@botbotgo/runtime 1.0.0 → 1.0.2

package/dist/state/workspaceState.js.map

@@ -1 +1 @@
-{"version":3,"file":"workspaceState.js","sourceRoot":"","sources":["../../src/state/workspaceState.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAsB,wBAAwB,EAAsB,MAAM,eAAe,CAAC;AACjG,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAEjD,OAAO,EAAE,0BAA0B,EAA6B,MAAM,0BAA0B,CAAC;AAuCjG,MAAM,OAAO,0BAA0B;IACrB,QAAQ,CAAS;IACjB,SAAS,CAAS;IAClB,YAAY,CAAS;IACrB,aAAa,CAAyB;IAErC,iBAAiB,CAAU;IAC3B,eAAe,CAAS;IACxB,kBAAkB,CAAS;IAC3B,mBAAmB,CAAoC;IACvD,QAAQ,CAAqB;IAC7B,MAAM,CAA8B;IAErD,YAAmB,OAAyC;QAC1D,MAAM,EACJ,OAAO,EACP,SAAS,GAAG,EAAE,EACd,YAAY,GAAG,QAAQ,EACvB,iBAAiB,GAAG,IAAI,EACxB,WAAW,EACX,MAAM,GACP,GAAG,OAAO,CAAC;QAEZ,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QAC/C,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QACtD,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAC7D,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QACtH,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;QAC3C,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;QAChE,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,OAAO,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QACvE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,mBAAmB,GAAG,mBAAmB,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;QAClG,IAAI,CAAC,QAAQ,GAAG,wBAAwB,CAAC;YACvC,QAAQ,EAAE,IAAI,CAAC,YAAY;YAC3B,YAAY,EAAE,GAAG,EAAE,CAAC,CAAC;gBACnB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,YAAY,EAAE,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;gBACxC,GAAG,MAAM,CAAC,WAAW,CACnB,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC,GAAG,GAAG,SAAS,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CACzH;aACF,CAAC;SACH,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,MAIvB;QACC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QACjD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,aAAa,EAAE,MAAM,CAAC,gBAAgB,IAAI,KAAK,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACxG,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC;YAChB,IAAI,EAAE,kCAAkC;YACxC,IAAI,EAAE,wBAAwB;YAC9B,EAAE,EAAE,0BAA0B;YAC9B,OAAO,EAAE,EAAE,QAAQ,EAAE,aAAa,EAAE;SACrC,CAAC,CAAC;QACH,MAAM,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;QAC3C,OAAO,0BAA0B,CAAC,MAAM,CAAC;YACvC,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,QAAQ;YACR,aAAa;YACb,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;SACzC,CAAC,CAAC;IACL,CAAC;IAEM,YAAY;QACjB,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC9B,CAAC;IAEM,WAAW,CAAC,aAAmC,EAAE,gBAAwB;QAC9E,OAAO,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,aAAa,EAAE,gBAAgB,CAAC,CAAC;IACpE,CAAC;IAEM,iBAAiB,CAAC,UAAkB,EAAE,aAAmC,EAAE,UAAkB;QAClG,OAAO,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,UAAU,EAAE,aAAa,EAAE,UAAU,CAAC,CAAC;IAChF,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,MAIrB;QACC,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YACzB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS,EAAE,CAAC;YACZ,WAAW,EAAE,EAAE;YACf,MAAM,EAAE,SAAS;YACjB,aAAa,EAAE,MAAM,CAAC,aAAa;SACpC,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,SAAS,CAAC,MAMtB;QACC,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YACzB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,MAAM,EAAE,SAAS;YACjB,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,SAAS,CAAC,MAMtB;QACC,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YACzB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,MAAM,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ;YACnD,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAAC,aAAmC;QAC/D,IAAI,aAAa,EAAE,MAAM,KAAK,SAAS;YAAE,OAAO;QAChD,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC5B,MAAM,OAAO,CAAC,GAAG,CAAC;gBAChB,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;gBAC5C,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;aAChD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,YAAY,CAAC,KAAc;QACtC,MAAM,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;IACxC,CAAC;IAEO,WAAW;QACjB,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;IAC7E,CAAC;CACF;AAED,MAAM,UAAU,yBAAyB,CAAC,OAAyC;IACjF,OAAO,IAAI,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACjD,CAAC"}
+{"version":3,"file":"workspaceState.js","sourceRoot":"","sources":["../../src/state/workspaceState.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAsB,wBAAwB,EAAsB,MAAM,eAAe,CAAC;AACjG,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAEjD,OAAO,EAAE,0BAA0B,EAA6B,MAAM,0BAA0B,CAAC;AA4CjG,MAAM,OAAO,0BAA0B;IACrB,QAAQ,CAAS;IACjB,SAAS,CAAS;IAClB,YAAY,CAAS;IACrB,aAAa,CAAyB;IAErC,iBAAiB,CAAU;IAC3B,eAAe,CAAS;IACxB,kBAAkB,CAAS;IAC3B,mBAAmB,CAAoC;IACvD,QAAQ,CAAqB;IAC7B,MAAM,CAA8B;IAErD,YAAmB,OAAyC;QAC1D,MAAM,EACJ,OAAO,EACP,SAAS,GAAG,EAAE,EACd,YAAY,GAAG,QAAQ,EACvB,iBAAiB,GAAG,IAAI,EACxB,WAAW,EACX,MAAM,GACP,GAAG,OAAO,CAAC;QAEZ,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QAC/C,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QACtD,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAC7D,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QACtH,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;QAC3C,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;QAChE,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,OAAO,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QACvE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,mBAAmB,GAAG,mBAAmB,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;QAClG,IAAI,CAAC,QAAQ,GAAG,wBAAwB,CAAC;YACvC,QAAQ,EAAE,IAAI,CAAC,YAAY;YAC3B,YAAY,EAAE,GAAG,EAAE,CAAC,CAAC;gBACnB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,YAAY,EAAE,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;gBACxC,GAAG,MAAM,CAAC,WAAW,CACnB,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC,GAAG,GAAG,SAAS,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CACzH;aACF,CAAC;SACH,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,MAKvB;QACC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QACjD,MAAM,sBAAsB,GAAG,MAAM,CAAC,oBAAoB,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC;QAClF,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,sBAAsB,EAAE,MAAM,CAAC,gBAAgB,IAAI,KAAK,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACjH,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC;YAChB,IAAI,EAAE,kCAAkC;YACxC,IAAI,EAAE,wBAAwB;YAC9B,EAAE,EAAE,0BAA0B;YAC9B,OAAO,EAAE,EAAE,QAAQ,EAAE,aAAa,EAAE,sBAAsB,EAAE;SAC7D,CAAC,CAAC;QACH,MAAM,IAAI,CAAC,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;QACpD,OAAO,0BAA0B,CAAC,MAAM,CAAC;YACvC,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,QAAQ;YACR,aAAa,EAAE,sBAAsB;YACrC,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;SACzC,CAAC,CAAC;IACL,CAAC;IAEM,YAAY;QACjB,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC9B,CAAC;IAEM,WAAW,CAAC,aAAmC,EAAE,gBAAwB;QAC9E,OAAO,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,aAAa,EAAE,gBAAgB,CAAC,CAAC;IACpE,CAAC;IAEM,iBAAiB,CAAC,UAAkB,EAAE,aAAmC,EAAE,UAAkB;QAClG,OAAO,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,UAAU,EAAE,aAAa,EAAE,UAAU,CAAC,CAAC;IAChF,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,MAIrB;QACC,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YACzB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS,EAAE,CAAC;YACZ,WAAW,EAAE,EAAE;YACf,MAAM,EAAE,SAAS;YACjB,aAAa,EAAE,MAAM,CAAC,aAAa;SACpC,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,SAAS,CAAC,MAMtB;QACC,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YACzB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,MAAM,EAAE,SAAS;YACjB,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,SAAS,CAAC,MAMtB;QACC,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YACzB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,MAAM,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ;YACnD,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAAC,aAAmC;QAC/D,IAAI,aAAa,EAAE,MAAM,KAAK,SAAS;YAAE,OAAO;QAChD,MAAM,OAAO,CAAC,GAAG,CAAC;YAChB,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;YACtC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;YAC5C,GAAG,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;gBAC5B,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;aAChD,CAAC,CAAC,CAAC,EAAE,CAAC;SACR,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,YAAY,CAAC,KAAc;QACtC,MAAM,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;IACxC,CAAC;IAEO,WAAW;QACjB,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;IAC7E,CAAC;CACF;AAED,MAAM,UAAU,yBAAyB,CAAC,OAAyC;IACjF,OAAO,IAAI,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACjD,CAAC"}

package/example/config/model.yaml

@@ -7,8 +7,8 @@ spec:
     default: gpt_oss
     gpt_oss:
       provider: openai
-      base_url: https://ollama-rtx-4070.botbotgo.world/v1
+      base_url: https://ollama-rtx-4070.easynet.world/v1
       model: gpt-oss:latest
       apiKey: ollama
       options:
-        timeoutMs: 70000
+        timeoutMs: 300000

package/example/config/runtime.yaml

@@ -10,6 +10,10 @@ spec:
     - key: companyReportHtml
       path: output/company-report.html
 
+  # Resume interrupted runs by default so repeated invocations can continue
+  # from .agent/run-state.json instead of restarting from scratch.
+  resumeInterruptedRun: true
+
   # Workspace state persisted under the example root.
   stateDirName: .agent
   legacyOutputState: true
@@ -23,7 +27,7 @@ spec:
 
   # Execution limits tuned for a skill-driven report run.
   executeTimeoutMs: 60000
-  llmIdleTimeoutMs: 70000
+  llmIdleTimeoutMs: 300000
   heartbeatIntervalMs: 5000
   backend:
     type: local_shell
@@ -36,6 +40,20 @@ spec:
   malformedToolCallMaxRetries: 0
   idleTimeoutMaxRetries: 1
 
+  # Middleware guardrails can be tuned here without code changes.
+  middleware:
+    forbidScriptSourceRead: true
+    forbidAbsolutePathsOutsideWorkspace: true
+    commandPolicy:
+      blockFuzzyLsProbes: true
+      blockShellWrappedSkillScripts: true
+      blockChmodX: true
+      blockShellDashLc: true
+      blockDirectNetworkFetch: true
+      blockReportgenPipe: true
+      blockShellFileRedirection: true
+      blockAbsolutePathsOutsideWorkspace: true
+
   # Fine-grained event toggles. Prefer this over eventLogLevel when you need
   # explicit control over which runtime events are printed.
   debug:

package/example/package.json

@@ -8,7 +8,6 @@
     "build": "tsc --incremental --tsBuildInfoFile .tsbuildinfo",
     "start": "node --import tsx index.ts",
     "start:prod": "npm --prefix .. run build && npm run build && node dist/index.js",
-    "report:serve": "node serve-output.mjs",
     "dev": "tsx index.ts",
     "test": "npm run build"
   },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@botbotgo/runtime",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "description": "Runtime service and YAML config loader for deepagents-based agent apps",
   "type": "module",
   "main": "dist/index.js",

package/src/config/resolveRuntimeConfig.ts

@@ -7,6 +7,7 @@
 import type {
   AgentBackendConfigSpec,
   AgentRuntimeConfigResource,
+  AgentRuntimeMiddlewareSpec,
   KnownResource,
   MemoryConfigResource,
 } from "./resources.js";
@@ -48,6 +49,7 @@ export interface ResolvedAgentRuntimeConfig {
     key: string;
     path: string;
   }>;
+  resumeInterruptedRun?: boolean;
   stateDirName?: string;
   legacyOutputState?: boolean;
   executeTimeoutMs?: number;
@@ -60,6 +62,7 @@ export interface ResolvedAgentRuntimeConfig {
   malformedToolCallMaxRetries?: number;
   idleTimeoutMaxRetries?: number;
   heartbeatIntervalMs?: number;
+  middleware?: AgentRuntimeMiddlewareSpec;
   debug?: {
     run?: boolean;
     workspace?: boolean;
@@ -127,6 +130,7 @@ function resolveStore(s: MemoryConfigResource["spec"]["memory"]["thread"]): Memo
 function resolveRuntime(s: AgentRuntimeConfigResource["spec"]): ResolvedAgentRuntimeConfig {
   return {
     artifacts: s.artifacts,
+    resumeInterruptedRun: s.resumeInterruptedRun,
     stateDirName: s.stateDirName,
     legacyOutputState: s.legacyOutputState,
     executeTimeoutMs: s.executeTimeoutMs,
@@ -139,6 +143,7 @@ function resolveRuntime(s: AgentRuntimeConfigResource["spec"]): ResolvedAgentRun
     malformedToolCallMaxRetries: s.malformedToolCallMaxRetries,
     idleTimeoutMaxRetries: s.idleTimeoutMaxRetries,
     heartbeatIntervalMs: s.heartbeatIntervalMs,
+    middleware: s.middleware,
     debug: s.debug,
     eventLogLevel: s.eventLogLevel,
   };

package/src/config/resources.ts

@@ -95,11 +95,29 @@ export interface AgentBackendConfigSpec {
   maxOutputBytes?: number;
 }
 
+export interface AgentRuntimeCommandPolicySpec {
+  blockFuzzyLsProbes?: boolean;
+  blockShellWrappedSkillScripts?: boolean;
+  blockChmodX?: boolean;
+  blockShellDashLc?: boolean;
+  blockDirectNetworkFetch?: boolean;
+  blockReportgenPipe?: boolean;
+  blockShellFileRedirection?: boolean;
+  blockAbsolutePathsOutsideWorkspace?: boolean;
+}
+
+export interface AgentRuntimeMiddlewareSpec {
+  forbidScriptSourceRead?: boolean;
+  forbidAbsolutePathsOutsideWorkspace?: boolean;
+  commandPolicy?: AgentRuntimeCommandPolicySpec;
+}
+
 export interface AgentRuntimeConfigSpec {
   artifacts?: Array<{
     key: string;
     path: string;
   }>;
+  resumeInterruptedRun?: boolean;
   stateDirName?: string;
   legacyOutputState?: boolean;
   executeTimeoutMs?: number;
@@ -112,6 +130,7 @@ export interface AgentRuntimeConfigSpec {
   malformedToolCallMaxRetries?: number;
   idleTimeoutMaxRetries?: number;
   heartbeatIntervalMs?: number;
+  middleware?: AgentRuntimeMiddlewareSpec;
   debug?: {
     run?: boolean;
     workspace?: boolean;

package/src/runtime/bootstrap/runtimeFactory.ts

@@ -69,6 +69,7 @@ export class AgentRuntimeFactory {
       defaultEmptyRunMaxRetries: runtimeDeps.defaultEmptyRunMaxRetries,
       defaultMalformedToolCallMaxRetries: runtimeDeps.defaultMalformedToolCallMaxRetries,
       defaultIdleTimeoutMaxRetries: runtimeDeps.defaultIdleTimeoutMaxRetries,
+      defaultResumeInterruptedRun: runtimeDeps.defaultResumeInterruptedRun,
       defaultHeartbeatIntervalMs: runtimeDeps.defaultHeartbeatIntervalMs,
       defaultIdleTimeoutMs: runtimeDeps.defaultIdleTimeoutMs,
       artifactValidator: runtimeDeps.artifactValidator,
@@ -109,6 +110,7 @@ export class AgentRuntimeFactory {
       executeTimeoutMs: runtimeDeps.executeTimeoutMs,
       blockTaskTool: runtimeDeps.blockTaskTool,
       allowedToolNames: runtimeDeps.allowedToolNames,
+      policy: runtimeDeps.middleware,
       logger: runtimeDeps.logger,
       persistTodos: workspace.persistTodos.bind(workspace),
       humanLoop: runtimeDeps.humanLoop,
@@ -170,10 +172,13 @@ class RuntimeOptionsResolver {
         this.options.malformedToolCallMaxRetries ?? runtimeConfig.malformedToolCallMaxRetries,
       defaultIdleTimeoutMaxRetries:
         this.options.idleTimeoutMaxRetries ?? runtimeConfig.idleTimeoutMaxRetries,
+      defaultResumeInterruptedRun:
+        this.options.resumeInterruptedRun ?? runtimeConfig.resumeInterruptedRun,
       defaultHeartbeatIntervalMs:
         this.options.heartbeatIntervalMs ?? runtimeConfig.heartbeatIntervalMs,
       defaultIdleTimeoutMs:
         this.options.idleTimeoutMs ?? runtimeConfig.llmIdleTimeoutMs,
+      middleware: runtimeConfig.middleware,
     };
   }
 
@@ -207,6 +212,8 @@ interface ResolvedRuntimeOptions {
   defaultEmptyRunMaxRetries: number | undefined;
   defaultMalformedToolCallMaxRetries: number | undefined;
   defaultIdleTimeoutMaxRetries: number | undefined;
+  defaultResumeInterruptedRun: boolean | undefined;
   defaultHeartbeatIntervalMs: number | undefined;
   defaultIdleTimeoutMs: number | undefined;
+  middleware: ResolvedAgentRuntimeConfig["middleware"];
 }

package/src/runtime/execution/agentRunExecutor.ts

@@ -22,6 +22,7 @@ export class AgentRunExecutor {
   private readonly defaultEmptyRunMaxRetries?: number;
   private readonly defaultMalformedToolCallMaxRetries?: number;
   private readonly defaultIdleTimeoutMaxRetries?: number;
+  private readonly defaultResumeInterruptedRun?: boolean;
   private readonly defaultHeartbeatIntervalMs?: number;
   private readonly defaultIdleTimeoutMs?: number;
   private readonly artifactValidator?: ConstructorParams["artifactValidator"];
@@ -35,6 +36,7 @@ export class AgentRunExecutor {
     this.defaultEmptyRunMaxRetries = params.defaultEmptyRunMaxRetries;
     this.defaultMalformedToolCallMaxRetries = params.defaultMalformedToolCallMaxRetries;
     this.defaultIdleTimeoutMaxRetries = params.defaultIdleTimeoutMaxRetries;
+    this.defaultResumeInterruptedRun = params.defaultResumeInterruptedRun;
     this.defaultHeartbeatIntervalMs = params.defaultHeartbeatIntervalMs;
     this.defaultIdleTimeoutMs = params.defaultIdleTimeoutMs;
     this.artifactValidator = params.artifactValidator;
@@ -91,6 +93,7 @@ export class AgentRunExecutor {
 
     const run = await this.workspace.prepareRun({
       prompt: effectivePrompt,
+      resumeInterruptedRun: params.resumeInterruptedRun ?? this.defaultResumeInterruptedRun ?? true,
       fallbackThreadId: params.fallbackThreadId,
       resumeHint:
         params.resumeHint ??

package/src/runtime/execution/agentRunExecutor.types.ts

@@ -2,6 +2,7 @@ import type { DrainAgentStreamOptions } from "../stream/agentStream.js";
 import type { AgentWorkspaceState } from "../../state/workspaceState.js";
 
 export interface AgentRuntimeRunOptions<TChunk> {
+  resumeInterruptedRun?: boolean;
   resumeHint?: string;
   fallbackThreadId?: string;
   malformedToolCallMaxRetries?: number;
@@ -28,6 +29,7 @@ export interface ConstructorParams {
   defaultEmptyRunMaxRetries?: number;
   defaultMalformedToolCallMaxRetries?: number;
   defaultIdleTimeoutMaxRetries?: number;
+  defaultResumeInterruptedRun?: boolean;
   defaultHeartbeatIntervalMs?: number;
   defaultIdleTimeoutMs?: number;
   artifactValidator?: AgentRuntimeRunOptions<unknown>["artifactValidator"];

package/src/runtime/middleware/agentToolMiddleware.ts

@@ -11,6 +11,7 @@ import type {
   CreateAgentToolMiddlewareOptions,
   ToolArgs,
 } from "./types.js";
+import type { AgentRuntimeMiddlewareSpec } from "../../config/resources.js";
 
 export class AgentToolMiddlewareFactory {
   private readonly rootDir: string;
@@ -22,6 +23,7 @@ export class AgentToolMiddlewareFactory {
   private readonly executeTimeoutMs: number;
   private readonly blockTaskTool: boolean;
   private readonly allowedToolNames?: string[];
+  private readonly policy?: AgentRuntimeMiddlewareSpec;
   private readonly logger: (message: string) => void;
   private readonly persistTodos?: (todos: unknown[]) => Promise<void> | void;
   private readonly humanLoop?: CreateAgentToolMiddlewareOptions["humanLoop"];
@@ -39,6 +41,7 @@ export class AgentToolMiddlewareFactory {
     this.executeTimeoutMs = options.executeTimeoutMs ?? 60_000;
     this.blockTaskTool = options.blockTaskTool ?? false;
     this.allowedToolNames = options.allowedToolNames?.filter((name) => typeof name === "string" && name.trim().length > 0);
+    this.policy = options.policy;
     this.logger = options.logger ?? (() => {});
     this.persistTodos = options.persistTodos;
     this.humanLoop = options.humanLoop;
@@ -74,14 +77,15 @@ export class AgentToolMiddlewareFactory {
     const toolCallId = toolRequest.toolCall.id;
 
     if (this.blockTaskTool && name === "task") {
+      const error = "Error: Do not use the task tool. Use execute(), write_file(), and read_file() directly.";
       this.events?.emit({
         name: "agent.runtime2.tool.call.blocked",
         from: "agent-runtime2.middleware",
         to: name,
-        payload: { toolCallId, reason: "task_tool_disabled" },
+        payload: { toolCallId, reason: "task_tool_disabled", error },
       });
       return new this.ToolMessage({
-        content: "Error: Do not use the task tool. Use execute(), write_file(), and read_file() directly.",
+        content: error,
         tool_call_id: toolCallId ?? "blocked",
       });
     }
@@ -95,13 +99,15 @@ export class AgentToolMiddlewareFactory {
       this.rootDir,
       this.allowedToolNames,
       Object.values(this.skillPathMap),
+      this.policy,
     );
     if (blocked) {
+      const error = this.extractToolMessageContent(blocked);
       this.events?.emit({
         name: "agent.runtime2.tool.call.blocked",
         from: "agent-runtime2.middleware",
         to: name,
-        payload: { toolCallId, args, reason: "policy_violation" },
+        payload: { toolCallId, args, reason: "policy_violation", error },
       });
       return blocked;
     }
@@ -326,4 +332,14 @@ export class AgentToolMiddlewareFactory {
     }
     this.logger(`[tool] ${name}`);
   }
+
+  private extractToolMessageContent(value: unknown): string | undefined {
+    if (!value || typeof value !== "object") {
+      return undefined;
+    }
+    const candidate = value as { content?: unknown };
+    return typeof candidate.content === "string" && candidate.content.trim()
+      ? candidate.content.trim()
+      : undefined;
+  }
 }

package/src/runtime/middleware/commandPolicy.ts

@@ -1,3 +1,4 @@
+import type { AgentRuntimeCommandPolicySpec } from "../../config/resources.js";
 import type { ToolMessageConstructorLike, ToolMessageLike } from "./types.js";
 
 export class CommandPolicy {
@@ -7,34 +8,45 @@ export class CommandPolicy {
     ToolMessage: ToolMessageConstructorLike,
     rootDir: string,
     allowedPathPrefixes: string[] = [],
+    policy?: AgentRuntimeCommandPolicySpec,
   ): ToolMessageLike | null {
-    const message = this.getViolationMessage(command, rootDir, allowedPathPrefixes);
+    const message = this.getViolationMessage(command, rootDir, allowedPathPrefixes, policy);
     return message ? new ToolMessage({ content: message, tool_call_id: toolCallId ?? "execute" }) : null;
   }
 
-  private static getViolationMessage(command: string, rootDir: string, allowedPathPrefixes: string[]): string | null {
-    if (/\bls\b/.test(command) && command.includes("?")) {
+  private static getViolationMessage(
+    command: string,
+    rootDir: string,
+    allowedPathPrefixes: string[],
+    policy?: AgentRuntimeCommandPolicySpec,
+  ): string | null {
+    if (policy?.blockFuzzyLsProbes !== false && /\bls\b/.test(command) && command.includes("?")) {
       return "Error: Do not run fuzzy ls probes with unknown paths. Continue with known workflow commands.";
     }
-    if ((/\bbash\b/i.test(command) || /\/bin\/bash\b/i.test(command) || /\bzsh\b/i.test(command)) && command.includes("/scripts/")) {
+    if (
+      policy?.blockShellWrappedSkillScripts !== false
+      && (/\bbash\b/i.test(command) || /\/bin\/bash\b/i.test(command) || /\bzsh\b/i.test(command))
+      && command.includes("/scripts/")
+    ) {
       return "Error: Do not wrap skill scripts with `bash`. Execute the script path directly.";
     }
-    if (/\bchmod\s+\+x\b/i.test(command)) {
+    if (policy?.blockChmodX !== false && /\bchmod\s+\+x\b/i.test(command)) {
       return "Error: Do not run chmod +x. Use direct execution of the target command or script.";
     }
-    if (/\b(?:ba)?sh\s+-lc\b/i.test(command)) {
+    if (policy?.blockShellDashLc !== false && /\b(?:ba)?sh\s+-lc\b/i.test(command)) {
       return "Error: Do not wrap command execution with shell -lc. Execute the target command directly.";
     }
-    if (/\b(curl|wget)\b/i.test(command)) {
+    if (policy?.blockDirectNetworkFetch !== false && /\b(curl|wget)\b/i.test(command)) {
       return "Error: Do not execute direct network fetch commands. Use provided scripts/tools and then write results with write_file/edit_file.";
     }
-    if (/\|\s*reportgen\b/i.test(command)) {
+    if (policy?.blockReportgenPipe !== false && /\|\s*reportgen\b/i.test(command)) {
       return "Error: Do not pipe output to ad-hoc generators. Use write_file/edit_file for artifact generation.";
     }
-    if (/(^|[\s;|&])(?:echo|cat|printf)[^|&;]*>\s*[^\s]+/i.test(command)) {
+    if (policy?.blockShellFileRedirection !== false && /(^|[\s;|&])(?:echo|cat|printf)[^|&;]*>\s*[^\s]+/i.test(command)) {
       return "Error: Do not write files via shell redirection in execute. Use write_file/edit_file tools.";
     }
-    return this.containsAbsolutePathOutsideWorkspace(command, rootDir, allowedPathPrefixes)
+    return (policy?.blockAbsolutePathsOutsideWorkspace !== false)
+      && this.containsAbsolutePathOutsideWorkspace(command, rootDir, allowedPathPrefixes)
       ? "Error: Do not execute commands with absolute paths outside workspace root. Use workspace-relative paths only."
       : null;
   }

package/src/runtime/middleware/frameworkPrompt.ts

@@ -37,9 +37,8 @@ export class FrameworkPrompt {
       if (skillEntries.length === 1) {
         baseRules.push("- Because only one skill is active, `${SKILL_PATH}` also resolves to that skill directory.");
       }
-      baseRules.push("- `${SKILL_PATH...}` is only for skill-owned assets such as scripts/, references/, templates, and static inputs explicitly required by the SKILL.");
-      baseRules.push("- Do not use `${SKILL_PATH...}` for exploration, listing, globbing, discovery, or inspection. Do not call ls/glob/read_file on a skill path unless the user explicitly asks for skill source or contents.");
-      baseRules.push("- If a SKILL provides an explicit script command using `${SKILL_PATH...}` and `${WORKSPACE}`, execute that command directly instead of exploring the skill directory first.");
+      baseRules.push("- `${SKILL_PATH...}` is only for exact skill-owned files explicitly required by the active SKILL.");
+      baseRules.push("- If a SKILL provides an explicit script command using `${SKILL_PATH...}` and `${WORKSPACE}`, execute that command directly without exploring the skill directory.");
     }
 
     const frameworkPrompt = baseRules.join("\n");

package/src/runtime/middleware/toolArgsNormalizer.ts

@@ -72,6 +72,12 @@ export class ToolArgsNormalizer {
     for (const key of TOOL_PATH_ARG_KEYS) {
       const value = nextArgs[key];
       if (!this.shouldNormalizePath(value)) {
+        if (typeof value === "string") {
+          const normalizedRelative = this.normalizeWorkspaceRelativePath(rootDir, value);
+          if (normalizedRelative !== value) {
+            nextArgs = { ...nextArgs, [key]: normalizedRelative };
+          }
+        }
         continue;
       }
       if (this.isResolvableAbsolutePath(rootDir, value)) {
@@ -192,6 +198,10 @@ export class ToolArgsNormalizer {
     if (!this.looksLikeRelativePath(value) || value.startsWith("./") || value.startsWith("../")) {
       return value;
     }
+    const normalizedRelative = this.normalizeWorkspaceRelativePath(rootDir, value);
+    if (normalizedRelative !== value) {
+      return normalizedRelative;
+    }
     if (existsSync(resolve(rootDir, value))) {
       return value;
     }
@@ -211,6 +221,32 @@ export class ToolArgsNormalizer {
     return value.includes("/") && !value.startsWith("/") && !value.startsWith("~") && !value.startsWith("-");
   }
 
+  private static normalizeWorkspaceRelativePath(rootDir: string, value: string): string {
+    const normalizedValue = value.replace(/\\/g, "/").replace(/^\.\/+/, "");
+    if (!this.looksLikeRelativePath(normalizedValue)) {
+      return value;
+    }
+
+    const rootSegments = rootDir.replace(/\\/g, "/").split("/").filter(Boolean);
+    const valueSegments = normalizedValue.split("/").filter(Boolean);
+    if (valueSegments.length < 2 || rootSegments.length < 2) {
+      return value;
+    }
+
+    for (let index = 0; index <= rootSegments.length - 2; index += 1) {
+      const suffixSegments = rootSegments.slice(index);
+      if (valueSegments.length <= suffixSegments.length) {
+        continue;
+      }
+      const matches = suffixSegments.every((segment, suffixIndex) => valueSegments[suffixIndex] === segment);
+      if (matches) {
+        return valueSegments.slice(suffixSegments.length).join("/");
+      }
+    }
+
+    return value;
+  }
+
   private static quoteCommandPart(value: string): string {
     return /^[A-Za-z0-9_./:@=-]+$/.test(value)
       ? value

package/src/runtime/middleware/toolCallGuard.ts

@@ -1,3 +1,4 @@
+import type { AgentRuntimeMiddlewareSpec } from "../../config/resources.js";
 import { CommandPolicy } from "./commandPolicy.js";
 import { ToolArgsNormalizer } from "./toolArgsNormalizer.js";
 import { TOOL_PATH_ARG_KEYS, type ToolArgs, type ToolMessageConstructorLike, type ToolMessageLike } from "./types.js";
@@ -11,6 +12,7 @@ export class ToolCallGuard {
     rootDir: string,
     allowedToolNames?: string[],
     allowedPathPrefixes: string[] = [],
+    policy?: AgentRuntimeMiddlewareSpec,
   ): ToolMessageLike | null {
     if (allowedToolNames?.length && !this.isToolAllowed(name, allowedToolNames)) {
       return new ToolMessage({
@@ -18,20 +20,40 @@ export class ToolCallGuard {
         tool_call_id: toolCallId ?? name,
       });
     }
-    if ((name === "read_file" || name === "edit_file") && this.isScriptSourcePath(args, rootDir)) {
+    if (
+      policy?.forbidScriptSourceRead !== false
+      && (name === "read_file" || name === "edit_file")
+      && this.isScriptSourcePath(args, rootDir)
+    ) {
       return new ToolMessage({
         content: "Error: Do not inspect script source files unless the user explicitly asks for script code.",
         tool_call_id: toolCallId ?? name,
       });
     }
-    if (this.hasAbsolutePathArgOutsideWorkspace(args, rootDir, allowedPathPrefixes)) {
+    if ((name === "read_file" || name === "edit_file") && this.isInternalStatePath(args, rootDir)) {
+      return new ToolMessage({
+        content: "Error: Do not inspect internal runtime state files under .agent/. Follow the SKILL workflow instead.",
+        tool_call_id: toolCallId ?? name,
+      });
+    }
+    if (
+      policy?.forbidAbsolutePathsOutsideWorkspace !== false
+      && this.hasAbsolutePathArgOutsideWorkspace(args, rootDir, allowedPathPrefixes)
+    ) {
       return new ToolMessage({
         content: "Error: Do not use absolute filesystem paths outside workspace root. Use workspace-relative paths only.",
         tool_call_id: toolCallId ?? name,
       });
     }
     if (name === "execute" && typeof args.command === "string") {
-      return CommandPolicy.maybeBlockExecuteCommand(args.command, toolCallId, ToolMessage, rootDir, allowedPathPrefixes);
+      return CommandPolicy.maybeBlockExecuteCommand(
+        args.command,
+        toolCallId,
+        ToolMessage,
+        rootDir,
+        allowedPathPrefixes,
+        policy?.commandPolicy,
+      );
     }
     return null;
   }
@@ -70,4 +92,16 @@ export class ToolCallGuard {
         ToolArgsNormalizer.resolveScriptSourcePath(rootDir, value).includes("/scripts/");
     });
   }
+
+  private static isInternalStatePath(args: ToolArgs, rootDir: string): boolean {
+    const normalizedRoot = rootDir.replace(/\\/g, "/");
+    return TOOL_PATH_ARG_KEYS.some((key) => {
+      const value = args[key];
+      if (typeof value !== "string" || !value.trim()) {
+        return false;
+      }
+      const resolved = ToolArgsNormalizer.resolveScriptSourcePath(rootDir, value);
+      return resolved === `${normalizedRoot}/.agent` || resolved.startsWith(`${normalizedRoot}/.agent/`);
+    });
+  }
 }

package/src/runtime/middleware/types.ts

@@ -2,6 +2,7 @@ import type {
   HumanLoopService,
   HumanLoopToolPolicy,
 } from "../human-loop/humanLoop.js";
+import type { AgentRuntimeMiddlewareSpec } from "../../config/resources.js";
 
 export const TOOL_PATH_ARG_KEYS = ["file_path", "path"] as const;
 export const MAX_LS_ENTRIES = 200;
@@ -80,6 +81,7 @@ export interface CreateAgentToolMiddlewareOptions {
   executeTimeoutMs?: number;
   blockTaskTool?: boolean;
   allowedToolNames?: string[];
+  policy?: AgentRuntimeMiddlewareSpec;
   logger?: (message: string) => void;
   persistTodos?: (todos: unknown[]) => Promise<void> | void;
   humanLoop?: HumanLoopService;

package/src/runtime/runtimeService.ts

@@ -43,6 +43,7 @@ export interface CreateAgentRuntimeOptions
   emptyRunMaxRetries?: number;
   malformedToolCallMaxRetries?: number;
   idleTimeoutMaxRetries?: number;
+  resumeInterruptedRun?: boolean;
   heartbeatIntervalMs?: number;
   idleTimeoutMs?: number;
   artifactValidator?: (context: {
@@ -104,6 +105,7 @@ export class AgentRuntimeService implements AgentRuntime {
     defaultEmptyRunMaxRetries?: number;
     defaultMalformedToolCallMaxRetries?: number;
     defaultIdleTimeoutMaxRetries?: number;
+    defaultResumeInterruptedRun?: boolean;
     defaultHeartbeatIntervalMs?: number;
     defaultIdleTimeoutMs?: number;
     artifactValidator?: CreateAgentRuntimeOptions["artifactValidator"];
@@ -130,6 +132,7 @@ export class AgentRuntimeService implements AgentRuntime {
       defaultEmptyRunMaxRetries: params.defaultEmptyRunMaxRetries,
       defaultMalformedToolCallMaxRetries: params.defaultMalformedToolCallMaxRetries,
       defaultIdleTimeoutMaxRetries: params.defaultIdleTimeoutMaxRetries,
+      defaultResumeInterruptedRun: params.defaultResumeInterruptedRun,
       defaultHeartbeatIntervalMs: params.defaultHeartbeatIntervalMs,
       defaultIdleTimeoutMs: params.defaultIdleTimeoutMs,
       artifactValidator: params.artifactValidator,

package/src/runtime/stream/runArtifacts.ts

@@ -27,7 +27,9 @@ export class RunArtifactService {
     todosFile: string,
     trackedArtifactFiles: string[],
   ): string[] {
-    return [runStateFile, todosFile, ...trackedArtifactFiles]
+    void runStateFile;
+    void todosFile;
+    return trackedArtifactFiles
       .map((file) => relative(rootDir, file))
       .filter(Boolean);
   }

package/src/state/runState.ts

@@ -71,12 +71,30 @@ export class AgentRunStateStore {
 
   public buildResumePrompt(basePrompt: string, previousState: AgentRunState | null, resumeHint: string): string {
     if (previousState?.status !== "running") return basePrompt;
-    return `${basePrompt}\n\n${resumeHint}`;
+    const checkpoint = {
+      threadId: previousState.threadId,
+      stepCount: previousState.stepCount,
+      lastSummary: previousState.lastSummary?.trim() || "n/a",
+      artifacts: this.summarizeArtifacts(previousState.artifacts),
+      rules: [
+        "Do not read .agent/*",
+        "Do not re-read existing outputs unless verification is required",
+      ],
+      resumeHint: resumeHint.trim() || undefined,
+    };
+    return `${basePrompt}\n\nRESUME_CHECKPOINT\n${JSON.stringify(checkpoint, null, 2)}`;
   }
 
   public getThreadId(previousState: AgentRunState | null, fallbackThreadId: string): string {
     return previousState?.status === "running" ? previousState.threadId : fallbackThreadId;
   }
+
+  private summarizeArtifacts(artifacts: Record<string, unknown>): Record<string, "ready" | "missing"> | undefined {
+    const entries = Object.entries(artifacts)
+      .filter(([key]) => /Present$/.test(key))
+      .map(([key, value]) => [key.replace(/Present$/, ""), value === true ? "ready" : "missing"] as const);
+    return entries.length > 0 ? Object.fromEntries(entries) : undefined;
+  }
 }
 
 export function createAgentRunStateStore(options: CreateAgentRunStateStoreOptions) {