npm - @crewx/sdk - Versions diffs - 0.8.0-rc.73 → 0.8.0-rc.75 - Mend

@crewx/sdk 0.8.0-rc.73 → 0.8.0-rc.75

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (548) hide show

package/README.md +380 -818
package/dist/adapter/context-builder.d.ts +35 -0
package/dist/adapter/context-builder.js +87 -0
package/dist/adapter/index.d.ts +5 -0
package/dist/{core/remote → adapter}/index.js +3 -2
package/dist/adapter/plugin-helper.d.ts +19 -0
package/dist/adapter/plugin-helper.js +45 -0
package/dist/adapter/scoped-store.d.ts +12 -0
package/dist/adapter/scoped-store.js +43 -0
package/dist/adapter/types.d.ts +264 -0
package/dist/adapter/types.js +23 -0
package/dist/agent/resolver.d.ts +18 -0
package/dist/agent/resolver.js +46 -0
package/dist/boxing/box-storage.interface.d.ts +12 -0
package/dist/boxing/box-storage.interface.js +3 -0
package/dist/boxing/box.service.d.ts +4 -0
package/dist/boxing/box.service.js +5 -1
package/dist/boxing/box.types.d.ts +4 -0
package/dist/boxing/box.types.js +3 -0
package/dist/boxing/context-builder.d.ts +6 -7
package/dist/boxing/context-builder.js +3 -0
package/dist/client/CrewxClient.d.ts +65 -0
package/dist/client/CrewxClient.js +86 -0
package/dist/client/index.d.ts +3 -0
package/dist/client/index.js +6 -0
package/dist/config/loader.browser.d.ts +14 -0
package/dist/config/loader.browser.js +59 -0
package/dist/config/loader.d.ts +19 -0
package/dist/config/loader.js +95 -0
package/dist/conversation/index.d.ts +5 -3
package/dist/conversation/index.js +8 -3
package/dist/conversation/sqlite-provider.d.ts +21 -0
package/dist/conversation/sqlite-provider.js +178 -0
package/dist/conversation/to-task-reader.d.ts +14 -0
package/dist/conversation/to-task-reader.js +28 -0
package/dist/conversation/to-template-messages.d.ts +15 -0
package/dist/conversation/to-template-messages.js +34 -0
package/dist/conversation/types.d.ts +101 -0
package/dist/conversation/types.js +10 -0
package/dist/esm/agent/resolver.js +41 -0
package/dist/esm/boxing/box-storage.interface.js +5 -0
package/dist/esm/boxing/box.service.js +69 -0
package/dist/esm/boxing/box.types.js +5 -0
package/dist/esm/boxing/context-builder.js +76 -0
package/dist/esm/client/CrewxClient.js +82 -0
package/dist/esm/client/index.js +2 -0
package/dist/esm/config/loader.browser.js +54 -0
package/dist/esm/config/loader.js +77 -0
package/dist/esm/events/TypedEventEmitter.js +61 -0
package/dist/esm/events/types.js +8 -0
package/dist/esm/facade/Crewx.browser.js +310 -0
package/dist/esm/facade/Crewx.js +941 -0
package/dist/esm/hooks/define.js +10 -0
package/dist/esm/hooks/dispatch.js +76 -0
package/dist/esm/hooks/index.js +6 -0
package/dist/esm/hooks/observer.js +56 -0
package/dist/esm/hooks/plugin.js +12 -0
package/dist/esm/hooks/types.js +9 -0
package/dist/esm/index.browser.js +15 -0
package/dist/esm/index.js +60 -0
package/dist/esm/layout/loader.js +268 -0
package/dist/esm/layout/props-validator.js +297 -0
package/dist/esm/layout/renderer.js +180 -0
package/dist/esm/layout/types.js +31 -0
package/dist/esm/parallel/agent-runtime.js +21 -0
package/dist/esm/parallel/helpers.js +214 -0
package/dist/esm/parallel/index.js +5 -0
package/dist/esm/parallel/parallel-runner.js +221 -0
package/dist/esm/parallel/types.js +5 -0
package/dist/esm/parsers/agent-call.util.js +15 -0
package/dist/esm/parsers/claude.parser.js +64 -0
package/dist/esm/parsers/codex.parser.js +97 -0
package/dist/esm/parsers/copilot.parser.js +63 -0
package/dist/esm/parsers/gemini.parser.js +43 -0
package/dist/esm/parsers/opencode.parser.js +73 -0
package/dist/esm/parsers/router.js +53 -0
package/dist/esm/platform/BrowserFsAdapter.js +80 -0
package/dist/esm/platform/IFsAdapter.js +2 -0
package/dist/esm/platform/NodeFsAdapter.js +34 -0
package/dist/esm/plugin/plugin-provider.js +202 -0
package/dist/esm/plugin/types.js +8 -0
package/dist/esm/plugin.js +25 -0
package/dist/esm/provider/bridge.browser.js +43 -0
package/dist/esm/provider/bridge.js +373 -0
package/dist/esm/provider/parse-usage.js +80 -0
package/dist/esm/provider/register-api.js +21 -0
package/dist/esm/provider/vercel-runtime.js +310 -0
package/dist/esm/remote/index.js +10 -0
package/dist/esm/remote/remote-agent-manager.js +194 -0
package/dist/esm/remote/remote-provider.js +98 -0
package/dist/esm/remote/remote-transport.js +79 -0
package/dist/esm/remote/types.js +8 -0
package/dist/esm/server/auth.js +31 -0
package/dist/esm/server/handler.js +72 -0
package/dist/esm/server/index.js +5 -0
package/dist/esm/server/tool-adapter.js +92 -0
package/dist/esm/template/engine.js +100 -0
package/dist/esm/template/helpers/exec.browser.js +31 -0
package/dist/esm/template/helpers/exec.js +220 -0
package/dist/esm/template/helpers/fenced_code.js +17 -0
package/dist/esm/template/helpers/include.js +20 -0
package/dist/esm/template/helpers/p1p2.js +83 -0
package/dist/esm/template/loader/DocumentLoader.js +124 -0
package/dist/esm/template/types.js +5 -0
package/dist/esm/tools/delegate.js +57 -0
package/dist/esm/tools/index.js +5 -0
package/dist/esm/tools/node/builtin.js +541 -0
package/dist/esm/tools/node/index.js +54 -0
package/dist/esm/types/index.js +27 -0
package/dist/esm/types/task-log.types.js +5 -0
package/dist/esm/utils/env-defaults.js +23 -0
package/dist/esm/utils/glob-match.js +38 -0
package/dist/esm/utils/id.js +46 -0
package/dist/esm/utils/workspace.js +21 -0
package/dist/events/TypedEventEmitter.d.ts +31 -0
package/dist/events/TypedEventEmitter.js +65 -0
package/dist/events/types.d.ts +139 -0
package/dist/events/types.js +9 -0
package/dist/facade/Crewx.browser.d.ts +73 -0
package/dist/facade/Crewx.browser.js +314 -0
package/dist/facade/Crewx.d.ts +267 -0
package/dist/facade/Crewx.js +1299 -0
package/dist/hooks/define.d.ts +10 -0
package/dist/hooks/define.js +13 -0
package/dist/hooks/dispatch.d.ts +61 -0
package/dist/hooks/dispatch.js +147 -0
package/dist/hooks/index.d.ts +13 -0
package/dist/hooks/index.js +24 -0
package/dist/hooks/observer.d.ts +20 -0
package/dist/hooks/observer.js +60 -0
package/dist/hooks/plugin.d.ts +19 -0
package/dist/hooks/plugin.js +17 -0
package/dist/hooks/tool-normalize.d.ts +29 -0
package/dist/hooks/tool-normalize.js +110 -0
package/dist/hooks/types.d.ts +79 -0
package/dist/hooks/types.js +12 -0
package/dist/hooks/yaml-plugin.d.ts +29 -0
package/dist/hooks/yaml-plugin.js +356 -0
package/dist/index.browser.d.ts +15 -0
package/dist/index.browser.js +25 -0
package/dist/index.d.ts +70 -58
package/dist/index.js +144 -133
package/dist/{services/layout-loader.service.d.ts → layout/loader.d.ts} +24 -4
package/dist/{services/layout-loader.service.js → layout/loader.js} +103 -73
package/dist/{services/props-validator.service.d.ts → layout/props-validator.d.ts} +7 -1
package/dist/{services/props-validator.service.js → layout/props-validator.js} +28 -59
package/dist/{services/layout-renderer.service.d.ts → layout/renderer.d.ts} +28 -14
package/dist/layout/renderer.js +193 -0
package/dist/{types/layout.types.d.ts → layout/types.d.ts} +47 -1
package/dist/{types/layout.types.js → layout/types.js} +15 -1
package/dist/parallel/agent-runtime.d.ts +31 -0
package/dist/parallel/agent-runtime.js +25 -0
package/dist/{core/parallel → parallel}/helpers.d.ts +2 -1
package/dist/{core/parallel → parallel}/helpers.js +55 -88
package/dist/parallel/index.d.ts +8 -0
package/dist/{core/parallel → parallel}/index.js +5 -3
package/dist/{core/parallel → parallel}/parallel-runner.d.ts +8 -1
package/dist/{core/parallel → parallel}/parallel-runner.js +53 -57
package/dist/parallel/types.d.ts +65 -0
package/dist/parallel/types.js +6 -0
package/dist/parsers/agent-call.util.d.ts +3 -0
package/dist/parsers/agent-call.util.js +2 -0
package/dist/parsers/api.parser.d.ts +10 -0
package/dist/parsers/api.parser.js +26 -0
package/dist/parsers/claude.parser.d.ts +8 -0
package/dist/parsers/claude.parser.js +22 -1
package/dist/parsers/codex.parser.d.ts +8 -0
package/dist/parsers/codex.parser.js +11 -0
package/dist/parsers/copilot.parser.d.ts +9 -0
package/dist/parsers/copilot.parser.js +8 -0
package/dist/parsers/gemini.parser.d.ts +10 -0
package/dist/parsers/gemini.parser.js +10 -0
package/dist/parsers/opencode.parser.d.ts +12 -0
package/dist/parsers/opencode.parser.js +76 -0
package/dist/parsers/router.d.ts +7 -0
package/dist/parsers/router.js +56 -0
package/dist/platform/BrowserFsAdapter.d.ts +37 -0
package/dist/platform/BrowserFsAdapter.js +84 -0
package/dist/platform/IFsAdapter.d.ts +29 -0
package/dist/{core/remote/types.js → platform/IFsAdapter.js} +1 -1
package/dist/platform/NodeFsAdapter.d.ts +16 -0
package/dist/platform/NodeFsAdapter.js +38 -0
package/dist/plugin/plugin-provider.d.ts +33 -0
package/dist/plugin/plugin-provider.js +207 -0
package/dist/plugin/types.d.ts +53 -0
package/dist/plugin/types.js +9 -0
package/dist/plugin.d.ts +33 -0
package/dist/plugin.js +29 -0
package/dist/plugins/conversation.d.ts +18 -0
package/dist/plugins/conversation.js +59 -0
package/dist/plugins/file-logger.d.ts +29 -0
package/dist/plugins/file-logger.js +87 -0
package/dist/plugins/index.d.ts +16 -0
package/dist/plugins/index.js +19 -0
package/dist/plugins/sqlite-tracing.d.ts +29 -0
package/dist/plugins/sqlite-tracing.js +112 -0
package/dist/provider/bridge.browser.d.ts +49 -0
package/dist/provider/bridge.browser.js +49 -0
package/dist/provider/bridge.d.ts +106 -0
package/dist/provider/bridge.js +380 -0
package/dist/provider/mastra-runtime.d.ts +45 -0
package/dist/provider/mastra-runtime.js +208 -0
package/dist/provider/parse-usage.d.ts +20 -0
package/dist/provider/parse-usage.js +83 -0
package/dist/provider/register-api.d.ts +14 -0
package/dist/provider/register-api.js +24 -0
package/dist/provider/vercel-runtime.d.ts +54 -0
package/dist/provider/vercel-runtime.js +347 -0
package/dist/remote/index.d.ts +13 -0
package/dist/remote/index.js +32 -0
package/dist/remote/remote-agent-manager.d.ts +54 -0
package/dist/{core/remote → remote}/remote-agent-manager.js +100 -97
package/dist/remote/remote-provider.d.ts +47 -0
package/dist/remote/remote-provider.js +141 -0
package/dist/remote/remote-transport.d.ts +32 -0
package/dist/remote/remote-transport.js +83 -0
package/dist/remote/types.d.ts +147 -0
package/dist/remote/types.js +9 -0
package/dist/server/auth.d.ts +21 -0
package/dist/server/auth.js +35 -0
package/dist/server/handler.d.ts +24 -0
package/dist/server/handler.js +75 -0
package/dist/server/index.d.ts +7 -0
package/dist/server/index.js +9 -0
package/dist/server/tool-adapter.d.ts +19 -0
package/dist/server/tool-adapter.js +95 -0
package/dist/template/engine.d.ts +28 -0
package/dist/template/engine.js +137 -0
package/dist/template/helpers/exec.browser.d.ts +22 -0
package/dist/template/helpers/exec.browser.js +41 -0
package/dist/template/helpers/exec.d.ts +60 -0
package/dist/template/helpers/exec.js +230 -0
package/dist/template/helpers/fenced_code.d.ts +22 -0
package/dist/template/helpers/fenced_code.js +20 -0
package/dist/template/helpers/format-conversation.d.ts +30 -0
package/dist/template/helpers/format-conversation.js +53 -0
package/dist/template/helpers/include.d.ts +16 -0
package/dist/template/helpers/include.js +23 -0
package/dist/template/helpers/p1p2.d.ts +37 -0
package/dist/template/helpers/p1p2.js +90 -0
package/dist/template/loader/DocumentLoader.d.ts +48 -0
package/dist/template/loader/DocumentLoader.js +128 -0
package/dist/template/types.d.ts +51 -0
package/dist/template/types.js +6 -0
package/dist/testing/index.d.ts +12 -0
package/dist/testing/index.js +16 -0
package/dist/testing/mock-audit.d.ts +10 -0
package/dist/testing/mock-audit.js +13 -0
package/dist/testing/mock-context.d.ts +27 -0
package/dist/testing/mock-context.js +68 -0
package/dist/testing/mock-logger.d.ts +15 -0
package/dist/testing/mock-logger.js +27 -0
package/dist/testing/mock-router.d.ts +16 -0
package/dist/testing/mock-router.js +67 -0
package/dist/testing/mock-storage.d.ts +9 -0
package/dist/testing/mock-storage.js +21 -0
package/dist/testing/mock-store.d.ts +3 -0
package/dist/testing/mock-store.js +8 -0
package/dist/tools/delegate.d.ts +10 -0
package/dist/tools/delegate.js +60 -0
package/dist/tools/index.d.ts +5 -12
package/dist/tools/index.js +6 -37
package/dist/tools/node/builtin.d.ts +23 -0
package/dist/tools/node/builtin.js +547 -0
package/dist/tools/node/index.d.ts +23 -0
package/dist/tools/node/index.js +59 -0
package/dist/types/index.d.ts +804 -6
package/dist/types/index.js +29 -20
package/dist/types/task-log.types.d.ts +4 -0
package/dist/types/task-log.types.js +3 -0
package/dist/utils/env-defaults.d.ts +18 -0
package/dist/utils/env-defaults.js +27 -0
package/dist/utils/glob-match.d.ts +18 -0
package/dist/utils/glob-match.js +42 -0
package/dist/{core → utils}/id.d.ts +15 -0
package/dist/utils/id.js +50 -0
package/dist/utils/timestamp.d.ts +2 -0
package/dist/utils/timestamp.js +13 -0
package/dist/{core → utils}/workspace.d.ts +4 -0
package/dist/{core → utils}/workspace.js +3 -0
package/package.json +68 -103
package/src/schemas/hooks.schema.json +59 -0
package/templates/agents/default.yaml +490 -0
package/templates/agents/minimal.yaml +16 -0
package/LICENSE +0 -201
package/dist/adapters/MastraToolAdapter.d.ts +0 -9
package/dist/adapters/MastraToolAdapter.js +0 -66
package/dist/adapters/MastraToolAdapter.js.map +0 -1
package/dist/api/index.d.ts +0 -2
package/dist/api/index.js +0 -8
package/dist/api/index.js.map +0 -1
package/dist/boxing/box-storage.interface.js.map +0 -1
package/dist/boxing/box.service.js.map +0 -1
package/dist/boxing/box.types.js.map +0 -1
package/dist/boxing/context-builder.js.map +0 -1
package/dist/boxing/index.d.ts +0 -6
package/dist/boxing/index.js +0 -11
package/dist/boxing/index.js.map +0 -1
package/dist/boxing/tokenizer.d.ts +0 -3
package/dist/boxing/tokenizer.js +0 -11
package/dist/boxing/tokenizer.js.map +0 -1
package/dist/config/api-provider-parser.d.ts +0 -58
package/dist/config/api-provider-parser.js +0 -212
package/dist/config/api-provider-parser.js.map +0 -1
package/dist/config/index.d.ts +0 -3
package/dist/config/index.js +0 -20
package/dist/config/index.js.map +0 -1
package/dist/config/log.config.d.ts +0 -7
package/dist/config/log.config.js +0 -20
package/dist/config/log.config.js.map +0 -1
package/dist/config/pricing.d.ts +0 -11
package/dist/config/pricing.js +0 -53
package/dist/config/pricing.js.map +0 -1
package/dist/config/timeout.config.d.ts +0 -14
package/dist/config/timeout.config.js +0 -34
package/dist/config/timeout.config.js.map +0 -1
package/dist/config/yaml-loader.d.ts +0 -8
package/dist/config/yaml-loader.js +0 -155
package/dist/config/yaml-loader.js.map +0 -1
package/dist/constants/index.d.ts +0 -4
package/dist/constants/index.js +0 -8
package/dist/constants/index.js.map +0 -1
package/dist/constants.d.ts +0 -1
package/dist/constants.js +0 -18
package/dist/constants.js.map +0 -1
package/dist/conversation/conversation-config.d.ts +0 -9
package/dist/conversation/conversation-config.js +0 -22
package/dist/conversation/conversation-config.js.map +0 -1
package/dist/conversation/conversation-history.interface.d.ts +0 -36
package/dist/conversation/conversation-history.interface.js +0 -3
package/dist/conversation/conversation-history.interface.js.map +0 -1
package/dist/conversation/conversation-storage.service.d.ts +0 -16
package/dist/conversation/conversation-storage.service.js +0 -213
package/dist/conversation/conversation-storage.service.js.map +0 -1
package/dist/conversation/index.js.map +0 -1
package/dist/core/__tests__/id.test.d.ts +0 -1
package/dist/core/__tests__/id.test.js +0 -115
package/dist/core/__tests__/id.test.js.map +0 -1
package/dist/core/agent/agent-factory.d.ts +0 -37
package/dist/core/agent/agent-factory.js +0 -68
package/dist/core/agent/agent-factory.js.map +0 -1
package/dist/core/agent/agent-runtime.d.ts +0 -52
package/dist/core/agent/agent-runtime.js +0 -206
package/dist/core/agent/agent-runtime.js.map +0 -1
package/dist/core/agent/event-bus.d.ts +0 -44
package/dist/core/agent/event-bus.js +0 -43
package/dist/core/agent/event-bus.js.map +0 -1
package/dist/core/agent/index.d.ts +0 -3
package/dist/core/agent/index.js +0 -13
package/dist/core/agent/index.js.map +0 -1
package/dist/core/env-defaults.d.ts +0 -1
package/dist/core/env-defaults.js +0 -7
package/dist/core/env-defaults.js.map +0 -1
package/dist/core/id.js +0 -27
package/dist/core/id.js.map +0 -1
package/dist/core/parallel/helpers.js.map +0 -1
package/dist/core/parallel/index.d.ts +0 -4
package/dist/core/parallel/index.js.map +0 -1
package/dist/core/parallel/parallel-runner.js.map +0 -1
package/dist/core/parallel/types.d.ts +0 -41
package/dist/core/parallel/types.js +0 -3
package/dist/core/parallel/types.js.map +0 -1
package/dist/core/providers/MastraAPIProvider.d.ts +0 -31
package/dist/core/providers/MastraAPIProvider.js +0 -365
package/dist/core/providers/MastraAPIProvider.js.map +0 -1
package/dist/core/providers/ai-provider.interface.d.ts +0 -79
package/dist/core/providers/ai-provider.interface.js +0 -23
package/dist/core/providers/ai-provider.interface.js.map +0 -1
package/dist/core/providers/base-ai.provider.d.ts +0 -84
package/dist/core/providers/base-ai.provider.js +0 -1237
package/dist/core/providers/base-ai.provider.js.map +0 -1
package/dist/core/providers/base-ai.types.d.ts +0 -26
package/dist/core/providers/base-ai.types.js +0 -3
package/dist/core/providers/base-ai.types.js.map +0 -1
package/dist/core/providers/claude.provider.d.ts +0 -19
package/dist/core/providers/claude.provider.js +0 -170
package/dist/core/providers/claude.provider.js.map +0 -1
package/dist/core/providers/codex.provider.d.ts +0 -21
package/dist/core/providers/codex.provider.js +0 -134
package/dist/core/providers/codex.provider.js.map +0 -1
package/dist/core/providers/copilot.provider.d.ts +0 -25
package/dist/core/providers/copilot.provider.js +0 -146
package/dist/core/providers/copilot.provider.js.map +0 -1
package/dist/core/providers/dynamic-provider.factory.d.ts +0 -74
package/dist/core/providers/dynamic-provider.factory.js +0 -645
package/dist/core/providers/dynamic-provider.factory.js.map +0 -1
package/dist/core/providers/gemini.provider.d.ts +0 -16
package/dist/core/providers/gemini.provider.js +0 -101
package/dist/core/providers/gemini.provider.js.map +0 -1
package/dist/core/providers/index.d.ts +0 -8
package/dist/core/providers/index.js +0 -20
package/dist/core/providers/index.js.map +0 -1
package/dist/core/providers/mock.provider.d.ts +0 -13
package/dist/core/providers/mock.provider.js +0 -55
package/dist/core/providers/mock.provider.js.map +0 -1
package/dist/core/providers/provider-factory.d.ts +0 -3
package/dist/core/providers/provider-factory.js +0 -65
package/dist/core/providers/provider-factory.js.map +0 -1
package/dist/core/providers/tool-call.types.d.ts +0 -39
package/dist/core/providers/tool-call.types.js +0 -3
package/dist/core/providers/tool-call.types.js.map +0 -1
package/dist/core/remote/index.d.ts +0 -3
package/dist/core/remote/index.js.map +0 -1
package/dist/core/remote/remote-agent-manager.d.ts +0 -24
package/dist/core/remote/remote-agent-manager.js.map +0 -1
package/dist/core/remote/remote-transport.d.ts +0 -15
package/dist/core/remote/remote-transport.js +0 -70
package/dist/core/remote/remote-transport.js.map +0 -1
package/dist/core/remote/types.d.ts +0 -79
package/dist/core/remote/types.js.map +0 -1
package/dist/core/workspace.js.map +0 -1
package/dist/index.js.map +0 -1
package/dist/internal/index.d.ts +0 -1
package/dist/internal/index.js +0 -6
package/dist/internal/index.js.map +0 -1
package/dist/knowledge/DocumentManager.d.ts +0 -4
package/dist/knowledge/DocumentManager.js +0 -119
package/dist/knowledge/DocumentManager.js.map +0 -1
package/dist/knowledge/index.d.ts +0 -1
package/dist/knowledge/index.js +0 -18
package/dist/knowledge/index.js.map +0 -1
package/dist/parsers/agent-call.util.js.map +0 -1
package/dist/parsers/claude.parser.js.map +0 -1
package/dist/parsers/codex.parser.js.map +0 -1
package/dist/parsers/copilot.parser.js.map +0 -1
package/dist/parsers/gemini.parser.js.map +0 -1
package/dist/parsers/index.d.ts +0 -7
package/dist/parsers/index.js +0 -45
package/dist/parsers/index.js.map +0 -1
package/dist/schema/skills-parser.d.ts +0 -8
package/dist/schema/skills-parser.js +0 -438
package/dist/schema/skills-parser.js.map +0 -1
package/dist/schema/skills.types.d.ts +0 -158
package/dist/schema/skills.types.js +0 -41
package/dist/schema/skills.types.js.map +0 -1
package/dist/schemas/api-provider.schema.d.ts +0 -432
package/dist/schemas/api-provider.schema.js +0 -50
package/dist/schemas/api-provider.schema.js.map +0 -1
package/dist/services/index.d.ts +0 -2
package/dist/services/index.js +0 -19
package/dist/services/index.js.map +0 -1
package/dist/services/layout-loader.service.js.map +0 -1
package/dist/services/layout-renderer.service.js +0 -325
package/dist/services/layout-renderer.service.js.map +0 -1
package/dist/services/props-validator.service.js.map +0 -1
package/dist/skills/adapter/claude-skill-adapter.d.ts +0 -11
package/dist/skills/adapter/claude-skill-adapter.js +0 -222
package/dist/skills/adapter/claude-skill-adapter.js.map +0 -1
package/dist/skills/index.d.ts +0 -6
package/dist/skills/index.js +0 -31
package/dist/skills/index.js.map +0 -1
package/dist/skills/runtime/progressive-loader.d.ts +0 -27
package/dist/skills/runtime/progressive-loader.js +0 -186
package/dist/skills/runtime/progressive-loader.js.map +0 -1
package/dist/skills/runtime/runtime-requirements-validator.d.ts +0 -23
package/dist/skills/runtime/runtime-requirements-validator.js +0 -248
package/dist/skills/runtime/runtime-requirements-validator.js.map +0 -1
package/dist/skills/runtime/skill-runtime.service.d.ts +0 -42
package/dist/skills/runtime/skill-runtime.service.js +0 -434
package/dist/skills/runtime/skill-runtime.service.js.map +0 -1
package/dist/tools/file-system.service.d.ts +0 -10
package/dist/tools/file-system.service.js +0 -33
package/dist/tools/file-system.service.js.map +0 -1
package/dist/tools/find.tool.d.ts +0 -21
package/dist/tools/find.tool.js +0 -139
package/dist/tools/find.tool.js.map +0 -1
package/dist/tools/glob.tool.d.ts +0 -24
package/dist/tools/glob.tool.js +0 -153
package/dist/tools/glob.tool.js.map +0 -1
package/dist/tools/grep.tool.d.ts +0 -1
package/dist/tools/grep.tool.js +0 -137
package/dist/tools/grep.tool.js.map +0 -1
package/dist/tools/index.js.map +0 -1
package/dist/tools/ls.tool.d.ts +0 -1
package/dist/tools/ls.tool.js +0 -94
package/dist/tools/ls.tool.js.map +0 -1
package/dist/tools/read-file.tool.d.ts +0 -1
package/dist/tools/read-file.tool.js +0 -69
package/dist/tools/read-file.tool.js.map +0 -1
package/dist/tools/replace.tool.d.ts +0 -1
package/dist/tools/replace.tool.js +0 -68
package/dist/tools/replace.tool.js.map +0 -1
package/dist/tools/run-shell-command.tool.d.ts +0 -1
package/dist/tools/run-shell-command.tool.js +0 -64
package/dist/tools/run-shell-command.tool.js.map +0 -1
package/dist/tools/tree.tool.d.ts +0 -1
package/dist/tools/tree.tool.js +0 -109
package/dist/tools/tree.tool.js.map +0 -1
package/dist/tools/types.d.ts +0 -42
package/dist/tools/types.js +0 -13
package/dist/tools/types.js.map +0 -1
package/dist/tools/utils/file-utils.d.ts +0 -5
package/dist/tools/utils/file-utils.js +0 -221
package/dist/tools/utils/file-utils.js.map +0 -1
package/dist/tools/write-file.tool.d.ts +0 -1
package/dist/tools/write-file.tool.js +0 -55
package/dist/tools/write-file.tool.js.map +0 -1
package/dist/types/agent.types.d.ts +0 -134
package/dist/types/agent.types.js +0 -16
package/dist/types/agent.types.js.map +0 -1
package/dist/types/api-provider.types.d.ts +0 -85
package/dist/types/api-provider.types.js +0 -65
package/dist/types/api-provider.types.js.map +0 -1
package/dist/types/index.js.map +0 -1
package/dist/types/layout.types.js.map +0 -1
package/dist/types/provider.types.d.ts +0 -12
package/dist/types/provider.types.js +0 -3
package/dist/types/provider.types.js.map +0 -1
package/dist/types/skill-runtime.types.d.ts +0 -244
package/dist/types/skill-runtime.types.js +0 -44
package/dist/types/skill-runtime.types.js.map +0 -1
package/dist/types/structured-payload.types.d.ts +0 -46
package/dist/types/structured-payload.types.js +0 -65
package/dist/types/structured-payload.types.js.map +0 -1
package/dist/types/task-log.types.js.map +0 -1
package/dist/types/template.types.d.ts +0 -38
package/dist/types/template.types.js +0 -3
package/dist/types/template.types.js.map +0 -1
package/dist/types.d.ts +0 -1
package/dist/types.js +0 -18
package/dist/types.js.map +0 -1
package/dist/utils/api-provider-normalizer.d.ts +0 -16
package/dist/utils/api-provider-normalizer.js +0 -135
package/dist/utils/api-provider-normalizer.js.map +0 -1
package/dist/utils/base-message-formatter.d.ts +0 -32
package/dist/utils/base-message-formatter.js +0 -170
package/dist/utils/base-message-formatter.js.map +0 -1
package/dist/utils/error-utils.d.ts +0 -3
package/dist/utils/error-utils.js +0 -27
package/dist/utils/error-utils.js.map +0 -1
package/dist/utils/index.d.ts +0 -4
package/dist/utils/index.js +0 -21
package/dist/utils/index.js.map +0 -1
package/dist/utils/math-utils.d.ts +0 -3
package/dist/utils/math-utils.js +0 -10
package/dist/utils/math-utils.js.map +0 -1
package/dist/utils/mention-parser.d.ts +0 -18
package/dist/utils/mention-parser.js +0 -136
package/dist/utils/mention-parser.js.map +0 -1
package/dist/utils/string-utils.d.ts +0 -1
package/dist/utils/string-utils.js +0 -10
package/dist/utils/string-utils.js.map +0 -1
package/dist/utils.d.ts +0 -3
package/dist/utils.js +0 -20
package/dist/utils.js.map +0 -1
package/schema/api-provider-config.json +0 -138
package/schema/crewx-config.json +0 -224
package/schema/skills-config.json +0 -306

package/dist/esm/remote/types.js ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * Remote Agent Module — Type Definitions
+ *
+ * Types for remote agent communication via MCP (Model Context Protocol).
+ * Migrated from sdk-bak/src/core/remote/types.ts and adapted to SDK conventions.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/esm/server/auth.js ADDED Viewed

@@ -0,0 +1,31 @@
+/**
+ * MCP Server authentication & Origin validation.
+ *
+ * - Origin header 검증 (DNS rebinding 방어, MCP 스펙 필수)
+ * - 커스텀 auth 콜백 래퍼
+ */
+/**
+ * Validate the Origin header is present (MCP spec requirement).
+ * Returns a 403 Response if validation fails, or null if ok.
+ */
+export function validateOrigin(req) {
+    const origin = req.headers.get('Origin');
+    if (!origin) {
+        return new Response(JSON.stringify({ error: 'Forbidden: Origin header required' }), { status: 403, headers: { 'Content-Type': 'application/json' } });
+    }
+    return null;
+}
+/**
+ * Run the custom auth callback if provided.
+ * Returns a 401 Response if auth fails, or null if ok.
+ */
+export async function runAuthCallback(req, auth) {
+    if (!auth)
+        return null;
+    const allowed = await auth(req);
+    if (!allowed) {
+        return new Response(JSON.stringify({ error: 'Unauthorized' }), { status: 401, headers: { 'Content-Type': 'application/json' } });
+    }
+    return null;
+}
+//# sourceMappingURL=auth.js.map

package/dist/esm/server/handler.js ADDED Viewed

@@ -0,0 +1,72 @@
+/**
+ * crewx.handler() — Framework-independent MCP HTTP handler.
+ *
+ * Returns a Web Standard `(req: Request) => Promise<Response>` handler
+ * that can be mounted on Express, Next.js, Hono, Bun, etc.
+ */
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { WebStandardStreamableHTTPServerTransport, } from '@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js';
+import { registerCrewxTools } from './tool-adapter';
+import { validateOrigin, runAuthCallback } from './auth';
+/**
+ * Create a fresh McpServer with tools registered.
+ */
+function createMcpServer(crewx, allowedAgents) {
+    const mcpServer = new McpServer({
+        name: 'crewx-mcp-server',
+        version: '1.0.0',
+    }, {
+        capabilities: {
+            tools: {},
+        },
+    });
+    registerCrewxTools(mcpServer, crewx, allowedAgents);
+    return mcpServer;
+}
+/**
+ * Create an MCP handler bound to the given Crewx instance.
+ *
+ * @param crewx  - Crewx facade instance
+ * @param options - Handler configuration (agents list required)
+ * @returns Web Standard request handler
+ */
+export function createHandler(crewx, options) {
+    if (!options.agents || options.agents.length === 0) {
+        throw new Error('crewx.handler() requires at least one agent in the agents option');
+    }
+    const allowedAgents = new Set(options.agents);
+    // Per-session transport + server map
+    const sessions = new Map();
+    return async (req) => {
+        // ── Security: Origin validation ──────────────────────────────────────
+        const originError = validateOrigin(req);
+        if (originError)
+            return originError;
+        // ── Security: Custom auth callback ───────────────────────────────────
+        const authError = await runAuthCallback(req, options.auth);
+        if (authError)
+            return authError;
+        // ── Route to transport ───────────────────────────────────────────────
+        const sessionId = req.headers.get('mcp-session-id');
+        if (sessionId && sessions.has(sessionId)) {
+            // Existing session — reuse transport
+            const session = sessions.get(sessionId);
+            return session.transport.handleRequest(req);
+        }
+        // New session: create McpServer + transport pair
+        const mcpServer = createMcpServer(crewx, allowedAgents);
+        const transport = new WebStandardStreamableHTTPServerTransport({
+            sessionIdGenerator: () => crypto.randomUUID(),
+            onsessioninitialized: (sid) => {
+                sessions.set(sid, { transport, server: mcpServer });
+            },
+            onsessionclosed: (sid) => {
+                sessions.delete(sid);
+            },
+            enableJsonResponse: true,
+        });
+        await mcpServer.connect(transport);
+        return transport.handleRequest(req);
+    };
+}
+//# sourceMappingURL=handler.js.map

package/dist/esm/server/index.js ADDED Viewed

@@ -0,0 +1,5 @@
+/**
+ * @crewx/sdk server module — MCP HTTP handler for exposing agents.
+ */
+export { createHandler } from './handler';
+//# sourceMappingURL=index.js.map

package/dist/esm/server/tool-adapter.js ADDED Viewed

@@ -0,0 +1,92 @@
+/**
+ * MCP tool adapter — 범용 MCP 도구 3개를 McpServer에 등록한다.
+ *
+ * 도구:
+ *   crewx_queryAgent(agentId, query, context?, thread?)
+ *   crewx_executeAgent(agentId, task, context?, thread?)
+ *   crewx_listAgents()
+ */
+import { z } from 'zod';
+const querySchema = {
+    agentId: z.string().describe('The agent ID to query'),
+    query: z.string().describe('The query message to send'),
+    context: z.string().optional().describe('Additional context'),
+    thread: z.string().optional().describe('Thread ID for conversation continuity'),
+};
+const executeSchema = {
+    agentId: z.string().describe('The agent ID to execute'),
+    task: z.string().describe('The task description to execute'),
+    context: z.string().optional().describe('Additional context'),
+    thread: z.string().optional().describe('Thread ID for conversation continuity'),
+};
+/**
+ * Register the 3 universal tools on the given McpServer.
+ *
+ * @param server  - McpServer instance
+ * @param crewx   - Crewx facade instance
+ * @param allowedAgents - Set of agent IDs exposed via handler
+ */
+export function registerCrewxTools(server, crewx, allowedAgents) {
+    // ── crewx_listAgents (no schema — zero-arg tool) ────────────────────────
+    server.tool('crewx_listAgents', 'List available CrewX agents exposed by this server', async () => {
+        const agents = [];
+        for (const agentId of allowedAgents) {
+            const agent = crewx.agents.get(agentId);
+            if (agent) {
+                agents.push({
+                    id: agent.id,
+                    name: agent.name ?? agent.id,
+                    description: agent.description ?? '',
+                });
+            }
+        }
+        return {
+            content: [{ type: 'text', text: JSON.stringify(agents, null, 2) }],
+        };
+    });
+    // ── crewx_queryAgent ────────────────────────────────────────────────────
+    server.tool('crewx_queryAgent', 'Query a CrewX agent with a read-only question', querySchema, async ({ agentId, query, context, thread }) => {
+        if (!allowedAgents.has(agentId)) {
+            return {
+                content: [{ type: 'text', text: `Agent '${agentId}' is not exposed by this server` }],
+                isError: true,
+            };
+        }
+        const result = await crewx.query(agentId, query, {
+            context,
+            threadId: thread,
+        });
+        if (!result.ok) {
+            return {
+                content: [{ type: 'text', text: result.error?.message ?? 'Query failed' }],
+                isError: true,
+            };
+        }
+        return {
+            content: [{ type: 'text', text: result.data }],
+        };
+    });
+    // ── crewx_executeAgent ──────────────────────────────────────────────────
+    server.tool('crewx_executeAgent', 'Execute a task on a CrewX agent (may modify state)', executeSchema, async ({ agentId, task, context, thread }) => {
+        if (!allowedAgents.has(agentId)) {
+            return {
+                content: [{ type: 'text', text: `Agent '${agentId}' is not exposed by this server` }],
+                isError: true,
+            };
+        }
+        const result = await crewx.execute(agentId, task, {
+            context,
+            threadId: thread,
+        });
+        if (!result.ok) {
+            return {
+                content: [{ type: 'text', text: result.error?.message ?? 'Execute failed' }],
+                isError: true,
+            };
+        }
+        return {
+            content: [{ type: 'text', text: result.data }],
+        };
+    });
+}
+//# sourceMappingURL=tool-adapter.js.map

package/dist/esm/template/engine.js ADDED Viewed

@@ -0,0 +1,100 @@
+/**
+ * CrewX template engine — Handlebars-based rendering with P0 helpers.
+ *
+ * P0 helpers implemented here:
+ * - exec        : shell command execution (5-stage security)
+ * - include     : inline string content passthrough
+ * - fenced_code : Markdown fenced code block wrapper
+ * - eq, ne, and, or, not, json (condition helpers)
+ */
+import * as Handlebars from 'handlebars';
+import { executeCommand } from './helpers/exec';
+import { includeHelper } from './helpers/include';
+import { fencedCodeHelper } from './helpers/fenced_code';
+import { truncateHelper, lengthHelper, escapeHandlebarsHelper, formatFileSizeHelper, formatTimestampHelper, } from './helpers/p1p2';
+export class TemplateEngine {
+    hbs;
+    execPolicy;
+    execEnabled;
+    constructor(options = {}) {
+        // Create an isolated Handlebars environment to avoid global state conflicts
+        this.hbs = Handlebars.create();
+        this.execPolicy = options.execPolicy ?? { allow: [], deny: [] };
+        this.execEnabled = options.execEnabled ?? true;
+        this.registerHelpers();
+    }
+    /**
+     * Register all P0 helpers onto this engine's Handlebars instance.
+     */
+    registerHelpers() {
+        const hbs = this.hbs;
+        const policy = this.execPolicy;
+        // ── exec: shell command execution ────────────────────────────────────────
+        const execEnabled = this.execEnabled;
+        hbs.registerHelper('exec', function (command) {
+            if (typeof command !== 'string')
+                return '';
+            if (!execEnabled)
+                return '(exec disabled)';
+            return new hbs.SafeString(executeCommand(command, policy));
+        });
+        // ── include: inline string passthrough ───────────────────────────────────
+        hbs.registerHelper('include', function (content) {
+            return new hbs.SafeString(includeHelper(content));
+        });
+        // ── fenced_code: Markdown code block wrapper ──────────────────────────────
+        hbs.registerHelper('fenced_code', function (content, options) {
+            return new hbs.SafeString(fencedCodeHelper(content, options));
+        });
+        // ── Condition helpers ─────────────────────────────────────────────────────
+        hbs.registerHelper('eq', function (a, b) {
+            return a === b;
+        });
+        hbs.registerHelper('ne', function (a, b) {
+            return a !== b;
+        });
+        hbs.registerHelper('and', function (a, b) {
+            return a && b;
+        });
+        hbs.registerHelper('or', function (a, b) {
+            return a || b;
+        });
+        hbs.registerHelper('not', function (a) {
+            return !a;
+        });
+        hbs.registerHelper('contains', function (array, value) {
+            return Array.isArray(array) && array.includes(value);
+        });
+        hbs.registerHelper('json', function (context) {
+            return JSON.stringify(context, null, 2);
+        });
+        // ── P1 helpers ────────────────────────────────────────────────────────────
+        hbs.registerHelper('truncate', function (text, maxLength) {
+            return truncateHelper(text, maxLength);
+        });
+        hbs.registerHelper('length', function (value) {
+            return lengthHelper(value);
+        });
+        hbs.registerHelper('escapeHandlebars', function (text) {
+            return new hbs.SafeString(escapeHandlebarsHelper(text));
+        });
+        // ── P2 helpers ────────────────────────────────────────────────────────────
+        hbs.registerHelper('formatFileSize', function (bytes) {
+            return formatFileSizeHelper(bytes);
+        });
+        hbs.registerHelper('formatTimestamp', function (timestamp) {
+            return formatTimestampHelper(timestamp);
+        });
+    }
+    /**
+     * Render a Handlebars template string with the given context.
+     * @param template - Handlebars template string
+     * @param context  - Template context (documents, env, agent, etc.)
+     * @returns Rendered string
+     */
+    async render(template, context = {}) {
+        const compiled = this.hbs.compile(template, { noEscape: true });
+        return compiled(context);
+    }
+}
+//# sourceMappingURL=engine.js.map

package/dist/esm/template/helpers/exec.browser.js ADDED Viewed

@@ -0,0 +1,31 @@
+/**
+ * Browser stub for the exec helper.
+ *
+ * Replaces the Node.js exec helper in browser bundles (via package.json "browser" field).
+ * All functions are no-ops or return safe defaults — child_process is not available in browsers.
+ */
+export function getSanitizedEnv() {
+    return {};
+}
+export function validateCommand(_command) {
+    // noop in browser
+}
+export function isBuiltinAllowed(_command) {
+    return false;
+}
+export function validateAllowPattern(_pattern) {
+    // noop in browser
+}
+export function isAllowed(_command, _policy) {
+    return false;
+}
+export function setAuditVerbose(_enabled) {
+    // noop in browser
+}
+export function logExecAudit(_entry) {
+    // noop in browser
+}
+export function executeCommand(_command, _policy) {
+    return '(exec disabled: browser environment)';
+}
+//# sourceMappingURL=exec.browser.js.map

package/dist/esm/template/helpers/exec.js ADDED Viewed

@@ -0,0 +1,220 @@
+/**
+ * exec Handlebars helper — 5-stage security implementation.
+ *
+ * Ports the security logic from packages/cli-bak/src/utils/template-processor.ts
+ * without using shell-quote or minimatch (not in allowed library list).
+ *
+ * Stages:
+ * 1. Recursion depth check (fail-closed on NaN)
+ * 2. Shell metacharacter validation
+ * 3. Allow-list enforcement (deny > builtin > allow > reject)
+ * 4. Environment isolation (strip sensitive keys)
+ * 5. Result capture (execFileSync with timeout + maxBuffer, wrapped in tags)
+ */
+import { execFileSync } from 'child_process';
+import { matchesPattern } from '../../utils/glob-match';
+// Sensitive env key patterns — removed from exec child processes
+const SENSITIVE_ENV_PATTERNS = [
+    /^ANTHROPIC_/i, /^OPENAI_/i, /^AWS_SECRET/i, /^SLACK_/i,
+    /^GITHUB_TOKEN$/i, /^CREWX_MCP_KEY$/i, /^DATABASE_/i,
+    /^AWS_ACCESS_KEY/i, /^AWS_SESSION_TOKEN$/i,
+    /^GH_TOKEN$/i, /^GH_APP_/i,
+    /^NPM_TOKEN$/i, /^NPM_AUTH/i,
+    /^GOOGLE_APPLICATION/i, /^GCLOUD_/i,
+    /^AZURE_/i, /^ARM_/i,
+    /^DOCKER_PASSWORD$/i, /^DOCKER_AUTH/i,
+    /^SSH_PRIVATE/i, /^SSH_AUTH_SOCK$/i,
+    /^CI_JOB_TOKEN$/i, /^ACTIONS_RUNTIME_TOKEN$/i,
+    /^VAULT_TOKEN$/i, /^SONAR_TOKEN$/i, /^CODECOV_TOKEN$/i,
+    /TOKEN$/i, /SECRET$/i, /PASSWORD$/i, /API_KEY$/i,
+];
+// Shell metacharacter pattern — blocks command injection
+const SHELL_METACHAR = /[;|&`$(){}!><\n\r]/;
+// Max recursion depth for exec helper
+const MAX_EXEC_DEPTH = 2;
+// Overly broad patterns that must be rejected in allow/deny lists
+const DANGEROUS_PATTERNS = ['*', '**', '*:*', '* *', '**/*'];
+// ─────────────────────────────────────────────────────────────────────────────
+// Stage 4: Environment isolation
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * Returns a copy of process.env with all sensitive keys removed.
+ */
+export function getSanitizedEnv() {
+    const env = {};
+    for (const [key, value] of Object.entries(process.env)) {
+        if (value === undefined)
+            continue;
+        if (SENSITIVE_ENV_PATTERNS.some(p => p.test(key)))
+            continue;
+        env[key] = value;
+    }
+    return env;
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// Stage 1: Shell metacharacter validation
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * Validates a command string for shell metacharacter injection.
+ * @throws Error if shell metacharacters are detected.
+ */
+export function validateCommand(command) {
+    if (SHELL_METACHAR.test(command)) {
+        throw new Error(`exec blocked: shell metacharacter detected in "${command}"`);
+    }
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// Stage 2: Allow-list enforcement
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * Checks if a command matches the builtin allowed pattern.
+ * Only npx @crewx/<package> scope is allowed by default.
+ */
+export function isBuiltinAllowed(command) {
+    return /^npx\s+@crewx\/[\w-]+/.test(command);
+}
+/**
+ * Validates allow/deny patterns — rejects overly broad wildcards.
+ * @throws Error if pattern is too broad or malformed.
+ */
+export function validateAllowPattern(pattern) {
+    // Trim only for dangerous-pattern check (exact match list)
+    if (DANGEROUS_PATTERNS.includes(pattern.trim())) {
+        throw new Error(`exec config error: overly broad pattern "${pattern}" is not allowed`);
+    }
+    // Start-character check uses original pattern (space prefix → rejected)
+    if (!/^[\w./@-]/.test(pattern)) {
+        throw new Error(`exec config error: pattern must start with a command name`);
+    }
+}
+/**
+ * Checks if a command is allowed by the exec policy.
+ * Priority: deny > builtin(@crewx) > allow > reject
+ */
+export function isAllowed(command, policy) {
+    const allow = policy.allow ?? [];
+    const deny = policy.deny ?? [];
+    // Validate patterns
+    for (const p of [...allow, ...deny]) {
+        validateAllowPattern(p);
+    }
+    // Step 1: deny takes highest priority
+    if (deny.some(pattern => matchesPattern(command, pattern)))
+        return false;
+    // Step 2: builtin allowed (@crewx/* scope only)
+    if (isBuiltinAllowed(command))
+        return true;
+    // Step 3: explicit allow patterns
+    return allow.some(pattern => matchesPattern(command, pattern));
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// Audit log
+// ─────────────────────────────────────────────────────────────────────────────
+/** When false (default), audit logs are suppressed. Set true via setAuditVerbose(). */
+let _verboseAudit = false;
+/**
+ * Enable or disable exec audit log output to stderr.
+ * Call with true to show span JSON (verbose mode); false to suppress (default).
+ */
+export function setAuditVerbose(enabled) {
+    _verboseAudit = enabled;
+}
+/**
+ * Emits a structured audit log entry to stderr.
+ * Only writes when verbose audit mode is enabled via setAuditVerbose(true).
+ */
+export function logExecAudit(entry) {
+    if (!_verboseAudit)
+        return;
+    const log = JSON.stringify({ span: 'template_exec', ...entry, timestamp: new Date().toISOString() });
+    console.error(log);
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// Simple shell argument parser (replaces shell-quote)
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * Parses a command string into an array of arguments.
+ * Handles single and double quoted strings.
+ */
+function parseShellArgs(command) {
+    const tokens = [];
+    let current = '';
+    let inSingle = false;
+    let inDouble = false;
+    for (let i = 0; i < command.length; i++) {
+        const ch = command[i];
+        if (ch === "'" && !inDouble) {
+            inSingle = !inSingle;
+        }
+        else if (ch === '"' && !inSingle) {
+            inDouble = !inDouble;
+        }
+        else if (ch === ' ' && !inSingle && !inDouble) {
+            if (current.length > 0) {
+                tokens.push(current);
+                current = '';
+            }
+        }
+        else {
+            current += ch;
+        }
+    }
+    if (current.length > 0)
+        tokens.push(current);
+    return tokens;
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// Stage 3 + 5: Execute command with timeout and result capture
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * Executes a command and returns the output wrapped in exec-output tags.
+ * Implements all 5 security stages.
+ */
+export function executeCommand(command, policy) {
+    const startMs = Date.now();
+    // Stage 1: Recursion depth check (NaN fail-closed)
+    const execDepth = parseInt(process.env.CREWX_EXEC_DEPTH ?? '0', 10);
+    if (isNaN(execDepth) || execDepth >= MAX_EXEC_DEPTH) {
+        logExecAudit({ command, status: 'denied', reason: 'invalid or max recursion depth' });
+        return '(exec blocked: max recursion depth reached)';
+    }
+    // Stage 2a: Shell metacharacter validation
+    try {
+        validateCommand(command);
+    }
+    catch {
+        logExecAudit({ command, status: 'denied', reason: 'shell metacharacter detected' });
+        return `(exec blocked: shell metacharacter detected in "${command}")`;
+    }
+    // Stage 2b/c: Allow-list enforcement (deny > builtin > allow > reject)
+    if (!isAllowed(command, policy)) {
+        logExecAudit({ command, status: 'denied', reason: 'not in allow list' });
+        return `(exec blocked: ${command})`;
+    }
+    // Stage 3 + 4 + 5: Execute with timeout, env isolation, and result capture
+    try {
+        const parsed = parseShellArgs(command);
+        const [bin, ...args] = parsed;
+        if (!bin)
+            return `(exec failed: ${command})`;
+        // Stage 4: Environment isolation
+        const sanitizedEnv = getSanitizedEnv();
+        // Stage 3: Timeout + Stage 5: Result capture
+        const result = execFileSync(bin, args, {
+            timeout: policy.timeout ?? 5000,
+            maxBuffer: 64 * 1024, // 64KB — OOM prevention
+            encoding: 'utf-8',
+            env: { ...sanitizedEnv, CREWX_EXEC_DEPTH: String(execDepth + 1) },
+            stdio: ['pipe', 'pipe', 'pipe'],
+        });
+        const durationMs = Date.now() - startMs;
+        logExecAudit({ command, status: 'allowed', allowed_by: 'policy', duration_ms: durationMs });
+        // Stage 5: Wrap result in structured tags
+        return `<exec-output cmd="${command}">\n${result.trim()}\n</exec-output>`;
+    }
+    catch {
+        logExecAudit({ command, status: 'error', reason: 'execution failed' });
+        return `(exec failed: ${command})`;
+    }
+}
+//# sourceMappingURL=exec.js.map

package/dist/esm/template/helpers/fenced_code.js ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * fenced_code Handlebars helper — wraps content in a Markdown fenced code block.
+ *
+ * Usage in templates:
+ *   {{fenced_code myCode lang="typescript"}}
+ *   {{fenced_code myCode}}              ← no language specified
+ */
+/**
+ * Wraps content in a Markdown fenced code block.
+ * @param content - The code content to wrap.
+ * @param options - Handlebars options object (may contain hash.lang).
+ */
+export function fencedCodeHelper(content, options) {
+    const lang = options?.hash?.lang ?? '';
+    return `\`\`\`${lang}\n${content ?? ''}\n\`\`\``;
+}
+//# sourceMappingURL=fenced_code.js.map

package/dist/esm/template/helpers/include.js ADDED Viewed

@@ -0,0 +1,20 @@
+/**
+ * include Handlebars helper — returns inline string content as-is.
+ *
+ * Usage in templates:
+ *   {{{include someVariable}}}
+ *   {{{include "literal string"}}}
+ *
+ * Note: File-path based document loading is handled in SDK-006 (DocumentLoader).
+ * This helper supports only inline string content (already in context).
+ */
+/**
+ * Returns the given string content unchanged.
+ * Returns empty string for null/undefined.
+ */
+export function includeHelper(content) {
+    if (content === null || content === undefined)
+        return '';
+    return String(content);
+}
+//# sourceMappingURL=include.js.map