runtime-BFrpRc_V.js +32 -0
package/dist/init-sR7bCS9D.js +59 -0
package/dist/install-BzdJbOUx.js +262 -0
package/dist/install.runtime-Zye6pbZ6.js +2 -0
package/dist/internal-DL_vFx8C.js +399 -0
package/dist/isolated-agent-Qif8Llbt.js +2 -0
package/dist/isolated-agent-aqEjxqs-.js +1097 -0
package/dist/kernel-B-i4c2IK.js +979 -0
package/dist/kernel-DYDJ_hLb.js +3 -0
package/dist/kimi-web-search-provider.runtime-95HAkvHY.js +307 -0
package/dist/kimi-web-search-provider.runtime.js +1 -1
package/dist/library-CZVbE5hF.js +45 -0
package/dist/lifecycle-C8M3YLbT.js +2 -0
package/dist/lifecycle-CPDNQnUN.js +570 -0
package/dist/lifecycle-DpuP7n3J.js +355 -0
package/dist/lifecycle.runtime-C8M3YLbT.js +2 -0
package/dist/lifecycle.runtime.js +1 -1
package/dist/link-understanding/apply.runtime.js +3 -3
package/dist/list-B_ALwpPl.js +2 -0
package/dist/list-Bda_GYFy.js +207 -0
package/dist/list.list-command-W9OGfAIU.js +429 -0
package/dist/list.model-row-LV4AaX0H.js +39 -0
package/dist/list.probe-CrZm6BH2.js +451 -0
package/dist/list.probe-Dfdmb8bC.js +2 -0
package/dist/list.provider-catalog-7T1jKk0n.js +211 -0
package/dist/list.provider-catalog-DjGyZVEj.js +2 -0
package/dist/list.registry-load-DkCS8JZQ.js +152 -0
package/dist/list.row-sources-B1vjo_Y9.js +474 -0
package/dist/list.source-plan-C9Sa6zRK.js +81 -0
package/dist/list.status-command-9daSZZDm.js +815 -0
package/dist/live-model-switch-Dy-UFUMS.js +119 -0
package/dist/llm-slug-generator-DEmh5-_1.js +78 -0
package/dist/llm-slug-generator.js +1 -1
package/dist/load-config-CvQpC8k6.js +27 -0
package/dist/load-context-_qSHpZ5S.js +82 -0
package/dist/loader-CntMt07B.js +7008 -0
package/dist/local-dispatch.runtime-BSN_gqNS.js +10 -0
package/dist/local-dispatch.runtime.js +1 -1
package/dist/main-session-restart-recovery-Db7366lt.js +2 -0
package/dist/main-session-restart-recovery-n87NTooQ.js +389 -0
package/dist/managed-image-attachments-BTBBHlKl.js +2 -0
package/dist/managed-image-attachments-C6_V1yX0.js +616 -0
package/dist/manager-CKrWxjV6.js +3737 -0
package/dist/manager-Dvb1FVnx.js +2314 -0
package/dist/mcp/plugin-tools-serve.js +2 -2
package/dist/mcp-http-CSoGXOa_.js +583 -0
package/dist/mcp-http-D4ieDB3W.js +2 -0
package/dist/media-runtime-GeQTQkkK.js +391 -0
package/dist/media-services-CWbIUZDe.js +416 -0
package/dist/media-understanding/apply.runtime.js +1 -1
package/dist/media-understanding-DXc2BD2L.js +87 -0
package/dist/media-understanding-provider-BkdUiVWU.js +70 -0
package/dist/media-understanding-provider-BlgmLViW.js +13 -0
package/dist/media-understanding-provider-C9P2VjkC.js +29 -0
package/dist/media-understanding-provider-CJlbgAvl.js +69 -0
package/dist/memory-CnC2jM1l.js +437 -0
package/dist/memory-core-host-engine-embeddings-Dy9vN-Ce.js +667 -0
package/dist/memory-core-host-engine-foundation-C-pGGQnm.js +15 -0
package/dist/memory-core-host-engine-qmd-DLJDON9w.js +2 -0
package/dist/memory-core-host-engine-storage-Bzf-C8XE.js +2 -0
package/dist/memory-core-host-runtime-cli-_LWA6G3x.js +10 -0
package/dist/memory-core-host-runtime-core-CromkNBr.js +12 -0
package/dist/memory-core-host-runtime-files-DpbviC1b.js +4 -0
package/dist/memory-embedding-provider-runtime-CaVVaYC5.js +36 -0
package/dist/memory-host-core-B5dWHwBF.js +78 -0
package/dist/memory-host-search.runtime-DqlCFac1.js +2 -0
package/dist/memory-host-search.runtime.js +1 -1
package/dist/memory-runtime-BCeeWb1G.js +2 -0
package/dist/memory-runtime-pR9KGin0.js +57 -0
package/dist/memory-search-CpDEEY2Q.js +235 -0
package/dist/message-BeGCG-D8.js +284 -0
package/dist/message-YGMOyqP5.js +2 -0
package/dist/message-action-runner-ByMT3_eb.js +1922 -0
package/dist/message-action-runner-VXmKO_W7.js +2 -0
package/dist/message-handler-MZ0DMbCx.js +1806 -0
package/dist/metadata-registry-loader-BH9D1UOx.js +2 -0
package/dist/metadata-registry-loader-BK1cHCas.js +22 -0
package/dist/migrate-BA6w0hd3.js +2 -0
package/dist/migrate-BGuQC-1W.js +458 -0
package/dist/migration-provider-runtime-BBdDegWG.js +2 -0
package/dist/migration-provider-runtime-C5WUjrQz.js +68 -0
package/dist/minimax-web-search-provider.runtime-suVFk3Zx.js +148 -0
package/dist/minimax-web-search-provider.runtime.js +1 -1
package/dist/model-BJZXR9dq.js +1302 -0
package/dist/model-BL7xlN5h.js +2 -0
package/dist/model-auth-C-6dYVob.js +6 -0
package/dist/model-auth-DJz7R41W.js +705 -0
package/dist/model-auth-label-DKNXktIu.js +67 -0
package/dist/model-catalog-BjiK5rtT.js +3 -0
package/dist/model-catalog-DM1CTjkW.js +434 -0
package/dist/model-catalog-visibility-DEJZG0In.js +76 -0
package/dist/model-config.helpers-BKcUeE_P.js +95 -0
package/dist/model-context-tokens-5y_PQELY.js +572 -0
package/dist/model-fallback-BDdBR053.js +1288 -0
package/dist/model-fallback-auth.runtime-pcWfkIUF.js +5 -0
package/dist/model-fallback-auth.runtime.js +1 -1
package/dist/model-picker-Bpvp4_N4.js +1135 -0
package/dist/model-picker-DWPPtq6d.js +3 -0
package/dist/model-picker-visibility-BtdqVF80.js +22 -0
package/dist/model-picker.runtime-CYlqts2z.js +48 -0
package/dist/model-picker.runtime.js +1 -1
package/dist/model-pricing-cache-BmmncDqL.js +856 -0
package/dist/model-pricing-cache-CEwRyWw2.js +3 -0
package/dist/model-pricing-cache-state-B8Aspp85.js +83 -0
package/dist/model-provider-auth-B3KXoKkE.js +2 -0
package/dist/model-provider-auth-Bo_8T7of.js +375 -0
package/dist/model-runtime-aliases-Br-ZlhrL.js +133 -0
package/dist/model-selection-D5-ERakL.js +254 -0
package/dist/model-selection-DrzgktRu.js +7 -0
package/dist/model-selection-ibwsPgIw.js +352 -0
package/dist/model-selection.runtime-BRkOZejt.js +7 -0
package/dist/model-selection.runtime.js +1 -1
package/dist/models-RPAH3ZBn.js +57 -0
package/dist/models-auth-status-Cwu9OXU8.js +280 -0
package/dist/models-cli-CrYkSUoa.js +257 -0
package/dist/models-config-Ayzj9gDz.js +1189 -0
package/dist/models-config-BFcjB7nN.js +2 -0
package/dist/models-config.providers.secrets-CCRUW7gL.js +2 -0
package/dist/models-config.providers.secrets-DdX_XSRo.js +382 -0
package/dist/models-http-jLFnelH7.js +88 -0
package/dist/monitor-CqWICrjO.js +60 -0
package/dist/monitor-DwccYPfp.js +1024 -0
package/dist/monitor.account-e9EVttpP.js +5382 -0
package/dist/music-generation-provider-Dfc--R-x.js +308 -0
package/dist/native-hook-relay-Cioqiqv8.js +1378 -0
package/dist/native-hook-relay-DRwJIspI.js +19 -0
package/dist/node-cli-CrG3LH9J.js +2806 -0
package/dist/node-command-policy-CkBTEmhl.js +295 -0
package/dist/nodes-BxrWFA09.js +1483 -0
package/dist/nodes-DFPTGZjc.js +3 -0
package/dist/nodes-cli-Czwyt6r1.js +960 -0
package/dist/nodes-pending-B_4QHyB2.js +211 -0
package/dist/nodes-utils-c4k31OaG.js +85 -0
package/dist/oauth-BXncC0JP.js +852 -0
package/dist/oauth-Ba1O2vqP.js +207 -0
package/dist/oauth-CGQkfxbJ.js +746 -0
package/dist/onboard-I5tQlVm6.js +768 -0
package/dist/onboard-channels-BleKfB1D.js +2 -0
package/dist/onboard-channels-jVaUjGYX.js +1534 -0
package/dist/onboard-custom-BR_5oqUr.js +3 -0
package/dist/onboard-custom-Ss0DThuP.js +280 -0
package/dist/onboard-custom-config-B-knjQm7.js +422 -0
package/dist/onboard-search-BsIztGYF.js +412 -0
package/dist/openai-compat-errors-UkLkk8Q9.js +136 -0
package/dist/openai-http-mTQB44gu.js +836 -0
package/dist/openai-transport-stream-CZSs3SIi.js +3427 -0
package/dist/openresponses-http-BA1Shmj-.js +1175 -0
package/dist/operations-DhgPih1F.js +805 -0
package/dist/order-CaXafMPG.js +218 -0
package/dist/outbound-attachment-BAp7DXDc.js +19 -0
package/dist/param-readers-De-m2SoB.js +2 -0
package/dist/payloads-Dg9aAEOC.js +256 -0
package/dist/persistent-bindings.lifecycle-BkLOz501.js +2 -0
package/dist/persistent-bindings.lifecycle-e2MLbBCo.js +85 -0
package/dist/plugin-enabled-CGSENjXc.js +232 -0
package/dist/plugin-install-BI9_bsVT.js +118 -0
package/dist/plugin-install-an4V2iXO.js +2 -0
package/dist/plugin-install-config-policy-C66Nss3D.js +169 -0
package/dist/plugin-registration-DMerQktl.js +97 -0
package/dist/plugin-registry-BZfdCw65.js +3 -0
package/dist/plugin-registry-I1fegSdK.js +2 -0
package/dist/plugin-runtime-B3XMLJka.js +102 -0
package/dist/plugin-sdk/.boundary-entry-shims.stamp +1 -1
package/dist/plugin-sdk/acp-binding-runtime.js +1 -1
package/dist/plugin-sdk/acp-runtime-backend.js +1 -1
package/dist/plugin-sdk/acp-runtime.js +2 -2
package/dist/plugin-sdk/agent-harness-runtime.js +16 -16
package/dist/plugin-sdk/agent-harness-task-runtime.js +4 -4
package/dist/plugin-sdk/agent-harness.js +17 -17
package/dist/plugin-sdk/agent-runtime.js +17 -17
package/dist/plugin-sdk/agent-sessions.js +1 -1
package/dist/plugin-sdk/approval-native-runtime.js +2 -2
package/dist/plugin-sdk/approval-reaction-runtime.js +1 -1
package/dist/plugin-sdk/approval-runtime.js +2 -2
package/dist/plugin-sdk/bundled-channel-config-schema-BsOWCrJT.d.ts +3169 -0
package/dist/plugin-sdk/bundled-channel-config-schema.d.ts +1 -1
package/dist/plugin-sdk/channel-actions.js +2 -2
package/dist/plugin-sdk/channel-config-schema-legacy.d.ts +1 -1
package/dist/plugin-sdk/channel-core.js +2 -2
package/dist/plugin-sdk/channel-envelope.js +1 -1
package/dist/plugin-sdk/channel-inbound-roots.js +1 -1
package/dist/plugin-sdk/channel-inbound.js +4 -4
package/dist/plugin-sdk/channel-location.js +1 -1
package/dist/plugin-sdk/channel-message-runtime.js +5 -5
package/dist/plugin-sdk/channel-message.js +5 -5
package/dist/plugin-sdk/channel-outbound.js +2 -2
package/dist/plugin-sdk/channel-reply-options-runtime.js +1 -1
package/dist/plugin-sdk/command-auth-native.js +2 -2
package/dist/plugin-sdk/command-auth.js +4 -4
package/dist/plugin-sdk/command-primitives-runtime.js +2 -2
package/dist/plugin-sdk/command-status-runtime.js +1 -1
package/dist/plugin-sdk/command-status.js +1 -1
package/dist/plugin-sdk/compat.js +2 -2
package/dist/plugin-sdk/config-mutation.js +2 -2
package/dist/plugin-sdk/config-runtime.js +1 -1
package/dist/plugin-sdk/config-schema.d.ts +2 -2
package/dist/plugin-sdk/conversation-binding-runtime.js +1 -1
package/dist/plugin-sdk/conversation-runtime.js +3 -3
package/dist/plugin-sdk/core.js +3 -3
package/dist/plugin-sdk/delivery-queue-runtime.js +1 -1
package/dist/plugin-sdk/direct-dm.js +1 -1
package/dist/plugin-sdk/discord.d.ts +1 -1
package/dist/plugin-sdk/embedding-providers.js +2 -2
package/dist/plugin-sdk/gateway-method-runtime.js +1 -1
package/dist/plugin-sdk/gateway-runtime.js +2 -2
package/dist/plugin-sdk/health.js +1 -1
package/dist/plugin-sdk/image-generation-core.js +3 -3
package/dist/plugin-sdk/image-generation-runtime.js +1 -1
package/dist/plugin-sdk/image-generation.js +2 -2
package/dist/plugin-sdk/inbound-reply-dispatch.js +3 -3
package/dist/plugin-sdk/index.js +1 -1
package/dist/plugin-sdk/infra-runtime.js +3 -3
package/dist/plugin-sdk/mattermost.js +1 -1
package/dist/plugin-sdk/media-generation-runtime-shared.js +1 -1
package/dist/plugin-sdk/media-generation-runtime.js +1 -1
package/dist/plugin-sdk/media-runtime.js +7 -7
package/dist/plugin-sdk/media-understanding-runtime.js +1 -1
package/dist/plugin-sdk/media-understanding.js +2 -2
package/dist/plugin-sdk/memory-core-host-engine-embeddings.js +4 -4
package/dist/plugin-sdk/memory-core-host-engine-foundation.js +2 -2
package/dist/plugin-sdk/memory-core-host-engine-qmd.js +2 -2
package/dist/plugin-sdk/memory-core-host-engine-storage.js +6 -6
package/dist/plugin-sdk/memory-core-host-runtime-cli.js +2 -2
package/dist/plugin-sdk/memory-core-host-runtime-core.js +3 -3
package/dist/plugin-sdk/memory-core-host-runtime-files.js +4 -4
package/dist/plugin-sdk/memory-core.js +3 -3
package/dist/plugin-sdk/memory-host-core.js +3 -3
package/dist/plugin-sdk/memory-host-files.js +4 -4
package/dist/plugin-sdk/memory-host-search.js +1 -1
package/dist/plugin-sdk/models-provider-runtime.js +1 -1
package/dist/plugin-sdk/music-generation-core.js +1 -1
package/dist/plugin-sdk/native-command-registry.js +1 -1
package/dist/plugin-sdk/outbound-media.js +2 -2
package/dist/plugin-sdk/outbound-runtime.js +3 -3
package/dist/plugin-sdk/param-readers.js +2 -2
package/dist/plugin-sdk/plugin-runtime.js +2 -2
package/dist/plugin-sdk/provider-auth-api-key.js +4 -4
package/dist/plugin-sdk/provider-auth-login.js +1 -1
package/dist/plugin-sdk/provider-auth-runtime.js +2 -2
package/dist/plugin-sdk/provider-auth.js +6 -6
package/dist/plugin-sdk/provider-catalog-runtime.js +2 -2
package/dist/plugin-sdk/provider-entry.js +1 -1
package/dist/plugin-sdk/provider-setup.js +1 -1
package/dist/plugin-sdk/provider-stream-family.js +3 -3
package/dist/plugin-sdk/provider-stream.js +2 -2
package/dist/plugin-sdk/provider-transport-runtime.js +1 -1
package/dist/plugin-sdk/provider-web-fetch.js +2 -2
package/dist/plugin-sdk/provider-web-search.js +4 -4
package/dist/plugin-sdk/realtime-bootstrap-context.js +2 -2
package/dist/plugin-sdk/realtime-transcription.js +1 -1
package/dist/plugin-sdk/realtime-voice.js +2 -2
package/dist/plugin-sdk/reply-dispatch-runtime.js +1 -1
package/dist/plugin-sdk/reply-runtime.js +6 -6
package/dist/plugin-sdk/runtime-secret-resolution.js +2 -2
package/dist/plugin-sdk/runtime.js +3 -3
package/dist/plugin-sdk/self-hosted-provider-setup.js +1 -1
package/dist/plugin-sdk/simple-completion-runtime.js +1 -1
package/dist/plugin-sdk/speech-core.js +2 -2
package/dist/plugin-sdk/speech.js +1 -1
package/dist/plugin-sdk/tool-plugin.js +1 -1
package/dist/plugin-sdk/transcripts.js +1 -1
package/dist/plugin-sdk/tts-runtime.js +1 -1
package/dist/plugin-sdk/video-generation-core.js +2 -2
package/dist/plugin-sdk/video-generation-runtime.js +1 -1
package/dist/plugin-sdk/web-media.js +3 -3
package/dist/plugin-sdk/zalouser.js +1 -1
package/dist/plugin-service-2XF6Lu_a.js +1249 -0
package/dist/plugins/build-smoke-entry.js +2 -2
package/dist/plugins/loader.js +1 -1
package/dist/plugins/provider-discovery.runtime.js +1 -1
package/dist/plugins/provider-runtime.runtime.js +1 -1
package/dist/plugins/runtime/index.js +19 -19
package/dist/plugins/tools.js +1 -1
package/dist/plugins-authoring-command-CCX6tJwd.js +304 -0
package/dist/plugins-cli-HX8nTV2h.js +63 -0
package/dist/plugins-cli.runtime-BYn4VsLP.js +339 -0
package/dist/plugins-cli.runtime.js +1 -1
package/dist/plugins-command-helpers-ByuW-yNj.js +2 -0
package/dist/plugins-command-helpers-DaaxGnCD.js +164 -0
package/dist/plugins-inspect-command-C9NDk23X.js +248 -0
package/dist/plugins-install-command-B0NfUxeA.js +993 -0
package/dist/plugins-install-command-BmuScfLI.js +2 -0
package/dist/plugins-install-persist-CfwO876P.js +252 -0
package/dist/plugins-list-command-Bx8X908n.js +184 -0
package/dist/plugins-uninstall-command-p6h44-Ft.js +118 -0
package/dist/postinstall-inventory.json +862 -862
package/dist/prepare.runtime-8DdQ4k9k.js +798 -0
package/dist/prepare.runtime.js +1 -1
package/dist/presentation-card-DeAf3jYW.js +164 -0
package/dist/preview-warnings-BF7nlTo8.js +618 -0
package/dist/profiles-DUhMLnqX.js +194 -0
package/dist/program-C7f_U7fr.js +131 -0
package/dist/provider-adapters-CWLwE9KS.js +104 -0
package/dist/provider-api-key-auth-CshQbUPZ.js +117 -0
package/dist/provider-api-key-auth.runtime-B64jPCKn.js +14 -0
package/dist/provider-api-key-auth.runtime.js +1 -1
package/dist/provider-auth-D-I3YLSn.js +281 -0
package/dist/provider-auth-api-key-Bub0Rjak.js +5 -0
package/dist/provider-auth-choice-DpNAEScm.js +311 -0
package/dist/provider-auth-choice-helpers-Bof937LW.js +210 -0
package/dist/provider-auth-choice.runtime-B3spikLY.js +18 -0
package/dist/provider-auth-choice.runtime-vVgz7FKq.js +2 -0
package/dist/provider-auth-choice.runtime.js +1 -1
package/dist/provider-auth-guidance-DcCL0Q2U.js +2 -0
package/dist/provider-auth-guidance-rWRMN4Jn.js +34 -0
package/dist/provider-auth-helpers-Cp8L-Xha.js +177 -0
package/dist/provider-auth-login.runtime-BJUzc4iH.js +156 -0
package/dist/provider-auth-login.runtime.js +1 -1
package/dist/provider-auth-runtime-DmcWtzbb.js +186 -0
package/dist/provider-discovery-JyAJi97k.js +95 -0
package/dist/provider-discovery.runtime-D_0WTYr8.js +290 -0
package/dist/provider-discovery.runtime.js +1 -1
package/dist/provider-dispatcher-C8Jt94Xl.js +22 -0
package/dist/provider-dispatcher.runtime.js +1 -1
package/dist/provider-entry-By0ggZuI.js +134 -0
package/dist/provider-hook-runtime-B8AUbQxf.js +255 -0
package/dist/provider-openai-codex-oauth-C9Mmnt7d.js +2 -0
package/dist/provider-openai-codex-oauth-CH5Jg1vk.js +44 -0
package/dist/provider-registration-C1zvaHQP.js +235 -0
package/dist/provider-registry-B9diJyLv.js +31 -0
package/dist/provider-registry-BXSxmPGA.js +61 -0
package/dist/provider-registry-CoE-sxbq.js +61 -0
package/dist/provider-registry-DLth_GdI.js +61 -0
package/dist/provider-registry-J4LRd5Rg.js +36 -0
package/dist/provider-runtime-B4cw16pt.js +3 -0
package/dist/provider-runtime-DNNbfwOK.js +386 -0
package/dist/provider-runtime.runtime-98mAe_ni.js +26 -0
package/dist/provider-runtime.runtime.js +1 -1
package/dist/provider-self-hosted-setup-Dysv2Kwt.js +373 -0
package/dist/provider-stream-BLaC8bqO.js +1084 -0
package/dist/provider-stream-Caa5YOx2.js +313 -0
package/dist/provider-stream-family-CvvfxLyP.js +2 -0
package/dist/provider-usage-CVNosTP3.js +71 -0
package/dist/provider-usage-D2NudXbO.js +4 -0
package/dist/provider-usage.load-DG6R3lkG.js +357 -0
package/dist/provider-web-search-DmgTaxRU.js +58 -0
package/dist/provider-wizard-Cw-5H3tX.js +125 -0
package/dist/providers.runtime-DF0T9lFz.js +240 -0
package/dist/providers.runtime-oM9Vn1wr.js +2 -0
package/dist/providers.runtime.js +1 -1
package/dist/proxy-BxGnVyJu.js +662 -0
package/dist/public-artifacts-BMP9hZfh.js +7 -0
package/dist/pw-ai-CD52qfYo.js +3064 -0
package/dist/qmd-manager-BYbvU4YC.js +2040 -0
package/dist/qr-cli-Btz2ZdO3.js +2 -0
package/dist/qr-cli-eyTRwMm2.js +371 -0
package/dist/qr-image-BCwiO6tL.js +2 -0
package/dist/queue-CJRoTOBi.js +923 -0
package/dist/read-file-ogB-HjbK.js +183 -0
package/dist/register-service-commands-D_gQ3b6_.js +77 -0
package/dist/register.agent-DXQLn-r0.js +152 -0
package/dist/register.configure-FavQPGce.js +16 -0
package/dist/register.crestodian-Cbfmnl6h.js +24 -0
package/dist/register.maintenance-B8xODEMU.js +85 -0
package/dist/register.message-B8PYgZ-j.js +404 -0
package/dist/register.migrate-CieoN8zZ.js +106 -0
package/dist/register.onboard-BqWDIDKH.js +115 -0
package/dist/register.setup-CgeTBW4T.js +40 -0
package/dist/register.status-health-sessions-C99aHa5h.js +293 -0
package/dist/register.subclis-79SvyMFt.js +31 -0
package/dist/register.subclis-CXrO8_TO.js +3 -0
package/dist/register.subclis-core-GoXV1yMG.js +273 -0
package/dist/rem-harness-laL5luQa.js +649 -0
package/dist/repair-sequencing-DGY2mBg6.js +652 -0
package/dist/reply-media-paths.runtime-BeWVPkgy.js +2 -0
package/dist/reply-media-paths.runtime-rzAV_Kee.js +154 -0
package/dist/reply-media-paths.runtime.js +1 -1
package/dist/reply-payloads-D_JHMviC.js +79 -0
package/dist/reply-payloads-dedupe-B9GGGaL-.js +176 -0
package/dist/reply-payloads-dedupe.runtime--C3jHs9y.js +2 -0
package/dist/reply-payloads-dedupe.runtime.js +1 -1
package/dist/reply-timing-tracker-DPjlETUb.js +205 -0
package/dist/reply-turn-admission-DdfIwcMK.js +2056 -0
package/dist/reply.runtime-BC1HT67i.js +2 -0
package/dist/reply.runtime.js +1 -1
package/dist/reset-preserved-selection-Czd80hug.js +45 -0
package/dist/resolve-COJFlAZT.js +106 -0
package/dist/restart-B9GMMIZt.js +121 -0
package/dist/result-fallback-classifier-By0Z6b8r.js +98 -0
package/dist/root-help-Bp0kGaUZ.js +43 -0
package/dist/route-CgG9Z7OI.js +475 -0
package/dist/route-reply-D9_9oRg1.js +174 -0
package/dist/route-reply.runtime-BwNl3h2m.js +2 -0
package/dist/route-reply.runtime.js +1 -1
package/dist/routes-Cz2NHUV4.js +2 -0
package/dist/routes-DMo6Eacc.js +3701 -0
package/dist/run-SFRSThMI.js +1162 -0
package/dist/run-auth-profile.runtime-BxLM8m_2.js +2 -0
package/dist/run-auth-profile.runtime.js +1 -1
package/dist/run-command-Cd5iN7eN.js +2 -0
package/dist/run-command-ah46O06U.js +23 -0
package/dist/run-context-DGCQJldA.js +66 -0
package/dist/run-context.runtime-CSBHDAd5.js +2 -0
package/dist/run-context.runtime.js +1 -1
package/dist/run-delivery.runtime-C9xoiZ3h.js +762 -0
package/dist/run-delivery.runtime.js +1 -1
package/dist/run-embedded.runtime-D8bz5vfV.js +4 -0
package/dist/run-embedded.runtime.js +1 -1
package/dist/run-execution-cli.runtime-BAa8KPn7.js +4 -0
package/dist/run-execution-cli.runtime.js +1 -1
package/dist/run-executor.runtime-CNnemqSa.js +330 -0
package/dist/run-executor.runtime.js +1 -1
package/dist/run-model-catalog.runtime-Dh7EghXr.js +2 -0
package/dist/run-model-catalog.runtime.js +1 -1
package/dist/run-session-state-cMlTFwT_.js +159 -0
package/dist/run-subagent-registry.runtime-BgQU86-E.js +2 -0
package/dist/run-subagent-registry.runtime.js +1 -1
package/dist/runner-B3YXRJOB.js +704 -0
package/dist/runner.entries-DMTKpRDP.js +1485 -0
package/dist/runtime-BHReFHE2.js +2 -0
package/dist/runtime-BiQZ6Usw.js +615 -0
package/dist/runtime-CAeriu2O.js +10 -0
package/dist/runtime-CAnCRCX3.js +224 -0
package/dist/runtime-CV_2NqSY.js +300 -0
package/dist/runtime-CmpnvXo3.js +245 -0
package/dist/runtime-D2fci1Ey.js +2 -0
package/dist/runtime-DAsYmYeA.js +3 -0
package/dist/runtime-DeA45VKG.js +210 -0
package/dist/runtime-DvkZ8tHI.js +436 -0
package/dist/runtime-DxVUR2Xg.js +2 -0
package/dist/runtime-api-B88le0UE.js +12 -0
package/dist/runtime-channel-AubRWvnH.js +2 -0
package/dist/runtime-channel-DdclSuEu.js +148 -0
package/dist/runtime-config-collectors-DukTj2va.js +525 -0
package/dist/runtime-embedded-agent.runtime-BpLweeFv.js +2 -0
package/dist/runtime-embedded-agent.runtime.js +1 -1
package/dist/runtime-internal-CaoUylZw.js +2 -0
package/dist/runtime-llm.runtime-DlpqGc7S.js +307 -0
package/dist/runtime-llm.runtime.js +1 -1
package/dist/runtime-model-auth.runtime-CLAaWzxY.js +46 -0
package/dist/runtime-model-auth.runtime-DxVvqRTd.js +2 -0
package/dist/runtime-model-auth.runtime.js +1 -1
package/dist/runtime-options-TTtN01-I.js +275 -0
package/dist/runtime-plugin-ClqxJSbp.js +92 -0
package/dist/runtime-plugins-Bq01wLXP.js +32 -0
package/dist/runtime-plugins.runtime-cwCvl1TR.js +2 -0
package/dist/runtime-plugins.runtime.js +1 -1
package/dist/runtime-prepare.runtime-Cz_hV_k5.js +81 -0
package/dist/runtime-prepare.runtime.js +1 -1
package/dist/runtime-provider-QCJq90av.js +24 -0
package/dist/runtime-provider-Wllc3jC6.js +2 -0
package/dist/runtime-registry-loader-BM1mQBJr.js +2 -0
package/dist/runtime-registry-loader-DzhYCt4s.js +117 -0
package/dist/runtime-shared-BfqOW-Vb.js +365 -0
package/dist/runtime-web-channel-plugin-BcVPgD14.js +204 -0
package/dist/runtime-web-tools-fallback.runtime.js +1 -1
package/dist/scan-ldbaD8jq.js +573 -0
package/dist/sdk-security-runtime-Bxhq2O1G.js +86 -0
package/dist/sdk-setup-tools-CsQM9pF0.js +8 -0
package/dist/secrets-cli-DbpIf4-z.js +150 -0
package/dist/security-cli-BK4Xpa6h.js +520 -0
package/dist/selection-BXKik6Ps.js +3 -0
package/dist/selection-D4O3gK3Q.js +18365 -0
package/dist/send-DaoGIay5.js +1222 -0
package/dist/send-DzNjJGJX.js +178 -0
package/dist/send-f5w9krNS.js +711 -0
package/dist/send-media-cOciBxcg.js +2072 -0
package/dist/send-result-DMFwBuOl.js +141 -0
package/dist/server-BoC1mxZ-.js +24 -0
package/dist/server-DZnI6w5k.js +72 -0
package/dist/server-aux-handlers-BwRdYdub.js +1347 -0
package/dist/server-chat-Q95f4ywD.js +827 -0
package/dist/server-close.runtime.js +3 -3
package/dist/server-context-CnXNaarB.js +2 -0
package/dist/server-context-DRBebo7Y.js +955 -0
package/dist/server-cron-C0o0ZvqF.js +3173 -0
package/dist/server-cron-CLeBvurR.js +2 -0
package/dist/server-maintenance-CqHfTnFD.js +152 -0
package/dist/server-methods-BmlBQJMD.js +497 -0
package/dist/server-middleware-DJhnR6jl.js +122 -0
package/dist/server-model-catalog-CoSSk_Gy.js +2 -0
package/dist/server-model-catalog-D32oDTQp.js +73 -0
package/dist/server-node-events-DX9a4etQ.js +597 -0
package/dist/server-plugin-bootstrap-Vco-EpxY.js +71 -0
package/dist/server-plugins-WBX2fZRp.js +435 -0
package/dist/server-reload-handlers-DGJLH8bg.js +719 -0
package/dist/server-restart-sentinel-Bvon7f8K.js +700 -0
package/dist/server-runtime-services-BNcH4vhR.js +3 -0
package/dist/server-runtime-services-BjcQG5y7.js +147 -0
package/dist/server-runtime-subscriptions-W39HeyoT.js +67 -0
package/dist/server-session-events-CO73dMU-.js +244 -0
package/dist/server-session-key-D8V67lDk.js +2 -0
package/dist/server-session-key-v-KYSmRS.js +75 -0
package/dist/server-startup-config-u54lUdWN.js +305 -0
package/dist/server-startup-early-Cy5kArJG.js +87 -0
package/dist/server-startup-memory-DvINFAYn.js +72 -0
package/dist/server-startup-plugins-CerpbOSQ.js +127 -0
package/dist/server-startup-post-attach-COUCwhNa.js +793 -0
package/dist/server-ws-runtime-BfznAnbI.js +374 -0
package/dist/server.impl-dQXccj0z.js +2622 -0
package/dist/session-cost-usage-Bs5yIOBH.js +1600 -0
package/dist/session-kill-http-DVleb3RW.js +121 -0
package/dist/session-log-runtime-OG7J4j9m.js +1258 -0
package/dist/session-override-LIWl5a9T.js +134 -0
package/dist/session-reset-model.runtime-BpnTi4sa.js +144 -0
package/dist/session-reset-model.runtime.js +1 -1
package/dist/session-reset-service-HA07zS8L.js +651 -0
package/dist/session-status.runtime-D6_clH8l.js +2 -0
package/dist/session-status.runtime.js +1 -1
package/dist/session-store-Cj4Rh6qc.js +273 -0
package/dist/session-store.runtime-DSCxACdZ.js +4 -0
package/dist/session-store.runtime.js +1 -1
package/dist/session-subagent-reactivation.runtime-CcwaHAxg.js +2 -0
package/dist/session-subagent-reactivation.runtime.js +1 -1
package/dist/session-tab-registry-C-9uI2Wi.js +551 -0
package/dist/session-utils-BRtPESA4.js +1508 -0
package/dist/sessions-Beltl3Ra.js +1917 -0
package/dist/sessions-DR-X-j8D.js +316 -0
package/dist/sessions-cleanup-CR1CFcJb.js +165 -0
package/dist/sessions-history-http-CjyHWYEv.js +432 -0
package/dist/sessions-patch-peSeltuF.js +401 -0
package/dist/sessions-resolve-D9ULr95s.js +180 -0
package/dist/sessions-table-Da6bua9d.js +161 -0
package/dist/sessions-uKpnhod0.js +12736 -0
package/dist/sessions.runtime-C1mVNaU3.js +2 -0
package/dist/sessions.runtime.js +1 -1
package/dist/set-DVj21EuB.js +31 -0
package/dist/set-image-JChDCaAP.js +17 -0
package/dist/setup-5I-zpID3.js +614 -0
package/dist/setup-CjtY6cli.js +2 -0
package/dist/setup-onboard-configure-help-fast-path-C5GcSuXb.js +64 -0
package/dist/setup.finalize-Bf10PNbl.js +586 -0
package/dist/setup.gateway-config-EH5Rvwzy.js +281 -0
package/dist/setup.migration-import-CoeV4Kc1.js +200 -0
package/dist/setup.migration-import-DFFGw4DI.js +2 -0
package/dist/setup.post-install-migration-DcQmWTE7.js +128 -0
package/dist/shared-BFSJZ6B3.js +212 -0
package/dist/shared-CVM-dYkO.js +5 -0
package/dist/shared-fvgcmCsj.js +71 -0
package/dist/simple-completion-runtime-C_TXe4M1.js +2 -0
package/dist/simple-completion-runtime-DREq-fcF.js +206 -0
package/dist/simple-completion-transport-DtD1fEvJ.js +83 -0
package/dist/snapshot-urls-B-wkwDI9.js +317 -0
package/dist/speech-core-KQg6oKcR.js +119 -0
package/dist/speech-provider-DfyLYitQ.js +171 -0
package/dist/speech-provider-oDvTumNW.js +227 -0
package/dist/speech-provider-yL-TQ3Em.js +233 -0
package/dist/stale-oauth-profile-shadows-CW11VYMM.js +2 -0
package/dist/stale-oauth-profile-shadows-DFl6Lyf1.js +186 -0
package/dist/standalone-runtime-registry-loader-BiponY-y.js +59 -0
package/dist/startup-context-PVXYM-X3.js +314 -0
package/dist/status-BA_0z83w.js +249 -0
package/dist/status-Bc7BGlRt.js +2 -0
package/dist/status-BwPWg9eQ.js +3 -0
package/dist/status-CLQ66eml.js +4 -0
package/dist/status-Ci2gChtY.js +466 -0
package/dist/status-CmtBWJEE.js +2 -0
package/dist/status-DdnMnPNs.js +73 -0
package/dist/status-all-BpTvkYrt.js +573 -0
package/dist/status-json-CizozZCr.js +15 -0
package/dist/status-json-command-FzKa2t6O.js +84 -0
package/dist/status-message-BHbnxwmt.js +495 -0
package/dist/status-message.runtime-Df5WBBAk.js +6 -0
package/dist/status-message.runtime.js +1 -1
package/dist/status-queue.runtime-CXnZV4Bj.js +2 -0
package/dist/status-queue.runtime.js +1 -1
package/dist/status-runtime-shared-D3Hz8WZ_.js +289 -0
package/dist/status-subagents.runtime-PoDdwwaw.js +32 -0
package/dist/status-subagents.runtime.js +1 -1
package/dist/status-text-DNxXSCuI.js +301 -0
package/dist/status.command-C_e9GcMg.js +2 -0
package/dist/status.command-DjVKDmt_.js +425 -0
package/dist/status.command.text-runtime-BeHlqL8b.js +15 -0
package/dist/status.runtime-h--fx9HY.js +2 -0
package/dist/status.scan-WyR8TeJz.js +72 -0
package/dist/status.scan-overview-CMzUAQMQ.js +460 -0
package/dist/status.scan.deps.runtime-1JTrdyHk.js +19 -0
package/dist/status.scan.deps.runtime.js +1 -1
package/dist/status.scan.fast-json-D2jw1wKO.js +163 -0
package/dist/status.scan.fast-json-DbN1KxJT.js +2 -0
package/dist/status.summary-6ZijZM1g.js +2 -0
package/dist/status.summary-CiCsChO-.js +276 -0
package/dist/store-CdBPITcg.js +2302 -0
package/dist/store-D0l2NCdn.js +3 -0
package/dist/stored-model-override-HEgnFh6b.js +79 -0
package/dist/subagent-announce-BUv_kA1W.js +353 -0
package/dist/subagent-announce-delivery-Ci2Y_p--.js +1369 -0
package/dist/subagent-control-BM3vNgsQ.js +492 -0
package/dist/subagent-control.runtime-Df3pVQL9.js +3 -0
package/dist/subagent-control.runtime.js +1 -1
package/dist/subagent-hooks-CN2fLez2.js +2 -0
package/dist/subagent-hooks-CeOmTJBf.js +230 -0
package/dist/subagent-hooks-api-Cfe4DAT9.js +23 -0
package/dist/subagent-registry-B9RPAXUs.js +2627 -0
package/dist/subagent-registry-C7tedtVB.js +3 -0
package/dist/subagent-registry.runtime.js +2 -2
package/dist/subagent-session-cleanup-y0ijZ-LQ.js +390 -0
package/dist/system-DVtrOGbV.js +111 -0
package/dist/system-prompt-config-BVmrcmmr.js +918 -0
package/dist/talk-CrdgqTCl.js +2454 -0
package/dist/target-id-CrUyi-Uq.js +107 -0
package/dist/targets-KZ2ezPwx.js +267 -0
package/dist/targets.runtime-iZ8KdQ1C.js +2 -0
package/dist/targets.runtime.js +1 -1
package/dist/task-executor-893pMqzn.js +349 -0
package/dist/task-owner-access-DC7MKz3n.js +74 -0
package/dist/task-registry-control.runtime.js +2 -2
package/dist/task-registry-delivery-runtime-YGMOyqP5.js +2 -0
package/dist/task-registry-uaYJfgXF.js +2362 -0
package/dist/task-registry.maintenance-Dx0m2NYh.js +2 -0
package/dist/task-registry.maintenance-gApg-XOt.js +764 -0
package/dist/task-status-access-CFhD_ieY.js +18 -0
package/dist/tasks-B_Qoz38D.js +153 -0
package/dist/tasks-DtV85zJT.js +548 -0
package/dist/tasks-audit-system-Con3yYnm.js +210 -0
package/dist/tasks-json-BM3pauZl.js +73 -0
package/dist/tavily-web-search-provider.runtime-Cmyyc5kX.js +112 -0
package/dist/tavily-web-search-provider.runtime.js +1 -1
package/dist/text-report-CKxmVmt5.js +695 -0
package/dist/text-transforms.runtime-DVwVsBRS.js +113 -0
package/dist/text-transforms.runtime.js +1 -1
package/dist/thread-bindings-B6UEVp9q.js +228 -0
package/dist/tool-KOZc7TIF.js +143 -0
package/dist/tool-dispatch-Ca4z2GEr.js +155 -0
package/dist/tool-images-CzDwHeDR.js +247 -0
package/dist/tool-plugin-BvQBJ2gU.js +93 -0
package/dist/tool-resolution-Ddxl6tjh.js +153 -0
package/dist/tool-result-truncation-BSKuIhd5.js +498 -0
package/dist/tool-schema-nB27q-vb.js +40 -0
package/dist/tool-schema-projection-COrMarLR.js +215 -0
package/dist/tool-split-BjPHBFrv.js +323 -0
package/dist/tools-CV40BWkc.js +901 -0
package/dist/tools-catalog-5stC7W2V.js +156 -0
package/dist/tools-effective-BVjqz2FV.js +442 -0
package/dist/tools-effective-inventory-esPY5jRB.js +379 -0
package/dist/tools-invoke-Czk_NM9G.js +51 -0
package/dist/tools-invoke-http-D7PbsODz.js +68 -0
package/dist/tools-invoke-shared-CzrEn0Dm.js +200 -0
package/dist/tools-rSjgf61B.js +579 -0
package/dist/tools.runtime-DiChCSGI.js +5 -0
package/dist/tools.runtime.js +1 -1
package/dist/transcript-rewrite-4IQefjvK.js +688 -0
package/dist/transcripts-tool-BXTS8tE5.js +2 -0
package/dist/transcripts-tool-CeWGgz5k.js +656 -0
package/dist/tts-BS8EeM8p.js +2 -0
package/dist/tts-BlTZjsaE.js +194 -0
package/dist/tts-runtime-BfRdJDyY.js +1337 -0
package/dist/tts-vRSvSw-t.js +3 -0
package/dist/tts.runtime-ChBnVkNt.js +3 -0
package/dist/tts.runtime-CmVCUbzq.js +2 -0
package/dist/tts.runtime.js +1 -1
package/dist/tui-BoQVBgWB.js +4860 -0
package/dist/tui-DBYK9BeQ.js +2 -0
package/dist/tui-backend-X0NI7rAv.js +256 -0
package/dist/tui-cli-BpUtjV38.js +40 -0
package/dist/typing-policy-CBwyAQh4.js +199 -0
package/dist/usage-Bl-tgGx-.js +623 -0
package/dist/usage-Cj_ektBl.js +1113 -0
package/dist/usage-format-DWO9ckX3.js +394 -0
package/dist/usage-format-DnCIXsqG.js +2 -0
package/dist/video-generation-provider-B7ib4AeI.js +297 -0
package/dist/video-generation-provider-CXQ6fqJx.js +64 -0
package/dist/video-generation-provider-DXjl05T6.js +325 -0
package/dist/video-generation-provider-Db8h71jA.js +77 -0
package/dist/web-fetch/runtime.js +1 -1
package/dist/web-fetch-providers.runtime-DhPkYjgB.js +41 -0
package/dist/web-fetch-providers.runtime.js +1 -1
package/dist/web-guarded-fetch-BdsVyvDS.js +58 -0
package/dist/web-guarded-fetch-CJR3JCwT.js +2 -0
package/dist/web-media-BzzQJAwk.js +4 -0
package/dist/web-media-DViZjNBa.js +2 -0
package/dist/web-media-inHawfBU.js +651 -0
package/dist/web-provider-runtime-shared-Cc08Lt9p.js +142 -0
package/dist/web-search-provider-common-CtbtmUL-.js +252 -0
package/dist/web-search-providers.runtime-B7x_cRVn.js +41 -0
package/dist/web-search-providers.runtime.js +1 -1
package/dist/zod-schema.core-Cuz0lz6m.d.ts +166 -0
package/package.json +1 -1
package/dist/abort-CR0u3VsG.js +0 -277
package/dist/abort.runtime-CXUxanGg.js +0 -2
package/dist/accounts-BxBaquAf.js +0 -423
package/dist/accounts-vQjpoqEe.js +0 -2
package/dist/acp-spawn-2elSoS0E.js +0 -1286
package/dist/acp-spawn-DtKOHNO1.js +0 -2
package/dist/acp-stateful-target-driver-BqeA5j0h.js +0 -89
package/dist/action-info-B8NotHFw.js +0 -75
package/dist/active-runtime-registry-BO9mpPuB.js +0 -62
package/dist/active-tool-schema-warnings-C8vGj5FX.js +0 -105
package/dist/active-tool-schema-warnings-CVeFJuWI.js +0 -2
package/dist/agent-BgEaDMdp.js +0 -1825
package/dist/agent-_V5GbziF.js +0 -2
package/dist/agent-bundle-lsp-runtime-0jBcDEHh.js +0 -389
package/dist/agent-bundle-lsp-runtime-CQ6dZLs_.js +0 -2
package/dist/agent-bundle-mcp-materialize-Cu6JqMzC.js +0 -124
package/dist/agent-bundle-mcp-tools-BGL827cn.js +0 -3
package/dist/agent-command-CMJdGr16.js +0 -1435
package/dist/agent-delivery-DMu1MOeq.js +0 -117
package/dist/agent-harness-runtime-BKSW2E1O.js +0 -207
package/dist/agent-model-discovery-Cu4YL31r.js +0 -3
package/dist/agent-model-discovery-DdmVtkZo.js +0 -238
package/dist/agent-runner-utils-DXNDhwkI.js +0 -267
package/dist/agent-runner.runtime-Cym4Odfd.js +0 -3784
package/dist/agent-runtime-BkbhevY3.js +0 -199
package/dist/agent-runtime-label-DNP06p76.js +0 -30
package/dist/agent-runtime-metadata-JaTKc7mA.js +0 -53
package/dist/agent-tool-result-middleware-loader-FbZE0Qpk.js +0 -55
package/dist/agent-tools-Nwh8BlKX.js +0 -2506
package/dist/agent-tools.before-tool-call-BwY-FYFl.js +0 -1274
package/dist/agent-tools.before-tool-call-DwUmYhE3.js +0 -2
package/dist/agent-u5NDWrw9.js +0 -3
package/dist/agent-via-gateway-DMtOMwZa.js +0 -486
package/dist/agent-wait-dedupe-CLuKbI_7.js +0 -180
package/dist/agents-CiW7UEuB.js +0 -632
package/dist/agents.command-shared-CXGSQscb.js +0 -16
package/dist/agents.commands.add-BYBrZDXD.js +0 -304
package/dist/agents.commands.bind-nfg3AlVc.js +0 -265
package/dist/agents.commands.delete-pRj6vIrn.js +0 -128
package/dist/agents.commands.identity-Ci2PnDDl.js +0 -143
package/dist/agents.commands.list-Crj3BmqB.js +0 -235
package/dist/aliases-BFspFx3-.js +0 -97
package/dist/api-BiXhdPle.js +0 -3
package/dist/api-Cptkjys5.js +0 -6
package/dist/api-D3vT4ZVi.js +0 -2
package/dist/api-key-rotation-CQgW8LEx.js +0 -167
package/dist/app-registration-YW276fZC.js +0 -194
package/dist/apply-BRxKrOiK.js +0 -510
package/dist/apply-D0fWCa-U.js +0 -2
package/dist/apply-DIR8y0ZA.js +0 -2
package/dist/apply-DNUIV0Lt.js +0 -416
package/dist/apply-Dux9jI7f.js +0 -544
package/dist/approval-native-helpers-BMT-5X47.js +0 -398
package/dist/artifacts-CTrtIv9T.js +0 -368
package/dist/assistant-ClfI8Kho.js +0 -291
package/dist/attachment-normalize-DAW86mZY.js +0 -213
package/dist/attempt-execution-DTi2UfET.js +0 -584
package/dist/attempt-execution.helpers-DrX0QToi.js +0 -969
package/dist/attempt-execution.runtime-BCmAxwGy.js +0 -3
package/dist/attempt.prompt-helpers-BE6kGRtT.js +0 -543
package/dist/attempt.tool-run-context-J9O2yjbV.js +0 -1240
package/dist/audio-preflight.runtime-D3GXVYBI.js +0 -7
package/dist/audit-5T20D-xm.js +0 -1108
package/dist/audit-CWuV5GlP.js +0 -477
package/dist/audit.nondeep.runtime-DeYwRDYj.js +0 -1416
package/dist/audit.runtime-rUlvK4Rb.js +0 -7
package/dist/auth-DunUSatn.js +0 -567
package/dist/auth-choice--eBzca8Y.js +0 -3
package/dist/auth-choice-DJ9jsFUq.js +0 -400
package/dist/auth-choice-_pLkIdVh.js +0 -110
package/dist/auth-choice.apply.api-providers-CALcopRP.js +0 -2
package/dist/auth-choice.apply.api-providers-Dzzm1snk.js +0 -34
package/dist/auth-choice.plugin-providers.runtime-BHKTeZZc.js +0 -11
package/dist/auth-health-Cs4OjiF2.js +0 -219
package/dist/auth-list-bwJ4QDs0.js +0 -115
package/dist/auth-order-BoHN3Dc_.js +0 -105
package/dist/auth-profiles-BOLncVgy.js +0 -73
package/dist/auth-profiles-BiQRkULt.js +0 -14
package/dist/backend-config-B5yga5ay.js +0 -259
package/dist/bash-tools-BWvldguc.js +0 -3
package/dist/bash-tools-DEAAO5np.js +0 -3497
package/dist/binding-routing-BbtHmU_l.js +0 -113
package/dist/binding-targets-DSNv3-QA.js +0 -121
package/dist/bootstrap-files-DD8V2dLe.js +0 -202
package/dist/bootstrap-files-_6u1uJW2.js +0 -3
package/dist/bridge-server-v1-XPnAZ.js +0 -113
package/dist/browser-cli-CnpuO4KR.js +0 -230
package/dist/browser-cli-DPbIn8SK.js +0 -2
package/dist/browser-cli-actions-input-DoGR6LI-.js +0 -522
package/dist/browser-cli-actions-observe-CYMpgmtF.js +0 -81
package/dist/browser-cli-debug-ChJjSq-h.js +0 -137
package/dist/browser-cli-inspect-Bbci-WPG.js +0 -117
package/dist/browser-cli-manage-Bnscjb7b.js +0 -446
package/dist/browser-cli-resize-D1MJdvZI.js +0 -32
package/dist/browser-cli-shared-BCQwqz51.js +0 -69
package/dist/browser-cli-state-BWkPsvUg.js +0 -371
package/dist/browser-control-auth-CEP_ExeC.js +0 -2
package/dist/browser-profiles-SvnqnHVN.js +0 -2
package/dist/browser-runtime-0mRxjFpp.js +0 -389
package/dist/browser-tool.schema--CLR3nDv.js +0 -132
package/dist/btw-command-DV6HfrRV.js +0 -18
package/dist/build-DiRmljCi.js +0 -261
package/dist/bundled-channel-config-schema-Bte--ZlY.d.ts +0 -3168
package/dist/capability-cli-ATfwTYFe.js +0 -1809
package/dist/capability-provider-runtime-l3nnLGvn.js +0 -346
package/dist/cdp.helpers-IIuc0KGS.js +0 -637
package/dist/channel-CzTD2ouI.js +0 -2309
package/dist/channel-actions-B5Yk5Axf.js +0 -46
package/dist/channel-bootstrap.runtime-C9F-Pq1o.js +0 -38
package/dist/channel-bootstrap.runtime-TPyY5Ngv.js +0 -2
package/dist/channel-core-XMZJ-ZGF.js +0 -5
package/dist/channel-inbound-DvqkKmiH.js +0 -121
package/dist/channel-message-CnJ4vUyt.js +0 -12
package/dist/channel-outbound-BhefGAqY.js +0 -436
package/dist/channel-plugin-resolution-BiaJ8aRa.js +0 -2
package/dist/channel-plugin-resolution-D_CxkMVc.js +0 -135
package/dist/channel-resolution-DzI28gIM.js +0 -46
package/dist/channel-selection-CLFO4-eQ.js +0 -171
package/dist/channel-selection.runtime-Beb2-bMH.js +0 -2
package/dist/channel.runtime-By5T5eGw.js +0 -697
package/dist/channels-BrRY9Mag.js +0 -1004
package/dist/channels-cli-CF--e2RU.js +0 -331
package/dist/chat-BTMPilpx.js +0 -2940
package/dist/chat-DnC7XCWK.js +0 -3
package/dist/chrome-C3_dN9jE.js +0 -1517
package/dist/chrome-mcp-5jjDHIgn.js +0 -864
package/dist/chrome-mcp-DFAa-WzK.js +0 -2
package/dist/claude-live-session-BUPeOzLE.js +0 -1338
package/dist/claude-live-session-Bprgmr1-.js +0 -2
package/dist/clawbot-cli-5UVkLT1Y.js +0 -9
package/dist/cli-6a6sMEUB.js +0 -2
package/dist/cli-COCN9B5e.js +0 -2
package/dist/cli-CpI4dBXy.js +0 -141
package/dist/cli-YLx-ekdH.js +0 -293
package/dist/cli-backends.runtime-CsBjr7ag.js +0 -7
package/dist/cli-compaction-Bh0oMwUa.js +0 -363
package/dist/cli-registry-loader-DDbaAJgY.js +0 -2
package/dist/cli-registry-loader-xc2Ah8S4.js +0 -193
package/dist/cli-runner-BfSrIn-9.js +0 -597
package/dist/cli-runner-D_FAjNbR.js +0 -2
package/dist/cli-runner.runtime-BJetQDu1.js +0 -3
package/dist/cli-runner.runtime-BKJQkc7C.js +0 -4
package/dist/cli-session-Cy3IeH0g.js +0 -119
package/dist/cli.runtime-BpOz0s3N.js +0 -1276
package/dist/codex-native-web-search-BDtKRV3F.js +0 -4
package/dist/codex-native-web-search-C0TrfoMX.js +0 -20
package/dist/codex-native-web-search-core-CzlK1GfN.js +0 -106
package/dist/command-auth-CFnvdYX2.js +0 -135
package/dist/command-config-resolution-B_86rG8v.js +0 -2
package/dist/command-config-resolution-BbadcA2M.js +0 -25
package/dist/command-config-resolution.runtime-B_86rG8v.js +0 -2
package/dist/command-execution-startup-Rrwwdg_5.js +0 -90
package/dist/command-primitives-runtime-C9bTt5IV.js +0 -3
package/dist/command-registry-CbpdQKmu.js +0 -9
package/dist/command-registry-Dw-XC_Zk.js +0 -4
package/dist/command-registry-core-rvEDki6p.js +0 -114
package/dist/command-secret-gateway-BX6BIiFn.js +0 -589
package/dist/command-secret-targets-DCzlTkb5.js +0 -2
package/dist/command-status-builders-DIsZN9aY.js +0 -147
package/dist/command-status.runtime-C2x4yMRd.js +0 -90
package/dist/commands-FYCxWqIx.js +0 -161
package/dist/commands-compact.runtime-BTMQfx1k.js +0 -10
package/dist/commands-core.runtime-CuNLz2wm.js +0 -2
package/dist/commands-handlers.runtime-DyNuPOmY.js +0 -6327
package/dist/commands-models-s7BRmLQh.js +0 -448
package/dist/commands-registry-BxEq-3UJ.js +0 -195
package/dist/commands-registry.runtime-CbXW33S_.js +0 -4
package/dist/commands-status-BRJMba4h.js +0 -16
package/dist/commands-status-DCXEwlSF.js +0 -3
package/dist/commands-status.runtime-DCXEwlSF.js +0 -3
package/dist/commands-subagents-control.runtime-CduLQJFD.js +0 -2
package/dist/commands-system-prompt-B3LD8CDs.js +0 -161
package/dist/commands-system-prompt-DPsXTqOQ.js +0 -2
package/dist/commands.runtime-3sVz8Qgo.js +0 -175
package/dist/common-CZvBLb3w.js +0 -286
package/dist/compact-DxU_9XEc.js +0 -1165
package/dist/compact.runtime-CqQTypVl.js +0 -12
package/dist/compaction-planning-DArTi9SN.js +0 -202
package/dist/completion-cli-CiKl5HhI.js +0 -393
package/dist/config--yllOaSC.js +0 -374
package/dist/config-Yt5UcD91.js +0 -610
package/dist/config-cli-BeXS3R6k.js +0 -1703
package/dist/config-mutation-cQeWhUqy.js +0 -5
package/dist/config-mutations-Cg04LH_S.js +0 -161
package/dist/config-utils-Dhq_UKMC.js +0 -141
package/dist/config-validation-BANohTKD.js +0 -33
package/dist/configure-CWxhlx9G.js +0 -771
package/dist/configure-Jejkc6dn.js +0 -3
package/dist/configure.commands-BYy1bz8G.js +0 -2
package/dist/configure.commands-C3hDvZse.js +0 -1253
package/dist/context-DptQ59DZ.js +0 -248
package/dist/context-_ZshNBhD.js +0 -2
package/dist/context-engine-host-compat-C_eflvRw.js +0 -2
package/dist/context-engine-host-compat-s15Pu845.js +0 -280
package/dist/context-engine-lifecycle-COHFLnj4.js +0 -627
package/dist/control-auth-CQJpLoIb.js +0 -114
package/dist/control-service-BFSgA0Py.js +0 -40
package/dist/control-service-D7GZv-GS.js +0 -3
package/dist/control-ui/assets/activity-CCu43qU8.js +0 -124
package/dist/control-ui/assets/agents-DCvsB0yO.js +0 -1030
package/dist/control-ui/assets/channels-CpM2j5xT.js +0 -120
package/dist/control-ui/assets/cron-CLXNfwYa.js +0 -1016
package/dist/control-ui/assets/debug-BcJ34lrC.js +0 -97
package/dist/control-ui/assets/index-CuBn2YpX.js +0 -7214
package/dist/control-ui/assets/instances-Bu6NM_Hs.js +0 -57
package/dist/control-ui/assets/nodes-Bd1WzVLK.js +0 -444
package/dist/control-ui/assets/sessions-C2r8pbt7.js +0 -425
package/dist/control-ui/assets/skills-DIjn93ee.js +0 -362
package/dist/control-ui/assets/workboard-CHb0if1l.js +0 -402
package/dist/control-ui-ChfTPXZo.js +0 -750
package/dist/conversation-label-generator-CTfnInQF.js +0 -72
package/dist/conversation-runtime-B7oAN9Tq.js +0 -31
package/dist/core-api-CBD0dvTQ.js +0 -5
package/dist/core-api-ClCm_yM8.js +0 -2
package/dist/core-wuoxL08a.js +0 -284
package/dist/crestodian--iYeGB8u.js +0 -55
package/dist/cron-D2SzQyqo.js +0 -453
package/dist/daemon-install-B6CAkU3V.js +0 -66
package/dist/daemon-install-auth-profiles-store.runtime-Cpt5LSD6.js +0 -2
package/dist/dashboard-ChYOQjM2.js +0 -263
package/dist/defaults-CCopehWw.js +0 -130
package/dist/defaults-H4kBp17N.js +0 -3
package/dist/defaults.constants-CjB9HP6f.js +0 -76
package/dist/deliver-BzPhWO_F.js +0 -3
package/dist/deliver-DGyKH3Qi.js +0 -1399
package/dist/deliver-runtime-Ca2kcQoZ.js +0 -2
package/dist/delivery-outbound.runtime-D7ycPxY-.js +0 -7
package/dist/delivery-queue-CnLv30ko.js +0 -863
package/dist/delivery-queue-CuaDjNMh.js +0 -2
package/dist/delivery-queue-runtime-DO2vqOIJ.js +0 -16
package/dist/delivery-target.runtime-QcBVk_j8.js +0 -45
package/dist/delivery.runtime-L09v4tys.js +0 -470
package/dist/detached-task-runtime-BqU7YXYT.js +0 -86
package/dist/diagnostics-T-Hk_Qzi.js +0 -168
package/dist/dialogue-C0VnTMMn.js +0 -37
package/dist/direct-dm-BWn67tDD.js +0 -81
package/dist/directive-handling.defaults-DO6Snm4_.js +0 -22
package/dist/directive-handling.fast-lane-BemYRfPn.js +0 -70
package/dist/directive-handling.impl-BMVh1pMh.js +0 -823
package/dist/directive-handling.impl-vr4MsYbt.js +0 -2
package/dist/directive-handling.model-selection-DegP9exp.js +0 -122
package/dist/directive-handling.persist.runtime-BUdU6_zm.js +0 -274
package/dist/directives-1xk_ZcMf.js +0 -319
package/dist/directory-cli-D83WEjEG.js +0 -239
package/dist/dispatch-Ck2tvRYH.js +0 -2057
package/dist/dispatch-acp-GdaHNdvf.js +0 -1102
package/dist/dispatch-acp-manager.runtime-BGSrJqrW.js +0 -3
package/dist/dispatch-acp-media.runtime-DQ8dYQh8.js +0 -4
package/dist/dispatch-acp-transcript.runtime-CsJZGhnu.js +0 -40
package/dist/dispatch-acp-tts.runtime-Bo-QxKgx.js +0 -3
package/dist/dispatch-acp.runtime-C_u7sGcQ.js +0 -18
package/dist/dispatcher-GtuYO6Ni.js +0 -106
package/dist/doctor-B2qP9g8d.js +0 -760
package/dist/doctor-D9wCez5t.js +0 -6
package/dist/doctor-auth-XnseqtS7.js +0 -216
package/dist/doctor-auth-flat-profiles-B6cL-TiJ.js +0 -516
package/dist/doctor-auth-flat-profiles-Birb7qIk.js +0 -2
package/dist/doctor-auth-legacy-oauth-CXO3OtyG.js +0 -48
package/dist/doctor-auth-oauth-sidecar-BSgQPbcS.js +0 -177
package/dist/doctor-auth-oauth-sidecar-CzzyNwxc.js +0 -2
package/dist/doctor-bootstrap-size-BlVcO5D6.js +0 -57
package/dist/doctor-claude-cli-_MTVnCQ-.js +0 -150
package/dist/doctor-config-flow-0kxzjUjK.js +0 -1819
package/dist/doctor-core-checks-C_g9REOd.js +0 -666
package/dist/doctor-core-checks-CahzmM1L.js +0 -2
package/dist/doctor-core-checks.runtime-Bi_oTiTZ.js +0 -278
package/dist/doctor-gateway-daemon-flow-UAIWsI9w.js +0 -349
package/dist/doctor-gateway-services-BiMEGiw_.js +0 -465
package/dist/doctor-health-C69GVfMl.js +0 -65
package/dist/doctor-health-contributions-Bz19QhI4.js +0 -874
package/dist/doctor-lint-BVW4E6Qf.js +0 -95
package/dist/doctor-memory-search-D2PWzDCY.js +0 -407
package/dist/doctor-state-integrity-DuJIszQj.js +0 -1257
package/dist/doctor-tool-result-cap-advice-Dpn4zNH3.js +0 -27
package/dist/doctor-workspace-status-nW9TcIWi.js +0 -76
package/dist/dreaming-CcOWzGN5.js +0 -523
package/dist/dreaming-command-sxm3FQGb.js +0 -101
package/dist/dreaming-narrative-BSRwiUPL.js +0 -2
package/dist/dreaming-narrative-BskwmYdC.js +0 -721
package/dist/dreaming-phases-BuHjGyPw.js +0 -2
package/dist/dreaming-phases-ChVT8Ovk.js +0 -1162
package/dist/drive-C_u5W4ln.js +0 -899
package/dist/echo-transcript-tnZWH4EO.js +0 -52
package/dist/effective-tool-policy-CeHdL2D7.js +0 -89
package/dist/embedded-agent-CGULn3lb.js +0 -4
package/dist/embedded-agent-DZTa1YiK.js +0 -4074
package/dist/embedded-agent-helpers-B65K9o55.js +0 -6
package/dist/embedded-agent-helpers-BPXCvWBb.js +0 -1037
package/dist/embedded-agent.runtime-TfBgXcUV.js +0 -4
package/dist/embedded-backend-BAaFwayA.js +0 -744
package/dist/embedded-gateway-stub.runtime-CNyrjvgT.js +0 -12
package/dist/embedding-provider-runtime-EnkHdROJ.js +0 -86
package/dist/embedding-providers-CDkDb0kv.js +0 -2
package/dist/embeddings-http-ClIu4_mP.js +0 -222
package/dist/engine-qmd-DZRiT9i4.js +0 -708
package/dist/engine-storage-BEqlN8TR.js +0 -203
package/dist/errors-Co8auIlv.js +0 -2
package/dist/exec-approval-forwarder.runtime-C7QvfWQ6.js +0 -4
package/dist/exec-approval-session-target-ChuH1nXL.js +0 -177
package/dist/exec-auto-reviewer-Bm7380HF.js +0 -2
package/dist/exec-auto-reviewer-BrrdGleK.js +0 -241
package/dist/execute.runtime-B-8jUqDB.js +0 -579
package/dist/external-cli-auth-selection-0BxmRUps.js +0 -113
package/dist/extra-params-BgyvpEpv.js +0 -615
package/dist/fallback-notice-state-BXk_kRWM.js +0 -15
package/dist/fallbacks-CPdVRP81.js +0 -31
package/dist/fallbacks-shared-CSGf1oaf.js +0 -116
package/dist/fengming-runtime-NUA51sEw.js +0 -33
package/dist/fengming-runtime-config-CIZ-SHPt.js +0 -2
package/dist/fengming-runtime-memory-CIZ-SHPt.js +0 -2
package/dist/fengming-runtime-session-CIZ-SHPt.js +0 -2
package/dist/fengming-tools-MvRSt0JA.js +0 -12221
package/dist/flows-BocRit8D.js +0 -189
package/dist/fs-utils-DSXeBcjj.js +0 -9
package/dist/gateway-BCrUxrVw.js +0 -133
package/dist/gateway-cli-B8bXBd_L.js +0 -443
package/dist/gateway-install-token-pngTMc-f.js +0 -136
package/dist/gateway-method-runtime-ueZTz7WH.js +0 -21
package/dist/gateway-runtime-DbsoThML.js +0 -23
package/dist/get-reply-DUuaxcBz.js +0 -5198
package/dist/get-reply-from-config.runtime-B4Dgs3Hg.js +0 -2
package/dist/github-copilot-token-7AfRRF7J.js +0 -2
package/dist/health-7Yq5zpoZ.js +0 -3
package/dist/health-DlZqxm2f.js +0 -621
package/dist/health-DxesUuur.js +0 -111
package/dist/health-state-BMG8kOby.js +0 -106
package/dist/heartbeat-runner-Bq7A_Cjm.js +0 -5
package/dist/heartbeat-runner-DVwbVyft.js +0 -1930
package/dist/heartbeat-runner.runtime-DQ2NPXMD.js +0 -3
package/dist/helpers-PCu2RivJ.js +0 -406
package/dist/hook-helpers-DLEnCRO7.js +0 -44
package/dist/hooks-Bv-otcl7.js +0 -536
package/dist/hooks-cli-C5ve0nzF.js +0 -465
package/dist/http-endpoint-helpers-w2SagsQz.js +0 -37
package/dist/http-utils-CVvn0ZA-.js +0 -98
package/dist/image-BeixBis4.js +0 -385
package/dist/image-fallbacks-CPbmIMn9.js +0 -31
package/dist/image-generation-core.auth.runtime-Co38iRxQ.js +0 -2
package/dist/image-generation-provider-BA4Ar91S.js +0 -152
package/dist/image-runtime-7ZsfioS1.js +0 -9
package/dist/image-tool.helpers-upjA3ksB.js +0 -150
package/dist/images-ChLi1Uog.js +0 -2
package/dist/images-nB0XAnTa.js +0 -416
package/dist/inbound-reply-dispatch-DglobJ8j.js +0 -2
package/dist/inbound-reply-dispatch-QKOgNx-m.js +0 -147
package/dist/index-AZzJCgph.d.ts +0 -1497
package/dist/infra-runtime-CGD3RE_2.js +0 -32
package/dist/init-poVZDCAM.js +0 -59
package/dist/install-Dn9oPGmU.js +0 -262
package/dist/install.runtime-D5sllsjl.js +0 -2
package/dist/internal-CnOL_Roa.js +0 -399
package/dist/isolated-agent-CNw6E3F0.js +0 -1097
package/dist/isolated-agent-DjkHhEyR.js +0 -2
package/dist/kernel-B5Y5IQ-A.js +0 -3
package/dist/kernel-CMuO4VJy.js +0 -979
package/dist/kimi-web-search-provider.runtime-V4m_MHsk.js +0 -307
package/dist/library-B-1EZjtY.js +0 -45
package/dist/lifecycle-B-5gEZ7O.js +0 -570
package/dist/lifecycle-Bzh5Jo09.js +0 -2
package/dist/lifecycle-DvbcJYMl.js +0 -355
package/dist/lifecycle.runtime-Bzh5Jo09.js +0 -2
package/dist/list-B4xSHRdU.js +0 -2
package/dist/list-BnhZHpxx.js +0 -207
package/dist/list.list-command-DAz-Ws_6.js +0 -429
package/dist/list.model-row-DtdX9KDu.js +0 -39
package/dist/list.probe-CY6lxq51.js +0 -2
package/dist/list.probe-DPuE1GOH.js +0 -451
package/dist/list.provider-catalog-BHc9WXI6.js +0 -211
package/dist/list.provider-catalog-CFbrroys.js +0 -2
package/dist/list.registry-load-C1_sr3gb.js +0 -152
package/dist/list.row-sources-BMtHc9oi.js +0 -474
package/dist/list.source-plan-Dth72qPP.js +0 -81
package/dist/list.status-command-BXCnEq8Q.js +0 -815
package/dist/live-model-switch-Dxav22vq.js +0 -119
package/dist/llm-slug-generator-6o8RXL11.js +0 -78
package/dist/load-config-EF3n0Dyo.js +0 -27
package/dist/load-context-CI_ogQt_.js +0 -82
package/dist/loader-DtwEzpp-.js +0 -7008
package/dist/local-dispatch.runtime-21liE3rA.js +0 -10
package/dist/main-session-restart-recovery-D1g62iJ5.js +0 -2
package/dist/main-session-restart-recovery-v2I9CEXi.js +0 -389
package/dist/managed-image-attachments-BEl5qfCT.js +0 -616
package/dist/managed-image-attachments-D5KqX2Qy.js +0 -2
package/dist/manager-DZc3xiNq.js +0 -2314
package/dist/manager-Vf3vLTGe.js +0 -3737
package/dist/mcp-http-BaJoPKF9.js +0 -583
package/dist/mcp-http-CpEaJIGJ.js +0 -2
package/dist/media-runtime-DtP_Ff8m.js +0 -391
package/dist/media-services-CXYbyIIp.js +0 -416
package/dist/media-understanding-DvTIsIyr.js +0 -87
package/dist/media-understanding-provider-DBBAvuwG.js +0 -13
package/dist/media-understanding-provider-DOf_uZrx.js +0 -70
package/dist/media-understanding-provider-DdRfNh9h.js +0 -69
package/dist/media-understanding-provider-mqpQDt8V.js +0 -29
package/dist/memory-BNk25Hi6.js +0 -437
package/dist/memory-core-host-engine-embeddings-XsK5xS70.js +0 -667
package/dist/memory-core-host-engine-foundation-BYkoOLXl.js +0 -15
package/dist/memory-core-host-engine-qmd-0JuUCKCK.js +0 -2
package/dist/memory-core-host-engine-storage-MCFGjDwW.js +0 -2
package/dist/memory-core-host-runtime-cli-fVGH65E8.js +0 -10
package/dist/memory-core-host-runtime-core-JtXIAdlM.js +0 -12
package/dist/memory-core-host-runtime-files-BGw_ypoN.js +0 -4
package/dist/memory-embedding-provider-runtime-3UBzs4sx.js +0 -36
package/dist/memory-host-core-Y_O5V-mu.js +0 -78
package/dist/memory-host-search.runtime-B4TzyvmR.js +0 -2
package/dist/memory-runtime-9kEPAeKV.js +0 -2
package/dist/memory-runtime-BU4t85uu.js +0 -57
package/dist/memory-search-CVX--mSz.js +0 -235
package/dist/message-BVXoNpWP.js +0 -284
package/dist/message-HaiKqj0A.js +0 -2
package/dist/message-action-runner-Chwzn02r.js +0 -2
package/dist/message-action-runner-tEEliptt.js +0 -1922
package/dist/message-handler-CHDS_NF-.js +0 -1806
package/dist/metadata-registry-loader-Croa1pgR.js +0 -22
package/dist/metadata-registry-loader-w0p86vis.js +0 -2
package/dist/migrate-CPCZJ4H5.js +0 -2
package/dist/migrate-CUj6m6Cx.js +0 -458
package/dist/migration-provider-runtime-4r4WGtf2.js +0 -2
package/dist/migration-provider-runtime-TxrH_mM7.js +0 -68
package/dist/minimax-web-search-provider.runtime-Dr2GJiWj.js +0 -148
package/dist/model-BQSouNOa.js +0 -2
package/dist/model-CAk0bcuO.js +0 -1302
package/dist/model-auth-BF7w9Fiv.js +0 -705
package/dist/model-auth-label-r729wcPk.js +0 -67
package/dist/model-auth-us8b_D5d.js +0 -6
package/dist/model-catalog-BGykBGxx.js +0 -434
package/dist/model-catalog-BVXrqFbI.js +0 -3
package/dist/model-catalog-visibility-Bsup46vy.js +0 -76
package/dist/model-config.helpers-wzD1EEfE.js +0 -95
package/dist/model-context-tokens-DrIU9eJc.js +0 -572
package/dist/model-fallback-GySPjr3J.js +0 -1288
package/dist/model-fallback-auth.runtime-Dg_Jmguu.js +0 -5
package/dist/model-picker-BI6jXOjt.js +0 -3
package/dist/model-picker-DYyJHhfH.js +0 -1135
package/dist/model-picker-visibility-D_IMZfxd.js +0 -22
package/dist/model-picker.runtime-B70kQMyc.js +0 -48
package/dist/model-pricing-cache-CSpUDzSt.js +0 -856
package/dist/model-pricing-cache-dkPwTUVJ.js +0 -3
package/dist/model-pricing-cache-state-C6shoEWy.js +0 -83
package/dist/model-provider-auth-BfZHbTaj.js +0 -2
package/dist/model-provider-auth-CPCBWvqL.js +0 -375
package/dist/model-runtime-aliases-DUzusc9_.js +0 -133
package/dist/model-selection-8UzO5mgF.js +0 -254
package/dist/model-selection-Cb7azWw1.js +0 -7
package/dist/model-selection-jDYEo0WI.js +0 -352
package/dist/model-selection.runtime-D_yHZLbs.js +0 -7
package/dist/models-BxA2IU3W.js +0 -57
package/dist/models-auth-status-yG7yyRcv.js +0 -280
package/dist/models-cli-DUt4uiMH.js +0 -257
package/dist/models-config-B5bkuh6A.js +0 -1189
package/dist/models-config-Xj8vG_x2.js +0 -2
package/dist/models-config.providers.secrets-DNBB440Z.js +0 -2
package/dist/models-config.providers.secrets-DNIQlBSE.js +0 -382
package/dist/models-http-DMILRsry.js +0 -88
package/dist/monitor-2_c2Ttjf.js +0 -1024
package/dist/monitor-7tD_FE_5.js +0 -60
package/dist/monitor.account-D0F9tnWD.js +0 -5382
package/dist/music-generation-provider-3ykPaUwR.js +0 -308
package/dist/native-hook-relay-BJKHIhWd.js +0 -1378
package/dist/native-hook-relay-V8Kappw1.js +0 -19
package/dist/node-cli-BLVyQ93e.js +0 -2806
package/dist/node-command-policy-B0ezpI_O.js +0 -295
package/dist/nodes-DnWH_15m.js +0 -3
package/dist/nodes-RkB4ZmP6.js +0 -1483
package/dist/nodes-cli-upwPs91b.js +0 -960
package/dist/nodes-pending--sojaxpI.js +0 -211
package/dist/nodes-utils-Yks_uDZK.js +0 -85
package/dist/oauth-CQN2efEy.js +0 -207
package/dist/oauth-DApi3OI9.js +0 -746
package/dist/oauth-DkUWBub2.js +0 -852
package/dist/onboard-CiQSBSrz.js +0 -768
package/dist/onboard-channels-DaWYXiLv.js +0 -1534
package/dist/onboard-channels-DnwM2_IL.js +0 -2
package/dist/onboard-custom-BQPckD0V.js +0 -3
package/dist/onboard-custom-config-BmbThk2-.js +0 -422
package/dist/onboard-custom-xInFj1Rs.js +0 -280
package/dist/onboard-search-DSfmthe5.js +0 -412
package/dist/openai-compat-errors-VR4SN1MV.js +0 -136
package/dist/openai-http-DV95ynPi.js +0 -836
package/dist/openai-transport-stream-BwpzqR-b.js +0 -3427
package/dist/openresponses-http-DPchx8IC.js +0 -1175
package/dist/operations-f9R8j-r9.js +0 -805
package/dist/order-BQx8mNGZ.js +0 -218
package/dist/outbound-attachment-C4yojK6p.js +0 -19
package/dist/param-readers-BIXyd5la.js +0 -2
package/dist/payloads-DrY1bKyF.js +0 -256
package/dist/persistent-bindings.lifecycle-BiPN7luW.js +0 -85
package/dist/persistent-bindings.lifecycle-X3wfan2Z.js +0 -2
package/dist/plugin-enabled-CqsBObeO.js +0 -232
package/dist/plugin-install-CfB1_kpX.js +0 -118
package/dist/plugin-install-DzMraXHH.js +0 -2
package/dist/plugin-install-config-policy-BD_elPNg.js +0 -169
package/dist/plugin-registration-Dy58ncPf.js +0 -97
package/dist/plugin-registry-BlmODeop.js +0 -3
package/dist/plugin-registry-k5OK18l5.js +0 -2
package/dist/plugin-runtime-B3t53CKr.js +0 -102
package/dist/plugin-sdk/bundled-channel-config-schema-UtIBjviA.d.ts +0 -3169
package/dist/plugin-service-sKF4gWFm.js +0 -1249
package/dist/plugins-authoring-command-I72k2cuv.js +0 -304
package/dist/plugins-cli-DMQRbPsU.js +0 -63
package/dist/plugins-cli.runtime-CvDuKFJj.js +0 -339
package/dist/plugins-command-helpers-C5WMM4bk.js +0 -164
package/dist/plugins-command-helpers-DDt_pMQ4.js +0 -2
package/dist/plugins-inspect-command-ka7Hpld3.js +0 -248
package/dist/plugins-install-command-BHSgof-_.js +0 -2
package/dist/plugins-install-command-t5caX9q_.js +0 -993
package/dist/plugins-install-persist-Bah1m3x7.js +0 -252
package/dist/plugins-list-command-BXLWwXHM.js +0 -184
package/dist/plugins-uninstall-command-C_3m6CrW.js +0 -118
package/dist/prepare.runtime-COZaHg5E.js +0 -798
package/dist/presentation-card-CciJv4ru.js +0 -164
package/dist/preview-warnings-L4VuEOyB.js +0 -618
package/dist/profiles-CM2xoUYX.js +0 -194
package/dist/program-B-4C7bC-.js +0 -131
package/dist/provider-adapters-Eh8mS2Fd.js +0 -104
package/dist/provider-api-key-auth-DTh2cbmS.js +0 -117
package/dist/provider-api-key-auth.runtime-DrTYYfxK.js +0 -14
package/dist/provider-auth-Bnaijzmv.js +0 -281
package/dist/provider-auth-api-key-CNP8o5E7.js +0 -5
package/dist/provider-auth-choice-Devw4sQf.js +0 -311
package/dist/provider-auth-choice-helpers-DmVudRp6.js +0 -210
package/dist/provider-auth-choice.runtime-C337IQ3W.js +0 -2
package/dist/provider-auth-choice.runtime-DqGYalFo.js +0 -18
package/dist/provider-auth-guidance-Bk4WV6Lg.js +0 -2
package/dist/provider-auth-guidance-C7NCKuKn.js +0 -34
package/dist/provider-auth-helpers-r7mC8I5l.js +0 -177
package/dist/provider-auth-login.runtime-BFJgAAS6.js +0 -156
package/dist/provider-auth-runtime-BiLPGiMW.js +0 -186
package/dist/provider-discovery-uxRmAIf_.js +0 -95
package/dist/provider-discovery.runtime-mwbSivDS.js +0 -290
package/dist/provider-dispatcher-CtKWj3r-.js +0 -22
package/dist/provider-entry-DjACqdrB.js +0 -134
package/dist/provider-hook-runtime-CpJsM7Dk.js +0 -255
package/dist/provider-openai-codex-oauth-DWGmVUYg.js +0 -2
package/dist/provider-openai-codex-oauth-ctxd00JW.js +0 -44
package/dist/provider-registration-l8EX4voM.js +0 -235
package/dist/provider-registry-BgIQXJle.js +0 -31
package/dist/provider-registry-CVuzobHN.js +0 -36
package/dist/provider-registry-DmdDbSQs.js +0 -61
package/dist/provider-registry-LqtLqheu.js +0 -61
package/dist/provider-registry-pTYVjODc.js +0 -61
package/dist/provider-runtime-BQZSuC9l.js +0 -3
package/dist/provider-runtime-D9Q-7VuO.js +0 -386
package/dist/provider-runtime.runtime-C6YZ8YI0.js +0 -26
package/dist/provider-self-hosted-setup-BIAD2ISe.js +0 -373
package/dist/provider-stream-DScdaoRo.js +0 -313
package/dist/provider-stream-PE0IxmpZ.js +0 -1084
package/dist/provider-stream-family-S2fhlydZ.js +0 -2
package/dist/provider-usage-DVKHMF6l.js +0 -4
package/dist/provider-usage-EEjx1av0.js +0 -71
package/dist/provider-usage.load-Cu11xbrw.js +0 -357
package/dist/provider-web-search-Dbk7MO-1.js +0 -58
package/dist/provider-wizard-DS2Xb2eu.js +0 -125
package/dist/providers.runtime-BPhGcupv.js +0 -240
package/dist/providers.runtime-DoylK-ht.js +0 -2
package/dist/proxy-BxacG0p3.js +0 -662
package/dist/public-artifacts-Dq3y7bBv.js +0 -7
package/dist/pw-ai-DlSSqerW.js +0 -3064
package/dist/qmd-manager-B_SG-ejE.js +0 -2040
package/dist/qr-cli-CT-sE_j9.js +0 -2
package/dist/qr-cli-DPlDCXJQ.js +0 -371
package/dist/qr-image--VmmvuDB.js +0 -2
package/dist/queue-Be2Y7PcO.js +0 -923
package/dist/read-file-hhemkDfq.js +0 -183
package/dist/register-service-commands-CeVpCQU3.js +0 -77
package/dist/register.agent-JLsb-giw.js +0 -152
package/dist/register.configure-CP0Q-ost.js +0 -16
package/dist/register.crestodian-CBXyXEix.js +0 -24
package/dist/register.maintenance-DGIPQ2Vo.js +0 -85
package/dist/register.message-BBQwz0Ld.js +0 -404
package/dist/register.migrate-CkgNlvLD.js +0 -106
package/dist/register.onboard-CS9gRK0c.js +0 -115
package/dist/register.setup-DhqDOer9.js +0 -40
package/dist/register.status-health-sessions-CiwQN_lw.js +0 -293
package/dist/register.subclis-86Md7P0P.js +0 -3
package/dist/register.subclis-CTVI8zvZ.js +0 -31
package/dist/register.subclis-core-Cy4AnRCu.js +0 -273
package/dist/rem-harness-vSsq3HiK.js +0 -649
package/dist/repair-sequencing-SHADYdcA.js +0 -652
package/dist/reply-media-paths.runtime-Bf5nxPuP.js +0 -154
package/dist/reply-media-paths.runtime-sLsMpKGO.js +0 -2
package/dist/reply-payloads-CJ3w8rSA.js +0 -79
package/dist/reply-payloads-dedupe-DDFXWCVR.js +0 -176
package/dist/reply-payloads-dedupe.runtime-DbXPzKmG.js +0 -2
package/dist/reply-timing-tracker-DjVIBsVb.js +0 -205
package/dist/reply-turn-admission-nEW5QbY5.js +0 -2056
package/dist/reply.runtime-B4Dgs3Hg.js +0 -2
package/dist/reset-preserved-selection-CVD1yeVC.js +0 -45
package/dist/resolve-DidlinMh.js +0 -106
package/dist/restart-DzTrO95c.js +0 -121
package/dist/result-fallback-classifier-BqsFUDvP.js +0 -98
package/dist/root-help-QGs0dCCN.js +0 -43
package/dist/route-B3R-uzFG.js +0 -475
package/dist/route-reply-CdfhgIoY.js +0 -174
package/dist/route-reply.runtime-DwuU2WjH.js +0 -2
package/dist/routes-ChXmJocl.js +0 -3701
package/dist/routes-D-ZF4AdA.js +0 -2
package/dist/run-ClmVDTET.js +0 -1162
package/dist/run-auth-profile.runtime-CTxrwz0y.js +0 -2
package/dist/run-command-CqZJQ0Im.js +0 -2
package/dist/run-command-GClW75NL.js +0 -23
package/dist/run-context-BOdGeRg5.js +0 -66
package/dist/run-context.runtime-CwuKVYPj.js +0 -2
package/dist/run-delivery.runtime-BQ39dm34.js +0 -762
package/dist/run-embedded.runtime-e1K4Bt1_.js +0 -4
package/dist/run-execution-cli.runtime-Cjrgt4cV.js +0 -4
package/dist/run-executor.runtime-C2JE6JGb.js +0 -330
package/dist/run-model-catalog.runtime-DkrLKopr.js +0 -2
package/dist/run-session-state-C5YdQs7o.js +0 -159
package/dist/run-subagent-registry.runtime-Dl_lXi6y.js +0 -2
package/dist/runner-CNGHdaIg.js +0 -704
package/dist/runner.entries-dckPkeld.js +0 -1485
package/dist/runtime-9LxcVCyw.js +0 -615
package/dist/runtime-BCOtBS5G.js +0 -3
package/dist/runtime-C-pgjoJr.js +0 -210
package/dist/runtime-CyF0vJXG.js +0 -10
package/dist/runtime-D-7lMvGV.js +0 -2
package/dist/runtime-D17OmF9G.js +0 -224
package/dist/runtime-D6SweufG.js +0 -245
package/dist/runtime-DVAM7AFd.js +0 -2
package/dist/runtime-DX2ClrP-.js +0 -436
package/dist/runtime-FOOWuiYX.js +0 -300
package/dist/runtime-api-B0F0JsV1.js +0 -12
package/dist/runtime-cREKSBYC.js +0 -2
package/dist/runtime-channel-BmD4hoCR.js +0 -148
package/dist/runtime-channel-BsebQSPL.js +0 -2
package/dist/runtime-config-collectors-BjYeQ0Tk.js +0 -525
package/dist/runtime-embedded-agent.runtime-A4r23Bn8.js +0 -2
package/dist/runtime-internal-DkV-EMTK.js +0 -2
package/dist/runtime-llm.runtime-BQKNnuRc.js +0 -307
package/dist/runtime-model-auth.runtime-BbGqHVM5.js +0 -2
package/dist/runtime-model-auth.runtime-rtJH4LBB.js +0 -46
package/dist/runtime-options-B0EGb1Wq.js +0 -275
package/dist/runtime-plugin-Bdqm44bH.js +0 -92
package/dist/runtime-plugins-rZk1eAK_.js +0 -32
package/dist/runtime-plugins.runtime-DApiYzny.js +0 -2
package/dist/runtime-prepare.runtime-DWxvnbyY.js +0 -81
package/dist/runtime-provider-B0slPjtk.js +0 -2
package/dist/runtime-provider-DLgupOKt.js +0 -24
package/dist/runtime-registry-loader-Cf2HuMjd.js +0 -2
package/dist/runtime-registry-loader-DLzDrA7e.js +0 -117
package/dist/runtime-shared-Bg-OiD4u.js +0 -365
package/dist/runtime-web-channel-plugin-DrMjRaqi.js +0 -204
package/dist/scan-DA7Oqxuv.js +0 -573
package/dist/sdk-security-runtime-WjOaCbga.js +0 -86
package/dist/sdk-setup-tools-DaYT6_jD.js +0 -8
package/dist/secrets-cli-fJQ0geWO.js +0 -150
package/dist/security-cli-CJMwGp8U.js +0 -520
package/dist/selection-BNwLQzqJ.js +0 -3
package/dist/selection-Cj-l80pO.js +0 -18365
package/dist/send-DstYcrDW.js +0 -711
package/dist/send-aTxtLkJm.js +0 -178
package/dist/send-media-OG5Gd31l.js +0 -2072
package/dist/send-qwDMMnM6.js +0 -1222
package/dist/send-result-BWRKr16H.js +0 -141
package/dist/server-CMtA1S09.js +0 -24
package/dist/server-DIRaYiiH.js +0 -72
package/dist/server-aux-handlers-BRO-9-Jf.js +0 -1347
package/dist/server-chat-0J_ke0ph.js +0 -827
package/dist/server-context-DWOSX34k.js +0 -2
package/dist/server-context-R7MFLFdI.js +0 -955
package/dist/server-cron-2FuFg2j8.js +0 -2
package/dist/server-cron-ChPAVQtg.js +0 -3173
package/dist/server-maintenance-ZvS7Id6T.js +0 -152
package/dist/server-methods-DSbhPK3k.js +0 -497
package/dist/server-middleware-CYxFU-e5.js +0 -122
package/dist/server-model-catalog-B22UhmRr.js +0 -73
package/dist/server-model-catalog-BJIHPP3P.js +0 -2
package/dist/server-node-events-tNWJnXQM.js +0 -597
package/dist/server-plugin-bootstrap-Ccu97zi8.js +0 -71
package/dist/server-plugins-ByXwKPnj.js +0 -435
package/dist/server-reload-handlers-ConGiT9Q.js +0 -719
package/dist/server-restart-sentinel-mPHo61LL.js +0 -700
package/dist/server-runtime-services-BR1icaUW.js +0 -3
package/dist/server-runtime-services-Bx8n34dj.js +0 -147
package/dist/server-runtime-subscriptions-CZklTkRG.js +0 -67
package/dist/server-session-events-DxdiZYM2.js +0 -244
package/dist/server-session-key-CYvLslFO.js +0 -75
package/dist/server-session-key-D9GQut81.js +0 -2
package/dist/server-startup-config-Byb0vR8j.js +0 -305
package/dist/server-startup-early-a65fHTQS.js +0 -87
package/dist/server-startup-memory-ClwzC9jX.js +0 -72
package/dist/server-startup-plugins-CaBj0Nt2.js +0 -127
package/dist/server-startup-post-attach-B7TcxkmO.js +0 -793
package/dist/server-ws-runtime-Cxk_CqMr.js +0 -374
package/dist/server.impl-CQ6dnx43.js +0 -2622
package/dist/session-cost-usage-GsYDNvka.js +0 -1600
package/dist/session-kill-http-CKkxZhhd.js +0 -121
package/dist/session-log-runtime-Bwc2Oijk.js +0 -1258
package/dist/session-override-CWbKiXiC.js +0 -134
package/dist/session-reset-model.runtime-CDFMjwWA.js +0 -144
package/dist/session-reset-service-SE0aK4cw.js +0 -651
package/dist/session-status.runtime-Df89I7Fk.js +0 -2
package/dist/session-store-RkvjJPMQ.js +0 -273
package/dist/session-store.runtime-C7P5asx7.js +0 -4
package/dist/session-subagent-reactivation.runtime-BhGUZG1Z.js +0 -2
package/dist/session-tab-registry-9rSuQ0Yz.js +0 -551
package/dist/session-utils-De8TIM0h.js +0 -1508
package/dist/sessions-6b9a00Tl.js +0 -1917
package/dist/sessions-CEPHczjC.js +0 -316
package/dist/sessions-CEojHc8b.js +0 -12736
package/dist/sessions-cleanup-BkG7_sq9.js +0 -165
package/dist/sessions-history-http-BjJEfjJa.js +0 -432
package/dist/sessions-patch-PwG5sknc.js +0 -401
package/dist/sessions-resolve-CSIrd_fi.js +0 -180
package/dist/sessions-table-8CbU7jXa.js +0 -161
package/dist/sessions.runtime-BYHMD0M7.js +0 -2
package/dist/set-BJDpe28W.js +0 -31
package/dist/set-image-CwTFx7PX.js +0 -17
package/dist/setup-B6LmeIms.js +0 -614
package/dist/setup-B_zxHfYu.js +0 -2
package/dist/setup-onboard-configure-help-fast-path-Bck3SKEH.js +0 -64
package/dist/setup.finalize-CmLYX-Rf.js +0 -586
package/dist/setup.gateway-config-H_89Msro.js +0 -281
package/dist/setup.migration-import-DVzyUjX6.js +0 -2
package/dist/setup.migration-import-DmJpqoqf.js +0 -200
package/dist/setup.post-install-migration-WPFWKXXg.js +0 -128
package/dist/shared-CUhu8NTs.js +0 -5
package/dist/shared-D-BN2JhY.js +0 -71
package/dist/shared-ES8nDIcn.js +0 -212
package/dist/simple-completion-runtime-BGZkWvKr.js +0 -206
package/dist/simple-completion-runtime-CM_IISYW.js +0 -2
package/dist/simple-completion-transport-Bo0u9dhp.js +0 -83
package/dist/snapshot-urls-C1KjRQD5.js +0 -317
package/dist/speech-core-Bas7e4h0.js +0 -119
package/dist/speech-provider-BonJQv5S.js +0 -227
package/dist/speech-provider-CwdKQmDv.js +0 -171
package/dist/speech-provider-DcQRnYhZ.js +0 -233
package/dist/stale-oauth-profile-shadows-C3aeAWfv.js +0 -186
package/dist/stale-oauth-profile-shadows-m5rb8dPc.js +0 -2
package/dist/standalone-runtime-registry-loader-B9n2LBKC.js +0 -59
package/dist/startup-context-DY7C4riM.js +0 -314
package/dist/status-6EPKat7p.js +0 -73
package/dist/status-C6Fa7Dsf.js +0 -2
package/dist/status-CNnxDQlM.js +0 -4
package/dist/status-D2Scvbc0.js +0 -3
package/dist/status-Ducanro3.js +0 -2
package/dist/status-_XX_6QVA.js +0 -466
package/dist/status-all-BP1u6vou.js +0 -573
package/dist/status-json-DPlOJ_ue.js +0 -15
package/dist/status-json-command-BT7EwVKj.js +0 -84
package/dist/status-message-Dzr9-MX-.js +0 -495
package/dist/status-message.runtime-DFezIt1d.js +0 -6
package/dist/status-prBlcUV5.js +0 -249
package/dist/status-queue.runtime-C1bmg2rl.js +0 -2
package/dist/status-runtime-shared-RjKIPEQ0.js +0 -289
package/dist/status-subagents.runtime-tsCCe4Ny.js +0 -32
package/dist/status-text-Bkeyg8Bf.js +0 -301
package/dist/status.command-D06_4ATq.js +0 -425
package/dist/status.command-dDEZM84a.js +0 -2
package/dist/status.command.text-runtime-WH9tP7yg.js +0 -15
package/dist/status.runtime-B76GaBIR.js +0 -2
package/dist/status.scan-Bc6clx0F.js +0 -72
package/dist/status.scan-overview-v_-AaFhC.js +0 -460
package/dist/status.scan.deps.runtime-BkH1HAb4.js +0 -19
package/dist/status.scan.fast-json-CrlfKKI3.js +0 -2
package/dist/status.scan.fast-json-D8v6zfP8.js +0 -163
package/dist/status.summary-DBhvgOPr.js +0 -276
package/dist/status.summary-hQV0PKFO.js +0 -2
package/dist/store-BClomp_4.js +0 -3
package/dist/store-BHqDPtNw.js +0 -2302
package/dist/stored-model-override-vm4CtQWX.js +0 -79
package/dist/subagent-announce-D244Q4w2.js +0 -353
package/dist/subagent-announce-delivery-qKZfF7Bs.js +0 -1369
package/dist/subagent-control-c87mVGUE.js +0 -492
package/dist/subagent-control.runtime-DfQtIsDb.js +0 -3
package/dist/subagent-hooks-B_UW5Len.js +0 -2
package/dist/subagent-hooks-CYvFWt_r.js +0 -230
package/dist/subagent-hooks-api-DZgaJf19.js +0 -23
package/dist/subagent-registry-BlcoCggo.js +0 -2627
package/dist/subagent-registry-CuObhNeO.js +0 -3
package/dist/subagent-session-cleanup-hFF8Z34s.js +0 -390
package/dist/system-CN_Knfqq.js +0 -111
package/dist/system-prompt-config-BmZlhYK9.js +0 -918
package/dist/talk-DrjGczYs.js +0 -2454
package/dist/target-id-BNpbyWkq.js +0 -107
package/dist/targets-CQcGo6u4.js +0 -267
package/dist/targets.runtime-DwcxNI-x.js +0 -2
package/dist/task-executor-CZg-qt4u.js +0 -349
package/dist/task-owner-access-Duem5jjb.js +0 -74
package/dist/task-registry-Cw8pc3Ry.js +0 -2362
package/dist/task-registry-delivery-runtime-HaiKqj0A.js +0 -2
package/dist/task-registry.maintenance-BLv3wpK9.js +0 -764
package/dist/task-registry.maintenance-CvlIcxE-.js +0 -2
package/dist/task-status-access-C5nDJSI4.js +0 -18
package/dist/tasks-D3CfEAlq.js +0 -548
package/dist/tasks-WKnE5fvr.js +0 -153
package/dist/tasks-audit-system-okJjcOjU.js +0 -210
package/dist/tasks-json-C-iUgWNu.js +0 -73
package/dist/tavily-web-search-provider.runtime-jpagljrA.js +0 -112
package/dist/text-report-BTsF3Pv3.js +0 -695
package/dist/text-transforms.runtime-CgH_pbcQ.js +0 -113
package/dist/thread-bindings-BWxpUE9U.js +0 -228
package/dist/tool-DhJbbm91.js +0 -143
package/dist/tool-dispatch-CpFUfblu.js +0 -155
package/dist/tool-images-C-tFlXjE.js +0 -247
package/dist/tool-plugin-3NejWxZW.js +0 -93
package/dist/tool-resolution-oW8Cbamd.js +0 -153
package/dist/tool-result-truncation-CWFGf7Eu.js +0 -498
package/dist/tool-schema-CMtc7PdZ.js +0 -40
package/dist/tool-schema-projection-DJRPEEvY.js +0 -215
package/dist/tool-split-E4RdK5jS.js +0 -323
package/dist/tools-BAl3JiNw.js +0 -901
package/dist/tools-DC8tCPxR.js +0 -579
package/dist/tools-catalog-Dzv9zaBD.js +0 -156
package/dist/tools-effective-CGvzyIL2.js +0 -442
package/dist/tools-effective-inventory-GI5N5Q9v.js +0 -379
package/dist/tools-invoke-CU2U0hNH.js +0 -51
package/dist/tools-invoke-http-8s3FiUy4.js +0 -68
package/dist/tools-invoke-shared-DIETrEY7.js +0 -200
package/dist/tools.runtime-Bnm8CI7w.js +0 -5
package/dist/transcript-rewrite-Buv2ITw4.js +0 -688
package/dist/transcripts-tool-BCFlLCFd.js +0 -2
package/dist/transcripts-tool-CWgNd0Uw.js +0 -656
package/dist/tts-Aguo4zC5.js +0 -3
package/dist/tts-Bf77cURn.js +0 -2
package/dist/tts-DnADOKOP.js +0 -194
package/dist/tts-runtime-MBSH-nOM.js +0 -1337
package/dist/tts.runtime-B-NR9osE.js +0 -2
package/dist/tts.runtime-Bo-QxKgx.js +0 -3
package/dist/tui-B0CdNmCz.js +0 -4860
package/dist/tui-ByRcXM3Z.js +0 -2
package/dist/tui-backend-C52BUoZI.js +0 -256
package/dist/tui-cli-BQHpZ4n0.js +0 -40
package/dist/typing-policy-XspVOezC.js +0 -199
package/dist/usage-BOYwzimH.js +0 -1113
package/dist/usage-BSmLrVWB.js +0 -623
package/dist/usage-format-CfzICmvv.js +0 -2
package/dist/usage-format-DPJKCPic.js +0 -394
package/dist/video-generation-provider-CdCTztQ7.js +0 -77
package/dist/video-generation-provider-MUUshUzz.js +0 -325
package/dist/video-generation-provider-XmzzTa6e.js +0 -297
package/dist/video-generation-provider-weiQUJE5.js +0 -64
package/dist/web-fetch-providers.runtime-tD9zqAS2.js +0 -41
package/dist/web-guarded-fetch-CyhQZ1yD.js +0 -2
package/dist/web-guarded-fetch-DIXHI-yJ.js +0 -58
package/dist/web-media-BPnTMYE5.js +0 -4
package/dist/web-media-DV_tCQiQ.js +0 -2
package/dist/web-media-DYydVGCK.js +0 -651
package/dist/web-provider-runtime-shared-h3M6Bqyg.js +0 -142
package/dist/web-search-provider-common-CEYWuDcp.js +0 -252
package/dist/web-search-providers.runtime-YrayP296.js +0 -41
package/dist/zod-schema.core-BGLctDlK.d.ts +0 -166
/package/dist/{acp-runtime-backend-CHZtaM6t.js → acp-runtime-backend-B83JR5Zf.js} +0 -0
/package/dist/{agent-turn-attachments-BYCRK86s.js → agent-turn-attachments-D5uJijuK.js} +0 -0
/package/dist/{auth-install-policy-t46tJ8jV.js → auth-install-policy-BIpdwrZ9.js} +0 -0
/package/dist/{cli-backends-BHXnrVN_.js → cli-backends-79CCRQ2a.js} +0 -0
/package/dist/{command-secret-targets-DZ0J2Wm3.js → command-secret-targets-BOJlcBil.js} +0 -0
/package/dist/{commands-DWp49Exc.js → commands-Dw9hwmVt.js} +0 -0
/package/dist/{commands-reset-hooks-MMq2dvff.js → commands-reset-hooks-epArfNOY.js} +0 -0
/package/dist/{delegate-Dkj_5OvH.js → delegate-Bw8NQXVr.js} +0 -0
/package/dist/{jobs-BGELIHcx.js → jobs-BIOTaq7l.js} +0 -0
/package/dist/{kimi-web-search-provider-4PlMYsPx.js → kimi-web-search-provider-Bzg_DiXO.js} +0 -0
/package/dist/{memory-host-search-Ds9GiNpf.js → memory-host-search-Dph0Mq-v.js} +0 -0
/package/dist/{minimax-web-search-provider-d5gTJUNg.js → minimax-web-search-provider-CETxDkkI.js} +0 -0
/package/dist/{model-selection-cli-CO6BHPiL.js → model-selection-cli-DizUvxeY.js} +0 -0
/package/dist/{provider-auth-choice-preference-f7Us6TQL.js → provider-auth-choice-preference-uJn1811S.js} +0 -0
/package/dist/{runtime-wfO9bV5y.js → runtime-BEVbpIgZ.js} +0 -0
/package/dist/{runtime-web-tools-B6vr1LZs.js → runtime-web-tools-Bf0aEe-F.js} +0 -0
/package/dist/{runtime-web-tools-fallback.runtime-Crs7KfH5.js → runtime-web-tools-fallback.runtime-DU6rTj6l.js} +0 -0
/package/dist/{session-subagent-reactivation-H5Rdwkyy.js → session-subagent-reactivation-Bb5SCi9J.js} +0 -0
/package/dist/{tavily-web-search-provider-DbdIzpMv.js → tavily-web-search-provider-CIEhV60D.js} +0 -0

package/dist/audit-DgFtNg3U.js ADDED Viewed

@@ -0,0 +1,1108 @@
+import { a as normalizeLowercaseStringOrEmpty, s as normalizeOptionalLowercaseString } from "./string-coerce-DKw2K5wM.js";
+import { g as parseStrictNonNegativeInteger } from "./number-coercion-D1aDmIZp.js";
+import "./parse-finite-number-CpgOyjPq.js";
+import { s as resolveConfigPath, y as resolveStateDir } from "./paths-9MqJt9oL.js";
+import { n as asNullableRecord } from "./record-coerce-Btbek4uV.js";
+import { t as formatCliCommand } from "./command-format-Jv8eeOPe.js";
+import { l as normalizeStringEntries } from "./string-normalization-B8G0vlWE.js";
+import { a as inspectPathPermissions, i as formatPermissionRemediation, r as formatPermissionDetail } from "./permissions-BDx2rBsr.js";
+import { s as hasConfiguredSecretInput } from "./types.secrets-Z7uJY7vF.js";
+import { r as normalizeProviderId } from "./provider-id-DhcncFyL.js";
+import "./agent-scope-DYvAPpmY.js";
+import { t as DEFAULT_AGENT_ID } from "./session-key-CJf5_zWs.js";
+import { c as resolveDefaultAgentId, o as resolveAgentWorkspaceDir } from "./agent-scope-config-BFfPgg3b.js";
+import "./audit-fs-CF5H6Z2a.js";
+import { n as resolveGatewayAuth } from "./auth-resolve-DQPFGhog.js";
+import { i as normalizeTrustedSafeBinDirs, o as listRiskyConfiguredSafeBins } from "./exec-safe-bin-trust-BavWgRnC.js";
+import { i as resolveSandboxConfigForAgent } from "./config-Ck3GVCd_.js";
+import { l as isInterpreterLikeAllowlistPattern } from "./risks-DM4Eigd_.js";
+import { d as loadExecApprovals, f as maxAsk, j as resolveExecApprovalsFromFile, m as minSecurity } from "./exec-approvals-OmSY2hSB.js";
+import { i as resolveMergedSafeBinProfileFixtures, n as listInterpreterLikeSafeBins } from "./exec-safe-bin-runtime-policy-D8i-qd_X.js";
+import { r as collectCoreInsecureOrDangerousFlags } from "./dangerous-config-flags-current-DT7VSJZN.js";
+import { t as collectEnabledInsecureOrDangerousFlags } from "./dangerous-config-flags-BcHhEPkn.js";
+import { n as resolveExecDefaults } from "./exec-defaults-Bm208QNf.js";
+import { t as DEFAULT_GATEWAY_HTTP_TOOL_DENY } from "./dangerous-tools-BaAMwWoo.js";
+import { t as resolveGatewayAuthTokenSourceConflict } from "./auth-token-source-conflict--yJvjwH6.js";
+import { t as collectExecFilesystemPolicyDriftHits } from "./exec-filesystem-policy-DOk30_Rv.js";
+import path from "node:path";
+import { isIP } from "node:net";
+//#region src/security/audit-deep-code-safety.ts
+let auditDeepModulePromise;
+async function loadAuditDeepModule() {
+	auditDeepModulePromise ??= import("./audit.deep.runtime.js");
+	return await auditDeepModulePromise;
+}
+async function collectDeepCodeSafetyFindings(params) {
+	if (!params.deep) return [];
+	const auditDeep = await loadAuditDeepModule();
+	return [...await auditDeep.collectPluginsCodeSafetyFindings({
+		stateDir: params.stateDir,
+		summaryCache: params.summaryCache
+	}), ...await auditDeep.collectInstalledSkillsCodeSafetyFindings({
+		cfg: params.cfg,
+		stateDir: params.stateDir,
+		summaryCache: params.summaryCache
+	})];
+}
+//#endregion
+//#region src/security/audit-deep-probe-findings.ts
+function collectDeepProbeFindings(params) {
+	const findings = [];
+	if (params.deep?.gateway?.attempted && !params.deep.gateway.ok) findings.push({
+		checkId: "gateway.probe_failed",
+		severity: "warn",
+		title: "Gateway probe failed (deep)",
+		detail: params.deep.gateway.error ?? "gateway unreachable",
+		remediation: `Run "${formatCliCommand("fengming status --all")}" to debug connectivity/auth, then re-run "${formatCliCommand("fengming security audit --deep")}".`
+	});
+	if (params.authWarning) findings.push({
+		checkId: "gateway.probe_auth_secretref_unavailable",
+		severity: "warn",
+		title: "Gateway probe auth SecretRef is unavailable",
+		detail: params.authWarning,
+		remediation: `Set FENGMING_GATEWAY_TOKEN/FENGMING_GATEWAY_PASSWORD in this shell or resolve the external secret provider, then re-run "${formatCliCommand("fengming security audit --deep")}".`
+	});
+	return findings;
+}
+//#endregion
+//#region src/security/audit-gateway-config.ts
+function hasNonEmptyString(value) {
+	return typeof value === "string" && value.trim().length > 0;
+}
+function collectGatewayConfigFindings$1(cfg, sourceConfig, env, options = {}) {
+	const findings = [];
+	const bind = typeof cfg.gateway?.bind === "string" ? cfg.gateway.bind : "loopback";
+	const tailscaleMode = cfg.gateway?.tailscale?.mode ?? "off";
+	const auth = resolveGatewayAuth({
+		authConfig: cfg.gateway?.auth,
+		authOverride: options.gatewayAuthOverride,
+		tailscaleMode,
+		env
+	});
+	const controlUiEnabled = cfg.gateway?.controlUi?.enabled !== false;
+	const controlUiAllowedOrigins = normalizeStringEntries(cfg.gateway?.controlUi?.allowedOrigins ?? []);
+	const dangerouslyAllowHostHeaderOriginFallback = cfg.gateway?.controlUi?.dangerouslyAllowHostHeaderOriginFallback === true;
+	const trustedProxies = Array.isArray(cfg.gateway?.trustedProxies) ? cfg.gateway.trustedProxies : [];
+	const hasToken = typeof auth.token === "string" && auth.token.trim().length > 0;
+	const hasPassword = typeof auth.password === "string" && auth.password.trim().length > 0;
+	const envTokenConfigured = hasNonEmptyString(env.FENGMING_GATEWAY_TOKEN);
+	const envPasswordConfigured = hasNonEmptyString(env.FENGMING_GATEWAY_PASSWORD);
+	const tokenConfiguredFromConfig = hasConfiguredSecretInput(sourceConfig.gateway?.auth?.token, sourceConfig.secrets?.defaults);
+	const passwordConfiguredFromConfig = hasConfiguredSecretInput(sourceConfig.gateway?.auth?.password, sourceConfig.secrets?.defaults);
+	const remoteTokenConfigured = hasConfiguredSecretInput(sourceConfig.gateway?.remote?.token, sourceConfig.secrets?.defaults);
+	const explicitAuthMode = options.gatewayAuthOverride?.mode ?? sourceConfig.gateway?.auth?.mode;
+	const tokenCanWin = hasToken || envTokenConfigured || tokenConfiguredFromConfig || remoteTokenConfigured;
+	const passwordCanWin = explicitAuthMode === "password" || explicitAuthMode !== "token" && explicitAuthMode !== "none" && explicitAuthMode !== "trusted-proxy" && !tokenCanWin;
+	const tokenConfigured = tokenCanWin;
+	const passwordConfigured = hasPassword || passwordCanWin && (envPasswordConfigured || passwordConfiguredFromConfig);
+	const hasSharedSecret = explicitAuthMode === "token" ? tokenConfigured : explicitAuthMode === "password" ? passwordConfigured : explicitAuthMode === "none" || explicitAuthMode === "trusted-proxy" ? false : tokenConfigured || passwordConfigured;
+	const hasTailscaleAuth = auth.allowTailscale && tailscaleMode === "serve";
+	const hasGatewayAuth = hasSharedSecret || hasTailscaleAuth;
+	const allowRealIpFallback = cfg.gateway?.allowRealIpFallback === true;
+	const mdnsMode = cfg.discovery?.mdns?.mode ?? "minimal";
+	const gatewayToolsAllowRaw = Array.isArray(cfg.gateway?.tools?.allow) ? cfg.gateway?.tools?.allow : [];
+	const gatewayToolsAllow = new Set(gatewayToolsAllowRaw.map((v) => normalizeOptionalLowercaseString(v) ?? "").filter(Boolean));
+	const reenabledOverHttp = DEFAULT_GATEWAY_HTTP_TOOL_DENY.filter((name) => gatewayToolsAllow.has(name));
+	if (reenabledOverHttp.length > 0) {
+		const extraRisk = bind !== "loopback" || tailscaleMode === "funnel";
+		findings.push({
+			checkId: "gateway.tools_invoke_http.dangerous_allow",
+			severity: extraRisk ? "critical" : "warn",
+			title: "Gateway HTTP /tools/invoke re-enables dangerous tools",
+			detail: `gateway.tools.allow includes ${reenabledOverHttp.join(", ")} which removes them from the default HTTP deny list. This can allow remote session spawning / control-plane actions via HTTP and increases RCE blast radius if the gateway is reachable.`,
+			remediation: "Remove these entries from gateway.tools.allow (recommended). If you keep them enabled, keep gateway.bind loopback-only (or tailnet-only), restrict network exposure, and treat the gateway token/password as full-admin."
+		});
+	}
+	if (bind !== "loopback" && !hasSharedSecret && auth.mode !== "trusted-proxy") findings.push({
+		checkId: "gateway.bind_no_auth",
+		severity: "critical",
+		title: "Gateway binds beyond loopback without auth",
+		detail: `gateway.bind="${bind}" but no gateway.auth token/password is configured.`,
+		remediation: `Set gateway.auth (token recommended) or bind to loopback.`
+	});
+	const tokenConflict = resolveGatewayAuthTokenSourceConflict({
+		cfg: sourceConfig,
+		env
+	});
+	if (tokenConflict) findings.push({
+		checkId: tokenConflict.checkId,
+		severity: "warn",
+		title: tokenConflict.title,
+		detail: tokenConflict.detail,
+		remediation: tokenConflict.remediation
+	});
+	if (bind === "loopback" && controlUiEnabled && trustedProxies.length === 0) findings.push({
+		checkId: "gateway.trusted_proxies_missing",
+		severity: "warn",
+		title: "Reverse proxy headers are not trusted",
+		detail: "gateway.bind is loopback and gateway.trustedProxies is empty. If you expose the Control UI through a reverse proxy, configure trusted proxies so local-client checks cannot be spoofed.",
+		remediation: "Set gateway.trustedProxies to your proxy IPs or keep the Control UI local-only."
+	});
+	if (bind === "loopback" && controlUiEnabled && !hasGatewayAuth) findings.push({
+		checkId: "gateway.loopback_no_auth",
+		severity: "critical",
+		title: "Gateway auth missing on loopback",
+		detail: "gateway.bind is loopback but no gateway auth secret is configured. If the Control UI is exposed through a reverse proxy, unauthenticated access is possible.",
+		remediation: "Set gateway.auth (token recommended) or keep the Control UI local-only."
+	});
+	if (bind !== "loopback" && controlUiEnabled && controlUiAllowedOrigins.length === 0 && !dangerouslyAllowHostHeaderOriginFallback) findings.push({
+		checkId: "gateway.control_ui.allowed_origins_required",
+		severity: "critical",
+		title: "Non-loopback Control UI missing explicit allowed origins",
+		detail: "Control UI is enabled on a non-loopback bind but gateway.controlUi.allowedOrigins is empty. Strict origin policy requires explicit allowed origins for non-loopback deployments.",
+		remediation: "Set gateway.controlUi.allowedOrigins to full trusted origins (for example https://control.example.com). If your deployment intentionally relies on Host-header origin fallback, set gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback=true."
+	});
+	if (controlUiAllowedOrigins.includes("*")) {
+		const exposed = bind !== "loopback";
+		findings.push({
+			checkId: "gateway.control_ui.allowed_origins_wildcard",
+			severity: exposed ? "critical" : "warn",
+			title: "Control UI allowed origins contains wildcard",
+			detail: "gateway.controlUi.allowedOrigins includes \"*\" which means allow any browser origin for Control UI/WebChat requests. This disables origin allowlisting and should be treated as an intentional allow-all policy.",
+			remediation: "Replace wildcard origins with explicit trusted origins (for example https://control.example.com). Do not use \"*\" outside tightly controlled local testing."
+		});
+	}
+	if (dangerouslyAllowHostHeaderOriginFallback) {
+		const exposed = bind !== "loopback";
+		findings.push({
+			checkId: "gateway.control_ui.host_header_origin_fallback",
+			severity: exposed ? "critical" : "warn",
+			title: "DANGEROUS: Host-header origin fallback enabled",
+			detail: "gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback=true enables Host-header origin fallback for Control UI/WebChat websocket checks and weakens DNS rebinding protections.",
+			remediation: "Disable gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback and configure explicit gateway.controlUi.allowedOrigins."
+		});
+	}
+	if (allowRealIpFallback) {
+		const hasNonLoopbackTrustedProxy = trustedProxies.some((proxy) => !isStrictLoopbackTrustedProxyEntry(proxy));
+		const exposed = bind !== "loopback" || auth.mode === "trusted-proxy" && hasNonLoopbackTrustedProxy;
+		findings.push({
+			checkId: "gateway.real_ip_fallback_enabled",
+			severity: exposed ? "critical" : "warn",
+			title: "X-Real-IP fallback is enabled",
+			detail: "gateway.allowRealIpFallback=true trusts X-Real-IP when trusted proxies omit X-Forwarded-For. Misconfigured proxies that forward client-supplied X-Real-IP can spoof source IP and local-client checks.",
+			remediation: "Keep gateway.allowRealIpFallback=false (default). Only enable this when your trusted proxy always overwrites X-Real-IP and cannot provide X-Forwarded-For."
+		});
+	}
+	if (mdnsMode === "full") {
+		const exposed = bind !== "loopback";
+		findings.push({
+			checkId: "discovery.mdns_full_mode",
+			severity: exposed ? "critical" : "warn",
+			title: "mDNS full mode can leak host metadata",
+			detail: "discovery.mdns.mode=\"full\" publishes cliPath/sshPort in local-network TXT records. This can reveal usernames, filesystem layout, and management ports.",
+			remediation: "Prefer discovery.mdns.mode=\"minimal\" (recommended) or \"off\", especially when gateway.bind is not loopback."
+		});
+	}
+	if (tailscaleMode === "funnel") findings.push({
+		checkId: "gateway.tailscale_funnel",
+		severity: "critical",
+		title: "Tailscale Funnel exposure enabled",
+		detail: `gateway.tailscale.mode="funnel" exposes the Gateway publicly; keep auth strict and treat it as internet-facing.`,
+		remediation: `Prefer tailscale.mode="serve" (tailnet-only) or set tailscale.mode="off".`
+	});
+	else if (tailscaleMode === "serve") findings.push({
+		checkId: "gateway.tailscale_serve",
+		severity: "info",
+		title: "Tailscale Serve exposure enabled",
+		detail: `gateway.tailscale.mode="serve" exposes the Gateway to your tailnet (loopback behind Tailscale).`
+	});
+	if (cfg.gateway?.controlUi?.allowInsecureAuth === true) findings.push({
+		checkId: "gateway.control_ui.insecure_auth",
+		severity: "warn",
+		title: "Control UI insecure auth toggle enabled",
+		detail: "gateway.controlUi.allowInsecureAuth=true does not bypass secure context or device identity checks; only dangerouslyDisableDeviceAuth disables Control UI device identity checks.",
+		remediation: "Disable it or switch to HTTPS (Tailscale Serve) or localhost."
+	});
+	if (cfg.gateway?.controlUi?.dangerouslyDisableDeviceAuth === true) findings.push({
+		checkId: "gateway.control_ui.device_auth_disabled",
+		severity: "critical",
+		title: "DANGEROUS: Control UI device auth disabled",
+		detail: "gateway.controlUi.dangerouslyDisableDeviceAuth=true disables device identity checks for the Control UI.",
+		remediation: "Disable it unless you are in a short-lived break-glass scenario."
+	});
+	const enabledDangerousFlags = (options.collectDangerousConfigFlags ?? collectCoreInsecureOrDangerousFlags)(cfg);
+	for (const enabledFlag of enabledDangerousFlags) findings.push({
+		checkId: "config.insecure_or_dangerous_flags",
+		severity: "warn",
+		title: "Insecure or dangerous config flag enabled",
+		detail: `Detected enabled flag: ${enabledFlag}.`,
+		remediation: "Disable this flag when not actively debugging, or keep deployment scoped to trusted/local-only networks."
+	});
+	const token = typeof auth.token === "string" && auth.token.trim().length > 0 ? auth.token.trim() : null;
+	if (auth.mode === "token" && token && token.length < 24) findings.push({
+		checkId: "gateway.token_too_short",
+		severity: "warn",
+		title: "Gateway token looks short",
+		detail: `gateway auth token is ${token.length} chars; prefer a long random token.`
+	});
+	if (auth.mode === "trusted-proxy") {
+		const trustedProxies = cfg.gateway?.trustedProxies ?? [];
+		const trustedProxyConfig = cfg.gateway?.auth?.trustedProxy;
+		findings.push({
+			checkId: "gateway.trusted_proxy_auth",
+			severity: "critical",
+			title: "Trusted-proxy auth mode enabled",
+			detail: "gateway.auth.mode=\"trusted-proxy\" delegates authentication to a reverse proxy. Ensure your proxy (Pomerium, Caddy, nginx) handles auth correctly and that gateway.trustedProxies only contains IPs of your actual proxy servers.",
+			remediation: "Verify: (1) Your proxy terminates TLS and authenticates users. (2) gateway.trustedProxies is restricted to proxy IPs only. (3) Direct access to the Gateway port is blocked by firewall. See /gateway/trusted-proxy-auth for setup guidance."
+		});
+		if (trustedProxies.length === 0) findings.push({
+			checkId: "gateway.trusted_proxy_no_proxies",
+			severity: "critical",
+			title: "Trusted-proxy auth enabled but no trusted proxies configured",
+			detail: "gateway.auth.mode=\"trusted-proxy\" but gateway.trustedProxies is empty. All requests will be rejected.",
+			remediation: "Set gateway.trustedProxies to the IP(s) of your reverse proxy."
+		});
+		if (!trustedProxyConfig?.userHeader) findings.push({
+			checkId: "gateway.trusted_proxy_no_user_header",
+			severity: "critical",
+			title: "Trusted-proxy auth missing userHeader config",
+			detail: "gateway.auth.mode=\"trusted-proxy\" but gateway.auth.trustedProxy.userHeader is not configured.",
+			remediation: "Set gateway.auth.trustedProxy.userHeader to the header name your proxy uses (e.g., \"x-forwarded-user\", \"x-pomerium-claim-email\")."
+		});
+		if (trustedProxyConfig?.allowLoopback === true) findings.push({
+			checkId: "gateway.trusted_proxy_allow_loopback",
+			severity: "warn",
+			title: "Trusted-proxy auth allows loopback proxy sources",
+			detail: "gateway.auth.trustedProxy.allowLoopback=true allows loopback-source requests from configured gateway.trustedProxies entries to satisfy trusted-proxy auth.",
+			remediation: "Enable this only when a same-host reverse proxy is the intended trust boundary. Keep direct Gateway access private to the host and require the proxy to strip or overwrite identity headers."
+		});
+		if ((trustedProxyConfig?.allowUsers ?? []).length === 0) findings.push({
+			checkId: "gateway.trusted_proxy_no_allowlist",
+			severity: "warn",
+			title: "Trusted-proxy auth allows all authenticated users",
+			detail: "gateway.auth.trustedProxy.allowUsers is empty, so any user authenticated by your proxy can access the Gateway.",
+			remediation: "Consider setting gateway.auth.trustedProxy.allowUsers to restrict access to specific users (e.g., [\"nick@example.com\"])."
+		});
+	}
+	if (bind !== "loopback" && auth.mode !== "trusted-proxy" && !cfg.gateway?.auth?.rateLimit) findings.push({
+		checkId: "gateway.auth_no_rate_limit",
+		severity: "warn",
+		title: "No auth rate limiting configured",
+		detail: "gateway.bind is not loopback but no gateway.auth.rateLimit is configured. Without rate limiting, brute-force auth attacks are not mitigated.",
+		remediation: "Set gateway.auth.rateLimit (e.g. { maxAttempts: 10, windowMs: 60000, lockoutMs: 300000 })."
+	});
+	return findings;
+}
+function isStrictLoopbackTrustedProxyEntry(entry) {
+	const candidate = entry.trim();
+	if (!candidate) return false;
+	if (!candidate.includes("/")) return candidate === "127.0.0.1" || candidate.toLowerCase() === "::1";
+	const [rawIp, rawPrefix] = candidate.split("/", 2);
+	if (!rawIp || !rawPrefix) return false;
+	const ipVersion = isIP(rawIp.trim());
+	const prefix = parseStrictNonNegativeInteger(rawPrefix);
+	if (prefix === void 0) return false;
+	if (ipVersion === 4) return rawIp.trim() === "127.0.0.1" && prefix === 32;
+	if (ipVersion === 6) return prefix === 128 && normalizeLowercaseStringOrEmpty(rawIp) === "::1";
+	return false;
+}
+//#endregion
+//#region src/security/audit.ts
+let readOnlyChannelPluginsModulePromise;
+let auditNonDeepModulePromise;
+let auditChannelModulePromise;
+let pluginMetadataRegistryLoaderModulePromise;
+let pluginAutoEnableModulePromise;
+let channelPluginIdsModulePromise;
+let pluginRuntimeModulePromise;
+let gatewayProbeDepsPromise;
+async function loadReadOnlyChannelPlugins() {
+	readOnlyChannelPluginsModulePromise ??= import("./read-only-CatPM-Aa.js");
+	return await readOnlyChannelPluginsModulePromise;
+}
+async function loadAuditNonDeepModule() {
+	auditNonDeepModulePromise ??= import("./audit.nondeep.runtime.js");
+	return await auditNonDeepModulePromise;
+}
+async function loadAuditChannelModule() {
+	auditChannelModulePromise ??= import("./audit-channel.collect.runtime.js");
+	return await auditChannelModulePromise;
+}
+async function loadPluginMetadataRegistryLoaderModule() {
+	pluginMetadataRegistryLoaderModulePromise ??= import("./metadata-registry-loader-BH9D1UOx.js");
+	return await pluginMetadataRegistryLoaderModulePromise;
+}
+async function loadPluginAutoEnableModule() {
+	pluginAutoEnableModulePromise ??= import("./plugin-auto-enable-DMOicBLp.js");
+	return await pluginAutoEnableModulePromise;
+}
+async function loadChannelPluginIdsModule() {
+	channelPluginIdsModulePromise ??= import("./channel-plugin-ids-Co_UPyF8.js");
+	return await channelPluginIdsModulePromise;
+}
+async function loadPluginRuntimeModule() {
+	pluginRuntimeModulePromise ??= import("./runtime-CgajNiEj.js");
+	return await pluginRuntimeModulePromise;
+}
+async function loadGatewayProbeDeps() {
+	gatewayProbeDepsPromise ??= Promise.all([
+		import("./call-CSW-dx5x.js"),
+		import("./probe-auth-COpkTfnV.js"),
+		import("./probe-DZCUlrde.js")
+	]).then(([callModule, probeAuthModule, probeModule]) => ({
+		buildGatewayConnectionDetails: callModule.buildGatewayConnectionDetails,
+		resolveGatewayProbeAuthSafe: probeAuthModule.resolveGatewayProbeAuthSafe,
+		resolveGatewayProbeTarget: probeAuthModule.resolveGatewayProbeTarget,
+		probeGateway: probeModule.probeGateway
+	}));
+	return await gatewayProbeDepsPromise;
+}
+function countBySeverity(findings) {
+	let critical = 0;
+	let warn = 0;
+	let info = 0;
+	for (const f of findings) if (f.severity === "critical") critical += 1;
+	else if (f.severity === "warn") warn += 1;
+	else info += 1;
+	return {
+		critical,
+		warn,
+		info
+	};
+}
+function normalizeSuppressionText(value) {
+	return (value ?? "").trim().toLowerCase();
+}
+function findingMatchesSuppression(finding, suppression) {
+	const checkId = suppression.checkId.trim();
+	if (!checkId || finding.checkId !== checkId) return false;
+	const titleNeedle = normalizeSuppressionText(suppression.titleIncludes);
+	if (titleNeedle && !finding.title.toLowerCase().includes(titleNeedle)) return false;
+	const detailNeedle = normalizeSuppressionText(suppression.detailIncludes);
+	if (detailNeedle && !finding.detail.toLowerCase().includes(detailNeedle)) return false;
+	return true;
+}
+function buildSecurityAuditSuppressionsActiveFinding(params) {
+	return {
+		checkId: "security.audit.suppressions.active",
+		severity: "info",
+		title: "Security audit suppressions configured",
+		detail: `security.audit.suppressions has ${params.configuredCount} configured suppression(s); ${params.suppressedCount} finding(s) moved to suppressedFindings.`,
+		remediation: "Review suppressedFindings and remove suppressions when the accepted risk no longer applies."
+	};
+}
+function applySecurityAuditSuppressions(findings, suppressions) {
+	if (!Array.isArray(suppressions) || suppressions.length === 0) return {
+		findings,
+		suppressedFindings: []
+	};
+	const active = [];
+	const suppressedFindings = [];
+	for (const finding of findings) {
+		const suppression = suppressions.find((candidate) => findingMatchesSuppression(finding, candidate));
+		if (!suppression) {
+			active.push(finding);
+			continue;
+		}
+		const reason = suppression.reason?.trim();
+		suppressedFindings.push({
+			...finding,
+			suppression: reason ? { reason } : {}
+		});
+	}
+	return {
+		findings: active,
+		suppressedFindings
+	};
+}
+function normalizeAllowFromList(list) {
+	if (!Array.isArray(list)) return [];
+	return normalizeStringEntries(list);
+}
+async function collectFilesystemFindings(params) {
+	const findings = [];
+	const stateDirPerms = await inspectPathPermissions(params.stateDir, {
+		env: params.env,
+		platform: params.platform,
+		exec: params.execIcacls
+	});
+	if (stateDirPerms.ok) {
+		if (stateDirPerms.isSymlink) findings.push({
+			checkId: "fs.state_dir.symlink",
+			severity: "warn",
+			title: "State dir is a symlink",
+			detail: `${params.stateDir} is a symlink; treat this as an extra trust boundary.`
+		});
+		if (stateDirPerms.worldWritable) findings.push({
+			checkId: "fs.state_dir.perms_world_writable",
+			severity: "critical",
+			title: "State dir is world-writable",
+			detail: `${formatPermissionDetail(params.stateDir, stateDirPerms)}; other users can write into your FengMing state.`,
+			remediation: formatPermissionRemediation({
+				targetPath: params.stateDir,
+				perms: stateDirPerms,
+				isDir: true,
+				posixMode: 448,
+				env: params.env
+			})
+		});
+		else if (stateDirPerms.groupWritable) findings.push({
+			checkId: "fs.state_dir.perms_group_writable",
+			severity: "warn",
+			title: "State dir is group-writable",
+			detail: `${formatPermissionDetail(params.stateDir, stateDirPerms)}; group users can write into your FengMing state.`,
+			remediation: formatPermissionRemediation({
+				targetPath: params.stateDir,
+				perms: stateDirPerms,
+				isDir: true,
+				posixMode: 448,
+				env: params.env
+			})
+		});
+		else if (stateDirPerms.groupReadable || stateDirPerms.worldReadable) findings.push({
+			checkId: "fs.state_dir.perms_readable",
+			severity: "warn",
+			title: "State dir is readable by others",
+			detail: `${formatPermissionDetail(params.stateDir, stateDirPerms)}; consider restricting to 700.`,
+			remediation: formatPermissionRemediation({
+				targetPath: params.stateDir,
+				perms: stateDirPerms,
+				isDir: true,
+				posixMode: 448,
+				env: params.env
+			})
+		});
+	}
+	const configPerms = await inspectPathPermissions(params.configPath, {
+		env: params.env,
+		platform: params.platform,
+		exec: params.execIcacls
+	});
+	if (configPerms.ok) {
+		const skipReadablePermWarnings = configPerms.isSymlink;
+		if (configPerms.isSymlink) findings.push({
+			checkId: "fs.config.symlink",
+			severity: "warn",
+			title: "Config file is a symlink",
+			detail: `${params.configPath} is a symlink; make sure you trust its target.`
+		});
+		if (configPerms.worldWritable || configPerms.groupWritable) findings.push({
+			checkId: "fs.config.perms_writable",
+			severity: "critical",
+			title: "Config file is writable by others",
+			detail: `${formatPermissionDetail(params.configPath, configPerms)}; another user could change gateway/auth/tool policies.`,
+			remediation: formatPermissionRemediation({
+				targetPath: params.configPath,
+				perms: configPerms,
+				isDir: false,
+				posixMode: 384,
+				env: params.env
+			})
+		});
+		else if (!skipReadablePermWarnings && configPerms.worldReadable) findings.push({
+			checkId: "fs.config.perms_world_readable",
+			severity: "critical",
+			title: "Config file is world-readable",
+			detail: `${formatPermissionDetail(params.configPath, configPerms)}; config can contain tokens and private settings.`,
+			remediation: formatPermissionRemediation({
+				targetPath: params.configPath,
+				perms: configPerms,
+				isDir: false,
+				posixMode: 384,
+				env: params.env
+			})
+		});
+		else if (!skipReadablePermWarnings && configPerms.groupReadable) findings.push({
+			checkId: "fs.config.perms_group_readable",
+			severity: "warn",
+			title: "Config file is group-readable",
+			detail: `${formatPermissionDetail(params.configPath, configPerms)}; config can contain tokens and private settings.`,
+			remediation: formatPermissionRemediation({
+				targetPath: params.configPath,
+				perms: configPerms,
+				isDir: false,
+				posixMode: 384,
+				env: params.env
+			})
+		});
+	}
+	return findings;
+}
+function collectGatewayConfigFindings(cfg, sourceConfig, env, options = {}) {
+	return collectGatewayConfigFindings$1(cfg, sourceConfig, env, {
+		collectDangerousConfigFlags: collectEnabledInsecureOrDangerousFlags,
+		gatewayAuthOverride: options.gatewayAuthOverride
+	});
+}
+async function collectPluginSecurityAuditFindings(context) {
+	if (!context.loadPluginSecurityCollectors) return [];
+	const { getActivePluginRegistry } = await loadPluginRuntimeModule();
+	let collectors = getActivePluginRegistry()?.securityAuditCollectors ?? [];
+	if (collectors.length === 0) {
+		const { applyPluginAutoEnable } = await loadPluginAutoEnableModule();
+		const autoEnabled = applyPluginAutoEnable({
+			config: context.sourceConfig,
+			env: context.env
+		});
+		const requestedPluginIds = /* @__PURE__ */ new Set();
+		for (const pluginId of Object.keys(autoEnabled.autoEnabledReasons)) {
+			const normalized = pluginId.trim();
+			if (normalized) requestedPluginIds.add(normalized);
+		}
+		for (const pluginId of autoEnabled.config.plugins?.allow ?? []) {
+			if (typeof pluginId !== "string") continue;
+			const normalized = pluginId.trim();
+			if (normalized) requestedPluginIds.add(normalized);
+		}
+		for (const [pluginId, entry] of Object.entries(autoEnabled.config.plugins?.entries ?? {})) {
+			if (entry?.enabled === false) continue;
+			const normalized = pluginId.trim();
+			if (normalized) requestedPluginIds.add(normalized);
+		}
+		if (context.includeChannelSecurity && context.plugins !== void 0) {
+			const { resolveConfiguredChannelPluginIds } = await loadChannelPluginIdsModule();
+			const auditedChannelPluginIds = new Set(context.plugins.map((plugin) => plugin.id));
+			for (const pluginId of resolveConfiguredChannelPluginIds({
+				config: autoEnabled.config,
+				activationSourceConfig: context.sourceConfig,
+				workspaceDir: context.workspaceDir,
+				env: context.env
+			})) if (auditedChannelPluginIds.has(pluginId)) requestedPluginIds.delete(pluginId);
+		}
+		if (requestedPluginIds.size === 0) return [];
+		collectors = (await loadPluginMetadataRegistryLoaderModule()).loadPluginMetadataRegistrySnapshot({
+			config: autoEnabled.config,
+			activationSourceConfig: context.sourceConfig,
+			env: context.env,
+			workspaceDir: context.workspaceDir,
+			onlyPluginIds: [...requestedPluginIds]
+		}).securityAuditCollectors ?? [];
+	}
+	return (await Promise.all(collectors.map(async (entry) => {
+		try {
+			return await entry.collector({
+				config: context.cfg,
+				sourceConfig: context.sourceConfig,
+				env: context.env,
+				stateDir: context.stateDir,
+				configPath: context.configPath
+			});
+		} catch (err) {
+			return [{
+				checkId: `plugins.${entry.pluginId}.security_audit_failed`,
+				severity: "warn",
+				title: "Plugin security audit collector failed",
+				detail: `${entry.pluginId}: ${String(err)}`
+			}];
+		}
+	}))).flat();
+}
+function collectLoggingFindings(cfg) {
+	if (cfg.logging?.redactSensitive !== "off") return [];
+	return [{
+		checkId: "logging.redact_off",
+		severity: "warn",
+		title: "Tool summary redaction is disabled",
+		detail: `logging.redactSensitive="off" can leak secrets into logs and status output.`,
+		remediation: `Set logging.redactSensitive="tools".`
+	}];
+}
+function collectElevatedFindings(cfg) {
+	const findings = [];
+	const enabled = cfg.tools?.elevated?.enabled;
+	const allowFrom = cfg.tools?.elevated?.allowFrom ?? {};
+	const anyAllowFromKeys = Object.keys(allowFrom).length > 0;
+	if (enabled === false) return findings;
+	if (!anyAllowFromKeys) return findings;
+	for (const [provider, list] of Object.entries(allowFrom)) {
+		const normalized = normalizeAllowFromList(list);
+		if (normalized.includes("*")) findings.push({
+			checkId: `tools.elevated.allowFrom.${provider}.wildcard`,
+			severity: "critical",
+			title: "Elevated exec allowlist contains wildcard",
+			detail: `tools.elevated.allowFrom.${provider} includes "*" which effectively approves everyone on that channel for elevated mode.`
+		});
+		else if (normalized.length > 25) findings.push({
+			checkId: `tools.elevated.allowFrom.${provider}.large`,
+			severity: "warn",
+			title: "Elevated exec allowlist is large",
+			detail: `tools.elevated.allowFrom.${provider} has ${normalized.length} entries; consider tightening elevated access.`
+		});
+	}
+	return findings;
+}
+const CLAUDE_PERMISSION_MODE_FLAG = "--permission-mode";
+const CLAUDE_BYPASS_PERMISSION_MODE = "bypassPermissions";
+function extractClaudePermissionMode(args) {
+	if (!Array.isArray(args)) return;
+	for (let i = args.length - 1; i >= 0; i -= 1) {
+		const arg = args[i] ?? "";
+		if (arg === CLAUDE_PERMISSION_MODE_FLAG) {
+			const value = args[i + 1];
+			if (typeof value === "string" && value.trim().length > 0 && !value.startsWith("-")) return value.trim();
+			continue;
+		}
+		if (arg.startsWith(`${CLAUDE_PERMISSION_MODE_FLAG}=`)) {
+			const value = arg.slice(`${CLAUDE_PERMISSION_MODE_FLAG}=`.length).trim();
+			if (value.length > 0 && !value.startsWith("-")) return value;
+		}
+	}
+}
+function collectRestrictiveClaudePermissionModeHits(backend) {
+	if (!isManagedClaudeLiveBackendConfig(backend)) return [];
+	const hits = [];
+	const argsMode = extractClaudePermissionMode(backend.args);
+	if (argsMode && argsMode !== CLAUDE_BYPASS_PERMISSION_MODE) hits.push({
+		argSet: "args",
+		mode: argsMode
+	});
+	const resumeArgsMode = extractClaudePermissionMode(backend.resumeArgs);
+	if (resumeArgsMode && resumeArgsMode !== CLAUDE_BYPASS_PERMISSION_MODE) hits.push({
+		argSet: "resumeArgs",
+		mode: resumeArgsMode
+	});
+	return hits;
+}
+function isManagedClaudeLiveBackendConfig(backend) {
+	if (!backend) return false;
+	const output = backend.output ?? "jsonl";
+	const input = backend.input ?? "stdin";
+	return (backend.liveSession ?? (output === "jsonl" && input === "stdin" ? "claude-stdio" : void 0)) === "claude-stdio" && output === "jsonl" && input === "stdin";
+}
+function findClaudeCliBackendConfig(backends) {
+	if (!backends) return;
+	const directKey = Object.keys(backends).find((key) => normalizeOptionalLowercaseString(key) === "claude-cli");
+	if (directKey) return backends[directKey];
+	for (const [key, backend] of Object.entries(backends)) {
+		const normalizedKey = normalizeProviderId(key);
+		const command = normalizeOptionalLowercaseString(backend.command);
+		if (normalizedKey === "claude-cli" || normalizedKey === "anthropic-cli" || command === "claude") return backend;
+	}
+}
+function collectYoloExecScopeIds(cfg, approvals) {
+	const agents = Array.isArray(cfg.agents?.list) ? cfg.agents.list : [];
+	return [{ id: DEFAULT_AGENT_ID }, ...agents.filter((entry) => Boolean(entry) && typeof entry === "object" && typeof entry.id === "string").map((entry) => ({ id: entry.id }))].filter((entry) => {
+		const execDefaults = resolveExecDefaults({
+			cfg,
+			agentId: entry.id === "main" ? void 0 : entry.id
+		});
+		const resolvedApprovals = resolveExecApprovalsFromFile({
+			file: approvals,
+			agentId: entry.id === "main" ? void 0 : entry.id,
+			overrides: {
+				security: execDefaults.security,
+				ask: execDefaults.ask
+			}
+		});
+		return minSecurity(execDefaults.security, resolvedApprovals.agent.security) === "full" && maxAsk(execDefaults.ask, resolvedApprovals.agent.ask) === "off";
+	}).map((entry) => entry.id);
+}
+function collectExecRuntimeFindings(cfg) {
+	const findings = [];
+	const globalExecHost = cfg.tools?.exec?.host;
+	const globalStrictInlineEval = cfg.tools?.exec?.strictInlineEval === true;
+	const defaultSandboxMode = resolveSandboxConfigForAgent(cfg).mode;
+	const defaultHostIsExplicitSandbox = globalExecHost === "sandbox";
+	const approvals = loadExecApprovals();
+	const claudePermissionModeHits = collectRestrictiveClaudePermissionModeHits(findClaudeCliBackendConfig(cfg.agents?.defaults?.cliBackends));
+	const yoloExecScopeIds = claudePermissionModeHits.length > 0 ? collectYoloExecScopeIds(cfg, approvals) : [];
+	if (defaultHostIsExplicitSandbox && defaultSandboxMode === "off") findings.push({
+		checkId: "tools.exec.host_sandbox_no_sandbox_defaults",
+		severity: "warn",
+		title: "Exec host is sandbox but sandbox mode is off",
+		detail: "tools.exec.host is explicitly set to sandbox while agents.defaults.sandbox.mode=off. In this mode, exec fails closed because no sandbox runtime is available.",
+		remediation: "Enable sandbox mode (`agents.defaults.sandbox.mode=\"non-main\"` or `\"all\"`) or set tools.exec.host to \"gateway\" with approvals."
+	});
+	const agents = Array.isArray(cfg.agents?.list) ? cfg.agents.list : [];
+	const riskyAgents = agents.filter((entry) => entry && typeof entry === "object" && typeof entry.id === "string" && entry.tools?.exec?.host === "sandbox" && resolveSandboxConfigForAgent(cfg, entry.id).mode === "off").map((entry) => entry.id).slice(0, 5);
+	if (riskyAgents.length > 0) findings.push({
+		checkId: "tools.exec.host_sandbox_no_sandbox_agents",
+		severity: "warn",
+		title: "Agent exec host uses sandbox while sandbox mode is off",
+		detail: `agents.list.*.tools.exec.host is set to sandbox for: ${riskyAgents.join(", ")}. With sandbox mode off, exec fails closed for those agents.`,
+		remediation: "Enable sandbox mode for these agents (`agents.list[].sandbox.mode`) or set their tools.exec.host to \"gateway\"."
+	});
+	const effectiveExecScopes = Array.from(new Map([{
+		id: DEFAULT_AGENT_ID,
+		security: cfg.tools?.exec?.security ?? "deny",
+		host: cfg.tools?.exec?.host ?? "auto"
+	}, ...agents.filter((entry) => Boolean(entry) && typeof entry === "object" && typeof entry.id === "string").map((entry) => ({
+		id: entry.id,
+		security: entry.tools?.exec?.security ?? cfg.tools?.exec?.security ?? "deny",
+		host: entry.tools?.exec?.host ?? cfg.tools?.exec?.host ?? "auto"
+	}))].map((entry) => [entry.id, entry])).values());
+	const fullExecScopes = effectiveExecScopes.filter((entry) => entry.security === "full");
+	const execEnabledScopes = effectiveExecScopes.filter((entry) => entry.security !== "deny");
+	const openExecSurfacePaths = collectOpenExecSurfacePaths(cfg);
+	if (fullExecScopes.length > 0) findings.push({
+		checkId: "tools.exec.security_full_configured",
+		severity: openExecSurfacePaths.length > 0 ? "critical" : "warn",
+		title: "Exec security=full is configured",
+		detail: `Full exec trust is enabled for: ${fullExecScopes.map((entry) => entry.id).join(", ")}.` + (openExecSurfacePaths.length > 0 ? ` Open channel access was also detected at:\n${openExecSurfacePaths.map((entry) => `- ${entry}`).join("\n")}` : ""),
+		remediation: "Prefer tools.exec.security=\"allowlist\" with ask prompts, and reserve \"full\" for tightly scoped break-glass agents only."
+	});
+	if (claudePermissionModeHits.length > 0 && yoloExecScopeIds.length > 0) findings.push({
+		checkId: "agents.claude_cli.permission_mode_overridden_by_yolo",
+		severity: "warn",
+		title: "Claude permission mode is ignored under YOLO exec",
+		detail: `claude-cli sets ${claudePermissionModeHits.map((hit) => `${hit.argSet}=${hit.mode}`).join(", ")}, but FengMing exec is YOLO for: ${yoloExecScopeIds.join(", ")}. Managed Claude live sessions use --permission-mode bypassPermissions.`,
+		remediation: "Restrict FengMing tools.exec.security/tools.exec.ask, or remove the Claude --permission-mode override."
+	});
+	if (openExecSurfacePaths.length > 0 && execEnabledScopes.length > 0) findings.push({
+		checkId: "security.exposure.open_channels_with_exec",
+		severity: fullExecScopes.length > 0 ? "critical" : "warn",
+		title: "Open channels can reach exec-enabled agents",
+		detail: `Open DM/group access detected at:\n${openExecSurfacePaths.map((entry) => `- ${entry}`).join("\n")}\nExec-enabled scopes:\n${execEnabledScopes.map((entry) => `- ${entry.id}: security=${entry.security}, host=${entry.host}`).join("\n")}`,
+		remediation: "Tighten dmPolicy/groupPolicy to pairing or allowlist, or disable exec for agents reachable from shared/public channels."
+	});
+	const execFilesystemPolicyHits = collectExecFilesystemPolicyDriftHits(cfg);
+	if (execFilesystemPolicyHits.length > 0) findings.push({
+		checkId: "tools.exec.fs_tools_disabled_but_exec_enabled",
+		severity: "warn",
+		title: "Filesystem tool policy does not make exec read-only",
+		detail: `Found scopes where write/edit/apply_patch are unavailable but exec remains available:\n${execFilesystemPolicyHits.map((hit) => `- ${hit.scopeLabel}: runtime=[${hit.runtimeTools.join(", ")}], disabledFs=[${hit.disabledFilesystemTools.join(", ")}], exec.host=${hit.execHost}, sandbox=${hit.sandboxMode}, workspaceAccess=${hit.sandboxWorkspaceAccess}`).join("\n")}\nThe exec tool is a shell and can still write files wherever the selected host or sandbox filesystem permits it.`,
+		remediation: "For read-only agents, deny exec and process too. If shell access is intentional, constrain the filesystem boundary with sandbox mode \"all\" and workspaceAccess \"ro\" or \"none\"."
+	});
+	const autoAllowSkillsHits = collectAutoAllowSkillsHits(approvals);
+	if (autoAllowSkillsHits.length > 0) findings.push({
+		checkId: "tools.exec.auto_allow_skills_enabled",
+		severity: "warn",
+		title: "autoAllowSkills is enabled for exec approvals",
+		detail: `Implicit skill-bin allowlisting is enabled at:\n${autoAllowSkillsHits.map((entry) => `- ${entry}`).join("\n")}\nThis widens host exec trust beyond explicit manual allowlist entries.`,
+		remediation: "Disable autoAllowSkills in exec approvals and keep manual allowlists tight when you need explicit host-exec trust."
+	});
+	const interpreterAllowlistHits = collectInterpreterAllowlistHits({
+		approvals,
+		strictInlineEvalForAgentId: (agentId) => {
+			if (!agentId || agentId === "*" || agentId === "main") return globalStrictInlineEval;
+			return agents.find((entry) => entry?.id === agentId)?.tools?.exec?.strictInlineEval === true || globalStrictInlineEval;
+		}
+	});
+	if (interpreterAllowlistHits.length > 0) findings.push({
+		checkId: "tools.exec.allowlist_interpreter_without_strict_inline_eval",
+		severity: "warn",
+		title: "Interpreter allowlist entries are missing strictInlineEval hardening",
+		detail: `Interpreter/runtime allowlist entries were found without strictInlineEval enabled:\n${interpreterAllowlistHits.map((entry) => `- ${entry}`).join("\n")}`,
+		remediation: "Set tools.exec.strictInlineEval=true (or per-agent tools.exec.strictInlineEval=true) when allowlisting interpreters like python, node, ruby, perl, php, lua, or osascript."
+	});
+	const normalizeConfiguredSafeBins = (entries) => {
+		if (!Array.isArray(entries)) return [];
+		return Array.from(new Set(entries.map((entry) => normalizeOptionalLowercaseString(entry) ?? "").filter((entry) => entry.length > 0))).toSorted();
+	};
+	const normalizeConfiguredTrustedDirs = (entries) => {
+		if (!Array.isArray(entries)) return [];
+		return normalizeTrustedSafeBinDirs(entries.filter((entry) => typeof entry === "string"));
+	};
+	const classifyRiskySafeBinTrustedDir = (entry) => {
+		const raw = entry.trim();
+		if (!raw) return null;
+		if (!path.isAbsolute(raw)) return "relative path (trust boundary depends on process cwd)";
+		const normalized = path.resolve(raw).replace(/\\/g, "/").toLowerCase();
+		if (normalized === "/tmp" || normalized.startsWith("/tmp/") || normalized === "/var/tmp" || normalized.startsWith("/var/tmp/") || normalized === "/private/tmp" || normalized.startsWith("/private/tmp/")) return "temporary directory is mutable and easy to poison";
+		if (normalized === "/usr/local/bin" || normalized === "/opt/homebrew/bin" || normalized === "/opt/local/bin" || normalized === "/home/linuxbrew/.linuxbrew/bin") return "package-manager bin directory (often user-writable)";
+		if (normalized.startsWith("/users/") || normalized.startsWith("/home/") || normalized.includes("/.local/bin")) return "home-scoped bin directory (typically user-writable)";
+		if (/^[a-z]:\/users\//.test(normalized)) return "home-scoped bin directory (typically user-writable)";
+		return null;
+	};
+	const globalExec = cfg.tools?.exec;
+	const riskyTrustedDirHits = [];
+	const collectRiskyTrustedDirHits = (scopePath, entries) => {
+		for (const entry of normalizeConfiguredTrustedDirs(entries)) {
+			const reason = classifyRiskySafeBinTrustedDir(entry);
+			if (!reason) continue;
+			riskyTrustedDirHits.push(`- ${scopePath}.safeBinTrustedDirs: ${entry} (${reason})`);
+		}
+	};
+	collectRiskyTrustedDirHits("tools.exec", globalExec?.safeBinTrustedDirs);
+	for (const entry of agents) {
+		if (!entry || typeof entry !== "object" || typeof entry.id !== "string") continue;
+		collectRiskyTrustedDirHits(`agents.list.${entry.id}.tools.exec`, entry.tools?.exec?.safeBinTrustedDirs);
+	}
+	const interpreterHits = [];
+	const riskySemanticSafeBinHits = [];
+	const globalSafeBins = normalizeConfiguredSafeBins(globalExec?.safeBins);
+	if (globalSafeBins.length > 0) {
+		const merged = resolveMergedSafeBinProfileFixtures({ global: globalExec }) ?? {};
+		const interpreters = listInterpreterLikeSafeBins(globalSafeBins).filter((bin) => !merged[bin]);
+		if (interpreters.length > 0) interpreterHits.push(`- tools.exec.safeBins: ${interpreters.join(", ")}`);
+		for (const hit of listRiskyConfiguredSafeBins(globalSafeBins)) riskySemanticSafeBinHits.push(`- tools.exec.safeBins: ${hit.bin} (${hit.warning})`);
+	}
+	for (const entry of agents) {
+		if (!entry || typeof entry !== "object" || typeof entry.id !== "string") continue;
+		const agentExec = entry.tools?.exec;
+		const agentSafeBins = normalizeConfiguredSafeBins(agentExec?.safeBins);
+		if (agentSafeBins.length === 0) continue;
+		const merged = resolveMergedSafeBinProfileFixtures({
+			global: globalExec,
+			local: agentExec
+		}) ?? {};
+		const interpreters = listInterpreterLikeSafeBins(agentSafeBins).filter((bin) => !merged[bin]);
+		if (interpreters.length === 0) {
+			for (const hit of listRiskyConfiguredSafeBins(agentSafeBins)) riskySemanticSafeBinHits.push(`- agents.list.${entry.id}.tools.exec.safeBins: ${hit.bin} (${hit.warning})`);
+			continue;
+		}
+		interpreterHits.push(`- agents.list.${entry.id}.tools.exec.safeBins: ${interpreters.join(", ")}`);
+		for (const hit of listRiskyConfiguredSafeBins(agentSafeBins)) riskySemanticSafeBinHits.push(`- agents.list.${entry.id}.tools.exec.safeBins: ${hit.bin} (${hit.warning})`);
+	}
+	if (interpreterHits.length > 0) findings.push({
+		checkId: "tools.exec.safe_bins_interpreter_unprofiled",
+		severity: "warn",
+		title: "safeBins includes interpreter/runtime binaries without explicit profiles",
+		detail: `Detected interpreter-like safeBins entries missing explicit profiles:\n${interpreterHits.join("\n")}\nThese entries can turn safeBins into a broad execution surface when used with permissive argv profiles.`,
+		remediation: "Remove interpreter/runtime bins from safeBins (prefer allowlist entries) or define hardened tools.exec.safeBinProfiles.<bin> rules."
+	});
+	if (riskySemanticSafeBinHits.length > 0) findings.push({
+		checkId: "tools.exec.safe_bins_broad_behavior",
+		severity: "warn",
+		title: "safeBins includes binaries with broader semantics than low-risk stream filters",
+		detail: `Detected risky safeBins entries:\n${riskySemanticSafeBinHits.join("\n")}\nThese tools expose semantics that do not fit the low-risk stdin-filter fast path.`,
+		remediation: "Remove these binaries from safeBins and prefer explicit allowlist entries or approval-gated execution."
+	});
+	if (riskyTrustedDirHits.length > 0) findings.push({
+		checkId: "tools.exec.safe_bin_trusted_dirs_risky",
+		severity: "warn",
+		title: "safeBinTrustedDirs includes risky mutable directories",
+		detail: `Detected risky safeBinTrustedDirs entries:\n${riskyTrustedDirHits.slice(0, 10).join("\n")}` + (riskyTrustedDirHits.length > 10 ? `\n- +${riskyTrustedDirHits.length - 10} more entries.` : ""),
+		remediation: "Prefer root-owned immutable bins, keep default trust dirs (/bin, /usr/bin), and avoid trusting temporary/home/package-manager paths unless tightly controlled."
+	});
+	return findings;
+}
+function collectOpenExecSurfacePaths(cfg) {
+	const channels = asNullableRecord(cfg.channels);
+	if (!channels) return [];
+	const hits = /* @__PURE__ */ new Set();
+	const seen = /* @__PURE__ */ new WeakSet();
+	const visit = (value, scope) => {
+		const record = asNullableRecord(value);
+		if (!record || seen.has(record)) return;
+		seen.add(record);
+		if (record.groupPolicy === "open") hits.add(`${scope}.groupPolicy`);
+		if (record.dmPolicy === "open") hits.add(`${scope}.dmPolicy`);
+		for (const [key, nested] of Object.entries(record)) {
+			if (key === "groups" || key === "accounts" || key === "dms") {
+				visit(nested, `${scope}.${key}`);
+				continue;
+			}
+			if (asNullableRecord(nested)) visit(nested, `${scope}.${key}`);
+		}
+	};
+	for (const [channelId, channelValue] of Object.entries(channels)) visit(channelValue, `channels.${channelId}`);
+	return Array.from(hits).toSorted();
+}
+function collectAutoAllowSkillsHits(approvals) {
+	const hits = [];
+	if (approvals.defaults?.autoAllowSkills === true) hits.push("defaults.autoAllowSkills");
+	for (const [agentId, agent] of Object.entries(approvals.agents ?? {})) if (agent?.autoAllowSkills === true) hits.push(`agents.${agentId}.autoAllowSkills`);
+	return hits;
+}
+function collectInterpreterAllowlistHits(params) {
+	const hits = [];
+	for (const [agentId, agent] of Object.entries(params.approvals.agents ?? {})) {
+		if (!agent || params.strictInlineEvalForAgentId(agentId)) continue;
+		for (const entry of agent.allowlist ?? []) {
+			if (!isInterpreterLikeAllowlistPattern(entry.pattern)) continue;
+			hits.push(`agents.${agentId}.allowlist: ${entry.pattern}`);
+		}
+	}
+	return hits;
+}
+async function maybeProbeGateway(params) {
+	const { buildGatewayConnectionDetails, resolveGatewayProbeAuthSafe, resolveGatewayProbeTarget } = await loadGatewayProbeDeps();
+	const url = buildGatewayConnectionDetails({ config: params.cfg }).url;
+	const probeTarget = resolveGatewayProbeTarget(params.cfg);
+	const authResolution = resolveGatewayProbeAuthSafe({
+		cfg: params.cfg,
+		env: params.env,
+		mode: probeTarget.mode,
+		explicitAuth: params.explicitAuth
+	});
+	const res = await params.probe({
+		url,
+		auth: authResolution.auth,
+		timeoutMs: params.timeoutMs
+	}).catch((err) => ({
+		ok: false,
+		url,
+		connectLatencyMs: null,
+		error: String(err),
+		close: null,
+		health: null,
+		status: null,
+		presence: null,
+		configSnapshot: null
+	}));
+	if (authResolution.warning && !res.ok) res.error = res.error ? `${res.error}; ${authResolution.warning}` : authResolution.warning;
+	return {
+		deep: { gateway: {
+			attempted: true,
+			url,
+			ok: res.ok,
+			error: res.ok ? null : res.error,
+			close: res.close ? {
+				code: res.close.code,
+				reason: res.close.reason
+			} : null
+		} },
+		authWarning: authResolution.warning
+	};
+}
+async function createAuditExecutionContext(opts) {
+	const cfg = opts.config;
+	const sourceConfig = opts.sourceConfig ?? opts.config;
+	const env = opts.env ?? process.env;
+	const platform = opts.platform ?? process.platform;
+	const includeFilesystem = opts.includeFilesystem !== false;
+	const includeChannelSecurity = opts.includeChannelSecurity !== false;
+	const deep = opts.deep === true;
+	const deepTimeoutMs = Math.max(250, opts.deepTimeoutMs ?? 5e3);
+	const stateDir = opts.stateDir ?? resolveStateDir(env);
+	const configPath = opts.configPath ?? resolveConfigPath(env, stateDir);
+	const workspaceDir = opts.workspaceDir ?? resolveAgentWorkspaceDir(cfg, resolveDefaultAgentId(cfg));
+	const { readConfigSnapshotForAudit } = await loadAuditNonDeepModule();
+	const configSnapshot = includeFilesystem ? opts.configSnapshot !== void 0 ? opts.configSnapshot : await readConfigSnapshotForAudit({
+		env,
+		configPath
+	}).catch(() => null) : null;
+	return {
+		cfg,
+		sourceConfig,
+		env,
+		platform,
+		includeFilesystem,
+		includeChannelSecurity,
+		deep,
+		deepTimeoutMs,
+		stateDir,
+		configPath,
+		execIcacls: opts.execIcacls,
+		execDockerRawFn: opts.execDockerRawFn,
+		probeGatewayFn: opts.probeGatewayFn,
+		plugins: opts.plugins,
+		loadPluginSecurityCollectors: opts.loadPluginSecurityCollectors ?? deep,
+		workspaceDir,
+		configSnapshot,
+		codeSafetySummaryCache: opts.codeSafetySummaryCache ?? /* @__PURE__ */ new Map(),
+		deepProbeAuth: opts.deepProbeAuth,
+		auditGatewayAuthOverride: opts.auditGatewayAuthOverride
+	};
+}
+async function runSecurityAudit(opts) {
+	const findings = [];
+	const context = await createAuditExecutionContext(opts);
+	const { cfg, env, platform, stateDir, configPath } = context;
+	const auditNonDeep = await loadAuditNonDeepModule();
+	findings.push(...auditNonDeep.collectAttackSurfaceSummaryFindings(cfg));
+	findings.push(...auditNonDeep.collectSyncedFolderFindings({
+		stateDir,
+		configPath
+	}));
+	findings.push(...collectGatewayConfigFindings(cfg, context.sourceConfig, env, { gatewayAuthOverride: context.auditGatewayAuthOverride }));
+	findings.push(...await collectPluginSecurityAuditFindings(context));
+	findings.push(...collectLoggingFindings(cfg));
+	findings.push(...collectElevatedFindings(cfg));
+	findings.push(...collectExecRuntimeFindings(cfg));
+	findings.push(...auditNonDeep.collectHooksHardeningFindings(cfg, env, { gatewayAuthOverride: context.auditGatewayAuthOverride }));
+	findings.push(...auditNonDeep.collectGatewayHttpNoAuthFindings(cfg, env, { gatewayAuthOverride: context.auditGatewayAuthOverride }));
+	findings.push(...auditNonDeep.collectGatewayHttpSessionKeyOverrideFindings(cfg));
+	findings.push(...auditNonDeep.collectSandboxDockerNoopFindings(cfg));
+	findings.push(...auditNonDeep.collectSandboxDangerousConfigFindings(cfg));
+	findings.push(...auditNonDeep.collectNodeDenyCommandPatternFindings(cfg));
+	findings.push(...auditNonDeep.collectNodeDangerousAllowCommandFindings(cfg));
+	findings.push(...auditNonDeep.collectMinimalProfileOverrideFindings(cfg));
+	findings.push(...auditNonDeep.collectSecretsInConfigFindings(cfg));
+	findings.push(...auditNonDeep.collectModelHygieneFindings(cfg));
+	findings.push(...auditNonDeep.collectSmallModelRiskFindings({
+		cfg,
+		env
+	}));
+	findings.push(...auditNonDeep.collectExposureMatrixFindings(cfg));
+	findings.push(...auditNonDeep.collectLikelyMultiUserSetupFindings(cfg));
+	if (context.includeFilesystem) {
+		findings.push(...await collectFilesystemFindings({
+			stateDir,
+			configPath,
+			env,
+			platform,
+			execIcacls: context.execIcacls
+		}));
+		if (context.configSnapshot) findings.push(...await auditNonDeep.collectIncludeFilePermFindings({
+			configSnapshot: context.configSnapshot,
+			env,
+			platform,
+			execIcacls: context.execIcacls
+		}));
+		findings.push(...await auditNonDeep.collectStateDeepFilesystemFindings({
+			cfg,
+			env,
+			stateDir,
+			platform,
+			execIcacls: context.execIcacls
+		}));
+		findings.push(...await auditNonDeep.collectWorkspaceSkillSymlinkEscapeFindings({ cfg }));
+		findings.push(...await auditNonDeep.collectSandboxBrowserHashLabelFindings({
+			execDockerRawFn: context.execDockerRawFn,
+			timeoutMs: context.deepTimeoutMs
+		}));
+		findings.push(...await auditNonDeep.collectPluginsTrustFindings({
+			cfg,
+			stateDir
+		}));
+		findings.push(...await collectDeepCodeSafetyFindings({
+			cfg,
+			stateDir,
+			deep: context.deep,
+			summaryCache: context.codeSafetySummaryCache
+		}));
+	}
+	let shouldAuditChannelSecurity = false;
+	if (context.includeChannelSecurity) if (context.plugins !== void 0) shouldAuditChannelSecurity = true;
+	else {
+		const { hasConfiguredChannelsForReadOnlyScope, resolveConfiguredChannelPluginIds } = await loadChannelPluginIdsModule();
+		shouldAuditChannelSecurity = hasConfiguredChannelsForReadOnlyScope({
+			config: cfg,
+			activationSourceConfig: context.sourceConfig,
+			workspaceDir: context.workspaceDir,
+			env
+		}) || resolveConfiguredChannelPluginIds({
+			config: cfg,
+			activationSourceConfig: context.sourceConfig,
+			workspaceDir: context.workspaceDir,
+			env
+		}).length > 0;
+	}
+	if (shouldAuditChannelSecurity) {
+		const channelPlugins = context.plugins ?? (await loadReadOnlyChannelPlugins()).listReadOnlyChannelPluginsForConfig(cfg, {
+			activationSourceConfig: context.sourceConfig,
+			workspaceDir: context.workspaceDir,
+			env,
+			stateDir,
+			includePersistedAuthState: true,
+			includeSetupFallbackPlugins: true
+		});
+		const { collectChannelSecurityFindings } = await loadAuditChannelModule();
+		findings.push(...await collectChannelSecurityFindings({
+			cfg,
+			sourceConfig: context.sourceConfig,
+			plugins: channelPlugins
+		}));
+	}
+	const deepProbeResult = context.deep ? await maybeProbeGateway({
+		cfg,
+		env,
+		timeoutMs: context.deepTimeoutMs,
+		probe: context.probeGatewayFn ?? (await loadGatewayProbeDeps()).probeGateway,
+		explicitAuth: context.deepProbeAuth
+	}) : void 0;
+	const deep = deepProbeResult?.deep;
+	findings.push(...collectDeepProbeFindings({
+		deep,
+		authWarning: deepProbeResult?.authWarning
+	}));
+	const configuredSuppressions = cfg.security?.audit?.suppressions;
+	const filtered = applySecurityAuditSuppressions(findings, configuredSuppressions);
+	const configuredSuppressionCount = configuredSuppressions?.length ?? 0;
+	const activeFindings = configuredSuppressionCount > 0 ? [...filtered.findings, buildSecurityAuditSuppressionsActiveFinding({
+		configuredCount: configuredSuppressionCount,
+		suppressedCount: filtered.suppressedFindings.length
+	})] : filtered.findings;
+	const summary = countBySeverity(activeFindings);
+	return {
+		ts: Date.now(),
+		summary,
+		findings: activeFindings,
+		...filtered.suppressedFindings.length > 0 ? { suppressedFindings: filtered.suppressedFindings } : {},
+		deep
+	};
+}
+//#endregion
+export { runSecurityAudit as t };