zidane 5.12.2 → 5.12.4

package/dist/mcp.d.ts

@@ -1,2 +1,2 @@
-import { _ as normalizeMcpServers, f as ConnectMcpServersOptions, g as normalizeMcpBlocks, h as connectMcpServers, ln as McpToolSchema, m as attachStderrWarnPump, p as McpConnection, sn as McpServerConfig, v as resultToString } from "./agent-Dt3mALPV.js";
+import { _ as normalizeMcpServers, dn as McpToolSchema, f as ConnectMcpServersOptions, g as normalizeMcpBlocks, h as connectMcpServers, ln as McpServerConfig, m as attachStderrWarnPump, p as McpConnection, v as resultToString } from "./agent-CVTAoYS0.js";
 export { ConnectMcpServersOptions, McpConnection, type McpServerConfig, type McpToolSchema, attachStderrWarnPump, connectMcpServers, normalizeMcpBlocks, normalizeMcpServers, resultToString };

package/dist/mcp.js

@@ -1,2 +1,2 @@
-import { a as resultToString, i as normalizeMcpServers, n as connectMcpServers, r as normalizeMcpBlocks, t as attachStderrWarnPump } from "./mcp-DeJ9280K.js";
+import { a as resultToString, i as normalizeMcpServers, n as connectMcpServers, r as normalizeMcpBlocks, t as attachStderrWarnPump } from "./mcp-Bnnrt_Ps.js";
 export { attachStderrWarnPump, connectMcpServers, normalizeMcpBlocks, normalizeMcpServers, resultToString };

package/dist/output/stream-json.d.ts

@@ -1,5 +1,5 @@
-import { t as Agent } from "../agent-Dt3mALPV.js";
-import { An as HeadlessOutputFormat, En as FormattedHeadlessTurnEvent, On as HeadlessEvent, Tn as FormattedHeadlessResult, jn as HeadlessResult } from "../index-BDRh3kup.js";
+import { t as Agent } from "../agent-CVTAoYS0.js";
+import { An as HeadlessOutputFormat, En as FormattedHeadlessTurnEvent, On as HeadlessEvent, Tn as FormattedHeadlessResult, jn as HeadlessResult } from "../index-Gin_mFQJ.js";
 
 //#region src/output/stream-json.d.ts
 type StreamJsonOutputFormat = HeadlessOutputFormat;

package/dist/output/stream-json.js

@@ -1,4 +1,4 @@
-import { i as formattedHeadlessTurnEventToJsonl, n as formatHeadlessResult, o as installHeadlessEventAdapter, r as formatHeadlessTurnEvent } from "../headless-BBwdL006.js";
+import { i as formattedHeadlessTurnEventToJsonl, n as formatHeadlessResult, o as installHeadlessEventAdapter, r as formatHeadlessTurnEvent } from "../headless-DM5JeUiE.js";
 //#region src/output/stream-json.ts
 function resolveFormatOptions(options) {
 	return {

package/dist/output/terminal.d.ts

@@ -1,5 +1,5 @@
-import { r as AgentHooks, t as Agent } from "../agent-Dt3mALPV.js";
-import { t as Preset } from "../index-BDRh3kup.js";
+import { r as AgentHooks, t as Agent } from "../agent-CVTAoYS0.js";
+import { t as Preset } from "../index-Gin_mFQJ.js";
 
 //#region src/output/terminal.d.ts
 interface TerminalOutputOptions {

package/dist/{presets-sIs25Per.js → presets-BorC0fVx.js}

@@ -1,4 +1,4 @@
-import { a as multiEdit, i as readFile, n as createSpawnTool, o as listFiles, p as waitTask, r as shellKill, t as writeFile, u as edit, y as shell } from "./tools-Dfvr9bBs.js";
+import { a as multiEdit, i as readFile, n as createSpawnTool, o as listFiles, p as waitTask, r as shellKill, t as writeFile, u as edit, y as shell } from "./tools-BlMV33N1.js";
 //#region src/presets/basic.ts
 /**
 * Core tools available in every basic preset (without spawn).
@@ -110,4 +110,4 @@ function composePresets(...presets) {
 //#endregion
 export { basic_default as i, definePreset as n, basicTools as r, composePresets as t };
 
-//# sourceMappingURL=presets-sIs25Per.js.map
+//# sourceMappingURL=presets-BorC0fVx.js.map

package/dist/{presets-sIs25Per.js.map → presets-BorC0fVx.js.map}

@@ -1 +1 @@
-{"version":3,"file":"presets-sIs25Per.js","names":[],"sources":["../src/presets/basic.ts","../src/presets/index.ts"],"sourcesContent":["import { definePreset } from '.'\nimport { edit, listFiles, multiEdit, readFile, shell, shellKill, waitTask, writeFile } from '../tools'\nimport { createSpawnTool } from '../tools/spawn'\n\n/**\n * Core tools available in every basic preset (without spawn).\n *\n * `edit` and `multi_edit` ship in the basic set because surgical edits are the\n * default modality for production agents — `write_file` is for full overwrites.\n * `glob` and `grep` are exported but opt-in: not every agent needs codebase\n * search, and shipping them by default would force `tool:gate` work onto\n * consumers that prefer the model to use `shell` + classic Unix tools.\n */\nexport const basicTools = { shell, shellKill, waitTask, readFile, writeFile, listFiles, edit, multiEdit }\n\nexport default definePreset({\n  name: 'basic',\n  system: 'You are a helpful assistant with access to shell, file reading, file writing, surgical and multi-edit tools, directory listing, and sub-agent spawning. Prefer `edit` / `multi_edit` for in-place changes and `write_file` for full file overwrites. Use them to accomplish tasks in the project directory.',\n  // `tools` is a getter so each access (every `{ ...basic }` spread into\n  // `createAgent`) mints a FRESH spawn tool. `createSpawnTool()` carries\n  // per-instance state (running children, concurrency counter, child-stats\n  // accumulator); a module-level singleton instance would be shared by every\n  // agent in the process, breaking concurrent rollouts.\n  //\n  // `persist: true` shares the parent's session with every child agent — child\n  // turns land in `session.turns` tagged with their own `runId`, and the run\n  // itself is recorded in `session.runs` with `parentRunId` + `depth`. That's\n  // what lets a reloaded TUI session reconstruct the full subagent tree (see\n  // `eventsFromTurns` in `tui/store.ts`). Hosts that want children in-memory\n  // only can construct their own preset with `createSpawnTool()`.\n  get tools() {\n    return { ...basicTools, spawn: createSpawnTool({ persist: true }) }\n  },\n})\n","import type { AgentHooks, AgentOptions } from '../agent'\n\nexport type { AgentHookMap } from '../agent'\n\n/**\n * A preset is a reusable slice of `AgentOptions` — spread it into `createAgent()`\n * to configure tools, a default system prompt, aliases, behavior defaults, and\n * agent-lifetime hooks.\n *\n * `provider`, `execution`, `session`, and internal fields are excluded so presets\n * remain shareable and composable.\n *\n * ```ts\n * import { basic } from 'zidane/presets'\n * createAgent({ ...basic, provider })\n * ```\n *\n * ### Composing multiple presets\n *\n * Bare `...spread` is shallow — `{ ...a, ...b }` overwrites every key `b`\n * defines, including `hooks`. Use {@link composePresets} when you want\n * field-aware merging (per-event hook concat, tools shallow-merge, etc.):\n *\n * ```ts\n * createAgent({ ...composePresets(basic, telemetry, mine), provider })\n * ```\n */\nexport type Preset = Omit<Partial<AgentOptions>, 'provider' | 'execution' | 'session' | 'mcpConnector'>\n\n/**\n * Identity helper for type inference when defining a preset.\n */\nexport function definePreset(config: Preset): Preset {\n  return config\n}\n\n/**\n * Field-aware composition of presets. Right-most preset wins for scalar fields;\n * objects shallow-merge; arrays and hook handler lists concatenate. Designed so\n * stacking presets does the obvious thing without the spread-collision footgun:\n *\n * - `name`, `system`, `eager`, `skills`              → last-defined wins\n * - `tools`, `toolAliases`, `behavior`               → shallow-merge (later keys override)\n * - `behavior.dedupTools`, `behavior.toolBudgets`    → **deep-merge** (per-tool-name; later wins on collision)\n * - `mcpServers`                                     → concat with last-wins on `name` collision\n * - `hooks`                                          → per-event concat; every handler fires\n *\n * `hooks` always emerges as `event → handler[]` so downstream registration\n * (in `createAgent`) sees a uniform shape. Order of handlers within an event\n * follows preset order: earlier presets register first.\n *\n * `mcpServers` is deduped by `name` because shipping two servers with the same\n * name would trip the connector at runtime — a later preset overriding an\n * earlier preset's `github` server is the practical intent.\n *\n * `behavior.dedupTools` and `behavior.toolBudgets` get the same per-key deep-merge\n * because they are tool-name-keyed records — a preset that ships a dedup hasher\n * for one tool should not erase a hasher another preset ships for a different\n * tool. Last-wins still applies on a per-tool collision so a downstream preset\n * can override an upstream preset's policy for one specific tool. Other\n * `behavior` fields keep last-wins semantics.\n */\nexport function composePresets(...presets: Preset[]): Preset {\n  const out: Preset = {}\n  const hooksByEvent: { [K in keyof AgentHooks]?: AgentHooks[K][] } = {}\n  // Keep mcpServers in source-order on first sight, but allow later\n  // declarations to override earlier ones with the same `name`. A `Map`\n  // keyed by name gives O(1) override + stable iteration.\n  const mcpByName = new Map<string, NonNullable<Preset['mcpServers']>[number]>()\n\n  for (const p of presets) {\n    if (p.name !== undefined)\n      out.name = p.name\n    if (p.system !== undefined)\n      out.system = p.system\n    if (p.eager !== undefined)\n      out.eager = p.eager\n    if (p.skills !== undefined)\n      out.skills = p.skills\n    if (p.tools)\n      out.tools = { ...out.tools, ...p.tools }\n    if (p.toolAliases)\n      out.toolAliases = { ...out.toolAliases, ...p.toolAliases }\n    if (p.behavior) {\n      // Top-level shallow-merge first; then deep-merge the two tool-name-keyed\n      // sub-records so per-tool entries from earlier presets aren't clobbered.\n      const merged: NonNullable<Preset['behavior']> = { ...out.behavior, ...p.behavior }\n      if (out.behavior?.dedupTools || p.behavior.dedupTools) {\n        merged.dedupTools = { ...out.behavior?.dedupTools, ...p.behavior.dedupTools }\n      }\n      if (out.behavior?.toolBudgets || p.behavior.toolBudgets) {\n        merged.toolBudgets = { ...out.behavior?.toolBudgets, ...p.behavior.toolBudgets }\n      }\n      out.behavior = merged\n    }\n    if (p.mcpServers) {\n      for (const server of p.mcpServers)\n        mcpByName.set(server.name, server)\n    }\n    if (p.hooks) {\n      for (const [event, handler] of Object.entries(p.hooks)) {\n        if (handler === undefined)\n          continue\n        const list = Array.isArray(handler) ? handler : [handler]\n        const key = event as keyof AgentHooks\n        // Safe cast: we read the loose `AgentHookMap` shape (handler-or-array)\n        // and re-emit only as arrays. Each `list` element matches the event's\n        // handler signature by construction (the input was typed `AgentHookMap`).\n        const bucket = (hooksByEvent[key] ??= []) as unknown[]\n        bucket.push(...(list as unknown[]))\n      }\n    }\n  }\n\n  if (mcpByName.size > 0)\n    out.mcpServers = [...mcpByName.values()]\n\n  if (Object.keys(hooksByEvent).length > 0)\n    out.hooks = hooksByEvent\n\n  return out\n}\n\nexport { default as basic, basicTools } from './basic'\n"],"mappings":";;;;;;;;;;;AAaA,MAAa,aAAa;CAAE;CAAO;CAAW;CAAU;CAAU;CAAW;CAAW;CAAM;AAAU;AAExG,IAAA,gBAAe,aAAa;CAC1B,MAAM;CACN,QAAQ;CAaR,IAAI,QAAQ;EACV,OAAO;GAAE,GAAG;GAAY,OAAO,gBAAgB,EAAE,SAAS,KAAK,CAAC;EAAE;CACpE;AACF,CAAC;;;;;;ACDD,SAAgB,aAAa,QAAwB;CACnD,OAAO;AACT;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4BA,SAAgB,eAAe,GAAG,SAA2B;CAC3D,MAAM,MAAc,CAAC;CACrB,MAAM,eAA8D,CAAC;CAIrE,MAAM,4BAAY,IAAI,IAAuD;CAE7E,KAAK,MAAM,KAAK,SAAS;EACvB,IAAI,EAAE,SAAS,KAAA,GACb,IAAI,OAAO,EAAE;EACf,IAAI,EAAE,WAAW,KAAA,GACf,IAAI,SAAS,EAAE;EACjB,IAAI,EAAE,UAAU,KAAA,GACd,IAAI,QAAQ,EAAE;EAChB,IAAI,EAAE,WAAW,KAAA,GACf,IAAI,SAAS,EAAE;EACjB,IAAI,EAAE,OACJ,IAAI,QAAQ;GAAE,GAAG,IAAI;GAAO,GAAG,EAAE;EAAM;EACzC,IAAI,EAAE,aACJ,IAAI,cAAc;GAAE,GAAG,IAAI;GAAa,GAAG,EAAE;EAAY;EAC3D,IAAI,EAAE,UAAU;GAGd,MAAM,SAA0C;IAAE,GAAG,IAAI;IAAU,GAAG,EAAE;GAAS;GACjF,IAAI,IAAI,UAAU,cAAc,EAAE,SAAS,YACzC,OAAO,aAAa;IAAE,GAAG,IAAI,UAAU;IAAY,GAAG,EAAE,SAAS;GAAW;GAE9E,IAAI,IAAI,UAAU,eAAe,EAAE,SAAS,aAC1C,OAAO,cAAc;IAAE,GAAG,IAAI,UAAU;IAAa,GAAG,EAAE,SAAS;GAAY;GAEjF,IAAI,WAAW;EACjB;EACA,IAAI,EAAE,YACJ,KAAK,MAAM,UAAU,EAAE,YACrB,UAAU,IAAI,OAAO,MAAM,MAAM;EAErC,IAAI,EAAE,OACJ,KAAK,MAAM,CAAC,OAAO,YAAY,OAAO,QAAQ,EAAE,KAAK,GAAG;GACtD,IAAI,YAAY,KAAA,GACd;GACF,MAAM,OAAO,MAAM,QAAQ,OAAO,IAAI,UAAU,CAAC,OAAO;GACxD,MAAM,MAAM;GAKZ,CADgB,aAAa,SAAS,CAAC,GAChC,KAAK,GAAI,IAAkB;EACpC;CAEJ;CAEA,IAAI,UAAU,OAAO,GACnB,IAAI,aAAa,CAAC,GAAG,UAAU,OAAO,CAAC;CAEzC,IAAI,OAAO,KAAK,YAAY,EAAE,SAAS,GACrC,IAAI,QAAQ;CAEd,OAAO;AACT"}
+{"version":3,"file":"presets-BorC0fVx.js","names":[],"sources":["../src/presets/basic.ts","../src/presets/index.ts"],"sourcesContent":["import { definePreset } from '.'\nimport { edit, listFiles, multiEdit, readFile, shell, shellKill, waitTask, writeFile } from '../tools'\nimport { createSpawnTool } from '../tools/spawn'\n\n/**\n * Core tools available in every basic preset (without spawn).\n *\n * `edit` and `multi_edit` ship in the basic set because surgical edits are the\n * default modality for production agents — `write_file` is for full overwrites.\n * `glob` and `grep` are exported but opt-in: not every agent needs codebase\n * search, and shipping them by default would force `tool:gate` work onto\n * consumers that prefer the model to use `shell` + classic Unix tools.\n */\nexport const basicTools = { shell, shellKill, waitTask, readFile, writeFile, listFiles, edit, multiEdit }\n\nexport default definePreset({\n  name: 'basic',\n  system: 'You are a helpful assistant with access to shell, file reading, file writing, surgical and multi-edit tools, directory listing, and sub-agent spawning. Prefer `edit` / `multi_edit` for in-place changes and `write_file` for full file overwrites. Use them to accomplish tasks in the project directory.',\n  // `tools` is a getter so each access (every `{ ...basic }` spread into\n  // `createAgent`) mints a FRESH spawn tool. `createSpawnTool()` carries\n  // per-instance state (running children, concurrency counter, child-stats\n  // accumulator); a module-level singleton instance would be shared by every\n  // agent in the process, breaking concurrent rollouts.\n  //\n  // `persist: true` shares the parent's session with every child agent — child\n  // turns land in `session.turns` tagged with their own `runId`, and the run\n  // itself is recorded in `session.runs` with `parentRunId` + `depth`. That's\n  // what lets a reloaded TUI session reconstruct the full subagent tree (see\n  // `eventsFromTurns` in `tui/store.ts`). Hosts that want children in-memory\n  // only can construct their own preset with `createSpawnTool()`.\n  get tools() {\n    return { ...basicTools, spawn: createSpawnTool({ persist: true }) }\n  },\n})\n","import type { AgentHooks, AgentOptions } from '../agent'\n\nexport type { AgentHookMap } from '../agent'\n\n/**\n * A preset is a reusable slice of `AgentOptions` — spread it into `createAgent()`\n * to configure tools, a default system prompt, aliases, behavior defaults, and\n * agent-lifetime hooks.\n *\n * `provider`, `execution`, `session`, and internal fields are excluded so presets\n * remain shareable and composable.\n *\n * ```ts\n * import { basic } from 'zidane/presets'\n * createAgent({ ...basic, provider })\n * ```\n *\n * ### Composing multiple presets\n *\n * Bare `...spread` is shallow — `{ ...a, ...b }` overwrites every key `b`\n * defines, including `hooks`. Use {@link composePresets} when you want\n * field-aware merging (per-event hook concat, tools shallow-merge, etc.):\n *\n * ```ts\n * createAgent({ ...composePresets(basic, telemetry, mine), provider })\n * ```\n */\nexport type Preset = Omit<Partial<AgentOptions>, 'provider' | 'execution' | 'session' | 'mcpConnector'>\n\n/**\n * Identity helper for type inference when defining a preset.\n */\nexport function definePreset(config: Preset): Preset {\n  return config\n}\n\n/**\n * Field-aware composition of presets. Right-most preset wins for scalar fields;\n * objects shallow-merge; arrays and hook handler lists concatenate. Designed so\n * stacking presets does the obvious thing without the spread-collision footgun:\n *\n * - `name`, `system`, `eager`, `skills`              → last-defined wins\n * - `tools`, `toolAliases`, `behavior`               → shallow-merge (later keys override)\n * - `behavior.dedupTools`, `behavior.toolBudgets`    → **deep-merge** (per-tool-name; later wins on collision)\n * - `mcpServers`                                     → concat with last-wins on `name` collision\n * - `hooks`                                          → per-event concat; every handler fires\n *\n * `hooks` always emerges as `event → handler[]` so downstream registration\n * (in `createAgent`) sees a uniform shape. Order of handlers within an event\n * follows preset order: earlier presets register first.\n *\n * `mcpServers` is deduped by `name` because shipping two servers with the same\n * name would trip the connector at runtime — a later preset overriding an\n * earlier preset's `github` server is the practical intent.\n *\n * `behavior.dedupTools` and `behavior.toolBudgets` get the same per-key deep-merge\n * because they are tool-name-keyed records — a preset that ships a dedup hasher\n * for one tool should not erase a hasher another preset ships for a different\n * tool. Last-wins still applies on a per-tool collision so a downstream preset\n * can override an upstream preset's policy for one specific tool. Other\n * `behavior` fields keep last-wins semantics.\n */\nexport function composePresets(...presets: Preset[]): Preset {\n  const out: Preset = {}\n  const hooksByEvent: { [K in keyof AgentHooks]?: AgentHooks[K][] } = {}\n  // Keep mcpServers in source-order on first sight, but allow later\n  // declarations to override earlier ones with the same `name`. A `Map`\n  // keyed by name gives O(1) override + stable iteration.\n  const mcpByName = new Map<string, NonNullable<Preset['mcpServers']>[number]>()\n\n  for (const p of presets) {\n    if (p.name !== undefined)\n      out.name = p.name\n    if (p.system !== undefined)\n      out.system = p.system\n    if (p.eager !== undefined)\n      out.eager = p.eager\n    if (p.skills !== undefined)\n      out.skills = p.skills\n    if (p.tools)\n      out.tools = { ...out.tools, ...p.tools }\n    if (p.toolAliases)\n      out.toolAliases = { ...out.toolAliases, ...p.toolAliases }\n    if (p.behavior) {\n      // Top-level shallow-merge first; then deep-merge the two tool-name-keyed\n      // sub-records so per-tool entries from earlier presets aren't clobbered.\n      const merged: NonNullable<Preset['behavior']> = { ...out.behavior, ...p.behavior }\n      if (out.behavior?.dedupTools || p.behavior.dedupTools) {\n        merged.dedupTools = { ...out.behavior?.dedupTools, ...p.behavior.dedupTools }\n      }\n      if (out.behavior?.toolBudgets || p.behavior.toolBudgets) {\n        merged.toolBudgets = { ...out.behavior?.toolBudgets, ...p.behavior.toolBudgets }\n      }\n      out.behavior = merged\n    }\n    if (p.mcpServers) {\n      for (const server of p.mcpServers)\n        mcpByName.set(server.name, server)\n    }\n    if (p.hooks) {\n      for (const [event, handler] of Object.entries(p.hooks)) {\n        if (handler === undefined)\n          continue\n        const list = Array.isArray(handler) ? handler : [handler]\n        const key = event as keyof AgentHooks\n        // Safe cast: we read the loose `AgentHookMap` shape (handler-or-array)\n        // and re-emit only as arrays. Each `list` element matches the event's\n        // handler signature by construction (the input was typed `AgentHookMap`).\n        const bucket = (hooksByEvent[key] ??= []) as unknown[]\n        bucket.push(...(list as unknown[]))\n      }\n    }\n  }\n\n  if (mcpByName.size > 0)\n    out.mcpServers = [...mcpByName.values()]\n\n  if (Object.keys(hooksByEvent).length > 0)\n    out.hooks = hooksByEvent\n\n  return out\n}\n\nexport { default as basic, basicTools } from './basic'\n"],"mappings":";;;;;;;;;;;AAaA,MAAa,aAAa;CAAE;CAAO;CAAW;CAAU;CAAU;CAAW;CAAW;CAAM;AAAU;AAExG,IAAA,gBAAe,aAAa;CAC1B,MAAM;CACN,QAAQ;CAaR,IAAI,QAAQ;EACV,OAAO;GAAE,GAAG;GAAY,OAAO,gBAAgB,EAAE,SAAS,KAAK,CAAC;EAAE;CACpE;AACF,CAAC;;;;;;ACDD,SAAgB,aAAa,QAAwB;CACnD,OAAO;AACT;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4BA,SAAgB,eAAe,GAAG,SAA2B;CAC3D,MAAM,MAAc,CAAC;CACrB,MAAM,eAA8D,CAAC;CAIrE,MAAM,4BAAY,IAAI,IAAuD;CAE7E,KAAK,MAAM,KAAK,SAAS;EACvB,IAAI,EAAE,SAAS,KAAA,GACb,IAAI,OAAO,EAAE;EACf,IAAI,EAAE,WAAW,KAAA,GACf,IAAI,SAAS,EAAE;EACjB,IAAI,EAAE,UAAU,KAAA,GACd,IAAI,QAAQ,EAAE;EAChB,IAAI,EAAE,WAAW,KAAA,GACf,IAAI,SAAS,EAAE;EACjB,IAAI,EAAE,OACJ,IAAI,QAAQ;GAAE,GAAG,IAAI;GAAO,GAAG,EAAE;EAAM;EACzC,IAAI,EAAE,aACJ,IAAI,cAAc;GAAE,GAAG,IAAI;GAAa,GAAG,EAAE;EAAY;EAC3D,IAAI,EAAE,UAAU;GAGd,MAAM,SAA0C;IAAE,GAAG,IAAI;IAAU,GAAG,EAAE;GAAS;GACjF,IAAI,IAAI,UAAU,cAAc,EAAE,SAAS,YACzC,OAAO,aAAa;IAAE,GAAG,IAAI,UAAU;IAAY,GAAG,EAAE,SAAS;GAAW;GAE9E,IAAI,IAAI,UAAU,eAAe,EAAE,SAAS,aAC1C,OAAO,cAAc;IAAE,GAAG,IAAI,UAAU;IAAa,GAAG,EAAE,SAAS;GAAY;GAEjF,IAAI,WAAW;EACjB;EACA,IAAI,EAAE,YACJ,KAAK,MAAM,UAAU,EAAE,YACrB,UAAU,IAAI,OAAO,MAAM,MAAM;EAErC,IAAI,EAAE,OACJ,KAAK,MAAM,CAAC,OAAO,YAAY,OAAO,QAAQ,EAAE,KAAK,GAAG;GACtD,IAAI,YAAY,KAAA,GACd;GACF,MAAM,OAAO,MAAM,QAAQ,OAAO,IAAI,UAAU,CAAC,OAAO;GACxD,MAAM,MAAM;GAKZ,CADgB,aAAa,SAAS,CAAC,GAChC,KAAK,GAAI,IAAkB;EACpC;CAEJ;CAEA,IAAI,UAAU,OAAO,GACnB,IAAI,aAAa,CAAC,GAAG,UAAU,OAAO,CAAC;CAEzC,IAAI,OAAO,KAAK,YAAY,EAAE,SAAS,GACrC,IAAI,QAAQ;CAEd,OAAO;AACT"}

package/dist/presets.d.ts

@@ -1,3 +1,3 @@
-import { n as AgentHookMap } from "./agent-Dt3mALPV.js";
-import { a as basicTools, i as _default, n as composePresets, r as definePreset, t as Preset } from "./index-BDRh3kup.js";
+import { n as AgentHookMap } from "./agent-CVTAoYS0.js";
+import { a as basicTools, i as _default, n as composePresets, r as definePreset, t as Preset } from "./index-Gin_mFQJ.js";
 export { type AgentHookMap, Preset, _default as basic, basicTools, composePresets, definePreset };

package/dist/presets.js

@@ -1,2 +1,2 @@
-import { i as basic_default, n as definePreset, r as basicTools, t as composePresets } from "./presets-sIs25Per.js";
+import { i as basic_default, n as definePreset, r as basicTools, t as composePresets } from "./presets-BorC0fVx.js";
 export { basic_default as basic, basicTools, composePresets, definePreset };

package/dist/{providers-psx2_0LB.js → providers-C_zClj1S.js}

@@ -9,6 +9,7 @@ import { homedir } from "node:os";
 import { getOAuthApiKey } from "@earendil-works/pi-ai/oauth";
 import { mkdir, open, rename, rm } from "node:fs/promises";
 import { streamOpenAICodexResponses } from "@earendil-works/pi-ai/openai-codex-responses";
+import { createServer } from "node:http";
 //#region src/chat/anthropic-models.ts
 /**
 * Anthropic "fast mode" — `speed: "fast"` on the Messages API. ~2.5× output
@@ -1426,10 +1427,10 @@ function createCursorOAuthProvider() {
 }
 //#endregion
 //#region src/providers/cursor.ts
-const DEFAULT_MODEL$1 = "claude-4.6-sonnet";
+const DEFAULT_MODEL$2 = "claude-4.6-sonnet";
 const NOT_IMPLEMENTED_MESSAGE = "Cursor OAuth login works, but inference over Cursor is not implemented yet. Cursor uses a protobuf/HTTP-2 agent protocol (not an OpenAI-compatible API), so the streaming transport still needs to be ported. Use another provider for now.";
 function cursor(params) {
-	const defaultModel = params?.defaultModel || DEFAULT_MODEL$1;
+	const defaultModel = params?.defaultModel || DEFAULT_MODEL$2;
 	const base = openaiCompat({
 		name: "cursor",
 		apiKey: params?.apiKey ?? "oauth",
@@ -1502,13 +1503,13 @@ function local(params) {
 //#endregion
 //#region src/providers/openai.ts
 const PROVIDER_ID = "openai-codex";
-const DEFAULT_MODEL = "gpt-5.5";
+const DEFAULT_MODEL$1 = "gpt-5.5";
 const lookupModel = getModel;
 function resolveModel(modelId) {
 	const model = lookupModel(PROVIDER_ID, modelId);
 	if (model) return model;
-	const fallback = lookupModel(PROVIDER_ID, DEFAULT_MODEL);
-	if (!fallback) throw new Error(`OpenAI Codex model registry is missing the default model: ${DEFAULT_MODEL}`);
+	const fallback = lookupModel(PROVIDER_ID, DEFAULT_MODEL$1);
+	if (!fallback) throw new Error(`OpenAI Codex model registry is missing the default model: ${DEFAULT_MODEL$1}`);
 	return {
 		...fallback,
 		id: modelId,
@@ -1867,7 +1868,7 @@ function applyPayloadOverrides(payload, options) {
 	return body;
 }
 function openai(params) {
-	const defaultModel = params?.defaultModel || DEFAULT_MODEL;
+	const defaultModel = params?.defaultModel || DEFAULT_MODEL$1;
 	const baseCredentials = extractRuntimeCredentials(params);
 	let runtimeCredentials = baseCredentials ? {
 		...baseCredentials,
@@ -2025,6 +2026,335 @@ function openrouter(params) {
 	});
 }
 //#endregion
-export { createCursorOAuthProvider as a, baseten as c, anthropic as d, applyAnthropicCacheBreakpoints as f, FAST_MODE_OPTIONS as g, ANTHROPIC_EXTRA_MODELS as h, cursor as i, planBasetenReasoning as l, writeFileAtomicAsync as m, openai as n, generatePkce as o, writeFileAtomic as p, local as r, cerebras as s, openrouter as t, arcee as u };
+//#region src/chat/oauth-page/xai.ts
+/** pi-ai / zidane OAuth provider id. Also the credentials-file key. */
+const XAI_OAUTH_PROVIDER_ID = "xai-oauth";
+const DEFAULT_BASE_URL = "https://api.x.ai/v1";
+const DISCOVERY_URL = `https://auth.x.ai/.well-known/openid-configuration`;
+/** Public client id used by the Grok CLI OAuth surface. */
+const CLIENT_ID = process.env.PI_XAI_OAUTH_CLIENT_ID || "b1a00492-073a-47ea-816f-4c329264a828";
+const SCOPE = process.env.PI_XAI_OAUTH_SCOPE || "openid profile email offline_access grok-cli:access api:access";
+/** xAI matches the registered loopback IP exactly — `localhost` is rejected. */
+const CALLBACK_HOST = process.env.PI_XAI_OAUTH_CALLBACK_HOST || "127.0.0.1";
+const CALLBACK_PORT = Number.parseInt(process.env.PI_XAI_OAUTH_CALLBACK_PORT || "56121", 10);
+const CALLBACK_PATH = "/callback";
+const PROVIDER_NAME = "xAI Grok";
+/** Refresh slightly early so requests don't race expiry. */
+const REFRESH_SKEW_MS = 12e4;
+const CALLBACK_TIMEOUT_MS = 18e4;
+/** Resolve the xAI API base URL (env override → default). */
+function xaiBaseUrl() {
+	return (process.env.PI_XAI_BASE_URL || process.env.XAI_BASE_URL || DEFAULT_BASE_URL).replace(/\/+$/, "");
+}
+function base64Url(bytes) {
+	let binary = "";
+	for (const b of bytes) binary += String.fromCharCode(b);
+	return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function randomToken(byteLength = 16) {
+	return base64Url(crypto.getRandomValues(new Uint8Array(byteLength)));
+}
+/**
+* Refuse any OIDC endpoint that isn't HTTPS on an xAI origin.
+*
+* The discovery doc is cached long-term in `credentials.json`. A single MITM
+* during initial login could otherwise pin a malicious `token_endpoint` that
+* receives every subsequent refresh token. Validating scheme + host keeps the
+* endpoint on `x.ai` / `*.x.ai`.
+*/
+function validateEndpoint(value, field) {
+	let url;
+	try {
+		url = new URL(value);
+	} catch {
+		throw new Error(`xAI OAuth discovery returned an invalid ${field}: ${value}`);
+	}
+	if (url.protocol !== "https:") throw new Error(`xAI OAuth ${field} must use HTTPS: ${value}`);
+	const host = url.hostname.toLowerCase();
+	if (host !== "x.ai" && !host.endsWith(".x.ai")) throw new Error(`Refusing non-xAI OAuth ${field}: ${value}`);
+	return url.toString();
+}
+async function discover() {
+	let response;
+	try {
+		response = await fetch(DISCOVERY_URL, {
+			headers: { Accept: "application/json" },
+			signal: AbortSignal.timeout(15e3)
+		});
+	} catch (cause) {
+		throw new Error(`xAI OIDC discovery failed: ${cause instanceof Error ? cause.message : String(cause)}`);
+	}
+	if (!response.ok) throw new Error(`xAI OIDC discovery returned ${response.status}`);
+	const payload = await response.json();
+	return {
+		authorization_endpoint: validateEndpoint(String(payload.authorization_endpoint ?? ""), "authorization_endpoint"),
+		token_endpoint: validateEndpoint(String(payload.token_endpoint ?? ""), "token_endpoint")
+	};
+}
+/**
+* Start the loopback callback server on `127.0.0.1:56121`. Falls back to an
+* OS-assigned port if 56121 is taken — xAI accepts any loopback port as long
+* as the `redirect_uri` we send on the authorize URL matches the listener.
+*/
+async function startXaiCallbackServer(renderPage) {
+	let settle;
+	let settled = false;
+	const callbackPromise = new Promise((resolve) => {
+		settle = (value) => {
+			if (settled) return;
+			settled = true;
+			resolve(value);
+		};
+	});
+	const server = createServer((req, res) => {
+		try {
+			const origin = req.headers.origin;
+			if (origin === "https://accounts.x.ai" || origin === "https://auth.x.ai") {
+				res.setHeader("Access-Control-Allow-Origin", origin);
+				res.setHeader("Access-Control-Allow-Methods", "GET, OPTIONS");
+				res.setHeader("Access-Control-Allow-Headers", "Content-Type");
+				res.setHeader("Access-Control-Allow-Private-Network", "true");
+				res.setHeader("Vary", "Origin");
+			}
+			if (req.method === "OPTIONS") {
+				res.statusCode = 204;
+				res.end();
+				return;
+			}
+			const url = new URL(req.url ?? "/", `http://${CALLBACK_HOST}`);
+			if (url.pathname !== CALLBACK_PATH) {
+				res.statusCode = 404;
+				res.end("Not found");
+				return;
+			}
+			const result = {
+				code: url.searchParams.get("code") ?? void 0,
+				state: url.searchParams.get("state") ?? void 0,
+				error: url.searchParams.get("error") ?? void 0,
+				errorDescription: url.searchParams.get("error_description") ?? void 0
+			};
+			res.statusCode = result.error ? 400 : 200;
+			res.setHeader("Content-Type", "text/html; charset=utf-8");
+			res.end(renderPage(result.error ? {
+				kind: "error",
+				provider: PROVIDER_NAME,
+				message: `${PROVIDER_NAME} authentication did not complete.`,
+				details: result.errorDescription ?? result.error
+			} : {
+				kind: "success",
+				provider: PROVIDER_NAME,
+				message: "xAI authentication completed. You can close this window."
+			}));
+			settle?.(result);
+		} catch {
+			res.statusCode = 500;
+			res.end("Internal error");
+		}
+	});
+	const listen = (port) => new Promise((resolve, reject) => {
+		server.once("error", reject);
+		server.listen(port, CALLBACK_HOST, () => {
+			server.removeListener("error", reject);
+			const addr = server.address();
+			resolve(typeof addr === "object" && addr ? addr.port : port);
+		});
+	});
+	let actualPort;
+	try {
+		actualPort = await listen(CALLBACK_PORT);
+	} catch {
+		actualPort = await listen(0);
+	}
+	return {
+		redirectUri: `http://${CALLBACK_HOST}:${actualPort}${CALLBACK_PATH}`,
+		waitForCallback: (timeoutMs) => Promise.race([callbackPromise, new Promise((resolve) => setTimeout(resolve, timeoutMs, {
+			error: "timeout",
+			errorDescription: "Timed out waiting for the xAI OAuth callback."
+		}))]),
+		close: () => {
+			try {
+				server.close();
+			} catch {}
+		}
+	};
+}
+function expiryFromPayload(payload) {
+	const expiresIn = typeof payload.expires_in === "number" ? payload.expires_in : Number(payload.expires_in ?? 3600);
+	return Date.now() + expiresIn * 1e3 - REFRESH_SKEW_MS;
+}
+async function exchangeCode(tokenEndpoint, code, redirectUri, verifier, discovery) {
+	const response = await fetch(tokenEndpoint, {
+		method: "POST",
+		headers: {
+			"Content-Type": "application/x-www-form-urlencoded",
+			"Accept": "application/json"
+		},
+		body: new URLSearchParams({
+			grant_type: "authorization_code",
+			client_id: CLIENT_ID,
+			code,
+			redirect_uri: redirectUri,
+			code_verifier: verifier
+		}),
+		signal: AbortSignal.timeout(3e4)
+	});
+	if (!response.ok) throw new Error(`xAI token exchange failed: ${response.status} ${await response.text().catch(() => "")}`);
+	const payload = await response.json();
+	const access = String(payload.access_token ?? "");
+	const refresh = String(payload.refresh_token ?? "");
+	if (!access) throw new Error("xAI token exchange did not return an access_token.");
+	if (!refresh) throw new Error("xAI token exchange did not return a refresh_token.");
+	return {
+		access,
+		refresh,
+		expires: expiryFromPayload(payload),
+		tokenEndpoint,
+		discovery
+	};
+}
+async function loginXai(renderPage, callbacks) {
+	const discovery = await discover();
+	const { verifier, challenge } = await generatePkce();
+	const state = randomToken();
+	const nonce = randomToken();
+	const server = await startXaiCallbackServer(renderPage);
+	try {
+		const authUrl = new URL(discovery.authorization_endpoint);
+		authUrl.searchParams.set("response_type", "code");
+		authUrl.searchParams.set("client_id", CLIENT_ID);
+		authUrl.searchParams.set("redirect_uri", server.redirectUri);
+		authUrl.searchParams.set("scope", SCOPE);
+		authUrl.searchParams.set("code_challenge", challenge);
+		authUrl.searchParams.set("code_challenge_method", "S256");
+		authUrl.searchParams.set("state", state);
+		authUrl.searchParams.set("nonce", nonce);
+		authUrl.searchParams.set("plan", "generic");
+		authUrl.searchParams.set("referrer", "zidane");
+		callbacks.onAuth({
+			url: authUrl.toString(),
+			instructions: `Sign in to xAI and approve access. If the browser is on another machine, the callback listener is ${server.redirectUri}.`
+		});
+		const result = await server.waitForCallback(CALLBACK_TIMEOUT_MS);
+		if (result.error) throw new Error(result.errorDescription ?? result.error);
+		if (result.state !== state) throw new Error("xAI OAuth state mismatch — possible CSRF. Please retry.");
+		if (!result.code) throw new Error("xAI OAuth callback did not include an authorization code.");
+		callbacks.onProgress?.("Exchanging authorization code for tokens...");
+		return await exchangeCode(discovery.token_endpoint, result.code, server.redirectUri, verifier, discovery);
+	} finally {
+		server.close();
+	}
+}
+async function refreshXaiToken(credentials) {
+	const xai = credentials;
+	if (!credentials.refresh) throw new Error("xAI credentials are missing a refresh token — re-login required.");
+	const tokenEndpoint = xai.tokenEndpoint ?? xai.discovery?.token_endpoint ?? (await discover()).token_endpoint;
+	validateEndpoint(tokenEndpoint, "token_endpoint");
+	const response = await fetch(tokenEndpoint, {
+		method: "POST",
+		headers: {
+			"Content-Type": "application/x-www-form-urlencoded",
+			"Accept": "application/json"
+		},
+		body: new URLSearchParams({
+			grant_type: "refresh_token",
+			client_id: CLIENT_ID,
+			refresh_token: credentials.refresh
+		}),
+		signal: AbortSignal.timeout(3e4)
+	});
+	if (!response.ok) throw new Error(`xAI token refresh failed: ${response.status} ${await response.text().catch(() => "")}`);
+	const payload = await response.json();
+	const access = String(payload.access_token ?? "");
+	if (!access) throw new Error("xAI token refresh did not return an access_token.");
+	return {
+		...xai,
+		access,
+		refresh: String(payload.refresh_token ?? credentials.refresh),
+		expires: expiryFromPayload(payload),
+		tokenEndpoint
+	};
+}
+/**
+* Build an xAI `OAuthProviderInterface`. Shape matches Anthropic / Codex /
+* Cursor so it drops into `BUILTIN_PROVIDERS` and `src/auth.ts` unchanged.
+*
+* `usesCallbackServer: true` — the loopback flow has a real callback server,
+* so the TUI doesn't need to prompt for a manual code paste.
+*/
+function createXaiOAuthProvider(renderPage) {
+	return {
+		id: XAI_OAUTH_PROVIDER_ID,
+		name: "xAI Grok (SuperGrok / X Premium+)",
+		usesCallbackServer: true,
+		login: (callbacks) => loginXai(renderPage, callbacks),
+		refreshToken: refreshXaiToken,
+		getApiKey: (credentials) => credentials.access
+	};
+}
+//#endregion
+//#region src/providers/xai.ts
+const DEFAULT_MODEL = "grok-4.3";
+function xai(params) {
+	const defaultModel = params?.defaultModel || DEFAULT_MODEL;
+	const baseURL = xaiBaseUrl();
+	const capabilities = params?.capabilities ?? {
+		vision: true,
+		imageInToolResult: false
+	};
+	const baseCredentials = extractRuntimeCredentials(params);
+	let runtimeCredentials = baseCredentials;
+	const staticKey = params?.apiKey ?? process.env.XAI_API_KEY;
+	const isOAuth = baseCredentials !== void 0 || !staticKey || isOAuthAccessToken(staticKey);
+	/**
+	* Build the openai-compat delegate for a resolved bearer. Cheap — the factory
+	* only wires closures — so we re-create it per turn with the freshly resolved
+	* (possibly refreshed) OAuth token rather than baking a stale key in once.
+	*/
+	function delegateFor(apiKey) {
+		return openaiCompat({
+			name: "xai",
+			apiKey,
+			baseURL,
+			defaultModel,
+			capabilities,
+			extraHeaders: params?.extraHeaders
+		});
+	}
+	const skeleton = delegateFor("placeholder-resolved-at-stream");
+	return {
+		...skeleton,
+		name: "xai",
+		meta: {
+			...skeleton.meta,
+			defaultModel,
+			isOAuth
+		},
+		async stream(options, callbacks) {
+			return delegateFor(await resolveOAuthApiKey({
+				provider: "xai",
+				providerId: XAI_OAUTH_PROVIDER_ID,
+				params: runtimeCredentials ? {
+					...params,
+					...runtimeCredentials
+				} : params,
+				envKey: "XAI_API_KEY",
+				missingError: "No xAI credentials found. Set XAI_API_KEY or run `bun run auth --xai` first.",
+				refreshError: (reason) => `xAI OAuth token refresh failed. Run \`bun run auth --xai\` again. ${reason}`
+			}, {
+				...callbacks,
+				async onOAuthRefresh(ctx) {
+					if (ctx.source === "params") runtimeCredentials = {
+						access: ctx.credentials.access,
+						refresh: ctx.credentials.refresh,
+						expires: ctx.credentials.expires
+					};
+					await callbacks.onOAuthRefresh?.(ctx);
+				}
+			})).stream(options, callbacks);
+		}
+	};
+}
+//#endregion
+export { ANTHROPIC_EXTRA_MODELS as _, local as a, generatePkce as c, planBasetenReasoning as d, arcee as f, writeFileAtomicAsync as g, writeFileAtomic as h, openai as i, cerebras as l, applyAnthropicCacheBreakpoints as m, createXaiOAuthProvider as n, cursor as o, anthropic as p, openrouter as r, createCursorOAuthProvider as s, xai as t, baseten as u, FAST_MODE_OPTIONS as v };
 
-//# sourceMappingURL=providers-psx2_0LB.js.map
+//# sourceMappingURL=providers-C_zClj1S.js.map