@aria-cli/tools 1.0.19 → 1.0.33

package/dist-cjs/outlook/desktop-session.d.ts

@@ -1,68 +0,0 @@
-export interface OutlookMessageView {
-    id: string;
-    subject: string;
-    from: {
-        name: string;
-        email: string;
-    };
-    toRecipients: {
-        name: string;
-        email: string;
-    }[];
-    receivedDateTime: string;
-    isRead: boolean;
-    hasAttachments: boolean;
-    bodyPreview: string;
-    conversationId: string;
-}
-export interface OutlookMessageDetail extends OutlookMessageView {
-    body: {
-        contentType: string;
-        content: string;
-    };
-    ccRecipients: {
-        name: string;
-        email: string;
-    }[];
-    importance: string;
-}
-export interface OutlookListMessagesResult {
-    accountEmail: string;
-    folder: string;
-    messages: OutlookMessageView[];
-    totalCount: number;
-}
-export interface OutlookSendResult {
-    accountEmail: string;
-    status: "sent";
-}
-export interface OutlookDesktopClient {
-    getAccountEmail(): string;
-    listMessages(input: {
-        folder?: string;
-        limit?: number;
-        filter?: string;
-        search?: string;
-    }): Promise<OutlookListMessagesResult>;
-    getMessage(input: {
-        messageId: string;
-    }): Promise<OutlookMessageDetail>;
-    sendMessage(input: {
-        to: string[];
-        cc?: string[];
-        subject: string;
-        body: string;
-        bodyType?: "text" | "html";
-    }): Promise<OutlookSendResult>;
-    replyMessage(input: {
-        messageId: string;
-        body: string;
-        bodyType?: "text" | "html";
-        replyAll?: boolean;
-    }): Promise<OutlookSendResult>;
-    close(): Promise<void>;
-}
-export declare function createOutlookDesktopClient(opts?: {
-    accountHint?: string;
-    bootstrapTimeoutMs?: number;
-}): Promise<OutlookDesktopClient>;

package/dist-cjs/policy.d.ts

@@ -1,43 +0,0 @@
-/**
- * Tool Policy Engine
- *
- * Evaluates whether a tool is allowed based on allow/deny lists with group expansion.
- * Supports layered policy merging (intersection semantics) for arion + RunOptions policies.
- */
-export interface ToolPolicy {
-    /** Tool names or group names to allow. Empty array or undefined = allow all */
-    allow?: string[];
-    /** Tool names or group names to deny. Applied after allow. Deny wins. */
-    deny?: string[];
-    /**
-     * Internal marker used by policy merging:
-     * when true, treat allow (even empty) as an explicit restriction.
-     * This preserves deny-all semantics for empty intersections.
-     */
-    restrictAllow?: boolean;
-}
-/** Built-in tool groups */
-export declare const TOOL_GROUPS: Record<string, string[]>;
-/**
- * Expand group references in a policy list.
- * "group:memory" → ["remember", "recall", "forget", "reflect"]
- * Individual tool names pass through unchanged.
- * Unknown group names are ignored (treated as empty).
- */
-export declare function expandGroups(names: string[]): Set<string>;
-/**
- * Evaluate whether a tool is allowed by a policy.
- * Rules:
- * 1. If allow is empty/undefined and restrictAllow is false/undefined
- *    → all tools allowed (then check deny)
- * 2. If allow is non-empty OR restrictAllow=true
- *    → only listed tools/groups allowed (empty allow + restrictAllow=true denies all)
- * 3. Deny always wins over allow
- */
-export declare function isToolAllowed(toolName: string, policy: ToolPolicy): boolean;
-/**
- * Merge two policies (intersection). Used for layered evaluation:
- * arion policy ∩ RunOptions policy = effective policy.
- * A tool must be allowed by BOTH layers.
- */
-export declare function mergePolicies(a: ToolPolicy, b: ToolPolicy): ToolPolicy;

package/dist-cjs/providers/brave.d.ts

@@ -1,10 +0,0 @@
-import type { SearchProvider, SearchOptions, SearchResult, SearchProviderEnv } from "./search-provider.js";
-export declare class BraveSearchProvider implements SearchProvider {
-    private readonly env;
-    readonly name = "brave";
-    readonly requiresApiKey = true;
-    readonly priority = 1;
-    constructor(env?: SearchProviderEnv | Record<string, string | undefined>);
-    isAvailable(): boolean;
-    search(query: string, options?: SearchOptions): Promise<SearchResult[]>;
-}

package/dist-cjs/providers/duckduckgo.d.ts

@@ -1,18 +0,0 @@
-import type { SearchProvider, SearchOptions, SearchResult } from "./search-provider.js";
-export declare class DuckDuckGoSearchProvider implements SearchProvider {
-    readonly name = "duckduckgo";
-    readonly requiresApiKey = false;
-    readonly priority = 6;
-    isAvailable(): boolean;
-    search(query: string, options?: SearchOptions): Promise<SearchResult[]>;
-    /**
-     * Strip HTML tags from a string
-     */
-    private stripHtmlTags;
-    /**
-     * Decode HTML entities in URLs
-     */
-    private decodeHtmlEntities;
-    private resolveDuckDuckGoResultUrl;
-    private normalizeResultUrl;
-}

package/dist-cjs/providers/exa.d.ts

@@ -1,10 +0,0 @@
-import type { SearchProvider, SearchOptions, SearchResult, SearchProviderEnv } from "./search-provider.js";
-export declare class ExaSearchProvider implements SearchProvider {
-    private readonly env;
-    readonly name = "exa";
-    readonly requiresApiKey = true;
-    readonly priority = 3;
-    constructor(env?: SearchProviderEnv | Record<string, string | undefined>);
-    isAvailable(): boolean;
-    search(query: string, options?: SearchOptions): Promise<SearchResult[]>;
-}

package/dist-cjs/providers/firecrawl.d.ts

@@ -1,10 +0,0 @@
-import type { SearchProvider, SearchOptions, SearchResult, SearchProviderEnv } from "./search-provider.js";
-export declare class FirecrawlSearchProvider implements SearchProvider {
-    private readonly env;
-    readonly name = "firecrawl";
-    readonly requiresApiKey = true;
-    readonly priority = 2;
-    constructor(env?: SearchProviderEnv | Record<string, string | undefined>);
-    isAvailable(): boolean;
-    search(query: string, options?: SearchOptions): Promise<SearchResult[]>;
-}

package/dist-cjs/providers/jina.d.ts

@@ -1,10 +0,0 @@
-import type { SearchProvider, SearchOptions, SearchResult, SearchProviderEnv } from "./search-provider.js";
-export declare class JinaSearchProvider implements SearchProvider {
-    private readonly env;
-    readonly name = "jina";
-    readonly requiresApiKey = false;
-    readonly priority = 5;
-    constructor(env?: SearchProviderEnv | Record<string, string | undefined>);
-    isAvailable(): boolean;
-    search(query: string, options?: SearchOptions): Promise<SearchResult[]>;
-}

package/dist-cjs/providers/router.d.ts

@@ -1,21 +0,0 @@
-import type { SearchProvider, SearchOptions, SearchResult, SearchProviderEnv } from "./search-provider.js";
-export declare class SearchProviderRouter {
-    private _providers;
-    private readonly env;
-    constructor(_providers: SearchProvider[], env?: SearchProviderEnv | Record<string, string | undefined>);
-    /**
-     * Resolves the best available search provider.
-     * Priority:
-     * 1. Explicit override via ARIA_SEARCH_PROVIDER env var
-     * 2. Highest-priority available provider (lowest priority number)
-     * @throws {Error} if no providers are available or override is invalid
-     */
-    resolve(): SearchProvider;
-    /**
-     * Performs a search with automatic fallback.
-     * Tries providers in priority order (resolved provider first, then others).
-     * Circuit breaker: stops at first successful response.
-     * @throws {AggregateError} if all providers fail
-     */
-    search(query: string, options?: SearchOptions): Promise<SearchResult[]>;
-}

package/dist-cjs/providers/search-provider.d.ts

@@ -1,35 +0,0 @@
-export interface SearchOptions {
-    limit?: number;
-    topic?: "general" | "news";
-    domains?: string[];
-    excludeDomains?: string[];
-    timeRange?: "day" | "week" | "month" | "year";
-    signal?: AbortSignal;
-}
-export interface SearchResult {
-    title: string;
-    url: string;
-    content: string;
-    score?: number;
-    publishedDate?: string;
-}
-export interface SearchProviderEnv {
-    ARIA_SEARCH_PROVIDER?: string;
-    BRAVE_API_KEY?: string;
-    FIRECRAWL_API_KEY?: string;
-    EXA_API_KEY?: string;
-    TAVILY_API_KEY?: string;
-    JINA_API_KEY?: string;
-}
-export declare function resolveSearchProviderEnv(env?: SearchProviderEnv | Record<string, string | undefined>): SearchProviderEnv;
-export interface SearchProvider {
-    readonly name: string;
-    readonly requiresApiKey: boolean;
-    readonly priority: number;
-    isAvailable(): boolean;
-    search(query: string, options?: SearchOptions): Promise<SearchResult[]>;
-}
-export declare function createProviderAbortSignal(timeoutMs: number, callerSignal?: AbortSignal): {
-    signal: AbortSignal;
-    cleanup: () => void;
-};

package/dist-cjs/providers/tavily.d.ts

@@ -1,10 +0,0 @@
-import type { SearchProvider, SearchOptions, SearchResult, SearchProviderEnv } from "./search-provider.js";
-export declare class TavilySearchProvider implements SearchProvider {
-    private readonly env;
-    readonly name = "tavily";
-    readonly requiresApiKey = true;
-    readonly priority = 4;
-    constructor(env?: SearchProviderEnv | Record<string, string | undefined>);
-    isAvailable(): boolean;
-    search(query: string, options?: SearchOptions): Promise<SearchResult[]>;
-}

package/dist-cjs/quip/desktop-session.d.ts

@@ -1,69 +0,0 @@
-export interface QuipDocumentSummary {
-    threadId: string;
-    title: string;
-    link: string;
-    updatedUsec: number;
-    createdUsec: number;
-}
-export interface QuipDocumentListResult {
-    documents: QuipDocumentSummary[];
-}
-export interface QuipDocumentDetail {
-    threadId: string;
-    title: string;
-    link: string;
-    markdown: string;
-    updatedUsec: number;
-    createdUsec: number;
-    authorId: string;
-}
-export interface QuipCreateResult {
-    threadId: string;
-    title: string;
-    link: string;
-}
-export interface QuipCommentView {
-    id: string;
-    authorId: string;
-    authorName: string;
-    text: string;
-    createdUsec: number;
-}
-export interface QuipCommentResult {
-    threadId: string;
-    commentId: string;
-}
-export interface QuipCommentListResult {
-    threadId: string;
-    comments: QuipCommentView[];
-}
-export interface QuipDesktopClient {
-    getUserId(): string;
-    listRecentDocuments(input: {
-        limit?: number;
-    }): Promise<QuipDocumentListResult>;
-    searchDocuments(input: {
-        query: string;
-        limit?: number;
-    }): Promise<QuipDocumentListResult>;
-    readDocument(input: {
-        threadId: string;
-    }): Promise<QuipDocumentDetail>;
-    createDocument(input: {
-        title: string;
-        content: string;
-        format?: "markdown" | "html";
-        folderId?: string;
-    }): Promise<QuipCreateResult>;
-    addComment(input: {
-        threadId: string;
-        content: string;
-    }): Promise<QuipCommentResult>;
-    listComments(input: {
-        threadId: string;
-    }): Promise<QuipCommentListResult>;
-    close(): Promise<void>;
-}
-export declare function createQuipDesktopClient(options?: {
-    bootstrapTimeoutMs?: number;
-}): Promise<QuipDesktopClient>;

package/dist-cjs/registry/registry.d.ts

@@ -1,156 +0,0 @@
-/**
- * Tool Registry - Manages tool registration and discovery
- */
-import type { Tool, ToolCategory, ToolContext, ToolResult, ToolMiddleware, RegisterOptions, ToolInfo, Logger } from "../types.js";
-import type { ToolItem } from "@aria-cli/types";
-import { MCPClient } from "../mcp/client.js";
-import type { MCPServerConfig } from "../mcp/types.js";
-export declare function validateToolInput(input: unknown, schema: Record<string, unknown>, path?: string): string | null;
-/**
- * Memoria-like interface for tool discovery
- */
-interface MemoriaLike {
-    recallTools(options: {
-        query: string;
-        limit?: number;
-        offset?: number;
-        minConfidence?: number;
-        matchAll?: boolean;
-        updateAccessStats?: boolean;
-    }): Promise<ToolItem[]>;
-    rememberTool(tool: {
-        name: string;
-        description: string;
-    } & Record<string, unknown>): Promise<string>;
-}
-export declare class ToolRegistry {
-    private tools;
-    private middleware;
-    private mcpClient?;
-    private logger;
-    constructor(options?: {
-        logger?: Logger;
-    });
-    /**
-     * Register a middleware to wrap tool execution.
-     * Middlewares are applied in registration order (first registered = outermost).
-     */
-    use(mw: ToolMiddleware): void;
-    /**
-     * Register a tool
-     * @throws Error if tool already registered and override not set
-     */
-    register(tool: Tool, options?: RegisterOptions): void;
-    /**
-     * Get a tool by name
-     */
-    get(name: string): Tool | undefined;
-    /**
-     * Check if a tool is registered
-     */
-    has(name: string): boolean;
-    /**
-     * List all tools, optionally filtered by category
-     */
-    list(category?: ToolCategory): Tool[];
-    /**
-     * Unregister a tool
-     * @returns true if tool was removed, false if not found
-     */
-    unregister(name: string): boolean;
-    /**
-     * Get count of registered tools
-     */
-    get size(): number;
-    /**
-     * Clear all registered tools
-     */
-    clear(): void;
-    /**
-     * Get all registered tools
-     */
-    getAll(): Tool[];
-    /**
-     * Execute a tool by name with input validation.
-     *
-     * Validates `input` against the tool's JSON Schema `parameters` before
-     * delegating to the tool's handler. Returns a structured error result
-     * for unknown tools or validation failures instead of throwing.
-     *
-     * Tools without a `parameters` schema (or with a non-object schema)
-     * skip validation and pass input directly to the handler.
-     */
-    execute(name: string, input: unknown, context: ToolContext): Promise<ToolResult>;
-    /**
-     * Convert a Tool to ToolInfo for system prompt
-     */
-    private toolToInfo;
-    /**
-     * Get tool info for all tools (for system prompt)
-     */
-    getToolInfos(): ToolInfo[];
-    /**
-     * Search for tools by name or description
-     */
-    search(query: string): Tool[];
-    /**
-     * Discover and load tools from Memoria knowledge base
-     *
-     * @param memoria - Memoria instance to query
-     * @returns Number of tools discovered and loaded
-     */
-    discoverFromMemoria(memoria: MemoriaLike): Promise<number>;
-    /**
-     * Save a tool definition to Memoria
-     *
-     * @param name - Name of the tool to save
-     * @param memoria - Memoria instance to save to
-     */
-    saveToMemoria(name: string, memoria: MemoriaLike): Promise<void>;
-    /**
-     * Create an executor for a tool loaded from Memoria.
-     *
-     * Supports template execution only (no eval, no arbitrary code):
-     *
-     * **Response template**: If `toolDef.responseTemplate` is a string,
-     *    `{{key}}` placeholders are replaced with values from the input object.
-     *
-     * Input is validated against the full declared JSON Schema before interpolation.
-     */
-    private createMemoriaToolExecutor;
-    /**
-     * Connect to MCP servers and register their tools
-     */
-    connectMCP(configs: MCPServerConfig[]): Promise<{
-        tools: number;
-        resources: number;
-        prompts: number;
-    }>;
-    /**
-     * Refresh tools from a specific MCP server
-     */
-    private refreshMCPTools;
-    /**
-     * Disconnect from all MCP servers
-     */
-    disconnectMCP(): Promise<void>;
-    /**
-     * Get the MCP client for direct resource/prompt access
-     */
-    getMCPClient(): MCPClient | undefined;
-    /**
-     * Dispose of the registry, cleaning up all MCP connections.
-     *
-     * Shuts down every MCP server connection and clears all registered tools.
-     * Safe to call multiple times (idempotent).
-     */
-    dispose(): Promise<void>;
-    /**
-     * Async disposable support for `await using registry = new ToolRegistry()`.
-     *
-     * Delegates to dispose() so that ToolRegistry works with the Explicit
-     * Resource Management proposal (using/await using).
-     */
-    [Symbol.asyncDispose](): Promise<void>;
-}
-export {};

package/dist-cjs/runtime-socket-local-control-client.d.ts

@@ -1,10 +0,0 @@
-import type { AttachedClientAuth, AttachedLocalControlApi, LocalControlApi } from "./types.js";
-export declare function createRuntimeSocketLocalControlClient(options: {
-    runtimeSocket: string;
-    pollIntervalMs?: number;
-}): LocalControlApi;
-export declare function createRuntimeSocketAttachedLocalControlClient(options: {
-    runtimeSocket: string;
-    auth: AttachedClientAuth;
-    pollIntervalMs?: number;
-}): AttachedLocalControlApi;

package/dist-cjs/security/dns-normalization.d.ts

@@ -1,6 +0,0 @@
-import type { LookupAddress } from "node:dns";
-export interface NormalizedLookupAddress {
-    address: string;
-    family: 4 | 6;
-}
-export declare function normalizeLookupResult(lookupResult: LookupAddress | LookupAddress[] | unknown): NormalizedLookupAddress[];

package/dist-cjs/security/dns-pinning.d.ts

@@ -1,27 +0,0 @@
-/**
- * DNS Pinning — SSRF protection via custom DNS resolution
- *
- * Provides undici Agent with custom DNS lookup that validates resolved IPs
- * against private address ranges before making requests.
- */
-import { type Dispatcher } from "undici";
-/**
- * Creates an undici Agent that pins DNS resolution to a specific IP address
- * and validates it against private address ranges.
- *
- * @param pinnedIp - The IP address to pin to
- * @param family - IP family (4 for IPv4, 6 for IPv6)
- * @returns An undici Agent configured with custom DNS lookup
- */
-export declare function createPinnedAgent(pinnedIp: string, family: 4 | 6): Dispatcher;
-/**
- * Performs a fetch with DNS pinning and SSRF protection.
- * Resolves the hostname to an IP, validates it's not private, then uses
- * a pinned Agent to prevent DNS rebinding attacks.
- *
- * @param url - The URL to fetch
- * @param init - Fetch options
- * @returns The fetch Response
- * @throws Error if URL resolves to a private address or DNS resolution fails
- */
-export declare function fetchWithDnsPinning(url: string, init: RequestInit): Promise<Response>;

package/dist-cjs/security/external-content.d.ts

@@ -1,40 +0,0 @@
-/**
- * External Content Wrapping — Nonce-based boundary markers and injection detection
- *
- * Wraps untrusted external content with cryptographic nonce boundaries to prevent
- * prompt injection attacks via content spoofing. Detects common injection patterns
- * for telemetry purposes.
- */
-/**
- * Source of external content for labeling purposes
- */
-export type ExternalContentSource = "web_search" | "web_fetch" | "browse";
-/**
- * Result of wrapping external content
- */
-export interface WrappedContent {
-    /** The wrapped content with boundary markers */
-    content: string;
-    /** Cryptographic nonce used in boundaries */
-    nonce: string;
-    /** Whether injection patterns were detected (for telemetry) */
-    injectionDetected: boolean;
-}
-/**
- * Check whether content is already wrapped with a valid nonce-paired boundary.
- *
- * Prevents boundary spoofing by requiring both open and close markers to exist
- * and share the same nonce. A single fake opening marker is not considered wrapped.
- */
-export declare function isWrappedExternalContent(content: string): boolean;
-/**
- * Wraps external content with nonce-based boundary markers.
- * Boundaries use cryptographic nonces to prevent spoofing attacks.
- *
- * Also detects common injection patterns for telemetry (does NOT block).
- *
- * @param content - The untrusted external content to wrap
- * @param source - The source of the content for labeling
- * @returns Wrapped content with nonce and injection detection status
- */
-export declare function wrapExternalContent(content: string, source: ExternalContentSource): WrappedContent;

package/dist-cjs/security/ssrf.d.ts

@@ -1,40 +0,0 @@
-/**
- * SSRF (Server-Side Request Forgery) protection utilities
- *
- * Provides IP validation, URL validation, and redirect following with
- * SSRF protection for web operations.
- */
-/**
- * Validates URL syntax/protocol only (no DNS resolution).
- * Use this when DNS validation is enforced by the fetch boundary itself
- * (for example, DNS-pinned fetch).
- */
-export declare function validateUrlStructure(url: string): string | null;
-/**
- * Checks whether an IP address belongs to a private/reserved network range.
- * Blocks loopback, RFC 1918, link-local, IPv6 private, and unspecified addresses.
- */
-export declare function isPrivateAddress(ip: string): boolean;
-/**
- * Validates that a string is a valid HTTP(S) URL and does not resolve
- * to a private/reserved IP address (SSRF protection).
- * Returns null if valid, error message if invalid.
- */
-export declare function validateUrl(url: string): Promise<string | null>;
-/**
- * Follows HTTP redirects manually, re-validating each redirect target
- * against SSRF protections. Returns the final response.
- */
-export interface FollowRedirectOptions {
-    maxHops?: number;
-    baseUrl?: string;
-    fetchFn?: (url: string, init: RequestInit) => Promise<Response>;
-    validateRedirectUrl?: (url: string) => Promise<string | null> | string | null;
-}
-/**
- * Best-effort disposal for unread response bodies.
- * Redirect and early-return paths must explicitly close bodies they abandon so
- * later aborts cannot surface from resources that no caller still owns.
- */
-export declare function discardResponseBody(response: Pick<Response, "body"> | null | undefined): Promise<void>;
-export declare function followRedirects(initialResponse: Response, requestInit: RequestInit, options?: FollowRedirectOptions): Promise<Response>;

package/dist-cjs/slack/desktop-session.d.ts

@@ -1,69 +0,0 @@
-export interface SlackCachedDesktopState {
-    cachedToken: string | null;
-    teamIds: string[];
-}
-export interface SlackDesktopCookie {
-    name: string;
-    value: string;
-    domain: string;
-    path: string;
-    secure: boolean;
-    httpOnly: boolean;
-}
-export interface SlackDesktopBootstrap {
-    workspaceHost: string;
-    liveToken: string;
-}
-export interface SlackMessageView {
-    ts: string;
-    user: string | null;
-    text: string;
-    subtype: string | null;
-    threadTs: string | null;
-}
-export interface SlackConversationHistoryResult {
-    teamId: string;
-    workspaceHost: string;
-    channelId: string;
-    messages: SlackMessageView[];
-    hasMore: boolean;
-    nextCursor: string | null;
-}
-export interface SlackSendMessageResult {
-    teamId: string;
-    workspaceHost: string;
-    channelId: string;
-    ts: string;
-}
-export interface SlackAddReactionResult {
-    teamId: string;
-    workspaceHost: string;
-    channelId: string;
-}
-export declare function extractCachedSlackDesktopState(levelDbText: string): SlackCachedDesktopState;
-export declare function extractWorkspaceHostFromAppHtml(html: string): string | null;
-export declare function extractLiveSlackTokenFromMultipartBody(body: string): string | null;
-export interface SlackDesktopClient {
-    getTeamId(): string;
-    getWorkspaceHost(): string;
-    listMessages(input: {
-        channel: string;
-        limit?: number;
-        threadTs?: string;
-    }): Promise<SlackConversationHistoryResult>;
-    sendMessage(input: {
-        channel: string;
-        text: string;
-        threadTs?: string;
-    }): Promise<SlackSendMessageResult>;
-    addReaction(input: {
-        channel: string;
-        timestamp: string;
-        name: string;
-    }): Promise<SlackAddReactionResult>;
-    close(): Promise<void>;
-}
-export declare function createSlackDesktopClient(options?: {
-    teamId?: string;
-    bootstrapTimeoutMs?: number;
-}): Promise<SlackDesktopClient>;