npm - roboport - Versions diffs - 0.0.1 → 0.2.0 - Mend

roboport 0.0.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/README.md +3 -2
package/core/agent.d.ts +2 -1
package/gateways/core.d.ts +27 -0
package/gateways/index.d.ts +5 -0
package/gateways/index.js +575 -0
package/gateways/serve.d.ts +19 -0
package/gateways/sources/telegram.d.ts +28 -0
package/gateways/store.d.ts +9 -0
package/harness/index.js +15 -6
package/index.js +15 -6
package/mcp/auth.d.ts +2 -0
package/mcp/index.d.ts +4 -1
package/mcp/index.js +814 -795
package/models/index.js +15 -6
package/package.json +9 -5
package/skills/index.js +15 -6
package/triggers/core.d.ts +1 -1
package/triggers/index.js +10 -2
package/triggers/sources/telegram.d.ts +9 -1

package/mcp/index.js CHANGED Viewed

@@ -1,878 +1,889 @@
 // @bun
-// src/core/agent.ts
-import { z } from "zod";
-// src/core/session.ts
-class Turn {
-  queue = [];
-  waiters = [];
-  ended = false;
-  iterated = false;
-  resultPromise;
-  abortController = new AbortController;
-  constructor(runner) {
-    this.resultPromise = runner({
-      emit: (event) => this.emit(event),
-      signal: this.abortController.signal
-    }).then((messages) => {
-      this.close();
-      return messages;
-    }, (error) => {
-      this.close();
-      throw error;
-    });
-    this.resultPromise.catch(() => {});
-  }
-  emit(event) {
-    const waiter = this.waiters.shift();
-    if (waiter) {
-      waiter({ value: event, done: false });
-    } else {
-      this.queue.push(event);
-    }
-  }
-  close() {
-    this.ended = true;
-    while (this.waiters.length > 0) {
-      const waiter = this.waiters.shift();
-      waiter?.({ value: undefined, done: true });
+// src/mcp/oauth.ts
+function base64UrlEncode(bytes) {
+  let str = "";
+  for (const byte of bytes)
+    str += String.fromCharCode(byte);
+  return btoa(str).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function randomBytes(length) {
+  const bytes = new Uint8Array(length);
+  crypto.getRandomValues(bytes);
+  return bytes;
+}
+async function sha256(input) {
+  const hash = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(input));
+  return new Uint8Array(hash);
+}
+async function generatePkce() {
+  const verifier = base64UrlEncode(randomBytes(32));
+  const challenge = base64UrlEncode(await sha256(verifier));
+  return { verifier, challenge };
+}
+function generateState() {
+  return base64UrlEncode(randomBytes(16));
+}
+async function discover(serverUrl) {
+  const u = new URL(serverUrl);
+  const origin = `${u.protocol}//${u.host}`;
+  let authServer = origin;
+  try {
+    const res2 = await fetch(`${origin}/.well-known/oauth-protected-resource`);
+    if (res2.ok) {
+      const meta = await res2.json();
+      if (meta.authorization_servers?.[0])
+        authServer = meta.authorization_servers[0];
     }
+  } catch {}
+  const asUrl = new URL(authServer);
+  const asOrigin = `${asUrl.protocol}//${asUrl.host}`;
+  const res = await fetch(`${asOrigin}/.well-known/oauth-authorization-server`);
+  if (!res.ok) {
+    throw new Error(`OAuth discovery failed for ${asOrigin}: ${res.status} ${await res.text()}`);
   }
-  abort(reason) {
-    this.abortController.abort(reason);
+  return await res.json();
+}
+async function registerClient(registrationEndpoint, redirectUri) {
+  const res = await fetch(registrationEndpoint, {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: JSON.stringify({
+      client_name: "roboport",
+      redirect_uris: [redirectUri],
+      grant_types: ["authorization_code", "refresh_token"],
+      response_types: ["code"],
+      token_endpoint_auth_method: "none"
+    })
+  });
+  if (!res.ok) {
+    throw new Error(`OAuth client registration failed: ${res.status} ${await res.text()}`);
   }
-  [Symbol.asyncIterator]() {
-    if (this.iterated) {
-      throw new Error("Turn can only be iterated once.");
-    }
-    this.iterated = true;
-    return {
-      next: () => {
-        if (this.queue.length > 0) {
-          const value = this.queue.shift();
-          return Promise.resolve({ value, done: false });
-        }
-        if (this.ended) {
-          return Promise.resolve({
-            value: undefined,
-            done: true
+  const data = await res.json();
+  return data.client_id;
+}
+function openBrowser(url) {
+  const cmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
+  Bun.spawn([cmd, url], { stdout: "ignore", stderr: "ignore" });
+}
+function captureAuthorizationCode(port, expectedState, timeoutMs) {
+  return new Promise((resolve, reject) => {
+    const server = Bun.serve({
+      port,
+      hostname: "127.0.0.1",
+      fetch(req) {
+        const u = new URL(req.url);
+        const error = u.searchParams.get("error");
+        if (error) {
+          const desc = u.searchParams.get("error_description") ?? "";
+          finish(() => reject(new Error(`OAuth error: ${error} ${desc}`)));
+          return new Response("Authentication failed. You can close this tab.", {
+            status: 400
           });
         }
-        return new Promise((resolve) => this.waiters.push(resolve));
-      },
-      return: async () => {
-        this.abort("iteration ended");
-        await this.resultPromise.catch(() => {});
-        return {
-          value: undefined,
-          done: true
-        };
+        const code = u.searchParams.get("code");
+        const state = u.searchParams.get("state");
+        if (!code || state !== expectedState) {
+          finish(() => reject(new Error("OAuth state mismatch or missing code.")));
+          return new Response("Invalid OAuth response.", { status: 400 });
+        }
+        finish(() => resolve(code));
+        return new Response("<html><body>Authenticated. You can close this tab.</body></html>", { headers: { "content-type": "text/html" } });
       }
-    };
+    });
+    const timer = setTimeout(() => {
+      finish(() => reject(new Error("OAuth flow timed out.")));
+    }, timeoutMs);
+    function finish(action) {
+      clearTimeout(timer);
+      setTimeout(() => server.stop(true), 50);
+      action();
+    }
+  });
+}
+async function exchangeCode(opts) {
+  const body = new URLSearchParams({
+    grant_type: "authorization_code",
+    code: opts.code,
+    redirect_uri: opts.redirectUri,
+    client_id: opts.clientId,
+    code_verifier: opts.verifier
+  });
+  const res = await fetch(opts.tokenEndpoint, {
+    method: "POST",
+    headers: { "content-type": "application/x-www-form-urlencoded" },
+    body
+  });
+  if (!res.ok) {
+    throw new Error(`OAuth token exchange failed: ${res.status} ${await res.text()}`);
   }
-  then(onfulfilled, onrejected) {
-    return this.resultPromise.then(onfulfilled, onrejected);
+  return await res.json();
+}
+async function refreshTokens(opts) {
+  const body = new URLSearchParams({
+    grant_type: "refresh_token",
+    refresh_token: opts.refreshToken,
+    client_id: opts.clientId
+  });
+  const res = await fetch(opts.tokenEndpoint, {
+    method: "POST",
+    headers: { "content-type": "application/x-www-form-urlencoded" },
+    body
+  });
+  if (!res.ok) {
+    throw new Error(`OAuth refresh failed: ${res.status} ${await res.text()}`);
   }
+  return await res.json();
 }
-class Session {
-  internals;
-  state;
-  constructor(internals, state) {
-    this.internals = internals;
-    this.state = state;
+// src/mcp/storage.ts
+import { chmod, mkdir, readFile, writeFile } from "fs/promises";
+import { homedir } from "os";
+import { dirname, join } from "path";
+var DEFAULT_PATH = join(homedir(), ".roboport", "mcp-auth.json");
+class FileStorage {
+  path;
+  cache;
+  constructor(path) {
+    this.path = path ?? DEFAULT_PATH;
   }
-  get messages() {
-    return this.state.messages;
+  async read() {
+    if (this.cache)
+      return this.cache;
+    try {
+      const raw = await readFile(this.path, "utf8");
+      this.cache = JSON.parse(raw);
+    } catch {
+      this.cache = {};
+    }
+    return this.cache;
   }
-  send(prompt) {
-    return this.internals.send(prompt);
+  async write(data) {
+    await mkdir(dirname(this.path), { recursive: true });
+    await writeFile(this.path, JSON.stringify(data, null, 2), "utf8");
+    await chmod(this.path, 384);
+    this.cache = data;
   }
-  async close() {
-    await this.internals.close();
+  async load(key) {
+    const data = await this.read();
+    return data[key] ?? null;
   }
-  async[Symbol.asyncDispose]() {
-    await this.close();
+  async save(key, tokens) {
+    const data = await this.read();
+    data[key] = tokens;
+    await this.write(data);
+  }
+  async clear(key) {
+    const data = await this.read();
+    delete data[key];
+    await this.write(data);
   }
 }
-// src/core/tool.ts
-import * as z4 from "zod/v4/core";
-function hasParseMethod(schema) {
-  return typeof schema === "object" && schema !== null && "parse" in schema && typeof schema.parse === "function";
-}
-class Tool {
-  name;
-  description;
-  inputSchema;
-  jsonSchema;
-  execute;
-  deferred;
-  constructor(init) {
-    this.name = init.name;
-    this.description = init.description;
-    this.deferred = init.deferred ?? false;
-    if ("inputSchema" in init) {
-      this.inputSchema = init.inputSchema;
-      this.execute = init.execute;
-    } else {
-      this.jsonSchema = init.jsonSchema;
-      this.execute = init.execute;
-    }
+class MemoryStorage {
+  data = new Map;
+  async load(key) {
+    return this.data.get(key) ?? null;
   }
-  toJsonSchema() {
-    if (this.jsonSchema !== undefined)
-      return this.jsonSchema;
-    if (this.inputSchema === undefined) {
-      throw new Error(`Tool "${this.name}" has neither inputSchema nor jsonSchema.`);
-    }
-    return z4.toJSONSchema(this.inputSchema);
+  async save(key, tokens) {
+    this.data.set(key, tokens);
   }
-  parse(input) {
-    const schema = this.inputSchema;
-    if (!schema)
-      return input;
-    if (hasParseMethod(schema))
-      return schema.parse(input);
-    return z4.parse(schema, input);
+  async clear(key) {
+    this.data.delete(key);
   }
 }
-function createRegistry(tools) {
-  const byName = new Map(tools.map((tool) => [tool.name, tool]));
-  const loadedNames = new Set(tools.filter((tool) => !tool.deferred).map((tool) => tool.name));
-  return {
-    loaded: () => tools.filter((tool) => loadedNames.has(tool.name)),
-    deferred: () => tools.filter((tool) => tool.deferred && !loadedNames.has(tool.name)),
-    load: (names) => {
-      const loaded = [];
-      const missing = [];
-      for (const name of names) {
-        const tool = byName.get(name);
-        if (!tool) {
-          missing.push(name);
-          continue;
-        }
-        loadedNames.add(name);
-        loaded.push(tool);
-      }
-      return { loaded, missing };
-    }
-  };
+// src/mcp/auth.ts
+class BearerAuth {
+  token;
+  constructor(token) {
+    this.token = token;
+  }
+  async getHeader() {
+    return `Bearer ${this.token}`;
+  }
 }
+var DEFAULT_PORT = 33418;
+var DEFAULT_TIMEOUT_MS = 5 * 60 * 1000;
-// src/core/agent.ts
-class Agent {
-  model;
-  system;
-  tools;
-  skills;
-  mcp;
-  cwd;
-  registrations = [];
-  unsubs = [];
-  constructor({
-    model,
-    system,
-    tools,
-    skills,
-    mcp,
-    cwd
-  }) {
-    this.model = model;
-    this.system = system;
-    this.tools = tools;
-    this.skills = skills;
-    this.mcp = mcp ?? [];
-    this.cwd = cwd;
+class OAuthAuth {
+  serverUrl;
+  storage;
+  storageKey;
+  redirectPort;
+  scopes;
+  flowTimeoutMs;
+  clientId;
+  tokens;
+  loaded = false;
+  metadata;
+  inFlight;
+  constructor(opts) {
+    this.serverUrl = opts.serverUrl;
+    this.storage = opts.storage ?? new FileStorage;
+    this.storageKey = opts.storageKey;
+    this.redirectPort = opts.redirectPort ?? DEFAULT_PORT;
+    this.scopes = opts.scopes;
+    this.flowTimeoutMs = opts.flowTimeoutMs ?? DEFAULT_TIMEOUT_MS;
+    this.clientId = opts.clientId;
   }
-  on(trigger, handler) {
-    this.registrations.push({ trigger, handler });
+  async getHeader() {
+    await this.ensureTokens();
+    if (!this.tokens)
+      throw new Error("OAuth: no tokens after auth flow.");
+    return `Bearer ${this.tokens.accessToken}`;
   }
-  async start() {
-    for (const { trigger, handler } of this.registrations) {
-      const unsub = await trigger.start((event) => {
-        Promise.resolve().then(() => handler(event)).catch((error) => {
-          const message = error instanceof Error ? error.message : String(error);
-          console.error(`[roboport] trigger "${trigger.name}" handler failed: ${message}`);
-        });
-      });
-      this.unsubs.push(unsub);
+  async onUnauthorized() {
+    if (this.tokens?.refreshToken) {
+      try {
+        await this.refresh();
+        return;
+      } catch {}
     }
+    this.tokens = undefined;
+    await this.storage.clear(this.storageKey);
+    await this.authorize();
   }
-  async stop() {
-    const unsubs = this.unsubs;
-    this.unsubs = [];
-    await Promise.all(unsubs.map((u) => u()));
-  }
-  buildSystem(allTools) {
-    let system = this.system;
-    if (this.skills.length > 0) {
-      const skillsList = this.skills.map((skill) => `- ${skill.name}: ${skill.description}`).join(`
-`);
-      system = `${system}
-# Skills
-The following skills are available. When a task matches one, call the \`Skill\` tool with that skill's name to load its full content before proceeding.
-${skillsList}`;
+  async ensureTokens() {
+    if (this.inFlight) {
+      await this.inFlight;
+      return;
     }
-    const deferred = allTools.filter((tool) => tool.deferred);
-    if (deferred.length > 0) {
-      const list = deferred.map((tool) => `- ${tool.name}`).join(`
-`);
-      system = `${system}
-# Deferred tools
-These tools are available but their schemas are not loaded. Use ToolSearch to load them before calling.
-${list}`;
+    this.inFlight = (async () => {
+      if (!this.loaded) {
+        this.tokens = await this.storage.load(this.storageKey) ?? undefined;
+        this.loaded = true;
+      }
+      if (!this.tokens) {
+        await this.authorize();
+        return;
+      }
+      if (this.isExpired(this.tokens)) {
+        if (this.tokens.refreshToken) {
+          try {
+            await this.refresh();
+            return;
+          } catch {}
+        }
+        await this.authorize();
+      }
+    })();
+    try {
+      await this.inFlight;
+    } finally {
+      this.inFlight = undefined;
     }
-    return system;
   }
-  buildSkillTool() {
-    const byName = new Map(this.skills.map((skill) => [skill.name, skill]));
-    return new Tool({
-      name: "Skill",
-      description: 'Load the full content of a skill listed under "# Skills" in the system prompt. Call this when you decide a listed skill applies to the current task; the returned content extends your instructions for the rest of the session.',
-      inputSchema: z.object({
-        skill: z.string().describe("Name of the skill to load (must match a listed skill).")
-      }),
-      execute: ({ skill }) => {
-        const found = byName.get(skill);
-        if (!found) {
-          const available = [...byName.keys()].join(", ");
-          throw new Error(`Skill "${skill}" not found. Available: ${available}`);
-        }
-        return `<skill name="${found.name}">
-${found.content}
-</skill>`;
+  isExpired(tokens) {
+    if (!tokens.expiresAt)
+      return false;
+    return Date.now() / 1000 >= tokens.expiresAt - 30;
+  }
+  async getMetadata() {
+    if (!this.metadata)
+      this.metadata = await discover(this.serverUrl);
+    return this.metadata;
+  }
+  async authorize() {
+    const meta = await this.getMetadata();
+    const redirectUri = this.tokens?.redirectUri ?? `http://127.0.0.1:${this.redirectPort}/callback`;
+    let clientId = this.tokens?.clientId ?? this.clientId;
+    if (!clientId) {
+      if (!meta.registration_endpoint) {
+        throw new Error("OAuth server does not support dynamic client registration; pass a clientId.");
       }
+      clientId = await registerClient(meta.registration_endpoint, redirectUri);
+    }
+    const { verifier, challenge } = await generatePkce();
+    const state = generateState();
+    const port = parseInt(new URL(redirectUri).port, 10);
+    const codePromise = captureAuthorizationCode(port, state, this.flowTimeoutMs);
+    const authUrl = new URL(meta.authorization_endpoint);
+    authUrl.searchParams.set("response_type", "code");
+    authUrl.searchParams.set("client_id", clientId);
+    authUrl.searchParams.set("redirect_uri", redirectUri);
+    authUrl.searchParams.set("code_challenge", challenge);
+    authUrl.searchParams.set("code_challenge_method", "S256");
+    authUrl.searchParams.set("state", state);
+    if (this.scopes?.length) {
+      authUrl.searchParams.set("scope", this.scopes.join(" "));
+    }
+    console.error(`[mcp:oauth] Opening browser for ${this.storageKey} authentication...`);
+    openBrowser(authUrl.toString());
+    const code = await codePromise;
+    const response = await exchangeCode({
+      tokenEndpoint: meta.token_endpoint,
+      code,
+      clientId,
+      redirectUri,
+      verifier
     });
+    this.tokens = this.toTokenSet(response, clientId, redirectUri);
+    await this.storage.save(this.storageKey, this.tokens);
   }
-  session(init) {
-    const initialMessages = init?.messages ? [...init.messages] : [];
-    const sessionCwd = init?.cwd ?? this.cwd ?? process.cwd();
-    const state = {
-      messages: initialMessages,
-      store: new Map
-    };
-    let activeTurn = null;
-    let mcpConnected = false;
-    let allTools = null;
-    let registry = null;
-    let ctx = null;
-    const ensureReady = async () => {
-      if (!allTools || !registry || !ctx) {
-        const mcpToolGroups = await Promise.all(this.mcp.map((mcp) => mcp.connect()));
-        mcpConnected = true;
-        allTools = [
-          ...this.tools,
-          ...mcpToolGroups.flat(),
-          ...this.skills.length > 0 ? [this.buildSkillTool()] : []
-        ];
-        registry = createRegistry(allTools);
-        ctx = {
-          complete: async (p) => {
-            const response = await this.model.createMessage({
-              messages: [{ role: "user", content: p }]
-            });
-            return response.content.filter((block) => block.type === "text").map((block) => block.text).join(`
-`);
-          },
-          searchWeb: (query, opts) => this.model.searchWeb(query, opts),
-          session: state,
-          tools: registry,
-          cwd: sessionCwd
-        };
-        if (state.messages.length === 0 || state.messages[0]?.role !== "system") {
-          state.messages.unshift({
-            role: "system",
-            content: this.buildSystem(allTools)
-          });
-        }
-      }
-      return { tools: allTools, registry, ctx };
-    };
-    const internals = {
-      send: (prompt) => {
-        if (activeTurn !== null) {
-          throw new Error("Session.send() called while another turn is in flight.");
-        }
-        const turn = new Turn(async (turnCtx) => {
-          try {
-            const ready = await ensureReady();
-            state.messages.push(toUserMessage(prompt));
-            await runAgentLoop({
-              model: this.model,
-              state,
-              registry: ready.registry,
-              ctx: ready.ctx,
-              emit: turnCtx.emit,
-              signal: turnCtx.signal
-            });
-            return [...state.messages];
-          } finally {
-            activeTurn = null;
-          }
-        });
-        activeTurn = turn;
-        return turn;
-      },
-      close: async () => {
-        const pending = activeTurn;
-        if (pending) {
-          pending.abort("session closed");
-          await Promise.resolve(pending).catch(() => {});
-        }
-        if (mcpConnected) {
-          await Promise.all(this.mcp.map((mcp) => mcp.disconnect()));
-          mcpConnected = false;
-        }
-      }
-    };
-    return new Session(internals, state);
-  }
-}
-function toUserMessage(prompt) {
-  if (typeof prompt === "string")
-    return { role: "user", content: prompt };
-  return { role: "user", content: prompt };
-}
-async function runAgentLoop({
-  model,
-  state,
-  registry,
-  ctx,
-  emit,
-  signal
-}) {
-  while (true) {
-    if (signal.aborted)
-      break;
-    const active = registry.loaded();
-    const toolByName = new Map(active.map((tool) => [tool.name, tool]));
-    emit({ type: "message-start" });
-    const assistantContent = [];
-    let stopReason = "end_turn";
-    let usage = { inputTokens: 0, outputTokens: 0 };
-    try {
-      for await (const event of model.streamMessage({
-        messages: state.messages,
-        tools: active,
-        signal
-      })) {
-        switch (event.type) {
-          case "text-delta":
-            emit({ type: "text-delta", text: event.text });
-            break;
-          case "text-end":
-            assistantContent.push({ type: "text", text: event.text });
-            emit({ type: "text", text: event.text });
-            break;
-          case "thinking-delta":
-            emit({ type: "thinking-delta", text: event.text });
-            break;
-          case "thinking-end":
-            assistantContent.push({
-              type: "thinking",
-              text: event.text,
-              ...event.signature !== undefined ? { signature: event.signature } : {},
-              ...event.redactedData !== undefined ? { redactedData: event.redactedData } : {}
-            });
-            emit({
-              type: "thinking",
-              text: event.text,
-              ...event.signature !== undefined ? { signature: event.signature } : {}
-            });
-            break;
-          case "tool-call":
-            assistantContent.push({
-              type: "tool-call",
-              toolCallId: event.toolCallId,
-              toolName: event.toolName,
-              input: event.input
-            });
-            emit({
-              type: "tool-call",
-              toolCallId: event.toolCallId,
-              toolName: event.toolName,
-              input: event.input
-            });
-            break;
-          case "message-end":
-            stopReason = event.stopReason;
-            usage = event.usage;
-            break;
-          default:
-            break;
-        }
-      }
-    } catch (error) {
-      if (signal.aborted) {
-        state.messages.push({ role: "assistant", content: assistantContent });
-        break;
-      }
-      const err = error instanceof Error ? error : new Error(String(error));
-      emit({ type: "error", error: err });
-      throw err;
-    }
-    state.messages.push({ role: "assistant", content: assistantContent });
-    emit({ type: "message-end", usage });
-    if (stopReason !== "tool_use") {
-      emit({ type: "turn-end" });
-      break;
-    }
-    const toolCalls = assistantContent.filter((block) => block.type === "tool-call");
-    const results = [];
-    for (const call of toolCalls) {
-      if (signal.aborted)
-        break;
-      const tool = toolByName.get(call.toolName);
-      const result = await runTool(tool, call, ctx);
-      results.push(result);
-      emit({
-        type: "tool-result",
-        toolCallId: result.toolCallId,
-        toolName: result.toolName,
-        output: result.output,
-        isError: typeof result.output === "string" ? result.output.startsWith("Error:") : false
-      });
-    }
-    state.messages.push({ role: "tool", content: results });
-    if (signal.aborted)
-      break;
-  }
-}
-async function runTool(tool, call, ctx) {
-  if (!tool) {
-    return {
-      type: "tool-result",
-      toolCallId: call.toolCallId,
-      toolName: call.toolName,
-      output: `Error: tool "${call.toolName}" not found`
-    };
-  }
-  try {
-    const parsed = tool.parse(call.input);
-    const output = await tool.execute(parsed, ctx);
-    return {
-      type: "tool-result",
-      toolCallId: call.toolCallId,
-      toolName: call.toolName,
-      output
-    };
-  } catch (error) {
-    return {
-      type: "tool-result",
-      toolCallId: call.toolCallId,
-      toolName: call.toolName,
-      output: `Error: ${error instanceof Error ? error.message : String(error)}`
-    };
-  }
-}
-// src/core/model.ts
-class Model {
-  async createMessage(params) {
-    const content = [];
-    let id = "";
-    let stopReason = "end_turn";
-    let usage = { inputTokens: 0, outputTokens: 0 };
-    for await (const event of this.streamMessage(params)) {
-      switch (event.type) {
-        case "text-end":
-          content.push({ type: "text", text: event.text });
-          break;
-        case "thinking-end":
-          content.push({
-            type: "thinking",
-            text: event.text,
-            ...event.signature !== undefined ? { signature: event.signature } : {},
-            ...event.redactedData !== undefined ? { redactedData: event.redactedData } : {}
-          });
-          break;
-        case "tool-call":
-          content.push({
-            type: "tool-call",
-            toolCallId: event.toolCallId,
-            toolName: event.toolName,
-            input: event.input
-          });
-          break;
-        case "message-end":
-          id = event.id;
-          stopReason = event.stopReason;
-          usage = event.usage;
-          break;
-        default:
-          break;
-      }
+  async refresh() {
+    if (!this.tokens?.refreshToken || !this.tokens.clientId) {
+      throw new Error("OAuth refresh: missing refresh token or client id.");
     }
-    return { id, content, stopReason, usage };
-  }
-}
-// src/core/skill.ts
-class Skill {
-  name;
-  description;
-  content;
-  constructor({
-    name,
-    description,
-    content
-  }) {
-    this.name = name;
-    this.description = description;
-    this.content = content;
+    const meta = await this.getMetadata();
+    const response = await refreshTokens({
+      tokenEndpoint: meta.token_endpoint,
+      refreshToken: this.tokens.refreshToken,
+      clientId: this.tokens.clientId
+    });
+    this.tokens = this.toTokenSet(response, this.tokens.clientId, this.tokens.redirectUri, this.tokens.refreshToken);
+    await this.storage.save(this.storageKey, this.tokens);
+  }
+  toTokenSet(response, clientId, redirectUri, fallbackRefresh) {
+    const expiresAt = response.expires_in ? Math.floor(Date.now() / 1000) + response.expires_in : undefined;
+    return {
+      accessToken: response.access_token,
+      refreshToken: response.refresh_token ?? fallbackRefresh,
+      expiresAt,
+      clientId,
+      redirectUri
+    };
   }
 }
-// src/mcp/oauth.ts
-function base64UrlEncode(bytes) {
-  let str = "";
-  for (const byte of bytes)
-    str += String.fromCharCode(byte);
-  return btoa(str).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-}
-function randomBytes(length) {
-  const bytes = new Uint8Array(length);
-  crypto.getRandomValues(bytes);
-  return bytes;
-}
-async function sha256(input) {
-  const hash = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(input));
-  return new Uint8Array(hash);
-}
-async function generatePkce() {
-  const verifier = base64UrlEncode(randomBytes(32));
-  const challenge = base64UrlEncode(await sha256(verifier));
-  return { verifier, challenge };
-}
-function generateState() {
-  return base64UrlEncode(randomBytes(16));
-}
-async function discover(serverUrl) {
-  const u = new URL(serverUrl);
-  const origin = `${u.protocol}//${u.host}`;
-  let authServer = origin;
-  try {
-    const res2 = await fetch(`${origin}/.well-known/oauth-protected-resource`);
-    if (res2.ok) {
-      const meta = await res2.json();
-      if (meta.authorization_servers?.[0])
-        authServer = meta.authorization_servers[0];
+// src/core/agent.ts
+import { z } from "zod";
+// src/core/session.ts
+class Turn {
+  queue = [];
+  waiters = [];
+  ended = false;
+  iterated = false;
+  resultPromise;
+  abortController = new AbortController;
+  constructor(runner) {
+    this.resultPromise = runner({
+      emit: (event) => this.emit(event),
+      signal: this.abortController.signal
+    }).then((messages) => {
+      this.close();
+      return messages;
+    }, (error) => {
+      this.close();
+      throw error;
+    });
+    this.resultPromise.catch(() => {});
+  }
+  emit(event) {
+    const waiter = this.waiters.shift();
+    if (waiter) {
+      waiter({ value: event, done: false });
+    } else {
+      this.queue.push(event);
     }
-  } catch {}
-  const asUrl = new URL(authServer);
-  const asOrigin = `${asUrl.protocol}//${asUrl.host}`;
-  const res = await fetch(`${asOrigin}/.well-known/oauth-authorization-server`);
-  if (!res.ok) {
-    throw new Error(`OAuth discovery failed for ${asOrigin}: ${res.status} ${await res.text()}`);
   }
-  return await res.json();
-}
-async function registerClient(registrationEndpoint, redirectUri) {
-  const res = await fetch(registrationEndpoint, {
-    method: "POST",
-    headers: { "content-type": "application/json" },
-    body: JSON.stringify({
-      client_name: "roboport",
-      redirect_uris: [redirectUri],
-      grant_types: ["authorization_code", "refresh_token"],
-      response_types: ["code"],
-      token_endpoint_auth_method: "none"
-    })
-  });
-  if (!res.ok) {
-    throw new Error(`OAuth client registration failed: ${res.status} ${await res.text()}`);
+  close() {
+    this.ended = true;
+    while (this.waiters.length > 0) {
+      const waiter = this.waiters.shift();
+      waiter?.({ value: undefined, done: true });
+    }
   }
-  const data = await res.json();
-  return data.client_id;
-}
-function openBrowser(url) {
-  const cmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
-  Bun.spawn([cmd, url], { stdout: "ignore", stderr: "ignore" });
-}
-function captureAuthorizationCode(port, expectedState, timeoutMs) {
-  return new Promise((resolve, reject) => {
-    const server = Bun.serve({
-      port,
-      hostname: "127.0.0.1",
-      fetch(req) {
-        const u = new URL(req.url);
-        const error = u.searchParams.get("error");
-        if (error) {
-          const desc = u.searchParams.get("error_description") ?? "";
-          finish(() => reject(new Error(`OAuth error: ${error} ${desc}`)));
-          return new Response("Authentication failed. You can close this tab.", {
-            status: 400
-          });
+  abort(reason) {
+    this.abortController.abort(reason);
+  }
+  [Symbol.asyncIterator]() {
+    if (this.iterated) {
+      throw new Error("Turn can only be iterated once.");
+    }
+    this.iterated = true;
+    return {
+      next: () => {
+        if (this.queue.length > 0) {
+          const value = this.queue.shift();
+          return Promise.resolve({ value, done: false });
         }
-        const code = u.searchParams.get("code");
-        const state = u.searchParams.get("state");
-        if (!code || state !== expectedState) {
-          finish(() => reject(new Error("OAuth state mismatch or missing code.")));
-          return new Response("Invalid OAuth response.", { status: 400 });
+        if (this.ended) {
+          return Promise.resolve({
+            value: undefined,
+            done: true
+          });
         }
-        finish(() => resolve(code));
-        return new Response("<html><body>Authenticated. You can close this tab.</body></html>", { headers: { "content-type": "text/html" } });
+        return new Promise((resolve) => this.waiters.push(resolve));
+      },
+      return: async () => {
+        this.abort("iteration ended");
+        await this.resultPromise.catch(() => {});
+        return {
+          value: undefined,
+          done: true
+        };
       }
-    });
-    const timer = setTimeout(() => {
-      finish(() => reject(new Error("OAuth flow timed out.")));
-    }, timeoutMs);
-    function finish(action) {
-      clearTimeout(timer);
-      setTimeout(() => server.stop(true), 50);
-      action();
-    }
-  });
-}
-async function exchangeCode(opts) {
-  const body = new URLSearchParams({
-    grant_type: "authorization_code",
-    code: opts.code,
-    redirect_uri: opts.redirectUri,
-    client_id: opts.clientId,
-    code_verifier: opts.verifier
-  });
-  const res = await fetch(opts.tokenEndpoint, {
-    method: "POST",
-    headers: { "content-type": "application/x-www-form-urlencoded" },
-    body
-  });
-  if (!res.ok) {
-    throw new Error(`OAuth token exchange failed: ${res.status} ${await res.text()}`);
+    };
   }
-  return await res.json();
-}
-async function refreshTokens(opts) {
-  const body = new URLSearchParams({
-    grant_type: "refresh_token",
-    refresh_token: opts.refreshToken,
-    client_id: opts.clientId
-  });
-  const res = await fetch(opts.tokenEndpoint, {
-    method: "POST",
-    headers: { "content-type": "application/x-www-form-urlencoded" },
-    body
-  });
-  if (!res.ok) {
-    throw new Error(`OAuth refresh failed: ${res.status} ${await res.text()}`);
+  then(onfulfilled, onrejected) {
+    return this.resultPromise.then(onfulfilled, onrejected);
   }
-  return await res.json();
 }
-// src/mcp/storage.ts
-import { chmod, mkdir, readFile, writeFile } from "fs/promises";
-import { homedir } from "os";
-import { dirname, join } from "path";
-var DEFAULT_PATH = join(homedir(), ".roboport", "mcp-auth.json");
-class FileStorage {
-  path;
-  cache;
-  constructor(path) {
-    this.path = path ?? DEFAULT_PATH;
-  }
-  async read() {
-    if (this.cache)
-      return this.cache;
-    try {
-      const raw = await readFile(this.path, "utf8");
-      this.cache = JSON.parse(raw);
-    } catch {
-      this.cache = {};
-    }
-    return this.cache;
+class Session {
+  internals;
+  state;
+  constructor(internals, state) {
+    this.internals = internals;
+    this.state = state;
   }
-  async write(data) {
-    await mkdir(dirname(this.path), { recursive: true });
-    await writeFile(this.path, JSON.stringify(data, null, 2), "utf8");
-    await chmod(this.path, 384);
-    this.cache = data;
+  get messages() {
+    return this.state.messages;
   }
-  async load(key) {
-    const data = await this.read();
-    return data[key] ?? null;
+  send(prompt) {
+    return this.internals.send(prompt);
   }
-  async save(key, tokens) {
-    const data = await this.read();
-    data[key] = tokens;
-    await this.write(data);
+  async close() {
+    await this.internals.close();
   }
-  async clear(key) {
-    const data = await this.read();
-    delete data[key];
-    await this.write(data);
+  async[Symbol.asyncDispose]() {
+    await this.close();
   }
 }
-class MemoryStorage {
-  data = new Map;
-  async load(key) {
-    return this.data.get(key) ?? null;
+// src/core/tool.ts
+import * as z4 from "zod/v4/core";
+function hasParseMethod(schema) {
+  return typeof schema === "object" && schema !== null && "parse" in schema && typeof schema.parse === "function";
+}
+class Tool {
+  name;
+  description;
+  inputSchema;
+  jsonSchema;
+  execute;
+  deferred;
+  constructor(init) {
+    this.name = init.name;
+    this.description = init.description;
+    this.deferred = init.deferred ?? false;
+    if ("inputSchema" in init) {
+      this.inputSchema = init.inputSchema;
+      this.execute = init.execute;
+    } else {
+      this.jsonSchema = init.jsonSchema;
+      this.execute = init.execute;
+    }
   }
-  async save(key, tokens) {
-    this.data.set(key, tokens);
+  toJsonSchema() {
+    if (this.jsonSchema !== undefined)
+      return this.jsonSchema;
+    if (this.inputSchema === undefined) {
+      throw new Error(`Tool "${this.name}" has neither inputSchema nor jsonSchema.`);
+    }
+    return z4.toJSONSchema(this.inputSchema);
   }
-  async clear(key) {
-    this.data.delete(key);
+  parse(input) {
+    const schema = this.inputSchema;
+    if (!schema)
+      return input;
+    if (hasParseMethod(schema))
+      return schema.parse(input);
+    return z4.parse(schema, input);
   }
 }
-// src/mcp/auth.ts
-class BearerAuth {
-  token;
-  constructor(token) {
-    this.token = token;
-  }
-  async getHeader() {
-    return `Bearer ${this.token}`;
-  }
+function createRegistry(tools) {
+  const byName = new Map(tools.map((tool) => [tool.name, tool]));
+  const loadedNames = new Set(tools.filter((tool) => !tool.deferred).map((tool) => tool.name));
+  return {
+    loaded: () => tools.filter((tool) => loadedNames.has(tool.name)),
+    deferred: () => tools.filter((tool) => tool.deferred && !loadedNames.has(tool.name)),
+    load: (names) => {
+      const loaded = [];
+      const missing = [];
+      for (const name of names) {
+        const tool = byName.get(name);
+        if (!tool) {
+          missing.push(name);
+          continue;
+        }
+        loadedNames.add(name);
+        loaded.push(tool);
+      }
+      return { loaded, missing };
+    }
+  };
 }
-var DEFAULT_PORT = 33418;
-var DEFAULT_TIMEOUT_MS = 5 * 60 * 1000;
-class OAuthAuth {
-  serverUrl;
-  storage;
-  storageKey;
-  redirectPort;
-  scopes;
-  flowTimeoutMs;
-  tokens;
-  loaded = false;
-  metadata;
-  inFlight;
-  constructor(opts) {
-    this.serverUrl = opts.serverUrl;
-    this.storage = opts.storage ?? new FileStorage;
-    this.storageKey = opts.storageKey;
-    this.redirectPort = opts.redirectPort ?? DEFAULT_PORT;
-    this.scopes = opts.scopes;
-    this.flowTimeoutMs = opts.flowTimeoutMs ?? DEFAULT_TIMEOUT_MS;
+// src/core/agent.ts
+class Agent {
+  model;
+  system;
+  tools;
+  skills;
+  mcp;
+  cwd;
+  registrations = [];
+  unsubs = [];
+  constructor({
+    model,
+    system,
+    tools,
+    skills,
+    mcp,
+    cwd
+  }) {
+    this.model = model;
+    this.system = system;
+    this.tools = tools;
+    this.skills = skills;
+    this.mcp = mcp ?? [];
+    this.cwd = cwd;
   }
-  async getHeader() {
-    await this.ensureTokens();
-    if (!this.tokens)
-      throw new Error("OAuth: no tokens after auth flow.");
-    return `Bearer ${this.tokens.accessToken}`;
+  on(trigger, handler) {
+    this.registrations.push({ trigger, handler });
   }
-  async onUnauthorized() {
-    if (this.tokens?.refreshToken) {
-      try {
-        await this.refresh();
-        return;
-      } catch {}
+  async start() {
+    for (const { trigger, handler } of this.registrations) {
+      const unsub = await trigger.start((event) => {
+        Promise.resolve().then(() => handler(event)).catch((error) => {
+          const message = error instanceof Error ? error.message : String(error);
+          console.error(`[roboport] trigger "${trigger.name}" handler failed: ${message}`);
+        });
+      });
+      this.unsubs.push(unsub);
     }
-    this.tokens = undefined;
-    await this.storage.clear(this.storageKey);
-    await this.authorize();
   }
-  async ensureTokens() {
-    if (this.inFlight) {
-      await this.inFlight;
-      return;
+  async stop() {
+    const unsubs = this.unsubs;
+    this.unsubs = [];
+    await Promise.all(unsubs.map((u) => u()));
+  }
+  buildSystem(allTools, systemExtension) {
+    let system = this.system;
+    if (this.skills.length > 0) {
+      const skillsList = this.skills.map((skill) => `- ${skill.name}: ${skill.description}`).join(`
+`);
+      system = `${system}
+# Skills
+The following skills are available. When a task matches one, call the \`Skill\` tool with that skill's name to load its full content before proceeding.
+${skillsList}`;
     }
-    this.inFlight = (async () => {
-      if (!this.loaded) {
-        this.tokens = await this.storage.load(this.storageKey) ?? undefined;
-        this.loaded = true;
+    const deferred = allTools.filter((tool) => tool.deferred);
+    if (deferred.length > 0) {
+      const list = deferred.map((tool) => `- ${tool.name}`).join(`
+`);
+      system = `${system}
+# Deferred tools
+These tools are available but their schemas are not loaded. Use ToolSearch to load them before calling.
+${list}`;
+    }
+    if (systemExtension) {
+      system = `${system}
+${systemExtension}`;
+    }
+    return system;
+  }
+  buildSkillTool() {
+    const byName = new Map(this.skills.map((skill) => [skill.name, skill]));
+    return new Tool({
+      name: "Skill",
+      description: 'Load the full content of a skill listed under "# Skills" in the system prompt. Call this when you decide a listed skill applies to the current task; the returned content extends your instructions for the rest of the session.',
+      inputSchema: z.object({
+        skill: z.string().describe("Name of the skill to load (must match a listed skill).")
+      }),
+      execute: ({ skill }) => {
+        const found = byName.get(skill);
+        if (!found) {
+          const available = [...byName.keys()].join(", ");
+          throw new Error(`Skill "${skill}" not found. Available: ${available}`);
+        }
+        return `<skill name="${found.name}">
+${found.content}
+</skill>`;
       }
-      if (!this.tokens) {
-        await this.authorize();
-        return;
+    });
+  }
+  session(init) {
+    const initialMessages = init?.messages ? [...init.messages] : [];
+    const sessionCwd = init?.cwd ?? this.cwd ?? process.cwd();
+    const systemExtension = init?.systemExtension;
+    const state = {
+      messages: initialMessages,
+      store: new Map
+    };
+    let activeTurn = null;
+    let mcpConnected = false;
+    let allTools = null;
+    let registry = null;
+    let ctx = null;
+    const ensureReady = async () => {
+      if (!allTools || !registry || !ctx) {
+        const mcpToolGroups = await Promise.all(this.mcp.map((mcp) => mcp.connect()));
+        mcpConnected = true;
+        allTools = [
+          ...this.tools,
+          ...mcpToolGroups.flat(),
+          ...this.skills.length > 0 ? [this.buildSkillTool()] : []
+        ];
+        registry = createRegistry(allTools);
+        ctx = {
+          complete: async (p) => {
+            const response = await this.model.createMessage({
+              messages: [{ role: "user", content: p }]
+            });
+            return response.content.filter((block) => block.type === "text").map((block) => block.text).join(`
+`);
+          },
+          searchWeb: (query, opts) => this.model.searchWeb(query, opts),
+          session: state,
+          tools: registry,
+          cwd: sessionCwd
+        };
+        const systemMessage = {
+          role: "system",
+          content: this.buildSystem(allTools, systemExtension)
+        };
+        if (state.messages[0]?.role === "system") {
+          state.messages[0] = systemMessage;
+        } else {
+          state.messages.unshift(systemMessage);
+        }
       }
-      if (this.isExpired(this.tokens)) {
-        if (this.tokens.refreshToken) {
+      return { tools: allTools, registry, ctx };
+    };
+    const internals = {
+      send: (prompt) => {
+        if (activeTurn !== null) {
+          throw new Error("Session.send() called while another turn is in flight.");
+        }
+        const turn = new Turn(async (turnCtx) => {
           try {
-            await this.refresh();
-            return;
-          } catch {}
+            const ready = await ensureReady();
+            state.messages.push(toUserMessage(prompt));
+            await runAgentLoop({
+              model: this.model,
+              state,
+              registry: ready.registry,
+              ctx: ready.ctx,
+              emit: turnCtx.emit,
+              signal: turnCtx.signal
+            });
+            return [...state.messages];
+          } finally {
+            activeTurn = null;
+          }
+        });
+        activeTurn = turn;
+        return turn;
+      },
+      close: async () => {
+        const pending = activeTurn;
+        if (pending) {
+          pending.abort("session closed");
+          await Promise.resolve(pending).catch(() => {});
+        }
+        if (mcpConnected) {
+          await Promise.all(this.mcp.map((mcp) => mcp.disconnect()));
+          mcpConnected = false;
         }
-        await this.authorize();
       }
-    })();
-    try {
-      await this.inFlight;
-    } finally {
-      this.inFlight = undefined;
-    }
-  }
-  isExpired(tokens) {
-    if (!tokens.expiresAt)
-      return false;
-    return Date.now() / 1000 >= tokens.expiresAt - 30;
-  }
-  async getMetadata() {
-    if (!this.metadata)
-      this.metadata = await discover(this.serverUrl);
-    return this.metadata;
+    };
+    return new Session(internals, state);
   }
-  async authorize() {
-    const meta = await this.getMetadata();
-    const redirectUri = this.tokens?.redirectUri ?? `http://127.0.0.1:${this.redirectPort}/callback`;
-    let clientId = this.tokens?.clientId;
-    if (!clientId) {
-      if (!meta.registration_endpoint) {
-        throw new Error("OAuth server does not support dynamic client registration; provide a client_id manually.");
+}
+function toUserMessage(prompt) {
+  if (typeof prompt === "string")
+    return { role: "user", content: prompt };
+  return { role: "user", content: prompt };
+}
+async function runAgentLoop({
+  model,
+  state,
+  registry,
+  ctx,
+  emit,
+  signal
+}) {
+  while (true) {
+    if (signal.aborted)
+      break;
+    const active = registry.loaded();
+    const toolByName = new Map(active.map((tool) => [tool.name, tool]));
+    emit({ type: "message-start" });
+    const assistantContent = [];
+    let stopReason = "end_turn";
+    let usage = { inputTokens: 0, outputTokens: 0 };
+    try {
+      for await (const event of model.streamMessage({
+        messages: state.messages,
+        tools: active,
+        signal
+      })) {
+        switch (event.type) {
+          case "text-delta":
+            emit({ type: "text-delta", text: event.text });
+            break;
+          case "text-end":
+            assistantContent.push({ type: "text", text: event.text });
+            emit({ type: "text", text: event.text });
+            break;
+          case "thinking-delta":
+            emit({ type: "thinking-delta", text: event.text });
+            break;
+          case "thinking-end":
+            assistantContent.push({
+              type: "thinking",
+              text: event.text,
+              ...event.signature !== undefined ? { signature: event.signature } : {},
+              ...event.redactedData !== undefined ? { redactedData: event.redactedData } : {}
+            });
+            emit({
+              type: "thinking",
+              text: event.text,
+              ...event.signature !== undefined ? { signature: event.signature } : {}
+            });
+            break;
+          case "tool-call":
+            assistantContent.push({
+              type: "tool-call",
+              toolCallId: event.toolCallId,
+              toolName: event.toolName,
+              input: event.input
+            });
+            emit({
+              type: "tool-call",
+              toolCallId: event.toolCallId,
+              toolName: event.toolName,
+              input: event.input
+            });
+            break;
+          case "message-end":
+            stopReason = event.stopReason;
+            usage = event.usage;
+            break;
+          default:
+            break;
+        }
       }
-      clientId = await registerClient(meta.registration_endpoint, redirectUri);
+    } catch (error) {
+      if (signal.aborted) {
+        state.messages.push({ role: "assistant", content: assistantContent });
+        break;
+      }
+      const err = error instanceof Error ? error : new Error(String(error));
+      emit({ type: "error", error: err });
+      throw err;
     }
-    const { verifier, challenge } = await generatePkce();
-    const state = generateState();
-    const port = parseInt(new URL(redirectUri).port, 10);
-    const codePromise = captureAuthorizationCode(port, state, this.flowTimeoutMs);
-    const authUrl = new URL(meta.authorization_endpoint);
-    authUrl.searchParams.set("response_type", "code");
-    authUrl.searchParams.set("client_id", clientId);
-    authUrl.searchParams.set("redirect_uri", redirectUri);
-    authUrl.searchParams.set("code_challenge", challenge);
-    authUrl.searchParams.set("code_challenge_method", "S256");
-    authUrl.searchParams.set("state", state);
-    if (this.scopes?.length) {
-      authUrl.searchParams.set("scope", this.scopes.join(" "));
+    state.messages.push({ role: "assistant", content: assistantContent });
+    emit({ type: "message-end", usage });
+    if (stopReason !== "tool_use") {
+      emit({ type: "turn-end" });
+      break;
     }
-    console.error(`[mcp:oauth] Opening browser for ${this.storageKey} authentication...`);
-    openBrowser(authUrl.toString());
-    const code = await codePromise;
-    const response = await exchangeCode({
-      tokenEndpoint: meta.token_endpoint,
-      code,
-      clientId,
-      redirectUri,
-      verifier
-    });
-    this.tokens = this.toTokenSet(response, clientId, redirectUri);
-    await this.storage.save(this.storageKey, this.tokens);
-  }
-  async refresh() {
-    if (!this.tokens?.refreshToken || !this.tokens.clientId) {
-      throw new Error("OAuth refresh: missing refresh token or client id.");
+    const toolCalls = assistantContent.filter((block) => block.type === "tool-call");
+    const results = [];
+    for (const call of toolCalls) {
+      if (signal.aborted)
+        break;
+      const tool = toolByName.get(call.toolName);
+      const result = await runTool(tool, call, ctx);
+      results.push(result);
+      emit({
+        type: "tool-result",
+        toolCallId: result.toolCallId,
+        toolName: result.toolName,
+        output: result.output,
+        isError: typeof result.output === "string" ? result.output.startsWith("Error:") : false
+      });
     }
-    const meta = await this.getMetadata();
-    const response = await refreshTokens({
-      tokenEndpoint: meta.token_endpoint,
-      refreshToken: this.tokens.refreshToken,
-      clientId: this.tokens.clientId
-    });
-    this.tokens = this.toTokenSet(response, this.tokens.clientId, this.tokens.redirectUri, this.tokens.refreshToken);
-    await this.storage.save(this.storageKey, this.tokens);
+    state.messages.push({ role: "tool", content: results });
+    if (signal.aborted)
+      break;
   }
-  toTokenSet(response, clientId, redirectUri, fallbackRefresh) {
-    const expiresAt = response.expires_in ? Math.floor(Date.now() / 1000) + response.expires_in : undefined;
+}
+async function runTool(tool, call, ctx) {
+  if (!tool) {
     return {
-      accessToken: response.access_token,
-      refreshToken: response.refresh_token ?? fallbackRefresh,
-      expiresAt,
-      clientId,
-      redirectUri
+      type: "tool-result",
+      toolCallId: call.toolCallId,
+      toolName: call.toolName,
+      output: `Error: tool "${call.toolName}" not found`
+    };
+  }
+  try {
+    const parsed = tool.parse(call.input);
+    const output = await tool.execute(parsed, ctx);
+    return {
+      type: "tool-result",
+      toolCallId: call.toolCallId,
+      toolName: call.toolName,
+      output
+    };
+  } catch (error) {
+    return {
+      type: "tool-result",
+      toolCallId: call.toolCallId,
+      toolName: call.toolName,
+      output: `Error: ${error instanceof Error ? error.message : String(error)}`
     };
   }
 }
+// src/core/model.ts
+class Model {
+  async createMessage(params) {
+    const content = [];
+    let id = "";
+    let stopReason = "end_turn";
+    let usage = { inputTokens: 0, outputTokens: 0 };
+    for await (const event of this.streamMessage(params)) {
+      switch (event.type) {
+        case "text-end":
+          content.push({ type: "text", text: event.text });
+          break;
+        case "thinking-end":
+          content.push({
+            type: "thinking",
+            text: event.text,
+            ...event.signature !== undefined ? { signature: event.signature } : {},
+            ...event.redactedData !== undefined ? { redactedData: event.redactedData } : {}
+          });
+          break;
+        case "tool-call":
+          content.push({
+            type: "tool-call",
+            toolCallId: event.toolCallId,
+            toolName: event.toolName,
+            input: event.input
+          });
+          break;
+        case "message-end":
+          id = event.id;
+          stopReason = event.stopReason;
+          usage = event.usage;
+          break;
+        default:
+          break;
+      }
+    }
+    return { id, content, stopReason, usage };
+  }
+}
+// src/core/skill.ts
+class Skill {
+  name;
+  description;
+  content;
+  constructor({
+    name,
+    description,
+    content
+  }) {
+    this.name = name;
+    this.description = description;
+    this.content = content;
+  }
+}
 // src/mcp/clients/grafana.ts
 var EMPTY_OBJECT = {
   type: "object",
@@ -1263,6 +1274,9 @@ class Mcp2 {
     transport,
     deferred
   }) {
+    if (!/^[a-zA-Z0-9_-]+$/.test(name)) {
+      throw new Error(`Invalid MCP name "${name}": use only letters, digits, underscores, and hyphens.`);
+    }
     this.name = name;
     this.transport = transport;
     this.deferred = deferred ?? true;
@@ -1351,6 +1365,11 @@ class Mcp4 extends Mcp2 {
 var tenderly_default = Mcp4;
 export {
   tenderly_default as Tenderly,
+  OAuthAuth,
+  MemoryStorage,
+  Mcp2 as Mcp,
   linear_default as Linear,
-  grafana_default as Grafana
+  grafana_default as Grafana,
+  FileStorage,
+  BearerAuth
 };