terminal-pilot 0.0.21 → 0.0.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (61) hide show
  1. package/dist/cli.js +614 -250
  2. package/dist/cli.js.map +4 -4
  3. package/dist/commands/close-session.js +6 -4
  4. package/dist/commands/close-session.js.map +3 -3
  5. package/dist/commands/create-session.js +6 -4
  6. package/dist/commands/create-session.js.map +3 -3
  7. package/dist/commands/fill.js +6 -4
  8. package/dist/commands/fill.js.map +3 -3
  9. package/dist/commands/get-session.js +6 -4
  10. package/dist/commands/get-session.js.map +3 -3
  11. package/dist/commands/index.d.ts +35 -35
  12. package/dist/commands/index.js +97 -36
  13. package/dist/commands/index.js.map +4 -4
  14. package/dist/commands/install.js +74 -20
  15. package/dist/commands/install.js.map +4 -4
  16. package/dist/commands/installer.js +36 -2
  17. package/dist/commands/installer.js.map +4 -4
  18. package/dist/commands/list-sessions.js +6 -4
  19. package/dist/commands/list-sessions.js.map +3 -3
  20. package/dist/commands/press-key.js +6 -4
  21. package/dist/commands/press-key.js.map +3 -3
  22. package/dist/commands/read-history.js +6 -4
  23. package/dist/commands/read-history.js.map +3 -3
  24. package/dist/commands/read-screen.js +6 -4
  25. package/dist/commands/read-screen.js.map +3 -3
  26. package/dist/commands/resize.js +6 -4
  27. package/dist/commands/resize.js.map +3 -3
  28. package/dist/commands/runtime.js +6 -4
  29. package/dist/commands/runtime.js.map +3 -3
  30. package/dist/commands/screenshot.js +22 -8
  31. package/dist/commands/screenshot.js.map +4 -4
  32. package/dist/commands/send-signal.js +6 -4
  33. package/dist/commands/send-signal.js.map +3 -3
  34. package/dist/commands/type.js +6 -4
  35. package/dist/commands/type.js.map +3 -3
  36. package/dist/commands/uninstall.js +39 -5
  37. package/dist/commands/uninstall.js.map +4 -4
  38. package/dist/commands/wait-for-exit.js +6 -4
  39. package/dist/commands/wait-for-exit.js.map +3 -3
  40. package/dist/commands/wait-for.js +6 -4
  41. package/dist/commands/wait-for.js.map +3 -3
  42. package/dist/errors.d.ts +1 -0
  43. package/dist/errors.js +8 -0
  44. package/dist/errors.js.map +7 -0
  45. package/dist/index.js +8 -4
  46. package/dist/index.js.map +3 -3
  47. package/dist/terminal-pilot.js +6 -4
  48. package/dist/terminal-pilot.js.map +3 -3
  49. package/dist/terminal-session.js +6 -4
  50. package/dist/terminal-session.js.map +3 -3
  51. package/dist/testing/cli-repl.js +614 -250
  52. package/dist/testing/cli-repl.js.map +4 -4
  53. package/dist/testing/qa-cli.js +614 -250
  54. package/dist/testing/qa-cli.js.map +4 -4
  55. package/node_modules/@poe-code/agent-skill-config/dist/apply.js +2 -1
  56. package/node_modules/@poe-code/agent-skill-config/dist/bridge-active-skills.js +8 -9
  57. package/node_modules/@poe-code/agent-skill-config/dist/error-codes.d.ts +1 -0
  58. package/node_modules/@poe-code/agent-skill-config/dist/error-codes.js +5 -0
  59. package/node_modules/@poe-code/agent-skill-config/dist/git-exclude.js +18 -12
  60. package/node_modules/@poe-code/agent-skill-config/dist/templates.js +2 -1
  61. package/package.json +1 -1
@@ -83,7 +83,7 @@ import path23 from "node:path";
83
83
  import { fileURLToPath as fileURLToPath5 } from "node:url";
84
84
 
85
85
  // ../toolcraft/src/cli.ts
86
- import { access as access2, lstat as lstat3, readFile as readFile4, rename as rename3, unlink as unlink2, writeFile as writeFile5 } from "node:fs/promises";
86
+ import { access as access2, lstat as lstat3, readFile as readFile4, rename as rename3, unlink as unlink3, writeFile as writeFile5 } from "node:fs/promises";
87
87
  import path14 from "node:path";
88
88
  import {
89
89
  Command as CommanderCommand,
@@ -2779,6 +2779,11 @@ function getCommandSourcePath(command) {
2779
2779
  return command[commandSourcePathSymbol];
2780
2780
  }
2781
2781
 
2782
+ // ../toolcraft/src/error-codes.ts
2783
+ function hasOwnErrorCode(error3, code) {
2784
+ return typeof error3 === "object" && error3 !== null && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === code;
2785
+ }
2786
+
2782
2787
  // ../task-list/src/open.ts
2783
2788
  import * as fsPromises from "node:fs/promises";
2784
2789
 
@@ -2799,27 +2804,27 @@ function validateMachine(machine) {
2799
2804
  if (!isRecord(machine)) {
2800
2805
  throw new TypeError("State machine must be an object.");
2801
2806
  }
2802
- if (!isStateList(machine.states)) {
2807
+ if (!hasOwnRecordField(machine, "states") || !isStateList(machine.states)) {
2803
2808
  throw new TypeError("State machine states must be a string array.");
2804
2809
  }
2805
2810
  const states = new Set(machine.states);
2806
- if (typeof machine.initial !== "string") {
2811
+ if (!hasOwnRecordField(machine, "initial") || typeof machine.initial !== "string") {
2807
2812
  throw new TypeError("State machine initial must be a string.");
2808
2813
  }
2809
2814
  if (!states.has(machine.initial)) {
2810
2815
  throw new Error(`Initial state "${machine.initial}" is not declared.`);
2811
2816
  }
2812
- if (!isRecord(machine.events)) {
2817
+ if (!hasOwnRecordField(machine, "events") || !isRecord(machine.events)) {
2813
2818
  throw new TypeError("State machine events must be an object.");
2814
2819
  }
2815
2820
  for (const [eventName, event] of Object.entries(machine.events)) {
2816
2821
  if (!isRecord(event)) {
2817
2822
  throw new TypeError(`Event "${eventName}" must be an object.`);
2818
2823
  }
2819
- if (event.from !== "*" && !isStateList(event.from)) {
2824
+ if (!hasOwnRecordField(event, "from") || event.from !== "*" && !isStateList(event.from)) {
2820
2825
  throw new TypeError(`Event "${eventName}" has an invalid "from" definition.`);
2821
2826
  }
2822
- if (typeof event.to !== "string") {
2827
+ if (!hasOwnRecordField(event, "to") || typeof event.to !== "string") {
2823
2828
  throw new TypeError(`Event "${eventName}" target state must be a string.`);
2824
2829
  }
2825
2830
  if (!states.has(event.to)) {
@@ -2834,6 +2839,9 @@ function validateMachine(machine) {
2834
2839
  }
2835
2840
  }
2836
2841
  }
2842
+ function hasOwnRecordField(record, key2) {
2843
+ return Object.prototype.hasOwnProperty.call(record, key2);
2844
+ }
2837
2845
  function eventsFromState(machine, fromState) {
2838
2846
  const events = [];
2839
2847
  for (const [eventName, event] of Object.entries(machine.events)) {
@@ -2944,10 +2952,12 @@ import path5 from "node:path";
2944
2952
  // ../process-runner/src/host/host-runner.ts
2945
2953
  import { spawn as spawnChildProcess } from "node:child_process";
2946
2954
  function createHostRunner(options = {}) {
2947
- const detachedByDefault = options.detached === true;
2955
+ const runnerOptions = normalizeHostRunnerOptions(options);
2956
+ const detachedByDefault = runnerOptions.detached === true;
2948
2957
  return {
2949
2958
  name: "host",
2950
- exec(spec) {
2959
+ exec(inputSpec) {
2960
+ const spec = normalizeRunSpec(inputSpec);
2951
2961
  if (spec.signal?.aborted === true) {
2952
2962
  return {
2953
2963
  pid: null,
@@ -2964,12 +2974,16 @@ function createHostRunner(options = {}) {
2964
2974
  const stderrMode = spec.stderr ?? "pipe";
2965
2975
  const killProcessGroup = detachedByDefault || spec.killProcessGroup === true;
2966
2976
  const stdio = stdinMode === "inherit" && stdoutMode === "inherit" && stderrMode === "inherit" ? "inherit" : [stdinMode, stdoutMode, stderrMode];
2967
- const child = spawnChildProcess(spec.command, spec.args ?? [], {
2968
- cwd: spec.cwd,
2969
- env: spec.env,
2970
- stdio,
2971
- ...killProcessGroup ? { detached: true } : {}
2972
- });
2977
+ const child = spawnChildProcess(
2978
+ spec.command,
2979
+ spec.args ?? [],
2980
+ createNullRecord({
2981
+ cwd: spec.cwd,
2982
+ env: spec.env,
2983
+ stdio,
2984
+ ...killProcessGroup ? { detached: true } : {}
2985
+ })
2986
+ );
2973
2987
  if (killProcessGroup) {
2974
2988
  child.unref();
2975
2989
  }
@@ -3015,6 +3029,38 @@ function createHostRunner(options = {}) {
3015
3029
  }
3016
3030
  };
3017
3031
  }
3032
+ function normalizeHostRunnerOptions(options) {
3033
+ return createNullRecord({
3034
+ ...optionalOwnProperty(options, "detached")
3035
+ });
3036
+ }
3037
+ function normalizeRunSpec(spec) {
3038
+ return createNullRecord({
3039
+ command: getOwnProperty(spec, "command"),
3040
+ ...optionalOwnProperty(spec, "args"),
3041
+ ...optionalOwnProperty(spec, "cwd"),
3042
+ ...optionalOwnProperty(spec, "env"),
3043
+ ...optionalOwnProperty(spec, "stdin"),
3044
+ ...optionalOwnProperty(spec, "stdout"),
3045
+ ...optionalOwnProperty(spec, "stderr"),
3046
+ ...optionalOwnProperty(spec, "tty"),
3047
+ ...optionalOwnProperty(spec, "signal"),
3048
+ ...optionalOwnProperty(spec, "killProcessGroup")
3049
+ });
3050
+ }
3051
+ function optionalOwnProperty(value, name) {
3052
+ const property = getOwnProperty(value, name);
3053
+ return property === void 0 ? {} : { [name]: property };
3054
+ }
3055
+ function getOwnProperty(value, name) {
3056
+ return hasOwnProperty(value, name) ? value[name] : void 0;
3057
+ }
3058
+ function hasOwnProperty(value, name) {
3059
+ return Object.prototype.hasOwnProperty.call(value, name);
3060
+ }
3061
+ function createNullRecord(value) {
3062
+ return Object.assign(/* @__PURE__ */ Object.create(null), value);
3063
+ }
3018
3064
  function bindAbortSignal(signal, onAbort) {
3019
3065
  if (signal === void 0) {
3020
3066
  return () => {
@@ -3105,6 +3151,7 @@ function resolveEndpoint(options = {}) {
3105
3151
  }
3106
3152
 
3107
3153
  // ../task-list/src/backends/utils.ts
3154
+ import { randomUUID as randomUUID2 } from "node:crypto";
3108
3155
  import path6 from "node:path";
3109
3156
  function compareCreated(left, right) {
3110
3157
  const leftCreated = typeof left.raw.created === "string" ? left.raw.created : "";
@@ -3125,9 +3172,8 @@ function applyOrder(entries, order) {
3125
3172
  }
3126
3173
  return entries.map((entry) => entry.task);
3127
3174
  }
3128
- var tmpFileCounter = 0;
3129
3175
  function hasErrorCode(error3, code) {
3130
- return !!error3 && typeof error3 === "object" && "code" in error3 && error3.code === code;
3176
+ return !!error3 && typeof error3 === "object" && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === code;
3131
3177
  }
3132
3178
  function isRecord2(value) {
3133
3179
  return typeof value === "object" && value !== null && !Array.isArray(value);
@@ -3174,18 +3220,22 @@ async function rejectSymbolicLinkComponents(fs4, filePath) {
3174
3220
  }
3175
3221
  }
3176
3222
  async function writeAtomically(fs4, filePath, content) {
3177
- const tempPath = `${filePath}.tmp-${process.pid}-${tmpFileCounter}`;
3178
- tmpFileCounter += 1;
3223
+ const tempPath = `${filePath}.${process.pid}.${randomUUID2()}.tmp`;
3224
+ let tempCreated = false;
3179
3225
  await fs4.mkdir(path6.dirname(filePath), { recursive: true });
3180
3226
  try {
3181
3227
  await fs4.writeFile(tempPath, content, { encoding: "utf8", flag: "wx" });
3228
+ tempCreated = true;
3182
3229
  await fs4.rename(tempPath, filePath);
3230
+ tempCreated = false;
3183
3231
  } catch (error3) {
3184
- try {
3185
- await fs4.unlink(tempPath);
3186
- } catch (unlinkError) {
3187
- if (!hasErrorCode(unlinkError, "ENOENT")) {
3188
- throw unlinkError;
3232
+ if (tempCreated || !hasErrorCode(error3, "EEXIST")) {
3233
+ try {
3234
+ await fs4.unlink(tempPath);
3235
+ } catch (unlinkError) {
3236
+ if (!hasErrorCode(unlinkError, "ENOENT")) {
3237
+ throw unlinkError;
3238
+ }
3189
3239
  }
3190
3240
  }
3191
3241
  throw error3;
@@ -3199,6 +3249,7 @@ async function withFileLock(fs4, lockPath, operation) {
3199
3249
  break;
3200
3250
  } catch (error3) {
3201
3251
  if (!hasErrorCode(error3, "EEXIST")) {
3252
+ await fs4.unlink(lockPath).catch(() => void 0);
3202
3253
  throw error3;
3203
3254
  }
3204
3255
  if (await removeAbandonedLock(fs4, lockPath)) {
@@ -4482,27 +4533,30 @@ function readFrontmatter(frontmatterContent, filePath) {
4482
4533
  return parsed;
4483
4534
  }
4484
4535
  function assertValidTaskRecord(frontmatter, filePath, validStates) {
4485
- if ("$schema" in frontmatter && frontmatter.$schema !== TASK_SCHEMA_ID) {
4536
+ if (hasOwnTaskField(frontmatter, "$schema") && frontmatter.$schema !== TASK_SCHEMA_ID) {
4486
4537
  throw malformedTask(filePath, "$schema");
4487
4538
  }
4488
- if ("kind" in frontmatter && frontmatter.kind !== TASK_KIND) {
4539
+ if (hasOwnTaskField(frontmatter, "kind") && frontmatter.kind !== TASK_KIND) {
4489
4540
  throw malformedTask(filePath, "kind");
4490
4541
  }
4491
- if ("version" in frontmatter) {
4542
+ if (hasOwnTaskField(frontmatter, "version")) {
4492
4543
  if (typeof frontmatter.version !== "number" || !Number.isInteger(frontmatter.version) || frontmatter.version !== TASK_VERSION) {
4493
4544
  throw malformedTask(filePath, "version");
4494
4545
  }
4495
4546
  }
4496
- if (typeof frontmatter.name !== "string" || frontmatter.name.length === 0) {
4547
+ if (!hasOwnTaskField(frontmatter, "name") || typeof frontmatter.name !== "string" || frontmatter.name.length === 0) {
4497
4548
  throw malformedTask(filePath, "name");
4498
4549
  }
4499
- if (typeof frontmatter.state !== "string" || !validStates.has(frontmatter.state)) {
4550
+ if (!hasOwnTaskField(frontmatter, "state") || typeof frontmatter.state !== "string" || !validStates.has(frontmatter.state)) {
4500
4551
  throw malformedTask(filePath, "state");
4501
4552
  }
4502
- if ("description" in frontmatter && typeof frontmatter.description !== "string") {
4553
+ if (hasOwnTaskField(frontmatter, "description") && typeof frontmatter.description !== "string") {
4503
4554
  throw malformedTask(filePath, "description");
4504
4555
  }
4505
4556
  }
4557
+ function hasOwnTaskField(frontmatter, key2) {
4558
+ return Object.prototype.hasOwnProperty.call(frontmatter, key2);
4559
+ }
4506
4560
  function reservedFrontmatterKeys(mode) {
4507
4561
  return mode === "passthrough" ? PASSTHROUGH_RESERVED_FRONTMATTER_KEYS : RESERVED_FRONTMATTER_KEYS;
4508
4562
  }
@@ -5351,7 +5405,8 @@ function parseQualifiedId3(qualifiedId) {
5351
5405
  };
5352
5406
  }
5353
5407
  function descriptionFromTaskRecord(taskRecord) {
5354
- return typeof taskRecord.description === "string" ? taskRecord.description : "";
5408
+ const description = getOwnEntry(taskRecord, "description");
5409
+ return typeof description === "string" ? description : "";
5355
5410
  }
5356
5411
  function metadataFromTaskRecord(taskRecord) {
5357
5412
  const metadata = /* @__PURE__ */ Object.create(null);
@@ -5367,8 +5422,8 @@ function createTask2(list, id, taskRecord, sourcePath) {
5367
5422
  list,
5368
5423
  id,
5369
5424
  qualifiedId: `${list}/${id}`,
5370
- name: taskRecord.name,
5371
- state: taskRecord.state,
5425
+ name: getOwnEntry(taskRecord, "name"),
5426
+ state: getOwnEntry(taskRecord, "state"),
5372
5427
  description: descriptionFromTaskRecord(taskRecord),
5373
5428
  metadata: metadataFromTaskRecord(taskRecord),
5374
5429
  ...sourcePath !== void 0 && { sourcePath: path8.resolve(sourcePath) }
@@ -5465,16 +5520,17 @@ function assertValidStoreRecord(store, filePath) {
5465
5520
  if (!isRecord2(store)) {
5466
5521
  throw malformedStore(filePath, "store");
5467
5522
  }
5468
- if (store.$schema !== STORE_SCHEMA_ID) {
5523
+ if (getOwnEntry(store, "$schema") !== STORE_SCHEMA_ID) {
5469
5524
  throw malformedStore(filePath, "$schema");
5470
5525
  }
5471
- if (store.kind !== STORE_KIND) {
5526
+ if (getOwnEntry(store, "kind") !== STORE_KIND) {
5472
5527
  throw malformedStore(filePath, "kind");
5473
5528
  }
5474
- if (typeof store.version !== "number" || !Number.isInteger(store.version) || store.version !== STORE_VERSION) {
5529
+ const version = getOwnEntry(store, "version");
5530
+ if (typeof version !== "number" || !Number.isInteger(version) || version !== STORE_VERSION) {
5475
5531
  throw malformedStore(filePath, "version");
5476
5532
  }
5477
- if (!isRecord2(store.lists)) {
5533
+ if (!isRecord2(getOwnEntry(store, "lists"))) {
5478
5534
  throw malformedStore(filePath, "lists");
5479
5535
  }
5480
5536
  }
@@ -5482,29 +5538,38 @@ function assertValidTaskRecord2(taskRecord, list, id, validStates) {
5482
5538
  if (!isRecord2(taskRecord)) {
5483
5539
  throw malformedTask2(list, id, "task");
5484
5540
  }
5485
- if ("$schema" in taskRecord && taskRecord.$schema !== TASK_SCHEMA_ID2) {
5541
+ if (hasOwnTaskField2(taskRecord, "$schema") && getOwnEntry(taskRecord, "$schema") !== TASK_SCHEMA_ID2) {
5486
5542
  throw malformedTask2(list, id, "$schema");
5487
5543
  }
5488
- if ("kind" in taskRecord && taskRecord.kind !== TASK_KIND2) {
5544
+ if (hasOwnTaskField2(taskRecord, "kind") && getOwnEntry(taskRecord, "kind") !== TASK_KIND2) {
5489
5545
  throw malformedTask2(list, id, "kind");
5490
5546
  }
5491
- if ("version" in taskRecord) {
5492
- if (typeof taskRecord.version !== "number" || !Number.isInteger(taskRecord.version) || taskRecord.version !== TASK_VERSION2) {
5547
+ if (hasOwnTaskField2(taskRecord, "version")) {
5548
+ const version = getOwnEntry(taskRecord, "version");
5549
+ if (typeof version !== "number" || !Number.isInteger(version) || version !== TASK_VERSION2) {
5493
5550
  throw malformedTask2(list, id, "version");
5494
5551
  }
5495
5552
  }
5496
- if (typeof taskRecord.name !== "string" || taskRecord.name.length === 0) {
5553
+ const name = getOwnEntry(taskRecord, "name");
5554
+ if (!hasOwnTaskField2(taskRecord, "name") || typeof name !== "string" || name.length === 0) {
5497
5555
  throw malformedTask2(list, id, "name");
5498
5556
  }
5499
- if (typeof taskRecord.state !== "string" || !validStates.has(taskRecord.state)) {
5557
+ const state = getOwnEntry(taskRecord, "state");
5558
+ if (!hasOwnTaskField2(taskRecord, "state") || typeof state !== "string" || !validStates.has(state)) {
5500
5559
  throw malformedTask2(list, id, "state");
5501
5560
  }
5502
- if ("description" in taskRecord && typeof taskRecord.description !== "string") {
5561
+ if (hasOwnTaskField2(taskRecord, "description") && typeof getOwnEntry(taskRecord, "description") !== "string") {
5503
5562
  throw malformedTask2(list, id, "description");
5504
5563
  }
5505
5564
  }
5565
+ function hasOwnTaskField2(taskRecord, key2) {
5566
+ return Object.prototype.hasOwnProperty.call(taskRecord, key2);
5567
+ }
5568
+ function getOwnEntry(record, key2) {
5569
+ return Object.prototype.hasOwnProperty.call(record, key2) ? record[key2] : void 0;
5570
+ }
5506
5571
  function validateStoreEntries(store, filePath, validStates) {
5507
- const lists = store.lists;
5572
+ const lists = getOwnEntry(store, "lists");
5508
5573
  if (!isRecord2(lists)) {
5509
5574
  throw malformedStore(filePath, "lists");
5510
5575
  }
@@ -5544,10 +5609,11 @@ async function readStore(fs4, filePath, validStates) {
5544
5609
  };
5545
5610
  }
5546
5611
  function getListsRecord(store) {
5547
- return store.lists;
5612
+ const lists = getOwnEntry(store, "lists");
5613
+ return isRecord2(lists) ? lists : {};
5548
5614
  }
5549
5615
  function getListRecord(store, list) {
5550
- const listRecord = getListsRecord(store)[list];
5616
+ const listRecord = getOwnEntry(getListsRecord(store), list);
5551
5617
  return isRecord2(listRecord) ? listRecord : void 0;
5552
5618
  }
5553
5619
  function getTaskRecord(store, list, id) {
@@ -5840,7 +5906,7 @@ async function yamlFileBackend(deps) {
5840
5906
  const result = [];
5841
5907
  const listNames = sortStrings(Object.keys(getListsRecord(store)));
5842
5908
  for (const listName of listNames) {
5843
- const listRecord = getListsRecord(store)[listName];
5909
+ const listRecord = getOwnEntry(getListsRecord(store), listName);
5844
5910
  if (!isRecord2(listRecord)) continue;
5845
5911
  const entries = Object.entries(listRecord).map(([id, taskRecord]) => ({
5846
5912
  task: createTask2(listName, id, taskRecord, deps.path),
@@ -5888,51 +5954,74 @@ function createDefaultFs() {
5888
5954
  return fsPromises;
5889
5955
  }
5890
5956
  async function openTaskList(options) {
5891
- switch (options.type) {
5957
+ const type2 = getOwnProperty2(options, "type");
5958
+ switch (type2) {
5892
5959
  case "markdown-dir":
5893
5960
  case "yaml-file":
5894
5961
  return openFileBackend(options);
5895
5962
  case "gh-issues":
5896
5963
  return openGhIssuesBackend(options);
5897
5964
  default:
5898
- throw new Error(`Unknown task list backend type "${options.type}".`);
5965
+ throw new Error(`Unknown task list backend type "${String(type2)}".`);
5899
5966
  }
5900
5967
  }
5901
5968
  async function openFileBackend(options) {
5902
- const factory = backendFactories[options.type];
5903
- const stateMachine = resolveStateMachine(options.stateMachine);
5969
+ const type2 = getOwnProperty2(options, "type");
5970
+ const factory = backendFactories[type2];
5971
+ const stateMachine = resolveStateMachine(
5972
+ getOwnProperty2(options, "stateMachine")
5973
+ );
5904
5974
  validateMachine(stateMachine);
5905
- const markdownOptions = options.type === "markdown-dir" ? options : void 0;
5975
+ const markdownOptions = type2 === "markdown-dir" ? options : void 0;
5976
+ const defaults2 = getOwnProperty2(options, "defaults");
5906
5977
  const deps = {
5907
- path: options.path,
5978
+ path: getOwnProperty2(options, "path"),
5908
5979
  defaults: {
5909
- metadata: { ...options.defaults?.metadata ?? {} }
5980
+ metadata: readDefaultMetadata(defaults2)
5910
5981
  },
5911
- singleList: markdownOptions?.singleList,
5912
- frontmatterMode: markdownOptions?.frontmatterMode ?? "strict",
5913
- create: options.create ?? false,
5914
- fs: options.fs ?? createDefaultFs(),
5982
+ singleList: markdownOptions === void 0 ? void 0 : getOwnProperty2(markdownOptions, "singleList"),
5983
+ frontmatterMode: markdownOptions === void 0 ? "strict" : getOwnProperty2(
5984
+ markdownOptions,
5985
+ "frontmatterMode"
5986
+ ) ?? "strict",
5987
+ create: getOwnProperty2(options, "create") ?? false,
5988
+ fs: getOwnProperty2(options, "fs") ?? createDefaultFs(),
5915
5989
  stateMachine
5916
5990
  };
5917
5991
  return factory(deps);
5918
5992
  }
5919
5993
  async function openGhIssuesBackend(options) {
5920
- const token = await resolveAuth({ explicitToken: options.auth?.token });
5994
+ const auth = getOwnProperty2(options, "auth");
5995
+ const explicitToken = auth && hasOwnProperty2(auth, "token") ? auth.token : void 0;
5921
5996
  const endpoint = resolveEndpoint();
5997
+ const defaults2 = getOwnProperty2(options, "defaults");
5922
5998
  return ghIssuesBackend({
5923
- repo: options.repo,
5924
- project: options.project,
5925
- filter: options.filter,
5926
- state: options.state,
5927
- stateMachine: options.stateMachine,
5999
+ repo: getOwnProperty2(options, "repo"),
6000
+ project: getOwnProperty2(options, "project"),
6001
+ filter: getOwnProperty2(options, "filter"),
6002
+ state: getOwnProperty2(options, "state"),
6003
+ stateMachine: getOwnProperty2(options, "stateMachine"),
5928
6004
  defaults: {
5929
- metadata: { ...options.defaults?.metadata ?? {} }
6005
+ metadata: readDefaultMetadata(defaults2)
5930
6006
  },
5931
- token,
6007
+ token: await resolveAuth({ explicitToken }),
5932
6008
  endpoint,
5933
- fetch: options.fetch
6009
+ fetch: getOwnProperty2(options, "fetch")
5934
6010
  });
5935
6011
  }
6012
+ function readDefaultMetadata(defaults2) {
6013
+ const metadata = defaults2 === void 0 ? void 0 : getOwnProperty2(defaults2, "metadata");
6014
+ return isRecord4(metadata) ? { ...metadata } : {};
6015
+ }
6016
+ function getOwnProperty2(value, name) {
6017
+ return hasOwnProperty2(value, name) ? value[name] : void 0;
6018
+ }
6019
+ function hasOwnProperty2(value, name) {
6020
+ return Object.prototype.hasOwnProperty.call(value, name);
6021
+ }
6022
+ function isRecord4(value) {
6023
+ return typeof value === "object" && value !== null && !Array.isArray(value);
6024
+ }
5936
6025
 
5937
6026
  // ../task-list/src/move.ts
5938
6027
  import * as fsPromises2 from "node:fs/promises";
@@ -6190,7 +6279,7 @@ function osascriptProvider(options = {}) {
6190
6279
  const { stdout } = await execFileAsync(binary, ["-e", script]);
6191
6280
  return parseStdout(stdout);
6192
6281
  } catch (error3) {
6193
- if (error3.code === "ENOENT") {
6282
+ if (hasOwnErrorCode2(error3, "ENOENT")) {
6194
6283
  throw new Error("osascript not found \u2014 provide a different provider on this platform");
6195
6284
  }
6196
6285
  if (isUserCanceled(error3)) {
@@ -6202,6 +6291,9 @@ function osascriptProvider(options = {}) {
6202
6291
  }
6203
6292
  };
6204
6293
  }
6294
+ function hasOwnErrorCode2(error3, code) {
6295
+ return typeof error3 === "object" && error3 !== null && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === code;
6296
+ }
6205
6297
 
6206
6298
  // ../toolcraft/src/human-in-loop/default-provider.ts
6207
6299
  function noProviderConfigured() {
@@ -6474,8 +6566,8 @@ function createHandlerContext(command, params17) {
6474
6566
  function createFs() {
6475
6567
  return {
6476
6568
  readFile: async (path24, encoding = "utf8") => readFile2(path24, { encoding }),
6477
- writeFile: async (path24, contents) => {
6478
- await writeFile2(path24, contents);
6569
+ writeFile: async (path24, contents, options) => {
6570
+ await writeFile2(path24, contents, options);
6479
6571
  },
6480
6572
  exists: async (path24) => {
6481
6573
  try {
@@ -6759,21 +6851,21 @@ function escapeMarkdownCell(value) {
6759
6851
  return value.replaceAll("|", "\\|");
6760
6852
  }
6761
6853
  function isMissingStateError(error3) {
6762
- return typeof error3 === "object" && error3 !== null && "code" in error3 && error3.code === "ENOENT";
6854
+ return hasOwnErrorCode(error3, "ENOENT");
6763
6855
  }
6764
6856
 
6765
6857
  // ../toolcraft/src/error-report.ts
6766
6858
  import { mkdir as mkdir2, realpath as realpath2, writeFile as writeFile4 } from "node:fs/promises";
6767
- import { randomUUID as randomUUID3 } from "node:crypto";
6859
+ import { randomUUID as randomUUID5 } from "node:crypto";
6768
6860
  import os from "node:os";
6769
6861
  import path13 from "node:path";
6770
6862
  import { CommanderError } from "commander";
6771
6863
 
6772
6864
  // ../toolcraft/src/mcp-proxy.ts
6773
6865
  import { existsSync as existsSync2 } from "node:fs";
6774
- import { lstat as lstat2, mkdir, readFile as readFile3, rename as rename2, writeFile as writeFile3 } from "node:fs/promises";
6866
+ import { lstat as lstat2, mkdir, readFile as readFile3, rename as rename2, unlink as unlink2, writeFile as writeFile3 } from "node:fs/promises";
6775
6867
  import path12 from "node:path";
6776
- import { createHash as createHash3, randomUUID as randomUUID2 } from "node:crypto";
6868
+ import { createHash as createHash3, randomUUID as randomUUID4 } from "node:crypto";
6777
6869
 
6778
6870
  // ../tiny-mcp-client/src/internal.ts
6779
6871
  import { spawn as spawn5 } from "node:child_process";
@@ -6784,10 +6876,17 @@ import crypto from "node:crypto";
6784
6876
  import path11 from "node:path";
6785
6877
 
6786
6878
  // ../auth-store/src/encrypted-file-store.ts
6787
- import { createCipheriv, createDecipheriv, randomBytes as randomBytes4, scrypt } from "node:crypto";
6879
+ import { createCipheriv, createDecipheriv, randomBytes as randomBytes4, randomUUID as randomUUID3, scrypt } from "node:crypto";
6788
6880
  import { promises as fs } from "node:fs";
6789
6881
  import { homedir, hostname, userInfo } from "node:os";
6790
6882
  import path10 from "node:path";
6883
+
6884
+ // ../auth-store/src/error-codes.ts
6885
+ function hasOwnErrorCode3(error3, code) {
6886
+ return error3 instanceof Error && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === code;
6887
+ }
6888
+
6889
+ // ../auth-store/src/encrypted-file-store.ts
6791
6890
  var derivedKeyCache = /* @__PURE__ */ new Map();
6792
6891
  var ENCRYPTION_ALGORITHM = "aes-256-gcm";
6793
6892
  var ENCRYPTION_VERSION = 1;
@@ -6795,7 +6894,6 @@ var ENCRYPTION_KEY_BYTES = 32;
6795
6894
  var ENCRYPTION_IV_BYTES = 12;
6796
6895
  var ENCRYPTION_AUTH_TAG_BYTES = 16;
6797
6896
  var ENCRYPTION_FILE_MODE = 384;
6798
- var temporaryFileSequence = 0;
6799
6897
  var EncryptedFileStore = class {
6800
6898
  fs;
6801
6899
  filePath;
@@ -6827,7 +6925,7 @@ var EncryptedFileStore = class {
6827
6925
  this.getRandomBytes = input.getRandomBytes ?? randomBytes4;
6828
6926
  }
6829
6927
  async get() {
6830
- await this.assertRegularCredentialPath();
6928
+ await this.assertCredentialPathHasNoSymbolicLinks(this.filePath);
6831
6929
  let rawDocument;
6832
6930
  try {
6833
6931
  rawDocument = await this.fs.readFile(this.filePath, "utf8");
@@ -6858,7 +6956,7 @@ var EncryptedFileStore = class {
6858
6956
  }
6859
6957
  }
6860
6958
  async set(value) {
6861
- await this.assertRegularCredentialPath();
6959
+ await this.assertCredentialPathHasNoSymbolicLinks(this.filePath);
6862
6960
  const key2 = await this.getEncryptionKey();
6863
6961
  const iv = this.getRandomBytes(ENCRYPTION_IV_BYTES);
6864
6962
  const cipher = createCipheriv(ENCRYPTION_ALGORITHM, key2, iv);
@@ -6874,25 +6972,28 @@ var EncryptedFileStore = class {
6874
6972
  ciphertext: ciphertext.toString("base64")
6875
6973
  };
6876
6974
  await this.fs.mkdir(path10.dirname(this.filePath), { recursive: true });
6877
- await this.assertRegularCredentialPath();
6878
- const temporaryPath = `${this.filePath}.${process.pid}.${temporaryFileSequence++}.tmp`;
6975
+ await this.assertCredentialPathHasNoSymbolicLinks(this.filePath);
6976
+ const temporaryPath = `${this.filePath}.${process.pid}.${randomUUID3()}.tmp`;
6977
+ let temporaryCreated = false;
6879
6978
  try {
6979
+ await this.assertCredentialPathHasNoSymbolicLinks(temporaryPath);
6880
6980
  await this.fs.writeFile(temporaryPath, JSON.stringify(document), {
6881
6981
  encoding: "utf8",
6882
6982
  flag: "wx",
6883
6983
  mode: ENCRYPTION_FILE_MODE
6884
6984
  });
6985
+ temporaryCreated = true;
6885
6986
  await this.fs.chmod(temporaryPath, ENCRYPTION_FILE_MODE);
6886
6987
  await this.fs.rename(temporaryPath, this.filePath);
6887
6988
  } catch (error3) {
6888
- if (!isAlreadyExistsError(error3)) {
6989
+ if (temporaryCreated || !isAlreadyExistsError(error3)) {
6889
6990
  await removeIfPresent(this.fs, temporaryPath).catch(() => void 0);
6890
6991
  }
6891
6992
  throw error3;
6892
6993
  }
6893
6994
  }
6894
6995
  async delete() {
6895
- await this.assertRegularCredentialPath();
6996
+ await this.assertCredentialPathHasNoSymbolicLinks(this.filePath);
6896
6997
  try {
6897
6998
  await this.fs.unlink(this.filePath);
6898
6999
  } catch (error3) {
@@ -6901,8 +7002,8 @@ var EncryptedFileStore = class {
6901
7002
  }
6902
7003
  }
6903
7004
  }
6904
- async assertRegularCredentialPath() {
6905
- const resolvedPath = path10.resolve(this.filePath);
7005
+ async assertCredentialPathHasNoSymbolicLinks(targetPath) {
7006
+ const resolvedPath = path10.resolve(targetPath);
6906
7007
  const protectedPaths = getProtectedCredentialPaths(
6907
7008
  resolvedPath,
6908
7009
  this.symbolicLinkCheckStartPath
@@ -6967,9 +7068,6 @@ async function removeIfPresent(fileSystem, filePath) {
6967
7068
  }
6968
7069
  }
6969
7070
  }
6970
- function isAlreadyExistsError(error3) {
6971
- return typeof error3 === "object" && error3 !== null && "code" in error3 && error3.code === "EEXIST";
6972
- }
6973
7071
  function defaultMachineIdentity() {
6974
7072
  return {
6975
7073
  hostname: hostname(),
@@ -7004,32 +7102,40 @@ async function deriveEncryptionKey(getMachineIdentity, salt) {
7004
7102
  function parseEncryptedDocument(raw) {
7005
7103
  try {
7006
7104
  const parsed = JSON.parse(raw);
7007
- if (!isRecord4(parsed)) {
7105
+ if (!isRecord5(parsed)) {
7008
7106
  return null;
7009
7107
  }
7010
- if (parsed.version !== ENCRYPTION_VERSION) {
7108
+ const version = getOwnEntry2(parsed, "version");
7109
+ const iv = getOwnEntry2(parsed, "iv");
7110
+ const authTag = getOwnEntry2(parsed, "authTag");
7111
+ const ciphertext = getOwnEntry2(parsed, "ciphertext");
7112
+ if (version !== ENCRYPTION_VERSION) {
7011
7113
  return null;
7012
7114
  }
7013
- if (typeof parsed.iv !== "string" || typeof parsed.authTag !== "string" || typeof parsed.ciphertext !== "string") {
7115
+ if (typeof iv !== "string" || typeof authTag !== "string" || typeof ciphertext !== "string") {
7014
7116
  return null;
7015
7117
  }
7016
7118
  return {
7017
- version: parsed.version,
7018
- iv: parsed.iv,
7019
- authTag: parsed.authTag,
7020
- ciphertext: parsed.ciphertext
7119
+ version,
7120
+ iv,
7121
+ authTag,
7122
+ ciphertext
7021
7123
  };
7022
7124
  } catch {
7023
7125
  return null;
7024
7126
  }
7025
7127
  }
7026
- function isRecord4(value) {
7128
+ function isRecord5(value) {
7027
7129
  return Boolean(value && typeof value === "object" && !Array.isArray(value));
7028
7130
  }
7131
+ function getOwnEntry2(record, key2) {
7132
+ return Object.prototype.hasOwnProperty.call(record, key2) ? record[key2] : void 0;
7133
+ }
7029
7134
  function isNotFoundError(error3) {
7030
- return Boolean(
7031
- error3 && typeof error3 === "object" && "code" in error3 && error3.code === "ENOENT"
7032
- );
7135
+ return hasOwnErrorCode3(error3, "ENOENT");
7136
+ }
7137
+ function isAlreadyExistsError(error3) {
7138
+ return hasOwnErrorCode3(error3, "EEXIST");
7033
7139
  }
7034
7140
 
7035
7141
  // ../auth-store/src/keychain-store.ts
@@ -7050,8 +7156,8 @@ var KeychainStore = class {
7050
7156
  ["find-generic-password", "-s", this.service, "-a", this.account, "-w"],
7051
7157
  "read secret from macOS Keychain"
7052
7158
  );
7053
- if (result.exitCode === 0) {
7054
- return stripTrailingLineBreak(result.stdout);
7159
+ if (getCommandExitCode(result) === 0) {
7160
+ return stripTrailingLineBreak(getCommandOutput(result, "stdout"));
7055
7161
  }
7056
7162
  if (isKeychainEntryNotFound(result)) {
7057
7163
  return null;
@@ -7075,7 +7181,7 @@ var KeychainStore = class {
7075
7181
  "store secret in macOS Keychain",
7076
7182
  { stdin: value }
7077
7183
  );
7078
- if (result.exitCode !== 0) {
7184
+ if (getCommandExitCode(result) !== 0) {
7079
7185
  throw createSecurityCliFailure("store secret in macOS Keychain", result);
7080
7186
  }
7081
7187
  }
@@ -7084,7 +7190,7 @@ var KeychainStore = class {
7084
7190
  ["delete-generic-password", "-s", this.service, "-a", this.account],
7085
7191
  "delete secret from macOS Keychain"
7086
7192
  );
7087
- if (result.exitCode === 0 || isKeychainEntryNotFound(result)) {
7193
+ if (getCommandExitCode(result) === 0 || isKeychainEntryNotFound(result)) {
7088
7194
  return;
7089
7195
  }
7090
7196
  throw createSecurityCliFailure("delete secret from macOS Keychain", result);
@@ -7163,16 +7269,28 @@ function stripTrailingLineBreak(value) {
7163
7269
  return value;
7164
7270
  }
7165
7271
  function isKeychainEntryNotFound(result) {
7166
- return result.exitCode === KEYCHAIN_ITEM_NOT_FOUND_EXIT_CODE;
7272
+ return getCommandExitCode(result) === KEYCHAIN_ITEM_NOT_FOUND_EXIT_CODE;
7167
7273
  }
7168
7274
  function createSecurityCliFailure(operation, result) {
7169
- const details = result.stderr.trim() || result.stdout.trim();
7275
+ const exitCode = getCommandExitCode(result);
7276
+ const details = getCommandOutput(result, "stderr").trim() || getCommandOutput(result, "stdout").trim();
7170
7277
  if (details) {
7171
7278
  return new Error(
7172
- `Failed to ${operation}: security exited with code ${result.exitCode}: ${details}`
7279
+ `Failed to ${operation}: security exited with code ${exitCode}: ${details}`
7173
7280
  );
7174
7281
  }
7175
- return new Error(`Failed to ${operation}: security exited with code ${result.exitCode}`);
7282
+ return new Error(`Failed to ${operation}: security exited with code ${exitCode}`);
7283
+ }
7284
+ function getCommandExitCode(result) {
7285
+ const value = getOwnEntry3(result, "exitCode");
7286
+ return typeof value === "number" && Number.isInteger(value) ? value : 1;
7287
+ }
7288
+ function getCommandOutput(result, key2) {
7289
+ const value = getOwnEntry3(result, key2);
7290
+ return typeof value === "string" ? value : "";
7291
+ }
7292
+ function getOwnEntry3(record, key2) {
7293
+ return Object.prototype.hasOwnProperty.call(record, key2) ? record[key2] : void 0;
7176
7294
  }
7177
7295
 
7178
7296
  // ../auth-store/src/create-secret-store.ts
@@ -7205,7 +7323,7 @@ function createSecretStore(input) {
7205
7323
  }
7206
7324
  function resolveBackend(input) {
7207
7325
  const envVar = input.backendEnvVar ?? DEFAULT_BACKEND_ENV_VAR;
7208
- const configuredBackend = input.backend ?? input.env?.[envVar] ?? process.env[envVar];
7326
+ const configuredBackend = input.backend ?? getOwnEnvValue(input.env, envVar) ?? getOwnEnvValue(process.env, envVar);
7209
7327
  if (configuredBackend === "keychain") {
7210
7328
  return "keychain";
7211
7329
  }
@@ -7214,6 +7332,9 @@ function resolveBackend(input) {
7214
7332
  }
7215
7333
  throw new Error(`Unsupported auth store backend: ${configuredBackend}`);
7216
7334
  }
7335
+ function getOwnEnvValue(env, key2) {
7336
+ return env !== void 0 && Object.prototype.hasOwnProperty.call(env, key2) ? env[key2] : void 0;
7337
+ }
7217
7338
 
7218
7339
  // ../mcp-oauth/src/resource-indicator.ts
7219
7340
  function canonicalizeResourceIndicator(value) {
@@ -7267,8 +7388,13 @@ function createAuthStoreClientStore(options) {
7267
7388
  return null;
7268
7389
  }
7269
7390
  const parsed = JSON.parse(value);
7270
- if (typeof parsed === "object" && parsed !== null && !Array.isArray(parsed) && typeof parsed.clientId === "string") {
7271
- return parsed;
7391
+ const clientId = isObjectRecord(parsed) ? getOwnString(parsed, "clientId") : void 0;
7392
+ if (clientId !== void 0) {
7393
+ const client = { clientId };
7394
+ if (isObjectRecord(parsed) && Object.prototype.hasOwnProperty.call(parsed, "clientSecret")) {
7395
+ client.clientSecret = getOwnEntry4(parsed, "clientSecret");
7396
+ }
7397
+ return client;
7272
7398
  }
7273
7399
  throw new Error("Stored OAuth client must be a JSON object with clientId");
7274
7400
  },
@@ -7327,6 +7453,16 @@ function createIssuerSecretStore(issuer, options) {
7327
7453
  }
7328
7454
  );
7329
7455
  }
7456
+ function isObjectRecord(value) {
7457
+ return typeof value === "object" && value !== null && !Array.isArray(value);
7458
+ }
7459
+ function getOwnEntry4(record, key2) {
7460
+ return Object.prototype.hasOwnProperty.call(record, key2) ? record[key2] : void 0;
7461
+ }
7462
+ function getOwnString(record, key2) {
7463
+ const value = getOwnEntry4(record, key2);
7464
+ return typeof value === "string" ? value : void 0;
7465
+ }
7330
7466
 
7331
7467
  // ../mcp-oauth/src/client/default-oauth-client-provider.ts
7332
7468
  import { URL as URL2 } from "node:url";
@@ -7352,17 +7488,30 @@ function parseAuthorizationState(value) {
7352
7488
  try {
7353
7489
  const decoded = Buffer.from(value, "base64url").toString("utf8");
7354
7490
  const parsed = JSON.parse(decoded);
7355
- if (parsed.v !== 1 || typeof parsed.n !== "string" || parsed.n.length === 0 || typeof parsed.i !== "string" || parsed.i.length === 0 || typeof parsed.r !== "boolean") {
7491
+ if (!isObjectRecord2(parsed)) {
7492
+ return null;
7493
+ }
7494
+ const version = getOwnEntry5(parsed, "v");
7495
+ const nonce = getOwnEntry5(parsed, "n");
7496
+ const issuer = getOwnEntry5(parsed, "i");
7497
+ const requireIssuer = getOwnEntry5(parsed, "r");
7498
+ if (version !== 1 || typeof nonce !== "string" || nonce.length === 0 || typeof issuer !== "string" || issuer.length === 0 || typeof requireIssuer !== "boolean") {
7356
7499
  return null;
7357
7500
  }
7358
7501
  return {
7359
- issuer: parsed.i,
7360
- requireIssuer: parsed.r
7502
+ issuer,
7503
+ requireIssuer
7361
7504
  };
7362
7505
  } catch {
7363
7506
  return null;
7364
7507
  }
7365
7508
  }
7509
+ function isObjectRecord2(value) {
7510
+ return typeof value === "object" && value !== null && !Array.isArray(value);
7511
+ }
7512
+ function getOwnEntry5(record, key2) {
7513
+ return Object.prototype.hasOwnProperty.call(record, key2) ? record[key2] : void 0;
7514
+ }
7366
7515
 
7367
7516
  // ../mcp-oauth/src/client/loopback-authorization.ts
7368
7517
  async function createLoopbackAuthorizationSession(options = {}) {
@@ -7639,22 +7788,26 @@ async function requestTokens(input) {
7639
7788
  body: body.toString()
7640
7789
  });
7641
7790
  const payload = await readOAuthJsonObjectResponse(response);
7642
- if (typeof payload.access_token !== "string" || payload.access_token.trim().length === 0) {
7791
+ const accessToken = getOwnEntry6(payload, "access_token");
7792
+ if (typeof accessToken !== "string" || accessToken.trim().length === 0) {
7643
7793
  throw new Error("OAuth token response missing access_token");
7644
7794
  }
7645
- const tokenType = normalizeBearerTokenType(payload.token_type);
7795
+ const tokenType = normalizeBearerTokenType(getOwnEntry6(payload, "token_type"));
7646
7796
  if (tokenType === null) {
7647
7797
  throw new Error("OAuth token response missing token_type=Bearer");
7648
7798
  }
7649
- if (typeof payload.expires_in === "number" && Number.isFinite(payload.expires_in) && payload.expires_in < 0) {
7799
+ const expiresIn = getOwnEntry6(payload, "expires_in");
7800
+ if (typeof expiresIn === "number" && Number.isFinite(expiresIn) && expiresIn < 0) {
7650
7801
  throw new Error("OAuth token response has invalid expires_in");
7651
7802
  }
7803
+ const refreshToken = getOwnEntry6(payload, "refresh_token");
7804
+ const scope = getOwnEntry6(payload, "scope");
7652
7805
  return {
7653
- accessToken: payload.access_token,
7654
- refreshToken: typeof payload.refresh_token === "string" && payload.refresh_token.length > 0 ? payload.refresh_token : void 0,
7806
+ accessToken,
7807
+ refreshToken: typeof refreshToken === "string" && refreshToken.length > 0 ? refreshToken : void 0,
7655
7808
  tokenType,
7656
- expiresAt: typeof payload.expires_in === "number" && Number.isFinite(payload.expires_in) ? input.now() + payload.expires_in * 1e3 : null,
7657
- scope: typeof payload.scope === "string" && payload.scope.length > 0 ? payload.scope : void 0
7809
+ expiresAt: typeof expiresIn === "number" && Number.isFinite(expiresIn) ? input.now() + expiresIn * 1e3 : null,
7810
+ scope: typeof scope === "string" && scope.length > 0 ? scope : void 0
7658
7811
  };
7659
7812
  }
7660
7813
  async function readOAuthJsonObjectResponse(response) {
@@ -7681,12 +7834,18 @@ async function readOAuthJsonObjectResponse(response) {
7681
7834
  return record;
7682
7835
  }
7683
7836
  function readOAuthError(payload, fallbackError = "server_error") {
7837
+ const error3 = getOwnEntry6(payload, "error");
7838
+ const errorDescription = getOwnEntry6(payload, "error_description");
7839
+ const errorUri = getOwnEntry6(payload, "error_uri");
7684
7840
  return {
7685
- error: typeof payload.error === "string" ? payload.error : fallbackError,
7686
- error_description: typeof payload.error_description === "string" ? payload.error_description : void 0,
7687
- error_uri: typeof payload.error_uri === "string" ? payload.error_uri : void 0
7841
+ error: typeof error3 === "string" ? error3 : fallbackError,
7842
+ error_description: typeof errorDescription === "string" ? errorDescription : void 0,
7843
+ error_uri: typeof errorUri === "string" ? errorUri : void 0
7688
7844
  };
7689
7845
  }
7846
+ function getOwnEntry6(record, key2) {
7847
+ return Object.prototype.hasOwnProperty.call(record, key2) ? record[key2] : void 0;
7848
+ }
7690
7849
  function createFallbackOAuthError(status) {
7691
7850
  const error3 = status === 503 ? "temporarily_unavailable" : "server_error";
7692
7851
  return new OAuthError({ error: error3 }, status);
@@ -7791,7 +7950,11 @@ function createDefaultOAuthClientProvider(options) {
7791
7950
  while (true) {
7792
7951
  try {
7793
7952
  refreshedTokens = await refreshAccessToken({
7794
- tokenEndpoint: discovery.authorizationServerMetadata.token_endpoint,
7953
+ tokenEndpoint: requireOwnString(
7954
+ discovery.authorizationServerMetadata,
7955
+ "token_endpoint",
7956
+ "Authorization server metadata"
7957
+ ),
7795
7958
  clientId: session.client.clientId,
7796
7959
  clientSecret: session.client.clientSecret,
7797
7960
  refreshToken: session.tokens.refreshToken,
@@ -7879,7 +8042,11 @@ function createDefaultOAuthClientProvider(options) {
7879
8042
  });
7880
8043
  const code = await loopback.waitForCode(authorizationUrl);
7881
8044
  const tokens = await exchangeAuthorizationCode({
7882
- tokenEndpoint: discovery.authorizationServerMetadata.token_endpoint,
8045
+ tokenEndpoint: requireOwnString(
8046
+ discovery.authorizationServerMetadata,
8047
+ "token_endpoint",
8048
+ "Authorization server metadata"
8049
+ ),
7883
8050
  clientId: resolvedClient.client.clientId,
7884
8051
  clientSecret: resolvedClient.client.clientSecret,
7885
8052
  code,
@@ -7932,7 +8099,10 @@ function createDefaultOAuthClientProvider(options) {
7932
8099
  }
7933
8100
  };
7934
8101
  }
7935
- const registrationEndpoint = discovery.authorizationServerMetadata.registration_endpoint;
8102
+ const registrationEndpoint = getOwnString2(
8103
+ discovery.authorizationServerMetadata,
8104
+ "registration_endpoint"
8105
+ );
7936
8106
  if (registrationEndpoint === void 0 && options.client.clientId !== void 0) {
7937
8107
  return {
7938
8108
  kind: "static",
@@ -7984,12 +8154,14 @@ function createDefaultOAuthClientProvider(options) {
7984
8154
  body: JSON.stringify(registrationBody)
7985
8155
  });
7986
8156
  const payload = await readOAuthJsonObjectResponse(response);
7987
- if (typeof payload.client_id !== "string" || payload.client_id.trim().length === 0) {
8157
+ const clientId = getOwnString2(payload, "client_id");
8158
+ if (clientId === void 0 || clientId.trim().length === 0) {
7988
8159
  throw new Error("OAuth client registration response missing client_id");
7989
8160
  }
8161
+ const clientSecret = getOwnString2(payload, "client_secret");
7990
8162
  const registeredClient = {
7991
- clientId: payload.client_id,
7992
- clientSecret: typeof payload.client_secret === "string" && payload.client_secret.length > 0 ? payload.client_secret : void 0
8163
+ clientId,
8164
+ clientSecret: clientSecret !== void 0 && clientSecret.length > 0 ? clientSecret : void 0
7993
8165
  };
7994
8166
  await saveRegisteredClient(discovery.authorizationServer, registeredClient);
7995
8167
  return {
@@ -8015,12 +8187,13 @@ function createDefaultOAuthClientProvider(options) {
8015
8187
  return null;
8016
8188
  }
8017
8189
  const client = await clientStore.load(issuer);
8018
- if (client !== null && !isUsableClient(client)) {
8190
+ const normalizedClient = client === null ? null : normalizeStoredClient(client);
8191
+ if (client !== null && normalizedClient === null) {
8019
8192
  await clientStore.clear(issuer);
8020
8193
  return null;
8021
8194
  }
8022
- registeredClients.set(issuer, client);
8023
- return client;
8195
+ registeredClients.set(issuer, normalizedClient);
8196
+ return normalizedClient;
8024
8197
  }
8025
8198
  async function saveRegisteredClient(issuer, client) {
8026
8199
  registeredClients.set(issuer, client);
@@ -8036,7 +8209,7 @@ function createDefaultOAuthClientProvider(options) {
8036
8209
  }
8037
8210
  }
8038
8211
  function isProviderOptions(options) {
8039
- return "provider" in options;
8212
+ return Object.prototype.hasOwnProperty.call(options, "provider");
8040
8213
  }
8041
8214
  function isExpired(tokens, now) {
8042
8215
  return tokens.expiresAt !== null && tokens.expiresAt <= now();
@@ -8052,7 +8225,14 @@ function resolveDiscovery(discovery, session) {
8052
8225
  return void 0;
8053
8226
  }
8054
8227
  const metadata = session.discovery.authorizationServerMetadata;
8055
- if (typeof metadata.issuer !== "string" || typeof metadata.authorization_endpoint !== "string" || typeof metadata.token_endpoint !== "string" || !Array.isArray(metadata.code_challenge_methods_supported) || !metadata.code_challenge_methods_supported.includes("S256")) {
8228
+ const issuer = getOwnString2(metadata, "issuer");
8229
+ const authorizationEndpoint = getOwnString2(metadata, "authorization_endpoint");
8230
+ const tokenEndpoint = getOwnString2(metadata, "token_endpoint");
8231
+ const codeChallengeMethodsSupported = getOwnStringArray(
8232
+ metadata,
8233
+ "code_challenge_methods_supported"
8234
+ );
8235
+ if (issuer === void 0 || authorizationEndpoint === void 0 || tokenEndpoint === void 0 || codeChallengeMethodsSupported === void 0 || !codeChallengeMethodsSupported.includes("S256")) {
8056
8236
  return void 0;
8057
8237
  }
8058
8238
  return {
@@ -8076,29 +8256,94 @@ function normalizeLoadedSession(session) {
8076
8256
  if (session === null) {
8077
8257
  return null;
8078
8258
  }
8079
- if (!isUsableClient(session.client)) {
8259
+ const client = normalizeStoredClient(getOwnEntry7(session, "client"));
8260
+ if (client === null) {
8080
8261
  return { ...session, client: { clientId: "" }, tokens: void 0 };
8081
8262
  }
8082
- return isUsableTokens(session.tokens) ? session : { ...session, tokens: void 0 };
8263
+ return {
8264
+ ...session,
8265
+ client,
8266
+ tokens: normalizeStoredTokens(getOwnEntry7(session, "tokens"))
8267
+ };
8083
8268
  }
8084
- function isUsableClient(client) {
8085
- return typeof client.clientId === "string" && client.clientId.trim().length > 0 && (client.clientSecret === void 0 || typeof client.clientSecret === "string" && client.clientSecret.trim().length > 0);
8269
+ function normalizeStoredClient(value) {
8270
+ if (!isObjectRecord3(value)) {
8271
+ return null;
8272
+ }
8273
+ const clientId = getOwnString2(value, "clientId");
8274
+ if (clientId === void 0 || clientId.trim().length === 0) {
8275
+ return null;
8276
+ }
8277
+ const clientSecret = getOwnEntry7(value, "clientSecret");
8278
+ if (clientSecret === void 0) {
8279
+ return { clientId };
8280
+ }
8281
+ if (typeof clientSecret !== "string" || clientSecret.trim().length === 0) {
8282
+ return null;
8283
+ }
8284
+ return { clientId, clientSecret };
8086
8285
  }
8087
- function isUsableTokens(tokens) {
8088
- if (tokens === void 0) {
8089
- return true;
8286
+ function normalizeStoredTokens(value) {
8287
+ if (value === void 0 || !isObjectRecord3(value)) {
8288
+ return void 0;
8289
+ }
8290
+ const accessToken = getOwnString2(value, "accessToken");
8291
+ const tokenType = getOwnString2(value, "tokenType");
8292
+ const expiresAt = getOwnEntry7(value, "expiresAt");
8293
+ const refreshToken = getOwnEntry7(value, "refreshToken");
8294
+ const scope = getOwnString2(value, "scope");
8295
+ const normalizedRefreshToken = typeof refreshToken === "string" ? refreshToken : void 0;
8296
+ if (accessToken === void 0 || accessToken.trim().length === 0 || tokenType !== "Bearer" || !(expiresAt === null || typeof expiresAt === "number" && Number.isFinite(expiresAt)) || refreshToken !== void 0 && (typeof refreshToken !== "string" || refreshToken.trim().length === 0)) {
8297
+ return void 0;
8090
8298
  }
8091
- return typeof tokens.accessToken === "string" && tokens.accessToken.trim().length > 0 && tokens.tokenType === "Bearer" && (tokens.expiresAt === null || typeof tokens.expiresAt === "number" && Number.isFinite(tokens.expiresAt)) && (tokens.refreshToken === void 0 || typeof tokens.refreshToken === "string" && tokens.refreshToken.trim().length > 0);
8299
+ return {
8300
+ accessToken,
8301
+ tokenType,
8302
+ expiresAt,
8303
+ ...normalizedRefreshToken === void 0 ? {} : { refreshToken: normalizedRefreshToken },
8304
+ ...scope === void 0 || scope.length === 0 ? {} : { scope }
8305
+ };
8092
8306
  }
8093
8307
  function getClientMetadata(client) {
8094
8308
  return client.metadata;
8095
8309
  }
8310
+ function getOwnEntry7(record, key2) {
8311
+ return Object.prototype.hasOwnProperty.call(record, key2) ? record[key2] : void 0;
8312
+ }
8313
+ function isObjectRecord3(value) {
8314
+ return typeof value === "object" && value !== null && !Array.isArray(value);
8315
+ }
8316
+ function getOwnString2(record, key2) {
8317
+ const value = getOwnEntry7(record, key2);
8318
+ return typeof value === "string" ? value : void 0;
8319
+ }
8320
+ function requireOwnString(record, key2, label) {
8321
+ const value = getOwnString2(record, key2);
8322
+ if (value === void 0) {
8323
+ throw new Error(`${label} is missing ${key2}`);
8324
+ }
8325
+ return value;
8326
+ }
8327
+ function getOwnStringArray(record, key2) {
8328
+ const value = getOwnEntry7(record, key2);
8329
+ return Array.isArray(value) && value.every((entry) => typeof entry === "string") ? value : void 0;
8330
+ }
8096
8331
  function buildAuthorizationUrl(input) {
8097
- const url = new URL2(input.metadata.authorization_endpoint);
8332
+ const authorizationEndpoint = requireOwnString(
8333
+ input.metadata,
8334
+ "authorization_endpoint",
8335
+ "Authorization server metadata"
8336
+ );
8337
+ const issuer = requireOwnString(
8338
+ input.metadata,
8339
+ "issuer",
8340
+ "Authorization server metadata"
8341
+ );
8342
+ const url = new URL2(authorizationEndpoint);
8098
8343
  const resource = canonicalizeResourceIndicator(input.resource);
8099
8344
  const state = createAuthorizationState({
8100
- issuer: input.metadata.issuer,
8101
- requireIssuer: input.metadata.authorization_response_iss_parameter_supported === true
8345
+ issuer,
8346
+ requireIssuer: getOwnEntry7(input.metadata, "authorization_response_iss_parameter_supported") === true
8102
8347
  });
8103
8348
  url.searchParams.set("response_type", "code");
8104
8349
  url.searchParams.set("client_id", input.clientId);
@@ -8113,7 +8358,7 @@ function buildAuthorizationUrl(input) {
8113
8358
  return url.toString();
8114
8359
  }
8115
8360
  function assertS256PkceSupport(metadata) {
8116
- if (!metadata.code_challenge_methods_supported.includes("S256")) {
8361
+ if (!getOwnStringArray(metadata, "code_challenge_methods_supported")?.includes("S256")) {
8117
8362
  throw new Error(
8118
8363
  "Authorization server metadata must advertise code_challenge_methods_supported including S256"
8119
8364
  );
@@ -8137,13 +8382,24 @@ function assertSecureUrl(value, label) {
8137
8382
  throw new Error(`${label} must use https unless it targets a loopback host`);
8138
8383
  }
8139
8384
  function assertSecureOAuthFlowEndpoints(metadata) {
8140
- assertNoAccessTokenInUrl(metadata.authorization_endpoint, "Authorization endpoint");
8141
- assertNoAccessTokenInUrl(metadata.token_endpoint, "Token endpoint");
8142
- assertSecureUrl(metadata.authorization_endpoint, "Authorization endpoint");
8143
- assertSecureUrl(metadata.token_endpoint, "Token endpoint");
8144
- if (metadata.registration_endpoint !== void 0) {
8145
- assertNoAccessTokenInUrl(metadata.registration_endpoint, "Registration endpoint");
8146
- assertSecureUrl(metadata.registration_endpoint, "Registration endpoint");
8385
+ const authorizationEndpoint = requireOwnString(
8386
+ metadata,
8387
+ "authorization_endpoint",
8388
+ "Authorization server metadata"
8389
+ );
8390
+ const tokenEndpoint = requireOwnString(
8391
+ metadata,
8392
+ "token_endpoint",
8393
+ "Authorization server metadata"
8394
+ );
8395
+ const registrationEndpoint = getOwnString2(metadata, "registration_endpoint");
8396
+ assertNoAccessTokenInUrl(authorizationEndpoint, "Authorization endpoint");
8397
+ assertNoAccessTokenInUrl(tokenEndpoint, "Token endpoint");
8398
+ assertSecureUrl(authorizationEndpoint, "Authorization endpoint");
8399
+ assertSecureUrl(tokenEndpoint, "Token endpoint");
8400
+ if (registrationEndpoint !== void 0) {
8401
+ assertNoAccessTokenInUrl(registrationEndpoint, "Registration endpoint");
8402
+ assertSecureUrl(registrationEndpoint, "Registration endpoint");
8147
8403
  }
8148
8404
  }
8149
8405
  function assertNoAccessTokenInUrl(value, label) {
@@ -8166,17 +8422,21 @@ function buildClientRegistrationBody(metadata, redirectUri) {
8166
8422
  response_types: ["code"],
8167
8423
  token_endpoint_auth_method: "none"
8168
8424
  };
8169
- if (metadata?.clientName !== void 0 && metadata.clientName.length > 0) {
8170
- body.client_name = metadata.clientName;
8425
+ const clientName = metadata === void 0 ? void 0 : getOwnString2(metadata, "clientName");
8426
+ const scope = metadata === void 0 ? void 0 : getOwnString2(metadata, "scope");
8427
+ const softwareId = metadata === void 0 ? void 0 : getOwnString2(metadata, "softwareId");
8428
+ const softwareVersion = metadata === void 0 ? void 0 : getOwnString2(metadata, "softwareVersion");
8429
+ if (clientName !== void 0 && clientName.length > 0) {
8430
+ body.client_name = clientName;
8171
8431
  }
8172
- if (metadata?.scope !== void 0 && metadata.scope.length > 0) {
8173
- body.scope = metadata.scope;
8432
+ if (scope !== void 0 && scope.length > 0) {
8433
+ body.scope = scope;
8174
8434
  }
8175
- if (metadata?.softwareId !== void 0 && metadata.softwareId.length > 0) {
8176
- body.software_id = metadata.softwareId;
8435
+ if (softwareId !== void 0 && softwareId.length > 0) {
8436
+ body.software_id = softwareId;
8177
8437
  }
8178
- if (metadata?.softwareVersion !== void 0 && metadata.softwareVersion.length > 0) {
8179
- body.software_version = metadata.softwareVersion;
8438
+ if (softwareVersion !== void 0 && softwareVersion.length > 0) {
8439
+ body.software_version = softwareVersion;
8180
8440
  }
8181
8441
  return body;
8182
8442
  }
@@ -8212,7 +8472,7 @@ import {
8212
8472
  function defaultOAuthMetadataFetch(input, init) {
8213
8473
  return fetch(input, init);
8214
8474
  }
8215
- function isObjectRecord(value) {
8475
+ function isObjectRecord4(value) {
8216
8476
  return typeof value === "object" && value !== null && !Array.isArray(value);
8217
8477
  }
8218
8478
  function isStringArray(value) {
@@ -8235,7 +8495,7 @@ function assertSecureUrl2(url, label) {
8235
8495
  throw new Error(`${label} must use https unless it targets a loopback host`);
8236
8496
  }
8237
8497
  function validateProtectedResourceMetadata(value, resourceUrl) {
8238
- if (!isObjectRecord(value)) {
8498
+ if (!isObjectRecord4(value)) {
8239
8499
  throw new Error("Protected resource metadata must be a JSON object");
8240
8500
  }
8241
8501
  if (typeof value.resource !== "string" || value.resource.length === 0) {
@@ -8258,7 +8518,7 @@ function validateProtectedResourceMetadata(value, resourceUrl) {
8258
8518
  };
8259
8519
  }
8260
8520
  function validateAuthorizationServerMetadata(value, issuer) {
8261
- if (!isObjectRecord(value)) {
8521
+ if (!isObjectRecord4(value)) {
8262
8522
  throw new Error("Authorization server metadata must be a JSON object");
8263
8523
  }
8264
8524
  if (typeof value.issuer !== "string" || value.issuer.length === 0) {
@@ -8711,7 +8971,7 @@ var McpClient = class {
8711
8971
  await onPromptsChanged();
8712
8972
  });
8713
8973
  messageLayer.onNotification("notifications/message", async (params17) => {
8714
- if (onLog === void 0 || !isObjectRecord2(params17) || !isLogLevel(params17.level)) {
8974
+ if (onLog === void 0 || !isObjectRecord5(params17) || !isLogLevel(params17.level)) {
8715
8975
  return;
8716
8976
  }
8717
8977
  if (!hasOwn(params17, "data")) {
@@ -8730,7 +8990,7 @@ var McpClient = class {
8730
8990
  await onLog(message2);
8731
8991
  });
8732
8992
  messageLayer.onNotification("notifications/progress", async (params17) => {
8733
- if (onProgress === void 0 || !isObjectRecord2(params17)) {
8993
+ if (onProgress === void 0 || !isObjectRecord5(params17)) {
8734
8994
  return;
8735
8995
  }
8736
8996
  const { progressToken, progress } = params17;
@@ -9931,7 +10191,7 @@ var JsonRpcMessageLayer = class {
9931
10191
  })();
9932
10192
  }
9933
10193
  handleCancellationNotification(params17) {
9934
- if (!isObjectRecord2(params17)) {
10194
+ if (!isObjectRecord5(params17)) {
9935
10195
  return;
9936
10196
  }
9937
10197
  const requestId = params17.requestId;
@@ -9946,34 +10206,34 @@ var JsonRpcMessageLayer = class {
9946
10206
  this.activeIncomingRequests.delete(requestId);
9947
10207
  }
9948
10208
  };
9949
- function isObjectRecord2(value) {
10209
+ function isObjectRecord5(value) {
9950
10210
  return typeof value === "object" && value !== null && !Array.isArray(value);
9951
10211
  }
9952
10212
  function isInitializeResult(value) {
9953
- if (!isObjectRecord2(value) || typeof value.protocolVersion !== "string") {
10213
+ if (!isObjectRecord5(value) || typeof value.protocolVersion !== "string") {
9954
10214
  return false;
9955
10215
  }
9956
10216
  if (!isServerCapabilities(value.capabilities)) {
9957
10217
  return false;
9958
10218
  }
9959
- if (!isObjectRecord2(value.serverInfo) || typeof value.serverInfo.name !== "string" || value.serverInfo.name.length === 0 || typeof value.serverInfo.version !== "string" || value.serverInfo.version.length === 0) {
10219
+ if (!isObjectRecord5(value.serverInfo) || typeof value.serverInfo.name !== "string" || value.serverInfo.name.length === 0 || typeof value.serverInfo.version !== "string" || value.serverInfo.version.length === 0) {
9960
10220
  return false;
9961
10221
  }
9962
10222
  return value.instructions === void 0 || typeof value.instructions === "string";
9963
10223
  }
9964
10224
  function isServerCapabilities(value) {
9965
- if (!isObjectRecord2(value)) {
10225
+ if (!isObjectRecord5(value)) {
9966
10226
  return false;
9967
10227
  }
9968
10228
  for (const capability of ["prompts", "resources", "tools", "logging", "completions", "experimental"]) {
9969
- if (value[capability] !== void 0 && !isObjectRecord2(value[capability])) {
10229
+ if (value[capability] !== void 0 && !isObjectRecord5(value[capability])) {
9970
10230
  return false;
9971
10231
  }
9972
10232
  }
9973
10233
  return true;
9974
10234
  }
9975
10235
  function isCallToolResult(value) {
9976
- if (!isObjectRecord2(value) || !Array.isArray(value.content)) {
10236
+ if (!isObjectRecord5(value) || !Array.isArray(value.content)) {
9977
10237
  return false;
9978
10238
  }
9979
10239
  if (value.isError !== void 0 && typeof value.isError !== "boolean") {
@@ -9982,10 +10242,10 @@ function isCallToolResult(value) {
9982
10242
  return value.content.every(isContentItem);
9983
10243
  }
9984
10244
  function isToolsListResult(value) {
9985
- return isObjectRecord2(value) && Array.isArray(value.tools) && (value.nextCursor === void 0 || typeof value.nextCursor === "string");
10245
+ return isObjectRecord5(value) && Array.isArray(value.tools) && (value.nextCursor === void 0 || typeof value.nextCursor === "string");
9986
10246
  }
9987
10247
  function isContentItem(value) {
9988
- if (!isObjectRecord2(value)) {
10248
+ if (!isObjectRecord5(value)) {
9989
10249
  return false;
9990
10250
  }
9991
10251
  if (value.type === "text") {
@@ -9994,7 +10254,7 @@ function isContentItem(value) {
9994
10254
  if (value.type === "image" || value.type === "audio") {
9995
10255
  return typeof value.data === "string" && typeof value.mimeType === "string";
9996
10256
  }
9997
- if (value.type !== "resource" || !isObjectRecord2(value.resource)) {
10257
+ if (value.type !== "resource" || !isObjectRecord5(value.resource)) {
9998
10258
  return false;
9999
10259
  }
10000
10260
  return typeof value.resource.uri === "string" && (value.resource.mimeType === void 0 || typeof value.resource.mimeType === "string") && (typeof value.resource.text === "string" || typeof value.resource.blob === "string");
@@ -10018,7 +10278,7 @@ function invalidRequest() {
10018
10278
  return new McpError(ERROR_INVALID_REQUEST, "Invalid Request");
10019
10279
  }
10020
10280
  function isJsonRpcErrorObject(value) {
10021
- if (!isObjectRecord2(value)) {
10281
+ if (!isObjectRecord5(value)) {
10022
10282
  return false;
10023
10283
  }
10024
10284
  if (typeof value.code !== "number" || typeof value.message !== "string") {
@@ -10027,7 +10287,7 @@ function isJsonRpcErrorObject(value) {
10027
10287
  return value.data === void 0 || hasOwn(value, "data");
10028
10288
  }
10029
10289
  function parseJsonRpcPayload(parsed) {
10030
- if (!isObjectRecord2(parsed)) {
10290
+ if (!isObjectRecord5(parsed)) {
10031
10291
  return {
10032
10292
  type: "invalid",
10033
10293
  id: null,
@@ -10354,7 +10614,11 @@ function convertObjectSchema(schema, root, options) {
10354
10614
  "properties",
10355
10615
  key2
10356
10616
  ]);
10357
- shape[key2] = requiredKeys.has(key2) ? convertedProperty : S.Optional(convertedProperty);
10617
+ setOwnShapeProperty(
10618
+ shape,
10619
+ key2,
10620
+ requiredKeys.has(key2) ? convertedProperty : S.Optional(convertedProperty)
10621
+ );
10358
10622
  }
10359
10623
  return applyMetadata(
10360
10624
  S.Object(shape, {
@@ -10366,6 +10630,14 @@ function convertObjectSchema(schema, root, options) {
10366
10630
  }
10367
10631
  );
10368
10632
  }
10633
+ function setOwnShapeProperty(shape, key2, value) {
10634
+ Object.defineProperty(shape, key2, {
10635
+ configurable: true,
10636
+ enumerable: true,
10637
+ writable: true,
10638
+ value
10639
+ });
10640
+ }
10369
10641
  function createCommonOptions(schema, nullable, defaultValue) {
10370
10642
  return {
10371
10643
  ...schema.description === void 0 ? {} : { description: schema.description },
@@ -10616,6 +10888,9 @@ function resolveLocalRef(root, ref) {
10616
10888
  if (!isPlainObject(current)) {
10617
10889
  return void 0;
10618
10890
  }
10891
+ if (!Object.prototype.hasOwnProperty.call(current, segment)) {
10892
+ return void 0;
10893
+ }
10619
10894
  current = current[segment];
10620
10895
  }
10621
10896
  return isPlainObject(current) ? current : void 0;
@@ -10855,8 +11130,7 @@ async function readCache(cachePath) {
10855
11130
  version: parsed.version === 1 ? 1 : 1
10856
11131
  };
10857
11132
  } catch (error3) {
10858
- const code = error3.code;
10859
- if (code === "ENOENT" || error3 instanceof SyntaxError) {
11133
+ if (hasOwnErrorCode(error3, "ENOENT") || error3 instanceof SyntaxError) {
10860
11134
  return void 0;
10861
11135
  }
10862
11136
  return void 0;
@@ -10864,16 +11138,32 @@ async function readCache(cachePath) {
10864
11138
  }
10865
11139
  async function writeCache(cachePath, cache) {
10866
11140
  const directory = path12.dirname(cachePath);
10867
- const tempPath = `${cachePath}.tmp-${randomUUID2()}`;
11141
+ const tempPath = `${cachePath}.tmp-${randomUUID4()}`;
11142
+ let tempCreated = false;
10868
11143
  await assertCachePathHasNoSymlinks(cachePath);
10869
11144
  await assertCachePathHasNoSymlinks(tempPath);
10870
11145
  await mkdir(directory, { recursive: true });
10871
11146
  await assertCachePathHasNoSymlinks(directory);
10872
- await writeFile3(tempPath, `${JSON.stringify(cache, null, 2)}
10873
- `);
10874
- await assertCachePathHasNoSymlinks(tempPath);
10875
- await assertCachePathHasNoSymlinks(cachePath);
10876
- await rename2(tempPath, cachePath);
11147
+ try {
11148
+ await writeFile3(tempPath, `${JSON.stringify(cache, null, 2)}
11149
+ `, {
11150
+ encoding: "utf8",
11151
+ flag: "wx"
11152
+ });
11153
+ tempCreated = true;
11154
+ await assertCachePathHasNoSymlinks(tempPath);
11155
+ await assertCachePathHasNoSymlinks(cachePath);
11156
+ await rename2(tempPath, cachePath);
11157
+ tempCreated = false;
11158
+ } catch (error3) {
11159
+ if (tempCreated || !isAlreadyExistsError2(error3)) {
11160
+ await unlink2(tempPath).catch(() => void 0);
11161
+ }
11162
+ throw error3;
11163
+ }
11164
+ }
11165
+ function isAlreadyExistsError2(error3) {
11166
+ return hasOwnErrorCode(error3, "EEXIST");
10877
11167
  }
10878
11168
  async function fetchCache(name, config2) {
10879
11169
  const logger2 = createLogger((message2) => {
@@ -11077,7 +11367,7 @@ async function assertCachePathHasNoSymlinks(filePath) {
11077
11367
  throw new Error(`MCP cache path must not contain symbolic links: ${currentPath}.`);
11078
11368
  }
11079
11369
  } catch (error3) {
11080
- if (error3.code !== "ENOENT") {
11370
+ if (!hasOwnErrorCode(error3, "ENOENT")) {
11081
11371
  throw error3;
11082
11372
  }
11083
11373
  }
@@ -11613,7 +11903,7 @@ async function writeErrorReport(context) {
11613
11903
  }
11614
11904
  const projectRoot = resolveProjectRoot(context.projectRoot);
11615
11905
  const reportDir = resolveReportDir(context.errorReports, projectRoot);
11616
- const fileName = `${formatTimestamp(/* @__PURE__ */ new Date())}-${slugifyCommandPath(context.commandPath)}-${randomUUID3()}.log`;
11906
+ const fileName = `${formatTimestamp(/* @__PURE__ */ new Date())}-${slugifyCommandPath(context.commandPath)}-${randomUUID5()}.log`;
11617
11907
  const absolutePath = path13.join(reportDir, fileName);
11618
11908
  await mkdir2(reportDir, { recursive: true });
11619
11909
  if (reportDirMustStayWithinProject(context.errorReports)) {
@@ -12525,7 +12815,7 @@ function getJsonParseErrorLocation(error3, source) {
12525
12815
  return null;
12526
12816
  }
12527
12817
  function getJsonParseCauseLocation(error3) {
12528
- if (typeof error3 !== "object" || error3 === null || !("cause" in error3)) {
12818
+ if (typeof error3 !== "object" || error3 === null || !hasOwnProperty3(error3, "cause")) {
12529
12819
  return null;
12530
12820
  }
12531
12821
  const cause = error3.cause;
@@ -12537,7 +12827,7 @@ function getJsonParseCauseLocation(error3) {
12537
12827
  return { line, column };
12538
12828
  }
12539
12829
  function getNumericProperty(value, key2) {
12540
- if (typeof value !== "object" || value === null || !(key2 in value)) {
12830
+ if (typeof value !== "object" || value === null || !hasOwnProperty3(value, key2)) {
12541
12831
  return null;
12542
12832
  }
12543
12833
  const propertyValue = value[key2];
@@ -13092,10 +13382,10 @@ function renderHelpSections(sections) {
13092
13382
  return sections.filter((section) => section.length > 0).join("\n\n");
13093
13383
  }
13094
13384
  function formatHelpCommandList(rows) {
13095
- return process.stdout.isTTY === false ? help_formatter_plain_exports.formatCommandList(rows) : formatCommandList(rows);
13385
+ return process.stdout.isTTY !== true ? help_formatter_plain_exports.formatCommandList(rows) : formatCommandList(rows);
13096
13386
  }
13097
13387
  function formatHelpOptionList(rows) {
13098
- return process.stdout.isTTY === false ? help_formatter_plain_exports.formatOptionList(rows) : formatOptionList(rows);
13388
+ return process.stdout.isTTY !== true ? help_formatter_plain_exports.formatOptionList(rows) : formatOptionList(rows);
13099
13389
  }
13100
13390
  function buildUsageLine(breadcrumb, rootUsageName, suffix) {
13101
13391
  const visibleBreadcrumb = breadcrumb.filter((segment) => segment.length > 0);
@@ -13383,11 +13673,18 @@ function formatResolvedValue(value) {
13383
13673
  function fieldPromptLabel(field) {
13384
13674
  return field.positionalIndex === void 0 ? field.optionFlag : `<${field.displayPath}>`;
13385
13675
  }
13676
+ function enumOptionLabel(schema, value) {
13677
+ const key2 = String(value);
13678
+ if (schema.labels === void 0 || !Object.prototype.hasOwnProperty.call(schema.labels, key2)) {
13679
+ return key2;
13680
+ }
13681
+ return schema.labels[key2] ?? key2;
13682
+ }
13386
13683
  async function promptForField(field) {
13387
13684
  const schema = field.schema;
13388
13685
  if (schema.kind === "enum") {
13389
13686
  const options = schema.loadOptions ? await schema.loadOptions() : schema.values.map((value) => ({
13390
- label: schema.labels?.[String(value)] ?? String(value),
13687
+ label: enumOptionLabel(schema, value),
13391
13688
  value
13392
13689
  }));
13393
13690
  const selected = await select2({
@@ -13472,8 +13769,8 @@ async function withOutputFormat2(output, fn) {
13472
13769
  function createFs2() {
13473
13770
  return {
13474
13771
  readFile: async (path24, encoding = "utf8") => readFile4(path24, { encoding }),
13475
- writeFile: async (path24, contents) => {
13476
- await writeFile5(path24, contents);
13772
+ writeFile: async (path24, contents, options) => {
13773
+ await writeFile5(path24, contents, options);
13477
13774
  },
13478
13775
  exists: async (path24) => {
13479
13776
  try {
@@ -13485,7 +13782,7 @@ function createFs2() {
13485
13782
  },
13486
13783
  lstat: async (path24) => lstat3(path24),
13487
13784
  rename: async (fromPath, toPath) => rename3(fromPath, toPath),
13488
- unlink: async (path24) => unlink2(path24)
13785
+ unlink: async (path24) => unlink3(path24)
13489
13786
  };
13490
13787
  }
13491
13788
  function createEnv2(values = process.env) {
@@ -13587,7 +13884,7 @@ async function loadPresetValues(fields, presetPath) {
13587
13884
  encoding: "utf8"
13588
13885
  });
13589
13886
  } catch (error3) {
13590
- if (typeof error3 === "object" && error3 !== null && "code" in error3 && error3.code === "ENOENT") {
13887
+ if (hasOwnErrorCode(error3, "ENOENT")) {
13591
13888
  throw new UserError(`Preset file "${presetPath}" was not found.`);
13592
13889
  }
13593
13890
  const message2 = error3 instanceof Error && error3.message.length > 0 ? error3.message : "Unknown read error.";
@@ -14686,10 +14983,10 @@ function isHttpErrorLike(error3) {
14686
14983
  }
14687
14984
  const request = error3.request;
14688
14985
  const response = error3.response;
14689
- return isPlainObject4(request) && typeof request.method === "string" && typeof request.url === "string" && isStringRecord(request.headers) && isPlainObject4(response) && typeof response.status === "number" && typeof response.statusText === "string" && isStringRecord(response.headers) && "body" in response;
14986
+ return isPlainObject4(request) && typeof request.method === "string" && typeof request.url === "string" && isStringRecord(request.headers) && isPlainObject4(response) && typeof response.status === "number" && typeof response.statusText === "string" && isStringRecord(response.headers) && hasOwnProperty3(response, "body");
14690
14987
  }
14691
14988
  function hasTypedOptionalField(value, field, type2) {
14692
- return !(field in value) || typeof value[field] === type2;
14989
+ return !hasOwnProperty3(value, field) || typeof value[field] === type2;
14693
14990
  }
14694
14991
  function isNonEmptyString(value) {
14695
14992
  return typeof value === "string" && value.trim().length > 0;
@@ -14713,7 +15010,7 @@ function isProblemDetailsLike(body) {
14713
15010
  if (!hasTypedOptionalField(body, "instance", "string")) {
14714
15011
  return false;
14715
15012
  }
14716
- return isNonEmptyString(body.title) || isNonEmptyString(body.detail);
15013
+ return hasOwnNonEmptyString(body, "title") || hasOwnNonEmptyString(body, "detail");
14717
15014
  }
14718
15015
  function isGraphQLErrorEnvelopeLike(body) {
14719
15016
  if (!isPlainObject4(body) || !Array.isArray(body.errors) || body.errors.length === 0) {
@@ -14723,44 +15020,50 @@ function isGraphQLErrorEnvelopeLike(body) {
14723
15020
  if (!isPlainObject4(error3) || typeof error3.message !== "string") {
14724
15021
  return false;
14725
15022
  }
14726
- if ("path" in error3) {
15023
+ if (hasOwnProperty3(error3, "path")) {
14727
15024
  const pathValue = error3.path;
14728
15025
  if (!Array.isArray(pathValue) || !pathValue.every((entry) => typeof entry === "string" || typeof entry === "number")) {
14729
15026
  return false;
14730
15027
  }
14731
15028
  }
14732
- if ("extensions" in error3) {
15029
+ if (hasOwnProperty3(error3, "extensions")) {
14733
15030
  if (!isPlainObject4(error3.extensions)) {
14734
15031
  return false;
14735
15032
  }
14736
- if ("code" in error3.extensions && typeof error3.extensions.code !== "string") {
15033
+ if (hasOwnProperty3(error3.extensions, "code") && typeof error3.extensions.code !== "string") {
14737
15034
  return false;
14738
15035
  }
14739
15036
  }
14740
15037
  return true;
14741
15038
  });
14742
15039
  }
15040
+ function hasOwnProperty3(value, name) {
15041
+ return Object.prototype.hasOwnProperty.call(value, name);
15042
+ }
15043
+ function hasOwnNonEmptyString(value, name) {
15044
+ return hasOwnProperty3(value, name) && isNonEmptyString(value[name]);
15045
+ }
14743
15046
  function styleHttpErrorLine(value, style) {
14744
- return process.stdout.isTTY === false ? value : style(value);
15047
+ return process.stdout.isTTY !== true ? value : style(value);
14745
15048
  }
14746
15049
  function formatHttpErrorStatus(value) {
14747
15050
  return styleHttpErrorLine(value, text.error);
14748
15051
  }
14749
15052
  function formatProblemDetailsBody(body) {
14750
15053
  const lines = [];
14751
- if (isNonEmptyString(body.title)) {
15054
+ if (hasOwnNonEmptyString(body, "title")) {
14752
15055
  lines.push(`Problem: ${body.title}`);
14753
15056
  }
14754
- if (isNonEmptyString(body.detail)) {
15057
+ if (hasOwnNonEmptyString(body, "detail")) {
14755
15058
  lines.push(`Detail: ${body.detail}`);
14756
15059
  }
14757
- if (body.type !== void 0) {
15060
+ if (hasOwnProperty3(body, "type") && body.type !== void 0) {
14758
15061
  lines.push(`Type: ${body.type}`);
14759
15062
  }
14760
- if (body.instance !== void 0) {
15063
+ if (hasOwnProperty3(body, "instance") && body.instance !== void 0) {
14761
15064
  lines.push(`Instance: ${body.instance}`);
14762
15065
  }
14763
- if (body.status !== void 0) {
15066
+ if (hasOwnProperty3(body, "status") && body.status !== void 0) {
14764
15067
  lines.push(`Status: ${body.status}`);
14765
15068
  }
14766
15069
  return lines.join("\n");
@@ -14768,10 +15071,10 @@ function formatProblemDetailsBody(body) {
14768
15071
  function formatGraphQLErrorEnvelopeBody(body) {
14769
15072
  return body.errors.map((error3) => {
14770
15073
  const lines = [`GraphQL error: ${error3.message}`];
14771
- if (error3.path !== void 0) {
15074
+ if (hasOwnProperty3(error3, "path") && error3.path !== void 0) {
14772
15075
  lines.push(` at path: ${error3.path.join(".")}`);
14773
15076
  }
14774
- if (error3.extensions?.code !== void 0) {
15077
+ if (hasOwnProperty3(error3, "extensions") && error3.extensions !== void 0 && hasOwnProperty3(error3.extensions, "code") && error3.extensions.code !== void 0) {
14775
15078
  lines.push(` code: ${error3.extensions.code}`);
14776
15079
  }
14777
15080
  return lines.join("\n");
@@ -15223,7 +15526,7 @@ async function runCLI(roots, options = {}) {
15223
15526
  }
15224
15527
 
15225
15528
  // src/terminal-pilot.ts
15226
- import { randomUUID as randomUUID4 } from "node:crypto";
15529
+ import { randomUUID as randomUUID6 } from "node:crypto";
15227
15530
 
15228
15531
  // src/terminal-session.ts
15229
15532
  import { EventEmitter } from "node:events";
@@ -15232,6 +15535,11 @@ import { createRequire } from "node:module";
15232
15535
  import { dirname, join } from "node:path";
15233
15536
  import * as nodePty from "node-pty";
15234
15537
 
15538
+ // src/errors.ts
15539
+ function hasOwnErrorCode4(error3, code) {
15540
+ return error3 instanceof Error && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === code;
15541
+ }
15542
+
15235
15543
  // src/terminal-buffer.ts
15236
15544
  var RESET_SGR = "\x1B[0m";
15237
15545
  var DEC_SPECIAL_GRAPHICS = {
@@ -16331,10 +16639,7 @@ function ensureSpawnHelperExecutable() {
16331
16639
  }
16332
16640
  }
16333
16641
  function isMissingFileError(error3) {
16334
- if (!(error3 instanceof Error)) {
16335
- return false;
16336
- }
16337
- return "code" in error3 && error3.code === "ENOENT";
16642
+ return hasOwnErrorCode4(error3, "ENOENT");
16338
16643
  }
16339
16644
  function matchPattern(buffer, pattern) {
16340
16645
  const clean = normalizeHistoryBuffer(stripAnsi(buffer));
@@ -16425,7 +16730,7 @@ var TerminalPilot = class _TerminalPilot {
16425
16730
  }
16426
16731
  async newSession(opts) {
16427
16732
  const session = new TerminalSession({
16428
- id: randomUUID4(),
16733
+ id: randomUUID6(),
16429
16734
  command: opts.command,
16430
16735
  args: opts.args,
16431
16736
  cwd: opts.cwd,
@@ -16711,6 +17016,11 @@ var claudeCodeAgent = {
16711
17016
  aliases: ["claude"],
16712
17017
  binaryName: "claude",
16713
17018
  apiShapes: ["anthropic-messages"],
17019
+ otelCapture: {
17020
+ env: {
17021
+ CLAUDE_CODE_ENABLE_TELEMETRY: "1"
17022
+ }
17023
+ },
16714
17024
  configPath: "~/.claude/settings.json",
16715
17025
  branding: {
16716
17026
  colors: {
@@ -16743,6 +17053,16 @@ var codexAgent = {
16743
17053
  summary: "Configure Codex to use Poe as the model provider.",
16744
17054
  binaryName: "codex",
16745
17055
  apiShapes: ["openai-responses"],
17056
+ otelCapture: {
17057
+ args: (endpoint, content) => [
17058
+ "-c",
17059
+ `otel.trace_exporter={"otlp-http"={endpoint=${JSON.stringify(`${endpoint}/v1/traces`)},protocol="json"}}`,
17060
+ "-c",
17061
+ `otel.exporter={"otlp-http"={endpoint=${JSON.stringify(`${endpoint}/v1/logs`)},protocol="json"}}`,
17062
+ "-c",
17063
+ `otel.log_user_prompt=${content}`
17064
+ ]
17065
+ },
16746
17066
  configPath: "~/.codex/config.toml",
16747
17067
  branding: {
16748
17068
  colors: {
@@ -16778,6 +17098,11 @@ var openCodeAgent = {
16778
17098
  summary: "Configure OpenCode CLI to use the Poe API.",
16779
17099
  binaryName: "opencode",
16780
17100
  apiShapes: ["openai-chat-completions"],
17101
+ otelCapture: {
17102
+ env: {
17103
+ OPENCODE_CONFIG_CONTENT: '{"experimental":{"openTelemetry":true}}'
17104
+ }
17105
+ },
16781
17106
  configPath: "~/.config/opencode/config.json",
16782
17107
  branding: {
16783
17108
  colors: {
@@ -16813,6 +17138,7 @@ var gooseAgent = {
16813
17138
  summary: "Block's open-source AI agent with ACP support.",
16814
17139
  binaryName: "goose",
16815
17140
  apiShapes: ["openai-chat-completions"],
17141
+ otelCapture: {},
16816
17142
  configPath: "~/.config/goose/config.yaml",
16817
17143
  branding: {
16818
17144
  colors: {
@@ -16846,6 +17172,12 @@ function freezeAgent(agent) {
16846
17172
  if (agent.apiShapes !== void 0) {
16847
17173
  Object.freeze(agent.apiShapes);
16848
17174
  }
17175
+ if (agent.otelCapture?.env !== void 0) {
17176
+ Object.freeze(agent.otelCapture.env);
17177
+ }
17178
+ if (agent.otelCapture !== void 0) {
17179
+ Object.freeze(agent.otelCapture);
17180
+ }
16849
17181
  Object.freeze(agent.branding.colors);
16850
17182
  Object.freeze(agent.branding);
16851
17183
  return Object.freeze(agent);
@@ -17009,6 +17341,7 @@ var templateMutation = {
17009
17341
  };
17010
17342
 
17011
17343
  // ../config-mutations/src/execution/apply-mutation.ts
17344
+ import { randomUUID as randomUUID7 } from "node:crypto";
17012
17345
  import path17 from "node:path";
17013
17346
 
17014
17347
  // ../config-mutations/src/formats/json.ts
@@ -17084,7 +17417,7 @@ function merge(base, patch) {
17084
17417
  if (value === void 0) {
17085
17418
  continue;
17086
17419
  }
17087
- const existing = result[key2];
17420
+ const existing = hasConfigEntry(result, key2) ? result[key2] : void 0;
17088
17421
  if (isConfigObject(existing) && isConfigObject(value)) {
17089
17422
  setConfigEntry(result, key2, merge(existing, value));
17090
17423
  continue;
@@ -17212,7 +17545,7 @@ function merge2(base, patch) {
17212
17545
  if (value === void 0) {
17213
17546
  continue;
17214
17547
  }
17215
- const existing = result[key2];
17548
+ const existing = hasConfigEntry(result, key2) ? result[key2] : void 0;
17216
17549
  if (isConfigObject2(existing) && isConfigObject2(value)) {
17217
17550
  setConfigEntry(result, key2, merge2(existing, value));
17218
17551
  continue;
@@ -17292,7 +17625,7 @@ function merge3(base, patch) {
17292
17625
  if (value === void 0) {
17293
17626
  continue;
17294
17627
  }
17295
- const existing = result[key2];
17628
+ const existing = hasConfigEntry(result, key2) ? result[key2] : void 0;
17296
17629
  if (isConfigObject3(existing) && isConfigObject3(value)) {
17297
17630
  setConfigEntry(result, key2, merge3(existing, value));
17298
17631
  continue;
@@ -17427,9 +17760,14 @@ function resolvePath(rawPath, homeDir, pathMapper) {
17427
17760
  return filename.length === 0 ? mappedDirectory : path16.join(mappedDirectory, filename);
17428
17761
  }
17429
17762
 
17763
+ // ../config-mutations/src/error-codes.ts
17764
+ function hasOwnErrorCode5(error3, code) {
17765
+ return typeof error3 === "object" && error3 !== null && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === code;
17766
+ }
17767
+
17430
17768
  // ../config-mutations/src/fs-utils.ts
17431
17769
  function isNotFound(error3) {
17432
- return typeof error3 === "object" && error3 !== null && "code" in error3 && error3.code === "ENOENT";
17770
+ return hasOwnErrorCode5(error3, "ENOENT");
17433
17771
  }
17434
17772
  async function readFileIfExists(fs4, target) {
17435
17773
  try {
@@ -17478,6 +17816,7 @@ async function backupInvalidDocument(context, targetPath, content) {
17478
17816
  return;
17479
17817
  } catch (error3) {
17480
17818
  if (!isAlreadyExists(error3)) {
17819
+ await context.fs.unlink(backupPath).catch(() => void 0);
17481
17820
  throw error3;
17482
17821
  }
17483
17822
  attempt += 1;
@@ -17485,7 +17824,7 @@ async function backupInvalidDocument(context, targetPath, content) {
17485
17824
  }
17486
17825
  }
17487
17826
  function isAlreadyExists(error3) {
17488
- return Boolean(error3 && typeof error3 === "object" && "code" in error3 && error3.code === "EEXIST");
17827
+ return hasOwnErrorCode5(error3, "EEXIST");
17489
17828
  }
17490
17829
  async function assertRegularWriteTarget(context, targetPath) {
17491
17830
  const boundary = path17.dirname(path17.resolve(context.homeDir));
@@ -17509,28 +17848,34 @@ async function assertRegularWriteTarget(context, targetPath) {
17509
17848
  }
17510
17849
  async function writeAtomically2(context, targetPath, content) {
17511
17850
  await assertRegularWriteTarget(context, targetPath);
17512
- let attempt = 0;
17513
- while (true) {
17514
- const tempPath = `${targetPath}.mutation-tmp-${attempt}`;
17851
+ for (let attempt = 0; attempt < 10; attempt += 1) {
17852
+ const tempPath = `${targetPath}.mutation-tmp-${process.pid}-${randomUUID7()}`;
17853
+ let tempCreated = false;
17515
17854
  try {
17855
+ await assertRegularWriteTarget(context, tempPath);
17516
17856
  await context.fs.writeFile(tempPath, content, { encoding: "utf8", flag: "wx" });
17857
+ tempCreated = true;
17517
17858
  await context.fs.rename(tempPath, targetPath);
17859
+ tempCreated = false;
17518
17860
  return;
17519
17861
  } catch (error3) {
17520
- if (isAlreadyExists(error3)) {
17521
- attempt += 1;
17522
- continue;
17523
- }
17524
- try {
17525
- await context.fs.unlink(tempPath);
17526
- } catch (cleanupError) {
17527
- if (!isNotFound(cleanupError)) {
17528
- void cleanupError;
17862
+ const alreadyExists = isAlreadyExists(error3);
17863
+ if (tempCreated || !alreadyExists) {
17864
+ try {
17865
+ await context.fs.unlink(tempPath);
17866
+ } catch (cleanupError) {
17867
+ if (!isNotFound(cleanupError)) {
17868
+ void cleanupError;
17869
+ }
17529
17870
  }
17530
17871
  }
17872
+ if (alreadyExists) {
17873
+ continue;
17874
+ }
17531
17875
  throw error3;
17532
17876
  }
17533
17877
  }
17878
+ throw new Error(`Unable to create temporary mutation file for ${targetPath}.`);
17534
17879
  }
17535
17880
  function describeMutation(kind, targetPath) {
17536
17881
  const displayPath = targetPath ?? "target";
@@ -17822,6 +18167,7 @@ async function applyBackup(mutation, context, options) {
17822
18167
  break;
17823
18168
  } catch (error3) {
17824
18169
  if (!isAlreadyExists(error3)) {
18170
+ await context.fs.unlink(backupPath).catch(() => void 0);
17825
18171
  throw error3;
17826
18172
  }
17827
18173
  attempt += 1;
@@ -18205,6 +18551,11 @@ async function executeMutation(mutation, context, options) {
18205
18551
  }
18206
18552
  }
18207
18553
 
18554
+ // ../agent-skill-config/src/error-codes.ts
18555
+ function hasOwnErrorCode6(error3, code) {
18556
+ return error3 instanceof Error && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === code;
18557
+ }
18558
+
18208
18559
  // ../agent-skill-config/src/templates.ts
18209
18560
  import { readFile as readFile5, stat } from "node:fs/promises";
18210
18561
  import path18 from "node:path";
@@ -18229,7 +18580,7 @@ async function pathExists2(fs4, targetPath) {
18229
18580
  await fs4.stat(targetPath);
18230
18581
  return true;
18231
18582
  } catch (error3) {
18232
- if (error3 && typeof error3 === "object" && "code" in error3 && error3.code === "ENOENT") {
18583
+ if (hasOwnErrorCode6(error3, "ENOENT")) {
18233
18584
  return false;
18234
18585
  }
18235
18586
  throw error3;
@@ -18288,12 +18639,13 @@ import path19 from "node:path";
18288
18639
 
18289
18640
  // ../agent-skill-config/src/git-exclude.ts
18290
18641
  import { execFileSync } from "node:child_process";
18642
+ import { randomUUID as randomUUID8 } from "node:crypto";
18291
18643
  import * as fs2 from "node:fs";
18292
18644
  import path20 from "node:path";
18293
18645
 
18294
18646
  // ../agent-skill-config/src/bridge-active-skills.ts
18295
18647
  import * as fs3 from "node:fs";
18296
- import { createHash as createHash4, randomUUID as randomUUID5 } from "node:crypto";
18648
+ import { createHash as createHash4, randomUUID as randomUUID9 } from "node:crypto";
18297
18649
  import path21 from "node:path";
18298
18650
 
18299
18651
  // src/commands/installer.ts
@@ -18306,7 +18658,7 @@ var DEFAULT_INSTALL_SCOPE = "local";
18306
18658
  var TERMINAL_PILOT_SKILL_NAME = "terminal-pilot";
18307
18659
  var installableAgents = supportedAgents;
18308
18660
  function isNotFoundError2(error3) {
18309
- return typeof error3 === "object" && error3 !== null && "code" in error3 && error3.code === "ENOENT";
18661
+ return hasOwnErrorCode4(error3, "ENOENT");
18310
18662
  }
18311
18663
  function resolveInstallerServices(installer) {
18312
18664
  return {
@@ -18537,7 +18889,7 @@ var resize = defineCommand({
18537
18889
  });
18538
18890
 
18539
18891
  // ../terminal-png/src/index.ts
18540
- import { randomUUID as randomUUID6 } from "node:crypto";
18892
+ import { randomUUID as randomUUID10 } from "node:crypto";
18541
18893
  import { rename as rename4, rm, writeFile as writeFile6 } from "node:fs/promises";
18542
18894
 
18543
18895
  // ../terminal-png/src/ansi-parser.ts
@@ -18924,6 +19276,11 @@ function parseAnsi2(input) {
18924
19276
  return buildRuns(lines, lineBreakStyles);
18925
19277
  }
18926
19278
 
19279
+ // ../terminal-png/src/error-codes.ts
19280
+ function hasOwnErrorCode7(error3, code) {
19281
+ return typeof error3 === "object" && error3 !== null && Object.prototype.hasOwnProperty.call(error3, "code") && error3.code === code;
19282
+ }
19283
+
18927
19284
  // ../terminal-png/src/png-renderer.ts
18928
19285
  import { Resvg } from "@resvg/resvg-js";
18929
19286
 
@@ -19477,21 +19834,28 @@ async function renderTerminalPng(ansiText, options = {}) {
19477
19834
  });
19478
19835
  const png = renderPng(svg);
19479
19836
  if (options.output) {
19480
- const temporaryPath = `${options.output}.${randomUUID6()}.tmp`;
19837
+ const temporaryPath = `${options.output}.${randomUUID10()}.tmp`;
19838
+ let temporaryCreated = false;
19481
19839
  try {
19482
19840
  await writeFile6(temporaryPath, png, { flag: "wx" });
19841
+ temporaryCreated = true;
19483
19842
  await rename4(temporaryPath, options.output);
19484
19843
  } catch (error3) {
19485
- try {
19486
- await rm(temporaryPath, { force: true });
19487
- } catch (cleanupError) {
19488
- void cleanupError;
19844
+ if (temporaryCreated || !isAlreadyExistsError3(error3)) {
19845
+ try {
19846
+ await rm(temporaryPath, { force: true });
19847
+ } catch (cleanupError) {
19848
+ void cleanupError;
19849
+ }
19489
19850
  }
19490
19851
  throw error3;
19491
19852
  }
19492
19853
  }
19493
19854
  return png;
19494
19855
  }
19856
+ function isAlreadyExistsError3(error3) {
19857
+ return error3 instanceof Error && hasOwnErrorCode7(error3, "EEXIST");
19858
+ }
19495
19859
 
19496
19860
  // src/commands/screenshot.ts
19497
19861
  var params11 = S.Object({
@@ -19554,7 +19918,7 @@ var type = defineCommand({
19554
19918
  });
19555
19919
 
19556
19920
  // src/commands/uninstall.ts
19557
- import { randomUUID as randomUUID7 } from "node:crypto";
19921
+ import { randomUUID as randomUUID11 } from "node:crypto";
19558
19922
  var params14 = S.Object({
19559
19923
  agent: S.Enum(installableAgents, {
19560
19924
  description: "Agent to uninstall terminal-pilot from",
@@ -19590,7 +19954,7 @@ var uninstall = defineCommand({
19590
19954
  if (!await folderExists(services.fs, skill.fullPath)) {
19591
19955
  continue;
19592
19956
  }
19593
- const stagingPath = `${skill.fullPath}.removing-${randomUUID7()}`;
19957
+ const stagingPath = `${skill.fullPath}.removing-${randomUUID11()}`;
19594
19958
  await services.fs.rename(skill.fullPath, stagingPath);
19595
19959
  staged.push({ ...skill, stagingPath });
19596
19960
  }
@@ -19616,7 +19980,7 @@ async function folderExists(fs4, folderPath) {
19616
19980
  await fs4.stat(folderPath);
19617
19981
  return true;
19618
19982
  } catch (error3) {
19619
- if (typeof error3 === "object" && error3 !== null && "code" in error3 && error3.code === "ENOENT") {
19983
+ if (hasOwnErrorCode4(error3, "ENOENT")) {
19620
19984
  return false;
19621
19985
  }
19622
19986
  throw error3;
@@ -19670,8 +20034,6 @@ var waitForExit2 = defineCommand({
19670
20034
 
19671
20035
  // src/commands/index.ts
19672
20036
  var children = [
19673
- install,
19674
- uninstall,
19675
20037
  createSession,
19676
20038
  fill,
19677
20039
  type,
@@ -19685,7 +20047,9 @@ var children = [
19685
20047
  resize,
19686
20048
  closeSession,
19687
20049
  getSession,
19688
- listSessions
20050
+ listSessions,
20051
+ install,
20052
+ uninstall
19689
20053
  ];
19690
20054
  function createTerminalPilotGroup() {
19691
20055
  return defineGroup({
@@ -19708,7 +20072,7 @@ async function main(argv = process.argv) {
19708
20072
  const originalArgv = process.argv;
19709
20073
  process.argv = normalizeArgv(argv);
19710
20074
  try {
19711
- await runCLI(createTerminalPilotGroup());
20075
+ await runCLI(createTerminalPilotGroup(), { approvals: false });
19712
20076
  } finally {
19713
20077
  process.argv = originalArgv;
19714
20078
  }