@elizaos/plugin-shell 2.0.3-beta.2 → 2.0.3-beta.4

package/dist/index.js

@@ -0,0 +1,4284 @@
+import { createRequire } from "node:module";
+var __require = /* @__PURE__ */ createRequire(import.meta.url);
+
+// approvals/allowlist.ts
+import crypto2 from "node:crypto";
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { logger, resolveStateDir } from "@elizaos/core";
+
+// approvals/types.ts
+var DEFAULT_SAFE_BINS = [
+  "jq",
+  "grep",
+  "cut",
+  "sort",
+  "uniq",
+  "head",
+  "tail",
+  "tr",
+  "wc"
+];
+var EXEC_APPROVAL_DEFAULTS = {
+  security: "deny",
+  ask: "on-miss",
+  askFallback: "deny",
+  autoAllowSkills: false,
+  timeoutMs: 120000
+};
+
+// approvals/allowlist.ts
+var DEFAULT_AGENT_ID = "default";
+function expandHome(value) {
+  if (!value)
+    return value;
+  if (value === "~")
+    return os.homedir();
+  if (value.startsWith("~/"))
+    return path.join(os.homedir(), value.slice(2));
+  return value;
+}
+function hashContent(raw) {
+  return crypto2.createHash("sha256").update(raw ?? "").digest("hex");
+}
+function getApprovalFilePath() {
+  return path.join(resolveStateDir(), "exec-approvals.json");
+}
+function getApprovalSocketPath() {
+  return path.join(resolveStateDir(), "exec-approvals.sock");
+}
+function ensureDir(filePath) {
+  const dir = path.dirname(filePath);
+  fs.mkdirSync(dir, { recursive: true });
+}
+function normalizePattern(value) {
+  const trimmed = value?.trim() ?? "";
+  return trimmed ? trimmed.toLowerCase() : null;
+}
+function ensureAllowlistIds(allowlist) {
+  if (!Array.isArray(allowlist) || allowlist.length === 0) {
+    return allowlist;
+  }
+  let changed = false;
+  const next = allowlist.map((entry) => {
+    if (entry.id)
+      return entry;
+    changed = true;
+    return { ...entry, id: crypto2.randomUUID() };
+  });
+  return changed ? next : allowlist;
+}
+function mergeLegacyAgent(current, legacy) {
+  const allowlist = [];
+  const seen = new Set;
+  const pushEntry = (entry) => {
+    const key = normalizePattern(entry.pattern);
+    if (!key || seen.has(key))
+      return;
+    seen.add(key);
+    allowlist.push(entry);
+  };
+  for (const entry of current.allowlist ?? [])
+    pushEntry(entry);
+  for (const entry of legacy.allowlist ?? [])
+    pushEntry(entry);
+  return {
+    security: current.security ?? legacy.security,
+    ask: current.ask ?? legacy.ask,
+    askFallback: current.askFallback ?? legacy.askFallback,
+    autoAllowSkills: current.autoAllowSkills ?? legacy.autoAllowSkills,
+    allowlist: allowlist.length > 0 ? allowlist : undefined
+  };
+}
+function normalizeApprovals(file) {
+  const socketPath = file.socket?.path?.trim();
+  const token = file.socket?.token?.trim();
+  const agents = { ...file.agents };
+  const legacyDefault = agents.default;
+  if (legacyDefault) {
+    const main = agents[DEFAULT_AGENT_ID];
+    agents[DEFAULT_AGENT_ID] = main ? mergeLegacyAgent(main, legacyDefault) : legacyDefault;
+    delete agents.default;
+  }
+  for (const [key, agent] of Object.entries(agents)) {
+    const allowlist = ensureAllowlistIds(agent.allowlist);
+    if (allowlist !== agent.allowlist) {
+      agents[key] = { ...agent, allowlist };
+    }
+  }
+  return {
+    version: 1,
+    socket: {
+      path: socketPath && socketPath.length > 0 ? socketPath : undefined,
+      token: token && token.length > 0 ? token : undefined
+    },
+    defaults: {
+      security: file.defaults?.security,
+      ask: file.defaults?.ask,
+      askFallback: file.defaults?.askFallback,
+      autoAllowSkills: file.defaults?.autoAllowSkills
+    },
+    agents
+  };
+}
+function generateToken() {
+  return crypto2.randomBytes(24).toString("base64url");
+}
+function readApprovalsSnapshot() {
+  const filePath = getApprovalFilePath();
+  if (!fs.existsSync(filePath)) {
+    const file2 = normalizeApprovals({ version: 1, agents: {} });
+    return {
+      path: filePath,
+      exists: false,
+      raw: null,
+      file: file2,
+      hash: hashContent(null)
+    };
+  }
+  const raw = fs.readFileSync(filePath, "utf8");
+  let parsed = null;
+  try {
+    parsed = JSON.parse(raw);
+  } catch (parseError) {
+    logger.warn({ src: "exec-approval", parseError, filePath }, "Failed to parse approval config snapshot - file may be corrupted");
+    parsed = null;
+  }
+  const file = parsed?.version === 1 ? normalizeApprovals(parsed) : normalizeApprovals({ version: 1, agents: {} });
+  if (parsed && parsed.version !== 1) {
+    logger.warn({ src: "exec-approval", version: parsed.version, filePath }, "Approval config snapshot has unexpected version");
+  }
+  return {
+    path: filePath,
+    exists: true,
+    raw,
+    file,
+    hash: hashContent(raw)
+  };
+}
+function loadApprovals() {
+  const filePath = getApprovalFilePath();
+  try {
+    if (!fs.existsSync(filePath)) {
+      logger.debug({ src: "exec-approval", filePath }, "Approval config file does not exist, using defaults");
+      return normalizeApprovals({ version: 1, agents: {} });
+    }
+    const raw = fs.readFileSync(filePath, "utf8");
+    let parsed;
+    try {
+      parsed = JSON.parse(raw);
+    } catch (parseError) {
+      logger.error({ src: "exec-approval", parseError, filePath }, "Failed to parse approval config JSON - file may be corrupted. Using defaults.");
+      return normalizeApprovals({ version: 1, agents: {} });
+    }
+    if (parsed.version !== 1) {
+      logger.warn({ src: "exec-approval", version: parsed.version, filePath }, "Approval config has unexpected version, using defaults");
+      return normalizeApprovals({ version: 1, agents: {} });
+    }
+    return normalizeApprovals(parsed);
+  } catch (error) {
+    logger.error({ src: "exec-approval", error, filePath }, "Failed to load approval config - using defaults. This may indicate a permissions issue.");
+    return normalizeApprovals({ version: 1, agents: {} });
+  }
+}
+function saveApprovals(file) {
+  const filePath = getApprovalFilePath();
+  try {
+    ensureDir(filePath);
+    fs.writeFileSync(filePath, `${JSON.stringify(file, null, 2)}
+`, {
+      mode: 384
+    });
+    try {
+      fs.chmodSync(filePath, 384);
+    } catch {}
+  } catch (error) {
+    logger.error({ src: "exec-approval", error, filePath }, "Failed to save approval configuration");
+    throw new Error(`Failed to save approval configuration to ${filePath}: ${error}`);
+  }
+}
+function ensureApprovals() {
+  const loaded = loadApprovals();
+  const next = normalizeApprovals(loaded);
+  const socketPath = next.socket?.path?.trim();
+  const token = next.socket?.token?.trim();
+  const updated = {
+    ...next,
+    socket: {
+      path: socketPath && socketPath.length > 0 ? socketPath : getApprovalSocketPath(),
+      token: token && token.length > 0 ? token : generateToken()
+    }
+  };
+  try {
+    saveApprovals(updated);
+  } catch (error) {
+    logger.warn({ src: "exec-approval", error }, "Failed to save approval config during ensureApprovals - " + "returning in-memory config. Changes will not persist.");
+    throw error;
+  }
+  return updated;
+}
+function normalizeSecurity(value, fallback) {
+  if (value === "allowlist" || value === "full" || value === "deny") {
+    return value;
+  }
+  return fallback;
+}
+function normalizeAsk(value, fallback) {
+  if (value === "always" || value === "off" || value === "on-miss") {
+    return value;
+  }
+  return fallback;
+}
+function resolveApprovals(agentId, overrides) {
+  let file;
+  try {
+    file = ensureApprovals();
+  } catch (error) {
+    logger.warn({ src: "exec-approval", error }, "Could not ensure approval config exists - using read-only config");
+    file = loadApprovals();
+  }
+  return resolveApprovalsFromFile({
+    file,
+    agentId,
+    overrides,
+    path: getApprovalFilePath(),
+    socketPath: expandHome(file.socket?.path ?? getApprovalSocketPath()),
+    token: file.socket?.token ?? ""
+  });
+}
+function resolveApprovalsFromFile(params) {
+  const file = normalizeApprovals(params.file);
+  const defaults = file.defaults ?? {};
+  const agentKey = params.agentId ?? DEFAULT_AGENT_ID;
+  const agent = file.agents?.[agentKey] ?? {};
+  const wildcard = file.agents?.["*"] ?? {};
+  const fallbackSecurity = params.overrides?.security ?? EXEC_APPROVAL_DEFAULTS.security;
+  const fallbackAsk = params.overrides?.ask ?? EXEC_APPROVAL_DEFAULTS.ask;
+  const fallbackAskFallback = params.overrides?.askFallback ?? EXEC_APPROVAL_DEFAULTS.askFallback;
+  const fallbackAutoAllowSkills = params.overrides?.autoAllowSkills ?? EXEC_APPROVAL_DEFAULTS.autoAllowSkills;
+  const resolvedDefaults = {
+    security: normalizeSecurity(defaults.security, fallbackSecurity),
+    ask: normalizeAsk(defaults.ask, fallbackAsk),
+    askFallback: normalizeSecurity(defaults.askFallback ?? fallbackAskFallback, fallbackAskFallback),
+    autoAllowSkills: Boolean(defaults.autoAllowSkills ?? fallbackAutoAllowSkills)
+  };
+  const resolvedAgent = {
+    security: normalizeSecurity(agent.security ?? wildcard.security ?? resolvedDefaults.security, resolvedDefaults.security),
+    ask: normalizeAsk(agent.ask ?? wildcard.ask ?? resolvedDefaults.ask, resolvedDefaults.ask),
+    askFallback: normalizeSecurity(agent.askFallback ?? wildcard.askFallback ?? resolvedDefaults.askFallback, resolvedDefaults.askFallback),
+    autoAllowSkills: Boolean(agent.autoAllowSkills ?? wildcard.autoAllowSkills ?? resolvedDefaults.autoAllowSkills)
+  };
+  const allowlist = [
+    ...Array.isArray(wildcard.allowlist) ? wildcard.allowlist : [],
+    ...Array.isArray(agent.allowlist) ? agent.allowlist : []
+  ];
+  return {
+    path: params.path ?? getApprovalFilePath(),
+    socketPath: expandHome(params.socketPath ?? file.socket?.path ?? getApprovalSocketPath()),
+    token: params.token ?? file.socket?.token ?? "",
+    defaults: resolvedDefaults,
+    agent: resolvedAgent,
+    allowlist,
+    file
+  };
+}
+function matchAllowlist(entries, resolution) {
+  if (!entries.length || !resolution?.resolvedPath) {
+    return null;
+  }
+  const resolvedPath = resolution.resolvedPath;
+  for (const entry of entries) {
+    const pattern = entry.pattern.trim();
+    if (!pattern)
+      continue;
+    const hasPath = pattern.includes("/") || pattern.includes("\\") || pattern.includes("~");
+    if (!hasPath)
+      continue;
+    if (matchesPattern(pattern, resolvedPath)) {
+      return entry;
+    }
+  }
+  return null;
+}
+function matchesPattern(pattern, target) {
+  const trimmed = pattern.trim();
+  if (!trimmed)
+    return false;
+  const expanded = trimmed.startsWith("~") ? expandHome(trimmed) : trimmed;
+  const hasWildcard = /[*?]/.test(expanded);
+  let normalizedPattern = expanded;
+  let normalizedTarget = target;
+  if (process.platform === "win32" && !hasWildcard) {
+    normalizedPattern = tryRealpath(expanded) ?? expanded;
+    normalizedTarget = tryRealpath(target) ?? target;
+  }
+  normalizedPattern = normalizeMatchTarget(normalizedPattern);
+  normalizedTarget = normalizeMatchTarget(normalizedTarget);
+  const regex = globToRegExp(normalizedPattern);
+  return regex.test(normalizedTarget);
+}
+function normalizeMatchTarget(value) {
+  if (process.platform === "win32") {
+    const stripped = value.replace(/^\\\\[?.]\\/, "");
+    return stripped.replace(/\\/g, "/").toLowerCase();
+  }
+  return value.replace(/\\\\/g, "/").toLowerCase();
+}
+function tryRealpath(value) {
+  try {
+    return fs.realpathSync(value);
+  } catch {
+    return null;
+  }
+}
+function globToRegExp(pattern) {
+  let regex = "^";
+  let i = 0;
+  while (i < pattern.length) {
+    const ch = pattern[i];
+    if (ch === "*") {
+      const next = pattern[i + 1];
+      if (next === "*") {
+        regex += ".*";
+        i += 2;
+        continue;
+      }
+      regex += "[^/]*";
+      i += 1;
+      continue;
+    }
+    if (ch === "?") {
+      regex += ".";
+      i += 1;
+      continue;
+    }
+    regex += ch.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+    i += 1;
+  }
+  regex += "$";
+  return new RegExp(regex, "i");
+}
+function recordAllowlistUse(approvals, agentId, entry, command, resolvedPath) {
+  const target = agentId ?? DEFAULT_AGENT_ID;
+  const agents = approvals.agents ?? {};
+  const existing = agents[target] ?? {};
+  const allowlist = Array.isArray(existing.allowlist) ? existing.allowlist : [];
+  const nextAllowlist = allowlist.map((item) => item.pattern === entry.pattern ? {
+    ...item,
+    id: item.id ?? crypto2.randomUUID(),
+    lastUsedAt: Date.now(),
+    lastUsedCommand: command,
+    lastResolvedPath: resolvedPath
+  } : item);
+  agents[target] = { ...existing, allowlist: nextAllowlist };
+  approvals.agents = agents;
+  try {
+    saveApprovals(approvals);
+    return true;
+  } catch (error) {
+    logger.warn({ src: "exec-approval", error, pattern: entry.pattern }, "Failed to record allowlist usage - continuing without update");
+    return false;
+  }
+}
+function addAllowlistEntry(approvals, agentId, pattern) {
+  const target = agentId ?? DEFAULT_AGENT_ID;
+  const agents = approvals.agents ?? {};
+  const existing = agents[target] ?? {};
+  const allowlist = Array.isArray(existing.allowlist) ? existing.allowlist : [];
+  const trimmed = pattern.trim();
+  if (!trimmed) {
+    logger.warn({ src: "exec-approval" }, "Attempted to add empty pattern to allowlist");
+    return false;
+  }
+  if (allowlist.some((entry) => entry.pattern === trimmed)) {
+    logger.debug({ src: "exec-approval", pattern: trimmed }, "Pattern already in allowlist");
+    return false;
+  }
+  allowlist.push({
+    id: crypto2.randomUUID(),
+    pattern: trimmed,
+    lastUsedAt: Date.now()
+  });
+  agents[target] = { ...existing, allowlist };
+  approvals.agents = agents;
+  try {
+    saveApprovals(approvals);
+    logger.info({ src: "exec-approval", pattern: trimmed, agentId: target }, "Added pattern to allowlist");
+    return true;
+  } catch (error) {
+    logger.error({ src: "exec-approval", error, pattern: trimmed }, "Failed to save allowlist after adding entry");
+    return false;
+  }
+}
+function minSecurity(a, b) {
+  const order = {
+    deny: 0,
+    allowlist: 1,
+    full: 2
+  };
+  return order[a] <= order[b] ? a : b;
+}
+function maxAsk(a, b) {
+  const order = { off: 0, "on-miss": 1, always: 2 };
+  return order[a] >= order[b] ? a : b;
+}
+// approvals/analysis.ts
+import fs2 from "node:fs";
+import path2 from "node:path";
+var DISALLOWED_PIPELINE_TOKENS = new Set([">", "<", "`", `
+`, "\r", "(", ")"]);
+var DOUBLE_QUOTE_ESCAPES = new Set(["\\", '"', "$", "`", `
+`, "\r"]);
+var WINDOWS_UNSUPPORTED_TOKENS = new Set([
+  "&",
+  "|",
+  "<",
+  ">",
+  "^",
+  "(",
+  ")",
+  "%",
+  "!",
+  `
+`,
+  "\r"
+]);
+function isDoubleQuoteEscape(next) {
+  return Boolean(next && DOUBLE_QUOTE_ESCAPES.has(next));
+}
+function isExecutableFile(filePath) {
+  try {
+    const stat = fs2.statSync(filePath);
+    if (!stat.isFile())
+      return false;
+    if (process.platform !== "win32") {
+      fs2.accessSync(filePath, fs2.constants.X_OK);
+    }
+    return true;
+  } catch {
+    return false;
+  }
+}
+function expandHome2(value) {
+  if (!value)
+    return value;
+  if (value === "~")
+    return __require("node:os").homedir();
+  if (value.startsWith("~/"))
+    return path2.join(__require("node:os").homedir(), value.slice(2));
+  return value;
+}
+function parseFirstToken(command) {
+  const trimmed = command.trim();
+  if (!trimmed)
+    return null;
+  const first = trimmed[0];
+  if (first === '"' || first === "'") {
+    const end = trimmed.indexOf(first, 1);
+    if (end > 1)
+      return trimmed.slice(1, end);
+    return trimmed.slice(1);
+  }
+  const match = /^[^\s]+/.exec(trimmed);
+  return match ? match[0] : null;
+}
+function resolveExecutablePath(rawExecutable, cwd, env) {
+  const expanded = rawExecutable.startsWith("~") ? expandHome2(rawExecutable) : rawExecutable;
+  if (expanded.includes("/") || expanded.includes("\\")) {
+    if (path2.isAbsolute(expanded)) {
+      return isExecutableFile(expanded) ? expanded : undefined;
+    }
+    const base = cwd?.trim() || process.cwd();
+    const candidate = path2.resolve(base, expanded);
+    return isExecutableFile(candidate) ? candidate : undefined;
+  }
+  const envPath = env?.PATH ?? env?.Path ?? process.env.PATH ?? process.env.Path ?? "";
+  const entries = envPath.split(path2.delimiter).filter(Boolean);
+  const hasExtension = process.platform === "win32" && path2.extname(expanded).length > 0;
+  const extensions = process.platform === "win32" ? hasExtension ? [""] : (env?.PATHEXT ?? env?.Pathext ?? process.env.PATHEXT ?? process.env.Pathext ?? ".EXE;.CMD;.BAT;.COM").split(";").map((ext) => ext.toLowerCase()) : [""];
+  for (const entry of entries) {
+    for (const ext of extensions) {
+      const candidate = path2.join(entry, expanded + ext);
+      if (isExecutableFile(candidate)) {
+        return candidate;
+      }
+    }
+  }
+  return;
+}
+function resolveCommandResolution(command, cwd, env) {
+  const rawExecutable = parseFirstToken(command);
+  if (!rawExecutable)
+    return null;
+  const resolvedPath = resolveExecutablePath(rawExecutable, cwd, env);
+  const executableName = resolvedPath ? path2.basename(resolvedPath) : rawExecutable;
+  return { rawExecutable, resolvedPath, executableName };
+}
+function resolveCommandFromArgv(argv, cwd, env) {
+  const rawExecutable = argv[0]?.trim();
+  if (!rawExecutable)
+    return null;
+  const resolvedPath = resolveExecutablePath(rawExecutable, cwd, env);
+  const executableName = resolvedPath ? path2.basename(resolvedPath) : rawExecutable;
+  return { rawExecutable, resolvedPath, executableName };
+}
+function iterateQuoteAware(command, onChar) {
+  const parts = [];
+  let buf = "";
+  let inSingle = false;
+  let inDouble = false;
+  let escaped = false;
+  let hasSplit = false;
+  const pushPart = () => {
+    const trimmed = buf.trim();
+    if (trimmed)
+      parts.push(trimmed);
+    buf = "";
+  };
+  for (let i = 0;i < command.length; i += 1) {
+    const ch = command[i];
+    const next = command[i + 1];
+    if (escaped) {
+      buf += ch;
+      escaped = false;
+      continue;
+    }
+    if (!inSingle && !inDouble && ch === "\\") {
+      escaped = true;
+      buf += ch;
+      continue;
+    }
+    if (inSingle) {
+      if (ch === "'")
+        inSingle = false;
+      buf += ch;
+      continue;
+    }
+    if (inDouble) {
+      if (ch === "\\" && isDoubleQuoteEscape(next)) {
+        buf += ch;
+        buf += next;
+        i += 1;
+        continue;
+      }
+      if (ch === "$" && next === "(") {
+        return { ok: false, reason: "unsupported shell token: $()" };
+      }
+      if (ch === "`") {
+        return { ok: false, reason: "unsupported shell token: `" };
+      }
+      if (ch === `
+` || ch === "\r") {
+        return { ok: false, reason: "unsupported shell token: newline" };
+      }
+      if (ch === '"')
+        inDouble = false;
+      buf += ch;
+      continue;
+    }
+    if (ch === "'") {
+      inSingle = true;
+      buf += ch;
+      continue;
+    }
+    if (ch === '"') {
+      inDouble = true;
+      buf += ch;
+      continue;
+    }
+    const action = onChar(ch, next, i);
+    if (typeof action === "object" && "reject" in action) {
+      return { ok: false, reason: action.reject };
+    }
+    if (action === "split") {
+      pushPart();
+      hasSplit = true;
+      continue;
+    }
+    if (action === "skip")
+      continue;
+    buf += ch;
+  }
+  if (escaped || inSingle || inDouble) {
+    return { ok: false, reason: "unterminated shell quote/escape" };
+  }
+  pushPart();
+  return { ok: true, parts, hasSplit };
+}
+function splitShellPipeline(command) {
+  let emptySegment = false;
+  const result = iterateQuoteAware(command, (ch, next) => {
+    if (ch === "|" && next === "|") {
+      return { reject: "unsupported shell token: ||" };
+    }
+    if (ch === "|" && next === "&") {
+      return { reject: "unsupported shell token: |&" };
+    }
+    if (ch === "|") {
+      emptySegment = true;
+      return "split";
+    }
+    if (ch === "&" || ch === ";") {
+      return { reject: `unsupported shell token: ${ch}` };
+    }
+    if (DISALLOWED_PIPELINE_TOKENS.has(ch)) {
+      return { reject: `unsupported shell token: ${ch}` };
+    }
+    if (ch === "$" && next === "(") {
+      return { reject: "unsupported shell token: $()" };
+    }
+    emptySegment = false;
+    return "include";
+  });
+  if (!result.ok) {
+    return { ok: false, reason: result.reason, segments: [] };
+  }
+  if (emptySegment || result.parts.length === 0) {
+    return {
+      ok: false,
+      reason: result.parts.length === 0 ? "empty command" : "empty pipeline segment",
+      segments: []
+    };
+  }
+  return { ok: true, segments: result.parts };
+}
+function tokenizeShellSegment(segment) {
+  const tokens = [];
+  let buf = "";
+  let inSingle = false;
+  let inDouble = false;
+  let escaped = false;
+  const pushToken = () => {
+    if (buf.length > 0) {
+      tokens.push(buf);
+      buf = "";
+    }
+  };
+  for (let i = 0;i < segment.length; i += 1) {
+    const ch = segment[i];
+    if (escaped) {
+      buf += ch;
+      escaped = false;
+      continue;
+    }
+    if (!inSingle && !inDouble && ch === "\\") {
+      escaped = true;
+      continue;
+    }
+    if (inSingle) {
+      if (ch === "'")
+        inSingle = false;
+      else
+        buf += ch;
+      continue;
+    }
+    if (inDouble) {
+      const next = segment[i + 1];
+      if (ch === "\\" && isDoubleQuoteEscape(next)) {
+        buf += next;
+        i += 1;
+        continue;
+      }
+      if (ch === '"')
+        inDouble = false;
+      else
+        buf += ch;
+      continue;
+    }
+    if (ch === "'") {
+      inSingle = true;
+      continue;
+    }
+    if (ch === '"') {
+      inDouble = true;
+      continue;
+    }
+    if (/\s/.test(ch)) {
+      pushToken();
+      continue;
+    }
+    buf += ch;
+  }
+  if (escaped || inSingle || inDouble)
+    return null;
+  pushToken();
+  return tokens;
+}
+function parseSegmentsFromParts(parts, cwd, env) {
+  const segments = [];
+  for (const raw of parts) {
+    const argv = tokenizeShellSegment(raw);
+    if (!argv || argv.length === 0)
+      return null;
+    segments.push({
+      raw,
+      argv,
+      resolution: resolveCommandFromArgv(argv, cwd, env)
+    });
+  }
+  return segments;
+}
+function isWindowsPlatform(platform) {
+  const normalized = String(platform ?? "").trim().toLowerCase();
+  return normalized.startsWith("win");
+}
+function analyzeShellCommand(params) {
+  if (isWindowsPlatform(params.platform)) {
+    return analyzeWindowsCommand(params);
+  }
+  const chainParts = splitCommandChain(params.command);
+  if (chainParts) {
+    const chains = [];
+    const allSegments = [];
+    for (const part of chainParts) {
+      const pipelineSplit = splitShellPipeline(part);
+      if (!pipelineSplit.ok) {
+        return { ok: false, reason: pipelineSplit.reason, segments: [] };
+      }
+      const segments2 = parseSegmentsFromParts(pipelineSplit.segments, params.cwd, params.env);
+      if (!segments2) {
+        return {
+          ok: false,
+          reason: "unable to parse shell segment",
+          segments: []
+        };
+      }
+      chains.push(segments2);
+      allSegments.push(...segments2);
+    }
+    return { ok: true, segments: allSegments, chains };
+  }
+  const split = splitShellPipeline(params.command);
+  if (!split.ok) {
+    return { ok: false, reason: split.reason, segments: [] };
+  }
+  const segments = parseSegmentsFromParts(split.segments, params.cwd, params.env);
+  if (!segments) {
+    return { ok: false, reason: "unable to parse shell segment", segments: [] };
+  }
+  return { ok: true, segments };
+}
+function analyzeWindowsCommand(params) {
+  for (const ch of params.command) {
+    if (WINDOWS_UNSUPPORTED_TOKENS.has(ch)) {
+      const tokenName = ch === `
+` || ch === "\r" ? "newline" : ch;
+      return {
+        ok: false,
+        reason: `unsupported windows shell token: ${tokenName}`,
+        segments: []
+      };
+    }
+  }
+  const argv = tokenizeWindowsSegment(params.command);
+  if (!argv || argv.length === 0) {
+    return {
+      ok: false,
+      reason: "unable to parse windows command",
+      segments: []
+    };
+  }
+  return {
+    ok: true,
+    segments: [
+      {
+        raw: params.command,
+        argv,
+        resolution: resolveCommandFromArgv(argv, params.cwd, params.env)
+      }
+    ]
+  };
+}
+function tokenizeWindowsSegment(segment) {
+  const tokens = [];
+  let buf = "";
+  let inDouble = false;
+  const pushToken = () => {
+    if (buf.length > 0) {
+      tokens.push(buf);
+      buf = "";
+    }
+  };
+  for (const ch of segment) {
+    if (ch === '"') {
+      inDouble = !inDouble;
+      continue;
+    }
+    if (!inDouble && /\s/.test(ch)) {
+      pushToken();
+      continue;
+    }
+    buf += ch;
+  }
+  if (inDouble)
+    return null;
+  pushToken();
+  return tokens.length > 0 ? tokens : null;
+}
+function splitCommandChain(command) {
+  const parts = [];
+  let buf = "";
+  let inSingle = false;
+  let inDouble = false;
+  let escaped = false;
+  let foundChain = false;
+  let invalidChain = false;
+  const pushPart = () => {
+    const trimmed = buf.trim();
+    if (trimmed) {
+      parts.push(trimmed);
+      buf = "";
+      return true;
+    }
+    buf = "";
+    return false;
+  };
+  for (let i = 0;i < command.length; i += 1) {
+    const ch = command[i];
+    const next = command[i + 1];
+    if (escaped) {
+      buf += ch;
+      escaped = false;
+      continue;
+    }
+    if (!inSingle && !inDouble && ch === "\\") {
+      escaped = true;
+      buf += ch;
+      continue;
+    }
+    if (inSingle) {
+      if (ch === "'")
+        inSingle = false;
+      buf += ch;
+      continue;
+    }
+    if (inDouble) {
+      if (ch === "\\" && isDoubleQuoteEscape(next)) {
+        buf += ch;
+        buf += next;
+        i += 1;
+        continue;
+      }
+      if (ch === '"')
+        inDouble = false;
+      buf += ch;
+      continue;
+    }
+    if (ch === "'") {
+      inSingle = true;
+      buf += ch;
+      continue;
+    }
+    if (ch === '"') {
+      inDouble = true;
+      buf += ch;
+      continue;
+    }
+    if (ch === "&" && next === "&") {
+      if (!pushPart())
+        invalidChain = true;
+      i += 1;
+      foundChain = true;
+      continue;
+    }
+    if (ch === "|" && next === "|") {
+      if (!pushPart())
+        invalidChain = true;
+      i += 1;
+      foundChain = true;
+      continue;
+    }
+    if (ch === ";") {
+      if (!pushPart())
+        invalidChain = true;
+      foundChain = true;
+      continue;
+    }
+    buf += ch;
+  }
+  const pushedFinal = pushPart();
+  if (!foundChain)
+    return null;
+  if (invalidChain || !pushedFinal)
+    return null;
+  return parts.length > 0 ? parts : null;
+}
+function normalizeSafeBins(entries) {
+  if (!Array.isArray(entries))
+    return new Set;
+  const normalized = entries.map((entry) => entry.trim().toLowerCase()).filter((entry) => entry.length > 0);
+  return new Set(normalized);
+}
+function resolveSafeBins(entries) {
+  if (entries === undefined) {
+    return normalizeSafeBins([...DEFAULT_SAFE_BINS]);
+  }
+  return normalizeSafeBins(entries ?? []);
+}
+function isPathLikeToken(value) {
+  const trimmed = value.trim();
+  if (!trimmed || trimmed === "-")
+    return false;
+  if (trimmed.startsWith("./") || trimmed.startsWith("../") || trimmed.startsWith("~"))
+    return true;
+  if (trimmed.startsWith("/"))
+    return true;
+  return /^[A-Za-z]:[\\/]/.test(trimmed);
+}
+function defaultFileExists(filePath) {
+  try {
+    return fs2.existsSync(filePath);
+  } catch {
+    return false;
+  }
+}
+function isSafeBinUsage(params) {
+  if (params.safeBins.size === 0)
+    return false;
+  const resolution = params.resolution;
+  const execName = resolution?.executableName?.toLowerCase();
+  if (!execName)
+    return false;
+  const matchesSafeBin = params.safeBins.has(execName) || process.platform === "win32" && params.safeBins.has(path2.parse(execName).name);
+  if (!matchesSafeBin)
+    return false;
+  if (!resolution?.resolvedPath)
+    return false;
+  const cwd = params.cwd ?? process.cwd();
+  const exists = params.fileExists ?? defaultFileExists;
+  const argv = params.argv.slice(1);
+  for (const token of argv) {
+    if (!token || token === "-")
+      continue;
+    if (token.startsWith("-")) {
+      const eqIndex = token.indexOf("=");
+      if (eqIndex > 0) {
+        const value = token.slice(eqIndex + 1);
+        if (value && (isPathLikeToken(value) || exists(path2.resolve(cwd, value)))) {
+          return false;
+        }
+      }
+      continue;
+    }
+    if (isPathLikeToken(token))
+      return false;
+    if (exists(path2.resolve(cwd, token)))
+      return false;
+  }
+  return true;
+}
+function resolveAllowlistCandidatePath(resolution, cwd) {
+  if (!resolution)
+    return;
+  if (resolution.resolvedPath)
+    return resolution.resolvedPath;
+  const raw = resolution.rawExecutable.trim();
+  if (!raw)
+    return;
+  const expanded = raw.startsWith("~") ? expandHome2(raw) : raw;
+  if (!expanded.includes("/") && !expanded.includes("\\"))
+    return;
+  if (path2.isAbsolute(expanded))
+    return expanded;
+  const base = cwd?.trim() || process.cwd();
+  return path2.resolve(base, expanded);
+}
+function evaluateSegments(segments, params) {
+  const matches = [];
+  const allowSkills = params.autoAllowSkills === true && (params.skillBins?.size ?? 0) > 0;
+  const satisfied = segments.every((segment) => {
+    const candidatePath = resolveAllowlistCandidatePath(segment.resolution, params.cwd);
+    const candidateResolution = candidatePath && segment.resolution ? { ...segment.resolution, resolvedPath: candidatePath } : segment.resolution;
+    const match = matchAllowlist(params.allowlist, candidateResolution);
+    if (match)
+      matches.push(match);
+    const safe = isSafeBinUsage({
+      argv: segment.argv,
+      resolution: segment.resolution,
+      safeBins: params.safeBins,
+      cwd: params.cwd
+    });
+    const skillAllow = allowSkills && segment.resolution?.executableName ? params.skillBins?.has(segment.resolution.executableName) : false;
+    return Boolean(match || safe || skillAllow);
+  });
+  return { satisfied, matches };
+}
+function evaluateExecAllowlist(params) {
+  const allowlistMatches = [];
+  if (!params.analysis.ok || params.analysis.segments.length === 0) {
+    return { allowlistSatisfied: false, allowlistMatches };
+  }
+  if (params.analysis.chains) {
+    for (const chainSegments of params.analysis.chains) {
+      const result2 = evaluateSegments(chainSegments, {
+        allowlist: params.allowlist,
+        safeBins: params.safeBins,
+        cwd: params.cwd,
+        skillBins: params.skillBins,
+        autoAllowSkills: params.autoAllowSkills
+      });
+      if (!result2.satisfied) {
+        return { allowlistSatisfied: false, allowlistMatches: [] };
+      }
+      allowlistMatches.push(...result2.matches);
+    }
+    return { allowlistSatisfied: true, allowlistMatches };
+  }
+  const result = evaluateSegments(params.analysis.segments, {
+    allowlist: params.allowlist,
+    safeBins: params.safeBins,
+    cwd: params.cwd,
+    skillBins: params.skillBins,
+    autoAllowSkills: params.autoAllowSkills
+  });
+  return {
+    allowlistSatisfied: result.satisfied,
+    allowlistMatches: result.matches
+  };
+}
+function evaluateShellAllowlist(params) {
+  const chainParts = isWindowsPlatform(params.platform) ? null : splitCommandChain(params.command);
+  if (!chainParts) {
+    const analysis = analyzeShellCommand({
+      command: params.command,
+      cwd: params.cwd,
+      env: params.env,
+      platform: params.platform
+    });
+    if (!analysis.ok) {
+      return {
+        analysisOk: false,
+        allowlistSatisfied: false,
+        allowlistMatches: [],
+        segments: []
+      };
+    }
+    const evaluation = evaluateExecAllowlist({
+      analysis,
+      allowlist: params.allowlist,
+      safeBins: params.safeBins,
+      cwd: params.cwd,
+      skillBins: params.skillBins,
+      autoAllowSkills: params.autoAllowSkills
+    });
+    return {
+      analysisOk: true,
+      allowlistSatisfied: evaluation.allowlistSatisfied,
+      allowlistMatches: evaluation.allowlistMatches,
+      segments: analysis.segments
+    };
+  }
+  const allowlistMatches = [];
+  const segments = [];
+  for (const part of chainParts) {
+    const analysis = analyzeShellCommand({
+      command: part,
+      cwd: params.cwd,
+      env: params.env,
+      platform: params.platform
+    });
+    if (!analysis.ok) {
+      return {
+        analysisOk: false,
+        allowlistSatisfied: false,
+        allowlistMatches: [],
+        segments: []
+      };
+    }
+    segments.push(...analysis.segments);
+    const evaluation = evaluateExecAllowlist({
+      analysis,
+      allowlist: params.allowlist,
+      safeBins: params.safeBins,
+      cwd: params.cwd,
+      skillBins: params.skillBins,
+      autoAllowSkills: params.autoAllowSkills
+    });
+    allowlistMatches.push(...evaluation.allowlistMatches);
+    if (!evaluation.allowlistSatisfied) {
+      return {
+        analysisOk: true,
+        allowlistSatisfied: false,
+        allowlistMatches,
+        segments
+      };
+    }
+  }
+  return {
+    analysisOk: true,
+    allowlistSatisfied: true,
+    allowlistMatches,
+    segments
+  };
+}
+function requiresExecApproval(params) {
+  return params.ask === "always" || params.ask === "on-miss" && params.security === "allowlist" && (!params.analysisOk || !params.allowlistSatisfied);
+}
+// approvals/service.ts
+import { logger as logger2, Service } from "@elizaos/core";
+var EXEC_APPROVAL_OPTIONS = [
+  { name: "allow-once", description: "Allow this one time" },
+  { name: "allow-always", description: "Always allow this" },
+  { name: "deny", description: "Deny the request", isCancel: true }
+];
+
+class ExecApprovalService extends Service {
+  static serviceType = "exec_approval";
+  capabilityDescription = "Manages command execution approvals with allowlist and user confirmation";
+  approvalConfig = null;
+  safeBins;
+  skillBins;
+  constructor(runtime) {
+    super(runtime);
+    this.safeBins = resolveSafeBins();
+    this.skillBins = new Set;
+  }
+  static async start(runtime) {
+    const service = new ExecApprovalService(runtime);
+    try {
+      service.approvalConfig = resolveApprovals(runtime.agentId);
+    } catch (error) {
+      logger2.error({ src: "service:exec_approval", error, agentId: runtime.agentId }, "Failed to load approval config during startup - using in-memory defaults. " + "Approvals may not persist. Check state-dir file permissions.");
+      service.approvalConfig = {
+        path: "",
+        socketPath: "",
+        token: "",
+        defaults: {
+          security: "deny",
+          ask: "on-miss",
+          askFallback: "deny",
+          autoAllowSkills: false
+        },
+        agent: {
+          security: "deny",
+          ask: "on-miss",
+          askFallback: "deny",
+          autoAllowSkills: false
+        },
+        allowlist: [],
+        file: { version: 1, agents: {} }
+      };
+    }
+    logger2.info({ src: "service:exec_approval", agentId: runtime.agentId }, "ExecApprovalService started");
+    return service;
+  }
+  async stop() {
+    logger2.debug({ src: "service:exec_approval" }, "ExecApprovalService stopped");
+  }
+  loadConfig(agentId) {
+    this.approvalConfig = resolveApprovals(agentId ?? this.runtime.agentId);
+    return this.approvalConfig;
+  }
+  getConfig() {
+    if (!this.approvalConfig) {
+      this.approvalConfig = resolveApprovals(this.runtime.agentId);
+    }
+    return this.approvalConfig;
+  }
+  setSafeBins(bins) {
+    this.safeBins = resolveSafeBins(bins);
+  }
+  setSkillBins(bins) {
+    this.skillBins = new Set(bins.map((b) => b.toLowerCase()));
+  }
+  async checkCommand(params) {
+    const config = this.getConfig();
+    const analysis = analyzeShellCommand({
+      command: params.command,
+      cwd: params.cwd,
+      env: params.env
+    });
+    if (!analysis.ok) {
+      return {
+        allowed: false,
+        requiresApproval: false,
+        reason: analysis.reason ?? "Command analysis failed",
+        analysis,
+        allowlistMatches: []
+      };
+    }
+    const evaluation = evaluateShellAllowlist({
+      command: params.command,
+      allowlist: config.allowlist,
+      safeBins: this.safeBins,
+      cwd: params.cwd,
+      env: params.env,
+      skillBins: this.skillBins,
+      autoAllowSkills: config.agent.autoAllowSkills
+    });
+    const security = config.agent.security;
+    const ask = config.agent.ask;
+    if (security === "full") {
+      return {
+        allowed: true,
+        requiresApproval: false,
+        analysis,
+        allowlistMatches: evaluation.allowlistMatches
+      };
+    }
+    if (security === "deny") {
+      return {
+        allowed: false,
+        requiresApproval: false,
+        reason: "Command execution is disabled",
+        analysis,
+        allowlistMatches: []
+      };
+    }
+    if (evaluation.allowlistSatisfied) {
+      let recordingFailed = false;
+      for (const match of evaluation.allowlistMatches) {
+        const approvals = loadApprovals();
+        const recorded = recordAllowlistUse(approvals, params.agentId ?? this.runtime.agentId, match, params.command, analysis.segments[0]?.resolution?.resolvedPath);
+        if (!recorded) {
+          recordingFailed = true;
+        }
+      }
+      if (recordingFailed) {
+        logger2.debug({ src: "service:exec_approval", command: params.command }, "Some allowlist usage records failed to save - command will still proceed");
+      }
+      return {
+        allowed: true,
+        requiresApproval: false,
+        analysis,
+        allowlistMatches: evaluation.allowlistMatches
+      };
+    }
+    const needsApproval = requiresExecApproval({
+      ask,
+      security,
+      analysisOk: analysis.ok,
+      allowlistSatisfied: evaluation.allowlistSatisfied
+    });
+    if (!needsApproval) {
+      const fallback = config.agent.askFallback;
+      if (fallback === "deny") {
+        return {
+          allowed: false,
+          requiresApproval: false,
+          reason: "Command not in allowlist",
+          analysis,
+          allowlistMatches: []
+        };
+      }
+      return {
+        allowed: true,
+        requiresApproval: false,
+        analysis,
+        allowlistMatches: []
+      };
+    }
+    const requestId = crypto.randomUUID();
+    const request = {
+      id: requestId,
+      command: params.command,
+      cwd: params.cwd,
+      security,
+      ask,
+      agentId: params.agentId ?? this.runtime.agentId,
+      resolvedPath: analysis.segments[0]?.resolution?.resolvedPath,
+      roomId: params.roomId,
+      timeoutMs: EXEC_APPROVAL_DEFAULTS.timeoutMs
+    };
+    return {
+      allowed: false,
+      requiresApproval: true,
+      request,
+      analysis,
+      allowlistMatches: []
+    };
+  }
+  async requestApproval(request) {
+    const approvalService = this.runtime.getService("approval");
+    if (!approvalService) {
+      logger2.warn({ src: "service:exec_approval" }, "ApprovalService not available, denying by default");
+      return {
+        decision: "deny",
+        timedOut: false
+      };
+    }
+    const descriptionLines = ["**Exec Approval Required**", "", `Command: \`${request.command}\``];
+    if (request.cwd) {
+      descriptionLines.push(`CWD: \`${request.cwd}\``);
+    }
+    if (request.resolvedPath) {
+      descriptionLines.push(`Executable: \`${request.resolvedPath}\``);
+    }
+    const description = descriptionLines.join(`
+`);
+    const result = await approvalService.requestApproval({
+      name: "EXEC_APPROVAL",
+      description,
+      roomId: request.roomId,
+      options: EXEC_APPROVAL_OPTIONS,
+      timeoutMs: request.timeoutMs ?? EXEC_APPROVAL_DEFAULTS.timeoutMs,
+      timeoutDefault: "deny",
+      tags: ["EXEC", request.id],
+      metadata: {
+        execRequest: {
+          id: request.id,
+          command: request.command,
+          cwd: request.cwd,
+          security: request.security,
+          ask: request.ask,
+          agentId: request.agentId,
+          resolvedPath: request.resolvedPath
+        }
+      }
+    });
+    const decision = mapOptionToDecision(result.selectedOption);
+    if (decision === "allow-always" && request.resolvedPath) {
+      await this.addToAllowlist(request.resolvedPath, request.agentId);
+    }
+    return {
+      decision,
+      timedOut: result.timedOut,
+      resolvedBy: result.resolvedBy
+    };
+  }
+  async requestApprovalAsync(request, callbacks) {
+    const approvalService = this.runtime.getService("approval");
+    if (!approvalService) {
+      logger2.warn({ src: "service:exec_approval" }, "ApprovalService not available");
+      if (callbacks?.onDenied) {
+        await callbacks.onDenied();
+      }
+      throw new Error("ApprovalService not available");
+    }
+    const descriptionLines = ["**Exec Approval Required**", "", `Command: \`${request.command}\``];
+    if (request.cwd) {
+      descriptionLines.push(`CWD: \`${request.cwd}\``);
+    }
+    const taskId = await approvalService.requestApprovalAsync({
+      name: "EXEC_APPROVAL",
+      description: descriptionLines.join(`
+`),
+      roomId: request.roomId,
+      options: EXEC_APPROVAL_OPTIONS,
+      timeoutMs: request.timeoutMs ?? EXEC_APPROVAL_DEFAULTS.timeoutMs,
+      timeoutDefault: "deny",
+      tags: ["EXEC", request.id],
+      metadata: {
+        execRequest: {
+          id: request.id,
+          command: request.command,
+          cwd: request.cwd,
+          security: request.security,
+          ask: request.ask,
+          agentId: request.agentId,
+          resolvedPath: request.resolvedPath
+        }
+      },
+      onSelect: async (option, _task, _rt) => {
+        const decision = mapOptionToDecision(option);
+        if (decision === "allow-always" && request.resolvedPath) {
+          await this.addToAllowlist(request.resolvedPath, request.agentId);
+        }
+        if (decision === "allow-once" || decision === "allow-always") {
+          if (callbacks?.onApproved) {
+            await callbacks.onApproved(decision);
+          }
+        } else {
+          if (callbacks?.onDenied) {
+            await callbacks.onDenied();
+          }
+        }
+      },
+      onTimeout: async (_task, _rt) => {
+        if (callbacks?.onTimeout) {
+          await callbacks.onTimeout();
+        } else if (callbacks?.onDenied) {
+          await callbacks.onDenied();
+        }
+      }
+    });
+    return taskId;
+  }
+  async addToAllowlist(pattern, agentId) {
+    const approvals = loadApprovals();
+    const added = addAllowlistEntry(approvals, agentId ?? this.runtime.agentId, pattern);
+    if (added) {
+      this.approvalConfig = null;
+    }
+    return added;
+  }
+  async cancelApproval(taskId) {
+    const approvalService = this.runtime.getService("approval");
+    if (approvalService) {
+      await approvalService.cancelApproval(taskId);
+    }
+  }
+  async getPendingApprovals(roomId) {
+    if (!this.runtime) {
+      logger2.warn({ src: "service:exec_approval" }, "Cannot get pending approvals - runtime not available");
+      return [];
+    }
+    try {
+      const tasks = await this.runtime.getTasks({
+        roomId,
+        tags: ["AWAITING_CHOICE", "EXEC"],
+        agentIds: [this.runtime.agentId]
+      });
+      if (!tasks)
+        return [];
+      return tasks.filter((t) => t.metadata?.execRequest).map((t) => {
+        const execRequest = t.metadata?.execRequest;
+        return {
+          id: execRequest.id,
+          command: execRequest.command,
+          cwd: execRequest.cwd,
+          security: execRequest.security,
+          ask: execRequest.ask,
+          agentId: execRequest.agentId,
+          resolvedPath: execRequest.resolvedPath,
+          roomId
+        };
+      });
+    } catch (error) {
+      logger2.error({ src: "service:exec_approval", error, roomId }, "Failed to get pending approvals");
+      return [];
+    }
+  }
+}
+function mapOptionToDecision(option) {
+  switch (option) {
+    case "allow-once":
+      return "allow-once";
+    case "allow-always":
+      return "allow-always";
+    default:
+      return "deny";
+  }
+}
+// providers/shellHistoryProvider.ts
+import {
+  addHeader,
+  logger as logger3
+} from "@elizaos/core";
+
+// generated/specs/specs.ts
+var coreActionsSpec = {
+  version: "1.0.0",
+  actions: []
+};
+var allActionsSpec = {
+  version: "1.0.0",
+  actions: []
+};
+var coreProvidersSpec = {
+  version: "1.0.0",
+  providers: [
+    {
+      name: "SHELL_HISTORY",
+      description: "Provides recent shell command history, current working directory, and file operations within the restricted environment",
+      dynamic: true
+    }
+  ]
+};
+var allProvidersSpec = {
+  version: "1.0.0",
+  providers: [
+    {
+      name: "SHELL_HISTORY",
+      description: "Provides recent shell command history, current working directory, and file operations within the restricted environment",
+      dynamic: true
+    }
+  ]
+};
+var coreActionDocs = coreActionsSpec.actions;
+var allActionDocs = allActionsSpec.actions;
+var coreProviderDocs = coreProvidersSpec.providers;
+var allProviderDocs = allProvidersSpec.providers;
+
+// generated/specs/spec-helpers.ts
+var coreActionMap = new Map(coreActionDocs.map((doc) => [doc.name, doc]));
+var allActionMap = new Map(allActionDocs.map((doc) => [doc.name, doc]));
+var coreProviderMap = new Map(coreProviderDocs.map((doc) => [doc.name, doc]));
+var allProviderMap = new Map(allProviderDocs.map((doc) => [doc.name, doc]));
+function getProviderSpec(name) {
+  return coreProviderMap.get(name) ?? allProviderMap.get(name);
+}
+function requireProviderSpec(name) {
+  const spec = getProviderSpec(name);
+  if (!spec) {
+    throw new Error(`Provider spec not found: ${name}`);
+  }
+  return spec;
+}
+
+// providers/shellHistoryProvider.ts
+var MAX_OUTPUT_LENGTH = 8000;
+var TRUNCATE_SEGMENT_LENGTH = 4000;
+var spec = requireProviderSpec("SHELL_HISTORY");
+var shellHistoryProvider = {
+  name: spec.name,
+  description: "Provides recent shell command history, current working directory, and file operations within the restricted environment",
+  descriptionCompressed: "Recent shell history, cwd, and file ops in restricted env.",
+  position: 99,
+  contexts: ["terminal", "code"],
+  contextGate: { anyOf: ["terminal", "code"] },
+  cacheStable: false,
+  cacheScope: "turn",
+  dynamic: true,
+  get: async (runtime, message, _state) => {
+    try {
+      const shellService = runtime.getService("shell");
+      if (!shellService) {
+        logger3.warn("[shellHistoryProvider] Shell service not found");
+        return {
+          values: {
+            shellHistory: "Shell service is not available",
+            currentWorkingDirectory: "N/A",
+            allowedDirectory: "N/A"
+          },
+          text: addHeader("# Shell Status", "Shell service is not available"),
+          data: { historyCount: 0, cwd: "N/A", allowedDir: "N/A" }
+        };
+      }
+      const conversationId = message.roomId || message.agentId;
+      if (!conversationId) {
+        return {
+          text: "No conversation ID available",
+          values: { historyCount: 0, cwd: "N/A", allowedDir: "N/A" },
+          data: { historyCount: 0, cwd: "N/A", allowedDir: "N/A" }
+        };
+      }
+      const history = shellService.getCommandHistory(conversationId, 10);
+      const cwd = shellService.getCurrentDirectory(conversationId);
+      const allowedDir = shellService.getAllowedDirectory();
+      let historyText = "No commands in history.";
+      if (history.length > 0) {
+        historyText = history.map((entry) => {
+          let entryStr = `[${new Date(entry.timestamp).toISOString()}] ${entry.workingDirectory}> ${entry.command}`;
+          if (entry.stdout) {
+            if (entry.stdout.length > MAX_OUTPUT_LENGTH) {
+              entryStr += `
+  Output: ${entry.stdout.substring(0, TRUNCATE_SEGMENT_LENGTH)}
+  ... [TRUNCATED] ...
+  ${entry.stdout.substring(entry.stdout.length - TRUNCATE_SEGMENT_LENGTH)}`;
+            } else {
+              entryStr += `
+  Output: ${entry.stdout}`;
+            }
+          }
+          if (entry.stderr) {
+            if (entry.stderr.length > MAX_OUTPUT_LENGTH) {
+              entryStr += `
+  Error: ${entry.stderr.substring(0, TRUNCATE_SEGMENT_LENGTH)}
+  ... [TRUNCATED] ...
+  ${entry.stderr.substring(entry.stderr.length - TRUNCATE_SEGMENT_LENGTH)}`;
+            } else {
+              entryStr += `
+  Error: ${entry.stderr}`;
+            }
+          }
+          entryStr += `
+  Exit Code: ${entry.exitCode}`;
+          if (entry.fileOperations && entry.fileOperations.length > 0) {
+            entryStr += `
+  File Operations:`;
+            entry.fileOperations.forEach((op) => {
+              if (op.secondaryTarget) {
+                entryStr += `
+    - ${op.type}: ${op.target} → ${op.secondaryTarget}`;
+              } else {
+                entryStr += `
+    - ${op.type}: ${op.target}`;
+              }
+            });
+          }
+          return entryStr;
+        }).join(`
+
+`);
+      }
+      const recentFileOps = history.filter((entry) => entry.fileOperations && entry.fileOperations.length > 0).flatMap((entry) => entry.fileOperations ?? []).slice(-5);
+      let fileOpsText = "";
+      if (recentFileOps.length > 0) {
+        fileOpsText = `
+
+` + addHeader("# Recent File Operations", recentFileOps.map((op) => {
+          if (op.secondaryTarget) {
+            return `- ${op.type}: ${op.target} → ${op.secondaryTarget}`;
+          }
+          return `- ${op.type}: ${op.target}`;
+        }).join(`
+`));
+      }
+      const text = `Current Directory: ${cwd}
+Allowed Directory: ${allowedDir}
+
+${addHeader("# Shell History (Last 10)", historyText)}${fileOpsText}`;
+      return {
+        values: {
+          shellHistory: historyText,
+          currentWorkingDirectory: cwd,
+          allowedDirectory: allowedDir
+        },
+        text,
+        data: {
+          historyCount: history.length,
+          cwd,
+          allowedDir
+        }
+      };
+    } catch {
+      return {
+        values: {
+          shellHistory: "",
+          currentWorkingDirectory: "N/A",
+          allowedDirectory: "N/A"
+        },
+        text: "",
+        data: { historyCount: 0, cwd: "N/A", allowedDir: "N/A" }
+      };
+    }
+  }
+};
+// services/shellService.ts
+import path7 from "node:path";
+import { logger as logger6, Service as Service2 } from "@elizaos/core";
+import { isCloudExecutionMode, shouldUseSandboxExecution } from "@elizaos/shared";
+import spawn2 from "cross-spawn";
+
+// utils/config.ts
+import fs3 from "node:fs";
+import path3 from "node:path";
+import { logger as logger4 } from "@elizaos/core";
+import { z } from "zod";
+var configSchema = z.object({
+  enabled: z.boolean(),
+  allowedDirectory: z.string(),
+  timeout: z.number().positive().default(30000),
+  forbiddenCommands: z.array(z.string()),
+  maxOutputChars: z.number().positive().default(200000),
+  pendingMaxOutputChars: z.number().positive().default(200000),
+  defaultBackgroundMs: z.number().positive().default(1e4),
+  allowBackground: z.boolean().default(true)
+});
+var DEFAULT_FORBIDDEN_COMMANDS = [
+  "rm -rf /",
+  "rmdir",
+  "chmod 777",
+  "chown",
+  "chgrp",
+  "shutdown",
+  "reboot",
+  "halt",
+  "poweroff",
+  "kill -9",
+  "killall",
+  "pkill",
+  "sudo rm -rf",
+  "su",
+  "passwd",
+  "useradd",
+  "userdel",
+  "groupadd",
+  "groupdel",
+  "format",
+  "fdisk",
+  "mkfs",
+  "dd if=/dev/zero",
+  "shred",
+  ":(){:|:&};:"
+];
+function loadShellConfig() {
+  const allowedDirectory = process.env.SHELL_ALLOWED_DIRECTORY || process.cwd();
+  const timeout = parseInt(process.env.SHELL_TIMEOUT || "30000", 10);
+  const maxOutputChars = parseInt(process.env.SHELL_MAX_OUTPUT_CHARS || "200000", 10);
+  const pendingMaxOutputChars = parseInt(process.env.SHELL_PENDING_MAX_OUTPUT_CHARS || "200000", 10);
+  const defaultBackgroundMs = parseInt(process.env.SHELL_BACKGROUND_MS || "10000", 10);
+  const allowBackground = process.env.SHELL_ALLOW_BACKGROUND !== "false";
+  const customForbidden = process.env.SHELL_FORBIDDEN_COMMANDS ? process.env.SHELL_FORBIDDEN_COMMANDS.split(",").map((cmd) => cmd.trim()) : [];
+  const forbiddenCommands = [...new Set([...DEFAULT_FORBIDDEN_COMMANDS, ...customForbidden])];
+  const config = {
+    enabled: true,
+    allowedDirectory,
+    timeout,
+    forbiddenCommands,
+    maxOutputChars,
+    pendingMaxOutputChars,
+    defaultBackgroundMs,
+    allowBackground
+  };
+  const parseResult = configSchema.safeParse(config);
+  if (!parseResult.success) {
+    const errorMessage = parseResult.error.issues[0]?.message || parseResult.error.toString();
+    throw new Error(`Shell plugin configuration error: ${errorMessage}`);
+  }
+  try {
+    const stats = fs3.statSync(allowedDirectory);
+    if (!stats.isDirectory()) {
+      throw new Error(`SHELL_ALLOWED_DIRECTORY is not a directory: ${allowedDirectory}`);
+    }
+    config.allowedDirectory = path3.resolve(allowedDirectory);
+    logger4.info(`Shell plugin enabled with allowed directory: ${config.allowedDirectory}, ` + `background: ${allowBackground}, timeout: ${timeout}ms`);
+  } catch (error) {
+    if (error instanceof Error && "code" in error && error.code === "ENOENT") {
+      throw new Error(`SHELL_ALLOWED_DIRECTORY does not exist: ${allowedDirectory}`);
+    }
+    throw error;
+  }
+  return config;
+}
+// utils/pathUtils.ts
+import path4 from "node:path";
+import { logger as logger5 } from "@elizaos/core";
+function validatePath(commandPath, allowedDir, currentDir) {
+  const resolvedPath = path4.resolve(currentDir, commandPath);
+  const normalizedPath = path4.normalize(resolvedPath);
+  const normalizedAllowed = path4.normalize(allowedDir);
+  const relative = path4.relative(normalizedAllowed, normalizedPath);
+  if (relative.startsWith("..") || path4.isAbsolute(relative)) {
+    logger5.warn(`Path validation failed: ${normalizedPath} is outside allowed directory ${normalizedAllowed}`);
+    return null;
+  }
+  return normalizedPath;
+}
+function isSafeCommand(command) {
+  const pathTraversalPatterns = [/\.\.\//g, /\.\.\\/g, /\/\.\./g, /\\\.\./g];
+  const dangerousPatterns = [/\$\(/g, /`[^']*`/g, /\|\s*sudo/g, /;\s*sudo/g, /&\s*&/g, /\|\s*\|/g];
+  for (const pattern of pathTraversalPatterns) {
+    if (pattern.test(command)) {
+      logger5.warn(`Path traversal detected in command: ${command}`);
+      return false;
+    }
+  }
+  for (const pattern of dangerousPatterns) {
+    if (pattern.test(command)) {
+      logger5.warn(`Dangerous pattern detected in command: ${command}`);
+      return false;
+    }
+  }
+  const pipeCount = (command.match(/\|/g) || []).length;
+  if (pipeCount > 1) {
+    logger5.warn(`Multiple pipes detected in command: ${command}`);
+    return false;
+  }
+  return true;
+}
+function extractBaseCommand(fullCommand) {
+  const parts = fullCommand.trim().split(/\s+/);
+  return parts[0] || "";
+}
+function isForbiddenCommand(command, forbiddenCommands) {
+  const normalizedCommand = command.trim().toLowerCase();
+  return forbiddenCommands.some((forbidden) => {
+    const forbiddenLower = forbidden.toLowerCase();
+    if (normalizedCommand.startsWith(forbiddenLower)) {
+      return true;
+    }
+    if (!forbidden.includes(" ")) {
+      const baseCommand = extractBaseCommand(command);
+      if (baseCommand.toLowerCase() === forbiddenLower) {
+        return true;
+      }
+    }
+    return false;
+  });
+}
+// utils/ptyKeys.ts
+var ESC = "\x1B";
+var CR = "\r";
+var TAB = "\t";
+var BACKSPACE = "";
+var BRACKETED_PASTE_START2 = `${ESC}[200~`;
+var BRACKETED_PASTE_END2 = `${ESC}[201~`;
+function escapeRegExp(value) {
+  return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+var namedKeyMap = new Map([
+  ["enter", CR],
+  ["return", CR],
+  ["tab", TAB],
+  ["escape", ESC],
+  ["esc", ESC],
+  ["space", " "],
+  ["bspace", BACKSPACE],
+  ["backspace", BACKSPACE],
+  ["up", `${ESC}[A`],
+  ["down", `${ESC}[B`],
+  ["right", `${ESC}[C`],
+  ["left", `${ESC}[D`],
+  ["home", `${ESC}[1~`],
+  ["end", `${ESC}[4~`],
+  ["pageup", `${ESC}[5~`],
+  ["pgup", `${ESC}[5~`],
+  ["ppage", `${ESC}[5~`],
+  ["pagedown", `${ESC}[6~`],
+  ["pgdn", `${ESC}[6~`],
+  ["npage", `${ESC}[6~`],
+  ["insert", `${ESC}[2~`],
+  ["ic", `${ESC}[2~`],
+  ["delete", `${ESC}[3~`],
+  ["del", `${ESC}[3~`],
+  ["dc", `${ESC}[3~`],
+  ["btab", `${ESC}[Z`],
+  ["f1", `${ESC}OP`],
+  ["f2", `${ESC}OQ`],
+  ["f3", `${ESC}OR`],
+  ["f4", `${ESC}OS`],
+  ["f5", `${ESC}[15~`],
+  ["f6", `${ESC}[17~`],
+  ["f7", `${ESC}[18~`],
+  ["f8", `${ESC}[19~`],
+  ["f9", `${ESC}[20~`],
+  ["f10", `${ESC}[21~`],
+  ["f11", `${ESC}[23~`],
+  ["f12", `${ESC}[24~`],
+  ["kp/", `${ESC}Oo`],
+  ["kp*", `${ESC}Oj`],
+  ["kp-", `${ESC}Om`],
+  ["kp+", `${ESC}Ok`],
+  ["kp7", `${ESC}Ow`],
+  ["kp8", `${ESC}Ox`],
+  ["kp9", `${ESC}Oy`],
+  ["kp4", `${ESC}Ot`],
+  ["kp5", `${ESC}Ou`],
+  ["kp6", `${ESC}Ov`],
+  ["kp1", `${ESC}Oq`],
+  ["kp2", `${ESC}Or`],
+  ["kp3", `${ESC}Os`],
+  ["kp0", `${ESC}Op`],
+  ["kp.", `${ESC}On`],
+  ["kpenter", `${ESC}OM`]
+]);
+var modifiableNamedKeys = new Set([
+  "up",
+  "down",
+  "left",
+  "right",
+  "home",
+  "end",
+  "pageup",
+  "pgup",
+  "ppage",
+  "pagedown",
+  "pgdn",
+  "npage",
+  "insert",
+  "ic",
+  "delete",
+  "del",
+  "dc"
+]);
+function encodeKeySequence2(request) {
+  const warnings = [];
+  let data = "";
+  if (request.literal) {
+    data += request.literal;
+  }
+  if (request.hex?.length) {
+    for (const raw of request.hex) {
+      const byte = parseHexByte(raw);
+      if (byte === null) {
+        warnings.push(`Invalid hex byte: ${raw}`);
+        continue;
+      }
+      data += String.fromCharCode(byte);
+    }
+  }
+  if (request.keys?.length) {
+    for (const token of request.keys) {
+      data += encodeKeyToken(token, warnings);
+    }
+  }
+  return { data, warnings };
+}
+function encodePaste2(text, bracketed = true) {
+  if (!bracketed) {
+    return text;
+  }
+  return `${BRACKETED_PASTE_START2}${text}${BRACKETED_PASTE_END2}`;
+}
+function encodeKeyToken(raw, warnings) {
+  const token = raw.trim();
+  if (!token) {
+    return "";
+  }
+  if (token.length === 2 && token.startsWith("^")) {
+    const ctrl = toCtrlChar(token[1]);
+    if (ctrl) {
+      return ctrl;
+    }
+  }
+  const parsed = parseModifiers(token);
+  const base = parsed.base;
+  const baseLower = base.toLowerCase();
+  if (baseLower === "tab" && parsed.mods.shift) {
+    return `${ESC}[Z`;
+  }
+  const baseSeq = namedKeyMap.get(baseLower);
+  if (baseSeq) {
+    let seq = baseSeq;
+    if (modifiableNamedKeys.has(baseLower) && hasAnyModifier(parsed.mods)) {
+      const mod = xtermModifier(parsed.mods);
+      if (mod > 1) {
+        const modified = applyXtermModifier(seq, mod);
+        if (modified) {
+          seq = modified;
+          return seq;
+        }
+      }
+    }
+    if (parsed.mods.alt) {
+      return `${ESC}${seq}`;
+    }
+    return seq;
+  }
+  if (base.length === 1) {
+    return applyCharModifiers(base, parsed.mods);
+  }
+  if (parsed.hasModifiers) {
+    warnings.push(`Unknown key "${base}" for modifiers; sending literal.`);
+  }
+  return base;
+}
+function parseModifiers(token) {
+  const mods = { ctrl: false, alt: false, shift: false };
+  let rest = token;
+  let sawModifiers = false;
+  while (rest.length > 2 && rest[1] === "-") {
+    const mod = rest[0].toLowerCase();
+    if (mod === "c") {
+      mods.ctrl = true;
+    } else if (mod === "m") {
+      mods.alt = true;
+    } else if (mod === "s") {
+      mods.shift = true;
+    } else {
+      break;
+    }
+    sawModifiers = true;
+    rest = rest.slice(2);
+  }
+  return { mods, base: rest, hasModifiers: sawModifiers };
+}
+function applyCharModifiers(char, mods) {
+  let value = char;
+  if (mods.shift && value.length === 1 && /[a-z]/.test(value)) {
+    value = value.toUpperCase();
+  }
+  if (mods.ctrl) {
+    const ctrl = toCtrlChar(value);
+    if (ctrl) {
+      value = ctrl;
+    }
+  }
+  if (mods.alt) {
+    value = `${ESC}${value}`;
+  }
+  return value;
+}
+function toCtrlChar(char) {
+  if (char.length !== 1) {
+    return null;
+  }
+  if (char === "?") {
+    return "";
+  }
+  const code = char.toUpperCase().charCodeAt(0);
+  if (code >= 64 && code <= 95) {
+    return String.fromCharCode(code & 31);
+  }
+  return null;
+}
+function xtermModifier(mods) {
+  let mod = 1;
+  if (mods.shift) {
+    mod += 1;
+  }
+  if (mods.alt) {
+    mod += 2;
+  }
+  if (mods.ctrl) {
+    mod += 4;
+  }
+  return mod;
+}
+function applyXtermModifier(sequence, modifier) {
+  const escPattern = escapeRegExp(ESC);
+  const csiNumber = new RegExp(`^${escPattern}\\[(\\d+)([~A-Z])$`);
+  const csiArrow = new RegExp(`^${escPattern}\\[(A|B|C|D|H|F)$`);
+  const numberMatch = sequence.match(csiNumber);
+  if (numberMatch) {
+    return `${ESC}[${numberMatch[1]};${modifier}${numberMatch[2]}`;
+  }
+  const arrowMatch = sequence.match(csiArrow);
+  if (arrowMatch) {
+    return `${ESC}[1;${modifier}${arrowMatch[1]}`;
+  }
+  return null;
+}
+function hasAnyModifier(mods) {
+  return mods.ctrl || mods.alt || mods.shift;
+}
+function parseHexByte(raw) {
+  const trimmed = raw.trim().toLowerCase();
+  const normalized = trimmed.startsWith("0x") ? trimmed.slice(2) : trimmed;
+  if (!/^[0-9a-f]{1,2}$/.test(normalized)) {
+    return null;
+  }
+  const value = Number.parseInt(normalized, 16);
+  if (Number.isNaN(value) || value < 0 || value > 255) {
+    return null;
+  }
+  return value;
+}
+var DSR_PATTERN = new RegExp(`${ESC}\\[\\??6n`, "g");
+function stripDsrRequests2(input) {
+  let requests = 0;
+  const cleaned = input.replace(DSR_PATTERN, () => {
+    requests += 1;
+    return "";
+  });
+  return { cleaned, requests };
+}
+function buildCursorPositionResponse2(row = 1, col = 1) {
+  return `\x1B[${row};${col}R`;
+}
+
+// utils/shellUtils.ts
+import { spawn } from "node:child_process";
+import { existsSync, statSync } from "node:fs";
+import { homedir } from "node:os";
+import path6 from "node:path";
+
+// utils/terminalCapabilities.ts
+import fs4 from "node:fs";
+import path5 from "node:path";
+var TERMINAL_TOOL_NAMES = [
+  "sh",
+  "git",
+  "rg",
+  "bun",
+  "acpx",
+  "codex",
+  "claude",
+  "opencode"
+];
+var ANDROID_PATH_ENTRIES = ["/system/bin", "/system/xbin", "/vendor/bin"];
+function isAndroidRuntime() {
+  return process.env.ELIZA_PLATFORM?.trim().toLowerCase() === "android" || Boolean(process.env.ANDROID_ROOT || process.env.ANDROID_DATA);
+}
+function isIosRuntime() {
+  return process.env.ELIZA_PLATFORM?.trim().toLowerCase() === "ios";
+}
+function isStoreBuild() {
+  const variant = process.env.ELIZA_BUILD_VARIANT ?? "";
+  return variant.trim().toLowerCase() === "store";
+}
+function runtimeMode() {
+  return (process.env.ELIZA_RUNTIME_MODE ?? process.env.RUNTIME_MODE ?? process.env.LOCAL_RUNTIME_MODE ?? "").trim().toLowerCase();
+}
+function executableExists(candidate) {
+  try {
+    fs4.accessSync(candidate, fs4.constants.X_OK);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function pathEntries() {
+  const entries = (process.env.PATH ?? "").split(path5.delimiter).map((entry) => entry.trim()).filter(Boolean);
+  if (isAndroidRuntime()) {
+    for (const entry of ANDROID_PATH_ENTRIES) {
+      if (!entries.includes(entry))
+        entries.push(entry);
+    }
+  }
+  return entries;
+}
+function resolveExecutable(nameOrPath) {
+  const trimmed = nameOrPath.trim();
+  if (!trimmed)
+    return;
+  if (trimmed.includes("/") || path5.isAbsolute(trimmed)) {
+    return executableExists(trimmed) ? trimmed : undefined;
+  }
+  for (const entry of pathEntries()) {
+    const candidate = path5.join(entry, trimmed);
+    if (executableExists(candidate))
+      return candidate;
+  }
+  return;
+}
+function firstExecutable(candidates) {
+  for (const candidate of candidates) {
+    const resolved = resolveExecutable(candidate);
+    if (resolved)
+      return resolved;
+  }
+  return;
+}
+function resolveTerminalShell() {
+  const explicitEntries = [
+    ["CODING_TOOLS_SHELL", process.env.CODING_TOOLS_SHELL],
+    ["SHELL", process.env.SHELL]
+  ];
+  for (const [key, raw] of explicitEntries) {
+    const value = raw?.trim();
+    if (!value)
+      continue;
+    const resolved = resolveExecutable(value);
+    if (resolved) {
+      return {
+        shell: resolved,
+        args: ["-c"],
+        available: true,
+        source: key === "CODING_TOOLS_SHELL" ? "env:CODING_TOOLS_SHELL" : "env:SHELL"
+      };
+    }
+  }
+  const candidates = isAndroidRuntime() ? ["/system/bin/sh", "sh"] : ["/bin/bash", "bash", "/bin/sh", "sh"];
+  const shell = firstExecutable(candidates);
+  if (shell) {
+    return {
+      shell,
+      args: ["-c"],
+      available: true,
+      source: "candidate"
+    };
+  }
+  return {
+    shell: isAndroidRuntime() ? "/system/bin/sh" : "sh",
+    args: ["-c"],
+    available: false,
+    source: "fallback",
+    warning: isAndroidRuntime() ? "No executable POSIX shell was detected. Android direct/AOSP local-yolo builds must expose /system/bin/sh or set CODING_TOOLS_SHELL to an executable shell." : "No executable POSIX shell was detected. Set SHELL or CODING_TOOLS_SHELL to an executable shell."
+  };
+}
+function detectTerminalCapabilities() {
+  return TERMINAL_TOOL_NAMES.map((name) => {
+    if (name === "sh") {
+      const shell = resolveTerminalShell();
+      return {
+        name,
+        path: shell.available ? shell.shell : undefined,
+        available: shell.available
+      };
+    }
+    const resolved = resolveExecutable(name);
+    return {
+      name,
+      path: resolved,
+      available: Boolean(resolved)
+    };
+  });
+}
+function formatTerminalCapabilities(capabilities = detectTerminalCapabilities()) {
+  return capabilities.map((capability) => capability.available ? `${capability.name}=ok(${capability.path})` : `${capability.name}=missing`).join(" ");
+}
+function missingToolMessage(tool) {
+  if (tool === "sh") {
+    return resolveTerminalShell().warning ?? "No executable shell was detected.";
+  }
+  const suffix = isAndroidRuntime() ? " On Android direct/AOSP builds, ensure the binary is staged into the agent image and PATH includes /system/bin or the tool's install directory." : " Install it or add it to PATH.";
+  return `${tool} CLI is not available in PATH.${suffix}`;
+}
+function missingTerminalToolForCommand(command) {
+  const tokens = command.trim().split(/\s+/).filter(Boolean);
+  let index = 0;
+  while (tokens[index] && /^[A-Za-z_][A-Za-z0-9_]*=/.test(tokens[index])) {
+    index += 1;
+  }
+  const first = tokens[index]?.replace(/^["']|["']$/g, "");
+  if (!first)
+    return;
+  const name = path5.basename(first);
+  if (!TERMINAL_TOOL_NAMES.includes(name) || name === "sh") {
+    return;
+  }
+  return resolveExecutable(first) ? undefined : name;
+}
+function detectTerminalSupport() {
+  if (isStoreBuild()) {
+    return {
+      supported: false,
+      reason: "store_build",
+      message: "Local terminal execution is unavailable in store builds because the OS sandbox blocks spawning local shells and developer CLIs."
+    };
+  }
+  if (isIosRuntime()) {
+    return {
+      supported: false,
+      reason: "vanilla_mobile",
+      message: "Local terminal execution is unavailable on iOS because the runtime does not expose shell, coding, or orchestrator subprocess capabilities."
+    };
+  }
+  if (isAndroidRuntime()) {
+    if (runtimeMode() !== "local-yolo") {
+      return {
+        supported: false,
+        reason: "not_local_yolo",
+        message: "Android direct/AOSP terminal execution requires ELIZA_RUNTIME_MODE=local-yolo so commands run in the local agent environment."
+      };
+    }
+    const shell = resolveTerminalShell();
+    if (!shell.available) {
+      return {
+        supported: false,
+        reason: "missing_shell",
+        message: shell.warning ?? "Android direct/AOSP terminal execution requires an executable shell. Set CODING_TOOLS_SHELL or SHELL to a staged shell binary."
+      };
+    }
+  }
+  return { supported: true };
+}
+
+// utils/shellUtils.ts
+var CHUNK_LIMIT = 8 * 1024;
+function resolvePowerShellPath() {
+  const systemRoot = process.env.SystemRoot || process.env.WINDIR;
+  if (systemRoot) {
+    const candidate = path6.join(systemRoot, "System32", "WindowsPowerShell", "v1.0", "powershell.exe");
+    if (existsSync(candidate)) {
+      return candidate;
+    }
+  }
+  return "powershell.exe";
+}
+function getShellConfig2() {
+  if (process.platform === "win32") {
+    return {
+      shell: resolvePowerShellPath(),
+      args: ["-NoProfile", "-NonInteractive", "-Command"]
+    };
+  }
+  const envShell = process.env.SHELL?.trim();
+  const shellName = envShell ? path6.basename(envShell) : "";
+  if (shellName === "fish") {
+    const bash = resolveExecutable("bash");
+    if (bash) {
+      return { shell: bash, args: ["-c"] };
+    }
+    const sh = resolveExecutable("sh");
+    if (sh) {
+      return { shell: sh, args: ["-c"] };
+    }
+  }
+  const resolved = resolveTerminalShell();
+  return { shell: resolved.shell, args: resolved.args };
+}
+function sanitizeBinaryOutput2(text) {
+  const scrubbed = text.replace(/[\p{Format}\p{Surrogate}]/gu, "");
+  if (!scrubbed) {
+    return scrubbed;
+  }
+  const chunks = [];
+  for (const char of scrubbed) {
+    const code = char.codePointAt(0);
+    if (code == null) {
+      continue;
+    }
+    if (code === 9 || code === 10 || code === 13) {
+      chunks.push(char);
+      continue;
+    }
+    if (code < 32) {
+      continue;
+    }
+    chunks.push(char);
+  }
+  return chunks.join("");
+}
+function killProcessTree2(pid) {
+  if (process.platform === "win32") {
+    try {
+      spawn("taskkill", ["/F", "/T", "/PID", String(pid)], {
+        stdio: "ignore",
+        detached: true
+      });
+    } catch {}
+    return;
+  }
+  try {
+    process.kill(-pid, "SIGKILL");
+  } catch {
+    try {
+      process.kill(pid, "SIGKILL");
+    } catch {}
+  }
+}
+function killSession2(session) {
+  const pid = session.pid ?? session.child?.pid;
+  if (pid) {
+    killProcessTree2(pid);
+  }
+}
+function coerceEnv2(env) {
+  const record = {};
+  if (!env) {
+    return record;
+  }
+  for (const [key, value] of Object.entries(env)) {
+    if (typeof value === "string") {
+      record[key] = value;
+    }
+  }
+  return record;
+}
+function resolveWorkdir2(workdir, warnings) {
+  const current = safeCwd();
+  const fallback = current ?? homedir();
+  try {
+    const stats = statSync(workdir);
+    if (stats.isDirectory()) {
+      return workdir;
+    }
+  } catch {}
+  warnings.push(`Warning: workdir "${workdir}" is unavailable; using "${fallback}".`);
+  return fallback;
+}
+function safeCwd() {
+  try {
+    const cwd = process.cwd();
+    return existsSync(cwd) ? cwd : null;
+  } catch {
+    return null;
+  }
+}
+function clampNumber2(value, defaultValue, min, max) {
+  if (value === undefined || Number.isNaN(value)) {
+    return defaultValue;
+  }
+  return Math.min(Math.max(value, min), max);
+}
+function readEnvInt2(key) {
+  const raw = process.env[key];
+  if (!raw) {
+    return;
+  }
+  const parsed = Number.parseInt(raw, 10);
+  return Number.isFinite(parsed) ? parsed : undefined;
+}
+function chunkString2(input, limit = CHUNK_LIMIT) {
+  const chunks = [];
+  for (let i = 0;i < input.length; i += limit) {
+    chunks.push(input.slice(i, i + limit));
+  }
+  return chunks;
+}
+function sliceUtf16Safe2(str, start, end) {
+  const effectiveEnd = end ?? str.length;
+  if (start < 0) {
+    const adjustedStart = Math.max(0, str.length + start);
+    return str.slice(adjustedStart, effectiveEnd);
+  }
+  return str.slice(start, effectiveEnd);
+}
+function truncateMiddle2(str, max) {
+  if (str.length <= max) {
+    return str;
+  }
+  const half = Math.floor((max - 3) / 2);
+  return `${sliceUtf16Safe2(str, 0, half)}...${sliceUtf16Safe2(str, -half)}`;
+}
+function sliceLogLines2(text, offset, limit) {
+  if (!text) {
+    return { slice: "", totalLines: 0, totalChars: 0 };
+  }
+  const normalized = text.replace(/\r\n/g, `
+`);
+  const lines = normalized.split(`
+`);
+  if (lines.length > 0 && lines[lines.length - 1] === "") {
+    lines.pop();
+  }
+  const totalLines = lines.length;
+  const totalChars = text.length;
+  let start = typeof offset === "number" && Number.isFinite(offset) ? Math.max(0, Math.floor(offset)) : 0;
+  if (limit !== undefined && offset === undefined) {
+    const tailCount = Math.max(0, Math.floor(limit));
+    start = Math.max(totalLines - tailCount, 0);
+  }
+  const end = typeof limit === "number" && Number.isFinite(limit) ? start + Math.max(0, Math.floor(limit)) : undefined;
+  return { slice: lines.slice(start, end).join(`
+`), totalLines, totalChars };
+}
+function deriveSessionName2(command) {
+  const tokens = tokenizeCommand(command);
+  if (tokens.length === 0) {
+    return;
+  }
+  const verb = tokens[0];
+  let target = tokens.slice(1).find((t) => !t.startsWith("-"));
+  if (!target) {
+    target = tokens[1];
+  }
+  if (!target) {
+    return verb;
+  }
+  const cleaned = truncateMiddle2(stripQuotes(target), 48);
+  return `${stripQuotes(verb)} ${cleaned}`;
+}
+function tokenizeCommand(command) {
+  const matches = command.match(/(?:[^\s"']+|"(?:\\.|[^"])*"|'(?:\\.|[^'])*')+/g) ?? [];
+  return matches.map((token) => stripQuotes(token)).filter(Boolean);
+}
+function stripQuotes(value) {
+  const trimmed = value.trim();
+  if (trimmed.startsWith('"') && trimmed.endsWith('"') || trimmed.startsWith("'") && trimmed.endsWith("'")) {
+    return trimmed.slice(1, -1);
+  }
+  return trimmed;
+}
+function formatDuration2(ms) {
+  if (ms < 1000) {
+    return `${ms}ms`;
+  }
+  const seconds = Math.floor(ms / 1000);
+  if (seconds < 60) {
+    return `${seconds}s`;
+  }
+  const minutes = Math.floor(seconds / 60);
+  const rem = seconds % 60;
+  return `${minutes}m${rem.toString().padStart(2, "0")}s`;
+}
+function pad2(str, width) {
+  if (str.length >= width) {
+    return str;
+  }
+  return str + " ".repeat(width - str.length);
+}
+var DEFAULT_RETRY_CODES = ["EBADF"];
+function formatSpawnError(err) {
+  if (!(err instanceof Error)) {
+    return String(err);
+  }
+  const details = err;
+  const parts = [];
+  const message = err.message.trim();
+  if (message) {
+    parts.push(message);
+  }
+  if (details.code && !message.includes(details.code)) {
+    parts.push(details.code);
+  }
+  if (details.syscall) {
+    parts.push(`syscall=${details.syscall}`);
+  }
+  if (typeof details.errno === "number") {
+    parts.push(`errno=${details.errno}`);
+  }
+  return parts.join(" ");
+}
+function shouldRetry(err, codes) {
+  const code = err && typeof err === "object" && "code" in err ? String(err.code) : "";
+  return code.length > 0 && codes.includes(code);
+}
+async function spawnAndWaitForSpawn(spawnImpl, argv, options) {
+  const child = spawnImpl(argv[0], argv.slice(1), options);
+  return await new Promise((resolve, reject) => {
+    let settled = false;
+    const cleanup = () => {
+      child.removeListener("error", onError);
+      child.removeListener("spawn", onSpawn);
+    };
+    const finishResolve = () => {
+      if (settled) {
+        return;
+      }
+      settled = true;
+      cleanup();
+      resolve(child);
+    };
+    const onError = (err) => {
+      if (settled) {
+        return;
+      }
+      settled = true;
+      cleanup();
+      reject(err);
+    };
+    const onSpawn = () => {
+      finishResolve();
+    };
+    child.once("error", onError);
+    child.once("spawn", onSpawn);
+    process.nextTick(() => {
+      if (typeof child.pid === "number") {
+        finishResolve();
+      }
+    });
+  });
+}
+async function spawnWithFallback(params) {
+  const spawnImpl = params.spawnImpl ?? spawn;
+  const retryCodes = params.retryCodes ?? DEFAULT_RETRY_CODES;
+  const baseOptions = { ...params.options };
+  const fallbacks = params.fallbacks ?? [];
+  const attempts = [
+    { options: baseOptions },
+    ...fallbacks.map((fallback) => ({
+      label: fallback.label,
+      options: { ...baseOptions, ...fallback.options }
+    }))
+  ];
+  let lastError;
+  for (let index = 0;index < attempts.length; index += 1) {
+    const attempt = attempts[index];
+    try {
+      const child = await spawnAndWaitForSpawn(spawnImpl, params.argv, attempt.options);
+      return {
+        child,
+        usedFallback: index > 0,
+        fallbackLabel: attempt.label
+      };
+    } catch (err) {
+      lastError = err;
+      const nextFallback = fallbacks[index];
+      if (!nextFallback || !shouldRetry(err, retryCodes)) {
+        throw err;
+      }
+      params.onFallback?.(err, nextFallback);
+    }
+  }
+  throw lastError;
+}
+
+// services/processRegistry.ts
+var DEFAULT_JOB_TTL_MS = 30 * 60 * 1000;
+var MIN_JOB_TTL_MS = 60 * 1000;
+var MAX_JOB_TTL_MS = 3 * 60 * 60 * 1000;
+var DEFAULT_PENDING_OUTPUT_CHARS = 30000;
+function clampTtl(value) {
+  if (!value || Number.isNaN(value)) {
+    return DEFAULT_JOB_TTL_MS;
+  }
+  return Math.min(Math.max(value, MIN_JOB_TTL_MS), MAX_JOB_TTL_MS);
+}
+var jobTtlMs = clampTtl(Number.parseInt(process.env.SHELL_JOB_TTL_MS ?? "", 10));
+var runningSessions = new Map;
+var finishedSessions = new Map;
+var sweeper = null;
+function isSessionIdTaken(id) {
+  return runningSessions.has(id) || finishedSessions.has(id);
+}
+var SLUG_ADJECTIVES = [
+  "amber",
+  "briny",
+  "brisk",
+  "calm",
+  "clear",
+  "cool",
+  "crisp",
+  "dawn",
+  "delta",
+  "ember",
+  "faint",
+  "fast",
+  "fresh",
+  "gentle",
+  "glow",
+  "good",
+  "grand",
+  "keen",
+  "kind",
+  "lucky",
+  "marine",
+  "mellow",
+  "mild",
+  "neat",
+  "nimble",
+  "nova",
+  "oceanic",
+  "plaid",
+  "quick",
+  "quiet",
+  "rapid",
+  "salty",
+  "sharp",
+  "swift",
+  "tender",
+  "tidal",
+  "tidy",
+  "tide",
+  "vivid",
+  "warm",
+  "wild",
+  "young"
+];
+var SLUG_NOUNS = [
+  "atlas",
+  "basil",
+  "bison",
+  "bloom",
+  "breeze",
+  "canyon",
+  "cedar",
+  "claw",
+  "cloud",
+  "comet",
+  "coral",
+  "cove",
+  "crest",
+  "daisy",
+  "dune",
+  "ember",
+  "falcon",
+  "fjord",
+  "forest",
+  "glade",
+  "gulf",
+  "harbor",
+  "haven",
+  "kelp",
+  "lagoon",
+  "meadow",
+  "mist",
+  "nexus",
+  "ocean",
+  "orbit",
+  "otter",
+  "pine",
+  "prairie",
+  "reef",
+  "ridge",
+  "river",
+  "rook",
+  "sable",
+  "sage",
+  "shell",
+  "shoal",
+  "shore",
+  "slug",
+  "summit",
+  "trail",
+  "valley",
+  "wharf",
+  "willow",
+  "zephyr"
+];
+function randomChoice(values, fallback) {
+  return values[Math.floor(Math.random() * values.length)] ?? fallback;
+}
+function createSlugBase(words = 2) {
+  const parts = [randomChoice(SLUG_ADJECTIVES, "steady"), randomChoice(SLUG_NOUNS, "harbor")];
+  if (words > 2) {
+    parts.push(randomChoice(SLUG_NOUNS, "reef"));
+  }
+  return parts.join("-");
+}
+function createSessionSlug(isTaken) {
+  const isIdTaken = isTaken ?? isSessionIdTaken;
+  for (let attempt = 0;attempt < 12; attempt += 1) {
+    const base = createSlugBase(2);
+    if (!isIdTaken(base)) {
+      return base;
+    }
+    for (let i = 2;i <= 12; i += 1) {
+      const candidate = `${base}-${i}`;
+      if (!isIdTaken(candidate)) {
+        return candidate;
+      }
+    }
+  }
+  for (let attempt = 0;attempt < 12; attempt += 1) {
+    const base = createSlugBase(3);
+    if (!isIdTaken(base)) {
+      return base;
+    }
+    for (let i = 2;i <= 12; i += 1) {
+      const candidate = `${base}-${i}`;
+      if (!isIdTaken(candidate)) {
+        return candidate;
+      }
+    }
+  }
+  const fallback = `${createSlugBase(3)}-${Math.random().toString(36).slice(2, 5)}`;
+  return isIdTaken(fallback) ? `${fallback}-${Date.now().toString(36)}` : fallback;
+}
+function addSession(session) {
+  runningSessions.set(session.id, session);
+  startSweeper();
+}
+function getSession(id) {
+  return runningSessions.get(id);
+}
+function getFinishedSession(id) {
+  return finishedSessions.get(id);
+}
+function deleteSession(id) {
+  runningSessions.delete(id);
+  finishedSessions.delete(id);
+}
+function sumPendingChars(buffer) {
+  let total = 0;
+  for (const chunk of buffer) {
+    total += chunk.length;
+  }
+  return total;
+}
+function capPendingBuffer(buffer, pendingChars, cap) {
+  if (pendingChars <= cap) {
+    return pendingChars;
+  }
+  const last = buffer.at(-1);
+  if (last && last.length >= cap) {
+    buffer.length = 0;
+    buffer.push(last.slice(last.length - cap));
+    return cap;
+  }
+  while (buffer.length && pendingChars - buffer[0].length >= cap) {
+    pendingChars -= buffer[0].length;
+    buffer.shift();
+  }
+  if (buffer.length && pendingChars > cap) {
+    const overflow = pendingChars - cap;
+    buffer[0] = buffer[0].slice(overflow);
+    pendingChars = cap;
+  }
+  return pendingChars;
+}
+function tail(text, max = 2000) {
+  if (text.length <= max) {
+    return text;
+  }
+  return text.slice(text.length - max);
+}
+function trimWithCap(text, max) {
+  if (text.length <= max) {
+    return text;
+  }
+  return text.slice(text.length - max);
+}
+function appendOutput(session, stream, chunk) {
+  session.pendingStdout ??= [];
+  session.pendingStderr ??= [];
+  session.pendingStdoutChars ??= sumPendingChars(session.pendingStdout);
+  session.pendingStderrChars ??= sumPendingChars(session.pendingStderr);
+  const buffer = stream === "stdout" ? session.pendingStdout : session.pendingStderr;
+  const bufferChars = stream === "stdout" ? session.pendingStdoutChars : session.pendingStderrChars;
+  const pendingCap = Math.min(session.pendingMaxOutputChars ?? DEFAULT_PENDING_OUTPUT_CHARS, session.maxOutputChars);
+  buffer.push(chunk);
+  let pendingChars = bufferChars + chunk.length;
+  if (pendingChars > pendingCap) {
+    session.truncated = true;
+    pendingChars = capPendingBuffer(buffer, pendingChars, pendingCap);
+  }
+  if (stream === "stdout") {
+    session.pendingStdoutChars = pendingChars;
+  } else {
+    session.pendingStderrChars = pendingChars;
+  }
+  session.totalOutputChars += chunk.length;
+  const aggregated = trimWithCap(session.aggregated + chunk, session.maxOutputChars);
+  session.truncated = session.truncated || aggregated.length < session.aggregated.length + chunk.length;
+  session.aggregated = aggregated;
+  session.tail = tail(session.aggregated, 2000);
+}
+function drainSession(session) {
+  const stdout = session.pendingStdout.join("");
+  const stderr = session.pendingStderr.join("");
+  session.pendingStdout = [];
+  session.pendingStderr = [];
+  session.pendingStdoutChars = 0;
+  session.pendingStderrChars = 0;
+  return { stdout, stderr };
+}
+function moveToFinished(session, status) {
+  runningSessions.delete(session.id);
+  if (!session.backgrounded) {
+    return;
+  }
+  finishedSessions.set(session.id, {
+    id: session.id,
+    command: session.command,
+    scopeKey: session.scopeKey,
+    startedAt: session.startedAt,
+    endedAt: Date.now(),
+    cwd: session.cwd,
+    status,
+    exitCode: session.exitCode,
+    exitSignal: session.exitSignal,
+    aggregated: session.aggregated,
+    tail: session.tail,
+    truncated: session.truncated,
+    totalOutputChars: session.totalOutputChars
+  });
+}
+function markExited(session, exitCode, exitSignal, status) {
+  session.exited = true;
+  session.exitCode = exitCode;
+  session.exitSignal = exitSignal;
+  session.tail = tail(session.aggregated, 2000);
+  moveToFinished(session, status);
+}
+function markBackgrounded(session) {
+  session.backgrounded = true;
+}
+function listRunningSessions() {
+  return Array.from(runningSessions.values()).filter((s) => s.backgrounded);
+}
+function listFinishedSessions() {
+  return Array.from(finishedSessions.values());
+}
+function clearFinished() {
+  finishedSessions.clear();
+}
+function resetProcessRegistryForTests() {
+  runningSessions.clear();
+  finishedSessions.clear();
+  stopSweeper();
+}
+function setJobTtlMs(value) {
+  if (value === undefined || Number.isNaN(value)) {
+    return;
+  }
+  jobTtlMs = clampTtl(value);
+  stopSweeper();
+  startSweeper();
+}
+function pruneFinishedSessions() {
+  const cutoff = Date.now() - jobTtlMs;
+  for (const [id, session] of finishedSessions.entries()) {
+    if (session.endedAt < cutoff) {
+      finishedSessions.delete(id);
+    }
+  }
+}
+function startSweeper() {
+  if (sweeper) {
+    return;
+  }
+  sweeper = setInterval(pruneFinishedSessions, Math.max(30000, jobTtlMs / 6));
+  sweeper.unref();
+}
+function stopSweeper() {
+  if (!sweeper) {
+    return;
+  }
+  clearInterval(sweeper);
+  sweeper = null;
+}
+
+// services/shellService.ts
+var DEFAULT_TIMEOUT_SEC = 1800;
+
+class ShellService extends Service2 {
+  static serviceType = "shell";
+  shellConfig;
+  currentDirectory;
+  commandHistory;
+  maxHistoryPerConversation = 100;
+  scopeKey;
+  constructor(runtime) {
+    super(runtime);
+    this.shellConfig = loadShellConfig();
+    this.currentDirectory = this.shellConfig.allowedDirectory;
+    this.commandHistory = new Map;
+  }
+  static async start(runtime) {
+    const instance = new ShellService(runtime);
+    logger6.info("Shell service initialized with PTY, background execution, and history tracking");
+    return instance;
+  }
+  async stop() {
+    const runningSessions2 = listRunningSessions();
+    for (const session of runningSessions2) {
+      try {
+        killSession2(session);
+        logger6.debug(`Killed shell session: ${session.id}`);
+      } catch (err) {
+        logger6.warn(`Failed to kill shell session ${session.id}: ${err}`);
+      }
+    }
+    this.commandHistory.clear();
+    logger6.info(`Shell service stopped, cleaned up ${runningSessions2.length} running sessions`);
+  }
+  get capabilityDescription() {
+    return "Execute shell commands with PTY support, background execution, and session management";
+  }
+  getSandboxManager() {
+    const candidate = this.runtime.getSandboxManager?.();
+    return candidate ?? null;
+  }
+  toSandboxWorkdir(workdir) {
+    const relative = path7.relative(process.cwd(), path7.resolve(workdir));
+    if (relative === "")
+      return "/workspace";
+    if (!relative.startsWith("..") && !path7.isAbsolute(relative)) {
+      return `/workspace/${relative}`;
+    }
+    return;
+  }
+  async runSandboxCommand(command, workdir, timeoutMs, env) {
+    const sandboxManager = this.getSandboxManager();
+    if (!sandboxManager) {
+      logger6.error("[shell:sandbox] local-safe denied: SandboxManager unavailable");
+      return {
+        success: false,
+        stdout: "",
+        stderr: "local-safe mode requires SandboxManager, but no sandbox manager is available for command execution.",
+        exitCode: 1,
+        error: "Sandbox unavailable",
+        executedIn: workdir
+      };
+    }
+    const sandboxWorkdir = this.toSandboxWorkdir(workdir);
+    if (!sandboxWorkdir) {
+      return {
+        success: false,
+        stdout: "",
+        stderr: `local-safe mode can only execute inside the sandbox workspace; cwd is outside process workspace: ${workdir}`,
+        exitCode: 1,
+        error: "Sandbox unavailable",
+        executedIn: workdir
+      };
+    }
+    logger6.info(`[shell:sandbox] routing exec via SandboxManager: ${command.substring(0, 100)}`);
+    const result = await sandboxManager.exec({
+      command,
+      workdir: sandboxWorkdir,
+      timeoutMs,
+      env
+    });
+    logger6.info(`[shell:sandbox] exec completed: exit=${result.exitCode} duration=${result.durationMs}ms executedInSandbox=${result.executedInSandbox}`);
+    return {
+      success: result.exitCode === 0,
+      stdout: result.stdout,
+      stderr: result.stderr,
+      exitCode: result.exitCode,
+      executedIn: workdir
+    };
+  }
+  localTerminalUnsupportedMessage() {
+    const support = detectTerminalSupport();
+    return support.supported ? null : support.message ?? "Local terminal execution is unavailable.";
+  }
+  setScopeKey(scopeKey) {
+    this.scopeKey = scopeKey;
+  }
+  async executeCommand(command, conversationId) {
+    if (!command || typeof command !== "string") {
+      return {
+        success: false,
+        stdout: "",
+        stderr: "Invalid command",
+        exitCode: 1,
+        error: "Command must be a non-empty string",
+        executedIn: this.currentDirectory
+      };
+    }
+    if (isCloudExecutionMode(this.runtime)) {
+      logger6.error("[shell:cloud] local exec disabled in cloud mode");
+      return {
+        success: false,
+        stdout: "",
+        stderr: "Local shell execution disabled in cloud mode.",
+        exitCode: 1,
+        error: "Local shell execution disabled in cloud mode.",
+        executedIn: this.currentDirectory
+      };
+    }
+    const unsupported = this.localTerminalUnsupportedMessage();
+    if (unsupported) {
+      logger6.error(`[shell:unsupported] ${unsupported}`);
+      return {
+        success: false,
+        stdout: "",
+        stderr: unsupported,
+        exitCode: 1,
+        error: unsupported,
+        executedIn: this.currentDirectory
+      };
+    }
+    if (!shouldUseSandboxExecution(this.runtime) && this.runtime && "sandboxMode" in this.runtime && this.runtime.sandboxMode) {
+      const hostApiUrl = this.runtime.getSetting("SANDBOX_HOST_API_URL") ?? "http://localhost:2138";
+      const runtimeFetch = this.runtime.fetch ?? globalThis.fetch;
+      logger6.info(`[shell:sandbox] routing exec to ${hostApiUrl}: ${command.substring(0, 100)}`);
+      try {
+        const response = await runtimeFetch(`${hostApiUrl}/api/sandbox/exec`, {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({
+            command,
+            workdir: this.currentDirectory,
+            timeoutMs: 30000
+          })
+        });
+        const result2 = await response.json();
+        logger6.info(`[shell:sandbox] exec completed: exit=${result2.exitCode} duration=${result2.durationMs}ms`);
+        return {
+          success: result2.exitCode === 0,
+          stdout: result2.stdout,
+          stderr: result2.stderr,
+          exitCode: result2.exitCode,
+          executedIn: this.currentDirectory
+        };
+      } catch (err) {
+        const errMsg = err instanceof Error ? err.message : String(err);
+        logger6.error(`[shell:sandbox] exec failed: ${errMsg}`);
+        return {
+          success: false,
+          stdout: "",
+          stderr: `Sandbox exec failed: ${errMsg}`,
+          exitCode: 1,
+          error: "Sandbox remote execution failed",
+          executedIn: this.currentDirectory
+        };
+      }
+    }
+    const trimmedCommand = command.trim();
+    const missingTool = missingTerminalToolForCommand(trimmedCommand);
+    if (missingTool) {
+      const message = missingToolMessage(missingTool);
+      return {
+        success: false,
+        stdout: "",
+        stderr: message,
+        exitCode: 1,
+        error: message,
+        executedIn: this.currentDirectory
+      };
+    }
+    if (!isSafeCommand(trimmedCommand)) {
+      return {
+        success: false,
+        stdout: "",
+        stderr: "Command contains forbidden patterns",
+        exitCode: 1,
+        error: "Security policy violation",
+        executedIn: this.currentDirectory
+      };
+    }
+    if (isForbiddenCommand(trimmedCommand, this.shellConfig.forbiddenCommands)) {
+      return {
+        success: false,
+        stdout: "",
+        stderr: "Command is forbidden by security policy",
+        exitCode: 1,
+        error: "Forbidden command",
+        executedIn: this.currentDirectory
+      };
+    }
+    if (trimmedCommand.startsWith("cd ")) {
+      const result2 = await this.handleCdCommand(trimmedCommand);
+      this.addToHistory(conversationId, trimmedCommand, result2);
+      return result2;
+    }
+    const result = shouldUseSandboxExecution(this.runtime) ? await this.runSandboxCommand(trimmedCommand, this.currentDirectory, 30000) : await this.runCommandSimple(trimmedCommand);
+    if (result.success) {
+      const fileOps = this.detectFileOperations(trimmedCommand, this.currentDirectory);
+      if (fileOps && conversationId) {
+        this.addToHistory(conversationId, trimmedCommand, result, fileOps);
+      } else {
+        this.addToHistory(conversationId, trimmedCommand, result);
+      }
+    } else {
+      this.addToHistory(conversationId, trimmedCommand, result);
+    }
+    return result;
+  }
+  async exec(command, options = {}) {
+    if (!command || typeof command !== "string") {
+      return {
+        status: "failed",
+        exitCode: 1,
+        durationMs: 0,
+        aggregated: "Invalid command",
+        reason: "Command must be a non-empty string"
+      };
+    }
+    if (isCloudExecutionMode(this.runtime)) {
+      logger6.error("[shell:cloud] local exec disabled in cloud mode");
+      return {
+        status: "failed",
+        exitCode: 1,
+        durationMs: 0,
+        aggregated: "",
+        reason: "Local shell execution disabled in cloud mode."
+      };
+    }
+    const unsupported = this.localTerminalUnsupportedMessage();
+    if (unsupported) {
+      logger6.error(`[shell:unsupported] ${unsupported}`);
+      return {
+        status: "failed",
+        exitCode: 1,
+        durationMs: 0,
+        aggregated: "",
+        reason: unsupported
+      };
+    }
+    const trimmedCommand = command.trim();
+    const missingTool = missingTerminalToolForCommand(trimmedCommand);
+    if (missingTool) {
+      const message = missingToolMessage(missingTool);
+      return {
+        status: "failed",
+        exitCode: 1,
+        durationMs: 0,
+        aggregated: "",
+        reason: message
+      };
+    }
+    if (!isSafeCommand(trimmedCommand)) {
+      return {
+        status: "failed",
+        exitCode: 1,
+        durationMs: 0,
+        aggregated: "Command contains forbidden patterns",
+        reason: "Security policy violation"
+      };
+    }
+    if (isForbiddenCommand(trimmedCommand, this.shellConfig.forbiddenCommands)) {
+      return {
+        status: "failed",
+        exitCode: 1,
+        durationMs: 0,
+        aggregated: "Command is forbidden by security policy",
+        reason: "Forbidden command"
+      };
+    }
+    const warnings = [];
+    const maxOutput = this.shellConfig.maxOutputChars;
+    const pendingMaxOutput = this.shellConfig.pendingMaxOutputChars;
+    const defaultBackgroundMs = this.shellConfig.defaultBackgroundMs;
+    const allowBackground = this.shellConfig.allowBackground;
+    const backgroundRequested = options.background === true;
+    const yieldRequested = typeof options.yieldMs === "number";
+    if (!allowBackground && (backgroundRequested || yieldRequested)) {
+      warnings.push("Warning: background execution is disabled; running synchronously.");
+    }
+    const yieldWindow = allowBackground ? backgroundRequested ? 0 : clampNumber2(options.yieldMs ?? defaultBackgroundMs, defaultBackgroundMs, 10, 120000) : null;
+    const rawWorkdir = options.workdir?.trim() || this.currentDirectory || process.cwd();
+    const resolvedWorkdir = resolveWorkdir2(rawWorkdir, warnings);
+    const validatedWorkdir = validatePath(resolvedWorkdir, this.shellConfig.allowedDirectory, this.currentDirectory);
+    if (!validatedWorkdir) {
+      return {
+        status: "failed",
+        exitCode: 1,
+        durationMs: 0,
+        aggregated: "",
+        reason: `workdir is outside allowed directory: ${resolvedWorkdir}`
+      };
+    }
+    const workdir = validatedWorkdir;
+    const baseEnv = coerceEnv2(process.env);
+    const mergedEnv = options.env ? { ...baseEnv, ...options.env } : baseEnv;
+    const timeoutSec = typeof options.timeout === "number" && options.timeout > 0 ? options.timeout : DEFAULT_TIMEOUT_SEC;
+    const usePty = options.pty === true;
+    const notifyOnExit = options.notifyOnExit !== false;
+    if (shouldUseSandboxExecution(this.runtime)) {
+      if (backgroundRequested || yieldRequested || usePty) {
+        warnings.push("Warning: local-safe sandbox execution runs synchronously; background, yield, and PTY options are ignored.");
+      }
+      const startedAt = Date.now();
+      const sandboxResult = await this.runSandboxCommand(trimmedCommand, workdir, timeoutSec * 1000, mergedEnv);
+      const warningText2 = warnings.length ? `${warnings.join(`
+`)}
+
+` : "";
+      const aggregated = [sandboxResult.stdout, sandboxResult.stderr].filter(Boolean).join(`
+`);
+      if (!sandboxResult.success) {
+        return {
+          status: "failed",
+          exitCode: sandboxResult.exitCode,
+          durationMs: Date.now() - startedAt,
+          aggregated,
+          cwd: workdir,
+          reason: `${warningText2}${sandboxResult.error ?? sandboxResult.stderr}`
+        };
+      }
+      return {
+        status: "completed",
+        exitCode: sandboxResult.exitCode,
+        durationMs: Date.now() - startedAt,
+        aggregated: `${warningText2}${aggregated || "(no output)"}`,
+        cwd: workdir
+      };
+    }
+    const handle = await this.runExecProcess({
+      command: trimmedCommand,
+      workdir,
+      env: mergedEnv,
+      usePty,
+      warnings,
+      maxOutput,
+      pendingMaxOutput,
+      notifyOnExit,
+      scopeKey: options.scopeKey ?? this.scopeKey,
+      sessionKey: options.sessionKey,
+      timeoutSec,
+      onUpdate: options.onUpdate
+    });
+    if (allowBackground && yieldWindow !== null) {
+      if (yieldWindow === 0) {
+        markBackgrounded(handle.session);
+        return {
+          status: "running",
+          sessionId: handle.session.id,
+          pid: handle.session.pid,
+          startedAt: handle.startedAt,
+          cwd: handle.session.cwd,
+          tail: handle.session.tail
+        };
+      }
+      const raceResult = await Promise.race([
+        handle.promise,
+        new Promise((resolve) => setTimeout(() => resolve("yield"), yieldWindow))
+      ]);
+      if (raceResult === "yield" && !handle.session.exited) {
+        markBackgrounded(handle.session);
+        const warningText3 = warnings.length ? `${warnings.join(`
+`)}
+
+` : "";
+        return {
+          status: "running",
+          sessionId: handle.session.id,
+          pid: handle.session.pid,
+          startedAt: handle.startedAt,
+          cwd: handle.session.cwd,
+          tail: `${warningText3}Command still running (session ${handle.session.id}, pid ${handle.session.pid ?? "n/a"}).`
+        };
+      }
+      const outcome2 = raceResult === "yield" ? await handle.promise : raceResult;
+      const warningText2 = warnings.length ? `${warnings.join(`
+`)}
+
+` : "";
+      if (outcome2.status === "failed") {
+        return {
+          status: "failed",
+          exitCode: outcome2.exitCode ?? null,
+          durationMs: outcome2.durationMs,
+          aggregated: outcome2.aggregated,
+          cwd: workdir,
+          timedOut: outcome2.timedOut,
+          reason: `${warningText2}${outcome2.reason ?? "Command failed."}`
+        };
+      }
+      return {
+        status: "completed",
+        exitCode: outcome2.exitCode ?? 0,
+        durationMs: outcome2.durationMs,
+        aggregated: `${warningText2}${outcome2.aggregated || "(no output)"}`,
+        cwd: workdir
+      };
+    }
+    const outcome = await handle.promise;
+    const warningText = warnings.length ? `${warnings.join(`
+`)}
+
+` : "";
+    if (outcome.status === "failed") {
+      return {
+        status: "failed",
+        exitCode: outcome.exitCode ?? null,
+        durationMs: outcome.durationMs,
+        aggregated: outcome.aggregated,
+        cwd: workdir,
+        timedOut: outcome.timedOut,
+        reason: `${warningText}${outcome.reason ?? "Command failed."}`
+      };
+    }
+    return {
+      status: "completed",
+      exitCode: outcome.exitCode ?? 0,
+      durationMs: outcome.durationMs,
+      aggregated: `${warningText}${outcome.aggregated || "(no output)"}`,
+      cwd: workdir
+    };
+  }
+  async processAction(params) {
+    const scopeKey = this.scopeKey;
+    const isInScope = (session2) => !scopeKey || session2?.scopeKey === scopeKey;
+    if (params.action === "list") {
+      const running = listRunningSessions().filter((s) => isInScope(s)).map((s) => ({
+        sessionId: s.id,
+        status: "running",
+        pid: s.pid ?? undefined,
+        startedAt: s.startedAt,
+        runtimeMs: Date.now() - s.startedAt,
+        cwd: s.cwd,
+        command: s.command,
+        name: deriveSessionName2(s.command),
+        tail: s.tail,
+        truncated: s.truncated
+      }));
+      const finished2 = listFinishedSessions().filter((s) => isInScope(s)).map((s) => ({
+        sessionId: s.id,
+        status: s.status,
+        startedAt: s.startedAt,
+        endedAt: s.endedAt,
+        runtimeMs: s.endedAt - s.startedAt,
+        cwd: s.cwd,
+        command: s.command,
+        name: deriveSessionName2(s.command),
+        tail: s.tail,
+        truncated: s.truncated,
+        exitCode: s.exitCode ?? undefined,
+        exitSignal: s.exitSignal ?? undefined
+      }));
+      const sessions = [...running, ...finished2].slice().sort((a, b) => b.startedAt - a.startedAt);
+      const lines = sessions.map((s) => {
+        const label = s.name ? truncateMiddle2(s.name, 80) : truncateMiddle2(s.command, 120);
+        return `${s.sessionId} ${pad2(s.status, 9)} ${formatDuration2(s.runtimeMs)} :: ${label}`;
+      });
+      return {
+        success: true,
+        message: lines.join(`
+`) || "No running or recent sessions.",
+        data: { sessions }
+      };
+    }
+    if (!params.sessionId) {
+      return {
+        success: false,
+        message: "sessionId is required for this action."
+      };
+    }
+    const session = getSession(params.sessionId);
+    const finished = getFinishedSession(params.sessionId);
+    const scopedSession = isInScope(session) ? session : undefined;
+    const scopedFinished = isInScope(finished) ? finished : undefined;
+    switch (params.action) {
+      case "poll": {
+        if (!scopedSession) {
+          if (scopedFinished) {
+            return {
+              success: true,
+              message: (scopedFinished.tail || `(no output recorded${scopedFinished.truncated ? " — truncated to cap" : ""})`) + `
+
+Process exited with ${scopedFinished.exitSignal ? `signal ${scopedFinished.exitSignal}` : `code ${scopedFinished.exitCode ?? 0}`}.`,
+              data: {
+                status: scopedFinished.status === "completed" ? "completed" : "failed",
+                sessionId: params.sessionId,
+                exitCode: scopedFinished.exitCode ?? undefined,
+                aggregated: scopedFinished.aggregated,
+                name: deriveSessionName2(scopedFinished.command)
+              }
+            };
+          }
+          return {
+            success: false,
+            message: `No session found for ${params.sessionId}`
+          };
+        }
+        if (!scopedSession.backgrounded) {
+          return {
+            success: false,
+            message: `Session ${params.sessionId} is not backgrounded.`
+          };
+        }
+        const { stdout, stderr } = drainSession(scopedSession);
+        const exited = scopedSession.exited;
+        const exitCode = scopedSession.exitCode ?? 0;
+        const exitSignal = scopedSession.exitSignal ?? undefined;
+        if (exited) {
+          const status2 = exitCode === 0 && exitSignal == null ? "completed" : "failed";
+          markExited(scopedSession, scopedSession.exitCode ?? null, scopedSession.exitSignal ?? null, status2);
+        }
+        const status = exited ? exitCode === 0 && exitSignal == null ? "completed" : "failed" : "running";
+        const output = [stdout.trimEnd(), stderr.trimEnd()].filter(Boolean).join(`
+`).trim();
+        return {
+          success: true,
+          message: (output || "(no new output)") + (exited ? `
+
+Process exited with ${exitSignal ? `signal ${exitSignal}` : `code ${exitCode}`}.` : `
+
+Process still running.`),
+          data: {
+            status,
+            sessionId: params.sessionId,
+            exitCode: exited ? exitCode : undefined,
+            aggregated: scopedSession.aggregated,
+            name: deriveSessionName2(scopedSession.command)
+          }
+        };
+      }
+      case "log": {
+        if (scopedSession) {
+          if (!scopedSession.backgrounded) {
+            return {
+              success: false,
+              message: `Session ${params.sessionId} is not backgrounded.`
+            };
+          }
+          const { slice, totalLines, totalChars } = sliceLogLines2(scopedSession.aggregated, params.offset, params.limit);
+          return {
+            success: true,
+            message: slice || "(no output yet)",
+            data: {
+              status: scopedSession.exited ? "completed" : "running",
+              sessionId: params.sessionId,
+              totalLines,
+              totalChars,
+              truncated: scopedSession.truncated,
+              name: deriveSessionName2(scopedSession.command)
+            }
+          };
+        }
+        if (scopedFinished) {
+          const { slice, totalLines, totalChars } = sliceLogLines2(scopedFinished.aggregated, params.offset, params.limit);
+          const status = scopedFinished.status === "completed" ? "completed" : "failed";
+          return {
+            success: true,
+            message: slice || "(no output recorded)",
+            data: {
+              status,
+              sessionId: params.sessionId,
+              totalLines,
+              totalChars,
+              truncated: scopedFinished.truncated,
+              exitCode: scopedFinished.exitCode ?? undefined,
+              exitSignal: scopedFinished.exitSignal ?? undefined,
+              name: deriveSessionName2(scopedFinished.command)
+            }
+          };
+        }
+        return {
+          success: false,
+          message: `No session found for ${params.sessionId}`
+        };
+      }
+      case "write": {
+        if (!scopedSession) {
+          return {
+            success: false,
+            message: `No active session found for ${params.sessionId}`
+          };
+        }
+        if (!scopedSession.backgrounded) {
+          return {
+            success: false,
+            message: `Session ${params.sessionId} is not backgrounded.`
+          };
+        }
+        const stdin = scopedSession.stdin ?? scopedSession.child?.stdin;
+        if (!stdin || stdin.destroyed) {
+          return {
+            success: false,
+            message: `Session ${params.sessionId} stdin is not writable.`
+          };
+        }
+        await new Promise((resolve, reject) => {
+          stdin.write(params.data ?? "", (err) => {
+            if (err)
+              reject(err);
+            else
+              resolve();
+          });
+        });
+        if (params.eof) {
+          stdin.end();
+        }
+        return {
+          success: true,
+          message: `Wrote ${(params.data ?? "").length} bytes to session ${params.sessionId}${params.eof ? " (stdin closed)" : ""}.`,
+          data: {
+            sessionId: params.sessionId,
+            name: deriveSessionName2(scopedSession.command)
+          }
+        };
+      }
+      case "send-keys": {
+        if (!scopedSession) {
+          return {
+            success: false,
+            message: `No active session found for ${params.sessionId}`
+          };
+        }
+        if (!scopedSession.backgrounded) {
+          return {
+            success: false,
+            message: `Session ${params.sessionId} is not backgrounded.`
+          };
+        }
+        const stdin = scopedSession.stdin ?? scopedSession.child?.stdin;
+        if (!stdin || stdin.destroyed) {
+          return {
+            success: false,
+            message: `Session ${params.sessionId} stdin is not writable.`
+          };
+        }
+        const { data, warnings } = encodeKeySequence2({
+          keys: params.keys,
+          hex: params.hex,
+          literal: params.literal
+        });
+        if (!data) {
+          return { success: false, message: "No key data provided." };
+        }
+        await new Promise((resolve, reject) => {
+          stdin.write(data, (err) => {
+            if (err)
+              reject(err);
+            else
+              resolve();
+          });
+        });
+        return {
+          success: true,
+          message: `Sent ${data.length} bytes to session ${params.sessionId}.` + (warnings.length ? `
+Warnings:
+- ${warnings.join(`
+- `)}` : ""),
+          data: {
+            sessionId: params.sessionId,
+            name: deriveSessionName2(scopedSession.command)
+          }
+        };
+      }
+      case "submit": {
+        if (!scopedSession) {
+          return {
+            success: false,
+            message: `No active session found for ${params.sessionId}`
+          };
+        }
+        if (!scopedSession.backgrounded) {
+          return {
+            success: false,
+            message: `Session ${params.sessionId} is not backgrounded.`
+          };
+        }
+        const stdin = scopedSession.stdin ?? scopedSession.child?.stdin;
+        if (!stdin || stdin.destroyed) {
+          return {
+            success: false,
+            message: `Session ${params.sessionId} stdin is not writable.`
+          };
+        }
+        await new Promise((resolve, reject) => {
+          stdin.write("\r", (err) => {
+            if (err)
+              reject(err);
+            else
+              resolve();
+          });
+        });
+        return {
+          success: true,
+          message: `Submitted session ${params.sessionId} (sent CR).`,
+          data: {
+            sessionId: params.sessionId,
+            name: deriveSessionName2(scopedSession.command)
+          }
+        };
+      }
+      case "paste": {
+        if (!scopedSession) {
+          return {
+            success: false,
+            message: `No active session found for ${params.sessionId}`
+          };
+        }
+        if (!scopedSession.backgrounded) {
+          return {
+            success: false,
+            message: `Session ${params.sessionId} is not backgrounded.`
+          };
+        }
+        const stdin = scopedSession.stdin ?? scopedSession.child?.stdin;
+        if (!stdin || stdin.destroyed) {
+          return {
+            success: false,
+            message: `Session ${params.sessionId} stdin is not writable.`
+          };
+        }
+        const payload = encodePaste2(params.text ?? "", params.bracketed !== false);
+        if (!payload) {
+          return { success: false, message: "No paste text provided." };
+        }
+        await new Promise((resolve, reject) => {
+          stdin.write(payload, (err) => {
+            if (err)
+              reject(err);
+            else
+              resolve();
+          });
+        });
+        return {
+          success: true,
+          message: `Pasted ${params.text?.length ?? 0} chars to session ${params.sessionId}.`,
+          data: {
+            sessionId: params.sessionId,
+            name: deriveSessionName2(scopedSession.command)
+          }
+        };
+      }
+      case "kill": {
+        if (!scopedSession) {
+          return {
+            success: false,
+            message: `No active session found for ${params.sessionId}`
+          };
+        }
+        if (!scopedSession.backgrounded) {
+          return {
+            success: false,
+            message: `Session ${params.sessionId} is not backgrounded.`
+          };
+        }
+        killSession2(scopedSession);
+        markExited(scopedSession, null, "SIGKILL", "failed");
+        return {
+          success: true,
+          message: `Killed session ${params.sessionId}.`,
+          data: { name: deriveSessionName2(scopedSession.command) }
+        };
+      }
+      case "clear": {
+        if (scopedFinished) {
+          deleteSession(params.sessionId);
+          return {
+            success: true,
+            message: `Cleared session ${params.sessionId}.`
+          };
+        }
+        return {
+          success: false,
+          message: `No finished session found for ${params.sessionId}`
+        };
+      }
+      case "remove": {
+        if (scopedSession) {
+          killSession2(scopedSession);
+          markExited(scopedSession, null, "SIGKILL", "failed");
+          return {
+            success: true,
+            message: `Removed session ${params.sessionId}.`,
+            data: { name: deriveSessionName2(scopedSession.command) }
+          };
+        }
+        if (scopedFinished) {
+          deleteSession(params.sessionId);
+          return {
+            success: true,
+            message: `Removed session ${params.sessionId}.`
+          };
+        }
+        return {
+          success: false,
+          message: `No session found for ${params.sessionId}`
+        };
+      }
+    }
+    return {
+      success: false,
+      message: `Unknown action ${params.action}`
+    };
+  }
+  listRunningSessions() {
+    const scopeKey = this.scopeKey;
+    return listRunningSessions().filter((s) => !scopeKey || s.scopeKey === scopeKey);
+  }
+  listFinishedSessions() {
+    const scopeKey = this.scopeKey;
+    return listFinishedSessions().filter((s) => !scopeKey || s.scopeKey === scopeKey);
+  }
+  getSession(id) {
+    const session = getSession(id);
+    if (!session)
+      return;
+    if (this.scopeKey && session.scopeKey !== this.scopeKey)
+      return;
+    return session;
+  }
+  getFinishedSession(id) {
+    const session = getFinishedSession(id);
+    if (!session)
+      return;
+    if (this.scopeKey && session.scopeKey !== this.scopeKey)
+      return;
+    return session;
+  }
+  killSessionById(id) {
+    const session = this.getSession(id);
+    if (!session)
+      return false;
+    killSession2(session);
+    markExited(session, null, "SIGKILL", "killed");
+    return true;
+  }
+  getCommandHistory(conversationId, limit) {
+    const history = this.commandHistory.get(conversationId) || [];
+    if (limit && limit > 0) {
+      return history.slice(-limit);
+    }
+    return history;
+  }
+  clearCommandHistory(conversationId) {
+    this.commandHistory.delete(conversationId);
+    logger6.info(`Cleared command history for conversation: ${conversationId}`);
+  }
+  getCurrentDirectory(_conversationId) {
+    return this.currentDirectory;
+  }
+  setCurrentDirectory(directory) {
+    const validatedPath = validatePath(directory, this.shellConfig.allowedDirectory, this.currentDirectory);
+    if (!validatedPath) {
+      return false;
+    }
+    this.currentDirectory = validatedPath;
+    return true;
+  }
+  getAllowedDirectory() {
+    return this.shellConfig.allowedDirectory;
+  }
+  getShellConfig() {
+    return { ...this.shellConfig };
+  }
+  async handleCdCommand(command) {
+    const parts = command.split(/\s+/);
+    if (parts.length < 2) {
+      this.currentDirectory = this.shellConfig.allowedDirectory;
+      return {
+        success: true,
+        stdout: `Changed directory to: ${this.currentDirectory}`,
+        stderr: "",
+        exitCode: 0,
+        executedIn: this.currentDirectory
+      };
+    }
+    const targetPath = parts.slice(1).join(" ");
+    const validatedPath = validatePath(targetPath, this.shellConfig.allowedDirectory, this.currentDirectory);
+    if (!validatedPath) {
+      return {
+        success: false,
+        stdout: "",
+        stderr: "Cannot navigate outside allowed directory",
+        exitCode: 1,
+        error: "Permission denied",
+        executedIn: this.currentDirectory
+      };
+    }
+    this.currentDirectory = validatedPath;
+    return {
+      success: true,
+      stdout: `Changed directory to: ${this.currentDirectory}`,
+      stderr: "",
+      exitCode: 0,
+      executedIn: this.currentDirectory
+    };
+  }
+  async runCommandSimple(command) {
+    return new Promise((resolve) => {
+      const useShell = command.includes(">") || command.includes("<") || command.includes("|");
+      let cmd;
+      let args;
+      if (useShell) {
+        const shell = getShellConfig2();
+        cmd = shell.shell;
+        args = [...shell.args, command];
+        logger6.info(`Executing shell command: ${cmd} ${shell.args.join(" ")} "${command}" in ${this.currentDirectory}`);
+      } else {
+        const parts = command.split(/\s+/);
+        cmd = parts[0];
+        args = parts.slice(1);
+        logger6.info(`Executing command: ${cmd} ${args.join(" ")} in ${this.currentDirectory}`);
+      }
+      let stdout = "";
+      let stderr = "";
+      let timedOut = false;
+      const child = spawn2(cmd, args, {
+        cwd: this.currentDirectory,
+        env: process.env,
+        shell: false
+      });
+      const timeout = setTimeout(() => {
+        timedOut = true;
+        child.kill("SIGTERM");
+        setTimeout(() => {
+          if (!child.killed) {
+            child.kill("SIGKILL");
+          }
+        }, 5000);
+      }, this.shellConfig.timeout);
+      if (child.stdout) {
+        child.stdout.on("data", (data) => {
+          stdout += data.toString();
+        });
+      }
+      if (child.stderr) {
+        child.stderr.on("data", (data) => {
+          stderr += data.toString();
+        });
+      }
+      child.on("exit", (code) => {
+        clearTimeout(timeout);
+        if (timedOut) {
+          resolve({
+            success: false,
+            stdout,
+            stderr: `${stderr}
+Command timed out`,
+            exitCode: code,
+            error: "Command execution timeout",
+            executedIn: this.currentDirectory
+          });
+          return;
+        }
+        resolve({
+          success: code === 0,
+          stdout,
+          stderr,
+          exitCode: code,
+          executedIn: this.currentDirectory
+        });
+      });
+      child.on("error", (err) => {
+        clearTimeout(timeout);
+        resolve({
+          success: false,
+          stdout,
+          stderr: err.message,
+          exitCode: 1,
+          error: "Failed to execute command",
+          executedIn: this.currentDirectory
+        });
+      });
+    });
+  }
+  async runExecProcess(opts) {
+    const startedAt = Date.now();
+    const sessionId = createSessionSlug();
+    let child = null;
+    let pty = null;
+    let stdin;
+    if (opts.usePty) {
+      const { shell, args: shellArgs } = getShellConfig2();
+      try {
+        const ptyModule = await import("@lydell/node-pty");
+        const spawnPty = ptyModule.spawn ?? ptyModule.default?.spawn;
+        if (!spawnPty) {
+          throw new Error("PTY support is unavailable (node-pty spawn not found).");
+        }
+        pty = spawnPty(shell, [...shellArgs, opts.command], {
+          cwd: opts.workdir,
+          env: opts.env,
+          name: process.env.TERM ?? "xterm-256color",
+          cols: 120,
+          rows: 30
+        });
+        stdin = {
+          destroyed: false,
+          write: (data, cb) => {
+            try {
+              pty?.write(data);
+              cb?.(null);
+            } catch (err) {
+              cb?.(err);
+            }
+          },
+          end: () => {
+            try {
+              const eof = process.platform === "win32" ? "\x1A" : "\x04";
+              pty?.write(eof);
+            } catch {}
+          }
+        };
+      } catch (err) {
+        const errText = String(err);
+        const warning = `Warning: PTY spawn failed (${errText}); retrying without PTY.`;
+        logger6.warn(`exec: PTY spawn failed (${errText}); retrying without PTY.`);
+        opts.warnings.push(warning);
+      }
+    }
+    if (!pty) {
+      const { shell, args: shellArgs } = getShellConfig2();
+      const proc = spawn2(shell, [...shellArgs, opts.command], {
+        cwd: opts.workdir,
+        env: opts.env,
+        detached: process.platform !== "win32",
+        stdio: ["pipe", "pipe", "pipe"],
+        windowsHide: true
+      });
+      child = proc;
+      stdin = child.stdin;
+    }
+    const session = {
+      id: sessionId,
+      command: opts.command,
+      scopeKey: opts.scopeKey,
+      sessionKey: opts.sessionKey,
+      notifyOnExit: opts.notifyOnExit,
+      exitNotified: false,
+      child: child ?? undefined,
+      stdin,
+      pid: child?.pid ?? pty?.pid,
+      startedAt,
+      cwd: opts.workdir,
+      maxOutputChars: opts.maxOutput,
+      pendingMaxOutputChars: opts.pendingMaxOutput,
+      totalOutputChars: 0,
+      pendingStdout: [],
+      pendingStderr: [],
+      pendingStdoutChars: 0,
+      pendingStderrChars: 0,
+      aggregated: "",
+      tail: "",
+      exited: false,
+      exitCode: undefined,
+      exitSignal: undefined,
+      truncated: false,
+      backgrounded: false
+    };
+    addSession(session);
+    let settled = false;
+    let timeoutTimer = null;
+    let timeoutFinalizeTimer = null;
+    let timedOut = false;
+    const timeoutFinalizeMs = 1000;
+    let resolveFn = null;
+    const settle = (outcome) => {
+      if (settled) {
+        return;
+      }
+      settled = true;
+      resolveFn?.(outcome);
+    };
+    const finalizeTimeout = () => {
+      if (session.exited) {
+        return;
+      }
+      markExited(session, null, "SIGKILL", "failed");
+      const aggregated = session.aggregated.trim();
+      const reason = `Command timed out after ${opts.timeoutSec} seconds`;
+      settle({
+        status: "failed",
+        exitCode: null,
+        exitSignal: "SIGKILL",
+        durationMs: Date.now() - startedAt,
+        aggregated,
+        timedOut: true,
+        reason: aggregated ? `${aggregated}
+
+${reason}` : reason
+      });
+    };
+    const onTimeout = () => {
+      timedOut = true;
+      killSession2(session);
+      if (!timeoutFinalizeTimer) {
+        timeoutFinalizeTimer = setTimeout(() => {
+          finalizeTimeout();
+        }, timeoutFinalizeMs);
+      }
+    };
+    if (opts.timeoutSec > 0) {
+      timeoutTimer = setTimeout(() => {
+        onTimeout();
+      }, opts.timeoutSec * 1000);
+    }
+    const emitUpdate = () => {
+      if (opts.onUpdate) {
+        opts.onUpdate(session);
+      }
+    };
+    const handleStdout = (data) => {
+      const str = sanitizeBinaryOutput2(data.toString());
+      for (const chunk of chunkString2(str)) {
+        appendOutput(session, "stdout", chunk);
+        emitUpdate();
+      }
+    };
+    const handleStderr = (data) => {
+      const str = sanitizeBinaryOutput2(data.toString());
+      for (const chunk of chunkString2(str)) {
+        appendOutput(session, "stderr", chunk);
+        emitUpdate();
+      }
+    };
+    if (pty) {
+      const cursorResponse = buildCursorPositionResponse2();
+      pty.onData((data) => {
+        const raw = data.toString();
+        const { cleaned, requests } = stripDsrRequests2(raw);
+        if (requests > 0) {
+          for (let i = 0;i < requests; i += 1) {
+            pty.write(cursorResponse);
+          }
+        }
+        handleStdout(cleaned);
+      });
+    } else if (child) {
+      child.stdout.on("data", handleStdout);
+      child.stderr.on("data", handleStderr);
+    }
+    const promise = new Promise((resolve) => {
+      resolveFn = resolve;
+      const handleExit = (code, exitSignal) => {
+        if (timeoutTimer) {
+          clearTimeout(timeoutTimer);
+        }
+        if (timeoutFinalizeTimer) {
+          clearTimeout(timeoutFinalizeTimer);
+        }
+        const durationMs = Date.now() - startedAt;
+        const wasSignal = exitSignal != null;
+        const isSuccess = code === 0 && !wasSignal && !timedOut;
+        const status = isSuccess ? "completed" : "failed";
+        markExited(session, code, exitSignal, status);
+        if (!session.child && session.stdin) {
+          session.stdin.destroyed = true;
+        }
+        if (settled) {
+          return;
+        }
+        const aggregated = session.aggregated.trim();
+        if (!isSuccess) {
+          const reason = timedOut ? `Command timed out after ${opts.timeoutSec} seconds` : wasSignal && exitSignal ? `Command aborted by signal ${exitSignal}` : code === null ? "Command aborted before exit code was captured" : `Command exited with code ${code}`;
+          const message = aggregated ? `${aggregated}
+
+${reason}` : reason;
+          settle({
+            status: "failed",
+            exitCode: code ?? null,
+            exitSignal: exitSignal ?? null,
+            durationMs,
+            aggregated,
+            timedOut,
+            reason: message
+          });
+          return;
+        }
+        settle({
+          status: "completed",
+          exitCode: code,
+          exitSignal: exitSignal ?? null,
+          durationMs,
+          aggregated,
+          timedOut: false
+        });
+      };
+      if (pty) {
+        pty.onExit((event) => {
+          const rawSignal = event.signal ?? null;
+          const normalizedSignal = rawSignal === 0 ? null : rawSignal;
+          handleExit(event.exitCode, normalizedSignal);
+        });
+      } else if (child) {
+        child.once("close", (code, exitSignal) => {
+          handleExit(code, exitSignal);
+        });
+        child.once("error", (err) => {
+          if (timeoutTimer) {
+            clearTimeout(timeoutTimer);
+          }
+          if (timeoutFinalizeTimer) {
+            clearTimeout(timeoutFinalizeTimer);
+          }
+          markExited(session, null, null, "failed");
+          const aggregated = session.aggregated.trim();
+          const message = aggregated ? `${aggregated}
+
+${String(err)}` : String(err);
+          settle({
+            status: "failed",
+            exitCode: null,
+            exitSignal: null,
+            durationMs: Date.now() - startedAt,
+            aggregated,
+            timedOut,
+            reason: message
+          });
+        });
+      }
+    });
+    return {
+      session,
+      startedAt,
+      promise,
+      kill: () => killSession2(session)
+    };
+  }
+  addToHistory(conversationId, command, result, fileOperations) {
+    if (!conversationId)
+      return;
+    const historyEntry = {
+      command,
+      stdout: result.stdout,
+      stderr: result.stderr,
+      exitCode: result.exitCode,
+      timestamp: Date.now(),
+      workingDirectory: result.executedIn,
+      fileOperations
+    };
+    if (!this.commandHistory.has(conversationId)) {
+      this.commandHistory.set(conversationId, []);
+    }
+    const history = this.commandHistory.get(conversationId);
+    if (!history) {
+      throw new Error(`No history found for conversation ${conversationId}`);
+    }
+    history.push(historyEntry);
+    if (history.length > this.maxHistoryPerConversation) {
+      history.shift();
+    }
+  }
+  detectFileOperations(command, cwd) {
+    const operations = [];
+    const parts = command.trim().split(/\s+/);
+    const cmd = parts[0].toLowerCase();
+    if (cmd === "touch" && parts.length > 1) {
+      operations.push({
+        type: "create",
+        target: this.resolvePath(parts[1], cwd)
+      });
+    } else if (cmd === "echo" && command.includes(">")) {
+      const match = command.match(/>\s*([^\s]+)$/);
+      if (match) {
+        operations.push({
+          type: "write",
+          target: this.resolvePath(match[1], cwd)
+        });
+      }
+    } else if (cmd === "mkdir" && parts.length > 1) {
+      operations.push({
+        type: "mkdir",
+        target: this.resolvePath(parts[1], cwd)
+      });
+    } else if (cmd === "cat" && parts.length > 1 && !command.includes(">")) {
+      operations.push({
+        type: "read",
+        target: this.resolvePath(parts[1], cwd)
+      });
+    } else if (cmd === "mv" && parts.length > 2) {
+      operations.push({
+        type: "move",
+        target: this.resolvePath(parts[1], cwd),
+        secondaryTarget: this.resolvePath(parts[2], cwd)
+      });
+    } else if (cmd === "cp" && parts.length > 2) {
+      operations.push({
+        type: "copy",
+        target: this.resolvePath(parts[1], cwd),
+        secondaryTarget: this.resolvePath(parts[2], cwd)
+      });
+    }
+    return operations.length > 0 ? operations : undefined;
+  }
+  resolvePath(filePath, cwd) {
+    if (path7.isAbsolute(filePath)) {
+      return filePath;
+    }
+    return path7.join(cwd, filePath);
+  }
+}
+
+// index.ts
+function terminalSupportedByEnv(env) {
+  const variant = (env.ELIZA_BUILD_VARIANT ?? "").trim().toLowerCase();
+  if (variant === "store")
+    return false;
+  const platform = env.ELIZA_PLATFORM?.trim().toLowerCase();
+  const mobile = platform === "android" || platform === "ios" || Boolean(env.ANDROID_ROOT || env.ANDROID_DATA);
+  if (!mobile)
+    return true;
+  const mode = (env.ELIZA_RUNTIME_MODE ?? env.RUNTIME_MODE ?? env.LOCAL_RUNTIME_MODE ?? "").trim().toLowerCase();
+  return platform === "android" && mode === "local-yolo";
+}
+var shellPlugin = {
+  name: "shell",
+  description: "Shell observability and history management providers",
+  services: [ShellService, ExecApprovalService],
+  actions: [],
+  providers: [shellHistoryProvider],
+  async dispose(runtime) {
+    await runtime.getService(ShellService.serviceType)?.stop();
+    await runtime.getService(ExecApprovalService.serviceType)?.stop();
+  },
+  autoEnable: {
+    shouldEnable: (env, config) => {
+      const f = config.features?.shell;
+      return (f === true || typeof f === "object" && f !== null && f.enabled !== false) && terminalSupportedByEnv(env);
+    }
+  }
+};
+var plugin_shell_default = shellPlugin;
+export {
+  validatePath,
+  truncateMiddle2 as truncateMiddle,
+  trimWithCap,
+  tail,
+  stripDsrRequests2 as stripDsrRequests,
+  spawnWithFallback,
+  sliceUtf16Safe2 as sliceUtf16Safe,
+  sliceLogLines2 as sliceLogLines,
+  shellPlugin,
+  shellHistoryProvider,
+  setJobTtlMs,
+  saveApprovals,
+  sanitizeBinaryOutput2 as sanitizeBinaryOutput,
+  resolveWorkdir2 as resolveWorkdir,
+  resolveTerminalShell,
+  resolveSafeBins,
+  resolveExecutable,
+  resolveCommandResolution,
+  resolveCommandFromArgv,
+  resolveApprovalsFromFile,
+  resolveApprovals,
+  resetProcessRegistryForTests,
+  requiresExecApproval,
+  recordAllowlistUse,
+  readEnvInt2 as readEnvInt,
+  readApprovalsSnapshot,
+  pad2 as pad,
+  normalizeSafeBins,
+  normalizeApprovals,
+  missingToolMessage,
+  missingTerminalToolForCommand,
+  minSecurity,
+  maxAsk,
+  matchAllowlist,
+  markExited,
+  markBackgrounded,
+  loadShellConfig,
+  loadApprovals,
+  listRunningSessions,
+  listFinishedSessions,
+  killSession2 as killSession,
+  killProcessTree2 as killProcessTree,
+  isSafeCommand,
+  isSafeBinUsage,
+  isForbiddenCommand,
+  isAndroidRuntime,
+  getShellConfig2 as getShellConfig,
+  getSession,
+  getFinishedSession,
+  getApprovalSocketPath,
+  getApprovalFilePath,
+  formatTerminalCapabilities,
+  formatSpawnError,
+  formatDuration2 as formatDuration,
+  extractBaseCommand,
+  evaluateShellAllowlist,
+  evaluateExecAllowlist,
+  ensureApprovals,
+  encodePaste2 as encodePaste,
+  encodeKeySequence2 as encodeKeySequence,
+  drainSession,
+  detectTerminalCapabilities,
+  deriveSessionName2 as deriveSessionName,
+  deleteSession,
+  plugin_shell_default as default,
+  createSessionSlug,
+  coerceEnv2 as coerceEnv,
+  clearFinished,
+  clampNumber2 as clampNumber,
+  chunkString2 as chunkString,
+  buildCursorPositionResponse2 as buildCursorPositionResponse,
+  appendOutput,
+  analyzeShellCommand,
+  addSession,
+  addAllowlistEntry,
+  TERMINAL_TOOL_NAMES,
+  ShellService,
+  ExecApprovalService,
+  EXEC_APPROVAL_DEFAULTS,
+  DEFAULT_SAFE_BINS,
+  DEFAULT_FORBIDDEN_COMMANDS,
+  BRACKETED_PASTE_START2 as BRACKETED_PASTE_START,
+  BRACKETED_PASTE_END2 as BRACKETED_PASTE_END
+};
+
+//# debugId=84725595753D266B64756E2164756E21