meshy-node 0.10.2 → 0.10.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/main.cjs CHANGED
@@ -865,14 +865,14 @@ var require_jwa = __commonJS({
865
865
  "use strict";
866
866
  init_cjs_shims();
867
867
  var Buffer2 = require_safe_buffer().Buffer;
868
- var crypto6 = require("crypto");
868
+ var crypto7 = require("crypto");
869
869
  var formatEcdsa = require_ecdsa_sig_formatter();
870
870
  var util5 = require("util");
871
871
  var MSG_INVALID_ALGORITHM = '"%s" is not a valid algorithm.\n Supported algorithms are:\n "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "ES256", "ES384", "ES512" and "none".';
872
872
  var MSG_INVALID_SECRET = "secret must be a string or buffer";
873
873
  var MSG_INVALID_VERIFIER_KEY = "key must be a string or a buffer";
874
874
  var MSG_INVALID_SIGNER_KEY = "key must be a string, a buffer or an object";
875
- var supportsKeyObjects = typeof crypto6.createPublicKey === "function";
875
+ var supportsKeyObjects = typeof crypto7.createPublicKey === "function";
876
876
  if (supportsKeyObjects) {
877
877
  MSG_INVALID_VERIFIER_KEY += " or a KeyObject";
878
878
  MSG_INVALID_SECRET += "or a KeyObject";
@@ -962,17 +962,17 @@ var require_jwa = __commonJS({
962
962
  return function sign(thing, secret) {
963
963
  checkIsSecretKey(secret);
964
964
  thing = normalizeInput(thing);
965
- var hmac = crypto6.createHmac("sha" + bits, secret);
965
+ var hmac = crypto7.createHmac("sha" + bits, secret);
966
966
  var sig = (hmac.update(thing), hmac.digest("base64"));
967
967
  return fromBase64(sig);
968
968
  };
969
969
  }
970
970
  var bufferEqual;
971
- var timingSafeEqual = "timingSafeEqual" in crypto6 ? function timingSafeEqual2(a, b) {
971
+ var timingSafeEqual = "timingSafeEqual" in crypto7 ? function timingSafeEqual2(a, b) {
972
972
  if (a.byteLength !== b.byteLength) {
973
973
  return false;
974
974
  }
975
- return crypto6.timingSafeEqual(a, b);
975
+ return crypto7.timingSafeEqual(a, b);
976
976
  } : function timingSafeEqual2(a, b) {
977
977
  if (!bufferEqual) {
978
978
  bufferEqual = require_buffer_equal_constant_time();
@@ -989,7 +989,7 @@ var require_jwa = __commonJS({
989
989
  return function sign(thing, privateKey) {
990
990
  checkIsPrivateKey(privateKey);
991
991
  thing = normalizeInput(thing);
992
- var signer = crypto6.createSign("RSA-SHA" + bits);
992
+ var signer = crypto7.createSign("RSA-SHA" + bits);
993
993
  var sig = (signer.update(thing), signer.sign(privateKey, "base64"));
994
994
  return fromBase64(sig);
995
995
  };
@@ -999,7 +999,7 @@ var require_jwa = __commonJS({
999
999
  checkIsPublicKey(publicKey);
1000
1000
  thing = normalizeInput(thing);
1001
1001
  signature = toBase64(signature);
1002
- var verifier = crypto6.createVerify("RSA-SHA" + bits);
1002
+ var verifier = crypto7.createVerify("RSA-SHA" + bits);
1003
1003
  verifier.update(thing);
1004
1004
  return verifier.verify(publicKey, signature, "base64");
1005
1005
  };
@@ -1008,11 +1008,11 @@ var require_jwa = __commonJS({
1008
1008
  return function sign(thing, privateKey) {
1009
1009
  checkIsPrivateKey(privateKey);
1010
1010
  thing = normalizeInput(thing);
1011
- var signer = crypto6.createSign("RSA-SHA" + bits);
1011
+ var signer = crypto7.createSign("RSA-SHA" + bits);
1012
1012
  var sig = (signer.update(thing), signer.sign({
1013
1013
  key: privateKey,
1014
- padding: crypto6.constants.RSA_PKCS1_PSS_PADDING,
1015
- saltLength: crypto6.constants.RSA_PSS_SALTLEN_DIGEST
1014
+ padding: crypto7.constants.RSA_PKCS1_PSS_PADDING,
1015
+ saltLength: crypto7.constants.RSA_PSS_SALTLEN_DIGEST
1016
1016
  }, "base64"));
1017
1017
  return fromBase64(sig);
1018
1018
  };
@@ -1022,12 +1022,12 @@ var require_jwa = __commonJS({
1022
1022
  checkIsPublicKey(publicKey);
1023
1023
  thing = normalizeInput(thing);
1024
1024
  signature = toBase64(signature);
1025
- var verifier = crypto6.createVerify("RSA-SHA" + bits);
1025
+ var verifier = crypto7.createVerify("RSA-SHA" + bits);
1026
1026
  verifier.update(thing);
1027
1027
  return verifier.verify({
1028
1028
  key: publicKey,
1029
- padding: crypto6.constants.RSA_PKCS1_PSS_PADDING,
1030
- saltLength: crypto6.constants.RSA_PSS_SALTLEN_DIGEST
1029
+ padding: crypto7.constants.RSA_PKCS1_PSS_PADDING,
1030
+ saltLength: crypto7.constants.RSA_PSS_SALTLEN_DIGEST
1031
1031
  }, signature, "base64");
1032
1032
  };
1033
1033
  }
@@ -1324,7 +1324,7 @@ var require_jws = __commonJS({
1324
1324
  exports2.createSign = function createSign(opts) {
1325
1325
  return new SignStream(opts);
1326
1326
  };
1327
- exports2.createVerify = function createVerify(opts) {
1327
+ exports2.createVerify = function createVerify2(opts) {
1328
1328
  return new VerifyStream(opts);
1329
1329
  };
1330
1330
  }
@@ -3632,7 +3632,7 @@ var require_verify = __commonJS({
3632
3632
  var validateAsymmetricKey = require_validateAsymmetricKey();
3633
3633
  var PS_SUPPORTED = require_psSupported();
3634
3634
  var jws = require_jws();
3635
- var { KeyObject, createSecretKey, createPublicKey } = require("crypto");
3635
+ var { KeyObject, createSecretKey, createPublicKey: createPublicKey2 } = require("crypto");
3636
3636
  var PUB_KEY_ALGS = ["RS256", "RS384", "RS512"];
3637
3637
  var EC_KEY_ALGS = ["ES256", "ES384", "ES512"];
3638
3638
  var RSA_KEY_ALGS = ["RS256", "RS384", "RS512"];
@@ -3716,7 +3716,7 @@ var require_verify = __commonJS({
3716
3716
  }
3717
3717
  if (secretOrPublicKey2 != null && !(secretOrPublicKey2 instanceof KeyObject)) {
3718
3718
  try {
3719
- secretOrPublicKey2 = createPublicKey(secretOrPublicKey2);
3719
+ secretOrPublicKey2 = createPublicKey2(secretOrPublicKey2);
3720
3720
  } catch (_) {
3721
3721
  try {
3722
3722
  secretOrPublicKey2 = createSecretKey(typeof secretOrPublicKey2 === "string" ? Buffer.from(secretOrPublicKey2) : secretOrPublicKey2);
@@ -4155,7 +4155,7 @@ var require_lodash5 = __commonJS({
4155
4155
  function isObjectLike2(value) {
4156
4156
  return !!value && typeof value == "object";
4157
4157
  }
4158
- function isPlainObject6(value) {
4158
+ function isPlainObject7(value) {
4159
4159
  if (!isObjectLike2(value) || objectToString2.call(value) != objectTag2 || isHostObject(value)) {
4160
4160
  return false;
4161
4161
  }
@@ -4166,7 +4166,7 @@ var require_lodash5 = __commonJS({
4166
4166
  var Ctor = hasOwnProperty3.call(proto2, "constructor") && proto2.constructor;
4167
4167
  return typeof Ctor == "function" && Ctor instanceof Ctor && funcToString2.call(Ctor) == objectCtorString2;
4168
4168
  }
4169
- module2.exports = isPlainObject6;
4169
+ module2.exports = isPlainObject7;
4170
4170
  }
4171
4171
  });
4172
4172
 
@@ -4285,7 +4285,7 @@ var require_sign = __commonJS({
4285
4285
  var isBoolean = require_lodash2();
4286
4286
  var isInteger = require_lodash3();
4287
4287
  var isNumber2 = require_lodash4();
4288
- var isPlainObject6 = require_lodash5();
4288
+ var isPlainObject7 = require_lodash5();
4289
4289
  var isString = require_lodash6();
4290
4290
  var once = require_lodash7();
4291
4291
  var { KeyObject, createSecretKey, createPrivateKey: createPrivateKey2 } = require("crypto");
@@ -4304,7 +4304,7 @@ var require_sign = __commonJS({
4304
4304
  return isString(value) || Array.isArray(value);
4305
4305
  }, message: '"audience" must be a string or array' },
4306
4306
  algorithm: { isValid: includes.bind(null, SUPPORTED_ALGS), message: '"algorithm" must be a valid string enum value' },
4307
- header: { isValid: isPlainObject6, message: '"header" must be an object' },
4307
+ header: { isValid: isPlainObject7, message: '"header" must be an object' },
4308
4308
  encoding: { isValid: isString, message: '"encoding" must be a string' },
4309
4309
  issuer: { isValid: isString, message: '"issuer" must be a string' },
4310
4310
  subject: { isValid: isString, message: '"subject" must be a string' },
@@ -4321,7 +4321,7 @@ var require_sign = __commonJS({
4321
4321
  nbf: { isValid: isNumber2, message: '"nbf" should be a number of seconds' }
4322
4322
  };
4323
4323
  function validate(schema, allowUnknown, object3, parameterName) {
4324
- if (!isPlainObject6(object3)) {
4324
+ if (!isPlainObject7(object3)) {
4325
4325
  throw new Error('Expected "' + parameterName + '" to be a plain object.');
4326
4326
  }
4327
4327
  Object.keys(object3).forEach(function(key2) {
@@ -28834,10 +28834,10 @@ var require_object_inspect = __commonJS({
28834
28834
  }
28835
28835
  if (!isDate(obj) && !isRegExp(obj)) {
28836
28836
  var ys = arrObjKeys(obj, inspect3);
28837
- var isPlainObject6 = gPO ? gPO(obj) === Object.prototype : obj instanceof Object || obj.constructor === Object;
28837
+ var isPlainObject7 = gPO ? gPO(obj) === Object.prototype : obj instanceof Object || obj.constructor === Object;
28838
28838
  var protoTag = obj instanceof Object ? "" : "null prototype";
28839
- var stringTag = !isPlainObject6 && toStringTag && Object(obj) === obj && toStringTag in obj ? $slice.call(toStr(obj), 8, -1) : protoTag ? "Object" : "";
28840
- var constructorTag = isPlainObject6 || typeof obj.constructor !== "function" ? "" : obj.constructor.name ? obj.constructor.name + " " : "";
28839
+ var stringTag = !isPlainObject7 && toStringTag && Object(obj) === obj && toStringTag in obj ? $slice.call(toStr(obj), 8, -1) : protoTag ? "Object" : "";
28840
+ var constructorTag = isPlainObject7 || typeof obj.constructor !== "function" ? "" : obj.constructor.name ? obj.constructor.name + " " : "";
28841
28841
  var tag = constructorTag + (stringTag || protoTag ? "[" + $join.call($concat.call([], stringTag || [], protoTag || []), ": ") + "] " : "");
28842
28842
  if (ys.length === 0) {
28843
28843
  return tag + "{}";
@@ -32848,14 +32848,14 @@ var require_etag = __commonJS({
32848
32848
  "use strict";
32849
32849
  init_cjs_shims();
32850
32850
  module2.exports = etag;
32851
- var crypto6 = require("crypto");
32851
+ var crypto7 = require("crypto");
32852
32852
  var Stats = require("fs").Stats;
32853
32853
  var toString3 = Object.prototype.toString;
32854
32854
  function entitytag(entity) {
32855
32855
  if (entity.length === 0) {
32856
32856
  return '"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"';
32857
32857
  }
32858
- var hash = crypto6.createHash("sha1").update(entity, "utf8").digest("base64").substring(0, 27);
32858
+ var hash = crypto7.createHash("sha1").update(entity, "utf8").digest("base64").substring(0, 27);
32859
32859
  var len = typeof entity === "string" ? Buffer.byteLength(entity, "utf8") : entity.length;
32860
32860
  return '"' + len.toString(16) + "-" + hash + '"';
32861
32861
  }
@@ -34626,7 +34626,7 @@ var require_application = __commonJS({
34626
34626
  "use strict";
34627
34627
  init_cjs_shims();
34628
34628
  var finalhandler = require_finalhandler();
34629
- var Router17 = require_router();
34629
+ var Router18 = require_router();
34630
34630
  var methods = require_methods();
34631
34631
  var middleware = require_init();
34632
34632
  var query = require_query();
@@ -34691,7 +34691,7 @@ var require_application = __commonJS({
34691
34691
  };
34692
34692
  app.lazyrouter = function lazyrouter() {
34693
34693
  if (!this._router) {
34694
- this._router = new Router17({
34694
+ this._router = new Router18({
34695
34695
  caseSensitive: this.enabled("case sensitive routing"),
34696
34696
  strict: this.enabled("strict routing")
34697
34697
  });
@@ -35651,11 +35651,11 @@ var require_cookie_signature = __commonJS({
35651
35651
  "../../node_modules/.pnpm/cookie-signature@1.0.7/node_modules/cookie-signature/index.js"(exports2) {
35652
35652
  "use strict";
35653
35653
  init_cjs_shims();
35654
- var crypto6 = require("crypto");
35654
+ var crypto7 = require("crypto");
35655
35655
  exports2.sign = function(val, secret) {
35656
35656
  if ("string" !== typeof val) throw new TypeError("Cookie value must be provided as a string.");
35657
35657
  if (null == secret) throw new TypeError("Secret key must be provided.");
35658
- return val + "." + crypto6.createHmac("sha256", secret).update(val).digest("base64").replace(/\=+$/, "");
35658
+ return val + "." + crypto7.createHmac("sha256", secret).update(val).digest("base64").replace(/\=+$/, "");
35659
35659
  };
35660
35660
  exports2.unsign = function(val, secret) {
35661
35661
  if ("string" !== typeof val) throw new TypeError("Signed cookie string must be provided.");
@@ -35664,7 +35664,7 @@ var require_cookie_signature = __commonJS({
35664
35664
  return sha1(mac) == sha1(val) ? str : false;
35665
35665
  };
35666
35666
  function sha1(str) {
35667
- return crypto6.createHash("sha1").update(str).digest("hex");
35667
+ return crypto7.createHash("sha1").update(str).digest("hex");
35668
35668
  }
35669
35669
  }
35670
35670
  });
@@ -36569,7 +36569,7 @@ var require_express = __commonJS({
36569
36569
  var mixin = require_merge_descriptors();
36570
36570
  var proto2 = require_application();
36571
36571
  var Route = require_route();
36572
- var Router17 = require_router();
36572
+ var Router18 = require_router();
36573
36573
  var req = require_request();
36574
36574
  var res = require_response();
36575
36575
  exports2 = module2.exports = createApplication;
@@ -36592,7 +36592,7 @@ var require_express = __commonJS({
36592
36592
  exports2.request = req;
36593
36593
  exports2.response = res;
36594
36594
  exports2.Route = Route;
36595
- exports2.Router = Router17;
36595
+ exports2.Router = Router18;
36596
36596
  exports2.json = bodyParser.json;
36597
36597
  exports2.query = require_query();
36598
36598
  exports2.raw = bodyParser.raw;
@@ -36722,7 +36722,7 @@ __export(util_exports, {
36722
36722
  captureStackTrace: () => captureStackTrace,
36723
36723
  cleanEnum: () => cleanEnum,
36724
36724
  cleanRegex: () => cleanRegex,
36725
- clone: () => clone2,
36725
+ clone: () => clone3,
36726
36726
  createTransparentProxy: () => createTransparentProxy,
36727
36727
  defineLazy: () => defineLazy,
36728
36728
  esc: () => esc,
@@ -36736,7 +36736,7 @@ __export(util_exports, {
36736
36736
  getParsedType: () => getParsedType2,
36737
36737
  getSizableOrigin: () => getSizableOrigin,
36738
36738
  isObject: () => isObject2,
36739
- isPlainObject: () => isPlainObject2,
36739
+ isPlainObject: () => isPlainObject3,
36740
36740
  issue: () => issue,
36741
36741
  joinValues: () => joinValues,
36742
36742
  jsonStringifyReplacer: () => jsonStringifyReplacer,
@@ -36870,7 +36870,7 @@ function esc(str) {
36870
36870
  function isObject2(data) {
36871
36871
  return typeof data === "object" && data !== null && !Array.isArray(data);
36872
36872
  }
36873
- function isPlainObject2(o) {
36873
+ function isPlainObject3(o) {
36874
36874
  if (isObject2(o) === false)
36875
36875
  return false;
36876
36876
  const ctor = o.constructor;
@@ -36896,7 +36896,7 @@ function numKeys(data) {
36896
36896
  function escapeRegex(str) {
36897
36897
  return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
36898
36898
  }
36899
- function clone2(inst, def, params) {
36899
+ function clone3(inst, def, params) {
36900
36900
  const cl = new inst._zod.constr(def ?? inst._zod.def);
36901
36901
  if (!def || params?.parent)
36902
36902
  cl._zod.parent = inst;
@@ -36974,7 +36974,7 @@ function pick(schema, mask) {
36974
36974
  continue;
36975
36975
  newShape[key2] = currDef.shape[key2];
36976
36976
  }
36977
- return clone2(schema, {
36977
+ return clone3(schema, {
36978
36978
  ...schema._zod.def,
36979
36979
  shape: newShape,
36980
36980
  checks: []
@@ -36991,14 +36991,14 @@ function omit(schema, mask) {
36991
36991
  continue;
36992
36992
  delete newShape[key2];
36993
36993
  }
36994
- return clone2(schema, {
36994
+ return clone3(schema, {
36995
36995
  ...schema._zod.def,
36996
36996
  shape: newShape,
36997
36997
  checks: []
36998
36998
  });
36999
36999
  }
37000
37000
  function extend2(schema, shape) {
37001
- if (!isPlainObject2(shape)) {
37001
+ if (!isPlainObject3(shape)) {
37002
37002
  throw new Error("Invalid input to extend: expected a plain object");
37003
37003
  }
37004
37004
  const def = {
@@ -37011,10 +37011,10 @@ function extend2(schema, shape) {
37011
37011
  checks: []
37012
37012
  // delete existing checks
37013
37013
  };
37014
- return clone2(schema, def);
37014
+ return clone3(schema, def);
37015
37015
  }
37016
37016
  function merge(a, b) {
37017
- return clone2(a, {
37017
+ return clone3(a, {
37018
37018
  ...a._zod.def,
37019
37019
  get shape() {
37020
37020
  const _shape = { ...a._zod.def.shape, ...b._zod.def.shape };
@@ -37049,7 +37049,7 @@ function partial(Class2, schema, mask) {
37049
37049
  }) : oldShape[key2];
37050
37050
  }
37051
37051
  }
37052
- return clone2(schema, {
37052
+ return clone3(schema, {
37053
37053
  ...schema._zod.def,
37054
37054
  shape,
37055
37055
  checks: []
@@ -37078,7 +37078,7 @@ function required(Class2, schema, mask) {
37078
37078
  });
37079
37079
  }
37080
37080
  }
37081
- return clone2(schema, {
37081
+ return clone3(schema, {
37082
37082
  ...schema._zod.def,
37083
37083
  shape,
37084
37084
  // optional: [],
@@ -37985,7 +37985,7 @@ function mergeValues2(a, b) {
37985
37985
  if (a instanceof Date && b instanceof Date && +a === +b) {
37986
37986
  return { valid: true, data: a };
37987
37987
  }
37988
- if (isPlainObject2(a) && isPlainObject2(b)) {
37988
+ if (isPlainObject3(a) && isPlainObject3(b)) {
37989
37989
  const bKeys = Object.keys(b);
37990
37990
  const sharedKeys = Object.keys(a).filter((key2) => bKeys.indexOf(key2) !== -1);
37991
37991
  const newObj = { ...a, ...b };
@@ -38840,7 +38840,7 @@ var init_schemas = __esm({
38840
38840
  $ZodType.init(inst, def);
38841
38841
  inst._zod.parse = (payload, ctx) => {
38842
38842
  const input = payload.value;
38843
- if (!isPlainObject2(input)) {
38843
+ if (!isPlainObject3(input)) {
38844
38844
  payload.issues.push({
38845
38845
  expected: "record",
38846
38846
  code: "invalid_type",
@@ -40309,7 +40309,7 @@ var init_schemas3 = __esm({
40309
40309
  // { parent: true }
40310
40310
  );
40311
40311
  };
40312
- inst.clone = (def2, params) => clone2(inst, def2, params);
40312
+ inst.clone = (def2, params) => clone3(inst, def2, params);
40313
40313
  inst.brand = () => inst;
40314
40314
  inst.register = ((reg, meta) => {
40315
40315
  reg.add(inst, meta);
@@ -42760,7 +42760,7 @@ var init_zod_json_schema_compat = __esm({
42760
42760
  });
42761
42761
 
42762
42762
  // ../../node_modules/.pnpm/@modelcontextprotocol+sdk@1.29.0_zod@3.25.76/node_modules/@modelcontextprotocol/sdk/dist/esm/shared/protocol.js
42763
- function isPlainObject3(value) {
42763
+ function isPlainObject4(value) {
42764
42764
  return value !== null && typeof value === "object" && !Array.isArray(value);
42765
42765
  }
42766
42766
  function mergeCapabilities(base, additional) {
@@ -42771,7 +42771,7 @@ function mergeCapabilities(base, additional) {
42771
42771
  if (addValue === void 0)
42772
42772
  continue;
42773
42773
  const baseValue = result[k];
42774
- if (isPlainObject3(baseValue) && isPlainObject3(addValue)) {
42774
+ if (isPlainObject4(baseValue) && isPlainObject4(addValue)) {
42775
42775
  result[k] = { ...baseValue, ...addValue };
42776
42776
  } else {
42777
42777
  result[k] = addValue;
@@ -52212,7 +52212,7 @@ var require_extend = __commonJS({
52212
52212
  }
52213
52213
  return toStr.call(arr) === "[object Array]";
52214
52214
  };
52215
- var isPlainObject6 = function isPlainObject7(obj) {
52215
+ var isPlainObject7 = function isPlainObject8(obj) {
52216
52216
  if (!obj || toStr.call(obj) !== "[object Object]") {
52217
52217
  return false;
52218
52218
  }
@@ -52249,7 +52249,7 @@ var require_extend = __commonJS({
52249
52249
  return obj[name2];
52250
52250
  };
52251
52251
  module2.exports = function extend4() {
52252
- var options, name2, src, copy, copyIsArray, clone4;
52252
+ var options, name2, src, copy, copyIsArray, clone5;
52253
52253
  var target = arguments[0];
52254
52254
  var i = 1;
52255
52255
  var length = arguments.length;
@@ -52269,14 +52269,14 @@ var require_extend = __commonJS({
52269
52269
  src = getProperty(target, name2);
52270
52270
  copy = getProperty(options, name2);
52271
52271
  if (target !== copy) {
52272
- if (deep && copy && (isPlainObject6(copy) || (copyIsArray = isArray2(copy)))) {
52272
+ if (deep && copy && (isPlainObject7(copy) || (copyIsArray = isArray2(copy)))) {
52273
52273
  if (copyIsArray) {
52274
52274
  copyIsArray = false;
52275
- clone4 = src && isArray2(src) ? src : [];
52275
+ clone5 = src && isArray2(src) ? src : [];
52276
52276
  } else {
52277
- clone4 = src && isPlainObject6(src) ? src : {};
52277
+ clone5 = src && isPlainObject7(src) ? src : {};
52278
52278
  }
52279
- setProperty(target, { name: name2, newValue: extend4(deep, clone4, copy) });
52279
+ setProperty(target, { name: name2, newValue: extend4(deep, clone5, copy) });
52280
52280
  } else if (typeof copy !== "undefined") {
52281
52281
  setProperty(target, { name: name2, newValue: copy });
52282
52282
  }
@@ -57136,7 +57136,7 @@ var init_rpc_metadata = __esm({
57136
57136
  });
57137
57137
 
57138
57138
  // ../../node_modules/.pnpm/@opentelemetry+core@2.8.0_@opentelemetry+api@1.9.1/node_modules/@opentelemetry/core/build/esm/utils/lodash.merge.js
57139
- function isPlainObject5(value) {
57139
+ function isPlainObject6(value) {
57140
57140
  if (!isObjectLike(value) || baseGetTag(value) !== objectTag) {
57141
57141
  return false;
57142
57142
  }
@@ -57301,7 +57301,7 @@ function isPrimitive(value) {
57301
57301
  return typeof value === "string" || typeof value === "number" || typeof value === "boolean" || typeof value === "undefined" || value instanceof Date || value instanceof RegExp || value === null;
57302
57302
  }
57303
57303
  function shouldMerge(one5, two) {
57304
- if (!isPlainObject5(one5) || !isPlainObject5(two)) {
57304
+ if (!isPlainObject6(one5) || !isPlainObject6(two)) {
57305
57305
  return false;
57306
57306
  }
57307
57307
  return true;
@@ -57593,12 +57593,12 @@ var init_default_service_name = __esm({
57593
57593
  });
57594
57594
 
57595
57595
  // ../../node_modules/.pnpm/@opentelemetry+resources@2.7.1_@opentelemetry+api@1.9.1/node_modules/@opentelemetry/resources/build/esm/utils.js
57596
- var isPromiseLike;
57596
+ var isPromiseLike2;
57597
57597
  var init_utils5 = __esm({
57598
57598
  "../../node_modules/.pnpm/@opentelemetry+resources@2.7.1_@opentelemetry+api@1.9.1/node_modules/@opentelemetry/resources/build/esm/utils.js"() {
57599
57599
  "use strict";
57600
57600
  init_cjs_shims();
57601
- isPromiseLike = (val) => {
57601
+ isPromiseLike2 = (val) => {
57602
57602
  return val !== null && typeof val === "object" && typeof val.then === "function";
57603
57603
  };
57604
57604
  }
@@ -57624,7 +57624,7 @@ function defaultResource() {
57624
57624
  }
57625
57625
  function guardedRawAttributes(attributes) {
57626
57626
  return attributes.map(([k, v]) => {
57627
- if (isPromiseLike(v)) {
57627
+ if (isPromiseLike2(v)) {
57628
57628
  return [
57629
57629
  k,
57630
57630
  v.catch((err) => {
@@ -57678,13 +57678,13 @@ var init_ResourceImpl = __esm({
57678
57678
  static FromAttributeList(attributes, options) {
57679
57679
  const res = new _ResourceImpl({}, options);
57680
57680
  res._rawAttributes = guardedRawAttributes(attributes);
57681
- res._asyncAttributesPending = attributes.filter(([_, val]) => isPromiseLike(val)).length > 0;
57681
+ res._asyncAttributesPending = attributes.filter(([_, val]) => isPromiseLike2(val)).length > 0;
57682
57682
  return res;
57683
57683
  }
57684
57684
  constructor(resource, options) {
57685
57685
  const attributes = resource.attributes ?? {};
57686
57686
  this._rawAttributes = Object.entries(attributes).map(([k, v]) => {
57687
- if (isPromiseLike(v)) {
57687
+ if (isPromiseLike2(v)) {
57688
57688
  this._asyncAttributesPending = true;
57689
57689
  }
57690
57690
  return [k, v];
@@ -57701,7 +57701,7 @@ var init_ResourceImpl = __esm({
57701
57701
  }
57702
57702
  for (let i = 0; i < this._rawAttributes.length; i++) {
57703
57703
  const [k, v] = this._rawAttributes[i];
57704
- this._rawAttributes[i] = [k, isPromiseLike(v) ? await v : v];
57704
+ this._rawAttributes[i] = [k, isPromiseLike2(v) ? await v : v];
57705
57705
  }
57706
57706
  this._asyncAttributesPending = false;
57707
57707
  }
@@ -57714,7 +57714,7 @@ var init_ResourceImpl = __esm({
57714
57714
  }
57715
57715
  const attrs = {};
57716
57716
  for (const [k, v] of this._rawAttributes) {
57717
- if (isPromiseLike(v)) {
57717
+ if (isPromiseLike2(v)) {
57718
57718
  diag2.debug(`Unsettled resource attribute ${k} skipped`);
57719
57719
  continue;
57720
57720
  }
@@ -113819,12 +113819,12 @@ var init_default_service_name2 = __esm({
113819
113819
  });
113820
113820
 
113821
113821
  // ../../node_modules/.pnpm/@opentelemetry+resources@2.8.0_@opentelemetry+api@1.9.1/node_modules/@opentelemetry/resources/build/esm/utils.js
113822
- var isPromiseLike2;
113822
+ var isPromiseLike3;
113823
113823
  var init_utils13 = __esm({
113824
113824
  "../../node_modules/.pnpm/@opentelemetry+resources@2.8.0_@opentelemetry+api@1.9.1/node_modules/@opentelemetry/resources/build/esm/utils.js"() {
113825
113825
  "use strict";
113826
113826
  init_cjs_shims();
113827
- isPromiseLike2 = (val) => {
113827
+ isPromiseLike3 = (val) => {
113828
113828
  return val !== null && typeof val === "object" && typeof val.then === "function";
113829
113829
  };
113830
113830
  }
@@ -113850,7 +113850,7 @@ function defaultResource2() {
113850
113850
  }
113851
113851
  function guardedRawAttributes2(attributes) {
113852
113852
  return attributes.map(([k, v]) => {
113853
- if (isPromiseLike2(v)) {
113853
+ if (isPromiseLike3(v)) {
113854
113854
  return [
113855
113855
  k,
113856
113856
  v.catch((err) => {
@@ -113904,13 +113904,13 @@ var init_ResourceImpl2 = __esm({
113904
113904
  static FromAttributeList(attributes, options) {
113905
113905
  const res = new _ResourceImpl({}, options);
113906
113906
  res._rawAttributes = guardedRawAttributes2(attributes);
113907
- res._asyncAttributesPending = attributes.filter(([_, val]) => isPromiseLike2(val)).length > 0;
113907
+ res._asyncAttributesPending = attributes.filter(([_, val]) => isPromiseLike3(val)).length > 0;
113908
113908
  return res;
113909
113909
  }
113910
113910
  constructor(resource, options) {
113911
113911
  const attributes = resource.attributes ?? {};
113912
113912
  this._rawAttributes = Object.entries(attributes).map(([k, v]) => {
113913
- if (isPromiseLike2(v)) {
113913
+ if (isPromiseLike3(v)) {
113914
113914
  this._asyncAttributesPending = true;
113915
113915
  }
113916
113916
  return [k, v];
@@ -113927,7 +113927,7 @@ var init_ResourceImpl2 = __esm({
113927
113927
  }
113928
113928
  for (let i = 0; i < this._rawAttributes.length; i++) {
113929
113929
  const [k, v] = this._rawAttributes[i];
113930
- this._rawAttributes[i] = [k, isPromiseLike2(v) ? await v : v];
113930
+ this._rawAttributes[i] = [k, isPromiseLike3(v) ? await v : v];
113931
113931
  }
113932
113932
  this._asyncAttributesPending = false;
113933
113933
  }
@@ -113940,7 +113940,7 @@ var init_ResourceImpl2 = __esm({
113940
113940
  }
113941
113941
  const attrs = {};
113942
113942
  for (const [k, v] of this._rawAttributes) {
113943
- if (isPromiseLike2(v)) {
113943
+ if (isPromiseLike3(v)) {
113944
113944
  diag2.debug(`Unsettled resource attribute ${k} skipped`);
113945
113945
  continue;
113946
113946
  }
@@ -131632,6 +131632,8 @@ function formatHelp(command) {
131632
131632
  " --reset Ignore remembered startup options and prompt again",
131633
131633
  " --disable-auth Disable bearer auth for this run",
131634
131634
  " --qr-code Render a mobile connection QR for the node DevTunnel URL",
131635
+ " --enable-ghc-tunnel Enable the GitHub Copilot Tunnel without prompting",
131636
+ " --disable-ghc-tunnel Disable the GitHub Copilot Tunnel without prompting",
131635
131637
  " -h, --help Show this help"
131636
131638
  ].join("\n");
131637
131639
  }
@@ -131664,6 +131666,8 @@ function formatHelp(command) {
131664
131666
  " --reset Ignore remembered startup options and prompt again",
131665
131667
  " --disable-auth Disable bearer auth for this run",
131666
131668
  " --qr-code Render a mobile connection QR for the node DevTunnel URL",
131669
+ " --enable-ghc-tunnel Enable the GitHub Copilot Tunnel without prompting",
131670
+ " --disable-ghc-tunnel Disable the GitHub Copilot Tunnel without prompting",
131667
131671
  " -h, --help Show this help"
131668
131672
  ].join("\n");
131669
131673
  }
@@ -131750,6 +131754,12 @@ function parseArgs(argv) {
131750
131754
  case "--qr-code":
131751
131755
  result.qrCode = true;
131752
131756
  break;
131757
+ case "--enable-ghc-tunnel":
131758
+ result.ghcTunnel = true;
131759
+ break;
131760
+ case "--disable-ghc-tunnel":
131761
+ result.ghcTunnel = false;
131762
+ break;
131753
131763
  default:
131754
131764
  if (!arg.startsWith("-") && !result.command && isKnownCommand(arg)) {
131755
131765
  result.command = arg;
@@ -132242,7 +132252,7 @@ function formatBanner(info) {
132242
132252
  const lines = [
132243
132253
  `Node: ${info.name}`,
132244
132254
  `Role: ${info.role} (term ${info.term})`,
132245
- `Endpoint: ${info.endpoint}`,
132255
+ `Node URL: ${info.endpoint}`,
132246
132256
  `Dashboard: http://localhost:${info.port}`
132247
132257
  ];
132248
132258
  if (info.dashboardOrigin) {
@@ -136899,6 +136909,76 @@ function isNodeStatus(value) {
136899
136909
  return typeof value === "string" && NODE_STATUSES.has(value);
136900
136910
  }
136901
136911
 
136912
+ // ../../packages/core/src/storage/task-store-parsers.ts
136913
+ init_cjs_shims();
136914
+ function parseTask(value) {
136915
+ if (!isPlainObject(value)) {
136916
+ return null;
136917
+ }
136918
+ const status = asTaskStatus(value.status);
136919
+ const priority = asTaskPriority(value.priority);
136920
+ const conversationKind = value.conversationKind === void 0 ? "meshyChat" : asTaskConversationKind(value.conversationKind);
136921
+ if (typeof value.id !== "string" || typeof value.title !== "string" || typeof value.description !== "string" || typeof value.agent !== "string" || value.project !== null && typeof value.project !== "string" || value.effectiveProjectPath !== null && value.effectiveProjectPath !== void 0 && typeof value.effectiveProjectPath !== "string" || value.branch !== null && value.branch !== void 0 && typeof value.branch !== "string" || conversationKind === null || !isPlainObject(value.payload) || status === null || priority === null || value.assignedTo !== null && typeof value.assignedTo !== "string" || value.assignedNodeName !== void 0 && value.assignedNodeName !== null && typeof value.assignedNodeName !== "string" || typeof value.createdBy !== "string" || value.result !== null && !isPlainObject(value.result) || value.error !== null && typeof value.error !== "string" || typeof value.retryCount !== "number" || !Number.isFinite(value.retryCount) || typeof value.maxRetries !== "number" || !Number.isFinite(value.maxRetries) || typeof value.createdAt !== "number" || !Number.isFinite(value.createdAt) || typeof value.updatedAt !== "number" || !Number.isFinite(value.updatedAt)) {
136922
+ return null;
136923
+ }
136924
+ const queuedMessages = parseTaskQueuedMessages(value.queuedMessages);
136925
+ return {
136926
+ id: value.id,
136927
+ title: value.title,
136928
+ description: value.description,
136929
+ agent: value.agent,
136930
+ project: value.project ?? null,
136931
+ effectiveProjectPath: typeof value.effectiveProjectPath === "string" ? value.effectiveProjectPath : null,
136932
+ branch: value.branch === void 0 ? void 0 : typeof value.branch === "string" ? value.branch : null,
136933
+ conversationKind,
136934
+ payload: clone(value.payload),
136935
+ ...queuedMessages ? { queuedMessages } : {},
136936
+ status,
136937
+ priority,
136938
+ assignedTo: value.assignedTo,
136939
+ assignedNodeName: typeof value.assignedNodeName === "string" ? value.assignedNodeName : null,
136940
+ createdBy: value.createdBy,
136941
+ result: value.result === null ? null : clone(value.result),
136942
+ error: value.error,
136943
+ retryCount: value.retryCount,
136944
+ maxRetries: value.maxRetries,
136945
+ createdAt: value.createdAt,
136946
+ updatedAt: value.updatedAt
136947
+ };
136948
+ }
136949
+ function parseTaskQueuedMessages(value) {
136950
+ if (value === void 0) return void 0;
136951
+ if (!Array.isArray(value)) return void 0;
136952
+ const messages = [];
136953
+ for (const entry of value) {
136954
+ if (!isPlainObject(entry)) return void 0;
136955
+ if (typeof entry.id !== "string" || !Array.isArray(entry.content) || typeof entry.createdAt !== "number" || !Number.isFinite(entry.createdAt)) {
136956
+ return void 0;
136957
+ }
136958
+ messages.push({
136959
+ id: entry.id,
136960
+ content: clone(entry.content),
136961
+ createdAt: entry.createdAt
136962
+ });
136963
+ }
136964
+ return messages;
136965
+ }
136966
+ function asTaskStatus(value) {
136967
+ return isTaskStatus(value) ? value : null;
136968
+ }
136969
+ function asTaskPriority(value) {
136970
+ return isTaskPriority(value) ? value : null;
136971
+ }
136972
+ function asTaskConversationKind(value) {
136973
+ return isTaskConversationKind(value) ? value : null;
136974
+ }
136975
+ function clone(value) {
136976
+ return JSON.parse(JSON.stringify(value));
136977
+ }
136978
+ function isPlainObject(value) {
136979
+ return typeof value === "object" && value !== null && !Array.isArray(value);
136980
+ }
136981
+
136902
136982
  // ../../packages/core/src/storage/file-store.ts
136903
136983
  var FILE_NAMES = {
136904
136984
  cluster: "cluster.json",
@@ -136948,26 +137028,26 @@ var FileStore = class {
136948
137028
  }
136949
137029
  getClusterInfo() {
136950
137030
  this.ensureOpen();
136951
- return this.cluster === null ? null : clone(this.cluster);
137031
+ return this.cluster === null ? null : clone2(this.cluster);
136952
137032
  }
136953
137033
  setClusterInfo(info) {
136954
137034
  this.ensureOpen();
136955
- this.cluster = clone(info);
137035
+ this.cluster = clone2(info);
136956
137036
  this.persistSection("cluster");
136957
137037
  }
136958
137038
  upsertNode(node2) {
136959
137039
  this.ensureOpen();
136960
- this.nodes.set(node2.id, clone(node2));
137040
+ this.nodes.set(node2.id, clone2(node2));
136961
137041
  this.persistSection("nodes");
136962
137042
  }
136963
137043
  getNode(id) {
136964
137044
  this.ensureOpen();
136965
137045
  const node2 = this.nodes.get(id);
136966
- return node2 === void 0 ? null : clone(node2);
137046
+ return node2 === void 0 ? null : clone2(node2);
136967
137047
  }
136968
137048
  getAllNodes() {
136969
137049
  this.ensureOpen();
136970
- return Array.from(this.nodes.values(), (node2) => clone(node2));
137050
+ return Array.from(this.nodes.values(), (node2) => clone2(node2));
136971
137051
  }
136972
137052
  removeNode(id) {
136973
137053
  this.ensureOpen();
@@ -136987,15 +137067,15 @@ var FileStore = class {
136987
137067
  }
136988
137068
  createTask(task) {
136989
137069
  this.ensureOpen();
136990
- const copy = clone(task);
137070
+ const copy = clone2(task);
136991
137071
  this.tasks.set(copy.id, copy);
136992
137072
  this.persistSection("tasks");
136993
- return clone(copy);
137073
+ return clone2(copy);
136994
137074
  }
136995
137075
  getTask(id) {
136996
137076
  this.ensureOpen();
136997
137077
  const task = this.tasks.get(id);
136998
- return task === void 0 ? null : clone(task);
137078
+ return task === void 0 ? null : clone2(task);
136999
137079
  }
137000
137080
  getAllTasks(filter = {}) {
137001
137081
  this.ensureOpen();
@@ -137012,7 +137092,7 @@ var FileStore = class {
137012
137092
  const offset = normalizeBound(filter.offset) ?? 0;
137013
137093
  const limit = normalizeBound(filter.limit);
137014
137094
  const sliced = limit === void 0 ? tasks.slice(offset) : tasks.slice(offset, offset + limit);
137015
- return sliced.map((task) => clone(task));
137095
+ return sliced.map((task) => clone2(task));
137016
137096
  }
137017
137097
  updateTask(id, updates) {
137018
137098
  this.ensureOpen();
@@ -137022,12 +137102,12 @@ var FileStore = class {
137022
137102
  }
137023
137103
  const merged = {
137024
137104
  ...current,
137025
- ...clone(updates),
137105
+ ...clone2(updates),
137026
137106
  id: current.id
137027
137107
  };
137028
137108
  this.tasks.set(id, merged);
137029
137109
  this.persistSection("tasks");
137030
- return clone(merged);
137110
+ return clone2(merged);
137031
137111
  }
137032
137112
  deleteTask(id) {
137033
137113
  this.ensureOpen();
@@ -137085,28 +137165,28 @@ var FileStore = class {
137085
137165
  }
137086
137166
  createTaskShare(share) {
137087
137167
  this.ensureOpen();
137088
- const copy = clone(share);
137168
+ const copy = clone2(share);
137089
137169
  this.shares.set(copy.id, copy);
137090
137170
  this.persistSection("shares");
137091
- return clone(copy);
137171
+ return clone2(copy);
137092
137172
  }
137093
137173
  getTaskShare(id) {
137094
137174
  this.ensureOpen();
137095
137175
  const share = this.shares.get(id);
137096
- return share === void 0 ? null : clone(share);
137176
+ return share === void 0 ? null : clone2(share);
137097
137177
  }
137098
137178
  getTaskShareByTaskId(taskId) {
137099
137179
  this.ensureOpen();
137100
137180
  for (const share of this.shares.values()) {
137101
137181
  if (share.taskId === taskId && share.revokedAt === void 0) {
137102
- return clone(share);
137182
+ return clone2(share);
137103
137183
  }
137104
137184
  }
137105
137185
  return null;
137106
137186
  }
137107
137187
  getAllTaskShares() {
137108
137188
  this.ensureOpen();
137109
- return Array.from(this.shares.values(), (share) => clone(share));
137189
+ return Array.from(this.shares.values(), (share) => clone2(share));
137110
137190
  }
137111
137191
  updateTaskShare(id, updates) {
137112
137192
  this.ensureOpen();
@@ -137116,12 +137196,12 @@ var FileStore = class {
137116
137196
  }
137117
137197
  const merged = {
137118
137198
  ...current,
137119
- ...clone(updates),
137199
+ ...clone2(updates),
137120
137200
  id: current.id
137121
137201
  };
137122
137202
  this.shares.set(id, merged);
137123
137203
  this.persistSection("shares");
137124
- return clone(merged);
137204
+ return clone2(merged);
137125
137205
  }
137126
137206
  getElectionValue(key2) {
137127
137207
  this.ensureOpen();
@@ -137156,7 +137236,7 @@ var FileStore = class {
137156
137236
  }
137157
137237
  loadNodes() {
137158
137238
  const raw3 = this.readJsonFile("nodes");
137159
- if (!isPlainObject(raw3)) {
137239
+ if (!isPlainObject2(raw3)) {
137160
137240
  this.markDirty("nodes");
137161
137241
  return /* @__PURE__ */ new Map();
137162
137242
  }
@@ -137176,7 +137256,7 @@ var FileStore = class {
137176
137256
  }
137177
137257
  loadTasks() {
137178
137258
  const raw3 = this.readJsonFile("tasks");
137179
- if (!isPlainObject(raw3)) {
137259
+ if (!isPlainObject2(raw3)) {
137180
137260
  this.markDirty("tasks");
137181
137261
  return /* @__PURE__ */ new Map();
137182
137262
  }
@@ -137196,7 +137276,7 @@ var FileStore = class {
137196
137276
  }
137197
137277
  loadTaskShares() {
137198
137278
  const raw3 = this.readJsonFile("shares");
137199
- if (!isPlainObject(raw3)) {
137279
+ if (!isPlainObject2(raw3)) {
137200
137280
  this.markDirty("shares");
137201
137281
  return /* @__PURE__ */ new Map();
137202
137282
  }
@@ -137216,7 +137296,7 @@ var FileStore = class {
137216
137296
  }
137217
137297
  loadElection() {
137218
137298
  const raw3 = this.readJsonFile("election");
137219
- if (!isPlainObject(raw3)) {
137299
+ if (!isPlainObject2(raw3)) {
137220
137300
  this.markDirty("election");
137221
137301
  return /* @__PURE__ */ new Map();
137222
137302
  }
@@ -137274,7 +137354,7 @@ var FileStore = class {
137274
137354
  serializeSection(section) {
137275
137355
  switch (section) {
137276
137356
  case "cluster":
137277
- return this.cluster === null ? null : clone(this.cluster);
137357
+ return this.cluster === null ? null : clone2(this.cluster);
137278
137358
  case "nodes":
137279
137359
  return Object.fromEntries(sortEntries(this.nodes));
137280
137360
  case "tasks":
@@ -137304,7 +137384,7 @@ var FileStore = class {
137304
137384
  }
137305
137385
  }
137306
137386
  };
137307
- function clone(value) {
137387
+ function clone2(value) {
137308
137388
  return structuredClone(value);
137309
137389
  }
137310
137390
  function normalizeBound(value) {
@@ -137332,23 +137412,23 @@ function createPriorityCounter() {
137332
137412
  critical: 0
137333
137413
  };
137334
137414
  }
137335
- function isPlainObject(value) {
137415
+ function isPlainObject2(value) {
137336
137416
  return typeof value === "object" && value !== null && !Array.isArray(value);
137337
137417
  }
137338
137418
  function parseStringArray(value) {
137339
137419
  return Array.isArray(value) && value.every((item) => typeof item === "string") ? [...value] : void 0;
137340
137420
  }
137341
137421
  function parseNodeSettingsSnapshot(value) {
137342
- if (!isPlainObject(value)) {
137422
+ if (!isPlainObject2(value)) {
137343
137423
  return void 0;
137344
137424
  }
137345
137425
  if (typeof value.collectedAt !== "number" || !Number.isFinite(value.collectedAt) || typeof value.version !== "string" || typeof value.uptime !== "number" || !Number.isFinite(value.uptime)) {
137346
137426
  return void 0;
137347
137427
  }
137348
- return clone(value);
137428
+ return clone2(value);
137349
137429
  }
137350
137430
  function parseDevTunnelHealth(value) {
137351
- if (!isPlainObject(value)) {
137431
+ if (!isPlainObject2(value)) {
137352
137432
  return void 0;
137353
137433
  }
137354
137434
  if (value.status !== "healthy" && value.status !== "failed" || typeof value.checkedAt !== "number" || !Number.isFinite(value.checkedAt)) {
@@ -137364,10 +137444,10 @@ function parseDevTunnelHealth(value) {
137364
137444
  };
137365
137445
  }
137366
137446
  function isClusterInfo(value) {
137367
- return isPlainObject(value) && typeof value.clusterId === "string" && typeof value.createdAt === "number" && Number.isFinite(value.createdAt);
137447
+ return isPlainObject2(value) && typeof value.clusterId === "string" && typeof value.createdAt === "number" && Number.isFinite(value.createdAt);
137368
137448
  }
137369
137449
  function parseNodeInfo(value) {
137370
- if (!isPlainObject(value)) {
137450
+ if (!isPlainObject2(value)) {
137371
137451
  return null;
137372
137452
  }
137373
137453
  const role = asNodeRole(value.role);
@@ -137393,41 +137473,8 @@ function parseNodeInfo(value) {
137393
137473
  settingsSnapshot: parseNodeSettingsSnapshot(value.settingsSnapshot)
137394
137474
  };
137395
137475
  }
137396
- function parseTask(value) {
137397
- if (!isPlainObject(value)) {
137398
- return null;
137399
- }
137400
- const status = asTaskStatus(value.status);
137401
- const priority = asTaskPriority(value.priority);
137402
- const conversationKind = value.conversationKind === void 0 ? "meshyChat" : asTaskConversationKind(value.conversationKind);
137403
- if (typeof value.id !== "string" || typeof value.title !== "string" || typeof value.description !== "string" || typeof value.agent !== "string" || value.project !== null && typeof value.project !== "string" || value.effectiveProjectPath !== null && value.effectiveProjectPath !== void 0 && typeof value.effectiveProjectPath !== "string" || value.branch !== null && value.branch !== void 0 && typeof value.branch !== "string" || conversationKind === null || !isPlainObject(value.payload) || status === null || priority === null || value.assignedTo !== null && typeof value.assignedTo !== "string" || value.assignedNodeName !== void 0 && value.assignedNodeName !== null && typeof value.assignedNodeName !== "string" || typeof value.createdBy !== "string" || value.result !== null && !isPlainObject(value.result) || value.error !== null && typeof value.error !== "string" || typeof value.retryCount !== "number" || !Number.isFinite(value.retryCount) || typeof value.maxRetries !== "number" || !Number.isFinite(value.maxRetries) || typeof value.createdAt !== "number" || !Number.isFinite(value.createdAt) || typeof value.updatedAt !== "number" || !Number.isFinite(value.updatedAt)) {
137404
- return null;
137405
- }
137406
- return {
137407
- id: value.id,
137408
- title: value.title,
137409
- description: value.description,
137410
- agent: value.agent,
137411
- project: value.project ?? null,
137412
- effectiveProjectPath: typeof value.effectiveProjectPath === "string" ? value.effectiveProjectPath : null,
137413
- branch: value.branch === void 0 ? void 0 : typeof value.branch === "string" ? value.branch : null,
137414
- conversationKind,
137415
- payload: clone(value.payload),
137416
- status,
137417
- priority,
137418
- assignedTo: value.assignedTo,
137419
- assignedNodeName: typeof value.assignedNodeName === "string" ? value.assignedNodeName : null,
137420
- createdBy: value.createdBy,
137421
- result: value.result === null ? null : clone(value.result),
137422
- error: value.error,
137423
- retryCount: value.retryCount,
137424
- maxRetries: value.maxRetries,
137425
- createdAt: value.createdAt,
137426
- updatedAt: value.updatedAt
137427
- };
137428
- }
137429
137476
  function parseTaskShare(value) {
137430
- if (!isPlainObject(value)) {
137477
+ if (!isPlainObject2(value)) {
137431
137478
  return null;
137432
137479
  }
137433
137480
  if (typeof value.id !== "string" || typeof value.taskId !== "string" || typeof value.createdAt !== "number" || !Number.isFinite(value.createdAt) || value.revokedAt !== void 0 && (typeof value.revokedAt !== "number" || !Number.isFinite(value.revokedAt))) {
@@ -137455,20 +137502,11 @@ function asNodeRole(value) {
137455
137502
  function asNodeStatus(value) {
137456
137503
  return isNodeStatus(value) ? value : null;
137457
137504
  }
137458
- function asTaskStatus(value) {
137459
- return isTaskStatus(value) ? value : null;
137460
- }
137461
- function asTaskPriority(value) {
137462
- return isTaskPriority(value) ? value : null;
137463
- }
137464
- function asTaskConversationKind(value) {
137465
- return isTaskConversationKind(value) ? value : null;
137466
- }
137467
137505
  function sortEntries(input) {
137468
137506
  return Array.from(input.entries()).sort(([left], [right]) => left.localeCompare(right));
137469
137507
  }
137470
137508
  function isRecoverableAtomicReplaceError(err) {
137471
- if (!isPlainObject(err)) {
137509
+ if (!isPlainObject2(err)) {
137472
137510
  return false;
137473
137511
  }
137474
137512
  const code4 = err.code;
@@ -139924,7 +139962,10 @@ var ExecutionEngine = class {
139924
139962
  buildConfig(task) {
139925
139963
  const config2 = {};
139926
139964
  const p2 = task.payload;
139927
- if (typeof p2.model === "string") config2.model = p2.model;
139965
+ if (typeof p2.model === "string") {
139966
+ const model = p2.model.trim();
139967
+ if (model) config2.model = model;
139968
+ }
139928
139969
  if (typeof p2.systemPrompt === "string") config2.systemPrompt = p2.systemPrompt;
139929
139970
  if (Array.isArray(p2.allowedTools) && p2.allowedTools.every((t) => typeof t === "string")) {
139930
139971
  config2.allowedTools = p2.allowedTools;
@@ -141170,6 +141211,10 @@ function getCurrentGitBranch(workDir) {
141170
141211
  init_cjs_shims();
141171
141212
  var import_node_child_process3 = require("child_process");
141172
141213
 
141214
+ // ../../packages/core/src/agents/agent-models.ts
141215
+ init_cjs_shims();
141216
+ var DEFAULT_CLAUDE_CODE_MODEL = "claude-opus-4-8[1m]";
141217
+
141173
141218
  // ../../packages/core/src/agents/cli-invocations.ts
141174
141219
  init_cjs_shims();
141175
141220
  var fs9 = __toESM(require("fs"), 1);
@@ -141412,7 +141457,7 @@ var ClaudeLiteAdapter = class {
141412
141457
  "json",
141413
141458
  "--no-session-persistence",
141414
141459
  "--model",
141415
- options.model ?? "sonnet",
141460
+ options.model ?? DEFAULT_CLAUDE_CODE_MODEL,
141416
141461
  "--permission-mode",
141417
141462
  "default",
141418
141463
  "--tools",
@@ -141459,7 +141504,6 @@ init_cjs_shims();
141459
141504
  var fs10 = __toESM(require("fs"), 1);
141460
141505
  var path10 = __toESM(require("path"), 1);
141461
141506
  var import_node_child_process4 = require("child_process");
141462
- var DEFAULT_CLAUDE_MODEL = "sonnet";
141463
141507
  function buildClaudeModeArgs(mode) {
141464
141508
  switch (mode) {
141465
141509
  case "plan":
@@ -141474,7 +141518,7 @@ function buildClaudeModeArgs(mode) {
141474
141518
  }
141475
141519
  }
141476
141520
  function getClaudeModelArg(model) {
141477
- return model ?? DEFAULT_CLAUDE_MODEL;
141521
+ return model ?? DEFAULT_CLAUDE_CODE_MODEL;
141478
141522
  }
141479
141523
  function getClaudeStreamError(event) {
141480
141524
  if (event.type !== "result") {
@@ -144758,6 +144802,452 @@ ${joinErrors.map((e) => ` - ${e}`).join("\n")}`
144758
144802
  }
144759
144803
  };
144760
144804
 
144805
+ // ../../packages/core/src/mobile-auth/index.ts
144806
+ init_cjs_shims();
144807
+
144808
+ // ../../packages/core/src/mobile-auth/protocol/index.ts
144809
+ init_cjs_shims();
144810
+
144811
+ // ../../packages/core/src/mobile-auth/protocol/qr.ts
144812
+ init_cjs_shims();
144813
+ var MOBILE_PAIRING_QR_TYPE = "meshy.mobile.pairing";
144814
+ var MOBILE_PAIRING_QR_VERSION = 3;
144815
+ function buildPairingQrPayload(payload) {
144816
+ return {
144817
+ type: MOBILE_PAIRING_QR_TYPE,
144818
+ version: MOBILE_PAIRING_QR_VERSION,
144819
+ ...payload
144820
+ };
144821
+ }
144822
+ function serializePairingQrPayload(payload) {
144823
+ return JSON.stringify(payload);
144824
+ }
144825
+
144826
+ // ../../packages/core/src/mobile-auth/audit.ts
144827
+ init_cjs_shims();
144828
+ function createLoggerAuditRecorder(logger33) {
144829
+ const auditLog = logger33.child("mobile-audit");
144830
+ return {
144831
+ record(event) {
144832
+ const { eventType, ...rest } = event;
144833
+ auditLog.info(eventType, {
144834
+ timestamp: event.timestamp ?? (/* @__PURE__ */ new Date()).toISOString(),
144835
+ ...rest
144836
+ });
144837
+ }
144838
+ };
144839
+ }
144840
+
144841
+ // ../../packages/core/src/mobile-auth/pairing-invitations.ts
144842
+ init_cjs_shims();
144843
+ var MobilePairingInvitationError = class extends Error {
144844
+ constructor(code4, message, statusCode) {
144845
+ super(message);
144846
+ this.code = code4;
144847
+ this.statusCode = statusCode;
144848
+ this.name = "MobilePairingInvitationError";
144849
+ }
144850
+ code;
144851
+ statusCode;
144852
+ };
144853
+ var DEFAULT_TTL_MS = 5 * 60 * 1e3;
144854
+ var DEFAULT_MAX_TTL_MS = 10 * 60 * 1e3;
144855
+ var DEFAULT_MAX_USES = 1;
144856
+ function normalizePositiveInteger2(value, fallback) {
144857
+ if (typeof value !== "number" || !Number.isFinite(value)) return fallback;
144858
+ return Math.max(1, Math.floor(value));
144859
+ }
144860
+ function requireApiBaseUrl(value) {
144861
+ const trimmed = value?.trim();
144862
+ if (!trimmed) {
144863
+ throw new MobilePairingInvitationError("MOBILE_ENDPOINT_UNAVAILABLE", "mobile API endpoint is not available", 409);
144864
+ }
144865
+ try {
144866
+ const url3 = new URL(trimmed);
144867
+ return url3.toString().replace(/\/$/, "");
144868
+ } catch {
144869
+ throw new MobilePairingInvitationError("INVALID_MOBILE_ENDPOINT", "mobile API endpoint is invalid", 400);
144870
+ }
144871
+ }
144872
+ var MobilePairingInvitationService = class {
144873
+ constructor(options) {
144874
+ this.options = options;
144875
+ this.now = options.now ?? (() => Date.now());
144876
+ this.defaultTtlMs = options.defaultTtlMs ?? DEFAULT_TTL_MS;
144877
+ this.maxTtlMs = options.maxTtlMs ?? DEFAULT_MAX_TTL_MS;
144878
+ this.defaultMaxUses = options.defaultMaxUses ?? DEFAULT_MAX_USES;
144879
+ }
144880
+ options;
144881
+ invitations = /* @__PURE__ */ new Map();
144882
+ connections = /* @__PURE__ */ new Map();
144883
+ now;
144884
+ defaultTtlMs;
144885
+ maxTtlMs;
144886
+ defaultMaxUses;
144887
+ createInvitation(input = {}) {
144888
+ this.expireStaleInvitations();
144889
+ const apiBaseUrl = requireApiBaseUrl(input.apiBaseUrl ?? this.options.getApiBaseUrl());
144890
+ const now = this.now();
144891
+ const ttlMs = Math.min(normalizePositiveInteger2(input.ttlMs, this.defaultTtlMs), this.maxTtlMs);
144892
+ const maxUses = normalizePositiveInteger2(input.maxUses, this.defaultMaxUses);
144893
+ const invitation = {
144894
+ version: 1,
144895
+ pairingId: `pair_${nanoid(24)}`,
144896
+ nodeId: this.options.nodeId,
144897
+ nodeName: this.options.nodeName,
144898
+ apiBaseUrl,
144899
+ createdAt: new Date(now).toISOString(),
144900
+ expiresAt: new Date(now + ttlMs).toISOString(),
144901
+ maxUses,
144902
+ usedCount: 0,
144903
+ ...input.createdBy ? { createdBy: input.createdBy } : {},
144904
+ status: "active"
144905
+ };
144906
+ this.invitations.set(invitation.pairingId, invitation);
144907
+ this.options.audit?.record({
144908
+ eventType: "mobile.pairing.created",
144909
+ pairingId: invitation.pairingId,
144910
+ nodeId: invitation.nodeId,
144911
+ outcome: "success"
144912
+ });
144913
+ return {
144914
+ invitation: { ...invitation },
144915
+ qr: buildPairingQrPayload({
144916
+ nodeId: invitation.nodeId,
144917
+ nodeName: invitation.nodeName,
144918
+ apiBaseUrl: invitation.apiBaseUrl,
144919
+ pairingId: invitation.pairingId,
144920
+ expiresAt: invitation.expiresAt,
144921
+ maxUses: invitation.maxUses,
144922
+ aad: this.options.aad
144923
+ })
144924
+ };
144925
+ }
144926
+ getInvitation(pairingId) {
144927
+ this.expireStaleInvitations();
144928
+ const invitation = this.invitations.get(pairingId);
144929
+ return invitation ? { ...invitation } : null;
144930
+ }
144931
+ listInvitations() {
144932
+ this.expireStaleInvitations();
144933
+ return [...this.invitations.values()].map((invitation) => ({ ...invitation }));
144934
+ }
144935
+ consumeInvitation(pairingId, input) {
144936
+ this.expireStaleInvitations();
144937
+ const invitation = this.invitations.get(pairingId);
144938
+ if (!invitation) {
144939
+ throw new MobilePairingInvitationError("PAIRING_NOT_FOUND", "unknown pairing invitation", 404);
144940
+ }
144941
+ if (invitation.status !== "active") {
144942
+ throw new MobilePairingInvitationError("PAIRING_NOT_ACTIVE", `pairing invitation is ${invitation.status}`, 409);
144943
+ }
144944
+ if (invitation.usedCount >= invitation.maxUses) {
144945
+ invitation.status = "consumed";
144946
+ throw new MobilePairingInvitationError("PAIRING_CONSUMED", "pairing invitation has no remaining uses", 409);
144947
+ }
144948
+ invitation.usedCount += 1;
144949
+ if (invitation.usedCount >= invitation.maxUses) {
144950
+ invitation.status = "consumed";
144951
+ }
144952
+ const connection = {
144953
+ connectionId: `conn_${nanoid(24)}`,
144954
+ nodeId: invitation.nodeId,
144955
+ nodeName: invitation.nodeName,
144956
+ apiBaseUrl: invitation.apiBaseUrl,
144957
+ pairedAt: new Date(this.now()).toISOString(),
144958
+ ...input.deviceName ? { deviceName: input.deviceName } : {},
144959
+ ...input.platform ? { platform: input.platform } : {},
144960
+ ...input.appVersion ? { appVersion: input.appVersion } : {},
144961
+ tokenSubject: {
144962
+ tenantId: input.identity.tenantId,
144963
+ ...input.identity.objectId ? { oid: input.identity.objectId } : {},
144964
+ upn: input.identity.upn
144965
+ }
144966
+ };
144967
+ this.connections.set(connection.connectionId, connection);
144968
+ this.options.audit?.record({
144969
+ eventType: "mobile.pairing.consumed",
144970
+ pairingId,
144971
+ nodeId: invitation.nodeId,
144972
+ outcome: "success",
144973
+ sourceAddress: input.sourceAddress,
144974
+ outerPrincipal: input.identity.upn
144975
+ });
144976
+ return { ...connection, tokenSubject: { ...connection.tokenSubject } };
144977
+ }
144978
+ cancelInvitation(pairingId) {
144979
+ this.expireStaleInvitations();
144980
+ const invitation = this.invitations.get(pairingId);
144981
+ if (!invitation || invitation.status !== "active") return false;
144982
+ invitation.status = "cancelled";
144983
+ this.options.audit?.record({
144984
+ eventType: "mobile.pairing.cancelled",
144985
+ pairingId,
144986
+ nodeId: invitation.nodeId,
144987
+ outcome: "success"
144988
+ });
144989
+ return true;
144990
+ }
144991
+ listConnections() {
144992
+ return [...this.connections.values()].map((connection) => ({
144993
+ ...connection,
144994
+ tokenSubject: { ...connection.tokenSubject }
144995
+ }));
144996
+ }
144997
+ revokeConnection(connectionId) {
144998
+ const connection = this.connections.get(connectionId);
144999
+ const deleted = this.connections.delete(connectionId);
145000
+ if (deleted) {
145001
+ this.options.audit?.record({
145002
+ eventType: "mobile.connection.revoked",
145003
+ nodeId: connection?.nodeId,
145004
+ outcome: "success"
145005
+ });
145006
+ }
145007
+ return deleted;
145008
+ }
145009
+ dispose() {
145010
+ this.invitations.clear();
145011
+ this.connections.clear();
145012
+ }
145013
+ expireStaleInvitations() {
145014
+ const now = this.now();
145015
+ for (const invitation of this.invitations.values()) {
145016
+ if (invitation.status === "active" && Date.parse(invitation.expiresAt) <= now) {
145017
+ invitation.status = "expired";
145018
+ this.options.audit?.record({
145019
+ eventType: "mobile.pairing.expired",
145020
+ pairingId: invitation.pairingId,
145021
+ nodeId: invitation.nodeId,
145022
+ outcome: "failure",
145023
+ reason: "expired"
145024
+ });
145025
+ }
145026
+ }
145027
+ }
145028
+ };
145029
+
145030
+ // ../../packages/core/src/mobile-auth/aad-validator.ts
145031
+ init_cjs_shims();
145032
+ var crypto4 = __toESM(require("crypto"), 1);
145033
+
145034
+ // ../../packages/core/src/mobile-auth/protocol/base64url.ts
145035
+ init_cjs_shims();
145036
+ var ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
145037
+ var DECODE_TABLE = (() => {
145038
+ const table2 = new Int16Array(128).fill(-1);
145039
+ for (let i = 0; i < ALPHABET.length; i += 1) {
145040
+ table2[ALPHABET.charCodeAt(i)] = i;
145041
+ }
145042
+ return table2;
145043
+ })();
145044
+ function fromBase64Url(text10) {
145045
+ const length = text10.length;
145046
+ const remainder = length % 4;
145047
+ if (remainder === 1) {
145048
+ throw new Error("mobile-auth: invalid base64url length");
145049
+ }
145050
+ const fullGroups = Math.floor(length / 4);
145051
+ let outLength = fullGroups * 3;
145052
+ if (remainder === 2) {
145053
+ outLength += 1;
145054
+ } else if (remainder === 3) {
145055
+ outLength += 2;
145056
+ }
145057
+ const out = new Uint8Array(outLength);
145058
+ let outIndex = 0;
145059
+ let i = 0;
145060
+ const decode2 = (charCode) => {
145061
+ const value = charCode < 128 ? DECODE_TABLE[charCode] ?? -1 : -1;
145062
+ if (value < 0) {
145063
+ throw new Error("mobile-auth: invalid base64url character");
145064
+ }
145065
+ return value;
145066
+ };
145067
+ for (; i + 4 <= length; i += 4) {
145068
+ const c0 = decode2(text10.charCodeAt(i));
145069
+ const c1 = decode2(text10.charCodeAt(i + 1));
145070
+ const c2 = decode2(text10.charCodeAt(i + 2));
145071
+ const c3 = decode2(text10.charCodeAt(i + 3));
145072
+ out[outIndex++] = c0 << 2 | c1 >> 4;
145073
+ out[outIndex++] = (c1 & 15) << 4 | c2 >> 2;
145074
+ out[outIndex++] = (c2 & 3) << 6 | c3;
145075
+ }
145076
+ if (remainder === 2) {
145077
+ const c0 = decode2(text10.charCodeAt(i));
145078
+ const c1 = decode2(text10.charCodeAt(i + 1));
145079
+ out[outIndex++] = c0 << 2 | c1 >> 4;
145080
+ } else if (remainder === 3) {
145081
+ const c0 = decode2(text10.charCodeAt(i));
145082
+ const c1 = decode2(text10.charCodeAt(i + 1));
145083
+ const c2 = decode2(text10.charCodeAt(i + 2));
145084
+ out[outIndex++] = c0 << 2 | c1 >> 4;
145085
+ out[outIndex++] = (c1 & 15) << 4 | c2 >> 2;
145086
+ }
145087
+ return out;
145088
+ }
145089
+
145090
+ // ../../packages/core/src/mobile-auth/protocol/bytes.ts
145091
+ init_cjs_shims();
145092
+ function bytesToUtf8(bytes) {
145093
+ return new TextDecoder().decode(bytes);
145094
+ }
145095
+
145096
+ // ../../packages/core/src/mobile-auth/aad-validator.ts
145097
+ var DEFAULT_JWKS_TTL_MS = 60 * 60 * 1e3;
145098
+ var DEFAULT_CLOCK_SKEW_SEC = 120;
145099
+ function decodeJsonSegment(segment) {
145100
+ return JSON.parse(bytesToUtf8(fromBase64Url(segment)));
145101
+ }
145102
+ function parseJwt(token) {
145103
+ const parts = token.split(".");
145104
+ if (parts.length !== 3) {
145105
+ return null;
145106
+ }
145107
+ const [headerB64, payloadB64, signatureB64] = parts;
145108
+ try {
145109
+ return {
145110
+ header: decodeJsonSegment(headerB64),
145111
+ payload: decodeJsonSegment(payloadB64),
145112
+ signingInput: `${headerB64}.${payloadB64}`,
145113
+ signature: Buffer.from(fromBase64Url(signatureB64))
145114
+ };
145115
+ } catch {
145116
+ return null;
145117
+ }
145118
+ }
145119
+ async function defaultJwksFetch(tenantId) {
145120
+ const response = await globalThis.fetch(
145121
+ `https://login.microsoftonline.com/${encodeURIComponent(tenantId)}/discovery/v2.0/keys`
145122
+ );
145123
+ if (!response.ok) {
145124
+ throw new Error(`mobile-auth: AAD JWKS fetch failed with status ${response.status}`);
145125
+ }
145126
+ return await response.json();
145127
+ }
145128
+ var MobileAadTokenValidator = class {
145129
+ allowedTenants;
145130
+ audiences;
145131
+ allowedUpns;
145132
+ allowedUpnDomains;
145133
+ jwksFetch;
145134
+ now;
145135
+ clockSkewSec;
145136
+ jwksTtlMs;
145137
+ jwksCache = /* @__PURE__ */ new Map();
145138
+ constructor(config2) {
145139
+ this.allowedTenants = new Set(config2.allowedTenants.map((t) => t.toLowerCase()));
145140
+ this.audiences = new Set(config2.audiences);
145141
+ this.allowedUpns = config2.allowedUpns ? new Set(config2.allowedUpns.map((u) => u.toLowerCase())) : void 0;
145142
+ this.allowedUpnDomains = config2.allowedUpnDomains ? new Set(config2.allowedUpnDomains.map((d) => d.toLowerCase())) : void 0;
145143
+ this.jwksFetch = config2.jwksFetch ?? defaultJwksFetch;
145144
+ this.now = config2.now ?? (() => Date.now());
145145
+ this.clockSkewSec = config2.clockSkewSec ?? DEFAULT_CLOCK_SKEW_SEC;
145146
+ this.jwksTtlMs = config2.jwksTtlMs ?? DEFAULT_JWKS_TTL_MS;
145147
+ }
145148
+ async validate(authorization) {
145149
+ const token = (authorization ?? "").replace(/^Bearer\s+/i, "").trim();
145150
+ if (!token) {
145151
+ return { ok: false, reason: "missing-token" };
145152
+ }
145153
+ const jwt2 = parseJwt(token);
145154
+ if (!jwt2) {
145155
+ return { ok: false, reason: "malformed-token" };
145156
+ }
145157
+ if (jwt2.header.alg !== "RS256" || !jwt2.header.kid) {
145158
+ return { ok: false, reason: "unsupported-alg" };
145159
+ }
145160
+ const tid = typeof jwt2.payload.tid === "string" ? jwt2.payload.tid.toLowerCase() : void 0;
145161
+ if (!tid || !this.allowedTenants.has(tid)) {
145162
+ return { ok: false, reason: "tenant-not-allowed" };
145163
+ }
145164
+ let verified = false;
145165
+ try {
145166
+ verified = await this.verifySignature(tid, jwt2.header.kid, jwt2.signingInput, jwt2.signature);
145167
+ } catch {
145168
+ return { ok: false, reason: "jwks-error" };
145169
+ }
145170
+ if (!verified) {
145171
+ return { ok: false, reason: "bad-signature" };
145172
+ }
145173
+ const nowSec = Math.floor(this.now() / 1e3);
145174
+ const exp = typeof jwt2.payload.exp === "number" ? jwt2.payload.exp : 0;
145175
+ const nbf = typeof jwt2.payload.nbf === "number" ? jwt2.payload.nbf : 0;
145176
+ if (exp + this.clockSkewSec < nowSec) {
145177
+ return { ok: false, reason: "expired" };
145178
+ }
145179
+ if (nbf - this.clockSkewSec > nowSec) {
145180
+ return { ok: false, reason: "not-yet-valid" };
145181
+ }
145182
+ const iss = typeof jwt2.payload.iss === "string" ? jwt2.payload.iss : "";
145183
+ if (iss !== `https://login.microsoftonline.com/${tid}/v2.0` && iss !== `https://sts.windows.net/${tid}/`) {
145184
+ return { ok: false, reason: "bad-issuer" };
145185
+ }
145186
+ const aud = jwt2.payload.aud;
145187
+ const audValues = Array.isArray(aud) ? aud : [aud];
145188
+ if (!audValues.some((value) => typeof value === "string" && this.audiences.has(value))) {
145189
+ return { ok: false, reason: "bad-audience" };
145190
+ }
145191
+ const upnRaw = typeof jwt2.payload.upn === "string" ? jwt2.payload.upn : typeof jwt2.payload.preferred_username === "string" ? jwt2.payload.preferred_username : "";
145192
+ const upn = upnRaw.trim().toLowerCase();
145193
+ if (!upn || !upn.includes("@")) {
145194
+ return { ok: false, reason: "invalid-upn" };
145195
+ }
145196
+ if (this.allowedUpns && !this.allowedUpns.has(upn)) {
145197
+ return { ok: false, reason: "upn-not-allowed" };
145198
+ }
145199
+ if (this.allowedUpnDomains) {
145200
+ const domain2 = upn.slice(upn.indexOf("@") + 1);
145201
+ if (!this.allowedUpnDomains.has(domain2)) {
145202
+ return { ok: false, reason: "upn-domain-not-allowed" };
145203
+ }
145204
+ }
145205
+ return {
145206
+ ok: true,
145207
+ identity: {
145208
+ tenantId: tid,
145209
+ upn,
145210
+ objectId: typeof jwt2.payload.oid === "string" ? jwt2.payload.oid : void 0,
145211
+ name: typeof jwt2.payload.name === "string" ? jwt2.payload.name : void 0
145212
+ }
145213
+ };
145214
+ }
145215
+ async verifySignature(tenantId, kid, signingInput, signature) {
145216
+ let key2 = await this.findKey(tenantId, kid, false);
145217
+ if (!key2) {
145218
+ key2 = await this.findKey(tenantId, kid, true);
145219
+ }
145220
+ if (!key2 || key2.kty !== "RSA" || !key2.n || !key2.e) {
145221
+ return false;
145222
+ }
145223
+ try {
145224
+ const publicKey = crypto4.createPublicKey({ key: { kty: "RSA", n: key2.n, e: key2.e }, format: "jwk" });
145225
+ return crypto4.createVerify("RSA-SHA256").update(signingInput).verify(publicKey, signature);
145226
+ } catch {
145227
+ return false;
145228
+ }
145229
+ }
145230
+ async findKey(tenantId, kid, forceRefresh) {
145231
+ const cached2 = this.jwksCache.get(tenantId);
145232
+ const fresh = cached2 && !forceRefresh && this.now() - cached2.fetchedAt < this.jwksTtlMs;
145233
+ let jwks = fresh ? cached2.jwks : void 0;
145234
+ if (!jwks) {
145235
+ jwks = await this.jwksFetch(tenantId);
145236
+ this.jwksCache.set(tenantId, { jwks, fetchedAt: this.now() });
145237
+ }
145238
+ return jwks.keys.find((entry) => entry.kid === kid);
145239
+ }
145240
+ };
145241
+
145242
+ // ../../packages/core/src/mobile-auth/ingress/index.ts
145243
+ init_cjs_shims();
145244
+
145245
+ // ../../packages/core/src/mobile-auth/ingress/types.ts
145246
+ init_cjs_shims();
145247
+
145248
+ // ../../packages/core/src/mobile-auth/ingress/devtunnel.ts
145249
+ init_cjs_shims();
145250
+
144761
145251
  // ../../packages/api/src/index.ts
144762
145252
  init_cjs_shims();
144763
145253
 
@@ -145342,7 +145832,7 @@ var BatchTaskIdsBody = external_exports.object({
145342
145832
  init_cjs_shims();
145343
145833
  var path32 = __toESM(require("path"), 1);
145344
145834
  var fs27 = __toESM(require("fs"), 1);
145345
- var import_express17 = __toESM(require_express2(), 1);
145835
+ var import_express18 = __toESM(require_express2(), 1);
145346
145836
 
145347
145837
  // ../../packages/api/src/middleware/auth.ts
145348
145838
  init_cjs_shims();
@@ -145433,56 +145923,129 @@ function getAuthLogger(req) {
145433
145923
  function getBearerAuthHeader(req) {
145434
145924
  return req.headers[MESHY_AUTHORIZATION_HEADER] ?? req.headers.authorization;
145435
145925
  }
145436
- function createAuthMiddleware(config2) {
145437
- return (req, _res, next2) => {
145438
- const log2 = getAuthLogger(req);
145439
- if (SKIP_AUTH_PATHS.includes(req.path)) {
145440
- next2();
145926
+ function isPromiseLike(value) {
145927
+ return Boolean(value && typeof value.then === "function");
145928
+ }
145929
+ function isMobileBearerAllowed(req, config2) {
145930
+ return config2.allowMobileBearerAuth?.(req) === true;
145931
+ }
145932
+ function validateApiKey(req, config2) {
145933
+ if (!config2.apiKey) {
145934
+ return;
145935
+ }
145936
+ const provided = req.headers["x-api-key"];
145937
+ if (!provided || provided !== config2.apiKey) {
145938
+ throw new MeshyError("VALIDATION_ERROR", "Invalid or missing API key", 401);
145939
+ }
145940
+ }
145941
+ function rejectBearerRequest(req, log2, reason) {
145942
+ log2.warn("rejected bearer-authenticated request", {
145943
+ path: req.path,
145944
+ method: req.method,
145945
+ hosts: getRequestHosts(req),
145946
+ reason
145947
+ });
145948
+ throw new MeshyError("VALIDATION_ERROR", "Invalid or missing bearer token", 401, { reason });
145949
+ }
145950
+ function logAcceptedBearer(req, log2, message, reason) {
145951
+ log2.debug(message, {
145952
+ path: req.path,
145953
+ method: req.method,
145954
+ hosts: getRequestHosts(req),
145955
+ reason
145956
+ });
145957
+ }
145958
+ async function validateMobileBearer(header, config2) {
145959
+ if (!config2.validateMobileBearerToken) {
145960
+ return { ok: false, reason: "mobile-auth-unavailable" };
145961
+ }
145962
+ try {
145963
+ return await config2.validateMobileBearerToken(header);
145964
+ } catch {
145965
+ return { ok: false, reason: "mobile-auth-error" };
145966
+ }
145967
+ }
145968
+ function authenticateBearerRequest(req, config2, log2) {
145969
+ if (config2.allowTrustedHostBypass !== false && isTrustedDashboardRequest(req, config2)) {
145970
+ log2.debug("skipping bearer auth for trusted dashboard request", {
145971
+ path: req.path,
145972
+ method: req.method,
145973
+ hosts: getRequestHosts(req)
145974
+ });
145975
+ return;
145976
+ }
145977
+ const header = getBearerAuthHeader(req);
145978
+ const nodeBearer = config2.validateBearerToken(header);
145979
+ if (nodeBearer.ok) {
145980
+ logAcceptedBearer(req, log2, "accepted bearer-authenticated request", nodeBearer.reason);
145981
+ return;
145982
+ }
145983
+ if (!isMobileBearerAllowed(req, config2)) {
145984
+ rejectBearerRequest(req, log2, nodeBearer.reason);
145985
+ }
145986
+ return validateMobileBearer(header, config2).then((mobileBearer) => {
145987
+ if (mobileBearer.ok) {
145988
+ logAcceptedBearer(req, log2, "accepted mobile bearer-authenticated request", mobileBearer.reason);
145441
145989
  return;
145442
145990
  }
145443
- if (config2.validateBearerToken) {
145444
- if (config2.allowTrustedHostBypass !== false && isTrustedDashboardRequest(req, config2)) {
145445
- log2.debug("skipping bearer auth for trusted dashboard request", {
145446
- path: req.path,
145447
- method: req.method,
145448
- hosts: getRequestHosts(req)
145449
- });
145450
- next2();
145451
- return;
145452
- }
145453
- const result = config2.validateBearerToken(getBearerAuthHeader(req));
145454
- if (!result.ok) {
145455
- log2.warn("rejected bearer-authenticated request", {
145456
- path: req.path,
145457
- method: req.method,
145458
- hosts: getRequestHosts(req),
145459
- reason: result.reason
145460
- });
145461
- throw new MeshyError("VALIDATION_ERROR", "Invalid or missing bearer token", 401, {
145462
- reason: result.reason
145463
- });
145464
- }
145465
- log2.debug("accepted bearer-authenticated request", {
145466
- path: req.path,
145467
- method: req.method,
145468
- hosts: getRequestHosts(req),
145469
- reason: result.reason
145470
- });
145471
- next2();
145991
+ rejectBearerRequest(req, log2, `node:${nodeBearer.reason}; mobile:${mobileBearer.reason}`);
145992
+ });
145993
+ }
145994
+ function authenticateMobileOrApiKeyRequest(req, config2, log2) {
145995
+ return validateMobileBearer(getBearerAuthHeader(req), config2).then((mobileBearer) => {
145996
+ if (mobileBearer.ok) {
145997
+ logAcceptedBearer(req, log2, "accepted mobile bearer-authenticated request", mobileBearer.reason);
145472
145998
  return;
145473
145999
  }
145474
- if (!config2.apiKey) {
145475
- next2();
146000
+ validateApiKey(req, config2);
146001
+ });
146002
+ }
146003
+ function authenticateRequest(req, config2) {
146004
+ if (SKIP_AUTH_PATHS.includes(req.path)) {
146005
+ return;
146006
+ }
146007
+ const log2 = getAuthLogger(req);
146008
+ if (config2.validateBearerToken) {
146009
+ return authenticateBearerRequest(req, config2, log2);
146010
+ }
146011
+ if (config2.validateMobileBearerToken && isMobileBearerAllowed(req, config2)) {
146012
+ return authenticateMobileOrApiKeyRequest(req, config2, log2);
146013
+ }
146014
+ validateApiKey(req, config2);
146015
+ }
146016
+ function createAuthMiddleware(config2) {
146017
+ return (req, _res, next2) => {
146018
+ const result = authenticateRequest(req, config2);
146019
+ if (isPromiseLike(result)) {
146020
+ void result.then(() => next2(), next2);
145476
146021
  return;
145477
146022
  }
145478
- const provided = req.headers["x-api-key"];
145479
- if (!provided || provided !== config2.apiKey) {
145480
- throw new MeshyError("VALIDATION_ERROR", "Invalid or missing API key", 401);
145481
- }
145482
146023
  next2();
145483
146024
  };
145484
146025
  }
145485
146026
 
146027
+ // ../../packages/api/src/middleware/mobile-paths.ts
146028
+ init_cjs_shims();
146029
+ var MOBILE_PAIRING_CONSUME_PATH = /^\/api\/mobile\/pairings\/[^/]+\/consume$/;
146030
+ var MOBILE_REST_PATH_PREFIXES = [
146031
+ "/api/system/",
146032
+ "/api/cluster/",
146033
+ "/api/nodes",
146034
+ "/api/node-operations",
146035
+ "/api/tasks",
146036
+ "/api/events",
146037
+ "/api/shared"
146038
+ ];
146039
+ function isMobileBearerAuthPath(pathname) {
146040
+ if (MOBILE_PAIRING_CONSUME_PATH.test(pathname)) {
146041
+ return true;
146042
+ }
146043
+ if (pathname === "/api/mobile" || pathname.startsWith("/api/mobile/")) {
146044
+ return false;
146045
+ }
146046
+ return MOBILE_REST_PATH_PREFIXES.some((prefix) => pathname === prefix || pathname.startsWith(prefix));
146047
+ }
146048
+
145486
146049
  // ../../packages/api/src/middleware/routing.ts
145487
146050
  init_cjs_shims();
145488
146051
  function isRoutingMiddlewareDeps(input) {
@@ -147386,6 +147949,42 @@ function buildNodeSettingsSnapshot(options) {
147386
147949
  packages: runtimeMetadata?.packages ?? {}
147387
147950
  };
147388
147951
  }
147952
+ function buildSystemInfo(deps) {
147953
+ const self2 = deps.nodeRegistry.getSelf();
147954
+ const auth = deps.config.authMetadata ?? {
147955
+ enabled: false,
147956
+ allowSameTenant: false,
147957
+ allowedUsers: []
147958
+ };
147959
+ const settingsSnapshot = buildNodeSettingsSnapshot({
147960
+ auth,
147961
+ inspectRuntimeTools: deps.inspectRuntimeTools,
147962
+ localDashboardOrigin: deps.localDashboardOrigin,
147963
+ runtimeMetadata: deps.runtimeMetadata,
147964
+ runtimeUpdate: deps.getRuntimeUpdate?.() ?? deps.runtimeUpdate,
147965
+ storagePath: deps.storagePath,
147966
+ workDir: self2.workDir
147967
+ });
147968
+ return {
147969
+ ...self2,
147970
+ nodeId: self2.id,
147971
+ version: settingsSnapshot.version,
147972
+ packageName: settingsSnapshot.packageName,
147973
+ uptime: settingsSnapshot.uptime,
147974
+ transportType: deps.getTransportType?.() ?? "direct",
147975
+ dashboardOrigin: deps.dashboardOrigin ?? self2.dashboardOrigin,
147976
+ localDashboardOrigin: deps.localDashboardOrigin,
147977
+ auth: settingsSnapshot.auth,
147978
+ os: settingsSnapshot.os,
147979
+ runtime: settingsSnapshot.runtime,
147980
+ runtimeUpdate: settingsSnapshot.runtimeUpdate,
147981
+ agents: settingsSnapshot.agents,
147982
+ startupRequirements: settingsSnapshot.startupRequirements,
147983
+ components: settingsSnapshot.components,
147984
+ repository: settingsSnapshot.repository,
147985
+ packages: settingsSnapshot.packages
147986
+ };
147987
+ }
147389
147988
 
147390
147989
  // ../../packages/api/src/node/agent-upgrade-service.ts
147391
147990
  var AGENT_PACKAGES = {
@@ -147504,6 +148103,12 @@ function parseRuntimeRestartStartArgs(value) {
147504
148103
  }
147505
148104
  startArgs.qrCode = value.qrCode;
147506
148105
  }
148106
+ if (value.ghcTunnel !== void 0) {
148107
+ if (typeof value.ghcTunnel !== "boolean") {
148108
+ throw new MeshyError("VALIDATION_ERROR", "Runtime restart ghcTunnel must be a boolean", 400);
148109
+ }
148110
+ startArgs.ghcTunnel = value.ghcTunnel;
148111
+ }
147507
148112
  return Object.keys(startArgs).length > 0 ? startArgs : void 0;
147508
148113
  }
147509
148114
  function parseOptionalString(value, key2) {
@@ -147530,6 +148135,9 @@ var DEFAULT_POLL_INTERVAL_MS = 1e3;
147530
148135
  var DEFAULT_STARTUP_TIMEOUT_MS = 15 * 60 * 1e3;
147531
148136
  var DEFAULT_STOP_TIMEOUT_MS = 3e3;
147532
148137
  var GHC_TUNNEL_ARGS = ["-y", "ghc-tunnel@latest", "-d"];
148138
+ var GHC_TUNNEL_SETUP_ARGS = ["-y", "ghc-tunnel@latest", "--setup", "-d"];
148139
+ var GHC_TUNNEL_READY_PATTERN = /GitHub Copilot API Proxy/i;
148140
+ var GHC_TUNNEL_API_PATTERN = /^\s*(OpenAI API|Responses API|Anthropic API)\b/im;
147533
148141
  var trackedTunnels = /* @__PURE__ */ new Map();
147534
148142
  function createTail() {
147535
148143
  return { text: "", observedBytes: 0, truncated: false };
@@ -147602,11 +148210,8 @@ function tunnelArgs() {
147602
148210
  function windowsShellQuote(value) {
147603
148211
  return /[\s&()^|<>"]/.test(value) ? `"${value.replace(/"/g, '\\"')}"` : value;
147604
148212
  }
147605
- function createCopilotTunnelSpawnInvocation(host, port, platform6 = process.platform) {
147606
- void host;
147607
- void port;
148213
+ function buildNpxInvocation(displayArgs, platform6) {
147608
148214
  const displayCommand = tunnelCommand(platform6);
147609
- const displayArgs = tunnelArgs();
147610
148215
  if (platform6 !== "win32") return { command: displayCommand, args: displayArgs, displayCommand, displayArgs };
147611
148216
  return {
147612
148217
  command: "cmd.exe",
@@ -147615,6 +148220,14 @@ function createCopilotTunnelSpawnInvocation(host, port, platform6 = process.plat
147615
148220
  displayArgs
147616
148221
  };
147617
148222
  }
148223
+ function createCopilotTunnelSpawnInvocation(host, port, platform6 = process.platform) {
148224
+ void host;
148225
+ void port;
148226
+ return buildNpxInvocation(tunnelArgs(), platform6);
148227
+ }
148228
+ function createCopilotTunnelSetupInvocation(platform6 = process.platform) {
148229
+ return buildNpxInvocation([...GHC_TUNNEL_SETUP_ARGS], platform6);
148230
+ }
147618
148231
  function checkTcpPort(host, port, timeoutMs) {
147619
148232
  return new Promise((resolve24) => {
147620
148233
  const socket = import_node_net.default.createConnection({ host, port });
@@ -147655,6 +148268,9 @@ function parseGithubDeviceFlow(output) {
147655
148268
  ...expires ? { expiresInSeconds: Number(expires) } : {}
147656
148269
  };
147657
148270
  }
148271
+ function hasGithubCopilotTunnelReadyOutput(output) {
148272
+ return GHC_TUNNEL_READY_PATTERN.test(output) && GHC_TUNNEL_API_PATTERN.test(output);
148273
+ }
147658
148274
  function buildResult(options) {
147659
148275
  const available = options.available ?? (options.status === "already-running" || options.status === "available");
147660
148276
  return {
@@ -147840,8 +148456,11 @@ async function enableGithubCopilotTunnel(options = {}) {
147840
148456
  ${stderr.text}`) ?? auth;
147841
148457
  publish2(auth ? "auth-required" : "starting");
147842
148458
  };
147843
- child.stdout?.on("data", (chunk) => handleOutput(stdout, Buffer.isBuffer(chunk) ? chunk : Buffer.from(String(chunk))));
147844
- child.stderr?.on("data", (chunk) => handleOutput(stderr, Buffer.isBuffer(chunk) ? chunk : Buffer.from(String(chunk))));
148459
+ const stdoutListener = (chunk) => handleOutput(stdout, Buffer.isBuffer(chunk) ? chunk : Buffer.from(String(chunk)));
148460
+ const stderrListener = (chunk) => handleOutput(stderr, Buffer.isBuffer(chunk) ? chunk : Buffer.from(String(chunk)));
148461
+ const drainListener = (_chunk) => void 0;
148462
+ child.stdout?.on("data", stdoutListener);
148463
+ child.stderr?.on("data", stderrListener);
147845
148464
  child.once("error", (err) => {
147846
148465
  childState.spawnError = err instanceof Error ? err : new Error(String(err));
147847
148466
  });
@@ -147850,11 +148469,21 @@ ${stderr.text}`) ?? auth;
147850
148469
  if (trackedTunnels.get(key2) === child) trackedTunnels.delete(key2);
147851
148470
  });
147852
148471
  publish2("starting");
148472
+ const releaseStartupOutputCapture = () => {
148473
+ child.stdout?.unref?.();
148474
+ child.stderr?.unref?.();
148475
+ if (options.captureOutputAfterReady !== false) return;
148476
+ child.stdout?.removeListener?.("data", stdoutListener);
148477
+ child.stderr?.removeListener?.("data", stderrListener);
148478
+ child.stdout?.on("data", drainListener);
148479
+ child.stderr?.on("data", drainListener);
148480
+ };
147853
148481
  const deadline = Date.now() + startupTimeoutMs;
147854
148482
  while (Date.now() < deadline) {
147855
148483
  if (await portChecker(host, port, portCheckTimeoutMs)) {
147856
148484
  trackedTunnels.set(key2, child);
147857
148485
  child.unref?.();
148486
+ releaseStartupOutputCapture();
147858
148487
  return buildResult({ host, port, command, args, pid, status: "available", stdout, stderr, auth });
147859
148488
  }
147860
148489
  if (childState.spawnError) {
@@ -147869,6 +148498,72 @@ ${stderr.text}`) ?? auth;
147869
148498
  await terminateChildProcess(child, stopTimeoutMs);
147870
148499
  return buildResult({ host, port, command, args, pid, status: "failed", stdout, stderr, auth, detail: `Timed out waiting for port ${port}` });
147871
148500
  }
148501
+ async function runGithubCopilotTunnelSetup(options = {}) {
148502
+ const host = DEFAULT_HOST;
148503
+ const port = DEFAULT_PORT;
148504
+ const invocation = createCopilotTunnelSetupInvocation();
148505
+ const command = invocation.displayCommand;
148506
+ const args = invocation.displayArgs;
148507
+ const stdout = createTail();
148508
+ const stderr = createTail();
148509
+ const outputLimitBytes = options.outputLimitBytes ?? DEFAULT_OUTPUT_LIMIT_BYTES;
148510
+ let auth = null;
148511
+ const child = (options.spawnSetup ?? defaultSpawnTunnel)(invocation.command, invocation.args, {
148512
+ cwd: options.cwd ?? process.cwd(),
148513
+ shell: false,
148514
+ windowsHide: true,
148515
+ stdio: ["ignore", "pipe", "pipe"]
148516
+ });
148517
+ const pid = typeof child.pid === "number" ? child.pid : null;
148518
+ const publish2 = (status, detail) => {
148519
+ options.onProgress?.(buildResult({ host, port, command, args, pid, status, stdout, stderr, auth, detail }));
148520
+ };
148521
+ let settled = false;
148522
+ let resolveResult;
148523
+ const releaseSetupOutputCapture = () => {
148524
+ child.stdout?.unref?.();
148525
+ child.stderr?.unref?.();
148526
+ child.stdout?.removeListener?.("data", stdoutListener);
148527
+ child.stderr?.removeListener?.("data", stderrListener);
148528
+ child.unref?.();
148529
+ };
148530
+ const settle = (result) => {
148531
+ if (settled) return;
148532
+ settled = true;
148533
+ resolveResult?.(result);
148534
+ };
148535
+ const handleOutput = (target, chunk) => {
148536
+ appendTail(target, chunk, outputLimitBytes);
148537
+ auth = parseGithubDeviceFlow(`${stdout.text}
148538
+ ${stderr.text}`) ?? auth;
148539
+ publish2(auth ? "auth-required" : "starting");
148540
+ if (options.resolveOnReadyOutput && hasGithubCopilotTunnelReadyOutput(`${stdout.text}
148541
+ ${stderr.text}`)) {
148542
+ releaseSetupOutputCapture();
148543
+ settle(buildResult({ host, port, command, args, pid, status: "available", available: true, stdout, stderr, auth }));
148544
+ }
148545
+ };
148546
+ const stdoutListener = (chunk) => handleOutput(stdout, Buffer.isBuffer(chunk) ? chunk : Buffer.from(String(chunk)));
148547
+ const stderrListener = (chunk) => handleOutput(stderr, Buffer.isBuffer(chunk) ? chunk : Buffer.from(String(chunk)));
148548
+ child.stdout?.on("data", stdoutListener);
148549
+ child.stderr?.on("data", stderrListener);
148550
+ publish2("starting");
148551
+ return new Promise((resolve24) => {
148552
+ resolveResult = resolve24;
148553
+ child.once("error", (err) => {
148554
+ const message = err instanceof Error ? err.message : String(err);
148555
+ settle(buildResult({ host, port, command, args, pid, status: "failed", available: false, stdout, stderr, auth, detail: message }));
148556
+ });
148557
+ child.once("close", (code4, signal) => {
148558
+ if (code4 === 0) {
148559
+ settle(buildResult({ host, port, command, args, pid, status: "available", available: true, stdout, stderr, auth }));
148560
+ return;
148561
+ }
148562
+ const detail = `ghc-tunnel --setup exited with code ${code4 ?? "null"}${signal ? ` (${signal})` : ""}`;
148563
+ settle(buildResult({ host, port, command, args, pid, status: "failed", available: false, stdout, stderr, auth, detail }));
148564
+ });
148565
+ });
148566
+ }
147872
148567
 
147873
148568
  // ../../packages/api/src/node/node-operation-service.ts
147874
148569
  var LEADER_REPORT_RETRY_MS = 5e3;
@@ -147888,22 +148583,22 @@ var InMemoryNodeOperationStore = class {
147888
148583
  operations = /* @__PURE__ */ new Map();
147889
148584
  get(id) {
147890
148585
  const operation = this.operations.get(id);
147891
- return operation ? clone3(operation) : null;
148586
+ return operation ? clone4(operation) : null;
147892
148587
  }
147893
148588
  list(filter = {}) {
147894
- return Array.from(this.operations.values()).filter((operation) => matchesFilter(operation, filter)).sort((a, b) => b.createdAt - a.createdAt).map((operation) => clone3(operation));
148589
+ return Array.from(this.operations.values()).filter((operation) => matchesFilter(operation, filter)).sort((a, b) => b.createdAt - a.createdAt).map((operation) => clone4(operation));
147895
148590
  }
147896
148591
  upsert(operation) {
147897
- const copy = clone3(operation);
148592
+ const copy = clone4(operation);
147898
148593
  this.operations.set(copy.id, copy);
147899
- return clone3(copy);
148594
+ return clone4(copy);
147900
148595
  }
147901
148596
  update(id, updates) {
147902
148597
  const current = this.operations.get(id);
147903
148598
  if (!current) return null;
147904
- const next2 = { ...current, ...clone3(updates), id, createdAt: current.createdAt };
148599
+ const next2 = { ...current, ...clone4(updates), id, createdAt: current.createdAt };
147905
148600
  this.operations.set(id, next2);
147906
- return clone3(next2);
148601
+ return clone4(next2);
147907
148602
  }
147908
148603
  };
147909
148604
  var NodeOperationService = class {
@@ -148284,7 +148979,7 @@ function matchesFilter(operation, filter) {
148284
148979
  function isTerminalStatus(status) {
148285
148980
  return status === "succeeded" || status === "failed";
148286
148981
  }
148287
- function clone3(value) {
148982
+ function clone4(value) {
148288
148983
  return JSON.parse(JSON.stringify(value));
148289
148984
  }
148290
148985
 
@@ -148965,7 +149660,7 @@ init_cjs_shims();
148965
149660
 
148966
149661
  // ../../packages/api/src/preview/preview-server.ts
148967
149662
  init_cjs_shims();
148968
- var crypto4 = __toESM(require("crypto"), 1);
149663
+ var crypto5 = __toESM(require("crypto"), 1);
148969
149664
  var fs23 = __toESM(require("fs"), 1);
148970
149665
  var path28 = __toESM(require("path"), 1);
148971
149666
  var http2 = __toESM(require("http"), 1);
@@ -159449,15 +160144,15 @@ function doctype2(node2, state3) {
159449
160144
  }
159450
160145
  function stitch(node2, state3) {
159451
160146
  state3.stitches = true;
159452
- const clone4 = cloneWithoutChildren(node2);
159453
- if ("children" in node2 && "children" in clone4) {
160147
+ const clone5 = cloneWithoutChildren(node2);
160148
+ if ("children" in node2 && "children" in clone5) {
159454
160149
  const fakeRoot = (
159455
160150
  /** @type {Root} */
159456
160151
  raw({ type: "root", children: node2.children }, state3.options)
159457
160152
  );
159458
- clone4.children = fakeRoot.children;
160153
+ clone5.children = fakeRoot.children;
159459
160154
  }
159460
- comment2({ type: "comment", value: { stitch: clone4 } }, state3);
160155
+ comment2({ type: "comment", value: { stitch: clone5 } }, state3);
159461
160156
  }
159462
160157
  function comment2(node2, state3) {
159463
160158
  const data = node2.value;
@@ -172266,7 +172961,7 @@ var import_extend = __toESM(require_extend(), 1);
172266
172961
 
172267
172962
  // ../../node_modules/.pnpm/is-plain-obj@4.1.0/node_modules/is-plain-obj/index.js
172268
172963
  init_cjs_shims();
172269
- function isPlainObject4(value) {
172964
+ function isPlainObject5(value) {
172270
172965
  if (typeof value !== "object" || value === null) {
172271
172966
  return false;
172272
172967
  }
@@ -173596,7 +174291,7 @@ var Processor = class _Processor extends CallableInstance {
173596
174291
  } else if (parameters2.length > 0) {
173597
174292
  let [primary, ...rest] = parameters2;
173598
174293
  const currentPrimary = attachers[entryIndex][1];
173599
- if (isPlainObject4(currentPrimary) && isPlainObject4(primary)) {
174294
+ if (isPlainObject5(currentPrimary) && isPlainObject5(primary)) {
173600
174295
  primary = (0, import_extend.default)(true, currentPrimary, primary);
173601
174296
  }
173602
174297
  attachers[entryIndex] = [plugin, primary, ...rest];
@@ -173623,7 +174318,7 @@ function assertUnfrozen(name2, frozen) {
173623
174318
  }
173624
174319
  }
173625
174320
  function assertNode(node2) {
173626
- if (!isPlainObject4(node2) || typeof node2.type !== "string") {
174321
+ if (!isPlainObject5(node2) || typeof node2.type !== "string") {
173627
174322
  throw new TypeError("Expected node, got `" + node2 + "`");
173628
174323
  }
173629
174324
  }
@@ -173799,12 +174494,12 @@ function buildPreviewRouteUrl(origin, route, session) {
173799
174494
  const suffix = encodedEntryPath.length > 0 ? `/${encodedEntryPath}` : session.kind === "service" ? "/" : "";
173800
174495
  return `${origin.replace(/\/+$/, "")}/${route}/${session.token}${suffix}`;
173801
174496
  }
173802
- var DEFAULT_TTL_MS = 15 * 60 * 1e3;
174497
+ var DEFAULT_TTL_MS2 = 15 * 60 * 1e3;
173803
174498
  var PreviewSessionManager = class {
173804
174499
  sessions = /* @__PURE__ */ new Map();
173805
174500
  create(options) {
173806
- const token = crypto4.randomBytes(32).toString("hex");
173807
- const expiresAt = Date.now() + (options.ttlMs ?? DEFAULT_TTL_MS);
174501
+ const token = crypto5.randomBytes(32).toString("hex");
174502
+ const expiresAt = Date.now() + (options.ttlMs ?? DEFAULT_TTL_MS2);
173808
174503
  if (options.port !== void 0) {
173809
174504
  const session2 = {
173810
174505
  token,
@@ -176705,7 +177400,10 @@ async function sendTaskFollowUpMessage(deps, task, content3, metadata) {
176705
177400
  });
176706
177401
  try {
176707
177402
  const client = new NodeMessageClient({ heartbeat: deps.heartbeat, logger: deps.logger });
176708
- const delivery = await client.send(node2, createNodeMessage("task.message", { taskId: task.id, content: content3 }));
177403
+ const delivery = await client.send(node2, createNodeMessage("task.message", {
177404
+ taskId: task.id,
177405
+ content: content3
177406
+ }));
176709
177407
  return delivery.queued ? { queued: true } : {};
176710
177408
  } catch (err) {
176711
177409
  restoreTaskState(deps.taskEngine, task);
@@ -176737,6 +177435,18 @@ function queueRunningTaskMessage(deps, task, content3) {
176737
177435
  });
176738
177436
  return queued;
176739
177437
  }
177438
+ var MESSAGEABLE_STATUSES = /* @__PURE__ */ new Set(["running", "completed", "cancelled", "failed"]);
177439
+ async function applyTaskMessage(deps, task, content3) {
177440
+ if (!MESSAGEABLE_STATUSES.has(task.status)) {
177441
+ throw new MeshyError("VALIDATION_ERROR", `Cannot send message to task in ${task.status} status`, 400);
177442
+ }
177443
+ if (task.status === "running") {
177444
+ const queued = queueRunningTaskMessage(deps, task, content3);
177445
+ return { ok: true, queued: true, queuedMessages: queued.queuedMessages ?? [] };
177446
+ }
177447
+ const result = await sendTaskFollowUpMessage(deps, task, content3);
177448
+ return result.queued ? { ok: true, queued: true } : { ok: true };
177449
+ }
176740
177450
  function cancelQueuedTaskMessage(deps, taskId, messageId) {
176741
177451
  const task = deps.taskEngine.removeQueuedTaskMessage(taskId, messageId);
176742
177452
  if (!task) {
@@ -177242,6 +177952,10 @@ var ACTIVE_STATUSES = /* @__PURE__ */ new Set(["pending", "assigned", "running"]
177242
177952
  var TASK_DELETE_NOTIFY_TIMEOUT_MS = 1500;
177243
177953
  var TASK_DETAIL_PROXY_TIMEOUT_MS = 1e4;
177244
177954
  var TASK_DETAIL_PROXY_HEADER = "x-meshy-task-detail-proxy";
177955
+ var DEFAULT_TASK_TITLE_GENERATION_MODEL = "gpt-5.4-mini";
177956
+ function getTaskTitleGenerationModel(agent) {
177957
+ return agent === "claudecode" ? void 0 : DEFAULT_TASK_TITLE_GENERATION_MODEL;
177958
+ }
177245
177959
  function shouldGenerateTitle(task) {
177246
177960
  return task.payload.titleSource === "derived";
177247
177961
  }
@@ -177267,6 +177981,7 @@ function scheduleTitleGeneration(deps, task) {
177267
177981
  }
177268
177982
  const prompt = getTitlePrompt(task);
177269
177983
  const cwd = deps.workDir;
177984
+ const model = getTaskTitleGenerationModel(task.agent);
177270
177985
  log2.info("generating task title", {
177271
177986
  taskId: task.id,
177272
177987
  agent: task.agent,
@@ -177279,7 +177994,8 @@ function scheduleTitleGeneration(deps, task) {
177279
177994
  existingTitle: task.title
177280
177995
  }, {
177281
177996
  agent: task.agent,
177282
- cwd
177997
+ cwd,
177998
+ ...model ? { model } : {}
177283
177999
  }).then(({ title }) => {
177284
178000
  const current = deps.taskEngine.getTask(task.id);
177285
178001
  if (!current) {
@@ -177752,22 +178468,11 @@ function createTaskRoutes() {
177752
178468
  if (!task) {
177753
178469
  throw new MeshyError("TASK_NOT_FOUND", `Task ${taskId} not found`, 404);
177754
178470
  }
177755
- if (!["running", "completed", "cancelled", "failed"].includes(task.status)) {
177756
- throw new MeshyError("VALIDATION_ERROR", `Cannot send message to task in ${task.status} status`, 400);
177757
- }
177758
- if (task.status === "running") {
177759
- const queued = queueRunningTaskMessage({ taskEngine, logger: rootLogger }, task, body3.content);
177760
- res.json({ ok: true, queued: true, queuedMessages: queued.queuedMessages ?? [] });
177761
- return;
177762
- }
177763
- const result = await sendTaskFollowUpMessage({
177764
- taskEngine,
177765
- engineRegistry,
177766
- nodeRegistry,
177767
- heartbeat,
177768
- logger: rootLogger
177769
- }, task, body3.content);
177770
- res.json(result.queued ? { ok: true, queued: true } : { ok: true });
178471
+ res.json(await applyTaskMessage(
178472
+ { taskEngine, engineRegistry, nodeRegistry, heartbeat, logger: rootLogger },
178473
+ task,
178474
+ body3.content
178475
+ ));
177771
178476
  }));
177772
178477
  router.use(createTaskOutputRoutes());
177773
178478
  return router;
@@ -178266,52 +178971,7 @@ function createSystemRoutes() {
178266
178971
  res.json({ status: "ok", timestamp: Date.now(), pid: process.pid });
178267
178972
  }));
178268
178973
  router.get("/info", asyncHandler11(async (req, res) => {
178269
- const {
178270
- nodeRegistry,
178271
- getTransportType,
178272
- config: config2,
178273
- dashboardOrigin,
178274
- localDashboardOrigin,
178275
- storagePath,
178276
- inspectRuntimeTools: inspectTools,
178277
- runtimeMetadata,
178278
- getRuntimeUpdate,
178279
- runtimeUpdate
178280
- } = req.app.locals.deps;
178281
- const self2 = nodeRegistry.getSelf();
178282
- const auth = config2.authMetadata ?? {
178283
- enabled: false,
178284
- allowSameTenant: false,
178285
- allowedUsers: []
178286
- };
178287
- const settingsSnapshot = buildNodeSettingsSnapshot({
178288
- auth,
178289
- inspectRuntimeTools: inspectTools,
178290
- localDashboardOrigin,
178291
- runtimeMetadata,
178292
- runtimeUpdate: getRuntimeUpdate?.() ?? runtimeUpdate,
178293
- storagePath,
178294
- workDir: self2.workDir
178295
- });
178296
- res.json({
178297
- ...self2,
178298
- nodeId: self2.id,
178299
- version: settingsSnapshot.version,
178300
- packageName: settingsSnapshot.packageName,
178301
- uptime: settingsSnapshot.uptime,
178302
- transportType: getTransportType?.() ?? "direct",
178303
- dashboardOrigin: dashboardOrigin ?? self2.dashboardOrigin,
178304
- localDashboardOrigin,
178305
- auth: settingsSnapshot.auth,
178306
- os: settingsSnapshot.os,
178307
- runtime: settingsSnapshot.runtime,
178308
- runtimeUpdate: settingsSnapshot.runtimeUpdate,
178309
- agents: settingsSnapshot.agents,
178310
- startupRequirements: settingsSnapshot.startupRequirements,
178311
- components: settingsSnapshot.components,
178312
- repository: settingsSnapshot.repository,
178313
- packages: settingsSnapshot.packages
178314
- });
178974
+ res.json(buildSystemInfo(req.app.locals.deps));
178315
178975
  }));
178316
178976
  router.post("/runtime/restart", asyncHandler11(async (req, res) => {
178317
178977
  const { restartRuntime } = req.app.locals.deps;
@@ -178507,9 +179167,120 @@ function createNodeOperationRoutes() {
178507
179167
  return router;
178508
179168
  }
178509
179169
 
178510
- // ../../packages/api/src/routes/telemetry.ts
179170
+ // ../../packages/api/src/routes/mobile.ts
178511
179171
  init_cjs_shims();
178512
179172
  var import_express16 = __toESM(require_express2(), 1);
179173
+ function asyncHandler13(fn) {
179174
+ return (req, res, next2) => {
179175
+ fn(req, res, next2).catch((error2) => {
179176
+ if (error2 instanceof MobilePairingInvitationError) {
179177
+ res.status(error2.statusCode).json({ error: { code: error2.code, message: error2.message } });
179178
+ return;
179179
+ }
179180
+ next2(error2);
179181
+ });
179182
+ };
179183
+ }
179184
+ function getService(req) {
179185
+ const service = req.app.locals.deps.mobilePairingInvitations;
179186
+ if (!service) {
179187
+ throw new MeshyError("VALIDATION_ERROR", "mobile pairing is not enabled on this node", 404);
179188
+ }
179189
+ return service;
179190
+ }
179191
+ async function requireMobileAadIdentity(req) {
179192
+ const validator = req.app.locals.deps.mobileAadValidator;
179193
+ if (!validator) {
179194
+ throw new MeshyError("VALIDATION_ERROR", "mobile AAD auth is not enabled on this node", 401);
179195
+ }
179196
+ const result = await validator.validate(req.headers.authorization);
179197
+ if (!result.ok) {
179198
+ throw new MeshyError("VALIDATION_ERROR", `mobile AAD auth failed: ${result.reason}`, 401);
179199
+ }
179200
+ return result.identity;
179201
+ }
179202
+ function getSourceAddress(req) {
179203
+ const forwarded = req.headers["x-forwarded-for"];
179204
+ if (typeof forwarded === "string" && forwarded.length > 0) {
179205
+ return forwarded.split(",")[0]?.trim();
179206
+ }
179207
+ return req.ip ?? void 0;
179208
+ }
179209
+ function optionalString(value) {
179210
+ return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
179211
+ }
179212
+ function optionalPositiveInteger(value) {
179213
+ return typeof value === "number" && Number.isFinite(value) && value > 0 ? Math.floor(value) : void 0;
179214
+ }
179215
+ function createMobileRoutes() {
179216
+ const router = (0, import_express16.Router)();
179217
+ router.post(
179218
+ "/pairings",
179219
+ asyncHandler13(async (req, res) => {
179220
+ const body3 = req.body ?? {};
179221
+ const created = getService(req).createInvitation({
179222
+ ttlMs: optionalPositiveInteger(body3.ttlMs),
179223
+ maxUses: optionalPositiveInteger(body3.maxUses),
179224
+ createdBy: optionalString(body3.createdBy) ?? "local-node-user"
179225
+ });
179226
+ res.status(201).json(created);
179227
+ })
179228
+ );
179229
+ router.get(
179230
+ "/pairings",
179231
+ asyncHandler13(async (req, res) => {
179232
+ res.json({ pairings: getService(req).listInvitations() });
179233
+ })
179234
+ );
179235
+ router.get(
179236
+ "/pairings/:pairingId",
179237
+ asyncHandler13(async (req, res) => {
179238
+ const invitation = getService(req).getInvitation(req.params.pairingId);
179239
+ if (!invitation) {
179240
+ throw new MeshyError("VALIDATION_ERROR", "unknown pairing invitation", 404);
179241
+ }
179242
+ res.json({ invitation });
179243
+ })
179244
+ );
179245
+ router.delete(
179246
+ "/pairings/:pairingId",
179247
+ asyncHandler13(async (req, res) => {
179248
+ res.json({ cancelled: getService(req).cancelInvitation(req.params.pairingId) });
179249
+ })
179250
+ );
179251
+ router.post(
179252
+ "/pairings/:pairingId/consume",
179253
+ asyncHandler13(async (req, res) => {
179254
+ const identity2 = await requireMobileAadIdentity(req);
179255
+ const body3 = req.body ?? {};
179256
+ const connection = getService(req).consumeInvitation(req.params.pairingId, {
179257
+ identity: { tenantId: identity2.tenantId, upn: identity2.upn, objectId: identity2.objectId },
179258
+ deviceName: optionalString(body3.deviceName),
179259
+ platform: optionalString(body3.platform),
179260
+ appVersion: optionalString(body3.appVersion),
179261
+ sourceAddress: getSourceAddress(req)
179262
+ });
179263
+ res.json(connection);
179264
+ })
179265
+ );
179266
+ router.get(
179267
+ "/connections",
179268
+ asyncHandler13(async (req, res) => {
179269
+ res.json({ connections: getService(req).listConnections() });
179270
+ })
179271
+ );
179272
+ router.delete(
179273
+ "/connections/:connectionId",
179274
+ asyncHandler13(async (req, res) => {
179275
+ res.json({ revoked: getService(req).revokeConnection(req.params.connectionId) });
179276
+ })
179277
+ );
179278
+ return router;
179279
+ }
179280
+
179281
+ // ../../packages/api/src/routes/telemetry.ts
179282
+ init_cjs_shims();
179283
+ var import_express17 = __toESM(require_express2(), 1);
178513
179284
  var FRONTEND_EVENT_NAMES = /* @__PURE__ */ new Set([
178514
179285
  "feature.settings.opened",
178515
179286
  "feature.preview.created",
@@ -178565,7 +179336,7 @@ var frontendTelemetryEventSchema = external_exports.object({
178565
179336
  }
178566
179337
  });
178567
179338
  function createTelemetryRoutes() {
178568
- const router = (0, import_express16.Router)();
179339
+ const router = (0, import_express17.Router)();
178569
179340
  router.post("/events", (req, res, next2) => {
178570
179341
  try {
178571
179342
  const body3 = frontendTelemetryEventSchema.parse(req.body);
@@ -178610,7 +179381,7 @@ function isSuppressedRequestTelemetryRoute(req) {
178610
179381
  return REQUEST_TELEMETRY_SUPPRESSED_ROUTES.has(key2);
178611
179382
  }
178612
179383
  function usesLargeJsonBodyLimit(pathname) {
178613
- return pathname === "/api/cluster/join" || pathname === "/api/node" || pathname.startsWith("/api/node/") || pathname === "/api/tasks" || pathname.startsWith("/api/tasks/") || pathname === "/api/worker" || pathname.startsWith("/api/worker/");
179384
+ return pathname === "/api/cluster/join" || pathname === "/api/node" || pathname.startsWith("/api/node/") || pathname === "/api/tasks" || pathname.startsWith("/api/tasks/") || pathname === "/api/worker" || pathname.startsWith("/api/worker/") || pathname.startsWith("/api/mobile/");
178614
179385
  }
178615
179386
  function usesCapabilityJsonBodyLimit(pathname) {
178616
179387
  return pathname === "/api/capabilities/share" || pathname === "/api/capabilities/conflict-check" || pathname === "/api/node" || pathname.startsWith("/api/node/");
@@ -178737,7 +179508,7 @@ function resolveStaticDir(baseDir) {
178737
179508
  return null;
178738
179509
  }
178739
179510
  function createServer2(deps) {
178740
- const app = (0, import_express17.default)();
179511
+ const app = (0, import_express18.default)();
178741
179512
  app.locals.deps = deps;
178742
179513
  registerTaskMessageQueueDrainer(deps);
178743
179514
  if (typeof deps.heartbeat.setNodeMessageHandler === "function") {
@@ -178747,6 +179518,12 @@ function createServer2(deps) {
178747
179518
  const authConfig = {
178748
179519
  apiKey: deps.config.apiKey,
178749
179520
  validateBearerToken: deps.config.validateBearerToken,
179521
+ validateMobileBearerToken: deps.mobileAadValidator ? async (header) => {
179522
+ const value = Array.isArray(header) ? header[0] : header;
179523
+ const result = await deps.mobileAadValidator.validate(value);
179524
+ return result.ok ? { ok: true, reason: "mobile-aad", identity: result.identity } : { ok: false, reason: result.reason };
179525
+ } : void 0,
179526
+ allowMobileBearerAuth: (req) => isMobileBearerAuthPath(req.path),
178750
179527
  getTrustedHosts: () => {
178751
179528
  const trustedHosts = [];
178752
179529
  if (deps.dashboardOrigin) {
@@ -178800,7 +179577,7 @@ function createServer2(deps) {
178800
179577
  const runtimeBaseDir = resolveRuntimeBaseDir();
178801
179578
  const staticDir = resolveStaticDir(runtimeBaseDir);
178802
179579
  if (staticDir) {
178803
- const staticMiddleware = import_express17.default.static(staticDir);
179580
+ const staticMiddleware = import_express18.default.static(staticDir);
178804
179581
  app.use((req, res, next2) => {
178805
179582
  if (isApiRequest(req) || isPreviewRequest(req)) {
178806
179583
  next2();
@@ -178813,9 +179590,9 @@ function createServer2(deps) {
178813
179590
  staticMiddleware(req, res, next2);
178814
179591
  });
178815
179592
  }
178816
- const defaultJsonParser = import_express17.default.json({ limit: JSON_BODY_LIMIT });
178817
- const largeJsonParser = import_express17.default.json({ limit: JSON_BODY_LIMIT_LARGE });
178818
- const capabilityJsonParser = import_express17.default.json({ limit: JSON_BODY_LIMIT_CAPABILITIES });
179593
+ const defaultJsonParser = import_express18.default.json({ limit: JSON_BODY_LIMIT });
179594
+ const largeJsonParser = import_express18.default.json({ limit: JSON_BODY_LIMIT_LARGE });
179595
+ const capabilityJsonParser = import_express18.default.json({ limit: JSON_BODY_LIMIT_CAPABILITIES });
178819
179596
  app.use((req, res, next2) => {
178820
179597
  const parser = usesCapabilityJsonBodyLimit(req.path) ? capabilityJsonParser : usesLargeJsonBodyLimit(req.path) ? largeJsonParser : defaultJsonParser;
178821
179598
  parser(req, res, next2);
@@ -178856,6 +179633,7 @@ function createServer2(deps) {
178856
179633
  app.use("/api/worker", createWorkerRoutes());
178857
179634
  app.use("/api/system", createSystemRoutes());
178858
179635
  app.use("/api/node-operations", createNodeOperationRoutes());
179636
+ app.use("/api/mobile", createMobileRoutes());
178859
179637
  app.use("/api/telemetry", createTelemetryRoutes());
178860
179638
  app.use("/api/events", createEventRoutes());
178861
179639
  if (staticDir) {
@@ -179478,10 +180256,27 @@ var path34 = __toESM(require("path"), 1);
179478
180256
  var readline = __toESM(require("readline/promises"), 1);
179479
180257
  var import_node_child_process13 = require("child_process");
179480
180258
  var STARTUP_REQUIREMENTS = ["az", "devtunnel", "claude", "codex", "copilot"];
180259
+ var GITHUB_AUTH_STATUS_ARGS = ["auth", "status", "--hostname", "github.com"];
180260
+ var GITHUB_AUTH_LOGIN_ARGS = [
180261
+ "auth",
180262
+ "login",
180263
+ "--hostname",
180264
+ "github.com",
180265
+ "--web",
180266
+ "--git-protocol",
180267
+ "https",
180268
+ "--skip-ssh-key"
180269
+ ];
180270
+ var COPILOT_TUNNEL_PORT2 = 8314;
179481
180271
  function writeLine(stream, message = "") {
179482
180272
  stream.write(`${message}
179483
180273
  `);
179484
180274
  }
180275
+ var ANSI = { reset: "\x1B[0m", bold: "\x1B[1m", cyan: "\x1B[36m", green: "\x1B[32m", amber: "\x1B[33m", red: "\x1B[31m" };
180276
+ function highlight(label, message) {
180277
+ const color2 = { info: "bold", success: "green", warning: "amber", error: "red", accent: "cyan" }[label];
180278
+ return `${ANSI[color2]}${message}${ANSI.reset}`;
180279
+ }
179485
180280
  function shouldPromptForStartupTools() {
179486
180281
  return Boolean(process.stdin.isTTY && process.stdout.isTTY);
179487
180282
  }
@@ -179593,10 +180388,13 @@ function buildLoginCommand(requirement) {
179593
180388
  if (requirement === "az") {
179594
180389
  return { command: "az", args: ["login"] };
179595
180390
  }
180391
+ if (requirement === "copilot") {
180392
+ return { command: "gh", args: [...GITHUB_AUTH_LOGIN_ARGS] };
180393
+ }
179596
180394
  return { command: "devtunnel", args: ["user", "login"] };
179597
180395
  }
179598
180396
  function isAuthenticated(requirement, commandRunner) {
179599
- const command = requirement === "az" ? { command: "az", args: ["account", "show"] } : { command: "devtunnel", args: ["user", "show"] };
180397
+ const command = requirement === "az" ? { command: "az", args: ["account", "show"] } : requirement === "copilot" ? { command: "gh", args: [...GITHUB_AUTH_STATUS_ARGS] } : { command: "devtunnel", args: ["user", "show"] };
179600
180398
  const result = commandRunner(command.command, command.args, false);
179601
180399
  if (!result.ok) {
179602
180400
  return false;
@@ -179612,7 +180410,7 @@ function isRequirementSatisfied(requirement, status) {
179612
180410
  if (!status || status.installed !== true || status.status !== "ok") {
179613
180411
  return false;
179614
180412
  }
179615
- if (requirement === "az" || requirement === "devtunnel") {
180413
+ if (requirement === "az" || requirement === "devtunnel" || requirement === "copilot") {
179616
180414
  return status.authenticated === true;
179617
180415
  }
179618
180416
  return true;
@@ -179621,12 +180419,214 @@ function sleep4(ms) {
179621
180419
  return new Promise((resolve24) => setTimeout(resolve24, ms));
179622
180420
  }
179623
180421
  function areCachedAuthRequirementsCurrent(commandRunner) {
179624
- return isAuthenticated("az", commandRunner) && isAuthenticated("devtunnel", commandRunner);
180422
+ return isAuthenticated("az", commandRunner) && isAuthenticated("devtunnel", commandRunner) && isAuthenticated("copilot", commandRunner);
179625
180423
  }
179626
180424
  function resolveStartupRequirementsMetadata(storagePath) {
179627
180425
  const metadata = readStartupMetadataFile(storagePath).startupRequirements;
179628
180426
  return metadata && typeof metadata === "object" ? metadata : {};
179629
180427
  }
180428
+ function persistCopilotTunnelPreference(storagePath, metadata, enabled2, now) {
180429
+ metadata.copilotTunnel = { enabled: enabled2, updatedAt: now.toISOString() };
180430
+ const metadataFile = readStartupMetadataFile(storagePath);
180431
+ metadataFile.startupRequirements = {
180432
+ ...metadataFile.startupRequirements ?? {},
180433
+ ...metadata
180434
+ };
180435
+ writeStartupMetadataFile(storagePath, metadataFile);
180436
+ return metadata;
180437
+ }
180438
+ async function ensureOptionalCopilotTunnel(options) {
180439
+ if (!isRequirementSatisfied("copilot", options.metadata.components?.copilot)) {
180440
+ return;
180441
+ }
180442
+ const status = await checkGithubCopilotTunnel({
180443
+ portChecker: options.startupOptions.copilotTunnelPortChecker,
180444
+ portCheckTimeoutMs: options.startupOptions.copilotTunnelPortCheckTimeoutMs
180445
+ });
180446
+ if (status.available) {
180447
+ if (options.startupOptions.copilotTunnelEnabled !== void 0) {
180448
+ persistCopilotTunnelPreference(options.storagePath, options.metadata, options.startupOptions.copilotTunnelEnabled, options.now);
180449
+ }
180450
+ writeLine(options.stdout, highlight("success", `GitHub Copilot Tunnel already available on port ${COPILOT_TUNNEL_PORT2}; skipping setup.`));
180451
+ return;
180452
+ }
180453
+ const preference = options.startupOptions.copilotTunnelEnabled ?? options.metadata.copilotTunnel?.enabled;
180454
+ if (preference === false) {
180455
+ persistCopilotTunnelPreference(options.storagePath, options.metadata, false, options.now);
180456
+ writeLine(options.stdout, highlight("info", "GitHub Copilot Tunnel disabled by startup preference."));
180457
+ return;
180458
+ }
180459
+ if (preference === true) {
180460
+ persistCopilotTunnelPreference(options.storagePath, options.metadata, true, options.now);
180461
+ await options.releasePrompt();
180462
+ const auth2 = await ensureRequirementAuthenticated(
180463
+ "copilot",
180464
+ options.getAsk,
180465
+ options.commandRunner,
180466
+ options.stdout,
180467
+ options.stderr,
180468
+ options.releasePrompt,
180469
+ options.authPollIntervalMs,
180470
+ options.authPollTimeoutMs
180471
+ );
180472
+ if (!auth2.authenticated) {
180473
+ writeLine(options.stderr, highlight("error", "GitHub Copilot Tunnel requires GitHub authentication; skipping tunnel setup."));
180474
+ return;
180475
+ }
180476
+ writeLine(options.stdout, highlight("accent", "Configuring GitHub Copilot Tunnel..."));
180477
+ await runCopilotTunnel(options);
180478
+ return;
180479
+ }
180480
+ const ask = options.getAsk();
180481
+ if (!ask) {
180482
+ writeLine(options.stdout, highlight("warning", `GitHub Copilot Tunnel is optional. Start in a TTY to enable the local proxy on port ${COPILOT_TUNNEL_PORT2}.`));
180483
+ return;
180484
+ }
180485
+ writeLine(options.stdout);
180486
+ writeLine(options.stdout, highlight("info", "Enable GitHub Copilot Tunnel?"));
180487
+ writeLine(
180488
+ options.stdout,
180489
+ highlight("warning", "This will configure Claude Code and Codex to use the GitHub Copilot model provider, then start a local proxy on port 8314. You may be asked to sign in to GitHub with a device code.")
180490
+ );
180491
+ if (!await confirm(ask, "Enable GitHub Copilot Tunnel?")) {
180492
+ persistCopilotTunnelPreference(options.storagePath, options.metadata, false, options.now);
180493
+ return;
180494
+ }
180495
+ persistCopilotTunnelPreference(options.storagePath, options.metadata, true, options.now);
180496
+ await options.releasePrompt();
180497
+ const auth = await ensureRequirementAuthenticated(
180498
+ "copilot",
180499
+ options.getAsk,
180500
+ options.commandRunner,
180501
+ options.stdout,
180502
+ options.stderr,
180503
+ options.releasePrompt,
180504
+ options.authPollIntervalMs,
180505
+ options.authPollTimeoutMs
180506
+ );
180507
+ if (!auth.authenticated) {
180508
+ writeLine(options.stderr, highlight("error", "GitHub Copilot Tunnel requires GitHub authentication; skipping tunnel setup."));
180509
+ return;
180510
+ }
180511
+ writeLine(options.stdout, highlight("accent", "Configuring GitHub Copilot Tunnel..."));
180512
+ await runCopilotTunnel(options);
180513
+ }
180514
+ var COPILOT_TUNNEL_KEY_INFO_PATTERN = /GitHub Copilot API Proxy|^\s*(Dashboard|OpenAI API|Responses API|Anthropic API)\b/i;
180515
+ var COPILOT_TUNNEL_API_INFO_PATTERN = /^\s*(OpenAI API|Responses API|Anthropic API)\b/i;
180516
+ function extractCopilotTunnelKeyInfo(output) {
180517
+ return output.split(/\r?\n/).map((line) => line.replace(/\s+$/, "")).filter((line) => line.trim() !== "" && COPILOT_TUNNEL_KEY_INFO_PATTERN.test(line));
180518
+ }
180519
+ function hasCopilotTunnelApiInfo(lines) {
180520
+ return lines.some((line) => COPILOT_TUNNEL_API_INFO_PATTERN.test(line));
180521
+ }
180522
+ async function runCopilotTunnel(options) {
180523
+ let lastAuthCode;
180524
+ let reportedKeyInfo = false;
180525
+ let reportedWaitingForAuth = false;
180526
+ let releaseStartupWait;
180527
+ const startupWait = new Promise((resolve24) => {
180528
+ releaseStartupWait = resolve24;
180529
+ });
180530
+ const reportTunnelKeyInfo = (tunnel) => {
180531
+ if (reportedKeyInfo) return false;
180532
+ const keyInfo = extractCopilotTunnelKeyInfo(`${tunnel.stdout}
180533
+ ${tunnel.stderr}`);
180534
+ const pidSuffix = tunnel.pid ? ` (pid ${tunnel.pid})` : "";
180535
+ if (keyInfo.length > 0 && hasCopilotTunnelApiInfo(keyInfo)) {
180536
+ reportedKeyInfo = true;
180537
+ writeLine(options.stdout, `GitHub Copilot Tunnel is ready${pidSuffix}:`);
180538
+ for (const line of keyInfo) writeLine(options.stdout, ` ${line.trim()}`);
180539
+ return true;
180540
+ }
180541
+ return false;
180542
+ };
180543
+ const reportTunnelReady = (tunnel) => {
180544
+ if (reportTunnelKeyInfo(tunnel)) return true;
180545
+ if (!tunnel.available) return false;
180546
+ reportedKeyInfo = true;
180547
+ const pidSuffix = tunnel.pid ? ` (pid ${tunnel.pid})` : "";
180548
+ writeLine(options.stdout, `GitHub Copilot Tunnel is available on port ${tunnel.port}${pidSuffix}.`);
180549
+ return true;
180550
+ };
180551
+ const reportTunnelFailure = (tunnel) => {
180552
+ if (tunnel.available || tunnel.status === "auth-required") return;
180553
+ writeLine(options.stderr, tunnel.detail ?? "GitHub Copilot Tunnel failed to start.");
180554
+ };
180555
+ const surfaceDeviceLogin = (update, releaseOnAuth) => {
180556
+ if (update.status === "auth-required" && update.auth && update.auth.code !== lastAuthCode) {
180557
+ lastAuthCode = update.auth.code;
180558
+ writeLine(options.stdout);
180559
+ writeLine(options.stdout, "GitHub sign-in required to enable the Copilot tunnel.");
180560
+ writeLine(options.stdout, `Open ${update.auth.url} and enter the device code below.`);
180561
+ writeLine(options.stdout, `Device code: ${update.auth.code}`);
180562
+ writeLine(options.stdout, "Waiting for you to finish signing in...");
180563
+ if (releaseOnAuth && !reportedWaitingForAuth) {
180564
+ reportedWaitingForAuth = true;
180565
+ writeLine(options.stdout, "GitHub Copilot Tunnel is waiting for GitHub sign-in; Meshy startup will continue.");
180566
+ }
180567
+ if (releaseOnAuth) releaseStartupWait?.();
180568
+ return;
180569
+ }
180570
+ if (reportTunnelKeyInfo(update)) {
180571
+ releaseStartupWait?.();
180572
+ }
180573
+ };
180574
+ const waitForSetup = async () => {
180575
+ const setupPromise = runGithubCopilotTunnelSetup({
180576
+ resolveOnReadyOutput: true,
180577
+ spawnSetup: options.startupOptions.copilotTunnelSetupSpawn,
180578
+ onProgress: (update) => surfaceDeviceLogin(update, false)
180579
+ });
180580
+ const firstSetupResult = await Promise.race([
180581
+ setupPromise.then((setup) => ({ kind: "result", setup })),
180582
+ startupWait.then(() => ({ kind: "started-proxy" }))
180583
+ ]);
180584
+ if (firstSetupResult.kind === "started-proxy") {
180585
+ void setupPromise.then((setup) => {
180586
+ if (!reportedKeyInfo && !setup.ok) reportTunnelFailure(setup);
180587
+ }).catch((err) => {
180588
+ if (!reportedKeyInfo) writeLine(options.stderr, `GitHub Copilot Tunnel setup failed: ${err instanceof Error ? err.message : String(err)}`);
180589
+ });
180590
+ return "started-proxy";
180591
+ }
180592
+ if (!firstSetupResult.setup.ok) {
180593
+ writeLine(options.stderr, firstSetupResult.setup.detail ?? "GitHub Copilot Tunnel setup failed.");
180594
+ return "failed";
180595
+ }
180596
+ return reportTunnelKeyInfo(firstSetupResult.setup) ? "started-proxy" : "completed";
180597
+ };
180598
+ try {
180599
+ const setupStatus = await waitForSetup();
180600
+ if (setupStatus !== "completed") {
180601
+ return;
180602
+ }
180603
+ writeLine(options.stdout, "Waiting for ghc-tunnel to launch...");
180604
+ const tunnelPromise = enableGithubCopilotTunnel({
180605
+ captureOutputAfterReady: false,
180606
+ portChecker: options.startupOptions.copilotTunnelPortChecker,
180607
+ portCheckTimeoutMs: options.startupOptions.copilotTunnelPortCheckTimeoutMs,
180608
+ pollIntervalMs: options.startupOptions.copilotTunnelPollIntervalMs,
180609
+ spawnTunnel: options.startupOptions.copilotTunnelSpawn,
180610
+ startupTimeoutMs: options.startupOptions.copilotTunnelStartupTimeoutMs,
180611
+ onProgress: (update) => surfaceDeviceLogin(update, true)
180612
+ });
180613
+ const firstResult = await Promise.race([
180614
+ tunnelPromise.then((tunnel) => ({ kind: "result", tunnel })),
180615
+ startupWait.then(() => ({ kind: "progress" }))
180616
+ ]);
180617
+ if (firstResult.kind === "result") {
180618
+ if (!reportTunnelReady(firstResult.tunnel)) reportTunnelFailure(firstResult.tunnel);
180619
+ return;
180620
+ }
180621
+ void tunnelPromise.then((tunnel) => {
180622
+ if (!reportTunnelReady(tunnel)) reportTunnelFailure(tunnel);
180623
+ }).catch((err) => {
180624
+ writeLine(options.stderr, `GitHub Copilot Tunnel failed to start: ${err instanceof Error ? err.message : String(err)}`);
180625
+ });
180626
+ } catch (err) {
180627
+ writeLine(options.stderr, `GitHub Copilot Tunnel failed to start: ${err instanceof Error ? err.message : String(err)}`);
180628
+ }
180629
+ }
179630
180630
  function shouldSkipStartupRequirementsCheck(storagePath, now = /* @__PURE__ */ new Date()) {
179631
180631
  const metadata = resolveStartupRequirementsMetadata(storagePath);
179632
180632
  if (metadata.lastCheckedOn !== formatLocalDate2(now)) {
@@ -179694,12 +180694,6 @@ async function ensureStartupRequirements(storagePath, options = {}) {
179694
180694
  const commandRunner = options.commandRunner ?? createDefaultCommandRunner(platform6);
179695
180695
  const authPollIntervalMs = options.authPollIntervalMs ?? 1e3;
179696
180696
  const authPollTimeoutMs = options.authPollTimeoutMs ?? 12e4;
179697
- if (shouldSkipStartupRequirementsCheck(storagePath, now) && areCachedAuthRequirementsCurrent(commandRunner)) {
179698
- return {
179699
- skipped: true,
179700
- metadata: resolveStartupRequirementsMetadata(storagePath)
179701
- };
179702
- }
179703
180697
  const promptSessionFactory = options.promptSessionFactory ?? createPromptSession;
179704
180698
  let promptSession;
179705
180699
  const getAsk = () => {
@@ -179712,6 +180706,26 @@ async function ensureStartupRequirements(storagePath, options = {}) {
179712
180706
  promptSession = void 0;
179713
180707
  await current.close();
179714
180708
  };
180709
+ if (shouldSkipStartupRequirementsCheck(storagePath, now) && areCachedAuthRequirementsCurrent(commandRunner)) {
180710
+ const metadata2 = resolveStartupRequirementsMetadata(storagePath);
180711
+ await ensureOptionalCopilotTunnel({
180712
+ storagePath,
180713
+ metadata: metadata2,
180714
+ now,
180715
+ getAsk,
180716
+ releasePrompt,
180717
+ commandRunner,
180718
+ stdout,
180719
+ stderr,
180720
+ startupOptions: options,
180721
+ authPollIntervalMs,
180722
+ authPollTimeoutMs
180723
+ });
180724
+ return {
180725
+ skipped: true,
180726
+ metadata: metadata2
180727
+ };
180728
+ }
179715
180729
  const checkedAt = now.toISOString();
179716
180730
  const checkedOn = formatLocalDate2(now);
179717
180731
  const components = {};
@@ -179734,7 +180748,7 @@ async function ensureStartupRequirements(storagePath, options = {}) {
179734
180748
  };
179735
180749
  continue;
179736
180750
  }
179737
- if (requirement === "az" || requirement === "devtunnel") {
180751
+ if (requirement === "az" || requirement === "devtunnel" || requirement === "copilot") {
179738
180752
  const authResult = await ensureRequirementAuthenticated(
179739
180753
  requirement,
179740
180754
  getAsk,
@@ -179770,6 +180784,19 @@ async function ensureStartupRequirements(storagePath, options = {}) {
179770
180784
  };
179771
180785
  metadataFile.startupRequirements = metadata;
179772
180786
  writeStartupMetadataFile(storagePath, metadataFile);
180787
+ await ensureOptionalCopilotTunnel({
180788
+ storagePath,
180789
+ metadata,
180790
+ now,
180791
+ getAsk,
180792
+ releasePrompt,
180793
+ commandRunner,
180794
+ stdout,
180795
+ stderr,
180796
+ startupOptions: options,
180797
+ authPollIntervalMs,
180798
+ authPollTimeoutMs
180799
+ });
179773
180800
  return {
179774
180801
  skipped: false,
179775
180802
  metadata
@@ -180521,6 +181548,15 @@ init_cjs_shims();
180521
181548
  // ../../packages/client-sdk/src/types.ts
180522
181549
  init_cjs_shims();
180523
181550
 
181551
+ // ../../packages/client-sdk/src/mobile/index.ts
181552
+ init_cjs_shims();
181553
+
181554
+ // ../../packages/client-sdk/src/mobile/protocol/index.ts
181555
+ init_cjs_shims();
181556
+
181557
+ // ../../packages/client-sdk/src/mobile/protocol/qr.ts
181558
+ init_cjs_shims();
181559
+
180524
181560
  // src/bootstrap/mobile-connection-qr.ts
180525
181561
  var require2 = (0, import_node_module.createRequire)(importMetaUrl);
180526
181562
  function printMobileConnectionQrs(writer, options) {
@@ -180579,6 +181615,71 @@ function isDevTunnelOrigin(value) {
180579
181615
  }
180580
181616
  }
180581
181617
 
181618
+ // src/bootstrap/mobile-pairing.ts
181619
+ init_cjs_shims();
181620
+ var import_node_module2 = require("module");
181621
+ function setupMobilePairing(options) {
181622
+ const service = new MobilePairingInvitationService({
181623
+ nodeId: options.nodeId,
181624
+ nodeName: options.nodeName,
181625
+ getApiBaseUrl: options.getEndpoint,
181626
+ aad: options.aad,
181627
+ audit: createLoggerAuditRecorder(options.logger)
181628
+ });
181629
+ const validator = new MobileAadTokenValidator(options.aadValidation);
181630
+ options.logger.child("mobile-auth").info("mobile pairing invitations enabled", {
181631
+ allowedTenants: options.aadValidation.allowedTenants
181632
+ });
181633
+ return {
181634
+ service,
181635
+ validator,
181636
+ getEndpoint: options.getEndpoint,
181637
+ nodeId: options.nodeId,
181638
+ nodeName: options.nodeName
181639
+ };
181640
+ }
181641
+ function renderQrCode2(payload) {
181642
+ try {
181643
+ const localRequire = (0, import_node_module2.createRequire)(importMetaUrl);
181644
+ const qrcodeTerminal = localRequire("qrcode-terminal");
181645
+ let rendered = null;
181646
+ qrcodeTerminal.generate(payload, { small: true }, (output) => {
181647
+ rendered = output;
181648
+ });
181649
+ return rendered;
181650
+ } catch {
181651
+ return null;
181652
+ }
181653
+ }
181654
+ function isHttpsOrigin(value) {
181655
+ if (!value) return false;
181656
+ try {
181657
+ return new URL(value).protocol === "https:";
181658
+ } catch {
181659
+ return false;
181660
+ }
181661
+ }
181662
+ function printMobilePairingQr(writer, pairing) {
181663
+ const endpoint = pairing.getEndpoint();
181664
+ if (!isHttpsOrigin(endpoint)) {
181665
+ writer.line("");
181666
+ writer.line("Mobile Pairing: waiting for an https endpoint (DevTunnel). Pairing QR is unavailable on local http origins.");
181667
+ return null;
181668
+ }
181669
+ const created = pairing.service.createInvitation({ createdBy: "node-startup" });
181670
+ const serialized = serializePairingQrPayload(created.qr);
181671
+ const qr = renderQrCode2(serialized);
181672
+ writer.line("");
181673
+ writer.line(`Mobile Pairing QR (scan in the Meshy app, expires ${created.invitation.expiresAt}, max uses ${created.invitation.maxUses}):`);
181674
+ if (qr) {
181675
+ writer.line(qr);
181676
+ } else {
181677
+ writer.line(serialized);
181678
+ }
181679
+ writer.line("The phone will sign in with AAD and then use the existing REST API with a bearer token.");
181680
+ return created.qr;
181681
+ }
181682
+
180582
181683
  // src/bootstrap/runtime-restart.ts
180583
181684
  init_cjs_shims();
180584
181685
  var fs32 = __toESM(require("fs"), 1);
@@ -180779,6 +181880,8 @@ function formatStartArgs(args) {
180779
181880
  if (args.config) result.push("--config", args.config);
180780
181881
  if (args.disableAuth) result.push("--disable-auth");
180781
181882
  if (args.qrCode) result.push("--qr-code");
181883
+ if (args.ghcTunnel === true) result.push("--enable-ghc-tunnel");
181884
+ if (args.ghcTunnel === false) result.push("--disable-ghc-tunnel");
180782
181885
  return result;
180783
181886
  }
180784
181887
  function detectRuntimeRestartMode(env4 = process.env, entryPath = process.argv[1]) {
@@ -182231,12 +183334,12 @@ var import_node_path5 = __toESM(require("path"), 1);
182231
183334
 
182232
183335
  // ../../node_modules/.pnpm/@azure+monitor-opentelemetry@1.18.1/node_modules/@azure/monitor-opentelemetry/dist/esm/shared/module.js
182233
183336
  init_cjs_shims();
182234
- var import_node_module2 = require("module");
183337
+ var import_node_module3 = require("module");
182235
183338
  var import_node_path4 = require("path");
182236
183339
  var import_node_url2 = require("url");
182237
183340
  function loadAzureFunctionCore() {
182238
183341
  try {
182239
- return (0, import_node_module2.createRequire)(importMetaUrl)("@azure/functions-core");
183342
+ return (0, import_node_module3.createRequire)(importMetaUrl)("@azure/functions-core");
182240
183343
  } catch (e) {
182241
183344
  return void 0;
182242
183345
  }
@@ -188972,7 +190075,7 @@ function resolveTelemetryConfig(options = {}) {
188972
190075
 
188973
190076
  // src/bootstrap/telemetry-events.ts
188974
190077
  init_cjs_shims();
188975
- var crypto5 = __toESM(require("crypto"), 1);
190078
+ var crypto6 = __toESM(require("crypto"), 1);
188976
190079
  var nodePath3 = __toESM(require("path"), 1);
188977
190080
  var TERMINAL_STATUSES4 = /* @__PURE__ */ new Set(["completed", "failed", "cancelled", "archived"]);
188978
190081
  function taskEventName(status) {
@@ -189021,7 +190124,7 @@ function projectPathKind(value) {
189021
190124
  function projectPathHash(value) {
189022
190125
  const normalized = normalizeProjectKey(value);
189023
190126
  if (!normalized) return void 0;
189024
- return crypto5.createHash("sha256").update(normalized).digest("hex").slice(0, 16);
190127
+ return crypto6.createHash("sha256").update(normalized).digest("hex").slice(0, 16);
189025
190128
  }
189026
190129
  function projectDimensions(task) {
189027
190130
  const project = task?.effectiveProjectPath ?? task?.project;
@@ -189624,6 +190727,42 @@ function createTunnelManager(options) {
189624
190727
  }
189625
190728
 
189626
190729
  // src/bootstrap/start-node.ts
190730
+ function splitEnvList(value) {
190731
+ const items = value?.split(",").map((item) => item.trim()).filter(Boolean);
190732
+ return items && items.length > 0 ? items : void 0;
190733
+ }
190734
+ var DEFAULT_MOBILE_AAD_CLIENT_ID = "195fbb50-69da-45d8-b811-10d18264270b";
190735
+ var DEFAULT_MOBILE_AAD_TENANT_ID = "72f988bf-86f1-41af-91ab-2d7cd011db47";
190736
+ function isTruthyEnv(value) {
190737
+ return ["1", "true", "yes", "on"].includes((value ?? "").trim().toLowerCase());
190738
+ }
190739
+ function resolveMobileAadConfig(env4) {
190740
+ if (isTruthyEnv(env4.MESHY_MOBILE_PAIRING_DISABLED)) {
190741
+ return null;
190742
+ }
190743
+ const tenantId = env4.MESHY_MOBILE_AAD_TENANT_ID?.trim() || DEFAULT_MOBILE_AAD_TENANT_ID;
190744
+ const clientId = env4.MESHY_MOBILE_AAD_CLIENT_ID?.trim() || DEFAULT_MOBILE_AAD_CLIENT_ID;
190745
+ const scopes = splitEnvList(env4.MESHY_MOBILE_AAD_SCOPES) ?? [`api://${clientId}/.default`];
190746
+ const audiences = splitEnvList(env4.MESHY_MOBILE_AAD_AUDIENCES) ?? [`api://${clientId}`, clientId];
190747
+ const allowedTenants = splitEnvList(env4.MESHY_MOBILE_AAD_ALLOWED_TENANTS) ?? [tenantId];
190748
+ const allowedUpns = splitEnvList(env4.MESHY_MOBILE_AAD_ALLOWED_UPNS);
190749
+ const allowedUpnDomains = splitEnvList(env4.MESHY_MOBILE_AAD_ALLOWED_UPN_DOMAINS);
190750
+ return {
190751
+ aad: { tenantId, clientId, scopes },
190752
+ validation: {
190753
+ allowedTenants,
190754
+ audiences,
190755
+ ...allowedUpns ? { allowedUpns } : {},
190756
+ ...allowedUpnDomains ? { allowedUpnDomains } : {}
190757
+ }
190758
+ };
190759
+ }
190760
+ function resolveMobileAadConfigForStartup(args, env4) {
190761
+ if (args.qrCode !== true) {
190762
+ return null;
190763
+ }
190764
+ return resolveMobileAadConfig(env4);
190765
+ }
189627
190766
  function buildTelemetryBaseDimensions(options) {
189628
190767
  return {
189629
190768
  appVersion: options.runtimeMetadata.packageVersion,
@@ -189668,7 +190807,7 @@ function createNodeTelemetry(config2, logger33, baseDimensions) {
189668
190807
  createAzureTelemetryService({ connectionString: config2.connectionString, baseDimensions }),
189669
190808
  { logger: telemetryLogger }
189670
190809
  );
189671
- telemetryLogger.info("Telemetry initialized [succeeded]");
190810
+ telemetryLogger.info("Telemetry initialized [succeeded]. Meshy collects sanitized operational telemetry such as runtime details, feature usage, task lifecycle events, and API route metrics. Prompts, transcripts, request bodies, bearer tokens, raw paths, and raw stack traces are not collected.");
189672
190811
  return telemetry;
189673
190812
  } catch {
189674
190813
  telemetryLogger.warn("Telemetry initialized [failed]");
@@ -189748,6 +190887,7 @@ function registerShutdownHandlers(options) {
189748
190887
  try {
189749
190888
  const telemetry = options.getTelemetry();
189750
190889
  telemetry.trackEvent("runtime.shutdown", { reason, runtimeMode });
190890
+ options.onShutdown?.();
189751
190891
  options.tunnelManager.stopHealthChecks();
189752
190892
  await closeHttpServer(options.server);
189753
190893
  await options.tunnelManager.stop();
@@ -189795,7 +190935,9 @@ async function startNode(args) {
189795
190935
  });
189796
190936
  telemetry.trackEvent("startup.started");
189797
190937
  terminalWriter.line("Checking startup requirements (az, devtunnel, claude, codex, copilot)...");
189798
- const startupRequirements = await ensureNpxStartupTools(config2.storage.path);
190938
+ const startupRequirements = await ensureNpxStartupTools(config2.storage.path, {
190939
+ copilotTunnelEnabled: hydratedArgs.args.ghcTunnel
190940
+ });
189799
190941
  telemetry.trackEvent("startup.preflight.completed", startupRequirementDimensions(startupRequirements));
189800
190942
  terminalWriter.line(
189801
190943
  startupRequirements.skipped ? "Startup requirements already verified today; skipping checks." : "Startup requirements check complete."
@@ -189852,6 +190994,18 @@ async function startNode(args) {
189852
190994
  const previewProxyManager = new PreviewProxyManager();
189853
190995
  let deps;
189854
190996
  let requestShutdownForRestart;
190997
+ const mobileAad = resolveMobileAadConfigForStartup(hydratedArgs.args, process.env);
190998
+ const mobilePairing = mobileAad ? setupMobilePairing({
190999
+ nodeId: self2.id,
191000
+ nodeName: self2.name,
191001
+ logger: logger33,
191002
+ getEndpoint: () => meshyNode.getNodeRegistry().getSelf().endpoint,
191003
+ aad: mobileAad.aad,
191004
+ aadValidation: mobileAad.validation
191005
+ }) : null;
191006
+ if (hydratedArgs.args.qrCode === true && !mobileAad) {
191007
+ logger33.child("mobile-auth").info("mobile pairing disabled via MESHY_MOBILE_PAIRING_DISABLED");
191008
+ }
189855
191009
  const tunnelManager = createTunnelManager({
189856
191010
  authMetadata,
189857
191011
  config: config2,
@@ -189975,7 +191129,9 @@ async function startNode(args) {
189975
191129
  runtimeMetadata,
189976
191130
  previewSessionManager,
189977
191131
  previewProxyManager,
189978
- quickChatStore: createQuickChatStore(config2.storage.path)
191132
+ quickChatStore: createQuickChatStore(config2.storage.path),
191133
+ mobilePairingInvitations: mobilePairing?.service,
191134
+ mobileAadValidator: mobilePairing?.validator
189979
191135
  };
189980
191136
  meshyNode.getLogger().info("configured node auth mode", {
189981
191137
  authEnabled: authMetadata.enabled,
@@ -189999,6 +191155,9 @@ async function startNode(args) {
189999
191155
  terminalWriter.line(`
190000
191156
  ${banner}`);
190001
191157
  printMobileConnectionQrs(terminalWriter, { enabled: hydratedArgs.args.qrCode === true, nodeName: self3.name, nodeEndpoint: self3.endpoint });
191158
+ if (mobilePairing) {
191159
+ printMobilePairingQr(terminalWriter, mobilePairing);
191160
+ }
190002
191161
  telemetry.trackEvent("startup.completed");
190003
191162
  terminalWriter.line("");
190004
191163
  });
@@ -190006,7 +191165,10 @@ ${banner}`);
190006
191165
  server,
190007
191166
  meshyNode,
190008
191167
  tunnelManager,
190009
- getTelemetry: () => telemetry
191168
+ getTelemetry: () => telemetry,
191169
+ onShutdown: () => {
191170
+ mobilePairing?.service.dispose();
191171
+ }
190010
191172
  });
190011
191173
  requestShutdownForRestart = shutdownHandle.requestShutdown;
190012
191174
  await tunnelManager.syncDashboardTransport("startup");