omnius 1.0.341 → 1.0.343

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,229 @@
1
+ # Auth Map — Where Authentication/Authorization is Handled Across Omnius
2
+
3
+ > Auto-generated from codebase scan. Covers all packages and apps.
4
+
5
+ ## Summary
6
+
7
+ Omnius has **no centralized auth system** (no login, no JWT, no session cookies, no OAuth). Authentication is handled **peripherally** in three ways:
8
+
9
+ 1. **External provider auth** — API keys/tokens for remote inference providers (OpenAI, Anthropic, etc.)
10
+ 2. **Secret redaction** — preventing credential leaks in logs/tool output
11
+ 3. **Session-scoped permissions** — internal permission rules for sub-agent handoffs
12
+
13
+ There is **zero auth on the REST daemon** (`apps/api`) — all routes are open.
14
+
15
+ ---
16
+
17
+ ## 1. apps/api (REST Daemon) — NO AUTH
18
+
19
+ | File | Finding |
20
+ |------|---------|
21
+ | `apps/api/src/app.ts` | Helmet, CORS, compression, morgan. **No auth middleware, no API key check, no bearer validation.** |
22
+ | `apps/api/src/routes/sessions.ts` | In-memory Map-based session store. **No auth on any route** (POST/GET/DELETE all accept unauthenticated requests). |
23
+ | `apps/api/src/routes/health.ts` | Health check — no auth needed. |
24
+ | `apps/api/src/middleware/error-handler.ts` | Error handling only. |
25
+
26
+ **Verdict:** The REST daemon is completely open. Any caller can create sessions, send messages, list/delete sessions.
27
+
28
+ ---
29
+
30
+ ## 2. apps/worker (Background Worker) — NO AUTH
31
+
32
+ | File | Finding |
33
+ |------|---------|
34
+ | `apps/worker/src/queue.ts` | Only references `sessionId: string` in queue job types. No auth logic. |
35
+
36
+ **Verdict:** Worker processes tasks from the queue without auth checks. Trusts the API daemon to route correctly.
37
+
38
+ ---
39
+
40
+ ## 3. packages/cli — Provider Auth + Secret Redaction
41
+
42
+ ### 3a. Provider API Key Configuration
43
+
44
+ | File | Line | Finding |
45
+ |------|------|---------|
46
+ | `packages/cli/src/config.ts` | 32 | `/** Optional Bearer token for authenticated vLLM deployments */` — config field for vLLM auth |
47
+ | `packages/cli/src/config.ts` | 50 | Tool-calling session opt-in logic (not auth, but session-scoped) |
48
+
49
+ ### 3b. Secret Redaction (preventing credential leaks)
50
+
51
+ | File | Finding |
52
+ |------|---------|
53
+ | `packages/cli/src/redact/secret-redactor.ts` | Comprehensive regex-based secret redactor. Detects and masks: |
54
+ | | - Known API key prefixes: `sk-`, `sk-or-`, `gsk_`, `fw_`, `cpk_`, `csk-`, `nvapi-`, `xox[baprs]-`, `hf_`, `r8_`, `npm_`, `pypi-`, `gAAAA` |
55
+ | | - Generic patterns: `api_key`, `token`, `secret`, `password`, `access_token`, `refresh_token`, `auth_token`, `bearer` |
56
+ | | - Short tokens (<18 chars) → fully masked (`***`). Longer → partial (`sk-..yKey`) |
57
+
58
+ ### 3c. Session State
59
+
60
+ | File | Finding |
61
+ |------|---------|
62
+ | `packages/cli/src/state/store.ts` | `closeSession(sessionId, endReason)` — session lifecycle management. Token counting (input/output/cache_read/cache_write/reasoning). No auth. |
63
+
64
+ ---
65
+
66
+ ## 4. packages/backend-vllm — Provider Auth (API Keys)
67
+
68
+ ### 4a. Provider Auth Configuration
69
+
70
+ | File | Line | Provider | authRequired | keyPrefix |
71
+ |------|------|----------|-------------|-----------|
72
+ | `packages/backend-vllm/src/normalizeUrl.ts` | 81 | Anthropic | true | `sk-ant-` |
73
+ | `packages/backend-vllm/src/normalizeUrl.ts` | 85 | OpenAI | true | `sk-` |
74
+ | `packages/backend-vllm/src/normalizeUrl.ts` | 89 | Together AI | true | — |
75
+ | `packages/backend-vllm/src/normalizeUrl.ts` | 93 | Groq | true | `gsk_` |
76
+ | `packages/backend-vllm/src/normalizeUrl.ts` | 97 | OpenRouter | true | `sk-or-` |
77
+ | `packages/backend-vllm/src/normalizeUrl.ts` | 101 | Fireworks AI | true | `fw_` |
78
+ | `packages/backend-vllm/src/normalizeUrl.ts` | 105 | DeepInfra | true | — |
79
+ | `packages/backend-vllm/src/normalizeUrl.ts` | 109 | Mistral AI | true | — |
80
+ | `packages/backend-vllm/src/normalizeUrl.ts` | 113 | Chutes AI | true | `cpk_` |
81
+ | `packages/backend-vllm/src/normalizeUrl.ts` | 117 | Cerebras | true | `csk-` |
82
+ | `packages/backend-vllm/src/normalizeUrl.ts` | 121 | SambaNova | true | — |
83
+ | `packages/backend-vllm/src/normalizeUrl.ts` | 125 | NVIDIA NIM | true | `nvapi-` |
84
+ | `packages/backend-vllm/src/normalizeUrl.ts` | 129 | Hyperbolic | true | — |
85
+ | `packages/backend-vllm/src/normalizeUrl.ts` | 134 | Ollama (local) | **false** | — |
86
+
87
+ ### 4b. Runtime Auth Headers
88
+
89
+ | File | Line | Finding |
90
+ |------|------|---------|
91
+ | `packages/backend-vllm/src/VllmBackend.ts` | 217 | `private authHeaders(): Record<string, string>` — builds auth headers for vLLM requests |
92
+ | `packages/backend-vllm/src/VllmBackend.ts` | 237 | Uses `authHeaders()` in fetch calls |
93
+
94
+ **Verdict:** Provider auth is key-based (Bearer tokens). No OAuth flow. Keys are configured in CLI config and passed as headers.
95
+
96
+ ---
97
+
98
+ ## 5. packages/orchestrator — Session-Scoped Permissions
99
+
100
+ ### 5a. Permission Ruleset (sub-agent authorization)
101
+
102
+ | File | Finding |
103
+ |------|---------|
104
+ | `packages/orchestrator/src/permissionRuleset.ts` | **The only authorization logic in the codebase.** Implements: |
105
+ | | - Parent session deny rules (cascade to sub-agents) |
106
+ | | - Parent agent deny rules |
107
+ | | - External directory rules forwarded to sub-agent sessions |
108
+ | | - "Forwarding pattern" — parent agent denies + parent session denies + external_directory rules cascade |
109
+
110
+ ### 5b. Session Metrics
111
+
112
+ | File | Finding |
113
+ |------|---------|
114
+ | `packages/orchestrator/src/sessionMetrics.ts` | Tracks `sessionDurationMs`, token usage, context estimates. No auth. |
115
+
116
+ ### 5c. Adversarial Handoffs (test data only)
117
+
118
+ | File | Finding |
119
+ |------|---------|
120
+ | `packages/orchestrator/src/adversarialHandoffs.ts` | Contains test scenarios referencing logout/session cleanup (lines 324-369). These are **test fixtures**, not production auth code. |
121
+
122
+ ---
123
+
124
+ ## 6. packages/execution — Session Key Reservation + Secret Detection
125
+
126
+ ### 6a. Model Broker (session key reservation)
127
+
128
+ | File | Line | Finding |
129
+ |------|------|---------|
130
+ | `packages/execution/src/model-broker.ts` | 205-207 | `sessionKey?: string` — reserved per-chat session key for guaranteed slots |
131
+ | `packages/execution/src/model-broker.ts` | 361-362 | `_reservedBySession: Map<string, string>` — reserved slots per sessionKey |
132
+ | `packages/execution/src/model-broker.ts` | 1271-1277 | Reserved slot path: per-session, one outstanding slot per sessionKey |
133
+
134
+ ### 6b. Secret Detector (MCP)
135
+
136
+ | File | Finding |
137
+ |------|---------|
138
+ | `packages/execution/src/mcp/secret-detector.ts` | `matchType: "auth-header"` — detects auth header prefixes in strings. Sensitive field name tracking. |
139
+
140
+ ---
141
+
142
+ ## 7. packages/indexer — Auth Domain Classification (metadata only)
143
+
144
+ | File | Line | Finding |
145
+ |------|------|---------|
146
+ | `packages/indexer/src/fileSummarizer.ts` | 30 | `ownershipArea` field: "Logical ownership area (e.g. 'auth', 'api', 'db', 'frontend')" |
147
+ | `packages/indexer/src/fileSummarizer.ts` | 54 | Path regex: `/\/(auth|authentication|login|session|jwt|oauth|passport)/` → classifies as "auth" domain |
148
+ | `packages/indexer/src/fileSummarizer.ts` | 80 | Domain keyword `/auth/i` in file content |
149
+ | `packages/indexer/src/fileSummarizer.ts` | 119 | `if (domain === "auth") return "high"` — auth domain files get high priority |
150
+
151
+ **Verdict:** The indexer classifies files as "auth" domain for indexing priority, but this is metadata, not auth enforcement.
152
+
153
+ ---
154
+
155
+ ## 8. packages/memory — Session-Scoped Memory
156
+
157
+ | File | Finding |
158
+ |------|---------|
159
+ | `packages/memory/src/selfModel.ts` | `DECAY_CLASSES: ["session", "daily", "procedural", "permanent"]` — session-scoped memory decay |
160
+ | `packages/memory/src/toolOutcomes.ts` | `Reset (e.g., on session start before restoring from store)` |
161
+ | `packages/memory/src/predictionStore.ts` | `tokenSimilarity()` — token-based string comparison (not auth tokens) |
162
+
163
+ ---
164
+
165
+ ## 9. packages/schemas — Session Schema
166
+
167
+ | File | Finding |
168
+ |------|---------|
169
+ | `packages/schemas/src/messages.ts` | `sessionId: z.string().uuid()` — session ID schema |
170
+ | `packages/schemas/src/index.ts` | `export { SessionSchema, type Session }` |
171
+ | `packages/schemas/src/memory.ts` | `ownershipArea` field: "Logical ownership area (e.g. 'auth', 'api', 'db', 'frontend')" |
172
+
173
+ ---
174
+
175
+ ## 10. packages/retrieval — No Auth
176
+
177
+ | File | Finding |
178
+ |------|---------|
179
+ | `packages/retrieval/src/semanticSearch.ts` | "auth" appears only as an example query term: `Example: "auth middleware +api -test ~service"` |
180
+ | `packages/retrieval/src/snippetPacker.ts` | Token budget logic (not auth tokens) |
181
+
182
+ ---
183
+
184
+ ## 11. packages/prompts — No Auth
185
+
186
+ No auth-related code found.
187
+
188
+ ---
189
+
190
+ ## Consolidated Auth Architecture
191
+
192
+ ```
193
+ ┌─────────────────────────────────────────────────────────────────┐
194
+ │ AUTH IN OMNIUS │
195
+ │ │
196
+ │ 1. PROVIDER AUTH (API Keys) │
197
+ │ ├── CLI config → bearer tokens for remote providers │
198
+ │ ├── backend-vllm → authHeaders() for vLLM requests │
199
+ │ ├── 14 remote providers configured (all require API keys) │
200
+ │ └── Ollama (local) → no auth required │
201
+ │ │
202
+ │ 2. SECRET REDACTION │
203
+ │ ├── CLI secret-redactor.ts — regex-based masking │
204
+ │ ├── MCP secret-detector.ts — auth header detection │
205
+ │ └── Covers: sk-, gsk_, hf_, npm_, pypi-, etc. │
206
+ │ │
207
+ │ 3. SESSION-SCOPED PERMISSIONS (internal) │
208
+ │ ├── orchestrator/permissionRuleset.ts — deny cascade │
209
+ │ ├── execution/model-broker.ts — sessionKey slot reservation│
210
+ │ └── memory/selfModel.ts — session-scoped decay │
211
+ │ │
212
+ │ 4. REST DAEMON — NO AUTH │
213
+ │ ├── apps/api — helmet + cors only │
214
+ │ ├── sessionsRouter — in-memory, no auth │
215
+ │ └── healthRouter — open │
216
+ │ │
217
+ │ 5. WORKER — NO AUTH │
218
+ │ └── Trusts API daemon for routing │
219
+ └─────────────────────────────────────────────────────────────────┘
220
+ ```
221
+
222
+ ## Key Gaps
223
+
224
+ 1. **REST daemon has zero authentication** — anyone can create sessions, send messages, and read responses
225
+ 2. **No OAuth flows** — all provider auth is static API keys
226
+ 3. **No rate limiting** — no rate-limit middleware in the API
227
+ 4. **No CSRF protection** — CORS is enabled but no CSRF tokens
228
+ 5. **No session validation** — sessions are in-memory Map, no persistence or validation
229
+ 6. **No admin/auth endpoints** — no login, logout, or user management
@@ -111,9 +111,12 @@ pnpm docs:check
111
111
  | `GET` | `/v1/skills/{name}` | Load skill content |
112
112
  | `GET` | `/v1/commands` | List slash commands |
113
113
  | `POST` | `/v1/commands/{cmd}` | Execute slash command |
114
- | `GET` | `/v1/tools` | List tools |
114
+ | `GET` | `/v1/tools` | List tools (built-in + external) |
115
+ | `POST` | `/v1/tools/register` | Register an application-specific external tool |
115
116
  | `GET` | `/v1/tools/{name}` | Tool metadata |
117
+ | `DELETE` | `/v1/tools/{name}` | Unregister an external tool |
116
118
  | `POST` | `/v1/tools/{name}/call` | Call tool |
119
+ | `POST` | `/v1/tools/{name}/eval` | Evaluate an external tool against test cases |
117
120
  | `GET` | `/v1/mcps` | List MCP servers |
118
121
  | `GET` | `/v1/mcps/{name}` | MCP server details |
119
122
  | `POST` | `/v1/mcps/{name}/call` | Call MCP tool |
@@ -1,12 +1,12 @@
1
1
  {
2
2
  "name": "omnius",
3
- "version": "1.0.341",
3
+ "version": "1.0.343",
4
4
  "lockfileVersion": 3,
5
5
  "requires": true,
6
6
  "packages": {
7
7
  "": {
8
8
  "name": "omnius",
9
- "version": "1.0.341",
9
+ "version": "1.0.343",
10
10
  "bundleDependencies": [
11
11
  "image-to-ascii"
12
12
  ],
@@ -430,9 +430,9 @@
430
430
  }
431
431
  },
432
432
  "node_modules/@helia/utils/node_modules/cborg": {
433
- "version": "5.1.3",
434
- "resolved": "https://registry.npmjs.org/cborg/-/cborg-5.1.3.tgz",
435
- "integrity": "sha512-DddFYcafyPlnoF33ezbrh3jXT8QnuTQiy/LEL4xoMVH60WIBQbLwb2npNquSM0WouEMvl5xTJ1Y8iECaMdh3gg==",
433
+ "version": "5.1.4",
434
+ "resolved": "https://registry.npmjs.org/cborg/-/cborg-5.1.4.tgz",
435
+ "integrity": "sha512-EDoD59RBV51H5ar6i29ut7AyOJi0BUIEhtbnJJac3qYcMG74Db6eVce/dIh+Wh6tVwBi7cRWDXmdms+fKPQvcQ==",
436
436
  "license": "Apache-2.0",
437
437
  "bin": {
438
438
  "cborg": "lib/bin.js"
@@ -461,9 +461,9 @@
461
461
  }
462
462
  },
463
463
  "node_modules/@ipld/dag-cbor/node_modules/cborg": {
464
- "version": "5.1.3",
465
- "resolved": "https://registry.npmjs.org/cborg/-/cborg-5.1.3.tgz",
466
- "integrity": "sha512-DddFYcafyPlnoF33ezbrh3jXT8QnuTQiy/LEL4xoMVH60WIBQbLwb2npNquSM0WouEMvl5xTJ1Y8iECaMdh3gg==",
464
+ "version": "5.1.4",
465
+ "resolved": "https://registry.npmjs.org/cborg/-/cborg-5.1.4.tgz",
466
+ "integrity": "sha512-EDoD59RBV51H5ar6i29ut7AyOJi0BUIEhtbnJJac3qYcMG74Db6eVce/dIh+Wh6tVwBi7cRWDXmdms+fKPQvcQ==",
467
467
  "license": "Apache-2.0",
468
468
  "bin": {
469
469
  "cborg": "lib/bin.js"
@@ -480,9 +480,9 @@
480
480
  }
481
481
  },
482
482
  "node_modules/@ipld/dag-json/node_modules/cborg": {
483
- "version": "5.1.3",
484
- "resolved": "https://registry.npmjs.org/cborg/-/cborg-5.1.3.tgz",
485
- "integrity": "sha512-DddFYcafyPlnoF33ezbrh3jXT8QnuTQiy/LEL4xoMVH60WIBQbLwb2npNquSM0WouEMvl5xTJ1Y8iECaMdh3gg==",
483
+ "version": "5.1.4",
484
+ "resolved": "https://registry.npmjs.org/cborg/-/cborg-5.1.4.tgz",
485
+ "integrity": "sha512-EDoD59RBV51H5ar6i29ut7AyOJi0BUIEhtbnJJac3qYcMG74Db6eVce/dIh+Wh6tVwBi7cRWDXmdms+fKPQvcQ==",
486
486
  "license": "Apache-2.0",
487
487
  "bin": {
488
488
  "cborg": "lib/bin.js"
@@ -502,9 +502,9 @@
502
502
  }
503
503
  },
504
504
  "node_modules/@ipld/dag-pb/node_modules/multiformats": {
505
- "version": "14.0.0",
506
- "resolved": "https://registry.npmjs.org/multiformats/-/multiformats-14.0.0.tgz",
507
- "integrity": "sha512-iWK1RrAS58p2NDfeZFuSUSv3ZPewTIhsGbh/5NgeGGJwJmRljLxGtjRR3nkn+loG3zl+IrfR/W1590QnrSK+Gg==",
505
+ "version": "14.0.2",
506
+ "resolved": "https://registry.npmjs.org/multiformats/-/multiformats-14.0.2.tgz",
507
+ "integrity": "sha512-sF7F3gBKCyehzIhDwVuTRf79TZ8qWRz5NXwWYBX+4a+n22KcFqqcDYJvZr7tySrI0MhuTBXVOlo3qMTiAHC78g==",
508
508
  "license": "Apache-2.0 OR MIT"
509
509
  },
510
510
  "node_modules/@ipshipyard/libp2p-auto-tls": {
@@ -741,9 +741,9 @@
741
741
  }
742
742
  },
743
743
  "node_modules/@libp2p/http-utils/node_modules/multiformats": {
744
- "version": "14.0.0",
745
- "resolved": "https://registry.npmjs.org/multiformats/-/multiformats-14.0.0.tgz",
746
- "integrity": "sha512-iWK1RrAS58p2NDfeZFuSUSv3ZPewTIhsGbh/5NgeGGJwJmRljLxGtjRR3nkn+loG3zl+IrfR/W1590QnrSK+Gg==",
744
+ "version": "14.0.2",
745
+ "resolved": "https://registry.npmjs.org/multiformats/-/multiformats-14.0.2.tgz",
746
+ "integrity": "sha512-sF7F3gBKCyehzIhDwVuTRf79TZ8qWRz5NXwWYBX+4a+n22KcFqqcDYJvZr7tySrI0MhuTBXVOlo3qMTiAHC78g==",
747
747
  "license": "Apache-2.0 OR MIT"
748
748
  },
749
749
  "node_modules/@libp2p/http-utils/node_modules/uint8arraylist": {
@@ -783,9 +783,9 @@
783
783
  }
784
784
  },
785
785
  "node_modules/@libp2p/http-websocket/node_modules/multiformats": {
786
- "version": "14.0.0",
787
- "resolved": "https://registry.npmjs.org/multiformats/-/multiformats-14.0.0.tgz",
788
- "integrity": "sha512-iWK1RrAS58p2NDfeZFuSUSv3ZPewTIhsGbh/5NgeGGJwJmRljLxGtjRR3nkn+loG3zl+IrfR/W1590QnrSK+Gg==",
786
+ "version": "14.0.2",
787
+ "resolved": "https://registry.npmjs.org/multiformats/-/multiformats-14.0.2.tgz",
788
+ "integrity": "sha512-sF7F3gBKCyehzIhDwVuTRf79TZ8qWRz5NXwWYBX+4a+n22KcFqqcDYJvZr7tySrI0MhuTBXVOlo3qMTiAHC78g==",
789
789
  "license": "Apache-2.0 OR MIT"
790
790
  },
791
791
  "node_modules/@libp2p/http-websocket/node_modules/uint8arraylist": {
@@ -1021,9 +1021,9 @@
1021
1021
  }
1022
1022
  },
1023
1023
  "node_modules/@libp2p/peer-record/node_modules/multiformats": {
1024
- "version": "14.0.0",
1025
- "resolved": "https://registry.npmjs.org/multiformats/-/multiformats-14.0.0.tgz",
1026
- "integrity": "sha512-iWK1RrAS58p2NDfeZFuSUSv3ZPewTIhsGbh/5NgeGGJwJmRljLxGtjRR3nkn+loG3zl+IrfR/W1590QnrSK+Gg==",
1024
+ "version": "14.0.2",
1025
+ "resolved": "https://registry.npmjs.org/multiformats/-/multiformats-14.0.2.tgz",
1026
+ "integrity": "sha512-sF7F3gBKCyehzIhDwVuTRf79TZ8qWRz5NXwWYBX+4a+n22KcFqqcDYJvZr7tySrI0MhuTBXVOlo3qMTiAHC78g==",
1027
1027
  "license": "Apache-2.0 OR MIT"
1028
1028
  },
1029
1029
  "node_modules/@libp2p/peer-record/node_modules/protons-runtime": {
@@ -1131,9 +1131,9 @@
1131
1131
  }
1132
1132
  },
1133
1133
  "node_modules/@libp2p/record/node_modules/multiformats": {
1134
- "version": "14.0.0",
1135
- "resolved": "https://registry.npmjs.org/multiformats/-/multiformats-14.0.0.tgz",
1136
- "integrity": "sha512-iWK1RrAS58p2NDfeZFuSUSv3ZPewTIhsGbh/5NgeGGJwJmRljLxGtjRR3nkn+loG3zl+IrfR/W1590QnrSK+Gg==",
1134
+ "version": "14.0.2",
1135
+ "resolved": "https://registry.npmjs.org/multiformats/-/multiformats-14.0.2.tgz",
1136
+ "integrity": "sha512-sF7F3gBKCyehzIhDwVuTRf79TZ8qWRz5NXwWYBX+4a+n22KcFqqcDYJvZr7tySrI0MhuTBXVOlo3qMTiAHC78g==",
1137
1137
  "license": "Apache-2.0 OR MIT"
1138
1138
  },
1139
1139
  "node_modules/@libp2p/record/node_modules/protons-runtime": {
@@ -1368,9 +1368,9 @@
1368
1368
  }
1369
1369
  },
1370
1370
  "node_modules/@libp2p/webrtc/node_modules/multiformats": {
1371
- "version": "14.0.0",
1372
- "resolved": "https://registry.npmjs.org/multiformats/-/multiformats-14.0.0.tgz",
1373
- "integrity": "sha512-iWK1RrAS58p2NDfeZFuSUSv3ZPewTIhsGbh/5NgeGGJwJmRljLxGtjRR3nkn+loG3zl+IrfR/W1590QnrSK+Gg==",
1371
+ "version": "14.0.2",
1372
+ "resolved": "https://registry.npmjs.org/multiformats/-/multiformats-14.0.2.tgz",
1373
+ "integrity": "sha512-sF7F3gBKCyehzIhDwVuTRf79TZ8qWRz5NXwWYBX+4a+n22KcFqqcDYJvZr7tySrI0MhuTBXVOlo3qMTiAHC78g==",
1374
1374
  "license": "Apache-2.0 OR MIT"
1375
1375
  },
1376
1376
  "node_modules/@libp2p/webrtc/node_modules/node-datachannel": {
@@ -1495,9 +1495,9 @@
1495
1495
  }
1496
1496
  },
1497
1497
  "node_modules/@multiformats/dns": {
1498
- "version": "1.0.13",
1499
- "resolved": "https://registry.npmjs.org/@multiformats/dns/-/dns-1.0.13.tgz",
1500
- "integrity": "sha512-yr4bxtA3MbvJ+2461kYIYMsiiZj/FIqKI64hE4SdvWJUdWF9EtZLar38juf20Sf5tguXKFUruluswAO6JsjS2w==",
1498
+ "version": "1.0.14",
1499
+ "resolved": "https://registry.npmjs.org/@multiformats/dns/-/dns-1.0.14.tgz",
1500
+ "integrity": "sha512-5h8q+baKBsV4nW7rCREbJBpGNP8Lcn443illiZs5eWNBd+fXCt+mRGGIL7UNF7y8HD8mtciIYKJwCMbJBvsZMA==",
1501
1501
  "license": "Apache-2.0 OR MIT",
1502
1502
  "dependencies": {
1503
1503
  "@dnsquery/dns-packet": "^6.1.1",
@@ -1505,7 +1505,22 @@
1505
1505
  "hashlru": "^2.3.0",
1506
1506
  "p-queue": "^9.0.0",
1507
1507
  "progress-events": "^1.0.0",
1508
- "uint8arrays": "^5.0.2"
1508
+ "uint8arrays": "^6.1.1"
1509
+ }
1510
+ },
1511
+ "node_modules/@multiformats/dns/node_modules/multiformats": {
1512
+ "version": "14.0.2",
1513
+ "resolved": "https://registry.npmjs.org/multiformats/-/multiformats-14.0.2.tgz",
1514
+ "integrity": "sha512-sF7F3gBKCyehzIhDwVuTRf79TZ8qWRz5NXwWYBX+4a+n22KcFqqcDYJvZr7tySrI0MhuTBXVOlo3qMTiAHC78g==",
1515
+ "license": "Apache-2.0 OR MIT"
1516
+ },
1517
+ "node_modules/@multiformats/dns/node_modules/uint8arrays": {
1518
+ "version": "6.1.1",
1519
+ "resolved": "https://registry.npmjs.org/uint8arrays/-/uint8arrays-6.1.1.tgz",
1520
+ "integrity": "sha512-iz7JN0XCSZYA111lhFG2Ui9EhFvTNekqSRHw3lvMHq+dzwWy1OQftxFQREEh4rffU0oSoXdQHsk2TiHKVm4fsA==",
1521
+ "license": "Apache-2.0 OR MIT",
1522
+ "dependencies": {
1523
+ "multiformats": "^14.0.0"
1509
1524
  }
1510
1525
  },
1511
1526
  "node_modules/@multiformats/multiaddr": {
@@ -1539,9 +1554,9 @@
1539
1554
  }
1540
1555
  },
1541
1556
  "node_modules/@multiformats/multiaddr/node_modules/multiformats": {
1542
- "version": "14.0.0",
1543
- "resolved": "https://registry.npmjs.org/multiformats/-/multiformats-14.0.0.tgz",
1544
- "integrity": "sha512-iWK1RrAS58p2NDfeZFuSUSv3ZPewTIhsGbh/5NgeGGJwJmRljLxGtjRR3nkn+loG3zl+IrfR/W1590QnrSK+Gg==",
1557
+ "version": "14.0.2",
1558
+ "resolved": "https://registry.npmjs.org/multiformats/-/multiformats-14.0.2.tgz",
1559
+ "integrity": "sha512-sF7F3gBKCyehzIhDwVuTRf79TZ8qWRz5NXwWYBX+4a+n22KcFqqcDYJvZr7tySrI0MhuTBXVOlo3qMTiAHC78g==",
1545
1560
  "license": "Apache-2.0 OR MIT"
1546
1561
  },
1547
1562
  "node_modules/@multiformats/multiaddr/node_modules/uint8-varint": {
@@ -1586,9 +1601,9 @@
1586
1601
  }
1587
1602
  },
1588
1603
  "node_modules/@multiformats/murmur3/node_modules/multiformats": {
1589
- "version": "14.0.0",
1590
- "resolved": "https://registry.npmjs.org/multiformats/-/multiformats-14.0.0.tgz",
1591
- "integrity": "sha512-iWK1RrAS58p2NDfeZFuSUSv3ZPewTIhsGbh/5NgeGGJwJmRljLxGtjRR3nkn+loG3zl+IrfR/W1590QnrSK+Gg==",
1604
+ "version": "14.0.2",
1605
+ "resolved": "https://registry.npmjs.org/multiformats/-/multiformats-14.0.2.tgz",
1606
+ "integrity": "sha512-sF7F3gBKCyehzIhDwVuTRf79TZ8qWRz5NXwWYBX+4a+n22KcFqqcDYJvZr7tySrI0MhuTBXVOlo3qMTiAHC78g==",
1592
1607
  "license": "Apache-2.0 OR MIT"
1593
1608
  },
1594
1609
  "node_modules/@multiformats/uri-to-multiaddr": {
@@ -2085,9 +2100,9 @@
2085
2100
  }
2086
2101
  },
2087
2102
  "node_modules/@types/node": {
2088
- "version": "26.0.0",
2089
- "resolved": "https://registry.npmjs.org/@types/node/-/node-26.0.0.tgz",
2090
- "integrity": "sha512-vf2YFi1iY9lHGwNJMs01biZFbKJkrZR1T6/MlzjhJLPdntOHLhTrDSnSVcdtvjihi4VQNlrFRIxLsDBlQpAipA==",
2103
+ "version": "26.0.1",
2104
+ "resolved": "https://registry.npmjs.org/@types/node/-/node-26.0.1.tgz",
2105
+ "integrity": "sha512-fc3KiUoBt6kie0N9bIW3E47vZsuaMf0PM2AaUpLCLT0s/LvX1nxAim6Fc049cNxODPpGm6qRAuUOB86SkRuPQw==",
2091
2106
  "license": "MIT",
2092
2107
  "dependencies": {
2093
2108
  "undici-types": "~8.3.0"
@@ -3858,9 +3873,9 @@
3858
3873
  }
3859
3874
  },
3860
3875
  "node_modules/hamt-sharding/node_modules/multiformats": {
3861
- "version": "14.0.0",
3862
- "resolved": "https://registry.npmjs.org/multiformats/-/multiformats-14.0.0.tgz",
3863
- "integrity": "sha512-iWK1RrAS58p2NDfeZFuSUSv3ZPewTIhsGbh/5NgeGGJwJmRljLxGtjRR3nkn+loG3zl+IrfR/W1590QnrSK+Gg==",
3876
+ "version": "14.0.2",
3877
+ "resolved": "https://registry.npmjs.org/multiformats/-/multiformats-14.0.2.tgz",
3878
+ "integrity": "sha512-sF7F3gBKCyehzIhDwVuTRf79TZ8qWRz5NXwWYBX+4a+n22KcFqqcDYJvZr7tySrI0MhuTBXVOlo3qMTiAHC78g==",
3864
3879
  "license": "Apache-2.0 OR MIT"
3865
3880
  },
3866
3881
  "node_modules/hamt-sharding/node_modules/uint8arrays": {
@@ -4232,9 +4247,9 @@
4232
4247
  }
4233
4248
  },
4234
4249
  "node_modules/ipns/node_modules/cborg": {
4235
- "version": "5.1.3",
4236
- "resolved": "https://registry.npmjs.org/cborg/-/cborg-5.1.3.tgz",
4237
- "integrity": "sha512-DddFYcafyPlnoF33ezbrh3jXT8QnuTQiy/LEL4xoMVH60WIBQbLwb2npNquSM0WouEMvl5xTJ1Y8iECaMdh3gg==",
4250
+ "version": "5.1.4",
4251
+ "resolved": "https://registry.npmjs.org/cborg/-/cborg-5.1.4.tgz",
4252
+ "integrity": "sha512-EDoD59RBV51H5ar6i29ut7AyOJi0BUIEhtbnJJac3qYcMG74Db6eVce/dIh+Wh6tVwBi7cRWDXmdms+fKPQvcQ==",
4238
4253
  "license": "Apache-2.0",
4239
4254
  "bin": {
4240
4255
  "cborg": "lib/bin.js"
@@ -4624,9 +4639,9 @@
4624
4639
  }
4625
4640
  },
4626
4641
  "node_modules/it-protobuf-stream/node_modules/multiformats": {
4627
- "version": "14.0.0",
4628
- "resolved": "https://registry.npmjs.org/multiformats/-/multiformats-14.0.0.tgz",
4629
- "integrity": "sha512-iWK1RrAS58p2NDfeZFuSUSv3ZPewTIhsGbh/5NgeGGJwJmRljLxGtjRR3nkn+loG3zl+IrfR/W1590QnrSK+Gg==",
4642
+ "version": "14.0.2",
4643
+ "resolved": "https://registry.npmjs.org/multiformats/-/multiformats-14.0.2.tgz",
4644
+ "integrity": "sha512-sF7F3gBKCyehzIhDwVuTRf79TZ8qWRz5NXwWYBX+4a+n22KcFqqcDYJvZr7tySrI0MhuTBXVOlo3qMTiAHC78g==",
4630
4645
  "license": "Apache-2.0 OR MIT"
4631
4646
  },
4632
4647
  "node_modules/it-protobuf-stream/node_modules/uint8arraylist": {
@@ -5184,9 +5199,9 @@
5184
5199
  "license": "Apache-2.0 OR MIT"
5185
5200
  },
5186
5201
  "node_modules/nanoid": {
5187
- "version": "5.1.15",
5188
- "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-5.1.15.tgz",
5189
- "integrity": "sha512-kBg3RpGtIe+RpTbyXwoI6pk5yD7KUiI3sygUqgeBMRst42KmhB4RZC7eiO9Wa1HIpaCCtpE2DJ6OI4Wi5ebwFw==",
5202
+ "version": "5.1.16",
5203
+ "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-5.1.16.tgz",
5204
+ "integrity": "sha512-kVrnsrJqMR8+oLJnGEmSWw9BivK5mt7H3FZatVRjrc5wGqFYuBxX1yG7+A7Gi5AefkX6t/oCkizcQgpu0cY1dQ==",
5190
5205
  "funding": [
5191
5206
  {
5192
5207
  "type": "github",
@@ -6009,12 +6024,13 @@
6009
6024
  }
6010
6025
  },
6011
6026
  "node_modules/qs": {
6012
- "version": "6.15.2",
6013
- "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.2.tgz",
6014
- "integrity": "sha512-Rzq0KEyX/w/tEybncDgdkZrJgVUsUMk3xjh3t5bv3S1HTAtg+uOYt72+ZfwiQwKdysThkTBdL/rTi6HDmX9Ddw==",
6027
+ "version": "6.15.3",
6028
+ "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.3.tgz",
6029
+ "integrity": "sha512-O9gl3zCl5h5blw1KGUzQKhA5oUXSl8rwUIM5o0S3nCXMliSvy5Dzx7/DJcI+SwgICv+IneSZwhBh1oSyEHA71A==",
6015
6030
  "license": "BSD-3-Clause",
6016
6031
  "dependencies": {
6017
- "side-channel": "^1.1.0"
6032
+ "es-define-property": "^1.0.1",
6033
+ "side-channel": "^1.1.1"
6018
6034
  },
6019
6035
  "engines": {
6020
6036
  "node": ">=0.6"