@agntk/core 0.2.0 → 0.3.0

package/dist/tools/shell/background.js

@@ -7,17 +7,48 @@
 import { tool } from 'ai';
 import { z } from 'zod';
 import { spawn } from 'node:child_process';
-import { isDangerousCommand } from '../utils/shell.js';
+import { isDangerousCommand, buildSanitizedEnv } from '../utils/shell.js';
 import { MAX_COMMAND_LENGTH, MAX_CWD_LENGTH } from './constants.js';
 // ============================================================================
 // Session Store
 // ============================================================================
 const MAX_BUFFER = 1024 * 1024; // 1MB
 const ROLLING_BUFFER = 512 * 1024; // 512KB
+const MAX_SESSIONS = 20;
+const SESSION_TTL_MS = 2 * 60 * 60 * 1000; // 2 hours
 const backgroundSessions = new Map();
 function generateSessionId() {
     return `bg-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
 }
+/**
+ * Evict completed/stopped sessions when at capacity, or the oldest expired session.
+ * M-1: prevents the Map from growing indefinitely.
+ */
+function evictSessions() {
+    const now = Date.now();
+    // First, remove TTL-expired entries regardless of capacity
+    for (const [id, session] of backgroundSessions.entries()) {
+        if (now - session.startedAt > SESSION_TTL_MS) {
+            if (session.status === 'running') {
+                try {
+                    session.process.kill('SIGTERM');
+                }
+                catch { /* ignore */ }
+            }
+            backgroundSessions.delete(id);
+        }
+    }
+    // Then, if still over cap, evict oldest completed/stopped session
+    if (backgroundSessions.size >= MAX_SESSIONS) {
+        for (const [id, session] of backgroundSessions.entries()) {
+            if (session.status !== 'running') {
+                backgroundSessions.delete(id);
+                if (backgroundSessions.size < MAX_SESSIONS)
+                    break;
+            }
+        }
+    }
+}
 /** Get all sessions (for testing). */
 export function getBackgroundSessions() {
     return backgroundSessions;
@@ -38,11 +69,22 @@ export function clearBackgroundSessions() {
 // Background Process Lifecycle
 // ============================================================================
 function startBackgroundProcess(command, options = {}) {
+    // Evict old sessions before adding a new one (M-1)
+    evictSessions();
     const sessionId = generateSessionId();
-    const { cwd = process.cwd(), env } = options;
+    const { cwd = process.cwd() } = options;
+    // S-12: filter user-supplied env — strip secrets and disallow PATH/LD_PRELOAD overrides
+    const filteredExtra = {};
+    if (options.env) {
+        for (const [k, v] of Object.entries(options.env)) {
+            if (k === 'LD_PRELOAD' || k === 'LD_LIBRARY_PATH')
+                continue; // block dangerous overrides
+            filteredExtra[k] = v;
+        }
+    }
     const proc = spawn('bash', ['-c', command], {
         cwd,
-        env: { ...process.env, ...env, TERM: 'dumb' },
+        env: { ...buildSanitizedEnv(filteredExtra), TERM: 'dumb' },
         detached: true,
         stdio: ['ignore', 'pipe', 'pipe'],
     });

package/dist/tools/shell/background.js.map

@@ -1 +1 @@
-{"version":3,"file":"background.js","sourceRoot":"","sources":["../../../src/tools/shell/background.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,IAAI,CAAC;AAC1B,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,KAAK,EAAqB,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAkBjE,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E,MAAM,UAAU,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,MAAM;AACtC,MAAM,cAAc,GAAG,GAAG,GAAG,IAAI,CAAC,CAAC,QAAQ;AAE3C,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAA6B,CAAC;AAEhE,SAAS,iBAAiB;IACxB,OAAO,MAAM,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AACtE,CAAC;AAED,sCAAsC;AACtC,MAAM,UAAU,qBAAqB;IACnC,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED,wCAAwC;AACxC,MAAM,UAAU,uBAAuB;IACrC,KAAK,MAAM,OAAO,IAAI,kBAAkB,CAAC,MAAM,EAAE,EAAE,CAAC;QAClD,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACjC,IAAI,CAAC;gBAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAAC,CAAC;YAAC,OAAO,EAAW,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC;QAC/E,CAAC;IACH,CAAC;IACD,kBAAkB,CAAC,KAAK,EAAE,CAAC;AAC7B,CAAC;AAED,+EAA+E;AAC/E,+BAA+B;AAC/B,+EAA+E;AAE/E,SAAS,sBAAsB,CAC7B,OAAe,EACf,UAA0D,EAAE;IAE5D,MAAM,SAAS,GAAG,iBAAiB,EAAE,CAAC;IACtC,MAAM,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAE7C,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE;QAC1C,GAAG;QACH,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE;QAC7C,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;KAClC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAsB;QACjC,EAAE,EAAE,SAAS;QACb,OAAO;QACP,OAAO,EAAE,IAAI;QACb,MAAM,EAAE,EAAE;QACV,MAAM,EAAE,EAAE;QACV,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,MAAM,EAAE,SAAS;QACjB,GAAG;KACJ,CAAC;IAEF,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;QACvC,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClC,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;YACvC,OAAO,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,cAAc,CAAC,CAAC;QACzD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;QACvC,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClC,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;YACvC,OAAO,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,cAAc,CAAC,CAAC;QACzD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;QACxB,OAAO,CAAC,MAAM,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;QACrD,OAAO,CAAC,QAAQ,GAAG,IAAI,IAAI,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;QACpB,OAAO,CAAC,MAAM,GAAG,QAAQ,CAAC;QAC1B,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,kBAAkB,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC3C,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,+EAA+E;AAC/E,eAAe;AACf,+EAA+E;AAE/E,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,sBAAsB,CAAC;IACjG,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qCAAqC,CAAC;IACtG,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,8CAA8C,CAAC;IACzF,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,+BAA+B,CAAC;IACxF,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;CACnF,CAAC,CAAC;AAEH;;;;;;;GAOG;AACH,MAAM,UAAU,oBAAoB;IAClC,OAAO,IAAI,CAAC;QACV,WAAW,EAAE;;;;;;;;;;;;;;;;;;;;0BAoBS;QACtB,WAAW,EAAE,qBAAqB;QAClC,OAAO,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE;YAC7D,QAAQ,SAAS,EAAE,CAAC;gBAClB,KAAK,OAAO,CAAC,CAAC,CAAC;oBACb,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAC,CAAC;oBAC9F,CAAC;oBACD,IAAI,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;wBAChC,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,4BAA4B,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;oBAChG,CAAC;oBAED,MAAM,OAAO,GAAG,sBAAsB,CAAC,OAAO,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;oBAC9D,OAAO,IAAI,CAAC,SAAS,CAAC;wBACpB,OAAO,EAAE,IAAI;wBACb,SAAS,EAAE,OAAO,CAAC,EAAE;wBACrB,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;wBAC9B,MAAM,EAAE,SAAS;wBACjB,OAAO,EAAE,8DAA8D;qBACxE,CAAC,CAAC;gBACL,CAAC;gBAED,KAAK,QAAQ,CAAC,CAAC,CAAC;oBACd,IAAI,CAAC,SAAS,EAAE,CAAC;wBACf,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,6CAA6C,EAAE,CAAC,CAAC;oBAClG,CAAC;oBACD,MAAM,OAAO,GAAG,kBAAkB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;oBAClD,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,SAAS,EAAE,EAAE,CAAC,CAAC;oBACtF,CAAC;oBACD,OAAO,IAAI,CAAC,SAAS,CAAC;wBACpB,OAAO,EAAE,IAAI;wBACb,SAAS,EAAE,OAAO,CAAC,EAAE;wBACrB,MAAM,EAAE,OAAO,CAAC,MAAM;wBACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;wBAC1B,UAAU,EAAE,OAAO,CAAC,MAAM,KAAK,SAAS;4BACtC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,GAAG,GAAG;4BAC3D,CAAC,CAAC,SAAS;wBACb,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;qBACvC,CAAC,CAAC;gBACL,CAAC;gBAED,KAAK,QAAQ,CAAC,CAAC,CAAC;oBACd,IAAI,CAAC,SAAS,EAAE,CAAC;wBACf,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,6CAA6C,EAAE,CAAC,CAAC;oBAClG,CAAC;oBACD,MAAM,OAAO,GAAG,kBAAkB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;oBAClD,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,SAAS,EAAE,EAAE,CAAC,CAAC;oBACtF,CAAC;oBACD,OAAO,IAAI,CAAC,SAAS,CAAC;wBACpB,OAAO,EAAE,IAAI;wBACb,SAAS,EAAE,OAAO,CAAC,EAAE;wBACrB,MAAM,EAAE,OAAO,CAAC,MAAM;wBACtB,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC;wBACpC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC;wBACnC,QAAQ,EAAE,OAAO,CAAC,QAAQ;qBAC3B,CAAC,CAAC;gBACL,CAAC;gBAED,KAAK,MAAM,CAAC,CAAC,CAAC;oBACZ,IAAI,CAAC,SAAS,EAAE,CAAC;wBACf,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,2CAA2C,EAAE,CAAC,CAAC;oBAChG,CAAC;oBACD,MAAM,OAAO,GAAG,kBAAkB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;oBAClD,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,SAAS,EAAE,EAAE,CAAC,CAAC;oBACtF,CAAC;oBACD,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;wBACjC,OAAO,IAAI,CAAC,SAAS,CAAC;4BACpB,OAAO,EAAE,IAAI;4BACb,OAAO,EAAE,mBAAmB,OAAO,CAAC,MAAM,EAAE;4BAC5C,QAAQ,EAAE,OAAO,CAAC,QAAQ;yBAC3B,CAAC,CAAC;oBACL,CAAC;oBACD,IAAI,CAAC;wBACH,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;wBAChC,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;wBAC3B,UAAU,CAAC,GAAG,EAAE;4BACd,IAAI,CAAC;gCACH,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;oCACjC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gCAClC,CAAC;4BACH,CAAC;4BAAC,OAAO,EAAW,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC;wBACxC,CAAC,EAAE,IAAI,CAAC,CAAC;wBACT,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,oBAAoB,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC;oBACjG,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACf,OAAO,IAAI,CAAC,SAAS,CAAC;4BACpB,OAAO,EAAE,KAAK;4BACd,KAAK,EAAE,2BAA2B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;yBAC3F,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBAED,KAAK,MAAM,CAAC,CAAC,CAAC;oBACZ,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;wBACnE,SAAS,EAAE,CAAC,CAAC,EAAE;wBACf,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;wBAC/B,MAAM,EAAE,CAAC,CAAC,MAAM;wBAChB,SAAS,EAAE,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;wBAC9C,QAAQ,EAAE,CAAC,CAAC,QAAQ;qBACrB,CAAC,CAAC,CAAC;oBACJ,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;gBAC7E,CAAC;gBAED;oBACE,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,SAAS,EAAE,EAAE,CAAC,CAAC;YACxF,CAAC;QACH,CAAC;KACF,CAAC,CAAC;AACL,CAAC"}
+{"version":3,"file":"background.js","sourceRoot":"","sources":["../../../src/tools/shell/background.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,IAAI,CAAC;AAC1B,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,KAAK,EAAqB,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACvE,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAkBjE,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E,MAAM,UAAU,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,MAAM;AACtC,MAAM,cAAc,GAAG,GAAG,GAAG,IAAI,CAAC,CAAC,QAAQ;AAC3C,MAAM,YAAY,GAAG,EAAE,CAAC;AACxB,MAAM,cAAc,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,UAAU;AAErD,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAA6B,CAAC;AAEhE,SAAS,iBAAiB;IACxB,OAAO,MAAM,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AACtE,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa;IACpB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEvB,2DAA2D;IAC3D,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,kBAAkB,CAAC,OAAO,EAAE,EAAE,CAAC;QACzD,IAAI,GAAG,GAAG,OAAO,CAAC,SAAS,GAAG,cAAc,EAAE,CAAC;YAC7C,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBACjC,IAAI,CAAC;oBAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YACjE,CAAC;YACD,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,IAAI,kBAAkB,CAAC,IAAI,IAAI,YAAY,EAAE,CAAC;QAC5C,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,kBAAkB,CAAC,OAAO,EAAE,EAAE,CAAC;YACzD,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBACjC,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBAC9B,IAAI,kBAAkB,CAAC,IAAI,GAAG,YAAY;oBAAE,MAAM;YACpD,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,sCAAsC;AACtC,MAAM,UAAU,qBAAqB;IACnC,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED,wCAAwC;AACxC,MAAM,UAAU,uBAAuB;IACrC,KAAK,MAAM,OAAO,IAAI,kBAAkB,CAAC,MAAM,EAAE,EAAE,CAAC;QAClD,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACjC,IAAI,CAAC;gBAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAAC,CAAC;YAAC,OAAO,EAAW,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC;QAC/E,CAAC;IACH,CAAC;IACD,kBAAkB,CAAC,KAAK,EAAE,CAAC;AAC7B,CAAC;AAED,+EAA+E;AAC/E,+BAA+B;AAC/B,+EAA+E;AAE/E,SAAS,sBAAsB,CAC7B,OAAe,EACf,UAA0D,EAAE;IAE5D,mDAAmD;IACnD,aAAa,EAAE,CAAC;IAEhB,MAAM,SAAS,GAAG,iBAAiB,EAAE,CAAC;IACtC,MAAM,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC;IAExC,wFAAwF;IACxF,MAAM,aAAa,GAA2B,EAAE,CAAC;IACjD,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACjD,IAAI,CAAC,KAAK,YAAY,IAAI,CAAC,KAAK,iBAAiB;gBAAE,SAAS,CAAC,4BAA4B;YACzF,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE;QAC1C,GAAG;QACH,GAAG,EAAE,EAAE,GAAG,iBAAiB,CAAC,aAAa,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE;QAC1D,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;KAClC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAsB;QACjC,EAAE,EAAE,SAAS;QACb,OAAO;QACP,OAAO,EAAE,IAAI;QACb,MAAM,EAAE,EAAE;QACV,MAAM,EAAE,EAAE;QACV,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,MAAM,EAAE,SAAS;QACjB,GAAG;KACJ,CAAC;IAEF,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;QACvC,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClC,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;YACvC,OAAO,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,cAAc,CAAC,CAAC;QACzD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;QACvC,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClC,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;YACvC,OAAO,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,cAAc,CAAC,CAAC;QACzD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;QACxB,OAAO,CAAC,MAAM,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;QACrD,OAAO,CAAC,QAAQ,GAAG,IAAI,IAAI,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;QACpB,OAAO,CAAC,MAAM,GAAG,QAAQ,CAAC;QAC1B,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,kBAAkB,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC3C,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,+EAA+E;AAC/E,eAAe;AACf,+EAA+E;AAE/E,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,sBAAsB,CAAC;IACjG,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qCAAqC,CAAC;IACtG,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,8CAA8C,CAAC;IACzF,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,+BAA+B,CAAC;IACxF,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;CACnF,CAAC,CAAC;AAEH;;;;;;;GAOG;AACH,MAAM,UAAU,oBAAoB;IAClC,OAAO,IAAI,CAAC;QACV,WAAW,EAAE;;;;;;;;;;;;;;;;;;;;0BAoBS;QACtB,WAAW,EAAE,qBAAqB;QAClC,OAAO,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE;YAC7D,QAAQ,SAAS,EAAE,CAAC;gBAClB,KAAK,OAAO,CAAC,CAAC,CAAC;oBACb,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAC,CAAC;oBAC9F,CAAC;oBACD,IAAI,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;wBAChC,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,4BAA4B,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;oBAChG,CAAC;oBAED,MAAM,OAAO,GAAG,sBAAsB,CAAC,OAAO,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;oBAC9D,OAAO,IAAI,CAAC,SAAS,CAAC;wBACpB,OAAO,EAAE,IAAI;wBACb,SAAS,EAAE,OAAO,CAAC,EAAE;wBACrB,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;wBAC9B,MAAM,EAAE,SAAS;wBACjB,OAAO,EAAE,8DAA8D;qBACxE,CAAC,CAAC;gBACL,CAAC;gBAED,KAAK,QAAQ,CAAC,CAAC,CAAC;oBACd,IAAI,CAAC,SAAS,EAAE,CAAC;wBACf,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,6CAA6C,EAAE,CAAC,CAAC;oBAClG,CAAC;oBACD,MAAM,OAAO,GAAG,kBAAkB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;oBAClD,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,SAAS,EAAE,EAAE,CAAC,CAAC;oBACtF,CAAC;oBACD,OAAO,IAAI,CAAC,SAAS,CAAC;wBACpB,OAAO,EAAE,IAAI;wBACb,SAAS,EAAE,OAAO,CAAC,EAAE;wBACrB,MAAM,EAAE,OAAO,CAAC,MAAM;wBACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;wBAC1B,UAAU,EAAE,OAAO,CAAC,MAAM,KAAK,SAAS;4BACtC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,GAAG,GAAG;4BAC3D,CAAC,CAAC,SAAS;wBACb,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;qBACvC,CAAC,CAAC;gBACL,CAAC;gBAED,KAAK,QAAQ,CAAC,CAAC,CAAC;oBACd,IAAI,CAAC,SAAS,EAAE,CAAC;wBACf,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,6CAA6C,EAAE,CAAC,CAAC;oBAClG,CAAC;oBACD,MAAM,OAAO,GAAG,kBAAkB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;oBAClD,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,SAAS,EAAE,EAAE,CAAC,CAAC;oBACtF,CAAC;oBACD,OAAO,IAAI,CAAC,SAAS,CAAC;wBACpB,OAAO,EAAE,IAAI;wBACb,SAAS,EAAE,OAAO,CAAC,EAAE;wBACrB,MAAM,EAAE,OAAO,CAAC,MAAM;wBACtB,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC;wBACpC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC;wBACnC,QAAQ,EAAE,OAAO,CAAC,QAAQ;qBAC3B,CAAC,CAAC;gBACL,CAAC;gBAED,KAAK,MAAM,CAAC,CAAC,CAAC;oBACZ,IAAI,CAAC,SAAS,EAAE,CAAC;wBACf,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,2CAA2C,EAAE,CAAC,CAAC;oBAChG,CAAC;oBACD,MAAM,OAAO,GAAG,kBAAkB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;oBAClD,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,SAAS,EAAE,EAAE,CAAC,CAAC;oBACtF,CAAC;oBACD,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;wBACjC,OAAO,IAAI,CAAC,SAAS,CAAC;4BACpB,OAAO,EAAE,IAAI;4BACb,OAAO,EAAE,mBAAmB,OAAO,CAAC,MAAM,EAAE;4BAC5C,QAAQ,EAAE,OAAO,CAAC,QAAQ;yBAC3B,CAAC,CAAC;oBACL,CAAC;oBACD,IAAI,CAAC;wBACH,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;wBAChC,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;wBAC3B,UAAU,CAAC,GAAG,EAAE;4BACd,IAAI,CAAC;gCACH,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;oCACjC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gCAClC,CAAC;4BACH,CAAC;4BAAC,OAAO,EAAW,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC;wBACxC,CAAC,EAAE,IAAI,CAAC,CAAC;wBACT,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,oBAAoB,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC;oBACjG,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACf,OAAO,IAAI,CAAC,SAAS,CAAC;4BACpB,OAAO,EAAE,KAAK;4BACd,KAAK,EAAE,2BAA2B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;yBAC3F,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBAED,KAAK,MAAM,CAAC,CAAC,CAAC;oBACZ,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;wBACnE,SAAS,EAAE,CAAC,CAAC,EAAE;wBACf,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;wBAC/B,MAAM,EAAE,CAAC,CAAC,MAAM;wBAChB,SAAS,EAAE,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;wBAC9C,QAAQ,EAAE,CAAC,CAAC,QAAQ;qBACrB,CAAC,CAAC,CAAC;oBACJ,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;gBAC7E,CAAC;gBAED;oBACE,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,SAAS,EAAE,EAAE,CAAC,CAAC;YACxF,CAAC;QACH,CAAC;KACF,CAAC,CAAC;AACL,CAAC"}

package/dist/tools/shell/tools.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../../../src/tools/shell/tools.ts"],"names":[],"mappings":"AAUA,wBAAgB,eAAe,CAAC,aAAa,EAAE,MAAM;;;;;;WAwEpD;AAED,eAAO,MAAM,SAAS;;;;;;UAAiC,CAAC;AAGxD,eAAO,MAAM,mBAAmB;;;;;;UAAqB,CAAC"}
+{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../../../src/tools/shell/tools.ts"],"names":[],"mappings":"AAUA,wBAAgB,eAAe,CAAC,aAAa,EAAE,MAAM;;;;;;WA8EpD;AAED,eAAO,MAAM,SAAS;;;;;;UAAiC,CAAC;AAGxD,eAAO,MAAM,mBAAmB;;;;;;UAAqB,CAAC"}

package/dist/tools/shell/tools.js

@@ -1,5 +1,5 @@
 import { tool } from 'ai';
-import { executeCommand, isDangerousCommand } from '../utils/shell.js';
+import { executeCommand, isDangerousCommand, validateCwd } from '../utils/shell.js';
 import { success, error } from '../utils/tool-result.js';
 import { ToolError, ToolErrorType } from '../utils/errors.js';
 import { SHELL_DESCRIPTION, DEFAULT_TIMEOUT } from './constants.js';
@@ -23,7 +23,14 @@ export function createShellTool(workspaceRoot) {
             if (allow && !isCommandAllowed(command)) {
                 addToAllowlist(command);
             }
-            const effectiveCwd = cwd ?? workspaceRoot;
+            // S-13: Validate cwd is within workspace root
+            let effectiveCwd;
+            try {
+                effectiveCwd = cwd ? validateCwd(cwd, workspaceRoot) : workspaceRoot;
+            }
+            catch (err) {
+                return error(err instanceof Error ? err.message : 'Invalid working directory');
+            }
             const result = await executeCommand(command, {
                 cwd: effectiveCwd,
                 timeout,

package/dist/tools/shell/tools.js.map

@@ -1 +1 @@
-{"version":3,"file":"tools.js","sourceRoot":"","sources":["../../../src/tools/shell/tools.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,IAAI,CAAC;AAE1B,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAE3D,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACjE,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAC3C,OAAO,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAEjF,MAAM,UAAU,eAAe,CAAC,aAAqB;IACnD,OAAO,IAAI,CAAC;QACV,WAAW,EAAE,iBAAiB;QAC9B,WAAW,EAAE,gBAAgB;QAC7B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;YACvB,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,GAAG,eAAe,EAAE,KAAK,GAAG,KAAK,EAAE,MAAM,GAAG,KAAK,EAAE,GAAG,KAAK,CAAC;YAEzF,IAAI,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChC,MAAM,IAAI,SAAS,CACjB,8EAA8E,EAC9E,aAAa,CAAC,eAAe,EAC7B,EAAE,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,QAAQ,EAAE,8BAA8B,EAAE,CAC7E,CAAC;YACJ,CAAC;YAED,IAAI,oBAAoB,CAAC,OAAO,CAAC,EAAE,CAAC;gBAClC,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBACjD,OAAO,KAAK,CAAC,wBAAwB,SAAS,iBAAiB,EAAE;oBAC/D,UAAU,EAAE,2EAA2E;iBACxF,CAAC,CAAC;YACL,CAAC;YAED,IAAI,KAAK,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAAE,CAAC;gBACxC,cAAc,CAAC,OAAO,CAAC,CAAC;YAC1B,CAAC;YAED,MAAM,YAAY,GAAG,GAAG,IAAI,aAAa,CAAC;YAE1C,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE;gBAC3C,GAAG,EAAE,YAAY;gBACjB,OAAO;gBACP,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,GAAG,IAAI;aACnD,CAAC,CAAC;YAEH,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBACjB,OAAO,KAAK,CAAC,MAAM,CAAC,KAAK,EAAE;oBACzB,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBAC9B,GAAG,EAAE,YAAY;iBAClB,CAAC,CAAC;YACL,CAAC;YAED,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAClB,OAAO,KAAK,CAAC,mBAAmB,EAAE;oBAChC,OAAO;oBACP,UAAU,EAAE,MAAM,CAAC,UAAU;oBAC7B,aAAa,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBAC1C,aAAa,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBAC1C,IAAI,EAAE,oFAAoF;iBAC3F,CAAC,CAAC;YACL,CAAC;YAED,MAAM,MAAM,GAAG;gBACb,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC;aAC1C,CAAC;YAEF,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;gBAC1B,OAAO,OAAO,CAAC;oBACb,GAAG,MAAM;oBACT,MAAM,EAAE,QAAQ;oBAChB,IAAI,EAAE,yEAAyE;iBAChF,CAAC,CAAC;YACL,CAAC;YAED,OAAO,OAAO,CAAC;gBACb,GAAG,MAAM;gBACT,MAAM,EAAE,SAAS;aAClB,CAAC,CAAC;QACL,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,MAAM,SAAS,GAAG,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;AAExD,2EAA2E;AAC3E,MAAM,CAAC,MAAM,mBAAmB,GAAG,SAAS,CAAC,OAAQ,CAAC"}
+{"version":3,"file":"tools.js","sourceRoot":"","sources":["../../../src/tools/shell/tools.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,IAAI,CAAC;AAE1B,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AACjF,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAE3D,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACjE,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAC3C,OAAO,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAEjF,MAAM,UAAU,eAAe,CAAC,aAAqB;IACnD,OAAO,IAAI,CAAC;QACV,WAAW,EAAE,iBAAiB;QAC9B,WAAW,EAAE,gBAAgB;QAC7B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;YACvB,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,GAAG,eAAe,EAAE,KAAK,GAAG,KAAK,EAAE,MAAM,GAAG,KAAK,EAAE,GAAG,KAAK,CAAC;YAEzF,IAAI,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChC,MAAM,IAAI,SAAS,CACjB,8EAA8E,EAC9E,aAAa,CAAC,eAAe,EAC7B,EAAE,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,QAAQ,EAAE,8BAA8B,EAAE,CAC7E,CAAC;YACJ,CAAC;YAED,IAAI,oBAAoB,CAAC,OAAO,CAAC,EAAE,CAAC;gBAClC,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBACjD,OAAO,KAAK,CAAC,wBAAwB,SAAS,iBAAiB,EAAE;oBAC/D,UAAU,EAAE,2EAA2E;iBACxF,CAAC,CAAC;YACL,CAAC;YAED,IAAI,KAAK,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAAE,CAAC;gBACxC,cAAc,CAAC,OAAO,CAAC,CAAC;YAC1B,CAAC;YAED,8CAA8C;YAC9C,IAAI,YAAoB,CAAC;YACzB,IAAI,CAAC;gBACH,YAAY,GAAG,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC;YACvE,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC;YACjF,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE;gBAC3C,GAAG,EAAE,YAAY;gBACjB,OAAO;gBACP,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,GAAG,IAAI;aACnD,CAAC,CAAC;YAEH,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBACjB,OAAO,KAAK,CAAC,MAAM,CAAC,KAAK,EAAE;oBACzB,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBAC9B,GAAG,EAAE,YAAY;iBAClB,CAAC,CAAC;YACL,CAAC;YAED,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAClB,OAAO,KAAK,CAAC,mBAAmB,EAAE;oBAChC,OAAO;oBACP,UAAU,EAAE,MAAM,CAAC,UAAU;oBAC7B,aAAa,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBAC1C,aAAa,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBAC1C,IAAI,EAAE,oFAAoF;iBAC3F,CAAC,CAAC;YACL,CAAC;YAED,MAAM,MAAM,GAAG;gBACb,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC;aAC1C,CAAC;YAEF,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;gBAC1B,OAAO,OAAO,CAAC;oBACb,GAAG,MAAM;oBACT,MAAM,EAAE,QAAQ;oBAChB,IAAI,EAAE,yEAAyE;iBAChF,CAAC,CAAC;YACL,CAAC;YAED,OAAO,OAAO,CAAC;gBACb,GAAG,MAAM;gBACT,MAAM,EAAE,SAAS;aAClB,CAAC,CAAC;QACL,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,MAAM,SAAS,GAAG,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;AAExD,2EAA2E;AAC3E,MAAM,CAAC,MAAM,mBAAmB,GAAG,SAAS,CAAC,OAAQ,CAAC"}

package/dist/tools/utils/shell.d.ts

@@ -1,4 +1,18 @@
 export declare function isDangerousCommand(command: string): boolean;
+/**
+ * Ensure the requested cwd is within workspaceRoot (or is workspaceRoot itself).
+ * Returns the resolved cwd, or throws if the path escapes the workspace.
+ */
+export declare function validateCwd(cwd: string, workspaceRoot: string): string;
+/**
+ * Build a sanitized copy of process.env suitable for child processes.
+ * Strips all credential-like keys; always preserves PATH, HOME, USER, TERM, LANG, etc.
+ */
+export declare function buildSanitizedEnv(extra?: Record<string, string>): Record<string, string>;
+/**
+ * Redact API keys and secrets from command output before returning to the LLM.
+ */
+export declare function sanitizeOutput(output: string): string;
 export interface ShellOptions {
     cwd?: string;
     timeout?: number;

package/dist/tools/utils/shell.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"shell.d.ts","sourceRoot":"","sources":["../../../src/tools/utils/shell.ts"],"names":[],"mappings":"AAeA,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAE3D;AAED,MAAM,WAAW,YAAY;IAC3B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,wBAAsB,cAAc,CAClC,OAAO,EAAE,MAAM,EACf,OAAO,GAAE,YAAiB,GACzB,OAAO,CAAC,WAAW,CAAC,CA2EtB;AAED,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,MAAM,EACf,OAAO,GAAE,YAAiB,GACzB,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAC,CAuBD"}
+{"version":3,"file":"shell.d.ts","sourceRoot":"","sources":["../../../src/tools/utils/shell.ts"],"names":[],"mappings":"AA4FA,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAE3D;AAMD;;;GAGG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,MAAM,CAYtE;AA6BD;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,KAAK,GAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAM,GACjC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAmBxB;AAgBD;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAMrD;AAED,MAAM,WAAW,YAAY;IAC3B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,wBAAsB,cAAc,CAClC,OAAO,EAAE,MAAM,EACf,OAAO,GAAE,YAAiB,GACzB,OAAO,CAAC,WAAW,CAAC,CA2EtB;AAED,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,MAAM,EACf,OAAO,GAAE,YAAiB,GACzB,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAC,CAuBD"}

package/dist/tools/utils/shell.js

@@ -1,19 +1,178 @@
 import { spawn } from 'node:child_process';
+import * as path from 'node:path';
+import * as fs from 'node:fs';
+// ============================================================================
+// Dangerous Command Detection (S-1, S-2, S-3, S-4, S-5, S-6)
+// ============================================================================
+/**
+ * Patterns that are unconditionally blocked.
+ *
+ * Covers:
+ *  S-1: rm with any target (not just absolute paths)
+ *  S-2: Nested interpreter invocation (bash -c, python -c, node -e, etc.)
+ *  S-3: Destructive git operations
+ *  S-4: Fork bomb (multiple forms)
+ *  S-5: chmod with dangerous modes (666, setuid, world-writable)
+ *  S-6: Pipe-to-shell / download-and-execute bypass
+ */
 const DANGEROUS_PATTERNS = [
-    /rm\s+(-rf?|--recursive)?\s*[\/~]/i,
-    />\s*\/dev\/sd[a-z]/i,
-    /mkfs\./i,
-    /dd\s+if=/i,
-    /:(){ :|:& };:/,
-    /\b(sudo|su)\b/i,
+    // S-1: rm -r/-rf targeting dangerous targets.
+    //
+    // Dangerous targets: bare `.` (current dir), `..` (parent), `*` (glob all),
+    //   `/` (root), `~` (home), `$(...)` or `${...}` or `` ` `` (command sub)
+    // Safe targets:  `./dist`, `./node_modules`, `./build`, etc. (explicit relative path)
+    //
+    // Strategy: after flags, match a target that is NOT `.` followed by `/`.
+    // `(?!\.[/\w])` means: NOT `.` followed by slash or word char — i.e. not `./dist`.
+    // We then explicitly enumerate dangerous patterns.
+    /\brm\s+(-[^\s]*r[^\s]*\s+|--recursive\s+)((?<!\.)\.\.(?![^\s])|(?<=\s)\.(?=[\s$])|(?<=\s)\.(?=\s|$)|\*|\/|~|\$[({`])/i,
+    // Simpler, more readable alternative that splits into two patterns:
+    // Pattern A: rm -r targeting .. or * or / or ~ or command sub
+    /\brm\s+-[^\s]*r[^\s]*\s+(\*|\/|~|\$[({]|`|\.\.(\s|$|\/))/i,
+    // Pattern B: rm -r targeting bare . (not followed by / or word char meaning ./dist)
+    /\brm\s+-[^\s]*r[^\s]*\s+\.(?![\w\/])/i,
+    // Pattern C: rm without -r but with -f targeting absolute or dangerous paths
+    /\brm\s+-[^\s]*f[^\s]*\s+(\*|~|\$[({]|`|\.\.(\s|$|\/)|\/(?!tmp|var\/tmp))/i,
+    // S-2: Nested interpreter invocation
+    /\b(bash|sh|zsh|dash|ksh|fish|tcsh)\s+(-[ce]|--[a-z]+\s)/i,
+    /\b(python3?|python3\.[0-9]+|pypy3?)\s+-[cC]/i,
+    /\b(node|nodejs|deno|bun)\s+-[eE]/i,
+    /\b(perl|ruby|php|lua|Rscript|groovy)\s+-[e]/i,
+    // S-3: Destructive git operations
+    /\bgit\s+(push\s+[^\n]*--?force|push\s+-f\b)/i,
+    /\bgit\s+reset\s+--hard/i,
+    /\bgit\s+clean\s+-[fdxXqn]*[fF][fdxXqn]*/i,
+    /\bgit\s+rebase\s+(-i|--interactive)/i,
+    // S-4: Fork bomb — colon function form and nohup infinite loop, but NOT normal while loops
+    /:\(\s*\)\s*\{/,
+    /:\s*\(\s*\)\s*\{.*:\s*\|\s*:/,
+    // S-5: chmod dangerous modes (setuid, setgid, world-write, 666, 777)
+    // Allows: 644, 755, 600, 700, u+x, go-w etc.
+    // Blocks: 666, 777, 4xxx (setuid), 2xxx (setgid), +s, o+w, a+w, u+s, g+s
+    /\bchmod\s+(-R\s+)?(666|777|4[0-9]{3}|2[0-9]{3}|\+s|o\+w|a\+w|u\+s|g\+s)/i,
+    // S-6: Pipe-to-shell and download-execute bypasses
+    /\b(curl|wget)\b.*\|\s*(bash|sh|zsh|dash|python3?|node)/i,
+    /\b(curl|wget)\b.*>\s*\S+.*&&\s*(bash|sh|chmod)/i,
+    // Disk/device destruction
+    />\s*\/dev\/(sd[a-z]|nvme[0-9]|hd[a-z]|vd[a-z])/i,
+    /\bmkfs\./i,
+    /\bdd\s+if=/i,
+    // Privilege escalation
+    /\b(sudo|su)\s/i,
     /\b(shutdown|reboot|halt|poweroff)\b/i,
-    /\b(curl|wget)\b.*\|\s*(bash|sh|zsh)\b/i,
-    /\beval\b/i,
-    /\bchmod\s+(-R\s+)?(777|755)\b/i, // Basic check for dangerous permissions
+    // Shell eval builtin — `eval <string>` or `eval "..."`, not English words like 'evaluate'
+    /\beval\s*["'`(]/i,
+    /^eval\s/,
+    /;\s*eval\s/,
+    /&&\s*eval\s/,
+    /\|\s*eval\s/,
+    // MITRE T1027.010: Decode-then-execute bypass patterns
+    // base64 -d / --decode / openssl base64 decode → piped to shell
+    /\b(base64\s+-d|base64\s+--decode|openssl\s+enc\s+-d)\b.*\|\s*(bash|sh|zsh|dash|node|python3?)/i,
+    // xxd hex-decode → piped to shell
+    /\b(xxd\s+-r|xxd\s+--reverse)\b.*\|\s*(bash|sh|zsh|dash|node|python3?)/i,
+    // gzip decompress → piped to shell
+    /\bgzip\s+(-d|--decompress)\b.*\|\s*(bash|sh|zsh|dash)/i,
+    // printf with hex escapes → piped to shell
+    /\bprintf\b.*\\x[0-9a-fA-F]{2}.*\|\s*(bash|sh|zsh|dash)/i,
+    // ANSI-C quoting with octal escapes: $'\173\40...' | sh
+    /\$'\\[0-7]{3,}'.*\|\s*(bash|sh|zsh|dash)/i,
 ];
 export function isDangerousCommand(command) {
     return DANGEROUS_PATTERNS.some((pattern) => pattern.test(command));
 }
+// ============================================================================
+// CWD Validation (S-13)
+// ============================================================================
+/**
+ * Ensure the requested cwd is within workspaceRoot (or is workspaceRoot itself).
+ * Returns the resolved cwd, or throws if the path escapes the workspace.
+ */
+export function validateCwd(cwd, workspaceRoot) {
+    const resolvedCwd = path.resolve(cwd);
+    let realWorkspace;
+    try {
+        realWorkspace = fs.realpathSync(path.resolve(workspaceRoot));
+    }
+    catch {
+        realWorkspace = path.resolve(workspaceRoot);
+    }
+    if (!resolvedCwd.startsWith(realWorkspace + path.sep) && resolvedCwd !== realWorkspace) {
+        throw new Error(`cwd "${cwd}" is outside workspace root`);
+    }
+    return resolvedCwd;
+}
+// ============================================================================
+// Env Var Filtering (A-3)
+// ============================================================================
+/** Key patterns that indicate credentials — stripped from child process env. */
+const SENSITIVE_ENV_PATTERNS = [
+    /API[_-]?KEY/i,
+    /SECRET/i,
+    /TOKEN(?!_DIR|_PATH)/i,
+    /PASSWORD/i,
+    /PASSWD/i,
+    /CREDENTIAL/i,
+    /OPENAI_/i,
+    /ANTHROPIC_/i,
+    /LANGFUSE_/i,
+    /AWS_(?!REGION|DEFAULT_REGION|EXECUTION_ENV)/i,
+    /GOOGLE_(API|CLOUD|APPLICATION)/i,
+    /GITHUB_TOKEN/i,
+    /SLACK_(BOT|APP|SIGNING)/i,
+    /STRIPE_/i,
+    /TWILIO_/i,
+    /SENDGRID_/i,
+    /DATABASE_URL/i,
+    /MONGO(DB)?_URI/i,
+    /REDIS_URL/i,
+];
+/**
+ * Build a sanitized copy of process.env suitable for child processes.
+ * Strips all credential-like keys; always preserves PATH, HOME, USER, TERM, LANG, etc.
+ */
+export function buildSanitizedEnv(extra = {}) {
+    const safe = {};
+    for (const [key, value] of Object.entries(process.env)) {
+        if (value === undefined)
+            continue;
+        if (SENSITIVE_ENV_PATTERNS.some((p) => p.test(key)))
+            continue;
+        safe[key] = value;
+    }
+    // Merge caller-supplied extras, but also filter those
+    for (const [key, value] of Object.entries(extra)) {
+        if (SENSITIVE_ENV_PATTERNS.some((p) => p.test(key)))
+            continue;
+        safe[key] = value;
+    }
+    // Always ensure PATH is present
+    if (process.env.PATH)
+        safe.PATH = process.env.PATH;
+    return safe;
+}
+// ============================================================================
+// Output Sanitization (A-1)
+// ============================================================================
+const SENSITIVE_OUTPUT_PATTERNS = [
+    [/\bsk-[a-zA-Z0-9]{16,}\b/g, '[OPENAI_KEY REDACTED]'],
+    [/\bsk-ant-[a-zA-Z0-9\-]{20,}\b/g, '[ANTHROPIC_KEY REDACTED]'],
+    [/\bghp_[a-zA-Z0-9]{36}\b/g, '[GITHUB_TOKEN REDACTED]'],
+    [/\bxoxb-[a-zA-Z0-9\-]+\b/g, '[SLACK_TOKEN REDACTED]'],
+    [/Bearer\s+[a-zA-Z0-9._\-]{20,}/g, '[BEARER_TOKEN REDACTED]'],
+    // Generic: KEY=value and SECRET=value patterns on a line
+    [/(?:api[_\-]?key|secret|token|password|api_secret)\s*[=:]\s*[^\s'"]{8,}/gi, '[SECRET REDACTED]'],
+];
+/**
+ * Redact API keys and secrets from command output before returning to the LLM.
+ */
+export function sanitizeOutput(output) {
+    let sanitized = output;
+    for (const [pattern, replacement] of SENSITIVE_OUTPUT_PATTERNS) {
+        sanitized = sanitized.replace(pattern, replacement);
+    }
+    return sanitized;
+}
 export async function executeCommand(command, options = {}) {
     const { cwd = process.cwd(), timeout = 30000, maxBuffer = 1024 * 1024, env, } = options;
     const startTime = performance.now();
@@ -23,7 +182,7 @@ export async function executeCommand(command, options = {}) {
         let killed = false;
         const proc = spawn('bash', ['-c', command], {
             cwd,
-            env: { ...process.env, ...env, TERM: 'dumb' },
+            env: { ...buildSanitizedEnv(env), TERM: 'dumb' },
         });
         const timer = setTimeout(() => {
             killed = true;
@@ -55,8 +214,8 @@ export async function executeCommand(command, options = {}) {
         proc.on('close', (code) => {
             clearTimeout(timer);
             resolve({
-                stdout: stdout.trim(),
-                stderr: stderr.trim(),
+                stdout: sanitizeOutput(stdout.trim()),
+                stderr: sanitizeOutput(stderr.trim()),
                 exitCode: code ?? 1,
                 killed,
                 durationMs: performance.now() - startTime,

package/dist/tools/utils/shell.js.map

@@ -1 +1 @@
-{"version":3,"file":"shell.js","sourceRoot":"","sources":["../../../src/tools/utils/shell.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAE3C,MAAM,kBAAkB,GAAG;IACzB,mCAAmC;IACnC,qBAAqB;IACrB,SAAS;IACT,WAAW;IACX,eAAe;IACf,gBAAgB;IAChB,sCAAsC;IACtC,wCAAwC;IACxC,WAAW;IACX,gCAAgC,EAAE,wCAAwC;CAC3E,CAAC;AAEF,MAAM,UAAU,kBAAkB,CAAC,OAAe;IAChD,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;AACrE,CAAC;AAkBD,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAe,EACf,UAAwB,EAAE;IAE1B,MAAM,EACJ,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,EACnB,OAAO,GAAG,KAAK,EACf,SAAS,GAAG,IAAI,GAAG,IAAI,EACvB,GAAG,GACJ,GAAG,OAAO,CAAC;IAEZ,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAEpC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,KAAK,CAAC;QAEnB,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE;YAC1C,GAAG;YACH,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE;SAC9C,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,MAAM,GAAG,IAAI,CAAC;YACd,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAErB,UAAU,CAAC,GAAG,EAAE;gBACd,IAAI,CAAC;oBACH,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACvB,CAAC;gBAAC,OAAO,EAAW,EAAE,CAAC;gBACvB,CAAC;YACH,CAAC,EAAE,IAAI,CAAC,CAAC;QACX,CAAC,EAAE,OAAO,CAAC,CAAC;QAEZ,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC9B,IAAI,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;gBAC9C,MAAM,IAAI,KAAK,CAAC;YAClB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC9B,IAAI,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;gBAC9C,MAAM,IAAI,KAAK,CAAC;YAClB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;QAC7B,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;QAC7B,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,OAAO,CAAC;gBACN,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE;gBACrB,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE;gBACrB,QAAQ,EAAE,IAAI,IAAI,CAAC;gBACnB,MAAM;gBACN,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS;aAC1C,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACvB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,OAAO,CAAC;gBACN,MAAM,EAAE,EAAE;gBACV,MAAM,EAAE,EAAE;gBACV,QAAQ,EAAE,CAAC;gBACX,MAAM,EAAE,KAAK;gBACb,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS;gBACzC,KAAK,EAAE,GAAG,CAAC,OAAO;aACnB,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,OAAe,EACf,UAAwB,EAAE;IAO1B,IAAI,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;QAChC,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,4BAA4B;YACnC,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAEtD,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,MAAM;SACP,CAAC;IACJ,CAAC;IAED,OAAO;QACL,OAAO,EAAE,MAAM,CAAC,QAAQ,KAAK,CAAC;QAC9B,MAAM;KACP,CAAC;AACJ,CAAC"}
+{"version":3,"file":"shell.js","sourceRoot":"","sources":["../../../src/tools/utils/shell.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAE9B,+EAA+E;AAC/E,6DAA6D;AAC7D,+EAA+E;AAE/E;;;;;;;;;;GAUG;AACH,MAAM,kBAAkB,GAAG;IACzB,8CAA8C;IAC9C,EAAE;IACF,4EAA4E;IAC5E,0EAA0E;IAC1E,sFAAsF;IACtF,EAAE;IACF,yEAAyE;IACzE,mFAAmF;IACnF,mDAAmD;IACnD,uHAAuH;IACvH,oEAAoE;IACpE,8DAA8D;IAC9D,2DAA2D;IAC3D,oFAAoF;IACpF,uCAAuC;IACvC,6EAA6E;IAC7E,2EAA2E;IAE3E,qCAAqC;IACrC,0DAA0D;IAC1D,8CAA8C;IAC9C,mCAAmC;IACnC,8CAA8C;IAE9C,kCAAkC;IAClC,8CAA8C;IAC9C,yBAAyB;IACzB,0CAA0C;IAC1C,sCAAsC;IAEtC,2FAA2F;IAC3F,eAAe;IACf,8BAA8B;IAE9B,qEAAqE;IACrE,6CAA6C;IAC7C,yEAAyE;IACzE,0EAA0E;IAE1E,mDAAmD;IACnD,yDAAyD;IACzD,iDAAiD;IAEjD,0BAA0B;IAC1B,iDAAiD;IACjD,WAAW;IACX,aAAa;IAEb,uBAAuB;IACvB,gBAAgB;IAChB,sCAAsC;IAEtC,0FAA0F;IAC1F,kBAAkB;IAClB,SAAS;IACT,YAAY;IACZ,aAAa;IACb,aAAa;IAEb,uDAAuD;IACvD,gEAAgE;IAChE,gGAAgG;IAChG,kCAAkC;IAClC,wEAAwE;IACxE,mCAAmC;IACnC,wDAAwD;IACxD,2CAA2C;IAC3C,yDAAyD;IACzD,wDAAwD;IACxD,2CAA2C;CAC5C,CAAC;AAEF,MAAM,UAAU,kBAAkB,CAAC,OAAe;IAChD,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;AACrE,CAAC;AAED,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW,EAAE,aAAqB;IAC5D,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,aAAqB,CAAC;IAC1B,IAAI,CAAC;QACH,aAAa,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,WAAW,KAAK,aAAa,EAAE,CAAC;QACvF,MAAM,IAAI,KAAK,CAAC,QAAQ,GAAG,6BAA6B,CAAC,CAAC;IAC5D,CAAC;IACD,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,+EAA+E;AAC/E,0BAA0B;AAC1B,+EAA+E;AAE/E,gFAAgF;AAChF,MAAM,sBAAsB,GAAG;IAC7B,cAAc;IACd,SAAS;IACT,sBAAsB;IACtB,WAAW;IACX,SAAS;IACT,aAAa;IACb,UAAU;IACV,aAAa;IACb,YAAY;IACZ,8CAA8C;IAC9C,iCAAiC;IACjC,eAAe;IACf,0BAA0B;IAC1B,UAAU;IACV,UAAU;IACV,YAAY;IACZ,eAAe;IACf,iBAAiB;IACjB,YAAY;CACb,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAC/B,QAAgC,EAAE;IAElC,MAAM,IAAI,GAA2B,EAAE,CAAC;IAExC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvD,IAAI,KAAK,KAAK,SAAS;YAAE,SAAS;QAClC,IAAI,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAAE,SAAS;QAC9D,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACpB,CAAC;IAED,sDAAsD;IACtD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACjD,IAAI,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAAE,SAAS;QAC9D,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACpB,CAAC;IAED,gCAAgC;IAChC,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI;QAAE,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;IAEnD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,+EAA+E;AAC/E,4BAA4B;AAC5B,+EAA+E;AAE/E,MAAM,yBAAyB,GAA4B;IACzD,CAAC,0BAA0B,EAAE,uBAAuB,CAAC;IACrD,CAAC,gCAAgC,EAAE,0BAA0B,CAAC;IAC9D,CAAC,0BAA0B,EAAE,yBAAyB,CAAC;IACvD,CAAC,0BAA0B,EAAE,wBAAwB,CAAC;IACtD,CAAC,gCAAgC,EAAE,yBAAyB,CAAC;IAC7D,yDAAyD;IACzD,CAAC,0EAA0E,EAAE,mBAAmB,CAAC;CAClG,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,MAAc;IAC3C,IAAI,SAAS,GAAG,MAAM,CAAC;IACvB,KAAK,MAAM,CAAC,OAAO,EAAE,WAAW,CAAC,IAAI,yBAAyB,EAAE,CAAC;QAC/D,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAkBD,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAe,EACf,UAAwB,EAAE;IAE1B,MAAM,EACJ,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,EACnB,OAAO,GAAG,KAAK,EACf,SAAS,GAAG,IAAI,GAAG,IAAI,EACvB,GAAG,GACJ,GAAG,OAAO,CAAC;IAEZ,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAEpC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,KAAK,CAAC;QAEnB,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE;YAC1C,GAAG;YACH,GAAG,EAAE,EAAE,GAAG,iBAAiB,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE;SACjD,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,MAAM,GAAG,IAAI,CAAC;YACd,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAErB,UAAU,CAAC,GAAG,EAAE;gBACd,IAAI,CAAC;oBACH,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACvB,CAAC;gBAAC,OAAO,EAAW,EAAE,CAAC;gBACvB,CAAC;YACH,CAAC,EAAE,IAAI,CAAC,CAAC;QACX,CAAC,EAAE,OAAO,CAAC,CAAC;QAEZ,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC9B,IAAI,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;gBAC9C,MAAM,IAAI,KAAK,CAAC;YAClB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC9B,IAAI,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;gBAC9C,MAAM,IAAI,KAAK,CAAC;YAClB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;QAC7B,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;QAC7B,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,OAAO,CAAC;gBACN,MAAM,EAAE,cAAc,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBACrC,MAAM,EAAE,cAAc,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBACrC,QAAQ,EAAE,IAAI,IAAI,CAAC;gBACnB,MAAM;gBACN,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS;aAC1C,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACvB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,OAAO,CAAC;gBACN,MAAM,EAAE,EAAE;gBACV,MAAM,EAAE,EAAE;gBACV,QAAQ,EAAE,CAAC;gBACX,MAAM,EAAE,KAAK;gBACb,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS;gBACzC,KAAK,EAAE,GAAG,CAAC,OAAO;aACnB,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,OAAe,EACf,UAAwB,EAAE;IAO1B,IAAI,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;QAChC,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,4BAA4B;YACnC,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAEtD,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,MAAM;SACP,CAAC;IACJ,CAAC;IAED,OAAO;QACL,OAAO,EAAE,MAAM,CAAC,QAAQ,KAAK,CAAC;QAC9B,MAAM;KACP,CAAC;AACJ,CAAC"}

package/dist/types/agent.d.ts

@@ -6,6 +6,7 @@
  */
 import type { LanguageModel, LanguageModelUsage, Tool } from 'ai';
 import type { UsageLimits } from '../usage-limits.js';
+import type { ApprovalConfig } from '../tools/approval.js';
 /**
  * Configuration for creating an agent.
  *
@@ -48,6 +49,15 @@ export interface AgentOptions {
      * Useful for testing with mock tools or adding custom capabilities.
      */
     tools?: Record<string, Tool>;
+    /**
+     * Enable human-in-the-loop approval for dangerous tools.
+     *
+     * - `true` — use defaults (shell, browser, file_write, file_edit, file_create require approval)
+     * - `ApprovalConfig` — full control over which tools require approval, timeout behaviour, etc.
+     *
+     * @default false (no approval required)
+     */
+    approval?: boolean | ApprovalConfig;
 }
 /**
  * An agent instance. Stream-only — no generate().

package/dist/types/agent.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"agent.d.ts","sourceRoot":"","sources":["../../src/types/agent.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,kBAAkB,EAAE,IAAI,EAAE,MAAM,IAAI,CAAC;AAClE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAMnD;;;;;GAKG;AACH,MAAM,WAAW,YAAY;IAC3B;;;;OAIG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAIvB;;;;OAIG;IACH,KAAK,CAAC,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAC;IAE1B;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;CAC9B;AAMD;;GAEG;AACH,MAAM,WAAW,KAAK;IACpB,wBAAwB;IACxB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB,wFAAwF;IACxF,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtB;;;OAGG;IACH,MAAM,CAAC,KAAK,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAE9D,+EAA+E;IAC/E,eAAe,IAAI,MAAM,CAAC;IAE1B,8DAA8D;IAC9D,YAAY,IAAI,MAAM,EAAE,CAAC;CAC1B;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,oFAAoF;IACpF,UAAU,EAAE,aAAa,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAAC,CAAC;IACnF,2DAA2D;IAC3D,IAAI,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;IAC1B,iDAAiD;IACjD,KAAK,EAAE,WAAW,CAAC,kBAAkB,CAAC,CAAC;CACxC"}
+{"version":3,"file":"agent.d.ts","sourceRoot":"","sources":["../../src/types/agent.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,kBAAkB,EAAE,IAAI,EAAE,MAAM,IAAI,CAAC;AAClE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAMxD;;;;;GAKG;AACH,MAAM,WAAW,YAAY;IAC3B;;;;OAIG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAIvB;;;;OAIG;IACH,KAAK,CAAC,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAC;IAE1B;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAE7B;;;;;;;OAOG;IACH,QAAQ,CAAC,EAAE,OAAO,GAAG,cAAc,CAAC;CACrC;AAMD;;GAEG;AACH,MAAM,WAAW,KAAK;IACpB,wBAAwB;IACxB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB,wFAAwF;IACxF,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtB;;;OAGG;IACH,MAAM,CAAC,KAAK,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAE9D,+EAA+E;IAC/E,eAAe,IAAI,MAAM,CAAC;IAE1B,8DAA8D;IAC9D,YAAY,IAAI,MAAM,EAAE,CAAC;CAC1B;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,oFAAoF;IACpF,UAAU,EAAE,aAAa,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAAC,CAAC;IACnF,2DAA2D;IAC3D,IAAI,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;IAC1B,iDAAiD;IACjD,KAAK,EAAE,WAAW,CAAC,kBAAkB,CAAC,CAAC;CACxC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agntk/core",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "type": "module",
   "description": "Opinionated agent SDK extending AI SDK's ToolLoopAgent",
   "main": "./dist/index.js",

package/dist/tools/factory.d.ts

@@ -1,109 +0,0 @@
-/**
- * @agntk/core - Tool Factory
- *
- * Factory pattern for creating tool sets with dependency injection.
- * Adapted from packages/core/src/tools/factory.ts
- */
-import type { Tool } from 'ai';
-/**
- * Dependencies that can be injected into tool creators.
- */
-export interface ToolDependencies {
-    /** Workspace root directory for file operations */
-    workspaceRoot?: string;
-    /** Directories the agent is allowed to access */
-    allowedDirectories?: string[];
-    /** Optional UI stream writer for transient data */
-    streamWriter?: unknown;
-    /** Optional memory store instance */
-    memoryStore?: unknown;
-    /** Custom context data */
-    context?: Record<string, unknown>;
-}
-/**
- * A set of tools keyed by name.
- */
-export type ToolSet = Record<string, Tool>;
-/**
- * Function that creates a set of tools given dependencies.
- */
-export type ToolCreator = (deps: ToolDependencies) => ToolSet;
-/**
- * Factory for registering and creating tools with dependency injection.
- *
- * @example
- * ```typescript
- * const factory = new ToolFactory();
- *
- * factory.register('search', (deps) => ({
- *   glob: createGlobTool({ defaultCwd: deps.workspaceRoot }),
- *   grep: createGrepTool({ defaultCwd: deps.workspaceRoot }),
- * }));
- *
- * const tools = factory.createAll({ workspaceRoot: '/my/project' });
- * ```
- */
-export declare class ToolFactory {
-    private factories;
-    private creationErrors;
-    /**
-     * Register a tool creator function.
-     */
-    register(name: string, creator: ToolCreator): void;
-    /**
-     * Unregister a tool creator.
-     */
-    unregister(name: string): boolean;
-    /**
-     * Check if a tool creator is registered.
-     */
-    has(name: string): boolean;
-    /**
-     * Get all registered tool creator names.
-     */
-    getRegisteredNames(): string[];
-    /**
-     * Create tools from a single registered creator.
-     */
-    create(name: string, deps: ToolDependencies): ToolSet | null;
-    /**
-     * Create all registered tools.
-     */
-    createAll(deps: ToolDependencies): ToolSet;
-    /**
-     * Create selected tools by name.
-     */
-    createSelected(names: string[], deps: ToolDependencies): ToolSet;
-    /**
-     * Get errors from the last creation operation.
-     */
-    getLastErrors(): Array<{
-        name: string;
-        error: string;
-    }>;
-    /**
-     * Clear all registered factories.
-     */
-    clear(): void;
-}
-/**
- * Default tool factory instance for convenience.
- */
-export declare const defaultToolFactory: ToolFactory;
-/**
- * Merge multiple tool sets into one.
- */
-export declare function mergeToolSets(...toolSets: ToolSet[]): ToolSet;
-/**
- * Filter a tool set to only include specified tools.
- */
-export declare function filterTools(tools: ToolSet, include: string[]): ToolSet;
-/**
- * Exclude specified tools from a tool set.
- */
-export declare function excludeTools(tools: ToolSet, exclude: string[]): ToolSet;
-/**
- * Get tool names from a tool set.
- */
-export declare function getToolNames(tools: ToolSet): string[];
-//# sourceMappingURL=factory.d.ts.map

package/dist/tools/factory.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../../src/tools/factory.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,IAAI,CAAC;AAM/B;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,mDAAmD;IACnD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,iDAAiD;IACjD,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC9B,mDAAmD;IACnD,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,qCAAqC;IACrC,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,0BAA0B;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;AAE3C;;GAEG;AACH,MAAM,MAAM,WAAW,GAAG,CAAC,IAAI,EAAE,gBAAgB,KAAK,OAAO,CAAC;AAM9D;;;;;;;;;;;;;;GAcG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,SAAS,CAAkC;IACnD,OAAO,CAAC,cAAc,CAA8C;IAEpE;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,GAAG,IAAI;IAIlD;;OAEG;IACH,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAIjC;;OAEG;IACH,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAI1B;;OAEG;IACH,kBAAkB,IAAI,MAAM,EAAE;IAI9B;;OAEG;IACH,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,gBAAgB,GAAG,OAAO,GAAG,IAAI;IAgB5D;;OAEG;IACH,SAAS,CAAC,IAAI,EAAE,gBAAgB,GAAG,OAAO;IAoB1C;;OAEG;IACH,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,gBAAgB,GAAG,OAAO;IAuBhE;;OAEG;IACH,aAAa,IAAI,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAIvD;;OAEG;IACH,KAAK,IAAI,IAAI;CAId;AAMD;;GAEG;AACH,eAAO,MAAM,kBAAkB,aAAoB,CAAC;AAMpD;;GAEG;AACH,wBAAgB,aAAa,CAAC,GAAG,QAAQ,EAAE,OAAO,EAAE,GAAG,OAAO,CAE7D;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAKtE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAKvE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,EAAE,CAErD"}