@corbat-tech/coco 2.38.0 → 2.40.0

package/dist/cli/index.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { execFileSync, spawn, execSync, execFile, exec } from 'child_process';
+import { execFileSync, execSync, spawn, execFile, exec } from 'child_process';
 import { setGlobalDispatcher, EnvHttpProxyAgent } from 'undici';
 import * as fs5 from 'fs';
 import fs5__default, { accessSync, mkdirSync, appendFileSync, readFileSync, writeFileSync, constants as constants$1 } from 'fs';
@@ -23,7 +23,7 @@ import Anthropic from '@anthropic-ai/sdk';
 import { jsonrepair } from 'jsonrepair';
 import OpenAI from 'openai';
 import { GoogleGenAI, FunctionCallingConfigMode } from '@google/genai';
-import { parse } from 'yaml';
+import { parse as parse$1 } from 'yaml';
 import { minimatch } from 'minimatch';
 import hljs from 'highlight.js/lib/core';
 import bash from 'highlight.js/lib/languages/bash';
@@ -42,7 +42,7 @@ import yaml from 'highlight.js/lib/languages/yaml';
 import { diffLines, diffWords } from 'diff';
 import { glob } from 'glob';
 import { execa } from 'execa';
-import { parse as parse$1 } from '@typescript-eslint/typescript-estree';
+import { parse } from '@typescript-eslint/typescript-estree';
 import { simpleGit } from 'simple-git';
 import { Marked } from 'marked';
 import { markedTerminal } from 'marked-terminal';
@@ -5746,12 +5746,12 @@ var init_openai = __esm({
             ...reasoningEffort && { reasoning_effort: reasoningEffort }
           });
           let streamStopReason;
-          for await (const chunk of stream) {
-            const delta = chunk.choices[0]?.delta;
+          for await (const chunk2 of stream) {
+            const delta = chunk2.choices[0]?.delta;
             if (delta?.content) {
               yield { type: "text", text: delta.content };
             }
-            const finishReason = chunk.choices[0]?.finish_reason;
+            const finishReason = chunk2.choices[0]?.finish_reason;
             if (finishReason) {
               streamStopReason = this.mapFinishReason(finishReason);
             }
@@ -5820,8 +5820,8 @@ var init_openai = __esm({
           });
           try {
             let streamStopReason;
-            for await (const chunk of stream) {
-              const delta = chunk.choices[0]?.delta;
+            for await (const chunk2 of stream) {
+              const delta = chunk2.choices[0]?.delta;
               if (delta?.content || delta?.tool_calls) {
                 lastActivityTime = Date.now();
               }
@@ -5859,7 +5859,7 @@ var init_openai = __esm({
                   }
                 }
               }
-              const finishReason = chunk.choices[0]?.finish_reason;
+              const finishReason = chunk2.choices[0]?.finish_reason;
               if (finishReason) {
                 streamStopReason = this.mapFinishReason(finishReason);
               }
@@ -7591,12 +7591,12 @@ var init_gemini = __esm({
             config: this.buildConfig(messages, options)
           });
           let streamStopReason = "end_turn";
-          for await (const chunk of stream) {
-            const text16 = chunk.text;
+          for await (const chunk2 of stream) {
+            const text16 = chunk2.text;
             if (text16) {
               yield { type: "text", text: text16 };
             }
-            const finishReason = chunk.candidates?.[0]?.finishReason;
+            const finishReason = chunk2.candidates?.[0]?.finishReason;
             if (finishReason) {
               streamStopReason = this.mapFinishReason(finishReason);
             }
@@ -7617,12 +7617,12 @@ var init_gemini = __esm({
           let streamStopReason = "end_turn";
           let fallbackToolCounter = 0;
           const emittedToolIds = /* @__PURE__ */ new Set();
-          for await (const chunk of stream) {
-            const text16 = chunk.text;
+          for await (const chunk2 of stream) {
+            const text16 = chunk2.text;
             if (text16) {
               yield { type: "text", text: text16 };
             }
-            const toolCalls = this.extractToolCalls(chunk, { includeLegacyFunctionCalls: true });
+            const toolCalls = this.extractToolCalls(chunk2, { includeLegacyFunctionCalls: true });
             for (const toolCall of toolCalls) {
               const toolCallId = toolCall.id ?? `gemini_call_${++fallbackToolCounter}`;
               if (emittedToolIds.has(toolCallId)) continue;
@@ -7643,7 +7643,7 @@ var init_gemini = __esm({
                 toolCall: normalizedToolCall
               };
             }
-            const finishReason = chunk.candidates?.[0]?.finishReason;
+            const finishReason = chunk2.candidates?.[0]?.finishReason;
             if (toolCalls.length > 0) {
               streamStopReason = "tool_use";
             } else if (finishReason) {
@@ -8000,8 +8000,8 @@ var init_vertex = __esm({
         this.ensureInitialized();
         const stream = await this.streamGenerateContent(messages, options);
         let stopReason = "end_turn";
-        for await (const chunk of stream) {
-          const candidate = chunk.candidates?.[0];
+        for await (const chunk2 of stream) {
+          const candidate = chunk2.candidates?.[0];
           const parts = candidate?.content?.parts ?? [];
           for (const part of parts) {
             if (part.text) {
@@ -8023,8 +8023,8 @@ var init_vertex = __esm({
         let stopReason = "end_turn";
         let streamToolCallCounter = 0;
         const emittedToolFingerprints = /* @__PURE__ */ new Set();
-        for await (const chunk of stream) {
-          const candidate = chunk.candidates?.[0];
+        for await (const chunk2 of stream) {
+          const candidate = chunk2.candidates?.[0];
           const parts = candidate?.content?.parts ?? [];
           for (const part of parts) {
             if (part.text) {
@@ -8711,8 +8711,8 @@ var init_fallback = __esm({
             continue;
           }
           try {
-            for await (const chunk of provider.stream(messages, options)) {
-              yield chunk;
+            for await (const chunk2 of provider.stream(messages, options)) {
+              yield chunk2;
             }
             breaker.recordSuccess();
             return;
@@ -8735,8 +8735,8 @@ var init_fallback = __esm({
             continue;
           }
           try {
-            for await (const chunk of provider.streamWithTools(messages, options)) {
-              yield chunk;
+            for await (const chunk2 of provider.streamWithTools(messages, options)) {
+              yield chunk2;
             }
             breaker.recordSuccess();
             return;
@@ -9005,9 +9005,9 @@ var init_resilient = __esm({
           }
           let emittedChunk = false;
           try {
-            for await (const chunk of createStream()) {
+            for await (const chunk2 of createStream()) {
               emittedChunk = true;
-              yield chunk;
+              yield chunk2;
             }
             this.breaker.recordSuccess();
             return;
@@ -10061,7 +10061,7 @@ function parseSkillMarkdown(raw) {
   const frontmatter = normalized.slice(3, closeIndex).trim();
   const afterMarkerStart = closeIndex + closeMarker.length;
   const contentStart = normalized[afterMarkerStart] === "\n" ? afterMarkerStart + 1 : afterMarkerStart;
-  const parsed = frontmatter.length > 0 ? parse(frontmatter) : {};
+  const parsed = frontmatter.length > 0 ? parse$1(frontmatter) : {};
   return {
     data: parsed && typeof parsed === "object" ? parsed : {},
     content: normalized.slice(contentStart)
@@ -15465,7 +15465,7 @@ var init_complexity = __esm({
        * Analyze single file
        */
       async analyzeFile(file, content) {
-        const ast = parse$1(content, {
+        const ast = parse(content, {
           loc: true,
           range: true,
           comment: false,
@@ -15516,25 +15516,25 @@ var init_complexity = __esm({
             const lines = content.split("\n");
             totalLines += lines.length;
             for (let i = 0; i <= lines.length - this.minLines; i++) {
-              const chunk = lines.slice(i, i + this.minLines).join("\n").trim();
-              if (chunk.length < 20) continue;
-              if (!chunks.has(chunk)) {
-                chunks.set(chunk, []);
+              const chunk2 = lines.slice(i, i + this.minLines).join("\n").trim();
+              if (chunk2.length < 20) continue;
+              if (!chunks.has(chunk2)) {
+                chunks.set(chunk2, []);
               }
-              chunks.get(chunk).push({ file, line: i + 1 });
+              chunks.get(chunk2).push({ file, line: i + 1 });
             }
           } catch {
           }
         }
         const duplicates = [];
         let duplicateLines = 0;
-        for (const [chunk, locations] of chunks.entries()) {
+        for (const [chunk2, locations] of chunks.entries()) {
           if (locations.length > 1) {
             duplicates.push({
-              lines: chunk.split("\n"),
+              lines: chunk2.split("\n"),
               files: locations
             });
-            duplicateLines += chunk.split("\n").length * (locations.length - 1);
+            duplicateLines += chunk2.split("\n").length * (locations.length - 1);
           }
         }
         const percentage = totalLines > 0 ? duplicateLines / totalLines * 100 : 0;
@@ -16062,7 +16062,7 @@ var init_completeness = __esm({
         for (const file of files) {
           try {
             const content = await readFile(file, "utf-8");
-            const ast = parse$1(content, {
+            const ast = parse(content, {
               loc: true,
               range: true,
               jsx: file.endsWith(".tsx") || file.endsWith(".jsx")
@@ -16275,7 +16275,7 @@ var init_robustness = __esm({
         for (const file of targetFiles) {
           try {
             const content = await readFile(file, "utf-8");
-            const ast = parse$1(content, {
+            const ast = parse(content, {
               loc: true,
               range: true,
               jsx: file.endsWith(".tsx") || file.endsWith(".jsx")
@@ -16568,7 +16568,7 @@ var init_documentation = __esm({
         for (const file of targetFiles) {
           try {
             const content = await readFile(file, "utf-8");
-            const ast = parse$1(content, {
+            const ast = parse(content, {
               loc: true,
               range: true,
               comment: true,
@@ -16946,7 +16946,7 @@ var init_readability = __esm({
         for (const file of targetFiles) {
           try {
             const content = await readFile(file, "utf-8");
-            const ast = parse$1(content, {
+            const ast = parse(content, {
               loc: true,
               range: true,
               jsx: file.endsWith(".tsx") || file.endsWith(".jsx")
@@ -17104,7 +17104,7 @@ var init_maintainability = __esm({
           try {
             const content = await readFile(file, "utf-8");
             const lineCount = countLines(content);
-            const ast = parse$1(content, {
+            const ast = parse(content, {
               loc: true,
               range: true,
               jsx: file.endsWith(".tsx") || file.endsWith(".jsx")
@@ -20749,14 +20749,14 @@ ${message}
           const subprocess = execa(command, options);
           let stdoutBuffer = "";
           let stderrBuffer = "";
-          subprocess.stdout?.on("data", (chunk) => {
-            const text16 = chunk.toString();
+          subprocess.stdout?.on("data", (chunk2) => {
+            const text16 = chunk2.toString();
             stdoutBuffer += text16;
             process.stdout.write(text16);
             heartbeat.activity();
           });
-          subprocess.stderr?.on("data", (chunk) => {
-            const text16 = chunk.toString();
+          subprocess.stderr?.on("data", (chunk2) => {
+            const text16 = chunk2.toString();
             stderrBuffer += text16;
             process.stderr.write(text16);
             heartbeat.activity();
@@ -43226,8 +43226,401 @@ Response format (JSON only, no prose):
   p26.outro("  Spec saved \u2014 starting sprints");
   return spec;
 }
-
-// src/runtime/multi-agent.ts
+var LEGACY_ROLE_MAPPINGS = [
+  { legacy: "explore", role: "researcher", reason: "read-only codebase exploration" },
+  { legacy: "researcher", role: "researcher", reason: "legacy executor role" },
+  { legacy: "plan", role: "planner", reason: "task planning" },
+  { legacy: "planner", role: "planner", reason: "legacy executor role" },
+  { legacy: "architect", role: "architect", reason: "architecture design" },
+  { legacy: "editor", role: "editor", reason: "implementation edits" },
+  { legacy: "debug", role: "coder", reason: "debugging maps to coding capability" },
+  { legacy: "coder", role: "coder", reason: "legacy executor role" },
+  { legacy: "test", role: "tester", reason: "test authoring/execution" },
+  { legacy: "tester", role: "tester", reason: "legacy executor role" },
+  { legacy: "tdd", role: "tester", reason: "test-first implementation" },
+  { legacy: "e2e", role: "tester", reason: "end-to-end testing" },
+  { legacy: "review", role: "reviewer", reason: "code review" },
+  { legacy: "reviewer", role: "reviewer", reason: "legacy executor role" },
+  { legacy: "refactor", role: "optimizer", reason: "structure optimization" },
+  { legacy: "optimizer", role: "optimizer", reason: "legacy executor role" },
+  { legacy: "security", role: "security", reason: "security analysis" },
+  { legacy: "qa", role: "qa", reason: "quality assurance" },
+  { legacy: "integrator", role: "integrator", reason: "integration coordination" },
+  { legacy: "pm", role: "pm", reason: "product/project coordination" },
+  { legacy: "docs", role: "docs", reason: "documentation" },
+  { legacy: "database", role: "database", reason: "database work" }
+];
+var LEGACY_ROLE_MAP = new Map(LEGACY_ROLE_MAPPINGS.map((mapping) => [mapping.legacy, mapping]));
+function mapLegacyAgentRole(legacyRole, fallback = "coder") {
+  return LEGACY_ROLE_MAP.get(legacyRole)?.role ?? fallback;
+}
+function assertProvenance(provenance) {
+  if (!provenance.workflowRunId) {
+    throw new Error("Shared workspace writes require workflowRunId provenance.");
+  }
+}
+function snapshotFromRecords(records, role) {
+  const includeSensitive = role === void 0 || role === "security" || role === "integrator" || role === "pm";
+  const facts = /* @__PURE__ */ new Map();
+  const decisions = /* @__PURE__ */ new Map();
+  const risks = /* @__PURE__ */ new Map();
+  const files = /* @__PURE__ */ new Map();
+  const testResults = /* @__PURE__ */ new Map();
+  const artifacts = [];
+  for (const record of records) {
+    if (!includeSensitive && (record.kind === "risk" || record.provenance.risk === "secrets-sensitive")) {
+      continue;
+    }
+    switch (record.kind) {
+      case "fact":
+        facts.set(record.key, record.value);
+        break;
+      case "decision":
+        decisions.set(record.key, record.value);
+        break;
+      case "risk":
+        risks.set(record.key, record.value);
+        break;
+      case "file":
+        files.set(record.key, record.value);
+        break;
+      case "testResult":
+        testResults.set(record.key, record.value);
+        break;
+      case "artifact":
+        if (isAgentArtifact(record.value)) {
+          if (includeSensitive || record.value.kind !== "riskReport") {
+            artifacts.push(cloneArtifact(record.value));
+          }
+        }
+        break;
+    }
+  }
+  return {
+    facts: Object.fromEntries(facts),
+    decisions: Object.fromEntries(decisions),
+    risks: Object.fromEntries(risks),
+    files: Object.fromEntries(files),
+    testResults: Object.fromEntries(testResults),
+    artifacts
+  };
+}
+var InMemorySharedWorkspaceStore = class {
+  records = [];
+  write(input) {
+    assertProvenance(input.provenance);
+    const record = {
+      id: input.id ?? `state-${randomUUID()}`,
+      kind: input.kind,
+      key: input.key,
+      value: cloneUnknown(input.value),
+      provenance: { ...input.provenance },
+      createdAt: input.createdAt ?? (/* @__PURE__ */ new Date()).toISOString()
+    };
+    this.records.push(record);
+    return cloneRecord(record);
+  }
+  list() {
+    return this.records.map(cloneRecord);
+  }
+  snapshot() {
+    return snapshotFromRecords(this.records);
+  }
+  readForRole(role) {
+    return snapshotFromRecords(this.records, role);
+  }
+  clear() {
+    this.records = [];
+  }
+};
+function createAgentTraceContext(input = {}) {
+  return {
+    traceId: input.traceId ?? `trace-${randomUUID()}`,
+    spanId: input.spanId ?? `span-${randomUUID()}`,
+    parentSpanId: input.parentSpanId,
+    workflowRunId: input.workflowRunId,
+    agentRunId: input.agentRunId,
+    taskId: input.taskId,
+    toolCallId: input.toolCallId
+  };
+}
+var AgentGraphEngine = class {
+  eventLog;
+  sharedState;
+  nodeExecutor;
+  gateEvaluator;
+  trace;
+  constructor(options = {}) {
+    this.eventLog = options.eventLog;
+    this.sharedState = options.sharedState ?? new InMemorySharedWorkspaceStore();
+    this.nodeExecutor = options.nodeExecutor ?? (options.allowSimulated ? dryRunAgentGraphNodeExecutor : missingAgentGraphNodeExecutor);
+    this.gateEvaluator = options.gateEvaluator ?? defaultAgentGateEvaluator;
+    this.trace = options.trace ?? createAgentTraceContext();
+  }
+  async run(input) {
+    const validation = validateAgentGraph(input.graph);
+    if (!validation.valid) {
+      throw new Error(
+        `Invalid agent graph: ${validation.issues.map((issue) => issue.message).join("; ")}`
+      );
+    }
+    const startedAt = (/* @__PURE__ */ new Date()).toISOString();
+    const nodeResults = /* @__PURE__ */ new Map();
+    const artifacts = [];
+    const graphTrace = createAgentTraceContext({
+      ...this.trace,
+      workflowRunId: input.workflowRunId
+    });
+    this.eventLog?.record("agent.graph.started", {
+      workflowRunId: input.workflowRunId,
+      trace: graphTrace,
+      levels: validation.levels
+    });
+    try {
+      for (const level of validation.levels) {
+        const batches = chunk(level, input.graph.parallelism ?? level.length);
+        for (const batch of batches) {
+          const levelResults = await Promise.all(
+            batch.map(
+              (nodeId) => this.executeNode({
+                node: input.graph.nodes.find((candidate) => candidate.id === nodeId),
+                graph: input.graph,
+                workflowRunId: input.workflowRunId,
+                input: input.input,
+                graphTrace,
+                nodeResults
+              })
+            )
+          );
+          for (const result2 of levelResults) {
+            nodeResults.set(result2.taskId, result2);
+            artifacts.push(...result2.artifacts.map(cloneArtifact));
+          }
+        }
+      }
+      const completedAt = (/* @__PURE__ */ new Date()).toISOString();
+      const result = {
+        id: input.workflowRunId,
+        status: "completed",
+        nodeResults: Object.fromEntries(nodeResults),
+        artifacts,
+        stateSnapshot: this.sharedState.snapshot(),
+        trace: graphTrace,
+        startedAt,
+        completedAt
+      };
+      this.eventLog?.record("agent.graph.completed", {
+        workflowRunId: input.workflowRunId,
+        trace: graphTrace,
+        nodeCount: nodeResults.size
+      });
+      return result;
+    } catch (error) {
+      const completedAt = (/* @__PURE__ */ new Date()).toISOString();
+      const message = error instanceof Error ? error.message : String(error);
+      this.eventLog?.record("agent.graph.failed", {
+        workflowRunId: input.workflowRunId,
+        trace: graphTrace,
+        error: message
+      });
+      return {
+        id: input.workflowRunId,
+        status: "failed",
+        nodeResults: Object.fromEntries(nodeResults),
+        artifacts,
+        stateSnapshot: this.sharedState.snapshot(),
+        trace: graphTrace,
+        startedAt,
+        completedAt,
+        error: message
+      };
+    }
+  }
+  async executeNode(input) {
+    const skipReason = shouldSkipNode(input.node, input.graph, input.input, input.nodeResults);
+    if (skipReason) {
+      const completedAt = (/* @__PURE__ */ new Date()).toISOString();
+      const task = graphNodeToTask(input.node, input.input);
+      const skipped = normalizeAgentRunResult({
+        id: `${input.workflowRunId}-${input.node.id}-skipped`,
+        taskId: task.id,
+        role: task.role,
+        success: true,
+        status: "cancelled",
+        output: `Skipped node '${input.node.id}': ${skipReason}`,
+        startedAt: completedAt,
+        completedAt,
+        durationMs: 0,
+        metadata: {
+          workflowRunId: input.workflowRunId,
+          nodeId: input.node.id,
+          skipped: true,
+          skipReason
+        }
+      });
+      this.eventLog?.record("agent.completed", {
+        workflowRunId: input.workflowRunId,
+        nodeId: input.node.id,
+        agentRunId: skipped.id,
+        taskId: task.id,
+        role: skipped.role,
+        skipped: true,
+        reason: skipReason,
+        trace: input.graphTrace
+      });
+      return skipped;
+    }
+    const attempts = input.node.retryPolicy?.maxAttempts ?? 1;
+    let lastResult;
+    for (let attempt = 1; attempt <= attempts; attempt++) {
+      const task = graphNodeToTask(input.node, input.input);
+      const trace = createAgentTraceContext({
+        traceId: input.graphTrace.traceId,
+        parentSpanId: input.graphTrace.spanId,
+        workflowRunId: input.workflowRunId,
+        taskId: task.id
+      });
+      this.eventLog?.record("agent.started", {
+        workflowRunId: input.workflowRunId,
+        nodeId: input.node.id,
+        taskId: task.id,
+        role: task.role,
+        attempt,
+        trace
+      });
+      const result = await runWithOptionalTimeout(
+        this.nodeExecutor({
+          node: input.node,
+          task,
+          attempt,
+          workflowRunId: input.workflowRunId,
+          trace,
+          dependencyResults: input.nodeResults,
+          sharedState: this.sharedState,
+          eventLog: this.eventLog ?? NULL_EVENT_LOG
+        }),
+        input.node.timeoutMs,
+        () => normalizeAgentRunResult({
+          id: `${input.workflowRunId}-${input.node.id}-attempt-${attempt}-timeout`,
+          taskId: task.id,
+          role: task.role,
+          success: false,
+          status: "timeout",
+          output: "",
+          startedAt: (/* @__PURE__ */ new Date()).toISOString(),
+          completedAt: (/* @__PURE__ */ new Date()).toISOString(),
+          durationMs: input.node.timeoutMs ?? 0,
+          error: `Node '${input.node.id}' timed out after ${input.node.timeoutMs}ms.`,
+          metadata: {
+            workflowRunId: input.workflowRunId,
+            nodeId: input.node.id,
+            trace,
+            timeoutMs: input.node.timeoutMs
+          }
+        })
+      );
+      lastResult = result;
+      for (const artifact of result.artifacts) {
+        const record = this.sharedState.write({
+          kind: "artifact",
+          key: artifact.id,
+          value: artifact,
+          provenance: {
+            workflowRunId: input.workflowRunId,
+            agentRunId: result.id,
+            nodeId: input.node.id,
+            taskId: task.id,
+            risk: input.node.risk
+          }
+        });
+        this.eventLog?.record("shared_state.updated", {
+          workflowRunId: input.workflowRunId,
+          nodeId: input.node.id,
+          agentRunId: result.id,
+          recordId: record.id,
+          kind: record.kind,
+          key: record.key,
+          trace
+        });
+        this.eventLog?.record("agent.artifact.created", {
+          workflowRunId: input.workflowRunId,
+          nodeId: input.node.id,
+          agentRunId: result.id,
+          artifactId: artifact.id,
+          kind: artifact.kind,
+          trace
+        });
+      }
+      if (result.success) {
+        await this.evaluateNodeGates(input.graph, input.node, result, input.workflowRunId, trace);
+        this.eventLog?.record("agent.completed", {
+          workflowRunId: input.workflowRunId,
+          nodeId: input.node.id,
+          agentRunId: result.id,
+          taskId: task.id,
+          role: result.role,
+          attempt,
+          trace
+        });
+        this.eventLog?.record("checkpoint.created", {
+          workflowRunId: input.workflowRunId,
+          nodeId: input.node.id,
+          agentRunId: result.id,
+          taskId: task.id,
+          attempt,
+          trace
+        });
+        return result;
+      }
+      this.eventLog?.record("agent.failed", {
+        workflowRunId: input.workflowRunId,
+        nodeId: input.node.id,
+        agentRunId: result.id,
+        taskId: task.id,
+        role: result.role,
+        attempt,
+        error: result.error,
+        trace
+      });
+      if (attempt < attempts && input.node.retryPolicy?.backoffMs) {
+        await new Promise((resolve4) => setTimeout(resolve4, input.node.retryPolicy.backoffMs));
+      }
+    }
+    throw new Error(
+      `Node '${input.node.id}' failed after ${attempts} attempt(s): ${lastResult?.error ?? "unknown error"}`
+    );
+  }
+  async evaluateNodeGates(graph, node, result, workflowRunId, trace) {
+    for (const gateId of node.gates ?? []) {
+      const gate = graph.gates?.find((candidate) => candidate.id === gateId);
+      if (!gate) continue;
+      const evaluation = await this.gateEvaluator({
+        gate,
+        node,
+        result,
+        workflowRunId,
+        trace,
+        sharedState: this.sharedState,
+        eventLog: this.eventLog ?? NULL_EVENT_LOG
+      });
+      const eventType = evaluation.passed ? "workflow.gate.passed" : "workflow.gate.failed";
+      this.eventLog?.record(eventType, {
+        workflowRunId,
+        nodeId: node.id,
+        gateId: gate.id,
+        kind: gate.kind,
+        required: gate.required,
+        reason: evaluation.reason,
+        trace
+      });
+      if (!evaluation.passed && gate.required) {
+        throw new Error(
+          `Required gate '${gate.id}' failed for node '${node.id}': ${evaluation.reason ?? "no reason"}`
+        );
+      }
+    }
+  }
+};
 function createAgentArtifact(input) {
   return {
     ...input,
@@ -43359,6 +43752,192 @@ function buildExecutionLevels(graph, issues) {
   }
   return levels;
 }
+var NULL_EVENT_LOG = {
+  record(type, data = {}) {
+    return {
+      id: `event-${randomUUID()}`,
+      type,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      data
+    };
+  },
+  list() {
+    return [];
+  },
+  count() {
+    return 0;
+  },
+  clear() {
+  }
+};
+function graphNodeToTask(node, workflowInput) {
+  return {
+    id: node.id,
+    role: node.agentRole ?? "coder",
+    objective: node.description,
+    context: {
+      workflowInput,
+      condition: node.condition
+    },
+    dependencies: node.dependsOn,
+    constraints: node.requiredTools?.map((tool) => `Requires tool: ${tool}`)
+  };
+}
+async function dryRunAgentGraphNodeExecutor(execution) {
+  const startedAt = (/* @__PURE__ */ new Date()).toISOString();
+  const dependencyOutputs = Object.fromEntries(
+    [...execution.dependencyResults.entries()].map(([id, result]) => [
+      id,
+      { success: result.success, output: result.output }
+    ])
+  );
+  const output = [
+    `Node '${execution.node.id}' executed by ${execution.task.role}.`,
+    `Objective: ${execution.task.objective}`,
+    Object.keys(dependencyOutputs).length > 0 ? `Dependencies: ${JSON.stringify(dependencyOutputs)}` : "Dependencies: none"
+  ].join("\n");
+  return normalizeAgentRunResult({
+    id: `${execution.workflowRunId}-${execution.node.id}-attempt-${execution.attempt}`,
+    taskId: execution.task.id,
+    role: execution.task.role,
+    success: true,
+    output,
+    startedAt,
+    completedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    turns: 0,
+    toolsUsed: [],
+    durationMs: 0,
+    metadata: {
+      workflowRunId: execution.workflowRunId,
+      nodeId: execution.node.id,
+      trace: execution.trace,
+      simulated: true
+    }
+  });
+}
+async function missingAgentGraphNodeExecutor(execution) {
+  const completedAt = (/* @__PURE__ */ new Date()).toISOString();
+  return normalizeAgentRunResult({
+    id: `${execution.workflowRunId}-${execution.node.id}-missing-executor`,
+    taskId: execution.task.id,
+    role: execution.task.role,
+    success: false,
+    output: "",
+    startedAt: completedAt,
+    completedAt,
+    durationMs: 0,
+    error: "AgentGraphEngine requires a nodeExecutor. Pass a real executor or set allowSimulated: true for dry-run/demo workflows.",
+    metadata: {
+      workflowRunId: execution.workflowRunId,
+      nodeId: execution.node.id,
+      trace: execution.trace,
+      missingExecutor: true
+    }
+  });
+}
+async function defaultAgentGateEvaluator(input) {
+  if (!input.result.success) {
+    return { passed: false, reason: "Agent result was not successful." };
+  }
+  if (input.gate.kind === "tests" || input.gate.kind === "coverage" || input.gate.kind === "security" || input.gate.kind === "quality-score" || input.gate.kind === "human-approval") {
+    return {
+      passed: false,
+      reason: `Gate '${input.gate.kind}' requires an explicit evaluator.`
+    };
+  }
+  return { passed: true };
+}
+function chunk(items, size) {
+  const safeSize = Math.max(1, size);
+  const result = [];
+  for (let index = 0; index < items.length; index += safeSize) {
+    result.push(items.slice(index, index + safeSize));
+  }
+  return result;
+}
+async function runWithOptionalTimeout(promise, timeoutMs, onTimeout) {
+  if (!timeoutMs || timeoutMs <= 0) return promise;
+  return Promise.race([
+    promise,
+    new Promise((resolve4) => {
+      setTimeout(() => resolve4(onTimeout()), timeoutMs);
+    })
+  ]);
+}
+function shouldSkipNode(node, graph, workflowInput, dependencyResults) {
+  const nodeCondition = evaluateGraphCondition(node.condition, workflowInput, dependencyResults);
+  if (!nodeCondition.passed) return nodeCondition.reason;
+  for (const edge of graph.edges ?? []) {
+    if (edge.to !== node.id || !edge.condition) continue;
+    const edgeCondition = evaluateGraphCondition(edge.condition, workflowInput, dependencyResults);
+    if (!edgeCondition.passed) {
+      return `edge '${edge.from}' -> '${edge.to}' condition '${edge.condition}' was false`;
+    }
+  }
+  return void 0;
+}
+function evaluateGraphCondition(condition, workflowInput, dependencyResults) {
+  if (!condition || condition === "always") return { passed: true };
+  if (condition === "never") return { passed: false, reason: "condition 'never' was false" };
+  if (condition.startsWith("!input.")) {
+    const path65 = condition.slice("!input.".length);
+    return {
+      passed: !readPath(workflowInput, path65),
+      reason: `condition '${condition}' was false`
+    };
+  }
+  if (condition.startsWith("input.")) {
+    const path65 = condition.slice("input.".length);
+    return {
+      passed: Boolean(readPath(workflowInput, path65)),
+      reason: `condition '${condition}' was false`
+    };
+  }
+  if (condition.startsWith("dependency.") && condition.endsWith(".success")) {
+    const id = condition.slice("dependency.".length, -".success".length);
+    return {
+      passed: dependencyResults.get(id)?.success === true,
+      reason: `condition '${condition}' was false`
+    };
+  }
+  if (condition.startsWith("dependency.") && condition.endsWith(".failed")) {
+    const id = condition.slice("dependency.".length, -".failed".length);
+    return {
+      passed: dependencyResults.get(id)?.success === false,
+      reason: `condition '${condition}' was false`
+    };
+  }
+  return {
+    passed: false,
+    reason: `Unsupported graph condition '${condition}'.`
+  };
+}
+function readPath(input, path65) {
+  return path65.split(".").reduce((current, segment) => {
+    if (current && typeof current === "object" && segment in current) {
+      return current[segment];
+    }
+    return void 0;
+  }, input);
+}
+function cloneUnknown(value) {
+  if (value === void 0 || value === null) return value;
+  try {
+    return JSON.parse(JSON.stringify(value));
+  } catch {
+    return value;
+  }
+}
+function cloneRecord(record) {
+  return {
+    ...record,
+    value: cloneUnknown(record.value),
+    provenance: { ...record.provenance }
+  };
+}
+function isAgentArtifact(value) {
+  return typeof value === "object" && value !== null && "id" in value && "kind" in value && "content" in value && "createdAt" in value;
+}
 function cloneArtifact(artifact) {
   return {
     ...artifact,
@@ -43366,14 +43945,524 @@ function cloneArtifact(artifact) {
   };
 }
 
+// src/runtime/context.ts
+function createRuntimeRequestContext(input = {}) {
+  return {
+    surface: input.surface ?? "api",
+    tenant: input.tenant ? { ...input.tenant, metadata: { ...input.tenant.metadata } } : void 0,
+    user: input.user ? {
+      ...input.user,
+      roles: [...input.user.roles ?? []],
+      groups: [...input.user.groups ?? []],
+      metadata: { ...input.user.metadata }
+    } : void 0,
+    channel: input.channel,
+    correlationId: input.correlationId,
+    policy: input.policy ? cloneRuntimePolicy(input.policy) : void 0,
+    metadata: { ...input.metadata }
+  };
+}
+function mergeRuntimePolicy(base, override) {
+  if (!base && !override) return void 0;
+  return {
+    ...base,
+    ...override,
+    allowedTools: override?.allowedTools ? [...override.allowedTools] : base?.allowedTools ? [...base.allowedTools] : void 0,
+    requireHumanApprovalFor: override?.requireHumanApprovalFor ? [...override.requireHumanApprovalFor] : base?.requireHumanApprovalFor ? [...base.requireHumanApprovalFor] : void 0,
+    dataBoundary: { ...base?.dataBoundary, ...override?.dataBoundary },
+    costBudget: { ...base?.costBudget, ...override?.costBudget },
+    retention: { ...base?.retention, ...override?.retention },
+    rateLimit: { ...base?.rateLimit, ...override?.rateLimit }
+  };
+}
+function runtimeContextToMetadata(context) {
+  if (!context) return {};
+  return {
+    surface: context.surface,
+    channel: context.channel,
+    correlationId: context.correlationId,
+    tenantId: context.tenant?.id,
+    tenantName: context.tenant?.name,
+    userId: context.user?.id,
+    userRoles: context.user?.roles,
+    dataClassification: context.policy?.dataBoundary?.classification
+  };
+}
+function evaluateRuntimeToolPolicy(policy, input) {
+  if (policy?.allowedTools && !policy.allowedTools.includes(input.toolName)) {
+    return {
+      allowed: false,
+      reason: `Runtime policy does not allow tool: ${input.toolName}`,
+      risk: input.risk
+    };
+  }
+  if (policy?.maxToolRisk && riskRank(input.risk) > riskRank(policy.maxToolRisk)) {
+    return {
+      allowed: false,
+      reason: `Runtime policy allows tools up to ${policy.maxToolRisk} risk; ${input.toolName} is ${input.risk}.`,
+      risk: input.risk
+    };
+  }
+  if (policy?.requireHumanApprovalFor?.includes(input.risk) && input.confirmed !== true) {
+    return {
+      allowed: false,
+      requiresConfirmation: true,
+      reason: `Runtime policy requires human approval for ${input.risk} tools.`,
+      risk: input.risk
+    };
+  }
+  return { allowed: true, risk: input.risk };
+}
+function evaluateRuntimeRiskPolicy(policy, input) {
+  if (policy?.maxToolRisk && riskRank(input.risk) > riskRank(policy.maxToolRisk)) {
+    return {
+      allowed: false,
+      reason: `Runtime policy allows work up to ${policy.maxToolRisk} risk; ${input.subject} is ${input.risk}.`,
+      risk: input.risk
+    };
+  }
+  if (policy?.requireHumanApprovalFor?.includes(input.risk) && input.confirmed !== true) {
+    return {
+      allowed: false,
+      requiresConfirmation: true,
+      reason: `Runtime policy requires human approval for ${input.risk} work.`,
+      risk: input.risk
+    };
+  }
+  return { allowed: true, risk: input.risk };
+}
+function assertRuntimeUsageWithinPolicy(policy, usage) {
+  const budget = policy?.costBudget;
+  if (!budget) return;
+  if (budget.maxInputTokens !== void 0 && (usage.inputTokens ?? 0) > budget.maxInputTokens) {
+    throw new Error(
+      `Runtime policy input token budget exceeded: ${usage.inputTokens ?? 0}/${budget.maxInputTokens}`
+    );
+  }
+  if (budget.maxOutputTokens !== void 0 && (usage.outputTokens ?? 0) > budget.maxOutputTokens) {
+    throw new Error(
+      `Runtime policy output token budget exceeded: ${usage.outputTokens ?? 0}/${budget.maxOutputTokens}`
+    );
+  }
+}
+function cloneRuntimePolicy(policy) {
+  return mergeRuntimePolicy(void 0, policy) ?? {};
+}
+function riskRank(risk) {
+  switch (risk) {
+    case "read-only":
+      return 0;
+    case "network":
+      return 1;
+    case "write":
+      return 2;
+    case "destructive":
+      return 3;
+    case "secrets-sensitive":
+      return 4;
+  }
+}
+var InMemoryEventLog = class {
+  events = [];
+  record(type, data = {}) {
+    const event = {
+      id: randomUUID(),
+      type,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      data
+    };
+    this.events.push(event);
+    return event;
+  }
+  list() {
+    return [...this.events];
+  }
+  count() {
+    return this.events.length;
+  }
+  clear() {
+    this.events = [];
+  }
+};
+var FileEventLog = class {
+  constructor(filePath) {
+    this.filePath = filePath;
+    try {
+      mkdirSync(dirname(filePath), { recursive: true });
+    } catch {
+      this.writable = false;
+    }
+  }
+  filePath;
+  memory = new InMemoryEventLog();
+  writable = true;
+  record(type, data = {}) {
+    const event = this.memory.record(type, data);
+    if (this.writable) {
+      try {
+        appendFileSync(this.filePath, JSON.stringify(event) + "\n", "utf-8");
+      } catch {
+        this.writable = false;
+      }
+    }
+    return event;
+  }
+  list() {
+    if (!this.writable) return this.memory.list();
+    try {
+      const raw = readFileSync(this.filePath, "utf-8");
+      return raw.split("\n").filter(Boolean).flatMap((line) => {
+        try {
+          return [JSON.parse(line)];
+        } catch {
+          return [];
+        }
+      });
+    } catch {
+      return this.memory.list();
+    }
+  }
+  count() {
+    return this.list().length;
+  }
+  clear() {
+    this.memory.clear();
+    if (this.writable) {
+      try {
+        writeFileSync(this.filePath, "", "utf-8");
+      } catch {
+        this.writable = false;
+      }
+    }
+  }
+};
+function createEventLog() {
+  return new InMemoryEventLog();
+}
+function createFileEventLog(filePath) {
+  return new FileEventLog(filePath);
+}
+
+// src/runtime/agent-modes.ts
+var AGENT_MODES = {
+  ask: {
+    id: "ask",
+    label: "Ask",
+    description: "Answer questions and explain code without modifying files.",
+    readOnly: true,
+    preferredTools: ["read_file", "grep", "glob", "codebase_map", "lsp_definition"],
+    requiresVerification: false
+  },
+  plan: {
+    id: "plan",
+    label: "Plan",
+    description: "Explore and produce an implementation plan with read-only tools.",
+    readOnly: true,
+    preferredTools: ["read_file", "grep", "glob", "codebase_map", "lsp_workspace_symbols"],
+    requiresVerification: false
+  },
+  build: {
+    id: "build",
+    label: "Build",
+    description: "Implement code changes and verify them.",
+    readOnly: false,
+    preferredTools: ["read_file", "edit_file", "write_file", "bash_exec", "run_tests"],
+    requiresVerification: true
+  },
+  debug: {
+    id: "debug",
+    label: "Debug",
+    description: "Reproduce failures, trace root cause, patch, and verify.",
+    readOnly: false,
+    preferredTools: ["bash_exec", "read_file", "grep", "lsp_references", "edit_file"],
+    requiresVerification: true
+  },
+  review: {
+    id: "review",
+    label: "Review",
+    description: "Inspect code quality, security, behavior changes, and test gaps.",
+    readOnly: true,
+    preferredTools: ["git_diff", "read_file", "grep", "review_code", "calculate_quality"],
+    requiresVerification: false
+  },
+  architect: {
+    id: "architect",
+    label: "Architect",
+    description: "Design architecture and split work for architect/editor execution.",
+    readOnly: true,
+    preferredTools: ["codebase_map", "lsp_workspace_symbols", "grep", "create_agent_plan"],
+    requiresVerification: false
+  }
+};
+function getAgentMode(mode) {
+  return AGENT_MODES[mode];
+}
+function listAgentModes() {
+  return Object.values(AGENT_MODES);
+}
+function isAgentMode(value) {
+  return value in AGENT_MODES;
+}
+
+// src/runtime/permission-policy.ts
+var READ_ONLY_CATEGORIES = /* @__PURE__ */ new Set(["search", "web", "document"]);
+var WRITE_CATEGORIES = /* @__PURE__ */ new Set(["file", "git", "test", "build", "memory"]);
+var READ_ONLY_TOOL_NAMES = /* @__PURE__ */ new Set([
+  "glob",
+  "read_file",
+  "list_dir",
+  "tree",
+  "grep",
+  "find_in_file",
+  "semantic_search",
+  "codebase_map",
+  "repo_context",
+  "lsp_status",
+  "lsp_document_symbols",
+  "lsp_workspace_symbols",
+  "lsp_definition",
+  "lsp_references",
+  "git_status",
+  "git_log",
+  "git_diff",
+  "git_show",
+  "git_branch",
+  "recall_memory",
+  "list_memories",
+  "list_checkpoints",
+  "checkAgentCapability"
+]);
+var WRITE_CAPABLE_TOOL_NAMES = /* @__PURE__ */ new Set(["run_linter"]);
+var DESTRUCTIVE_TOOL_NAMES = /* @__PURE__ */ new Set([
+  "bash_exec",
+  "write_file",
+  "edit_file",
+  "delete_file",
+  "restore_checkpoint",
+  "git_commit",
+  "git_push",
+  "request_human_escalation"
+]);
+function riskForTool(tool) {
+  if (READ_ONLY_TOOL_NAMES.has(tool.name)) return "read-only";
+  if (DESTRUCTIVE_TOOL_NAMES.has(tool.name)) return "destructive";
+  if (WRITE_CAPABLE_TOOL_NAMES.has(tool.name)) return "write";
+  if (tool.category === "web") return "network";
+  if (WRITE_CATEGORIES.has(tool.category)) return "write";
+  if (tool.category === "quality") return "write";
+  return "read-only";
+}
+var DefaultPermissionPolicy = class {
+  canExecuteTool(mode, tool) {
+    const definition = getAgentMode(mode);
+    const risk = riskForTool(tool);
+    const readOnlyTool = READ_ONLY_TOOL_NAMES.has(tool.name) || READ_ONLY_CATEGORIES.has(tool.category);
+    if (definition.readOnly && !readOnlyTool) {
+      return {
+        allowed: false,
+        reason: `${definition.label} mode is read-only; ${tool.name} is a ${tool.category} tool.`,
+        risk
+      };
+    }
+    if (risk === "destructive") {
+      return {
+        allowed: true,
+        requiresConfirmation: true,
+        reason: `${tool.name} can change repository state and should be confirmed.`,
+        risk
+      };
+    }
+    return { allowed: true, risk };
+  }
+  canExecuteToolInput(mode, tool, input) {
+    if (tool.name === "spawnSimpleAgent") {
+      const risk = riskForSpawnedAgent(input);
+      const definition2 = getAgentMode(mode);
+      if (definition2.readOnly && risk !== "read-only" && risk !== "network") {
+        return {
+          allowed: false,
+          reason: `${definition2.label} mode is read-only; spawnSimpleAgent with this role can perform ${risk} work.`,
+          risk
+        };
+      }
+      return {
+        allowed: true,
+        requiresConfirmation: risk === "destructive" || risk === "secrets-sensitive",
+        risk
+      };
+    }
+    if (tool.name !== "run_linter") {
+      return this.canExecuteTool(mode, tool);
+    }
+    const definition = getAgentMode(mode);
+    const fixEnabled = input["fix"] === true;
+    const decision = fixEnabled ? { allowed: true, risk: "write" } : { allowed: true, risk: "read-only" };
+    if (definition.readOnly && fixEnabled) {
+      return {
+        allowed: false,
+        reason: `${definition.label} mode is read-only; run_linter with fix=true can modify files.`,
+        risk: "write"
+      };
+    }
+    return decision;
+  }
+};
+function createPermissionPolicy() {
+  return new DefaultPermissionPolicy();
+}
+function riskForSpawnedAgent(input) {
+  const type = typeof input["type"] === "string" ? input["type"] : void 0;
+  const role = typeof input["role"] === "string" ? input["role"] : void 0;
+  const resolved = type ?? role;
+  switch (resolved) {
+    case "explore":
+    case "plan":
+    case "review":
+    case "architect":
+    case "security":
+    case "docs":
+    case "researcher":
+    case "reviewer":
+    case "planner":
+      return "read-only";
+    case "database":
+      return "secrets-sensitive";
+    case "test":
+    case "tdd":
+    case "e2e":
+    case "tester":
+      return "destructive";
+    case "debug":
+    case "refactor":
+    case "coder":
+    case "optimizer":
+      return "write";
+    default:
+      return "read-only";
+  }
+}
+
+// src/runtime/runtime-tool-executor.ts
+var RuntimeToolExecutor = class {
+  toolRegistry;
+  eventLog;
+  permissionPolicy;
+  defaultMode;
+  runtimePolicy;
+  constructor(options) {
+    this.toolRegistry = options.toolRegistry;
+    this.eventLog = options.eventLog ?? createEventLog();
+    this.permissionPolicy = options.permissionPolicy ?? createPermissionPolicy();
+    this.defaultMode = options.mode ?? "ask";
+    this.runtimePolicy = options.runtimePolicy;
+  }
+  async execute(input) {
+    const startedAt = performance.now();
+    const mode = input.mode ?? this.defaultMode;
+    const allowedTools = input.allowedTools ? new Set(input.allowedTools) : void 0;
+    if (allowedTools && !allowedTools.has(input.toolName)) {
+      const decision2 = {
+        allowed: false,
+        reason: `Tool '${input.toolName}' is not available to this agent.`,
+        risk: "read-only"
+      };
+      return this.block(input, mode, decision2, startedAt);
+    }
+    const tool = this.toolRegistry.get(input.toolName);
+    if (!tool) {
+      const decision2 = {
+        allowed: false,
+        reason: "Tool not registered.",
+        risk: "read-only"
+      };
+      return this.block(input, mode, decision2, startedAt);
+    }
+    const decision = this.permissionPolicy.canExecuteToolInput ? this.permissionPolicy.canExecuteToolInput(mode, tool, input.input) : this.permissionPolicy.canExecuteTool(mode, tool);
+    const runtimeDecision = decision.allowed ? evaluateRuntimeToolPolicy(this.runtimePolicy, {
+      toolName: input.toolName,
+      risk: decision.risk,
+      confirmed: input.confirmed
+    }) : void 0;
+    if (!decision.allowed || runtimeDecision?.allowed === false || decision.requiresConfirmation && input.confirmed !== true) {
+      const reason = runtimeDecision?.reason ?? decision.reason ?? (decision.requiresConfirmation ? "Tool requires explicit runtime confirmation." : "Tool is not allowed.");
+      return this.block(
+        input,
+        mode,
+        {
+          ...decision,
+          allowed: false,
+          reason,
+          requiresConfirmation: runtimeDecision?.requiresConfirmation ?? decision.requiresConfirmation,
+          risk: runtimeDecision?.risk ?? decision.risk
+        },
+        startedAt,
+        { runtimePolicyBlocked: runtimeDecision ? !runtimeDecision.allowed : false }
+      );
+    }
+    this.eventLog.record("agent.tool.called", {
+      mode,
+      tool: input.toolName,
+      risk: decision.risk,
+      metadata: input.metadata
+    });
+    this.eventLog.record("tool.started", {
+      mode,
+      tool: input.toolName,
+      risk: decision.risk,
+      runtimeApi: true,
+      metadataKeys: Object.keys(input.metadata ?? {}).sort()
+    });
+    const result = await this.toolRegistry.execute(input.toolName, input.input);
+    this.eventLog.record("tool.completed", {
+      mode,
+      tool: input.toolName,
+      success: result.success,
+      duration: result.duration,
+      runtimeApi: true
+    });
+    return {
+      toolName: input.toolName,
+      success: result.success,
+      output: result.data,
+      error: result.error,
+      duration: result.duration,
+      decision
+    };
+  }
+  block(input, mode, decision, startedAt, extraData = {}) {
+    this.eventLog.record("tool.blocked", {
+      mode,
+      tool: input.toolName,
+      reason: decision.reason,
+      risk: decision.risk,
+      requiresConfirmation: decision.requiresConfirmation,
+      runtimeApi: true,
+      metadata: input.metadata,
+      ...extraData
+    });
+    return {
+      toolName: input.toolName,
+      success: false,
+      error: decision.reason ?? "Tool is not allowed.",
+      duration: performance.now() - startedAt,
+      decision
+    };
+  }
+};
+function createRuntimeToolExecutor(options) {
+  return new RuntimeToolExecutor(options);
+}
+
 // src/agents/executor.ts
 var AgentExecutor = class {
-  constructor(provider, toolRegistry) {
+  constructor(provider, toolRegistry, runtimeToolExecutor) {
     this.provider = provider;
     this.toolRegistry = toolRegistry;
+    this.runtimeToolExecutor = runtimeToolExecutor ?? createRuntimeToolExecutor({ toolRegistry, mode: "ask" });
   }
   provider;
   toolRegistry;
+  runtimeToolExecutor;
   /**
    * Execute an agent on a task with multi-turn tool use
    */
@@ -43441,11 +44530,21 @@ var AgentExecutor = class {
         for (const toolCall of response.toolCalls) {
           toolsUsed.add(toolCall.name);
           try {
-            const result = await this.toolRegistry.execute(toolCall.name, toolCall.input);
+            const result = await this.runtimeToolExecutor.execute({
+              toolName: toolCall.name,
+              input: toolCall.input,
+              allowedTools: agent.allowedTools.length > 0 ? agent.allowedTools : void 0,
+              mode: runtimeModeForAgent(agent.role),
+              metadata: {
+                agentRole: agent.role,
+                taskId: task.id,
+                toolCallId: toolCall.id
+              }
+            });
             toolResults.push({
               type: "tool_result",
               tool_use_id: toolCall.id,
-              content: result.success ? JSON.stringify(result.data) : `Error: ${result.error}`,
+              content: result.success ? JSON.stringify(result.output) : `Error: ${result.error}`,
               is_error: !result.success
             });
           } catch (error) {
@@ -43547,7 +44646,7 @@ Complete this task autonomously using the available tools. When done, provide a
   }
 };
 function normalizeRole(role) {
-  return role === "researcher" || role === "architect" || role === "editor" || role === "coder" || role === "tester" || role === "reviewer" || role === "optimizer" || role === "planner" ? role : "coder";
+  return mapLegacyAgentRole(role);
 }
 var AGENT_ROLES = {
   researcher: {
@@ -43656,6 +44755,22 @@ Use tools to analyze requirements and explore the codebase.`,
     allowedTools: ["read_file", "grep", "glob", "codebase_map"]
   }
 };
+function runtimeModeForAgent(role) {
+  switch (role) {
+    case "researcher":
+    case "planner":
+      return "plan";
+    case "architect":
+      return "architect";
+    case "reviewer":
+      return "review";
+    case "tester":
+    case "editor":
+    case "coder":
+    case "optimizer":
+      return "build";
+  }
+}
 var DEFAULTS = {
   maxConcurrency: os4__default.cpus().length,
   minConcurrency: 1,
@@ -45975,16 +47090,18 @@ var AgentManager = class extends EventEmitter {
   abortControllers = /* @__PURE__ */ new Map();
   provider;
   toolRegistry;
+  runtimeToolExecutor;
   logger = getLogger();
   /**
    * Create a new AgentManager
    * @param provider - LLM provider for agent execution
    * @param toolRegistry - Tool registry for agent tool access
    */
-  constructor(provider, toolRegistry) {
+  constructor(provider, toolRegistry, runtimeToolExecutor) {
     super();
     this.provider = provider;
     this.toolRegistry = toolRegistry;
+    this.runtimeToolExecutor = runtimeToolExecutor ?? createRuntimeToolExecutor({ toolRegistry, mode: "ask" });
   }
   /**
    * Spawn a new subagent for a specific task
@@ -46299,11 +47416,20 @@ var AgentManager = class extends EventEmitter {
         continue;
       }
       try {
-        const result = await this.toolRegistry.execute(toolCall.name, toolCall.input);
+        const result = await this.runtimeToolExecutor.execute({
+          toolName: toolCall.name,
+          input: toolCall.input,
+          allowedTools: config.tools,
+          mode: runtimeModeForAgentType(config.type),
+          metadata: {
+            agentType: config.type,
+            toolCallId: toolCall.id
+          }
+        });
         results.push({
           type: "tool_result",
           tool_use_id: toolCall.id,
-          content: result.success ? String(result.data ?? "Success") : `Error: ${result.error}`,
+          content: result.success ? String(result.output ?? "Success") : `Error: ${result.error}`,
           is_error: !result.success
         });
       } catch (error) {
@@ -46366,28 +47492,27 @@ var AgentManager = class extends EventEmitter {
   }
 };
 function agentTypeToRuntimeRole(type) {
+  return mapLegacyAgentRole(type);
+}
+function runtimeModeForAgentType(type) {
   switch (type) {
     case "explore":
-      return "researcher";
     case "plan":
-      return "planner";
-    case "test":
-    case "e2e":
-    case "tdd":
-      return "tester";
-    case "debug":
-    case "refactor":
-      return "coder";
+    case "docs":
+      return "plan";
     case "review":
-      return "reviewer";
+    case "security":
+      return "review";
     case "architect":
       return "architect";
-    case "security":
-      return "security";
-    case "docs":
-      return "docs";
+    case "debug":
+      return "debug";
+    case "test":
+    case "tdd":
+    case "e2e":
+    case "refactor":
     case "database":
-      return "database";
+      return "build";
   }
 }
 
@@ -46434,7 +47559,7 @@ var AGENT_TYPES = [
   "docs",
   "database"
 ];
-var LEGACY_ROLE_MAP = {
+var LEGACY_ROLE_MAP2 = {
   researcher: "explore",
   coder: "debug",
   // "debug" has write + bash + read — closest to general coding
@@ -46454,7 +47579,7 @@ var SpawnSimpleAgentSchema = z.object({
 });
 function resolveAgentType(input) {
   if (input.type) return input.type;
-  if (input.role && input.role in LEGACY_ROLE_MAP) return LEGACY_ROLE_MAP[input.role];
+  if (input.role && input.role in LEGACY_ROLE_MAP2) return LEGACY_ROLE_MAP2[input.role];
   return "explore";
 }
 var spawnSimpleAgentTool = defineTool({
@@ -46996,14 +48121,14 @@ ${message}
       const subprocess = execa(pm, cmdArgs, options);
       let stdoutBuffer = "";
       let stderrBuffer = "";
-      subprocess.stdout?.on("data", (chunk) => {
-        const text16 = chunk.toString();
+      subprocess.stdout?.on("data", (chunk2) => {
+        const text16 = chunk2.toString();
         stdoutBuffer += text16;
         process.stdout.write(text16);
         heartbeat.activity();
       });
-      subprocess.stderr?.on("data", (chunk) => {
-        const text16 = chunk.toString();
+      subprocess.stderr?.on("data", (chunk2) => {
+        const text16 = chunk2.toString();
         stderrBuffer += text16;
         process.stderr.write(text16);
         heartbeat.activity();
@@ -47121,14 +48246,14 @@ ${message}
       const subprocess = execa(pm, cmdArgs, options);
       let stdoutBuffer = "";
       let stderrBuffer = "";
-      subprocess.stdout?.on("data", (chunk) => {
-        const text16 = chunk.toString();
+      subprocess.stdout?.on("data", (chunk2) => {
+        const text16 = chunk2.toString();
         stdoutBuffer += text16;
         process.stdout.write(text16);
         heartbeat.activity();
       });
-      subprocess.stderr?.on("data", (chunk) => {
-        const text16 = chunk.toString();
+      subprocess.stderr?.on("data", (chunk2) => {
+        const text16 = chunk2.toString();
         stderrBuffer += text16;
         process.stderr.write(text16);
         heartbeat.activity();
@@ -47223,14 +48348,14 @@ ${message}
       const subprocess = execa("make", cmdArgs, options);
       let stdoutBuffer = "";
       let stderrBuffer = "";
-      subprocess.stdout?.on("data", (chunk) => {
-        const text16 = chunk.toString();
+      subprocess.stdout?.on("data", (chunk2) => {
+        const text16 = chunk2.toString();
         stdoutBuffer += text16;
         process.stdout.write(text16);
         heartbeat.activity();
       });
-      subprocess.stderr?.on("data", (chunk) => {
-        const text16 = chunk.toString();
+      subprocess.stderr?.on("data", (chunk2) => {
+        const text16 = chunk2.toString();
         stderrBuffer += text16;
         process.stderr.write(text16);
         heartbeat.activity();
@@ -47326,14 +48451,14 @@ ${message}
       const subprocess = execa("npx", ["tsc", ...cmdArgs], options);
       let stdoutBuffer = "";
       let stderrBuffer = "";
-      subprocess.stdout?.on("data", (chunk) => {
-        const text16 = chunk.toString();
+      subprocess.stdout?.on("data", (chunk2) => {
+        const text16 = chunk2.toString();
         stdoutBuffer += text16;
         process.stdout.write(text16);
         heartbeat.activity();
       });
-      subprocess.stderr?.on("data", (chunk) => {
-        const text16 = chunk.toString();
+      subprocess.stderr?.on("data", (chunk2) => {
+        const text16 = chunk2.toString();
         stderrBuffer += text16;
         process.stderr.write(text16);
         heartbeat.activity();
@@ -47430,14 +48555,14 @@ ${message}
       });
       let stdoutBuffer = "";
       let stderrBuffer = "";
-      subprocess.stdout?.on("data", (chunk) => {
-        const text16 = chunk.toString();
+      subprocess.stdout?.on("data", (chunk2) => {
+        const text16 = chunk2.toString();
         stdoutBuffer += text16;
         process.stdout.write(text16);
         heartbeat.activity();
       });
-      subprocess.stderr?.on("data", (chunk) => {
-        const text16 = chunk.toString();
+      subprocess.stderr?.on("data", (chunk2) => {
+        const text16 = chunk2.toString();
         stderrBuffer += text16;
         process.stderr.write(text16);
         heartbeat.activity();
@@ -47517,14 +48642,14 @@ ${message}
       });
       let stdoutBuffer = "";
       let stderrBuffer = "";
-      subprocess.stdout?.on("data", (chunk) => {
-        const text16 = chunk.toString();
+      subprocess.stdout?.on("data", (chunk2) => {
+        const text16 = chunk2.toString();
         stdoutBuffer += text16;
         process.stdout.write(text16);
         heartbeat.activity();
       });
-      subprocess.stderr?.on("data", (chunk) => {
-        const text16 = chunk.toString();
+      subprocess.stderr?.on("data", (chunk2) => {
+        const text16 = chunk2.toString();
         stderrBuffer += text16;
         process.stderr.write(text16);
         heartbeat.activity();
@@ -49346,13 +50471,13 @@ Examples:
           const content = await fs41.readFile(fullPath, "utf-8");
           if (content.length > 1e5) continue;
           const fileChunks = chunkContent(content, DEFAULT_CHUNK_SIZE);
-          for (const chunk of fileChunks) {
-            const vector = await getEmbedding(chunk.text);
+          for (const chunk2 of fileChunks) {
+            const vector = await getEmbedding(chunk2.text);
             chunks.push({
               file,
-              startLine: chunk.startLine,
-              endLine: chunk.endLine,
-              text: chunk.text,
+              startLine: chunk2.startLine,
+              endLine: chunk2.endLine,
+              text: chunk2.text,
               vector,
               mtime: stat2.mtimeMs
             });
@@ -49386,9 +50511,9 @@ Examples:
       }
     }
     const queryVector = await getEmbedding(query);
-    const scored = index.chunks.map((chunk) => ({
-      chunk,
-      score: cosineSimilarity(queryVector, chunk.vector)
+    const scored = index.chunks.map((chunk2) => ({
+      chunk: chunk2,
+      score: cosineSimilarity(queryVector, chunk2.vector)
     }));
     const filtered = scored.filter((s) => s.score >= effectiveThreshold).sort((a, b) => b.score - a.score).slice(0, effectiveMaxResults);
     const results = filtered.map((s) => {
@@ -50261,7 +51386,7 @@ async function validateCode(code, filePath, _language) {
   const errors = [];
   const warnings = [];
   try {
-    const ast = parse$1(code, {
+    const ast = parse(code, {
       loc: true,
       range: true,
       comment: true,
@@ -50388,7 +51513,7 @@ async function analyzeFile(filePath, includeAst = false) {
   const exports$1 = [];
   let ast;
   try {
-    ast = parse$1(content, {
+    ast = parse(content, {
       loc: true,
       range: true,
       comment: true,
@@ -52866,69 +53991,6 @@ var repoMapCommand = {
     return false;
   }
 };
-
-// src/runtime/agent-modes.ts
-var AGENT_MODES = {
-  ask: {
-    id: "ask",
-    label: "Ask",
-    description: "Answer questions and explain code without modifying files.",
-    readOnly: true,
-    preferredTools: ["read_file", "grep", "glob", "codebase_map", "lsp_definition"],
-    requiresVerification: false
-  },
-  plan: {
-    id: "plan",
-    label: "Plan",
-    description: "Explore and produce an implementation plan with read-only tools.",
-    readOnly: true,
-    preferredTools: ["read_file", "grep", "glob", "codebase_map", "lsp_workspace_symbols"],
-    requiresVerification: false
-  },
-  build: {
-    id: "build",
-    label: "Build",
-    description: "Implement code changes and verify them.",
-    readOnly: false,
-    preferredTools: ["read_file", "edit_file", "write_file", "bash_exec", "run_tests"],
-    requiresVerification: true
-  },
-  debug: {
-    id: "debug",
-    label: "Debug",
-    description: "Reproduce failures, trace root cause, patch, and verify.",
-    readOnly: false,
-    preferredTools: ["bash_exec", "read_file", "grep", "lsp_references", "edit_file"],
-    requiresVerification: true
-  },
-  review: {
-    id: "review",
-    label: "Review",
-    description: "Inspect code quality, security, behavior changes, and test gaps.",
-    readOnly: true,
-    preferredTools: ["git_diff", "read_file", "grep", "review_code", "calculate_quality"],
-    requiresVerification: false
-  },
-  architect: {
-    id: "architect",
-    label: "Architect",
-    description: "Design architecture and split work for architect/editor execution.",
-    readOnly: true,
-    preferredTools: ["codebase_map", "lsp_workspace_symbols", "grep", "create_agent_plan"],
-    requiresVerification: false
-  }
-};
-function getAgentMode(mode) {
-  return AGENT_MODES[mode];
-}
-function listAgentModes() {
-  return Object.values(AGENT_MODES);
-}
-function isAgentMode(value) {
-  return value in AGENT_MODES;
-}
-
-// src/cli/repl/commands/mode.ts
 function currentMode(session) {
   return session.agentMode ?? (session.planMode ? "plan" : "build");
 }
@@ -54367,17 +55429,17 @@ function resetLineBuffer() {
   stopStreamingIndicator();
   resetBlockStore();
 }
-function renderStreamChunk(chunk) {
-  if (chunk.type === "text" && chunk.text) {
-    lineBuffer += chunk.text;
-    rawMarkdownBuffer += chunk.text;
+function renderStreamChunk(chunk2) {
+  if (chunk2.type === "text" && chunk2.text) {
+    lineBuffer += chunk2.text;
+    rawMarkdownBuffer += chunk2.text;
     let newlineIndex;
     while ((newlineIndex = lineBuffer.indexOf("\n")) !== -1) {
       const line = lineBuffer.slice(0, newlineIndex);
       lineBuffer = lineBuffer.slice(newlineIndex + 1);
       processAndOutputLine(line);
     }
-  } else if (chunk.type === "done") {
+  } else if (chunk2.type === "done") {
     flushLineBuffer();
   }
 }
@@ -55571,22 +56633,22 @@ ${tail}`;
           content: `[System: ${reason} Do not call tools. Either explain the exact blocker and ask the user for the smallest missing input, or, if the task is already complete, summarize it briefly. Do not return an empty response.]`
         }
       ];
-      for await (const chunk of provider.streamWithTools(finalMessages, {
+      for await (const chunk2 of provider.streamWithTools(finalMessages, {
         tools: [],
         maxTokens: session.config.provider.maxTokens,
         signal: options.signal
         // Omit thinking for the final explanation turn to avoid unnecessary cost
       })) {
         if (options.signal?.aborted) break;
-        if (chunk.type === "text" && chunk.text) {
+        if (chunk2.type === "text" && chunk2.text) {
           if (!explanationThinkingEnded) {
             options.onThinkingEnd?.();
             explanationThinkingEnded = true;
           }
-          explanation += chunk.text;
-          options.onStream?.(chunk);
+          explanation += chunk2.text;
+          options.onStream?.(chunk2);
         }
-        if (chunk.type === "done") break;
+        if (chunk2.type === "done") break;
       }
     } catch {
     } finally {
@@ -55627,7 +56689,7 @@ ${tail}`;
         lastStopReason = void 0;
         const toolCallBuilders = /* @__PURE__ */ new Map();
         try {
-          for await (const chunk of provider.streamWithTools(messages, {
+          for await (const chunk2 of provider.streamWithTools(messages, {
             tools,
             maxTokens: session.config.provider.maxTokens,
             signal: options.signal,
@@ -55637,56 +56699,56 @@ ${tail}`;
               break;
             }
             try {
-              if (chunk.type === "text" && chunk.text) {
+              if (chunk2.type === "text" && chunk2.text) {
                 if (!thinkingEnded) {
                   options.onThinkingEnd?.();
                   thinkingEnded = true;
                 }
-                responseContent += chunk.text;
-                finalContent += chunk.text;
-                iterationTextChunks.push(chunk);
+                responseContent += chunk2.text;
+                finalContent += chunk2.text;
+                iterationTextChunks.push(chunk2);
               }
-              if (chunk.type === "tool_use_start" && chunk.toolCall) {
+              if (chunk2.type === "tool_use_start" && chunk2.toolCall) {
                 flushLineBuffer();
                 if (!thinkingEnded) {
                   options.onThinkingEnd?.();
                   thinkingEnded = true;
                 }
-                const id = chunk.toolCall.id ?? `tool_${toolCallBuilders.size}`;
-                const toolName = chunk.toolCall.name ?? "";
+                const id = chunk2.toolCall.id ?? `tool_${toolCallBuilders.size}`;
+                const toolName = chunk2.toolCall.name ?? "";
                 toolCallBuilders.set(id, {
                   id,
                   name: toolName,
                   input: {},
-                  geminiThoughtSignature: chunk.toolCall.geminiThoughtSignature
+                  geminiThoughtSignature: chunk2.toolCall.geminiThoughtSignature
                 });
                 if (toolName) {
                   options.onToolPreparing?.(toolName);
                 }
               }
-              if (chunk.type === "tool_use_end" && chunk.toolCall) {
-                const id = chunk.toolCall.id ?? "";
+              if (chunk2.type === "tool_use_end" && chunk2.toolCall) {
+                const id = chunk2.toolCall.id ?? "";
                 const builder = toolCallBuilders.get(id);
                 if (builder) {
                   const finalToolCall = {
                     id: builder.id,
-                    name: chunk.toolCall.name ?? builder.name,
-                    input: chunk.toolCall.input ?? builder.input,
-                    geminiThoughtSignature: chunk.toolCall.geminiThoughtSignature ?? builder.geminiThoughtSignature
+                    name: chunk2.toolCall.name ?? builder.name,
+                    input: chunk2.toolCall.input ?? builder.input,
+                    geminiThoughtSignature: chunk2.toolCall.geminiThoughtSignature ?? builder.geminiThoughtSignature
                   };
                   collectedToolCalls.push(finalToolCall);
-                } else if (chunk.toolCall.id && chunk.toolCall.name) {
+                } else if (chunk2.toolCall.id && chunk2.toolCall.name) {
                   collectedToolCalls.push({
-                    id: chunk.toolCall.id,
-                    name: chunk.toolCall.name,
-                    input: chunk.toolCall.input ?? {},
-                    geminiThoughtSignature: chunk.toolCall.geminiThoughtSignature
+                    id: chunk2.toolCall.id,
+                    name: chunk2.toolCall.name,
+                    input: chunk2.toolCall.input ?? {},
+                    geminiThoughtSignature: chunk2.toolCall.geminiThoughtSignature
                   });
                 }
               }
-              if (chunk.type === "done") {
-                if (chunk.stopReason) {
-                  lastStopReason = chunk.stopReason;
+              if (chunk2.type === "done") {
+                if (chunk2.stopReason) {
+                  lastStopReason = chunk2.stopReason;
                 }
                 if (!thinkingEnded) {
                   options.onThinkingEnd?.();
@@ -56169,17 +57231,17 @@ ${ITERATION_LIMIT_SUMMARY_PROMPT}` : ITERATION_LIMIT_SUMMARY_PROMPT
     if (stuckInErrorLoop) {
       try {
         const finalMessages = getConversationContext(session, toolRegistry);
-        for await (const chunk of provider.streamWithTools(finalMessages, {
+        for await (const chunk2 of provider.streamWithTools(finalMessages, {
           tools: [],
           maxTokens: session.config.provider.maxTokens,
           signal: options.signal
         })) {
           if (options.signal?.aborted) break;
-          if (chunk.type === "text" && chunk.text) {
-            finalContent += chunk.text;
-            options.onStream?.(chunk);
+          if (chunk2.type === "text" && chunk2.text) {
+            finalContent += chunk2.text;
+            options.onStream?.(chunk2);
           }
-          if (chunk.type === "done") break;
+          if (chunk2.type === "done") break;
         }
       } catch {
       }
@@ -56200,21 +57262,21 @@ ${ITERATION_LIMIT_SUMMARY_PROMPT}` : ITERATION_LIMIT_SUMMARY_PROMPT
       options.onThinkingStart?.();
       try {
         const finalMessages = getConversationContext(session, toolRegistry);
-        for await (const chunk of provider.streamWithTools(finalMessages, {
+        for await (const chunk2 of provider.streamWithTools(finalMessages, {
           tools: [],
           maxTokens: session.config.provider.maxTokens,
           signal: options.signal
         })) {
           if (options.signal?.aborted) break;
-          if (chunk.type === "text" && chunk.text) {
+          if (chunk2.type === "text" && chunk2.text) {
             if (!summaryThinkingEnded) {
               options.onThinkingEnd?.();
               summaryThinkingEnded = true;
             }
-            finalContent += chunk.text;
-            options.onStream?.(chunk);
+            finalContent += chunk2.text;
+            options.onStream?.(chunk2);
           }
-          if (chunk.type === "done") break;
+          if (chunk2.type === "done") break;
         }
       } catch {
         const notice = `
@@ -56365,15 +57427,15 @@ function createReplayProvider(turns) {
     async *stream() {
       const chunks = turns[Math.min(callIndex, turns.length - 1)] ?? [{ type: "done" }];
       callIndex++;
-      for (const chunk of chunks) {
-        yield chunk;
+      for (const chunk2 of chunks) {
+        yield chunk2;
       }
     },
     async *streamWithTools() {
       const chunks = turns[Math.min(callIndex, turns.length - 1)] ?? [{ type: "done" }];
       callIndex++;
-      for (const chunk of chunks) {
-        yield chunk;
+      for (const chunk2 of chunks) {
+        yield chunk2;
       }
     },
     countTokens(text16) {
@@ -56389,9 +57451,9 @@ function createReplayProvider(turns) {
 }
 function collectToolNames(stream) {
   const names = /* @__PURE__ */ new Set();
-  for (const chunk of stream) {
-    if ((chunk.type === "tool_use_start" || chunk.type === "tool_use_end") && chunk.toolCall?.name) {
-      names.add(chunk.toolCall.name);
+  for (const chunk2 of stream) {
+    if ((chunk2.type === "tool_use_start" || chunk2.type === "tool_use_end") && chunk2.toolCall?.name) {
+      names.add(chunk2.toolCall.name);
     }
   }
   return Array.from(names);
@@ -57635,6 +58697,7 @@ init_providers();
 
 // src/runtime/agent-runtime.ts
 init_env();
+init_registry4();
 
 // src/runtime/default-turn-runner.ts
 var DefaultRuntimeTurnRunner = class {
@@ -57668,178 +58731,6 @@ var DefaultRuntimeTurnRunner = class {
 function createDefaultRuntimeTurnRunner() {
   return new DefaultRuntimeTurnRunner();
 }
-var InMemoryEventLog = class {
-  events = [];
-  record(type, data = {}) {
-    const event = {
-      id: randomUUID(),
-      type,
-      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-      data
-    };
-    this.events.push(event);
-    return event;
-  }
-  list() {
-    return [...this.events];
-  }
-  count() {
-    return this.events.length;
-  }
-  clear() {
-    this.events = [];
-  }
-};
-var FileEventLog = class {
-  constructor(filePath) {
-    this.filePath = filePath;
-    try {
-      mkdirSync(dirname(filePath), { recursive: true });
-    } catch {
-      this.writable = false;
-    }
-  }
-  filePath;
-  memory = new InMemoryEventLog();
-  writable = true;
-  record(type, data = {}) {
-    const event = this.memory.record(type, data);
-    if (this.writable) {
-      try {
-        appendFileSync(this.filePath, JSON.stringify(event) + "\n", "utf-8");
-      } catch {
-        this.writable = false;
-      }
-    }
-    return event;
-  }
-  list() {
-    if (!this.writable) return this.memory.list();
-    try {
-      const raw = readFileSync(this.filePath, "utf-8");
-      return raw.split("\n").filter(Boolean).flatMap((line) => {
-        try {
-          return [JSON.parse(line)];
-        } catch {
-          return [];
-        }
-      });
-    } catch {
-      return this.memory.list();
-    }
-  }
-  count() {
-    return this.list().length;
-  }
-  clear() {
-    this.memory.clear();
-    if (this.writable) {
-      try {
-        writeFileSync(this.filePath, "", "utf-8");
-      } catch {
-        this.writable = false;
-      }
-    }
-  }
-};
-function createEventLog() {
-  return new InMemoryEventLog();
-}
-function createFileEventLog(filePath) {
-  return new FileEventLog(filePath);
-}
-
-// src/runtime/permission-policy.ts
-var READ_ONLY_CATEGORIES = /* @__PURE__ */ new Set(["search", "web", "document"]);
-var WRITE_CATEGORIES = /* @__PURE__ */ new Set(["file", "git", "test", "build", "memory"]);
-var READ_ONLY_TOOL_NAMES = /* @__PURE__ */ new Set([
-  "glob",
-  "read_file",
-  "list_dir",
-  "tree",
-  "grep",
-  "find_in_file",
-  "semantic_search",
-  "codebase_map",
-  "repo_context",
-  "lsp_status",
-  "lsp_document_symbols",
-  "lsp_workspace_symbols",
-  "lsp_definition",
-  "lsp_references",
-  "git_status",
-  "git_log",
-  "git_diff",
-  "git_show",
-  "git_branch",
-  "recall_memory",
-  "list_memories",
-  "list_checkpoints",
-  "spawnSimpleAgent",
-  "checkAgentCapability"
-]);
-var WRITE_CAPABLE_TOOL_NAMES = /* @__PURE__ */ new Set(["run_linter"]);
-var DESTRUCTIVE_TOOL_NAMES = /* @__PURE__ */ new Set([
-  "bash_exec",
-  "write_file",
-  "edit_file",
-  "delete_file",
-  "restore_checkpoint",
-  "git_commit",
-  "git_push",
-  "request_human_escalation"
-]);
-function riskForTool(tool) {
-  if (READ_ONLY_TOOL_NAMES.has(tool.name)) return "read-only";
-  if (DESTRUCTIVE_TOOL_NAMES.has(tool.name)) return "destructive";
-  if (WRITE_CAPABLE_TOOL_NAMES.has(tool.name)) return "write";
-  if (tool.category === "web") return "network";
-  if (WRITE_CATEGORIES.has(tool.category)) return "write";
-  if (tool.category === "quality") return "write";
-  return "read-only";
-}
-var DefaultPermissionPolicy = class {
-  canExecuteTool(mode, tool) {
-    const definition = getAgentMode(mode);
-    const risk = riskForTool(tool);
-    const readOnlyTool = READ_ONLY_TOOL_NAMES.has(tool.name) || READ_ONLY_CATEGORIES.has(tool.category);
-    if (definition.readOnly && !readOnlyTool) {
-      return {
-        allowed: false,
-        reason: `${definition.label} mode is read-only; ${tool.name} is a ${tool.category} tool.`,
-        risk
-      };
-    }
-    if (risk === "destructive") {
-      return {
-        allowed: true,
-        requiresConfirmation: true,
-        reason: `${tool.name} can change repository state and should be confirmed.`,
-        risk
-      };
-    }
-    return { allowed: true, risk };
-  }
-  canExecuteToolInput(mode, tool, input) {
-    if (tool.name !== "run_linter") {
-      return this.canExecuteTool(mode, tool);
-    }
-    const definition = getAgentMode(mode);
-    const fixEnabled = input["fix"] === true;
-    const decision = fixEnabled ? { allowed: true, risk: "write" } : { allowed: true, risk: "read-only" };
-    if (definition.readOnly && fixEnabled) {
-      return {
-        allowed: false,
-        reason: `${definition.label} mode is read-only; run_linter with fix=true can modify files.`,
-        risk: "write"
-      };
-    }
-    return decision;
-  }
-};
-function createPermissionPolicy() {
-  return new DefaultPermissionPolicy();
-}
 
 // src/runtime/provider-registry.ts
 init_providers();
@@ -58006,6 +58897,109 @@ var WorkflowCatalog = class {
   }
 };
 var DEFAULT_WORKFLOWS = [
+  {
+    id: "enterprise-rag-answer",
+    name: "Enterprise RAG Answer",
+    description: "Retrieve tenant-scoped knowledge, draft a cited answer, and review for policy compliance.",
+    inputSchema: "question: string; tenantId: string; userId?: string",
+    outputKind: "json",
+    replayable: true,
+    checks: ["retrieval citations", "policy review", "answer quality"],
+    steps: [],
+    parallelism: 2,
+    gates: [
+      {
+        id: "quality",
+        kind: "quality-score",
+        description: "Answer meets tenant quality and citation requirements.",
+        required: true
+      }
+    ],
+    nodes: [
+      {
+        id: "retrieve",
+        agentRole: "researcher",
+        description: "Retrieve tenant-scoped sources and produce citations.",
+        requiredTools: ["knowledge_search"],
+        risk: "read-only",
+        timeoutMs: 3e4
+      },
+      {
+        id: "draft-answer",
+        agentRole: "docs",
+        description: "Draft a concise answer grounded only in retrieved sources.",
+        dependsOn: ["retrieve"],
+        risk: "read-only",
+        timeoutMs: 3e4
+      },
+      {
+        id: "policy-review",
+        agentRole: "reviewer",
+        description: "Review citations, data boundary, and unsupported claims.",
+        dependsOn: ["draft-answer"],
+        gates: ["quality"],
+        risk: "read-only",
+        timeoutMs: 3e4
+      }
+    ]
+  },
+  {
+    id: "whatsapp-support-assistant",
+    name: "WhatsApp Support Assistant",
+    description: "Handle a WhatsApp customer message with retrieval, support draft, and optional escalation.",
+    inputSchema: "message: string; phoneNumber: string; tenantId: string",
+    outputKind: "json",
+    replayable: true,
+    checks: ["retrieval citations", "support policy", "human escalation when needed"],
+    steps: [],
+    parallelism: 2,
+    gates: [
+      {
+        id: "human-escalation",
+        kind: "human-approval",
+        description: "Human review is required before sensitive or external follow-up.",
+        required: false
+      }
+    ],
+    nodes: [
+      {
+        id: "classify-message",
+        agentRole: "planner",
+        description: "Classify intent, urgency, and required data boundary.",
+        risk: "read-only",
+        timeoutMs: 15e3
+      },
+      {
+        id: "retrieve-context",
+        agentRole: "researcher",
+        description: "Retrieve tenant support knowledge relevant to the customer message.",
+        dependsOn: ["classify-message"],
+        requiredTools: ["knowledge_search"],
+        risk: "read-only",
+        timeoutMs: 3e4
+      },
+      {
+        id: "draft-response",
+        agentRole: "docs",
+        description: "Draft a WhatsApp-safe response with concise citations for audit.",
+        dependsOn: ["retrieve-context"],
+        requiredTools: ["create_support_draft"],
+        risk: "read-only",
+        timeoutMs: 3e4
+      },
+      {
+        id: "escalate-if-needed",
+        agentRole: "integrator",
+        description: "Create a human escalation request when classification requires it.",
+        dependsOn: ["draft-response"],
+        requiredTools: ["request_human_escalation"],
+        gates: ["human-escalation"],
+        condition: "input.requiresEscalation",
+        risk: "network",
+        timeoutMs: 3e4
+      }
+    ]
+  },
   {
     id: "architect-editor-verifier",
     name: "Architect / Editor / Verifier",
@@ -58146,19 +59140,28 @@ function createWorkflowCatalog(workflows) {
 
 // src/runtime/workflow-engine.ts
 var WorkflowEngine = class {
-  constructor(catalog = createWorkflowCatalog(), eventLog = createEventLog()) {
+  constructor(catalog = createWorkflowCatalog(), eventLog = createEventLog(), options = {}) {
     this.catalog = catalog;
     this.eventLog = eventLog;
+    this.sharedState = options.sharedState ?? new InMemorySharedWorkspaceStore();
+    this.nodeExecutor = options.nodeExecutor;
+    this.runtimePolicy = options.runtimePolicy;
   }
   catalog;
   eventLog;
   handlers = /* @__PURE__ */ new Map();
+  sharedState;
+  runtimePolicy;
+  nodeExecutor;
   registerHandler(workflowId, handler) {
     if (!this.catalog.get(workflowId)) {
       throw new Error(`Unknown workflow: ${workflowId}`);
     }
     this.handlers.set(workflowId, handler);
   }
+  registerNodeExecutor(executor) {
+    this.nodeExecutor = executor;
+  }
   createPlan(workflowId, input) {
     return this.catalog.createPlan(workflowId, input, this.eventLog);
   }
@@ -58168,23 +59171,37 @@ var WorkflowEngine = class {
       throw new Error(`Unknown workflow: ${request.workflowId}`);
     }
     const handler = this.handlers.get(request.workflowId);
-    if (!handler) {
-      throw new Error(`No handler registered for workflow: ${request.workflowId}`);
-    }
     const plan = request.plan ?? this.createPlan(request.workflowId, request.input);
     const startedAt = (/* @__PURE__ */ new Date()).toISOString();
     const runId = `${request.workflowId}-run-${Date.now().toString(36)}`;
+    const trace = createAgentTraceContext({ workflowRunId: runId });
     this.eventLog.record("workflow.started", {
       workflowId: request.workflowId,
       planId: plan.id,
-      runId
+      runId,
+      trace
     });
     try {
-      const output = await handler(request.input, {
+      const graph = workflowToAgentGraph(workflow);
+      assertWorkflowAllowedByRuntimePolicy(graph, this.runtimePolicy);
+      const graphResult = handler ? void 0 : await new AgentGraphEngine({
+        eventLog: this.eventLog,
+        sharedState: this.sharedState,
+        nodeExecutor: this.nodeExecutor,
+        trace
+      }).run({
+        workflowRunId: runId,
+        graph,
+        input: request.input
+      });
+      const output = graphResult ?? await handler(request.input, {
         workflow,
         plan,
         eventLog: this.eventLog
       });
+      if (graphResult?.status === "failed") {
+        throw new Error(graphResult.error ?? "Workflow graph failed");
+      }
       const completedAt = (/* @__PURE__ */ new Date()).toISOString();
       const result = {
         id: runId,
@@ -58192,12 +59209,15 @@ var WorkflowEngine = class {
         status: "completed",
         output,
         startedAt,
-        completedAt
+        completedAt,
+        graphResult,
+        trace
       };
       this.eventLog.record("workflow.completed", {
         workflowId: request.workflowId,
         planId: plan.id,
-        runId
+        runId,
+        trace
       });
       return result;
     } catch (error) {
@@ -58207,7 +59227,8 @@ var WorkflowEngine = class {
         workflowId: request.workflowId,
         planId: plan.id,
         runId,
-        error: message
+        error: message,
+        trace
       });
       return {
         id: runId,
@@ -58216,13 +59237,37 @@ var WorkflowEngine = class {
         output: null,
         startedAt,
         completedAt,
-        error: message
+        error: message,
+        trace
       };
     }
   }
 };
-function createWorkflowEngine(catalog, eventLog) {
-  return new WorkflowEngine(catalog, eventLog);
+function assertWorkflowAllowedByRuntimePolicy(graph, policy) {
+  if (!policy) return;
+  for (const node of graph.nodes) {
+    const risk = node.risk ?? "read-only";
+    const riskDecision = evaluateRuntimeRiskPolicy(policy, {
+      subject: `workflow node ${node.id}`,
+      risk
+    });
+    if (!riskDecision.allowed) {
+      throw new Error(
+        `Workflow node ${node.id} is blocked by runtime policy: ${riskDecision.reason}`
+      );
+    }
+    for (const toolName of node.requiredTools ?? []) {
+      const decision = evaluateRuntimeToolPolicy(policy, { toolName, risk });
+      if (!decision.allowed) {
+        throw new Error(
+          `Workflow node ${node.id} is blocked by runtime policy: ${decision.reason}`
+        );
+      }
+    }
+  }
+}
+function createWorkflowEngine(catalog, eventLog, options) {
+  return new WorkflowEngine(catalog, eventLog, options);
 }
 
 // src/runtime/agent-runtime.ts
@@ -58230,15 +59275,17 @@ var AgentRuntime = class {
   constructor(options) {
     this.options = options;
     this.providerRegistry = createProviderRegistry();
-    this.toolRegistry = options.toolRegistry ?? createFullToolRegistry();
+    this.toolRegistry = options.toolRegistry ?? new ToolRegistry();
     this.sessionStore = options.sessionStore;
     this.runtimeSessionStore = options.runtimeSessionStore ?? createRuntimeSessionStore();
     this.eventLog = options.eventLog ?? (options.eventLogPath ? createFileEventLog(options.eventLogPath) : createEventLog());
-    this.workflowEngine = options.workflowEngine ?? createWorkflowEngine(void 0, this.eventLog);
     this.permissionPolicy = options.permissionPolicy ?? createPermissionPolicy();
     this.turnRunner = options.turnRunner ?? createDefaultRuntimeTurnRunner();
     this.providerType = options.providerType;
     this.model = options.model ?? options.providerConfig?.model ?? getDefaultModel(options.providerType);
+    this.runtimeContext = options.runtimeContext ? createRuntimeRequestContext(options.runtimeContext) : void 0;
+    this.runtimePolicy = mergeRuntimePolicy(this.runtimeContext?.policy, options.runtimePolicy);
+    this.workflowEngine = options.workflowEngine ?? createWorkflowEngine(void 0, this.eventLog, { runtimePolicy: this.runtimePolicy });
   }
   options;
   providerRegistry;
@@ -58252,6 +59299,8 @@ var AgentRuntime = class {
   providerType;
   model;
   provider;
+  runtimeContext;
+  runtimePolicy;
   async initialize() {
     const providerInjected = Boolean(this.options.provider);
     const provider = this.options.provider ?? await this.providerRegistry.createProvider(this.providerType, {
@@ -58282,8 +59331,8 @@ var AgentRuntime = class {
   }
   publishToGlobalBridge(provider) {
     if (this.options.publishToGlobalBridge !== true) return;
-    setAgentProvider(provider);
-    setAgentToolRegistry(this.toolRegistry);
+    this.options.legacyAgentBridge?.setAgentProvider(provider);
+    this.options.legacyAgentBridge?.setAgentToolRegistry(this.toolRegistry);
   }
   snapshot() {
     const capability = this.providerRegistry.getCapability(this.providerType, this.getModel());
@@ -58298,14 +59347,25 @@ var AgentRuntime = class {
         count: toolNames.length,
         names: toolNames
       },
-      modes: listAgentModes()
+      modes: listAgentModes(),
+      context: this.runtimeContext,
+      policy: this.runtimePolicy
     };
   }
   createSession(options = {}) {
-    const session = this.runtimeSessionStore.create(options);
+    const session = this.runtimeSessionStore.create({
+      ...options,
+      metadata: {
+        ...runtimeContextToMetadata(this.runtimeContext),
+        ...options.metadata
+      }
+    });
     this.eventLog.record("session.created", {
       sessionId: session.id,
       mode: session.mode,
+      ...session.metadata["tenantId"] ? { tenantId: session.metadata["tenantId"] } : {},
+      ...session.metadata["surface"] ? { surface: session.metadata["surface"] } : {},
+      ...session.metadata["correlationId"] ? { correlationId: session.metadata["correlationId"] } : {},
       metadataKeys: Object.keys(session.metadata).sort()
     });
     return session;
@@ -58342,6 +59402,7 @@ var AgentRuntime = class {
         permissionPolicy: this.permissionPolicy,
         eventLog: this.eventLog
       });
+      assertRuntimeUsageWithinPolicy(this.runtimePolicy, result.usage);
       const updatedSession = this.runtimeSessionStore.update({
         ...effectiveSession,
         messages: [
@@ -58400,7 +59461,7 @@ var AgentRuntime = class {
     let completed = false;
     let failed = false;
     try {
-      for await (const chunk of provider.stream(messages, {
+      for await (const chunk2 of provider.stream(messages, {
         model: input.options?.model,
         maxTokens: input.options?.maxTokens,
         temperature: input.options?.temperature,
@@ -58410,25 +59471,17 @@ var AgentRuntime = class {
         signal: input.options?.signal,
         thinking: input.options?.thinking
       })) {
-        if (chunk.type === "text" && chunk.text) {
-          content += chunk.text;
+        if (chunk2.type === "text" && chunk2.text) {
+          content += chunk2.text;
           yield {
             type: "text",
             sessionId: effectiveSession.id,
-            text: chunk.text
+            text: chunk2.text
           };
         }
       }
-      const updatedSession = this.runtimeSessionStore.update({
-        ...effectiveSession,
-        messages: [
-          ...effectiveSession.messages,
-          { role: "user", content: input.content },
-          { role: "assistant", content }
-        ]
-      });
       const result = {
-        sessionId: updatedSession.id,
+        sessionId: effectiveSession.id,
         content,
         usage: {
           inputTokens: provider.countTokens(input.content),
@@ -58436,8 +59489,19 @@ var AgentRuntime = class {
           estimated: true
         },
         model: input.options?.model ?? this.getModel(),
-        mode: updatedSession.mode
+        mode: effectiveSession.mode
       };
+      assertRuntimeUsageWithinPolicy(this.runtimePolicy, result.usage);
+      const updatedSession = this.runtimeSessionStore.update({
+        ...effectiveSession,
+        messages: [
+          ...effectiveSession.messages,
+          { role: "user", content: input.content },
+          { role: "assistant", content }
+        ]
+      });
+      result.sessionId = updatedSession.id;
+      result.mode = updatedSession.mode;
       this.eventLog.record("session.updated", {
         sessionId: updatedSession.id,
         messages: updatedSession.messages.length
@@ -58525,15 +59589,22 @@ var AgentRuntime = class {
       };
     }
     const decision = this.permissionPolicy.canExecuteToolInput ? this.permissionPolicy.canExecuteToolInput(mode, tool, input.input) : this.permissionPolicy.canExecuteTool(mode, tool);
-    if (!decision.allowed || decision.requiresConfirmation && input.confirmed !== true) {
-      const reason = decision.reason ?? (decision.requiresConfirmation ? "Tool requires explicit runtime confirmation." : "Tool is not allowed.");
+    const runtimeDecision = decision.allowed ? evaluateRuntimeToolPolicy(this.runtimePolicy, {
+      toolName: input.toolName,
+      risk: decision.risk,
+      confirmed: input.confirmed
+    }) : void 0;
+    const effectiveDecision = runtimeDecision ?? decision;
+    if (!decision.allowed || !effectiveDecision.allowed || decision.requiresConfirmation && input.confirmed !== true) {
+      const reason = effectiveDecision.reason ?? decision.reason ?? (decision.requiresConfirmation ? "Tool requires explicit runtime confirmation." : "Tool is not allowed.");
       this.eventLog.record("tool.blocked", {
         sessionId: input.sessionId,
         mode,
         tool: input.toolName,
         reason,
-        risk: decision.risk,
-        requiresConfirmation: decision.requiresConfirmation,
+        risk: effectiveDecision.risk,
+        requiresConfirmation: effectiveDecision.requiresConfirmation ?? decision.requiresConfirmation,
+        runtimePolicyBlocked: runtimeDecision ? !runtimeDecision.allowed : false,
         runtimeApi: true
       });
       return {
@@ -58541,14 +59612,20 @@ var AgentRuntime = class {
         success: false,
         error: reason,
         duration: performance.now() - startedAt,
-        decision
+        decision: {
+          ...decision,
+          allowed: false,
+          reason,
+          requiresConfirmation: effectiveDecision.requiresConfirmation ?? decision.requiresConfirmation,
+          risk: effectiveDecision.risk
+        }
       };
     }
     this.eventLog.record("tool.started", {
       sessionId: input.sessionId,
       mode,
       tool: input.toolName,
-      risk: decision.risk,
+      risk: effectiveDecision.risk,
       runtimeApi: true,
       metadataKeys: Object.keys(input.metadata ?? {}).sort()
     });
@@ -58567,7 +59644,11 @@ var AgentRuntime = class {
       output: result.data,
       error: result.error,
       duration: result.duration,
-      decision
+      decision: {
+        ...decision,
+        risk: effectiveDecision.risk,
+        requiresConfirmation: decision.requiresConfirmation
+      }
     };
   }
   assertToolAllowed(mode, toolName, input) {
@@ -58581,12 +59662,24 @@ var AgentRuntime = class {
       return false;
     }
     const decision = input && this.permissionPolicy.canExecuteToolInput ? this.permissionPolicy.canExecuteToolInput(mode, tool, input) : this.permissionPolicy.canExecuteTool(mode, tool);
-    this.eventLog.record(decision.allowed ? "tool.allowed" : "tool.blocked", {
+    const runtimeDecision = decision.allowed ? evaluateRuntimeToolPolicy(this.runtimePolicy, {
+      toolName,
+      risk: decision.risk,
+      confirmed: false
+    }) : void 0;
+    const allowed = decision.allowed && runtimeDecision?.allowed !== false;
+    this.eventLog.record(allowed ? "tool.allowed" : "tool.blocked", {
       mode,
       tool: toolName,
-      ...decision
+      ...decision,
+      ...runtimeDecision && !runtimeDecision.allowed ? {
+        allowed: false,
+        reason: runtimeDecision.reason,
+        requiresConfirmation: runtimeDecision.requiresConfirmation,
+        runtimePolicyBlocked: true
+      } : {}
     });
-    return decision.allowed;
+    return allowed;
   }
 };
 async function createAgentRuntime(options) {
@@ -59264,8 +60357,10 @@ async function startRepl(options = {}) {
     providerType: internalProviderId,
     model: session.config.provider.model || void 0,
     provider,
+    toolRegistry: createFullToolRegistry(),
     eventLogPath: path39__default.join(projectPath, ".coco", "events", `${session.id}.jsonl`),
-    publishToGlobalBridge: true
+    publishToGlobalBridge: true,
+    legacyAgentBridge: { setAgentProvider, setAgentToolRegistry }
   });
   session.runtime = runtime;
   const toolRegistry = runtime.toolRegistry;
@@ -59853,12 +60948,12 @@ ${imagePrompts}`.trim() : imagePrompts;
       let lastToolGroup = null;
       await ensureRequestedMcpConnections(extractMessageText(effectiveMessage));
       const result = await executeAgentTurn(session, effectiveMessage, provider, toolRegistry, {
-        onStream: (chunk) => {
+        onStream: (chunk2) => {
           if (!streamStarted) {
             streamStarted = true;
             clearSpinner();
           }
-          renderStreamChunk(chunk);
+          renderStreamChunk(chunk2);
         },
         onToolStart: (tc, index, total) => {
           const desc = getToolRunningDescription(
@@ -60489,9 +61584,9 @@ async function readStdin() {
     const timeout = setTimeout(() => {
       resolve4("");
     }, 5e3);
-    process.stdin.on("data", (chunk) => {
+    process.stdin.on("data", (chunk2) => {
       clearTimeout(timeout);
-      chunks.push(Buffer.from(chunk));
+      chunks.push(Buffer.from(chunk2));
     });
     process.stdin.on("end", () => {
       clearTimeout(timeout);
@@ -60540,9 +61635,11 @@ ${stdinContent}
       providerType,
       model: session.config.provider.model || void 0,
       provider,
+      toolRegistry: createFullToolRegistry(),
       eventLogPath: path39__default.join(options.projectPath, ".coco", "events", `${session.id}.jsonl`),
       turnRunner: options.useRuntimeRunner ? createToolCallingRuntimeTurnRunner() : void 0,
-      publishToGlobalBridge: true
+      publishToGlobalBridge: true,
+      legacyAgentBridge: { setAgentProvider, setAgentToolRegistry }
     });
     session.runtime = runtime;
     const toolRegistry = runtime.toolRegistry;
@@ -60581,9 +61678,9 @@ ${stdinContent}
     const result = await executeAgentTurn(session, task, provider, toolRegistry, {
       skipConfirmation: true,
       // No interactive confirmations in headless mode
-      onStream: (chunk) => {
-        if (options.outputFormat === "text" && chunk.type === "text" && chunk.text) {
-          process.stdout.write(chunk.text);
+      onStream: (chunk2) => {
+        if (options.outputFormat === "text" && chunk2.type === "text" && chunk2.text) {
+          process.stdout.write(chunk2.text);
         }
       }
     });