poe-code 3.0.231 → 3.0.233

package/dist/providers/poe-agent.js

@@ -19077,7 +19077,7 @@ var init_agent_host = __esm({
   }
 });
 
-// packages/mcp-oauth/dist/resource-indicator.js
+// packages/mcp-oauth/src/resource-indicator.ts
 function canonicalizeResourceIndicator(value) {
   let url;
   try {
@@ -19089,12 +19089,12 @@ function canonicalizeResourceIndicator(value) {
   return url.toString();
 }
 var init_resource_indicator = __esm({
-  "packages/mcp-oauth/dist/resource-indicator.js"() {
+  "packages/mcp-oauth/src/resource-indicator.ts"() {
     "use strict";
   }
 });
 
-// packages/mcp-oauth/dist/client/auth-store-session-store.js
+// packages/mcp-oauth/src/client/auth-store-session-store.ts
 import crypto from "node:crypto";
 import path17 from "node:path";
 function createAuthStoreSessionStore(options = {}) {
@@ -19162,24 +19162,32 @@ function createNamedSecretStore(key2, options, defaults) {
   return createSecretStore({ ...options, fileStore, keychainStore }).store;
 }
 function createResourceSecretStore(resource, options) {
-  return createNamedSecretStore(canonicalizeResourceIndicator(resource), options, {
-    salt: DEFAULT_FILE_SALT,
-    directory: DEFAULT_FILE_DIRECTORY,
-    service: DEFAULT_KEYCHAIN_SERVICE,
-    accountPrefix: "provider"
-  });
+  return createNamedSecretStore(
+    canonicalizeResourceIndicator(resource),
+    options,
+    {
+      salt: DEFAULT_FILE_SALT,
+      directory: DEFAULT_FILE_DIRECTORY,
+      service: DEFAULT_KEYCHAIN_SERVICE,
+      accountPrefix: "provider"
+    }
+  );
 }
 function createIssuerSecretStore(issuer, options) {
-  return createNamedSecretStore(issuer, options, {
-    salt: DEFAULT_CLIENT_FILE_SALT,
-    directory: DEFAULT_CLIENT_FILE_DIRECTORY,
-    service: DEFAULT_CLIENT_KEYCHAIN_SERVICE,
-    accountPrefix: "issuer"
-  });
+  return createNamedSecretStore(
+    issuer,
+    options,
+    {
+      salt: DEFAULT_CLIENT_FILE_SALT,
+      directory: DEFAULT_CLIENT_FILE_DIRECTORY,
+      service: DEFAULT_CLIENT_KEYCHAIN_SERVICE,
+      accountPrefix: "issuer"
+    }
+  );
 }
 var DEFAULT_FILE_SALT, DEFAULT_FILE_DIRECTORY, DEFAULT_KEYCHAIN_SERVICE, DEFAULT_CLIENT_FILE_SALT, DEFAULT_CLIENT_FILE_DIRECTORY, DEFAULT_CLIENT_KEYCHAIN_SERVICE;
 var init_auth_store_session_store = __esm({
-  "packages/mcp-oauth/dist/client/auth-store-session-store.js"() {
+  "packages/mcp-oauth/src/client/auth-store-session-store.ts"() {
     "use strict";
     init_src8();
     init_resource_indicator();
@@ -19192,7 +19200,7 @@ var init_auth_store_session_store = __esm({
   }
 });
 
-// packages/mcp-oauth/dist/client/authorization-state.js
+// packages/mcp-oauth/src/client/authorization-state.ts
 import crypto2 from "node:crypto";
 function createAuthorizationState(input) {
   const payload = {
@@ -19222,12 +19230,12 @@ function parseAuthorizationState(value) {
   }
 }
 var init_authorization_state = __esm({
-  "packages/mcp-oauth/dist/client/authorization-state.js"() {
+  "packages/mcp-oauth/src/client/authorization-state.ts"() {
     "use strict";
   }
 });
 
-// packages/mcp-oauth/dist/client/loopback-authorization.js
+// packages/mcp-oauth/src/client/loopback-authorization.ts
 import http from "node:http";
 async function createLoopbackAuthorizationSession(options = {}) {
   const callbackPath = options.callbackPath ?? "/callback";
@@ -19420,13 +19428,13 @@ function buildSuccessPage(landingPage) {
   ].join("");
 }
 var init_loopback_authorization = __esm({
-  "packages/mcp-oauth/dist/client/loopback-authorization.js"() {
+  "packages/mcp-oauth/src/client/loopback-authorization.ts"() {
     "use strict";
     init_authorization_state();
   }
 });
 
-// packages/mcp-oauth/dist/client/pkce.js
+// packages/mcp-oauth/src/client/pkce.ts
 import crypto3 from "node:crypto";
 function generateCodeVerifier() {
   return crypto3.randomBytes(32).toString("base64url");
@@ -19435,12 +19443,12 @@ function generateCodeChallenge(verifier) {
   return crypto3.createHash("sha256").update(verifier).digest("base64url");
 }
 var init_pkce = __esm({
-  "packages/mcp-oauth/dist/client/pkce.js"() {
+  "packages/mcp-oauth/src/client/pkce.ts"() {
     "use strict";
   }
 });
 
-// packages/mcp-oauth/dist/client/token-endpoint.js
+// packages/mcp-oauth/src/client/token-endpoint.ts
 function isRetryableOAuthError(error2) {
   return error2 instanceof OAuthError && (error2.status >= 500 || error2.error === "server_error" || error2.error === "temporarily_unavailable");
 }
@@ -19552,7 +19560,7 @@ function normalizeBearerTokenType(value) {
 }
 var OAuthError;
 var init_token_endpoint = __esm({
-  "packages/mcp-oauth/dist/client/token-endpoint.js"() {
+  "packages/mcp-oauth/src/client/token-endpoint.ts"() {
     "use strict";
     init_resource_indicator();
     OAuthError = class extends Error {
@@ -19580,7 +19588,7 @@ var init_token_endpoint = __esm({
   }
 });
 
-// packages/mcp-oauth/dist/client/default-oauth-client-provider.js
+// packages/mcp-oauth/src/client/default-oauth-client-provider.ts
 import { URL as URL2 } from "node:url";
 function createOAuthClientProvider(options) {
   if (isProviderOptions(options)) {
@@ -19614,10 +19622,16 @@ function createDefaultOAuthClientProvider(options) {
         const resource = canonicalizeResourceIndicator(input.discovery.resource);
         assertRequestMatchesResource(requestUrl, resource);
         const forceRefresh = hasCachedAccessToken(await loadSession(resource)) && input.challenge?.params.error === "invalid_token";
-        const session = await ensureAuthorizedSession(resource, {
-          ...input.discovery,
-          resource
-        }, input.fetch, true, forceRefresh);
+        const session = await ensureAuthorizedSession(
+          resource,
+          {
+            ...input.discovery,
+            resource
+          },
+          input.fetch,
+          true,
+          forceRefresh
+        );
         if (session?.tokens?.accessToken === void 0) {
           return { action: "fail" };
         }
@@ -19683,7 +19697,11 @@ function createDefaultOAuthClientProvider(options) {
               await saveSession(resource, clearedSession);
               return clearedSession;
             }
-            if (shouldReRegisterStoredDynamicClient(error2, await loadRegisteredClient(discovery.authorizationServer), false)) {
+            if (shouldReRegisterStoredDynamicClient(
+              error2,
+              await loadRegisteredClient(discovery.authorizationServer),
+              false
+            )) {
               await clearRegisteredClient(discovery.authorizationServer);
               await clearSession(resource);
               return null;
@@ -19845,7 +19863,10 @@ function createDefaultOAuthClientProvider(options) {
         };
       }
     }
-    const registrationBody = buildClientRegistrationBody(getClientMetadata(options.client), redirectUri);
+    const registrationBody = buildClientRegistrationBody(
+      getClientMetadata(options.client),
+      redirectUri
+    );
     const response = await fetch2(registrationEndpoint, {
       method: "POST",
       headers: {
@@ -19984,7 +20005,9 @@ function buildAuthorizationUrl(input) {
 }
 function assertS256PkceSupport(metadata) {
   if (!metadata.code_challenge_methods_supported.includes("S256")) {
-    throw new Error("Authorization server metadata must advertise code_challenge_methods_supported including S256");
+    throw new Error(
+      "Authorization server metadata must advertise code_challenge_methods_supported including S256"
+    );
   }
 }
 function normalizeHostname(hostname2) {
@@ -20022,7 +20045,9 @@ function assertNoAccessTokenInUrl(value, label) {
 }
 function assertRequestMatchesResource(requestUrl, resource) {
   if (requestUrl !== resource) {
-    throw new Error(`OAuth request URL ${requestUrl} does not match discovered resource ${resource}`);
+    throw new Error(
+      `OAuth request URL ${requestUrl} does not match discovered resource ${resource}`
+    );
   }
 }
 function buildClientRegistrationBody(metadata, redirectUri) {
@@ -20066,7 +20091,7 @@ function shouldReRegisterStoredDynamicClient(error2, client, alreadyAttempted) {
   return true;
 }
 var init_default_oauth_client_provider = __esm({
-  "packages/mcp-oauth/dist/client/default-oauth-client-provider.js"() {
+  "packages/mcp-oauth/src/client/default-oauth-client-provider.ts"() {
     "use strict";
     init_auth_store_session_store();
     init_loopback_authorization();
@@ -20077,18 +20102,23 @@ var init_default_oauth_client_provider = __esm({
   }
 });
 
-// packages/mcp-oauth/dist/server/jwks-token-verifier.js
-import { decodeProtectedHeader, errors, importJWK, jwtVerify } from "jose";
+// packages/mcp-oauth/src/server/jwks-token-verifier.ts
+import {
+  decodeProtectedHeader,
+  errors,
+  importJWK,
+  jwtVerify
+} from "jose";
 var init_jwks_token_verifier = __esm({
-  "packages/mcp-oauth/dist/server/jwks-token-verifier.js"() {
+  "packages/mcp-oauth/src/server/jwks-token-verifier.ts"() {
     "use strict";
     init_resource_indicator();
   }
 });
 
-// packages/mcp-oauth/dist/index.js
-var init_dist = __esm({
-  "packages/mcp-oauth/dist/index.js"() {
+// packages/mcp-oauth/src/index.ts
+var init_src9 = __esm({
+  "packages/mcp-oauth/src/index.ts"() {
     "use strict";
     init_auth_store_session_store();
     init_default_oauth_client_provider();
@@ -20421,7 +20451,7 @@ var OAuthMetadataDiscovery;
 var init_oauth_discovery = __esm({
   "packages/tiny-mcp-client/src/oauth-discovery.ts"() {
     "use strict";
-    init_dist();
+    init_src9();
     OAuthMetadataDiscovery = class {
       fetchImpl;
       cache;
@@ -20732,10 +20762,10 @@ var MCP_PROTOCOL_VERSION, McpClient, ERROR_PARSE, ERROR_INVALID_REQUEST, ERROR_M
 var init_internal = __esm({
   "packages/tiny-mcp-client/src/internal.ts"() {
     "use strict";
-    init_dist();
+    init_src9();
     init_oauth_discovery();
     init_oauth_discovery();
-    init_dist();
+    init_src9();
     MCP_PROTOCOL_VERSION = "2025-03-26";
     McpClient = class {
       currentState = "disconnected";
@@ -22017,7 +22047,7 @@ var init_internal = __esm({
 });
 
 // packages/tiny-mcp-client/src/index.ts
-var init_src9 = __esm({
+var init_src10 = __esm({
   "packages/tiny-mcp-client/src/index.ts"() {
     "use strict";
     init_internal();
@@ -22088,7 +22118,7 @@ var DEFAULT_MCP_CLIENT_INFO, PluginApiImpl;
 var init_plugin_api_impl = __esm({
   "packages/poe-agent/src/runtime/plugin-api-impl.ts"() {
     "use strict";
-    init_src9();
+    init_src10();
     init_hooks();
     init_config2();
     init_tool_results();
@@ -24522,7 +24552,7 @@ var init_testing = __esm({
 });
 
 // packages/process-runner/src/index.ts
-var init_src10 = __esm({
+var init_src11 = __esm({
   "packages/process-runner/src/index.ts"() {
     "use strict";
     init_context();
@@ -24602,7 +24632,7 @@ var DEFAULT_ENDPOINT, USER_AGENT, AUTH_ERROR;
 var init_gh_issues_client = __esm({
   "packages/task-list/src/backends/gh-issues-client.ts"() {
     "use strict";
-    init_src10();
+    init_src11();
     DEFAULT_ENDPOINT = "https://api.github.com/graphql";
     USER_AGENT = "poe-code-task-list/0.0.1";
     AUTH_ERROR = "gh auth token failed; install gh, run 'gh auth login', or pass auth: { token }";
@@ -27526,7 +27556,7 @@ var init_gh_issues_sync = __esm({
 });
 
 // packages/task-list/src/index.ts
-var init_src11 = __esm({
+var init_src12 = __esm({
   "packages/task-list/src/index.ts"() {
     "use strict";
     init_open();
@@ -27653,7 +27683,7 @@ var PLAN_LIST_NAME, MARKDOWN_EXTENSION2;
 var init_plans = __esm({
   "packages/agent-harness-tools/src/plans.ts"() {
     "use strict";
-    init_src11();
+    init_src12();
     init_paths();
     PLAN_LIST_NAME = "plans";
     MARKDOWN_EXTENSION2 = ".md";
@@ -28682,12 +28712,12 @@ var init_skill_config = __esm({
 var init_workspace_transfer2 = __esm({
   "packages/agent-harness-tools/src/workspace-transfer.ts"() {
     "use strict";
-    init_src10();
+    init_src11();
   }
 });
 
 // packages/agent-harness-tools/src/index.ts
-var init_src12 = __esm({
+var init_src13 = __esm({
   "packages/agent-harness-tools/src/index.ts"() {
     "use strict";
     init_paths();
@@ -28974,7 +29004,7 @@ var JOB_DIR2;
 var init_job_handle = __esm({
   "packages/runner-e2b/src/job-handle.ts"() {
     "use strict";
-    init_src12();
+    init_src13();
     JOB_DIR2 = "/tmp/poe-jobs";
   }
 });
@@ -29363,7 +29393,7 @@ function isExitError(error2) {
 var init_opened_env = __esm({
   "packages/runner-e2b/src/opened-env.ts"() {
     "use strict";
-    init_src12();
+    init_src13();
     init_job_handle();
     init_sdk();
   }
@@ -29506,7 +29536,7 @@ var init_factory = __esm({
 
 // packages/runner-e2b/src/index.ts
 var e2bExecutionEnvFactory2;
-var init_src13 = __esm({
+var init_src14 = __esm({
   "packages/runner-e2b/src/index.ts"() {
     "use strict";
     init_factory();
@@ -29602,9 +29632,9 @@ function runHost(spawnProcess, spec10) {
 var init_register_factories = __esm({
   "packages/agent-spawn/src/register-factories.ts"() {
     "use strict";
-    init_src12();
-    init_src10();
     init_src13();
+    init_src11();
+    init_src14();
     registerExecutionEnvFactory(hostExecutionEnvFactory);
     registerExecutionEnvFactory(dockerExecutionEnvFactory);
     registerExecutionEnvFactory(e2bExecutionEnvFactory2);
@@ -30575,7 +30605,7 @@ var init_retry = __esm({
 var init_runtime3 = __esm({
   "packages/agent-spawn/src/runtime.ts"() {
     "use strict";
-    init_src12();
+    init_src13();
   }
 });
 
@@ -31342,13 +31372,14 @@ var init_bridge_active_skills = __esm({
 });
 
 // packages/agent-skill-config/src/index.ts
-var init_src14 = __esm({
+var init_src15 = __esm({
   "packages/agent-skill-config/src/index.ts"() {
     "use strict";
     init_configs2();
     init_apply();
     init_resolve_skill_reference();
     init_git_exclude();
+    init_git_exclude();
     init_bridge_active_skills();
   }
 });
@@ -32189,7 +32220,7 @@ var hookExcludeMarkerPrefix, bridgeStates, liveTransformOwners;
 var init_bridge_hooks = __esm({
   "packages/agent-hook-config/src/bridge-hooks.ts"() {
     "use strict";
-    init_src14();
+    init_src15();
     init_configs3();
     init_read_hooks();
     init_symlink_hooks();
@@ -32202,7 +32233,7 @@ var init_bridge_hooks = __esm({
 });
 
 // packages/agent-hook-config/src/index.ts
-var init_src15 = __esm({
+var init_src16 = __esm({
   "packages/agent-hook-config/src/index.ts"() {
     "use strict";
     init_configs3();
@@ -32262,8 +32293,8 @@ function cleanupResourcesForRun(manifest) {
 var init_skill_bridge = __esm({
   "packages/agent-spawn/src/skill-bridge.ts"() {
     "use strict";
-    init_src14();
     init_src15();
+    init_src16();
     init_src2();
   }
 });
@@ -33184,7 +33215,7 @@ var init_spawn = __esm({
   "packages/agent-spawn/src/acp/spawn.ts"() {
     "use strict";
     init_register_factories();
-    init_src12();
+    init_src13();
     init_adapters();
     init_meta();
     init_resolve_config();
@@ -33437,7 +33468,7 @@ var init_spawn2 = __esm({
   "packages/agent-spawn/src/spawn.ts"() {
     "use strict";
     init_register_factories();
-    init_src12();
+    init_src13();
     init_resolve_config();
     init_mcp_args();
     init_model_utils();
@@ -33469,7 +33500,7 @@ var init_spawn_interactive = __esm({
   "packages/agent-spawn/src/spawn-interactive.ts"() {
     "use strict";
     init_register_factories();
-    init_src12();
+    init_src13();
     init_resolve_config();
     init_mcp_args();
     init_model_utils();
@@ -33988,7 +34019,7 @@ var init_spawn_log = __esm({
 });
 
 // packages/agent-spawn/src/index.ts
-var init_src16 = __esm({
+var init_src17 = __esm({
   "packages/agent-spawn/src/index.ts"() {
     "use strict";
     init_register_factories();
@@ -34021,7 +34052,7 @@ var gitContext, poe_agent_plugin_git_context_default;
 var init_poe_agent_plugin_git_context = __esm({
   "packages/poe-agent/src/plugins/poe-agent-plugin-git-context.ts"() {
     "use strict";
-    init_src16();
+    init_src17();
     gitContext = (cwd) => ({
       name: "git-context",
       async prompt(ctx) {
@@ -34260,7 +34291,7 @@ __export(src_exports, {
   systemPromptPlugin: () => poe_agent_plugin_system_prompt_default,
   webPlugin: () => poe_agent_plugin_web_default
 });
-var init_src17 = __esm({
+var init_src18 = __esm({
   "packages/poe-agent/src/index.ts"() {
     "use strict";
     init_agent();
@@ -34474,7 +34505,7 @@ function createInstallRunner(definition) {
 // src/services/config.ts
 init_src4();
 init_src7();
-init_src17();
+init_src18();
 import path59 from "node:path";
 
 // packages/superintendent/src/document/parse.ts
@@ -34965,7 +34996,7 @@ function extractText(node) {
 }
 
 // packages/superintendent/src/runtime/loop.ts
-init_src12();
+init_src13();
 import path52 from "node:path";
 import * as fsPromises10 from "node:fs/promises";
 
@@ -34984,8 +35015,8 @@ function createLoopState(doc) {
 
 // packages/superintendent/src/runtime/agent-runner.ts
 init_register_factories();
-init_src12();
-init_src16();
+init_src13();
+init_src17();
 import { mkdirSync as mkdirSync6, openSync as openSync3, writeSync as writeSync2, closeSync as closeSync3 } from "node:fs";
 import path50 from "node:path";
 var injectedRunner;
@@ -37341,8 +37372,8 @@ import path54 from "node:path";
 import { readFile as readFile6, stat as stat3, lstat as lstat3, mkdir as mkdir5, writeFile as writeFile3, rename as rename2, unlink, readdir as readdir5, chmod as chmod2 } from "node:fs/promises";
 import { fileURLToPath as fileURLToPath5 } from "node:url";
 init_src7();
-init_src14();
-init_src12();
+init_src15();
+init_src13();
 var fs5 = {
   readFile: (p, encoding) => readFile6(p, encoding),
   writeFile: (p, content) => writeFile3(p, content),
@@ -37799,8 +37830,8 @@ function resolveAbsoluteDirectory2(dir, cwd, homeDir) {
 }
 
 // packages/superintendent/src/commands/run.ts
-init_src12();
-init_src16();
+init_src13();
+init_src17();
 init_src5();
 import path56 from "node:path";
 import * as fsPromises11 from "node:fs/promises";
@@ -37808,7 +37839,7 @@ import { spawn as nodeSpawn, spawnSync as nodeSpawnSync } from "node:child_proce
 
 // packages/superintendent/src/commands/poe-agent-runner.ts
 init_src5();
-init_src17();
+init_src18();
 async function executePoeAgent(agentSpec, input, createAgent = agent) {
   const { model } = parseAgentSpecifier(agentSpec);
   if (!model) {
@@ -42980,7 +43011,7 @@ import { randomUUID as randomUUID6 } from "node:crypto";
 import { constants as constants4 } from "node:fs";
 import { lstat as lstat9, mkdir as mkdir11, open as open5, readdir as readdir11, rename as rename8, rm, stat as stat9 } from "node:fs/promises";
 import { basename as basename4, dirname as dirname3, join as join3, relative as relative4, resolve as resolve5, sep as sep4 } from "node:path";
-init_src16();
+init_src17();
 var DEFAULT_CODE_REVIEW_INGEST_DIRECTORY = ".poe-code/code-review/ingest";
 var DEFAULT_CODE_REVIEW_PROFILES_DIRECTORY = ".poe-code/code-review/profiles";
 async function ingestCodeReviewProfile(input, dependencies = {}) {
@@ -43350,13 +43381,16 @@ function isMissingFileError5(error2) {
 }
 
 // packages/agent-code-review/src/mcp.ts
-init_src16();
+init_src17();
 
 // packages/toolcraft/src/mcp.ts
 import { access as access3, lstat as lstat12, readFile as readFile13, rename as rename11, unlink as unlink8, writeFile as writeFile10 } from "node:fs/promises";
 
 // packages/tiny-stdio-mcp-server/src/server.ts
 import * as readline2 from "readline";
+import AjvModule from "ajv";
+import uriTemplateParser from "uri-template";
+import UriTemplate from "uri-template-lite";
 
 // packages/tiny-stdio-mcp-server/src/types.ts
 var JSON_RPC_ERROR_CODES = Object.freeze({
@@ -43364,7 +43398,8 @@ var JSON_RPC_ERROR_CODES = Object.freeze({
   INVALID_REQUEST: -32600,
   METHOD_NOT_FOUND: -32601,
   INVALID_PARAMS: -32602,
-  INTERNAL_ERROR: -32603
+  INTERNAL_ERROR: -32603,
+  RESOURCE_NOT_FOUND: -32002
 });
 var ToolError = class extends Error {
   constructor(code, message2) {
@@ -43867,12 +43902,21 @@ var SUPPORTED_PROTOCOL_VERSIONS = /* @__PURE__ */ new Set([
   PROTOCOL_VERSION
 ]);
 function createServer(options) {
+  const Ajv = "default" in AjvModule ? AjvModule.default : AjvModule;
+  const jsonSchemaValidator = new Ajv({ strict: false });
+  const supportNotifications = options.supportNotifications !== false;
+  const supportResourceSubscriptions = options.supportResourceSubscriptions !== false;
   const tools = /* @__PURE__ */ new Map();
+  const prompts = /* @__PURE__ */ new Map();
+  const resources = /* @__PURE__ */ new Map();
+  const resourceTemplates = /* @__PURE__ */ new Map();
   const notificationListeners = /* @__PURE__ */ new Set();
   const connectionNotificationListeners = /* @__PURE__ */ new Map();
   const defaultLifecycle = {
     initialized: false,
-    initializeAccepted: false
+    initializeAccepted: false,
+    notificationReady: false,
+    resourceSubscriptions: /* @__PURE__ */ new Set()
   };
   const messageLifecycles = /* @__PURE__ */ new Set([defaultLifecycle]);
   const handleMessageWithLifecycle = async (method, lifecycle, params) => {
@@ -43882,12 +43926,20 @@ function createServer(options) {
     if (method === "initialize") {
       lifecycle.initializeAccepted = true;
       lifecycle.initialized = true;
+      lifecycle.notificationReady = false;
       const requestedProtocol = typeof params?.protocolVersion === "string" ? params.protocolVersion : void 0;
       const result = {
         protocolVersion: requestedProtocol !== void 0 && SUPPORTED_PROTOCOL_VERSIONS.has(requestedProtocol) ? requestedProtocol : PROTOCOL_VERSION,
         capabilities: {
           tools: {
-            listChanged: true
+            ...supportNotifications ? { listChanged: true } : {}
+          },
+          prompts: {
+            ...supportNotifications ? { listChanged: true } : {}
+          },
+          resources: {
+            ...supportNotifications ? { listChanged: true } : {},
+            ...supportResourceSubscriptions ? { subscribe: true } : {}
           }
         },
         serverInfo: {
@@ -43906,6 +43958,7 @@ function createServer(options) {
           }
         };
       }
+      lifecycle.notificationReady = true;
       return { result: void 0 };
     }
     if (!lifecycle.initialized) {
@@ -43919,10 +43972,10 @@ function createServer(options) {
     if (method === "tools/list") {
       const toolList = [];
       for (const tool of tools.values()) {
+        const descriptor = { ...tool };
+        delete descriptor.handler;
         toolList.push({
-          name: tool.name,
-          description: tool.description,
-          inputSchema: tool.inputSchema
+          ...descriptor
         });
       }
       return { result: { tools: toolList } };
@@ -43947,7 +44000,7 @@ function createServer(options) {
         };
       }
       const toolArgs = params?.arguments ?? {};
-      if (options.validateToolArguments !== false && !areValidToolArguments(tool.inputSchema, toolArgs)) {
+      if (options.validateToolArguments !== false && !jsonSchemaValidator.validate(tool.inputSchema, toolArgs)) {
         return {
           error: {
             code: JSON_RPC_ERROR_CODES.INVALID_PARAMS,
@@ -43961,6 +44014,9 @@ function createServer(options) {
           throw new Error("Invalid tool result");
         }
         const result = isCallToolResult2(handlerResult) ? handlerResult : { content: toContentBlocks(handlerResult) };
+        if (tool.outputSchema !== void 0 && (result.structuredContent === void 0 || !jsonSchemaValidator.validate(tool.outputSchema, result.structuredContent))) {
+          throw new Error("Invalid structured tool result");
+        }
         return { result };
       } catch (err) {
         if (err instanceof ToolError) {
@@ -43979,6 +44035,94 @@ function createServer(options) {
         return { result };
       }
     }
+    if (method === "prompts/list") {
+      return {
+        result: {
+          prompts: [...prompts.values()].map(({ handler: _handler, ...prompt }) => prompt)
+        }
+      };
+    }
+    if (method === "prompts/get") {
+      const promptName = typeof params?.name === "string" ? params.name : void 0;
+      if (promptName === void 0) {
+        return invalidParams2("Prompt name required");
+      }
+      const prompt = prompts.get(promptName);
+      if (prompt === void 0) {
+        return invalidParams2(`Prompt not found: ${promptName}`);
+      }
+      const args = toStringArguments(params?.arguments);
+      if (args === void 0 || !hasRequiredPromptArguments(prompt, args)) {
+        return invalidParams2("Invalid prompt arguments");
+      }
+      try {
+        const result = await prompt.handler(args);
+        if (!isGetPromptResult(result)) {
+          return internalError2("Invalid prompt result");
+        }
+        return { result };
+      } catch (error2) {
+        return internalError2(toErrorMessage3(error2));
+      }
+    }
+    if (method === "resources/list") {
+      return {
+        result: {
+          resources: [...resources.values()].map(({ handler: _handler, ...resource }) => resource)
+        }
+      };
+    }
+    if (method === "resources/templates/list") {
+      return {
+        result: {
+          resourceTemplates: [...resourceTemplates.values()].map(
+            ({ handler: _handler, ...resourceTemplate }) => resourceTemplate
+          )
+        }
+      };
+    }
+    if (method === "resources/read") {
+      const uri = typeof params?.uri === "string" ? params.uri : void 0;
+      if (uri === void 0 || !isValidUri(uri)) {
+        return invalidParams2("Resource URI required");
+      }
+      const resource = findReadableResource(uri, resources, resourceTemplates);
+      if (resource === void 0) {
+        return resourceNotFound2(uri);
+      }
+      try {
+        const result = await resource.handler(uri);
+        if (!isReadResourceResult(result)) {
+          return internalError2("Invalid resource result");
+        }
+        return { result };
+      } catch (error2) {
+        return internalError2(toErrorMessage3(error2));
+      }
+    }
+    if (method === "resources/subscribe" || method === "resources/unsubscribe") {
+      if (!supportResourceSubscriptions) {
+        return {
+          error: {
+            code: JSON_RPC_ERROR_CODES.METHOD_NOT_FOUND,
+            message: "Method not found"
+          }
+        };
+      }
+      const uri = typeof params?.uri === "string" ? params.uri : void 0;
+      if (uri === void 0 || !isValidUri(uri)) {
+        return invalidParams2("Resource URI required");
+      }
+      if (method === "resources/subscribe" && findReadableResource(uri, resources, resourceTemplates) === void 0) {
+        return resourceNotFound2(uri);
+      }
+      if (method === "resources/subscribe") {
+        lifecycle.resourceSubscriptions.add(uri);
+      } else {
+        lifecycle.resourceSubscriptions.delete(uri);
+      }
+      return { result: {} };
+    }
     return {
       error: {
         code: JSON_RPC_ERROR_CODES.METHOD_NOT_FOUND,
@@ -43986,15 +44130,23 @@ function createServer(options) {
       }
     };
   };
-  const createMessageSession = () => {
+  const createMessageSession = (listener) => {
     const lifecycle = {
       initialized: false,
-      initializeAccepted: false
+      initializeAccepted: false,
+      notificationReady: false,
+      resourceSubscriptions: /* @__PURE__ */ new Set()
     };
     messageLifecycles.add(lifecycle);
+    if (listener !== void 0) {
+      connectionNotificationListeners.set(listener, lifecycle);
+    }
     return {
       handleMessage: (method, params) => handleMessageWithLifecycle(method, lifecycle, params),
       close: () => {
+        if (listener !== void 0) {
+          connectionNotificationListeners.delete(listener);
+        }
         messageLifecycles.delete(lifecycle);
       }
     };
@@ -44029,17 +44181,18 @@ function createServer(options) {
       write2(formatSuccessResponse(requestWithId.id, result) + "\n");
     }
   };
-  const broadcastNotification = async (method) => {
+  const broadcastNotification = async (method, params, canSend = () => true) => {
     const notification = {
       jsonrpc: "2.0",
-      method
+      method,
+      ...params === void 0 ? {} : { params }
     };
     for (const listener of notificationListeners) {
       listener(notification);
     }
     await Promise.all(
       [...connectionNotificationListeners].map(async ([listener, lifecycle]) => {
-        if (lifecycle.initialized) {
+        if (lifecycle.notificationReady && canSend(lifecycle)) {
           await listener(notification);
         }
       })
@@ -44055,6 +44208,30 @@ function createServer(options) {
       });
       return server;
     },
+    registerTool(definition, handler) {
+      tools.set(definition.name, {
+        ...definition,
+        handler
+      });
+      return server;
+    },
+    prompt(definition, handler) {
+      prompts.set(definition.name, { ...definition, handler });
+      return server;
+    },
+    resource(definition, handler) {
+      if (!isValidUri(definition.uri)) {
+        throw new Error(`Invalid resource URI: ${definition.uri}`);
+      }
+      resources.set(definition.uri, { ...definition, handler });
+      return server;
+    },
+    resourceTemplate(definition, handler) {
+      uriTemplateParser.parse(definition.uriTemplate);
+      new UriTemplate(definition.uriTemplate);
+      resourceTemplates.set(definition.uriTemplate, { ...definition, handler });
+      return server;
+    },
     onNotification(listener) {
       notificationListeners.add(listener);
       return () => {
@@ -44064,11 +44241,40 @@ function createServer(options) {
     removeTool(name) {
       return tools.delete(name);
     },
+    removePrompt(name) {
+      return prompts.delete(name);
+    },
+    removeResource(uri) {
+      return resources.delete(uri);
+    },
+    removeResourceTemplate(uriTemplate) {
+      return resourceTemplates.delete(uriTemplate);
+    },
     async notifyToolsChanged() {
-      if ([...messageLifecycles].some((lifecycle) => lifecycle.initialized)) {
+      if (supportNotifications && [...messageLifecycles].some((lifecycle) => lifecycle.notificationReady)) {
         await broadcastNotification("notifications/tools/list_changed");
       }
     },
+    async notifyPromptsChanged() {
+      if (supportNotifications && [...messageLifecycles].some((lifecycle) => lifecycle.notificationReady)) {
+        await broadcastNotification("notifications/prompts/list_changed");
+      }
+    },
+    async notifyResourcesChanged() {
+      if (supportNotifications && [...messageLifecycles].some((lifecycle) => lifecycle.notificationReady)) {
+        await broadcastNotification("notifications/resources/list_changed");
+      }
+    },
+    async notifyResourceUpdated(uri) {
+      if (!supportResourceSubscriptions) {
+        return;
+      }
+      await broadcastNotification(
+        "notifications/resources/updated",
+        { uri },
+        (lifecycle) => lifecycle.resourceSubscriptions.has(uri)
+      );
+    },
     createMessageSession,
     handleMessage,
     async listen() {
@@ -44079,7 +44285,7 @@ function createServer(options) {
     },
     async connect(transport) {
       return new Promise((resolve7) => {
-        const lifecycle = { initialized: false, initializeAccepted: false };
+        const lifecycle = { initialized: false, initializeAccepted: false, notificationReady: false, resourceSubscriptions: /* @__PURE__ */ new Set() };
         const messageHandler = (method, params) => handleMessageWithLifecycle(method, lifecycle, params);
         messageLifecycles.add(lifecycle);
         const listener = (notification) => {
@@ -44109,7 +44315,7 @@ function createServer(options) {
     },
     async connectSDK(transport) {
       return new Promise((resolve7, reject) => {
-        const lifecycle = { initialized: false, initializeAccepted: false };
+        const lifecycle = { initialized: false, initializeAccepted: false, notificationReady: false, resourceSubscriptions: /* @__PURE__ */ new Set() };
         const messageHandler = (method, params) => handleMessageWithLifecycle(method, lifecycle, params);
         messageLifecycles.add(lifecycle);
         const listener = (notification) => transport.send(notification);
@@ -44169,35 +44375,99 @@ function createServer(options) {
   };
   return server;
 }
-function isCallToolResult2(value) {
-  return hasContentArray(value) && value.content.every(isContentItem2);
+function invalidParams2(message2) {
+  return {
+    error: {
+      code: JSON_RPC_ERROR_CODES.INVALID_PARAMS,
+      message: message2
+    }
+  };
 }
-function hasContentArray(value) {
-  return typeof value === "object" && value !== null && "content" in value && Array.isArray(value.content);
+function internalError2(message2) {
+  return {
+    error: {
+      code: JSON_RPC_ERROR_CODES.INTERNAL_ERROR,
+      message: message2
+    }
+  };
 }
-function areValidToolArguments(schema, value) {
-  if (typeof value !== "object" || value === null || Array.isArray(value)) {
+function resourceNotFound2(uri) {
+  return {
+    error: {
+      code: JSON_RPC_ERROR_CODES.RESOURCE_NOT_FOUND,
+      message: `Resource not found: ${uri}`
+    }
+  };
+}
+function toErrorMessage3(error2) {
+  return error2 instanceof Error ? error2.message : String(error2);
+}
+function isValidUri(uri) {
+  try {
+    new URL(uri);
+    return true;
+  } catch {
     return false;
   }
-  const argumentsObject = value;
-  for (const key2 of schema.required ?? []) {
-    if (!Object.hasOwn(argumentsObject, key2)) {
-      return false;
-    }
+}
+function toStringArguments(value) {
+  if (value === void 0) {
+    return {};
   }
-  for (const [key2, property] of Object.entries(schema.properties)) {
-    if (!Object.hasOwn(argumentsObject, key2)) {
-      continue;
-    }
-    const argument = argumentsObject[key2];
-    if (argument === null && property.nullable === true) {
-      continue;
-    }
-    if (property.type === "array" && !Array.isArray(argument) || property.type === "object" && (typeof argument !== "object" || argument === null || Array.isArray(argument)) || property.type === "integer" && !Number.isInteger(argument) || property.type !== "array" && property.type !== "object" && property.type !== "integer" && typeof argument !== property.type) {
-      return false;
+  if (typeof value !== "object" || value === null || Array.isArray(value)) {
+    return void 0;
+  }
+  const args = {};
+  for (const [name, argument] of Object.entries(value)) {
+    if (typeof argument !== "string") {
+      return void 0;
     }
+    args[name] = argument;
   }
-  return true;
+  return args;
+}
+function hasRequiredPromptArguments(prompt, args) {
+  return (prompt.arguments ?? []).every(
+    (argument) => argument.required !== true || args[argument.name] !== void 0
+  );
+}
+function findReadableResource(uri, resources, resourceTemplates) {
+  const resource = resources.get(uri);
+  if (resource !== void 0) {
+    return resource;
+  }
+  return [...resourceTemplates.values()].find(
+    (template) => matchesUriTemplate(template.uriTemplate, uri)
+  );
+}
+function matchesUriTemplate(template, uri) {
+  try {
+    return new UriTemplate(template).match(uri) !== null;
+  } catch {
+    return false;
+  }
+}
+function isCallToolResult2(value) {
+  return hasContentArray(value) && value.content.every(isContentItem2);
+}
+function isGetPromptResult(value) {
+  if (typeof value !== "object" || value === null || !("messages" in value)) {
+    return false;
+  }
+  return Array.isArray(value.messages) && value.messages.every(
+    (message2) => typeof message2 === "object" && message2 !== null && "role" in message2 && (message2.role === "user" || message2.role === "assistant") && "content" in message2 && isPromptContentItem(message2.content)
+  );
+}
+function isReadResourceResult(value) {
+  if (typeof value !== "object" || value === null || !("contents" in value)) {
+    return false;
+  }
+  return Array.isArray(value.contents) && value.contents.every(
+    (content) => typeof content === "object" && content !== null && "uri" in content && typeof content.uri === "string" && isValidUri(content.uri) && ("text" in content && typeof content.text === "string" || "blob" in content && typeof content.blob === "string" && isBase64(content.blob))
+  );
+}
+function hasContentArray(value) {
+  return typeof value === "object" && value !== null && "content" in value && Array.isArray(value.content);
 }
 function isContentItem2(value) {
   if (typeof value !== "object" || value === null || !("type" in value)) {
@@ -44208,13 +44478,41 @@ function isContentItem2(value) {
     return typeof block.text === "string";
   }
   if (block.type === "image" || block.type === "audio") {
-    return typeof block.data === "string" && typeof block.mimeType === "string";
+    return typeof block.data === "string" && isBase64(block.data) && typeof block.mimeType === "string";
+  }
+  if (block.type === "resource_link") {
+    return typeof block.uri === "string" && typeof block.name === "string";
   }
   if (block.type !== "resource" || typeof block.resource !== "object" || block.resource === null) {
     return false;
   }
   const resource = block.resource;
-  return typeof resource.uri === "string" && typeof resource.mimeType === "string" && (typeof resource.text === "string" || typeof resource.blob === "string");
+  return typeof resource.uri === "string" && (resource.mimeType === void 0 || typeof resource.mimeType === "string") && (typeof resource.text === "string" || typeof resource.blob === "string" && isBase64(resource.blob));
+}
+function isBase64(value) {
+  if (value.length === 0) {
+    return true;
+  }
+  if (value.length % 4 !== 0) {
+    return false;
+  }
+  const alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+  const paddingStart = value.indexOf("=");
+  const encoded = paddingStart === -1 ? value : value.slice(0, paddingStart);
+  const padding = paddingStart === -1 ? "" : value.slice(paddingStart);
+  if (padding.length > 2 || [...padding].some((character) => character !== "=")) {
+    return false;
+  }
+  if ([...encoded].some((character) => !alphabet.includes(character))) {
+    return false;
+  }
+  return Buffer.from(value, "base64").toString("base64") === value;
+}
+function isPromptContentItem(value) {
+  if (!isContentItem2(value)) {
+    return false;
+  }
+  return !(typeof value === "object" && value !== null && "type" in value && value.type === "resource_link");
 }
 
 // packages/toolcraft/src/error-report.ts
@@ -44226,7 +44524,7 @@ import { CommanderError } from "commander";
 
 // packages/toolcraft/src/mcp-proxy.ts
 init_src2();
-init_src9();
+init_src10();
 import { existsSync as existsSync4 } from "node:fs";
 import { lstat as lstat10, mkdir as mkdir12, readFile as readFile11, rename as rename9, writeFile as writeFile7 } from "node:fs/promises";
 import path57 from "node:path";
@@ -45580,10 +45878,10 @@ async function writeErrorReport(context) {
 }
 
 // packages/toolcraft/src/human-in-loop/approvals-commands.ts
-init_src11();
+init_src12();
 
 // packages/toolcraft/src/human-in-loop/approval-tasks.ts
-init_src11();
+init_src12();
 import { randomBytes as randomBytes5 } from "node:crypto";
 
 // packages/toolcraft/src/human-in-loop/state-machine.ts
@@ -45768,7 +46066,7 @@ function areEqualStrings(left, right) {
 }
 
 // packages/toolcraft/src/human-in-loop/runner.ts
-init_src11();
+init_src12();
 import { access as access2, lstat as lstat11, readFile as readFile12, rename as rename10, unlink as unlink7, writeFile as writeFile9 } from "node:fs/promises";
 
 // packages/toolcraft/src/human-in-loop/default-provider.ts
@@ -47022,7 +47320,7 @@ async function runMCP(roots, options) {
 }
 
 // packages/agent-code-review/src/prompt-transport.ts
-init_src16();
+init_src17();
 function shouldUseTextStdinForCodeReview(agent2) {
   const config = getSpawnConfig(agent2);
   return config?.kind === "cli" && (config.agentId === "codex" || config.agentId === "claude-code");
@@ -47515,7 +47813,7 @@ function requirePositiveInteger(value, field) {
 // packages/agent-code-review/src/review.ts
 import { randomUUID as randomUUID9 } from "node:crypto";
 import { resolve as resolve6 } from "node:path";
-init_src16();
+init_src17();
 async function runCodeReview(input, dependencies = {}) {
   const unresolvedOptions = await (dependencies.resolveOptions ?? resolveCodeReviewRuntimeOptions)(
     input
@@ -47994,7 +48292,7 @@ function toAgentSessionMcpServers(servers) {
   }
   return Object.keys(mappedServers).length > 0 ? mappedServers : void 0;
 }
-function toErrorMessage3(value) {
+function toErrorMessage4(value) {
   if (value instanceof Error) {
     return value.message;
   }
@@ -48298,7 +48596,7 @@ function createInMemoryAcpTransport2(options) {
       }
       if (method === "session/new") {
         const request = params;
-        const { createAgentSession: createAgentSession2 } = await Promise.resolve().then(() => (init_src17(), src_exports));
+        const { createAgentSession: createAgentSession2 } = await Promise.resolve().then(() => (init_src18(), src_exports));
         const session = await createAgentSession2({
           model: options.model,
           cwd: request.cwd || options.cwd,
@@ -48417,7 +48715,7 @@ async function runPoeAgentAcpLifecycle(options) {
   } catch (error2) {
     emitEvent(options.onEvent, {
       event: "error",
-      message: toErrorMessage3(error2),
+      message: toErrorMessage4(error2),
       ...toErrorStack(error2) ? { stack: toErrorStack(error2) } : {}
     });
     throw error2;