miladyai 2.0.0-alpha.27

package/dist/api/whatsapp-routes.js

@@ -0,0 +1,182 @@
+import { readJsonBody as readJsonBody$1, sendJson } from "./http-helpers.js";
+import { WhatsAppPairingSession, sanitizeAccountId, whatsappAuthExists, whatsappLogout } from "../services/whatsapp-pairing.js";
+import path from "node:path";
+import fs from "node:fs";
+
+//#region src/api/whatsapp-routes.ts
+/**
+* WhatsApp API routes: pair, status, stop, disconnect.
+*
+* Extracted from the main server handler for testability.
+*/
+const MAX_BODY_BYTES = 1048576;
+/** Maximum concurrent pairing sessions to prevent resource exhaustion. */
+const MAX_PAIRING_SESSIONS = 10;
+async function readJsonBody(req, res) {
+	return readJsonBody$1(req, res, { maxBytes: MAX_BODY_BYTES });
+}
+function json(res, data, status = 200) {
+	sendJson(res, data, status);
+}
+/** Returns `true` if handled, `false` to fall through. */
+async function handleWhatsAppRoute(req, res, pathname, method, state) {
+	if (!pathname.startsWith("/api/whatsapp")) return false;
+	if (method === "POST" && pathname === "/api/whatsapp/pair") {
+		const body = await readJsonBody(req, res);
+		let accountId;
+		try {
+			accountId = sanitizeAccountId(body && typeof body.accountId === "string" && body.accountId.trim() ? body.accountId.trim() : "default");
+		} catch (err) {
+			json(res, { error: err.message }, 400);
+			return true;
+		}
+		if (!state.whatsappPairingSessions.has(accountId) && state.whatsappPairingSessions.size >= MAX_PAIRING_SESSIONS) {
+			json(res, { error: `Too many concurrent pairing sessions (max ${MAX_PAIRING_SESSIONS})` }, 429);
+			return true;
+		}
+		const authDir = path.join(state.workspaceDir, "whatsapp-auth", accountId);
+		state.whatsappPairingSessions?.get(accountId)?.stop();
+		const session = new WhatsAppPairingSession({
+			authDir,
+			accountId,
+			onEvent: (event) => {
+				state.broadcastWs?.(event);
+				if (event.status === "connected") {
+					if (!state.config.connectors) state.config.connectors = {};
+					state.config.connectors.whatsapp = {
+						...state.config.connectors.whatsapp ?? {},
+						authDir,
+						enabled: true
+					};
+					try {
+						state.saveConfig();
+					} catch {}
+				}
+			}
+		});
+		state.whatsappPairingSessions.set(accountId, session);
+		try {
+			await session.start();
+			json(res, {
+				ok: true,
+				accountId,
+				status: session.getStatus()
+			});
+		} catch (err) {
+			json(res, {
+				ok: false,
+				error: err instanceof Error ? err.message : String(err)
+			}, 500);
+		}
+		return true;
+	}
+	if (method === "GET" && pathname === "/api/whatsapp/status") {
+		const url = new URL(req.url ?? "/", `http://${req.headers.host ?? "localhost"}`);
+		let accountId;
+		try {
+			accountId = sanitizeAccountId(url.searchParams.get("accountId") || "default");
+		} catch (err) {
+			json(res, { error: err.message }, 400);
+			return true;
+		}
+		const session = state.whatsappPairingSessions?.get(accountId);
+		let serviceConnected = false;
+		let servicePhone = null;
+		if (state.runtime) try {
+			const waService = state.runtime.getService("whatsapp");
+			if (waService) {
+				serviceConnected = Boolean(waService.connected);
+				servicePhone = waService.phoneNumber ?? null;
+			}
+		} catch {}
+		json(res, {
+			accountId,
+			status: session?.getStatus() ?? "idle",
+			authExists: whatsappAuthExists(state.workspaceDir, accountId),
+			serviceConnected,
+			servicePhone
+		});
+		return true;
+	}
+	if (method === "POST" && pathname === "/api/whatsapp/pair/stop") {
+		const body = await readJsonBody(req, res);
+		let accountId;
+		try {
+			accountId = sanitizeAccountId(body && typeof body.accountId === "string" && body.accountId.trim() ? body.accountId.trim() : "default");
+		} catch (err) {
+			json(res, { error: err.message }, 400);
+			return true;
+		}
+		const session = state.whatsappPairingSessions?.get(accountId);
+		if (session) {
+			session.stop();
+			state.whatsappPairingSessions?.delete(accountId);
+		}
+		json(res, {
+			ok: true,
+			accountId,
+			status: "idle"
+		});
+		return true;
+	}
+	if (method === "POST" && pathname === "/api/whatsapp/disconnect") {
+		const body = await readJsonBody(req, res);
+		let accountId;
+		try {
+			accountId = sanitizeAccountId(body && typeof body.accountId === "string" && body.accountId.trim() ? body.accountId.trim() : "default");
+		} catch (err) {
+			json(res, { error: err.message }, 400);
+			return true;
+		}
+		const session = state.whatsappPairingSessions?.get(accountId);
+		if (session) {
+			session.stop();
+			state.whatsappPairingSessions?.delete(accountId);
+		}
+		try {
+			await whatsappLogout(state.workspaceDir, accountId);
+		} catch (logoutErr) {
+			console.warn(`[whatsapp] Logout failed for ${accountId}, deleting auth files directly:`, logoutErr instanceof Error ? logoutErr.message : String(logoutErr));
+			const authDir = path.join(state.workspaceDir, "whatsapp-auth", accountId);
+			try {
+				fs.rmSync(authDir, {
+					recursive: true,
+					force: true
+				});
+			} catch {}
+		}
+		if (state.config.connectors) {
+			delete state.config.connectors.whatsapp;
+			try {
+				state.saveConfig();
+			} catch {}
+		}
+		json(res, {
+			ok: true,
+			accountId
+		});
+		return true;
+	}
+	return false;
+}
+/**
+* When WhatsApp is connected via QR code (Baileys auth on disk), mark the
+* plugin entry as configured and clear validation errors so the UI doesn't
+* show misleading "missing API key" warnings.
+*/
+function applyWhatsAppQrOverride(plugins, workspaceDir) {
+	try {
+		const waCredsPath = path.join(workspaceDir, "whatsapp-auth", "default", "creds.json");
+		if (fs.existsSync(waCredsPath)) {
+			const waPlugin = plugins.find((p) => p.id === "whatsapp");
+			if (waPlugin) {
+				waPlugin.validationErrors = [];
+				waPlugin.configured = true;
+				waPlugin.qrConnected = true;
+			}
+		}
+	} catch {}
+}
+
+//#endregion
+export { applyWhatsAppQrOverride, handleWhatsAppRoute };

package/dist/api/zip-utils.js

@@ -0,0 +1,109 @@
+//#region src/api/zip-utils.ts
+const CRC32_TABLE = new Uint32Array(256);
+for (let i = 0; i < 256; i += 1) {
+	let crc = i;
+	for (let j = 0; j < 8; j += 1) if ((crc & 1) === 1) crc = crc >>> 1 ^ 3988292384;
+	else crc >>>= 1;
+	CRC32_TABLE[i] = crc >>> 0;
+}
+function normalizeZipEntryName(name) {
+	const normalized = name.replaceAll("\\", "/").replace(/^\/+/, "");
+	if (!normalized) throw new Error("ZIP entry name cannot be empty");
+	if (normalized.includes("\0")) throw new Error("ZIP entry name contains invalid null byte");
+	const parts = normalized.split("/");
+	for (const part of parts) if (part === "." || part === "..") throw new Error(`ZIP entry name is not safe: ${name}`);
+	return normalized;
+}
+function toBuffer(data) {
+	if (Buffer.isBuffer(data)) return data;
+	if (typeof data === "string") return Buffer.from(data, "utf-8");
+	return Buffer.from(data);
+}
+function crc32(buffer) {
+	let crc = 4294967295;
+	for (const byte of buffer) {
+		const index = (crc ^ byte) & 255;
+		crc = crc >>> 8 ^ (CRC32_TABLE[index] ?? 0);
+	}
+	return (crc ^ 4294967295) >>> 0;
+}
+function toDosDateTime(date) {
+	const year = Math.min(Math.max(date.getFullYear(), 1980), 2107);
+	const month = Math.min(Math.max(date.getMonth() + 1, 1), 12);
+	const day = Math.min(Math.max(date.getDate(), 1), 31);
+	const hours = Math.min(Math.max(date.getHours(), 0), 23);
+	const minutes = Math.min(Math.max(date.getMinutes(), 0), 59);
+	const seconds = Math.min(Math.max(Math.floor(date.getSeconds() / 2), 0), 29);
+	const dosDate = year - 1980 << 9 | month << 5 | day;
+	const dosTime = hours << 11 | minutes << 5 | seconds;
+	return {
+		date: dosDate & 65535,
+		time: dosTime & 65535
+	};
+}
+function createZipArchive(entries) {
+	if (entries.length > 65535) throw new Error("ZIP export supports up to 65535 files");
+	const fileParts = [];
+	const centralDirectoryParts = [];
+	let offset = 0;
+	for (const entry of entries) {
+		const name = normalizeZipEntryName(entry.name);
+		const nameBuffer = Buffer.from(name, "utf-8");
+		const dataBuffer = toBuffer(entry.data);
+		const checksum = crc32(dataBuffer);
+		const { date, time } = toDosDateTime(entry.mtime ?? /* @__PURE__ */ new Date());
+		const localHeader = Buffer.alloc(30 + nameBuffer.length);
+		localHeader.writeUInt32LE(67324752, 0);
+		localHeader.writeUInt16LE(20, 4);
+		localHeader.writeUInt16LE(0, 6);
+		localHeader.writeUInt16LE(0, 8);
+		localHeader.writeUInt16LE(time, 10);
+		localHeader.writeUInt16LE(date, 12);
+		localHeader.writeUInt32LE(checksum, 14);
+		localHeader.writeUInt32LE(dataBuffer.length, 18);
+		localHeader.writeUInt32LE(dataBuffer.length, 22);
+		localHeader.writeUInt16LE(nameBuffer.length, 26);
+		localHeader.writeUInt16LE(0, 28);
+		nameBuffer.copy(localHeader, 30);
+		const centralHeader = Buffer.alloc(46 + nameBuffer.length);
+		centralHeader.writeUInt32LE(33639248, 0);
+		centralHeader.writeUInt16LE(20, 4);
+		centralHeader.writeUInt16LE(20, 6);
+		centralHeader.writeUInt16LE(0, 8);
+		centralHeader.writeUInt16LE(0, 10);
+		centralHeader.writeUInt16LE(time, 12);
+		centralHeader.writeUInt16LE(date, 14);
+		centralHeader.writeUInt32LE(checksum, 16);
+		centralHeader.writeUInt32LE(dataBuffer.length, 20);
+		centralHeader.writeUInt32LE(dataBuffer.length, 24);
+		centralHeader.writeUInt16LE(nameBuffer.length, 28);
+		centralHeader.writeUInt16LE(0, 30);
+		centralHeader.writeUInt16LE(0, 32);
+		centralHeader.writeUInt16LE(0, 34);
+		centralHeader.writeUInt16LE(0, 36);
+		centralHeader.writeUInt32LE(0, 38);
+		centralHeader.writeUInt32LE(offset, 42);
+		nameBuffer.copy(centralHeader, 46);
+		fileParts.push(localHeader, dataBuffer);
+		centralDirectoryParts.push(centralHeader);
+		offset += localHeader.length + dataBuffer.length;
+	}
+	const centralDirectory = Buffer.concat(centralDirectoryParts);
+	const endOfCentralDirectory = Buffer.alloc(22);
+	endOfCentralDirectory.writeUInt32LE(101010256, 0);
+	endOfCentralDirectory.writeUInt16LE(0, 4);
+	endOfCentralDirectory.writeUInt16LE(0, 6);
+	endOfCentralDirectory.writeUInt16LE(entries.length, 8);
+	endOfCentralDirectory.writeUInt16LE(entries.length, 10);
+	endOfCentralDirectory.writeUInt32LE(centralDirectory.length, 12);
+	endOfCentralDirectory.writeUInt32LE(offset, 16);
+	endOfCentralDirectory.writeUInt16LE(0, 20);
+	return Buffer.concat([
+		...fileParts,
+		centralDirectory,
+		endOfCentralDirectory
+	]);
+}
+
+//#endregion
+export { createZipArchive };

package/dist/apps-hyperscape-routes.js

@@ -0,0 +1,58 @@
+//#region src/api/apps-hyperscape-routes.ts
+async function handleAppsHyperscapeRoutes(ctx) {
+	const { req, res, method, pathname, relayHyperscapeApi, readJsonBody, error } = ctx;
+	if (method === "GET" && pathname === "/api/apps/hyperscape/embedded-agents") {
+		await relayHyperscapeApi("GET", "/api/embedded-agents");
+		return true;
+	}
+	if (method === "POST" && pathname === "/api/apps/hyperscape/embedded-agents") {
+		await relayHyperscapeApi("POST", "/api/embedded-agents");
+		return true;
+	}
+	if (method === "POST") {
+		const embeddedActionMatch = pathname.match(/^\/api\/apps\/hyperscape\/embedded-agents\/([^/]+)\/(start|stop|pause|resume|command)$/);
+		if (embeddedActionMatch) {
+			const characterId = decodeURIComponent(embeddedActionMatch[1]);
+			const action = embeddedActionMatch[2];
+			await relayHyperscapeApi("POST", `/api/embedded-agents/${encodeURIComponent(characterId)}/${action}`);
+			return true;
+		}
+		const messageMatch = pathname.match(/^\/api\/apps\/hyperscape\/agents\/([^/]+)\/message$/);
+		if (messageMatch) {
+			const agentId = decodeURIComponent(messageMatch[1]);
+			const body = await readJsonBody(req, res);
+			if (!body) return true;
+			const content = body.content?.trim();
+			if (!content) {
+				error(res, "content is required");
+				return true;
+			}
+			await relayHyperscapeApi("POST", `/api/embedded-agents/${encodeURIComponent(agentId)}/command`, {
+				rawBodyOverride: JSON.stringify({
+					command: "chat",
+					data: { message: content }
+				}),
+				contentTypeOverride: "application/json"
+			});
+			return true;
+		}
+	}
+	if (method === "GET") {
+		const goalMatch = pathname.match(/^\/api\/apps\/hyperscape\/agents\/([^/]+)\/goal$/);
+		if (goalMatch) {
+			const agentId = decodeURIComponent(goalMatch[1]);
+			await relayHyperscapeApi("GET", `/api/agents/${encodeURIComponent(agentId)}/goal`);
+			return true;
+		}
+		const quickActionsMatch = pathname.match(/^\/api\/apps\/hyperscape\/agents\/([^/]+)\/quick-actions$/);
+		if (quickActionsMatch) {
+			const agentId = decodeURIComponent(quickActionsMatch[1]);
+			await relayHyperscapeApi("GET", `/api/agents/${encodeURIComponent(agentId)}/quick-actions`);
+			return true;
+		}
+	}
+	return false;
+}
+
+//#endregion
+export { handleAppsHyperscapeRoutes };

package/dist/apps-routes.js

@@ -0,0 +1,114 @@
+//#region src/api/apps-routes.ts
+function isNonAppRegistryPlugin(plugin) {
+	if (plugin.kind === "app") return false;
+	const name = plugin.name.toLowerCase();
+	const npmPackage = plugin.npm.package.toLowerCase();
+	return !name.includes("/app-") && !npmPackage.includes("/app-");
+}
+function isNonAppSearchResult(plugin) {
+	const name = plugin.name.toLowerCase();
+	const npmPackage = plugin.npmPackage.toLowerCase();
+	return !name.includes("/app-") && !npmPackage.includes("/app-");
+}
+async function handleAppsRoutes(ctx) {
+	const { req, res, method, pathname, url, appManager, getPluginManager, parseBoundedLimit, readJsonBody, json, error, runtime } = ctx;
+	if (method === "GET" && pathname === "/api/apps") {
+		const pluginManager = getPluginManager();
+		json(res, await appManager.listAvailable(pluginManager));
+		return true;
+	}
+	if (method === "GET" && pathname === "/api/apps/search") {
+		const query = url.searchParams.get("q") ?? "";
+		if (!query.trim()) {
+			json(res, []);
+			return true;
+		}
+		const limit = parseBoundedLimit(url.searchParams.get("limit"));
+		const pluginManager = getPluginManager();
+		json(res, await appManager.search(pluginManager, query, limit));
+		return true;
+	}
+	if (method === "GET" && pathname === "/api/apps/installed") {
+		const pluginManager = getPluginManager();
+		json(res, await appManager.listInstalled(pluginManager));
+		return true;
+	}
+	if (method === "POST" && pathname === "/api/apps/launch") {
+		const body = await readJsonBody(req, res);
+		if (!body) return true;
+		if (!body.name?.trim()) {
+			error(res, "name is required");
+			return true;
+		}
+		const pluginManager = getPluginManager();
+		json(res, await appManager.launch(pluginManager, body.name.trim(), (_progress) => {}, runtime));
+		return true;
+	}
+	if (method === "POST" && pathname === "/api/apps/stop") {
+		const body = await readJsonBody(req, res);
+		if (!body) return true;
+		if (!body.name?.trim()) {
+			error(res, "name is required");
+			return true;
+		}
+		const appName = body.name.trim();
+		const pluginManager = getPluginManager();
+		json(res, await appManager.stop(pluginManager, appName));
+		return true;
+	}
+	if (method === "GET" && pathname.startsWith("/api/apps/info/")) {
+		const appName = decodeURIComponent(pathname.slice(15));
+		if (!appName) {
+			error(res, "app name is required");
+			return true;
+		}
+		const pluginManager = getPluginManager();
+		const info = await appManager.getInfo(pluginManager, appName);
+		if (!info) {
+			error(res, `App "${appName}" not found in registry`, 404);
+			return true;
+		}
+		json(res, info);
+		return true;
+	}
+	if (method === "GET" && pathname === "/api/apps/plugins") {
+		try {
+			const registry = await getPluginManager().refreshRegistry();
+			json(res, Array.from(registry.values()).filter(isNonAppRegistryPlugin));
+		} catch (err) {
+			error(res, `Failed to list plugins: ${err instanceof Error ? err.message : String(err)}`, 502);
+		}
+		return true;
+	}
+	if (method === "GET" && pathname === "/api/apps/plugins/search") {
+		const query = url.searchParams.get("q") ?? "";
+		if (!query.trim()) {
+			json(res, []);
+			return true;
+		}
+		try {
+			const limit = parseBoundedLimit(url.searchParams.get("limit"));
+			json(res, (await getPluginManager().searchRegistry(query, limit)).filter(isNonAppSearchResult));
+		} catch (err) {
+			error(res, `Plugin search failed: ${err instanceof Error ? err.message : String(err)}`, 502);
+		}
+		return true;
+	}
+	if (method === "POST" && pathname === "/api/apps/refresh") {
+		try {
+			const registry = await getPluginManager().refreshRegistry();
+			const count = Array.from(registry.values()).filter(isNonAppRegistryPlugin).length;
+			json(res, {
+				ok: true,
+				count
+			});
+		} catch (err) {
+			error(res, `Refresh failed: ${err instanceof Error ? err.message : String(err)}`, 502);
+		}
+		return true;
+	}
+	return false;
+}
+
+//#endregion
+export { handleAppsRoutes };

package/dist/ascii.js

@@ -0,0 +1,20 @@
+//#region src/ascii.ts
+const ascii = `     
+        miladym                        iladym      
+    iladymil                                ady    
+    mil                                         ad   
+ymi                                   ladymila     
+dym                                    ila dymila    
+dy       miladymil                     ady   milady   
+    miladymilad                     ymila dymilady  
+    mi    ladymila                   dymiladymil     
+adymiladymiladymi                  l  adymila d    
+ym   iladymiladymil                 ad ymilad  y    
+m  il  adymiladym  i                  l   ad   y     
+    mi  ladymila  dy                    mi           
+    la          dy                         mil      
+        ad      ym                                   
+        iladym`;
+
+//#endregion
+export { ascii };

package/dist/auth/anthropic.js

@@ -0,0 +1,44 @@
+import { loginAnthropic, refreshAnthropicToken } from "@mariozechner/pi-ai";
+
+//#region src/auth/anthropic.ts
+/**
+* Anthropic OAuth flow (Claude Pro/Max subscription)
+*
+* Wraps @mariozechner/pi-ai's loginAnthropic for server-side use.
+* The pi-ai callback API is adapted to a start/exchange pattern
+* for HTTP route handlers.
+*/
+/**
+* Start the Anthropic OAuth flow.
+* Returns an auth URL and a way to submit the code + get credentials.
+*/
+async function startAnthropicLogin() {
+	let authUrl = "";
+	let resolveCode = null;
+	let resolveUrlReady = null;
+	const codePromise = new Promise((resolve) => {
+		resolveCode = resolve;
+	});
+	const urlReady = new Promise((resolve) => {
+		resolveUrlReady = resolve;
+	});
+	const credentials = loginAnthropic((url) => {
+		authUrl = url;
+		resolveUrlReady?.();
+	}, () => codePromise);
+	await urlReady;
+	return {
+		authUrl,
+		submitCode: (code) => resolveCode?.(code),
+		credentials
+	};
+}
+/**
+* Refresh an expired Anthropic token.
+*/
+async function refreshAnthropicToken$1(refreshToken) {
+	return refreshAnthropicToken(refreshToken);
+}
+
+//#endregion
+export { refreshAnthropicToken$1 as refreshAnthropicToken, startAnthropicLogin };

package/dist/auth/apply-stealth.js

@@ -0,0 +1,41 @@
+import { installClaudeCodeStealthFetchInterceptor } from "./claude-code-stealth.js";
+import path from "node:path";
+import fs from "node:fs";
+import { fileURLToPath } from "node:url";
+
+//#region src/auth/apply-stealth.ts
+/**
+* Walk up from `startDir` until we find a directory containing package.json
+* with name "milaidy". Returns the directory path, or falls back to `startDir`.
+*/
+/** @internal Exported for testing only. */
+function findProjectRoot(startDir) {
+	let dir = startDir;
+	const { root } = path.parse(dir);
+	while (dir !== root) {
+		const pkgPath = path.join(dir, "package.json");
+		try {
+			const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf-8"));
+			if (typeof pkg.name === "string" && pkg.name.toLowerCase() === "milaidy") return dir;
+		} catch {}
+		dir = path.dirname(dir);
+	}
+	return startDir;
+}
+function applyClaudeCodeStealth() {
+	if (!process.env.ANTHROPIC_API_KEY?.startsWith("sk-ant-oat")) return;
+	installClaudeCodeStealthFetchInterceptor();
+}
+const OPENAI_STEALTH_GUARD = Symbol.for("milady.openaiCodexStealthInstalled");
+async function applyOpenAICodexStealth() {
+	if (globalThis[OPENAI_STEALTH_GUARD]) return;
+	const apiKey = process.env.OPENAI_API_KEY;
+	if (!apiKey) return;
+	if (apiKey.startsWith("sk-")) return;
+	const projectRoot = findProjectRoot(path.dirname(fileURLToPath(import.meta.url)));
+	await import(path.join(projectRoot, "openai-codex-stealth.mjs"));
+	globalThis[OPENAI_STEALTH_GUARD] = true;
+}
+
+//#endregion
+export { applyClaudeCodeStealth, applyOpenAICodexStealth };

package/dist/auth/claude-code-stealth.js

@@ -0,0 +1,78 @@
+//#region src/auth/claude-code-stealth.ts
+const STEALTH_GUARD = Symbol.for("milady.claudeCodeStealthInstalled");
+const CLAUDE_CODE_VERSION = "2.1.2";
+const CLAUDE_CODE_SYSTEM_PREFIX = "You are Claude Code, Anthropic's official CLI for Claude.";
+const ANTHROPIC_BETA = "claude-code-20250219,oauth-2025-04-20,fine-grained-tool-streaming-2025-05-14,interleaved-thinking-2025-05-14";
+function isSetupToken(value) {
+	return typeof value === "string" && value.startsWith("sk-ant-oat");
+}
+function getUrl(input) {
+	try {
+		if (typeof input === "string") return new URL(input);
+		if (input instanceof URL) return input;
+		return new URL(input.url);
+	} catch {
+		return null;
+	}
+}
+function addSystemPrefix(body) {
+	if (!body || typeof body !== "object") return body;
+	const next = body;
+	const prefix = {
+		type: "text",
+		text: CLAUDE_CODE_SYSTEM_PREFIX
+	};
+	if (Array.isArray(next.system)) {
+		if (!next.system.some((block) => block?.text?.startsWith("You are Claude Code"))) next.system.unshift(prefix);
+	} else if (typeof next.system === "string") next.system = [prefix, {
+		type: "text",
+		text: next.system
+	}];
+	else next.system = [prefix];
+	return next;
+}
+function installClaudeCodeStealthFetchInterceptor() {
+	if (globalThis[STEALTH_GUARD]) return;
+	const originalFetch = globalThis.fetch.bind(globalThis);
+	const stealthFetch = async function stealthFetch(input, init) {
+		const url = getUrl(input);
+		if (!url || url.hostname !== "api.anthropic.com") return originalFetch(input, init);
+		const request = input instanceof Request ? input : null;
+		const headers = new Headers(init?.headers ?? request?.headers ?? void 0);
+		const apiKey = headers.get("x-api-key");
+		const authHeader = headers.get("authorization");
+		const bearerToken = authHeader?.startsWith("Bearer ") ? authHeader.slice(7) : null;
+		const setupToken = isSetupToken(apiKey) ? apiKey : isSetupToken(bearerToken) ? bearerToken : null;
+		if (!setupToken) return originalFetch(input, init);
+		headers.delete("x-api-key");
+		headers.set("authorization", `Bearer ${setupToken}`);
+		headers.set("anthropic-beta", ANTHROPIC_BETA);
+		headers.set("user-agent", `claude-cli/${CLAUDE_CODE_VERSION} (external, cli)`);
+		headers.set("x-app", "cli");
+		let body = init?.body ?? request?.body;
+		if (typeof body === "string") try {
+			const updated = addSystemPrefix(JSON.parse(body));
+			body = JSON.stringify(updated);
+			console.log(`[stealth] Patched Anthropic request for ${String(updated.model ?? "unknown-model")}`);
+		} catch {
+			console.log("[stealth] Anthropic request body was not JSON; skipping system prefix");
+		}
+		const nextInit = {
+			...init,
+			headers,
+			body: init ? body : void 0
+		};
+		if (request && !init) return originalFetch(new Request(request, {
+			headers,
+			body: typeof body === "string" ? body : void 0
+		}));
+		return originalFetch(input, nextInit);
+	};
+	if ("preconnect" in globalThis.fetch) stealthFetch.preconnect = globalThis.fetch.preconnect;
+	globalThis.fetch = stealthFetch;
+	globalThis[STEALTH_GUARD] = true;
+	console.log("[stealth] Claude Code setup token runtime support enabled");
+}
+
+//#endregion
+export { installClaudeCodeStealthFetchInterceptor };