terminal-pilot 0.0.21 → 0.0.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (58) hide show
  1. package/dist/cli.js +467 -193
  2. package/dist/cli.js.map +4 -4
  3. package/dist/commands/close-session.js +6 -4
  4. package/dist/commands/close-session.js.map +3 -3
  5. package/dist/commands/create-session.js +6 -4
  6. package/dist/commands/create-session.js.map +3 -3
  7. package/dist/commands/fill.js +6 -4
  8. package/dist/commands/fill.js.map +3 -3
  9. package/dist/commands/get-session.js +6 -4
  10. package/dist/commands/get-session.js.map +3 -3
  11. package/dist/commands/index.js +79 -33
  12. package/dist/commands/index.js.map +4 -4
  13. package/dist/commands/install.js +64 -20
  14. package/dist/commands/install.js.map +4 -4
  15. package/dist/commands/installer.js +36 -2
  16. package/dist/commands/installer.js.map +4 -4
  17. package/dist/commands/list-sessions.js +6 -4
  18. package/dist/commands/list-sessions.js.map +3 -3
  19. package/dist/commands/press-key.js +6 -4
  20. package/dist/commands/press-key.js.map +3 -3
  21. package/dist/commands/read-history.js +6 -4
  22. package/dist/commands/read-history.js.map +3 -3
  23. package/dist/commands/read-screen.js +6 -4
  24. package/dist/commands/read-screen.js.map +3 -3
  25. package/dist/commands/resize.js +6 -4
  26. package/dist/commands/resize.js.map +3 -3
  27. package/dist/commands/runtime.js +6 -4
  28. package/dist/commands/runtime.js.map +3 -3
  29. package/dist/commands/screenshot.js +17 -8
  30. package/dist/commands/screenshot.js.map +3 -3
  31. package/dist/commands/send-signal.js +6 -4
  32. package/dist/commands/send-signal.js.map +3 -3
  33. package/dist/commands/type.js +6 -4
  34. package/dist/commands/type.js.map +3 -3
  35. package/dist/commands/uninstall.js +39 -5
  36. package/dist/commands/uninstall.js.map +4 -4
  37. package/dist/commands/wait-for-exit.js +6 -4
  38. package/dist/commands/wait-for-exit.js.map +3 -3
  39. package/dist/commands/wait-for.js +6 -4
  40. package/dist/commands/wait-for.js.map +3 -3
  41. package/dist/errors.d.ts +1 -0
  42. package/dist/errors.js +8 -0
  43. package/dist/errors.js.map +7 -0
  44. package/dist/index.js +8 -4
  45. package/dist/index.js.map +3 -3
  46. package/dist/terminal-pilot.js +6 -4
  47. package/dist/terminal-pilot.js.map +3 -3
  48. package/dist/terminal-session.js +6 -4
  49. package/dist/terminal-session.js.map +3 -3
  50. package/dist/testing/cli-repl.js +467 -193
  51. package/dist/testing/cli-repl.js.map +4 -4
  52. package/dist/testing/qa-cli.js +467 -193
  53. package/dist/testing/qa-cli.js.map +4 -4
  54. package/node_modules/@poe-code/agent-skill-config/dist/apply.js +4 -1
  55. package/node_modules/@poe-code/agent-skill-config/dist/bridge-active-skills.js +1 -1
  56. package/node_modules/@poe-code/agent-skill-config/dist/git-exclude.js +17 -9
  57. package/node_modules/@poe-code/agent-skill-config/dist/templates.js +4 -1
  58. package/package.json +1 -1
@@ -90,7 +90,7 @@ import path23 from "node:path";
90
90
  import { fileURLToPath as fileURLToPath5 } from "node:url";
91
91
 
92
92
  // ../toolcraft/src/cli.ts
93
- import { access as access2, lstat as lstat3, readFile as readFile4, rename as rename3, unlink as unlink2, writeFile as writeFile5 } from "node:fs/promises";
93
+ import { access as access2, lstat as lstat3, readFile as readFile4, rename as rename3, unlink as unlink3, writeFile as writeFile5 } from "node:fs/promises";
94
94
  import path14 from "node:path";
95
95
  import {
96
96
  Command as CommanderCommand,
@@ -2806,27 +2806,27 @@ function validateMachine(machine) {
2806
2806
  if (!isRecord(machine)) {
2807
2807
  throw new TypeError("State machine must be an object.");
2808
2808
  }
2809
- if (!isStateList(machine.states)) {
2809
+ if (!hasOwnRecordField(machine, "states") || !isStateList(machine.states)) {
2810
2810
  throw new TypeError("State machine states must be a string array.");
2811
2811
  }
2812
2812
  const states = new Set(machine.states);
2813
- if (typeof machine.initial !== "string") {
2813
+ if (!hasOwnRecordField(machine, "initial") || typeof machine.initial !== "string") {
2814
2814
  throw new TypeError("State machine initial must be a string.");
2815
2815
  }
2816
2816
  if (!states.has(machine.initial)) {
2817
2817
  throw new Error(`Initial state "${machine.initial}" is not declared.`);
2818
2818
  }
2819
- if (!isRecord(machine.events)) {
2819
+ if (!hasOwnRecordField(machine, "events") || !isRecord(machine.events)) {
2820
2820
  throw new TypeError("State machine events must be an object.");
2821
2821
  }
2822
2822
  for (const [eventName, event] of Object.entries(machine.events)) {
2823
2823
  if (!isRecord(event)) {
2824
2824
  throw new TypeError(`Event "${eventName}" must be an object.`);
2825
2825
  }
2826
- if (event.from !== "*" && !isStateList(event.from)) {
2826
+ if (!hasOwnRecordField(event, "from") || event.from !== "*" && !isStateList(event.from)) {
2827
2827
  throw new TypeError(`Event "${eventName}" has an invalid "from" definition.`);
2828
2828
  }
2829
- if (typeof event.to !== "string") {
2829
+ if (!hasOwnRecordField(event, "to") || typeof event.to !== "string") {
2830
2830
  throw new TypeError(`Event "${eventName}" target state must be a string.`);
2831
2831
  }
2832
2832
  if (!states.has(event.to)) {
@@ -2841,6 +2841,9 @@ function validateMachine(machine) {
2841
2841
  }
2842
2842
  }
2843
2843
  }
2844
+ function hasOwnRecordField(record, key2) {
2845
+ return Object.prototype.hasOwnProperty.call(record, key2);
2846
+ }
2844
2847
  function eventsFromState(machine, fromState) {
2845
2848
  const events = [];
2846
2849
  for (const [eventName, event] of Object.entries(machine.events)) {
@@ -3112,6 +3115,7 @@ function resolveEndpoint(options = {}) {
3112
3115
  }
3113
3116
 
3114
3117
  // ../task-list/src/backends/utils.ts
3118
+ import { randomUUID as randomUUID2 } from "node:crypto";
3115
3119
  import path6 from "node:path";
3116
3120
  function compareCreated(left, right) {
3117
3121
  const leftCreated = typeof left.raw.created === "string" ? left.raw.created : "";
@@ -3132,9 +3136,8 @@ function applyOrder(entries, order) {
3132
3136
  }
3133
3137
  return entries.map((entry) => entry.task);
3134
3138
  }
3135
- var tmpFileCounter = 0;
3136
3139
  function hasErrorCode(error3, code) {
3137
- return !!error3 && typeof error3 === "object" && "code" in error3 && error3.code === code;
3140
+ return !!error3 && typeof error3 === "object" && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === code;
3138
3141
  }
3139
3142
  function isRecord2(value) {
3140
3143
  return typeof value === "object" && value !== null && !Array.isArray(value);
@@ -3181,18 +3184,22 @@ async function rejectSymbolicLinkComponents(fs4, filePath) {
3181
3184
  }
3182
3185
  }
3183
3186
  async function writeAtomically(fs4, filePath, content) {
3184
- const tempPath = `${filePath}.tmp-${process.pid}-${tmpFileCounter}`;
3185
- tmpFileCounter += 1;
3187
+ const tempPath = `${filePath}.${process.pid}.${randomUUID2()}.tmp`;
3188
+ let tempCreated = false;
3186
3189
  await fs4.mkdir(path6.dirname(filePath), { recursive: true });
3187
3190
  try {
3188
3191
  await fs4.writeFile(tempPath, content, { encoding: "utf8", flag: "wx" });
3192
+ tempCreated = true;
3189
3193
  await fs4.rename(tempPath, filePath);
3194
+ tempCreated = false;
3190
3195
  } catch (error3) {
3191
- try {
3192
- await fs4.unlink(tempPath);
3193
- } catch (unlinkError) {
3194
- if (!hasErrorCode(unlinkError, "ENOENT")) {
3195
- throw unlinkError;
3196
+ if (tempCreated || !hasErrorCode(error3, "EEXIST")) {
3197
+ try {
3198
+ await fs4.unlink(tempPath);
3199
+ } catch (unlinkError) {
3200
+ if (!hasErrorCode(unlinkError, "ENOENT")) {
3201
+ throw unlinkError;
3202
+ }
3196
3203
  }
3197
3204
  }
3198
3205
  throw error3;
@@ -3206,6 +3213,7 @@ async function withFileLock(fs4, lockPath, operation) {
3206
3213
  break;
3207
3214
  } catch (error3) {
3208
3215
  if (!hasErrorCode(error3, "EEXIST")) {
3216
+ await fs4.unlink(lockPath).catch(() => void 0);
3209
3217
  throw error3;
3210
3218
  }
3211
3219
  if (await removeAbandonedLock(fs4, lockPath)) {
@@ -4489,27 +4497,30 @@ function readFrontmatter(frontmatterContent, filePath) {
4489
4497
  return parsed;
4490
4498
  }
4491
4499
  function assertValidTaskRecord(frontmatter, filePath, validStates) {
4492
- if ("$schema" in frontmatter && frontmatter.$schema !== TASK_SCHEMA_ID) {
4500
+ if (hasOwnTaskField(frontmatter, "$schema") && frontmatter.$schema !== TASK_SCHEMA_ID) {
4493
4501
  throw malformedTask(filePath, "$schema");
4494
4502
  }
4495
- if ("kind" in frontmatter && frontmatter.kind !== TASK_KIND) {
4503
+ if (hasOwnTaskField(frontmatter, "kind") && frontmatter.kind !== TASK_KIND) {
4496
4504
  throw malformedTask(filePath, "kind");
4497
4505
  }
4498
- if ("version" in frontmatter) {
4506
+ if (hasOwnTaskField(frontmatter, "version")) {
4499
4507
  if (typeof frontmatter.version !== "number" || !Number.isInteger(frontmatter.version) || frontmatter.version !== TASK_VERSION) {
4500
4508
  throw malformedTask(filePath, "version");
4501
4509
  }
4502
4510
  }
4503
- if (typeof frontmatter.name !== "string" || frontmatter.name.length === 0) {
4511
+ if (!hasOwnTaskField(frontmatter, "name") || typeof frontmatter.name !== "string" || frontmatter.name.length === 0) {
4504
4512
  throw malformedTask(filePath, "name");
4505
4513
  }
4506
- if (typeof frontmatter.state !== "string" || !validStates.has(frontmatter.state)) {
4514
+ if (!hasOwnTaskField(frontmatter, "state") || typeof frontmatter.state !== "string" || !validStates.has(frontmatter.state)) {
4507
4515
  throw malformedTask(filePath, "state");
4508
4516
  }
4509
- if ("description" in frontmatter && typeof frontmatter.description !== "string") {
4517
+ if (hasOwnTaskField(frontmatter, "description") && typeof frontmatter.description !== "string") {
4510
4518
  throw malformedTask(filePath, "description");
4511
4519
  }
4512
4520
  }
4521
+ function hasOwnTaskField(frontmatter, key2) {
4522
+ return Object.prototype.hasOwnProperty.call(frontmatter, key2);
4523
+ }
4513
4524
  function reservedFrontmatterKeys(mode) {
4514
4525
  return mode === "passthrough" ? PASSTHROUGH_RESERVED_FRONTMATTER_KEYS : RESERVED_FRONTMATTER_KEYS;
4515
4526
  }
@@ -5358,7 +5369,8 @@ function parseQualifiedId3(qualifiedId) {
5358
5369
  };
5359
5370
  }
5360
5371
  function descriptionFromTaskRecord(taskRecord) {
5361
- return typeof taskRecord.description === "string" ? taskRecord.description : "";
5372
+ const description = getOwnEntry(taskRecord, "description");
5373
+ return typeof description === "string" ? description : "";
5362
5374
  }
5363
5375
  function metadataFromTaskRecord(taskRecord) {
5364
5376
  const metadata = /* @__PURE__ */ Object.create(null);
@@ -5374,8 +5386,8 @@ function createTask2(list, id, taskRecord, sourcePath) {
5374
5386
  list,
5375
5387
  id,
5376
5388
  qualifiedId: `${list}/${id}`,
5377
- name: taskRecord.name,
5378
- state: taskRecord.state,
5389
+ name: getOwnEntry(taskRecord, "name"),
5390
+ state: getOwnEntry(taskRecord, "state"),
5379
5391
  description: descriptionFromTaskRecord(taskRecord),
5380
5392
  metadata: metadataFromTaskRecord(taskRecord),
5381
5393
  ...sourcePath !== void 0 && { sourcePath: path8.resolve(sourcePath) }
@@ -5472,16 +5484,17 @@ function assertValidStoreRecord(store, filePath) {
5472
5484
  if (!isRecord2(store)) {
5473
5485
  throw malformedStore(filePath, "store");
5474
5486
  }
5475
- if (store.$schema !== STORE_SCHEMA_ID) {
5487
+ if (getOwnEntry(store, "$schema") !== STORE_SCHEMA_ID) {
5476
5488
  throw malformedStore(filePath, "$schema");
5477
5489
  }
5478
- if (store.kind !== STORE_KIND) {
5490
+ if (getOwnEntry(store, "kind") !== STORE_KIND) {
5479
5491
  throw malformedStore(filePath, "kind");
5480
5492
  }
5481
- if (typeof store.version !== "number" || !Number.isInteger(store.version) || store.version !== STORE_VERSION) {
5493
+ const version = getOwnEntry(store, "version");
5494
+ if (typeof version !== "number" || !Number.isInteger(version) || version !== STORE_VERSION) {
5482
5495
  throw malformedStore(filePath, "version");
5483
5496
  }
5484
- if (!isRecord2(store.lists)) {
5497
+ if (!isRecord2(getOwnEntry(store, "lists"))) {
5485
5498
  throw malformedStore(filePath, "lists");
5486
5499
  }
5487
5500
  }
@@ -5489,29 +5502,38 @@ function assertValidTaskRecord2(taskRecord, list, id, validStates) {
5489
5502
  if (!isRecord2(taskRecord)) {
5490
5503
  throw malformedTask2(list, id, "task");
5491
5504
  }
5492
- if ("$schema" in taskRecord && taskRecord.$schema !== TASK_SCHEMA_ID2) {
5505
+ if (hasOwnTaskField2(taskRecord, "$schema") && getOwnEntry(taskRecord, "$schema") !== TASK_SCHEMA_ID2) {
5493
5506
  throw malformedTask2(list, id, "$schema");
5494
5507
  }
5495
- if ("kind" in taskRecord && taskRecord.kind !== TASK_KIND2) {
5508
+ if (hasOwnTaskField2(taskRecord, "kind") && getOwnEntry(taskRecord, "kind") !== TASK_KIND2) {
5496
5509
  throw malformedTask2(list, id, "kind");
5497
5510
  }
5498
- if ("version" in taskRecord) {
5499
- if (typeof taskRecord.version !== "number" || !Number.isInteger(taskRecord.version) || taskRecord.version !== TASK_VERSION2) {
5511
+ if (hasOwnTaskField2(taskRecord, "version")) {
5512
+ const version = getOwnEntry(taskRecord, "version");
5513
+ if (typeof version !== "number" || !Number.isInteger(version) || version !== TASK_VERSION2) {
5500
5514
  throw malformedTask2(list, id, "version");
5501
5515
  }
5502
5516
  }
5503
- if (typeof taskRecord.name !== "string" || taskRecord.name.length === 0) {
5517
+ const name = getOwnEntry(taskRecord, "name");
5518
+ if (!hasOwnTaskField2(taskRecord, "name") || typeof name !== "string" || name.length === 0) {
5504
5519
  throw malformedTask2(list, id, "name");
5505
5520
  }
5506
- if (typeof taskRecord.state !== "string" || !validStates.has(taskRecord.state)) {
5521
+ const state = getOwnEntry(taskRecord, "state");
5522
+ if (!hasOwnTaskField2(taskRecord, "state") || typeof state !== "string" || !validStates.has(state)) {
5507
5523
  throw malformedTask2(list, id, "state");
5508
5524
  }
5509
- if ("description" in taskRecord && typeof taskRecord.description !== "string") {
5525
+ if (hasOwnTaskField2(taskRecord, "description") && typeof getOwnEntry(taskRecord, "description") !== "string") {
5510
5526
  throw malformedTask2(list, id, "description");
5511
5527
  }
5512
5528
  }
5529
+ function hasOwnTaskField2(taskRecord, key2) {
5530
+ return Object.prototype.hasOwnProperty.call(taskRecord, key2);
5531
+ }
5532
+ function getOwnEntry(record, key2) {
5533
+ return Object.prototype.hasOwnProperty.call(record, key2) ? record[key2] : void 0;
5534
+ }
5513
5535
  function validateStoreEntries(store, filePath, validStates) {
5514
- const lists = store.lists;
5536
+ const lists = getOwnEntry(store, "lists");
5515
5537
  if (!isRecord2(lists)) {
5516
5538
  throw malformedStore(filePath, "lists");
5517
5539
  }
@@ -5551,10 +5573,11 @@ async function readStore(fs4, filePath, validStates) {
5551
5573
  };
5552
5574
  }
5553
5575
  function getListsRecord(store) {
5554
- return store.lists;
5576
+ const lists = getOwnEntry(store, "lists");
5577
+ return isRecord2(lists) ? lists : {};
5555
5578
  }
5556
5579
  function getListRecord(store, list) {
5557
- const listRecord = getListsRecord(store)[list];
5580
+ const listRecord = getOwnEntry(getListsRecord(store), list);
5558
5581
  return isRecord2(listRecord) ? listRecord : void 0;
5559
5582
  }
5560
5583
  function getTaskRecord(store, list, id) {
@@ -5847,7 +5870,7 @@ async function yamlFileBackend(deps) {
5847
5870
  const result = [];
5848
5871
  const listNames = sortStrings(Object.keys(getListsRecord(store)));
5849
5872
  for (const listName of listNames) {
5850
- const listRecord = getListsRecord(store)[listName];
5873
+ const listRecord = getOwnEntry(getListsRecord(store), listName);
5851
5874
  if (!isRecord2(listRecord)) continue;
5852
5875
  const entries = Object.entries(listRecord).map(([id, taskRecord]) => ({
5853
5876
  task: createTask2(listName, id, taskRecord, deps.path),
@@ -6481,8 +6504,8 @@ function createHandlerContext(command, params17) {
6481
6504
  function createFs() {
6482
6505
  return {
6483
6506
  readFile: async (path25, encoding = "utf8") => readFile2(path25, { encoding }),
6484
- writeFile: async (path25, contents) => {
6485
- await writeFile2(path25, contents);
6507
+ writeFile: async (path25, contents, options) => {
6508
+ await writeFile2(path25, contents, options);
6486
6509
  },
6487
6510
  exists: async (path25) => {
6488
6511
  try {
@@ -6771,16 +6794,16 @@ function isMissingStateError(error3) {
6771
6794
 
6772
6795
  // ../toolcraft/src/error-report.ts
6773
6796
  import { mkdir as mkdir2, realpath as realpath2, writeFile as writeFile4 } from "node:fs/promises";
6774
- import { randomUUID as randomUUID3 } from "node:crypto";
6797
+ import { randomUUID as randomUUID5 } from "node:crypto";
6775
6798
  import os from "node:os";
6776
6799
  import path13 from "node:path";
6777
6800
  import { CommanderError } from "commander";
6778
6801
 
6779
6802
  // ../toolcraft/src/mcp-proxy.ts
6780
6803
  import { existsSync as existsSync2 } from "node:fs";
6781
- import { lstat as lstat2, mkdir, readFile as readFile3, rename as rename2, writeFile as writeFile3 } from "node:fs/promises";
6804
+ import { lstat as lstat2, mkdir, readFile as readFile3, rename as rename2, unlink as unlink2, writeFile as writeFile3 } from "node:fs/promises";
6782
6805
  import path12 from "node:path";
6783
- import { createHash as createHash3, randomUUID as randomUUID2 } from "node:crypto";
6806
+ import { createHash as createHash3, randomUUID as randomUUID4 } from "node:crypto";
6784
6807
 
6785
6808
  // ../tiny-mcp-client/src/internal.ts
6786
6809
  import { spawn as spawn5 } from "node:child_process";
@@ -6791,7 +6814,7 @@ import crypto from "node:crypto";
6791
6814
  import path11 from "node:path";
6792
6815
 
6793
6816
  // ../auth-store/src/encrypted-file-store.ts
6794
- import { createCipheriv, createDecipheriv, randomBytes as randomBytes4, scrypt } from "node:crypto";
6817
+ import { createCipheriv, createDecipheriv, randomBytes as randomBytes4, randomUUID as randomUUID3, scrypt } from "node:crypto";
6795
6818
  import { promises as fs } from "node:fs";
6796
6819
  import { homedir, hostname, userInfo } from "node:os";
6797
6820
  import path10 from "node:path";
@@ -6802,7 +6825,6 @@ var ENCRYPTION_KEY_BYTES = 32;
6802
6825
  var ENCRYPTION_IV_BYTES = 12;
6803
6826
  var ENCRYPTION_AUTH_TAG_BYTES = 16;
6804
6827
  var ENCRYPTION_FILE_MODE = 384;
6805
- var temporaryFileSequence = 0;
6806
6828
  var EncryptedFileStore = class {
6807
6829
  fs;
6808
6830
  filePath;
@@ -6834,7 +6856,7 @@ var EncryptedFileStore = class {
6834
6856
  this.getRandomBytes = input.getRandomBytes ?? randomBytes4;
6835
6857
  }
6836
6858
  async get() {
6837
- await this.assertRegularCredentialPath();
6859
+ await this.assertCredentialPathHasNoSymbolicLinks(this.filePath);
6838
6860
  let rawDocument;
6839
6861
  try {
6840
6862
  rawDocument = await this.fs.readFile(this.filePath, "utf8");
@@ -6865,7 +6887,7 @@ var EncryptedFileStore = class {
6865
6887
  }
6866
6888
  }
6867
6889
  async set(value) {
6868
- await this.assertRegularCredentialPath();
6890
+ await this.assertCredentialPathHasNoSymbolicLinks(this.filePath);
6869
6891
  const key2 = await this.getEncryptionKey();
6870
6892
  const iv = this.getRandomBytes(ENCRYPTION_IV_BYTES);
6871
6893
  const cipher = createCipheriv(ENCRYPTION_ALGORITHM, key2, iv);
@@ -6881,25 +6903,28 @@ var EncryptedFileStore = class {
6881
6903
  ciphertext: ciphertext.toString("base64")
6882
6904
  };
6883
6905
  await this.fs.mkdir(path10.dirname(this.filePath), { recursive: true });
6884
- await this.assertRegularCredentialPath();
6885
- const temporaryPath = `${this.filePath}.${process.pid}.${temporaryFileSequence++}.tmp`;
6906
+ await this.assertCredentialPathHasNoSymbolicLinks(this.filePath);
6907
+ const temporaryPath = `${this.filePath}.${process.pid}.${randomUUID3()}.tmp`;
6908
+ let temporaryCreated = false;
6886
6909
  try {
6910
+ await this.assertCredentialPathHasNoSymbolicLinks(temporaryPath);
6887
6911
  await this.fs.writeFile(temporaryPath, JSON.stringify(document), {
6888
6912
  encoding: "utf8",
6889
6913
  flag: "wx",
6890
6914
  mode: ENCRYPTION_FILE_MODE
6891
6915
  });
6916
+ temporaryCreated = true;
6892
6917
  await this.fs.chmod(temporaryPath, ENCRYPTION_FILE_MODE);
6893
6918
  await this.fs.rename(temporaryPath, this.filePath);
6894
6919
  } catch (error3) {
6895
- if (!isAlreadyExistsError(error3)) {
6920
+ if (temporaryCreated || !isAlreadyExistsError(error3)) {
6896
6921
  await removeIfPresent(this.fs, temporaryPath).catch(() => void 0);
6897
6922
  }
6898
6923
  throw error3;
6899
6924
  }
6900
6925
  }
6901
6926
  async delete() {
6902
- await this.assertRegularCredentialPath();
6927
+ await this.assertCredentialPathHasNoSymbolicLinks(this.filePath);
6903
6928
  try {
6904
6929
  await this.fs.unlink(this.filePath);
6905
6930
  } catch (error3) {
@@ -6908,8 +6933,8 @@ var EncryptedFileStore = class {
6908
6933
  }
6909
6934
  }
6910
6935
  }
6911
- async assertRegularCredentialPath() {
6912
- const resolvedPath = path10.resolve(this.filePath);
6936
+ async assertCredentialPathHasNoSymbolicLinks(targetPath) {
6937
+ const resolvedPath = path10.resolve(targetPath);
6913
6938
  const protectedPaths = getProtectedCredentialPaths(
6914
6939
  resolvedPath,
6915
6940
  this.symbolicLinkCheckStartPath
@@ -6974,9 +6999,6 @@ async function removeIfPresent(fileSystem, filePath) {
6974
6999
  }
6975
7000
  }
6976
7001
  }
6977
- function isAlreadyExistsError(error3) {
6978
- return typeof error3 === "object" && error3 !== null && "code" in error3 && error3.code === "EEXIST";
6979
- }
6980
7002
  function defaultMachineIdentity() {
6981
7003
  return {
6982
7004
  hostname: hostname(),
@@ -7014,17 +7036,21 @@ function parseEncryptedDocument(raw) {
7014
7036
  if (!isRecord4(parsed)) {
7015
7037
  return null;
7016
7038
  }
7017
- if (parsed.version !== ENCRYPTION_VERSION) {
7039
+ const version = getOwnEntry2(parsed, "version");
7040
+ const iv = getOwnEntry2(parsed, "iv");
7041
+ const authTag = getOwnEntry2(parsed, "authTag");
7042
+ const ciphertext = getOwnEntry2(parsed, "ciphertext");
7043
+ if (version !== ENCRYPTION_VERSION) {
7018
7044
  return null;
7019
7045
  }
7020
- if (typeof parsed.iv !== "string" || typeof parsed.authTag !== "string" || typeof parsed.ciphertext !== "string") {
7046
+ if (typeof iv !== "string" || typeof authTag !== "string" || typeof ciphertext !== "string") {
7021
7047
  return null;
7022
7048
  }
7023
7049
  return {
7024
- version: parsed.version,
7025
- iv: parsed.iv,
7026
- authTag: parsed.authTag,
7027
- ciphertext: parsed.ciphertext
7050
+ version,
7051
+ iv,
7052
+ authTag,
7053
+ ciphertext
7028
7054
  };
7029
7055
  } catch {
7030
7056
  return null;
@@ -7033,9 +7059,17 @@ function parseEncryptedDocument(raw) {
7033
7059
  function isRecord4(value) {
7034
7060
  return Boolean(value && typeof value === "object" && !Array.isArray(value));
7035
7061
  }
7062
+ function getOwnEntry2(record, key2) {
7063
+ return Object.prototype.hasOwnProperty.call(record, key2) ? record[key2] : void 0;
7064
+ }
7036
7065
  function isNotFoundError(error3) {
7037
7066
  return Boolean(
7038
- error3 && typeof error3 === "object" && "code" in error3 && error3.code === "ENOENT"
7067
+ error3 && typeof error3 === "object" && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === "ENOENT"
7068
+ );
7069
+ }
7070
+ function isAlreadyExistsError(error3) {
7071
+ return Boolean(
7072
+ error3 && typeof error3 === "object" && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === "EEXIST"
7039
7073
  );
7040
7074
  }
7041
7075
 
@@ -7057,8 +7091,8 @@ var KeychainStore = class {
7057
7091
  ["find-generic-password", "-s", this.service, "-a", this.account, "-w"],
7058
7092
  "read secret from macOS Keychain"
7059
7093
  );
7060
- if (result.exitCode === 0) {
7061
- return stripTrailingLineBreak(result.stdout);
7094
+ if (getCommandExitCode(result) === 0) {
7095
+ return stripTrailingLineBreak(getCommandOutput(result, "stdout"));
7062
7096
  }
7063
7097
  if (isKeychainEntryNotFound(result)) {
7064
7098
  return null;
@@ -7082,7 +7116,7 @@ var KeychainStore = class {
7082
7116
  "store secret in macOS Keychain",
7083
7117
  { stdin: value }
7084
7118
  );
7085
- if (result.exitCode !== 0) {
7119
+ if (getCommandExitCode(result) !== 0) {
7086
7120
  throw createSecurityCliFailure("store secret in macOS Keychain", result);
7087
7121
  }
7088
7122
  }
@@ -7091,7 +7125,7 @@ var KeychainStore = class {
7091
7125
  ["delete-generic-password", "-s", this.service, "-a", this.account],
7092
7126
  "delete secret from macOS Keychain"
7093
7127
  );
7094
- if (result.exitCode === 0 || isKeychainEntryNotFound(result)) {
7128
+ if (getCommandExitCode(result) === 0 || isKeychainEntryNotFound(result)) {
7095
7129
  return;
7096
7130
  }
7097
7131
  throw createSecurityCliFailure("delete secret from macOS Keychain", result);
@@ -7170,16 +7204,28 @@ function stripTrailingLineBreak(value) {
7170
7204
  return value;
7171
7205
  }
7172
7206
  function isKeychainEntryNotFound(result) {
7173
- return result.exitCode === KEYCHAIN_ITEM_NOT_FOUND_EXIT_CODE;
7207
+ return getCommandExitCode(result) === KEYCHAIN_ITEM_NOT_FOUND_EXIT_CODE;
7174
7208
  }
7175
7209
  function createSecurityCliFailure(operation, result) {
7176
- const details = result.stderr.trim() || result.stdout.trim();
7210
+ const exitCode = getCommandExitCode(result);
7211
+ const details = getCommandOutput(result, "stderr").trim() || getCommandOutput(result, "stdout").trim();
7177
7212
  if (details) {
7178
7213
  return new Error(
7179
- `Failed to ${operation}: security exited with code ${result.exitCode}: ${details}`
7214
+ `Failed to ${operation}: security exited with code ${exitCode}: ${details}`
7180
7215
  );
7181
7216
  }
7182
- return new Error(`Failed to ${operation}: security exited with code ${result.exitCode}`);
7217
+ return new Error(`Failed to ${operation}: security exited with code ${exitCode}`);
7218
+ }
7219
+ function getCommandExitCode(result) {
7220
+ const value = getOwnEntry3(result, "exitCode");
7221
+ return typeof value === "number" && Number.isInteger(value) ? value : 1;
7222
+ }
7223
+ function getCommandOutput(result, key2) {
7224
+ const value = getOwnEntry3(result, key2);
7225
+ return typeof value === "string" ? value : "";
7226
+ }
7227
+ function getOwnEntry3(record, key2) {
7228
+ return Object.prototype.hasOwnProperty.call(record, key2) ? record[key2] : void 0;
7183
7229
  }
7184
7230
 
7185
7231
  // ../auth-store/src/create-secret-store.ts
@@ -7212,7 +7258,7 @@ function createSecretStore(input) {
7212
7258
  }
7213
7259
  function resolveBackend(input) {
7214
7260
  const envVar = input.backendEnvVar ?? DEFAULT_BACKEND_ENV_VAR;
7215
- const configuredBackend = input.backend ?? input.env?.[envVar] ?? process.env[envVar];
7261
+ const configuredBackend = input.backend ?? getOwnEnvValue(input.env, envVar) ?? getOwnEnvValue(process.env, envVar);
7216
7262
  if (configuredBackend === "keychain") {
7217
7263
  return "keychain";
7218
7264
  }
@@ -7221,6 +7267,9 @@ function resolveBackend(input) {
7221
7267
  }
7222
7268
  throw new Error(`Unsupported auth store backend: ${configuredBackend}`);
7223
7269
  }
7270
+ function getOwnEnvValue(env, key2) {
7271
+ return env !== void 0 && Object.prototype.hasOwnProperty.call(env, key2) ? env[key2] : void 0;
7272
+ }
7224
7273
 
7225
7274
  // ../mcp-oauth/src/resource-indicator.ts
7226
7275
  function canonicalizeResourceIndicator(value) {
@@ -7274,8 +7323,13 @@ function createAuthStoreClientStore(options) {
7274
7323
  return null;
7275
7324
  }
7276
7325
  const parsed = JSON.parse(value);
7277
- if (typeof parsed === "object" && parsed !== null && !Array.isArray(parsed) && typeof parsed.clientId === "string") {
7278
- return parsed;
7326
+ const clientId = isObjectRecord(parsed) ? getOwnString(parsed, "clientId") : void 0;
7327
+ if (clientId !== void 0) {
7328
+ const client = { clientId };
7329
+ if (isObjectRecord(parsed) && Object.prototype.hasOwnProperty.call(parsed, "clientSecret")) {
7330
+ client.clientSecret = getOwnEntry4(parsed, "clientSecret");
7331
+ }
7332
+ return client;
7279
7333
  }
7280
7334
  throw new Error("Stored OAuth client must be a JSON object with clientId");
7281
7335
  },
@@ -7334,6 +7388,16 @@ function createIssuerSecretStore(issuer, options) {
7334
7388
  }
7335
7389
  );
7336
7390
  }
7391
+ function isObjectRecord(value) {
7392
+ return typeof value === "object" && value !== null && !Array.isArray(value);
7393
+ }
7394
+ function getOwnEntry4(record, key2) {
7395
+ return Object.prototype.hasOwnProperty.call(record, key2) ? record[key2] : void 0;
7396
+ }
7397
+ function getOwnString(record, key2) {
7398
+ const value = getOwnEntry4(record, key2);
7399
+ return typeof value === "string" ? value : void 0;
7400
+ }
7337
7401
 
7338
7402
  // ../mcp-oauth/src/client/default-oauth-client-provider.ts
7339
7403
  import { URL as URL2 } from "node:url";
@@ -7359,17 +7423,30 @@ function parseAuthorizationState(value) {
7359
7423
  try {
7360
7424
  const decoded = Buffer.from(value, "base64url").toString("utf8");
7361
7425
  const parsed = JSON.parse(decoded);
7362
- if (parsed.v !== 1 || typeof parsed.n !== "string" || parsed.n.length === 0 || typeof parsed.i !== "string" || parsed.i.length === 0 || typeof parsed.r !== "boolean") {
7426
+ if (!isObjectRecord2(parsed)) {
7427
+ return null;
7428
+ }
7429
+ const version = getOwnEntry5(parsed, "v");
7430
+ const nonce = getOwnEntry5(parsed, "n");
7431
+ const issuer = getOwnEntry5(parsed, "i");
7432
+ const requireIssuer = getOwnEntry5(parsed, "r");
7433
+ if (version !== 1 || typeof nonce !== "string" || nonce.length === 0 || typeof issuer !== "string" || issuer.length === 0 || typeof requireIssuer !== "boolean") {
7363
7434
  return null;
7364
7435
  }
7365
7436
  return {
7366
- issuer: parsed.i,
7367
- requireIssuer: parsed.r
7437
+ issuer,
7438
+ requireIssuer
7368
7439
  };
7369
7440
  } catch {
7370
7441
  return null;
7371
7442
  }
7372
7443
  }
7444
+ function isObjectRecord2(value) {
7445
+ return typeof value === "object" && value !== null && !Array.isArray(value);
7446
+ }
7447
+ function getOwnEntry5(record, key2) {
7448
+ return Object.prototype.hasOwnProperty.call(record, key2) ? record[key2] : void 0;
7449
+ }
7373
7450
 
7374
7451
  // ../mcp-oauth/src/client/loopback-authorization.ts
7375
7452
  async function createLoopbackAuthorizationSession(options = {}) {
@@ -7646,22 +7723,26 @@ async function requestTokens(input) {
7646
7723
  body: body.toString()
7647
7724
  });
7648
7725
  const payload = await readOAuthJsonObjectResponse(response);
7649
- if (typeof payload.access_token !== "string" || payload.access_token.trim().length === 0) {
7726
+ const accessToken = getOwnEntry6(payload, "access_token");
7727
+ if (typeof accessToken !== "string" || accessToken.trim().length === 0) {
7650
7728
  throw new Error("OAuth token response missing access_token");
7651
7729
  }
7652
- const tokenType = normalizeBearerTokenType(payload.token_type);
7730
+ const tokenType = normalizeBearerTokenType(getOwnEntry6(payload, "token_type"));
7653
7731
  if (tokenType === null) {
7654
7732
  throw new Error("OAuth token response missing token_type=Bearer");
7655
7733
  }
7656
- if (typeof payload.expires_in === "number" && Number.isFinite(payload.expires_in) && payload.expires_in < 0) {
7734
+ const expiresIn = getOwnEntry6(payload, "expires_in");
7735
+ if (typeof expiresIn === "number" && Number.isFinite(expiresIn) && expiresIn < 0) {
7657
7736
  throw new Error("OAuth token response has invalid expires_in");
7658
7737
  }
7738
+ const refreshToken = getOwnEntry6(payload, "refresh_token");
7739
+ const scope = getOwnEntry6(payload, "scope");
7659
7740
  return {
7660
- accessToken: payload.access_token,
7661
- refreshToken: typeof payload.refresh_token === "string" && payload.refresh_token.length > 0 ? payload.refresh_token : void 0,
7741
+ accessToken,
7742
+ refreshToken: typeof refreshToken === "string" && refreshToken.length > 0 ? refreshToken : void 0,
7662
7743
  tokenType,
7663
- expiresAt: typeof payload.expires_in === "number" && Number.isFinite(payload.expires_in) ? input.now() + payload.expires_in * 1e3 : null,
7664
- scope: typeof payload.scope === "string" && payload.scope.length > 0 ? payload.scope : void 0
7744
+ expiresAt: typeof expiresIn === "number" && Number.isFinite(expiresIn) ? input.now() + expiresIn * 1e3 : null,
7745
+ scope: typeof scope === "string" && scope.length > 0 ? scope : void 0
7665
7746
  };
7666
7747
  }
7667
7748
  async function readOAuthJsonObjectResponse(response) {
@@ -7688,12 +7769,18 @@ async function readOAuthJsonObjectResponse(response) {
7688
7769
  return record;
7689
7770
  }
7690
7771
  function readOAuthError(payload, fallbackError = "server_error") {
7772
+ const error3 = getOwnEntry6(payload, "error");
7773
+ const errorDescription = getOwnEntry6(payload, "error_description");
7774
+ const errorUri = getOwnEntry6(payload, "error_uri");
7691
7775
  return {
7692
- error: typeof payload.error === "string" ? payload.error : fallbackError,
7693
- error_description: typeof payload.error_description === "string" ? payload.error_description : void 0,
7694
- error_uri: typeof payload.error_uri === "string" ? payload.error_uri : void 0
7776
+ error: typeof error3 === "string" ? error3 : fallbackError,
7777
+ error_description: typeof errorDescription === "string" ? errorDescription : void 0,
7778
+ error_uri: typeof errorUri === "string" ? errorUri : void 0
7695
7779
  };
7696
7780
  }
7781
+ function getOwnEntry6(record, key2) {
7782
+ return Object.prototype.hasOwnProperty.call(record, key2) ? record[key2] : void 0;
7783
+ }
7697
7784
  function createFallbackOAuthError(status) {
7698
7785
  const error3 = status === 503 ? "temporarily_unavailable" : "server_error";
7699
7786
  return new OAuthError({ error: error3 }, status);
@@ -7798,7 +7885,11 @@ function createDefaultOAuthClientProvider(options) {
7798
7885
  while (true) {
7799
7886
  try {
7800
7887
  refreshedTokens = await refreshAccessToken({
7801
- tokenEndpoint: discovery.authorizationServerMetadata.token_endpoint,
7888
+ tokenEndpoint: requireOwnString(
7889
+ discovery.authorizationServerMetadata,
7890
+ "token_endpoint",
7891
+ "Authorization server metadata"
7892
+ ),
7802
7893
  clientId: session.client.clientId,
7803
7894
  clientSecret: session.client.clientSecret,
7804
7895
  refreshToken: session.tokens.refreshToken,
@@ -7886,7 +7977,11 @@ function createDefaultOAuthClientProvider(options) {
7886
7977
  });
7887
7978
  const code = await loopback.waitForCode(authorizationUrl);
7888
7979
  const tokens = await exchangeAuthorizationCode({
7889
- tokenEndpoint: discovery.authorizationServerMetadata.token_endpoint,
7980
+ tokenEndpoint: requireOwnString(
7981
+ discovery.authorizationServerMetadata,
7982
+ "token_endpoint",
7983
+ "Authorization server metadata"
7984
+ ),
7890
7985
  clientId: resolvedClient.client.clientId,
7891
7986
  clientSecret: resolvedClient.client.clientSecret,
7892
7987
  code,
@@ -7939,7 +8034,10 @@ function createDefaultOAuthClientProvider(options) {
7939
8034
  }
7940
8035
  };
7941
8036
  }
7942
- const registrationEndpoint = discovery.authorizationServerMetadata.registration_endpoint;
8037
+ const registrationEndpoint = getOwnString2(
8038
+ discovery.authorizationServerMetadata,
8039
+ "registration_endpoint"
8040
+ );
7943
8041
  if (registrationEndpoint === void 0 && options.client.clientId !== void 0) {
7944
8042
  return {
7945
8043
  kind: "static",
@@ -7991,12 +8089,14 @@ function createDefaultOAuthClientProvider(options) {
7991
8089
  body: JSON.stringify(registrationBody)
7992
8090
  });
7993
8091
  const payload = await readOAuthJsonObjectResponse(response);
7994
- if (typeof payload.client_id !== "string" || payload.client_id.trim().length === 0) {
8092
+ const clientId = getOwnString2(payload, "client_id");
8093
+ if (clientId === void 0 || clientId.trim().length === 0) {
7995
8094
  throw new Error("OAuth client registration response missing client_id");
7996
8095
  }
8096
+ const clientSecret = getOwnString2(payload, "client_secret");
7997
8097
  const registeredClient = {
7998
- clientId: payload.client_id,
7999
- clientSecret: typeof payload.client_secret === "string" && payload.client_secret.length > 0 ? payload.client_secret : void 0
8098
+ clientId,
8099
+ clientSecret: clientSecret !== void 0 && clientSecret.length > 0 ? clientSecret : void 0
8000
8100
  };
8001
8101
  await saveRegisteredClient(discovery.authorizationServer, registeredClient);
8002
8102
  return {
@@ -8022,12 +8122,13 @@ function createDefaultOAuthClientProvider(options) {
8022
8122
  return null;
8023
8123
  }
8024
8124
  const client = await clientStore.load(issuer);
8025
- if (client !== null && !isUsableClient(client)) {
8125
+ const normalizedClient = client === null ? null : normalizeStoredClient(client);
8126
+ if (client !== null && normalizedClient === null) {
8026
8127
  await clientStore.clear(issuer);
8027
8128
  return null;
8028
8129
  }
8029
- registeredClients.set(issuer, client);
8030
- return client;
8130
+ registeredClients.set(issuer, normalizedClient);
8131
+ return normalizedClient;
8031
8132
  }
8032
8133
  async function saveRegisteredClient(issuer, client) {
8033
8134
  registeredClients.set(issuer, client);
@@ -8043,7 +8144,7 @@ function createDefaultOAuthClientProvider(options) {
8043
8144
  }
8044
8145
  }
8045
8146
  function isProviderOptions(options) {
8046
- return "provider" in options;
8147
+ return Object.prototype.hasOwnProperty.call(options, "provider");
8047
8148
  }
8048
8149
  function isExpired(tokens, now) {
8049
8150
  return tokens.expiresAt !== null && tokens.expiresAt <= now();
@@ -8059,7 +8160,14 @@ function resolveDiscovery(discovery, session) {
8059
8160
  return void 0;
8060
8161
  }
8061
8162
  const metadata = session.discovery.authorizationServerMetadata;
8062
- if (typeof metadata.issuer !== "string" || typeof metadata.authorization_endpoint !== "string" || typeof metadata.token_endpoint !== "string" || !Array.isArray(metadata.code_challenge_methods_supported) || !metadata.code_challenge_methods_supported.includes("S256")) {
8163
+ const issuer = getOwnString2(metadata, "issuer");
8164
+ const authorizationEndpoint = getOwnString2(metadata, "authorization_endpoint");
8165
+ const tokenEndpoint = getOwnString2(metadata, "token_endpoint");
8166
+ const codeChallengeMethodsSupported = getOwnStringArray(
8167
+ metadata,
8168
+ "code_challenge_methods_supported"
8169
+ );
8170
+ if (issuer === void 0 || authorizationEndpoint === void 0 || tokenEndpoint === void 0 || codeChallengeMethodsSupported === void 0 || !codeChallengeMethodsSupported.includes("S256")) {
8063
8171
  return void 0;
8064
8172
  }
8065
8173
  return {
@@ -8083,29 +8191,94 @@ function normalizeLoadedSession(session) {
8083
8191
  if (session === null) {
8084
8192
  return null;
8085
8193
  }
8086
- if (!isUsableClient(session.client)) {
8194
+ const client = normalizeStoredClient(getOwnEntry7(session, "client"));
8195
+ if (client === null) {
8087
8196
  return { ...session, client: { clientId: "" }, tokens: void 0 };
8088
8197
  }
8089
- return isUsableTokens(session.tokens) ? session : { ...session, tokens: void 0 };
8198
+ return {
8199
+ ...session,
8200
+ client,
8201
+ tokens: normalizeStoredTokens(getOwnEntry7(session, "tokens"))
8202
+ };
8090
8203
  }
8091
- function isUsableClient(client) {
8092
- return typeof client.clientId === "string" && client.clientId.trim().length > 0 && (client.clientSecret === void 0 || typeof client.clientSecret === "string" && client.clientSecret.trim().length > 0);
8204
+ function normalizeStoredClient(value) {
8205
+ if (!isObjectRecord3(value)) {
8206
+ return null;
8207
+ }
8208
+ const clientId = getOwnString2(value, "clientId");
8209
+ if (clientId === void 0 || clientId.trim().length === 0) {
8210
+ return null;
8211
+ }
8212
+ const clientSecret = getOwnEntry7(value, "clientSecret");
8213
+ if (clientSecret === void 0) {
8214
+ return { clientId };
8215
+ }
8216
+ if (typeof clientSecret !== "string" || clientSecret.trim().length === 0) {
8217
+ return null;
8218
+ }
8219
+ return { clientId, clientSecret };
8093
8220
  }
8094
- function isUsableTokens(tokens) {
8095
- if (tokens === void 0) {
8096
- return true;
8221
+ function normalizeStoredTokens(value) {
8222
+ if (value === void 0 || !isObjectRecord3(value)) {
8223
+ return void 0;
8224
+ }
8225
+ const accessToken = getOwnString2(value, "accessToken");
8226
+ const tokenType = getOwnString2(value, "tokenType");
8227
+ const expiresAt = getOwnEntry7(value, "expiresAt");
8228
+ const refreshToken = getOwnEntry7(value, "refreshToken");
8229
+ const scope = getOwnString2(value, "scope");
8230
+ const normalizedRefreshToken = typeof refreshToken === "string" ? refreshToken : void 0;
8231
+ if (accessToken === void 0 || accessToken.trim().length === 0 || tokenType !== "Bearer" || !(expiresAt === null || typeof expiresAt === "number" && Number.isFinite(expiresAt)) || refreshToken !== void 0 && (typeof refreshToken !== "string" || refreshToken.trim().length === 0)) {
8232
+ return void 0;
8097
8233
  }
8098
- return typeof tokens.accessToken === "string" && tokens.accessToken.trim().length > 0 && tokens.tokenType === "Bearer" && (tokens.expiresAt === null || typeof tokens.expiresAt === "number" && Number.isFinite(tokens.expiresAt)) && (tokens.refreshToken === void 0 || typeof tokens.refreshToken === "string" && tokens.refreshToken.trim().length > 0);
8234
+ return {
8235
+ accessToken,
8236
+ tokenType,
8237
+ expiresAt,
8238
+ ...normalizedRefreshToken === void 0 ? {} : { refreshToken: normalizedRefreshToken },
8239
+ ...scope === void 0 || scope.length === 0 ? {} : { scope }
8240
+ };
8099
8241
  }
8100
8242
  function getClientMetadata(client) {
8101
8243
  return client.metadata;
8102
8244
  }
8245
+ function getOwnEntry7(record, key2) {
8246
+ return Object.prototype.hasOwnProperty.call(record, key2) ? record[key2] : void 0;
8247
+ }
8248
+ function isObjectRecord3(value) {
8249
+ return typeof value === "object" && value !== null && !Array.isArray(value);
8250
+ }
8251
+ function getOwnString2(record, key2) {
8252
+ const value = getOwnEntry7(record, key2);
8253
+ return typeof value === "string" ? value : void 0;
8254
+ }
8255
+ function requireOwnString(record, key2, label) {
8256
+ const value = getOwnString2(record, key2);
8257
+ if (value === void 0) {
8258
+ throw new Error(`${label} is missing ${key2}`);
8259
+ }
8260
+ return value;
8261
+ }
8262
+ function getOwnStringArray(record, key2) {
8263
+ const value = getOwnEntry7(record, key2);
8264
+ return Array.isArray(value) && value.every((entry) => typeof entry === "string") ? value : void 0;
8265
+ }
8103
8266
  function buildAuthorizationUrl(input) {
8104
- const url = new URL2(input.metadata.authorization_endpoint);
8267
+ const authorizationEndpoint = requireOwnString(
8268
+ input.metadata,
8269
+ "authorization_endpoint",
8270
+ "Authorization server metadata"
8271
+ );
8272
+ const issuer = requireOwnString(
8273
+ input.metadata,
8274
+ "issuer",
8275
+ "Authorization server metadata"
8276
+ );
8277
+ const url = new URL2(authorizationEndpoint);
8105
8278
  const resource = canonicalizeResourceIndicator(input.resource);
8106
8279
  const state = createAuthorizationState({
8107
- issuer: input.metadata.issuer,
8108
- requireIssuer: input.metadata.authorization_response_iss_parameter_supported === true
8280
+ issuer,
8281
+ requireIssuer: getOwnEntry7(input.metadata, "authorization_response_iss_parameter_supported") === true
8109
8282
  });
8110
8283
  url.searchParams.set("response_type", "code");
8111
8284
  url.searchParams.set("client_id", input.clientId);
@@ -8120,7 +8293,7 @@ function buildAuthorizationUrl(input) {
8120
8293
  return url.toString();
8121
8294
  }
8122
8295
  function assertS256PkceSupport(metadata) {
8123
- if (!metadata.code_challenge_methods_supported.includes("S256")) {
8296
+ if (!getOwnStringArray(metadata, "code_challenge_methods_supported")?.includes("S256")) {
8124
8297
  throw new Error(
8125
8298
  "Authorization server metadata must advertise code_challenge_methods_supported including S256"
8126
8299
  );
@@ -8144,13 +8317,24 @@ function assertSecureUrl(value, label) {
8144
8317
  throw new Error(`${label} must use https unless it targets a loopback host`);
8145
8318
  }
8146
8319
  function assertSecureOAuthFlowEndpoints(metadata) {
8147
- assertNoAccessTokenInUrl(metadata.authorization_endpoint, "Authorization endpoint");
8148
- assertNoAccessTokenInUrl(metadata.token_endpoint, "Token endpoint");
8149
- assertSecureUrl(metadata.authorization_endpoint, "Authorization endpoint");
8150
- assertSecureUrl(metadata.token_endpoint, "Token endpoint");
8151
- if (metadata.registration_endpoint !== void 0) {
8152
- assertNoAccessTokenInUrl(metadata.registration_endpoint, "Registration endpoint");
8153
- assertSecureUrl(metadata.registration_endpoint, "Registration endpoint");
8320
+ const authorizationEndpoint = requireOwnString(
8321
+ metadata,
8322
+ "authorization_endpoint",
8323
+ "Authorization server metadata"
8324
+ );
8325
+ const tokenEndpoint = requireOwnString(
8326
+ metadata,
8327
+ "token_endpoint",
8328
+ "Authorization server metadata"
8329
+ );
8330
+ const registrationEndpoint = getOwnString2(metadata, "registration_endpoint");
8331
+ assertNoAccessTokenInUrl(authorizationEndpoint, "Authorization endpoint");
8332
+ assertNoAccessTokenInUrl(tokenEndpoint, "Token endpoint");
8333
+ assertSecureUrl(authorizationEndpoint, "Authorization endpoint");
8334
+ assertSecureUrl(tokenEndpoint, "Token endpoint");
8335
+ if (registrationEndpoint !== void 0) {
8336
+ assertNoAccessTokenInUrl(registrationEndpoint, "Registration endpoint");
8337
+ assertSecureUrl(registrationEndpoint, "Registration endpoint");
8154
8338
  }
8155
8339
  }
8156
8340
  function assertNoAccessTokenInUrl(value, label) {
@@ -8173,17 +8357,21 @@ function buildClientRegistrationBody(metadata, redirectUri) {
8173
8357
  response_types: ["code"],
8174
8358
  token_endpoint_auth_method: "none"
8175
8359
  };
8176
- if (metadata?.clientName !== void 0 && metadata.clientName.length > 0) {
8177
- body.client_name = metadata.clientName;
8360
+ const clientName = metadata === void 0 ? void 0 : getOwnString2(metadata, "clientName");
8361
+ const scope = metadata === void 0 ? void 0 : getOwnString2(metadata, "scope");
8362
+ const softwareId = metadata === void 0 ? void 0 : getOwnString2(metadata, "softwareId");
8363
+ const softwareVersion = metadata === void 0 ? void 0 : getOwnString2(metadata, "softwareVersion");
8364
+ if (clientName !== void 0 && clientName.length > 0) {
8365
+ body.client_name = clientName;
8178
8366
  }
8179
- if (metadata?.scope !== void 0 && metadata.scope.length > 0) {
8180
- body.scope = metadata.scope;
8367
+ if (scope !== void 0 && scope.length > 0) {
8368
+ body.scope = scope;
8181
8369
  }
8182
- if (metadata?.softwareId !== void 0 && metadata.softwareId.length > 0) {
8183
- body.software_id = metadata.softwareId;
8370
+ if (softwareId !== void 0 && softwareId.length > 0) {
8371
+ body.software_id = softwareId;
8184
8372
  }
8185
- if (metadata?.softwareVersion !== void 0 && metadata.softwareVersion.length > 0) {
8186
- body.software_version = metadata.softwareVersion;
8373
+ if (softwareVersion !== void 0 && softwareVersion.length > 0) {
8374
+ body.software_version = softwareVersion;
8187
8375
  }
8188
8376
  return body;
8189
8377
  }
@@ -8219,7 +8407,7 @@ import {
8219
8407
  function defaultOAuthMetadataFetch(input, init) {
8220
8408
  return fetch(input, init);
8221
8409
  }
8222
- function isObjectRecord(value) {
8410
+ function isObjectRecord4(value) {
8223
8411
  return typeof value === "object" && value !== null && !Array.isArray(value);
8224
8412
  }
8225
8413
  function isStringArray(value) {
@@ -8242,7 +8430,7 @@ function assertSecureUrl2(url, label) {
8242
8430
  throw new Error(`${label} must use https unless it targets a loopback host`);
8243
8431
  }
8244
8432
  function validateProtectedResourceMetadata(value, resourceUrl) {
8245
- if (!isObjectRecord(value)) {
8433
+ if (!isObjectRecord4(value)) {
8246
8434
  throw new Error("Protected resource metadata must be a JSON object");
8247
8435
  }
8248
8436
  if (typeof value.resource !== "string" || value.resource.length === 0) {
@@ -8265,7 +8453,7 @@ function validateProtectedResourceMetadata(value, resourceUrl) {
8265
8453
  };
8266
8454
  }
8267
8455
  function validateAuthorizationServerMetadata(value, issuer) {
8268
- if (!isObjectRecord(value)) {
8456
+ if (!isObjectRecord4(value)) {
8269
8457
  throw new Error("Authorization server metadata must be a JSON object");
8270
8458
  }
8271
8459
  if (typeof value.issuer !== "string" || value.issuer.length === 0) {
@@ -8718,7 +8906,7 @@ var McpClient = class {
8718
8906
  await onPromptsChanged();
8719
8907
  });
8720
8908
  messageLayer.onNotification("notifications/message", async (params17) => {
8721
- if (onLog === void 0 || !isObjectRecord2(params17) || !isLogLevel(params17.level)) {
8909
+ if (onLog === void 0 || !isObjectRecord5(params17) || !isLogLevel(params17.level)) {
8722
8910
  return;
8723
8911
  }
8724
8912
  if (!hasOwn(params17, "data")) {
@@ -8737,7 +8925,7 @@ var McpClient = class {
8737
8925
  await onLog(message2);
8738
8926
  });
8739
8927
  messageLayer.onNotification("notifications/progress", async (params17) => {
8740
- if (onProgress === void 0 || !isObjectRecord2(params17)) {
8928
+ if (onProgress === void 0 || !isObjectRecord5(params17)) {
8741
8929
  return;
8742
8930
  }
8743
8931
  const { progressToken, progress } = params17;
@@ -9938,7 +10126,7 @@ var JsonRpcMessageLayer = class {
9938
10126
  })();
9939
10127
  }
9940
10128
  handleCancellationNotification(params17) {
9941
- if (!isObjectRecord2(params17)) {
10129
+ if (!isObjectRecord5(params17)) {
9942
10130
  return;
9943
10131
  }
9944
10132
  const requestId = params17.requestId;
@@ -9953,34 +10141,34 @@ var JsonRpcMessageLayer = class {
9953
10141
  this.activeIncomingRequests.delete(requestId);
9954
10142
  }
9955
10143
  };
9956
- function isObjectRecord2(value) {
10144
+ function isObjectRecord5(value) {
9957
10145
  return typeof value === "object" && value !== null && !Array.isArray(value);
9958
10146
  }
9959
10147
  function isInitializeResult(value) {
9960
- if (!isObjectRecord2(value) || typeof value.protocolVersion !== "string") {
10148
+ if (!isObjectRecord5(value) || typeof value.protocolVersion !== "string") {
9961
10149
  return false;
9962
10150
  }
9963
10151
  if (!isServerCapabilities(value.capabilities)) {
9964
10152
  return false;
9965
10153
  }
9966
- if (!isObjectRecord2(value.serverInfo) || typeof value.serverInfo.name !== "string" || value.serverInfo.name.length === 0 || typeof value.serverInfo.version !== "string" || value.serverInfo.version.length === 0) {
10154
+ if (!isObjectRecord5(value.serverInfo) || typeof value.serverInfo.name !== "string" || value.serverInfo.name.length === 0 || typeof value.serverInfo.version !== "string" || value.serverInfo.version.length === 0) {
9967
10155
  return false;
9968
10156
  }
9969
10157
  return value.instructions === void 0 || typeof value.instructions === "string";
9970
10158
  }
9971
10159
  function isServerCapabilities(value) {
9972
- if (!isObjectRecord2(value)) {
10160
+ if (!isObjectRecord5(value)) {
9973
10161
  return false;
9974
10162
  }
9975
10163
  for (const capability of ["prompts", "resources", "tools", "logging", "completions", "experimental"]) {
9976
- if (value[capability] !== void 0 && !isObjectRecord2(value[capability])) {
10164
+ if (value[capability] !== void 0 && !isObjectRecord5(value[capability])) {
9977
10165
  return false;
9978
10166
  }
9979
10167
  }
9980
10168
  return true;
9981
10169
  }
9982
10170
  function isCallToolResult(value) {
9983
- if (!isObjectRecord2(value) || !Array.isArray(value.content)) {
10171
+ if (!isObjectRecord5(value) || !Array.isArray(value.content)) {
9984
10172
  return false;
9985
10173
  }
9986
10174
  if (value.isError !== void 0 && typeof value.isError !== "boolean") {
@@ -9989,10 +10177,10 @@ function isCallToolResult(value) {
9989
10177
  return value.content.every(isContentItem);
9990
10178
  }
9991
10179
  function isToolsListResult(value) {
9992
- return isObjectRecord2(value) && Array.isArray(value.tools) && (value.nextCursor === void 0 || typeof value.nextCursor === "string");
10180
+ return isObjectRecord5(value) && Array.isArray(value.tools) && (value.nextCursor === void 0 || typeof value.nextCursor === "string");
9993
10181
  }
9994
10182
  function isContentItem(value) {
9995
- if (!isObjectRecord2(value)) {
10183
+ if (!isObjectRecord5(value)) {
9996
10184
  return false;
9997
10185
  }
9998
10186
  if (value.type === "text") {
@@ -10001,7 +10189,7 @@ function isContentItem(value) {
10001
10189
  if (value.type === "image" || value.type === "audio") {
10002
10190
  return typeof value.data === "string" && typeof value.mimeType === "string";
10003
10191
  }
10004
- if (value.type !== "resource" || !isObjectRecord2(value.resource)) {
10192
+ if (value.type !== "resource" || !isObjectRecord5(value.resource)) {
10005
10193
  return false;
10006
10194
  }
10007
10195
  return typeof value.resource.uri === "string" && (value.resource.mimeType === void 0 || typeof value.resource.mimeType === "string") && (typeof value.resource.text === "string" || typeof value.resource.blob === "string");
@@ -10025,7 +10213,7 @@ function invalidRequest() {
10025
10213
  return new McpError(ERROR_INVALID_REQUEST, "Invalid Request");
10026
10214
  }
10027
10215
  function isJsonRpcErrorObject(value) {
10028
- if (!isObjectRecord2(value)) {
10216
+ if (!isObjectRecord5(value)) {
10029
10217
  return false;
10030
10218
  }
10031
10219
  if (typeof value.code !== "number" || typeof value.message !== "string") {
@@ -10034,7 +10222,7 @@ function isJsonRpcErrorObject(value) {
10034
10222
  return value.data === void 0 || hasOwn(value, "data");
10035
10223
  }
10036
10224
  function parseJsonRpcPayload(parsed) {
10037
- if (!isObjectRecord2(parsed)) {
10225
+ if (!isObjectRecord5(parsed)) {
10038
10226
  return {
10039
10227
  type: "invalid",
10040
10228
  id: null,
@@ -10361,7 +10549,11 @@ function convertObjectSchema(schema, root, options) {
10361
10549
  "properties",
10362
10550
  key2
10363
10551
  ]);
10364
- shape[key2] = requiredKeys.has(key2) ? convertedProperty : S.Optional(convertedProperty);
10552
+ setOwnShapeProperty(
10553
+ shape,
10554
+ key2,
10555
+ requiredKeys.has(key2) ? convertedProperty : S.Optional(convertedProperty)
10556
+ );
10365
10557
  }
10366
10558
  return applyMetadata(
10367
10559
  S.Object(shape, {
@@ -10373,6 +10565,14 @@ function convertObjectSchema(schema, root, options) {
10373
10565
  }
10374
10566
  );
10375
10567
  }
10568
+ function setOwnShapeProperty(shape, key2, value) {
10569
+ Object.defineProperty(shape, key2, {
10570
+ configurable: true,
10571
+ enumerable: true,
10572
+ writable: true,
10573
+ value
10574
+ });
10575
+ }
10376
10576
  function createCommonOptions(schema, nullable, defaultValue) {
10377
10577
  return {
10378
10578
  ...schema.description === void 0 ? {} : { description: schema.description },
@@ -10623,6 +10823,9 @@ function resolveLocalRef(root, ref) {
10623
10823
  if (!isPlainObject(current)) {
10624
10824
  return void 0;
10625
10825
  }
10826
+ if (!Object.prototype.hasOwnProperty.call(current, segment)) {
10827
+ return void 0;
10828
+ }
10626
10829
  current = current[segment];
10627
10830
  }
10628
10831
  return isPlainObject(current) ? current : void 0;
@@ -10871,16 +11074,34 @@ async function readCache(cachePath) {
10871
11074
  }
10872
11075
  async function writeCache(cachePath, cache) {
10873
11076
  const directory = path12.dirname(cachePath);
10874
- const tempPath = `${cachePath}.tmp-${randomUUID2()}`;
11077
+ const tempPath = `${cachePath}.tmp-${randomUUID4()}`;
11078
+ let tempCreated = false;
10875
11079
  await assertCachePathHasNoSymlinks(cachePath);
10876
11080
  await assertCachePathHasNoSymlinks(tempPath);
10877
11081
  await mkdir(directory, { recursive: true });
10878
11082
  await assertCachePathHasNoSymlinks(directory);
10879
- await writeFile3(tempPath, `${JSON.stringify(cache, null, 2)}
10880
- `);
10881
- await assertCachePathHasNoSymlinks(tempPath);
10882
- await assertCachePathHasNoSymlinks(cachePath);
10883
- await rename2(tempPath, cachePath);
11083
+ try {
11084
+ await writeFile3(tempPath, `${JSON.stringify(cache, null, 2)}
11085
+ `, {
11086
+ encoding: "utf8",
11087
+ flag: "wx"
11088
+ });
11089
+ tempCreated = true;
11090
+ await assertCachePathHasNoSymlinks(tempPath);
11091
+ await assertCachePathHasNoSymlinks(cachePath);
11092
+ await rename2(tempPath, cachePath);
11093
+ tempCreated = false;
11094
+ } catch (error3) {
11095
+ if (tempCreated || !isAlreadyExistsError2(error3)) {
11096
+ await unlink2(tempPath).catch(() => void 0);
11097
+ }
11098
+ throw error3;
11099
+ }
11100
+ }
11101
+ function isAlreadyExistsError2(error3) {
11102
+ return Boolean(
11103
+ error3 && typeof error3 === "object" && error3.code === "EEXIST"
11104
+ );
10884
11105
  }
10885
11106
  async function fetchCache(name, config2) {
10886
11107
  const logger2 = createLogger((message2) => {
@@ -11620,7 +11841,7 @@ async function writeErrorReport(context) {
11620
11841
  }
11621
11842
  const projectRoot = resolveProjectRoot(context.projectRoot);
11622
11843
  const reportDir = resolveReportDir(context.errorReports, projectRoot);
11623
- const fileName = `${formatTimestamp(/* @__PURE__ */ new Date())}-${slugifyCommandPath(context.commandPath)}-${randomUUID3()}.log`;
11844
+ const fileName = `${formatTimestamp(/* @__PURE__ */ new Date())}-${slugifyCommandPath(context.commandPath)}-${randomUUID5()}.log`;
11624
11845
  const absolutePath = path13.join(reportDir, fileName);
11625
11846
  await mkdir2(reportDir, { recursive: true });
11626
11847
  if (reportDirMustStayWithinProject(context.errorReports)) {
@@ -13099,10 +13320,10 @@ function renderHelpSections(sections) {
13099
13320
  return sections.filter((section) => section.length > 0).join("\n\n");
13100
13321
  }
13101
13322
  function formatHelpCommandList(rows) {
13102
- return process.stdout.isTTY === false ? help_formatter_plain_exports.formatCommandList(rows) : formatCommandList(rows);
13323
+ return process.stdout.isTTY !== true ? help_formatter_plain_exports.formatCommandList(rows) : formatCommandList(rows);
13103
13324
  }
13104
13325
  function formatHelpOptionList(rows) {
13105
- return process.stdout.isTTY === false ? help_formatter_plain_exports.formatOptionList(rows) : formatOptionList(rows);
13326
+ return process.stdout.isTTY !== true ? help_formatter_plain_exports.formatOptionList(rows) : formatOptionList(rows);
13106
13327
  }
13107
13328
  function buildUsageLine(breadcrumb, rootUsageName, suffix) {
13108
13329
  const visibleBreadcrumb = breadcrumb.filter((segment) => segment.length > 0);
@@ -13390,11 +13611,18 @@ function formatResolvedValue(value) {
13390
13611
  function fieldPromptLabel(field) {
13391
13612
  return field.positionalIndex === void 0 ? field.optionFlag : `<${field.displayPath}>`;
13392
13613
  }
13614
+ function enumOptionLabel(schema, value) {
13615
+ const key2 = String(value);
13616
+ if (schema.labels === void 0 || !Object.prototype.hasOwnProperty.call(schema.labels, key2)) {
13617
+ return key2;
13618
+ }
13619
+ return schema.labels[key2] ?? key2;
13620
+ }
13393
13621
  async function promptForField(field) {
13394
13622
  const schema = field.schema;
13395
13623
  if (schema.kind === "enum") {
13396
13624
  const options = schema.loadOptions ? await schema.loadOptions() : schema.values.map((value) => ({
13397
- label: schema.labels?.[String(value)] ?? String(value),
13625
+ label: enumOptionLabel(schema, value),
13398
13626
  value
13399
13627
  }));
13400
13628
  const selected = await select2({
@@ -13479,8 +13707,8 @@ async function withOutputFormat2(output, fn) {
13479
13707
  function createFs2() {
13480
13708
  return {
13481
13709
  readFile: async (path25, encoding = "utf8") => readFile4(path25, { encoding }),
13482
- writeFile: async (path25, contents) => {
13483
- await writeFile5(path25, contents);
13710
+ writeFile: async (path25, contents, options) => {
13711
+ await writeFile5(path25, contents, options);
13484
13712
  },
13485
13713
  exists: async (path25) => {
13486
13714
  try {
@@ -13492,7 +13720,7 @@ function createFs2() {
13492
13720
  },
13493
13721
  lstat: async (path25) => lstat3(path25),
13494
13722
  rename: async (fromPath, toPath) => rename3(fromPath, toPath),
13495
- unlink: async (path25) => unlink2(path25)
13723
+ unlink: async (path25) => unlink3(path25)
13496
13724
  };
13497
13725
  }
13498
13726
  function createEnv2(values = process.env) {
@@ -14748,7 +14976,7 @@ function isGraphQLErrorEnvelopeLike(body) {
14748
14976
  });
14749
14977
  }
14750
14978
  function styleHttpErrorLine(value, style) {
14751
- return process.stdout.isTTY === false ? value : style(value);
14979
+ return process.stdout.isTTY !== true ? value : style(value);
14752
14980
  }
14753
14981
  function formatHttpErrorStatus(value) {
14754
14982
  return styleHttpErrorLine(value, text.error);
@@ -15230,7 +15458,7 @@ async function runCLI(roots, options = {}) {
15230
15458
  }
15231
15459
 
15232
15460
  // src/terminal-pilot.ts
15233
- import { randomUUID as randomUUID4 } from "node:crypto";
15461
+ import { randomUUID as randomUUID6 } from "node:crypto";
15234
15462
 
15235
15463
  // src/terminal-session.ts
15236
15464
  import { EventEmitter } from "node:events";
@@ -15239,6 +15467,11 @@ import { createRequire } from "node:module";
15239
15467
  import { dirname, join } from "node:path";
15240
15468
  import * as nodePty from "node-pty";
15241
15469
 
15470
+ // src/errors.ts
15471
+ function hasOwnErrorCode(error3, code) {
15472
+ return error3 instanceof Error && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === code;
15473
+ }
15474
+
15242
15475
  // src/terminal-buffer.ts
15243
15476
  var RESET_SGR = "\x1B[0m";
15244
15477
  var DEC_SPECIAL_GRAPHICS = {
@@ -16338,10 +16571,7 @@ function ensureSpawnHelperExecutable() {
16338
16571
  }
16339
16572
  }
16340
16573
  function isMissingFileError(error3) {
16341
- if (!(error3 instanceof Error)) {
16342
- return false;
16343
- }
16344
- return "code" in error3 && error3.code === "ENOENT";
16574
+ return hasOwnErrorCode(error3, "ENOENT");
16345
16575
  }
16346
16576
  function matchPattern(buffer, pattern) {
16347
16577
  const clean = normalizeHistoryBuffer(stripAnsi(buffer));
@@ -16432,7 +16662,7 @@ var TerminalPilot = class _TerminalPilot {
16432
16662
  }
16433
16663
  async newSession(opts) {
16434
16664
  const session = new TerminalSession({
16435
- id: randomUUID4(),
16665
+ id: randomUUID6(),
16436
16666
  command: opts.command,
16437
16667
  args: opts.args,
16438
16668
  cwd: opts.cwd,
@@ -16718,6 +16948,11 @@ var claudeCodeAgent = {
16718
16948
  aliases: ["claude"],
16719
16949
  binaryName: "claude",
16720
16950
  apiShapes: ["anthropic-messages"],
16951
+ otelCapture: {
16952
+ env: {
16953
+ CLAUDE_CODE_ENABLE_TELEMETRY: "1"
16954
+ }
16955
+ },
16721
16956
  configPath: "~/.claude/settings.json",
16722
16957
  branding: {
16723
16958
  colors: {
@@ -16750,6 +16985,16 @@ var codexAgent = {
16750
16985
  summary: "Configure Codex to use Poe as the model provider.",
16751
16986
  binaryName: "codex",
16752
16987
  apiShapes: ["openai-responses"],
16988
+ otelCapture: {
16989
+ args: (endpoint, content) => [
16990
+ "-c",
16991
+ `otel.trace_exporter={"otlp-http"={endpoint=${JSON.stringify(`${endpoint}/v1/traces`)},protocol="json"}}`,
16992
+ "-c",
16993
+ `otel.exporter={"otlp-http"={endpoint=${JSON.stringify(`${endpoint}/v1/logs`)},protocol="json"}}`,
16994
+ "-c",
16995
+ `otel.log_user_prompt=${content}`
16996
+ ]
16997
+ },
16753
16998
  configPath: "~/.codex/config.toml",
16754
16999
  branding: {
16755
17000
  colors: {
@@ -16785,6 +17030,11 @@ var openCodeAgent = {
16785
17030
  summary: "Configure OpenCode CLI to use the Poe API.",
16786
17031
  binaryName: "opencode",
16787
17032
  apiShapes: ["openai-chat-completions"],
17033
+ otelCapture: {
17034
+ env: {
17035
+ OPENCODE_CONFIG_CONTENT: '{"experimental":{"openTelemetry":true}}'
17036
+ }
17037
+ },
16788
17038
  configPath: "~/.config/opencode/config.json",
16789
17039
  branding: {
16790
17040
  colors: {
@@ -16820,6 +17070,7 @@ var gooseAgent = {
16820
17070
  summary: "Block's open-source AI agent with ACP support.",
16821
17071
  binaryName: "goose",
16822
17072
  apiShapes: ["openai-chat-completions"],
17073
+ otelCapture: {},
16823
17074
  configPath: "~/.config/goose/config.yaml",
16824
17075
  branding: {
16825
17076
  colors: {
@@ -16853,6 +17104,12 @@ function freezeAgent(agent) {
16853
17104
  if (agent.apiShapes !== void 0) {
16854
17105
  Object.freeze(agent.apiShapes);
16855
17106
  }
17107
+ if (agent.otelCapture?.env !== void 0) {
17108
+ Object.freeze(agent.otelCapture.env);
17109
+ }
17110
+ if (agent.otelCapture !== void 0) {
17111
+ Object.freeze(agent.otelCapture);
17112
+ }
16856
17113
  Object.freeze(agent.branding.colors);
16857
17114
  Object.freeze(agent.branding);
16858
17115
  return Object.freeze(agent);
@@ -17016,6 +17273,7 @@ var templateMutation = {
17016
17273
  };
17017
17274
 
17018
17275
  // ../config-mutations/src/execution/apply-mutation.ts
17276
+ import { randomUUID as randomUUID7 } from "node:crypto";
17019
17277
  import path17 from "node:path";
17020
17278
 
17021
17279
  // ../config-mutations/src/formats/json.ts
@@ -17091,7 +17349,7 @@ function merge(base, patch) {
17091
17349
  if (value === void 0) {
17092
17350
  continue;
17093
17351
  }
17094
- const existing = result[key2];
17352
+ const existing = hasConfigEntry(result, key2) ? result[key2] : void 0;
17095
17353
  if (isConfigObject(existing) && isConfigObject(value)) {
17096
17354
  setConfigEntry(result, key2, merge(existing, value));
17097
17355
  continue;
@@ -17219,7 +17477,7 @@ function merge2(base, patch) {
17219
17477
  if (value === void 0) {
17220
17478
  continue;
17221
17479
  }
17222
- const existing = result[key2];
17480
+ const existing = hasConfigEntry(result, key2) ? result[key2] : void 0;
17223
17481
  if (isConfigObject2(existing) && isConfigObject2(value)) {
17224
17482
  setConfigEntry(result, key2, merge2(existing, value));
17225
17483
  continue;
@@ -17299,7 +17557,7 @@ function merge3(base, patch) {
17299
17557
  if (value === void 0) {
17300
17558
  continue;
17301
17559
  }
17302
- const existing = result[key2];
17560
+ const existing = hasConfigEntry(result, key2) ? result[key2] : void 0;
17303
17561
  if (isConfigObject3(existing) && isConfigObject3(value)) {
17304
17562
  setConfigEntry(result, key2, merge3(existing, value));
17305
17563
  continue;
@@ -17436,7 +17694,7 @@ function resolvePath(rawPath, homeDir, pathMapper) {
17436
17694
 
17437
17695
  // ../config-mutations/src/fs-utils.ts
17438
17696
  function isNotFound(error3) {
17439
- return typeof error3 === "object" && error3 !== null && "code" in error3 && error3.code === "ENOENT";
17697
+ return typeof error3 === "object" && error3 !== null && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === "ENOENT";
17440
17698
  }
17441
17699
  async function readFileIfExists(fs4, target) {
17442
17700
  try {
@@ -17485,6 +17743,7 @@ async function backupInvalidDocument(context, targetPath, content) {
17485
17743
  return;
17486
17744
  } catch (error3) {
17487
17745
  if (!isAlreadyExists(error3)) {
17746
+ await context.fs.unlink(backupPath).catch(() => void 0);
17488
17747
  throw error3;
17489
17748
  }
17490
17749
  attempt += 1;
@@ -17492,7 +17751,7 @@ async function backupInvalidDocument(context, targetPath, content) {
17492
17751
  }
17493
17752
  }
17494
17753
  function isAlreadyExists(error3) {
17495
- return Boolean(error3 && typeof error3 === "object" && "code" in error3 && error3.code === "EEXIST");
17754
+ return typeof error3 === "object" && error3 !== null && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === "EEXIST";
17496
17755
  }
17497
17756
  async function assertRegularWriteTarget(context, targetPath) {
17498
17757
  const boundary = path17.dirname(path17.resolve(context.homeDir));
@@ -17516,28 +17775,34 @@ async function assertRegularWriteTarget(context, targetPath) {
17516
17775
  }
17517
17776
  async function writeAtomically2(context, targetPath, content) {
17518
17777
  await assertRegularWriteTarget(context, targetPath);
17519
- let attempt = 0;
17520
- while (true) {
17521
- const tempPath = `${targetPath}.mutation-tmp-${attempt}`;
17778
+ for (let attempt = 0; attempt < 10; attempt += 1) {
17779
+ const tempPath = `${targetPath}.mutation-tmp-${process.pid}-${randomUUID7()}`;
17780
+ let tempCreated = false;
17522
17781
  try {
17782
+ await assertRegularWriteTarget(context, tempPath);
17523
17783
  await context.fs.writeFile(tempPath, content, { encoding: "utf8", flag: "wx" });
17784
+ tempCreated = true;
17524
17785
  await context.fs.rename(tempPath, targetPath);
17786
+ tempCreated = false;
17525
17787
  return;
17526
17788
  } catch (error3) {
17527
- if (isAlreadyExists(error3)) {
17528
- attempt += 1;
17529
- continue;
17530
- }
17531
- try {
17532
- await context.fs.unlink(tempPath);
17533
- } catch (cleanupError) {
17534
- if (!isNotFound(cleanupError)) {
17535
- void cleanupError;
17789
+ const alreadyExists = isAlreadyExists(error3);
17790
+ if (tempCreated || !alreadyExists) {
17791
+ try {
17792
+ await context.fs.unlink(tempPath);
17793
+ } catch (cleanupError) {
17794
+ if (!isNotFound(cleanupError)) {
17795
+ void cleanupError;
17796
+ }
17536
17797
  }
17537
17798
  }
17799
+ if (alreadyExists) {
17800
+ continue;
17801
+ }
17538
17802
  throw error3;
17539
17803
  }
17540
17804
  }
17805
+ throw new Error(`Unable to create temporary mutation file for ${targetPath}.`);
17541
17806
  }
17542
17807
  function describeMutation(kind, targetPath) {
17543
17808
  const displayPath = targetPath ?? "target";
@@ -17829,6 +18094,7 @@ async function applyBackup(mutation, context, options) {
17829
18094
  break;
17830
18095
  } catch (error3) {
17831
18096
  if (!isAlreadyExists(error3)) {
18097
+ await context.fs.unlink(backupPath).catch(() => void 0);
17832
18098
  throw error3;
17833
18099
  }
17834
18100
  attempt += 1;
@@ -18236,7 +18502,7 @@ async function pathExists2(fs4, targetPath) {
18236
18502
  await fs4.stat(targetPath);
18237
18503
  return true;
18238
18504
  } catch (error3) {
18239
- if (error3 && typeof error3 === "object" && "code" in error3 && error3.code === "ENOENT") {
18505
+ if (typeof error3 === "object" && error3 !== null && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === "ENOENT") {
18240
18506
  return false;
18241
18507
  }
18242
18508
  throw error3;
@@ -18295,12 +18561,13 @@ import path19 from "node:path";
18295
18561
 
18296
18562
  // ../agent-skill-config/src/git-exclude.ts
18297
18563
  import { execFileSync } from "node:child_process";
18564
+ import { randomUUID as randomUUID8 } from "node:crypto";
18298
18565
  import * as fs2 from "node:fs";
18299
18566
  import path20 from "node:path";
18300
18567
 
18301
18568
  // ../agent-skill-config/src/bridge-active-skills.ts
18302
18569
  import * as fs3 from "node:fs";
18303
- import { createHash as createHash4, randomUUID as randomUUID5 } from "node:crypto";
18570
+ import { createHash as createHash4, randomUUID as randomUUID9 } from "node:crypto";
18304
18571
  import path21 from "node:path";
18305
18572
 
18306
18573
  // src/commands/installer.ts
@@ -18313,7 +18580,7 @@ var DEFAULT_INSTALL_SCOPE = "local";
18313
18580
  var TERMINAL_PILOT_SKILL_NAME = "terminal-pilot";
18314
18581
  var installableAgents = supportedAgents;
18315
18582
  function isNotFoundError2(error3) {
18316
- return typeof error3 === "object" && error3 !== null && "code" in error3 && error3.code === "ENOENT";
18583
+ return hasOwnErrorCode(error3, "ENOENT");
18317
18584
  }
18318
18585
  function resolveInstallerServices(installer) {
18319
18586
  return {
@@ -18544,7 +18811,7 @@ var resize = defineCommand({
18544
18811
  });
18545
18812
 
18546
18813
  // ../terminal-png/src/index.ts
18547
- import { randomUUID as randomUUID6 } from "node:crypto";
18814
+ import { randomUUID as randomUUID10 } from "node:crypto";
18548
18815
  import { rename as rename4, rm, writeFile as writeFile6 } from "node:fs/promises";
18549
18816
 
18550
18817
  // ../terminal-png/src/ansi-parser.ts
@@ -19484,21 +19751,28 @@ async function renderTerminalPng(ansiText, options = {}) {
19484
19751
  });
19485
19752
  const png = renderPng(svg);
19486
19753
  if (options.output) {
19487
- const temporaryPath = `${options.output}.${randomUUID6()}.tmp`;
19754
+ const temporaryPath = `${options.output}.${randomUUID10()}.tmp`;
19755
+ let temporaryCreated = false;
19488
19756
  try {
19489
19757
  await writeFile6(temporaryPath, png, { flag: "wx" });
19758
+ temporaryCreated = true;
19490
19759
  await rename4(temporaryPath, options.output);
19491
19760
  } catch (error3) {
19492
- try {
19493
- await rm(temporaryPath, { force: true });
19494
- } catch (cleanupError) {
19495
- void cleanupError;
19761
+ if (temporaryCreated || !isAlreadyExistsError3(error3)) {
19762
+ try {
19763
+ await rm(temporaryPath, { force: true });
19764
+ } catch (cleanupError) {
19765
+ void cleanupError;
19766
+ }
19496
19767
  }
19497
19768
  throw error3;
19498
19769
  }
19499
19770
  }
19500
19771
  return png;
19501
19772
  }
19773
+ function isAlreadyExistsError3(error3) {
19774
+ return error3 instanceof Error && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === "EEXIST";
19775
+ }
19502
19776
 
19503
19777
  // src/commands/screenshot.ts
19504
19778
  var params11 = S.Object({
@@ -19561,7 +19835,7 @@ var type = defineCommand({
19561
19835
  });
19562
19836
 
19563
19837
  // src/commands/uninstall.ts
19564
- import { randomUUID as randomUUID7 } from "node:crypto";
19838
+ import { randomUUID as randomUUID11 } from "node:crypto";
19565
19839
  var params14 = S.Object({
19566
19840
  agent: S.Enum(installableAgents, {
19567
19841
  description: "Agent to uninstall terminal-pilot from",
@@ -19597,7 +19871,7 @@ var uninstall = defineCommand({
19597
19871
  if (!await folderExists(services.fs, skill.fullPath)) {
19598
19872
  continue;
19599
19873
  }
19600
- const stagingPath = `${skill.fullPath}.removing-${randomUUID7()}`;
19874
+ const stagingPath = `${skill.fullPath}.removing-${randomUUID11()}`;
19601
19875
  await services.fs.rename(skill.fullPath, stagingPath);
19602
19876
  staged.push({ ...skill, stagingPath });
19603
19877
  }
@@ -19623,7 +19897,7 @@ async function folderExists(fs4, folderPath) {
19623
19897
  await fs4.stat(folderPath);
19624
19898
  return true;
19625
19899
  } catch (error3) {
19626
- if (typeof error3 === "object" && error3 !== null && "code" in error3 && error3.code === "ENOENT") {
19900
+ if (hasOwnErrorCode(error3, "ENOENT")) {
19627
19901
  return false;
19628
19902
  }
19629
19903
  throw error3;