@easynet/agent-runtime 1.0.4 → 1.0.5

package/agent-runtime/.github/workflows/ci.yml

@@ -26,8 +26,6 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: '20'
-          cache: 'npm'
-          registry-url: 'https://registry.npmjs.org'
 
       - name: Force npm registry to npmjs.org
         run: |
@@ -47,6 +45,7 @@ jobs:
           NPM_CONFIG_REGISTRY: "https://registry.npmjs.org/"
         run: |
           rm -f package-lock.json
+          unset NPM_CONFIG_USERCONFIG NODE_AUTH_TOKEN
           npm install --legacy-peer-deps --ignore-scripts
 
       - name: Build

package/agent-runtime/.github/workflows/release.yml

@@ -32,8 +32,6 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: '20'
-          cache: 'npm'
-          registry-url: 'https://registry.npmjs.org'
 
       - name: Force npm registry to npmjs.org
         run: |
@@ -42,40 +40,19 @@ jobs:
           grep -q '@easynet:registry=' .npmrc || echo "@easynet:registry=https://registry.npmjs.org/" >> .npmrc
           grep -q '@wallee:registry=' .npmrc || echo "@wallee:registry=https://registry.npmjs.org/" >> .npmrc
 
-      - name: Use @easynet deps from npm (CI has no file:../)
+      - name: Rewrite file deps to npm/git refs for CI
         env:
           AGENT_SKILL_READ_TOKEN: ${{ secrets.AGENT_SKILL_READ_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          node -e "
-          const fs = require('fs');
-          const pkgPath = 'package.json';
-          const p = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
-          const deps = { ...p.dependencies, ...p.devDependencies };
-          const token = process.env.AGENT_SKILL_READ_TOKEN || process.env.GITHUB_TOKEN || '';
-          if (!token) {
-            console.error('Missing AGENT_SKILL_READ_TOKEN (or GITHUB_TOKEN) for @easynet/agent-skill private dependency.');
-            process.exit(1);
-          }
-          let changed = false;
-          for (const [name, v] of Object.entries(deps)) {
-            if (name.startsWith('@easynet/') && typeof v === 'string' && v.startsWith('file:')) {
-              const resolved = name === '@easynet/agent-skill'
-                ? ('git+https://x-access-token:' + token + '@github.com/easynet-world/agent-skill.git#master')
-                : 'latest';
-              if (p.dependencies[name]) { p.dependencies[name] = resolved; changed = true; }
-              if (p.devDependencies[name]) { p.devDependencies[name] = resolved; changed = true; }
-            }
-          }
-          if (changed) fs.writeFileSync(pkgPath, JSON.stringify(p, null, 2) + '\n');
-          "
-      - name: Remove lockfile to avoid stale ssh git refs
-        run: rm -f package-lock.json
+        run: node scripts/resolve-deps.js
 
       - name: Install dependencies
         env:
           NPM_CONFIG_REGISTRY: "https://registry.npmjs.org/"
-        run: npm install --legacy-peer-deps
+        run: |
+          rm -f package-lock.json
+          unset NPM_CONFIG_USERCONFIG NODE_AUTH_TOKEN
+          npm install --legacy-peer-deps --ignore-scripts
 
       - name: Build
         run: npm run build --if-present

package/apps/imessagebot/src/app/config.ts

@@ -0,0 +1,76 @@
+import { asObject, resolveKindResourceFile } from "@easynet/agent-common";
+import {
+  createRuntimeConfig,
+  getModelsConfigPath as getRuntimeModelsConfigPath,
+  getMemoryConfigPath as getRuntimeMemoryConfigPath,
+  getToolConfigPath as getRuntimeToolConfigPath,
+  resolveDefaultAgentName as resolveRuntimeDefaultAgentName,
+  type AgentProfileConfig,
+} from "@easynet/agent-runtime";
+
+type IMessageAppSpec = {
+  agent?: string;
+};
+
+export interface AppConfig {
+  app?: {
+    agent?: Record<string, AgentProfileConfig>;
+    defaultAgent?: string;
+  };
+}
+
+export interface AppConfigDefaults {
+  modelsPath?: string;
+  memoryPath?: string;
+  toolPath?: string;
+  toolDevPath?: string;
+  toolProdPath?: string;
+}
+
+export async function loadAppConfig(configPath?: string): Promise<AppConfig> {
+  const appResource = await resolveKindResourceFile<IMessageAppSpec>(configPath ?? "config/app.yaml", {
+    baseDir: process.cwd(),
+    expectedApiVersion: "easynet.world/v1",
+    expectedKind: "AppConfig",
+  });
+  const spec = asObject(appResource.spec) as IMessageAppSpec | undefined;
+  const runtimeConfig = await createRuntimeConfig({
+    configPath,
+    overrides: {
+      app: {
+        defaultAgent: spec?.agent,
+      },
+    },
+  });
+  const defaultAgent = resolveRuntimeDefaultAgentName(runtimeConfig, spec?.agent);
+  return {
+    app: {
+      agent: runtimeConfig.app?.agent,
+      defaultAgent,
+    },
+  };
+}
+
+export function getModelsConfigPath(
+  config: AppConfig,
+  agentName?: string,
+  defaults?: AppConfigDefaults,
+): string {
+  return getRuntimeModelsConfigPath(config, agentName, defaults);
+}
+
+export function getMemoryConfigPath(
+  config: AppConfig,
+  agentName?: string,
+  defaults?: AppConfigDefaults,
+): string {
+  return getRuntimeMemoryConfigPath(config, agentName, defaults);
+}
+
+export function getToolConfigPath(
+  config: AppConfig,
+  agentName?: string,
+  defaults?: AppConfigDefaults,
+): string {
+  return getRuntimeToolConfigPath(config, agentName, defaults);
+}

package/apps/imessagebot/src/app/context.ts

@@ -0,0 +1,39 @@
+/**
+ * Shared runtime context: LLM, memory, tools.
+ * Built once and passed to both ReAct and Deep agents.
+ */
+import {
+  createContextBuilders,
+  type AppContextBuilders,
+  type BotContext,
+  type BotTool,
+  type CreateContextOptions,
+} from "@easynet/agent-runtime";
+import {
+  loadAppConfig,
+  getModelsConfigPath,
+  getMemoryConfigPath,
+  getToolConfigPath,
+  type AppConfig,
+} from "./config.js";
+
+export type { BotContext, BotTool, CreateContextOptions };
+
+const builders: AppContextBuilders = createContextBuilders<AppConfig>({
+  configApi: {
+    loadAgentConfig: loadAppConfig,
+    getModelsConfigPath: (config: AppConfig, agentName?: string) => getModelsConfigPath(config, agentName),
+    getMemoryConfigPath: (config: AppConfig, agentName?: string) => getMemoryConfigPath(config, agentName),
+    getToolConfigPath: (config: AppConfig, agentName?: string) => getToolConfigPath(config, agentName),
+  },
+});
+
+export const getAgentLlm: AppContextBuilders["createAgentLlm"] = builders.createAgentLlm;
+export const getAgentMemory: AppContextBuilders["createAgentMemory"] = builders.createAgentMemory;
+export const getAgentTools: AppContextBuilders["createAgentTools"] = builders.createAgentTools;
+
+export const createAgentLlm: AppContextBuilders["createAgentLlm"] = builders.createAgentLlm;
+export const createAgentMemory: AppContextBuilders["createAgentMemory"] = builders.createAgentMemory;
+export const createAgentTools: AppContextBuilders["createAgentTools"] = builders.createAgentTools;
+export const createAgent: AppContextBuilders["createAgent"] = builders.createAgent;
+export const createBotContext: AppContextBuilders["createBotContext"] = builders.createBotContext;

package/apps/itermbot/config/tool.yaml

@@ -0,0 +1,19 @@
+apiVersion: easynet.world/v1
+kind: ToolConfig
+metadata:
+  name: itermbot-local-tool-config
+spec:
+  tools:
+    list:
+      - file:../../../agent-tool-buildin#itermCreateWindow
+      - file:../../../agent-tool-buildin#itermCreateTab
+      - file:../../../agent-tool-buildin#itermSplitPane
+      - file:../../../agent-tool-buildin#itermResizeWindow
+      - file:../../../agent-tool-buildin#itermRename
+      - file:../../../agent-tool-buildin#itermSetBackgroundColor
+      - file:../../../agent-tool-buildin#itermSetSessionColors
+      - file:../../../agent-tool-buildin#itermSendText
+      - file:../../../agent-tool-buildin#itermRunCommandInSession
+      - file:../../../agent-tool-buildin#itermListCurrentWindowSessions
+      - file:../../../agent-tool-buildin#itermGetSessionInfo
+      - file:../../../agent-tool-buildin#itermListWindows

package/apps/itermbot/src/app/config.ts

@@ -0,0 +1,117 @@
+import { asObject, resolveKindResourceFile } from "@easynet/agent-common";
+import {
+  createRuntimeConfig,
+  getModelsConfigPath as getRuntimeModelsConfigPath,
+  getMemoryConfigPath as getRuntimeMemoryConfigPath,
+  getToolConfigPath as getRuntimeToolConfigPath,
+  resolveDefaultAgentName as resolveRuntimeDefaultAgentName,
+  type AgentRuntimeConfig,
+} from "@easynet/agent-runtime";
+
+type PromptTemplates = {
+  itermPolicy?: string;
+  targetSession?: string;
+};
+
+type ItermAppSpec = {
+  agent?: string;
+  printSteps?: boolean;
+  fallbackText?: string;
+  commandWindowLabel?: string;
+  toolConfigPath?: string;
+  promptTemplates?: PromptTemplates;
+};
+
+export type AppConfig = AgentRuntimeConfig & {
+  app?: (AgentRuntimeConfig["app"] & {
+    defaultAgent?: string;
+    printSteps?: boolean;
+    fallbackText?: string;
+    commandWindowLabel?: string;
+    promptTemplates?: PromptTemplates;
+  });
+};
+
+export interface AppConfigDefaults {
+  modelsPath?: string;
+  memoryPath?: string;
+  toolPath?: string;
+  toolDevPath?: string;
+  toolProdPath?: string;
+}
+
+export async function loadAppConfig(configPath?: string): Promise<AppConfig> {
+  const appResource = await resolveKindResourceFile<ItermAppSpec>(configPath ?? "config/app.yaml", {
+    baseDir: process.cwd(),
+    expectedApiVersion: "easynet.world/v1",
+    expectedKind: "AppConfig",
+  });
+  const spec = asObject(appResource.spec) as ItermAppSpec | undefined;
+  const runtimeConfig = await createRuntimeConfig({
+    configPath,
+    overrides: {
+      app: {
+        defaultAgent: spec?.agent,
+        printSteps: spec?.printSteps,
+        fallbackText: spec?.fallbackText,
+        commandWindowLabel: spec?.commandWindowLabel,
+        promptTemplates: spec?.promptTemplates,
+      },
+    },
+  });
+  const defaultAgent = resolveRuntimeDefaultAgentName(
+    runtimeConfig,
+    (runtimeConfig.app?.defaultAgent as string | undefined) ?? spec?.agent,
+  );
+  const selectedAgent = defaultAgent || spec?.agent || "";
+  const selectedAgentConfig =
+    selectedAgent && runtimeConfig.app?.agent && runtimeConfig.app.agent[selectedAgent]
+      ? runtimeConfig.app.agent[selectedAgent]
+      : {};
+  const resolvedToolConfigPath = spec?.toolConfigPath?.trim() || "config/tool.yaml";
+
+  return {
+    app: {
+      ...runtimeConfig.app,
+      defaultAgent,
+      agent: {
+        ...(runtimeConfig.app?.agent ?? {}),
+        ...(selectedAgent
+          ? {
+              [selectedAgent]: {
+                ...selectedAgentConfig,
+                tools: {
+                  ...(selectedAgentConfig?.tools ?? {}),
+                  ref: resolvedToolConfigPath,
+                },
+              },
+            }
+          : {}),
+      },
+    },
+  };
+}
+
+export function getModelsConfigPath(
+  config: AppConfig,
+  agentName?: string,
+  defaults?: AppConfigDefaults,
+): string {
+  return getRuntimeModelsConfigPath(config, agentName, defaults);
+}
+
+export function getMemoryConfigPath(
+  config: AppConfig,
+  agentName?: string,
+  defaults?: AppConfigDefaults,
+): string {
+  return getRuntimeMemoryConfigPath(config, agentName, defaults);
+}
+
+export function getToolConfigPath(
+  config: AppConfig,
+  agentName?: string,
+  defaults?: AppConfigDefaults,
+): string {
+  return getRuntimeToolConfigPath(config, agentName, defaults);
+}

package/apps/itermbot/src/app/context.ts

@@ -0,0 +1,39 @@
+/**
+ * Shared runtime context: LLM, memory, tools.
+ * Built once and passed to both ReAct and Deep agents.
+ */
+import {
+  createContextBuilders,
+  type AppContextBuilders,
+  type BotContext,
+  type BotTool,
+  type CreateContextOptions,
+} from "@easynet/agent-runtime";
+import {
+  loadAppConfig,
+  getModelsConfigPath,
+  getMemoryConfigPath,
+  getToolConfigPath,
+  type AppConfig,
+} from "./config.js";
+
+export type { BotContext, BotTool, CreateContextOptions };
+
+const builders: AppContextBuilders = createContextBuilders<AppConfig>({
+  configApi: {
+    loadAgentConfig: loadAppConfig,
+    getModelsConfigPath: (config: AppConfig, agentName?: string) => getModelsConfigPath(config, agentName),
+    getMemoryConfigPath: (config: AppConfig, agentName?: string) => getMemoryConfigPath(config, agentName),
+    getToolConfigPath: (config: AppConfig, agentName?: string) => getToolConfigPath(config, agentName),
+  },
+});
+
+export const getAgentLlm: AppContextBuilders["createAgentLlm"] = builders.createAgentLlm;
+export const getAgentMemory: AppContextBuilders["createAgentMemory"] = builders.createAgentMemory;
+export const getAgentTools: AppContextBuilders["createAgentTools"] = builders.createAgentTools;
+
+export const createAgentLlm: AppContextBuilders["createAgentLlm"] = builders.createAgentLlm;
+export const createAgentMemory: AppContextBuilders["createAgentMemory"] = builders.createAgentMemory;
+export const createAgentTools: AppContextBuilders["createAgentTools"] = builders.createAgentTools;
+export const createAgent: AppContextBuilders["createAgent"] = builders.createAgent;
+export const createBotContext: AppContextBuilders["createBotContext"] = builders.createBotContext;

package/apps/itermbot/src/iterm/target-panel-policy.ts

@@ -0,0 +1,220 @@
+import type { BotContext } from "@easynet/agent-runtime";
+
+type ToolLike = {
+  name?: unknown;
+  invoke?: (args: unknown) => Promise<unknown>;
+};
+
+const BLOCKED_SHORT_NAMES = new Set([
+  "listDir",
+  "readText",
+  "writeText",
+  "runCommand",
+  "gitRead",
+  "gitAdd",
+  "gitCommit",
+  "gitDiff",
+  "gitPull",
+  "gitPush",
+  "gitSwitchBranch",
+  "gitLogHistory",
+]);
+
+type RedirectableShortName =
+  | "listDir"
+  | "readText"
+  | "runCommand"
+  | "itermListWindows"
+  | "itermListCurrentWindowSessions"
+  | "itermGetSessionInfo";
+
+type ItermCommandArgs = {
+  command: string;
+  waitMs?: number;
+  maxOutputLines?: number;
+  outputOffsetLines?: number;
+};
+
+function shortName(name: string): string {
+  const parts = name.split(".");
+  return parts[parts.length - 1] ?? name;
+}
+
+function shouldBlockTool(name: string): boolean {
+  if (name.includes("itermRunCommandInSession")) return false;
+  if (name.includes("iterm")) return true;
+  return BLOCKED_SHORT_NAMES.has(shortName(name));
+}
+
+function policyError(toolName: string): Error {
+  return new Error(
+    `Tool "${toolName}" is blocked in iTermBot policy. ` +
+    `Use itermRunCommandInSession on target panel, then analyze returned output.`,
+  );
+}
+
+function asRecord(input: unknown): Record<string, unknown> {
+  if (!input || typeof input !== "object" || Array.isArray(input)) return {};
+  return input as Record<string, unknown>;
+}
+
+function quoteForBash(value: string): string {
+  return `'${value.replaceAll("'", `'\\''`)}'`;
+}
+
+function asBoolean(value: unknown, fallback: boolean): boolean {
+  return typeof value === "boolean" ? value : fallback;
+}
+
+function asBoundedInt(value: unknown, fallback: number, min: number, max: number): number {
+  if (typeof value !== "number" || !Number.isFinite(value)) return fallback;
+  const normalized = Math.floor(value);
+  return Math.max(min, Math.min(max, normalized));
+}
+
+function buildListDirCommand(args: Record<string, unknown>): ItermCommandArgs {
+  const path = typeof args.path === "string" && args.path.trim() ? args.path.trim() : ".";
+  const recursive = asBoolean(args.recursive, false);
+  const includeHidden = asBoolean(args.includeHidden, false);
+  const maxDepth = asBoundedInt(args.maxDepth, 3, 1, 20);
+  const maxEntries = asBoundedInt(args.maxEntries, 200, 1, 2000);
+  const quotedPath = quoteForBash(path);
+  if (!recursive) {
+    const lsFlags = includeHidden ? "-la" : "-l";
+    return { command: `ls ${lsFlags} ${quotedPath} | head -n ${maxEntries}` };
+  }
+  const hiddenFilter = includeHidden ? "" : ` | grep -Ev '/\\.[^/]+($|/)'`;
+  return {
+    command: `find ${quotedPath} -maxdepth ${maxDepth} -print${hiddenFilter} | head -n ${maxEntries}`,
+    maxOutputLines: Math.min(maxEntries + 50, 3000),
+  };
+}
+
+function buildReadTextCommand(args: Record<string, unknown>): ItermCommandArgs | null {
+  const path = typeof args.path === "string" ? args.path.trim() : "";
+  if (!path) return null;
+  const maxBytes = asBoundedInt(args.maxBytes, 24_000, 256, 200_000);
+  const maxLines = asBoundedInt(Math.floor(maxBytes / 120), 200, 20, 2000);
+  return {
+    command: `sed -n '1,${maxLines}p' ${quoteForBash(path)}`,
+    maxOutputLines: Math.min(maxLines + 40, 2500),
+  };
+}
+
+function buildRunCommandCommand(args: Record<string, unknown>): ItermCommandArgs | null {
+  if (typeof args.command === "string" && args.command.trim()) {
+    return { command: args.command.trim() };
+  }
+  if (typeof args.cmd === "string" && args.cmd.trim()) {
+    return { command: args.cmd.trim() };
+  }
+  if (Array.isArray(args.cmdArray) && args.cmdArray.length > 0) {
+    const joined = args.cmdArray.map((part) => String(part)).join(" ").trim();
+    if (joined) return { command: joined };
+  }
+  return null;
+}
+
+function toItermCommandArgs(toolName: string, args: unknown): ItermCommandArgs | null {
+  const tool = shortName(toolName);
+  const record = asRecord(args);
+  if (tool === "listDir") return buildListDirCommand(record);
+  if (tool === "readText") return buildReadTextCommand(record);
+  if (tool === "runCommand") return buildRunCommandCommand(record);
+  if (tool === "itermListWindows") return { command: "pwd && ls -la" };
+  if (tool === "itermListCurrentWindowSessions") return { command: "pwd && ls -la" };
+  if (tool === "itermGetSessionInfo") return { command: "pwd && ls -la" };
+  return null;
+}
+
+function isRedirectableTool(toolName: string): toolName is RedirectableShortName {
+  return (
+    toolName === "listDir" ||
+    toolName === "readText" ||
+    toolName === "runCommand" ||
+    toolName === "itermListWindows" ||
+    toolName === "itermListCurrentWindowSessions" ||
+    toolName === "itermGetSessionInfo"
+  );
+}
+
+function findItermCommandTool(tools: ToolLike[]): ToolLike | null {
+  return tools.find((tool) => typeof tool.name === "string" && typeof tool.invoke === "function" && tool.name.includes("itermRunCommandInSession")) ?? null;
+}
+
+async function invokeRedirect(
+  blockedName: string,
+  blockedArgs: unknown,
+  commandTool: ToolLike | null,
+): Promise<unknown> {
+  const mapped = toItermCommandArgs(blockedName, blockedArgs);
+  if (!mapped || !commandTool || typeof commandTool.invoke !== "function") {
+    throw policyError(blockedName);
+  }
+  const output = await commandTool.invoke(mapped);
+  return {
+    result: {
+      blockedTool: blockedName,
+      redirectedTool: commandTool.name,
+      redirected: true,
+      originalArgs: asRecord(blockedArgs),
+      mappedCommand: mapped.command,
+      output,
+    },
+    evidence: [
+      {
+        type: "policy",
+        ref: "target-panel-policy",
+        summary: `Redirected ${blockedName} to ${String(commandTool.name)} with target-panel command execution`,
+        createdAt: new Date().toISOString(),
+      },
+    ],
+  };
+}
+
+function blockedResult(toolName: string): unknown {
+  return {
+    result: {
+      blocked: true,
+      blockedTool: toolName,
+      requiredTool: "itermRunCommandInSession",
+      message:
+        `Tool "${toolName}" is blocked in iTermBot policy. ` +
+        `Use itermRunCommandInSession on target panel, then analyze returned output.`,
+      suggestedCommand: "pwd && ls -la",
+    },
+    evidence: [
+      {
+        type: "policy",
+        ref: "target-panel-policy",
+        summary: `Blocked ${toolName}; returned policy guidance for target-panel command execution`,
+        createdAt: new Date().toISOString(),
+      },
+    ],
+  };
+}
+
+export function enforceTargetPanelExecutionPolicy(ctx: BotContext): () => void {
+  const unpatchFns: Array<() => void> = [];
+  const allTools = ctx.tools as unknown as ToolLike[];
+  const itermCommandTool = findItermCommandTool(allTools);
+
+  for (const tool of allTools) {
+    if (!tool || typeof tool.name !== "string" || typeof tool.invoke !== "function") continue;
+    if (!shouldBlockTool(tool.name)) continue;
+    const originalInvoke = tool.invoke.bind(tool);
+    tool.invoke = async (args: unknown): Promise<unknown> => {
+      const toolShortName = shortName(tool.name as string);
+      if (isRedirectableTool(toolShortName)) {
+        return invokeRedirect(tool.name as string, args, itermCommandTool);
+      }
+      return blockedResult(tool.name as string);
+    };
+    unpatchFns.push(() => {
+      tool.invoke = originalInvoke;
+    });
+  }
+  return () => {
+    for (const unpatch of unpatchFns) unpatch();
+  };
+}

package/apps/itermbot/test/target-panel-policy.test.mjs

@@ -0,0 +1,60 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import { enforceTargetPanelExecutionPolicy } from "../dist/iterm/target-panel-policy.js";
+
+function createTool(name, invoke) {
+  return { name, invoke };
+}
+
+test("redirects listDir to itermRunCommandInSession", async () => {
+  const calls = [];
+  const itermTool = createTool(
+    "npm.easynet.agent.tool.buildin.0.0.70.itermRunCommandInSession",
+    async (args) => {
+      calls.push(args);
+      return { result: { ok: true, args } };
+    },
+  );
+  const blockedTool = createTool(
+    "npm.easynet.agent.tool.buildin.0.0.70.listDir",
+    async () => ({ result: { shouldNotReach: true } }),
+  );
+  const ctx = { tools: [blockedTool, itermTool] };
+
+  const unpatch = enforceTargetPanelExecutionPolicy(ctx);
+  const out = await blockedTool.invoke({
+    path: ".",
+    recursive: true,
+    includeHidden: false,
+    maxDepth: 2,
+    maxEntries: 50,
+  });
+  unpatch();
+
+  assert.equal(calls.length, 1);
+  assert.equal(typeof calls[0].command, "string");
+  assert.equal(calls[0].command.includes("find"), true);
+  assert.equal(out?.result?.redirected, true);
+  assert.equal(
+    out?.result?.redirectedTool,
+    "npm.easynet.agent.tool.buildin.0.0.70.itermRunCommandInSession",
+  );
+});
+
+test("keeps non-redirectable blocked tools rejected", async () => {
+  const itermTool = createTool(
+    "npm.easynet.agent.tool.buildin.0.0.70.itermRunCommandInSession",
+    async () => ({ result: { ok: true } }),
+  );
+  const gitReadTool = createTool(
+    "npm.easynet.agent.tool.buildin.0.0.70.gitRead",
+    async () => ({ result: { shouldNotReach: true } }),
+  );
+  const ctx = { tools: [gitReadTool, itermTool] };
+
+  const unpatch = enforceTargetPanelExecutionPolicy(ctx);
+  const out = await gitReadTool.invoke({});
+  unpatch();
+  assert.equal(out?.result?.blocked, true);
+  assert.equal(out?.result?.requiredTool, "itermRunCommandInSession");
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@easynet/agent-runtime",
-  "version": "1.0.4",
+  "version": "1.0.5",
   "description": "Agent runtime factories: ReAct (LangChain), Deep (DeepAgents), sub-agent, and CLI runner",
   "type": "module",
   "main": "dist/index.js",