@companyhelm/runner 0.1.1 → 0.2.0

package/dist/commands/runner/common.js

@@ -6,12 +6,14 @@ function addRunnerStartOptions(command) {
     return command
         .option("--config-path <path>", global_options_js_1.CONFIG_PATH_OPTION_DESCRIPTION)
         .option("--server-url <url>", "CompanyHelm gRPC API URL override.")
-        .option("--agent-api-url <url>", "Agent gRPC API URL for companyhelm-agent in runtime containers (localhost is rewritten to http://host.docker.internal).")
+        .option("--agent-api-url <url>", "Agent REST API base URL for runtime containers (localhost is rewritten to http://host.docker.internal).")
+        .option("--workspace-path <path>", "Shared host workspace mounted at /workspace (defaults to the current working directory).")
         .option("--secret <secret>", "Bearer secret used as gRPC Authorization header.")
         .option("--state-db-path <path>", "State database path override (defaults to state.db under the active config directory).")
         .option("--log-path <path>", "Daemon log file override.")
         .option("--use-host-docker-runtime", "Mount host Docker socket into runtime containers instead of creating DinD sidecars.")
         .option("--use-dedicated-auth", "Preserve existing dedicated Codex auth if already configured; otherwise keep Codex unconfigured on startup.")
+        .option("--use-dedicated-workspaces", "Create per-thread dedicated workspaces under the configured workspaces directory.")
         .option("--host-docker-path <path>", "Host Docker endpoint when --use-host-docker-runtime is enabled (unix:///<socket-path> or tcp://localhost:<port>).")
         .option("--thread-git-skills-directory <path>", "Container path where thread git skill repositories are cloned before linking into ~/.codex/skills.")
         .option("-d, --daemon", "Run in daemon mode and fail fast when no SDK is configured.")

package/dist/commands/runner/start.js

@@ -15,6 +15,9 @@ async function runRunnerStartCommand(options) {
                 onDaemonReady: () => {
                     (0, root_js_1.sendDaemonParentMessage)({ type: "daemon-ready" });
                 },
+                onDaemonProgress: (message) => {
+                    (0, root_js_1.sendDaemonParentMessage)({ type: "daemon-progress", message });
+                },
             }
             : undefined);
     }

package/dist/config.js

@@ -53,6 +53,12 @@ exports.config = zod_1.z.object({
     config_directory: zod_1.z.string()
         .describe("The directory where the config files are stored.")
         .default(resolveConfigDirectoryDefault),
+    workspace_path: zod_1.z.string()
+        .describe("Shared workspace directory mounted at /workspace when dedicated workspaces are disabled.")
+        .default(() => process.cwd()),
+    use_dedicated_workspaces: zod_1.z.boolean()
+        .describe("When true, create per-thread dedicated workspaces under workspaces_directory.")
+        .default(false),
     workspaces_directory: zod_1.z.string()
         .describe("The directory where thread workspaces are stored, relative to config_directory when not absolute.")
         .default("workspaces"),
@@ -63,8 +69,8 @@ exports.config = zod_1.z.object({
         .describe("CompanyHelm control plane gRPC endpoint URL.")
         .default("https://api.companyhelm.com:50051"),
     agent_api_url: zod_1.z.string()
-        .describe("CompanyHelm AgentTaskService gRPC endpoint URL used by companyhelm-agent inside runtime threads.")
-        .default("https://api.companyhelm.com:50052"),
+        .describe("CompanyHelm agent REST API base URL used inside runtime threads.")
+        .default("https://api.companyhelm.com/agent/v1"),
     // Max outbound gRPC client messages to hold while the command channel is disconnected.
     client_message_buffer_limit: zod_1.z.number()
         .int()

package/dist/preflight/check.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/preflight/checks/linux/apparmor_restrict_unprivileged_userns_check.js

@@ -0,0 +1,96 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LinuxApparmorRestrictUnprivilegedUsernsCheck = void 0;
+const promises_1 = require("node:fs/promises");
+const node_child_process_1 = require("node:child_process");
+const APPARMOR_SYSCTL_KEY = "kernel.apparmor_restrict_unprivileged_userns";
+const UNPRIVILEGED_USERNS_SYSCTL_KEY = "kernel.unprivileged_userns_clone";
+const USER_NAMESPACE_LIMIT_SYSCTL_KEY = "user.max_user_namespaces";
+function isRootlessDindImage(image) {
+    return image.toLowerCase().includes("rootless");
+}
+async function defaultReadSysctlValue(key) {
+    const path = `/proc/sys/${key.replace(/\./g, "/")}`;
+    try {
+        return (await (0, promises_1.readFile)(path, "utf8")).trim();
+    }
+    catch (error) {
+        if (error && typeof error === "object" && "code" in error && error.code === "ENOENT") {
+            return null;
+        }
+        throw error;
+    }
+}
+async function defaultRunShellCommand(command) {
+    await new Promise((resolve, reject) => {
+        const child = (0, node_child_process_1.spawn)("bash", ["-lc", command], { stdio: "inherit" });
+        child.on("error", reject);
+        child.on("exit", (code, signal) => {
+            if (code === 0) {
+                resolve();
+                return;
+            }
+            reject(new Error(`Command failed (${signal ?? code ?? "unknown"}): ${command}`));
+        });
+    });
+}
+class LinuxApparmorRestrictUnprivilegedUsernsCheck {
+    constructor(cfg, dependencies = {}) {
+        this.cfg = cfg;
+        this.id = "linux.apparmor_restrict_unprivileged_userns";
+        this.description = "Verify Linux AppArmor permits unprivileged user namespaces for rootless DinD.";
+        this.platform = dependencies.platform ?? process.platform;
+        this.readSysctlValue = dependencies.readSysctlValue ?? defaultReadSysctlValue;
+        this.runShellCommand = dependencies.runShellCommand ?? defaultRunShellCommand;
+    }
+    async run() {
+        if (!this.isApplicable()) {
+            return {
+                status: "skipped",
+                summary: "Check only applies to Linux rootless DinD setups.",
+                fixAvailable: false,
+            };
+        }
+        const apparmorRestriction = await this.readSysctlValue(APPARMOR_SYSCTL_KEY);
+        if (apparmorRestriction === "1") {
+            const [userNamespaceClone, userNamespaceLimit] = await Promise.all([
+                this.readSysctlValue(UNPRIVILEGED_USERNS_SYSCTL_KEY),
+                this.readSysctlValue(USER_NAMESPACE_LIMIT_SYSCTL_KEY),
+            ]);
+            return {
+                status: "failed",
+                summary: `${APPARMOR_SYSCTL_KEY}=1 blocks rootless DinD on this Linux host ` +
+                    `(kernel.unprivileged_userns_clone=${userNamespaceClone ?? "unknown"}, ` +
+                    `user.max_user_namespaces=${userNamespaceLimit ?? "unknown"}).`,
+                fixAvailable: true,
+            };
+        }
+        return {
+            status: "passed",
+            summary: "Linux host is compatible with rootless DinD.",
+            fixAvailable: false,
+        };
+    }
+    async fix() {
+        if (!this.isApplicable()) {
+            return {
+                status: "skipped",
+                summary: "Check only applies to Linux rootless DinD setups.",
+            };
+        }
+        await this.runShellCommand("sudo tee /etc/sysctl.d/99-companyhelm-rootless.conf >/dev/null <<'EOF'\n" +
+            "kernel.unprivileged_userns_clone = 1\n" +
+            "user.max_user_namespaces = 28633\n" +
+            "kernel.apparmor_restrict_unprivileged_userns = 0\n" +
+            "EOF");
+        await this.runShellCommand("sudo sysctl --system");
+        return {
+            status: "fixed",
+            summary: "Updated Linux sysctl configuration for rootless DinD.",
+        };
+    }
+    isApplicable() {
+        return this.platform === "linux" && !this.cfg.use_host_docker_runtime && isRootlessDindImage(this.cfg.dind_image);
+    }
+}
+exports.LinuxApparmorRestrictUnprivilegedUsernsCheck = LinuxApparmorRestrictUnprivilegedUsernsCheck;

package/dist/preflight/entrypoints.js

@@ -0,0 +1,53 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RUNNER_STARTUP_PREFLIGHT_SKIP_ENV = void 0;
+exports.createRunnerPreflight = createRunnerPreflight;
+exports.runRunnerPreflight = runRunnerPreflight;
+exports.formatRunnerPreflightSummary = formatRunnerPreflightSummary;
+exports.ensureRunnerStartupPreflight = ensureRunnerStartupPreflight;
+const apparmor_restrict_unprivileged_userns_check_js_1 = require("./checks/linux/apparmor_restrict_unprivileged_userns_check.js");
+const runner_preflight_js_1 = require("./runner_preflight.js");
+exports.RUNNER_STARTUP_PREFLIGHT_SKIP_ENV = "COMPANYHELM_SKIP_RUNNER_STARTUP_PREFLIGHT";
+function renderPreflightStatusLabel(status) {
+    if (status === "passed") {
+        return "PASS";
+    }
+    if (status === "failed") {
+        return "FAIL";
+    }
+    return "SKIP";
+}
+function createRunnerPreflight(cfg, overrides = {}) {
+    return new runner_preflight_js_1.RunnerPreflight([
+        new apparmor_restrict_unprivileged_userns_check_js_1.LinuxApparmorRestrictUnprivilegedUsernsCheck(cfg, overrides),
+    ]);
+}
+async function runRunnerPreflight(options, overrides = {}) {
+    return await createRunnerPreflight(options.cfg, overrides).run({ applyFixes: options.applyFixes });
+}
+function formatRunnerPreflightSummary(summary) {
+    const lines = [`Preflight status: ${summary.passed ? "passed" : "failed"}`];
+    if (summary.results.length === 0) {
+        lines.push("No applicable preflight checks.");
+        return lines.join("\n");
+    }
+    for (const result of summary.results) {
+        lines.push(`[${renderPreflightStatusLabel(result.status)}] ${result.id}: ${result.summary}`);
+    }
+    return lines.join("\n");
+}
+function shouldSkipRunnerStartupPreflight() {
+    const value = process.env[exports.RUNNER_STARTUP_PREFLIGHT_SKIP_ENV]?.trim().toLowerCase();
+    return value === "1" || value === "true";
+}
+async function ensureRunnerStartupPreflight(cfg, overrides = {}) {
+    if (shouldSkipRunnerStartupPreflight()) {
+        return;
+    }
+    const summary = await runRunnerPreflight({ cfg }, overrides);
+    if (summary.passed) {
+        return;
+    }
+    throw new Error(`${formatRunnerPreflightSummary(summary)}\n` +
+        "Run `companyhelm-runner doctor` for details or `companyhelm-runner doctor fix` to try automatic fixes.");
+}

package/dist/preflight/runner_preflight.js

@@ -0,0 +1,56 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RunnerPreflight = void 0;
+function toErrorMessage(error) {
+    return error instanceof Error ? error.message : String(error);
+}
+class RunnerPreflight {
+    constructor(checks) {
+        this.checks = checks;
+    }
+    async run(options = {}) {
+        const results = [];
+        for (const check of this.checks) {
+            results.push(await this.runCheck(check, options.applyFixes === true));
+        }
+        return {
+            passed: results.every((result) => result.status !== "failed"),
+            results,
+        };
+    }
+    async runCheck(check, applyFixes) {
+        let result = await this.safeRun(check);
+        if (applyFixes && result.status === "failed" && result.fixAvailable) {
+            try {
+                await check.fix();
+            }
+            catch (error) {
+                return {
+                    ...result,
+                    id: check.id,
+                    description: check.description,
+                    summary: `${result.summary} Fix attempt failed: ${toErrorMessage(error)}`,
+                };
+            }
+            result = await this.safeRun(check);
+        }
+        return {
+            ...result,
+            id: check.id,
+            description: check.description,
+        };
+    }
+    async safeRun(check) {
+        try {
+            return await check.run();
+        }
+        catch (error) {
+            return {
+                status: "failed",
+                summary: `Check execution failed: ${toErrorMessage(error)}`,
+                fixAvailable: false,
+            };
+        }
+    }
+}
+exports.RunnerPreflight = RunnerPreflight;

package/dist/provisioning/host_provisioning/thread_metadata_store.js

@@ -0,0 +1,249 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ThreadMetadataStore = void 0;
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const thread_workspace_provisioner_js_1 = require("./thread_workspace_provisioner.js");
+const THREAD_GIT_SKILLS_CONFIG_FILENAME = "thread-git-skills.json";
+const THREAD_MCP_CONFIG_FILENAME = "thread-mcp.json";
+function toErrorMessage(error) {
+    return error instanceof Error ? error.message : String(error);
+}
+function normalizeNonEmptyString(value) {
+    if (typeof value !== "string") {
+        return null;
+    }
+    const trimmed = value.trim();
+    return trimmed.length > 0 ? trimmed : null;
+}
+function isRecord(value) {
+    return typeof value === "object" && value !== null;
+}
+function isHttpsRepositoryUrl(value) {
+    try {
+        const parsed = new URL(value);
+        return parsed.protocol === "https:";
+    }
+    catch {
+        return false;
+    }
+}
+function normalizeThreadGitSkillDirectoryPath(value) {
+    const trimmed = value.trim();
+    if (!trimmed || trimmed.startsWith("/") || trimmed.includes("\\")) {
+        return null;
+    }
+    const segments = trimmed.split("/").map((segment) => segment.trim()).filter((segment) => segment.length > 0);
+    if (segments.length === 0 || segments.some((segment) => segment === "." || segment === "..")) {
+        return null;
+    }
+    return segments.join("/");
+}
+function parseThreadMcpConfig(content) {
+    if (!isRecord(content) || !Array.isArray(content.servers)) {
+        return null;
+    }
+    const parsedServers = [];
+    for (const rawServer of content.servers) {
+        if (!isRecord(rawServer)) {
+            return null;
+        }
+        const name = normalizeNonEmptyString(rawServer.name);
+        const transport = rawServer.transport;
+        const authType = rawServer.authType;
+        if (!name ||
+            (transport !== "stdio" && transport !== "streamable_http") ||
+            (authType !== "none" && authType !== "bearer_token")) {
+            return null;
+        }
+        const args = Array.isArray(rawServer.args) && rawServer.args.every((arg) => typeof arg === "string")
+            ? rawServer.args
+            : [];
+        const envVars = Array.isArray(rawServer.envVars)
+            ? rawServer.envVars
+                .filter((entry) => isRecord(entry))
+                .map((entry) => ({
+                key: normalizeNonEmptyString(entry.key) ?? "",
+                value: typeof entry.value === "string" ? entry.value : "",
+            }))
+                .filter((entry) => entry.key.length > 0)
+            : [];
+        const headers = Array.isArray(rawServer.headers)
+            ? rawServer.headers
+                .filter((entry) => isRecord(entry))
+                .map((entry) => ({
+                key: normalizeNonEmptyString(entry.key) ?? "",
+                value: typeof entry.value === "string" ? entry.value : "",
+            }))
+                .filter((entry) => entry.key.length > 0)
+            : [];
+        if (transport === "stdio") {
+            const command = normalizeNonEmptyString(rawServer.command);
+            if (!command) {
+                return null;
+            }
+            parsedServers.push({
+                name,
+                transport,
+                command,
+                args,
+                envVars,
+                authType,
+                headers: [],
+            });
+            continue;
+        }
+        const url = normalizeNonEmptyString(rawServer.url);
+        const bearerToken = authType === "bearer_token"
+            ? normalizeNonEmptyString(rawServer.bearerToken)
+            : null;
+        if (!url || (authType === "bearer_token" && !bearerToken)) {
+            return null;
+        }
+        parsedServers.push({
+            name,
+            transport,
+            args: [],
+            envVars: [],
+            url,
+            authType,
+            bearerToken,
+            headers,
+        });
+    }
+    return parsedServers;
+}
+function parseThreadGitSkillsConfig(content) {
+    if (!isRecord(content) || !Array.isArray(content.packages)) {
+        return null;
+    }
+    const parsedPackages = [];
+    for (const rawPackage of content.packages) {
+        if (!isRecord(rawPackage)) {
+            return null;
+        }
+        const repositoryUrl = normalizeNonEmptyString(rawPackage.repositoryUrl);
+        const commitReference = normalizeNonEmptyString(rawPackage.commitReference);
+        const checkoutDirectoryName = normalizeNonEmptyString(rawPackage.checkoutDirectoryName);
+        const rawSkills = rawPackage.skills;
+        if (!repositoryUrl ||
+            !isHttpsRepositoryUrl(repositoryUrl) ||
+            !commitReference ||
+            !checkoutDirectoryName ||
+            checkoutDirectoryName.includes("/") ||
+            checkoutDirectoryName.includes("\\") ||
+            !Array.isArray(rawSkills)) {
+            return null;
+        }
+        const parsedSkills = [];
+        for (const rawSkill of rawSkills) {
+            if (!isRecord(rawSkill)) {
+                return null;
+            }
+            const directoryPath = normalizeThreadGitSkillDirectoryPath(normalizeNonEmptyString(rawSkill.directoryPath) ?? "");
+            const linkName = normalizeNonEmptyString(rawSkill.linkName);
+            if (!directoryPath ||
+                !linkName ||
+                linkName.includes("/") ||
+                linkName.includes("\\") ||
+                linkName.trim() === "." ||
+                linkName.trim() === "..") {
+                return null;
+            }
+            parsedSkills.push({ directoryPath, linkName });
+        }
+        if (parsedSkills.length === 0) {
+            continue;
+        }
+        parsedPackages.push({
+            repositoryUrl,
+            commitReference,
+            checkoutDirectoryName,
+            skills: parsedSkills,
+        });
+    }
+    return parsedPackages;
+}
+class ThreadMetadataStore {
+    constructor(configDirectory, logger) {
+        this.configDirectory = configDirectory;
+        this.logger = logger;
+    }
+    resolveThreadMetadataPath(threadId, filename) {
+        return (0, node_path_1.join)((0, thread_workspace_provisioner_js_1.resolveThreadMetadataDirectory)(this.configDirectory, threadId), filename);
+    }
+    writeJsonFile(threadId, filename, payload) {
+        const filePath = this.resolveThreadMetadataPath(threadId, filename);
+        const directoryPath = (0, thread_workspace_provisioner_js_1.resolveThreadMetadataDirectory)(this.configDirectory, threadId);
+        const temporaryPath = `${filePath}.tmp`;
+        try {
+            (0, node_fs_1.mkdirSync)(directoryPath, { recursive: true });
+            (0, node_fs_1.writeFileSync)(temporaryPath, `${JSON.stringify(payload, null, 2)}\n`, "utf8");
+            (0, node_fs_1.renameSync)(temporaryPath, filePath);
+        }
+        catch (error) {
+            this.logger.warn(`Failed writing thread metadata at '${filePath}': ${toErrorMessage(error)}`);
+        }
+    }
+    removeFile(threadId, filename) {
+        const filePath = this.resolveThreadMetadataPath(threadId, filename);
+        (0, node_fs_1.rmSync)(filePath, { force: true });
+        (0, node_fs_1.rmSync)(`${filePath}.tmp`, { force: true });
+    }
+    writeThreadMcpConfig(threadId, mcpServers) {
+        if (mcpServers.length === 0) {
+            this.removeFile(threadId, THREAD_MCP_CONFIG_FILENAME);
+            return;
+        }
+        this.writeJsonFile(threadId, THREAD_MCP_CONFIG_FILENAME, { servers: mcpServers });
+    }
+    readThreadMcpConfig(threadId) {
+        const filePath = this.resolveThreadMetadataPath(threadId, THREAD_MCP_CONFIG_FILENAME);
+        try {
+            const parsed = JSON.parse((0, node_fs_1.readFileSync)(filePath, "utf8"));
+            const mcpServers = parseThreadMcpConfig(parsed);
+            if (!mcpServers) {
+                this.logger.warn(`Thread MCP config has invalid shape at '${filePath}'.`);
+                return [];
+            }
+            return mcpServers;
+        }
+        catch (error) {
+            if (error && typeof error === "object" && "code" in error && error.code === "ENOENT") {
+                return [];
+            }
+            this.logger.warn(`Failed reading thread MCP config at '${filePath}': ${toErrorMessage(error)}`);
+            return [];
+        }
+    }
+    writeThreadGitSkillsConfig(threadId, gitSkillPackages) {
+        if (gitSkillPackages.length === 0) {
+            this.removeFile(threadId, THREAD_GIT_SKILLS_CONFIG_FILENAME);
+            return;
+        }
+        this.writeJsonFile(threadId, THREAD_GIT_SKILLS_CONFIG_FILENAME, { packages: gitSkillPackages });
+    }
+    readThreadGitSkillsConfig(threadId) {
+        const filePath = this.resolveThreadMetadataPath(threadId, THREAD_GIT_SKILLS_CONFIG_FILENAME);
+        try {
+            const parsed = JSON.parse((0, node_fs_1.readFileSync)(filePath, "utf8"));
+            const packages = parseThreadGitSkillsConfig(parsed);
+            if (!packages) {
+                this.logger.warn(`Thread git skills config has invalid shape at '${filePath}'.`);
+                return [];
+            }
+            return packages;
+        }
+        catch (error) {
+            if (error && typeof error === "object" && "code" in error && error.code === "ENOENT") {
+                return [];
+            }
+            this.logger.warn(`Failed reading thread git skills config at '${filePath}': ${toErrorMessage(error)}`);
+            return [];
+        }
+    }
+    removeThreadMetadata(threadId) {
+        (0, node_fs_1.rmSync)((0, thread_workspace_provisioner_js_1.resolveThreadMetadataDirectory)(this.configDirectory, threadId), { recursive: true, force: true });
+    }
+}
+exports.ThreadMetadataStore = ThreadMetadataStore;

package/dist/provisioning/host_provisioning/thread_metadata_types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/provisioning/host_provisioning/thread_workspace_provisioner.js

@@ -0,0 +1,57 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ThreadWorkspaceProvisioner = void 0;
+exports.resolveThreadWorkspaceDirectory = resolveThreadWorkspaceDirectory;
+exports.resolveThreadMetadataDirectory = resolveThreadMetadataDirectory;
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const path_js_1 = require("../../utils/path.js");
+const thread_lifecycle_js_1 = require("../../service/thread_lifecycle.js");
+function resolveSharedWorkspacePath(workspacePath) {
+    const expandedWorkspacePath = (0, path_js_1.expandHome)(workspacePath);
+    if ((0, node_path_1.isAbsolute)(expandedWorkspacePath)) {
+        return expandedWorkspacePath;
+    }
+    return (0, node_path_1.resolve)(process.cwd(), expandedWorkspacePath);
+}
+function resolveThreadWorkspaceDirectory(options) {
+    if (options.useDedicatedWorkspaces) {
+        return (0, thread_lifecycle_js_1.resolveThreadDirectory)(options.configDirectory, options.workspacesDirectory, options.threadId);
+    }
+    return resolveSharedWorkspacePath(options.workspacePath);
+}
+function resolveThreadMetadataDirectory(configDirectory, threadId) {
+    return (0, node_path_1.join)((0, path_js_1.expandHome)(configDirectory), "thread-metadata", `thread-${threadId}`);
+}
+class ThreadWorkspaceProvisioner {
+    constructor(configDirectory, workspacesDirectory, workspacePath, useDedicatedWorkspaces) {
+        this.configDirectory = configDirectory;
+        this.workspacesDirectory = workspacesDirectory;
+        this.workspacePath = workspacePath;
+        this.useDedicatedWorkspaces = useDedicatedWorkspaces;
+    }
+    resolveWorkspaceDirectory(threadId) {
+        return resolveThreadWorkspaceDirectory({
+            configDirectory: this.configDirectory,
+            workspacesDirectory: this.workspacesDirectory,
+            workspacePath: this.workspacePath,
+            useDedicatedWorkspaces: this.useDedicatedWorkspaces,
+            threadId,
+        });
+    }
+    ensureWorkspaceDirectory(threadId) {
+        const workspaceDirectory = this.resolveWorkspaceDirectory(threadId);
+        (0, node_fs_1.mkdirSync)(workspaceDirectory, { recursive: true });
+        return workspaceDirectory;
+    }
+    removeWorkspaceDirectory(threadId, workspaceDirectory) {
+        if (!this.useDedicatedWorkspaces) {
+            return;
+        }
+        if (workspaceDirectory !== this.resolveWorkspaceDirectory(threadId)) {
+            return;
+        }
+        (0, node_fs_1.rmSync)(workspaceDirectory, { recursive: true, force: true });
+    }
+}
+exports.ThreadWorkspaceProvisioner = ThreadWorkspaceProvisioner;