@corbat-tech/coco 2.36.0 → 2.37.0

package/dist/index.js

@@ -1,12 +1,13 @@
 import { Logger } from 'tslog';
 import * as fs4 from 'fs';
-import fs4__default, { readFileSync, mkdirSync, appendFileSync, writeFileSync, constants } from 'fs';
+import fs4__default, { readFileSync, mkdirSync, appendFileSync, writeFileSync, renameSync, constants } from 'fs';
 import * as path17 from 'path';
 import path17__default, { dirname, join, basename, resolve } from 'path';
 import * as fs16 from 'fs/promises';
-import fs16__default, { access, readFile, readdir, writeFile, mkdir, rm } from 'fs/promises';
+import fs16__default, { access, readFile, readdir, writeFile, mkdir } from 'fs/promises';
 import { randomUUID, randomBytes, createHash } from 'crypto';
 import * as http from 'http';
+import { createServer } from 'http';
 import { fileURLToPath, URL as URL$1 } from 'url';
 import { exec, execFile, execSync, execFileSync, spawn } from 'child_process';
 import { setGlobalDispatcher, EnvHttpProxyAgent } from 'undici';
@@ -10607,16 +10608,16 @@ var QualityEvaluator = class {
    * Find source files in project, adapting to the detected language stack.
    */
   async findSourceFiles() {
-    const { access: access14 } = await import('fs/promises');
-    const { join: join20 } = await import('path');
+    const { access: access13 } = await import('fs/promises');
+    const { join: join19 } = await import('path');
     let isJava = false;
     try {
-      await access14(join20(this.projectPath, "pom.xml"));
+      await access13(join19(this.projectPath, "pom.xml"));
       isJava = true;
     } catch {
       for (const f of ["build.gradle", "build.gradle.kts"]) {
         try {
-          await access14(join20(this.projectPath, f));
+          await access13(join19(this.projectPath, f));
           isJava = true;
           break;
         } catch {
@@ -20352,300 +20353,6 @@ function getAgentManager() {
   return agentManagerInstance;
 }
 
-// src/cli/repl/modes.ts
-var AGENT_MODES = {
-  ask: {
-    id: "ask",
-    label: "Ask",
-    description: "Answer questions and explain code without modifying files.",
-    readOnly: true,
-    preferredTools: ["read_file", "grep", "glob", "codebase_map", "lsp_definition"],
-    requiresVerification: false
-  },
-  plan: {
-    id: "plan",
-    label: "Plan",
-    description: "Explore and produce an implementation plan with read-only tools.",
-    readOnly: true,
-    preferredTools: ["read_file", "grep", "glob", "codebase_map", "lsp_workspace_symbols"],
-    requiresVerification: false
-  },
-  build: {
-    id: "build",
-    label: "Build",
-    description: "Implement code changes and verify them.",
-    readOnly: false,
-    preferredTools: ["read_file", "edit_file", "write_file", "bash_exec", "run_tests"],
-    requiresVerification: true
-  },
-  debug: {
-    id: "debug",
-    label: "Debug",
-    description: "Reproduce failures, trace root cause, patch, and verify.",
-    readOnly: false,
-    preferredTools: ["bash_exec", "read_file", "grep", "lsp_references", "edit_file"],
-    requiresVerification: true
-  },
-  review: {
-    id: "review",
-    label: "Review",
-    description: "Inspect code quality, security, behavior changes, and test gaps.",
-    readOnly: true,
-    preferredTools: ["git_diff", "read_file", "grep", "review_code", "calculate_quality"],
-    requiresVerification: false
-  },
-  architect: {
-    id: "architect",
-    label: "Architect",
-    description: "Design architecture and split work for architect/editor execution.",
-    readOnly: true,
-    preferredTools: ["codebase_map", "lsp_workspace_symbols", "grep", "create_agent_plan"],
-    requiresVerification: false
-  }
-};
-function getAgentMode(mode) {
-  return AGENT_MODES[mode];
-}
-function listAgentModes() {
-  return Object.values(AGENT_MODES);
-}
-
-// src/cli/repl/sessions/storage.ts
-init_paths();
-var DEFAULT_CONFIG2 = {
-  storageDir: CONFIG_PATHS.sessions,
-  autoSaveInterval: 3e4,
-  maxSessionsPerProject: 20,
-  compressOldSessions: false
-};
-var SessionStore = class {
-  config;
-  initialized = false;
-  constructor(config = {}) {
-    this.config = { ...DEFAULT_CONFIG2, ...config };
-  }
-  async ensureInitialized() {
-    if (this.initialized) return;
-    await mkdir(this.config.storageDir, { recursive: true });
-    this.initialized = true;
-  }
-  getSessionFiles(sessionId) {
-    const sessionDir = this.getSessionDir(sessionId);
-    return {
-      metadata: join(sessionDir, "metadata.json"),
-      conversation: join(sessionDir, "conversation.jsonl"),
-      context: join(sessionDir, "context.json")
-    };
-  }
-  getSessionDir(sessionId) {
-    return join(this.config.storageDir, sessionId);
-  }
-  async exists(sessionId) {
-    try {
-      const files = this.getSessionFiles(sessionId);
-      await access(files.metadata);
-      return true;
-    } catch {
-      return false;
-    }
-  }
-  async save(session) {
-    await this.ensureInitialized();
-    const files = this.getSessionFiles(session.id);
-    const sessionDir = this.getSessionDir(session.id);
-    await mkdir(sessionDir, { recursive: true });
-    const metadata = {
-      id: session.id,
-      projectPath: session.projectPath,
-      startedAt: session.startedAt,
-      lastSavedAt: /* @__PURE__ */ new Date(),
-      config: session.config,
-      messageCount: session.messages.length,
-      totalTokens: this.calculateTokens(session),
-      title: this.generateTitle(session),
-      status: "active"
-    };
-    await writeFile(files.metadata, JSON.stringify(metadata, null, 2), "utf-8");
-    const conversationLines = session.messages.map((msg) => {
-      const serialized = {
-        role: msg.role,
-        content: msg.content,
-        timestamp: (/* @__PURE__ */ new Date()).toISOString()
-      };
-      return JSON.stringify(serialized);
-    });
-    await writeFile(files.conversation, conversationLines.join("\n"), "utf-8");
-    const context = {
-      tokenUsage: this.calculateTokens(session)
-    };
-    await writeFile(files.context, JSON.stringify(context, null, 2), "utf-8");
-  }
-  async load(sessionId) {
-    await this.ensureInitialized();
-    const files = this.getSessionFiles(sessionId);
-    try {
-      const metadataContent = await readFile(files.metadata, "utf-8");
-      const metadata = JSON.parse(metadataContent);
-      const conversationContent = await readFile(files.conversation, "utf-8");
-      const messages = conversationContent.split("\n").filter((line) => line.trim()).map((line) => {
-        const parsed = JSON.parse(line);
-        return {
-          role: parsed.role,
-          content: parsed.content
-        };
-      });
-      const session = {
-        id: metadata.id,
-        startedAt: new Date(metadata.startedAt),
-        messages,
-        projectPath: metadata.projectPath,
-        config: metadata.config,
-        trustedTools: /* @__PURE__ */ new Set()
-      };
-      return session;
-    } catch {
-      return null;
-    }
-  }
-  async listSessions(projectPath) {
-    await this.ensureInitialized();
-    const sessions = [];
-    try {
-      const entries = await readdir(this.config.storageDir, {
-        withFileTypes: true
-      });
-      for (const entry of entries) {
-        if (!entry.isDirectory()) continue;
-        const metadataPath = join(this.config.storageDir, entry.name, "metadata.json");
-        try {
-          const content = await readFile(metadataPath, "utf-8");
-          const metadata = JSON.parse(content);
-          metadata.startedAt = new Date(metadata.startedAt);
-          metadata.lastSavedAt = new Date(metadata.lastSavedAt);
-          if (!projectPath || metadata.projectPath === projectPath) {
-            sessions.push(metadata);
-          }
-        } catch {
-          continue;
-        }
-      }
-    } catch {
-      return [];
-    }
-    sessions.sort((a, b) => new Date(b.lastSavedAt).getTime() - new Date(a.lastSavedAt).getTime());
-    return sessions;
-  }
-  async delete(sessionId) {
-    await this.ensureInitialized();
-    const sessionDir = this.getSessionDir(sessionId);
-    try {
-      await rm(sessionDir, { recursive: true, force: true });
-      return true;
-    } catch {
-      return false;
-    }
-  }
-  async getMostRecent(projectPath) {
-    const sessions = await this.listSessions(projectPath);
-    return sessions[0] ?? null;
-  }
-  /**
-   * Append messages to an existing session's conversation file
-   * Creates the file if it doesn't exist
-   * @param sessionId - The session ID
-   * @param messages - Messages to append
-   */
-  async appendMessages(sessionId, messages) {
-    await this.ensureInitialized();
-    const files = this.getSessionFiles(sessionId);
-    const sessionDir = this.getSessionDir(sessionId);
-    await mkdir(sessionDir, { recursive: true });
-    const newLines = messages.map((msg) => {
-      const serialized = {
-        role: msg.role,
-        content: msg.content,
-        timestamp: (/* @__PURE__ */ new Date()).toISOString()
-      };
-      return JSON.stringify(serialized);
-    });
-    let existingContent = "";
-    try {
-      existingContent = await readFile(files.conversation, "utf-8");
-      if (existingContent && !existingContent.endsWith("\n")) {
-        existingContent += "\n";
-      }
-    } catch {
-    }
-    await writeFile(files.conversation, existingContent + newLines.join("\n"), "utf-8");
-  }
-  /**
-   * Prune old sessions to keep storage manageable
-   * Keeps the most recent maxSessionsPerProject sessions per project
-   * @param projectPath - Optional project path to prune (prunes all if not specified)
-   * @returns Number of sessions deleted
-   */
-  async pruneOldSessions(projectPath) {
-    await this.ensureInitialized();
-    const allSessions = await this.listSessions();
-    const sessionsByProject = /* @__PURE__ */ new Map();
-    for (const session of allSessions) {
-      if (projectPath && session.projectPath !== projectPath) {
-        continue;
-      }
-      const existing = sessionsByProject.get(session.projectPath) ?? [];
-      existing.push(session);
-      sessionsByProject.set(session.projectPath, existing);
-    }
-    let deletedCount = 0;
-    for (const [, sessions] of sessionsByProject) {
-      const sessionsToDelete = sessions.slice(this.config.maxSessionsPerProject);
-      for (const session of sessionsToDelete) {
-        const deleted = await this.delete(session.id);
-        if (deleted) {
-          deletedCount++;
-        }
-      }
-    }
-    return deletedCount;
-  }
-  calculateTokens(session) {
-    if (session.contextManager) {
-      const stats = session.contextManager.getUsageStats();
-      return {
-        input: stats.used,
-        output: 0
-      };
-    }
-    let input = 0;
-    let output = 0;
-    for (const msg of session.messages) {
-      const content = typeof msg.content === "string" ? msg.content : JSON.stringify(msg.content);
-      const tokens = Math.ceil(content.length / 4);
-      if (msg.role === "user") {
-        input += tokens;
-      } else {
-        output += tokens;
-      }
-    }
-    return { input, output };
-  }
-  generateTitle(session) {
-    for (const msg of session.messages) {
-      if (msg.role === "user" && typeof msg.content === "string") {
-        const content = msg.content.trim();
-        if (content.length > 10) {
-          const firstLine = content.split("\n")[0] ?? content;
-          return firstLine.length > 50 ? firstLine.slice(0, 47) + "..." : firstLine;
-        }
-      }
-    }
-    return "Untitled session";
-  }
-};
-function createSessionStore(config) {
-  return new SessionStore(config);
-}
-
 // src/runtime/agent-runtime.ts
 init_env();
 init_errors();
@@ -31415,7 +31122,7 @@ var HTTPTransport = class {
 
 // src/mcp/transport/sse.ts
 init_errors2();
-var DEFAULT_CONFIG3 = {
+var DEFAULT_CONFIG2 = {
   initialReconnectDelay: 1e3,
   maxReconnectDelay: 3e4,
   maxReconnectAttempts: 10
@@ -31431,7 +31138,7 @@ var SSETransport = class {
   errorHandler = null;
   closeHandler = null;
   constructor(config) {
-    this.config = { ...DEFAULT_CONFIG3, ...config };
+    this.config = { ...DEFAULT_CONFIG2, ...config };
   }
   /**
    * Connect to the SSE endpoint
@@ -32397,6 +32104,100 @@ function createFullToolRegistry() {
   registerAllTools(registry);
   return registry;
 }
+
+// src/runtime/agent-modes.ts
+var AGENT_MODES = {
+  ask: {
+    id: "ask",
+    label: "Ask",
+    description: "Answer questions and explain code without modifying files.",
+    readOnly: true,
+    preferredTools: ["read_file", "grep", "glob", "codebase_map", "lsp_definition"],
+    requiresVerification: false
+  },
+  plan: {
+    id: "plan",
+    label: "Plan",
+    description: "Explore and produce an implementation plan with read-only tools.",
+    readOnly: true,
+    preferredTools: ["read_file", "grep", "glob", "codebase_map", "lsp_workspace_symbols"],
+    requiresVerification: false
+  },
+  build: {
+    id: "build",
+    label: "Build",
+    description: "Implement code changes and verify them.",
+    readOnly: false,
+    preferredTools: ["read_file", "edit_file", "write_file", "bash_exec", "run_tests"],
+    requiresVerification: true
+  },
+  debug: {
+    id: "debug",
+    label: "Debug",
+    description: "Reproduce failures, trace root cause, patch, and verify.",
+    readOnly: false,
+    preferredTools: ["bash_exec", "read_file", "grep", "lsp_references", "edit_file"],
+    requiresVerification: true
+  },
+  review: {
+    id: "review",
+    label: "Review",
+    description: "Inspect code quality, security, behavior changes, and test gaps.",
+    readOnly: true,
+    preferredTools: ["git_diff", "read_file", "grep", "review_code", "calculate_quality"],
+    requiresVerification: false
+  },
+  architect: {
+    id: "architect",
+    label: "Architect",
+    description: "Design architecture and split work for architect/editor execution.",
+    readOnly: true,
+    preferredTools: ["codebase_map", "lsp_workspace_symbols", "grep", "create_agent_plan"],
+    requiresVerification: false
+  }
+};
+function getAgentMode(mode) {
+  return AGENT_MODES[mode];
+}
+function listAgentModes() {
+  return Object.values(AGENT_MODES);
+}
+function isAgentMode(value) {
+  return value in AGENT_MODES;
+}
+
+// src/runtime/default-turn-runner.ts
+var DefaultRuntimeTurnRunner = class {
+  async run(input, context) {
+    const messages = [
+      ...context.session.messages,
+      {
+        role: "user",
+        content: input.content
+      }
+    ];
+    const response = await context.provider.chat(messages, {
+      model: input.options?.model,
+      maxTokens: input.options?.maxTokens,
+      temperature: input.options?.temperature,
+      stopSequences: input.options?.stopSequences,
+      system: context.session.instructions ?? input.options?.system,
+      timeout: input.options?.timeout,
+      signal: input.options?.signal,
+      thinking: input.options?.thinking
+    });
+    return {
+      sessionId: context.session.id,
+      content: response.content,
+      usage: response.usage,
+      model: response.model,
+      mode: context.session.mode
+    };
+  }
+};
+function createDefaultRuntimeTurnRunner() {
+  return new DefaultRuntimeTurnRunner();
+}
 var InMemoryEventLog = class {
   events = [];
   record(type, data = {}) {
@@ -32548,6 +32349,22 @@ var DefaultPermissionPolicy = class {
     }
     return { allowed: true, risk };
   }
+  canExecuteToolInput(mode, tool, input) {
+    if (tool.name !== "run_linter") {
+      return this.canExecuteTool(mode, tool);
+    }
+    const definition = getAgentMode(mode);
+    const fixEnabled = input["fix"] === true;
+    const decision = fixEnabled ? { allowed: true, risk: "write" } : { allowed: true, risk: "read-only" };
+    if (definition.readOnly && fixEnabled) {
+      return {
+        allowed: false,
+        reason: `${definition.label} mode is read-only; run_linter with fix=true can modify files.`,
+        risk: "write"
+      };
+    }
+    return decision;
+  }
 };
 function createPermissionPolicy() {
   return new DefaultPermissionPolicy();
@@ -32587,108 +32404,135 @@ var ProviderRegistry = class {
 function createProviderRegistry() {
   return new ProviderRegistry();
 }
-
-// src/runtime/agent-runtime.ts
-var AgentRuntime = class {
-  constructor(options) {
-    this.options = options;
-    this.providerRegistry = createProviderRegistry();
-    this.toolRegistry = options.toolRegistry ?? createFullToolRegistry();
-    this.sessionStore = options.sessionStore ?? createSessionStore({});
-    this.permissionPolicy = options.permissionPolicy ?? createPermissionPolicy();
-    this.eventLog = options.eventLog ?? (options.eventLogPath ? createFileEventLog(options.eventLogPath) : createEventLog());
-    this.providerType = options.providerType;
-    this.model = options.model ?? options.providerConfig?.model ?? getDefaultModel(options.providerType);
+function createSessionId() {
+  return `rt_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 10)}`;
+}
+function cloneSession(session) {
+  return structuredClone(session);
+}
+var InMemoryRuntimeSessionStore = class {
+  sessions = /* @__PURE__ */ new Map();
+  create(options = {}) {
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const session = {
+      id: options.id ?? createSessionId(),
+      createdAt: now,
+      updatedAt: now,
+      mode: options.mode ?? "ask",
+      messages: options.messages ? options.messages.map((message) => ({ ...message })) : [],
+      instructions: options.instructions,
+      metadata: { ...options.metadata }
+    };
+    this.sessions.set(session.id, cloneSession(session));
+    return cloneSession(session);
   }
-  options;
-  providerRegistry;
-  toolRegistry;
-  sessionStore;
-  permissionPolicy;
-  eventLog;
-  providerType;
-  model;
-  async initialize() {
-    const providerInjected = Boolean(this.options.provider);
-    const provider = this.options.provider ?? await this.providerRegistry.createProvider(this.providerType, {
-      ...this.options.providerConfig,
-      model: this.getModel()
-    });
-    this.publishToGlobalBridge(provider);
-    this.eventLog.record(providerInjected ? "provider.attached" : "provider.created", {
-      provider: this.providerType,
-      model: this.getModel(),
-      createdByRuntime: !providerInjected
-    });
-    this.eventLog.record("runtime.initialized", { snapshot: this.snapshot() });
+  get(id) {
+    const session = this.sessions.get(id);
+    return session ? cloneSession(session) : void 0;
+  }
+  update(session) {
+    const updated = {
+      ...session,
+      updatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      messages: session.messages.map((message) => ({ ...message })),
+      metadata: { ...session.metadata }
+    };
+    this.sessions.set(updated.id, cloneSession(updated));
+    return cloneSession(updated);
   }
-  getModel() {
-    return this.model;
+  list() {
+    return [...this.sessions.values()].map(cloneSession);
   }
-  updateProvider(providerType, model2, provider) {
-    this.providerType = providerType;
-    this.model = model2 ?? getDefaultModel(providerType);
-    this.publishToGlobalBridge(provider);
-    this.eventLog.record("provider.updated", {
-      provider: this.providerType,
-      model: this.model
-    });
+  delete(id) {
+    return this.sessions.delete(id);
   }
-  publishToGlobalBridge(provider) {
-    if (this.options.publishToGlobalBridge !== true) return;
-    setAgentProvider(provider);
-    setAgentToolRegistry(this.toolRegistry);
+};
+var FileRuntimeSessionStore = class {
+  constructor(filePath) {
+    this.filePath = filePath;
+    mkdirSync(dirname(filePath), { recursive: true });
+    this.sessions = this.readSessionsFromDisk();
   }
-  snapshot() {
-    const capability = this.providerRegistry.getCapability(this.providerType, this.getModel());
-    const toolNames = this.toolRegistry.getAll().map((tool) => tool.name).sort();
-    return {
-      provider: {
-        type: this.providerType,
-        model: this.getModel(),
-        capability
-      },
-      tools: {
-        count: toolNames.length,
-        names: toolNames
-      },
-      modes: listAgentModes()
+  filePath;
+  sessions = /* @__PURE__ */ new Map();
+  create(options = {}) {
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const session = {
+      id: options.id ?? createSessionId(),
+      createdAt: now,
+      updatedAt: now,
+      mode: options.mode ?? "ask",
+      messages: options.messages ? options.messages.map((message) => ({ ...message })) : [],
+      instructions: options.instructions,
+      metadata: { ...options.metadata }
     };
+    const sessions = this.readSessionsFromDisk();
+    sessions.set(session.id, cloneSession(session));
+    this.sessions = sessions;
+    this.persist(sessions);
+    return cloneSession(session);
   }
-  assertToolAllowed(mode, toolName) {
-    const tool = this.toolRegistry.get(toolName);
-    if (!tool) {
-      this.eventLog.record("tool.blocked", {
-        mode,
-        tool: toolName,
-        reason: "Tool not registered."
-      });
-      return false;
+  get(id) {
+    this.sessions = this.readSessionsFromDisk();
+    const session = this.sessions.get(id);
+    return session ? cloneSession(session) : void 0;
+  }
+  update(session) {
+    const updated = {
+      ...session,
+      updatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      messages: session.messages.map((message) => ({ ...message })),
+      metadata: { ...session.metadata }
+    };
+    const sessions = this.readSessionsFromDisk();
+    sessions.set(updated.id, cloneSession(updated));
+    this.sessions = sessions;
+    this.persist(sessions);
+    return cloneSession(updated);
+  }
+  list() {
+    this.sessions = this.readSessionsFromDisk();
+    return [...this.sessions.values()].map(cloneSession);
+  }
+  delete(id) {
+    const sessions = this.readSessionsFromDisk();
+    const deleted = sessions.delete(id);
+    this.sessions = sessions;
+    if (deleted) this.persist(sessions);
+    return deleted;
+  }
+  readSessionsFromDisk() {
+    let raw;
+    try {
+      raw = readFileSync(this.filePath, "utf-8");
+    } catch (error) {
+      if (error && typeof error === "object" && "code" in error && error.code === "ENOENT") {
+        return /* @__PURE__ */ new Map();
+      }
+      throw error;
     }
-    const decision = this.permissionPolicy.canExecuteTool(mode, tool);
-    this.eventLog.record(decision.allowed ? "tool.allowed" : "tool.blocked", {
-      mode,
-      tool: toolName,
-      ...decision
-    });
-    return decision.allowed;
+    if (!raw.trim()) return /* @__PURE__ */ new Map();
+    const parsed = JSON.parse(raw);
+    if (parsed.version !== 1 || !Array.isArray(parsed.sessions)) {
+      throw new Error(`Unsupported runtime session store format: ${this.filePath}`);
+    }
+    return new Map(parsed.sessions.map((session) => [session.id, cloneSession(session)]));
+  }
+  persist(sessions) {
+    const payload = {
+      version: 1,
+      sessions: [...sessions.values()].map(cloneSession)
+    };
+    const tempPath = `${this.filePath}.${randomUUID()}.tmp`;
+    writeFileSync(tempPath, JSON.stringify(payload, null, 2) + "\n", "utf-8");
+    renameSync(tempPath, this.filePath);
   }
 };
-async function createAgentRuntime(options) {
-  const runtime = new AgentRuntime(options);
-  await runtime.initialize();
-  return runtime;
+function createRuntimeSessionStore() {
+  return new InMemoryRuntimeSessionStore();
 }
-
-// src/runtime/extension-manifests.ts
-function createMcpToolPolicy(server, tool, risk, allowedModes = ["ask", "plan", "build", "debug", "review", "architect"]) {
-  return {
-    server,
-    tool,
-    risk,
-    requiresConfirmation: risk === "destructive" || risk === "secrets-sensitive",
-    allowedModes
-  };
+function createFileRuntimeSessionStore(filePath) {
+  return new FileRuntimeSessionStore(filePath);
 }
 
 // src/runtime/workflow-registry.ts
@@ -32883,11 +32727,572 @@ function createWorkflowRegistry(workflows) {
   return createWorkflowCatalog(workflows);
 }
 
+// src/runtime/workflow-engine.ts
+var WorkflowEngine = class {
+  constructor(catalog = createWorkflowCatalog(), eventLog = createEventLog()) {
+    this.catalog = catalog;
+    this.eventLog = eventLog;
+  }
+  catalog;
+  eventLog;
+  handlers = /* @__PURE__ */ new Map();
+  registerHandler(workflowId, handler) {
+    if (!this.catalog.get(workflowId)) {
+      throw new Error(`Unknown workflow: ${workflowId}`);
+    }
+    this.handlers.set(workflowId, handler);
+  }
+  createPlan(workflowId, input) {
+    return this.catalog.createPlan(workflowId, input, this.eventLog);
+  }
+  async run(request) {
+    const workflow = this.catalog.get(request.workflowId);
+    if (!workflow) {
+      throw new Error(`Unknown workflow: ${request.workflowId}`);
+    }
+    const handler = this.handlers.get(request.workflowId);
+    if (!handler) {
+      throw new Error(`No handler registered for workflow: ${request.workflowId}`);
+    }
+    const plan = request.plan ?? this.createPlan(request.workflowId, request.input);
+    const startedAt = (/* @__PURE__ */ new Date()).toISOString();
+    const runId = `${request.workflowId}-run-${Date.now().toString(36)}`;
+    this.eventLog.record("workflow.started", {
+      workflowId: request.workflowId,
+      planId: plan.id,
+      runId
+    });
+    try {
+      const output = await handler(request.input, {
+        workflow,
+        plan,
+        eventLog: this.eventLog
+      });
+      const completedAt = (/* @__PURE__ */ new Date()).toISOString();
+      const result = {
+        id: runId,
+        workflowId: request.workflowId,
+        status: "completed",
+        output,
+        startedAt,
+        completedAt
+      };
+      this.eventLog.record("workflow.completed", {
+        workflowId: request.workflowId,
+        planId: plan.id,
+        runId
+      });
+      return result;
+    } catch (error) {
+      const completedAt = (/* @__PURE__ */ new Date()).toISOString();
+      const message = error instanceof Error ? error.message : String(error);
+      this.eventLog.record("workflow.failed", {
+        workflowId: request.workflowId,
+        planId: plan.id,
+        runId,
+        error: message
+      });
+      return {
+        id: runId,
+        workflowId: request.workflowId,
+        status: "failed",
+        output: null,
+        startedAt,
+        completedAt,
+        error: message
+      };
+    }
+  }
+};
+function createWorkflowEngine(catalog, eventLog) {
+  return new WorkflowEngine(catalog, eventLog);
+}
+
+// src/runtime/agent-runtime.ts
+var AgentRuntime = class {
+  constructor(options) {
+    this.options = options;
+    this.providerRegistry = createProviderRegistry();
+    this.toolRegistry = options.toolRegistry ?? createFullToolRegistry();
+    this.sessionStore = options.sessionStore;
+    this.runtimeSessionStore = options.runtimeSessionStore ?? createRuntimeSessionStore();
+    this.eventLog = options.eventLog ?? (options.eventLogPath ? createFileEventLog(options.eventLogPath) : createEventLog());
+    this.workflowEngine = options.workflowEngine ?? createWorkflowEngine(void 0, this.eventLog);
+    this.permissionPolicy = options.permissionPolicy ?? createPermissionPolicy();
+    this.turnRunner = options.turnRunner ?? createDefaultRuntimeTurnRunner();
+    this.providerType = options.providerType;
+    this.model = options.model ?? options.providerConfig?.model ?? getDefaultModel(options.providerType);
+  }
+  options;
+  providerRegistry;
+  toolRegistry;
+  sessionStore;
+  runtimeSessionStore;
+  workflowEngine;
+  permissionPolicy;
+  eventLog;
+  turnRunner;
+  providerType;
+  model;
+  provider;
+  async initialize() {
+    const providerInjected = Boolean(this.options.provider);
+    const provider = this.options.provider ?? await this.providerRegistry.createProvider(this.providerType, {
+      ...this.options.providerConfig,
+      model: this.getModel()
+    });
+    this.provider = provider;
+    this.publishToGlobalBridge(provider);
+    this.eventLog.record(providerInjected ? "provider.attached" : "provider.created", {
+      provider: this.providerType,
+      model: this.getModel(),
+      createdByRuntime: !providerInjected
+    });
+    this.eventLog.record("runtime.initialized", { snapshot: this.snapshot() });
+  }
+  getModel() {
+    return this.model;
+  }
+  updateProvider(providerType, model2, provider) {
+    this.providerType = providerType;
+    this.model = model2 ?? getDefaultModel(providerType);
+    this.provider = provider;
+    this.publishToGlobalBridge(provider);
+    this.eventLog.record("provider.updated", {
+      provider: this.providerType,
+      model: this.model
+    });
+  }
+  publishToGlobalBridge(provider) {
+    if (this.options.publishToGlobalBridge !== true) return;
+    setAgentProvider(provider);
+    setAgentToolRegistry(this.toolRegistry);
+  }
+  snapshot() {
+    const capability = this.providerRegistry.getCapability(this.providerType, this.getModel());
+    const toolNames = this.toolRegistry.getAll().map((tool) => tool.name).sort();
+    return {
+      provider: {
+        type: this.providerType,
+        model: this.getModel(),
+        capability
+      },
+      tools: {
+        count: toolNames.length,
+        names: toolNames
+      },
+      modes: listAgentModes()
+    };
+  }
+  createSession(options = {}) {
+    const session = this.runtimeSessionStore.create(options);
+    this.eventLog.record("session.created", {
+      sessionId: session.id,
+      mode: session.mode,
+      metadataKeys: Object.keys(session.metadata).sort()
+    });
+    return session;
+  }
+  getSession(sessionId) {
+    return this.runtimeSessionStore.get(sessionId);
+  }
+  listSessions() {
+    return this.runtimeSessionStore.list();
+  }
+  async runTurn(input) {
+    const provider = this.provider;
+    if (!provider) {
+      throw new Error("Runtime provider is not initialized.");
+    }
+    const session = input.sessionId ? this.runtimeSessionStore.get(input.sessionId) : this.createSession({ mode: input.mode, metadata: input.metadata });
+    if (!session) {
+      throw new Error(`Runtime session not found: ${input.sessionId}`);
+    }
+    const effectiveSession = input.mode && input.mode !== session.mode ? { ...session, mode: input.mode } : session;
+    this.eventLog.record("turn.started", {
+      sessionId: effectiveSession.id,
+      provider: this.providerType,
+      model: this.getModel(),
+      mode: effectiveSession.mode,
+      runtimeApi: true
+    });
+    try {
+      const result = await this.turnRunner.run(input, {
+        runtime: this,
+        session: effectiveSession,
+        provider,
+        toolRegistry: this.toolRegistry,
+        permissionPolicy: this.permissionPolicy,
+        eventLog: this.eventLog
+      });
+      const updatedSession = this.runtimeSessionStore.update({
+        ...effectiveSession,
+        messages: [
+          ...effectiveSession.messages,
+          { role: "user", content: input.content },
+          { role: "assistant", content: result.content }
+        ]
+      });
+      this.eventLog.record("session.updated", {
+        sessionId: updatedSession.id,
+        messages: updatedSession.messages.length
+      });
+      this.eventLog.record("turn.completed", {
+        sessionId: updatedSession.id,
+        inputTokens: result.usage.inputTokens,
+        outputTokens: result.usage.outputTokens,
+        model: result.model,
+        runtimeApi: true
+      });
+      return { ...result, sessionId: updatedSession.id, mode: updatedSession.mode };
+    } catch (error) {
+      this.eventLog.record("turn.failed", {
+        sessionId: effectiveSession.id,
+        error: error instanceof Error ? error.message : String(error),
+        runtimeApi: true
+      });
+      throw error;
+    }
+  }
+  async *streamTurn(input) {
+    const provider = this.provider;
+    if (!provider) {
+      throw new Error("Runtime provider is not initialized.");
+    }
+    const session = input.sessionId ? this.runtimeSessionStore.get(input.sessionId) : this.createSession({ mode: input.mode, metadata: input.metadata });
+    if (!session) {
+      throw new Error(`Runtime session not found: ${input.sessionId}`);
+    }
+    const effectiveSession = input.mode && input.mode !== session.mode ? { ...session, mode: input.mode } : session;
+    const messages = [
+      ...effectiveSession.messages,
+      {
+        role: "user",
+        content: input.content
+      }
+    ];
+    this.eventLog.record("turn.started", {
+      sessionId: effectiveSession.id,
+      provider: this.providerType,
+      model: this.getModel(),
+      mode: effectiveSession.mode,
+      streaming: true,
+      runtimeApi: true
+    });
+    let content = "";
+    let completed = false;
+    let failed = false;
+    try {
+      for await (const chunk of provider.stream(messages, {
+        model: input.options?.model,
+        maxTokens: input.options?.maxTokens,
+        temperature: input.options?.temperature,
+        stopSequences: input.options?.stopSequences,
+        system: effectiveSession.instructions ?? input.options?.system,
+        timeout: input.options?.timeout,
+        signal: input.options?.signal,
+        thinking: input.options?.thinking
+      })) {
+        if (chunk.type === "text" && chunk.text) {
+          content += chunk.text;
+          yield {
+            type: "text",
+            sessionId: effectiveSession.id,
+            text: chunk.text
+          };
+        }
+      }
+      const updatedSession = this.runtimeSessionStore.update({
+        ...effectiveSession,
+        messages: [
+          ...effectiveSession.messages,
+          { role: "user", content: input.content },
+          { role: "assistant", content }
+        ]
+      });
+      const result = {
+        sessionId: updatedSession.id,
+        content,
+        usage: {
+          inputTokens: provider.countTokens(input.content),
+          outputTokens: provider.countTokens(content),
+          estimated: true
+        },
+        model: input.options?.model ?? this.getModel(),
+        mode: updatedSession.mode
+      };
+      this.eventLog.record("session.updated", {
+        sessionId: updatedSession.id,
+        messages: updatedSession.messages.length
+      });
+      this.eventLog.record("turn.completed", {
+        sessionId: updatedSession.id,
+        inputTokens: result.usage.inputTokens,
+        outputTokens: result.usage.outputTokens,
+        model: result.model,
+        streaming: true,
+        runtimeApi: true
+      });
+      completed = true;
+      yield { type: "done", sessionId: updatedSession.id, result };
+    } catch (error) {
+      failed = true;
+      const message = error instanceof Error ? error.message : String(error);
+      this.eventLog.record("turn.failed", {
+        sessionId: effectiveSession.id,
+        error: message,
+        streaming: true,
+        runtimeApi: true
+      });
+      yield {
+        type: "error",
+        sessionId: effectiveSession.id,
+        error: message
+      };
+    } finally {
+      if (!completed && !failed) {
+        this.eventLog.record("turn.cancelled", {
+          sessionId: effectiveSession.id,
+          outputTokens: provider.countTokens(content),
+          streaming: true,
+          runtimeApi: true
+        });
+      }
+    }
+  }
+  async executeTool(input) {
+    const startedAt = performance.now();
+    const session = input.sessionId ? this.getSession(input.sessionId) : void 0;
+    if (input.sessionId && !session) {
+      const decision2 = {
+        allowed: false,
+        reason: `Runtime session not found: ${input.sessionId}`,
+        risk: "read-only"
+      };
+      this.eventLog.record("tool.blocked", {
+        sessionId: input.sessionId,
+        mode: input.mode ?? "ask",
+        tool: input.toolName,
+        reason: decision2.reason,
+        runtimeApi: true
+      });
+      return {
+        toolName: input.toolName,
+        success: false,
+        error: decision2.reason,
+        duration: performance.now() - startedAt,
+        decision: decision2
+      };
+    }
+    const mode = input.mode ?? session?.mode ?? "ask";
+    const tool = this.toolRegistry.get(input.toolName);
+    if (!tool) {
+      const decision2 = {
+        allowed: false,
+        reason: "Tool not registered.",
+        risk: "read-only"
+      };
+      this.eventLog.record("tool.blocked", {
+        sessionId: input.sessionId,
+        mode,
+        tool: input.toolName,
+        reason: decision2.reason,
+        runtimeApi: true
+      });
+      return {
+        toolName: input.toolName,
+        success: false,
+        error: decision2.reason,
+        duration: performance.now() - startedAt,
+        decision: decision2
+      };
+    }
+    const decision = this.permissionPolicy.canExecuteToolInput ? this.permissionPolicy.canExecuteToolInput(mode, tool, input.input) : this.permissionPolicy.canExecuteTool(mode, tool);
+    if (!decision.allowed || decision.requiresConfirmation && input.confirmed !== true) {
+      const reason = decision.reason ?? (decision.requiresConfirmation ? "Tool requires explicit runtime confirmation." : "Tool is not allowed.");
+      this.eventLog.record("tool.blocked", {
+        sessionId: input.sessionId,
+        mode,
+        tool: input.toolName,
+        reason,
+        risk: decision.risk,
+        requiresConfirmation: decision.requiresConfirmation,
+        runtimeApi: true
+      });
+      return {
+        toolName: input.toolName,
+        success: false,
+        error: reason,
+        duration: performance.now() - startedAt,
+        decision
+      };
+    }
+    this.eventLog.record("tool.started", {
+      sessionId: input.sessionId,
+      mode,
+      tool: input.toolName,
+      risk: decision.risk,
+      runtimeApi: true,
+      metadataKeys: Object.keys(input.metadata ?? {}).sort()
+    });
+    const result = await this.toolRegistry.execute(input.toolName, input.input);
+    this.eventLog.record("tool.completed", {
+      sessionId: input.sessionId,
+      mode,
+      tool: input.toolName,
+      success: result.success,
+      duration: result.duration,
+      runtimeApi: true
+    });
+    return {
+      toolName: input.toolName,
+      success: result.success,
+      output: result.data,
+      error: result.error,
+      duration: result.duration,
+      decision
+    };
+  }
+  assertToolAllowed(mode, toolName, input) {
+    const tool = this.toolRegistry.get(toolName);
+    if (!tool) {
+      this.eventLog.record("tool.blocked", {
+        mode,
+        tool: toolName,
+        reason: "Tool not registered."
+      });
+      return false;
+    }
+    const decision = input && this.permissionPolicy.canExecuteToolInput ? this.permissionPolicy.canExecuteToolInput(mode, tool, input) : this.permissionPolicy.canExecuteTool(mode, tool);
+    this.eventLog.record(decision.allowed ? "tool.allowed" : "tool.blocked", {
+      mode,
+      tool: toolName,
+      ...decision
+    });
+    return decision.allowed;
+  }
+};
+async function createAgentRuntime(options) {
+  const runtime = new AgentRuntime(options);
+  await runtime.initialize();
+  return runtime;
+}
+var HttpRequestError = class extends Error {
+  constructor(message, status) {
+    super(message);
+    this.status = status;
+  }
+  status;
+};
+async function readJsonBody(request, maxBodyBytes) {
+  const chunks = [];
+  let size = 0;
+  for await (const chunk of request) {
+    const buffer = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);
+    size += buffer.length;
+    if (size > maxBodyBytes) {
+      throw new HttpRequestError(`Request body exceeds ${maxBodyBytes} bytes.`, 413);
+    }
+    chunks.push(buffer);
+  }
+  const raw = Buffer.concat(chunks).toString("utf-8").trim();
+  try {
+    return raw ? JSON.parse(raw) : {};
+  } catch {
+    throw new HttpRequestError("Invalid JSON request body.", 400);
+  }
+}
+function sendJson(response, status, body) {
+  response.statusCode = status;
+  response.setHeader("content-type", "application/json; charset=utf-8");
+  response.end(JSON.stringify(body, null, 2));
+}
+function notFound(response) {
+  sendJson(response, 404, { error: "Not found" });
+}
+function assertValidMode(mode) {
+  if (mode === void 0) return void 0;
+  if (typeof mode === "string" && isAgentMode(mode)) return mode;
+  throw new HttpRequestError("Invalid runtime mode.", 400);
+}
+function createRuntimeHttpServer(runtime, options = {}) {
+  const maxBodyBytes = options.maxBodyBytes ?? 1024 * 1024;
+  return createServer(async (request, response) => {
+    try {
+      const url = new URL(request.url ?? "/", "http://localhost");
+      const parts = url.pathname.split("/").filter(Boolean);
+      if (request.method === "POST" && url.pathname === "/sessions") {
+        const body = await readJsonBody(request, maxBodyBytes);
+        const session = runtime.createSession({
+          mode: assertValidMode(body.mode),
+          instructions: body.instructions,
+          metadata: body.metadata
+        });
+        sendJson(response, 201, session);
+        return;
+      }
+      if (request.method === "GET" && parts[0] === "sessions" && parts[1] && parts.length === 2) {
+        const session = runtime.getSession(parts[1]);
+        if (!session) {
+          notFound(response);
+          return;
+        }
+        sendJson(response, 200, session);
+        return;
+      }
+      if (request.method === "POST" && parts[0] === "sessions" && parts[1] && parts[2] === "messages") {
+        const body = await readJsonBody(request, maxBodyBytes);
+        if (!body.content || typeof body.content !== "string") {
+          sendJson(response, 400, { error: "content is required" });
+          return;
+        }
+        if (!runtime.getSession(parts[1])) {
+          notFound(response);
+          return;
+        }
+        const result = await runtime.runTurn({
+          ...body,
+          mode: assertValidMode(body.mode),
+          sessionId: parts[1]
+        });
+        sendJson(response, 200, result);
+        return;
+      }
+      if (request.method === "GET" && parts[0] === "sessions" && parts[1] && parts[2] === "events") {
+        const events = runtime.eventLog.list().filter((event) => event.data["sessionId"] === parts[1]);
+        sendJson(response, 200, { events });
+        return;
+      }
+      if (request.method === "GET" && url.pathname === "/state") {
+        sendJson(response, 200, runtime.snapshot());
+        return;
+      }
+      notFound(response);
+    } catch (error) {
+      const status = error instanceof HttpRequestError ? error.status : 500;
+      sendJson(response, status, {
+        error: error instanceof Error ? error.message : String(error)
+      });
+    }
+  });
+}
+
+// src/runtime/extension-manifests.ts
+function createMcpToolPolicy(server, tool, risk, allowedModes = ["ask", "plan", "build", "debug", "review", "architect"]) {
+  return {
+    server,
+    tool,
+    risk,
+    requiresConfirmation: risk === "destructive" || risk === "secrets-sensitive",
+    allowedModes
+  };
+}
+
 // src/index.ts
 init_errors();
 init_logger();
 init_proxy();
 
-export { ADRGenerator, AgentRuntime, AnthropicProvider, ArchitectureGenerator, BacklogGenerator, CICDGenerator, CocoError, CodeGenerator, CodeReviewer, CompleteExecutor, ConfigError, ConvergeExecutor, DEFAULT_WORKFLOWS, DefaultPermissionPolicy, DiscoveryEngine, DockerGenerator, DocsGenerator, FileEventLog, InMemoryEventLog, OrchestrateExecutor, OutputExecutor, PhaseError, ProviderRegistry, SessionManager, SpecificationGenerator, TaskError, TaskIterator, ToolRegistry, VERSION, WorkflowCatalog, WorkflowRegistry, configExists, createADRGenerator, createAgentRuntime, createAnthropicProvider, createArchitectureGenerator, createBacklogGenerator, createCICDGenerator, createCodeGenerator, createCodeReviewer, createCompleteExecutor, createConvergeExecutor, createDefaultConfig, createDiscoveryEngine, createDockerGenerator, createDocsGenerator, createEventLog, createFileEventLog, createFullToolRegistry, createLogger, createMcpToolPolicy, createOrchestrateExecutor, createOrchestrator, createOutputExecutor, createPermissionPolicy, createProvider, createProviderRegistry, createSessionManager, createSpecificationGenerator, createTaskIterator, createToolRegistry, createWorkflowCatalog, createWorkflowRegistry, installProxyDispatcher, loadConfig, registerAllTools, saveConfig };
+export { ADRGenerator, AGENT_MODES, AgentRuntime, AnthropicProvider, ArchitectureGenerator, BacklogGenerator, CICDGenerator, CocoError, CodeGenerator, CodeReviewer, CompleteExecutor, ConfigError, ConvergeExecutor, DEFAULT_WORKFLOWS, DefaultPermissionPolicy, DefaultRuntimeTurnRunner, DiscoveryEngine, DockerGenerator, DocsGenerator, FileEventLog, FileRuntimeSessionStore, InMemoryEventLog, InMemoryRuntimeSessionStore, OrchestrateExecutor, OutputExecutor, PhaseError, ProviderRegistry, SessionManager, SpecificationGenerator, TaskError, TaskIterator, ToolRegistry, VERSION, WorkflowCatalog, WorkflowEngine, WorkflowRegistry, configExists, createADRGenerator, createAgentRuntime, createAnthropicProvider, createArchitectureGenerator, createBacklogGenerator, createCICDGenerator, createCodeGenerator, createCodeReviewer, createCompleteExecutor, createConvergeExecutor, createDefaultConfig, createDefaultRuntimeTurnRunner, createDiscoveryEngine, createDockerGenerator, createDocsGenerator, createEventLog, createFileEventLog, createFileRuntimeSessionStore, createFullToolRegistry, createLogger, createMcpToolPolicy, createOrchestrateExecutor, createOrchestrator, createOutputExecutor, createPermissionPolicy, createProvider, createProviderRegistry, createRuntimeHttpServer, createRuntimeSessionStore, createSessionManager, createSpecificationGenerator, createTaskIterator, createToolRegistry, createWorkflowCatalog, createWorkflowEngine, createWorkflowRegistry, getAgentMode, installProxyDispatcher, isAgentMode, listAgentModes, loadConfig, registerAllTools, saveConfig };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map