jinzd-ai-cli 0.4.113 → 0.4.115

package/dist/index.js

@@ -14,6 +14,7 @@ import {
   buildWriteRoundReminder,
   clearDevState,
   computeCost,
+  detectMetaNarration,
   detectPseudoToolCalls,
   detectsHallucinatedFileOp,
   extractWrittenFilePaths,
@@ -31,10 +32,10 @@ import {
   setupProxy,
   stripPseudoToolCalls,
   stripToolCallReminder
-} from "./chunk-TFYDLG7E.js";
+} from "./chunk-FMPWML3F.js";
 import {
   ConfigManager
-} from "./chunk-WLZ2PWQV.js";
+} from "./chunk-UZLNS3QG.js";
 import {
   ToolExecutor,
   ToolRegistry,
@@ -53,10 +54,10 @@ import {
   spawnAgentContext,
   theme,
   undoStack
-} from "./chunk-3GUNDGUV.js";
+} from "./chunk-TJGRPTJS.js";
 import "./chunk-3BICTI5M.js";
 import "./chunk-2DXY7UGF.js";
-import "./chunk-SIDKPVRD.js";
+import "./chunk-PEMNYHIS.js";
 import "./chunk-2ZD3YTVM.js";
 import {
   AGENTIC_BEHAVIOR_GUIDELINE,
@@ -79,7 +80,7 @@ import {
   SKILLS_DIR_NAME,
   VERSION,
   buildUserIdentityPrompt
-} from "./chunk-SRU5SYZI.js";
+} from "./chunk-OHUHYWBR.js";
 import {
   formatGitContextForPrompt,
   getGitContext,
@@ -411,6 +412,7 @@ var Renderer = class {
       buf = "";
     };
     let interrupted = false;
+    let streamErr = null;
     try {
       for await (const chunk of stream) {
         if (options?.signal?.aborted) {
@@ -435,41 +437,51 @@ var Renderer = class {
         interrupted = true;
         if (!inThinking) flushBuf();
       } else {
-        throw err;
+        streamErr = err;
       }
     }
     if (interrupted) {
       process.stdout.write(theme.dim(" [interrupted]\n"));
     }
     let tokensShown = false;
-    if (options?.showTokens) {
-      process.stdout.write("\n");
-      if (usage) {
-        const sessionTotal = options.sessionTotal;
-        const updatedTotal = sessionTotal ? { inputTokens: sessionTotal.inputTokens + usage.inputTokens, outputTokens: sessionTotal.outputTokens + usage.outputTokens } : void 0;
-        this.renderUsage(usage, updatedTotal);
-        tokensShown = true;
-      } else if (fullContent.length > 0) {
-        const est = Math.ceil(fullContent.length / 2.5);
-        process.stdout.write(theme.dim(`\u{1F4CA} ~${est.toLocaleString()} output tokens (estimated)
+    if (!streamErr) {
+      if (options?.showTokens) {
+        process.stdout.write("\n");
+        if (usage) {
+          const sessionTotal = options.sessionTotal;
+          const updatedTotal = sessionTotal ? { inputTokens: sessionTotal.inputTokens + usage.inputTokens, outputTokens: sessionTotal.outputTokens + usage.outputTokens } : void 0;
+          this.renderUsage(usage, updatedTotal);
+          tokensShown = true;
+        } else if (fullContent.length > 0) {
+          const est = Math.ceil(fullContent.length / 2.5);
+          process.stdout.write(theme.dim(`\u{1F4CA} ~${est.toLocaleString()} output tokens (estimated)
 
 `));
-        tokensShown = true;
+          tokensShown = true;
+        } else {
+          process.stdout.write("\n");
+        }
       } else {
-        process.stdout.write("\n");
+        process.stdout.write("\n\n");
       }
     } else {
-      process.stdout.write("\n\n");
+      process.stdout.write("\n");
     }
     if (fileStream) {
-      await new Promise((resolve3, reject) => {
-        fileStream.end((err) => err ? reject(err) : resolve3());
-      });
-      const kb = (Buffer.byteLength(fullContent, "utf-8") / 1024).toFixed(1);
-      process.stdout.write(theme.success(`  \u2705 Saved: ${options.saveToFile} (${kb} KB)
+      try {
+        await new Promise((resolve3) => {
+          fileStream.end(() => resolve3());
+        });
+      } catch {
+      }
+      if (!streamErr) {
+        const kb = (Buffer.byteLength(fullContent, "utf-8") / 1024).toFixed(1);
+        process.stdout.write(theme.success(`  \u2705 Saved: ${options.saveToFile} (${kb} KB)
 
 `));
+      }
     }
+    if (streamErr) throw streamErr;
     return { content: fullContent, usage, tokensShown };
   }
   renderResponse(content) {
@@ -1600,7 +1612,7 @@ ${text}
           const { join: join6 } = await import("path");
           const { existsSync: existsSync6 } = await import("fs");
           const { getGitRoot: getGitRoot2 } = await import("./git-context-7KIP4X2V.js");
-          const { MCP_PROJECT_CONFIG_NAME: MCP_PROJECT_CONFIG_NAME2 } = await import("./constants-2Z7YP252.js");
+          const { MCP_PROJECT_CONFIG_NAME: MCP_PROJECT_CONFIG_NAME2 } = await import("./constants-Y6LRE5TI.js");
           const { approveProject, hashMcpFile } = await import("./project-trust-IFM7FXEV.js");
           const cwd = process.cwd();
           const projectRoot = getGitRoot2(cwd) ?? cwd;
@@ -2650,7 +2662,7 @@ ${hint}` : "")
       usage: "/test [command|filter]",
       async execute(args, ctx) {
         try {
-          const { executeTests } = await import("./run-tests-BUDXHVNF.js");
+          const { executeTests } = await import("./run-tests-TWE7TJ4T.js");
           const argStr = args.join(" ").trim();
           let testArgs = {};
           if (argStr) {
@@ -6260,10 +6272,71 @@ ${mcpBudgetNote}` : "");
                 _extraMessages: teeExtraMessages
               });
               const teeShowTokens = this.shouldShowTokens();
-              const { content: genContent, usage: genUsage, tokensShown: teeTokShown } = await this.renderer.renderStream(
-                genStream,
-                { saveToFile, showTokens: teeShowTokens, sessionTotal: teeShowTokens ? { ...this.sessionTokenUsage } : void 0, signal: teeAc.signal }
-              );
+              let genContent;
+              let genUsage;
+              let teeTokShown = false;
+              try {
+                const teeResult = await this.renderer.renderStream(
+                  genStream,
+                  { saveToFile, showTokens: teeShowTokens, sessionTotal: teeShowTokens ? { ...this.sessionTokenUsage } : void 0, signal: teeAc.signal }
+                );
+                genContent = teeResult.content;
+                genUsage = teeResult.usage;
+                teeTokShown = teeResult.tokensShown;
+              } catch (teeErr) {
+                try {
+                  unlinkSync2(saveToFile);
+                } catch {
+                }
+                const errMsg = teeErr instanceof Error ? teeErr.message : String(teeErr);
+                process.stdout.write(theme.error(
+                  `
+  \u2717 tee stream failed: ${errMsg}
+  ${saveToFile} (partial) was deleted. Asking model to retry.
+
+`
+                ));
+                const errorResults = result.toolCalls.map((tc) => ({
+                  callId: tc.id,
+                  content: tc.name === "save_last_response" ? `[save_last_response failed] streaming was interrupted: ${errMsg}. ${saveToFile} was NOT saved. Retry \u2014 and consider producing a more compact output (split very large reports across multiple save_last_response calls if the previous attempt timed out).` : `[skipped: save_last_response failed]`,
+                  isError: tc.name === "save_last_response"
+                }));
+                const reasoningContent3 = "reasoningContent" in result ? result.reasoningContent : void 0;
+                const newMsgs3 = provider.buildToolResultMessages(result.toolCalls, errorResults, reasoningContent3);
+                extraMessages.push(...newMsgs3);
+                continue;
+              }
+              const metaMatch = detectMetaNarration(genContent);
+              if (metaMatch) {
+                try {
+                  unlinkSync2(saveToFile);
+                } catch {
+                }
+                process.stdout.write(theme.error(
+                  `
+  \u2717 Rejected save: response was meta-narration / leaked reasoning, not document body (matched: ${metaMatch})
+  ${saveToFile} was deleted; asking model to retry.
+
+`
+                ));
+                const errorResults = result.toolCalls.map((tc) => ({
+                  callId: tc.id,
+                  content: tc.name === "save_last_response" ? `[save_last_response REJECTED] Your output was internal reasoning / meta-narration about the task (e.g. "Let me re-read\u2026", "the user is asking me to\u2026") instead of the requested document body. ${saveToFile} was NOT saved.
+
+This fresh stream has NO tools. Produce ONLY the document body: start with a markdown heading like "# \u5BA1\u8BA1\u62A5\u544A" / "# Audit Report" and write the full content. Do NOT narrate that you will produce the document \u2014 produce it.` : `[skipped: save_last_response was rejected and other parallel calls are abandoned]`,
+                  isError: tc.name === "save_last_response"
+                }));
+                const reasoningContent3 = "reasoningContent" in result ? result.reasoningContent : void 0;
+                const newMsgs3 = provider.buildToolResultMessages(result.toolCalls, errorResults, reasoningContent3);
+                extraMessages.push(...newMsgs3);
+                if (genUsage) {
+                  roundUsage.inputTokens += genUsage.inputTokens;
+                  roundUsage.outputTokens += genUsage.outputTokens;
+                  roundUsage.cacheCreationTokens += genUsage.cacheCreationTokens ?? 0;
+                  roundUsage.cacheReadTokens += genUsage.cacheReadTokens ?? 0;
+                }
+                continue;
+              }
               const pseudoMatch = detectPseudoToolCalls(genContent);
               if (pseudoMatch) {
                 const cleaned = stripPseudoToolCalls(genContent);
@@ -6882,11 +6955,11 @@ program.command("web").description("Start Web UI server with browser-based chat
     console.error("Error: Invalid port number. Must be between 1 and 65535.");
     process.exit(1);
   }
-  const { startWebServer } = await import("./server-MJGOR6FU.js");
+  const { startWebServer } = await import("./server-RODHACCH.js");
   await startWebServer({ port, host: options.host });
 });
-program.command("user [action] [username]").description("Manage Web UI users (list | create <name> | delete <name> | reset-password <name> | migrate <name>)").action(async (action, username) => {
-  const { AuthManager } = await import("./auth-SC6KHHI3.js");
+program.command("user [action] [username]").description("Manage Web UI users (list | create <name> | delete <name> | reset-password <name> | logout-all <name> | migrate <name>)").action(async (action, username) => {
+  const { AuthManager } = await import("./auth-7KK5BOCA.js");
   const config = new ConfigManager();
   const auth = new AuthManager(config.getConfigDir());
   if (!action || action === "list") {
@@ -6961,6 +7034,19 @@ ${users.length} user(s) registered (auth enabled):
     console.log(`\u2713 Password reset for '${username}'.`);
     return;
   }
+  if (action === "logout-all") {
+    if (!username) {
+      console.error("Usage: aicli user logout-all <username>");
+      process.exit(1);
+    }
+    const ok = auth.logoutAll(username);
+    if (!ok) {
+      console.error(`Error: User '${username}' not found.`);
+      process.exit(1);
+    }
+    console.log(`\u2713 All outstanding sessions for '${username}' revoked.`);
+    return;
+  }
   if (action === "migrate") {
     if (!username) {
       console.error("Usage: aicli user migrate <username>");
@@ -6980,7 +7066,7 @@ ${users.length} user(s) registered (auth enabled):
     return;
   }
   console.error(`Unknown action: ${action}`);
-  console.error("Available: list, create, delete, reset-password, migrate");
+  console.error("Available: list, create, delete, reset-password, logout-all, migrate");
   process.exit(1);
 });
 program.command("sessions").description("List recent conversation sessions").action(async () => {
@@ -7005,7 +7091,7 @@ program.command("sessions").description("List recent conversation sessions").act
 });
 program.command("batch <action> [arg] [arg2]").description("Anthropic Message Batches: submit | list | status <id> | results <id> [out] | cancel <id>").option("--dry-run", "Parse and validate input without submitting (submit only)").action(async (action, arg, arg2, options) => {
   try {
-    const batch = await import("./batch-NF26OYWB.js");
+    const batch = await import("./batch-SHNIUSW2.js");
     switch (action) {
       case "submit":
         if (!arg) {
@@ -7048,7 +7134,7 @@ program.command("batch <action> [arg] [arg2]").description("Anthropic Message Ba
   }
 });
 program.command("mcp-serve").description("Start an MCP server over STDIO, exposing aicli's built-in tools to Claude Desktop / Cursor / other MCP clients").option("--allow-destructive", "Allow bash / run_interactive / task_create (always destructive in MCP mode)").option("--allow-outside-cwd", "Allow tool path arguments to escape the sandbox root \u2014 disabled by default").option("--tools <list>", "Comma-separated whitelist of tools to expose (default: all eligible tools)").option("--cwd <path>", "Working directory AND sandbox root (default: current directory)").action(async (options) => {
-  const { startMcpServer } = await import("./server-ABNZXOV2.js");
+  const { startMcpServer } = await import("./server-3P5BYK74.js");
   await startMcpServer({
     allowDestructive: !!options.allowDestructive,
     allowOutsideCwd: !!options.allowOutsideCwd,
@@ -7175,7 +7261,7 @@ program.command("hub [topic]").description("Start multi-agent hub (discuss / bra
     }),
     config.get("customProviders")
   );
-  const { startHub } = await import("./hub-KRNH76Y3.js");
+  const { startHub } = await import("./hub-E3WMJGYK.js");
   await startHub(
     {
       topic: topic ?? "",

package/dist/{run-tests-YOBAV24V.js → run-tests-7VYL7OVA.js}

@@ -1,7 +1,7 @@
 import {
   executeTests,
   runTestsTool
-} from "./chunk-2WAEM5B6.js";
+} from "./chunk-KQZU2VS5.js";
 import "./chunk-3RG5ZIWI.js";
 export {
   executeTests,

package/dist/{run-tests-BUDXHVNF.js → run-tests-TWE7TJ4T.js}

@@ -2,8 +2,8 @@
 import {
   executeTests,
   runTestsTool
-} from "./chunk-SIDKPVRD.js";
-import "./chunk-SRU5SYZI.js";
+} from "./chunk-PEMNYHIS.js";
+import "./chunk-OHUHYWBR.js";
 import "./chunk-PDX44BCA.js";
 export {
   executeTests,

package/dist/{server-ABNZXOV2.js → server-3P5BYK74.js}

@@ -3,14 +3,14 @@ import {
   ToolRegistry,
   getDangerLevel,
   schemaToJsonSchema
-} from "./chunk-3GUNDGUV.js";
+} from "./chunk-TJGRPTJS.js";
 import "./chunk-3BICTI5M.js";
 import "./chunk-2DXY7UGF.js";
-import "./chunk-SIDKPVRD.js";
+import "./chunk-PEMNYHIS.js";
 import "./chunk-2ZD3YTVM.js";
 import {
   VERSION
-} from "./chunk-SRU5SYZI.js";
+} from "./chunk-OHUHYWBR.js";
 import "./chunk-4BKXL7SM.js";
 import "./chunk-7ZJN4KLV.js";
 import "./chunk-KHYD3WXE.js";
@@ -23,6 +23,14 @@ import { createInterface } from "readline";
 import { resolve } from "path";
 import { realpathSync } from "fs";
 var STDIN_TOOLS = /* @__PURE__ */ new Set(["ask_user", "spawn_agent"]);
+function looksLikePath(s) {
+  if (s.startsWith("/")) return true;
+  if (s.startsWith("\\\\")) return true;
+  if (/^[a-zA-Z]:[\\/]/.test(s)) return true;
+  if (s.startsWith("../") || s.startsWith("..\\")) return true;
+  if (s === "..") return true;
+  return false;
+}
 var MCP_ALWAYS_DESTRUCTIVE = /* @__PURE__ */ new Set([
   "bash",
   "run_interactive",
@@ -237,19 +245,30 @@ var McpServer = class {
   validatePathArgs(toolName, args) {
     if (this.opts.allowOutsideCwd) return void 0;
     const keys = TOOL_PATH_ARGS[toolName];
-    if (!keys) return void 0;
-    for (const key of keys) {
-      const value = args[key];
-      if (value === void 0 || value === null) continue;
-      const list = Array.isArray(value) ? value : [value];
-      for (const entry of list) {
-        if (typeof entry !== "string" || entry.length === 0) continue;
-        const abs = resolve(this.sandboxRoot, entry);
-        if (!this.isInsideSandbox(abs)) {
-          return `Path '${entry}' escapes sandbox root '${this.sandboxRoot}'. Pass --allow-outside-cwd to permit.`;
+    if (keys) {
+      for (const key of keys) {
+        const value = args[key];
+        if (value === void 0 || value === null) continue;
+        const list = Array.isArray(value) ? value : [value];
+        for (const entry of list) {
+          if (typeof entry !== "string" || entry.length === 0) continue;
+          const abs = resolve(this.sandboxRoot, entry);
+          if (!this.isInsideSandbox(abs)) {
+            return `Path '${entry}' escapes sandbox root '${this.sandboxRoot}'. Pass --allow-outside-cwd to permit.`;
+          }
         }
       }
     }
+    const knownKeys = new Set(keys ?? []);
+    for (const [k, v] of Object.entries(args)) {
+      if (knownKeys.has(k)) continue;
+      if (typeof v !== "string" || v.length === 0) continue;
+      if (!looksLikePath(v)) continue;
+      const abs = resolve(this.sandboxRoot, v);
+      if (!this.isInsideSandbox(abs)) {
+        return `Path-like argument '${k}=${v}' escapes sandbox root '${this.sandboxRoot}'. Pass --allow-outside-cwd to permit.`;
+      }
+    }
     return void 0;
   }
   isInsideSandbox(abs) {

package/dist/{server-MJGOR6FU.js → server-RODHACCH.js}

@@ -1,7 +1,8 @@
 #!/usr/bin/env node
 import {
-  AuthManager
-} from "./chunk-BYNY5JPB.js";
+  AuthManager,
+  TOKEN_EXPIRY_MS
+} from "./chunk-O7NM4WTS.js";
 import {
   CONTENT_ONLY_STREAM_REMINDER,
   HALLUCINATION_CORRECTION_MESSAGE,
@@ -13,6 +14,7 @@ import {
   TOOL_CALL_REMINDER,
   autoTrimSessionIfNeeded,
   computeCost,
+  detectMetaNarration,
   detectPseudoToolCalls,
   detectsHallucinatedFileOp,
   formatCost,
@@ -24,10 +26,10 @@ import {
   setupProxy,
   stripPseudoToolCalls,
   stripToolCallReminder
-} from "./chunk-TFYDLG7E.js";
+} from "./chunk-FMPWML3F.js";
 import {
   ConfigManager
-} from "./chunk-WLZ2PWQV.js";
+} from "./chunk-UZLNS3QG.js";
 import {
   ToolExecutor,
   ToolRegistry,
@@ -45,10 +47,10 @@ import {
   spawnAgentContext,
   truncateOutput,
   undoStack
-} from "./chunk-3GUNDGUV.js";
+} from "./chunk-TJGRPTJS.js";
 import "./chunk-3BICTI5M.js";
 import "./chunk-2DXY7UGF.js";
-import "./chunk-SIDKPVRD.js";
+import "./chunk-PEMNYHIS.js";
 import "./chunk-2ZD3YTVM.js";
 import {
   AGENTIC_BEHAVIOR_GUIDELINE,
@@ -68,7 +70,7 @@ import {
   SKILLS_DIR_NAME,
   VERSION,
   buildUserIdentityPrompt
-} from "./chunk-SRU5SYZI.js";
+} from "./chunk-OHUHYWBR.js";
 import {
   formatGitContextForPrompt,
   getGitContext,
@@ -539,6 +541,7 @@ var SessionHandler = class _SessionHandler {
     this.mcpManager = shared.mcpManager;
     this.skillManager = shared.skillManager;
     this.toolExecutor = new ToolExecutorWeb(shared.toolRegistry, ws);
+    this.toolExecutor.setSessionKey(`web-${Math.random().toString(36).slice(2)}-${Date.now()}`);
     this.currentProvider = this.config.get("defaultProvider");
     const allDefaultModels = this.config.get("defaultModels");
     try {
@@ -1293,6 +1296,31 @@ ${summaryResult.content}`,
       await new Promise((resolve3, reject) => {
         fileStream.end((err) => err ? reject(err) : resolve3());
       });
+      const metaMatch = detectMetaNarration(fullContent);
+      if (metaMatch) {
+        try {
+          unlinkSync(saveToFile);
+        } catch {
+        }
+        isError = true;
+        summary = `[save_last_response REJECTED] Your output was internal reasoning / meta-narration (e.g. "Let me re-read\u2026", "the user is asking me to\u2026") instead of the requested document body (matched: ${metaMatch}). ${saveToFile} was NOT saved.
+
+This fresh stream has NO tools. Produce ONLY the document body: start with a markdown heading and write the full content. Do NOT narrate that you will produce the document \u2014 produce it.`;
+        if (teeUsage) {
+          roundUsage.inputTokens += teeUsage.inputTokens;
+          roundUsage.outputTokens += teeUsage.outputTokens;
+          roundUsage.cacheCreationTokens += teeUsage.cacheCreationTokens ?? 0;
+          roundUsage.cacheReadTokens += teeUsage.cacheReadTokens ?? 0;
+        }
+        this.send({
+          type: "tool_call_result",
+          callId: call.id,
+          result: summary,
+          isError: true,
+          endTime: Date.now()
+        });
+        return { content: "", summary, isError: true };
+      }
       const pseudoMatch = detectPseudoToolCalls(fullContent);
       if (pseudoMatch) {
         const cleaned = stripPseudoToolCalls(fullContent);
@@ -1330,9 +1358,13 @@ ${summaryResult.content}`,
         } catch {
         }
       }
+      try {
+        unlinkSync(saveToFile);
+      } catch {
+      }
       isError = true;
       const msg = err instanceof Error ? err.message : String(err);
-      summary = `[save_last_response failed] ${msg}`;
+      summary = `[save_last_response failed] streaming was interrupted: ${msg}. ${saveToFile} (partial) was deleted. Retry \u2014 and consider producing a more compact output (split very large reports across multiple save_last_response calls if the previous attempt timed out).`;
     }
     this.send({
       type: "tool_call_result",
@@ -2411,7 +2443,7 @@ ${undoResults.map((r) => `  \u2022 ${r}`).join("\n")}` });
       case "test": {
         this.send({ type: "info", message: "\u{1F9EA} Running tests..." });
         try {
-          const { executeTests } = await import("./run-tests-BUDXHVNF.js");
+          const { executeTests } = await import("./run-tests-TWE7TJ4T.js");
           const argStr = args.join(" ").trim();
           let testArgs = {};
           if (argStr) {
@@ -3467,6 +3499,27 @@ async function startWebServer(options = {}) {
     skillManager
   };
   const app = express();
+  app.use((_req, res, next) => {
+    res.setHeader(
+      "Content-Security-Policy",
+      [
+        "default-src 'self'",
+        "script-src 'self'",
+        "style-src 'self' 'unsafe-inline'",
+        "img-src 'self' data: blob:",
+        "font-src 'self' data:",
+        "connect-src 'self' ws: wss:",
+        "frame-ancestors 'none'",
+        "base-uri 'self'",
+        "form-action 'self'"
+      ].join("; ")
+    );
+    res.setHeader("X-Content-Type-Options", "nosniff");
+    res.setHeader("Referrer-Policy", "no-referrer");
+    res.setHeader("X-Frame-Options", "DENY");
+    res.setHeader("Permissions-Policy", "geolocation=(), microphone=(), camera=()");
+    next();
+  });
   const server = createServer(app);
   const WS_MAX_PAYLOAD = 1 * 1024 * 1024;
   const WS_MSG_RATE_PER_SEC = 30;
@@ -3551,7 +3604,7 @@ async function startWebServer(options = {}) {
     }
     const token = authManager.login(username, password);
     console.log(`   \u2713 User registered via API: ${username}${firstRun ? " (first-run)" : ""}`);
-    res.cookie("aicli_token", token, { httpOnly: true, sameSite: "strict", maxAge: 7 * 24 * 3600 * 1e3 });
+    res.cookie("aicli_token", token, { httpOnly: true, sameSite: "strict", maxAge: TOKEN_EXPIRY_MS });
     res.json({ success: true, username });
   });
   app.post("/api/auth/login", (req, res) => {
@@ -3565,7 +3618,7 @@ async function startWebServer(options = {}) {
       res.status(401).json({ error: "Invalid username or password" });
       return;
     }
-    res.cookie("aicli_token", token, { httpOnly: true, sameSite: "strict", maxAge: 7 * 24 * 3600 * 1e3 });
+    res.cookie("aicli_token", token, { httpOnly: true, sameSite: "strict", maxAge: TOKEN_EXPIRY_MS });
     res.json({ success: true, username });
   });
   app.post("/api/auth/logout", (_req, res) => {

package/dist/{task-orchestrator-KZISH5DT.js → task-orchestrator-24IGVXYP.js}

@@ -4,14 +4,14 @@ import {
   getDangerLevel,
   googleSearchContext,
   truncateOutput
-} from "./chunk-3GUNDGUV.js";
+} from "./chunk-TJGRPTJS.js";
 import "./chunk-3BICTI5M.js";
 import "./chunk-2DXY7UGF.js";
-import "./chunk-SIDKPVRD.js";
+import "./chunk-PEMNYHIS.js";
 import "./chunk-2ZD3YTVM.js";
 import {
   SUBAGENT_ALLOWED_TOOLS
-} from "./chunk-SRU5SYZI.js";
+} from "./chunk-OHUHYWBR.js";
 import "./chunk-4BKXL7SM.js";
 import "./chunk-7ZJN4KLV.js";
 import "./chunk-KHYD3WXE.js";