@anna-ai/cli 0.1.0

package/dist/fixture-BGjMtqWA.js

@@ -0,0 +1,278 @@
+import { resolve } from "node:path";
+import kleur from "kleur";
+import { readFile } from "node:fs/promises";
+
+//#region src/fixture/parse.ts
+const KNOWN_KINDS = new Set([
+	"meta",
+	"auth.refresh",
+	"event",
+	"req",
+	"res"
+]);
+async function parseFixtureFile(path) {
+	const raw = await readFile(path, "utf8");
+	return parseFixtureText(raw);
+}
+function parseFixtureText(text) {
+	const out = {
+		lines: [],
+		errors: []
+	};
+	const rows = text.split("\n");
+	rows.forEach((row, idx) => {
+		const lineNo = idx + 1;
+		const trimmed = row.trim();
+		if (!trimmed) return;
+		let parsed;
+		try {
+			parsed = JSON.parse(trimmed);
+		} catch (e) {
+			out.errors.push({
+				line: lineNo,
+				message: `not valid JSON: ${e.message}`
+			});
+			return;
+		}
+		if (typeof parsed !== "object" || parsed === null) {
+			out.errors.push({
+				line: lineNo,
+				message: "expected JSON object"
+			});
+			return;
+		}
+		const obj = parsed;
+		const kind = obj.kind;
+		if (!kind || !KNOWN_KINDS.has(kind)) {
+			out.errors.push({
+				line: lineNo,
+				message: `unknown kind: ${kind ?? "(missing)"}`
+			});
+			return;
+		}
+		if (typeof obj.t !== "number" || !Number.isFinite(obj.t)) {
+			out.errors.push({
+				line: lineNo,
+				message: "missing or non-numeric 't'"
+			});
+			return;
+		}
+		out.lines.push(obj);
+	});
+	return out;
+}
+function verifyFixture(parsed) {
+	const errs = [...parsed.errors];
+	let lastT = -Infinity;
+	parsed.lines.forEach((ln, idx) => {
+		if (ln.t < lastT) errs.push({
+			line: idx + 1,
+			message: `non-monotonic t (${ln.t} < ${lastT})`
+		});
+		lastT = ln.t;
+	});
+	if (parsed.lines.length > 0 && parsed.lines[0].kind !== "meta") errs.push({
+		line: 1,
+		message: "first line should be a 'meta' record"
+	});
+	const seenIds = new Set();
+	parsed.lines.forEach((ln, idx) => {
+		const lineNo = idx + 1;
+		switch (ln.kind) {
+			case "auth.refresh":
+				if (typeof ln.token !== "string" || !ln.token) errs.push({
+					line: lineNo,
+					message: "auth.refresh missing token"
+				});
+				break;
+			case "event":
+				if (typeof ln.event !== "string" || !ln.event) errs.push({
+					line: lineNo,
+					message: "event missing 'event' name"
+				});
+				break;
+			case "req":
+				if (ln.ns == null || ln.method == null || ln.id == null) errs.push({
+					line: lineNo,
+					message: "req missing ns/method/id"
+				});
+				else {
+					const k = `${ln.id}`;
+					if (seenIds.has(k)) errs.push({
+						line: lineNo,
+						message: `duplicate req id: ${k}`
+					});
+					seenIds.add(k);
+				}
+				break;
+			case "res":
+				if (ln.id == null || typeof ln.ok !== "boolean") errs.push({
+					line: lineNo,
+					message: "res missing id/ok"
+				});
+				break;
+			case "meta": break;
+		}
+	});
+	const reqIds = new Set(parsed.lines.filter((l) => l.kind === "req").map((l) => `${l.id}`));
+	for (const ln of parsed.lines) if (ln.kind === "res" && !reqIds.has(`${ln.id}`)) errs.push({
+		line: 0,
+		message: `res with id=${ln.id} has no matching req`
+	});
+	return errs;
+}
+function summarizeFixture(parsed) {
+	const meta = parsed.lines.find((l) => l.kind === "meta") ?? null;
+	const events_by_name = {};
+	const reqs_by_method = {};
+	let reqs_total = 0;
+	let res_total = 0;
+	let res_errors = 0;
+	let auth_refresh_count = 0;
+	const reqIds = new Map();
+	const respondedIds = new Set();
+	let lastT = 0;
+	for (const ln of parsed.lines) {
+		if (ln.t > lastT) lastT = ln.t;
+		switch (ln.kind) {
+			case "event":
+				events_by_name[ln.event] = (events_by_name[ln.event] ?? 0) + 1;
+				break;
+			case "req": {
+				reqs_total += 1;
+				const key = `${ln.ns}.${ln.method}`;
+				reqs_by_method[key] = (reqs_by_method[key] ?? 0) + 1;
+				reqIds.set(`${ln.id}`, ln);
+				break;
+			}
+			case "res":
+				res_total += 1;
+				if (!ln.ok) res_errors += 1;
+				respondedIds.add(`${ln.id}`);
+				break;
+			case "auth.refresh":
+				auth_refresh_count += 1;
+				break;
+			case "meta": break;
+		}
+	}
+	const unmatched_req_ids = [];
+	for (const [id, req] of reqIds) if (!respondedIds.has(id)) unmatched_req_ids.push(req.id);
+	return {
+		duration_ms: lastT,
+		total_lines: parsed.lines.length,
+		meta,
+		events_by_name,
+		reqs_by_method,
+		reqs_total,
+		res_total,
+		res_errors,
+		auth_refresh_count,
+		unmatched_req_ids
+	};
+}
+
+//#endregion
+//#region src/commands/fixture.ts
+async function runFixtureVerify(opts) {
+	const path = resolve(opts.file);
+	const parsed = await parseFixtureFile(path);
+	const errors = verifyFixture(parsed);
+	if (opts.json) process.stdout.write(`${JSON.stringify({
+		ok: errors.length === 0,
+		errors,
+		lines: parsed.lines.length
+	}, null, 2)}\n`);
+	else if (errors.length === 0) process.stdout.write(`${kleur.green("✓")} ${path} — ${parsed.lines.length} records, no errors\n`);
+	else {
+		process.stdout.write(`${kleur.red("✗")} ${path} — ${errors.length} error(s):\n`);
+		for (const e of errors) {
+			const loc = e.line > 0 ? `:${e.line}` : "";
+			process.stdout.write(`  ${kleur.red("•")} ${path}${loc}  ${e.message}\n`);
+		}
+	}
+	return errors.length === 0 ? 0 : 1;
+}
+async function runFixtureSummarize(opts) {
+	const path = resolve(opts.file);
+	const parsed = await parseFixtureFile(path);
+	const sum = summarizeFixture(parsed);
+	if (opts.json) {
+		process.stdout.write(`${JSON.stringify(sum, null, 2)}\n`);
+		return 0;
+	}
+	const out = [];
+	out.push(kleur.bold(`Fixture: ${path}`));
+	out.push(`  records:        ${sum.total_lines}`);
+	out.push(`  duration:       ${(sum.duration_ms / 1e3).toFixed(2)}s`);
+	if (sum.meta) out.push(`  recorded by:    harness ${sum.meta.harness_version ?? "?"}  session=${sum.meta.session_id ?? "?"}`);
+	out.push(`  requests:       ${sum.reqs_total}  (responses: ${sum.res_total}, errors: ${sum.res_errors})`);
+	out.push(`  events:         ${Object.values(sum.events_by_name).reduce((a, b) => a + b, 0)}`);
+	out.push(`  auth refresh:   ${sum.auth_refresh_count}`);
+	if (sum.unmatched_req_ids.length) out.push(`  ${kleur.yellow("⚠ unmatched req ids")}: ${sum.unmatched_req_ids.slice(0, 8).join(", ")}${sum.unmatched_req_ids.length > 8 ? " …" : ""}`);
+	if (sum.reqs_total > 0) {
+		out.push("  by ns.method:");
+		for (const [k, v] of Object.entries(sum.reqs_by_method).sort((a, b) => b[1] - a[1])) out.push(`    ${v.toString().padStart(4)}  ${k}`);
+	}
+	if (Object.keys(sum.events_by_name).length > 0) {
+		out.push("  events:");
+		for (const [k, v] of Object.entries(sum.events_by_name).sort((a, b) => b[1] - a[1])) out.push(`    ${v.toString().padStart(4)}  ${k}`);
+	}
+	process.stdout.write(`${out.join("\n")}\n`);
+	return 0;
+}
+async function runFixtureReplay(opts) {
+	const path = resolve(opts.file);
+	const parsed = await parseFixtureFile(path);
+	const errors = verifyFixture(parsed);
+	if (errors.length > 0) {
+		process.stdout.write(`${kleur.red("✗")} fixture has ${errors.length} verification error(s); fix before replay\n`);
+		return 1;
+	}
+	const manifest = opts.manifest ? await readManifest(opts.manifest) : null;
+	process.stdout.write(`${kleur.bold("replay plan")} ${path}` + (manifest ? `  (manifest: ${opts.manifest})` : "  (no manifest)") + "\n");
+	let i = 0;
+	for (const ln of parsed.lines) {
+		i += 1;
+		const tag = i.toString().padStart(4);
+		const ts = `+${(ln.t / 1e3).toFixed(3)}s`.padStart(9);
+		switch (ln.kind) {
+			case "event": {
+				const ev = ln;
+				process.stdout.write(`  ${tag}  ${ts}  ${kleur.cyan("→ event")}      ${ev.event}\n`);
+				break;
+			}
+			case "req": {
+				const r = ln;
+				process.stdout.write(`  ${tag}  ${ts}  ${kleur.yellow("← req  ")}     ${r.ns}.${r.method}  id=${r.id}\n`);
+				break;
+			}
+			case "res": {
+				const r = ln;
+				const tone = r.ok ? kleur.green : kleur.red;
+				process.stdout.write(`  ${tag}  ${ts}  ${tone("→ res  ")}     id=${r.id}  ok=${r.ok}\n`);
+				break;
+			}
+			case "auth.refresh":
+				process.stdout.write(`  ${tag}  ${ts}  ${kleur.magenta("→ auth ")}     refresh\n`);
+				break;
+			case "meta":
+				process.stdout.write(`  ${tag}  ${ts}  ${kleur.gray("· meta ")}     start\n`);
+				break;
+		}
+	}
+	process.stdout.write("\n" + kleur.gray("live replay against `anna-app dev` harness is tracked as a Phase 6 follow-up; this MVP performs structural replay only.") + "\n");
+	return 0;
+}
+async function readManifest(path) {
+	try {
+		const raw = await readFile(resolve(path), "utf8");
+		return JSON.parse(raw);
+	} catch (e) {
+		process.stderr.write(`failed to read manifest at ${path}: ${e.message}\n`);
+		return null;
+	}
+}
+
+//#endregion
+export { runFixtureReplay, runFixtureSummarize, runFixtureVerify };

package/dist/server-B6-Qdluv.js

@@ -0,0 +1,255 @@
+import { createReadStream, statSync, watch } from "node:fs";
+import { dirname, join, normalize, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+import { readFile } from "node:fs/promises";
+import { createServer } from "node:http";
+import { WebSocketServer } from "ws";
+
+//#region src/harness/server.ts
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+const MIME = {
+	".html": "text/html; charset=utf-8",
+	".js": "application/javascript; charset=utf-8",
+	".mjs": "application/javascript; charset=utf-8",
+	".css": "text/css; charset=utf-8",
+	".json": "application/json; charset=utf-8",
+	".svg": "image/svg+xml",
+	".png": "image/png",
+	".jpg": "image/jpeg",
+	".jpeg": "image/jpeg",
+	".gif": "image/gif",
+	".woff": "font/woff",
+	".woff2": "font/woff2",
+	".map": "application/json"
+};
+var HarnessServer = class {
+	server = createServer((req, res) => this.handle(req, res));
+	wss = null;
+	sessionId = null;
+	liveSockets = new Set();
+	watchers = [];
+	reloadDebounce = null;
+	constructor(cfg, bridge) {
+		this.cfg = cfg;
+		this.bridge = bridge;
+	}
+	async listen() {
+		if (this.cfg.executas && this.cfg.executas.length > 0) await this.bridge.call("executas.register", { executas: this.cfg.executas.map((e) => ({
+			tool_id: e.tool_id,
+			project_dir: e.project_dir,
+			command: e.command ?? null
+		})) });
+		await new Promise((res, rej) => this.server.listen(this.cfg.port, () => res()).once("error", rej));
+		this.wss = new WebSocketServer({ noServer: true });
+		this.server.on("upgrade", (req, socket, head) => {
+			const url = new URL(req.url ?? "/", "http://localhost");
+			if (url.pathname !== "/ws") {
+				socket.destroy();
+				return;
+			}
+			this.wss.handleUpgrade(req, socket, head, (ws) => {
+				const sid = url.searchParams.get("session_id");
+				if (!sid || sid !== this.sessionId) {
+					ws.close(1008, "unknown session_id");
+					return;
+				}
+				this.liveSockets.add(ws);
+				const timer = setInterval(async () => {
+					try {
+						const out = await this.bridge.call("session.drain_events", { session_id: sid });
+						for (const ev of out.events) ws.send(JSON.stringify({
+							kind: "event",
+							...ev
+						}));
+					} catch (e) {
+						ws.close(1011, `drain failed: ${e.message}`);
+						clearInterval(timer);
+					}
+				}, 200);
+				ws.on("close", () => {
+					this.liveSockets.delete(ws);
+					clearInterval(timer);
+				});
+			});
+		});
+		if (this.cfg.watch) this.startWatcher();
+	}
+	async close() {
+		for (const w of this.watchers) w.close();
+		this.watchers = [];
+		if (this.reloadDebounce) clearTimeout(this.reloadDebounce);
+		if (this.wss) {
+			for (const c of this.wss.clients) c.terminate();
+			this.wss.close();
+		}
+		await new Promise((res) => this.server.close(() => res()));
+	}
+	startWatcher() {
+		const broadcastReload = (path) => {
+			if (this.reloadDebounce) clearTimeout(this.reloadDebounce);
+			this.reloadDebounce = setTimeout(() => {
+				const env = JSON.stringify({
+					kind: "reload",
+					path
+				});
+				for (const ws of this.liveSockets) if (ws.readyState === ws.OPEN) ws.send(env);
+			}, 100);
+		};
+		try {
+			this.watchers.push(watch(this.cfg.bundleDir, { recursive: true }, (_evt, filename) => {
+				if (filename) broadcastReload(`bundle/${filename}`);
+			}));
+		} catch (e) {
+			process.stderr.write(`[harness] watcher failed to attach to ${this.cfg.bundleDir}: ${e.message}\n`);
+		}
+	}
+	async handle(req, res) {
+		try {
+			const url = new URL(req.url ?? "/", "http://localhost");
+			const method = req.method ?? "GET";
+			if (method === "GET" && (url.pathname === "/" || url.pathname === "/dashboard")) return await this.serveDashboard(res);
+			if (method === "GET" && url.pathname === "/api/config") return this.json(res, 200, {
+				app_slug: this.cfg.slug,
+				view: this.cfg.view ?? null,
+				bundle_base: `/anna-apps/${this.cfg.slug}/dev/${this.cfg.bundleEntry}`,
+				executas: (this.cfg.executas ?? []).map((e) => e.tool_id),
+				watch: !!this.cfg.watch
+			});
+			if (method === "POST" && url.pathname === "/api/session/create") return await this.createSession(res);
+			if (method === "POST" && url.pathname === "/api/session/call") return await this.proxyCall(req, res);
+			if (method === "POST" && url.pathname === "/api/session/refresh-token") return await this.refreshToken(res);
+			if (method === "GET" && url.pathname.startsWith("/static/anna-apps/_sdk/")) return await this.serveSdk(url.pathname, res);
+			if (method === "GET" && url.pathname.startsWith(`/anna-apps/${this.cfg.slug}/dev/`)) {
+				const rel = url.pathname.replace(`/anna-apps/${this.cfg.slug}/dev/`, "");
+				return await this.serveBundleAsset(rel, res);
+			}
+			this.text(res, 404, `not found: ${url.pathname}`);
+		} catch (e) {
+			this.text(res, 500, `harness error: ${e.message}`);
+		}
+	}
+	async serveDashboard(res) {
+		const file = join(__dirname, "dashboard.html");
+		const html = await readFile(file, "utf-8");
+		res.writeHead(200, {
+			"content-type": MIME[".html"],
+			"cache-control": "no-store"
+		});
+		res.end(html);
+	}
+	async createSession(res) {
+		if (this.sessionId) {
+			try {
+				await this.bridge.call("session.close", { session_id: this.sessionId });
+			} catch {}
+			this.sessionId = null;
+		}
+		const out = await this.bridge.call("session.create", {
+			user_id: this.cfg.userId,
+			manifest: this.cfg.manifest,
+			view: this.cfg.view,
+			entry_payload: this.cfg.entryPayload ?? {},
+			app_slug: this.cfg.slug
+		});
+		this.sessionId = out.session_id;
+		this.json(res, 200, out);
+	}
+	async proxyCall(req, res) {
+		const body = await readBody(req);
+		let parsed;
+		try {
+			parsed = JSON.parse(body);
+		} catch {
+			return this.json(res, 400, {
+				ok: false,
+				error: {
+					code: "bad_request",
+					message: "invalid json body"
+				}
+			});
+		}
+		try {
+			const out = await this.bridge.call("session.call", {
+				session_id: parsed.session_id,
+				ns: parsed.ns,
+				method: parsed.method,
+				args: parsed.args ?? {}
+			});
+			this.json(res, 200, out);
+		} catch (e) {
+			this.json(res, 200, {
+				ok: false,
+				error: {
+					code: "transport",
+					message: e.message
+				}
+			});
+		}
+	}
+	async refreshToken(res) {
+		if (!this.sessionId) return this.json(res, 400, { error: "no active session" });
+		try {
+			const out = await this.bridge.call("session.refresh_token", { session_id: this.sessionId });
+			this.json(res, 200, out);
+		} catch (e) {
+			this.json(res, 500, { error: e.message });
+		}
+	}
+	async serveSdk(pathname, res) {
+		const root = this.cfg.matrixNexusRoot;
+		if (!root) return this.text(res, 404, "SDK assets not available in uvx mode");
+		const rel = pathname.replace(/^\/static\//, "");
+		const abs = resolve(root, "static", rel);
+		if (!abs.startsWith(resolve(root, "static"))) return this.text(res, 403, "forbidden");
+		return this.serveFile(abs, res);
+	}
+	async serveBundleAsset(rel, res) {
+		const abs = resolve(this.cfg.bundleDir, normalize(rel));
+		if (!abs.startsWith(resolve(this.cfg.bundleDir))) return this.text(res, 403, "forbidden");
+		return this.serveFile(abs, res);
+	}
+	async serveFile(abs, res) {
+		let stat;
+		try {
+			stat = statSync(abs);
+		} catch {
+			return this.text(res, 404, `not found: ${abs}`);
+		}
+		if (!stat.isFile()) return this.text(res, 404, "not a file");
+		const ext = abs.slice(abs.lastIndexOf("."));
+		res.writeHead(200, {
+			"content-type": MIME[ext] ?? "application/octet-stream",
+			"cache-control": "no-store",
+			"content-length": String(stat.size)
+		});
+		createReadStream(abs).pipe(res);
+	}
+	json(res, status, body) {
+		const text = JSON.stringify(body);
+		res.writeHead(status, {
+			"content-type": MIME[".json"],
+			"content-length": String(Buffer.byteLength(text)),
+			"cache-control": "no-store"
+		});
+		res.end(text);
+	}
+	text(res, status, body) {
+		res.writeHead(status, {
+			"content-type": "text/plain; charset=utf-8",
+			"content-length": String(Buffer.byteLength(body))
+		});
+		res.end(body);
+	}
+};
+function readBody(req) {
+	return new Promise((resolve$1, reject) => {
+		const chunks = [];
+		req.on("data", (c) => chunks.push(c));
+		req.on("end", () => resolve$1(Buffer.concat(chunks).toString("utf-8")));
+		req.on("error", reject);
+	});
+}
+
+//#endregion
+export { HarnessServer };

package/dist/test/index.d.ts

@@ -0,0 +1,151 @@
+//#region src/test/host-api-acl.d.ts
+/**
+ * Derive a host-API ACL from `manifest.ui.host_api`, matching the
+ * production gate in matrix-nexus (`src/services/anna_app_validator.py` and
+ * the runtime gate enforced inside `LocalDispatcher.dispatch`).
+ *
+ * The shape returned here mirrors what production allows so that bundle
+ * authors get the same DENIED errors locally as they would in production.
+ */
+interface HostApi {
+  tools?: string[];
+  chat?: string[];
+  artifact?: string[];
+  llm?: string[];
+  fs?: string[];
+  storage?: string[];
+  prefs?: string[];
+  window?: string[];
+}
+interface ManifestForAcl {
+  required_executas?: Array<{
+    tool_id: string;
+  }>;
+  optional_executas?: Array<{
+    tool_id: string;
+  }>;
+  ui?: {
+    host_api?: HostApi | null;
+  } | null;
+}
+interface Acl {
+  /** ns.method strings (e.g. "storage.set"). */
+  allowed: Set<string>;
+  /** Tools the bundle may invoke; "*" for any. */
+  allowedTools: Set<string>;
+  /** Whether `tools.invoke` is allowed at all. */
+  toolsWildcard: boolean;
+}
+declare function deriveAcl(manifest: ManifestForAcl): Acl;
+declare function isToolAllowed(acl: Acl, toolId: string): boolean; //#endregion
+//#region src/test/runtime.d.ts
+interface CallRecord {
+  /** Monotonic sequence number assigned by the harness. */
+  seq: number;
+  /** ms since harness started. */
+  t: number;
+  /** Namespace ("storage", "tools", ...). */
+  ns: string;
+  /** Method ("set", "invoke", ...). */
+  method: string;
+  /** Arguments passed by the bundle. */
+  args: unknown;
+  /** Outcome — `null` while still pending. */
+  outcome: "ok" | "error" | "denied" | null;
+  /** Result value (when outcome === "ok"). */
+  result?: unknown;
+  /** Error code (when outcome === "error" | "denied"). */
+  errorCode?: string;
+  /** Error message (when outcome === "error" | "denied"). */
+  errorMessage?: string;
+}
+interface CallLog {
+  /** All calls in arrival order. */
+  all(): CallRecord[];
+  /** Filter helper: `byNs("storage.set")` or `byNs("storage")`. */
+  byNs(prefix: string): CallRecord[];
+  /** Last call (or null). */
+  last(): CallRecord | null;
+  /** Last call matching `prefix`. */
+  lastOf(prefix: string): CallRecord | null;
+  /** Clear the log. */
+  clear(): void;
+}
+type MockHandler = (args: unknown, ctx: {
+  ns: string;
+  method: string;
+}) => unknown | Promise<unknown>;
+type MockMap = Record<string, MockHandler>;
+interface EventBus {
+  /** Push an event into the runtime, as if the host server sent it. */
+  emit(name: string, payload?: unknown): void;
+  /** Register a listener (mirrors `runtime.on`). */
+  on(name: string, fn: (payload: unknown) => void): () => void;
+}
+interface MockRuntime {
+  hello: {
+    wid: string;
+    t: string;
+    user_id: number;
+  };
+  call<T = unknown>(ns: string, method: string, args?: unknown): Promise<T>;
+  on(name: string, fn: (payload: unknown) => void): () => void;
+  tools: {
+    invoke<T = unknown>(args: {
+      tool_id: string;
+      method: string;
+      args?: unknown;
+    }): Promise<T>;
+  };
+  storage: {
+    get<T = unknown>(key: string): Promise<T>;
+    set(key: string, value: unknown): Promise<void>;
+  };
+  chat: {
+    write_message(text: string, opts?: Record<string, unknown>): Promise<void>;
+  };
+  artifact: {
+    create(args: Record<string, unknown>): Promise<unknown>;
+  };
+  llm: {
+    complete(args: Record<string, unknown>): Promise<unknown>;
+  };
+  fs: Record<string, (args?: unknown) => Promise<unknown>>;
+  prefs: {
+    get(key: string): Promise<unknown>;
+    set(key: string, value: unknown): Promise<void>;
+  };
+  window: {
+    set_title(title: string): Promise<void>;
+  };
+}
+interface MountedHarness {
+  runtime: MockRuntime;
+  calls: CallLog;
+  events: EventBus;
+  acl: Acl;
+  /** Replace / add a mock at any time. */
+  mock(key: string, handler: MockHandler): void;
+  /** Sleep helper for tests that need to flush microtasks. */
+  wait(ms: number): Promise<void>;
+}
+interface MountOptions {
+  manifest: ManifestForAcl & Record<string, unknown>;
+  /** Map keyed by `"ns.method"` (e.g. `"storage.set"`). */
+  mocks?: MockMap;
+  /** wid override (default: random). */
+  wid?: string;
+  /** Initial token (default: random). */
+  token?: string;
+  /** user_id passed to the SDK hello (default: 1). */
+  userId?: number;
+  /** Token TTL in ms; defaults to 5 minutes (mirrors production hint). */
+  tokenTtlMs?: number;
+}
+declare function mountBundle(opts: MountOptions): Promise<MountedHarness>;
+/** Error class thrown for ACL denials or missing mocks. */
+declare class HostApiError extends Error {
+  code: string;
+  constructor(code: string, message: string);
+} //#endregion
+export { Acl, CallLog, CallRecord, EventBus, HostApi, HostApiError, ManifestForAcl, MockHandler, MockMap, MockRuntime, MountOptions, MountedHarness, deriveAcl, isToolAllowed, mountBundle };