@framers/agentos 0.1.94 → 0.1.96

package/dist/emergent/SandboxedToolForge.js

@@ -0,0 +1,383 @@
+/**
+ * @fileoverview SandboxedToolForge — runs agent-generated JavaScript code in an
+ * isolated sandbox with strict resource limits and API allowlisting.
+ *
+ * @module @framers/agentos/emergent/SandboxedToolForge
+ *
+ * Overview:
+ * - Attempts to use `isolated-vm` for true V8 isolate sandboxing when available.
+ * - Falls back to Node.js `vm` module with timeout when `isolated-vm` is not installed.
+ * - Enforces configurable memory limits (default 128 MB), execution timeouts (default 5 s),
+ *   and a strict API blocklist that prevents access to `eval`, `Function`, `process`,
+ *   `require`, `import`, `child_process`, and `fs.write*`.
+ *
+ * Allowlisted APIs (each requires explicit opt-in via {@link SandboxAPI}):
+ * - `fetch` — HTTP requests (domain-restricted via {@link SandboxedToolForgeConfig.fetchDomainAllowlist}).
+ * - `fs.readFile` — Read-only file access (path-restricted, max 1 MB).
+ * - `crypto` — Hashing and HMAC only (`createHash`, `createHmac`).
+ *
+ * Security model:
+ * 1. **Static validation** ({@link validateCode}) rejects dangerous patterns
+ *    (regex scan) before any code reaches the runtime.
+ * 2. **Runtime isolation** executes validated code inside a minimal context that
+ *    exposes only JSON, Math, Date, TextEncoder, TextDecoder, and explicitly
+ *    opted-in APIs.
+ * 3. **Resource bounding** enforces wall-clock timeout so runaway loops cannot
+ *    starve the host process.
+ */
+import { createContext, runInContext } from 'node:vm';
+import { createHash, createHmac, randomUUID } from 'node:crypto';
+import { readFile } from 'node:fs/promises';
+import * as path from 'node:path';
+// ============================================================================
+// BANNED PATTERN DEFINITIONS
+// ============================================================================
+/**
+ * Patterns that are ALWAYS banned regardless of the allowlist.
+ * Each entry is a tuple of `[regex, human-readable description]`.
+ */
+const ALWAYS_BANNED = [
+    [/\beval\s*\(/, 'eval() is forbidden'],
+    [/\bFunction\s*\(/, 'Function() is forbidden'],
+    [/\bnew\s+Function\s*\(/, 'new Function() is forbidden'],
+    [/\brequire\s*\(/, 'require() is forbidden'],
+    [/\bimport\s+/, 'import statements are forbidden'],
+    [/\bimport\s*\(/, 'dynamic import() is forbidden'],
+    [/\bprocess\s*\./, 'process access is forbidden'],
+    [/\bchild_process\b/, 'child_process access is forbidden'],
+    [/\bfs\s*\.\s*write/, 'fs.write* is forbidden'],
+    [/\bfs\s*\.\s*unlink/, 'fs.unlink is forbidden'],
+    [/\bfs\s*\.\s*rm\b/, 'fs.rm is forbidden'],
+    [/\bfs\s*\.\s*rmdir/, 'fs.rmdir is forbidden'],
+    [/\bfs\s*\.\s*appendFile/, 'fs.appendFile is forbidden'],
+    [/\bfs\s*\.\s*truncate/, 'fs.truncate is forbidden'],
+];
+// ============================================================================
+// SANDBOXED TOOL FORGE
+// ============================================================================
+/**
+ * Runs agent-generated code in an isolated sandbox with strict resource limits.
+ *
+ * Attempts to use `isolated-vm` for true V8 isolate sandboxing. Falls back to
+ * Node.js `vm` module with timeout if `isolated-vm` is not installed.
+ *
+ * Resource limits:
+ * - Memory: configurable, default 128 MB
+ * - Execution time: configurable, default 5000 ms
+ * - Blocked APIs: eval, Function, process, require, import, child_process, fs.write*
+ *
+ * Allowlisted APIs (each requires explicit opt-in):
+ * - `fetch`: HTTP requests (domain-restricted)
+ * - `fs.readFile`: Read-only file access (path-restricted, max 1 MB)
+ * - `crypto`: Hashing and HMAC only
+ *
+ * @example
+ * ```ts
+ * const forge = new SandboxedToolForge({ timeoutMs: 3000 });
+ *
+ * const result = await forge.execute({
+ *   code: 'function execute(input) { return input.a + input.b; }',
+ *   input: { a: 2, b: 3 },
+ *   allowlist: [],
+ *   memoryMB: 128,
+ *   timeoutMs: 3000,
+ * });
+ *
+ * console.log(result.output); // 5
+ * ```
+ */
+export class SandboxedToolForge {
+    /**
+     * Create a new SandboxedToolForge instance.
+     *
+     * @param config - Optional configuration overrides. All fields have sensible
+     *   defaults (128 MB memory, 5000 ms timeout, no domain restrictions).
+     */
+    constructor(config) {
+        this.memoryMB = config?.memoryMB ?? 128;
+        this.timeoutMs = config?.timeoutMs ?? 5000;
+        this.fetchDomainAllowlist = (config?.fetchDomainAllowlist ?? []).map((d) => d.toLowerCase());
+        this.fsReadRoots = (config?.fsReadRoots ?? [process.cwd()]).map((root) => path.resolve(root));
+    }
+    // --------------------------------------------------------------------------
+    // PUBLIC: validateCode
+    // --------------------------------------------------------------------------
+    /**
+     * Static analysis of code — reject dangerous patterns before execution.
+     *
+     * Scans the source string for banned API usage patterns using regex matching.
+     * If an API is not present in the allowlist, references to it are also flagged.
+     *
+     * Checked patterns (always banned):
+     * - `eval()`, `new Function()`, `require()`, `import`, `process.*`
+     * - `child_process`, `fs.write*`, `fs.unlink`, `fs.rm`, `fs.rmdir`
+     *
+     * Conditionally banned (when not in allowlist):
+     * - `fetch(` — when `'fetch'` is not in the allowlist
+     * - `fs.*` — when `'fs.readFile'` is not in the allowlist
+     * - `crypto.*` — when `'crypto'` is not in the allowlist
+     *
+     * @param code - The raw source code string to validate.
+     * @param allowlist - The set of APIs the code is permitted to use.
+     * @returns An object with `valid: true` if no violations were found, or
+     *   `valid: false` with a `violations` array describing each flagged pattern.
+     *
+     * @example
+     * ```ts
+     * const forge = new SandboxedToolForge();
+     * const result = forge.validateCode('eval("exploit")', []);
+     * // result.valid === false
+     * // result.violations === ['eval() is forbidden']
+     * ```
+     */
+    validateCode(code, allowlist) {
+        const violations = [];
+        // Check always-banned patterns.
+        for (const [pattern, message] of ALWAYS_BANNED) {
+            if (pattern.test(code)) {
+                violations.push(message);
+            }
+        }
+        // Conditionally ban `fetch(` when not allowed.
+        if (!allowlist.includes('fetch') && /\bfetch\s*\(/.test(code)) {
+            violations.push('fetch() is not in the allowlist');
+        }
+        // Conditionally ban all `fs.*` when fs.readFile is not allowed.
+        // We already caught write/unlink/rm above, but if fs.readFile is not in
+        // the allowlist, ban any fs reference.
+        if (!allowlist.includes('fs.readFile') && /\bfs\s*\./.test(code)) {
+            // Only add if we haven't already flagged a more specific fs violation.
+            const hasFsViolation = violations.some((v) => v.startsWith('fs.'));
+            if (!hasFsViolation) {
+                violations.push('fs access is not in the allowlist');
+            }
+        }
+        // Conditionally ban `crypto` when not allowed.
+        if (!allowlist.includes('crypto') && /\bcrypto\s*\./.test(code)) {
+            violations.push('crypto access is not in the allowlist');
+        }
+        return violations.length === 0
+            ? { valid: true, violations: [] }
+            : { valid: false, violations };
+    }
+    // --------------------------------------------------------------------------
+    // PUBLIC: execute
+    // --------------------------------------------------------------------------
+    /**
+     * Execute agent-generated code in the sandbox.
+     *
+     * The code must define a function named `execute` that accepts a single
+     * argument and returns the output:
+     *
+     * ```js
+     * function execute(input) { return input.a + input.b; }
+     * ```
+     *
+     * Execution flow:
+     * 1. Run {@link validateCode} — reject immediately if violations are found.
+     * 2. Wrap the agent's code into a self-contained expression that calls `execute`.
+     * 3. Run in a Node.js `vm` sandbox with a restricted global context.
+     * 4. Parse the output, measure execution time, and return the result.
+     *
+     * @param request - The execution request containing code, input, allowlist,
+     *   and resource limits.
+     * @returns A {@link SandboxExecutionResult} with the output (on success) or
+     *   error description (on failure), plus execution time telemetry.
+     *
+     * @example
+     * ```ts
+     * const result = await forge.execute({
+     *   code: 'function execute(input) { return { sum: input.a + input.b }; }',
+     *   input: { a: 10, b: 20 },
+     *   allowlist: [],
+     *   memoryMB: 128,
+     *   timeoutMs: 5000,
+     * });
+     * // result.success === true
+     * // result.output === { sum: 30 }
+     * ```
+     */
+    async execute(request) {
+        const timeout = request.timeoutMs ?? this.timeoutMs;
+        const startTime = performance.now();
+        // Step 1: Static validation.
+        const validation = this.validateCode(request.code, request.allowlist);
+        if (!validation.valid) {
+            return {
+                success: false,
+                error: `Code validation failed: ${validation.violations.join('; ')}`,
+                executionTimeMs: Math.round(performance.now() - startTime),
+                memoryUsedBytes: 0,
+            };
+        }
+        // Step 2: Build sandbox context with only safe globals + allowlisted APIs.
+        const sandboxGlobals = this.buildSandboxContext(request.allowlist);
+        // Step 3: Wrap the code so it supports either `execute(input)` or
+        // `run(input)` and always resolves async work before serializing the result.
+        const wrappedCode = `
+      (async () => {
+        ${request.code};
+        const __entry =
+          typeof execute === 'function'
+            ? execute
+            : (typeof run === 'function' ? run : null);
+        if (!__entry) {
+          throw new Error('Sandboxed tool must define execute(input) or run(input).');
+        }
+        return JSON.stringify(await __entry(${JSON.stringify(request.input)}));
+      })();
+    `;
+        // Step 4: Execute in VM with timeout.
+        try {
+            const ctx = createContext(sandboxGlobals);
+            const rawResult = runInContext(wrappedCode, ctx, {
+                timeout,
+                // Prevent breakOnSigint from leaking.
+                breakOnSigint: false,
+            });
+            const settledResult = rawResult &&
+                typeof rawResult === 'object' &&
+                typeof rawResult.then === 'function'
+                ? await Promise.race([
+                    rawResult,
+                    new Promise((_, reject) => {
+                        setTimeout(() => {
+                            reject(new Error(`Execution timed out after ${timeout}ms`));
+                        }, timeout);
+                    }),
+                ])
+                : rawResult;
+            const executionTimeMs = Math.round(performance.now() - startTime);
+            // Parse the JSON-serialized output.
+            let output;
+            try {
+                output =
+                    typeof settledResult === 'string'
+                        ? JSON.parse(settledResult)
+                        : settledResult;
+            }
+            catch {
+                // If JSON.parse fails, use the raw result.
+                output = settledResult;
+            }
+            return {
+                success: true,
+                output,
+                executionTimeMs,
+                memoryUsedBytes: 0,
+            };
+        }
+        catch (err) {
+            const executionTimeMs = Math.round(performance.now() - startTime);
+            const message = err instanceof Error ? err.message : String(err);
+            // Detect timeout errors from the vm module.
+            const isTimeout = message.includes('Script execution timed out') ||
+                message.includes('timed out');
+            return {
+                success: false,
+                error: isTimeout
+                    ? `Execution timed out after ${timeout}ms`
+                    : `Execution error: ${message}`,
+                executionTimeMs,
+                memoryUsedBytes: 0,
+            };
+        }
+    }
+    // --------------------------------------------------------------------------
+    // PRIVATE: buildSandboxContext
+    // --------------------------------------------------------------------------
+    /**
+     * Build the global context object for the VM sandbox.
+     *
+     * Provides a minimal set of safe built-ins (JSON, Math, Date, TextEncoder,
+     * TextDecoder) and conditionally injects allowlisted APIs.
+     *
+     * @param allowlist - The set of APIs to inject into the sandbox.
+     * @returns A plain object suitable for {@link createContext}.
+     */
+    buildSandboxContext(allowlist) {
+        /* eslint-disable @typescript-eslint/no-explicit-any */
+        const globals = {
+            // Safe built-ins always available.
+            JSON,
+            Math,
+            Date,
+            parseInt,
+            parseFloat,
+            isNaN,
+            isFinite,
+            Number,
+            String,
+            Boolean,
+            Array,
+            Object,
+            Map,
+            Set,
+            RegExp,
+            Error,
+            TypeError,
+            RangeError,
+            TextEncoder,
+            TextDecoder,
+            // Minimal crypto for randomUUID.
+            crypto: { randomUUID: () => randomUUID() },
+            // Console stub that silently discards output.
+            console: {
+                log: () => { },
+                warn: () => { },
+                error: () => { },
+                info: () => { },
+                debug: () => { },
+            },
+        };
+        // --- Allowlisted: fetch ---
+        if (allowlist.includes('fetch')) {
+            const domainAllowlist = this.fetchDomainAllowlist;
+            globals.fetch = async (urlOrRequest, init) => {
+                const urlStr = typeof urlOrRequest === 'string'
+                    ? urlOrRequest
+                    : urlOrRequest.url;
+                const url = new URL(urlStr);
+                const host = url.hostname.toLowerCase();
+                // Enforce domain allowlist if configured.
+                if (domainAllowlist.length > 0 &&
+                    !domainAllowlist.includes(host)) {
+                    throw new Error(`fetch blocked: domain "${host}" is not in the allowlist`);
+                }
+                // Delegate to the real global fetch.
+                return globalThis.fetch(urlStr, init);
+            };
+        }
+        // --- Allowlisted: fs.readFile ---
+        if (allowlist.includes('fs.readFile')) {
+            globals.fs = {
+                readFile: async (filePath) => {
+                    const resolvedPath = path.resolve(filePath);
+                    const allowed = this.fsReadRoots.some((root) => {
+                        return (resolvedPath === root ||
+                            resolvedPath.startsWith(`${root}${path.sep}`));
+                    });
+                    if (!allowed) {
+                        throw new Error(`fs.readFile blocked: path "${resolvedPath}" is outside the allowed roots`);
+                    }
+                    const data = await readFile(filePath);
+                    // Enforce 1 MB size limit.
+                    if (data.byteLength > 1048576) {
+                        throw new Error(`fs.readFile blocked: file exceeds 1 MB limit (${data.byteLength} bytes)`);
+                    }
+                    return data.toString('utf-8');
+                },
+            };
+        }
+        // --- Allowlisted: crypto ---
+        if (allowlist.includes('crypto')) {
+            globals.crypto = {
+                randomUUID: () => randomUUID(),
+                createHash: (algorithm) => createHash(algorithm),
+                createHmac: (algorithm, key) => createHmac(algorithm, key),
+            };
+        }
+        return globals;
+    }
+}
+//# sourceMappingURL=SandboxedToolForge.js.map

package/dist/emergent/SandboxedToolForge.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SandboxedToolForge.js","sourceRoot":"","sources":["../../src/emergent/SandboxedToolForge.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAEH,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACjE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AA8ClC,+EAA+E;AAC/E,6BAA6B;AAC7B,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,aAAa,GAAoC;IACrD,CAAC,aAAa,EAAE,qBAAqB,CAAC;IACtC,CAAC,iBAAiB,EAAE,yBAAyB,CAAC;IAC9C,CAAC,uBAAuB,EAAE,6BAA6B,CAAC;IACxD,CAAC,gBAAgB,EAAE,wBAAwB,CAAC;IAC5C,CAAC,aAAa,EAAE,iCAAiC,CAAC;IAClD,CAAC,eAAe,EAAE,+BAA+B,CAAC;IAClD,CAAC,gBAAgB,EAAE,6BAA6B,CAAC;IACjD,CAAC,mBAAmB,EAAE,mCAAmC,CAAC;IAC1D,CAAC,mBAAmB,EAAE,wBAAwB,CAAC;IAC/C,CAAC,oBAAoB,EAAE,wBAAwB,CAAC;IAChD,CAAC,kBAAkB,EAAE,oBAAoB,CAAC;IAC1C,CAAC,mBAAmB,EAAE,uBAAuB,CAAC;IAC9C,CAAC,wBAAwB,EAAE,4BAA4B,CAAC;IACxD,CAAC,sBAAsB,EAAE,0BAA0B,CAAC;CACrD,CAAC;AAEF,+EAA+E;AAC/E,uBAAuB;AACvB,+EAA+E;AAE/E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,MAAM,OAAO,kBAAkB;IAa7B;;;;;OAKG;IACH,YAAY,MAAiC;QAC3C,IAAI,CAAC,QAAQ,GAAG,MAAM,EAAE,QAAQ,IAAI,GAAG,CAAC;QACxC,IAAI,CAAC,SAAS,GAAG,MAAM,EAAE,SAAS,IAAI,IAAI,CAAC;QAC3C,IAAI,CAAC,oBAAoB,GAAG,CAAC,MAAM,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACzE,CAAC,CAAC,WAAW,EAAE,CAChB,CAAC;QACF,IAAI,CAAC,WAAW,GAAG,CAAC,MAAM,EAAE,WAAW,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CACvE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CACnB,CAAC;IACJ,CAAC;IAED,6EAA6E;IAC7E,uBAAuB;IACvB,6EAA6E;IAE7E;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH,YAAY,CACV,IAAY,EACZ,SAAuB;QAEvB,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,gCAAgC;QAChC,KAAK,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,IAAI,aAAa,EAAE,CAAC;YAC/C,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;QAED,+CAA+C;QAC/C,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9D,UAAU,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QAED,gEAAgE;QAChE,wEAAwE;QACxE,uCAAuC;QACvC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACjE,uEAAuE;YACvE,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;YACnE,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,UAAU,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;QAED,+CAA+C;QAC/C,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAChE,UAAU,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QAED,OAAO,UAAU,CAAC,MAAM,KAAK,CAAC;YAC5B,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE;YACjC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IACnC,CAAC;IAED,6EAA6E;IAC7E,kBAAkB;IAClB,6EAA6E;IAE7E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAiCG;IACH,KAAK,CAAC,OAAO,CACX,OAAgC;QAEhC,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS,CAAC;QACpD,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAEpC,6BAA6B;QAC7B,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QACtE,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;YACtB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,2BAA2B,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBACpE,eAAe,EAAE,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;gBAC1D,eAAe,EAAE,CAAC;aACnB,CAAC;QACJ,CAAC;QAED,2EAA2E;QAC3E,MAAM,cAAc,GAAG,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAEnE,kEAAkE;QAClE,6EAA6E;QAC7E,MAAM,WAAW,GAAG;;UAEd,OAAO,CAAC,IAAI;;;;;;;;8CAQwB,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,CAAC;;KAEtE,CAAC;QAEF,sCAAsC;QACtC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,aAAa,CAAC,cAAc,CAAC,CAAC;YAC1C,MAAM,SAAS,GAAG,YAAY,CAAC,WAAW,EAAE,GAAG,EAAE;gBAC/C,OAAO;gBACP,sCAAsC;gBACtC,aAAa,EAAE,KAAK;aACrB,CAAC,CAAC;YACH,MAAM,aAAa,GACjB,SAAS;gBACT,OAAO,SAAS,KAAK,QAAQ;gBAC7B,OAAQ,SAA8B,CAAC,IAAI,KAAK,UAAU;gBACxD,CAAC,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC;oBACjB,SAA6B;oBAC7B,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE;wBAC/B,UAAU,CAAC,GAAG,EAAE;4BACd,MAAM,CAAC,IAAI,KAAK,CAAC,6BAA6B,OAAO,IAAI,CAAC,CAAC,CAAC;wBAC9D,CAAC,EAAE,OAAO,CAAC,CAAC;oBACd,CAAC,CAAC;iBACH,CAAC;gBACJ,CAAC,CAAC,SAAS,CAAC;YAEhB,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,CAAC;YAElE,oCAAoC;YACpC,IAAI,MAAe,CAAC;YACpB,IAAI,CAAC;gBACH,MAAM;oBACJ,OAAO,aAAa,KAAK,QAAQ;wBAC/B,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC;wBAC3B,CAAC,CAAC,aAAa,CAAC;YACtB,CAAC;YAAC,MAAM,CAAC;gBACP,2CAA2C;gBAC3C,MAAM,GAAG,aAAa,CAAC;YACzB,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,MAAM;gBACN,eAAe;gBACf,eAAe,EAAE,CAAC;aACnB,CAAC;QACJ,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,CAAC;YAClE,MAAM,OAAO,GACX,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAEnD,4CAA4C;YAC5C,MAAM,SAAS,GACb,OAAO,CAAC,QAAQ,CAAC,4BAA4B,CAAC;gBAC9C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAEhC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,SAAS;oBACd,CAAC,CAAC,6BAA6B,OAAO,IAAI;oBAC1C,CAAC,CAAC,oBAAoB,OAAO,EAAE;gBACjC,eAAe;gBACf,eAAe,EAAE,CAAC;aACnB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,6EAA6E;IAC7E,+BAA+B;IAC/B,6EAA6E;IAE7E;;;;;;;;OAQG;IACK,mBAAmB,CACzB,SAAuB;QAEvB,uDAAuD;QACvD,MAAM,OAAO,GAA4B;YACvC,mCAAmC;YACnC,IAAI;YACJ,IAAI;YACJ,IAAI;YACJ,QAAQ;YACR,UAAU;YACV,KAAK;YACL,QAAQ;YACR,MAAM;YACN,MAAM;YACN,OAAO;YACP,KAAK;YACL,MAAM;YACN,GAAG;YACH,GAAG;YACH,MAAM;YACN,KAAK;YACL,SAAS;YACT,UAAU;YACV,WAAW;YACX,WAAW;YACX,iCAAiC;YACjC,MAAM,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC,UAAU,EAAE,EAAE;YAC1C,8CAA8C;YAC9C,OAAO,EAAE;gBACP,GAAG,EAAE,GAAG,EAAE,GAAE,CAAC;gBACb,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC;gBACd,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;gBACf,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC;gBACd,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;aAChB;SACF,CAAC;QAEF,6BAA6B;QAC7B,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAChC,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,CAAC;YAClD,OAAO,CAAC,KAAK,GAAG,KAAK,EACnB,YAAsC,EACtC,IAA8B,EAC9B,EAAE;gBACF,MAAM,MAAM,GACV,OAAO,YAAY,KAAK,QAAQ;oBAC9B,CAAC,CAAC,YAAY;oBACd,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC;gBACvB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;gBAC5B,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;gBAExC,0CAA0C;gBAC1C,IACE,eAAe,CAAC,MAAM,GAAG,CAAC;oBAC1B,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,EAC/B,CAAC;oBACD,MAAM,IAAI,KAAK,CACb,0BAA0B,IAAI,2BAA2B,CAC1D,CAAC;gBACJ,CAAC;gBAED,qCAAqC;gBACrC,OAAO,UAAU,CAAC,KAAK,CAAC,MAAM,EAAE,IAAW,CAAC,CAAC;YAC/C,CAAC,CAAC;QACJ,CAAC;QAED,mCAAmC;QACnC,IAAI,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YACtC,OAAO,CAAC,EAAE,GAAG;gBACX,QAAQ,EAAE,KAAK,EAAE,QAAgB,EAAE,EAAE;oBACnC,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;oBAC5C,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;wBAC7C,OAAO,CACL,YAAY,KAAK,IAAI;4BACrB,YAAY,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAC9C,CAAC;oBACJ,CAAC,CAAC,CAAC;oBACH,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,MAAM,IAAI,KAAK,CACb,8BAA8B,YAAY,gCAAgC,CAC3E,CAAC;oBACJ,CAAC;oBACD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;oBACtC,2BAA2B;oBAC3B,IAAI,IAAI,CAAC,UAAU,GAAG,OAAS,EAAE,CAAC;wBAChC,MAAM,IAAI,KAAK,CACb,iDAAiD,IAAI,CAAC,UAAU,SAAS,CAC1E,CAAC;oBACJ,CAAC;oBACD,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBAChC,CAAC;aACF,CAAC;QACJ,CAAC;QAED,8BAA8B;QAC9B,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,MAAM,GAAG;gBACf,UAAU,EAAE,GAAG,EAAE,CAAC,UAAU,EAAE;gBAC9B,UAAU,EAAE,CAAC,SAAiB,EAAE,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC;gBACxD,UAAU,EAAE,CAAC,SAAiB,EAAE,GAAW,EAAE,EAAE,CAC7C,UAAU,CAAC,SAAS,EAAE,GAAG,CAAC;aAC7B,CAAC;QACJ,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF"}

package/dist/emergent/index.d.ts

@@ -0,0 +1,25 @@
+/**
+ * @fileoverview Emergent Capability Engine — public API barrel.
+ * @module @framers/agentos/emergent
+ *
+ * Re-exports all types, interfaces, and constants from the emergent module.
+ * Import from this barrel to avoid deep path coupling to internal files.
+ *
+ * @example
+ * ```ts
+ * import type { EmergentTool, ForgeToolRequest, DEFAULT_EMERGENT_CONFIG } from '../emergent';
+ * ```
+ */
+export * from './types.js';
+export { ComposableToolBuilder } from './ComposableToolBuilder.js';
+export { SandboxedToolForge } from './SandboxedToolForge.js';
+export type { SandboxedToolForgeConfig } from './SandboxedToolForge.js';
+export { EmergentToolRegistry } from './EmergentToolRegistry.js';
+export type { IStorageAdapter as EmergentRegistryStorageAdapter, AuditEntry, } from './EmergentToolRegistry.js';
+export { EmergentJudge } from './EmergentJudge.js';
+export type { ToolCandidate, EmergentJudgeConfig } from './EmergentJudge.js';
+export { EmergentCapabilityEngine } from './EmergentCapabilityEngine.js';
+export type { EmergentCapabilityEngineDeps } from './EmergentCapabilityEngine.js';
+export { ForgeToolMetaTool } from './ForgeToolMetaTool.js';
+export type { ForgeToolInput } from './ForgeToolMetaTool.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/emergent/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/emergent/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,cAAc,YAAY,CAAC;AAC3B,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AACnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,YAAY,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC;AACxE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACjE,YAAY,EACV,eAAe,IAAI,8BAA8B,EACjD,UAAU,GACX,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,YAAY,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAC7E,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AACzE,YAAY,EAAE,4BAA4B,EAAE,MAAM,+BAA+B,CAAC;AAClF,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,YAAY,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC"}

package/dist/emergent/index.js

@@ -0,0 +1,20 @@
+/**
+ * @fileoverview Emergent Capability Engine — public API barrel.
+ * @module @framers/agentos/emergent
+ *
+ * Re-exports all types, interfaces, and constants from the emergent module.
+ * Import from this barrel to avoid deep path coupling to internal files.
+ *
+ * @example
+ * ```ts
+ * import type { EmergentTool, ForgeToolRequest, DEFAULT_EMERGENT_CONFIG } from '../emergent/index.js';
+ * ```
+ */
+export * from './types.js';
+export { ComposableToolBuilder } from './ComposableToolBuilder.js';
+export { SandboxedToolForge } from './SandboxedToolForge.js';
+export { EmergentToolRegistry } from './EmergentToolRegistry.js';
+export { EmergentJudge } from './EmergentJudge.js';
+export { EmergentCapabilityEngine } from './EmergentCapabilityEngine.js';
+export { ForgeToolMetaTool } from './ForgeToolMetaTool.js';
+//# sourceMappingURL=index.js.map

package/dist/emergent/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/emergent/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,cAAc,YAAY,CAAC;AAC3B,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AACnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAKjE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AAEzE,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC"}