terminal-pilot 0.0.21 → 0.0.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (58) hide show
  1. package/dist/cli.js +467 -193
  2. package/dist/cli.js.map +4 -4
  3. package/dist/commands/close-session.js +6 -4
  4. package/dist/commands/close-session.js.map +3 -3
  5. package/dist/commands/create-session.js +6 -4
  6. package/dist/commands/create-session.js.map +3 -3
  7. package/dist/commands/fill.js +6 -4
  8. package/dist/commands/fill.js.map +3 -3
  9. package/dist/commands/get-session.js +6 -4
  10. package/dist/commands/get-session.js.map +3 -3
  11. package/dist/commands/index.js +79 -33
  12. package/dist/commands/index.js.map +4 -4
  13. package/dist/commands/install.js +64 -20
  14. package/dist/commands/install.js.map +4 -4
  15. package/dist/commands/installer.js +36 -2
  16. package/dist/commands/installer.js.map +4 -4
  17. package/dist/commands/list-sessions.js +6 -4
  18. package/dist/commands/list-sessions.js.map +3 -3
  19. package/dist/commands/press-key.js +6 -4
  20. package/dist/commands/press-key.js.map +3 -3
  21. package/dist/commands/read-history.js +6 -4
  22. package/dist/commands/read-history.js.map +3 -3
  23. package/dist/commands/read-screen.js +6 -4
  24. package/dist/commands/read-screen.js.map +3 -3
  25. package/dist/commands/resize.js +6 -4
  26. package/dist/commands/resize.js.map +3 -3
  27. package/dist/commands/runtime.js +6 -4
  28. package/dist/commands/runtime.js.map +3 -3
  29. package/dist/commands/screenshot.js +17 -8
  30. package/dist/commands/screenshot.js.map +3 -3
  31. package/dist/commands/send-signal.js +6 -4
  32. package/dist/commands/send-signal.js.map +3 -3
  33. package/dist/commands/type.js +6 -4
  34. package/dist/commands/type.js.map +3 -3
  35. package/dist/commands/uninstall.js +39 -5
  36. package/dist/commands/uninstall.js.map +4 -4
  37. package/dist/commands/wait-for-exit.js +6 -4
  38. package/dist/commands/wait-for-exit.js.map +3 -3
  39. package/dist/commands/wait-for.js +6 -4
  40. package/dist/commands/wait-for.js.map +3 -3
  41. package/dist/errors.d.ts +1 -0
  42. package/dist/errors.js +8 -0
  43. package/dist/errors.js.map +7 -0
  44. package/dist/index.js +8 -4
  45. package/dist/index.js.map +3 -3
  46. package/dist/terminal-pilot.js +6 -4
  47. package/dist/terminal-pilot.js.map +3 -3
  48. package/dist/terminal-session.js +6 -4
  49. package/dist/terminal-session.js.map +3 -3
  50. package/dist/testing/cli-repl.js +467 -193
  51. package/dist/testing/cli-repl.js.map +4 -4
  52. package/dist/testing/qa-cli.js +467 -193
  53. package/dist/testing/qa-cli.js.map +4 -4
  54. package/node_modules/@poe-code/agent-skill-config/dist/apply.js +4 -1
  55. package/node_modules/@poe-code/agent-skill-config/dist/bridge-active-skills.js +1 -1
  56. package/node_modules/@poe-code/agent-skill-config/dist/git-exclude.js +17 -9
  57. package/node_modules/@poe-code/agent-skill-config/dist/templates.js +4 -1
  58. package/package.json +1 -1
@@ -83,7 +83,7 @@ import path23 from "node:path";
83
83
  import { fileURLToPath as fileURLToPath5 } from "node:url";
84
84
 
85
85
  // ../toolcraft/src/cli.ts
86
- import { access as access2, lstat as lstat3, readFile as readFile4, rename as rename3, unlink as unlink2, writeFile as writeFile5 } from "node:fs/promises";
86
+ import { access as access2, lstat as lstat3, readFile as readFile4, rename as rename3, unlink as unlink3, writeFile as writeFile5 } from "node:fs/promises";
87
87
  import path14 from "node:path";
88
88
  import {
89
89
  Command as CommanderCommand,
@@ -2799,27 +2799,27 @@ function validateMachine(machine) {
2799
2799
  if (!isRecord(machine)) {
2800
2800
  throw new TypeError("State machine must be an object.");
2801
2801
  }
2802
- if (!isStateList(machine.states)) {
2802
+ if (!hasOwnRecordField(machine, "states") || !isStateList(machine.states)) {
2803
2803
  throw new TypeError("State machine states must be a string array.");
2804
2804
  }
2805
2805
  const states = new Set(machine.states);
2806
- if (typeof machine.initial !== "string") {
2806
+ if (!hasOwnRecordField(machine, "initial") || typeof machine.initial !== "string") {
2807
2807
  throw new TypeError("State machine initial must be a string.");
2808
2808
  }
2809
2809
  if (!states.has(machine.initial)) {
2810
2810
  throw new Error(`Initial state "${machine.initial}" is not declared.`);
2811
2811
  }
2812
- if (!isRecord(machine.events)) {
2812
+ if (!hasOwnRecordField(machine, "events") || !isRecord(machine.events)) {
2813
2813
  throw new TypeError("State machine events must be an object.");
2814
2814
  }
2815
2815
  for (const [eventName, event] of Object.entries(machine.events)) {
2816
2816
  if (!isRecord(event)) {
2817
2817
  throw new TypeError(`Event "${eventName}" must be an object.`);
2818
2818
  }
2819
- if (event.from !== "*" && !isStateList(event.from)) {
2819
+ if (!hasOwnRecordField(event, "from") || event.from !== "*" && !isStateList(event.from)) {
2820
2820
  throw new TypeError(`Event "${eventName}" has an invalid "from" definition.`);
2821
2821
  }
2822
- if (typeof event.to !== "string") {
2822
+ if (!hasOwnRecordField(event, "to") || typeof event.to !== "string") {
2823
2823
  throw new TypeError(`Event "${eventName}" target state must be a string.`);
2824
2824
  }
2825
2825
  if (!states.has(event.to)) {
@@ -2834,6 +2834,9 @@ function validateMachine(machine) {
2834
2834
  }
2835
2835
  }
2836
2836
  }
2837
+ function hasOwnRecordField(record, key2) {
2838
+ return Object.prototype.hasOwnProperty.call(record, key2);
2839
+ }
2837
2840
  function eventsFromState(machine, fromState) {
2838
2841
  const events = [];
2839
2842
  for (const [eventName, event] of Object.entries(machine.events)) {
@@ -3105,6 +3108,7 @@ function resolveEndpoint(options = {}) {
3105
3108
  }
3106
3109
 
3107
3110
  // ../task-list/src/backends/utils.ts
3111
+ import { randomUUID as randomUUID2 } from "node:crypto";
3108
3112
  import path6 from "node:path";
3109
3113
  function compareCreated(left, right) {
3110
3114
  const leftCreated = typeof left.raw.created === "string" ? left.raw.created : "";
@@ -3125,9 +3129,8 @@ function applyOrder(entries, order) {
3125
3129
  }
3126
3130
  return entries.map((entry) => entry.task);
3127
3131
  }
3128
- var tmpFileCounter = 0;
3129
3132
  function hasErrorCode(error3, code) {
3130
- return !!error3 && typeof error3 === "object" && "code" in error3 && error3.code === code;
3133
+ return !!error3 && typeof error3 === "object" && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === code;
3131
3134
  }
3132
3135
  function isRecord2(value) {
3133
3136
  return typeof value === "object" && value !== null && !Array.isArray(value);
@@ -3174,18 +3177,22 @@ async function rejectSymbolicLinkComponents(fs4, filePath) {
3174
3177
  }
3175
3178
  }
3176
3179
  async function writeAtomically(fs4, filePath, content) {
3177
- const tempPath = `${filePath}.tmp-${process.pid}-${tmpFileCounter}`;
3178
- tmpFileCounter += 1;
3180
+ const tempPath = `${filePath}.${process.pid}.${randomUUID2()}.tmp`;
3181
+ let tempCreated = false;
3179
3182
  await fs4.mkdir(path6.dirname(filePath), { recursive: true });
3180
3183
  try {
3181
3184
  await fs4.writeFile(tempPath, content, { encoding: "utf8", flag: "wx" });
3185
+ tempCreated = true;
3182
3186
  await fs4.rename(tempPath, filePath);
3187
+ tempCreated = false;
3183
3188
  } catch (error3) {
3184
- try {
3185
- await fs4.unlink(tempPath);
3186
- } catch (unlinkError) {
3187
- if (!hasErrorCode(unlinkError, "ENOENT")) {
3188
- throw unlinkError;
3189
+ if (tempCreated || !hasErrorCode(error3, "EEXIST")) {
3190
+ try {
3191
+ await fs4.unlink(tempPath);
3192
+ } catch (unlinkError) {
3193
+ if (!hasErrorCode(unlinkError, "ENOENT")) {
3194
+ throw unlinkError;
3195
+ }
3189
3196
  }
3190
3197
  }
3191
3198
  throw error3;
@@ -3199,6 +3206,7 @@ async function withFileLock(fs4, lockPath, operation) {
3199
3206
  break;
3200
3207
  } catch (error3) {
3201
3208
  if (!hasErrorCode(error3, "EEXIST")) {
3209
+ await fs4.unlink(lockPath).catch(() => void 0);
3202
3210
  throw error3;
3203
3211
  }
3204
3212
  if (await removeAbandonedLock(fs4, lockPath)) {
@@ -4482,27 +4490,30 @@ function readFrontmatter(frontmatterContent, filePath) {
4482
4490
  return parsed;
4483
4491
  }
4484
4492
  function assertValidTaskRecord(frontmatter, filePath, validStates) {
4485
- if ("$schema" in frontmatter && frontmatter.$schema !== TASK_SCHEMA_ID) {
4493
+ if (hasOwnTaskField(frontmatter, "$schema") && frontmatter.$schema !== TASK_SCHEMA_ID) {
4486
4494
  throw malformedTask(filePath, "$schema");
4487
4495
  }
4488
- if ("kind" in frontmatter && frontmatter.kind !== TASK_KIND) {
4496
+ if (hasOwnTaskField(frontmatter, "kind") && frontmatter.kind !== TASK_KIND) {
4489
4497
  throw malformedTask(filePath, "kind");
4490
4498
  }
4491
- if ("version" in frontmatter) {
4499
+ if (hasOwnTaskField(frontmatter, "version")) {
4492
4500
  if (typeof frontmatter.version !== "number" || !Number.isInteger(frontmatter.version) || frontmatter.version !== TASK_VERSION) {
4493
4501
  throw malformedTask(filePath, "version");
4494
4502
  }
4495
4503
  }
4496
- if (typeof frontmatter.name !== "string" || frontmatter.name.length === 0) {
4504
+ if (!hasOwnTaskField(frontmatter, "name") || typeof frontmatter.name !== "string" || frontmatter.name.length === 0) {
4497
4505
  throw malformedTask(filePath, "name");
4498
4506
  }
4499
- if (typeof frontmatter.state !== "string" || !validStates.has(frontmatter.state)) {
4507
+ if (!hasOwnTaskField(frontmatter, "state") || typeof frontmatter.state !== "string" || !validStates.has(frontmatter.state)) {
4500
4508
  throw malformedTask(filePath, "state");
4501
4509
  }
4502
- if ("description" in frontmatter && typeof frontmatter.description !== "string") {
4510
+ if (hasOwnTaskField(frontmatter, "description") && typeof frontmatter.description !== "string") {
4503
4511
  throw malformedTask(filePath, "description");
4504
4512
  }
4505
4513
  }
4514
+ function hasOwnTaskField(frontmatter, key2) {
4515
+ return Object.prototype.hasOwnProperty.call(frontmatter, key2);
4516
+ }
4506
4517
  function reservedFrontmatterKeys(mode) {
4507
4518
  return mode === "passthrough" ? PASSTHROUGH_RESERVED_FRONTMATTER_KEYS : RESERVED_FRONTMATTER_KEYS;
4508
4519
  }
@@ -5351,7 +5362,8 @@ function parseQualifiedId3(qualifiedId) {
5351
5362
  };
5352
5363
  }
5353
5364
  function descriptionFromTaskRecord(taskRecord) {
5354
- return typeof taskRecord.description === "string" ? taskRecord.description : "";
5365
+ const description = getOwnEntry(taskRecord, "description");
5366
+ return typeof description === "string" ? description : "";
5355
5367
  }
5356
5368
  function metadataFromTaskRecord(taskRecord) {
5357
5369
  const metadata = /* @__PURE__ */ Object.create(null);
@@ -5367,8 +5379,8 @@ function createTask2(list, id, taskRecord, sourcePath) {
5367
5379
  list,
5368
5380
  id,
5369
5381
  qualifiedId: `${list}/${id}`,
5370
- name: taskRecord.name,
5371
- state: taskRecord.state,
5382
+ name: getOwnEntry(taskRecord, "name"),
5383
+ state: getOwnEntry(taskRecord, "state"),
5372
5384
  description: descriptionFromTaskRecord(taskRecord),
5373
5385
  metadata: metadataFromTaskRecord(taskRecord),
5374
5386
  ...sourcePath !== void 0 && { sourcePath: path8.resolve(sourcePath) }
@@ -5465,16 +5477,17 @@ function assertValidStoreRecord(store, filePath) {
5465
5477
  if (!isRecord2(store)) {
5466
5478
  throw malformedStore(filePath, "store");
5467
5479
  }
5468
- if (store.$schema !== STORE_SCHEMA_ID) {
5480
+ if (getOwnEntry(store, "$schema") !== STORE_SCHEMA_ID) {
5469
5481
  throw malformedStore(filePath, "$schema");
5470
5482
  }
5471
- if (store.kind !== STORE_KIND) {
5483
+ if (getOwnEntry(store, "kind") !== STORE_KIND) {
5472
5484
  throw malformedStore(filePath, "kind");
5473
5485
  }
5474
- if (typeof store.version !== "number" || !Number.isInteger(store.version) || store.version !== STORE_VERSION) {
5486
+ const version = getOwnEntry(store, "version");
5487
+ if (typeof version !== "number" || !Number.isInteger(version) || version !== STORE_VERSION) {
5475
5488
  throw malformedStore(filePath, "version");
5476
5489
  }
5477
- if (!isRecord2(store.lists)) {
5490
+ if (!isRecord2(getOwnEntry(store, "lists"))) {
5478
5491
  throw malformedStore(filePath, "lists");
5479
5492
  }
5480
5493
  }
@@ -5482,29 +5495,38 @@ function assertValidTaskRecord2(taskRecord, list, id, validStates) {
5482
5495
  if (!isRecord2(taskRecord)) {
5483
5496
  throw malformedTask2(list, id, "task");
5484
5497
  }
5485
- if ("$schema" in taskRecord && taskRecord.$schema !== TASK_SCHEMA_ID2) {
5498
+ if (hasOwnTaskField2(taskRecord, "$schema") && getOwnEntry(taskRecord, "$schema") !== TASK_SCHEMA_ID2) {
5486
5499
  throw malformedTask2(list, id, "$schema");
5487
5500
  }
5488
- if ("kind" in taskRecord && taskRecord.kind !== TASK_KIND2) {
5501
+ if (hasOwnTaskField2(taskRecord, "kind") && getOwnEntry(taskRecord, "kind") !== TASK_KIND2) {
5489
5502
  throw malformedTask2(list, id, "kind");
5490
5503
  }
5491
- if ("version" in taskRecord) {
5492
- if (typeof taskRecord.version !== "number" || !Number.isInteger(taskRecord.version) || taskRecord.version !== TASK_VERSION2) {
5504
+ if (hasOwnTaskField2(taskRecord, "version")) {
5505
+ const version = getOwnEntry(taskRecord, "version");
5506
+ if (typeof version !== "number" || !Number.isInteger(version) || version !== TASK_VERSION2) {
5493
5507
  throw malformedTask2(list, id, "version");
5494
5508
  }
5495
5509
  }
5496
- if (typeof taskRecord.name !== "string" || taskRecord.name.length === 0) {
5510
+ const name = getOwnEntry(taskRecord, "name");
5511
+ if (!hasOwnTaskField2(taskRecord, "name") || typeof name !== "string" || name.length === 0) {
5497
5512
  throw malformedTask2(list, id, "name");
5498
5513
  }
5499
- if (typeof taskRecord.state !== "string" || !validStates.has(taskRecord.state)) {
5514
+ const state = getOwnEntry(taskRecord, "state");
5515
+ if (!hasOwnTaskField2(taskRecord, "state") || typeof state !== "string" || !validStates.has(state)) {
5500
5516
  throw malformedTask2(list, id, "state");
5501
5517
  }
5502
- if ("description" in taskRecord && typeof taskRecord.description !== "string") {
5518
+ if (hasOwnTaskField2(taskRecord, "description") && typeof getOwnEntry(taskRecord, "description") !== "string") {
5503
5519
  throw malformedTask2(list, id, "description");
5504
5520
  }
5505
5521
  }
5522
+ function hasOwnTaskField2(taskRecord, key2) {
5523
+ return Object.prototype.hasOwnProperty.call(taskRecord, key2);
5524
+ }
5525
+ function getOwnEntry(record, key2) {
5526
+ return Object.prototype.hasOwnProperty.call(record, key2) ? record[key2] : void 0;
5527
+ }
5506
5528
  function validateStoreEntries(store, filePath, validStates) {
5507
- const lists = store.lists;
5529
+ const lists = getOwnEntry(store, "lists");
5508
5530
  if (!isRecord2(lists)) {
5509
5531
  throw malformedStore(filePath, "lists");
5510
5532
  }
@@ -5544,10 +5566,11 @@ async function readStore(fs4, filePath, validStates) {
5544
5566
  };
5545
5567
  }
5546
5568
  function getListsRecord(store) {
5547
- return store.lists;
5569
+ const lists = getOwnEntry(store, "lists");
5570
+ return isRecord2(lists) ? lists : {};
5548
5571
  }
5549
5572
  function getListRecord(store, list) {
5550
- const listRecord = getListsRecord(store)[list];
5573
+ const listRecord = getOwnEntry(getListsRecord(store), list);
5551
5574
  return isRecord2(listRecord) ? listRecord : void 0;
5552
5575
  }
5553
5576
  function getTaskRecord(store, list, id) {
@@ -5840,7 +5863,7 @@ async function yamlFileBackend(deps) {
5840
5863
  const result = [];
5841
5864
  const listNames = sortStrings(Object.keys(getListsRecord(store)));
5842
5865
  for (const listName of listNames) {
5843
- const listRecord = getListsRecord(store)[listName];
5866
+ const listRecord = getOwnEntry(getListsRecord(store), listName);
5844
5867
  if (!isRecord2(listRecord)) continue;
5845
5868
  const entries = Object.entries(listRecord).map(([id, taskRecord]) => ({
5846
5869
  task: createTask2(listName, id, taskRecord, deps.path),
@@ -6474,8 +6497,8 @@ function createHandlerContext(command, params17) {
6474
6497
  function createFs() {
6475
6498
  return {
6476
6499
  readFile: async (path24, encoding = "utf8") => readFile2(path24, { encoding }),
6477
- writeFile: async (path24, contents) => {
6478
- await writeFile2(path24, contents);
6500
+ writeFile: async (path24, contents, options) => {
6501
+ await writeFile2(path24, contents, options);
6479
6502
  },
6480
6503
  exists: async (path24) => {
6481
6504
  try {
@@ -6764,16 +6787,16 @@ function isMissingStateError(error3) {
6764
6787
 
6765
6788
  // ../toolcraft/src/error-report.ts
6766
6789
  import { mkdir as mkdir2, realpath as realpath2, writeFile as writeFile4 } from "node:fs/promises";
6767
- import { randomUUID as randomUUID3 } from "node:crypto";
6790
+ import { randomUUID as randomUUID5 } from "node:crypto";
6768
6791
  import os from "node:os";
6769
6792
  import path13 from "node:path";
6770
6793
  import { CommanderError } from "commander";
6771
6794
 
6772
6795
  // ../toolcraft/src/mcp-proxy.ts
6773
6796
  import { existsSync as existsSync2 } from "node:fs";
6774
- import { lstat as lstat2, mkdir, readFile as readFile3, rename as rename2, writeFile as writeFile3 } from "node:fs/promises";
6797
+ import { lstat as lstat2, mkdir, readFile as readFile3, rename as rename2, unlink as unlink2, writeFile as writeFile3 } from "node:fs/promises";
6775
6798
  import path12 from "node:path";
6776
- import { createHash as createHash3, randomUUID as randomUUID2 } from "node:crypto";
6799
+ import { createHash as createHash3, randomUUID as randomUUID4 } from "node:crypto";
6777
6800
 
6778
6801
  // ../tiny-mcp-client/src/internal.ts
6779
6802
  import { spawn as spawn5 } from "node:child_process";
@@ -6784,7 +6807,7 @@ import crypto from "node:crypto";
6784
6807
  import path11 from "node:path";
6785
6808
 
6786
6809
  // ../auth-store/src/encrypted-file-store.ts
6787
- import { createCipheriv, createDecipheriv, randomBytes as randomBytes4, scrypt } from "node:crypto";
6810
+ import { createCipheriv, createDecipheriv, randomBytes as randomBytes4, randomUUID as randomUUID3, scrypt } from "node:crypto";
6788
6811
  import { promises as fs } from "node:fs";
6789
6812
  import { homedir, hostname, userInfo } from "node:os";
6790
6813
  import path10 from "node:path";
@@ -6795,7 +6818,6 @@ var ENCRYPTION_KEY_BYTES = 32;
6795
6818
  var ENCRYPTION_IV_BYTES = 12;
6796
6819
  var ENCRYPTION_AUTH_TAG_BYTES = 16;
6797
6820
  var ENCRYPTION_FILE_MODE = 384;
6798
- var temporaryFileSequence = 0;
6799
6821
  var EncryptedFileStore = class {
6800
6822
  fs;
6801
6823
  filePath;
@@ -6827,7 +6849,7 @@ var EncryptedFileStore = class {
6827
6849
  this.getRandomBytes = input.getRandomBytes ?? randomBytes4;
6828
6850
  }
6829
6851
  async get() {
6830
- await this.assertRegularCredentialPath();
6852
+ await this.assertCredentialPathHasNoSymbolicLinks(this.filePath);
6831
6853
  let rawDocument;
6832
6854
  try {
6833
6855
  rawDocument = await this.fs.readFile(this.filePath, "utf8");
@@ -6858,7 +6880,7 @@ var EncryptedFileStore = class {
6858
6880
  }
6859
6881
  }
6860
6882
  async set(value) {
6861
- await this.assertRegularCredentialPath();
6883
+ await this.assertCredentialPathHasNoSymbolicLinks(this.filePath);
6862
6884
  const key2 = await this.getEncryptionKey();
6863
6885
  const iv = this.getRandomBytes(ENCRYPTION_IV_BYTES);
6864
6886
  const cipher = createCipheriv(ENCRYPTION_ALGORITHM, key2, iv);
@@ -6874,25 +6896,28 @@ var EncryptedFileStore = class {
6874
6896
  ciphertext: ciphertext.toString("base64")
6875
6897
  };
6876
6898
  await this.fs.mkdir(path10.dirname(this.filePath), { recursive: true });
6877
- await this.assertRegularCredentialPath();
6878
- const temporaryPath = `${this.filePath}.${process.pid}.${temporaryFileSequence++}.tmp`;
6899
+ await this.assertCredentialPathHasNoSymbolicLinks(this.filePath);
6900
+ const temporaryPath = `${this.filePath}.${process.pid}.${randomUUID3()}.tmp`;
6901
+ let temporaryCreated = false;
6879
6902
  try {
6903
+ await this.assertCredentialPathHasNoSymbolicLinks(temporaryPath);
6880
6904
  await this.fs.writeFile(temporaryPath, JSON.stringify(document), {
6881
6905
  encoding: "utf8",
6882
6906
  flag: "wx",
6883
6907
  mode: ENCRYPTION_FILE_MODE
6884
6908
  });
6909
+ temporaryCreated = true;
6885
6910
  await this.fs.chmod(temporaryPath, ENCRYPTION_FILE_MODE);
6886
6911
  await this.fs.rename(temporaryPath, this.filePath);
6887
6912
  } catch (error3) {
6888
- if (!isAlreadyExistsError(error3)) {
6913
+ if (temporaryCreated || !isAlreadyExistsError(error3)) {
6889
6914
  await removeIfPresent(this.fs, temporaryPath).catch(() => void 0);
6890
6915
  }
6891
6916
  throw error3;
6892
6917
  }
6893
6918
  }
6894
6919
  async delete() {
6895
- await this.assertRegularCredentialPath();
6920
+ await this.assertCredentialPathHasNoSymbolicLinks(this.filePath);
6896
6921
  try {
6897
6922
  await this.fs.unlink(this.filePath);
6898
6923
  } catch (error3) {
@@ -6901,8 +6926,8 @@ var EncryptedFileStore = class {
6901
6926
  }
6902
6927
  }
6903
6928
  }
6904
- async assertRegularCredentialPath() {
6905
- const resolvedPath = path10.resolve(this.filePath);
6929
+ async assertCredentialPathHasNoSymbolicLinks(targetPath) {
6930
+ const resolvedPath = path10.resolve(targetPath);
6906
6931
  const protectedPaths = getProtectedCredentialPaths(
6907
6932
  resolvedPath,
6908
6933
  this.symbolicLinkCheckStartPath
@@ -6967,9 +6992,6 @@ async function removeIfPresent(fileSystem, filePath) {
6967
6992
  }
6968
6993
  }
6969
6994
  }
6970
- function isAlreadyExistsError(error3) {
6971
- return typeof error3 === "object" && error3 !== null && "code" in error3 && error3.code === "EEXIST";
6972
- }
6973
6995
  function defaultMachineIdentity() {
6974
6996
  return {
6975
6997
  hostname: hostname(),
@@ -7007,17 +7029,21 @@ function parseEncryptedDocument(raw) {
7007
7029
  if (!isRecord4(parsed)) {
7008
7030
  return null;
7009
7031
  }
7010
- if (parsed.version !== ENCRYPTION_VERSION) {
7032
+ const version = getOwnEntry2(parsed, "version");
7033
+ const iv = getOwnEntry2(parsed, "iv");
7034
+ const authTag = getOwnEntry2(parsed, "authTag");
7035
+ const ciphertext = getOwnEntry2(parsed, "ciphertext");
7036
+ if (version !== ENCRYPTION_VERSION) {
7011
7037
  return null;
7012
7038
  }
7013
- if (typeof parsed.iv !== "string" || typeof parsed.authTag !== "string" || typeof parsed.ciphertext !== "string") {
7039
+ if (typeof iv !== "string" || typeof authTag !== "string" || typeof ciphertext !== "string") {
7014
7040
  return null;
7015
7041
  }
7016
7042
  return {
7017
- version: parsed.version,
7018
- iv: parsed.iv,
7019
- authTag: parsed.authTag,
7020
- ciphertext: parsed.ciphertext
7043
+ version,
7044
+ iv,
7045
+ authTag,
7046
+ ciphertext
7021
7047
  };
7022
7048
  } catch {
7023
7049
  return null;
@@ -7026,9 +7052,17 @@ function parseEncryptedDocument(raw) {
7026
7052
  function isRecord4(value) {
7027
7053
  return Boolean(value && typeof value === "object" && !Array.isArray(value));
7028
7054
  }
7055
+ function getOwnEntry2(record, key2) {
7056
+ return Object.prototype.hasOwnProperty.call(record, key2) ? record[key2] : void 0;
7057
+ }
7029
7058
  function isNotFoundError(error3) {
7030
7059
  return Boolean(
7031
- error3 && typeof error3 === "object" && "code" in error3 && error3.code === "ENOENT"
7060
+ error3 && typeof error3 === "object" && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === "ENOENT"
7061
+ );
7062
+ }
7063
+ function isAlreadyExistsError(error3) {
7064
+ return Boolean(
7065
+ error3 && typeof error3 === "object" && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === "EEXIST"
7032
7066
  );
7033
7067
  }
7034
7068
 
@@ -7050,8 +7084,8 @@ var KeychainStore = class {
7050
7084
  ["find-generic-password", "-s", this.service, "-a", this.account, "-w"],
7051
7085
  "read secret from macOS Keychain"
7052
7086
  );
7053
- if (result.exitCode === 0) {
7054
- return stripTrailingLineBreak(result.stdout);
7087
+ if (getCommandExitCode(result) === 0) {
7088
+ return stripTrailingLineBreak(getCommandOutput(result, "stdout"));
7055
7089
  }
7056
7090
  if (isKeychainEntryNotFound(result)) {
7057
7091
  return null;
@@ -7075,7 +7109,7 @@ var KeychainStore = class {
7075
7109
  "store secret in macOS Keychain",
7076
7110
  { stdin: value }
7077
7111
  );
7078
- if (result.exitCode !== 0) {
7112
+ if (getCommandExitCode(result) !== 0) {
7079
7113
  throw createSecurityCliFailure("store secret in macOS Keychain", result);
7080
7114
  }
7081
7115
  }
@@ -7084,7 +7118,7 @@ var KeychainStore = class {
7084
7118
  ["delete-generic-password", "-s", this.service, "-a", this.account],
7085
7119
  "delete secret from macOS Keychain"
7086
7120
  );
7087
- if (result.exitCode === 0 || isKeychainEntryNotFound(result)) {
7121
+ if (getCommandExitCode(result) === 0 || isKeychainEntryNotFound(result)) {
7088
7122
  return;
7089
7123
  }
7090
7124
  throw createSecurityCliFailure("delete secret from macOS Keychain", result);
@@ -7163,16 +7197,28 @@ function stripTrailingLineBreak(value) {
7163
7197
  return value;
7164
7198
  }
7165
7199
  function isKeychainEntryNotFound(result) {
7166
- return result.exitCode === KEYCHAIN_ITEM_NOT_FOUND_EXIT_CODE;
7200
+ return getCommandExitCode(result) === KEYCHAIN_ITEM_NOT_FOUND_EXIT_CODE;
7167
7201
  }
7168
7202
  function createSecurityCliFailure(operation, result) {
7169
- const details = result.stderr.trim() || result.stdout.trim();
7203
+ const exitCode = getCommandExitCode(result);
7204
+ const details = getCommandOutput(result, "stderr").trim() || getCommandOutput(result, "stdout").trim();
7170
7205
  if (details) {
7171
7206
  return new Error(
7172
- `Failed to ${operation}: security exited with code ${result.exitCode}: ${details}`
7207
+ `Failed to ${operation}: security exited with code ${exitCode}: ${details}`
7173
7208
  );
7174
7209
  }
7175
- return new Error(`Failed to ${operation}: security exited with code ${result.exitCode}`);
7210
+ return new Error(`Failed to ${operation}: security exited with code ${exitCode}`);
7211
+ }
7212
+ function getCommandExitCode(result) {
7213
+ const value = getOwnEntry3(result, "exitCode");
7214
+ return typeof value === "number" && Number.isInteger(value) ? value : 1;
7215
+ }
7216
+ function getCommandOutput(result, key2) {
7217
+ const value = getOwnEntry3(result, key2);
7218
+ return typeof value === "string" ? value : "";
7219
+ }
7220
+ function getOwnEntry3(record, key2) {
7221
+ return Object.prototype.hasOwnProperty.call(record, key2) ? record[key2] : void 0;
7176
7222
  }
7177
7223
 
7178
7224
  // ../auth-store/src/create-secret-store.ts
@@ -7205,7 +7251,7 @@ function createSecretStore(input) {
7205
7251
  }
7206
7252
  function resolveBackend(input) {
7207
7253
  const envVar = input.backendEnvVar ?? DEFAULT_BACKEND_ENV_VAR;
7208
- const configuredBackend = input.backend ?? input.env?.[envVar] ?? process.env[envVar];
7254
+ const configuredBackend = input.backend ?? getOwnEnvValue(input.env, envVar) ?? getOwnEnvValue(process.env, envVar);
7209
7255
  if (configuredBackend === "keychain") {
7210
7256
  return "keychain";
7211
7257
  }
@@ -7214,6 +7260,9 @@ function resolveBackend(input) {
7214
7260
  }
7215
7261
  throw new Error(`Unsupported auth store backend: ${configuredBackend}`);
7216
7262
  }
7263
+ function getOwnEnvValue(env, key2) {
7264
+ return env !== void 0 && Object.prototype.hasOwnProperty.call(env, key2) ? env[key2] : void 0;
7265
+ }
7217
7266
 
7218
7267
  // ../mcp-oauth/src/resource-indicator.ts
7219
7268
  function canonicalizeResourceIndicator(value) {
@@ -7267,8 +7316,13 @@ function createAuthStoreClientStore(options) {
7267
7316
  return null;
7268
7317
  }
7269
7318
  const parsed = JSON.parse(value);
7270
- if (typeof parsed === "object" && parsed !== null && !Array.isArray(parsed) && typeof parsed.clientId === "string") {
7271
- return parsed;
7319
+ const clientId = isObjectRecord(parsed) ? getOwnString(parsed, "clientId") : void 0;
7320
+ if (clientId !== void 0) {
7321
+ const client = { clientId };
7322
+ if (isObjectRecord(parsed) && Object.prototype.hasOwnProperty.call(parsed, "clientSecret")) {
7323
+ client.clientSecret = getOwnEntry4(parsed, "clientSecret");
7324
+ }
7325
+ return client;
7272
7326
  }
7273
7327
  throw new Error("Stored OAuth client must be a JSON object with clientId");
7274
7328
  },
@@ -7327,6 +7381,16 @@ function createIssuerSecretStore(issuer, options) {
7327
7381
  }
7328
7382
  );
7329
7383
  }
7384
+ function isObjectRecord(value) {
7385
+ return typeof value === "object" && value !== null && !Array.isArray(value);
7386
+ }
7387
+ function getOwnEntry4(record, key2) {
7388
+ return Object.prototype.hasOwnProperty.call(record, key2) ? record[key2] : void 0;
7389
+ }
7390
+ function getOwnString(record, key2) {
7391
+ const value = getOwnEntry4(record, key2);
7392
+ return typeof value === "string" ? value : void 0;
7393
+ }
7330
7394
 
7331
7395
  // ../mcp-oauth/src/client/default-oauth-client-provider.ts
7332
7396
  import { URL as URL2 } from "node:url";
@@ -7352,17 +7416,30 @@ function parseAuthorizationState(value) {
7352
7416
  try {
7353
7417
  const decoded = Buffer.from(value, "base64url").toString("utf8");
7354
7418
  const parsed = JSON.parse(decoded);
7355
- if (parsed.v !== 1 || typeof parsed.n !== "string" || parsed.n.length === 0 || typeof parsed.i !== "string" || parsed.i.length === 0 || typeof parsed.r !== "boolean") {
7419
+ if (!isObjectRecord2(parsed)) {
7420
+ return null;
7421
+ }
7422
+ const version = getOwnEntry5(parsed, "v");
7423
+ const nonce = getOwnEntry5(parsed, "n");
7424
+ const issuer = getOwnEntry5(parsed, "i");
7425
+ const requireIssuer = getOwnEntry5(parsed, "r");
7426
+ if (version !== 1 || typeof nonce !== "string" || nonce.length === 0 || typeof issuer !== "string" || issuer.length === 0 || typeof requireIssuer !== "boolean") {
7356
7427
  return null;
7357
7428
  }
7358
7429
  return {
7359
- issuer: parsed.i,
7360
- requireIssuer: parsed.r
7430
+ issuer,
7431
+ requireIssuer
7361
7432
  };
7362
7433
  } catch {
7363
7434
  return null;
7364
7435
  }
7365
7436
  }
7437
+ function isObjectRecord2(value) {
7438
+ return typeof value === "object" && value !== null && !Array.isArray(value);
7439
+ }
7440
+ function getOwnEntry5(record, key2) {
7441
+ return Object.prototype.hasOwnProperty.call(record, key2) ? record[key2] : void 0;
7442
+ }
7366
7443
 
7367
7444
  // ../mcp-oauth/src/client/loopback-authorization.ts
7368
7445
  async function createLoopbackAuthorizationSession(options = {}) {
@@ -7639,22 +7716,26 @@ async function requestTokens(input) {
7639
7716
  body: body.toString()
7640
7717
  });
7641
7718
  const payload = await readOAuthJsonObjectResponse(response);
7642
- if (typeof payload.access_token !== "string" || payload.access_token.trim().length === 0) {
7719
+ const accessToken = getOwnEntry6(payload, "access_token");
7720
+ if (typeof accessToken !== "string" || accessToken.trim().length === 0) {
7643
7721
  throw new Error("OAuth token response missing access_token");
7644
7722
  }
7645
- const tokenType = normalizeBearerTokenType(payload.token_type);
7723
+ const tokenType = normalizeBearerTokenType(getOwnEntry6(payload, "token_type"));
7646
7724
  if (tokenType === null) {
7647
7725
  throw new Error("OAuth token response missing token_type=Bearer");
7648
7726
  }
7649
- if (typeof payload.expires_in === "number" && Number.isFinite(payload.expires_in) && payload.expires_in < 0) {
7727
+ const expiresIn = getOwnEntry6(payload, "expires_in");
7728
+ if (typeof expiresIn === "number" && Number.isFinite(expiresIn) && expiresIn < 0) {
7650
7729
  throw new Error("OAuth token response has invalid expires_in");
7651
7730
  }
7731
+ const refreshToken = getOwnEntry6(payload, "refresh_token");
7732
+ const scope = getOwnEntry6(payload, "scope");
7652
7733
  return {
7653
- accessToken: payload.access_token,
7654
- refreshToken: typeof payload.refresh_token === "string" && payload.refresh_token.length > 0 ? payload.refresh_token : void 0,
7734
+ accessToken,
7735
+ refreshToken: typeof refreshToken === "string" && refreshToken.length > 0 ? refreshToken : void 0,
7655
7736
  tokenType,
7656
- expiresAt: typeof payload.expires_in === "number" && Number.isFinite(payload.expires_in) ? input.now() + payload.expires_in * 1e3 : null,
7657
- scope: typeof payload.scope === "string" && payload.scope.length > 0 ? payload.scope : void 0
7737
+ expiresAt: typeof expiresIn === "number" && Number.isFinite(expiresIn) ? input.now() + expiresIn * 1e3 : null,
7738
+ scope: typeof scope === "string" && scope.length > 0 ? scope : void 0
7658
7739
  };
7659
7740
  }
7660
7741
  async function readOAuthJsonObjectResponse(response) {
@@ -7681,12 +7762,18 @@ async function readOAuthJsonObjectResponse(response) {
7681
7762
  return record;
7682
7763
  }
7683
7764
  function readOAuthError(payload, fallbackError = "server_error") {
7765
+ const error3 = getOwnEntry6(payload, "error");
7766
+ const errorDescription = getOwnEntry6(payload, "error_description");
7767
+ const errorUri = getOwnEntry6(payload, "error_uri");
7684
7768
  return {
7685
- error: typeof payload.error === "string" ? payload.error : fallbackError,
7686
- error_description: typeof payload.error_description === "string" ? payload.error_description : void 0,
7687
- error_uri: typeof payload.error_uri === "string" ? payload.error_uri : void 0
7769
+ error: typeof error3 === "string" ? error3 : fallbackError,
7770
+ error_description: typeof errorDescription === "string" ? errorDescription : void 0,
7771
+ error_uri: typeof errorUri === "string" ? errorUri : void 0
7688
7772
  };
7689
7773
  }
7774
+ function getOwnEntry6(record, key2) {
7775
+ return Object.prototype.hasOwnProperty.call(record, key2) ? record[key2] : void 0;
7776
+ }
7690
7777
  function createFallbackOAuthError(status) {
7691
7778
  const error3 = status === 503 ? "temporarily_unavailable" : "server_error";
7692
7779
  return new OAuthError({ error: error3 }, status);
@@ -7791,7 +7878,11 @@ function createDefaultOAuthClientProvider(options) {
7791
7878
  while (true) {
7792
7879
  try {
7793
7880
  refreshedTokens = await refreshAccessToken({
7794
- tokenEndpoint: discovery.authorizationServerMetadata.token_endpoint,
7881
+ tokenEndpoint: requireOwnString(
7882
+ discovery.authorizationServerMetadata,
7883
+ "token_endpoint",
7884
+ "Authorization server metadata"
7885
+ ),
7795
7886
  clientId: session.client.clientId,
7796
7887
  clientSecret: session.client.clientSecret,
7797
7888
  refreshToken: session.tokens.refreshToken,
@@ -7879,7 +7970,11 @@ function createDefaultOAuthClientProvider(options) {
7879
7970
  });
7880
7971
  const code = await loopback.waitForCode(authorizationUrl);
7881
7972
  const tokens = await exchangeAuthorizationCode({
7882
- tokenEndpoint: discovery.authorizationServerMetadata.token_endpoint,
7973
+ tokenEndpoint: requireOwnString(
7974
+ discovery.authorizationServerMetadata,
7975
+ "token_endpoint",
7976
+ "Authorization server metadata"
7977
+ ),
7883
7978
  clientId: resolvedClient.client.clientId,
7884
7979
  clientSecret: resolvedClient.client.clientSecret,
7885
7980
  code,
@@ -7932,7 +8027,10 @@ function createDefaultOAuthClientProvider(options) {
7932
8027
  }
7933
8028
  };
7934
8029
  }
7935
- const registrationEndpoint = discovery.authorizationServerMetadata.registration_endpoint;
8030
+ const registrationEndpoint = getOwnString2(
8031
+ discovery.authorizationServerMetadata,
8032
+ "registration_endpoint"
8033
+ );
7936
8034
  if (registrationEndpoint === void 0 && options.client.clientId !== void 0) {
7937
8035
  return {
7938
8036
  kind: "static",
@@ -7984,12 +8082,14 @@ function createDefaultOAuthClientProvider(options) {
7984
8082
  body: JSON.stringify(registrationBody)
7985
8083
  });
7986
8084
  const payload = await readOAuthJsonObjectResponse(response);
7987
- if (typeof payload.client_id !== "string" || payload.client_id.trim().length === 0) {
8085
+ const clientId = getOwnString2(payload, "client_id");
8086
+ if (clientId === void 0 || clientId.trim().length === 0) {
7988
8087
  throw new Error("OAuth client registration response missing client_id");
7989
8088
  }
8089
+ const clientSecret = getOwnString2(payload, "client_secret");
7990
8090
  const registeredClient = {
7991
- clientId: payload.client_id,
7992
- clientSecret: typeof payload.client_secret === "string" && payload.client_secret.length > 0 ? payload.client_secret : void 0
8091
+ clientId,
8092
+ clientSecret: clientSecret !== void 0 && clientSecret.length > 0 ? clientSecret : void 0
7993
8093
  };
7994
8094
  await saveRegisteredClient(discovery.authorizationServer, registeredClient);
7995
8095
  return {
@@ -8015,12 +8115,13 @@ function createDefaultOAuthClientProvider(options) {
8015
8115
  return null;
8016
8116
  }
8017
8117
  const client = await clientStore.load(issuer);
8018
- if (client !== null && !isUsableClient(client)) {
8118
+ const normalizedClient = client === null ? null : normalizeStoredClient(client);
8119
+ if (client !== null && normalizedClient === null) {
8019
8120
  await clientStore.clear(issuer);
8020
8121
  return null;
8021
8122
  }
8022
- registeredClients.set(issuer, client);
8023
- return client;
8123
+ registeredClients.set(issuer, normalizedClient);
8124
+ return normalizedClient;
8024
8125
  }
8025
8126
  async function saveRegisteredClient(issuer, client) {
8026
8127
  registeredClients.set(issuer, client);
@@ -8036,7 +8137,7 @@ function createDefaultOAuthClientProvider(options) {
8036
8137
  }
8037
8138
  }
8038
8139
  function isProviderOptions(options) {
8039
- return "provider" in options;
8140
+ return Object.prototype.hasOwnProperty.call(options, "provider");
8040
8141
  }
8041
8142
  function isExpired(tokens, now) {
8042
8143
  return tokens.expiresAt !== null && tokens.expiresAt <= now();
@@ -8052,7 +8153,14 @@ function resolveDiscovery(discovery, session) {
8052
8153
  return void 0;
8053
8154
  }
8054
8155
  const metadata = session.discovery.authorizationServerMetadata;
8055
- if (typeof metadata.issuer !== "string" || typeof metadata.authorization_endpoint !== "string" || typeof metadata.token_endpoint !== "string" || !Array.isArray(metadata.code_challenge_methods_supported) || !metadata.code_challenge_methods_supported.includes("S256")) {
8156
+ const issuer = getOwnString2(metadata, "issuer");
8157
+ const authorizationEndpoint = getOwnString2(metadata, "authorization_endpoint");
8158
+ const tokenEndpoint = getOwnString2(metadata, "token_endpoint");
8159
+ const codeChallengeMethodsSupported = getOwnStringArray(
8160
+ metadata,
8161
+ "code_challenge_methods_supported"
8162
+ );
8163
+ if (issuer === void 0 || authorizationEndpoint === void 0 || tokenEndpoint === void 0 || codeChallengeMethodsSupported === void 0 || !codeChallengeMethodsSupported.includes("S256")) {
8056
8164
  return void 0;
8057
8165
  }
8058
8166
  return {
@@ -8076,29 +8184,94 @@ function normalizeLoadedSession(session) {
8076
8184
  if (session === null) {
8077
8185
  return null;
8078
8186
  }
8079
- if (!isUsableClient(session.client)) {
8187
+ const client = normalizeStoredClient(getOwnEntry7(session, "client"));
8188
+ if (client === null) {
8080
8189
  return { ...session, client: { clientId: "" }, tokens: void 0 };
8081
8190
  }
8082
- return isUsableTokens(session.tokens) ? session : { ...session, tokens: void 0 };
8191
+ return {
8192
+ ...session,
8193
+ client,
8194
+ tokens: normalizeStoredTokens(getOwnEntry7(session, "tokens"))
8195
+ };
8083
8196
  }
8084
- function isUsableClient(client) {
8085
- return typeof client.clientId === "string" && client.clientId.trim().length > 0 && (client.clientSecret === void 0 || typeof client.clientSecret === "string" && client.clientSecret.trim().length > 0);
8197
+ function normalizeStoredClient(value) {
8198
+ if (!isObjectRecord3(value)) {
8199
+ return null;
8200
+ }
8201
+ const clientId = getOwnString2(value, "clientId");
8202
+ if (clientId === void 0 || clientId.trim().length === 0) {
8203
+ return null;
8204
+ }
8205
+ const clientSecret = getOwnEntry7(value, "clientSecret");
8206
+ if (clientSecret === void 0) {
8207
+ return { clientId };
8208
+ }
8209
+ if (typeof clientSecret !== "string" || clientSecret.trim().length === 0) {
8210
+ return null;
8211
+ }
8212
+ return { clientId, clientSecret };
8086
8213
  }
8087
- function isUsableTokens(tokens) {
8088
- if (tokens === void 0) {
8089
- return true;
8214
+ function normalizeStoredTokens(value) {
8215
+ if (value === void 0 || !isObjectRecord3(value)) {
8216
+ return void 0;
8090
8217
  }
8091
- return typeof tokens.accessToken === "string" && tokens.accessToken.trim().length > 0 && tokens.tokenType === "Bearer" && (tokens.expiresAt === null || typeof tokens.expiresAt === "number" && Number.isFinite(tokens.expiresAt)) && (tokens.refreshToken === void 0 || typeof tokens.refreshToken === "string" && tokens.refreshToken.trim().length > 0);
8218
+ const accessToken = getOwnString2(value, "accessToken");
8219
+ const tokenType = getOwnString2(value, "tokenType");
8220
+ const expiresAt = getOwnEntry7(value, "expiresAt");
8221
+ const refreshToken = getOwnEntry7(value, "refreshToken");
8222
+ const scope = getOwnString2(value, "scope");
8223
+ const normalizedRefreshToken = typeof refreshToken === "string" ? refreshToken : void 0;
8224
+ if (accessToken === void 0 || accessToken.trim().length === 0 || tokenType !== "Bearer" || !(expiresAt === null || typeof expiresAt === "number" && Number.isFinite(expiresAt)) || refreshToken !== void 0 && (typeof refreshToken !== "string" || refreshToken.trim().length === 0)) {
8225
+ return void 0;
8226
+ }
8227
+ return {
8228
+ accessToken,
8229
+ tokenType,
8230
+ expiresAt,
8231
+ ...normalizedRefreshToken === void 0 ? {} : { refreshToken: normalizedRefreshToken },
8232
+ ...scope === void 0 || scope.length === 0 ? {} : { scope }
8233
+ };
8092
8234
  }
8093
8235
  function getClientMetadata(client) {
8094
8236
  return client.metadata;
8095
8237
  }
8238
+ function getOwnEntry7(record, key2) {
8239
+ return Object.prototype.hasOwnProperty.call(record, key2) ? record[key2] : void 0;
8240
+ }
8241
+ function isObjectRecord3(value) {
8242
+ return typeof value === "object" && value !== null && !Array.isArray(value);
8243
+ }
8244
+ function getOwnString2(record, key2) {
8245
+ const value = getOwnEntry7(record, key2);
8246
+ return typeof value === "string" ? value : void 0;
8247
+ }
8248
+ function requireOwnString(record, key2, label) {
8249
+ const value = getOwnString2(record, key2);
8250
+ if (value === void 0) {
8251
+ throw new Error(`${label} is missing ${key2}`);
8252
+ }
8253
+ return value;
8254
+ }
8255
+ function getOwnStringArray(record, key2) {
8256
+ const value = getOwnEntry7(record, key2);
8257
+ return Array.isArray(value) && value.every((entry) => typeof entry === "string") ? value : void 0;
8258
+ }
8096
8259
  function buildAuthorizationUrl(input) {
8097
- const url = new URL2(input.metadata.authorization_endpoint);
8260
+ const authorizationEndpoint = requireOwnString(
8261
+ input.metadata,
8262
+ "authorization_endpoint",
8263
+ "Authorization server metadata"
8264
+ );
8265
+ const issuer = requireOwnString(
8266
+ input.metadata,
8267
+ "issuer",
8268
+ "Authorization server metadata"
8269
+ );
8270
+ const url = new URL2(authorizationEndpoint);
8098
8271
  const resource = canonicalizeResourceIndicator(input.resource);
8099
8272
  const state = createAuthorizationState({
8100
- issuer: input.metadata.issuer,
8101
- requireIssuer: input.metadata.authorization_response_iss_parameter_supported === true
8273
+ issuer,
8274
+ requireIssuer: getOwnEntry7(input.metadata, "authorization_response_iss_parameter_supported") === true
8102
8275
  });
8103
8276
  url.searchParams.set("response_type", "code");
8104
8277
  url.searchParams.set("client_id", input.clientId);
@@ -8113,7 +8286,7 @@ function buildAuthorizationUrl(input) {
8113
8286
  return url.toString();
8114
8287
  }
8115
8288
  function assertS256PkceSupport(metadata) {
8116
- if (!metadata.code_challenge_methods_supported.includes("S256")) {
8289
+ if (!getOwnStringArray(metadata, "code_challenge_methods_supported")?.includes("S256")) {
8117
8290
  throw new Error(
8118
8291
  "Authorization server metadata must advertise code_challenge_methods_supported including S256"
8119
8292
  );
@@ -8137,13 +8310,24 @@ function assertSecureUrl(value, label) {
8137
8310
  throw new Error(`${label} must use https unless it targets a loopback host`);
8138
8311
  }
8139
8312
  function assertSecureOAuthFlowEndpoints(metadata) {
8140
- assertNoAccessTokenInUrl(metadata.authorization_endpoint, "Authorization endpoint");
8141
- assertNoAccessTokenInUrl(metadata.token_endpoint, "Token endpoint");
8142
- assertSecureUrl(metadata.authorization_endpoint, "Authorization endpoint");
8143
- assertSecureUrl(metadata.token_endpoint, "Token endpoint");
8144
- if (metadata.registration_endpoint !== void 0) {
8145
- assertNoAccessTokenInUrl(metadata.registration_endpoint, "Registration endpoint");
8146
- assertSecureUrl(metadata.registration_endpoint, "Registration endpoint");
8313
+ const authorizationEndpoint = requireOwnString(
8314
+ metadata,
8315
+ "authorization_endpoint",
8316
+ "Authorization server metadata"
8317
+ );
8318
+ const tokenEndpoint = requireOwnString(
8319
+ metadata,
8320
+ "token_endpoint",
8321
+ "Authorization server metadata"
8322
+ );
8323
+ const registrationEndpoint = getOwnString2(metadata, "registration_endpoint");
8324
+ assertNoAccessTokenInUrl(authorizationEndpoint, "Authorization endpoint");
8325
+ assertNoAccessTokenInUrl(tokenEndpoint, "Token endpoint");
8326
+ assertSecureUrl(authorizationEndpoint, "Authorization endpoint");
8327
+ assertSecureUrl(tokenEndpoint, "Token endpoint");
8328
+ if (registrationEndpoint !== void 0) {
8329
+ assertNoAccessTokenInUrl(registrationEndpoint, "Registration endpoint");
8330
+ assertSecureUrl(registrationEndpoint, "Registration endpoint");
8147
8331
  }
8148
8332
  }
8149
8333
  function assertNoAccessTokenInUrl(value, label) {
@@ -8166,17 +8350,21 @@ function buildClientRegistrationBody(metadata, redirectUri) {
8166
8350
  response_types: ["code"],
8167
8351
  token_endpoint_auth_method: "none"
8168
8352
  };
8169
- if (metadata?.clientName !== void 0 && metadata.clientName.length > 0) {
8170
- body.client_name = metadata.clientName;
8353
+ const clientName = metadata === void 0 ? void 0 : getOwnString2(metadata, "clientName");
8354
+ const scope = metadata === void 0 ? void 0 : getOwnString2(metadata, "scope");
8355
+ const softwareId = metadata === void 0 ? void 0 : getOwnString2(metadata, "softwareId");
8356
+ const softwareVersion = metadata === void 0 ? void 0 : getOwnString2(metadata, "softwareVersion");
8357
+ if (clientName !== void 0 && clientName.length > 0) {
8358
+ body.client_name = clientName;
8171
8359
  }
8172
- if (metadata?.scope !== void 0 && metadata.scope.length > 0) {
8173
- body.scope = metadata.scope;
8360
+ if (scope !== void 0 && scope.length > 0) {
8361
+ body.scope = scope;
8174
8362
  }
8175
- if (metadata?.softwareId !== void 0 && metadata.softwareId.length > 0) {
8176
- body.software_id = metadata.softwareId;
8363
+ if (softwareId !== void 0 && softwareId.length > 0) {
8364
+ body.software_id = softwareId;
8177
8365
  }
8178
- if (metadata?.softwareVersion !== void 0 && metadata.softwareVersion.length > 0) {
8179
- body.software_version = metadata.softwareVersion;
8366
+ if (softwareVersion !== void 0 && softwareVersion.length > 0) {
8367
+ body.software_version = softwareVersion;
8180
8368
  }
8181
8369
  return body;
8182
8370
  }
@@ -8212,7 +8400,7 @@ import {
8212
8400
  function defaultOAuthMetadataFetch(input, init) {
8213
8401
  return fetch(input, init);
8214
8402
  }
8215
- function isObjectRecord(value) {
8403
+ function isObjectRecord4(value) {
8216
8404
  return typeof value === "object" && value !== null && !Array.isArray(value);
8217
8405
  }
8218
8406
  function isStringArray(value) {
@@ -8235,7 +8423,7 @@ function assertSecureUrl2(url, label) {
8235
8423
  throw new Error(`${label} must use https unless it targets a loopback host`);
8236
8424
  }
8237
8425
  function validateProtectedResourceMetadata(value, resourceUrl) {
8238
- if (!isObjectRecord(value)) {
8426
+ if (!isObjectRecord4(value)) {
8239
8427
  throw new Error("Protected resource metadata must be a JSON object");
8240
8428
  }
8241
8429
  if (typeof value.resource !== "string" || value.resource.length === 0) {
@@ -8258,7 +8446,7 @@ function validateProtectedResourceMetadata(value, resourceUrl) {
8258
8446
  };
8259
8447
  }
8260
8448
  function validateAuthorizationServerMetadata(value, issuer) {
8261
- if (!isObjectRecord(value)) {
8449
+ if (!isObjectRecord4(value)) {
8262
8450
  throw new Error("Authorization server metadata must be a JSON object");
8263
8451
  }
8264
8452
  if (typeof value.issuer !== "string" || value.issuer.length === 0) {
@@ -8711,7 +8899,7 @@ var McpClient = class {
8711
8899
  await onPromptsChanged();
8712
8900
  });
8713
8901
  messageLayer.onNotification("notifications/message", async (params17) => {
8714
- if (onLog === void 0 || !isObjectRecord2(params17) || !isLogLevel(params17.level)) {
8902
+ if (onLog === void 0 || !isObjectRecord5(params17) || !isLogLevel(params17.level)) {
8715
8903
  return;
8716
8904
  }
8717
8905
  if (!hasOwn(params17, "data")) {
@@ -8730,7 +8918,7 @@ var McpClient = class {
8730
8918
  await onLog(message2);
8731
8919
  });
8732
8920
  messageLayer.onNotification("notifications/progress", async (params17) => {
8733
- if (onProgress === void 0 || !isObjectRecord2(params17)) {
8921
+ if (onProgress === void 0 || !isObjectRecord5(params17)) {
8734
8922
  return;
8735
8923
  }
8736
8924
  const { progressToken, progress } = params17;
@@ -9931,7 +10119,7 @@ var JsonRpcMessageLayer = class {
9931
10119
  })();
9932
10120
  }
9933
10121
  handleCancellationNotification(params17) {
9934
- if (!isObjectRecord2(params17)) {
10122
+ if (!isObjectRecord5(params17)) {
9935
10123
  return;
9936
10124
  }
9937
10125
  const requestId = params17.requestId;
@@ -9946,34 +10134,34 @@ var JsonRpcMessageLayer = class {
9946
10134
  this.activeIncomingRequests.delete(requestId);
9947
10135
  }
9948
10136
  };
9949
- function isObjectRecord2(value) {
10137
+ function isObjectRecord5(value) {
9950
10138
  return typeof value === "object" && value !== null && !Array.isArray(value);
9951
10139
  }
9952
10140
  function isInitializeResult(value) {
9953
- if (!isObjectRecord2(value) || typeof value.protocolVersion !== "string") {
10141
+ if (!isObjectRecord5(value) || typeof value.protocolVersion !== "string") {
9954
10142
  return false;
9955
10143
  }
9956
10144
  if (!isServerCapabilities(value.capabilities)) {
9957
10145
  return false;
9958
10146
  }
9959
- if (!isObjectRecord2(value.serverInfo) || typeof value.serverInfo.name !== "string" || value.serverInfo.name.length === 0 || typeof value.serverInfo.version !== "string" || value.serverInfo.version.length === 0) {
10147
+ if (!isObjectRecord5(value.serverInfo) || typeof value.serverInfo.name !== "string" || value.serverInfo.name.length === 0 || typeof value.serverInfo.version !== "string" || value.serverInfo.version.length === 0) {
9960
10148
  return false;
9961
10149
  }
9962
10150
  return value.instructions === void 0 || typeof value.instructions === "string";
9963
10151
  }
9964
10152
  function isServerCapabilities(value) {
9965
- if (!isObjectRecord2(value)) {
10153
+ if (!isObjectRecord5(value)) {
9966
10154
  return false;
9967
10155
  }
9968
10156
  for (const capability of ["prompts", "resources", "tools", "logging", "completions", "experimental"]) {
9969
- if (value[capability] !== void 0 && !isObjectRecord2(value[capability])) {
10157
+ if (value[capability] !== void 0 && !isObjectRecord5(value[capability])) {
9970
10158
  return false;
9971
10159
  }
9972
10160
  }
9973
10161
  return true;
9974
10162
  }
9975
10163
  function isCallToolResult(value) {
9976
- if (!isObjectRecord2(value) || !Array.isArray(value.content)) {
10164
+ if (!isObjectRecord5(value) || !Array.isArray(value.content)) {
9977
10165
  return false;
9978
10166
  }
9979
10167
  if (value.isError !== void 0 && typeof value.isError !== "boolean") {
@@ -9982,10 +10170,10 @@ function isCallToolResult(value) {
9982
10170
  return value.content.every(isContentItem);
9983
10171
  }
9984
10172
  function isToolsListResult(value) {
9985
- return isObjectRecord2(value) && Array.isArray(value.tools) && (value.nextCursor === void 0 || typeof value.nextCursor === "string");
10173
+ return isObjectRecord5(value) && Array.isArray(value.tools) && (value.nextCursor === void 0 || typeof value.nextCursor === "string");
9986
10174
  }
9987
10175
  function isContentItem(value) {
9988
- if (!isObjectRecord2(value)) {
10176
+ if (!isObjectRecord5(value)) {
9989
10177
  return false;
9990
10178
  }
9991
10179
  if (value.type === "text") {
@@ -9994,7 +10182,7 @@ function isContentItem(value) {
9994
10182
  if (value.type === "image" || value.type === "audio") {
9995
10183
  return typeof value.data === "string" && typeof value.mimeType === "string";
9996
10184
  }
9997
- if (value.type !== "resource" || !isObjectRecord2(value.resource)) {
10185
+ if (value.type !== "resource" || !isObjectRecord5(value.resource)) {
9998
10186
  return false;
9999
10187
  }
10000
10188
  return typeof value.resource.uri === "string" && (value.resource.mimeType === void 0 || typeof value.resource.mimeType === "string") && (typeof value.resource.text === "string" || typeof value.resource.blob === "string");
@@ -10018,7 +10206,7 @@ function invalidRequest() {
10018
10206
  return new McpError(ERROR_INVALID_REQUEST, "Invalid Request");
10019
10207
  }
10020
10208
  function isJsonRpcErrorObject(value) {
10021
- if (!isObjectRecord2(value)) {
10209
+ if (!isObjectRecord5(value)) {
10022
10210
  return false;
10023
10211
  }
10024
10212
  if (typeof value.code !== "number" || typeof value.message !== "string") {
@@ -10027,7 +10215,7 @@ function isJsonRpcErrorObject(value) {
10027
10215
  return value.data === void 0 || hasOwn(value, "data");
10028
10216
  }
10029
10217
  function parseJsonRpcPayload(parsed) {
10030
- if (!isObjectRecord2(parsed)) {
10218
+ if (!isObjectRecord5(parsed)) {
10031
10219
  return {
10032
10220
  type: "invalid",
10033
10221
  id: null,
@@ -10354,7 +10542,11 @@ function convertObjectSchema(schema, root, options) {
10354
10542
  "properties",
10355
10543
  key2
10356
10544
  ]);
10357
- shape[key2] = requiredKeys.has(key2) ? convertedProperty : S.Optional(convertedProperty);
10545
+ setOwnShapeProperty(
10546
+ shape,
10547
+ key2,
10548
+ requiredKeys.has(key2) ? convertedProperty : S.Optional(convertedProperty)
10549
+ );
10358
10550
  }
10359
10551
  return applyMetadata(
10360
10552
  S.Object(shape, {
@@ -10366,6 +10558,14 @@ function convertObjectSchema(schema, root, options) {
10366
10558
  }
10367
10559
  );
10368
10560
  }
10561
+ function setOwnShapeProperty(shape, key2, value) {
10562
+ Object.defineProperty(shape, key2, {
10563
+ configurable: true,
10564
+ enumerable: true,
10565
+ writable: true,
10566
+ value
10567
+ });
10568
+ }
10369
10569
  function createCommonOptions(schema, nullable, defaultValue) {
10370
10570
  return {
10371
10571
  ...schema.description === void 0 ? {} : { description: schema.description },
@@ -10616,6 +10816,9 @@ function resolveLocalRef(root, ref) {
10616
10816
  if (!isPlainObject(current)) {
10617
10817
  return void 0;
10618
10818
  }
10819
+ if (!Object.prototype.hasOwnProperty.call(current, segment)) {
10820
+ return void 0;
10821
+ }
10619
10822
  current = current[segment];
10620
10823
  }
10621
10824
  return isPlainObject(current) ? current : void 0;
@@ -10864,16 +11067,34 @@ async function readCache(cachePath) {
10864
11067
  }
10865
11068
  async function writeCache(cachePath, cache) {
10866
11069
  const directory = path12.dirname(cachePath);
10867
- const tempPath = `${cachePath}.tmp-${randomUUID2()}`;
11070
+ const tempPath = `${cachePath}.tmp-${randomUUID4()}`;
11071
+ let tempCreated = false;
10868
11072
  await assertCachePathHasNoSymlinks(cachePath);
10869
11073
  await assertCachePathHasNoSymlinks(tempPath);
10870
11074
  await mkdir(directory, { recursive: true });
10871
11075
  await assertCachePathHasNoSymlinks(directory);
10872
- await writeFile3(tempPath, `${JSON.stringify(cache, null, 2)}
10873
- `);
10874
- await assertCachePathHasNoSymlinks(tempPath);
10875
- await assertCachePathHasNoSymlinks(cachePath);
10876
- await rename2(tempPath, cachePath);
11076
+ try {
11077
+ await writeFile3(tempPath, `${JSON.stringify(cache, null, 2)}
11078
+ `, {
11079
+ encoding: "utf8",
11080
+ flag: "wx"
11081
+ });
11082
+ tempCreated = true;
11083
+ await assertCachePathHasNoSymlinks(tempPath);
11084
+ await assertCachePathHasNoSymlinks(cachePath);
11085
+ await rename2(tempPath, cachePath);
11086
+ tempCreated = false;
11087
+ } catch (error3) {
11088
+ if (tempCreated || !isAlreadyExistsError2(error3)) {
11089
+ await unlink2(tempPath).catch(() => void 0);
11090
+ }
11091
+ throw error3;
11092
+ }
11093
+ }
11094
+ function isAlreadyExistsError2(error3) {
11095
+ return Boolean(
11096
+ error3 && typeof error3 === "object" && error3.code === "EEXIST"
11097
+ );
10877
11098
  }
10878
11099
  async function fetchCache(name, config2) {
10879
11100
  const logger2 = createLogger((message2) => {
@@ -11613,7 +11834,7 @@ async function writeErrorReport(context) {
11613
11834
  }
11614
11835
  const projectRoot = resolveProjectRoot(context.projectRoot);
11615
11836
  const reportDir = resolveReportDir(context.errorReports, projectRoot);
11616
- const fileName = `${formatTimestamp(/* @__PURE__ */ new Date())}-${slugifyCommandPath(context.commandPath)}-${randomUUID3()}.log`;
11837
+ const fileName = `${formatTimestamp(/* @__PURE__ */ new Date())}-${slugifyCommandPath(context.commandPath)}-${randomUUID5()}.log`;
11617
11838
  const absolutePath = path13.join(reportDir, fileName);
11618
11839
  await mkdir2(reportDir, { recursive: true });
11619
11840
  if (reportDirMustStayWithinProject(context.errorReports)) {
@@ -13092,10 +13313,10 @@ function renderHelpSections(sections) {
13092
13313
  return sections.filter((section) => section.length > 0).join("\n\n");
13093
13314
  }
13094
13315
  function formatHelpCommandList(rows) {
13095
- return process.stdout.isTTY === false ? help_formatter_plain_exports.formatCommandList(rows) : formatCommandList(rows);
13316
+ return process.stdout.isTTY !== true ? help_formatter_plain_exports.formatCommandList(rows) : formatCommandList(rows);
13096
13317
  }
13097
13318
  function formatHelpOptionList(rows) {
13098
- return process.stdout.isTTY === false ? help_formatter_plain_exports.formatOptionList(rows) : formatOptionList(rows);
13319
+ return process.stdout.isTTY !== true ? help_formatter_plain_exports.formatOptionList(rows) : formatOptionList(rows);
13099
13320
  }
13100
13321
  function buildUsageLine(breadcrumb, rootUsageName, suffix) {
13101
13322
  const visibleBreadcrumb = breadcrumb.filter((segment) => segment.length > 0);
@@ -13383,11 +13604,18 @@ function formatResolvedValue(value) {
13383
13604
  function fieldPromptLabel(field) {
13384
13605
  return field.positionalIndex === void 0 ? field.optionFlag : `<${field.displayPath}>`;
13385
13606
  }
13607
+ function enumOptionLabel(schema, value) {
13608
+ const key2 = String(value);
13609
+ if (schema.labels === void 0 || !Object.prototype.hasOwnProperty.call(schema.labels, key2)) {
13610
+ return key2;
13611
+ }
13612
+ return schema.labels[key2] ?? key2;
13613
+ }
13386
13614
  async function promptForField(field) {
13387
13615
  const schema = field.schema;
13388
13616
  if (schema.kind === "enum") {
13389
13617
  const options = schema.loadOptions ? await schema.loadOptions() : schema.values.map((value) => ({
13390
- label: schema.labels?.[String(value)] ?? String(value),
13618
+ label: enumOptionLabel(schema, value),
13391
13619
  value
13392
13620
  }));
13393
13621
  const selected = await select2({
@@ -13472,8 +13700,8 @@ async function withOutputFormat2(output, fn) {
13472
13700
  function createFs2() {
13473
13701
  return {
13474
13702
  readFile: async (path24, encoding = "utf8") => readFile4(path24, { encoding }),
13475
- writeFile: async (path24, contents) => {
13476
- await writeFile5(path24, contents);
13703
+ writeFile: async (path24, contents, options) => {
13704
+ await writeFile5(path24, contents, options);
13477
13705
  },
13478
13706
  exists: async (path24) => {
13479
13707
  try {
@@ -13485,7 +13713,7 @@ function createFs2() {
13485
13713
  },
13486
13714
  lstat: async (path24) => lstat3(path24),
13487
13715
  rename: async (fromPath, toPath) => rename3(fromPath, toPath),
13488
- unlink: async (path24) => unlink2(path24)
13716
+ unlink: async (path24) => unlink3(path24)
13489
13717
  };
13490
13718
  }
13491
13719
  function createEnv2(values = process.env) {
@@ -14741,7 +14969,7 @@ function isGraphQLErrorEnvelopeLike(body) {
14741
14969
  });
14742
14970
  }
14743
14971
  function styleHttpErrorLine(value, style) {
14744
- return process.stdout.isTTY === false ? value : style(value);
14972
+ return process.stdout.isTTY !== true ? value : style(value);
14745
14973
  }
14746
14974
  function formatHttpErrorStatus(value) {
14747
14975
  return styleHttpErrorLine(value, text.error);
@@ -15223,7 +15451,7 @@ async function runCLI(roots, options = {}) {
15223
15451
  }
15224
15452
 
15225
15453
  // src/terminal-pilot.ts
15226
- import { randomUUID as randomUUID4 } from "node:crypto";
15454
+ import { randomUUID as randomUUID6 } from "node:crypto";
15227
15455
 
15228
15456
  // src/terminal-session.ts
15229
15457
  import { EventEmitter } from "node:events";
@@ -15232,6 +15460,11 @@ import { createRequire } from "node:module";
15232
15460
  import { dirname, join } from "node:path";
15233
15461
  import * as nodePty from "node-pty";
15234
15462
 
15463
+ // src/errors.ts
15464
+ function hasOwnErrorCode(error3, code) {
15465
+ return error3 instanceof Error && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === code;
15466
+ }
15467
+
15235
15468
  // src/terminal-buffer.ts
15236
15469
  var RESET_SGR = "\x1B[0m";
15237
15470
  var DEC_SPECIAL_GRAPHICS = {
@@ -16331,10 +16564,7 @@ function ensureSpawnHelperExecutable() {
16331
16564
  }
16332
16565
  }
16333
16566
  function isMissingFileError(error3) {
16334
- if (!(error3 instanceof Error)) {
16335
- return false;
16336
- }
16337
- return "code" in error3 && error3.code === "ENOENT";
16567
+ return hasOwnErrorCode(error3, "ENOENT");
16338
16568
  }
16339
16569
  function matchPattern(buffer, pattern) {
16340
16570
  const clean = normalizeHistoryBuffer(stripAnsi(buffer));
@@ -16425,7 +16655,7 @@ var TerminalPilot = class _TerminalPilot {
16425
16655
  }
16426
16656
  async newSession(opts) {
16427
16657
  const session = new TerminalSession({
16428
- id: randomUUID4(),
16658
+ id: randomUUID6(),
16429
16659
  command: opts.command,
16430
16660
  args: opts.args,
16431
16661
  cwd: opts.cwd,
@@ -16711,6 +16941,11 @@ var claudeCodeAgent = {
16711
16941
  aliases: ["claude"],
16712
16942
  binaryName: "claude",
16713
16943
  apiShapes: ["anthropic-messages"],
16944
+ otelCapture: {
16945
+ env: {
16946
+ CLAUDE_CODE_ENABLE_TELEMETRY: "1"
16947
+ }
16948
+ },
16714
16949
  configPath: "~/.claude/settings.json",
16715
16950
  branding: {
16716
16951
  colors: {
@@ -16743,6 +16978,16 @@ var codexAgent = {
16743
16978
  summary: "Configure Codex to use Poe as the model provider.",
16744
16979
  binaryName: "codex",
16745
16980
  apiShapes: ["openai-responses"],
16981
+ otelCapture: {
16982
+ args: (endpoint, content) => [
16983
+ "-c",
16984
+ `otel.trace_exporter={"otlp-http"={endpoint=${JSON.stringify(`${endpoint}/v1/traces`)},protocol="json"}}`,
16985
+ "-c",
16986
+ `otel.exporter={"otlp-http"={endpoint=${JSON.stringify(`${endpoint}/v1/logs`)},protocol="json"}}`,
16987
+ "-c",
16988
+ `otel.log_user_prompt=${content}`
16989
+ ]
16990
+ },
16746
16991
  configPath: "~/.codex/config.toml",
16747
16992
  branding: {
16748
16993
  colors: {
@@ -16778,6 +17023,11 @@ var openCodeAgent = {
16778
17023
  summary: "Configure OpenCode CLI to use the Poe API.",
16779
17024
  binaryName: "opencode",
16780
17025
  apiShapes: ["openai-chat-completions"],
17026
+ otelCapture: {
17027
+ env: {
17028
+ OPENCODE_CONFIG_CONTENT: '{"experimental":{"openTelemetry":true}}'
17029
+ }
17030
+ },
16781
17031
  configPath: "~/.config/opencode/config.json",
16782
17032
  branding: {
16783
17033
  colors: {
@@ -16813,6 +17063,7 @@ var gooseAgent = {
16813
17063
  summary: "Block's open-source AI agent with ACP support.",
16814
17064
  binaryName: "goose",
16815
17065
  apiShapes: ["openai-chat-completions"],
17066
+ otelCapture: {},
16816
17067
  configPath: "~/.config/goose/config.yaml",
16817
17068
  branding: {
16818
17069
  colors: {
@@ -16846,6 +17097,12 @@ function freezeAgent(agent) {
16846
17097
  if (agent.apiShapes !== void 0) {
16847
17098
  Object.freeze(agent.apiShapes);
16848
17099
  }
17100
+ if (agent.otelCapture?.env !== void 0) {
17101
+ Object.freeze(agent.otelCapture.env);
17102
+ }
17103
+ if (agent.otelCapture !== void 0) {
17104
+ Object.freeze(agent.otelCapture);
17105
+ }
16849
17106
  Object.freeze(agent.branding.colors);
16850
17107
  Object.freeze(agent.branding);
16851
17108
  return Object.freeze(agent);
@@ -17009,6 +17266,7 @@ var templateMutation = {
17009
17266
  };
17010
17267
 
17011
17268
  // ../config-mutations/src/execution/apply-mutation.ts
17269
+ import { randomUUID as randomUUID7 } from "node:crypto";
17012
17270
  import path17 from "node:path";
17013
17271
 
17014
17272
  // ../config-mutations/src/formats/json.ts
@@ -17084,7 +17342,7 @@ function merge(base, patch) {
17084
17342
  if (value === void 0) {
17085
17343
  continue;
17086
17344
  }
17087
- const existing = result[key2];
17345
+ const existing = hasConfigEntry(result, key2) ? result[key2] : void 0;
17088
17346
  if (isConfigObject(existing) && isConfigObject(value)) {
17089
17347
  setConfigEntry(result, key2, merge(existing, value));
17090
17348
  continue;
@@ -17212,7 +17470,7 @@ function merge2(base, patch) {
17212
17470
  if (value === void 0) {
17213
17471
  continue;
17214
17472
  }
17215
- const existing = result[key2];
17473
+ const existing = hasConfigEntry(result, key2) ? result[key2] : void 0;
17216
17474
  if (isConfigObject2(existing) && isConfigObject2(value)) {
17217
17475
  setConfigEntry(result, key2, merge2(existing, value));
17218
17476
  continue;
@@ -17292,7 +17550,7 @@ function merge3(base, patch) {
17292
17550
  if (value === void 0) {
17293
17551
  continue;
17294
17552
  }
17295
- const existing = result[key2];
17553
+ const existing = hasConfigEntry(result, key2) ? result[key2] : void 0;
17296
17554
  if (isConfigObject3(existing) && isConfigObject3(value)) {
17297
17555
  setConfigEntry(result, key2, merge3(existing, value));
17298
17556
  continue;
@@ -17429,7 +17687,7 @@ function resolvePath(rawPath, homeDir, pathMapper) {
17429
17687
 
17430
17688
  // ../config-mutations/src/fs-utils.ts
17431
17689
  function isNotFound(error3) {
17432
- return typeof error3 === "object" && error3 !== null && "code" in error3 && error3.code === "ENOENT";
17690
+ return typeof error3 === "object" && error3 !== null && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === "ENOENT";
17433
17691
  }
17434
17692
  async function readFileIfExists(fs4, target) {
17435
17693
  try {
@@ -17478,6 +17736,7 @@ async function backupInvalidDocument(context, targetPath, content) {
17478
17736
  return;
17479
17737
  } catch (error3) {
17480
17738
  if (!isAlreadyExists(error3)) {
17739
+ await context.fs.unlink(backupPath).catch(() => void 0);
17481
17740
  throw error3;
17482
17741
  }
17483
17742
  attempt += 1;
@@ -17485,7 +17744,7 @@ async function backupInvalidDocument(context, targetPath, content) {
17485
17744
  }
17486
17745
  }
17487
17746
  function isAlreadyExists(error3) {
17488
- return Boolean(error3 && typeof error3 === "object" && "code" in error3 && error3.code === "EEXIST");
17747
+ return typeof error3 === "object" && error3 !== null && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === "EEXIST";
17489
17748
  }
17490
17749
  async function assertRegularWriteTarget(context, targetPath) {
17491
17750
  const boundary = path17.dirname(path17.resolve(context.homeDir));
@@ -17509,28 +17768,34 @@ async function assertRegularWriteTarget(context, targetPath) {
17509
17768
  }
17510
17769
  async function writeAtomically2(context, targetPath, content) {
17511
17770
  await assertRegularWriteTarget(context, targetPath);
17512
- let attempt = 0;
17513
- while (true) {
17514
- const tempPath = `${targetPath}.mutation-tmp-${attempt}`;
17771
+ for (let attempt = 0; attempt < 10; attempt += 1) {
17772
+ const tempPath = `${targetPath}.mutation-tmp-${process.pid}-${randomUUID7()}`;
17773
+ let tempCreated = false;
17515
17774
  try {
17775
+ await assertRegularWriteTarget(context, tempPath);
17516
17776
  await context.fs.writeFile(tempPath, content, { encoding: "utf8", flag: "wx" });
17777
+ tempCreated = true;
17517
17778
  await context.fs.rename(tempPath, targetPath);
17779
+ tempCreated = false;
17518
17780
  return;
17519
17781
  } catch (error3) {
17520
- if (isAlreadyExists(error3)) {
17521
- attempt += 1;
17522
- continue;
17523
- }
17524
- try {
17525
- await context.fs.unlink(tempPath);
17526
- } catch (cleanupError) {
17527
- if (!isNotFound(cleanupError)) {
17528
- void cleanupError;
17782
+ const alreadyExists = isAlreadyExists(error3);
17783
+ if (tempCreated || !alreadyExists) {
17784
+ try {
17785
+ await context.fs.unlink(tempPath);
17786
+ } catch (cleanupError) {
17787
+ if (!isNotFound(cleanupError)) {
17788
+ void cleanupError;
17789
+ }
17529
17790
  }
17530
17791
  }
17792
+ if (alreadyExists) {
17793
+ continue;
17794
+ }
17531
17795
  throw error3;
17532
17796
  }
17533
17797
  }
17798
+ throw new Error(`Unable to create temporary mutation file for ${targetPath}.`);
17534
17799
  }
17535
17800
  function describeMutation(kind, targetPath) {
17536
17801
  const displayPath = targetPath ?? "target";
@@ -17822,6 +18087,7 @@ async function applyBackup(mutation, context, options) {
17822
18087
  break;
17823
18088
  } catch (error3) {
17824
18089
  if (!isAlreadyExists(error3)) {
18090
+ await context.fs.unlink(backupPath).catch(() => void 0);
17825
18091
  throw error3;
17826
18092
  }
17827
18093
  attempt += 1;
@@ -18229,7 +18495,7 @@ async function pathExists2(fs4, targetPath) {
18229
18495
  await fs4.stat(targetPath);
18230
18496
  return true;
18231
18497
  } catch (error3) {
18232
- if (error3 && typeof error3 === "object" && "code" in error3 && error3.code === "ENOENT") {
18498
+ if (typeof error3 === "object" && error3 !== null && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === "ENOENT") {
18233
18499
  return false;
18234
18500
  }
18235
18501
  throw error3;
@@ -18288,12 +18554,13 @@ import path19 from "node:path";
18288
18554
 
18289
18555
  // ../agent-skill-config/src/git-exclude.ts
18290
18556
  import { execFileSync } from "node:child_process";
18557
+ import { randomUUID as randomUUID8 } from "node:crypto";
18291
18558
  import * as fs2 from "node:fs";
18292
18559
  import path20 from "node:path";
18293
18560
 
18294
18561
  // ../agent-skill-config/src/bridge-active-skills.ts
18295
18562
  import * as fs3 from "node:fs";
18296
- import { createHash as createHash4, randomUUID as randomUUID5 } from "node:crypto";
18563
+ import { createHash as createHash4, randomUUID as randomUUID9 } from "node:crypto";
18297
18564
  import path21 from "node:path";
18298
18565
 
18299
18566
  // src/commands/installer.ts
@@ -18306,7 +18573,7 @@ var DEFAULT_INSTALL_SCOPE = "local";
18306
18573
  var TERMINAL_PILOT_SKILL_NAME = "terminal-pilot";
18307
18574
  var installableAgents = supportedAgents;
18308
18575
  function isNotFoundError2(error3) {
18309
- return typeof error3 === "object" && error3 !== null && "code" in error3 && error3.code === "ENOENT";
18576
+ return hasOwnErrorCode(error3, "ENOENT");
18310
18577
  }
18311
18578
  function resolveInstallerServices(installer) {
18312
18579
  return {
@@ -18537,7 +18804,7 @@ var resize = defineCommand({
18537
18804
  });
18538
18805
 
18539
18806
  // ../terminal-png/src/index.ts
18540
- import { randomUUID as randomUUID6 } from "node:crypto";
18807
+ import { randomUUID as randomUUID10 } from "node:crypto";
18541
18808
  import { rename as rename4, rm, writeFile as writeFile6 } from "node:fs/promises";
18542
18809
 
18543
18810
  // ../terminal-png/src/ansi-parser.ts
@@ -19477,21 +19744,28 @@ async function renderTerminalPng(ansiText, options = {}) {
19477
19744
  });
19478
19745
  const png = renderPng(svg);
19479
19746
  if (options.output) {
19480
- const temporaryPath = `${options.output}.${randomUUID6()}.tmp`;
19747
+ const temporaryPath = `${options.output}.${randomUUID10()}.tmp`;
19748
+ let temporaryCreated = false;
19481
19749
  try {
19482
19750
  await writeFile6(temporaryPath, png, { flag: "wx" });
19751
+ temporaryCreated = true;
19483
19752
  await rename4(temporaryPath, options.output);
19484
19753
  } catch (error3) {
19485
- try {
19486
- await rm(temporaryPath, { force: true });
19487
- } catch (cleanupError) {
19488
- void cleanupError;
19754
+ if (temporaryCreated || !isAlreadyExistsError3(error3)) {
19755
+ try {
19756
+ await rm(temporaryPath, { force: true });
19757
+ } catch (cleanupError) {
19758
+ void cleanupError;
19759
+ }
19489
19760
  }
19490
19761
  throw error3;
19491
19762
  }
19492
19763
  }
19493
19764
  return png;
19494
19765
  }
19766
+ function isAlreadyExistsError3(error3) {
19767
+ return error3 instanceof Error && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === "EEXIST";
19768
+ }
19495
19769
 
19496
19770
  // src/commands/screenshot.ts
19497
19771
  var params11 = S.Object({
@@ -19554,7 +19828,7 @@ var type = defineCommand({
19554
19828
  });
19555
19829
 
19556
19830
  // src/commands/uninstall.ts
19557
- import { randomUUID as randomUUID7 } from "node:crypto";
19831
+ import { randomUUID as randomUUID11 } from "node:crypto";
19558
19832
  var params14 = S.Object({
19559
19833
  agent: S.Enum(installableAgents, {
19560
19834
  description: "Agent to uninstall terminal-pilot from",
@@ -19590,7 +19864,7 @@ var uninstall = defineCommand({
19590
19864
  if (!await folderExists(services.fs, skill.fullPath)) {
19591
19865
  continue;
19592
19866
  }
19593
- const stagingPath = `${skill.fullPath}.removing-${randomUUID7()}`;
19867
+ const stagingPath = `${skill.fullPath}.removing-${randomUUID11()}`;
19594
19868
  await services.fs.rename(skill.fullPath, stagingPath);
19595
19869
  staged.push({ ...skill, stagingPath });
19596
19870
  }
@@ -19616,7 +19890,7 @@ async function folderExists(fs4, folderPath) {
19616
19890
  await fs4.stat(folderPath);
19617
19891
  return true;
19618
19892
  } catch (error3) {
19619
- if (typeof error3 === "object" && error3 !== null && "code" in error3 && error3.code === "ENOENT") {
19893
+ if (hasOwnErrorCode(error3, "ENOENT")) {
19620
19894
  return false;
19621
19895
  }
19622
19896
  throw error3;