@companyhelm/runner 0.1.1 → 0.1.3

package/dist/preflight/runner_preflight.js

@@ -0,0 +1,56 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RunnerPreflight = void 0;
+function toErrorMessage(error) {
+    return error instanceof Error ? error.message : String(error);
+}
+class RunnerPreflight {
+    constructor(checks) {
+        this.checks = checks;
+    }
+    async run(options = {}) {
+        const results = [];
+        for (const check of this.checks) {
+            results.push(await this.runCheck(check, options.applyFixes === true));
+        }
+        return {
+            passed: results.every((result) => result.status !== "failed"),
+            results,
+        };
+    }
+    async runCheck(check, applyFixes) {
+        let result = await this.safeRun(check);
+        if (applyFixes && result.status === "failed" && result.fixAvailable) {
+            try {
+                await check.fix();
+            }
+            catch (error) {
+                return {
+                    ...result,
+                    id: check.id,
+                    description: check.description,
+                    summary: `${result.summary} Fix attempt failed: ${toErrorMessage(error)}`,
+                };
+            }
+            result = await this.safeRun(check);
+        }
+        return {
+            ...result,
+            id: check.id,
+            description: check.description,
+        };
+    }
+    async safeRun(check) {
+        try {
+            return await check.run();
+        }
+        catch (error) {
+            return {
+                status: "failed",
+                summary: `Check execution failed: ${toErrorMessage(error)}`,
+                fixAvailable: false,
+            };
+        }
+    }
+}
+exports.RunnerPreflight = RunnerPreflight;

package/dist/provisioning/host_provisioning/thread_metadata_store.js

@@ -0,0 +1,249 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ThreadMetadataStore = void 0;
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const thread_workspace_provisioner_js_1 = require("./thread_workspace_provisioner.js");
+const THREAD_GIT_SKILLS_CONFIG_FILENAME = "thread-git-skills.json";
+const THREAD_MCP_CONFIG_FILENAME = "thread-mcp.json";
+function toErrorMessage(error) {
+    return error instanceof Error ? error.message : String(error);
+}
+function normalizeNonEmptyString(value) {
+    if (typeof value !== "string") {
+        return null;
+    }
+    const trimmed = value.trim();
+    return trimmed.length > 0 ? trimmed : null;
+}
+function isRecord(value) {
+    return typeof value === "object" && value !== null;
+}
+function isHttpsRepositoryUrl(value) {
+    try {
+        const parsed = new URL(value);
+        return parsed.protocol === "https:";
+    }
+    catch {
+        return false;
+    }
+}
+function normalizeThreadGitSkillDirectoryPath(value) {
+    const trimmed = value.trim();
+    if (!trimmed || trimmed.startsWith("/") || trimmed.includes("\\")) {
+        return null;
+    }
+    const segments = trimmed.split("/").map((segment) => segment.trim()).filter((segment) => segment.length > 0);
+    if (segments.length === 0 || segments.some((segment) => segment === "." || segment === "..")) {
+        return null;
+    }
+    return segments.join("/");
+}
+function parseThreadMcpConfig(content) {
+    if (!isRecord(content) || !Array.isArray(content.servers)) {
+        return null;
+    }
+    const parsedServers = [];
+    for (const rawServer of content.servers) {
+        if (!isRecord(rawServer)) {
+            return null;
+        }
+        const name = normalizeNonEmptyString(rawServer.name);
+        const transport = rawServer.transport;
+        const authType = rawServer.authType;
+        if (!name ||
+            (transport !== "stdio" && transport !== "streamable_http") ||
+            (authType !== "none" && authType !== "bearer_token")) {
+            return null;
+        }
+        const args = Array.isArray(rawServer.args) && rawServer.args.every((arg) => typeof arg === "string")
+            ? rawServer.args
+            : [];
+        const envVars = Array.isArray(rawServer.envVars)
+            ? rawServer.envVars
+                .filter((entry) => isRecord(entry))
+                .map((entry) => ({
+                key: normalizeNonEmptyString(entry.key) ?? "",
+                value: typeof entry.value === "string" ? entry.value : "",
+            }))
+                .filter((entry) => entry.key.length > 0)
+            : [];
+        const headers = Array.isArray(rawServer.headers)
+            ? rawServer.headers
+                .filter((entry) => isRecord(entry))
+                .map((entry) => ({
+                key: normalizeNonEmptyString(entry.key) ?? "",
+                value: typeof entry.value === "string" ? entry.value : "",
+            }))
+                .filter((entry) => entry.key.length > 0)
+            : [];
+        if (transport === "stdio") {
+            const command = normalizeNonEmptyString(rawServer.command);
+            if (!command) {
+                return null;
+            }
+            parsedServers.push({
+                name,
+                transport,
+                command,
+                args,
+                envVars,
+                authType,
+                headers: [],
+            });
+            continue;
+        }
+        const url = normalizeNonEmptyString(rawServer.url);
+        const bearerToken = authType === "bearer_token"
+            ? normalizeNonEmptyString(rawServer.bearerToken)
+            : null;
+        if (!url || (authType === "bearer_token" && !bearerToken)) {
+            return null;
+        }
+        parsedServers.push({
+            name,
+            transport,
+            args: [],
+            envVars: [],
+            url,
+            authType,
+            bearerToken,
+            headers,
+        });
+    }
+    return parsedServers;
+}
+function parseThreadGitSkillsConfig(content) {
+    if (!isRecord(content) || !Array.isArray(content.packages)) {
+        return null;
+    }
+    const parsedPackages = [];
+    for (const rawPackage of content.packages) {
+        if (!isRecord(rawPackage)) {
+            return null;
+        }
+        const repositoryUrl = normalizeNonEmptyString(rawPackage.repositoryUrl);
+        const commitReference = normalizeNonEmptyString(rawPackage.commitReference);
+        const checkoutDirectoryName = normalizeNonEmptyString(rawPackage.checkoutDirectoryName);
+        const rawSkills = rawPackage.skills;
+        if (!repositoryUrl ||
+            !isHttpsRepositoryUrl(repositoryUrl) ||
+            !commitReference ||
+            !checkoutDirectoryName ||
+            checkoutDirectoryName.includes("/") ||
+            checkoutDirectoryName.includes("\\") ||
+            !Array.isArray(rawSkills)) {
+            return null;
+        }
+        const parsedSkills = [];
+        for (const rawSkill of rawSkills) {
+            if (!isRecord(rawSkill)) {
+                return null;
+            }
+            const directoryPath = normalizeThreadGitSkillDirectoryPath(normalizeNonEmptyString(rawSkill.directoryPath) ?? "");
+            const linkName = normalizeNonEmptyString(rawSkill.linkName);
+            if (!directoryPath ||
+                !linkName ||
+                linkName.includes("/") ||
+                linkName.includes("\\") ||
+                linkName.trim() === "." ||
+                linkName.trim() === "..") {
+                return null;
+            }
+            parsedSkills.push({ directoryPath, linkName });
+        }
+        if (parsedSkills.length === 0) {
+            continue;
+        }
+        parsedPackages.push({
+            repositoryUrl,
+            commitReference,
+            checkoutDirectoryName,
+            skills: parsedSkills,
+        });
+    }
+    return parsedPackages;
+}
+class ThreadMetadataStore {
+    constructor(configDirectory, logger) {
+        this.configDirectory = configDirectory;
+        this.logger = logger;
+    }
+    resolveThreadMetadataPath(threadId, filename) {
+        return (0, node_path_1.join)((0, thread_workspace_provisioner_js_1.resolveThreadMetadataDirectory)(this.configDirectory, threadId), filename);
+    }
+    writeJsonFile(threadId, filename, payload) {
+        const filePath = this.resolveThreadMetadataPath(threadId, filename);
+        const directoryPath = (0, thread_workspace_provisioner_js_1.resolveThreadMetadataDirectory)(this.configDirectory, threadId);
+        const temporaryPath = `${filePath}.tmp`;
+        try {
+            (0, node_fs_1.mkdirSync)(directoryPath, { recursive: true });
+            (0, node_fs_1.writeFileSync)(temporaryPath, `${JSON.stringify(payload, null, 2)}\n`, "utf8");
+            (0, node_fs_1.renameSync)(temporaryPath, filePath);
+        }
+        catch (error) {
+            this.logger.warn(`Failed writing thread metadata at '${filePath}': ${toErrorMessage(error)}`);
+        }
+    }
+    removeFile(threadId, filename) {
+        const filePath = this.resolveThreadMetadataPath(threadId, filename);
+        (0, node_fs_1.rmSync)(filePath, { force: true });
+        (0, node_fs_1.rmSync)(`${filePath}.tmp`, { force: true });
+    }
+    writeThreadMcpConfig(threadId, mcpServers) {
+        if (mcpServers.length === 0) {
+            this.removeFile(threadId, THREAD_MCP_CONFIG_FILENAME);
+            return;
+        }
+        this.writeJsonFile(threadId, THREAD_MCP_CONFIG_FILENAME, { servers: mcpServers });
+    }
+    readThreadMcpConfig(threadId) {
+        const filePath = this.resolveThreadMetadataPath(threadId, THREAD_MCP_CONFIG_FILENAME);
+        try {
+            const parsed = JSON.parse((0, node_fs_1.readFileSync)(filePath, "utf8"));
+            const mcpServers = parseThreadMcpConfig(parsed);
+            if (!mcpServers) {
+                this.logger.warn(`Thread MCP config has invalid shape at '${filePath}'.`);
+                return [];
+            }
+            return mcpServers;
+        }
+        catch (error) {
+            if (error && typeof error === "object" && "code" in error && error.code === "ENOENT") {
+                return [];
+            }
+            this.logger.warn(`Failed reading thread MCP config at '${filePath}': ${toErrorMessage(error)}`);
+            return [];
+        }
+    }
+    writeThreadGitSkillsConfig(threadId, gitSkillPackages) {
+        if (gitSkillPackages.length === 0) {
+            this.removeFile(threadId, THREAD_GIT_SKILLS_CONFIG_FILENAME);
+            return;
+        }
+        this.writeJsonFile(threadId, THREAD_GIT_SKILLS_CONFIG_FILENAME, { packages: gitSkillPackages });
+    }
+    readThreadGitSkillsConfig(threadId) {
+        const filePath = this.resolveThreadMetadataPath(threadId, THREAD_GIT_SKILLS_CONFIG_FILENAME);
+        try {
+            const parsed = JSON.parse((0, node_fs_1.readFileSync)(filePath, "utf8"));
+            const packages = parseThreadGitSkillsConfig(parsed);
+            if (!packages) {
+                this.logger.warn(`Thread git skills config has invalid shape at '${filePath}'.`);
+                return [];
+            }
+            return packages;
+        }
+        catch (error) {
+            if (error && typeof error === "object" && "code" in error && error.code === "ENOENT") {
+                return [];
+            }
+            this.logger.warn(`Failed reading thread git skills config at '${filePath}': ${toErrorMessage(error)}`);
+            return [];
+        }
+    }
+    removeThreadMetadata(threadId) {
+        (0, node_fs_1.rmSync)((0, thread_workspace_provisioner_js_1.resolveThreadMetadataDirectory)(this.configDirectory, threadId), { recursive: true, force: true });
+    }
+}
+exports.ThreadMetadataStore = ThreadMetadataStore;

package/dist/provisioning/host_provisioning/thread_metadata_types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/provisioning/host_provisioning/thread_workspace_provisioner.js

@@ -0,0 +1,57 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ThreadWorkspaceProvisioner = void 0;
+exports.resolveThreadWorkspaceDirectory = resolveThreadWorkspaceDirectory;
+exports.resolveThreadMetadataDirectory = resolveThreadMetadataDirectory;
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const path_js_1 = require("../../utils/path.js");
+const thread_lifecycle_js_1 = require("../../service/thread_lifecycle.js");
+function resolveSharedWorkspacePath(workspacePath) {
+    const expandedWorkspacePath = (0, path_js_1.expandHome)(workspacePath);
+    if ((0, node_path_1.isAbsolute)(expandedWorkspacePath)) {
+        return expandedWorkspacePath;
+    }
+    return (0, node_path_1.resolve)(process.cwd(), expandedWorkspacePath);
+}
+function resolveThreadWorkspaceDirectory(options) {
+    if (options.useDedicatedWorkspaces) {
+        return (0, thread_lifecycle_js_1.resolveThreadDirectory)(options.configDirectory, options.workspacesDirectory, options.threadId);
+    }
+    return resolveSharedWorkspacePath(options.workspacePath);
+}
+function resolveThreadMetadataDirectory(configDirectory, threadId) {
+    return (0, node_path_1.join)((0, path_js_1.expandHome)(configDirectory), "thread-metadata", `thread-${threadId}`);
+}
+class ThreadWorkspaceProvisioner {
+    constructor(configDirectory, workspacesDirectory, workspacePath, useDedicatedWorkspaces) {
+        this.configDirectory = configDirectory;
+        this.workspacesDirectory = workspacesDirectory;
+        this.workspacePath = workspacePath;
+        this.useDedicatedWorkspaces = useDedicatedWorkspaces;
+    }
+    resolveWorkspaceDirectory(threadId) {
+        return resolveThreadWorkspaceDirectory({
+            configDirectory: this.configDirectory,
+            workspacesDirectory: this.workspacesDirectory,
+            workspacePath: this.workspacePath,
+            useDedicatedWorkspaces: this.useDedicatedWorkspaces,
+            threadId,
+        });
+    }
+    ensureWorkspaceDirectory(threadId) {
+        const workspaceDirectory = this.resolveWorkspaceDirectory(threadId);
+        (0, node_fs_1.mkdirSync)(workspaceDirectory, { recursive: true });
+        return workspaceDirectory;
+    }
+    removeWorkspaceDirectory(threadId, workspaceDirectory) {
+        if (!this.useDedicatedWorkspaces) {
+            return;
+        }
+        if (workspaceDirectory !== this.resolveWorkspaceDirectory(threadId)) {
+            return;
+        }
+        (0, node_fs_1.rmSync)(workspaceDirectory, { recursive: true, force: true });
+    }
+}
+exports.ThreadWorkspaceProvisioner = ThreadWorkspaceProvisioner;

package/dist/provisioning/runtime_provisioning/script_renderer.js

@@ -0,0 +1,130 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RuntimeProvisioningScriptRenderer = void 0;
+const node_path_1 = require("node:path");
+const runtime_bashrc_js_1 = require("../../service/runtime_bashrc.js");
+const runtime_shell_js_1 = require("../../service/runtime_shell.js");
+const template_renderer_js_1 = require("../template_renderer.js");
+function shellQuote(value) {
+    return `'${value.replace(/'/g, `'"'"'`)}'`;
+}
+function resolveThreadGitSkillsCloneRootDirectory(options) {
+    return options.cloneRootDirectory.trim().length > 0
+        ? options.cloneRootDirectory.trim()
+        : "/skills";
+}
+class RuntimeProvisioningScriptRenderer {
+    constructor(templateRenderer = new template_renderer_js_1.TemplateRenderer()) {
+        this.templateRenderer = templateRenderer;
+    }
+    renderIdentityScript(user) {
+        return this.templateRenderer.render("provisioning/runtime_identity.sh.j2", {
+            agent_user: shellQuote(user.agentUser),
+            agent_home: shellQuote(user.agentHomeDirectory),
+            agent_uid: shellQuote(String(user.uid)),
+            agent_gid: shellQuote(String(user.gid)),
+        });
+    }
+    renderToolingValidationScript(user) {
+        return this.templateRenderer.render("provisioning/runtime_tooling_validation.sh.j2", {
+            bootstrap: (0, runtime_shell_js_1.buildNvmCodexBootstrapScript)(user.agentHomeDirectory),
+        });
+    }
+    renderBashrcScript(user) {
+        return this.templateRenderer.render("provisioning/runtime_bashrc.sh.j2", {
+            agent_home: shellQuote(user.agentHomeDirectory),
+            bashrc_content: shellQuote((0, runtime_bashrc_js_1.renderRuntimeBashrc)(user.agentHomeDirectory)),
+        });
+    }
+    renderCodexConfigScript(user, configToml) {
+        return this.templateRenderer.render("provisioning/runtime_codex_config.sh.j2", {
+            agent_home: shellQuote(user.agentHomeDirectory),
+            config_content: shellQuote(configToml),
+        });
+    }
+    renderAgentCliConfigScript(user, config) {
+        const configDirectory = (0, node_path_1.join)(user.agentHomeDirectory, ".config", "companyhelm-agent-cli");
+        const configPath = (0, node_path_1.join)(configDirectory, "config.json");
+        const configContent = `${JSON.stringify(config, null, 2)}\n`;
+        return this.templateRenderer.render("provisioning/runtime_agent_cli_config.sh.j2", {
+            config_dir: shellQuote(configDirectory),
+            config_path: shellQuote(configPath),
+            config_content: shellQuote(configContent),
+        });
+    }
+    renderGitConfigScript(gitUserName, gitUserEmail) {
+        return this.templateRenderer.render("provisioning/runtime_git_config.sh.j2", {
+            default_git_user_name: shellQuote(gitUserName),
+            default_git_user_email: shellQuote(gitUserEmail),
+        });
+    }
+    renderThreadGitSkillsCloneScript(options) {
+        const cloneRootDirectory = resolveThreadGitSkillsCloneRootDirectory(options);
+        const packageBlocks = options.packages.map((pkg) => {
+            const checkoutPath = (0, node_path_1.join)(cloneRootDirectory, pkg.checkoutDirectoryName);
+            const sourceMarkerPath = (0, node_path_1.join)(checkoutPath, ".companyhelm-source");
+            return [
+                `PACKAGE_DIR=${shellQuote(checkoutPath)}`,
+                `PACKAGE_SOURCE_MARKER=${shellQuote(sourceMarkerPath)}`,
+                `PACKAGE_REPO_URL=${shellQuote(pkg.repositoryUrl)}`,
+                `PACKAGE_COMMIT_REF=${shellQuote(pkg.commitReference)}`,
+                'if [ ! -d "$PACKAGE_DIR/.git" ] || [ ! -f "$PACKAGE_SOURCE_MARKER" ] || [ "$(cat "$PACKAGE_SOURCE_MARKER")" != "$PACKAGE_REPO_URL#$PACKAGE_COMMIT_REF" ]; then',
+                '  rm -rf "$PACKAGE_DIR"',
+                '  if ! git clone --depth 1 --branch "$PACKAGE_COMMIT_REF" "$PACKAGE_REPO_URL" "$PACKAGE_DIR"; then',
+                '    rm -rf "$PACKAGE_DIR"',
+                '    git clone --depth 1 "$PACKAGE_REPO_URL" "$PACKAGE_DIR"',
+                '    git -C "$PACKAGE_DIR" fetch --depth 1 origin "$PACKAGE_COMMIT_REF"',
+                '    git -C "$PACKAGE_DIR" checkout --detach FETCH_HEAD',
+                "  fi",
+                '  printf \'%s\' "$PACKAGE_REPO_URL#$PACKAGE_COMMIT_REF" > "$PACKAGE_SOURCE_MARKER"',
+                "fi",
+                'chmod -R a+rX "$PACKAGE_DIR" || true',
+            ].join("\n");
+        }).join("\n\n");
+        return this.templateRenderer.render("provisioning/runtime_thread_git_skills_clone.sh.j2", {
+            skills_root: shellQuote(cloneRootDirectory),
+            package_blocks: packageBlocks,
+        });
+    }
+    renderThreadGitSkillsLinkScript(user, options) {
+        const cloneRootDirectory = resolveThreadGitSkillsCloneRootDirectory(options);
+        const codexSkillsDirectory = (0, node_path_1.join)(user.agentHomeDirectory, ".codex", "skills");
+        const skillBlocks = options.packages.flatMap((pkg) => pkg.skills.map((skill) => [
+            `SKILL_SOURCE=${shellQuote((0, node_path_1.join)(cloneRootDirectory, pkg.checkoutDirectoryName, skill.directoryPath))}`,
+            `SKILL_LINK=${shellQuote((0, node_path_1.join)(codexSkillsDirectory, skill.linkName))}`,
+            'if [ ! -d "$SKILL_SOURCE" ]; then',
+            '  echo "Thread git skill directory not found: $SKILL_SOURCE" >&2',
+            "  exit 1",
+            "fi",
+            'if [ ! -f "$SKILL_SOURCE/SKILL.md" ]; then',
+            '  echo "Thread git skill directory is missing SKILL.md: $SKILL_SOURCE" >&2',
+            "  exit 1",
+            "fi",
+            'rm -rf "$SKILL_LINK"',
+            'ln -s "$SKILL_SOURCE" "$SKILL_LINK"',
+        ].join("\n"))).join("\n\n");
+        return this.templateRenderer.render("provisioning/runtime_thread_git_skills_link.sh.j2", {
+            skills_root: shellQuote(cloneRootDirectory),
+            codex_skills_root: shellQuote(codexSkillsDirectory),
+            skill_blocks: skillBlocks,
+        });
+    }
+    renderAgentMetadataScript(user, files) {
+        const metadataRoot = (0, node_path_1.join)(user.agentHomeDirectory, ".companyhelm", "agent");
+        const fileBlocks = files.map((file) => {
+            const filePath = (0, node_path_1.join)(metadataRoot, file.filename);
+            return [
+                `FILE_PATH=${shellQuote(filePath)}`,
+                `FILE_CONTENT=${shellQuote(file.content)}`,
+                'printf \'%s\' "$FILE_CONTENT" > "$FILE_PATH"',
+                'chmod 0600 "$FILE_PATH"',
+            ].join("\n");
+        }).join("\n\n");
+        return this.templateRenderer.render("provisioning/runtime_agent_metadata.sh.j2", {
+            agent_home: shellQuote(user.agentHomeDirectory),
+            metadata_root: shellQuote(metadataRoot),
+            file_blocks: fileBlocks,
+        });
+    }
+}
+exports.RuntimeProvisioningScriptRenderer = RuntimeProvisioningScriptRenderer;

package/dist/provisioning/runtime_provisioning/system_prompt.js

@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RuntimeSystemPromptRenderer = void 0;
+exports.renderRuntimeSystemPrompt = renderRuntimeSystemPrompt;
+exports.buildCodexDeveloperInstructions = buildCodexDeveloperInstructions;
+const template_renderer_js_1 = require("../template_renderer.js");
+function normalizeAdditionalInstructions(value) {
+    if (typeof value !== "string") {
+        return null;
+    }
+    const trimmed = value.trim();
+    return trimmed.length > 0 ? trimmed : null;
+}
+class RuntimeSystemPromptRenderer {
+    constructor(templateRenderer = new template_renderer_js_1.TemplateRenderer()) {
+        this.templateRenderer = templateRenderer;
+    }
+    render(options) {
+        const context = {
+            home_directory: options.homeDirectory,
+            agent_api_url: options.agentApiUrl,
+            agent_token: options.agentToken,
+        };
+        const common = this.templateRenderer.render("system_prompts/common.md.j2", context).trim();
+        const workspaceSpecificTemplate = options.workspaceMode === "dedicated"
+            ? "system_prompts/dedicated_workspace.md.j2"
+            : "system_prompts/shared_workspace.md.j2";
+        const workspaceSpecific = this.templateRenderer.render(workspaceSpecificTemplate, context).trim();
+        return `${common}\n\n${workspaceSpecific}\n`;
+    }
+}
+exports.RuntimeSystemPromptRenderer = RuntimeSystemPromptRenderer;
+function renderRuntimeSystemPrompt(options) {
+    return new RuntimeSystemPromptRenderer().render(options);
+}
+function buildCodexDeveloperInstructions(additionalInstructions, options) {
+    const systemPrompt = renderRuntimeSystemPrompt(options).trimEnd();
+    const normalizedAdditionalInstructions = normalizeAdditionalInstructions(additionalInstructions);
+    if (!normalizedAdditionalInstructions) {
+        return `${systemPrompt}\n`;
+    }
+    return `${systemPrompt}\n\n${normalizedAdditionalInstructions}\n`;
+}

package/dist/provisioning/template_renderer.js

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TemplateRenderer = void 0;
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+class TemplateRenderer {
+    resolveTemplatePath(relativePath) {
+        const distRelativePath = (0, node_path_1.join)(__dirname, "..", "templates", relativePath);
+        if ((0, node_fs_1.existsSync)(distRelativePath)) {
+            return distRelativePath;
+        }
+        const sourceRelativePath = (0, node_path_1.join)(__dirname, "..", "..", "src", "templates", relativePath);
+        if ((0, node_fs_1.existsSync)(sourceRelativePath)) {
+            return sourceRelativePath;
+        }
+        throw new Error(`Template was not found at ${distRelativePath} or ${sourceRelativePath}`);
+    }
+    render(relativePath, context) {
+        const template = (0, node_fs_1.readFileSync)(this.resolveTemplatePath(relativePath), "utf8");
+        return template.replace(/{{\s*([a-zA-Z0-9_]+)\s*}}/g, (_match, key) => {
+            const value = context[key];
+            if (value === undefined) {
+                throw new Error(`Missing template value for key '${key}' in '${relativePath}'`);
+            }
+            return value;
+        });
+    }
+}
+exports.TemplateRenderer = TemplateRenderer;

package/dist/service/docker/app_server_container.js

@@ -110,6 +110,13 @@ class AppServerContainerService {
     static isRecord(value) {
         return typeof value === "object" && value !== null;
     }
+    static isRemoteManifestUnknown(error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return /manifest\s+for .* not found|manifest unknown/i.test(message);
+    }
+    static buildRemoteManifestUnknownError(image) {
+        return new Error(`Docker image '${image}' is not available remotely yet. The Docker build/push may still be running. Wait for the image publish to finish, or set runtime_image to an available tag, then retry.`);
+    }
     async pullImage(image) {
         let lastReportedProgressBucket = -1;
         const layerProgress = new Map();
@@ -186,7 +193,15 @@ class AppServerContainerService {
             }
         }
         this.reportImageStatus(`Docker image '${image}' not found locally. Pulling remotely.`);
-        await this.pullImage(image);
+        try {
+            await this.pullImage(image);
+        }
+        catch (error) {
+            if (AppServerContainerService.isRemoteManifestUnknown(error)) {
+                throw AppServerContainerService.buildRemoteManifestUnknownError(image);
+            }
+            throw error;
+        }
         this.reportImageStatus(`Docker image '${image}' is ready.`);
     }
     async start() {

package/dist/service/sdk/refresh_models.js

@@ -11,7 +11,15 @@ const app_server_container_js_1 = require("../docker/app_server_container.js");
 function toErrorMessage(error) {
     return error instanceof Error ? error.message : String(error);
 }
+function isRuntimeImageUnavailable(error) {
+    const message = toErrorMessage(error);
+    return /manifest\s+for .* not found|manifest unknown/i.test(message);
+}
 function formatSdkModelRefreshFailure(sdk, error) {
+    if (isRuntimeImageUnavailable(error)) {
+        return (`Failed to refresh ${sdk} models from the local Codex app-server: ${toErrorMessage(error)}. ` +
+            "The configured runner image is not available from Docker yet. The Docker build/push may still be running. Wait for the image publish to finish or set runtime_image to an available tag, then retry.");
+    }
     return (`Failed to refresh ${sdk} models from the local Codex app-server: ${toErrorMessage(error)}. ` +
         "Verify the runner image can start Codex app-server with valid auth, then retry.");
 }