@elizaos/plugin-capacitor-bridge 2.0.3-beta.2 → 2.0.3-beta.4

package/dist/mobile-device-bridge-bootstrap.d.ts

@@ -0,0 +1,106 @@
+import { Server } from 'node:http';
+import { AgentRuntime, GenerateTextParams } from '@elizaos/core';
+
+/**
+ * Stock Capacitor mobile local-inference bridge.
+ *
+ * AOSP builds run llama.cpp inside the agent process via bun:ffi. Stock
+ * Capacitor Android/iOS builds cannot do that: llama.cpp is exposed to the
+ * WebView through the native Capacitor plugin. This module is the agent-side
+ * half of that path. It accepts a loopback WebSocket from the WebView,
+ * forwards TEXT_SMALL / TEXT_LARGE requests to the device, and lets the
+ * normal conversation routes keep using runtime model handlers.
+ */
+
+interface LocalInferenceLoadArgs {
+    modelPath: string;
+    contextSize?: number;
+    useGpu?: boolean;
+    maxThreads?: number;
+    draftModelPath?: string;
+    draftContextSize?: number;
+    draftMin?: number;
+    draftMax?: number;
+    speculativeSamples?: number;
+    mobileSpeculative?: boolean;
+    cacheTypeK?: string;
+    cacheTypeV?: string;
+    disableThinking?: boolean;
+}
+interface DeviceCapabilities {
+    platform: "ios" | "android" | "web";
+    deviceModel: string;
+    totalRamGb: number;
+    cpuCores: number;
+    gpu: {
+        backend: "metal" | "vulkan" | "gpu-delegate";
+        available: boolean;
+    } | null;
+}
+interface MobileDeviceBridgeStatus {
+    enabled: boolean;
+    connected: boolean;
+    devices: Array<{
+        deviceId: string;
+        capabilities: DeviceCapabilities;
+        loadedPath: string | null;
+        connectedSince: string;
+    }>;
+    primaryDeviceId: string | null;
+    pendingRequests: number;
+    modelPath: string | null;
+}
+declare class MobileDeviceBridge {
+    private wss;
+    private readonly devices;
+    private readonly pendingLoads;
+    private readonly pendingUnloads;
+    private readonly pendingGenerates;
+    private readonly pendingEmbeds;
+    private readonly pendingFormatChats;
+    private readonly expectedPairingToken;
+    status(): MobileDeviceBridgeStatus;
+    attachToHttpServer(server: Server): Promise<void>;
+    private handleConnection;
+    private handleDeviceMessage;
+    private primaryDevice;
+    private sendToPrimary;
+    loadModel(args: LocalInferenceLoadArgs): Promise<void>;
+    unloadModel(): Promise<void>;
+    generate(args: {
+        prompt: string;
+        stopSequences?: string[];
+        maxTokens?: number;
+        temperature?: number;
+    }): Promise<string>;
+    embed(args: {
+        input: string;
+    }): Promise<number[]>;
+    /**
+     * Apply the model's native chat template (Jinja, from the GGUF) to the
+     * given message list. Round-trips to the WebView so the Capacitor
+     * `LlamaCpp.getFormattedChat()` plugin call can invoke llama.cpp's
+     * `llama_chat_apply_template`. Returns the fully tokenized chat
+     * prompt string ready to feed back into `generate()`. Returns `null`
+     * when the loaded model has no chat template baked in (caller should
+     * fall back to a manual flatten in that case).
+     */
+    formatChat(messages: {
+        role: string;
+        content: string;
+    }[]): Promise<string | null>;
+}
+declare const mobileDeviceBridge: MobileDeviceBridge;
+declare function buildLoadArgsFromRegistryModel(model: {
+    id: string;
+    path: string;
+}): LocalInferenceLoadArgs;
+/** Gemma fallback prompt for bionic paths built without device-bridge templating. */
+declare function buildGemmaBionicPrompt(params: GenerateTextParams): string;
+declare function getMobileDeviceBridgeStatus(): MobileDeviceBridgeStatus;
+declare function loadMobileDeviceBridgeModel(modelPath: string, modelId?: string): Promise<void>;
+declare function unloadMobileDeviceBridgeModel(): Promise<void>;
+declare function attachMobileDeviceBridgeToServer(server: Server): Promise<void>;
+declare function ensureMobileDeviceBridgeInferenceHandlers(runtime: AgentRuntime): Promise<boolean>;
+
+export { type MobileDeviceBridgeStatus, attachMobileDeviceBridgeToServer, buildGemmaBionicPrompt, buildLoadArgsFromRegistryModel, ensureMobileDeviceBridgeInferenceHandlers, getMobileDeviceBridgeStatus, loadMobileDeviceBridgeModel, mobileDeviceBridge, unloadMobileDeviceBridgeModel };

package/dist/mobile-device-bridge-bootstrap.js

@@ -0,0 +1,21 @@
+import {
+  attachMobileDeviceBridgeToServer,
+  buildGemmaBionicPrompt,
+  buildLoadArgsFromRegistryModel,
+  ensureMobileDeviceBridgeInferenceHandlers,
+  getMobileDeviceBridgeStatus,
+  loadMobileDeviceBridgeModel,
+  mobileDeviceBridge,
+  unloadMobileDeviceBridgeModel
+} from "./chunk-Q2XW27TY.js";
+import "./chunk-MLKGABMK.js";
+export {
+  attachMobileDeviceBridgeToServer,
+  buildGemmaBionicPrompt,
+  buildLoadArgsFromRegistryModel,
+  ensureMobileDeviceBridgeInferenceHandlers,
+  getMobileDeviceBridgeStatus,
+  loadMobileDeviceBridgeModel,
+  mobileDeviceBridge,
+  unloadMobileDeviceBridgeModel
+};

package/dist/shared/fs-shim.d.ts

@@ -0,0 +1,93 @@
+/**
+ * mobile-fs-shim.ts — Sandboxed virtual filesystem for the mobile IDE use case.
+ *
+ * PURPOSE
+ * -------
+ * The elizaOS agent bundle runs on-device in Bun (iOS via ElizaBunEngine.xcframework)
+ * and Node.js (Android via nodejs-mobile). It uses `node:fs` and `node:path` heavily
+ * for workspace reads/writes, PGlite data, skill files, and trajectory logs.
+ *
+ * This shim installs a deny-by-default interceptor over `node:fs` / `node:path`
+ * at process start so that:
+ *   1. Every path is resolved relative to a known workspace root on-device.
+ *   2. Path traversal outside the root (e.g. `../../etc/passwd`) is rejected.
+ *   3. System paths (`/etc`, `/usr`, `/System`, `/private`, kernel sockets, etc.)
+ *      are blocked unconditionally — even when the caller passes an absolute path.
+ *   4. Dynamic code loading is blocked: `require()` and `import()` of files that
+ *      aren't bundled are rejected.
+ *   5. Network-sourced code execution is blocked: `fetch + eval/Function` is not
+ *      prevented here (that's handled at the JS engine level), but writing fetched
+ *      bytes to an executable path is caught at the fs layer.
+ *
+ * APP STORE COMPLIANCE
+ * --------------------
+ * iOS App Store:
+ *   - No JIT entitlement is required. Bun on iOS runs in interpreter mode
+ *     (LLVM AOT + Bun's bytecode interpreter), never dlopen'd JIT pages.
+ *   - No code is downloaded and executed at runtime. All JS is bundled into
+ *     `agent-bundle.js` at build time via `Bun.build`. The shim adds a runtime
+ *     guard to enforce this invariant.
+ *   - File access is confined to the app's sandbox (Application Support/Eliza/).
+ *     iOS enforces this at the kernel level too, but the shim provides an
+ *     explicit JS-layer defence-in-depth.
+ *
+ * Android Play Store:
+ *   - Play Store policy allows JIT for nodejs-mobile (V8 JIT is a documented
+ *     exception for scripting runtimes).
+ *   - Same "no downloaded code execution" guarantee as iOS — bundle-only JS.
+ *   - Access restricted to app's internal storage (`getFilesDir()` / equivalent).
+ *
+ * USAGE
+ * -----
+ *   import { installMobileFsShim } from "./mobile-fs-shim.ts";
+ *   installMobileFsShim(process.env.MOBILE_WORKSPACE_ROOT!);
+ *
+ * The shim must be installed before any other module that touches `node:fs`.
+ * In `ios-bridge.ts` / `ios-android.ts` entry points, call it as the very
+ * first statement — before `bootElizaRuntime()` is imported.
+ *
+ * DESIGN NOTES
+ * ------------
+ * - Bun (iOS) and nodejs-mobile (Android) both expose `node:fs` as the
+ *   canonical CJS module. We patch the live module object returned by
+ *   `require("node:fs")` / `require("fs")` so every subsequent `import fs`
+ *   or `require("fs")` in the bundle sees the sandboxed version.
+ * - `node:path` is not patched — path utilities themselves are safe; only the
+ *   final resolved path fed to an fs operation needs guarding. We export
+ *   `sandboxedPath()` for callers that assemble absolute paths externally.
+ * - The shim is idempotent: calling `installMobileFsShim` a second time with
+ *   the same root returns the already-installed shim state. Calling it with a
+ *   different root after install throws to prevent accidental escalation.
+ * - All blocked operations throw `EACCES`-coded errors so callers that check
+ *   `err.code` behave the same as if the OS rejected the call.
+ */
+/**
+ * Exported for callers that assemble absolute paths outside fs calls.
+ * Returns the sandbox-validated absolute path or throws `EACCES`.
+ */
+declare function sandboxedPath(inputPath: string): string;
+/**
+ * Whether the shim is currently active.
+ */
+declare function isMobileFsShimInstalled(): boolean;
+/**
+ * The workspace root the shim was installed with (empty string if not yet
+ * installed).
+ */
+declare function getMobileWorkspaceRoot(): string;
+/**
+ * Install the mobile filesystem sandbox.
+ *
+ * @param workspaceRoot  Absolute path to the app's writable workspace directory.
+ *                       Typically `SandboxPaths.appSupport + "/workspace"` on iOS,
+ *                       equivalent to `getFilesDir()/workspace` on Android.
+ *                       May be passed directly from the native host via
+ *                       `process.env.MOBILE_WORKSPACE_ROOT`.
+ *
+ * The function is idempotent: a second call with the same root is silently
+ * ignored.  A second call with a different root throws to prevent accidental
+ * privilege escalation.
+ */
+declare function installMobileFsShim(workspaceRoot: string): void;
+
+export { getMobileWorkspaceRoot, installMobileFsShim, isMobileFsShimInstalled, sandboxedPath };

package/dist/shared/fs-shim.js

@@ -0,0 +1,13 @@
+import {
+  getMobileWorkspaceRoot,
+  installMobileFsShim,
+  isMobileFsShimInstalled,
+  sandboxedPath
+} from "../chunk-E7Y447TQ.js";
+import "../chunk-MLKGABMK.js";
+export {
+  getMobileWorkspaceRoot,
+  installMobileFsShim,
+  isMobileFsShimInstalled,
+  sandboxedPath
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@elizaos/plugin-capacitor-bridge",
-  "version": "2.0.3-beta.2",
+  "version": "2.0.3-beta.4",
   "description": "Capacitor WebSocket bridge to device llama for stock mobile (non-AOSP) Eliza builds.",
   "type": "module",
   "main": "dist/index.js",
@@ -54,11 +54,11 @@
     "typecheck": "tsc --noEmit"
   },
   "dependencies": {
-    "@elizaos/core": "2.0.3-beta.2",
+    "@elizaos/core": "2.0.3-beta.4",
     "ws": "^8.18.0"
   },
   "peerDependencies": {
-    "@elizaos/core": "2.0.3-beta.2"
+    "@elizaos/core": "2.0.3-beta.4"
   },
   "devDependencies": {
     "@biomejs/biome": "^2.4.14",
@@ -72,5 +72,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "82fe0f44215954c2417328203f5bd6510985c1fc"
+  "gitHead": "f76f55793a0fb8d6b869dd8ddce03970de061e34"
 }