smol-symphony 0.3.3 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/WORKFLOW.template.yaml +44 -2
- package/assets/symphony-mise.system.toml +6 -0
- package/dist/core/credential/adapter-config.js +28 -0
- package/dist/core/credential/adapter-config.js.map +1 -1
- package/dist/core/credential/availability.js +44 -1
- package/dist/core/credential/availability.js.map +1 -1
- package/dist/core/credential/extract.js +34 -0
- package/dist/core/credential/extract.js.map +1 -1
- package/dist/core/credential/fake-creds.js +50 -2
- package/dist/core/credential/fake-creds.js.map +1 -1
- package/dist/core/credential/shape.js +26 -3
- package/dist/core/credential/shape.js.map +1 -1
- package/dist/core/mcp/pi-extension.js +124 -0
- package/dist/core/mcp/pi-extension.js.map +1 -0
- package/dist/core/workflow/parse.js +25 -0
- package/dist/core/workflow/parse.js.map +1 -1
- package/dist/core/workflow/validate.js +2 -2
- package/dist/core/workflow/validate.js.map +1 -1
- package/dist/shell/adapter/adapter-registry.js +23 -1
- package/dist/shell/adapter/adapter-registry.js.map +1 -1
- package/dist/shell/adapter/doctor.js +6 -0
- package/dist/shell/adapter/doctor.js.map +1 -1
- package/dist/shell/adapter/workflow-loader.js +20 -1
- package/dist/shell/adapter/workflow-loader.js.map +1 -1
- package/dist/shell/interp/credential-defaults.js +83 -1
- package/dist/shell/interp/credential-defaults.js.map +1 -1
- package/dist/shell/interp/credential.js +10 -1
- package/dist/shell/interp/credential.js.map +1 -1
- package/dist/shell/main-credential.js +6 -2
- package/dist/shell/main-credential.js.map +1 -1
- package/dist/shell/main-runner.js +30 -4
- package/dist/shell/main-runner.js.map +1 -1
- package/dist/shell/main-substrates.js +2 -0
- package/dist/shell/main-substrates.js.map +1 -1
- package/dist/shell/main.js +6 -5
- package/dist/shell/main.js.map +1 -1
- package/package.json +1 -1
package/WORKFLOW.template.yaml
CHANGED
|
@@ -54,13 +54,16 @@ tracker:
|
|
|
54
54
|
# and the landing directory for `symphony.propose_issue`.
|
|
55
55
|
# adapter (string, optional): override the workflow-level `acp.adapter` for
|
|
56
56
|
# agents dispatched in this state. Must be a known profile (claude,
|
|
57
|
-
# codex).
|
|
57
|
+
# codex, pi). All use host-side credential substitution at Gondolin
|
|
58
58
|
# egress and are startup-probed so a missing credential fails fast.
|
|
59
59
|
# claude has a single host credential file
|
|
60
60
|
# (~/.claude/.credentials.json) that is probed for readability; codex
|
|
61
61
|
# passes when either ~/.codex/auth.json holds a token (ChatGPT-OAuth
|
|
62
62
|
# tokens.access_token or a top-level OPENAI_API_KEY) or the host
|
|
63
|
-
# OPENAI_API_KEY env var is set.
|
|
63
|
+
# OPENAI_API_KEY env var is set; pi passes when ~/.pi/agent/auth.json
|
|
64
|
+
# holds a `github-copilot` entry (access or refresh token — log in
|
|
65
|
+
# once with `pi` /login on the host) or the host COPILOT_GITHUB_TOKEN
|
|
66
|
+
# env var is set.
|
|
64
67
|
# prompt_file (path): this state's prompt template, in its own file. The shell
|
|
65
68
|
# loader reads it and assembles `prompt.preamble_file` + this file +
|
|
66
69
|
# `prompt.footer_file` (see the top-level `prompt:` block below) into
|
|
@@ -746,6 +749,11 @@ acp:
|
|
|
746
749
|
# bearer (in a fake ~/.codex/auth.json); the host substitutes the
|
|
747
750
|
# real OpenAI/ChatGPT token at egress. No real credential — and no
|
|
748
751
|
# real OPENAI_API_KEY — enters the VM.
|
|
752
|
+
# pi — pi-acp wrapping `pi --mode rpc` (the pi coding agent), backed by a
|
|
753
|
+
# GitHub Copilot subscription. Same model: the guest holds a
|
|
754
|
+
# placeholder COPILOT_GITHUB_TOKEN env bearer; the host substitutes
|
|
755
|
+
# the real short-lived Copilot token at egress. No real credential
|
|
756
|
+
# enters the VM.
|
|
749
757
|
adapter: claude
|
|
750
758
|
|
|
751
759
|
# Credentials never enter the VM (issue 113; codex generalized in 116). The
|
|
@@ -768,6 +776,24 @@ acp:
|
|
|
768
776
|
# so codex-acp runs in its native mode without an in-VM OAuth handshake or
|
|
769
777
|
# refresh (both stay host-side). Every credential-bearing var is stripped from
|
|
770
778
|
# the forwarded VM boot env.
|
|
779
|
+
#
|
|
780
|
+
# For pi: the host credential is the `github-copilot` entry in
|
|
781
|
+
# ~/.pi/agent/auth.json — run `pi` once on the host and `/login` with GitHub
|
|
782
|
+
# Copilot to create it (or export COPILOT_GITHUB_TOKEN with a ready Copilot
|
|
783
|
+
# bearer). The host reads the short-lived `access` Copilot token (NEVER the
|
|
784
|
+
# durable `refresh` GitHub-OAuth token) and substitutes it at egress to
|
|
785
|
+
# api.individual.githubcopilot.com; when it nears expiry the host re-exchanges
|
|
786
|
+
# the refresh token against api.github.com/copilot_internal/v2/token directly
|
|
787
|
+
# (no model call) and rewrites auth.json. In the guest, pi resolves its bearer
|
|
788
|
+
# from the COPILOT_GITHUB_TOKEN placeholder env var (used verbatim — pi's env
|
|
789
|
+
# path performs no exchange/refresh), and `defaultProvider: github-copilot` is
|
|
790
|
+
# pinned via a staged ~/.pi/agent/settings.json. Because pi has no built-in MCP
|
|
791
|
+
# client (and pi-acp ignores the ACP mcpServers descriptor), symphony also
|
|
792
|
+
# stages a per-dispatch extension at ~/.pi/agent/extensions/symphony-mcp.ts
|
|
793
|
+
# that bridges the symphony tools (transition / request_human_steering /
|
|
794
|
+
# propose_issue) to the MCP endpoint. Business/enterprise Copilot plans: set
|
|
795
|
+
# `acp.copilot_host` (below) to your segment host — it scopes both the token
|
|
796
|
+
# substitution and the staged pi models.json baseUrl.
|
|
771
797
|
|
|
772
798
|
# model (string | null): optional model selector forwarded to the chosen adapter.
|
|
773
799
|
# Each adapter profile knows how to surface it natively:
|
|
@@ -775,6 +801,10 @@ acp:
|
|
|
775
801
|
# claude-agent-acp would (aliases like "opus", "sonnet", or full IDs
|
|
776
802
|
# like "claude-opus-4-7").
|
|
777
803
|
# codex — passed as `-c model="<value>"` argv to codex-acp (parsed as TOML).
|
|
804
|
+
# pi — written as `defaultModel` into the staged ~/.pi/agent/settings.json
|
|
805
|
+
# (pi-acp forwards no argv and pi has no model env var). Accepts a
|
|
806
|
+
# Copilot model id (e.g. "gpt-5", "claude-sonnet-4-6") or pi's
|
|
807
|
+
# provider/id + fuzzy forms; unset ⇒ pi's own Copilot default.
|
|
778
808
|
# Leave unset / null to use the adapter's own default model. Default: null.
|
|
779
809
|
# model: claude-opus-4-7
|
|
780
810
|
|
|
@@ -789,9 +819,21 @@ acp:
|
|
|
789
819
|
# from drifting from the adapter's own supported list.
|
|
790
820
|
# codex — not wired (codex-acp has no first-class effort knob on the wrapper);
|
|
791
821
|
# setting `acp.effort` for a codex-backed state is a no-op.
|
|
822
|
+
# pi — not wired (pi's thinking level shares the same settings.json the
|
|
823
|
+
# model pin is staged into, and the injection channels have no merge
|
|
824
|
+
# semantics); setting `acp.effort` for a pi-backed state is a no-op.
|
|
792
825
|
# Leave unset / null for the adapter's own default. Default: null.
|
|
793
826
|
# effort: xhigh
|
|
794
827
|
|
|
828
|
+
# copilot_host (string, pi only): the GitHub Copilot API host your subscription
|
|
829
|
+
# is served on. Scopes BOTH the egress token substitution (where the real
|
|
830
|
+
# Copilot token may be attached) AND the staged pi models.json baseUrl (where
|
|
831
|
+
# the in-VM pi dials). Individual plans use the default; business/enterprise
|
|
832
|
+
# plans set their segment host. A pasted URL is normalized to its host; a
|
|
833
|
+
# malformed value fails the workflow parse.
|
|
834
|
+
# Default: api.individual.githubcopilot.com
|
|
835
|
+
# copilot_host: api.business.githubcopilot.com
|
|
836
|
+
|
|
795
837
|
# NOTE: the launch shape is fixed (an in-VM agent dials back the `/acp` WebSocket
|
|
796
838
|
# and spawns the chosen adapter). Customizing what the agent spawns requires
|
|
797
839
|
# forking that agent and rebuilding the VM image with the fork in place.
|
|
@@ -66,3 +66,9 @@ node = "24"
|
|
|
66
66
|
"npm:@agentclientprotocol/claude-agent-acp" = "0.39.0"
|
|
67
67
|
"npm:@zed-industries/codex-acp" = { version = "0.15.0", npm_args = "--ignore-scripts=false" }
|
|
68
68
|
"npm:opencode-ai" = { version = "1.15.12", npm_args = "--ignore-scripts=false" }
|
|
69
|
+
# pi (adapter: pi) — the pi coding agent + the pi-acp ACP wrapper that spawns
|
|
70
|
+
# `pi --mode rpc` (pi has no native ACP mode). Both are pure JS with NO install
|
|
71
|
+
# scripts (pi's own docs install with --ignore-scripts), so plain pins suffice.
|
|
72
|
+
# pi-coding-agent needs node >= 22.19 — satisfied by the node pin above.
|
|
73
|
+
"npm:@earendil-works/pi-coding-agent" = "0.79.1"
|
|
74
|
+
"npm:pi-acp" = "0.0.27"
|
|
@@ -102,6 +102,27 @@ export function codexPlaceholderAuthSpec() {
|
|
|
102
102
|
guestPath: CODEX_AUTH_GUEST_PATH,
|
|
103
103
|
};
|
|
104
104
|
}
|
|
105
|
+
// ── pi settings.json (provider + model) ────────────────────────────────────
|
|
106
|
+
/** Absolute guest path pi's global settings.json lands at. */
|
|
107
|
+
export const PI_SETTINGS_GUEST_PATH = '/root/.pi/agent/settings.json';
|
|
108
|
+
/**
|
|
109
|
+
* The pi `~/.pi/agent/settings.json` spec. pi-acp spawns `pi --mode rpc` with
|
|
110
|
+
* NO passthrough argv and pi has no model env var, so provider/model selection
|
|
111
|
+
* rides pi's own global settings file. `defaultProvider` is always pinned to
|
|
112
|
+
* `github-copilot` (the only provider symphony stages a credential for);
|
|
113
|
+
* `defaultModel` is included only when a model was chosen (omitted ⇒ pi's own
|
|
114
|
+
* Copilot default).
|
|
115
|
+
*/
|
|
116
|
+
export function piSettingsSpec(model) {
|
|
117
|
+
return {
|
|
118
|
+
stagedName: 'pi-settings.json',
|
|
119
|
+
content: JSON.stringify({
|
|
120
|
+
defaultProvider: 'github-copilot',
|
|
121
|
+
...(model !== null && model.length > 0 ? { defaultModel: model } : {}),
|
|
122
|
+
}),
|
|
123
|
+
guestPath: PI_SETTINGS_GUEST_PATH,
|
|
124
|
+
};
|
|
125
|
+
}
|
|
105
126
|
/**
|
|
106
127
|
* Aggregate every staged-file spec one adapter dispatch needs into a single
|
|
107
128
|
* `StagedFileSpec[]`, in a stable order (identity/config first, then the
|
|
@@ -113,6 +134,9 @@ export function codexPlaceholderAuthSpec() {
|
|
|
113
134
|
* • claude — optional non-secret identity (when extracted) + optional
|
|
114
135
|
* effortLevel settings.json (when effort is set).
|
|
115
136
|
* • codex — the fake placeholder auth.json (always; the init check needs it).
|
|
137
|
+
* • pi — the settings.json provider/model pin (always; `effort` is not
|
|
138
|
+
* wired for pi — there is no collision-free channel for pi's
|
|
139
|
+
* thinking level alongside the model file).
|
|
116
140
|
*/
|
|
117
141
|
export function buildStagedConfigs(input) {
|
|
118
142
|
const specs = [];
|
|
@@ -130,6 +154,10 @@ export function buildStagedConfigs(input) {
|
|
|
130
154
|
specs.push(codexPlaceholderAuthSpec());
|
|
131
155
|
break;
|
|
132
156
|
}
|
|
157
|
+
case 'pi': {
|
|
158
|
+
specs.push(piSettingsSpec(input.model));
|
|
159
|
+
break;
|
|
160
|
+
}
|
|
133
161
|
}
|
|
134
162
|
return specs;
|
|
135
163
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"adapter-config.js","sourceRoot":"","sources":["../../../src/core/credential/adapter-config.ts"],"names":[],"mappings":"AAAA,4DAA4D;AAC5D,EAAE;AACF,gEAAgE;AAChE,mFAAmF;AACnF,qEAAqE;AACrE,+EAA+E;AAC/E,EAAE;AACF,0EAA0E;AAC1E,gFAAgF;AAChF,+EAA+E;AAC/E,6EAA6E;AAC7E,2EAA2E;AAC3E,+EAA+E;AAC/E,gFAAgF;AAChF,6EAA6E;AAC7E,gFAAgF;AAChF,gFAAgF;AAChF,EAAE;AACF,sFAAsF;AACtF,gFAAgF;AAChF,iFAAiF;AACjF,qFAAqF;AACrF,mDAAmD;AACnD,mFAAmF;AACnF,EAAE;AACF,mDAAmD;AACnD,gFAAgF;AAChF,8EAA8E;AAC9E,kFAAkF;AAClF,0EAA0E;AAC1E,uEAAuE;AACvE,gFAAgF;AAChF,8DAA8D;AAS9D,8EAA8E;AAE9E,2EAA2E;AAC3E,MAAM,CAAC,MAAM,0BAA0B,GAAG,6BAA6B,CAAC;AAExE,wEAAwE;AACxE,MAAM,CAAC,MAAM,0BAA0B,GAAG,oBAAoB,CAAC;AAE/D;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAc;IAC7C,OAAO;QACL,UAAU,EAAE,sBAAsB;QAClC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC;QAChD,SAAS,EAAE,0BAA0B;KACtC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAA+B;IAChE,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3B,OAAO;QACL,UAAU,EAAE,aAAa;QACzB,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC;YACtB,YAAY,EAAE;gBACZ,WAAW,EAAE,QAAQ,CAAC,WAAW;gBACjC,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;aAC5C;SACF,CAAC;QACF,SAAS,EAAE,0BAA0B;KACtC,CAAC;AACJ,CAAC;AAED,8EAA8E;AAE9E,6DAA6D;AAC7D,MAAM,CAAC,MAAM,qBAAqB,GAAG,wBAAwB,CAAC;AAE9D,kFAAkF;AAClF,MAAM,CAAC,MAAM,yBAAyB,GAAG,yBAAyB,CAAC;AAEnE;;;;;;;;;GASG;AACH,MAAM,UAAU,wBAAwB;IACtC,OAAO;QACL,UAAU,EAAE,WAAW;QACvB,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC;YACtB,cAAc,EAAE,yBAAyB;YACzC,SAAS,EAAE,QAAQ;SACpB,CAAC;QACF,SAAS,EAAE,qBAAqB;KACjC,CAAC;AACJ,CAAC;AAeD
|
|
1
|
+
{"version":3,"file":"adapter-config.js","sourceRoot":"","sources":["../../../src/core/credential/adapter-config.ts"],"names":[],"mappings":"AAAA,4DAA4D;AAC5D,EAAE;AACF,gEAAgE;AAChE,mFAAmF;AACnF,qEAAqE;AACrE,+EAA+E;AAC/E,EAAE;AACF,0EAA0E;AAC1E,gFAAgF;AAChF,+EAA+E;AAC/E,6EAA6E;AAC7E,2EAA2E;AAC3E,+EAA+E;AAC/E,gFAAgF;AAChF,6EAA6E;AAC7E,gFAAgF;AAChF,gFAAgF;AAChF,EAAE;AACF,sFAAsF;AACtF,gFAAgF;AAChF,iFAAiF;AACjF,qFAAqF;AACrF,mDAAmD;AACnD,mFAAmF;AACnF,EAAE;AACF,mDAAmD;AACnD,gFAAgF;AAChF,8EAA8E;AAC9E,kFAAkF;AAClF,0EAA0E;AAC1E,uEAAuE;AACvE,gFAAgF;AAChF,8DAA8D;AAS9D,8EAA8E;AAE9E,2EAA2E;AAC3E,MAAM,CAAC,MAAM,0BAA0B,GAAG,6BAA6B,CAAC;AAExE,wEAAwE;AACxE,MAAM,CAAC,MAAM,0BAA0B,GAAG,oBAAoB,CAAC;AAE/D;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAc;IAC7C,OAAO;QACL,UAAU,EAAE,sBAAsB;QAClC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC;QAChD,SAAS,EAAE,0BAA0B;KACtC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAA+B;IAChE,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3B,OAAO;QACL,UAAU,EAAE,aAAa;QACzB,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC;YACtB,YAAY,EAAE;gBACZ,WAAW,EAAE,QAAQ,CAAC,WAAW;gBACjC,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;aAC5C;SACF,CAAC;QACF,SAAS,EAAE,0BAA0B;KACtC,CAAC;AACJ,CAAC;AAED,8EAA8E;AAE9E,6DAA6D;AAC7D,MAAM,CAAC,MAAM,qBAAqB,GAAG,wBAAwB,CAAC;AAE9D,kFAAkF;AAClF,MAAM,CAAC,MAAM,yBAAyB,GAAG,yBAAyB,CAAC;AAEnE;;;;;;;;;GASG;AACH,MAAM,UAAU,wBAAwB;IACtC,OAAO;QACL,UAAU,EAAE,WAAW;QACvB,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC;YACtB,cAAc,EAAE,yBAAyB;YACzC,SAAS,EAAE,QAAQ;SACpB,CAAC;QACF,SAAS,EAAE,qBAAqB;KACjC,CAAC;AACJ,CAAC;AAED,8EAA8E;AAE9E,8DAA8D;AAC9D,MAAM,CAAC,MAAM,sBAAsB,GAAG,+BAA+B,CAAC;AAEtE;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc,CAAC,KAAoB;IACjD,OAAO;QACL,UAAU,EAAE,kBAAkB;QAC9B,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC;YACtB,eAAe,EAAE,gBAAgB;YACjC,GAAG,CAAC,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACvE,CAAC;QACF,SAAS,EAAE,sBAAsB;KAClC,CAAC;AACJ,CAAC;AAeD;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAwB;IACzD,MAAM,KAAK,GAAqB,EAAE,CAAC;IACnC,QAAQ,KAAK,CAAC,OAAO,EAAE,CAAC;QACtB,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,QAAQ,GAAG,kBAAkB,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;YAC1D,IAAI,QAAQ;gBAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACnC,IAAI,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5C,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YAC7C,CAAC;YACD,MAAM;QACR,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,KAAK,CAAC,IAAI,CAAC,wBAAwB,EAAE,CAAC,CAAC;YACvC,MAAM;QACR,CAAC;QACD,KAAK,IAAI,CAAC,CAAC,CAAC;YACV,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;YACxC,MAAM;QACR,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}
|
|
@@ -31,7 +31,7 @@ import { nonEmptyString } from './strings.js';
|
|
|
31
31
|
// The seam between the config layer and the IO adapter layer: both sides agree
|
|
32
32
|
// on which adapter ids exist. The full adapter *profile* lives elsewhere
|
|
33
33
|
// (AdapterProfile / the shell's adapter registry); this is only the id set.
|
|
34
|
-
export const KNOWN_ADAPTER_IDS = ['claude', 'codex'];
|
|
34
|
+
export const KNOWN_ADAPTER_IDS = ['claude', 'codex', 'pi'];
|
|
35
35
|
export function isKnownAdapter(id) {
|
|
36
36
|
return KNOWN_ADAPTER_IDS.includes(id);
|
|
37
37
|
}
|
|
@@ -53,6 +53,10 @@ export function hostClaudeCredentialPath(homeDir) {
|
|
|
53
53
|
export function hostCodexCredentialPath(homeDir) {
|
|
54
54
|
return joinPath(homeDir, '.codex', 'auth.json');
|
|
55
55
|
}
|
|
56
|
+
/** Absolute path to the host's pi credential file (`~/.pi/agent/auth.json`). */
|
|
57
|
+
export function hostPiCredentialPath(homeDir) {
|
|
58
|
+
return joinPath(homeDir, '.pi', 'agent', 'auth.json');
|
|
59
|
+
}
|
|
56
60
|
// ─── codex credential resolution ─────────────────────────────────────────────
|
|
57
61
|
/**
|
|
58
62
|
* Pure: does codex have a resolvable credential from either valid source? The
|
|
@@ -80,6 +84,45 @@ export function codexCredentialAvailable(authFileText, env) {
|
|
|
80
84
|
export function codexMissingCredentialMessage(homeDir) {
|
|
81
85
|
return `adapter "codex" requires a host credential, but none is available: neither a token in ${hostCodexCredentialPath(homeDir)} (ChatGPT-OAuth tokens.access_token or OPENAI_API_KEY) nor an OPENAI_API_KEY environment variable is present`;
|
|
82
86
|
}
|
|
87
|
+
// ─── pi (GitHub Copilot) credential resolution ───────────────────────────────
|
|
88
|
+
/**
|
|
89
|
+
* Pure: does pi have a resolvable GitHub-Copilot credential from either valid
|
|
90
|
+
* source? The host reads two — the `github-copilot` entry in `~/.pi/agent/auth.json`
|
|
91
|
+
* (either a live short-lived `access` Copilot token or the durable `refresh`
|
|
92
|
+
* GitHub-OAuth token the host refresher can mint one from) or a
|
|
93
|
+
* `COPILOT_GITHUB_TOKEN` env var (used verbatim as the Copilot bearer, no
|
|
94
|
+
* refresh). The shell reads the file (passing `null` when absent/unreadable)
|
|
95
|
+
* and its env in, mirroring the dispatch-time resolution.
|
|
96
|
+
*/
|
|
97
|
+
export function piCredentialAvailable(authFileText, env) {
|
|
98
|
+
if (nonEmptyString(env['COPILOT_GITHUB_TOKEN']))
|
|
99
|
+
return true;
|
|
100
|
+
if (authFileText === null)
|
|
101
|
+
return false;
|
|
102
|
+
let parsed;
|
|
103
|
+
try {
|
|
104
|
+
parsed = JSON.parse(authFileText);
|
|
105
|
+
}
|
|
106
|
+
catch {
|
|
107
|
+
return false;
|
|
108
|
+
}
|
|
109
|
+
return piAuthFileHasCredential(parsed);
|
|
110
|
+
}
|
|
111
|
+
/** Human-readable explanation of which pi credential sources were checked. */
|
|
112
|
+
export function piMissingCredentialMessage(homeDir) {
|
|
113
|
+
return `adapter "pi" requires a host credential, but none is available: neither a github-copilot entry in ${hostPiCredentialPath(homeDir)} (run \`pi\` on the host and /login with GitHub Copilot) nor a COPILOT_GITHUB_TOKEN environment variable is present`;
|
|
114
|
+
}
|
|
115
|
+
function piAuthFileHasCredential(parsed) {
|
|
116
|
+
if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed))
|
|
117
|
+
return false;
|
|
118
|
+
const entry = parsed['github-copilot'];
|
|
119
|
+
if (!entry || typeof entry !== 'object' || Array.isArray(entry))
|
|
120
|
+
return false;
|
|
121
|
+
const rec = entry;
|
|
122
|
+
// Either a live access token (substitutable now) or the durable refresh token
|
|
123
|
+
// (the host refresher mints a fresh access token before dispatch needs it).
|
|
124
|
+
return nonEmptyString(rec['access']) !== null || nonEmptyString(rec['refresh']) !== null;
|
|
125
|
+
}
|
|
83
126
|
function codexAuthFileHasToken(parsed) {
|
|
84
127
|
if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed))
|
|
85
128
|
return false;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"availability.js","sourceRoot":"","sources":["../../../src/core/credential/availability.ts"],"names":[],"mappings":"AAAA,8DAA8D;AAC9D,EAAE;AACF,oEAAoE;AACpE,6DAA6D;AAC7D,0EAA0E;AAC1E,EAAE;AACF,4EAA4E;AAC5E,iFAAiF;AACjF,yDAAyD;AACzD,EAAE;AACF,0DAA0D;AAC1D,EAAE;AACF,6DAA6D;AAC7D,2EAA2E;AAC3E,iFAAiF;AACjF,8EAA8E;AAC9E,0EAA0E;AAC1E,6EAA6E;AAC7E,+EAA+E;AAC/E,oFAAoF;AACpF,uEAAuE;AACvE,EAAE;AACF,+EAA+E;AAC/E,+EAA+E;AAC/E,iFAAiF;AACjF,qEAAqE;AAIrE,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAE9C,gFAAgF;AAChF,EAAE;AACF,+EAA+E;AAC/E,yEAAyE;AACzE,4EAA4E;AAE5E,MAAM,CAAC,MAAM,iBAAiB,GAA4B,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"availability.js","sourceRoot":"","sources":["../../../src/core/credential/availability.ts"],"names":[],"mappings":"AAAA,8DAA8D;AAC9D,EAAE;AACF,oEAAoE;AACpE,6DAA6D;AAC7D,0EAA0E;AAC1E,EAAE;AACF,4EAA4E;AAC5E,iFAAiF;AACjF,yDAAyD;AACzD,EAAE;AACF,0DAA0D;AAC1D,EAAE;AACF,6DAA6D;AAC7D,2EAA2E;AAC3E,iFAAiF;AACjF,8EAA8E;AAC9E,0EAA0E;AAC1E,6EAA6E;AAC7E,+EAA+E;AAC/E,oFAAoF;AACpF,uEAAuE;AACvE,EAAE;AACF,+EAA+E;AAC/E,+EAA+E;AAC/E,iFAAiF;AACjF,qEAAqE;AAIrE,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAE9C,gFAAgF;AAChF,EAAE;AACF,+EAA+E;AAC/E,yEAAyE;AACzE,4EAA4E;AAE5E,MAAM,CAAC,MAAM,iBAAiB,GAA4B,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;AAEpF,MAAM,UAAU,cAAc,CAAC,EAAU;IACvC,OAAQ,iBAAuC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAC/D,CAAC;AAED,yEAAyE;AACzE,oEAAoE;AACpE,MAAM,QAAQ,GAAG,cAAc,CAAC;AAEhC,gFAAgF;AAChF,EAAE;AACF,yEAAyE;AACzE,gFAAgF;AAChF,4EAA4E;AAC5E,6EAA6E;AAC7E,mDAAmD;AAEnD,gGAAgG;AAChG,MAAM,UAAU,wBAAwB,CAAC,OAAe;IACtD,OAAO,QAAQ,CAAC,OAAO,EAAE,SAAS,EAAE,mBAAmB,CAAC,CAAC;AAC3D,CAAC;AAED,gFAAgF;AAChF,MAAM,UAAU,uBAAuB,CAAC,OAAe;IACrD,OAAO,QAAQ,CAAC,OAAO,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;AAClD,CAAC;AAED,gFAAgF;AAChF,MAAM,UAAU,oBAAoB,CAAC,OAAe;IAClD,OAAO,QAAQ,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,CAAC,CAAC;AACxD,CAAC;AAED,gFAAgF;AAEhF;;;;;;;GAOG;AACH,MAAM,UAAU,wBAAwB,CACtC,YAA2B,EAC3B,GAAgB;IAEhB,IAAI,cAAc,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACvD,IAAI,YAAY,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,qBAAqB,CAAC,MAAM,CAAC,CAAC;AACvC,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,6BAA6B,CAAC,OAAe;IAC3D,OAAO,yFAAyF,uBAAuB,CACrH,OAAO,CACR,8GAA8G,CAAC;AAClH,CAAC;AAED,gFAAgF;AAEhF;;;;;;;;GAQG;AACH,MAAM,UAAU,qBAAqB,CACnC,YAA2B,EAC3B,GAAgB;IAEhB,IAAI,cAAc,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7D,IAAI,YAAY,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,uBAAuB,CAAC,MAAM,CAAC,CAAC;AACzC,CAAC;AAED,8EAA8E;AAC9E,MAAM,UAAU,0BAA0B,CAAC,OAAe;IACxD,OAAO,qGAAqG,oBAAoB,CAC9H,OAAO,CACR,qHAAqH,CAAC;AACzH,CAAC;AAED,SAAS,uBAAuB,CAAC,MAAe;IAC9C,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IACjF,MAAM,KAAK,GAAI,MAAkC,CAAC,gBAAgB,CAAC,CAAC;IACpE,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC9E,MAAM,GAAG,GAAG,KAAgC,CAAC;IAC7C,8EAA8E;IAC9E,4EAA4E;IAC5E,OAAO,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,IAAI,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,IAAI,CAAC;AAC3F,CAAC;AAED,SAAS,qBAAqB,CAAC,MAAe;IAC5C,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IACjF,MAAM,IAAI,GAAG,MAAiC,CAAC;IAC/C,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9B,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACnE,IAAI,cAAc,CAAE,MAAkC,CAAC,cAAc,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;IACvF,CAAC;IACD,OAAO,cAAc,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,KAAK,IAAI,CAAC;AACzD,CAAC;AAED,sEAAsE;AACtE,4EAA4E;AAC5E,+EAA+E;AAC/E,2EAA2E"}
|
|
@@ -91,6 +91,40 @@ export function codexEnvFallback(env) {
|
|
|
91
91
|
const key = nonEmptyString(env['OPENAI_API_KEY']);
|
|
92
92
|
return key === null ? null : { accessToken: key, expiresAtMs: null };
|
|
93
93
|
}
|
|
94
|
+
// ── pi (GitHub Copilot) ───────────────────────────────────────────────────────
|
|
95
|
+
/**
|
|
96
|
+
* Pull the short-lived Copilot access token out of the already-parsed pi
|
|
97
|
+
* `~/.pi/agent/auth.json`. pi stores `{ "github-copilot": { type, refresh,
|
|
98
|
+
* access, expires, enterpriseUrl? } }` where `access` is the Copilot bearer the
|
|
99
|
+
* Copilot API accepts and `expires` is its absolute expiry in ms since epoch
|
|
100
|
+
* (pi already subtracts its own 5-minute safety margin before storing).
|
|
101
|
+
*
|
|
102
|
+
* The durable `refresh` GitHub-OAuth token is NEVER read here — it stays
|
|
103
|
+
* host-side (the host refresher exchanges it for a fresh access token), so an
|
|
104
|
+
* in-VM agent can neither see nor rotate the durable credential.
|
|
105
|
+
*/
|
|
106
|
+
export function extractPiToken(parsed) {
|
|
107
|
+
if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed))
|
|
108
|
+
return null;
|
|
109
|
+
const entry = parsed['github-copilot'];
|
|
110
|
+
if (!entry || typeof entry !== 'object' || Array.isArray(entry))
|
|
111
|
+
return null;
|
|
112
|
+
const rec = entry;
|
|
113
|
+
const access = nonEmptyString(rec['access']);
|
|
114
|
+
if (access === null)
|
|
115
|
+
return null;
|
|
116
|
+
return { accessToken: access, expiresAtMs: coerceExpiresAtMs(rec['expires']) };
|
|
117
|
+
}
|
|
118
|
+
/**
|
|
119
|
+
* Pure: read `COPILOT_GITHUB_TOKEN` from a host-environment snapshot as a pi
|
|
120
|
+
* credential fallback. The value is treated as a ready-to-send Copilot bearer
|
|
121
|
+
* (mirroring pi's own env-var semantics: used verbatim, never exchanged or
|
|
122
|
+
* refreshed), so the expiry is unknown (null → on-demand re-read degradation).
|
|
123
|
+
*/
|
|
124
|
+
export function piEnvFallback(env) {
|
|
125
|
+
const token = nonEmptyString(env['COPILOT_GITHUB_TOKEN']);
|
|
126
|
+
return token === null ? null : { accessToken: token, expiresAtMs: null };
|
|
127
|
+
}
|
|
94
128
|
// ── JWT / expiry coercion ───────────────────────────────────────────────────────
|
|
95
129
|
/**
|
|
96
130
|
* Decode a JWT's `exp` claim (seconds since epoch) and return it as ms since
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"extract.js","sourceRoot":"","sources":["../../../src/core/credential/extract.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,EAAE;AACF,2EAA2E;AAC3E,6EAA6E;AAC7E,qCAAqC;AACrC,EAAE;AACF,+EAA+E;AAC/E,gFAAgF;AAChF,iFAAiF;AACjF,0EAA0E;AAC1E,oFAAoF;AACpF,iFAAiF;AACjF,iFAAiF;AACjF,mEAAmE;AACnE,mFAAmF;AACnF,kFAAkF;AAClF,mFAAmF;AACnF,EAAE;AACF,+EAA+E;AAC/E,iFAAiF;AACjF,iFAAiF;AACjF,8EAA8E;AAC9E,+EAA+E;AAC/E,aAAa;AAGb,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAQ9C,iFAAiF;AAEjF;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAe;IAChD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACvD,MAAM,IAAI,GAAG,MAAiC,CAAC;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC;IACpC,MAAM,SAAS,GACb,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QACzD,CAAC,CAAE,KAAiC;QACpC,CAAC,CAAC,IAAI,CAAC;IACX,MAAM,WAAW,GAAG,SAAS,CAAC,aAAa,CAAC,CAAC;IAC7C,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7E,MAAM,WAAW,GAAG,iBAAiB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC;IAC9D,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC;AACtC,CAAC;AAED,iFAAiF;AAEjF;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAe;IAC/C,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAChF,MAAM,IAAI,GAAG,MAAiC,CAAC;IAC/C,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;QACrD,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACnB,qEAAqE;YACrE,yEAAyE;YACzE,uEAAuE;YACvE,gDAAgD;YAChD,OAAO;gBACL,WAAW,EAAE,KAAK;gBAClB,WAAW,EAAE,cAAc,CAAC,KAAK,CAAC;gBAClC,YAAY,EAAE,IAAI;gBAClB,gBAAgB,EAAE,cAAc,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;aACvD,CAAC;QACJ,CAAC;IACH,CAAC;IACD,iFAAiF;IACjF,MAAM,MAAM,GAAG,cAAc,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACtD,OAAO,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;AAC7E,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAc;IAC7C,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAClD,OAAO,GAAG,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;AACvE,CAAC;AAED,mFAAmF;AAEnF;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,KAAa;IAC1C,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,MAAM,UAAU,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC/B,IAAI,UAAU,KAAK,SAAS,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACrE,MAAM,IAAI,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAC7C,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAC/B,IAAI,OAAgB,CAAC;IACrB,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IACnF,MAAM,GAAG,GAAI,OAAmC,CAAC,KAAK,CAAC,CAAC;IACxD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAClE,OAAO,GAAG,GAAG,IAAI,CAAC;AACpB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAc;IAC9C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACtE,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;QACxB,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC;QACjC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACrC,IAAI,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC;YAAE,OAAO,UAAU,CAAC;IACrD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,gFAAgF;AAEhF,uFAAuF;AACvF,SAAS,iBAAiB,CAAC,IAA6B;IACtD,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9B,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAChF,OAAO,MAAiC,CAAC;AAC3C,CAAC;AAED,0EAA0E;AAC1E,MAAM,eAAe,GAAG,kEAAkE,CAAC;AAE3F;;;;;;;;;GASG;AACH,SAAS,mBAAmB,CAAC,GAAW;IACtC,MAAM,KAAK,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAChC,OAAO,iBAAiB,CAAC,KAAK,CAAC,CAAC;AAClC,CAAC;AAED,8EAA8E;AAC9E,SAAS,gBAAgB,CAAC,GAAW;IACnC,uEAAuE;IACvE,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACzE,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC,CAAC,2BAA2B;IAClE,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;QACrB,MAAM,CAAC,GAAG,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACtC,IAAI,CAAC,KAAK,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC,CAAC,yBAAyB;QACpD,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACrB,IAAI,IAAI,CAAC,CAAC;QACV,IAAI,IAAI,IAAI,CAAC,EAAE,CAAC;YACd,IAAI,IAAI,CAAC,CAAC;YACV,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,4EAA4E;AAC5E,SAAS,iBAAiB,CAAC,KAAe;IACxC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;QACxB,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,EAAE,CAAE,CAAC;QACvB,IAAI,EAAE,GAAG,IAAI,EAAE,CAAC;YACd,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;YAClC,SAAS;QACX,CAAC;QACD,IAAI,MAAc,CAAC;QACnB,IAAI,EAAU,CAAC;QACf,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YACzB,MAAM,GAAG,CAAC,CAAC;YACX,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACjB,CAAC;aAAM,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YAChC,MAAM,GAAG,CAAC,CAAC;YACX,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACjB,CAAC;aAAM,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YAChC,MAAM,GAAG,CAAC,CAAC;YACX,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,CAAC,uBAAuB;QACtC,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAChC,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;YACtB,IAAI,EAAE,KAAK,SAAS,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,IAAI;gBAAE,OAAO,IAAI,CAAC,CAAC,mBAAmB;YAC9E,EAAE,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC;QAC/B,CAAC;QACD,MAAM,IAAI,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
1
|
+
{"version":3,"file":"extract.js","sourceRoot":"","sources":["../../../src/core/credential/extract.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,EAAE;AACF,2EAA2E;AAC3E,6EAA6E;AAC7E,qCAAqC;AACrC,EAAE;AACF,+EAA+E;AAC/E,gFAAgF;AAChF,iFAAiF;AACjF,0EAA0E;AAC1E,oFAAoF;AACpF,iFAAiF;AACjF,iFAAiF;AACjF,mEAAmE;AACnE,mFAAmF;AACnF,kFAAkF;AAClF,mFAAmF;AACnF,EAAE;AACF,+EAA+E;AAC/E,iFAAiF;AACjF,iFAAiF;AACjF,8EAA8E;AAC9E,+EAA+E;AAC/E,aAAa;AAGb,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAQ9C,iFAAiF;AAEjF;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAe;IAChD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACvD,MAAM,IAAI,GAAG,MAAiC,CAAC;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC;IACpC,MAAM,SAAS,GACb,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QACzD,CAAC,CAAE,KAAiC;QACpC,CAAC,CAAC,IAAI,CAAC;IACX,MAAM,WAAW,GAAG,SAAS,CAAC,aAAa,CAAC,CAAC;IAC7C,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7E,MAAM,WAAW,GAAG,iBAAiB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC;IAC9D,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC;AACtC,CAAC;AAED,iFAAiF;AAEjF;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAe;IAC/C,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAChF,MAAM,IAAI,GAAG,MAAiC,CAAC;IAC/C,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;QACrD,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACnB,qEAAqE;YACrE,yEAAyE;YACzE,uEAAuE;YACvE,gDAAgD;YAChD,OAAO;gBACL,WAAW,EAAE,KAAK;gBAClB,WAAW,EAAE,cAAc,CAAC,KAAK,CAAC;gBAClC,YAAY,EAAE,IAAI;gBAClB,gBAAgB,EAAE,cAAc,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;aACvD,CAAC;QACJ,CAAC;IACH,CAAC;IACD,iFAAiF;IACjF,MAAM,MAAM,GAAG,cAAc,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACtD,OAAO,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;AAC7E,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAc;IAC7C,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAClD,OAAO,GAAG,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;AACvE,CAAC;AAED,iFAAiF;AAEjF;;;;;;;;;;GAUG;AACH,MAAM,UAAU,cAAc,CAAC,MAAe;IAC5C,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAChF,MAAM,KAAK,GAAI,MAAkC,CAAC,gBAAgB,CAAC,CAAC;IACpE,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7E,MAAM,GAAG,GAAG,KAAgC,CAAC;IAC7C,MAAM,MAAM,GAAG,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC7C,IAAI,MAAM,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACjC,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;AACjF,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,GAAc;IAC1C,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC,CAAC;IAC1D,OAAO,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;AAC3E,CAAC;AAED,mFAAmF;AAEnF;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,KAAa;IAC1C,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,MAAM,UAAU,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC/B,IAAI,UAAU,KAAK,SAAS,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACrE,MAAM,IAAI,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAC7C,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAC/B,IAAI,OAAgB,CAAC;IACrB,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IACnF,MAAM,GAAG,GAAI,OAAmC,CAAC,KAAK,CAAC,CAAC;IACxD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAClE,OAAO,GAAG,GAAG,IAAI,CAAC;AACpB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAc;IAC9C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACtE,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;QACxB,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC;QACjC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACrC,IAAI,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC;YAAE,OAAO,UAAU,CAAC;IACrD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,gFAAgF;AAEhF,uFAAuF;AACvF,SAAS,iBAAiB,CAAC,IAA6B;IACtD,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9B,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAChF,OAAO,MAAiC,CAAC;AAC3C,CAAC;AAED,0EAA0E;AAC1E,MAAM,eAAe,GAAG,kEAAkE,CAAC;AAE3F;;;;;;;;;GASG;AACH,SAAS,mBAAmB,CAAC,GAAW;IACtC,MAAM,KAAK,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAChC,OAAO,iBAAiB,CAAC,KAAK,CAAC,CAAC;AAClC,CAAC;AAED,8EAA8E;AAC9E,SAAS,gBAAgB,CAAC,GAAW;IACnC,uEAAuE;IACvE,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACzE,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC,CAAC,2BAA2B;IAClE,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;QACrB,MAAM,CAAC,GAAG,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACtC,IAAI,CAAC,KAAK,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC,CAAC,yBAAyB;QACpD,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACrB,IAAI,IAAI,CAAC,CAAC;QACV,IAAI,IAAI,IAAI,CAAC,EAAE,CAAC;YACd,IAAI,IAAI,CAAC,CAAC;YACV,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,4EAA4E;AAC5E,SAAS,iBAAiB,CAAC,KAAe;IACxC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;QACxB,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,EAAE,CAAE,CAAC;QACvB,IAAI,EAAE,GAAG,IAAI,EAAE,CAAC;YACd,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;YAClC,SAAS;QACX,CAAC;QACD,IAAI,MAAc,CAAC;QACnB,IAAI,EAAU,CAAC;QACf,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YACzB,MAAM,GAAG,CAAC,CAAC;YACX,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACjB,CAAC;aAAM,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YAChC,MAAM,GAAG,CAAC,CAAC;YACX,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACjB,CAAC;aAAM,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YAChC,MAAM,GAAG,CAAC,CAAC;YACX,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,CAAC,uBAAuB;QACtC,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAChC,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;YACtB,IAAI,EAAE,KAAK,SAAS,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,IAAI;gBAAE,OAAO,IAAI,CAAC,CAAC,mBAAmB;YAC9E,EAAE,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC;QAC/B,CAAC;QACD,MAAM,IAAI,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -18,7 +18,8 @@
|
|
|
18
18
|
// UUIDs; codex account_id / auth_mode / last_refresh). In this clean-room rewrite
|
|
19
19
|
// that IO lives in the SHELL: the shell reads + extracts the already-validated
|
|
20
20
|
// `ClaudeIdentity` / `CodexIdentity` and hands them to this core as plain data.
|
|
21
|
-
// This module is 100% synchronous, has ZERO IO, and imports ONLY from src/types
|
|
21
|
+
// This module is 100% synchronous, has ZERO IO, and imports ONLY from src/types
|
|
22
|
+
// (plus the pure core pi-extension generator for the pi MCP bridge).
|
|
22
23
|
//
|
|
23
24
|
// Defense-in-depth (codex review, HIGH, preserved from the reference): even
|
|
24
25
|
// though the shell extractor is expected to validate, this STAGING chokepoint
|
|
@@ -26,6 +27,8 @@
|
|
|
26
27
|
// never matches), `authMode` (closed set), and `lastRefresh` (ISO-timestamp
|
|
27
28
|
// shape) before embedding them into the staged auth.json. A token-shaped value is
|
|
28
29
|
// OMITTED regardless of which producer handed it to us.
|
|
30
|
+
import { buildPiSymphonyMcpExtension, PI_EXTENSION_GUEST_PATH } from '../mcp/pi-extension.js';
|
|
31
|
+
import { PI_UPSTREAM_HOST } from './shape.js';
|
|
29
32
|
// SHARED account_id guard (codex review HIGH) — the ONE definition. Re-exported
|
|
30
33
|
// so this module's importers keep their specifier.
|
|
31
34
|
import { validAccountId } from './account-id.js';
|
|
@@ -39,6 +42,8 @@ export { validAccountId };
|
|
|
39
42
|
const CLAUDE_CREDENTIALS_GUEST_PATH = '/root/.claude/.credentials.json';
|
|
40
43
|
const CLAUDE_CONFIG_GUEST_PATH = '/root/.claude.json';
|
|
41
44
|
const CODEX_AUTH_GUEST_PATH = '/root/.codex/auth.json';
|
|
45
|
+
const PI_SETTINGS_GUEST_PATH = '/root/.pi/agent/settings.json';
|
|
46
|
+
const PI_MODELS_GUEST_PATH = '/root/.pi/agent/models.json';
|
|
42
47
|
// Creds files are 0600.
|
|
43
48
|
const CRED_FILE_MODE = 0o600;
|
|
44
49
|
// Far-future expiry (2100-01-01T00:00:00Z, ms since epoch) so the claude client
|
|
@@ -82,8 +87,17 @@ export function buildGondolinFakeCreds(input) {
|
|
|
82
87
|
return { files: buildClaudeFiles(input.placeholder, input.claudeIdentity), env };
|
|
83
88
|
case 'codex':
|
|
84
89
|
return { files: buildCodexFiles(input.placeholder, input.codexIdentity), env };
|
|
90
|
+
case 'pi':
|
|
91
|
+
// pi resolves its bearer from the env placeholder (COPILOT_GITHUB_TOKEN),
|
|
92
|
+
// so the env carries the credential; the files carry only non-secret config
|
|
93
|
+
// + the per-dispatch MCP bridge. PI_SKIP_VERSION_CHECK suppresses pi's
|
|
94
|
+
// startup version probe (egress-blocked in the VM → pure 403 noise).
|
|
95
|
+
return {
|
|
96
|
+
files: buildPiFiles(input.mcp ?? null, input.piCopilotHost ?? null),
|
|
97
|
+
env: { ...env, PI_SKIP_VERSION_CHECK: '1' },
|
|
98
|
+
};
|
|
85
99
|
default: {
|
|
86
|
-
// Exhaustive over AcpAdapterId (closed union claude|codex): the compiler
|
|
100
|
+
// Exhaustive over AcpAdapterId (closed union claude|codex|pi): the compiler
|
|
87
101
|
// proves `input.adapter` is `never` here. Kept as a total function.
|
|
88
102
|
const unreachable = input.adapter;
|
|
89
103
|
throw new Error(`buildGondolinFakeCreds: unhandled adapter ${String(unreachable)}`);
|
|
@@ -162,6 +176,40 @@ export function buildCodexFiles(placeholder, identity) {
|
|
|
162
176
|
};
|
|
163
177
|
return [credFile(CODEX_AUTH_GUEST_PATH, JSON.stringify(auth))];
|
|
164
178
|
}
|
|
179
|
+
/**
|
|
180
|
+
* pi guest files. DELIBERATELY no `~/.pi/agent/auth.json`: pi's credential
|
|
181
|
+
* resolution is `--api-key flag → auth.json → env var`, and the env path is the
|
|
182
|
+
* one that uses the value VERBATIM as the Copilot bearer (no in-guest
|
|
183
|
+
* device-flow/exchange/refresh). Staging even a placeholder auth.json would
|
|
184
|
+
* shadow the env placeholder AND trigger pi's own (egress-blocked) token
|
|
185
|
+
* exchange — so the credential rides ONLY the COPILOT_GITHUB_TOKEN env entry.
|
|
186
|
+
*
|
|
187
|
+
* • settings.json — pins `defaultProvider: github-copilot` so pi never picks
|
|
188
|
+
* a provider symphony has no credential for. A dispatch-chosen model
|
|
189
|
+
* overwrites this file via the pi profile's modelInjection (runtime files
|
|
190
|
+
* stage after fake-creds files).
|
|
191
|
+
* • models.json — pins the Copilot provider baseUrl to the configured
|
|
192
|
+
* `acp.copilot_host` (business/enterprise segments; staged only when a
|
|
193
|
+
* non-default host is configured). On the env-credential path pi's own
|
|
194
|
+
* proxy-ep baseUrl derivation never runs, so this override is final.
|
|
195
|
+
* • extensions/symphony-mcp.ts — the MCP bridge (pi-acp ignores ACP
|
|
196
|
+
* mcpServers; without this the agent cannot call `transition`). Skipped
|
|
197
|
+
* when MCP is disabled for the run.
|
|
198
|
+
*/
|
|
199
|
+
export function buildPiFiles(mcp, copilotHost = null) {
|
|
200
|
+
const files = [
|
|
201
|
+
credFile(PI_SETTINGS_GUEST_PATH, JSON.stringify({ defaultProvider: 'github-copilot' })),
|
|
202
|
+
];
|
|
203
|
+
if (copilotHost !== null && copilotHost.length > 0 && copilotHost !== PI_UPSTREAM_HOST) {
|
|
204
|
+
files.push(credFile(PI_MODELS_GUEST_PATH, JSON.stringify({
|
|
205
|
+
providers: { 'github-copilot': { baseUrl: `https://${copilotHost}` } },
|
|
206
|
+
})));
|
|
207
|
+
}
|
|
208
|
+
if (mcp !== null) {
|
|
209
|
+
files.push(credFile(PI_EXTENSION_GUEST_PATH, buildPiSymphonyMcpExtension(mcp)));
|
|
210
|
+
}
|
|
211
|
+
return files;
|
|
212
|
+
}
|
|
165
213
|
// ---------------------------------------------------------------------------
|
|
166
214
|
// Helpers.
|
|
167
215
|
// ---------------------------------------------------------------------------
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fake-creds.js","sourceRoot":"","sources":["../../../src/core/credential/fake-creds.ts"],"names":[],"mappings":"AAAA,oFAAoF;AACpF,EAAE;AACF,6EAA6E;AAC7E,qEAAqE;AACrE,EAAE;AACF,+EAA+E;AAC/E,gFAAgF;AAChF,0EAA0E;AAC1E,wEAAwE;AACxE,gFAAgF;AAChF,iFAAiF;AACjF,yEAAyE;AACzE,iFAAiF;AACjF,gEAAgE;AAChE,EAAE;AACF,iFAAiF;AACjF,8EAA8E;AAC9E,kFAAkF;AAClF,+EAA+E;AAC/E,gFAAgF;AAChF,
|
|
1
|
+
{"version":3,"file":"fake-creds.js","sourceRoot":"","sources":["../../../src/core/credential/fake-creds.ts"],"names":[],"mappings":"AAAA,oFAAoF;AACpF,EAAE;AACF,6EAA6E;AAC7E,qEAAqE;AACrE,EAAE;AACF,+EAA+E;AAC/E,gFAAgF;AAChF,0EAA0E;AAC1E,wEAAwE;AACxE,gFAAgF;AAChF,iFAAiF;AACjF,yEAAyE;AACzE,iFAAiF;AACjF,gEAAgE;AAChE,EAAE;AACF,iFAAiF;AACjF,8EAA8E;AAC9E,kFAAkF;AAClF,+EAA+E;AAC/E,gFAAgF;AAChF,gFAAgF;AAChF,qEAAqE;AACrE,EAAE;AACF,4EAA4E;AAC5E,8EAA8E;AAC9E,+EAA+E;AAC/E,4EAA4E;AAC5E,kFAAkF;AAClF,wDAAwD;AAUxD,OAAO,EAAE,2BAA2B,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AAC9F,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,gFAAgF;AAChF,mDAAmD;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,CAAC;AAE1B,8EAA8E;AAC9E,gEAAgE;AAChE,8EAA8E;AAE9E,gFAAgF;AAChF,+EAA+E;AAC/E,2CAA2C;AAC3C,MAAM,6BAA6B,GAAG,iCAAiC,CAAC;AACxE,MAAM,wBAAwB,GAAG,oBAAoB,CAAC;AACtD,MAAM,qBAAqB,GAAG,wBAAwB,CAAC;AACvD,MAAM,sBAAsB,GAAG,+BAA+B,CAAC;AAC/D,MAAM,oBAAoB,GAAG,6BAA6B,CAAC;AAE3D,wBAAwB;AACxB,MAAM,cAAc,GAAG,KAAK,CAAC;AAE7B,gFAAgF;AAChF,0EAA0E;AAC1E,0EAA0E;AAC1E,MAAM,aAAa,GAAG,iBAAiB,CAAC;AAExC,kFAAkF;AAClF,kEAAkE;AAClE,MAAM,YAAY,GAAG,2CAA2C,CAAC;AAEjE,8EAA8E;AAC9E,mEAAmE;AACnE,2EAA2E;AAC3E,8EAA8E;AAE9E,8CAA8C;AAC9C,MAAM,gBAAgB,GAAwB,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC;AAC7E,kFAAkF;AAClF,MAAM,gBAAgB,GAAG,qBAAqB,CAAC;AAE/C,SAAS,aAAa,CAAC,CAAgB;IACrC,OAAO,CAAC,KAAK,IAAI,IAAI,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC1D,CAAC;AAED,SAAS,gBAAgB,CAAC,CAAgB;IACxC,OAAO,CAAC,KAAK,IAAI,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC3D,CAAC;AAED,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E;;;;;;;;;GASG;AACH,MAAM,UAAU,sBAAsB,CAAC,KAAyB;IAC9D,MAAM,GAAG,GAA2B,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;IAC9E,QAAQ,KAAK,CAAC,OAAO,EAAE,CAAC;QACtB,KAAK,QAAQ;YACX,OAAO,EAAE,KAAK,EAAE,gBAAgB,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,cAAc,CAAC,EAAE,GAAG,EAAE,CAAC;QACnF,KAAK,OAAO;YACV,OAAO,EAAE,KAAK,EAAE,eAAe,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,aAAa,CAAC,EAAE,GAAG,EAAE,CAAC;QACjF,KAAK,IAAI;YACP,0EAA0E;YAC1E,4EAA4E;YAC5E,uEAAuE;YACvE,qEAAqE;YACrE,OAAO;gBACL,KAAK,EAAE,YAAY,CAAC,KAAK,CAAC,GAAG,IAAI,IAAI,EAAE,KAAK,CAAC,aAAa,IAAI,IAAI,CAAC;gBACnE,GAAG,EAAE,EAAE,GAAG,GAAG,EAAE,qBAAqB,EAAE,GAAG,EAAE;aAC5C,CAAC;QACJ,OAAO,CAAC,CAAC,CAAC;YACR,4EAA4E;YAC5E,oEAAoE;YACpE,MAAM,WAAW,GAAU,KAAK,CAAC,OAAO,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,6CAA6C,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACtF,CAAC;IACH,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,wBAAwB;AACxB,8EAA8E;AAE9E;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAC9B,WAAmB,EACnB,QAA+B;IAE/B,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC;QAClC,aAAa,EAAE;YACb,WAAW,EAAE,WAAW;YACxB,YAAY,EAAE,YAAY;YAC1B,SAAS,EAAE,aAAa;SACzB;KACF,CAAC,CAAC;IACH,MAAM,KAAK,GAAoB,CAAC,QAAQ,CAAC,6BAA6B,EAAE,YAAY,CAAC,CAAC,CAAC;IAEvF,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC;YACnC,sBAAsB,EAAE,IAAI;YAC5B,YAAY,EAAE,EAAE,WAAW,EAAE,QAAQ,CAAC,WAAW,EAAE,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB,EAAE;YAChG,QAAQ,EAAE,EAAE;SACb,CAAC,CAAC;QACH,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,wBAAwB,EAAE,aAAa,CAAC,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,eAAe,CAC7B,WAAmB,EACnB,QAA8B;IAE9B,gFAAgF;IAChF,iFAAiF;IACjF,iFAAiF;IACjF,kDAAkD;IAClD,MAAM,SAAS,GAAG,cAAc,CAAC,QAAQ,EAAE,SAAS,IAAI,IAAI,CAAC,CAAC;IAC9D,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAQ,EAAE,QAAQ,IAAI,IAAI,CAAC,CAAC;IAC3D,MAAM,WAAW,GAAG,gBAAgB,CAAC,QAAQ,EAAE,WAAW,IAAI,IAAI,CAAC,CAAC;IAEpE,MAAM,MAAM,GAA4B;QACtC,YAAY,EAAE,WAAW;QACzB,QAAQ,EAAE,WAAW;QACrB,aAAa,EAAE,YAAY;QAC3B,GAAG,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACzD,CAAC;IACF,+EAA+E;IAC/E,4EAA4E;IAC5E,4EAA4E;IAC5E,MAAM,IAAI,GAA4B;QACpC,cAAc,EAAE,IAAI;QACpB,GAAG,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACrD,MAAM;QACN,GAAG,CAAC,WAAW,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC/D,CAAC;IACF,OAAO,CAAC,QAAQ,CAAC,qBAAqB,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACjE,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,YAAY,CAC1B,GAA+B,EAC/B,cAA6B,IAAI;IAEjC,MAAM,KAAK,GAAoB;QAC7B,QAAQ,CAAC,sBAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,eAAe,EAAE,gBAAgB,EAAE,CAAC,CAAC;KACxF,CAAC;IACF,IAAI,WAAW,KAAK,IAAI,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,WAAW,KAAK,gBAAgB,EAAE,CAAC;QACvF,KAAK,CAAC,IAAI,CACR,QAAQ,CACN,oBAAoB,EACpB,IAAI,CAAC,SAAS,CAAC;YACb,SAAS,EAAE,EAAE,gBAAgB,EAAE,EAAE,OAAO,EAAE,WAAW,WAAW,EAAE,EAAE,EAAE;SACvE,CAAC,CACH,CACF,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,uBAAuB,EAAE,2BAA2B,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAClF,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,8EAA8E;AAC9E,WAAW;AACX,8EAA8E;AAE9E,SAAS,QAAQ,CAAC,SAAiB,EAAE,OAAe;IAClD,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC;AACtD,CAAC"}
|
|
@@ -43,12 +43,20 @@ import { nonEmptyString } from './strings.js';
|
|
|
43
43
|
// codex `OPENAI_API_KEY`).
|
|
44
44
|
export const CLAUDE_SECRET_NAME = 'ANTHROPIC_AUTH_TOKEN';
|
|
45
45
|
export const CODEX_SECRET_NAME = 'OPENAI_API_KEY';
|
|
46
|
+
// pi reads COPILOT_GITHUB_TOKEN and uses it VERBATIM as its Copilot bearer (no
|
|
47
|
+
// in-guest exchange/refresh) — exactly the placeholder-substitution contract.
|
|
48
|
+
export const PI_SECRET_NAME = 'COPILOT_GITHUB_TOKEN';
|
|
46
49
|
// The hosts each adapter's real token may be substituted onto at egress (its
|
|
47
50
|
// credential validity scope — NOT the general firewall; see buildAdapterHooksConfig).
|
|
48
51
|
export const CLAUDE_UPSTREAM_HOST = 'api.anthropic.com';
|
|
49
52
|
// codex ChatGPT-OAuth subscription tokens are honored on the ChatGPT backend
|
|
50
53
|
// (chatgpt.com/backend-api/codex), never the metered platform API.
|
|
51
54
|
export const CODEX_UPSTREAM_HOST = 'chatgpt.com';
|
|
55
|
+
// pi (GitHub Copilot): with an env-var credential pi dials each Copilot model's
|
|
56
|
+
// baked-in default base URL — the individual-subscription endpoint. (Business/
|
|
57
|
+
// enterprise segments would need a models.json baseUrl override + a wider scope;
|
|
58
|
+
// not wired.)
|
|
59
|
+
export const PI_UPSTREAM_HOST = 'api.individual.githubcopilot.com';
|
|
52
60
|
/**
|
|
53
61
|
* Far-future JWT `exp` (seconds since epoch — 2100-01-01T00:00:00Z) baked into
|
|
54
62
|
* the codex placeholder so codex's native mode treats it as a long-lived,
|
|
@@ -98,6 +106,8 @@ export function assemblePlaceholderJwt(signature, accountId = null) {
|
|
|
98
106
|
* - claude → `sk-ant-<random>` (claude validates the `sk-ant-` shape)
|
|
99
107
|
* - codex → a JWT-shaped placeholder (header.payload.<random-sig>) with a
|
|
100
108
|
* far-future `exp` + (when known + UUID-valid) the account-id claim
|
|
109
|
+
* - pi → `gho_symphony<random>` (pi sends the env value verbatim — no
|
|
110
|
+
* shape validation; the prefix just keeps it visibly token-shaped)
|
|
101
111
|
*
|
|
102
112
|
* `accountId` is consulted ONLY for codex; null/undefined elsewhere.
|
|
103
113
|
*/
|
|
@@ -108,6 +118,8 @@ export function buildAdapterPlaceholder(adapter, rng, accountId = null) {
|
|
|
108
118
|
case 'codex':
|
|
109
119
|
// The signature segment is high-entropy random material (base64url-safe).
|
|
110
120
|
return assemblePlaceholderJwt(rng.newToken(), accountId);
|
|
121
|
+
case 'pi':
|
|
122
|
+
return `gho_symphony${rng.newToken()}`;
|
|
111
123
|
}
|
|
112
124
|
}
|
|
113
125
|
// ─── per-adapter credential spec ─────────────────────────────────────────────
|
|
@@ -121,7 +133,7 @@ export function buildAdapterPlaceholder(adapter, rng, accountId = null) {
|
|
|
121
133
|
* egress firewall — only these are wired into `secrets[].hosts` by the shell, so a
|
|
122
134
|
* general egress host (from egress.allowed_hosts) never receives a real token.
|
|
123
135
|
*/
|
|
124
|
-
export function buildAdapterCredentialSpec(adapter, placeholder) {
|
|
136
|
+
export function buildAdapterCredentialSpec(adapter, placeholder, opts) {
|
|
125
137
|
switch (adapter) {
|
|
126
138
|
case 'claude':
|
|
127
139
|
return {
|
|
@@ -137,6 +149,17 @@ export function buildAdapterCredentialSpec(adapter, placeholder) {
|
|
|
137
149
|
secretName: CODEX_SECRET_NAME,
|
|
138
150
|
substitutionHosts: [CODEX_UPSTREAM_HOST],
|
|
139
151
|
};
|
|
152
|
+
case 'pi':
|
|
153
|
+
// The Copilot API host is segment-scoped per subscription plan
|
|
154
|
+
// (individual/business/enterprise) — `acp.copilot_host` overrides the
|
|
155
|
+
// individual default so a business token is substituted on the host that
|
|
156
|
+
// actually honors it.
|
|
157
|
+
return {
|
|
158
|
+
adapter,
|
|
159
|
+
placeholder,
|
|
160
|
+
secretName: PI_SECRET_NAME,
|
|
161
|
+
substitutionHosts: [nonEmptyString(opts?.piUpstreamHost ?? null) ?? PI_UPSTREAM_HOST],
|
|
162
|
+
};
|
|
140
163
|
}
|
|
141
164
|
}
|
|
142
165
|
/**
|
|
@@ -145,8 +168,8 @@ export function buildAdapterCredentialSpec(adapter, placeholder) {
|
|
|
145
168
|
* `accountId` is only consulted for codex (embedded in the placeholder JWT's auth
|
|
146
169
|
* claim, UUID-guarded).
|
|
147
170
|
*/
|
|
148
|
-
export function buildAdapterCredentialSpecWithPlaceholder(adapter, rng, accountId = null) {
|
|
149
|
-
return buildAdapterCredentialSpec(adapter, buildAdapterPlaceholder(adapter, rng, accountId));
|
|
171
|
+
export function buildAdapterCredentialSpecWithPlaceholder(adapter, rng, accountId = null, opts) {
|
|
172
|
+
return buildAdapterCredentialSpec(adapter, buildAdapterPlaceholder(adapter, rng, accountId), opts);
|
|
150
173
|
}
|
|
151
174
|
/**
|
|
152
175
|
* Decide the codex upstream route for a credential. ChatGPT-OAuth subscription
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shape.js","sourceRoot":"","sources":["../../../src/core/credential/shape.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,oCAAoC;AACpC,EAAE;AACF,2EAA2E;AAC3E,8EAA8E;AAC9E,+EAA+E;AAC/E,yEAAyE;AACzE,EAAE;AACF,4EAA4E;AAC5E,gEAAgE;AAChE,mFAAmF;AACnF,kFAAkF;AAClF,6DAA6D;AAC7D,wDAAwD;AACxD,mFAAmF;AACnF,uDAAuD;AACvD,gFAAgF;AAChF,4EAA4E;AAC5E,gCAAgC;AAChC,gFAAgF;AAChF,kFAAkF;AAClF,iFAAiF;AACjF,8BAA8B;AAC9B,sDAAsD;AACtD,wEAAwE;AACxE,iFAAiF;AACjF,8EAA8E;AAC9E,EAAE;AACF,2EAA2E;AAC3E,8EAA8E;AAC9E,6EAA6E;AAC7E,kFAAkF;AAClF,sDAAsD;AAStD,yEAAyE;AACzE,+DAA+D;AAC/D,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,CAAC;AAC1B,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAE9C,gFAAgF;AAChF,EAAE;AACF,iFAAiF;AACjF,8EAA8E;AAC9E,2BAA2B;AAE3B,MAAM,CAAC,MAAM,kBAAkB,GAAG,sBAAsB,CAAC;AACzD,MAAM,CAAC,MAAM,iBAAiB,GAAG,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"shape.js","sourceRoot":"","sources":["../../../src/core/credential/shape.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,oCAAoC;AACpC,EAAE;AACF,2EAA2E;AAC3E,8EAA8E;AAC9E,+EAA+E;AAC/E,yEAAyE;AACzE,EAAE;AACF,4EAA4E;AAC5E,gEAAgE;AAChE,mFAAmF;AACnF,kFAAkF;AAClF,6DAA6D;AAC7D,wDAAwD;AACxD,mFAAmF;AACnF,uDAAuD;AACvD,gFAAgF;AAChF,4EAA4E;AAC5E,gCAAgC;AAChC,gFAAgF;AAChF,kFAAkF;AAClF,iFAAiF;AACjF,8BAA8B;AAC9B,sDAAsD;AACtD,wEAAwE;AACxE,iFAAiF;AACjF,8EAA8E;AAC9E,EAAE;AACF,2EAA2E;AAC3E,8EAA8E;AAC9E,6EAA6E;AAC7E,kFAAkF;AAClF,sDAAsD;AAStD,yEAAyE;AACzE,+DAA+D;AAC/D,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,CAAC;AAC1B,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAE9C,gFAAgF;AAChF,EAAE;AACF,iFAAiF;AACjF,8EAA8E;AAC9E,2BAA2B;AAE3B,MAAM,CAAC,MAAM,kBAAkB,GAAG,sBAAsB,CAAC;AACzD,MAAM,CAAC,MAAM,iBAAiB,GAAG,gBAAgB,CAAC;AAClD,+EAA+E;AAC/E,8EAA8E;AAC9E,MAAM,CAAC,MAAM,cAAc,GAAG,sBAAsB,CAAC;AAErD,6EAA6E;AAC7E,sFAAsF;AACtF,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC;AACxD,6EAA6E;AAC7E,mEAAmE;AACnE,MAAM,CAAC,MAAM,mBAAmB,GAAG,aAAa,CAAC;AACjD,gFAAgF;AAChF,+EAA+E;AAC/E,iFAAiF;AACjF,cAAc;AACd,MAAM,CAAC,MAAM,gBAAgB,GAAG,kCAAkC,CAAC;AAEnE;;;;;GAKG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG,aAAa,CAAC;AAEzD,qEAAqE;AACrE,MAAM,oBAAoB,GAAG,aAAa,CAAC;AAE3C,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,sBAAsB,CACpC,SAAiB,EACjB,YAA2B,IAAI;IAE/B,MAAM,aAAa,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,aAAa,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;IAC3D,MAAM,OAAO,GAAG,aAAa,CAAC;QAC5B,GAAG,EAAE,2BAA2B;QAChC,GAAG,CAAC,aAAa,KAAK,IAAI;YACxB,CAAC,CAAC,EAAE,6BAA6B,EAAE,EAAE,kBAAkB,EAAE,aAAa,EAAE,EAAE;YAC1E,CAAC,CAAC,EAAE,CAAC;KACR,CAAC,CAAC;IACH,OAAO,GAAG,MAAM,IAAI,OAAO,IAAI,SAAS,EAAE,CAAC;AAC7C,CAAC;AAED,gFAAgF;AAEhF;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,uBAAuB,CACrC,OAAqB,EACrB,GAAiB,EACjB,YAA2B,IAAI;IAE/B,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,QAAQ;YACX,OAAO,UAAU,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC;QACpC,KAAK,OAAO;YACV,0EAA0E;YAC1E,OAAO,sBAAsB,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,SAAS,CAAC,CAAC;QAC3D,KAAK,IAAI;YACP,OAAO,eAAe,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC;IAC3C,CAAC;AACH,CAAC;AAED,gFAAgF;AAEhF;;;;;;;;;GASG;AACH,MAAM,UAAU,0BAA0B,CACxC,OAAqB,EACrB,WAAmB,EACnB,IAAyC;IAEzC,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,QAAQ;YACX,OAAO;gBACL,OAAO;gBACP,WAAW;gBACX,UAAU,EAAE,kBAAkB;gBAC9B,iBAAiB,EAAE,CAAC,oBAAoB,CAAC;aAC1C,CAAC;QACJ,KAAK,OAAO;YACV,OAAO;gBACL,OAAO;gBACP,WAAW;gBACX,UAAU,EAAE,iBAAiB;gBAC7B,iBAAiB,EAAE,CAAC,mBAAmB,CAAC;aACzC,CAAC;QACJ,KAAK,IAAI;YACP,+DAA+D;YAC/D,sEAAsE;YACtE,yEAAyE;YACzE,sBAAsB;YACtB,OAAO;gBACL,OAAO;gBACP,WAAW;gBACX,UAAU,EAAE,cAAc;gBAC1B,iBAAiB,EAAE,CAAC,cAAc,CAAC,IAAI,EAAE,cAAc,IAAI,IAAI,CAAC,IAAI,gBAAgB,CAAC;aACtF,CAAC;IACN,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,yCAAyC,CACvD,OAAqB,EACrB,GAAiB,EACjB,YAA2B,IAAI,EAC/B,IAAyC;IAEzC,OAAO,0BAA0B,CAAC,OAAO,EAAE,uBAAuB,CAAC,OAAO,EAAE,GAAG,EAAE,SAAS,CAAC,EAAE,IAAI,CAAC,CAAC;AACrG,CAAC;AAkBD;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAgB;IACjD,IAAI,CAAC,KAAK,CAAC,YAAY;QAAE,OAAO,IAAI,CAAC;IACrC,+EAA+E;IAC/E,sDAAsD;IACtD,MAAM,SAAS,GAAG,cAAc,CAAC,KAAK,CAAC,gBAAgB,IAAI,IAAI,CAAC,CAAC;IACjE,MAAM,YAAY,GAChB,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAChE,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,WAAW,EAAE,uBAAuB,EAAE,YAAY,EAAE,CAAC;AAC5F,CAAC;AAED,0FAA0F;AAC1F,MAAM,UAAU,uBAAuB,CAAC,QAAgB;IACtD,OAAO,QAAQ,CAAC,OAAO,CAAC,kBAAkB,EAAE,oBAAoB,CAAC,CAAC;AACpE,CAAC;AAED,gFAAgF;AAEhF;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,uBAAuB,CACrC,KAAuC,EACvC,kBAAqC,EAAE;IAEvC,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC;IAC/D,MAAM,YAAY,GAAG,MAAM,CAAC,CAAC,GAAG,eAAe,EAAE,GAAG,YAAY,CAAC,CAAC,CAAC;IACnE,OAAO;QACL,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,iBAAiB,EAAE,CAAC,GAAG,CAAC,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;QAChF,YAAY;KACb,CAAC;AACJ,CAAC;AAED,gFAAgF;AAChF,qFAAqF;AAErF,2DAA2D;AAC3D,SAAS,MAAM,CAAC,MAAyB;IACvC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YAAE,SAAS;QAC1B,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACZ,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACd,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,aAAa,CAAC,GAAY;IACjC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IACjC,uEAAuE;IACvE,MAAM,MAAM,GAAG,QAAQ,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IACzB,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACzE,CAAC"}
|