patchwork-os 0.2.0-beta.1 → 0.2.0-beta.3

package/dist/drivers/gemini/index.js

@@ -1,5 +1,5 @@
 import { spawn } from "node:child_process";
-import { chmodSync, existsSync, readFileSync, writeFileSync } from "node:fs";
+import { chmodSync, existsSync, readFileSync, unlinkSync, writeFileSync, } from "node:fs";
 import { homedir } from "node:os";
 import { isAbsolute, join, resolve } from "node:path";
 import { sanitizeEnv } from "../claude/envSanitizer.js";
@@ -21,27 +21,99 @@ export class GeminiSubprocessDriver {
     log;
     bridgeMcp;
     name = "gemini";
+    /**
+     * Process-wide serialization for `~/.gemini/settings.json` mutation. Two
+     * concurrent `run()` invocations would otherwise race:
+     *
+     *   A reads file (originalContent = X)
+     *   A writes A's-token
+     *   B reads file (originalContent = A's-token)   ← B captures wrong baseline
+     *   B writes B's-token
+     *   A's child starts, reads settings — sees B's-token (uses wrong creds)
+     *   A finishes, restores to X (wipes B's token mid-flight)
+     *   B's child reads settings — sees X (no MCP config)
+     *   B finishes, restores to A's-token (token leaks past run)
+     *
+     * The settings file is global to ~/.gemini/, so per-call isolation requires
+     * either Gemini-CLI's `--settings <path>` (not universal across versions)
+     * or a strict mutex across the whole run() lifetime. We take the mutex
+     * approach — Gemini subprocess runs are slow (seconds-to-minutes) and the
+     * operator-driven concurrency level is already low, so the throughput
+     * cost is acceptable for cross-version correctness.
+     */
+    static settingsMutex = Promise.resolve();
     constructor(binary, log, bridgeMcp) {
         this.binary = binary;
         this.log = log;
         this.bridgeMcp = bridgeMcp;
     }
     async run(input) {
+        // Resolve bridgeMcp ONCE per run() and pass the result down. The
+        // closure may be cheap today, but calling it twice (once at the lock
+        // gate, once inside _runLocked) opens a TOCTOU window: if the value
+        // ever flips falsy→truthy between the two calls, the gate skips the
+        // mutex but _runLocked writes settings.json without a lock.
+        const mcp = this.bridgeMcp?.();
+        if (mcp) {
+            // If we're going to mutate ~/.gemini/settings.json, wait for any prior
+            // Gemini run holding the same file to finish first.
+            const prior = GeminiSubprocessDriver.settingsMutex;
+            let releaseLock;
+            const ourLock = new Promise((resolve) => {
+                releaseLock = resolve;
+            });
+            GeminiSubprocessDriver.settingsMutex = ourLock;
+            try {
+                await prior;
+                return await this._runLocked(input, mcp);
+            }
+            finally {
+                releaseLock();
+            }
+        }
+        // No mcp injection → no settings file write → no mutex needed.
+        return this._runLocked(input, undefined);
+    }
+    async _runLocked(input, mcp) {
         const opts = input.providerOptions ?? {};
         const approvalMode = typeof opts.approvalMode === "string" ? opts.approvalMode : "yolo";
         // Inject bridge MCP into ~/.gemini/settings.json before spawning so the
-        // subprocess can call bridge tools. Gemini CLI reads settings.json at startup.
-        const mcp = this.bridgeMcp?.();
+        // subprocess can call bridge tools. Gemini CLI reads settings.json at
+        // startup. We snapshot whatever was there before (or remember "absent")
+        // and restore it in a finally block at the end of run() — the bearer
+        // token must NOT outlive this single invocation in a shared-home file.
+        //
+        // URL is rewritten to 127.0.0.1:<port> for the spawned subprocess: the
+        // bridge may be bound 0.0.0.0 with a public --issuer-url, but the local
+        // child should always dial loopback so neither the URL nor the token
+        // ever leave this machine.
+        let settingsCleanup = null;
         if (mcp) {
             const settingsFile = join(homedir(), ".gemini", "settings.json");
             try {
+                let originalContent = null;
                 let settings = {};
                 if (existsSync(settingsFile)) {
-                    settings = JSON.parse(readFileSync(settingsFile, "utf-8"));
+                    originalContent = readFileSync(settingsFile, "utf-8");
+                    settings = JSON.parse(originalContent);
                 }
                 const mcpServers = (settings.mcpServers ?? {});
+                const previousBridgeEntry = Object.hasOwn(mcpServers, "claude-ide-bridge")
+                    ? mcpServers["claude-ide-bridge"]
+                    : undefined;
+                const localUrl = (() => {
+                    try {
+                        const u = new URL(mcp.url);
+                        // Force loopback — keeps token off the wire even if bridge bound 0.0.0.0
+                        u.hostname = "127.0.0.1";
+                        return u.toString();
+                    }
+                    catch {
+                        return mcp.url;
+                    }
+                })();
                 mcpServers["claude-ide-bridge"] = {
-                    url: mcp.url,
+                    url: localUrl,
                     headers: { Authorization: `Bearer ${mcp.authToken}` },
                 };
                 settings.mcpServers = mcpServers;
@@ -49,159 +121,198 @@ export class GeminiSubprocessDriver {
                     mode: 0o600,
                 });
                 chmodSync(settingsFile, 0o600);
+                // Schedule restoration. If the original file existed, write back its
+                // exact bytes; if the bridge entry was absent, remove the key. If the
+                // file did not exist before, delete it. Best-effort; logged on failure.
+                settingsCleanup = () => {
+                    try {
+                        if (originalContent === null) {
+                            // File was created by us — try to remove. Tolerate ENOENT.
+                            try {
+                                unlinkSync(settingsFile);
+                            }
+                            catch {
+                                /* ignore */
+                            }
+                            return;
+                        }
+                        const parsed = JSON.parse(originalContent);
+                        if (previousBridgeEntry === undefined) {
+                            const restoredServers = (parsed.mcpServers ?? {});
+                            if (Object.hasOwn(restoredServers, "claude-ide-bridge")) {
+                                delete restoredServers["claude-ide-bridge"];
+                            }
+                            parsed.mcpServers = restoredServers;
+                        }
+                        writeFileSync(settingsFile, JSON.stringify(parsed, null, 2), {
+                            mode: 0o600,
+                        });
+                        chmodSync(settingsFile, 0o600);
+                    }
+                    catch (err) {
+                        this.log(`[GeminiSubprocessDriver] WARN: could not restore ~/.gemini/settings.json: ${err instanceof Error ? err.message : String(err)}`);
+                    }
+                };
             }
             catch (err) {
                 this.log(`[GeminiSubprocessDriver] WARN: could not update ~/.gemini/settings.json: ${err instanceof Error ? err.message : String(err)}`);
             }
         }
-        const args = [
-            "-p",
-            input.prompt,
-            "--output-format",
-            "stream-json",
-            "--approval-mode",
-            approvalMode,
-        ];
-        if (input.model)
-            args.push("-m", input.model);
-        // contextFiles: pass as --include-directories; normalize relative paths against workspace
-        for (const f of input.contextFiles ?? []) {
-            if (typeof f === "string" && f.length > 0 && !f.startsWith("-")) {
-                const abs = isAbsolute(f) ? f : resolve(input.workspace, f);
-                args.push("--include-directories", abs);
-            }
-        }
-        // Strip MCP_* and CLAUDECODE vars; preserve GEMINI_API_KEY + GOOGLE_* vars
-        const env = sanitizeEnv(process.env);
-        // Also strip Claude-specific auth vars that could confuse Gemini
-        for (const key of Object.keys(env)) {
-            if (key.startsWith("ANTHROPIC_") || key === "CLAUDE_API_KEY") {
-                delete env[key];
-            }
-        }
-        this.log(`[GeminiSubprocessDriver] spawning: ${this.binary} -p <prompt> (workspace: ${input.workspace})`);
-        const child = spawn(this.binary, args, {
-            cwd: homedir(),
-            env,
-            signal: input.signal,
-            stdio: ["ignore", "pipe", "pipe"],
-        });
-        // unref() so the bridge can exit without waiting for the subprocess,
-        // but keep detached=false so the subprocess dies cleanly with the bridge
-        // rather than getting SIGPIPE when the pipe closes mid-run.
-        child.unref();
-        let lineBuf = "";
-        let accumulated = "";
-        let outputBytesSent = 0;
-        let firstAssistantAt;
-        let doneFromResult = false;
-        let resultSuccess = true;
-        child.stdout.setEncoding("utf-8");
-        child.stdout.on("data", (chunk) => {
-            const { lines, remainder } = splitLines(lineBuf, chunk);
-            lineBuf = remainder;
-            for (const line of lines) {
-                if (line.trim() === "")
-                    continue;
-                let event;
-                try {
-                    event = JSON.parse(line);
+        try {
+            const args = [
+                "-p",
+                input.prompt,
+                "--output-format",
+                "stream-json",
+                "--approval-mode",
+                approvalMode,
+            ];
+            if (input.model)
+                args.push("-m", input.model);
+            // contextFiles: pass as --include-directories; normalize relative paths against workspace
+            for (const f of input.contextFiles ?? []) {
+                if (typeof f === "string" && f.length > 0 && !f.startsWith("-")) {
+                    const abs = isAbsolute(f) ? f : resolve(input.workspace, f);
+                    args.push("--include-directories", abs);
                 }
-                catch {
-                    // Non-JSON stderr/warning lines — skip (Gemini prints "YOLO mode..." to stdout)
-                    continue;
+            }
+            // Strip MCP_* and CLAUDECODE vars; preserve GEMINI_API_KEY + GOOGLE_* vars
+            const env = sanitizeEnv(process.env);
+            // Also strip Claude-specific auth vars that could confuse Gemini
+            for (const key of Object.keys(env)) {
+                if (key.startsWith("ANTHROPIC_") || key === "CLAUDE_API_KEY") {
+                    delete env[key];
                 }
-                if (event.type === "message" &&
-                    event.role === "assistant" &&
-                    event.content) {
-                    if (firstAssistantAt === undefined)
-                        firstAssistantAt = Date.now();
-                    const text = event.content;
-                    accumulated += text;
-                    if (outputBytesSent < OUTPUT_CAP) {
-                        const send = text.slice(0, OUTPUT_CAP - outputBytesSent);
-                        if (send.length > 0) {
-                            input.onChunk?.(send);
-                            outputBytesSent += send.length;
+            }
+            this.log(`[GeminiSubprocessDriver] spawning: ${this.binary} -p <prompt> (workspace: ${input.workspace})`);
+            const child = spawn(this.binary, args, {
+                cwd: homedir(),
+                env,
+                signal: input.signal,
+                stdio: ["ignore", "pipe", "pipe"],
+            });
+            // unref() so the bridge can exit without waiting for the subprocess,
+            // but keep detached=false so the subprocess dies cleanly with the bridge
+            // rather than getting SIGPIPE when the pipe closes mid-run.
+            child.unref();
+            let lineBuf = "";
+            let accumulated = "";
+            let outputBytesSent = 0;
+            let firstAssistantAt;
+            let doneFromResult = false;
+            let resultSuccess = true;
+            child.stdout.setEncoding("utf-8");
+            child.stdout.on("data", (chunk) => {
+                const { lines, remainder } = splitLines(lineBuf, chunk);
+                lineBuf = remainder;
+                for (const line of lines) {
+                    if (line.trim() === "")
+                        continue;
+                    let event;
+                    try {
+                        event = JSON.parse(line);
+                    }
+                    catch {
+                        // Non-JSON stderr/warning lines — skip (Gemini prints "YOLO mode..." to stdout)
+                        continue;
+                    }
+                    if (event.type === "message" &&
+                        event.role === "assistant" &&
+                        event.content) {
+                        if (firstAssistantAt === undefined)
+                            firstAssistantAt = Date.now();
+                        const text = event.content;
+                        accumulated += text;
+                        if (outputBytesSent < OUTPUT_CAP) {
+                            const send = text.slice(0, OUTPUT_CAP - outputBytesSent);
+                            if (send.length > 0) {
+                                input.onChunk?.(send);
+                                outputBytesSent += send.length;
+                            }
                         }
                     }
+                    else if (event.type === "result") {
+                        doneFromResult = true;
+                        resultSuccess = event.status === "success";
+                    }
                 }
-                else if (event.type === "result") {
-                    doneFromResult = true;
-                    resultSuccess = event.status === "success";
+            });
+            let stderr = "";
+            child.stderr.setEncoding("utf-8");
+            child.stderr.on("data", (chunk) => {
+                if (stderr.length < OUTPUT_CAP) {
+                    stderr += chunk;
+                    if (stderr.length > OUTPUT_CAP)
+                        stderr = stderr.slice(0, OUTPUT_CAP);
                 }
+            });
+            const start = Date.now();
+            const stderrTailOf = (s) => s.length > 0 ? scrubSecrets(s.slice(-2048)) : undefined;
+            const startupMsOf = () => firstAssistantAt !== undefined ? firstAssistantAt - start : undefined;
+            let startupTimedOut = false;
+            const startupHandle = input.startupTimeoutMs
+                ? setTimeout(() => {
+                    if (firstAssistantAt === undefined && !doneFromResult) {
+                        startupTimedOut = true;
+                        child.kill();
+                    }
+                }, input.startupTimeoutMs)
+                : null;
+            let exitCode;
+            try {
+                exitCode = await new Promise((resolve, reject) => {
+                    child.on("close", (code) => resolve(code ?? 0));
+                    child.on("error", reject);
+                });
             }
-        });
-        let stderr = "";
-        child.stderr.setEncoding("utf-8");
-        child.stderr.on("data", (chunk) => {
-            if (stderr.length < OUTPUT_CAP) {
-                stderr += chunk;
-                if (stderr.length > OUTPUT_CAP)
-                    stderr = stderr.slice(0, OUTPUT_CAP);
-            }
-        });
-        const start = Date.now();
-        const stderrTailOf = (s) => s.length > 0 ? scrubSecrets(s.slice(-2048)) : undefined;
-        const startupMsOf = () => firstAssistantAt !== undefined ? firstAssistantAt - start : undefined;
-        let startupTimedOut = false;
-        const startupHandle = input.startupTimeoutMs
-            ? setTimeout(() => {
-                if (firstAssistantAt === undefined && !doneFromResult) {
-                    startupTimedOut = true;
-                    child.kill();
+            catch (err) {
+                if (startupHandle)
+                    clearTimeout(startupHandle);
+                const isAbort = (err instanceof Error && err.name === "AbortError") ||
+                    input.signal.aborted;
+                if (isAbort) {
+                    return {
+                        text: accumulated.slice(0, OUTPUT_CAP),
+                        durationMs: Date.now() - start,
+                        wasAborted: true,
+                        startupMs: startupMsOf(),
+                        stderrTail: stderrTailOf(stderr),
+                    };
                 }
-            }, input.startupTimeoutMs)
-            : null;
-        let exitCode;
-        try {
-            exitCode = await new Promise((resolve, reject) => {
-                child.on("close", (code) => resolve(code ?? 0));
-                child.on("error", reject);
-            });
-        }
-        catch (err) {
+                throw err;
+            }
             if (startupHandle)
                 clearTimeout(startupHandle);
-            const isAbort = (err instanceof Error && err.name === "AbortError") ||
-                input.signal.aborted;
-            if (isAbort) {
+            if (startupTimedOut) {
                 return {
                     text: accumulated.slice(0, OUTPUT_CAP),
                     durationMs: Date.now() - start,
                     wasAborted: true,
-                    startupMs: startupMsOf(),
+                    startupTimedOut: true,
                     stderrTail: stderrTailOf(stderr),
                 };
             }
-            throw err;
-        }
-        if (startupHandle)
-            clearTimeout(startupHandle);
-        if (startupTimedOut) {
+            const effectiveExitCode = doneFromResult
+                ? resultSuccess
+                    ? 0
+                    : 1
+                : exitCode;
+            if (effectiveExitCode !== 0 && stderr) {
+                this.log(`[GeminiSubprocessDriver] stderr: ${stderr.slice(0, 500)}`);
+            }
             return {
                 text: accumulated.slice(0, OUTPUT_CAP),
+                exitCode: effectiveExitCode,
                 durationMs: Date.now() - start,
-                wasAborted: true,
-                startupTimedOut: true,
                 stderrTail: stderrTailOf(stderr),
+                startupMs: startupMsOf(),
             };
         }
-        const effectiveExitCode = doneFromResult
-            ? resultSuccess
-                ? 0
-                : 1
-            : exitCode;
-        if (effectiveExitCode !== 0 && stderr) {
-            this.log(`[GeminiSubprocessDriver] stderr: ${stderr.slice(0, 500)}`);
+        finally {
+            // Always restore ~/.gemini/settings.json — bridge bearer token must
+            // not survive in this shared-home file past one invocation.
+            settingsCleanup?.();
         }
-        return {
-            text: accumulated.slice(0, OUTPUT_CAP),
-            exitCode: effectiveExitCode,
-            durationMs: Date.now() - start,
-            stderrTail: stderrTailOf(stderr),
-            startupMs: startupMsOf(),
-        };
     }
     async runOutcome(input) {
         return toProviderTaskOutcome(await this.run(input));

package/dist/drivers/gemini/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/drivers/gemini/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAMvD,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAEpD,MAAM,UAAU,GAAG,EAAE,GAAG,IAAI,CAAC;AAmB7B,SAAS,YAAY,CAAC,IAAY;IAChC,OAAO,IAAI;SACR,OAAO,CAAC,wBAAwB,EAAE,oBAAoB,CAAC;SACvD,OAAO,CAAC,gCAAgC,EAAE,mBAAmB,CAAC,CAAC;AACpE,CAAC;AAED;;;;GAIG;AACH,MAAM,OAAO,sBAAsB;IAId;IACA;IACA;IALV,IAAI,GAAG,QAAQ,CAAC;IAEzB,YACmB,MAAc,EACd,GAA0B,EAC1B,SAEJ;QAJI,WAAM,GAAN,MAAM,CAAQ;QACd,QAAG,GAAH,GAAG,CAAuB;QAC1B,cAAS,GAAT,SAAS,CAEb;IACZ,CAAC;IAEJ,KAAK,CAAC,GAAG,CAAC,KAAwB;QAChC,MAAM,IAAI,GAAG,KAAK,CAAC,eAAe,IAAI,EAAE,CAAC;QACzC,MAAM,YAAY,GAChB,OAAO,IAAI,CAAC,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC;QAErE,wEAAwE;QACxE,+EAA+E;QAC/E,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC;QAC/B,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;YACjE,IAAI,CAAC;gBACH,IAAI,QAAQ,GAA4B,EAAE,CAAC;gBAC3C,IAAI,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;oBAC7B,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAGxD,CAAC;gBACJ,CAAC;gBACD,MAAM,UAAU,GAAG,CAAC,QAAQ,CAAC,UAAU,IAAI,EAAE,CAG5C,CAAC;gBACF,UAAU,CAAC,mBAAmB,CAAC,GAAG;oBAChC,GAAG,EAAE,GAAG,CAAC,GAAG;oBACZ,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,GAAG,CAAC,SAAS,EAAE,EAAE;iBACtD,CAAC;gBACF,QAAQ,CAAC,UAAU,GAAG,UAAU,CAAC;gBACjC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;oBAC7D,IAAI,EAAE,KAAK;iBACZ,CAAC,CAAC;gBACH,SAAS,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;YACjC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,GAAG,CACN,4EAA4E,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAC/H,CAAC;YACJ,CAAC;QACH,CAAC;QAED,MAAM,IAAI,GAAG;YACX,IAAI;YACJ,KAAK,CAAC,MAAM;YACZ,iBAAiB;YACjB,aAAa;YACb,iBAAiB;YACjB,YAAY;SACb,CAAC;QACF,IAAI,KAAK,CAAC,KAAK;YAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QAC9C,0FAA0F;QAC1F,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,YAAY,IAAI,EAAE,EAAE,CAAC;YACzC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChE,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;gBAC5D,IAAI,CAAC,IAAI,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;QAED,2EAA2E;QAC3E,MAAM,GAAG,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACrC,iEAAiE;QACjE,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACnC,IAAI,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,GAAG,KAAK,gBAAgB,EAAE,CAAC;gBAC7D,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;QAED,IAAI,CAAC,GAAG,CACN,sCAAsC,IAAI,CAAC,MAAM,4BAA4B,KAAK,CAAC,SAAS,GAAG,CAChG,CAAC;QAEF,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE;YACrC,GAAG,EAAE,OAAO,EAAE;YACd,GAAG;YACH,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;SAClC,CAAC,CAAC;QACH,qEAAqE;QACrE,yEAAyE;QACzE,4DAA4D;QAC5D,KAAK,CAAC,KAAK,EAAE,CAAC;QAEd,IAAI,OAAO,GAAG,EAAE,CAAC;QACjB,IAAI,WAAW,GAAG,EAAE,CAAC;QACrB,IAAI,eAAe,GAAG,CAAC,CAAC;QACxB,IAAI,gBAAoC,CAAC;QACzC,IAAI,cAAc,GAAG,KAAK,CAAC;QAC3B,IAAI,aAAa,GAAG,IAAI,CAAC;QAEzB,KAAK,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAClC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACxC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,UAAU,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YACxD,OAAO,GAAG,SAAS,CAAC;YAEpB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE;oBAAE,SAAS;gBACjC,IAAI,KAAkB,CAAC;gBACvB,IAAI,CAAC;oBACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAgB,CAAC;gBAC1C,CAAC;gBAAC,MAAM,CAAC;oBACP,gFAAgF;oBAChF,SAAS;gBACX,CAAC;gBAED,IACE,KAAK,CAAC,IAAI,KAAK,SAAS;oBACxB,KAAK,CAAC,IAAI,KAAK,WAAW;oBAC1B,KAAK,CAAC,OAAO,EACb,CAAC;oBACD,IAAI,gBAAgB,KAAK,SAAS;wBAAE,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;oBAClE,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC;oBAC3B,WAAW,IAAI,IAAI,CAAC;oBACpB,IAAI,eAAe,GAAG,UAAU,EAAE,CAAC;wBACjC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,GAAG,eAAe,CAAC,CAAC;wBACzD,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;4BACpB,KAAK,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,CAAC;4BACtB,eAAe,IAAI,IAAI,CAAC,MAAM,CAAC;wBACjC,CAAC;oBACH,CAAC;gBACH,CAAC;qBAAM,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBACnC,cAAc,GAAG,IAAI,CAAC;oBACtB,aAAa,GAAG,KAAK,CAAC,MAAM,KAAK,SAAS,CAAC;gBAC7C,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,KAAK,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAClC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACxC,IAAI,MAAM,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;gBAC/B,MAAM,IAAI,KAAK,CAAC;gBAChB,IAAI,MAAM,CAAC,MAAM,GAAG,UAAU;oBAAE,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;YACvE,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,MAAM,YAAY,GAAG,CAAC,CAAS,EAAsB,EAAE,CACrD,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAC1D,MAAM,WAAW,GAAG,GAAuB,EAAE,CAC3C,gBAAgB,KAAK,SAAS,CAAC,CAAC,CAAC,gBAAgB,GAAG,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAExE,IAAI,eAAe,GAAG,KAAK,CAAC;QAC5B,MAAM,aAAa,GAAG,KAAK,CAAC,gBAAgB;YAC1C,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE;gBACd,IAAI,gBAAgB,KAAK,SAAS,IAAI,CAAC,cAAc,EAAE,CAAC;oBACtD,eAAe,GAAG,IAAI,CAAC;oBACvB,KAAK,CAAC,IAAI,EAAE,CAAC;gBACf,CAAC;YACH,CAAC,EAAE,KAAK,CAAC,gBAAgB,CAAC;YAC5B,CAAC,CAAC,IAAI,CAAC;QAET,IAAI,QAAgB,CAAC;QACrB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACvD,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC;gBAChD,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC5B,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,aAAa;gBAAE,YAAY,CAAC,aAAa,CAAC,CAAC;YAC/C,MAAM,OAAO,GACX,CAAC,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,CAAC;gBACnD,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC;YACvB,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO;oBACL,IAAI,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC;oBACtC,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;oBAC9B,UAAU,EAAE,IAAI;oBAChB,SAAS,EAAE,WAAW,EAAE;oBACxB,UAAU,EAAE,YAAY,CAAC,MAAM,CAAC;iBACjC,CAAC;YACJ,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;QACD,IAAI,aAAa;YAAE,YAAY,CAAC,aAAa,CAAC,CAAC;QAE/C,IAAI,eAAe,EAAE,CAAC;YACpB,OAAO;gBACL,IAAI,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC;gBACtC,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;gBAC9B,UAAU,EAAE,IAAI;gBAChB,eAAe,EAAE,IAAI;gBACrB,UAAU,EAAE,YAAY,CAAC,MAAM,CAAC;aACjC,CAAC;QACJ,CAAC;QAED,MAAM,iBAAiB,GAAG,cAAc;YACtC,CAAC,CAAC,aAAa;gBACb,CAAC,CAAC,CAAC;gBACH,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,QAAQ,CAAC;QACb,IAAI,iBAAiB,KAAK,CAAC,IAAI,MAAM,EAAE,CAAC;YACtC,IAAI,CAAC,GAAG,CAAC,oCAAoC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;QACvE,CAAC;QAED,OAAO;YACL,IAAI,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC;YACtC,QAAQ,EAAE,iBAAiB;YAC3B,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;YAC9B,UAAU,EAAE,YAAY,CAAC,MAAM,CAAC;YAChC,SAAS,EAAE,WAAW,EAAE;SACzB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,KAAwB;QACvC,OAAO,qBAAqB,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;IACtD,CAAC;CACF"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/drivers/gemini/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EACL,SAAS,EACT,UAAU,EACV,YAAY,EACZ,UAAU,EACV,aAAa,GACd,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAMvD,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAEpD,MAAM,UAAU,GAAG,EAAE,GAAG,IAAI,CAAC;AAmB7B,SAAS,YAAY,CAAC,IAAY;IAChC,OAAO,IAAI;SACR,OAAO,CAAC,wBAAwB,EAAE,oBAAoB,CAAC;SACvD,OAAO,CAAC,gCAAgC,EAAE,mBAAmB,CAAC,CAAC;AACpE,CAAC;AAED;;;;GAIG;AACH,MAAM,OAAO,sBAAsB;IA0Bd;IACA;IACA;IA3BV,IAAI,GAAG,QAAQ,CAAC;IAEzB;;;;;;;;;;;;;;;;;;;OAmBG;IACK,MAAM,CAAC,aAAa,GAAkB,OAAO,CAAC,OAAO,EAAE,CAAC;IAEhE,YACmB,MAAc,EACd,GAA0B,EAC1B,SAEJ;QAJI,WAAM,GAAN,MAAM,CAAQ;QACd,QAAG,GAAH,GAAG,CAAuB;QAC1B,cAAS,GAAT,SAAS,CAEb;IACZ,CAAC;IAEJ,KAAK,CAAC,GAAG,CAAC,KAAwB;QAChC,iEAAiE;QACjE,qEAAqE;QACrE,oEAAoE;QACpE,oEAAoE;QACpE,4DAA4D;QAC5D,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC;QAC/B,IAAI,GAAG,EAAE,CAAC;YACR,uEAAuE;YACvE,oDAAoD;YACpD,MAAM,KAAK,GAAG,sBAAsB,CAAC,aAAa,CAAC;YACnD,IAAI,WAAwB,CAAC;YAC7B,MAAM,OAAO,GAAG,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;gBAC5C,WAAW,GAAG,OAAO,CAAC;YACxB,CAAC,CAAC,CAAC;YACH,sBAAsB,CAAC,aAAa,GAAG,OAAO,CAAC;YAC/C,IAAI,CAAC;gBACH,MAAM,KAAK,CAAC;gBACZ,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC3C,CAAC;oBAAS,CAAC;gBACT,WAAW,EAAE,CAAC;YAChB,CAAC;QACH,CAAC;QACD,+DAA+D;QAC/D,OAAO,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IAC3C,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,KAAwB,EACxB,GAAmD;QAEnD,MAAM,IAAI,GAAG,KAAK,CAAC,eAAe,IAAI,EAAE,CAAC;QACzC,MAAM,YAAY,GAChB,OAAO,IAAI,CAAC,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC;QAErE,wEAAwE;QACxE,sEAAsE;QACtE,wEAAwE;QACxE,qEAAqE;QACrE,uEAAuE;QACvE,EAAE;QACF,uEAAuE;QACvE,wEAAwE;QACxE,qEAAqE;QACrE,2BAA2B;QAC3B,IAAI,eAAe,GAAwB,IAAI,CAAC;QAChD,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;YACjE,IAAI,CAAC;gBACH,IAAI,eAAe,GAAkB,IAAI,CAAC;gBAC1C,IAAI,QAAQ,GAA4B,EAAE,CAAC;gBAC3C,IAAI,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;oBAC7B,eAAe,GAAG,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;oBACtD,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAA4B,CAAC;gBACpE,CAAC;gBACD,MAAM,UAAU,GAAG,CAAC,QAAQ,CAAC,UAAU,IAAI,EAAE,CAG5C,CAAC;gBACF,MAAM,mBAAmB,GAAG,MAAM,CAAC,MAAM,CACvC,UAAU,EACV,mBAAmB,CACpB;oBACC,CAAC,CAAC,UAAU,CAAC,mBAAmB,CAAC;oBACjC,CAAC,CAAC,SAAS,CAAC;gBACd,MAAM,QAAQ,GAAG,CAAC,GAAG,EAAE;oBACrB,IAAI,CAAC;wBACH,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;wBAC3B,yEAAyE;wBACzE,CAAC,CAAC,QAAQ,GAAG,WAAW,CAAC;wBACzB,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;oBACtB,CAAC;oBAAC,MAAM,CAAC;wBACP,OAAO,GAAG,CAAC,GAAG,CAAC;oBACjB,CAAC;gBACH,CAAC,CAAC,EAAE,CAAC;gBACL,UAAU,CAAC,mBAAmB,CAAC,GAAG;oBAChC,GAAG,EAAE,QAAQ;oBACb,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,GAAG,CAAC,SAAS,EAAE,EAAE;iBACtD,CAAC;gBACF,QAAQ,CAAC,UAAU,GAAG,UAAU,CAAC;gBACjC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;oBAC7D,IAAI,EAAE,KAAK;iBACZ,CAAC,CAAC;gBACH,SAAS,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;gBAC/B,qEAAqE;gBACrE,sEAAsE;gBACtE,wEAAwE;gBACxE,eAAe,GAAG,GAAG,EAAE;oBACrB,IAAI,CAAC;wBACH,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;4BAC7B,2DAA2D;4BAC3D,IAAI,CAAC;gCACH,UAAU,CAAC,YAAY,CAAC,CAAC;4BAC3B,CAAC;4BAAC,MAAM,CAAC;gCACP,YAAY;4BACd,CAAC;4BACD,OAAO;wBACT,CAAC;wBACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAGxC,CAAC;wBACF,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;4BACtC,MAAM,eAAe,GAAG,CAAC,MAAM,CAAC,UAAU,IAAI,EAAE,CAG/C,CAAC;4BACF,IAAI,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,mBAAmB,CAAC,EAAE,CAAC;gCACxD,OAAO,eAAe,CAAC,mBAAmB,CAAC,CAAC;4BAC9C,CAAC;4BACD,MAAM,CAAC,UAAU,GAAG,eAAe,CAAC;wBACtC,CAAC;wBACD,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;4BAC3D,IAAI,EAAE,KAAK;yBACZ,CAAC,CAAC;wBACH,SAAS,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;oBACjC,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,IAAI,CAAC,GAAG,CACN,6EAA6E,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAChI,CAAC;oBACJ,CAAC;gBACH,CAAC,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,GAAG,CACN,4EAA4E,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAC/H,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,GAAG;gBACX,IAAI;gBACJ,KAAK,CAAC,MAAM;gBACZ,iBAAiB;gBACjB,aAAa;gBACb,iBAAiB;gBACjB,YAAY;aACb,CAAC;YACF,IAAI,KAAK,CAAC,KAAK;gBAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YAC9C,0FAA0F;YAC1F,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,YAAY,IAAI,EAAE,EAAE,CAAC;gBACzC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;oBAChE,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;oBAC5D,IAAI,CAAC,IAAI,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAC;gBAC1C,CAAC;YACH,CAAC;YAED,2EAA2E;YAC3E,MAAM,GAAG,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACrC,iEAAiE;YACjE,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnC,IAAI,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,GAAG,KAAK,gBAAgB,EAAE,CAAC;oBAC7D,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC;YAED,IAAI,CAAC,GAAG,CACN,sCAAsC,IAAI,CAAC,MAAM,4BAA4B,KAAK,CAAC,SAAS,GAAG,CAChG,CAAC;YAEF,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE;gBACrC,GAAG,EAAE,OAAO,EAAE;gBACd,GAAG;gBACH,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;aAClC,CAAC,CAAC;YACH,qEAAqE;YACrE,yEAAyE;YACzE,4DAA4D;YAC5D,KAAK,CAAC,KAAK,EAAE,CAAC;YAEd,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,IAAI,WAAW,GAAG,EAAE,CAAC;YACrB,IAAI,eAAe,GAAG,CAAC,CAAC;YACxB,IAAI,gBAAoC,CAAC;YACzC,IAAI,cAAc,GAAG,KAAK,CAAC;YAC3B,IAAI,aAAa,GAAG,IAAI,CAAC;YAEzB,KAAK,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YAClC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;gBACxC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,UAAU,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;gBACxD,OAAO,GAAG,SAAS,CAAC;gBAEpB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBACzB,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE;wBAAE,SAAS;oBACjC,IAAI,KAAkB,CAAC;oBACvB,IAAI,CAAC;wBACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAgB,CAAC;oBAC1C,CAAC;oBAAC,MAAM,CAAC;wBACP,gFAAgF;wBAChF,SAAS;oBACX,CAAC;oBAED,IACE,KAAK,CAAC,IAAI,KAAK,SAAS;wBACxB,KAAK,CAAC,IAAI,KAAK,WAAW;wBAC1B,KAAK,CAAC,OAAO,EACb,CAAC;wBACD,IAAI,gBAAgB,KAAK,SAAS;4BAAE,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;wBAClE,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC;wBAC3B,WAAW,IAAI,IAAI,CAAC;wBACpB,IAAI,eAAe,GAAG,UAAU,EAAE,CAAC;4BACjC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,GAAG,eAAe,CAAC,CAAC;4BACzD,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gCACpB,KAAK,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,CAAC;gCACtB,eAAe,IAAI,IAAI,CAAC,MAAM,CAAC;4BACjC,CAAC;wBACH,CAAC;oBACH,CAAC;yBAAM,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;wBACnC,cAAc,GAAG,IAAI,CAAC;wBACtB,aAAa,GAAG,KAAK,CAAC,MAAM,KAAK,SAAS,CAAC;oBAC7C,CAAC;gBACH,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,KAAK,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YAClC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;gBACxC,IAAI,MAAM,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;oBAC/B,MAAM,IAAI,KAAK,CAAC;oBAChB,IAAI,MAAM,CAAC,MAAM,GAAG,UAAU;wBAAE,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;gBACvE,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACzB,MAAM,YAAY,GAAG,CAAC,CAAS,EAAsB,EAAE,CACrD,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,MAAM,WAAW,GAAG,GAAuB,EAAE,CAC3C,gBAAgB,KAAK,SAAS,CAAC,CAAC,CAAC,gBAAgB,GAAG,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAExE,IAAI,eAAe,GAAG,KAAK,CAAC;YAC5B,MAAM,aAAa,GAAG,KAAK,CAAC,gBAAgB;gBAC1C,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE;oBACd,IAAI,gBAAgB,KAAK,SAAS,IAAI,CAAC,cAAc,EAAE,CAAC;wBACtD,eAAe,GAAG,IAAI,CAAC;wBACvB,KAAK,CAAC,IAAI,EAAE,CAAC;oBACf,CAAC;gBACH,CAAC,EAAE,KAAK,CAAC,gBAAgB,CAAC;gBAC5B,CAAC,CAAC,IAAI,CAAC;YAET,IAAI,QAAgB,CAAC;YACrB,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;oBACvD,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC;oBAChD,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;gBAC5B,CAAC,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,aAAa;oBAAE,YAAY,CAAC,aAAa,CAAC,CAAC;gBAC/C,MAAM,OAAO,GACX,CAAC,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,CAAC;oBACnD,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC;gBACvB,IAAI,OAAO,EAAE,CAAC;oBACZ,OAAO;wBACL,IAAI,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC;wBACtC,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;wBAC9B,UAAU,EAAE,IAAI;wBAChB,SAAS,EAAE,WAAW,EAAE;wBACxB,UAAU,EAAE,YAAY,CAAC,MAAM,CAAC;qBACjC,CAAC;gBACJ,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;YACD,IAAI,aAAa;gBAAE,YAAY,CAAC,aAAa,CAAC,CAAC;YAE/C,IAAI,eAAe,EAAE,CAAC;gBACpB,OAAO;oBACL,IAAI,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC;oBACtC,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;oBAC9B,UAAU,EAAE,IAAI;oBAChB,eAAe,EAAE,IAAI;oBACrB,UAAU,EAAE,YAAY,CAAC,MAAM,CAAC;iBACjC,CAAC;YACJ,CAAC;YAED,MAAM,iBAAiB,GAAG,cAAc;gBACtC,CAAC,CAAC,aAAa;oBACb,CAAC,CAAC,CAAC;oBACH,CAAC,CAAC,CAAC;gBACL,CAAC,CAAC,QAAQ,CAAC;YACb,IAAI,iBAAiB,KAAK,CAAC,IAAI,MAAM,EAAE,CAAC;gBACtC,IAAI,CAAC,GAAG,CAAC,oCAAoC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YACvE,CAAC;YAED,OAAO;gBACL,IAAI,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC;gBACtC,QAAQ,EAAE,iBAAiB;gBAC3B,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;gBAC9B,UAAU,EAAE,YAAY,CAAC,MAAM,CAAC;gBAChC,SAAS,EAAE,WAAW,EAAE;aACzB,CAAC;QACJ,CAAC;gBAAS,CAAC;YACT,oEAAoE;YACpE,4DAA4D;YAC5D,eAAe,EAAE,EAAE,CAAC;QACtB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,KAAwB;QACvC,OAAO,qBAAqB,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;IACtD,CAAC"}

package/dist/drivers/local/index.d.ts

@@ -1,4 +1,21 @@
 import { OpenAIApiDriver } from "../openai/index.js";
+/**
+ * Reject any LOCAL_ENDPOINT that doesn't resolve to loopback or RFC1918
+ * private space. The local driver streams the user prompt + context-file
+ * paths to whatever URL is set; if a malicious recipe (or a user pasting
+ * a phishy "free local LLM" link) sets `LOCAL_ENDPOINT=https://attacker/v1`,
+ * everything the local driver receives gets exfiltrated.
+ *
+ * Rule: hostname must be one of
+ *   - localhost / 127.0.0.1 / ::1
+ *   - RFC1918 private space (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
+ *   - link-local (169.254.0.0/16, fe80::/10)
+ *   - .local mDNS / .lan / .home / .internal suffixes
+ *
+ * To opt out (e.g. authorized remote inference cluster), the operator can
+ * set LOCAL_ENDPOINT_ALLOW_REMOTE=1 — explicit override, audited via env.
+ */
+export declare function isLoopbackOrPrivateEndpoint(rawUrl: string): boolean;
 /**
  * Local LLM driver — Ollama, LM Studio, vLLM, llama.cpp server, and most
  * other self-hosted runtimes expose an OpenAI-compatible chat-completions

package/dist/drivers/local/index.js

@@ -1,4 +1,96 @@
 import { OpenAIApiDriver } from "../openai/index.js";
+/**
+ * Reject any LOCAL_ENDPOINT that doesn't resolve to loopback or RFC1918
+ * private space. The local driver streams the user prompt + context-file
+ * paths to whatever URL is set; if a malicious recipe (or a user pasting
+ * a phishy "free local LLM" link) sets `LOCAL_ENDPOINT=https://attacker/v1`,
+ * everything the local driver receives gets exfiltrated.
+ *
+ * Rule: hostname must be one of
+ *   - localhost / 127.0.0.1 / ::1
+ *   - RFC1918 private space (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
+ *   - link-local (169.254.0.0/16, fe80::/10)
+ *   - .local mDNS / .lan / .home / .internal suffixes
+ *
+ * To opt out (e.g. authorized remote inference cluster), the operator can
+ * set LOCAL_ENDPOINT_ALLOW_REMOTE=1 — explicit override, audited via env.
+ */
+export function isLoopbackOrPrivateEndpoint(rawUrl) {
+    let host;
+    let wasBracketed = false;
+    try {
+        host = new URL(rawUrl).hostname.toLowerCase();
+    }
+    catch {
+        return false;
+    }
+    if (!host)
+        return false;
+    // Strip IPv6 brackets if any
+    if (host.startsWith("[") && host.endsWith("]")) {
+        host = host.slice(1, -1);
+        wasBracketed = true;
+    }
+    if (host === "localhost" || host === "127.0.0.1" || host === "::1") {
+        return true;
+    }
+    // IPv4 RFC1918 + link-local + 127/8 (check first — strict literal match)
+    const v4 = host.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
+    if (v4) {
+        const a = Number(v4[1]);
+        const b = Number(v4[2]);
+        if (a === 10)
+            return true;
+        if (a === 127)
+            return true;
+        if (a === 169 && b === 254)
+            return true;
+        if (a === 172 && b >= 16 && b <= 31)
+            return true;
+        if (a === 192 && b === 168)
+            return true;
+        return false;
+    }
+    // IPv6 ranges — only when the input looked like an IPv6 literal (was
+    // bracketed in the URL, or matches an IPv6 syntactic shape). Without this
+    // gate, a hostname like `fc-services.example.com` or `fe8a-test` would
+    // match the legacy `startsWith("fc")` / `startsWith("fe8")` checks and
+    // bypass the validator. RFC3986 allows IPv6 literals only inside `[…]`,
+    // so requiring the brackets is the conservative path.
+    if (wasBracketed || /^[0-9a-f:]+$/.test(host)) {
+        if (host.startsWith("fe8") ||
+            host.startsWith("fe9") ||
+            host.startsWith("fea") ||
+            host.startsWith("feb")) {
+            return true; // link-local fe80::/10
+        }
+        if (host.startsWith("fc") || host.startsWith("fd")) {
+            return true; // unique-local fc00::/7
+        }
+    }
+    // mDNS / common LAN suffixes — checked LAST and require a leading dot
+    // boundary so attacker-registered public domains like `evil.com.local`
+    // don't slip through (`.local` and `.lan` are not reserved TLDs at the
+    // DNS resolver level — only RFC6762 reserves them for mDNS, but public
+    // resolvers will happily look them up).
+    //
+    // The trade-off: a host literally named `printer.local` (single label
+    // before `.local`) is the legitimate mDNS form and matches; a host like
+    // `evil.com.local` (two-or-more labels before `.local`) is only the
+    // mDNS form by accident and is the bypass we're rejecting.
+    for (const suffix of [".local", ".lan", ".home", ".internal"]) {
+        if (host.endsWith(suffix)) {
+            const labels = host.split(".");
+            // 2 labels exactly: `<name>.local` — legitimate mDNS shape.
+            if (labels.length === 2)
+                return true;
+            // More labels: ambiguous — refuse by default. Operator can opt out
+            // via LOCAL_ENDPOINT_ALLOW_REMOTE for legitimate multi-label
+            // internal DNS zones (e.g. `service.team.internal`).
+        }
+    }
+    return false;
+}
 /**
  * Local LLM driver — Ollama, LM Studio, vLLM, llama.cpp server, and most
  * other self-hosted runtimes expose an OpenAI-compatible chat-completions
@@ -26,6 +118,13 @@ export class LocalApiDriver extends OpenAIApiDriver {
         if (!baseURL) {
             throw new Error("LocalApiDriver requires LOCAL_ENDPOINT environment variable (e.g. http://localhost:11434/v1)");
         }
+        if (process.env.LOCAL_ENDPOINT_ALLOW_REMOTE !== "1" &&
+            !isLoopbackOrPrivateEndpoint(baseURL)) {
+            throw new Error(`LocalApiDriver: LOCAL_ENDPOINT="${baseURL}" is not loopback or private. ` +
+                `The local driver streams prompts + context to this URL — a public host ` +
+                `would exfiltrate them. Set LOCAL_ENDPOINT_ALLOW_REMOTE=1 to override ` +
+                `(only for audited internal inference clusters).`);
+        }
         super(log, {
             baseURL,
             // Per-install default — caller can still override via input.model.

package/dist/drivers/local/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/drivers/local/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAErD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,OAAO,cAAe,SAAQ,eAAe;IAC/B,IAAI,GAAG,OAAO,CAAC;IAEjC,YAAY,GAA0B;QACpC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAC3C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CACb,8FAA8F,CAC/F,CAAC;QACJ,CAAC;QACD,KAAK,CAAC,GAAG,EAAE;YACT,OAAO;YACP,mEAAmE;YACnE,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,UAAU;SACpD,CAAC,CAAC;IACL,CAAC;IAEkB,MAAM;QACvB,mEAAmE;QACnE,6DAA6D;QAC7D,OAAO,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,QAAQ,CAAC;IAC/C,CAAC;CACF"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/drivers/local/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAErD;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,2BAA2B,CAAC,MAAc;IACxD,IAAI,IAAY,CAAC;IACjB,IAAI,YAAY,GAAG,KAAK,CAAC;IACzB,IAAI,CAAC;QACH,IAAI,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IACxB,6BAA6B;IAC7B,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACzB,YAAY,GAAG,IAAI,CAAC;IACtB,CAAC;IACD,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;QACnE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,yEAAyE;IACzE,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;IACtE,IAAI,EAAE,EAAE,CAAC;QACP,MAAM,CAAC,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,CAAC,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,CAAC,KAAK,EAAE;YAAE,OAAO,IAAI,CAAC;QAC1B,IAAI,CAAC,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QAC3B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QACxC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;YAAE,OAAO,IAAI,CAAC;QACjD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QACxC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,qEAAqE;IACrE,0EAA0E;IAC1E,uEAAuE;IACvE,uEAAuE;IACvE,wEAAwE;IACxE,sDAAsD;IACtD,IAAI,YAAY,IAAI,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9C,IACE,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;YACtB,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;YACtB,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;YACtB,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EACtB,CAAC;YACD,OAAO,IAAI,CAAC,CAAC,uBAAuB;QACtC,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,OAAO,IAAI,CAAC,CAAC,wBAAwB;QACvC,CAAC;IACH,CAAC;IACD,sEAAsE;IACtE,uEAAuE;IACvE,uEAAuE;IACvE,uEAAuE;IACvE,wCAAwC;IACxC,EAAE;IACF,sEAAsE;IACtE,wEAAwE;IACxE,oEAAoE;IACpE,2DAA2D;IAC3D,KAAK,MAAM,MAAM,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,CAAC,EAAE,CAAC;QAC9D,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC/B,4DAA4D;YAC5D,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC;YACrC,mEAAmE;YACnE,6DAA6D;YAC7D,qDAAqD;QACvD,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,OAAO,cAAe,SAAQ,eAAe;IAC/B,IAAI,GAAG,OAAO,CAAC;IAEjC,YAAY,GAA0B;QACpC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAC3C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CACb,8FAA8F,CAC/F,CAAC;QACJ,CAAC;QACD,IACE,OAAO,CAAC,GAAG,CAAC,2BAA2B,KAAK,GAAG;YAC/C,CAAC,2BAA2B,CAAC,OAAO,CAAC,EACrC,CAAC;YACD,MAAM,IAAI,KAAK,CACb,mCAAmC,OAAO,gCAAgC;gBACxE,yEAAyE;gBACzE,uEAAuE;gBACvE,iDAAiD,CACpD,CAAC;QACJ,CAAC;QACD,KAAK,CAAC,GAAG,EAAE;YACT,OAAO;YACP,mEAAmE;YACnE,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,UAAU;SACpD,CAAC,CAAC;IACL,CAAC;IAEkB,MAAM;QACvB,mEAAmE;QACnE,6DAA6D;QAC7D,OAAO,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,QAAQ,CAAC;IAC/C,CAAC;CACF"}