npm - @gajae-code/coding-agent - Versions diffs - 0.2.4 → 0.3.0 - Mend

@gajae-code/coding-agent 0.2.4 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (266) hide show

package/CHANGELOG.md +27 -0
package/README.md +1 -1
package/dist/types/async/job-manager.d.ts +145 -2
package/dist/types/commands/harness.d.ts +37 -0
package/dist/types/config/settings-schema.d.ts +13 -3
package/dist/types/config/settings.d.ts +3 -1
package/dist/types/deep-interview/render-middleware.d.ts +5 -0
package/dist/types/discovery/helpers.d.ts +1 -0
package/dist/types/exec/bash-executor.d.ts +8 -1
package/dist/types/extensibility/custom-tools/types.d.ts +1 -0
package/dist/types/extensibility/extensions/types.d.ts +6 -0
package/dist/types/extensibility/shared-events.d.ts +1 -0
package/dist/types/gjc-runtime/restricted-role-agent-bash.d.ts +2 -0
package/dist/types/gjc-runtime/state-graph.d.ts +4 -0
package/dist/types/gjc-runtime/state-migrations.d.ts +24 -0
package/dist/types/gjc-runtime/state-renderer.d.ts +65 -0
package/dist/types/gjc-runtime/state-runtime.d.ts +2 -0
package/dist/types/gjc-runtime/state-validation.d.ts +6 -0
package/dist/types/gjc-runtime/state-writer.d.ts +137 -0
package/dist/types/gjc-runtime/team-runtime.d.ts +81 -7
package/dist/types/gjc-runtime/workflow-manifest.d.ts +54 -0
package/dist/types/harness-control-plane/classifier.d.ts +13 -0
package/dist/types/harness-control-plane/control-endpoint.d.ts +30 -0
package/dist/types/harness-control-plane/finalize.d.ts +47 -0
package/dist/types/harness-control-plane/frame-mapper.d.ts +29 -0
package/dist/types/harness-control-plane/operate.d.ts +35 -0
package/dist/types/harness-control-plane/owner.d.ts +46 -0
package/dist/types/harness-control-plane/preserve.d.ts +19 -0
package/dist/types/harness-control-plane/receipts.d.ts +88 -0
package/dist/types/harness-control-plane/rpc-adapter.d.ts +66 -0
package/dist/types/harness-control-plane/seams.d.ts +21 -0
package/dist/types/harness-control-plane/session-lease.d.ts +65 -0
package/dist/types/harness-control-plane/state-machine.d.ts +19 -0
package/dist/types/harness-control-plane/storage.d.ts +53 -0
package/dist/types/harness-control-plane/types.d.ts +162 -0
package/dist/types/hooks/skill-keywords.d.ts +2 -1
package/dist/types/hooks/skill-state.d.ts +2 -29
package/dist/types/modes/acp/acp-client-bridge.d.ts +1 -1
package/dist/types/modes/components/hook-selector.d.ts +1 -0
package/dist/types/modes/components/skill-hud/render.d.ts +1 -1
package/dist/types/modes/interactive-mode.d.ts +2 -0
package/dist/types/modes/theme/defaults/index.d.ts +45 -9477
package/dist/types/modes/theme/theme.d.ts +1 -5
package/dist/types/modes/types.d.ts +2 -0
package/dist/types/sdk.d.ts +4 -0
package/dist/types/session/agent-session.d.ts +8 -0
package/dist/types/session/streaming-output.d.ts +11 -0
package/dist/types/skill-state/active-state.d.ts +3 -0
package/dist/types/skill-state/deep-interview-mutation-guard.d.ts +1 -1
package/dist/types/skill-state/workflow-state-contract.d.ts +24 -0
package/dist/types/task/executor.d.ts +3 -0
package/dist/types/task/types.d.ts +56 -3
package/dist/types/tools/bash-allowed-prefixes.d.ts +5 -0
package/dist/types/tools/bash.d.ts +24 -0
package/dist/types/tools/cron.d.ts +110 -0
package/dist/types/tools/index.d.ts +4 -0
package/dist/types/tools/monitor.d.ts +54 -0
package/dist/types/tools/subagent.d.ts +11 -1
package/dist/types/web/search/index.d.ts +1 -0
package/dist/types/web/search/provider.d.ts +11 -4
package/dist/types/web/search/providers/duckduckgo.d.ts +57 -0
package/dist/types/web/search/types.d.ts +1 -1
package/package.json +7 -7
package/src/async/job-manager.ts +522 -6
package/src/cli/agents-cli.ts +3 -0
package/src/cli/auth-broker-cli.ts +1 -0
package/src/cli/config-cli.ts +10 -2
package/src/cli.ts +2 -0
package/src/commands/harness.ts +592 -0
package/src/commands/team.ts +36 -39
package/src/config/settings-schema.ts +15 -2
package/src/config/settings.ts +49 -7
package/src/deep-interview/render-middleware.ts +366 -0
package/src/defaults/gjc/skills/deep-interview/SKILL.md +9 -2
package/src/defaults/gjc/skills/ralplan/SKILL.md +8 -4
package/src/defaults/gjc/skills/team/SKILL.md +47 -21
package/src/defaults/gjc/skills/ultragoal/SKILL.md +78 -11
package/src/discovery/helpers.ts +5 -0
package/src/eval/js/shared/rewrite-imports.ts +1 -2
package/src/exec/bash-executor.ts +20 -9
package/src/extensibility/custom-tools/types.ts +1 -0
package/src/extensibility/extensions/types.ts +6 -0
package/src/extensibility/shared-events.ts +1 -0
package/src/gjc-runtime/deep-interview-runtime.ts +40 -21
package/src/gjc-runtime/goal-mode-request.ts +11 -3
package/src/gjc-runtime/ralplan-runtime.ts +27 -10
package/src/gjc-runtime/restricted-role-agent-bash.ts +5 -0
package/src/gjc-runtime/state-graph.ts +86 -0
package/src/gjc-runtime/state-migrations.ts +132 -0
package/src/gjc-runtime/state-renderer.ts +345 -0
package/src/gjc-runtime/state-runtime.ts +733 -21
package/src/gjc-runtime/state-validation.ts +49 -0
package/src/gjc-runtime/state-writer.ts +718 -0
package/src/gjc-runtime/team-runtime.ts +1083 -89
package/src/gjc-runtime/ultragoal-runtime.ts +348 -19
package/src/gjc-runtime/workflow-manifest.generated.json +1497 -0
package/src/gjc-runtime/workflow-manifest.ts +425 -0
package/src/harness-control-plane/classifier.ts +128 -0
package/src/harness-control-plane/control-endpoint.ts +137 -0
package/src/harness-control-plane/finalize.ts +222 -0
package/src/harness-control-plane/frame-mapper.ts +286 -0
package/src/harness-control-plane/operate.ts +225 -0
package/src/harness-control-plane/owner.ts +553 -0
package/src/harness-control-plane/preserve.ts +102 -0
package/src/harness-control-plane/receipts.ts +216 -0
package/src/harness-control-plane/rpc-adapter.ts +276 -0
package/src/harness-control-plane/seams.ts +39 -0
package/src/harness-control-plane/session-lease.ts +388 -0
package/src/harness-control-plane/state-machine.ts +97 -0
package/src/harness-control-plane/storage.ts +257 -0
package/src/harness-control-plane/types.ts +214 -0
package/src/hooks/skill-keywords.ts +4 -2
package/src/hooks/skill-state.ts +25 -42
package/src/internal-urls/docs-index.generated.ts +6 -4
package/src/lsp/render.ts +1 -1
package/src/modes/acp/acp-agent.ts +1 -1
package/src/modes/acp/acp-client-bridge.ts +1 -1
package/src/modes/components/agent-dashboard.ts +1 -1
package/src/modes/components/assistant-message.ts +5 -1
package/src/modes/components/diff.ts +2 -2
package/src/modes/components/hook-selector.ts +72 -2
package/src/modes/components/skill-hud/render.ts +7 -2
package/src/modes/controllers/event-controller.ts +71 -6
package/src/modes/controllers/extension-ui-controller.ts +6 -0
package/src/modes/controllers/input-controller.ts +19 -3
package/src/modes/controllers/selector-controller.ts +3 -2
package/src/modes/interactive-mode.ts +21 -2
package/src/modes/theme/defaults/index.ts +0 -196
package/src/modes/theme/theme.ts +35 -35
package/src/modes/types.ts +2 -0
package/src/prompts/agents/architect.md +5 -1
package/src/prompts/agents/critic.md +5 -1
package/src/prompts/agents/executor.md +13 -0
package/src/prompts/agents/frontmatter.md +1 -0
package/src/prompts/agents/planner.md +5 -1
package/src/prompts/tools/bash.md +9 -0
package/src/prompts/tools/cron.md +25 -0
package/src/prompts/tools/monitor.md +30 -0
package/src/prompts/tools/subagent.md +33 -3
package/src/runtime-mcp/oauth-flow.ts +4 -2
package/src/sdk.ts +7 -0
package/src/session/agent-session.ts +247 -38
package/src/session/session-manager.ts +13 -1
package/src/session/streaming-output.ts +21 -0
package/src/skill-state/active-state.ts +222 -78
package/src/skill-state/deep-interview-mutation-guard.ts +91 -13
package/src/skill-state/initial-phase.ts +2 -0
package/src/skill-state/workflow-state-contract.ts +26 -0
package/src/task/agents.ts +1 -0
package/src/task/executor.ts +51 -8
package/src/task/index.ts +120 -8
package/src/task/render.ts +6 -3
package/src/task/types.ts +57 -3
package/src/tools/ask.ts +28 -7
package/src/tools/bash-allowed-prefixes.ts +169 -0
package/src/tools/bash.ts +190 -29
package/src/tools/browser/tab-worker.ts +1 -1
package/src/tools/cron.ts +665 -0
package/src/tools/index.ts +20 -2
package/src/tools/monitor.ts +136 -0
package/src/tools/subagent.ts +255 -64
package/src/vim/engine.ts +3 -3
package/src/web/search/index.ts +31 -18
package/src/web/search/provider.ts +57 -12
package/src/web/search/providers/duckduckgo.ts +279 -0
package/src/web/search/types.ts +2 -0
package/src/modes/theme/dark.json +0 -95
package/src/modes/theme/defaults/alabaster.json +0 -93
package/src/modes/theme/defaults/amethyst.json +0 -96
package/src/modes/theme/defaults/anthracite.json +0 -93
package/src/modes/theme/defaults/basalt.json +0 -91
package/src/modes/theme/defaults/birch.json +0 -95
package/src/modes/theme/defaults/dark-abyss.json +0 -91
package/src/modes/theme/defaults/dark-arctic.json +0 -104
package/src/modes/theme/defaults/dark-aurora.json +0 -95
package/src/modes/theme/defaults/dark-catppuccin.json +0 -107
package/src/modes/theme/defaults/dark-cavern.json +0 -91
package/src/modes/theme/defaults/dark-copper.json +0 -95
package/src/modes/theme/defaults/dark-cosmos.json +0 -90
package/src/modes/theme/defaults/dark-cyberpunk.json +0 -102
package/src/modes/theme/defaults/dark-dracula.json +0 -98
package/src/modes/theme/defaults/dark-eclipse.json +0 -91
package/src/modes/theme/defaults/dark-ember.json +0 -95
package/src/modes/theme/defaults/dark-equinox.json +0 -90
package/src/modes/theme/defaults/dark-forest.json +0 -96
package/src/modes/theme/defaults/dark-github.json +0 -105
package/src/modes/theme/defaults/dark-gruvbox.json +0 -112
package/src/modes/theme/defaults/dark-lavender.json +0 -95
package/src/modes/theme/defaults/dark-lunar.json +0 -89
package/src/modes/theme/defaults/dark-midnight.json +0 -95
package/src/modes/theme/defaults/dark-monochrome.json +0 -94
package/src/modes/theme/defaults/dark-monokai.json +0 -98
package/src/modes/theme/defaults/dark-nebula.json +0 -90
package/src/modes/theme/defaults/dark-nord.json +0 -97
package/src/modes/theme/defaults/dark-ocean.json +0 -101
package/src/modes/theme/defaults/dark-one.json +0 -100
package/src/modes/theme/defaults/dark-poimandres.json +0 -141
package/src/modes/theme/defaults/dark-rainforest.json +0 -91
package/src/modes/theme/defaults/dark-reef.json +0 -91
package/src/modes/theme/defaults/dark-retro.json +0 -92
package/src/modes/theme/defaults/dark-rose-pine.json +0 -96
package/src/modes/theme/defaults/dark-sakura.json +0 -95
package/src/modes/theme/defaults/dark-slate.json +0 -95
package/src/modes/theme/defaults/dark-solarized.json +0 -97
package/src/modes/theme/defaults/dark-solstice.json +0 -90
package/src/modes/theme/defaults/dark-starfall.json +0 -91
package/src/modes/theme/defaults/dark-sunset.json +0 -99
package/src/modes/theme/defaults/dark-swamp.json +0 -90
package/src/modes/theme/defaults/dark-synthwave.json +0 -103
package/src/modes/theme/defaults/dark-taiga.json +0 -91
package/src/modes/theme/defaults/dark-terminal.json +0 -95
package/src/modes/theme/defaults/dark-tokyo-night.json +0 -101
package/src/modes/theme/defaults/dark-tundra.json +0 -91
package/src/modes/theme/defaults/dark-twilight.json +0 -91
package/src/modes/theme/defaults/dark-volcanic.json +0 -91
package/src/modes/theme/defaults/graphite.json +0 -92
package/src/modes/theme/defaults/light-arctic.json +0 -107
package/src/modes/theme/defaults/light-aurora-day.json +0 -91
package/src/modes/theme/defaults/light-canyon.json +0 -91
package/src/modes/theme/defaults/light-catppuccin.json +0 -106
package/src/modes/theme/defaults/light-cirrus.json +0 -90
package/src/modes/theme/defaults/light-coral.json +0 -95
package/src/modes/theme/defaults/light-cyberpunk.json +0 -96
package/src/modes/theme/defaults/light-dawn.json +0 -90
package/src/modes/theme/defaults/light-dunes.json +0 -91
package/src/modes/theme/defaults/light-eucalyptus.json +0 -95
package/src/modes/theme/defaults/light-forest.json +0 -100
package/src/modes/theme/defaults/light-frost.json +0 -95
package/src/modes/theme/defaults/light-github.json +0 -115
package/src/modes/theme/defaults/light-glacier.json +0 -91
package/src/modes/theme/defaults/light-gruvbox.json +0 -108
package/src/modes/theme/defaults/light-haze.json +0 -90
package/src/modes/theme/defaults/light-honeycomb.json +0 -95
package/src/modes/theme/defaults/light-lagoon.json +0 -91
package/src/modes/theme/defaults/light-lavender.json +0 -95
package/src/modes/theme/defaults/light-meadow.json +0 -91
package/src/modes/theme/defaults/light-mint.json +0 -95
package/src/modes/theme/defaults/light-monochrome.json +0 -101
package/src/modes/theme/defaults/light-ocean.json +0 -99
package/src/modes/theme/defaults/light-one.json +0 -99
package/src/modes/theme/defaults/light-opal.json +0 -91
package/src/modes/theme/defaults/light-orchard.json +0 -91
package/src/modes/theme/defaults/light-paper.json +0 -95
package/src/modes/theme/defaults/light-poimandres.json +0 -141
package/src/modes/theme/defaults/light-prism.json +0 -90
package/src/modes/theme/defaults/light-retro.json +0 -98
package/src/modes/theme/defaults/light-sand.json +0 -95
package/src/modes/theme/defaults/light-savanna.json +0 -91
package/src/modes/theme/defaults/light-solarized.json +0 -102
package/src/modes/theme/defaults/light-soleil.json +0 -90
package/src/modes/theme/defaults/light-sunset.json +0 -99
package/src/modes/theme/defaults/light-synthwave.json +0 -98
package/src/modes/theme/defaults/light-tokyo-night.json +0 -111
package/src/modes/theme/defaults/light-wetland.json +0 -91
package/src/modes/theme/defaults/light-zenith.json +0 -89
package/src/modes/theme/defaults/limestone.json +0 -94
package/src/modes/theme/defaults/mahogany.json +0 -97
package/src/modes/theme/defaults/marble.json +0 -93
package/src/modes/theme/defaults/obsidian.json +0 -91
package/src/modes/theme/defaults/onyx.json +0 -91
package/src/modes/theme/defaults/pearl.json +0 -93
package/src/modes/theme/defaults/porcelain.json +0 -91
package/src/modes/theme/defaults/quartz.json +0 -96
package/src/modes/theme/defaults/sandstone.json +0 -95
package/src/modes/theme/defaults/titanium.json +0 -90
package/src/modes/theme/light.json +0 -93

package/src/tools/bash-allowed-prefixes.ts ADDED Viewed

@@ -0,0 +1,169 @@
+export interface BashAllowedPrefixesCheck {
+	allowed: boolean;
+	reason?: string;
+}
+const SHELL_CONTROL_CHARS = new Set([";", "|", "&", "<", ">", "(", ")"]);
+const UNSAFE_UNQUOTED_EXPANSION_CHARS = new Set(["$", "*", "?", "[", "]", "{", "}", "~"]);
+const STATE_FLAGS_WITH_VALUES = new Set(["--input", "--mode", "--session-id", "--thread-id", "--turn-id", "--to"]);
+const STATE_ACTIONS = new Set(["read", "write", "clear", "contract", "handoff"]);
+const ALLOWED_STATE_ACTIONS = new Set(["read", "write", "contract"]);
+function parseShellWords(command: string): { words: string[]; reason?: string } {
+	const words: string[] = [];
+	let current = "";
+	let quote: "single" | "double" | null = null;
+	for (let index = 0; index < command.length; index += 1) {
+		const char = command[index]!;
+		const next = command[index + 1];
+		if (quote === "single") {
+			if (char === "'") {
+				quote = null;
+			} else {
+				current += char;
+			}
+			continue;
+		}
+		if (quote === "double") {
+			if (char === '"') {
+				quote = null;
+				continue;
+			}
+			if (char === "`" || (char === "$" && next === "(")) {
+				return { words, reason: "command substitution is not allowed in restricted bash commands" };
+			}
+			if (char === "$") {
+				return { words, reason: "shell expansion character '$' is not allowed in restricted bash commands" };
+			}
+			if (char === "\\") {
+				return { words, reason: "backslash escapes are not allowed in restricted bash commands" };
+			}
+			current += char;
+			continue;
+		}
+		if (char === "'") {
+			quote = "single";
+			continue;
+		}
+		if (char === '"') {
+			quote = "double";
+			continue;
+		}
+		if (char === "`" || (char === "$" && next === "(")) {
+			return { words, reason: "command substitution is not allowed in restricted bash commands" };
+		}
+		if (char === "\n" || char === "\r") {
+			return { words, reason: "multiple shell commands are not allowed in restricted bash mode" };
+		}
+		if (SHELL_CONTROL_CHARS.has(char)) {
+			return { words, reason: `shell control operator '${char}' is not allowed in restricted bash commands` };
+		}
+		if (UNSAFE_UNQUOTED_EXPANSION_CHARS.has(char)) {
+			return { words, reason: `shell expansion character '${char}' is not allowed in restricted bash commands` };
+		}
+		if (/\s/u.test(char)) {
+			if (current.length > 0) {
+				words.push(current);
+				current = "";
+			}
+			continue;
+		}
+		if (char === "\\") {
+			return { words, reason: "backslash escapes are not allowed in restricted bash commands" };
+		}
+		current += char;
+	}
+	if (quote !== null) {
+		return { words, reason: "unterminated quote in restricted bash command" };
+	}
+	if (current.length > 0) words.push(current);
+	return { words };
+}
+function prefixWords(prefix: string): string[] {
+	return prefix.trim().split(/\s+/u).filter(Boolean);
+}
+function wordsStartWith(words: readonly string[], prefix: readonly string[]): boolean {
+	if (prefix.length === 0 || words.length < prefix.length) return false;
+	return prefix.every((word, index) => words[index] === word);
+}
+function parseStateAction(words: readonly string[]): string | undefined {
+	const args = words.slice(2);
+	const positional: string[] = [];
+	let skipNext = false;
+	for (const arg of args) {
+		if (skipNext) {
+			skipNext = false;
+			continue;
+		}
+		if (STATE_FLAGS_WITH_VALUES.has(arg)) {
+			skipNext = true;
+			continue;
+		}
+		if (!arg.startsWith("-")) positional.push(arg);
+	}
+	const [first, second, third] = positional;
+	if (!first) return "read";
+	if (STATE_ACTIONS.has(first)) return second ? undefined : first;
+	if (!second) return "read";
+	if (!STATE_ACTIONS.has(second)) return undefined;
+	return third ? undefined : second;
+}
+function validateMatchedGjcCommand(words: readonly string[]): BashAllowedPrefixesCheck {
+	if (words[0] !== "gjc") return { allowed: true };
+	if (words[1] === "ralplan") {
+		if (!words.includes("--write")) {
+			return { allowed: false, reason: "restricted role-agent bash only allows `gjc ralplan --write ...`" };
+		}
+		return { allowed: true };
+	}
+	if (words[1] === "state") {
+		const action = parseStateAction(words);
+		if (!action) {
+			return {
+				allowed: false,
+				reason: "restricted role-agent bash only allows documented `gjc state` action shapes",
+			};
+		}
+		if (!ALLOWED_STATE_ACTIONS.has(action)) {
+			return { allowed: false, reason: `restricted role-agent bash does not allow \`gjc state ${action}\`` };
+		}
+		return { allowed: true };
+	}
+	return { allowed: true };
+}
+export function checkBashAllowedPrefixes(
+	command: string,
+	allowedPrefixes: readonly string[] | undefined,
+): BashAllowedPrefixesCheck {
+	const normalizedPrefixes = allowedPrefixes?.map(prefix => prefix.trim()).filter(Boolean) ?? [];
+	if (normalizedPrefixes.length === 0) return { allowed: true };
+	const parsed = parseShellWords(command.trim());
+	if (parsed.reason) return { allowed: false, reason: parsed.reason };
+	if (parsed.words.length === 0)
+		return { allowed: false, reason: "empty command is not allowed in restricted bash mode" };
+	const matched = normalizedPrefixes.some(prefix => wordsStartWith(parsed.words, prefixWords(prefix)));
+	if (!matched) {
+		return {
+			allowed: false,
+			reason: `restricted role-agent bash only allows commands starting with: ${normalizedPrefixes.join(", ")}`,
+		};
+	}
+	return validateMatchedGjcCommand(parsed.words);
+}

package/src/tools/bash.ts CHANGED Viewed

@@ -8,6 +8,7 @@ import { AsyncJobManager } from "../async";
 import { type BashResult, executeBash } from "../exec/bash-executor";
 import type { RenderResultOptions } from "../extensibility/custom-tools/types";
 import { buildGjcRuntimeSessionEnv } from "../gjc-runtime/goal-mode-request";
+import { GJC_RESTRICTED_ROLE_AGENT_BASH_ENV } from "../gjc-runtime/restricted-role-agent-bash";
 import { InternalUrlRouter } from "../internal-urls";
 import { truncateToVisualLines } from "../modes/components/visual-truncate";
 import { highlightCode, type Theme } from "../modes/theme/theme";
@@ -18,6 +19,7 @@ import { renderStatusLine } from "../tui";
 import { CachedOutputBlock } from "../tui/output-block";
 import { getSixelLineMask } from "../utils/sixel";
 import type { ToolSession } from ".";
+import { checkBashAllowedPrefixes } from "./bash-allowed-prefixes";
 import { applyBashFixups } from "./bash-command-fixup";
 import { type BashInteractiveResult, runInteractiveBashPty } from "./bash-interactive";
 import { checkBashInterception } from "./bash-interceptor";
@@ -253,6 +255,7 @@ export class BashTool implements AgentTool<BashToolSchema, BashToolDetails> {
 			hasAstEdit: this.session.settings.get("astEdit.enabled"),
 			hasSearch: this.session.settings.get("search.enabled"),
 			hasFind: this.session.settings.get("find.enabled"),
+			restrictedAllowedPrefixes: this.session.bashAllowedPrefixes,
 		});
 	}
@@ -377,6 +380,13 @@ export class BashTool implements AgentTool<BashToolSchema, BashToolDetails> {
 							latestText = tailBuffer.text();
 							void reportProgress(latestText, { async: { state: "running", jobId, type: "bash" } });
 						},
+						onRawChunk: chunk => {
+							// Forward the unthrottled sanitized chunk to the async-job
+							// substrate so the Monitor tool can read the complete process
+							// stream by byte offset, independent of the throttled preview
+							// path above.
+							manager.appendOutput(jobId, chunk);
+						},
 						onMinimizedSave: originalText => saveBashOriginalArtifact(this.session, originalText),
 					});
 					const finalResult = this.#buildCompletedResult(result, options.timeoutSec, {
@@ -454,27 +464,29 @@ export class BashTool implements AgentTool<BashToolSchema, BashToolDetails> {
 		return Math.max(0, Math.min(this.#autoBackgroundThresholdMs, timeoutMs - timeoutBufferMs));
 	}
-	async execute(
-		_toolCallId: string,
-		{
-			command: rawCommand,
-			env: rawEnv,
-			timeout: rawTimeout = 300,
-			cwd,
-			async: asyncRequested = false,
-			pty = false,
-		}: BashToolInput,
-		signal?: AbortSignal,
-		onUpdate?: AgentToolUpdateCallback<BashToolDetails>,
+	/**
+	 * Build the fully-prepared parameters for a `bash`-flavored execution
+	 * (interceptors, internal URL expansion, env resolution, cwd validation,
+	 * timeout clamp). Used by both `execute()` and the public `startMonitorJob`
+	 * helper after `AgentSession` has applied the public-tool permission gate, so
+	 * Monitor inherits Bash's cwd / env / artifact / interceptor pipeline 1:1.
+	 */
+	async #prepareBashExecution(
+		input: { command: string; env?: Record<string, string>; timeout?: number; cwd?: string },
 		ctx?: AgentToolContext,
-	): Promise<AgentToolResult<BashToolDetails>> {
-		let command = rawCommand;
-		const env = normalizeBashEnv(rawEnv);
+	): Promise<{
+		command: string;
+		commandCwd: string;
+		resolvedEnv: Record<string, string>;
+		requestedTimeoutSec: number;
+		timeoutSec: number;
+		timeoutMs: number;
+		notices: string[];
+	}> {
+		let command = input.command;
+		let cwd = input.cwd;
+		const env = normalizeBashEnv(input.env);
-		// Apply conservative bash fixups (strip trailing `| head|tail` and redundant
-		// `2>&1`). The helper is single-line only and refuses anything that could
-		// change semantics.
 		if (this.session.settings.get("bash.stripTrailingHeadTail")) {
 			const fixup = applyBashFixups(command);
 			if (fixup.stripped.length > 0) {
@@ -482,9 +494,6 @@ export class BashTool implements AgentTool<BashToolSchema, BashToolDetails> {
 			}
 		}
-		// Extract leading `cd <path> && ...` into cwd when the model ignores the cwd parameter.
-		// Constrained to a single line so a `&&` that sits on a later line of a multiline
-		// script can't pull the entire script into the "cwd" capture.
 		if (!cwd) {
 			const cdMatch = command.match(/^cd[ \t]+((?:[^&\\\n\r]|\\.)+?)[ \t]*&&[ \t]*/);
 			if (cdMatch) {
@@ -492,8 +501,20 @@ export class BashTool implements AgentTool<BashToolSchema, BashToolDetails> {
 				command = command.slice(cdMatch[0].length);
 			}
 		}
-		if (asyncRequested && !this.#asyncEnabled) {
-			throw new ToolError("Async bash execution is disabled. Enable async.enabled to use async mode.");
+		const rawCommand = input.command;
+		const allowedPrefixes = this.session.bashAllowedPrefixes;
+		if (allowedPrefixes && allowedPrefixes.length > 0) {
+			if (env && Object.keys(env).length > 0) {
+				throw new ToolError("Restricted role-agent bash does not allow per-command env overrides.");
+			}
+			const commandsToCheck = rawCommand === command ? [command] : [rawCommand, command];
+			for (const commandToCheck of commandsToCheck) {
+				const allowlist = checkBashAllowedPrefixes(commandToCheck, allowedPrefixes);
+				if (!allowlist.allowed) {
+					throw new ToolError(allowlist.reason ?? "Command blocked by restricted role-agent bash allowlist.");
+				}
+			}
 		}
 		// Check both the original command and the cwd-normalized command so
@@ -541,9 +562,9 @@ export class BashTool implements AgentTool<BashToolSchema, BashToolDetails> {
 				cwd: this.session.cwd,
 			}),
 			...expandedEnv,
+			...(allowedPrefixes && allowedPrefixes.length > 0 ? { [GJC_RESTRICTED_ROLE_AGENT_BASH_ENV]: "1" } : {}),
 		};
-		// Resolve protocol URLs (agent://, artifact://, etc.) in extracted cwd.
 		if (cwd?.includes("://") || cwd?.includes("local:/")) {
 			cwd = await expandInternalUrls(cwd, { ...internalUrlOptions, noEscape: true });
 		}
@@ -562,13 +583,153 @@ export class BashTool implements AgentTool<BashToolSchema, BashToolDetails> {
 			throw new ToolError(`Working directory is not a directory: ${commandCwd}`);
 		}
-		// Clamp to reasonable range: 1s - 3600s (1 hour)
-		const requestedTimeoutSec = rawTimeout;
+		const requestedTimeoutSec = input.timeout ?? 300;
 		const timeoutSec = clampTimeout("bash", requestedTimeoutSec);
 		const timeoutMs = timeoutSec * 1000;
-		const pendingNotices: string[] = [];
+		const notices: string[] = [];
 		const timeoutClampNotice = formatTimeoutClampNotice(requestedTimeoutSec, timeoutSec);
-		if (timeoutClampNotice) pendingNotices.push(timeoutClampNotice);
+		if (timeoutClampNotice) notices.push(timeoutClampNotice);
+		return { command, commandCwd, resolvedEnv, requestedTimeoutSec, timeoutSec, timeoutMs, notices };
+	}
+	/**
+	 * Start a background bash job for the Monitor tool. Reuses the full Bash
+	 * pipeline (interceptors, internal-URL expansion, env, cwd, timeout); the
+	 * public `monitor` tool itself is ACP-gated by `AgentSession` before this
+	 * helper is called. The caller-supplied `onRawLine` callback is invoked once
+	 * per newline-terminated stdout chunk, between turns, so the upstream Claude
+	 * Code "Each stdout line is a task-notification event" semantics are preserved
+	 * through the agent's existing background-task delivery path.
+	 */
+	async startMonitorJob(
+		input: { command: string; cwd?: string; timeout?: number; env?: Record<string, string> },
+		opts: {
+			ownerId?: string;
+			label?: string;
+			ctx?: AgentToolContext;
+			onRawLine?: (line: string, jobId: string) => void;
+		} = {},
+	): Promise<{ jobId: string; label: string; commandCwd: string }> {
+		const manager = AsyncJobManager.instance();
+		if (!manager) {
+			throw new ToolError("Async job manager unavailable for this session.");
+		}
+		const prepared = await this.#prepareBashExecution(input, opts.ctx);
+		const label =
+			opts.label ?? (prepared.command.length > 120 ? `${prepared.command.slice(0, 117)}...` : prepared.command);
+		const monitorTimeoutMs = input.timeout === undefined ? null : prepared.timeoutMs;
+		const onRawLine = opts.onRawLine;
+		let currentJobId = "";
+		let cursorOffset = 0;
+		let lineBuffer = "";
+		const dispatchLines = (chunk: string) => {
+			if (!onRawLine) return;
+			lineBuffer += chunk;
+			let newlineIndex = lineBuffer.indexOf("\n");
+			while (newlineIndex !== -1) {
+				const line = lineBuffer.slice(0, newlineIndex);
+				lineBuffer = lineBuffer.slice(newlineIndex + 1);
+				try {
+					onRawLine(line, currentJobId);
+				} catch (error) {
+					logger.warn("Monitor onRawLine callback failed", {
+						error: error instanceof Error ? error.message : String(error),
+					});
+				}
+				newlineIndex = lineBuffer.indexOf("\n");
+			}
+		};
+		const flushTrailingLine = () => {
+			if (!onRawLine) return;
+			if (lineBuffer.length === 0) return;
+			const remainder = lineBuffer;
+			lineBuffer = "";
+			try {
+				onRawLine(remainder, currentJobId);
+			} catch (error) {
+				logger.warn("Monitor onRawLine callback failed (trailing)", {
+					error: error instanceof Error ? error.message : String(error),
+				});
+			}
+		};
+		const ownerId = opts.ownerId ?? this.session.getAgentId?.() ?? undefined;
+		const jobId = manager.register(
+			"bash",
+			label,
+			async ({ jobId: id, signal, reportProgress }) => {
+				const { path: artifactPath, id: artifactId } = (await this.session.allocateOutputArtifact?.("bash")) ?? {};
+				const tailBuffer = new TailBuffer(DEFAULT_MAX_BYTES);
+				try {
+					const result = await executeBash(prepared.command, {
+						cwd: prepared.commandCwd,
+						sessionKey: `${this.session.getSessionId?.() ?? ""}:monitor:${id}`,
+						timeout: monitorTimeoutMs,
+						signal,
+						env: prepared.resolvedEnv,
+						artifactPath,
+						artifactId,
+						onChunk: chunk => {
+							tailBuffer.append(chunk);
+							void reportProgress(tailBuffer.text(), {
+								async: { state: "running", jobId: id, type: "bash" },
+							});
+						},
+						onRawChunk: chunk => {
+							manager.appendOutput(id, chunk);
+							const slice = manager.readOutputSince(id, cursorOffset, ownerId ? { ownerId } : undefined);
+							if (!slice) return;
+							cursorOffset = slice.nextOffset;
+							dispatchLines(slice.text);
+						},
+						onMinimizedSave: originalText => saveBashOriginalArtifact(this.session, originalText),
+					});
+					flushTrailingLine();
+					this.#buildResultText(result, prepared.timeoutSec, result.output || "(no output)");
+					return result.output;
+				} catch (error) {
+					flushTrailingLine();
+					throw error instanceof Error ? error : new Error(String(error));
+				}
+			},
+			{ ownerId },
+		);
+		currentJobId = jobId;
+		return { jobId, label, commandCwd: prepared.commandCwd };
+	}
+	async execute(
+		_toolCallId: string,
+		{
+			command: rawCommand,
+			env: rawEnv,
+			timeout: rawTimeout = 300,
+			cwd,
+			async: asyncRequested = false,
+			pty = false,
+		}: BashToolInput,
+		signal?: AbortSignal,
+		onUpdate?: AgentToolUpdateCallback<BashToolDetails>,
+		ctx?: AgentToolContext,
+	): Promise<AgentToolResult<BashToolDetails>> {
+		if (asyncRequested && !this.#asyncEnabled) {
+			throw new ToolError("Async bash execution is disabled. Enable async.enabled to use async mode.");
+		}
+		const prepared = await this.#prepareBashExecution(
+			{ command: rawCommand, env: rawEnv, timeout: rawTimeout, cwd },
+			ctx,
+		);
+		const {
+			command,
+			commandCwd,
+			resolvedEnv,
+			requestedTimeoutSec,
+			timeoutSec,
+			timeoutMs,
+			notices: pendingNotices,
+		} = prepared;
 		if (asyncRequested) {
 			if (!AsyncJobManager.instance()) {

package/src/tools/browser/tab-worker.ts CHANGED Viewed

@@ -916,7 +916,7 @@ export class WorkerCore {
 						dispatchEvent: (event: unknown) => boolean;
 					}
 					const select = el as unknown as SelectLike;
-					if (!select || select.tagName !== "SELECT") throw new Error("tab.select() requires a <select> element");
+					if (select?.tagName !== "SELECT") throw new Error("tab.select() requires a <select> element");
 					const EventCtor = (
 						globalThis as unknown as { Event: new (type: string, init?: { bubbles: boolean }) => unknown }
 					).Event;