zidane 5.13.0 → 5.13.2

package/dist/{transcript-anchors-D4PwUMyO.js → transcript-anchors-Cq-8gx8u.js}

@@ -1,5 +1,5 @@
-import { A as joinSystemPrompt } from "./messages-CGazSyTL.js";
-import { a as multiEdit, c as grep, i as readFile$1, l as glob$1, n as createSpawnTool, o as listFiles, t as writeFile$1, u as edit, y as shell } from "./tools-5Bnlq68O.js";
+import { A as joinSystemPrompt } from "./messages-DEsLGBB9.js";
+import { a as multiEdit, c as grep, i as readFile$1, l as glob, n as createSpawnTool, o as listFiles, t as writeFile$1, u as edit, y as shell } from "./tools-DhzKzB1y.js";
 import { c as shortId, r as fmtTokens, s as previewLine } from "./format-BNOXpl-1.js";
 import { o as toolResultToText } from "./types-DxHDaqN7.js";
 import { l as errorMessage } from "./errors-BpPfMo_4.js";
@@ -7,8 +7,8 @@ import { t as writeFileAtomic } from "./atomic-write-Bgtr5JPu.js";
 import { o as discoverSkills } from "./interpolate-ConAiXGy.js";
 import { r as formatTokenUsage } from "./stats-DAKBEKjc.js";
 import { a as normalizeMcpServers, n as connectMcpServers } from "./mcp-C_TIj91j.js";
-import { n as definePreset, t as composePresets } from "./presets-kPEMOCmE.js";
-import { a as local, c as generatePkce, f as arcee, g as FAST_MODE_OPTIONS, h as ANTHROPIC_EXTRA_MODELS, i as openai, l as cerebras, n as createXaiOAuthProvider, p as anthropic, r as openrouter, s as createCursorOAuthProvider, t as xai, u as baseten } from "./providers-Bo2biCyT.js";
+import { n as definePreset, t as composePresets } from "./presets-HDIxliiq.js";
+import { C as restoreModelOptions, f as credKeyOf, i as readCredentials, l as BUILTIN_PROVIDERS, n as applyApiKeyEnv, r as credentialsPath, t as resolveStorageDirs, v as modelSupportsReasoning, y as modelsForDescriptor } from "./xdg-zlSeVBhQ.js";
 import { r as fetchUrl } from "./fetch-url-Cgbq-HYx.js";
 import { webSearch } from "./tools/web-search.js";
 import { D as extractEditPayload, I as parseEditOutcomesFromResult, J as collectReferences, Y as findActiveTrigger, q as applyInsert, u as ownerOf } from "./turn-operations-DLWN2J7f.js";
@@ -17,11 +17,8 @@ import { dirname, isAbsolute, join, posix, relative, resolve, sep } from "node:p
 import { chmodSync, createReadStream, createWriteStream, existsSync, mkdirSync, mkdtempSync, readFileSync, realpathSync, renameSync, rmSync, statSync, writeFileSync } from "node:fs";
 import { readdir, stat, writeFile } from "node:fs/promises";
 import { Buffer as Buffer$1 } from "node:buffer";
-import { createHash, randomBytes } from "node:crypto";
-import { getModel, getModels } from "@earendil-works/pi-ai";
+import { createHash } from "node:crypto";
 import { homedir, tmpdir } from "node:os";
-import { createServer } from "node:http";
-import { refreshAnthropicToken, refreshOpenAICodexToken, registerOAuthProvider } from "@earendil-works/pi-ai/oauth";
 import { spawn } from "node:child_process";
 import { createGunzip } from "node:zlib";
 import { createContext, useCallback, useContext, useEffect, useMemo, useRef, useState } from "react";
@@ -943,7 +940,7 @@ function accentColor(accent, COLOR) {
 const READ_ONLY_TOOLS = {
 	readFile: readFile$1,
 	listFiles,
-	glob: glob$1,
+	glob,
 	grep,
 	webSearch,
 	fetchUrl
@@ -956,7 +953,7 @@ const BUILD_TOOLS = {
 	listFiles,
 	edit,
 	multiEdit,
-	glob: glob$1,
+	glob,
 	grep,
 	webSearch,
 	fetchUrl
@@ -1389,1331 +1386,6 @@ function readIfPresent(path, source) {
 	};
 }
 //#endregion
-//#region src/chat/oauth-page/server.ts
-const CALLBACK_HOST = process.env.PI_OAUTH_CALLBACK_HOST || "127.0.0.1";
-function buildRequestHandler(opts, pending) {
-	return (req, res) => {
-		try {
-			const url = new URL(req.url || "", "http://localhost");
-			if (url.pathname !== opts.path) {
-				respondError(res, 404, opts, "Callback route not found.");
-				return;
-			}
-			const error = url.searchParams.get("error");
-			if (error) {
-				respondError(res, 400, opts, `${opts.providerName} authentication did not complete.`, `Error: ${error}`);
-				return;
-			}
-			const code = url.searchParams.get("code");
-			const state = url.searchParams.get("state");
-			if (!code || !state) {
-				respondError(res, 400, opts, "Missing code or state parameter.");
-				return;
-			}
-			if (state !== opts.expectedState) {
-				respondError(res, 400, opts, "State mismatch.");
-				return;
-			}
-			res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
-			res.end(opts.renderPage({
-				kind: "success",
-				provider: opts.providerName,
-				message: opts.successMessage
-			}));
-			pending.settle({
-				code,
-				state
-			});
-		} catch {
-			respondError(res, 500, opts, "Internal error while processing the callback.");
-		}
-	};
-}
-function respondError(res, status, opts, message, details) {
-	res.writeHead(status, { "Content-Type": "text/html; charset=utf-8" });
-	res.end(opts.renderPage({
-		kind: "error",
-		provider: opts.providerName,
-		message,
-		details
-	}));
-}
-function buildStubHandle(redirectUri, server) {
-	return {
-		redirectUri,
-		waitForCode: async () => null,
-		cancelWait: () => {},
-		close: () => {
-			try {
-				server?.close();
-			} catch {}
-		}
-	};
-}
-/**
-* Start the loopback HTTP callback server. The returned handle is the
-* caller's contract — they `await waitForCode()`, race it against manual
-* paste, then `close()` in a `finally`.
-*/
-async function startCallbackServer(opts) {
-	const onListenError = opts.onListenError ?? "reject";
-	const redirectUri = `http://localhost:${opts.port}${opts.path}`;
-	return new Promise((resolve, reject) => {
-		let settled = false;
-		const pending = { settle: () => {} };
-		const waitPromise = new Promise((resolveWait) => {
-			pending.settle = (value) => {
-				if (settled) return;
-				settled = true;
-				resolveWait(value);
-			};
-		});
-		const server = createServer(buildRequestHandler(opts, pending));
-		server.on("error", (err) => {
-			if (onListenError === "resolveWithStub") {
-				pending.settle(null);
-				resolve(buildStubHandle(redirectUri, server));
-				return;
-			}
-			reject(err);
-		});
-		server.listen(opts.port, CALLBACK_HOST, () => {
-			resolve({
-				redirectUri,
-				waitForCode: () => waitPromise,
-				cancelWait: () => pending.settle(null),
-				close: () => {
-					try {
-						server.close();
-					} catch {}
-				}
-			});
-		});
-	});
-}
-//#endregion
-//#region src/chat/oauth-page/anthropic.ts
-const CLIENT_ID$1 = atob("OWQxYzI1MGEtZTYxYi00NGQ5LTg4ZWQtNTk0NGQxOTYyZjVl");
-const AUTHORIZE_URL$1 = "https://claude.ai/oauth/authorize";
-const TOKEN_URL$1 = "https://platform.claude.com/v1/oauth/token";
-const CALLBACK_PORT$1 = 53692;
-const CALLBACK_PATH$1 = "/callback";
-const SCOPES = "org:create_api_key user:profile user:inference user:sessions:claude_code user:mcp_servers user:file_upload";
-const PROVIDER_NAME$1 = "Anthropic";
-/**
-* Parse what the user pasted into the manual-code prompt. Accepts:
-*   - the bare authorization code
-*   - the full `redirect_uri?code=...&state=...` URL
-*   - the `code#state` shorthand Anthropic surfaces on the page
-*   - a raw query string with `code=...&state=...`
-*
-* Matches pi-ai's parse table so an existing user's muscle memory still works.
-*/
-function parseAuthorizationInput$1(input) {
-	const value = input.trim();
-	if (!value) return {};
-	try {
-		const url = new URL(value);
-		return {
-			code: url.searchParams.get("code") ?? void 0,
-			state: url.searchParams.get("state") ?? void 0
-		};
-	} catch {}
-	if (value.includes("#")) {
-		const [code, state] = value.split("#", 2);
-		return {
-			code,
-			state
-		};
-	}
-	if (value.includes("code=")) {
-		const params = new URLSearchParams(value);
-		return {
-			code: params.get("code") ?? void 0,
-			state: params.get("state") ?? void 0
-		};
-	}
-	return { code: value };
-}
-async function postJson(url, body) {
-	const response = await fetch(url, {
-		method: "POST",
-		headers: {
-			"Content-Type": "application/json",
-			"Accept": "application/json"
-		},
-		body: JSON.stringify(body),
-		signal: AbortSignal.timeout(3e4)
-	});
-	const responseBody = await response.text();
-	if (!response.ok) throw new Error(`HTTP request failed. status=${response.status}; url=${url}; body=${responseBody}`);
-	return responseBody;
-}
-async function exchangeAuthorizationCode$1(code, state, verifier, redirectUri) {
-	const responseBody = await postJson(TOKEN_URL$1, {
-		grant_type: "authorization_code",
-		client_id: CLIENT_ID$1,
-		code,
-		state,
-		redirect_uri: redirectUri,
-		code_verifier: verifier
-	});
-	const tokenData = JSON.parse(responseBody);
-	return {
-		refresh: tokenData.refresh_token,
-		access: tokenData.access_token,
-		expires: Date.now() + tokenData.expires_in * 1e3 - 300 * 1e3
-	};
-}
-async function loginAnthropicWithCustomPage(options) {
-	const { verifier, challenge } = await generatePkce();
-	const server = await startCallbackServer({
-		port: CALLBACK_PORT$1,
-		path: CALLBACK_PATH$1,
-		expectedState: verifier,
-		providerName: PROVIDER_NAME$1,
-		renderPage: options.renderPage,
-		successMessage: "Anthropic authentication completed. You can close this window.",
-		onListenError: "reject"
-	});
-	let code;
-	let state;
-	try {
-		const authParams = new URLSearchParams({
-			code: "true",
-			client_id: CLIENT_ID$1,
-			response_type: "code",
-			redirect_uri: server.redirectUri,
-			scope: SCOPES,
-			code_challenge: challenge,
-			code_challenge_method: "S256",
-			state: verifier
-		});
-		options.onAuth({
-			url: `${AUTHORIZE_URL$1}?${authParams.toString()}`,
-			instructions: "Complete login in your browser. If the browser is on another machine, paste the final redirect URL here."
-		});
-		if (options.onManualCodeInput) {
-			let manualInput;
-			let manualError;
-			const manualPromise = options.onManualCodeInput().then((input) => {
-				manualInput = input;
-				server.cancelWait();
-			}).catch((err) => {
-				manualError = err instanceof Error ? err : new Error(String(err));
-				server.cancelWait();
-			});
-			const result = await server.waitForCode();
-			if (manualError) throw manualError;
-			if (result?.code) {
-				code = result.code;
-				state = result.state;
-			} else if (manualInput) {
-				const parsed = parseAuthorizationInput$1(manualInput);
-				if (parsed.state && parsed.state !== verifier) throw new Error("OAuth state mismatch");
-				code = parsed.code;
-				state = parsed.state ?? verifier;
-			}
-			if (!code) {
-				await manualPromise;
-				if (manualError) throw manualError;
-				if (manualInput) {
-					const parsed = parseAuthorizationInput$1(manualInput);
-					if (parsed.state && parsed.state !== verifier) throw new Error("OAuth state mismatch");
-					code = parsed.code;
-					state = parsed.state ?? verifier;
-				}
-			}
-		} else {
-			const result = await server.waitForCode();
-			if (result?.code) {
-				code = result.code;
-				state = result.state;
-			}
-		}
-		if (!code) {
-			const parsed = parseAuthorizationInput$1(await options.onPrompt({
-				message: "Paste the authorization code or full redirect URL:",
-				placeholder: server.redirectUri
-			}));
-			if (parsed.state && parsed.state !== verifier) throw new Error("OAuth state mismatch");
-			code = parsed.code;
-			state = parsed.state ?? verifier;
-		}
-		if (!code) throw new Error("Missing authorization code");
-		if (!state) throw new Error("Missing OAuth state");
-		options.onProgress?.("Exchanging authorization code for tokens...");
-		return await exchangeAuthorizationCode$1(code, state, verifier, server.redirectUri);
-	} finally {
-		server.close();
-	}
-}
-/**
-* Build an `OAuthProviderInterface` that behaves identically to pi-ai's
-* `anthropicOAuthProvider` except for the callback page HTML. Drop this
-* onto `ProviderDescriptor.oauthProvider` to override.
-*/
-function createAnthropicOAuthProviderWithCustomPage(renderPage) {
-	return {
-		id: "anthropic",
-		name: "Anthropic (Claude Pro/Max)",
-		usesCallbackServer: true,
-		async login(callbacks) {
-			return loginAnthropicWithCustomPage({
-				renderPage,
-				onAuth: callbacks.onAuth,
-				onPrompt: callbacks.onPrompt,
-				onProgress: callbacks.onProgress,
-				onManualCodeInput: callbacks.onManualCodeInput
-			});
-		},
-		async refreshToken(credentials) {
-			return refreshAnthropicToken(credentials.refresh);
-		},
-		getApiKey(credentials) {
-			return credentials.access;
-		}
-	};
-}
-//#endregion
-//#region src/chat/oauth-page/openai-codex.ts
-const CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
-const AUTHORIZE_URL = "https://auth.openai.com/oauth/authorize";
-const TOKEN_URL = "https://auth.openai.com/oauth/token";
-const CALLBACK_PORT = 1455;
-const CALLBACK_PATH = "/auth/callback";
-const SCOPE = "openid profile email offline_access";
-const JWT_CLAIM_PATH = "https://api.openai.com/auth";
-const PROVIDER_NAME = "OpenAI";
-function createState() {
-	return randomBytes(16).toString("hex");
-}
-function parseAuthorizationInput(input) {
-	const value = input.trim();
-	if (!value) return {};
-	try {
-		const url = new URL(value);
-		return {
-			code: url.searchParams.get("code") ?? void 0,
-			state: url.searchParams.get("state") ?? void 0
-		};
-	} catch {}
-	if (value.includes("#")) {
-		const [code, state] = value.split("#", 2);
-		return {
-			code,
-			state
-		};
-	}
-	if (value.includes("code=")) {
-		const params = new URLSearchParams(value);
-		return {
-			code: params.get("code") ?? void 0,
-			state: params.get("state") ?? void 0
-		};
-	}
-	return { code: value };
-}
-function decodeJwt(token) {
-	try {
-		const parts = token.split(".");
-		if (parts.length !== 3) return null;
-		const payload = parts[1] ?? "";
-		const decoded = atob(payload);
-		return JSON.parse(decoded);
-	} catch {
-		return null;
-	}
-}
-function getAccountId(accessToken) {
-	const accountId = (decodeJwt(accessToken)?.[JWT_CLAIM_PATH])?.chatgpt_account_id;
-	return typeof accountId === "string" && accountId.length > 0 ? accountId : null;
-}
-async function exchangeAuthorizationCode(code, verifier, redirectUri) {
-	const response = await fetch(TOKEN_URL, {
-		method: "POST",
-		headers: { "Content-Type": "application/x-www-form-urlencoded" },
-		body: new URLSearchParams({
-			grant_type: "authorization_code",
-			client_id: CLIENT_ID,
-			code,
-			code_verifier: verifier,
-			redirect_uri: redirectUri
-		})
-	});
-	if (!response.ok) {
-		const text = await response.text().catch(() => "");
-		return {
-			type: "failed",
-			message: `OpenAI Codex token exchange failed (${response.status}): ${text || response.statusText}`
-		};
-	}
-	const json = await response.json();
-	if (!json.access_token || !json.refresh_token || typeof json.expires_in !== "number") return {
-		type: "failed",
-		message: `OpenAI Codex token exchange response missing fields: ${JSON.stringify(json)}`
-	};
-	return {
-		type: "success",
-		access: json.access_token,
-		refresh: json.refresh_token,
-		expires: Date.now() + json.expires_in * 1e3
-	};
-}
-async function loginOpenAICodexWithCustomPage(options) {
-	const { verifier, challenge } = await generatePkce();
-	const state = createState();
-	const originator = options.originator ?? "pi";
-	const server = await startCallbackServer({
-		port: CALLBACK_PORT,
-		path: CALLBACK_PATH,
-		expectedState: state,
-		providerName: PROVIDER_NAME,
-		renderPage: options.renderPage,
-		successMessage: "OpenAI authentication completed. You can close this window.",
-		onListenError: "resolveWithStub"
-	});
-	const authUrl = new URL(AUTHORIZE_URL);
-	authUrl.searchParams.set("response_type", "code");
-	authUrl.searchParams.set("client_id", CLIENT_ID);
-	authUrl.searchParams.set("redirect_uri", server.redirectUri);
-	authUrl.searchParams.set("scope", SCOPE);
-	authUrl.searchParams.set("code_challenge", challenge);
-	authUrl.searchParams.set("code_challenge_method", "S256");
-	authUrl.searchParams.set("state", state);
-	authUrl.searchParams.set("id_token_add_organizations", "true");
-	authUrl.searchParams.set("codex_cli_simplified_flow", "true");
-	authUrl.searchParams.set("originator", originator);
-	options.onAuth({
-		url: authUrl.toString(),
-		instructions: "A browser window should open. Complete login to finish."
-	});
-	let code;
-	try {
-		if (options.onManualCodeInput) {
-			let manualCode;
-			let manualError;
-			const manualPromise = options.onManualCodeInput().then((input) => {
-				manualCode = input;
-				server.cancelWait();
-			}).catch((err) => {
-				manualError = err instanceof Error ? err : new Error(String(err));
-				server.cancelWait();
-			});
-			const result = await server.waitForCode();
-			if (manualError) throw manualError;
-			if (result?.code) code = result.code;
-			else if (manualCode) {
-				const parsed = parseAuthorizationInput(manualCode);
-				if (parsed.state && parsed.state !== state) throw new Error("State mismatch");
-				code = parsed.code;
-			}
-			if (!code) {
-				await manualPromise;
-				if (manualError) throw manualError;
-				if (manualCode) {
-					const parsed = parseAuthorizationInput(manualCode);
-					if (parsed.state && parsed.state !== state) throw new Error("State mismatch");
-					code = parsed.code;
-				}
-			}
-		} else {
-			const result = await server.waitForCode();
-			if (result?.code) code = result.code;
-		}
-		if (!code) {
-			const parsed = parseAuthorizationInput(await options.onPrompt({ message: "Paste the authorization code (or full redirect URL):" }));
-			if (parsed.state && parsed.state !== state) throw new Error("State mismatch");
-			code = parsed.code;
-		}
-		if (!code) throw new Error("Missing authorization code");
-		const tokenResult = await exchangeAuthorizationCode(code, verifier, server.redirectUri);
-		if (tokenResult.type !== "success") throw new Error(tokenResult.message);
-		const accountId = getAccountId(tokenResult.access);
-		if (!accountId) throw new Error("Failed to extract accountId from token");
-		return {
-			access: tokenResult.access,
-			refresh: tokenResult.refresh,
-			expires: tokenResult.expires,
-			accountId
-		};
-	} finally {
-		server.close();
-	}
-}
-/**
-* Build an `OAuthProviderInterface` that behaves identically to pi-ai's
-* `openaiCodexOAuthProvider` except for the callback page HTML.
-*/
-function createOpenAICodexOAuthProviderWithCustomPage(renderPage) {
-	return {
-		id: "openai-codex",
-		name: "ChatGPT Plus/Pro (Codex Subscription)",
-		usesCallbackServer: true,
-		async login(callbacks) {
-			return loginOpenAICodexWithCustomPage({
-				renderPage,
-				onAuth: callbacks.onAuth,
-				onPrompt: callbacks.onPrompt,
-				onProgress: callbacks.onProgress,
-				onManualCodeInput: callbacks.onManualCodeInput
-			});
-		},
-		async refreshToken(credentials) {
-			return refreshOpenAICodexToken(credentials.refresh);
-		},
-		getApiKey(credentials) {
-			return credentials.access;
-		}
-	};
-}
-//#endregion
-//#region src/chat/oauth-page/render.ts
-function escapeHtml(value) {
-	return value.replaceAll("&", "&amp;").replaceAll("<", "&lt;").replaceAll(">", "&gt;").replaceAll("\"", "&quot;").replaceAll("'", "&#39;");
-}
-/**
-* Default zidane-themed page. Visually neutral but distinguishable from
-* pi-ai's stock page — dark background, mono headings, no logo (host can
-* pass a custom renderer to add one).
-*/
-const renderDefaultCallbackPage = (page) => {
-	const heading = escapeHtml(page.kind === "success" ? `Signed in to ${page.provider}` : `Could not sign in to ${page.provider}`);
-	const message = escapeHtml(page.message);
-	const details = page.details ? escapeHtml(page.details) : void 0;
-	return `<!doctype html>
-<html lang="en">
-<head>
-  <meta charset="utf-8" />
-  <meta name="viewport" content="width=device-width, initial-scale=1" />
-  <title>${heading}</title>
-  <style>
-    :root {
-      --text: #f4f4f5;
-      --text-dim: #a1a1aa;
-      --accent: ${page.kind === "success" ? "#22d3ee" : "#f87171"};
-      --page-bg: #0a0a0a;
-      --panel-bg: #131316;
-      --border: #27272a;
-      --font-sans: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
-      --font-mono: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, monospace;
-    }
-    * { box-sizing: border-box; }
-    html { color-scheme: dark; }
-    body {
-      margin: 0;
-      min-height: 100vh;
-      display: flex;
-      align-items: center;
-      justify-content: center;
-      padding: 24px;
-      background: var(--page-bg);
-      color: var(--text);
-      font-family: var(--font-sans);
-    }
-    main {
-      width: 100%;
-      max-width: 520px;
-      padding: 32px;
-      background: var(--panel-bg);
-      border: 1px solid var(--border);
-      border-radius: 12px;
-    }
-    .label {
-      font-family: var(--font-mono);
-      font-size: 12px;
-      letter-spacing: 0.08em;
-      text-transform: uppercase;
-      color: var(--accent);
-      margin-bottom: 12px;
-    }
-    h1 {
-      margin: 0 0 12px;
-      font-size: 22px;
-      font-weight: 600;
-      letter-spacing: -0.01em;
-      color: var(--text);
-    }
-    p {
-      margin: 0;
-      line-height: 1.6;
-      color: var(--text-dim);
-      font-size: 14px;
-    }
-    .details {
-      margin-top: 18px;
-      padding: 12px 14px;
-      background: var(--page-bg);
-      border: 1px solid var(--border);
-      border-radius: 8px;
-      font-family: var(--font-mono);
-      font-size: 12px;
-      color: var(--text-dim);
-      white-space: pre-wrap;
-      word-break: break-word;
-    }
-  </style>
-</head>
-<body>
-  <main>
-    <div class="label">zidane · OAuth · ${escapeHtml(page.provider)}</div>
-    <h1>${heading}</h1>
-    <p>${message}</p>
-    ${details ? `<div class="details">${details}</div>` : ""}
-  </main>
-</body>
-</html>`;
-};
-//#endregion
-//#region src/chat/oauth-page/index.ts
-/**
-* Bundle helper — returns both Anthropic + OpenAI Codex providers wired
-* with the same renderer. Hosts that want different renderers per provider
-* should call the individual `create…WithCustomPage` factories instead.
-*/
-function createCustomCallbackOAuthProviders(renderPage) {
-	return {
-		anthropic: createAnthropicOAuthProviderWithCustomPage(renderPage),
-		openaiCodex: createOpenAICodexOAuthProviderWithCustomPage(renderPage)
-	};
-}
-let cursorRegistered = false;
-/**
-* Register Cursor with pi-ai's OAuth registry.
-*
-* Unlike Anthropic / Codex, Cursor is **not** built into pi-ai, so
-* `getOAuthApiKey('cursor', …)` (used by `resolveOAuthApiKey` for lazy
-* token refresh) would throw "Unknown OAuth provider" until we register it.
-* Call once at startup from both the CLI auth path and the TUI. Idempotent.
-*/
-function registerCursorOAuthProvider() {
-	const provider = createCursorOAuthProvider();
-	if (!cursorRegistered) {
-		registerOAuthProvider(provider);
-		cursorRegistered = true;
-	}
-	return provider;
-}
-let xaiRegistered = false;
-/**
-* Register xAI Grok with pi-ai's OAuth registry.
-*
-* pi-ai ships an xAI *API-key* provider, but no OAuth one — so
-* `getOAuthApiKey('xai-oauth', …)` (lazy refresh in `resolveOAuthApiKey`)
-* would throw "Unknown OAuth provider" until we register our flow. The
-* callback page routes through the supplied renderer so the post-redirect
-* HTML matches zidane's theme. Call once at startup; idempotent.
-*/
-function registerXaiOAuthProvider(renderPage) {
-	const provider = createXaiOAuthProvider(renderPage);
-	if (!xaiRegistered) {
-		registerOAuthProvider(provider);
-		xaiRegistered = true;
-	}
-	return provider;
-}
-//#endregion
-//#region src/chat/providers.ts
-/**
-* pi-ai's stock Anthropic + Codex OAuth providers bake their own callback
-* HTML; we route both through `renderDefaultCallbackPage` so the post-redirect
-* page matches zidane's theme. The override lives in `src/chat/oauth-page/`
-* — see that folder's `index.ts` for the deletion path once pi-ai exposes
-* a `renderCallbackPage` hook upstream.
-*/
-const { anthropic: anthropicOAuthProvider, openaiCodex: openaiCodexOAuthProvider } = createCustomCallbackOAuthProviders(renderDefaultCallbackPage);
-registerCursorOAuthProvider();
-/**
-* xAI Grok isn't built into pi-ai's OAuth registry (only its API-key provider
-* is), so register our loopback-PKCE flow — themed via `renderDefaultCallbackPage`
-* — so lazy token refresh resolves through it.
-*/
-const xaiOAuthProvider = registerXaiOAuthProvider(renderDefaultCallbackPage);
-/** Convenience accessor — returns `credentialFileKey ?? key`. */
-function credKeyOf(desc) {
-	return desc.credentialFileKey ?? desc.key;
-}
-/** Convenience accessor — returns `piProviderId ?? key`. */
-function piIdOf(desc) {
-	return desc.piProviderId ?? desc.key;
-}
-const anthropicDescriptor = {
-	key: "anthropic",
-	label: "Anthropic",
-	factory: anthropic,
-	defaultModel: "claude-opus-4-8",
-	envKey: "ANTHROPIC_API_KEY",
-	apiKeyPlaceholder: "sk-ant-…",
-	oauthProvider: anthropicOAuthProvider,
-	oauthHint: "Claude Pro/Max subscription",
-	extraModels: ANTHROPIC_EXTRA_MODELS,
-	optionsFor: (id) => FAST_MODE_OPTIONS[id] ? [FAST_MODE_OPTIONS[id]] : void 0
-};
-const openaiDescriptor = {
-	key: "openai",
-	label: "OpenAI",
-	factory: openai,
-	defaultModel: "gpt-5.5",
-	envKey: "OPENAI_CODEX_API_KEY",
-	credentialFileKey: "openai-codex",
-	piProviderId: "openai-codex",
-	apiKeyPlaceholder: "sk-… or eyJ… (Codex)",
-	oauthProvider: openaiCodexOAuthProvider
-};
-const openrouterDescriptor = {
-	key: "openrouter",
-	label: "OpenRouter",
-	factory: openrouter,
-	defaultModel: "anthropic/claude-sonnet-4-6",
-	envKey: "OPENROUTER_API_KEY",
-	apiKeyPlaceholder: "sk-or-…"
-};
-const cerebrasDescriptor = {
-	key: "cerebras",
-	label: "Cerebras",
-	factory: cerebras,
-	defaultModel: "zai-glm-4.7",
-	envKey: "CEREBRAS_API_KEY",
-	apiKeyPlaceholder: "csk-…"
-};
-/**
-* xAI Grok. Supports BOTH a static API key (`XAI_API_KEY`) and the
-* SuperGrok / X Premium+ OAuth subscription, so the wizard offers both methods.
-* Models come from pi-ai's `xai` registry (OpenAI-compatible endpoint), shared
-* by both auth modes.
-*/
-const xaiDescriptor = {
-	key: "xai",
-	label: "xAI Grok",
-	factory: xai,
-	defaultModel: "grok-4.3",
-	envKey: "XAI_API_KEY",
-	apiKeyPlaceholder: "xai-…",
-	oauthProvider: xaiOAuthProvider,
-	oauthHint: "SuperGrok / X Premium+ subscription",
-	credentialFileKey: "xai-oauth",
-	piProviderId: "xai"
-};
-const arceeDescriptor = {
-	key: "arcee",
-	label: "Arcee",
-	factory: arcee,
-	defaultModel: "trinity-large-thinking",
-	envKey: "ARCEE_API_KEY",
-	apiKeyPlaceholder: "arcee-…",
-	models: [
-		{
-			id: "trinity-large-thinking",
-			name: "Trinity Large (Thinking)",
-			contextWindow: 256e3,
-			reasoning: true,
-			input: ["text"],
-			cost: {
-				input: .25,
-				output: .8
-			}
-		},
-		{
-			id: "trinity-large-preview",
-			name: "Trinity Large (Preview)",
-			contextWindow: 128e3,
-			input: ["text"],
-			cost: {
-				input: .45,
-				output: .15
-			}
-		},
-		{
-			id: "trinity-mini",
-			name: "Trinity Mini",
-			contextWindow: 128e3,
-			input: ["text"],
-			cost: {
-				input: .045,
-				output: .15
-			}
-		}
-	]
-};
-const basetenDescriptor = {
-	key: "baseten",
-	label: "Baseten",
-	factory: baseten,
-	defaultModel: "zai-org/GLM-5.1",
-	envKey: "BASETEN_API_KEY",
-	apiKeyPlaceholder: "baseten-api-key…",
-	models: [
-		{
-			id: "zai-org/GLM-5.2",
-			name: "GLM 5.2",
-			contextWindow: 1e6,
-			reasoning: true,
-			input: ["text"]
-		},
-		{
-			id: "zai-org/GLM-5.1",
-			name: "GLM 5.1",
-			contextWindow: 2e5,
-			reasoning: true,
-			input: ["text"]
-		},
-		{
-			id: "zai-org/GLM-5",
-			name: "GLM 5",
-			contextWindow: 2e5,
-			reasoning: true,
-			input: ["text"],
-			cost: {
-				input: .95,
-				output: 3.15,
-				cacheRead: .2
-			}
-		},
-		{
-			id: "zai-org/GLM-4.7",
-			name: "GLM 4.7",
-			contextWindow: 2e5,
-			reasoning: true,
-			input: ["text"],
-			cost: {
-				input: .6,
-				output: 2.2,
-				cacheRead: .12
-			}
-		},
-		{
-			id: "moonshotai/Kimi-K2.6",
-			name: "Kimi K2.6",
-			contextWindow: 256e3,
-			reasoning: true,
-			input: ["text", "image"],
-			cost: {
-				input: 1,
-				output: 3.9,
-				cacheRead: .2
-			}
-		},
-		{
-			id: "moonshotai/Kimi-K2.5",
-			name: "Kimi K2.5",
-			contextWindow: 256e3,
-			reasoning: true,
-			input: ["text", "image"],
-			cost: {
-				input: .6,
-				output: 3,
-				cacheRead: .12
-			}
-		},
-		{
-			id: "deepseek-ai/DeepSeek-V4-Pro",
-			name: "DeepSeek V4 Pro",
-			contextWindow: 131e3,
-			reasoning: true,
-			input: ["text"],
-			cost: {
-				input: 1.74,
-				output: 3.48,
-				cacheRead: .145
-			}
-		},
-		{
-			id: "nvidia/Nemotron-120B-A12B",
-			name: "Nemotron Super",
-			contextWindow: 2e5,
-			reasoning: true,
-			input: ["text"],
-			cost: {
-				input: .3,
-				output: .75,
-				cacheRead: .06
-			}
-		},
-		{
-			id: "nvidia/NVIDIA-Nemotron-3-Ultra-550B-A55B",
-			name: "Nemotron Ultra",
-			contextWindow: 2e5,
-			reasoning: true,
-			input: ["text"]
-		},
-		{
-			id: "openai/gpt-oss-120b",
-			name: "GPT-OSS 120B",
-			contextWindow: 128e3,
-			reasoning: true,
-			input: ["text"],
-			cost: {
-				input: .1,
-				output: .5
-			}
-		}
-	]
-};
-/**
-* Conservative context-window assumption for a user-configured local model.
-* Local runtimes expose no reliable per-model metadata over the OpenAI-compat
-* `/v1/models` endpoint (it returns ids, not context sizes), so we pick a
-* floor that fits the smallest mainstream OSS models (Llama 3.x 8B, Qwen2.5)
-* without over-promising. The footer's context indicator and auto-compaction
-* lean on this — under-estimating is the safe direction (compact early rather
-* than overflow the server's real window).
-*
-* Users running larger-context models (e.g. a 128K Qwen) can raise it via the
-* `LOCAL_LLM_CONTEXT_WINDOW` env var / customField, which supports a single
-* value or a per-model map (resolved by {@link resolveContextWindow}).
-*/
-const LOCAL_DEFAULT_CONTEXT_WINDOW = 8192;
-/**
-* Local OpenAI-compatible LLM (Ollama, vLLM, LM Studio, Lemonade, llama.cpp).
-*
-* No fixed base URL or model catalogue — both come from the user via
-* `customFields`. No `envKey`, so the wizard skips the API-key prompt and
-* treats the customFields-only credential as the auth signal (see
-* `applyApiKeyEnv` + `detectAuth`).
-*
-* Vision / cache / reasoning are off by default in the factory — flip them
-* by passing a custom descriptor that calls `local({ capabilities })`.
-*
-* `models` is a getter, not a static list: there's no fixed catalogue to ship,
-* but once the user has configured a default model (mirrored into
-* `LOCAL_LLM_DEFAULT_MODEL` by `applyApiKeyEnv`), we surface it as a
-* single-entry list so the model picker + footer aren't empty. Resolved at
-* access time because the env var is populated at TUI launch, after this
-* module loads. Empty list when unconfigured — the picker hides, the user
-* types a slug at the prompt as before.
-*/
-const localDescriptor = {
-	key: "local",
-	label: "Local LLM",
-	factory: local,
-	get models() {
-		const configured = process.env.LOCAL_LLM_DEFAULT_MODEL?.trim();
-		if (!configured) return [];
-		return [{
-			id: configured,
-			name: configured,
-			contextWindow: resolveContextWindow(process.env.LOCAL_LLM_CONTEXT_WINDOW, configured) ?? LOCAL_DEFAULT_CONTEXT_WINDOW,
-			input: ["text"]
-		}];
-	},
-	customFields: [
-		{
-			key: "baseURL",
-			label: "Base URL",
-			envVar: "LOCAL_LLM_BASE_URL",
-			placeholder: "http://localhost:11434/v1",
-			hint: "Where your local LLM server is reachable. Examples: Ollama → http://localhost:11434/v1, vLLM → http://localhost:8000/v1, LM Studio → http://localhost:1234/v1.",
-			required: true
-		},
-		{
-			key: "apiKey",
-			label: "API key",
-			envVar: "LOCAL_LLM_API_KEY",
-			placeholder: "leave blank if your server is unauthenticated"
-		},
-		{
-			key: "model",
-			label: "Default model",
-			envVar: "LOCAL_LLM_DEFAULT_MODEL",
-			placeholder: "e.g. llama3.1:8b, qwen2.5-coder, mistral-small",
-			hint: "Model id your server exposes. Leave blank to pick later from the model picker."
-		},
-		{
-			key: "contextWindow",
-			label: "Context window (tokens)",
-			envVar: "LOCAL_LLM_CONTEXT_WINDOW",
-			placeholder: "e.g. 32768  ·  or per-model: llama3.1:8b=32768, qwen2.5-coder=128k, 64k",
-			hint: "Context length(s) for your local model(s) — local runtimes don't advertise this, so set it here to enable the context indicator and auto-compaction. Use a single value (32768, 128k) for all models, or a comma-separated map of `model=window` with an optional bare value as the fallback. Press"
-		}
-	],
-	contextWindowEnvVar: "LOCAL_LLM_CONTEXT_WINDOW"
-};
-/**
-* Default provider registry. Passed verbatim when `runTui` is invoked without
-* an explicit `providers` option. Hosts that want to override per-provider
-* metadata can spread this and replace specific entries:
-*
-* ```ts
-* runTui({ providers: { ...BUILTIN_PROVIDERS, anthropic: myOwnAnthropicDescriptor } })
-* ```
-*
-* `cursor` is intentionally NOT registered here: OAuth works, but inference
-* isn't wired (`cursor.stream()` throws — Cursor speaks a protobuf/HTTP-2
-* agent protocol, not OpenAI-compat). Shipping it in the picker only lets users
-* select a model that errors every turn. The descriptor stays exported so a
-* host can opt in (`{ ...BUILTIN_PROVIDERS, cursor: cursorDescriptor }`) once
-* the transport lands — re-add it here at that point.
-*/
-const BUILTIN_PROVIDERS = {
-	anthropic: anthropicDescriptor,
-	openai: openaiDescriptor,
-	openrouter: openrouterDescriptor,
-	cerebras: cerebrasDescriptor,
-	xai: xaiDescriptor,
-	arcee: arceeDescriptor,
-	baseten: basetenDescriptor,
-	local: localDescriptor
-};
-/**
-* Resolve the model list for a given provider. Honors `descriptor.models`
-* when set; otherwise queries pi-ai via `descriptor.piProviderId`. Returns
-* `[]` for descriptors with no known mapping (custom providers without a
-* model list) — callers should hide the model picker in that case.
-*/
-function modelsForDescriptor(descriptor) {
-	if (descriptor.models) return descriptor.models;
-	let bundled;
-	try {
-		bundled = getModels(piIdOf(descriptor));
-	} catch {
-		bundled = [];
-	}
-	if (descriptor.extraModels?.length) {
-		const bundledIds = new Set(bundled.map((m) => m.id));
-		bundled = [...descriptor.extraModels.filter((m) => !bundledIds.has(m.id)), ...bundled];
-	}
-	return descriptor.optionsFor ? bundled.map((m) => decorateOptions(m, descriptor)) : bundled;
-}
-/**
-* Attach descriptor-resolved {@link ModelOption}s to a model that doesn't
-* already declare its own. Pure / non-mutating — returns the input untouched
-* when the model has options already or the descriptor resolves none.
-*/
-function decorateOptions(model, descriptor) {
-	if (model.options?.length || !descriptor.optionsFor) return model;
-	const options = descriptor.optionsFor(model.id);
-	return options?.length ? {
-		...model,
-		options
-	} : model;
-}
-/**
-* Resolve a single model's metadata via the descriptor's model source.
-* Mirrors {@link modelsForDescriptor} routing: descriptor's own list wins,
-* pi-ai's registry is the fallback. Returns `null` when the model isn't
-* known.
-*/
-function getModelInfo(descriptor, modelId) {
-	if (descriptor.models) return descriptor.models.find((m) => m.id === modelId) ?? null;
-	try {
-		const bundled = getModel(piIdOf(descriptor), modelId);
-		if (bundled) return decorateOptions(bundled, descriptor);
-	} catch {}
-	const extra = descriptor.extraModels?.find((m) => m.id === modelId);
-	return extra ? decorateOptions(extra, descriptor) : null;
-}
-/**
-* Parse a user-supplied context-window string into a token count.
-*
-* Accepts a plain integer (`"32768"`), or a number with a `k`/`m` suffix
-* (×1_000 / ×1_000_000, case-insensitive, optional space) — so `"128k"`
-* yields `128_000`, matching how the footer renders windows (`fmtTokens`).
-* Fractional values are floored (`"1.5k"` → `1500`). Returns `null` for
-* empty, malformed, zero, or negative input so callers fall through to
-* "window unknown" rather than a bogus ceiling.
-*/
-function parseContextWindow(raw) {
-	if (raw == null) return null;
-	const trimmed = raw.trim();
-	if (trimmed.length === 0) return null;
-	const match = /^(\d+(?:\.\d+)?)\s*([km])?$/i.exec(trimmed);
-	if (!match) return null;
-	const suffix = match[2]?.toLowerCase();
-	const mult = suffix === "k" ? 1e3 : suffix === "m" ? 1e6 : 1;
-	const value = Math.floor(Number.parseFloat(match[1]) * mult);
-	return value >= 1 ? value : null;
-}
-/**
-* Resolve a per-model context window from a user-supplied spec string.
-*
-* A spec is a comma-separated list of entries. An entry is either:
-*   - `model=window` — a per-model override (split on the **first** `=`, so
-*     model ids containing `:` or `/` survive), or
-*   - a bare `window` — the fallback applied to any model not named above.
-*
-* Windows are parsed by {@link parseContextWindow} (plain int or k/m suffix).
-* Whitespace around entries and the `=` is ignored; malformed entries are
-* skipped rather than poisoning the whole spec; a later duplicate key wins.
-*
-* Lookup order for `modelId`: exact map entry → bare fallback → `null`. A
-* lone bare value (`"32768"`) therefore behaves as a single global window,
-* keeping the simple single-model config working.
-*
-* @example resolveContextWindow('llama3.1:8b=32768, qwen=128k, 64k', 'qwen') // 128000
-*/
-function resolveContextWindow(spec, modelId) {
-	if (spec == null) return null;
-	const overrides = /* @__PURE__ */ new Map();
-	let fallback = null;
-	for (const entry of spec.split(",")) {
-		const eq = entry.indexOf("=");
-		if (eq === -1) {
-			const bare = parseContextWindow(entry);
-			if (bare != null) fallback = bare;
-			continue;
-		}
-		const key = entry.slice(0, eq).trim();
-		const window = parseContextWindow(entry.slice(eq + 1));
-		if (key.length > 0 && window != null) overrides.set(key, window);
-	}
-	return overrides.get(modelId) ?? fallback;
-}
-/**
-* Look up the model's max context window via the descriptor's model source.
-* Falls back to {@link ProviderDescriptor.contextWindowEnvVar} (parsed via
-* {@link resolveContextWindow}, which supports a per-model map) when the
-* registry has nothing — this is how local LLMs, whose runtimes don't
-* advertise a window, get one. Returns `null` when neither source resolves a
-* value (custom slugs, providers without a registry or a configured window);
-* callers should hide the context indicator and skip auto-compaction then.
-*/
-function getContextWindow(descriptor, modelId) {
-	const fromRegistry = getModelInfo(descriptor, modelId)?.contextWindow;
-	if (fromRegistry != null) return fromRegistry;
-	if (descriptor.contextWindowEnvVar) return resolveContextWindow(process.env[descriptor.contextWindowEnvVar], modelId);
-	return null;
-}
-/**
-* Whether the given model exposes a reasoning / extended-thinking knob.
-* Drives the TUI's effort picker visibility — the `ctrl+n` shortcut and
-* the bottom-bar `effortName` segment only surface when this is `true`.
-* Returns `false` for unknown models (no registry entry → no advertised
-* capability).
-*/
-function modelSupportsReasoning(descriptor, modelId) {
-	return getModelInfo(descriptor, modelId)?.reasoning === true;
-}
-/**
-* Custom {@link ModelOption}s the given model supports (e.g. fast mode), or `[]`
-* when none. Drives the TUI/GUI options picker visibility — surfaces only when
-* non-empty.
-*/
-function modelOptionsFor(descriptor, modelId) {
-	return getModelInfo(descriptor, modelId)?.options ?? [];
-}
-/**
-* Normalize a model-options blob to an enabled-only `{ id: true }` map.
-*
-* Single source of truth shared by every surface that reads or persists model
-* options — the TUI run path, the GUI engine reader, and the GUI IPC handlers.
-* Tolerant of arbitrary input (persisted JSON metadata may be anything): a
-* non-object → `{}`, and only entries strictly equal to `true` survive. This
-* keeps the persisted shape minimal (no `{ fast: false }` noise) and means
-* callers never forward a disabled option to `agent.run`.
-*/
-function enabledModelOptions(raw) {
-	if (!raw || typeof raw !== "object") return {};
-	const out = {};
-	for (const [id, on] of Object.entries(raw)) if (on === true) out[id] = true;
-	return out;
-}
-/**
-* Resolve a model's remembered options for a (re)pick: keep only options the
-* model still declares AND that are enabled, dropping any that no longer apply
-* (e.g. switching away from a model that supported `fast`). Returns `undefined`
-* when nothing applies so callers can omit the field entirely.
-*
-* Shared by the TUI pick path and the launch-time resume path so "which options
-* survive a model switch / relaunch" is decided in exactly one place.
-*/
-function restoreModelOptions(descriptor, modelId, remembered) {
-	const validIds = new Set(modelOptionsFor(descriptor, modelId).map((o) => o.id));
-	if (validIds.size === 0) return void 0;
-	const enabled = enabledModelOptions(remembered?.[modelId]);
-	const filtered = {};
-	for (const id of Object.keys(enabled)) if (validIds.has(id)) filtered[id] = true;
-	return Object.keys(filtered).length > 0 ? filtered : void 0;
-}
-//#endregion
-//#region src/chat/credentials.ts
-/** POSIX mode for the credentials file. Ignored on Windows. */
-const FILE_MODE$1 = 384;
-/**
-* Resolve the credentials file path given the resolved TUI data directory
-* (typically `~/.zidane`, i.e. `config.paths.dir`).
-*
-* Matches the convention used elsewhere in the TUI (sessions.db, state.json)
-* so a single `ZIDANE_STORAGE_DIR` override moves the entire data root.
-*/
-function credentialsPath(dataDir) {
-	return resolve(dataDir, "credentials.json");
-}
-/**
-* Read credentials from disk.
-*
-* Returns `{}` when the file is missing or corrupt (last-ditch tolerance —
-* a hand-edit gone wrong shouldn't lock the user out of re-authing). On first
-* call with no file present, attempts a migration from `cwd/.credentials.json`
-* (the legacy location used by `bun run auth`).
-*/
-function readCredentials(dataDir) {
-	const path = credentialsPath(dataDir);
-	if (!existsSync(path)) {
-		const migrated = migrateLegacyFile(path);
-		if (migrated) return migrated;
-		return {};
-	}
-	try {
-		const raw = readFileSync(path, "utf-8");
-		const parsed = JSON.parse(raw);
-		if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) return {};
-		return parsed;
-	} catch {
-		return {};
-	}
-}
-/** Read a single provider's credential (translating via the descriptor). */
-function readProviderCredential(dataDir, descriptor) {
-	return readCredentials(dataDir)[credKeyOf(descriptor)];
-}
-/**
-* Write credentials atomically (write-then-rename) with mode 0o600.
-*
-* Atomic on the same filesystem — readers either see the previous file or the
-* new one, never a half-written intermediate. Creates the parent dir if needed
-* (first launch on a fresh machine: `~/.zidane/` may not exist yet).
-*/
-function writeCredentials(dataDir, creds) {
-	writeFileAtomic(credentialsPath(dataDir), `${JSON.stringify(creds, null, 2)}\n`, {
-		ensureDir: true,
-		mode: FILE_MODE$1
-	});
-}
-function setProviderCredential(dataDir, descriptor, cred) {
-	const all = readCredentials(dataDir);
-	all[credKeyOf(descriptor)] = cred;
-	writeCredentials(dataDir, all);
-}
-function removeProviderCredential(dataDir, descriptor) {
-	const all = readCredentials(dataDir);
-	const fileKey = credKeyOf(descriptor);
-	if (!(fileKey in all)) return;
-	delete all[fileKey];
-	writeCredentials(dataDir, all);
-}
-/**
-* Reconcile `process.env` with the stored credentials so the harness providers
-* pick up the wizard's output via their existing env-var resolution. Called
-* once at TUI launch after the credentials file has been resolved.
-*
-* **Precedence: stored credential > ambient env.** When the user has run the
-* auth wizard, that's an explicit, recent action — it MUST win over whatever
-* ambient value is already in `process.env`. Otherwise an upgrade reliably
-* breaks for anyone whose cwd happens to contain a stale `.env`: Bun
-* auto-loads `.env` from cwd into `process.env` before our code runs, the
-* legacy `bun run auth` used to upsert tokens into `cwd/.env`, and even a
-* one-off `export ANTHROPIC_API_KEY=…` from months ago in the user's shell rc
-* can outlive its usefulness. None of those should override a key the user
-* just typed into the wizard.
-*
-* Three cases per registered provider with an `envKey`:
-*
-*   1. Stored `kind: 'apikey'` → overwrite env with the stored value. Wizard
-*      wins. A debug log fires when this clobbers a different ambient value.
-*   2. Stored `kind: 'oauth'`  → DELETE env, so {@link resolveOAuthApiKey}
-*      falls through to the file-read + refresh path. A stale OAuth token
-*      in env would otherwise short-circuit refresh and get rejected.
-*   3. No stored entry → leave env alone. Env-only setups (no wizard run yet,
-*      hosts driving zidane purely from secrets management) keep working.
-*
-* To opt out and force ambient env to win again, the user signs the provider
-* out via the wizard (which deletes the stored entry → case 3 above).
-*
-* Descriptors without an `envKey` (OAuth-only providers, custom providers
-* that bypass env-var resolution) are skipped silently.
-*/
-function applyApiKeyEnv(dataDir, registry) {
-	const creds = readCredentials(dataDir);
-	for (const descriptor of Object.values(registry)) {
-		const cred = creds[credKeyOf(descriptor)];
-		if (cred?.kind === "apikey" && descriptor.customFields) {
-			const stored = cred.customFields ?? {};
-			for (const field of descriptor.customFields) {
-				const value = stored[field.key];
-				if (typeof value === "string" && value.length > 0) {
-					const ambient = process.env[field.envVar];
-					if (ambient && ambient !== value && process.env.ZIDANE_DEBUG) process.stderr.write(`[zidane/chat] applyApiKeyEnv: overriding ambient \`${field.envVar}\` with stored value from credentials.json (provider=${descriptor.key}, field=${field.key}).\n`);
-					process.env[field.envVar] = value;
-				}
-			}
-		}
-		if (!descriptor.envKey) continue;
-		const envKey = descriptor.envKey;
-		const ambient = process.env[envKey];
-		if (cred?.kind === "apikey" && cred.value) {
-			if (ambient && ambient !== cred.value && process.env.ZIDANE_DEBUG) process.stderr.write(`[zidane/chat] applyApiKeyEnv: overriding ambient \`${envKey}\` with stored API key from credentials.json (provider=${descriptor.key}). Sign out via the auth wizard if the ambient value was intended to win.\n`);
-			process.env[envKey] = cred.value;
-			continue;
-		}
-		if (cred?.kind === "oauth" && cred.access) {
-			if (ambient !== void 0 && process.env.ZIDANE_DEBUG) process.stderr.write(`[zidane/chat] applyApiKeyEnv: clearing ambient \`${envKey}\` because credentials.json has stored OAuth for ${descriptor.key} — refresh path needs the file.\n`);
-			delete process.env[envKey];
-			continue;
-		}
-	}
-}
-/**
-* `bun run auth` (pre-TUI) wrote `cwd/.credentials.json` with an entry per
-* provider mapping directly to an OAuthCredentials payload, e.g.:
-*
-*   {
-*     "anthropic":    { "access": "...", "refresh": "...", "expires": 123 },
-*     "openai-codex": { "access": "...", "refresh": "...", "expires": 123, "accountId": "..." }
-*   }
-*
-* We don't delete the legacy file — it might still be used by a host that
-* imports the harness directly. We just copy its contents into the new
-* location under the kind-tagged shape so the TUI picks them up.
-*
-* Migration is provider-agnostic: any top-level entry with an `access` field
-* is preserved verbatim (extras included), under the same key. The TUI's
-* detection then looks them up via the matching descriptor's `credentialFileKey`.
-*
-* Returns the migrated credentials when the migration ran, or `null` when
-* there's no legacy file to migrate.
-*/
-function migrateLegacyFile(targetPath) {
-	const legacyPath = resolve(process.cwd(), ".credentials.json");
-	const real = (p) => {
-		try {
-			return realpathSync(p);
-		} catch {
-			return p;
-		}
-	};
-	const legacyDir = real(dirname(legacyPath));
-	if (legacyDir !== real(homedir()) && legacyDir !== real(dirname(resolve(targetPath)))) return null;
-	if (!existsSync(legacyPath)) return null;
-	let legacy;
-	try {
-		legacy = JSON.parse(readFileSync(legacyPath, "utf-8"));
-	} catch {
-		return null;
-	}
-	if (!legacy || typeof legacy !== "object" || Array.isArray(legacy)) return null;
-	const migrated = {};
-	for (const [fileKey, value] of Object.entries(legacy)) {
-		if (!isOAuthLegacy(value)) continue;
-		const { access, refresh, expires, ...extras } = value;
-		migrated[fileKey] = {
-			kind: "oauth",
-			access,
-			...typeof refresh === "string" ? { refresh } : {},
-			...typeof expires === "number" ? { expires } : {},
-			...extras
-		};
-	}
-	if (Object.keys(migrated).length === 0) return null;
-	writeFileAtomic(targetPath, `${JSON.stringify(migrated, null, 2)}\n`, {
-		ensureDir: true,
-		mode: FILE_MODE$1
-	});
-	return migrated;
-}
-function isOAuthLegacy(value) {
-	return typeof value === "object" && value !== null && "access" in value && typeof value.access === "string";
-}
-//#endregion
 //#region src/chat/auth.ts
 /**
 * Detect available auth for every registered provider.
@@ -4971,86 +3643,6 @@ function normalizeUserConfig(raw) {
 	return out;
 }
 //#endregion
-//#region src/chat/xdg.ts
-/**
-* XDG Base Directory resolution for zidane.
-*
-* The user's storage spreads across four logical slots:
-*
-*   - **config** — credentials, mcp-credentials, keybindings, config.json,
-*     mcps.json, skills (user-editable surface).
-*   - **data**   — sessions.db (long-lived chat history).
-*   - **state**  — state.json (per-machine UI bookkeeping: last provider,
-*     last model, last agent, settings).
-*   - **cache**  — persisted tool results, background-task logs,
-*     auto-update registry cache (regenerable, safe to wipe).
-*
-* Historically all four collapsed to `~/.zidane/`. This module adds
-* XDG-Base-Directory-aware defaults so a Linux user with no existing
-* `~/.zidane/` lands in the conventional `~/.config/zidane/`,
-* `~/.local/share/zidane/`, `~/.local/state/zidane/`, `~/.cache/zidane/`
-* trio. Existing setups (anyone with a `~/.zidane/` directory or
-* `ZIDANE_STORAGE_DIR` set) keep the single-dir layout unchanged.
-*
-* Resolution flow — applied in this order:
-*
-*   1. Caller passed an explicit `storageDir` (`ChatOptions.storageDir`)
-*      OR `ZIDANE_STORAGE_DIR` is set → **legacy-explicit** single-dir
-*      layout under `<storageDir>/<prefix>`. The four slots collapse to
-*      the same directory.
-*   2. `~/<prefix>/` already exists on disk → **legacy-existing**
-*      single-dir layout under that directory. Upgrades never silently
-*      shift files around.
-*   3. Any `XDG_*_HOME` env var is set OR `process.platform === 'linux'`
-*      → **XDG split**. Each slot lands in its own dir. Per-slot
-*      `ZIDANE_{CONFIG,DATA,CACHE,STATE}_DIR` overrides beat the XDG
-*      vars for surgical tweaks.
-*   4. Otherwise (macOS/Windows, no XDG signal, no existing dir) →
-*      **default** single-dir layout at `~/<prefix>/`. Day-one behavior
-*      on these platforms is unchanged.
-*
-* The `userDir` legacy alias always equals `configDir` so existing code
-* that still references `paths.userDir` keeps reading credentials, mcps,
-* etc. from the right place.
-*/
-/**
-* Resolve the four storage slots according to the precedence above.
-*
-* Pure aside from one filesystem probe (`existsSync(home/<prefix>)`)
-* — the same probe `resolveStoragePaths` would do anyway when
-* computing `paths.userDir`. No directories are created here; the
-* relevant write paths (state store, credentials writer, persist
-* dir) handle their own lazy `mkdirSync` already.
-*/
-function resolveStorageDirs(opts = {}) {
-	const env = opts.env ?? process.env;
-	const home = opts.home ?? homedir();
-	const platform = opts.platform ?? process.platform;
-	const rawPrefix = opts.prefix ?? ".zidane";
-	const prefixBare = rawPrefix.replace(/^\./, "");
-	const explicitStorageDir = opts.storageDir ?? env.ZIDANE_STORAGE_DIR;
-	if (explicitStorageDir) return single(resolve(explicitStorageDir, rawPrefix), "legacy-explicit");
-	const legacyHomeDir = resolve(home, rawPrefix);
-	if (existsSync(legacyHomeDir)) return single(legacyHomeDir, "legacy-existing");
-	if (platform === "linux" || !!env.XDG_CONFIG_HOME || !!env.XDG_DATA_HOME || !!env.XDG_CACHE_HOME || !!env.XDG_STATE_HOME || !!env.ZIDANE_CONFIG_DIR || !!env.ZIDANE_DATA_DIR || !!env.ZIDANE_STATE_DIR || !!env.ZIDANE_CACHE_DIR) return {
-		configDir: env.ZIDANE_CONFIG_DIR ?? resolve(env.XDG_CONFIG_HOME || resolve(home, ".config"), prefixBare),
-		dataDir: env.ZIDANE_DATA_DIR ?? resolve(env.XDG_DATA_HOME || resolve(home, ".local", "share"), prefixBare),
-		stateDir: env.ZIDANE_STATE_DIR ?? resolve(env.XDG_STATE_HOME || resolve(home, ".local", "state"), prefixBare),
-		cacheDir: env.ZIDANE_CACHE_DIR ?? resolve(env.XDG_CACHE_HOME || resolve(home, ".cache"), prefixBare),
-		mode: "xdg"
-	};
-	return single(legacyHomeDir, "default");
-}
-function single(base, mode) {
-	return {
-		configDir: base,
-		dataDir: base,
-		stateDir: base,
-		cacheDir: base,
-		mode
-	};
-}
-//#endregion
 //#region src/chat/config.ts
 /**
 * Resolve user options into a fully-bound runtime config.
@@ -10378,6 +8970,6 @@ function computeTurnAnchors(items) {
 	};
 }
 //#endregion
-export { useMcpAuthDispatch as $, cerebrasDescriptor as $n, compactSummaryEvent as $t, runOAuthLogin as A, bootProfileEnabled as An, getArchivedTodosForRun as Ar, SettingsProvider as At, refreshMcpToolsCatalog as B, performSelfUpdate as Bn, DOING_TASKS_DOCTRINE as Br, CATPPUCCIN_FRAPPE as Bt, projectsFilePath as C, matchesBinding as Cn, singleAgentRegistry as Cr, shortChord as Ct, formatPathForCwd as D, stripJsonComments as Dn, TODO_STATUS_GLYPHS as Dr, SETTINGS_CATEGORIES as Dt, writeProjects as E, readKeybindings as En, TODOWRITE_TOOL as Er, DEFAULT_SETTINGS as Et, parseMcpsFile as F, compareSemver as Fn, selectActiveTodos as Fr, resolveChipColor as Ft, useMcpToolToggleSet as G, credentialsPath as Gn, PLAN_MODE_DOCTRINE_NO_PROMPTS as Gr, DiscoveryProvider as Gt, subscribeMcpToolsCache as H, chatAutoCompactBehavior as Hn, INTERACTION_GUIDANCE as Hr, CATPPUCCIN_MACCHIATO as Ht, projectUserPaths as I, detectLibc as In, setTodosForRun as Ir, resolveTheme as It, parentServerName as J, removeProviderCredential as Jn, buildBuildSystem as Jr, ConfigProvider as Jt, buildVisibleMcpRows as K, readCredentials as Kn, SUBAGENT_GUIDANCE as Kr, useDiscovery as Kt, clearMcpToolsCache as L, detectPackageManager as Ln, useActiveTodos as Lr, VAPORWAVE_THEME as Lt, buildMcpServers as M, buildUpdateHint as Mn, isTodoTool as Mr, useSettings as Mt, defaultMcpsConfigPaths as N, useUpdateCheck as Nn, pickActiveRunId as Nr, BUILTIN_THEMES as Nt, fetchOAuthRedirect as O, useCompletion as On, TODO_WRITE_COUNTS_METADATA_KEY as Or, SETTINGS_CHOICES as Ot, discoverProjectMcps as P, checkForUpdate as Pn, pruneTodosByRun as Pr, DEFAULT_THEME as Pt, McpAuthProvider as Q, anthropicDescriptor as Qn, resolveStorageDirs as Qt, loadMcpToolsCache as R, parseSemver as Rn, ACTIONS_WITH_CARE_DOCTRINE as Rr, GRUVBOX_DARK as Rt, matchesSafelistEntry as S, keybindingsPath as Sn, resolveAgentId as Sr, buildHints as St, suggestSafelistEntry as T, parseBindingSpec as Tn, TODOS_METADATA_KEY as Tr, useEnabledToggleSet as Tt, buildToolToggle as U, detectAuth as Un, INTERACTION_GUIDANCE_NO_PROMPTS as Ur, CATPPUCCIN_MOCHA as Ut, saveMcpToolsCache as V, resolvePlatformPackage as Vn, IDENTITY_PREFIX as Vr, CATPPUCCIN_LATTE as Vt, useMcpToolToggleMap as W, applyApiKeyEnv as Wn, PLAN_MODE_DOCTRINE as Wr, createDiscoverySlot as Wt, mcpCredentialsPath as X, writeCredentials as Xn, envSection as Xr, resolveConfig as Xt, createFileMcpCredentialStore as Y, setProviderCredential as Yn, buildPlanSystem as Yr, useConfig as Yt, patchMcpCredential as Z, BUILTIN_PROVIDERS as Zn, resolveStoragePaths as Zt, useSafeModeQueue as _, KEYBINDING_DEF_BY_ACTION as _n, DEFAULT_AGENT_ID as _r, clipHintsToWidth as _t, useSurfaces as a, loadState as an, modelOptionsFor as ar, ASK_USER_TOOL as at, getSafelist as b, formatBindingForDisplay as bn, PLAN_AGENT as br, cleanTitle as bt, useStreamBuffer as c, serverToolResultSummary as cn, openaiDescriptor as cr, buildResumedToolResultsTurn as ct, discoverProjectSkills as d, titleFromTurns as dn, restoreModelOptions as dr, makeRequestInteraction as dt, createStateStore as en, credKeyOf as er, useMcpAuthState as et, renderSession as f, toolCallPreview as fn, discoverAgentsMd as fr, pendingInteractionsFromTurns as ft, useSafeModeActions as g, KEYBINDING_DEFS as gn, BUILTIN_AGENTS as gr, EMPTY_HINTS as gt, SafeModeProvider as h, DEFAULT_KEYBINDINGS as hn, BUILD_AGENT as hr, useInteractionsQueue as ht, useSelectStyle as i, listSessionMeta as in, localDescriptor as ir, splitMarkdownCodeBlocks as it, supportsOAuth as j, bootTick as jn, getTodosForRun as jr, clampFps as jt, oauthUsesManualCodePaste as k, tryOpenBrowser as kn, createTodoTools as kr, SETTINGS_TOGGLES as kt, buildSkillsConfig as l, stripSpawnTokensLine as ln, openrouterDescriptor as lr, createInteractionTools as lt, writeSessionExport as m, updateToolEventOutcomes as mn, findGitRoot$1 as mr, useInteractionsActions as mt, ThemeProvider as n, eventsFromTurns as nn, getContextWindow as nr, reduceMcpAuth as nt, useSyntaxStyles as o, marginTopFor as on, modelSupportsReasoning as or, InteractionsProvider as ot, resolveSessionExportTarget as p, toolResultText as pn, renderAgentsMdBlock as pr, serializeInteractionResponse as pt, indexOfServerRow as q, readProviderCredential as qn, TOKEN_DISCIPLINE_DOCTRINE as qr, useDiscoveryOptional as qt, useColors as r, lastContextSizeFromTurns as rn, getModelInfo as rr, normalizeMarkdownCodeFences as rt, useTheme as s, saveState as sn, modelsForDescriptor as sr, PRESENT_PLAN_TOOL as st, computeTurnAnchors as t, deriveSessionTitle as tn, enabledModelOptions as tr, getMcpAuthStatus as tt, defaultSkillScanPaths as u, sumRunCosts as un, piIdOf as ur, isInteractionTool as ut, IMPLICITLY_SAFE_TOOLS as v, KEYBINDING_KEY_COL_WIDTH as vn, DEFAULT_BUDGET_EXCLUDE_TOOLS as vr, hintsLength as vt, readProjects as w, mergeKeybindings as wn, TODOREAD_TOOL as wr, listProjectFiles as wt, isOnSafelist as x, groupBindings as xn, accentColor as xr, generateSessionTitle as xt, addToSafelist as y, ensureKeybindingsFile as yn, DEFAULT_PERSIST_EXCLUDE_TOOLS as yr, truncateTrailing as yt, mcpToolsCachePath as z, performInPlaceSelfUpdate as zn, COMMUNICATION_DOCTRINE as zr, GRUVBOX_LIGHT as zt };
+export { useMcpAuthDispatch as $, resolveAgentId as $n, createStateStore as $t, runOAuthLogin as A, bootTick as An, SettingsProvider as At, refreshMcpToolsCatalog as B, resolvePlatformPackage as Bn, CATPPUCCIN_FRAPPE as Bt, projectsFilePath as C, mergeKeybindings as Cn, SUBAGENT_GUIDANCE as Cr, shortChord as Ct, formatPathForCwd as D, useCompletion as Dn, envSection as Dr, SETTINGS_CATEGORIES as Dt, writeProjects as E, stripJsonComments as En, buildPlanSystem as Er, DEFAULT_SETTINGS as Et, parseMcpsFile as F, detectLibc as Fn, resolveChipColor as Ft, useMcpToolToggleSet as G, findGitRoot$1 as Gn, DiscoveryProvider as Gt, subscribeMcpToolsCache as H, detectAuth as Hn, CATPPUCCIN_MACCHIATO as Ht, projectUserPaths as I, detectPackageManager as In, resolveTheme as It, parentServerName as J, DEFAULT_AGENT_ID as Jn, ConfigProvider as Jt, buildVisibleMcpRows as K, BUILD_AGENT as Kn, useDiscovery as Kt, clearMcpToolsCache as L, parseSemver as Ln, VAPORWAVE_THEME as Lt, buildMcpServers as M, useUpdateCheck as Mn, useSettings as Mt, defaultMcpsConfigPaths as N, checkForUpdate as Nn, BUILTIN_THEMES as Nt, fetchOAuthRedirect as O, tryOpenBrowser as On, SETTINGS_CHOICES as Ot, discoverProjectMcps as P, compareSemver as Pn, DEFAULT_THEME as Pt, McpAuthProvider as Q, accentColor as Qn, compactSummaryEvent as Qt, loadMcpToolsCache as R, performInPlaceSelfUpdate as Rn, GRUVBOX_DARK as Rt, matchesSafelistEntry as S, matchesBinding as Sn, PLAN_MODE_DOCTRINE_NO_PROMPTS as Sr, buildHints as St, suggestSafelistEntry as T, readKeybindings as Tn, buildBuildSystem as Tr, useEnabledToggleSet as Tt, buildToolToggle as U, discoverAgentsMd as Un, CATPPUCCIN_MOCHA as Ut, saveMcpToolsCache as V, chatAutoCompactBehavior as Vn, CATPPUCCIN_LATTE as Vt, useMcpToolToggleMap as W, renderAgentsMdBlock as Wn, createDiscoverySlot as Wt, mcpCredentialsPath as X, DEFAULT_PERSIST_EXCLUDE_TOOLS as Xn, resolveConfig as Xt, createFileMcpCredentialStore as Y, DEFAULT_BUDGET_EXCLUDE_TOOLS as Yn, useConfig as Yt, patchMcpCredential as Z, PLAN_AGENT as Zn, resolveStoragePaths as Zt, useSafeModeQueue as _, KEYBINDING_KEY_COL_WIDTH as _n, DOING_TASKS_DOCTRINE as _r, clipHintsToWidth as _t, useSurfaces as a, marginTopFor as an, TODO_WRITE_COUNTS_METADATA_KEY as ar, ASK_USER_TOOL as at, getSafelist as b, groupBindings as bn, INTERACTION_GUIDANCE_NO_PROMPTS as br, cleanTitle as bt, useStreamBuffer as c, stripSpawnTokensLine as cn, getTodosForRun as cr, buildResumedToolResultsTurn as ct, discoverProjectSkills as d, toolCallPreview as dn, pruneTodosByRun as dr, makeRequestInteraction as dt, deriveSessionTitle as en, singleAgentRegistry as er, useMcpAuthState as et, renderSession as f, toolResultText as fn, selectActiveTodos as fr, pendingInteractionsFromTurns as ft, useSafeModeActions as g, KEYBINDING_DEF_BY_ACTION as gn, COMMUNICATION_DOCTRINE as gr, EMPTY_HINTS as gt, SafeModeProvider as h, KEYBINDING_DEFS as hn, ACTIONS_WITH_CARE_DOCTRINE as hr, useInteractionsQueue as ht, useSelectStyle as i, loadState as in, TODO_STATUS_GLYPHS as ir, splitMarkdownCodeBlocks as it, supportsOAuth as j, buildUpdateHint as jn, clampFps as jt, oauthUsesManualCodePaste as k, bootProfileEnabled as kn, SETTINGS_TOGGLES as kt, buildSkillsConfig as l, sumRunCosts as ln, isTodoTool as lr, createInteractionTools as lt, writeSessionExport as m, DEFAULT_KEYBINDINGS as mn, useActiveTodos as mr, useInteractionsActions as mt, ThemeProvider as n, lastContextSizeFromTurns as nn, TODOS_METADATA_KEY as nr, reduceMcpAuth as nt, useSyntaxStyles as o, saveState as on, createTodoTools as or, InteractionsProvider as ot, resolveSessionExportTarget as p, updateToolEventOutcomes as pn, setTodosForRun as pr, serializeInteractionResponse as pt, indexOfServerRow as q, BUILTIN_AGENTS as qn, useDiscoveryOptional as qt, useColors as r, listSessionMeta as rn, TODOWRITE_TOOL as rr, normalizeMarkdownCodeFences as rt, useTheme as s, serverToolResultSummary as sn, getArchivedTodosForRun as sr, PRESENT_PLAN_TOOL as st, computeTurnAnchors as t, eventsFromTurns as tn, TODOREAD_TOOL as tr, getMcpAuthStatus as tt, defaultSkillScanPaths as u, titleFromTurns as un, pickActiveRunId as ur, isInteractionTool as ut, IMPLICITLY_SAFE_TOOLS as v, ensureKeybindingsFile as vn, IDENTITY_PREFIX as vr, hintsLength as vt, readProjects as w, parseBindingSpec as wn, TOKEN_DISCIPLINE_DOCTRINE as wr, listProjectFiles as wt, isOnSafelist as x, keybindingsPath as xn, PLAN_MODE_DOCTRINE as xr, generateSessionTitle as xt, addToSafelist as y, formatBindingForDisplay as yn, INTERACTION_GUIDANCE as yr, truncateTrailing as yt, mcpToolsCachePath as z, performSelfUpdate as zn, GRUVBOX_LIGHT as zt };
 
-//# sourceMappingURL=transcript-anchors-D4PwUMyO.js.map
+//# sourceMappingURL=transcript-anchors-Cq-8gx8u.js.map