log-llm-config 1.3.96 → 1.4.4

package/dist/log_config_files/collection/claude_desktop_extensions_collector.js

@@ -19,6 +19,109 @@ function extensionsInstallationsPath(home) {
     const base = claudeAppSupportDir(home);
     return base ? join(base, 'extensions-installations.json') : '';
 }
+function claudeExtensionSettingsDir(home) {
+    const base = claudeAppSupportDir(home);
+    return base ? join(base, 'Claude Extensions Settings') : '';
+}
+/** Per-connector toggle: Claude Extensions Settings/<extension-id>.json → { isEnabled: boolean }. */
+function readClaudeDesktopExtensionEnableSettings(home) {
+    const settingsDir = claudeExtensionSettingsDir(home);
+    if (!settingsDir || !existsSync(settingsDir))
+        return new Map();
+    const out = new Map();
+    let entries;
+    try {
+        entries = readdirSync(settingsDir, { withFileTypes: true }).filter((d) => d.isFile());
+    }
+    catch {
+        return out;
+    }
+    for (const dirent of entries) {
+        if (!dirent.name.endsWith('.json'))
+            continue;
+        const extId = dirent.name.slice(0, -'.json'.length);
+        if (!extId)
+            continue;
+        const raw = readJSONFile(join(settingsDir, dirent.name));
+        if (!raw || typeof raw !== 'object')
+            continue;
+        const isEnabled = raw.isEnabled;
+        if (typeof isEnabled === 'boolean') {
+            out.set(extId, isEnabled);
+        }
+    }
+    return out;
+}
+function applyExtensionEnableSettingsToRawContent(rawContent, settings) {
+    if (settings.size === 0)
+        return 0;
+    const extensions = rawContent.extensions;
+    if (!extensions || typeof extensions !== 'object')
+        return 0;
+    let applied = 0;
+    for (const [extId, enabled] of settings) {
+        const ext = extensions[extId];
+        if (!ext || typeof ext !== 'object')
+            continue;
+        ext.isEnabled = enabled;
+        applied += 1;
+    }
+    return applied;
+}
+/**
+ * Upload each Claude Extensions Settings/*.json as its own config file (raw on-disk JSON).
+ * Do not merge isEnabled into extensions-installations.json — that mutates the payload
+ * vs the source file and creates spurious inventory audit diffs.
+ */
+function collectClaudeDesktopExtensionSettingsFiles(home = homedir()) {
+    const settingsDir = claudeExtensionSettingsDir(home);
+    if (!settingsDir || !existsSync(settingsDir))
+        return [];
+    let entries;
+    try {
+        entries = readdirSync(settingsDir, { withFileTypes: true }).filter((d) => d.isFile());
+    }
+    catch {
+        return [];
+    }
+    const results = [];
+    for (const dirent of entries) {
+        if (!dirent.name.endsWith('.json'))
+            continue;
+        const filePath = join(settingsDir, dirent.name);
+        const raw = readJSONFile(filePath);
+        if (!raw || typeof raw !== 'object')
+            continue;
+        results.push({
+            file_type: 'claude_extension_settings',
+            file_path: filePath,
+            raw_content: raw,
+        });
+    }
+    return results;
+}
+/**
+ * @deprecated Do not call during collection — mutates extensions-installations upload payloads.
+ * isEnabled is resolved server-side from claude_extension_settings uploads.
+ */
+function mergeClaudeDesktopExtensionEnableSettings(configFiles, home = homedir()) {
+    const settings = readClaudeDesktopExtensionEnableSettings(home);
+    if (settings.size === 0) {
+        return { applied: 0, settingsCount: 0 };
+    }
+    let applied = 0;
+    for (const entry of configFiles) {
+        if (entry.file_type !== 'claude_extensions_installations')
+            continue;
+        if (!entry.raw_content || typeof entry.raw_content !== 'object')
+            continue;
+        const extensions = entry.raw_content.extensions;
+        if (!extensions || typeof extensions !== 'object')
+            continue;
+        applied += applyExtensionEnableSettingsToRawContent(entry.raw_content, settings);
+    }
+    return { applied, settingsCount: settings.size };
+}
 function normalizePathForMatch(path) {
     return path.replace(/\\/g, '/');
 }
@@ -142,4 +245,4 @@ function collectClaudeDesktopExtensionManifests(home = homedir()) {
     }
     return results;
 }
-export { claudeAppSupportDir, claudeDesktopExtensionsDir, collectClaudeDesktopExtensionManifests, collectDiskOnlyClaudeDesktopExtensions, enrichClaudeDesktopExtensionsInstallationsUpload, };
+export { claudeAppSupportDir, claudeDesktopExtensionsDir, claudeExtensionSettingsDir, collectClaudeDesktopExtensionSettingsFiles, collectClaudeDesktopExtensionManifests, collectDiskOnlyClaudeDesktopExtensions, enrichClaudeDesktopExtensionsInstallationsUpload, mergeClaudeDesktopExtensionEnableSettings, readClaudeDesktopExtensionEnableSettings, };

package/dist/log_config_files/collection/config_collector.js

@@ -1,12 +1,54 @@
-import { existsSync, statSync } from 'node:fs';
+import { existsSync, readdirSync, statSync } from 'node:fs';
 import { homedir } from 'node:os';
 import { readJSONFile, readMCPConfig, readMarkdownFile, readInstalledExtensions } from '../readers/file_readers.js';
 import { getExtensionsCachePath, getExtensionsCacheInstalledSuffix, getVscdbPath } from '../paths/path_constants_helpers.js';
 import { resolvePatternToTargets, normalizePathSkipPrefixes } from '../paths/pattern_resolver.js';
 import { enrichRawFromRecipe } from './enrichment_helpers.js';
+import { applyCoworkSessionWhitelist } from './cowork_session_whitelist.js';
 import { collectDirectoryEntries, collectDirectoryMetadata } from './directory_collector.js';
 import { collectVscdbEntries } from '../readers/vscdb_config_builder.js';
 import { pushDerivedFilesFromRecipe } from './openclaw_helpers.js';
+import { collapseMetadataByFileType } from './metadata_merge.js';
+function withOpencodeEnvPatterns(patterns) {
+    const out = [...patterns];
+    const seen = new Set(out.map((p) => `${p.type}:${p.file_type}:${p.path}`));
+    const add = (pattern) => {
+        const key = `${pattern.type}:${pattern.file_type}:${pattern.path}`;
+        if (seen.has(key))
+            return;
+        seen.add(key);
+        out.push(pattern);
+    };
+    const envConfig = (process.env.OPENCODE_CONFIG || '').trim();
+    if (envConfig) {
+        add({
+            path: envConfig,
+            type: 'file',
+            file_type: 'opencode_mcp',
+            content_format: 'json',
+        });
+    }
+    const envDirRaw = (process.env.OPENCODE_CONFIG_DIR || '').trim();
+    if (!envDirRaw)
+        return out;
+    const envDir = envDirRaw.replace(/[\\/]+$/, '');
+    add({ path: `${envDir}/opencode.json`, type: 'file', file_type: 'opencode_mcp', content_format: 'json' });
+    add({ path: `${envDir}/opencode.jsonc`, type: 'file', file_type: 'opencode_mcp', content_format: 'json' });
+    add({ path: `${envDir}/command-hooks.json`, type: 'file', file_type: 'opencode_command_hooks', content_format: 'json' });
+    add({ path: `${envDir}/command-hooks.jsonc`, type: 'file', file_type: 'opencode_command_hooks', content_format: 'json' });
+    add({ path: `${envDir}/AGENTS.md`, type: 'file', file_type: 'opencode_rule', content_format: 'markdown' });
+    add({ path: `${envDir}/agents/`, type: 'dir', file_type: 'opencode_subagent', content_format: 'markdown', dir_glob: '*.md' });
+    add({ path: `${envDir}/commands/`, type: 'dir', file_type: 'opencode_command', content_format: 'markdown', dir_glob: '*.md' });
+    add({ path: `${envDir}/skills/`, type: 'dir', file_type: 'opencode_skill', content_format: 'markdown', dir_glob: '*.md' });
+    add({ path: `${envDir}/mcp-auth.json`, type: 'file', file_type: 'opencode_mcp_auth', content_format: 'json' });
+    add({ path: `${envDir}/managed.json`, type: 'file', file_type: 'opencode_managed_preference', content_format: 'json' });
+    add({ path: `${envDir}/package.json`, type: 'file', file_type: 'opencode_plugin_manifest', content_format: 'json' });
+    add({ path: `${envDir}/plugins/`, type: 'dir', file_type: 'opencode_plugin', content_format: 'text', dir_glob: '*' });
+    add({ path: `${envDir}/plugin/`, type: 'dir', file_type: 'opencode_plugin', content_format: 'text', dir_glob: '*' });
+    add({ path: `${envDir}/plugins/*/package.json`, type: 'file', file_type: 'opencode_plugin_manifest', content_format: 'json' });
+    add({ path: `${envDir}/plugin/*/package.json`, type: 'file', file_type: 'opencode_plugin_manifest', content_format: 'json' });
+    return out;
+}
 function buildCollectionContext(patterns, projectRoot, home, homeRecurseSkipDirs = [], absolutePathPrefixes = [], mcpToolGlobSpec = null, clientPathConstants = null, pathResolutionSpecs = null) {
     const seenPaths = new Set();
     const targets = [];
@@ -68,11 +110,28 @@ function collectRegularFileEntry(t, enrichByFileType) {
     const recipe = enrichByFileType[t.file_type];
     if (recipe)
         enrichRawFromRecipe(raw, recipe);
+    // Cowork session metadata: reduce to the PII whitelist (hash identity, drop
+    // server URLs, keep only the activity-signal keys) BEFORE it leaves the
+    // device. Drop the entry entirely if nothing whitelisted survives so raw
+    // session content can never be emitted (e.g. on a JSON parse failure).
+    if (t.file_type === 'cowork_session_metadata') {
+        const filtered = applyCoworkSessionWhitelist(raw);
+        if (filtered === null)
+            return null;
+        raw = filtered;
+    }
     return { file_type: t.file_type, file_path: t.logicalFilePath ?? t.path, raw_content: raw };
 }
 function collectMetadataEntry(t) {
     try {
         const stats = statSync(t.path);
+        if (stats.isDirectory?.()) {
+            try {
+                if (readdirSync(t.path).length === 0)
+                    return null;
+            }
+            catch { /* unreadable — assume non-empty, allow */ }
+        }
         return { file_type: t.file_type, file_path: t.logicalFilePath ?? t.path, raw_content: { filename: t.path, last_modified: stats.mtime.toISOString(), source: 'file_metadata' }, collect_style: 'metadata' };
     }
     catch (err) {
@@ -98,7 +157,8 @@ function collectConfigFilesFromPatterns(patterns, projectRoot, onProgress, optio
     const vscdbPath = getVscdbPath(home, pathConstants);
     const extensionsCachePath = getExtensionsCachePath(home, pathConstants);
     const extensionsInstalledSuffix = getExtensionsCacheInstalledSuffix(pathConstants);
-    const { targets, enrichByFileType, metadataOnlyFileTypes } = buildCollectionContext(patterns, projectRoot, home, options?.home_recurse_skip_dirs ?? [], options?.absolute_path_prefixes ?? [], options?.mcp_tool_glob_spec ?? null, pathConstants, options?.path_resolution_specs ?? null);
+    const effectivePatterns = withOpencodeEnvPatterns(patterns);
+    const { targets, enrichByFileType, metadataOnlyFileTypes } = buildCollectionContext(effectivePatterns, projectRoot, home, options?.home_recurse_skip_dirs ?? [], options?.absolute_path_prefixes ?? [], options?.mcp_tool_glob_spec ?? null, pathConstants, options?.path_resolution_specs ?? null);
     const configFiles = [];
     const handledSpecialPaths = new Set();
     const loggedFileTypes = new Set();
@@ -148,14 +208,14 @@ function collectConfigFilesFromPatterns(patterns, projectRoot, onProgress, optio
                 pushDerivedFilesFromRecipe(entry.raw_content, configFiles, recipe);
         }
     }
-    return configFiles;
+    return collapseMetadataByFileType(configFiles);
 }
 // ─── Re-exports (barrel for public API) ──────────────────────────────────────
 export { collectConfigFilesFromPatterns };
 export { collectMcpToolFiles } from './mcp_tool_collector.js';
 export { collectConfigFilesFromInstalledPlugins, collectPluginCacheMcpFiles } from './plugin_collector.js';
 export { collectMcpFromClaudeJsonProjects } from './claude_known_projects_collector.js';
-export { collectClaudeDesktopExtensionManifests, enrichClaudeDesktopExtensionsInstallationsUpload, } from './claude_desktop_extensions_collector.js';
+export { collectClaudeDesktopExtensionManifests, collectClaudeDesktopExtensionSettingsFiles, enrichClaudeDesktopExtensionsInstallationsUpload, mergeClaudeDesktopExtensionEnableSettings, } from './claude_desktop_extensions_collector.js';
 export { collectCursorProjectWorkspaceMcpConfigs } from './cursor_project_mcp_collector.js';
 export { determineFileTypeFromPath } from './file_type_rules.js';
 export { enrichRawFromRecipe } from './enrichment_helpers.js';

package/dist/log_config_files/collection/cowork_session_whitelist.js

@@ -0,0 +1,89 @@
+/**
+ * PII boundary for Cowork session metadata (`local_<sessionId>.json`).
+ *
+ * Each Cowork session file carries ~47 KB of system prompt plus the user's
+ * conversation seed, selected folders, etc. We only need a small activity
+ * signal (which MCP servers were connected, recency, archived state). This
+ * reduces a parsed session object to a whitelist of top-level keys BEFORE it
+ * leaves the device — minimum-egress, matching DeepSecurityAndPrivacyEnhancer.
+ *
+ *   - Only the keys in ALLOWED_KEYS survive; everything else is dropped.
+ *   - `accountName` / `emailAddress` are sha256-hashed (cross-session joins
+ *     without storing raw identity).
+ *   - `remoteMcpServersConfig[]` keeps `{name, uuid, tools}` only; `url` is
+ *     dropped (remote-MCP endpoint URLs can embed workspace ids / tokens).
+ *
+ * The sibling `local_<sessionId>/` directory (audit.jsonl, outputs/, uploads/)
+ * is never collected — see the collection glob in agents/cowork.py. Server-side
+ * ingest re-validates the shape and rejects any denied key as defense in depth.
+ *
+ * See design_notes/Phase0_5CoworkActivityEvidence.md.
+ */
+import crypto from 'node:crypto';
+export const COWORK_SESSION_ALLOWED_KEYS = [
+    'sessionId',
+    'accountName', // hashed
+    'emailAddress', // hashed
+    'model',
+    'createdAt',
+    'lastActivityAt',
+    'isArchived',
+    'pluginsEnabled',
+    'skillsEnabled',
+    'memoryEnabled',
+    'hostLoopMode',
+    'cwd',
+    'enabledMcpTools', // dict "<serverUUID>:<tool>" -> bool
+    'remoteMcpServersConfig', // list of {name, uuid, tools} (url dropped)
+];
+const HASHED_KEYS = new Set(['accountName', 'emailAddress']);
+const REMOTE_SERVER_KEEP = ['name', 'uuid', 'tools'];
+function sha256Hex(value) {
+    return crypto.createHash('sha256').update(String(value)).digest('hex');
+}
+function sanitizeRemoteServers(value) {
+    if (!Array.isArray(value))
+        return [];
+    const out = [];
+    for (const entry of value) {
+        // Drop any non-object entry: a malformed/tampered remoteMcpServersConfig
+        // could carry a raw string (e.g. "https://…?token=…") that would otherwise
+        // survive the whitelist. Only keep whitelisted keys of well-formed objects.
+        if (entry === null || typeof entry !== 'object' || Array.isArray(entry))
+            continue;
+        const e = entry;
+        const kept = {};
+        for (const k of REMOTE_SERVER_KEEP) {
+            if (k in e)
+                kept[k] = e[k];
+        }
+        out.push(kept);
+    }
+    return out;
+}
+/**
+ * Reduce a parsed Cowork session object to the whitelisted, hashed shape.
+ * Returns `null` when nothing survives (e.g. a non-object or a file that
+ * failed to parse to the expected shape) so the caller can drop the entry
+ * rather than emit an empty row — and, critically, never emit raw content.
+ */
+export function applyCoworkSessionWhitelist(raw) {
+    if (raw === null || raw === undefined || typeof raw !== 'object')
+        return null;
+    const out = {};
+    for (const key of COWORK_SESSION_ALLOWED_KEYS) {
+        if (!(key in raw))
+            continue;
+        if (HASHED_KEYS.has(key)) {
+            const v = raw[key];
+            out[key] = v === null || v === undefined || v === '' ? '' : sha256Hex(v);
+        }
+        else if (key === 'remoteMcpServersConfig') {
+            out[key] = sanitizeRemoteServers(raw[key]);
+        }
+        else {
+            out[key] = raw[key];
+        }
+    }
+    return Object.keys(out).length > 0 ? out : null;
+}

package/dist/log_config_files/collection/cursor_project_mcp_collector.js

@@ -105,10 +105,45 @@ function isEphemeralCursorProjectDir(name) {
 function isInternalCursorWorkspaceSlug(slug) {
     return normalizeSlugPart(slug) === 'empty-window';
 }
+function readMcpToolCache(projectPath) {
+    const cachePath = join(projectPath, 'mcp-cache.json');
+    if (!existsSync(cachePath))
+        return null;
+    const cache = readJSONFile(cachePath);
+    if (cache && typeof cache === 'object' && !Array.isArray(cache)) {
+        return cache;
+    }
+    return null;
+}
+/** Tool schemas from mcp-cache.json for a connected mcps/ server (never creates inventory rows). */
+function cursorMcpCacheToolsForServer(cache, label, serverDirName) {
+    if (!cache)
+        return undefined;
+    const aliases = new Set();
+    const addAlias = (s) => {
+        const t = s.trim();
+        if (t)
+            aliases.add(t.toLowerCase());
+    };
+    addAlias(label);
+    addAlias(serverDirName);
+    if (serverDirName.startsWith('user-'))
+        addAlias(serverDirName.slice('user-'.length));
+    else
+        addAlias(`user-${label}`);
+    for (const [key, val] of Object.entries(cache)) {
+        if (!key.trim() || !aliases.has(key.trim().toLowerCase()))
+            continue;
+        if (val && typeof val === 'object' && Array.isArray(val.tools)) {
+            return val.tools;
+        }
+    }
+    return undefined;
+}
 /**
  * Cursor stores per-workspace MCP state under ~/.cursor/projects/<slug>/ (mcp-cache.json, mcps/*).
  * This is not the repo file at <repo>/.cursor/mcp.json. Upload one mcp_config per slug with
- * normalized mcpServers for inventory plus cursor_workspace metadata for scope display.
+ * mcpServers from mcps/ only; mcp-cache.json supplies supplementary tool schemas when names match.
  */
 function collectCursorProjectWorkspaceMcpConfigs(pathSkipPrefixes = [], constants, workspaceVscdbSpec, home = homedir()) {
     const skipPrefixes = normalizePathSkipPrefixes(pathSkipPrefixes);
@@ -136,18 +171,7 @@ function collectCursorProjectWorkspaceMcpConfigs(pathSkipPrefixes = [], constant
             continue;
         const mcpServers = {};
         const cachePath = join(projectPath, 'mcp-cache.json');
-        if (existsSync(cachePath)) {
-            const cache = readJSONFile(cachePath);
-            if (cache && typeof cache === 'object' && !Array.isArray(cache)) {
-                for (const [name, val] of Object.entries(cache)) {
-                    if (!name.trim())
-                        continue;
-                    if (val && typeof val === 'object' && Array.isArray(val.tools)) {
-                        mcpServers[name] = { cursor_source: 'mcp-cache.json' };
-                    }
-                }
-            }
-        }
+        const mcpToolCache = readMcpToolCache(projectPath);
         const mcpsPath = join(projectPath, 'mcps');
         if (existsSync(mcpsPath)) {
             try {
@@ -158,12 +182,17 @@ function collectCursorProjectWorkspaceMcpConfigs(pathSkipPrefixes = [], constant
                     const label = mcpServerLabelFromMcpsDir(serverDir.name, metaObj);
                     if (!label)
                         continue;
-                    if (!(label in mcpServers)) {
-                        mcpServers[label] = {
-                            cursor_source: 'mcps',
-                            server_identifier: serverDir.name,
-                        };
+                    if (label in mcpServers)
+                        continue;
+                    const entry = {
+                        cursor_source: 'mcps',
+                        server_identifier: serverDir.name,
+                    };
+                    const cacheTools = cursorMcpCacheToolsForServer(mcpToolCache, label, serverDir.name);
+                    if (cacheTools !== undefined) {
+                        entry.cursor_mcp_cache_tools = cacheTools;
                     }
+                    mcpServers[label] = entry;
                 }
             }
             catch {

package/dist/log_config_files/collection/directory_collector.js

@@ -57,6 +57,8 @@ function matchesDirGlob(name, glob) {
     // **/*.jsonl → match any extension suffix after **/
     if (glob.startsWith('**/')) {
         const suffix = glob.slice(3);
+        if (suffix === '*' || suffix === '**')
+            return true;
         if (suffix.startsWith('*.'))
             return name.endsWith(suffix.slice(1));
         return name === suffix;

package/dist/log_config_files/collection/metadata_merge.js

@@ -0,0 +1,43 @@
+/** When several install/log paths exist for one agent, keep a single metadata row (newest mtime). */
+const METADATA_COLLAPSE_BY_FILE_TYPE = new Set(['opencode_presence', 'opencode_log']);
+function metadataLastModifiedMs(entry) {
+    const raw = entry.raw_content;
+    if (!raw || typeof raw !== 'object')
+        return 0;
+    const lm = raw.last_modified;
+    if (typeof lm !== 'string')
+        return 0;
+    const ms = Date.parse(lm);
+    return Number.isFinite(ms) ? ms : 0;
+}
+/**
+ * Collapse multiple metadata uploads of the same file_type to one row: highest last_modified wins.
+ */
+function collapseMetadataByFileType(files) {
+    const passthrough = [];
+    const groups = new Map();
+    for (const f of files) {
+        if (f.collect_style === 'metadata' && METADATA_COLLAPSE_BY_FILE_TYPE.has(f.file_type)) {
+            const list = groups.get(f.file_type) ?? [];
+            list.push(f);
+            groups.set(f.file_type, list);
+        }
+        else {
+            passthrough.push(f);
+        }
+    }
+    const merged = [...passthrough];
+    for (const [, list] of groups) {
+        if (list.length === 0)
+            continue;
+        let best = list[0];
+        for (let i = 1; i < list.length; i++) {
+            if (metadataLastModifiedMs(list[i]) > metadataLastModifiedMs(best)) {
+                best = list[i];
+            }
+        }
+        merged.push(best);
+    }
+    return merged;
+}
+export { collapseMetadataByFileType, METADATA_COLLAPSE_BY_FILE_TYPE };

package/dist/log_config_files/collection/skills_cli_collector.js

@@ -0,0 +1,98 @@
+import { execFileSync } from 'node:child_process';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+export const SKILLS_CLI_FILE_TYPE = 'skills_cli_installed';
+export const SKILLS_CLI_INSTALLED_PATH = join(homedir(), '.agents', '.skills-cli-installed.json');
+/** Override the skills package spec, e.g. `skills@1.5.10`. Default uses whatever is on the machine. */
+export const SKILLS_CLI_NPX_PACKAGE_ENV = 'SKILLS_CLI_NPX_PACKAGE';
+const LIST_TIMEOUT_MS = 120_000;
+function listExecEnv() {
+    return {
+        ...process.env,
+        DISABLE_TELEMETRY: process.env.DISABLE_TELEMETRY ?? '1',
+    };
+}
+function npxPackageSpec() {
+    const fromEnv = (process.env[SKILLS_CLI_NPX_PACKAGE_ENV] || '').trim();
+    return fromEnv || 'skills';
+}
+export function runSkillsListJson(args, cwd) {
+    const out = execFileSync('npx', [npxPackageSpec(), 'list', ...args, '--json'], {
+        encoding: 'utf8',
+        cwd,
+        timeout: LIST_TIMEOUT_MS,
+        env: listExecEnv(),
+    });
+    const trimmed = out.trim();
+    if (!trimmed)
+        return [];
+    const parsed = JSON.parse(trimmed);
+    if (!Array.isArray(parsed))
+        return [];
+    return parsed;
+}
+function normalizeListRows(rows, scope) {
+    const out = [];
+    for (const row of rows) {
+        const name = (row.name || '').trim();
+        const path = (row.path || '').trim();
+        if (!name || !path)
+            continue;
+        const agents = Array.isArray(row.agents)
+            ? row.agents.map((a) => String(a).trim()).filter(Boolean)
+            : [];
+        out.push({
+            name,
+            path,
+            scope: (row.scope || scope).trim() || scope,
+            agents,
+        });
+    }
+    return out;
+}
+/** One-line-per-scope summary for hook_request.log (matches `skills list --json`). */
+export function formatSkillsListScopeForHookLog(scopeLabel, entries) {
+    if (entries.length === 0) {
+        return `skills_cli list ${scopeLabel}: 0 skill(s)`;
+    }
+    const detail = entries
+        .map((e) => `${e.name}@${e.path} agents=${e.agents.length ? e.agents.join(',') : 'none'}`)
+        .join(' | ');
+    return `skills_cli list ${scopeLabel}: ${entries.length} skill(s) — ${detail}`;
+}
+export function collectSkillsCliInstalled(projectRoot, log) {
+    const logLine = (message) => {
+        log?.(message);
+    };
+    try {
+        const packageSpec = npxPackageSpec();
+        logLine(`skills_cli: npx ${packageSpec} — list -g --json && list --json (projectRoot=${projectRoot})`);
+        const globalRows = runSkillsListJson(['-g'], projectRoot);
+        const projectRows = runSkillsListJson([], projectRoot);
+        const global = normalizeListRows(globalRows, 'global');
+        const project = normalizeListRows(projectRows, 'project');
+        logLine(formatSkillsListScopeForHookLog('-g', global));
+        logLine(formatSkillsListScopeForHookLog('project', project));
+        const payload = {
+            version: 1,
+            skills_cli_version: packageSpec,
+            generated_at: new Date().toISOString(),
+            global,
+            project,
+        };
+        if (payload.global.length === 0 && payload.project.length === 0) {
+            logLine('skills_cli_installed: not uploaded (no global or project skills)');
+            return null;
+        }
+        logLine(`skills_cli_installed: upload ${SKILLS_CLI_INSTALLED_PATH} global=${global.length} project=${project.length}`);
+        return {
+            file_type: SKILLS_CLI_FILE_TYPE,
+            file_path: SKILLS_CLI_INSTALLED_PATH,
+            raw_content: payload,
+        };
+    }
+    catch (err) {
+        logLine(`skills_cli: list --json failed: ${err instanceof Error ? err.message : String(err)}`);
+        return null;
+    }
+}

package/dist/log_config_files/paths/pattern_resolver.js

@@ -8,6 +8,20 @@ function normalizePathSkipPrefixes(prefixes) {
         return [];
     return prefixes.filter((p) => typeof p === 'string' && p.length > 0);
 }
+/**
+ * Expands glob patterns containing double-asterisk (recursive directory traversal).
+ *
+ * Example: ~/.cursor/plugins/cache/ ** /skills/ recursively finds all skills
+ * directories under the cache folder, up to RECURSIVE_GLOB_MAX_DEPTH.
+ *
+ * @param pathPattern - Glob pattern with double-asterisk for recursive descent
+ * @param fileType - File type classification for collected targets
+ * @param home - User home directory path
+ * @param contentFormat - Optional content format hint
+ * @param dirGlob - Optional directory glob pattern
+ * @param homeRecurseSkipDirs - Directory names to skip when recursing from home
+ * @returns Array of collection targets matching the pattern
+ */
 function expandRecursiveGlobPathPattern(pathPattern, fileType, home, contentFormat, dirGlob, homeRecurseSkipDirs = []) {
     const norm = pathPattern.replace(/\\/g, '/');
     const doubleStarIndex = norm.indexOf('**');
@@ -25,7 +39,9 @@ function expandRecursiveGlobPathPattern(pathPattern, fileType, home, contentForm
         return [];
     }
     const targets = [];
-    const parts = after.split('/');
+    const parts = after.split('/').filter((s) => s.length > 0);
+    if (parts.length === 0)
+        return [];
     const dirName = parts[0];
     const fileName = parts.length > 1 ? parts[parts.length - 1] : null;
     const skipSet = homeRecurseSkipDirs.length ? new Set(homeRecurseSkipDirs) : new Set();
@@ -41,8 +57,21 @@ function expandRecursiveGlobPathPattern(pathPattern, fileType, home, contentForm
                     continue;
                 if (entry.name === dirName) {
                     const filePath = parts.length === 1 ? full : join(full, ...parts.slice(1));
-                    if (fileName && existsSync(filePath))
+                    if (parts.length === 1) {
+                        // e.g. ~/.cursor/plugins/cache/**/skills/ — collect each matched skills/ tree as a directory target
+                        if (existsSync(filePath)) {
+                            targets.push({
+                                path: filePath,
+                                file_type: fileType,
+                                isDirectory: true,
+                                content_format: contentFormat,
+                                dir_glob: dirGlob,
+                            });
+                        }
+                    }
+                    else if (fileName && existsSync(filePath)) {
                         targets.push({ path: filePath, file_type: fileType, content_format: contentFormat });
+                    }
                 }
                 walk(full, depth + 1, false);
             }
@@ -52,26 +81,43 @@ function expandRecursiveGlobPathPattern(pathPattern, fileType, home, contentForm
     walk(basePath, 0, true);
     return targets;
 }
+/**
+ * Expands glob patterns with asterisk wildcards (non-recursive) into concrete file or directory paths.
+ *
+ * Supports multi-segment wildcards (e.g., star-slash-star-slash patterns).
+ *
+ * **Key behavior:** On the final segment of a file pattern (not ending in slash), wildcards match
+ * files; earlier segments—and directory patterns—match directories only. This allows filename
+ * patterns like local_STAR.json to correctly resolve files rather than directories.
+ *
+ * Examples:
+ * - Pattern ending with a literal filename matches that file in wildcard directories
+ * - Pattern ending with prefix_STAR.ext matches files with that prefix and extension
+ * - Pattern ending with slash matches only directories
+ *
+ * @param pathPattern - Glob pattern (may not contain double-asterisk; use expandRecursiveGlobPathPattern for that)
+ * @param fileType - File type classification for collected targets
+ * @param home - User home directory path
+ * @param projectRoot - Project root directory path
+ * @param contentFormat - Optional content format hint
+ * @param dirGlob - Optional directory glob pattern
+ * @param absolutePathPrefixes - Allowed absolute path prefixes
+ * @returns Array of collection targets matching the pattern
+ */
 function expandGlobPathPattern(pathPattern, fileType, home, projectRoot, contentFormat, dirGlob, absolutePathPrefixes = []) {
     const norm = pathPattern.replace(/\\/g, '/');
-    const targets = [];
-    const asteriskIndex = norm.indexOf('*');
-    if (asteriskIndex === -1)
-        return targets;
+    if (!norm.includes('*'))
+        return [];
+    // `**` is the recursive-glob sigil handled by expandRecursiveGlobPathPattern.
+    if (norm.includes('**'))
+        return [];
     const isDir = norm.endsWith('/');
-    const [before, after] = norm.split('*');
-    const afterNorm = after.replace(/^\/+/, '');
-    // If `before` doesn't end with '/', the * is mid-segment (e.g. "extensions/saoudrizwan.claude-dev*/" →
-    // parent="extensions/", namePrefix="saoudrizwan.claude-dev"). Split on last '/' to get the real base dir.
-    let parentPart = before.replace(/\/+$/, '');
-    let namePrefix = '';
-    if (!before.endsWith('/')) {
-        const lastSlash = parentPart.lastIndexOf('/');
-        if (lastSlash !== -1) {
-            namePrefix = parentPart.slice(lastSlash + 1);
-            parentPart = parentPart.slice(0, lastSlash);
-        }
-    }
+    // Resolve the literal prefix that ends before the first wildcard segment.
+    const firstStarIndex = norm.indexOf('*');
+    const lastSlashBeforeStar = norm.lastIndexOf('/', firstStarIndex);
+    if (lastSlashBeforeStar === -1)
+        return [];
+    const parentPart = norm.slice(0, lastSlashBeforeStar);
     let basePath;
     if (parentPart.startsWith('~/')) {
         basePath = join(home, parentPart.slice(2));
@@ -83,20 +129,65 @@ function expandGlobPathPattern(pathPattern, fileType, home, projectRoot, content
         basePath = join(projectRoot, parentPart.startsWith('/') ? parentPart.slice(1) : parentPart);
     }
     if (!existsSync(basePath))
-        return targets;
-    try {
-        for (const entry of readdirSync(basePath, { withFileTypes: true })) {
-            if (!entry.isDirectory())
-                continue;
-            if (namePrefix && !entry.name.startsWith(namePrefix))
-                continue;
-            const resolvedPath = join(basePath, entry.name, afterNorm);
-            if (!existsSync(resolvedPath))
-                continue;
-            targets.push({ path: resolvedPath, file_type: fileType, isDirectory: isDir, dir_glob: dirGlob, content_format: contentFormat });
+        return [];
+    // Walk remaining segments. Each segment may be a bare wildcard '*' (matches
+    // any single directory), a prefix/suffix wildcard like 'foo*' or 'foo*bar',
+    // or a literal name. Recursion correctly handles multi-wildcard patterns
+    // such as ``*/*/cowork_plugins/marketplaces/*/.claude-plugin/marketplace.json``
+    // — the prior single-split implementation only expanded the first wildcard
+    // and silently pushed a partial directory path as the target, which then
+    // surfaced as EISDIR when downstream collectors tried to read it as a file.
+    const remaining = norm.slice(lastSlashBeforeStar + 1);
+    const segments = remaining.split('/').filter((s) => s !== '');
+    const targets = [];
+    function recurse(currentPath, segIdx) {
+        if (segIdx === segments.length) {
+            if (!existsSync(currentPath))
+                return;
+            targets.push({ path: currentPath, file_type: fileType, isDirectory: isDir, dir_glob: dirGlob, content_format: contentFormat });
+            return;
+        }
+        const seg = segments[segIdx];
+        // On the final segment of a file pattern (not ending in `/`) wildcards
+        // match files; earlier segments — and dir patterns — match directories.
+        const wantFile = segIdx === segments.length - 1 && !isDir;
+        const entryMatches = (entry) => wantFile ? entry.isFile() : entry.isDirectory();
+        if (seg === '*') {
+            if (!existsSync(currentPath))
+                return;
+            try {
+                for (const entry of readdirSync(currentPath, { withFileTypes: true })) {
+                    if (!entryMatches(entry))
+                        continue;
+                    recurse(join(currentPath, entry.name), segIdx + 1);
+                }
+            }
+            catch { /* ignore read errors */ }
+        }
+        else if (seg.includes('*')) {
+            const wildcardIdx = seg.indexOf('*');
+            const prefix = seg.slice(0, wildcardIdx);
+            const suffix = seg.slice(wildcardIdx + 1);
+            if (!existsSync(currentPath))
+                return;
+            try {
+                for (const entry of readdirSync(currentPath, { withFileTypes: true })) {
+                    if (!entryMatches(entry))
+                        continue;
+                    if (prefix && !entry.name.startsWith(prefix))
+                        continue;
+                    if (suffix && !entry.name.endsWith(suffix))
+                        continue;
+                    recurse(join(currentPath, entry.name), segIdx + 1);
+                }
+            }
+            catch { /* ignore read errors */ }
+        }
+        else {
+            recurse(join(currentPath, seg), segIdx + 1);
         }
     }
-    catch { /* ignore read errors */ }
+    recurse(basePath, 0);
     return targets;
 }
 /**

package/dist/log_config_files/readers/file_readers.js

@@ -1,10 +1,120 @@
 import { existsSync, readFileSync } from 'node:fs';
+function stripJsoncComments(input) {
+    let out = '';
+    let inString = false;
+    let quote = '';
+    let escaped = false;
+    let inLineComment = false;
+    let inBlockComment = false;
+    for (let i = 0; i < input.length; i += 1) {
+        const ch = input[i];
+        const next = i + 1 < input.length ? input[i + 1] : '';
+        if (inLineComment) {
+            if (ch === '\n') {
+                inLineComment = false;
+                out += ch;
+            }
+            continue;
+        }
+        if (inBlockComment) {
+            if (ch === '*' && next === '/') {
+                inBlockComment = false;
+                i += 1;
+            }
+            continue;
+        }
+        if (inString) {
+            out += ch;
+            if (escaped) {
+                escaped = false;
+            }
+            else if (ch === '\\') {
+                escaped = true;
+            }
+            else if (ch === quote) {
+                inString = false;
+                quote = '';
+            }
+            continue;
+        }
+        if (ch === '"' || ch === "'") {
+            inString = true;
+            quote = ch;
+            out += ch;
+            continue;
+        }
+        if (ch === '/' && next === '/') {
+            inLineComment = true;
+            i += 1;
+            continue;
+        }
+        if (ch === '/' && next === '*') {
+            inBlockComment = true;
+            i += 1;
+            continue;
+        }
+        out += ch;
+    }
+    return out;
+}
+function stripTrailingCommas(input) {
+    let out = '';
+    let inString = false;
+    let quote = '';
+    let escaped = false;
+    for (let i = 0; i < input.length; i += 1) {
+        const ch = input[i];
+        if (inString) {
+            out += ch;
+            if (escaped) {
+                escaped = false;
+            }
+            else if (ch === '\\') {
+                escaped = true;
+            }
+            else if (ch === quote) {
+                inString = false;
+                quote = '';
+            }
+            continue;
+        }
+        if (ch === '"' || ch === "'") {
+            inString = true;
+            quote = ch;
+            out += ch;
+            continue;
+        }
+        if (ch === ',') {
+            let j = i + 1;
+            while (j < input.length && /\s/.test(input[j]))
+                j += 1;
+            if (j < input.length && (input[j] === '}' || input[j] === ']'))
+                continue;
+        }
+        out += ch;
+    }
+    return out;
+}
+function parseJsonWithJsoncFallback(raw) {
+    try {
+        return JSON.parse(raw);
+    }
+    catch {
+        try {
+            const sanitized = stripTrailingCommas(stripJsoncComments(raw));
+            return JSON.parse(sanitized);
+        }
+        catch {
+            return null;
+        }
+    }
+}
 /** Read and parse an MCP config file. Returns null on any error. */
 function readMCPConfig(filePath) {
     try {
         if (!existsSync(filePath))
             return null;
-        return JSON.parse(readFileSync(filePath, 'utf-8'));
+        return parseJsonWithJsoncFallback(readFileSync(filePath, 'utf-8'));
     }
     catch (error) {
         console.error(`Error reading ${filePath}:`, error instanceof Error ? error.message : String(error));
@@ -16,7 +126,7 @@ function readJSONFile(filePath) {
     try {
         if (!existsSync(filePath))
             return null;
-        return JSON.parse(readFileSync(filePath, 'utf-8'));
+        return parseJsonWithJsoncFallback(readFileSync(filePath, 'utf-8'));
     }
     catch (error) {
         if (error.code === 'EACCES' || error.code === 'EPERM') {

package/dist/log_config_files/runtime/compliance_check.js

@@ -41,6 +41,10 @@ export function normalizeAgentToken(raw) {
         return 'cursor';
     if (s === 'copilot')
         return 'copilot';
+    if (s === 'opencode')
+        return 'opencode';
+    if (s === 'codex')
+        return 'codex';
     return '';
 }
 function currentAgentFromEnv() {
@@ -48,12 +52,16 @@ function currentAgentFromEnv() {
     const override = normalizeAgentToken(process.env.OPTIMUS_AGENT);
     if (override)
         return override;
-    // Backwards-compatible: hook wrappers set OPTIMUS_HOOK_TYPE to cursor|claude|copilot.
+    // Backwards-compatible: hook wrappers set OPTIMUS_HOOK_TYPE to cursor|claude|copilot|opencode.
     const hookType = normalizeAgentToken(process.env.OPTIMUS_HOOK_TYPE);
     if (hookType === 'cursor')
         return 'cursor';
     if (hookType === 'copilot')
         return 'copilot';
+    if (hookType === 'opencode')
+        return 'opencode';
+    if (hookType === 'codex')
+        return 'codex';
     return 'claude';
 }
 function targetsCurrentAgent(entry, agent) {

package/dist/log_config_files/runtime/hook_type_for_request.js

@@ -0,0 +1,30 @@
+function normalizeToken(raw) {
+    if (!raw?.trim())
+        return '';
+    const s = raw.trim().toLowerCase().replace(/-/g, '_');
+    if (s === 'claude_desktop')
+        return 'claude';
+    if (s === 'github_copilot')
+        return 'copilot';
+    if (s === 'cursor' || s === 'claude' || s === 'copilot' || s === 'opencode' || s === 'codex')
+        return s;
+    // Legacy hooks set OPTIMUS_AGENT=Cursor (display casing)
+    if (raw.trim() === 'Cursor')
+        return 'cursor';
+    return s;
+}
+/** Resolve hook_request.hook_type from hook wrapper env (OPTIMUS_HOOK_TYPE, then OPTIMUS_AGENT). */
+export function resolveHookTypeFromEnv(env = process.env) {
+    const fromHook = normalizeToken(env.OPTIMUS_HOOK_TYPE);
+    const fromAgent = normalizeToken(env.OPTIMUS_AGENT);
+    const token = fromHook || fromAgent || 'claude';
+    if (token === 'cursor')
+        return 'cursor';
+    if (token === 'copilot')
+        return 'copilot';
+    if (token === 'opencode')
+        return 'opencode';
+    if (token === 'codex')
+        return 'codex';
+    return 'claude';
+}

package/dist/log_config_files/runtime/main_runner.js

@@ -7,12 +7,14 @@ import { OPT_AI_SEC_MANAGEMENT_REL } from '../../bootstrap_constants.js';
 import { runSensitivePathsAudit } from '../../log_sensitive_paths_audit.js';
 import { loadEndpointBase, getEndpointSource } from '../sender/endpoint_config.js';
 import { hookLogReplace, hookRunLog } from './hook_logger.js';
+import { resolveHookTypeFromEnv } from './hook_type_for_request.js';
 import { resolveHardwareUuid } from './hardware_uuid.js';
 import { ensureAuthentication } from '../auth/auth_flow.js';
 import { readJSONFile, readMarkdownFile } from '../readers/file_readers.js';
 import { isVscdbVirtualPath, tryReadVscdbVirtualFile, summarizeComposerPayloadForDiagnostics, } from '../readers/vscdb_config_builder.js';
 import { persistVscdbComposerContractFromPatternsResponse } from '../readers/vscdb_reader.js';
-import { collectConfigFilesFromPatterns, collectMcpToolFiles, collectConfigFilesFromInstalledPlugins, collectPluginCacheMcpFiles, collectMcpFromClaudeJsonProjects, collectClaudeDesktopExtensionManifests, enrichClaudeDesktopExtensionsInstallationsUpload, determineFileTypeFromPath, } from '../collection/config_collector.js';
+import { collectConfigFilesFromPatterns, collectMcpToolFiles, collectConfigFilesFromInstalledPlugins, collectPluginCacheMcpFiles, collectMcpFromClaudeJsonProjects, collectClaudeDesktopExtensionManifests, collectClaudeDesktopExtensionSettingsFiles, enrichClaudeDesktopExtensionsInstallationsUpload, determineFileTypeFromPath, } from '../collection/config_collector.js';
+import { collectSkillsCliInstalled } from '../collection/skills_cli_collector.js';
 import { collectWorkspaceVscdbs } from '../collection/mcp_tool_collector.js';
 import { collectCursorProjectWorkspaceMcpConfigs } from '../collection/cursor_project_mcp_collector.js';
 import { normalizePathSkipPrefixes } from '../paths/pattern_resolver.js';
@@ -97,6 +99,13 @@ async function collectAllConfigFiles(endpointBase) {
     hookRunLog(`merging disk-only Claude Desktop extensions into extensions-installations.json`);
     const diskExtMerge = enrichClaudeDesktopExtensionsInstallationsUpload(configFiles, HOME_DIR);
     hookRunLog(`claude desktop extensions: merged=${diskExtMerge.mergedCount} had_registry_upload=${diskExtMerge.hadRegistryUpload}`);
+    for (const entry of collectClaudeDesktopExtensionSettingsFiles(HOME_DIR)) {
+        const key = `${entry.file_type}\t${entry.file_path}`;
+        if (!existingPaths.has(key)) {
+            existingPaths.add(key);
+            configFiles.push(entry);
+        }
+    }
     if (!diskExtMerge.hadRegistryUpload && diskExtMerge.mergedCount > 0) {
         hookRunLog(`scanning Claude Desktop extension manifests on disk (no registry upload in batch)`);
         for (const entry of collectClaudeDesktopExtensionManifests(HOME_DIR)) {
@@ -107,6 +116,14 @@ async function collectAllConfigFiles(endpointBase) {
             }
         }
     }
+    const skillsCliEntry = collectSkillsCliInstalled(PROJECT_ROOT, hookRunLog);
+    if (skillsCliEntry) {
+        const key = `${skillsCliEntry.file_type}\t${skillsCliEntry.file_path}`;
+        if (!existingPaths.has(key)) {
+            existingPaths.add(key);
+            configFiles.push(skillsCliEntry);
+        }
+    }
     const worktreeReport = scanActiveWorktrees(PROJECT_ROOT, HOME_DIR);
     const activeRoots = activeWorktreeRootSet(worktreeReport);
     const beforeFilter = configFiles.length;
@@ -128,8 +145,7 @@ async function addSensitivePathsAudit(endpointBase, configFiles) {
     }
 }
 async function sendAllConfigFiles(configFiles, worktreeReport, hardwareUuid, authKey) {
-    const hookTypeRaw = (process.env.OPTIMUS_HOOK_TYPE || 'claude').toLowerCase();
-    const hookType = hookTypeRaw === 'cursor' ? 'cursor' : hookTypeRaw === 'copilot' ? 'copilot' : 'claude';
+    const hookType = resolveHookTypeFromEnv();
     const manifest = configFiles.map((c) => canonicalCursorUserStateVscdbPath(c.file_path));
     const workspaceRepo = ensureWorkspaceRepoEnv(manifest);
     const hookRequestId = await sendHookRequestCreate(hardwareUuid, authKey, hookType, workspaceRepo);

package/dist/log_config_files/runtime/trusted_restarts.js

@@ -34,6 +34,10 @@ function currentAgentFromEnv() {
         return 'cursor';
     if (override === 'copilot')
         return 'copilot';
+    if (override === 'opencode')
+        return 'opencode';
+    if (override === 'codex')
+        return 'codex';
     if (override === 'claude' || override === 'claude_desktop')
         return 'claude';
     const hookType = normalizeAgentToken(process.env.OPTIMUS_HOOK_TYPE);
@@ -41,6 +45,10 @@ function currentAgentFromEnv() {
         return 'cursor';
     if (hookType === 'copilot')
         return 'copilot';
+    if (hookType === 'opencode')
+        return 'opencode';
+    if (hookType === 'codex')
+        return 'codex';
     return 'claude';
 }
 /** Spawn each trusted command detached (same pattern as former compliance_prompt_gate fireRestartCommands). */

package/dist/log_sensitive_paths_audit.js

@@ -6,7 +6,7 @@
  * Path templates are fetched from the backend (GET api/file-path-registry/sensitive-paths-audit-candidates/).
  * The audit is sent with the rest of the config files in log_config_files (same auth, same batch).
  */
-import { existsSync, writeFileSync, mkdirSync } from 'node:fs';
+import { existsSync, writeFileSync, mkdirSync, statSync } from 'node:fs';
 import { join } from 'node:path';
 import { homedir } from 'node:os';
 import { getSensitivePathsAuditCandidates } from './endpoint_client/index.js';
@@ -22,16 +22,35 @@ function expandPath(template, cwd) {
     }
     return join(cwd, template);
 }
+/** True when path exists: directories always qualify; files must be non-empty (size > 0). */
+function shouldIncludeSensitivePath(resolved) {
+    if (!existsSync(resolved)) {
+        return false;
+    }
+    try {
+        const st = statSync(resolved);
+        if (st.isDirectory()) {
+            return true;
+        }
+        if (st.isFile()) {
+            return st.size > 0;
+        }
+        return false;
+    }
+    catch {
+        return false;
+    }
+}
 /**
  * Write sensitive_paths_audit.txt under outputDir. pathTemplates from backend (~ = home).
- * Lists one path per line for paths that exist. No file contents are read.
+ * Lists one path per line for paths that exist (files must be non-empty). No file contents are read.
  * Overwrites the file on each run (same as hook_log.txt); does not append.
  */
 export function writeSensitivePathsAudit(outputDir, pathTemplates, cwd = process.cwd()) {
     const existing = [];
     for (const template of pathTemplates) {
         const resolved = expandPath(template, cwd);
-        if (existsSync(resolved)) {
+        if (shouldIncludeSensitivePath(resolved)) {
             existing.push(resolved);
         }
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "log-llm-config",
-  "version": "1.3.96",
+  "version": "1.4.4",
   "description": "CLI helpers for logging hardware UUIDs and posting startup payloads to Optimus Security.",
   "type": "module",
   "bin": {
@@ -49,11 +49,11 @@
   },
   "devDependencies": {
     "@types/node": "^24.10.1",
-    "@vitest/coverage-v8": "^3.2.4",
-    "@vitest/ui": "^3.2.4",
+    "@vitest/coverage-v8": "^4.1.8",
+    "@vitest/ui": "^4.1.8",
     "ts-node": "^10.9.2",
     "typescript": "^5.4.5",
-    "vitest": "^3.2.4"
+    "vitest": "^4.1.8"
   },
   "dependencies": {
     "axios": "^1.15.2",