@guangnao/agent-os 1.0.0

package/dist/index.js

@@ -0,0 +1,2527 @@
+// src/abi/ids.ts
+var _capSeq = 0;
+var _msgSeq = 0;
+var _segSeq = 0;
+function newSegId() {
+  return `seg_${(_segSeq++).toString(36)}`;
+}
+function newCapRef() {
+  return `cap_${(_capSeq++).toString(36)}_${Math.random().toString(36).slice(2, 10)}`;
+}
+function newMsgId() {
+  return `msg_${(_msgSeq++).toString(36)}`;
+}
+var drv = (name) => name;
+
+// src/abi/capability.ts
+var hasRight = (cap, r) => !cap.revoked && cap.rights.has(r);
+
+// src/abi/index.ts
+var ABI_VERSION = 1;
+
+// src/kernel/account.ts
+var QuotaExceeded = class extends Error {
+  constructor(resource) {
+    super(`quota exceeded: ${resource}`);
+    this.resource = resource;
+    this.name = "QuotaExceeded";
+  }
+};
+var Account = class _Account {
+  constructor(quota = {}, now = Date.now, parent = null) {
+    this.now = now;
+    this.parent = parent;
+    this.rem = { tokens: quota.tokens, toolCalls: quota.toolCalls, usd: quota.usd, children: quota.children };
+    this.wallMs = quota.wallMs;
+    this.mem = quota.mem;
+    this.maxMailbox = quota.maxMailbox;
+    this.bornAt = now();
+  }
+  rem;
+  // own remaining; undefined = unlimited at this level
+  spent = { tokens: 0, toolCalls: 0, usd: 0, children: 0 };
+  // subtree usage seen here
+  wallMs;
+  mem;
+  maxMailbox;
+  bornAt;
+  /** Charge n of a meter against this account AND every ancestor (atomic: all-or-nothing). */
+  charge(meter, n) {
+    if (!Number.isFinite(n) || n <= 0) return;
+    for (let a = this; a; a = a.parent) {
+      const left = a.rem[meter];
+      if (left !== void 0 && n > left) throw new QuotaExceeded(meter);
+    }
+    for (let a = this; a; a = a.parent) {
+      const left = a.rem[meter];
+      if (left !== void 0) a.rem[meter] = left - n;
+      a.spent[meter] += n;
+    }
+  }
+  /** Throw if wall-clock lifetime exceeded (per-process, not bubbled). */
+  checkWall() {
+    if (this.wallMs !== void 0 && this.now() - this.bornAt > this.wallMs) throw new QuotaExceeded("wallMs");
+  }
+  /** Give resources back up the chain (refunds never fail — no pre-check). */
+  refund(meter, n) {
+    for (let a = this; a; a = a.parent) {
+      const left = a.rem[meter];
+      if (left !== void 0) a.rem[meter] = left + n;
+      a.spent[meter] -= n;
+    }
+  }
+  /** A child account in the tree. Spawning counts 1 against the chain's `children` budget. */
+  child(quota) {
+    this.charge("children", 1);
+    return new _Account(quota, this.now, this);
+  }
+  /** Called when the owning process exits: free the one `children` slot it occupies in its parent's
+   *  subtree. `children` is a CONCURRENT cap (cgroup pids.max) — live count, not a lifetime total —
+   *  so a supervisor that spawns and reaps in a loop keeps working. (tokens/usd stay cumulative.) */
+  release() {
+    this.parent?.refund("children", 1);
+  }
+  remaining() {
+    const wallLeft = this.wallMs === void 0 ? void 0 : Math.max(0, this.wallMs - (this.now() - this.bornAt));
+    return { ...this.rem, wallMs: wallLeft, mem: this.mem };
+  }
+  /** Aggregate usage of this node and everything below it (charges bubbled up to here). */
+  usage() {
+    return { ...this.spent };
+  }
+};
+
+// src/kernel/captable.ts
+var CapError = class extends Error {
+  constructor(msg) {
+    super(msg);
+    this.name = "CapError";
+  }
+};
+var CapTable = class {
+  // owner → its live caps: O(owned) revoke/scan, not O(all)
+  /** `now` is injected (the kernel clock) so caveat expiry is deterministic/replayable, not wall-time. */
+  constructor(now = () => Date.now()) {
+    this.now = now;
+  }
+  caps = /* @__PURE__ */ new Map();
+  derived = /* @__PURE__ */ new Map();
+  // cap → its derivations (transitive revoke)
+  parentOf = /* @__PURE__ */ new Map();
+  // derivation → its parent: lets revoke unlink upward (no dead-ref pile-up)
+  byOwner = /* @__PURE__ */ new Map();
+  own(pid, ref) {
+    let s = this.byOwner.get(pid);
+    if (!s) {
+      s = /* @__PURE__ */ new Set();
+      this.byOwner.set(pid, s);
+    }
+    s.add(ref);
+  }
+  disown(pid, ref) {
+    const s = this.byOwner.get(pid);
+    if (s) {
+      s.delete(ref);
+      if (!s.size) this.byOwner.delete(pid);
+    }
+  }
+  /** A cap is live unless revoked OR a caveat is unsatisfied (e.g. it has expired). */
+  satisfied(c) {
+    if (c.revoked) return false;
+    for (const cav of c.caveats) if (cav.kind === "expires" && this.now() > cav.at) return false;
+    return true;
+  }
+  /** Kernel-internal: create authority. Not reachable from userland. */
+  mint(owner, resource, rights, caveats = []) {
+    const ref = newCapRef();
+    this.caps.set(ref, { ref, owner, resource, rights: new Set(rights), caveats, revoked: false });
+    this.own(owner, ref);
+    return ref;
+  }
+  /** Userland: weaken a cap you own to a subset of its rights, for least-privilege delegation. */
+  derive(owner, parent, rights) {
+    return this.attenuate(owner, parent, rights, []);
+  }
+  /** Userland: weaken a cap you own — a subset of rights AND/OR added caveats (e.g. an expiry). Both only ever
+   *  RESTRICT: rights must be a subset, and the child inherits ALL the parent's caveats plus the new ones, so a
+   *  caveat (a TTL, say) can't be stripped by re-deriving. The result is a fresh cap revoked with the parent. */
+  attenuate(owner, parent, rights, caveats) {
+    const p = this.lookup(parent);
+    if (!p || p.owner !== owner) throw new CapError("attenuate: caller does not own this capability");
+    const want = rights === void 0 ? new Set(p.rights) : new Set(rights);
+    for (const r of want) if (!p.rights.has(r)) throw new CapError(`attenuate: cannot amplify right "${r}"`);
+    const child = this.mint(owner, p.resource, want, [...p.caveats, ...caveats]);
+    let set = this.derived.get(parent);
+    if (!set) {
+      set = /* @__PURE__ */ new Set();
+      this.derived.set(parent, set);
+    }
+    set.add(child);
+    this.parentOf.set(child, parent);
+    return child;
+  }
+  /** Hand ownership to another process (delegation rides on IPC, like fd-passing). */
+  transfer(ref, to) {
+    const c = this.caps.get(ref);
+    if (c && !c.revoked) {
+      this.disown(c.owner, ref);
+      c.owner = to;
+      this.own(to, ref);
+    }
+  }
+  lookup(ref) {
+    const c = this.caps.get(ref);
+    return c && this.satisfied(c) ? c : void 0;
+  }
+  /** Does this process hold any cap over a resource of the given kind? (gates ambient-looking syscalls like spawn) */
+  ownsKind(pid, kind) {
+    const s = this.byOwner.get(pid);
+    if (s) for (const ref of s) {
+      const c = this.caps.get(ref);
+      if (c && c.resource.kind === kind && this.satisfied(c)) return true;
+    }
+    return false;
+  }
+  /** Look up + assert the holder owns it and it grants `right`. The gate every privileged syscall passes. */
+  require(holder, ref, right) {
+    const c = this.lookup(ref);
+    if (!c) throw new CapError("invalid or revoked capability");
+    if (c.owner !== holder) throw new CapError("capability not held by caller");
+    if (!c.rights.has(right)) throw new CapError(`capability lacks right "${right}"`);
+    return c;
+  }
+  /** Revoke a cap and, transitively, everything derived from it. Frees it from the table (and the
+   *  owner index) — the flag stays set too, so any lingering Capability reference still reads revoked. */
+  revoke(ref) {
+    const c = this.caps.get(ref);
+    if (!c) return;
+    c.revoked = true;
+    this.caps.delete(ref);
+    this.disown(c.owner, ref);
+    const par = this.parentOf.get(ref);
+    if (par !== void 0) {
+      this.parentOf.delete(ref);
+      this.derived.get(par)?.delete(ref);
+    }
+    const kids = this.derived.get(ref);
+    if (kids) {
+      this.derived.delete(ref);
+      for (const d of kids) this.revoke(d);
+    }
+  }
+  /** On process exit: drop all authority it held — O(caps it owned), not O(caps ever minted). */
+  revokeOwnedBy(pid) {
+    const s = this.byOwner.get(pid);
+    if (s) for (const ref of [...s]) this.revoke(ref);
+  }
+};
+
+// src/kernel/pcb.ts
+var Mailbox = class {
+  q = [];
+  head = 0;
+  get len() {
+    return this.q.length - this.head;
+  }
+  push(m) {
+    this.q.push(m);
+  }
+  shift() {
+    if (this.head >= this.q.length) return void 0;
+    const m = this.q[this.head];
+    this.head++;
+    if (this.head > 64 && this.head * 2 >= this.q.length) {
+      this.q = this.q.slice(this.head);
+      this.head = 0;
+    }
+    return m;
+  }
+  drain() {
+    return this.q.slice(this.head);
+  }
+  // non-destructive view of pending msgs (snapshot/inspect)
+};
+var ExitSignal = class extends Error {
+  constructor(reason) {
+    super("exit");
+    this.reason = reason;
+    this.name = "ExitSignal";
+  }
+};
+function makePCB(pid, parent, image, args, account, context) {
+  return {
+    pid,
+    name: image.name,
+    parent,
+    image,
+    args,
+    account,
+    context,
+    status: "new",
+    stopped: false,
+    age: 0,
+    reductions: 0,
+    op: 0,
+    recovered: false,
+    priority: 0,
+    deadline: null,
+    enq: 0,
+    cont: null,
+    timer: null,
+    deadlineTimer: null,
+    exitReason: null,
+    mailbox: new Mailbox(),
+    mailboxWaiters: [],
+    links: /* @__PURE__ */ new Set(),
+    monitors: /* @__PURE__ */ new Set(),
+    handles: /* @__PURE__ */ new Map(),
+    cleanups: []
+  };
+}
+var ProcTable = class {
+  map = /* @__PURE__ */ new Map();
+  seq = 0;
+  alloc() {
+    return ++this.seq;
+  }
+  // monotone; never reused (no ABA on stale CapRefs)
+  add(pcb) {
+    this.map.set(pcb.pid, pcb);
+  }
+  get(pid) {
+    return this.map.get(pid);
+  }
+  remove(pid) {
+    this.map.delete(pid);
+  }
+  all() {
+    return this.map.values();
+  }
+  get count() {
+    return this.map.size;
+  }
+};
+
+// src/kernel/log.ts
+var EventLog = class {
+  constructor(cap = 4096, sink, now = Date.now) {
+    this.cap = cap;
+    this.sink = sink;
+    this.now = now;
+  }
+  buf = [];
+  seq = 0;
+  byType = {};
+  exitsByReason = {};
+  charged = {};
+  emit(e) {
+    const s = { ...e, seq: this.seq++, ts: this.now() };
+    this.buf.push(s);
+    if (this.buf.length > this.cap) this.buf.shift();
+    this.byType[e.t] = (this.byType[e.t] ?? 0) + 1;
+    if (e.t === "exit") this.exitsByReason[e.reason.kind] = (this.exitsByReason[e.reason.kind] ?? 0) + 1;
+    if (e.t === "charge") this.charged[e.meter] = (this.charged[e.meter] ?? 0) + e.n;
+    this.sink?.(s);
+  }
+  tail(n = 50) {
+    return this.buf.slice(-n);
+  }
+  stats() {
+    return { byType: { ...this.byType }, exitsByReason: { ...this.exitsByReason }, charged: { ...this.charged } };
+  }
+  get count() {
+    return this.seq;
+  }
+  clear() {
+    this.buf.length = 0;
+  }
+};
+
+// src/kernel/memory.ts
+var CJK = /[\u3000-\u9fff\uac00-\ud7af\uf900-\ufaff\uff00-\uffef]/g;
+var estTokens = (body) => {
+  const s = JSON.stringify(body ?? "");
+  const cjk = (s.match(CJK) || []).length;
+  return Math.max(1, Math.ceil(cjk * 1.5 + (s.length - cjk) / 4));
+};
+var DefaultPager = class {
+  constructor(summarize) {
+    this.summarize = summarize;
+  }
+  async pageOut(resident, need) {
+    const evict = [];
+    const victims = [];
+    let freed = 0;
+    for (const s of resident) {
+      if (s.pinned) continue;
+      evict.push(s.id);
+      victims.push(s);
+      freed += s.tokens;
+      if (freed >= need) break;
+    }
+    if (evict.length === 0) return { evict };
+    if (victims.every((s) => s.summary)) return { evict };
+    const sum = this.summarize ? await this.summarize(victims) : { body: { kind: "summary", of: victims.length }, tokens: Math.min(48, Math.ceil(freed / 4)) };
+    return { evict, summary: { body: sum.body, tokens: sum.tokens, pinned: false, summary: true } };
+  }
+};
+var segText = (body) => (typeof body === "string" ? body : JSON.stringify(body ?? "")).toLowerCase();
+var terms = (s) => s.split(/[^a-z0-9一-鿿]+/i).filter(Boolean);
+var KeywordRecaller = class {
+  text = /* @__PURE__ */ new Map();
+  index(id, body) {
+    this.text.set(id, segText(body));
+  }
+  remove(id) {
+    this.text.delete(id);
+  }
+  search(query, candidates, k) {
+    const q = terms(query);
+    return [...candidates].map((id) => {
+      const t = this.text.get(id) ?? "";
+      return { id, n: q.reduce((s, w) => s + (t.includes(w) ? 1 : 0), 0) };
+    }).filter((x) => x.n > 0).sort((a, b) => b.n - a.n).slice(0, k).map((x) => x.id);
+  }
+};
+var Bm25Recaller = class {
+  docs = /* @__PURE__ */ new Map();
+  df = /* @__PURE__ */ new Map();
+  // document frequency per term (over indexed = swapped segs)
+  totalLen = 0;
+  k1 = 1.5;
+  b = 0.75;
+  index(id, body) {
+    if (this.docs.has(id)) this.remove(id);
+    const ts = terms(segText(body));
+    const tf = /* @__PURE__ */ new Map();
+    for (const t of ts) tf.set(t, (tf.get(t) ?? 0) + 1);
+    this.docs.set(id, { tf, len: ts.length });
+    this.totalLen += ts.length;
+    for (const t of tf.keys()) this.df.set(t, (this.df.get(t) ?? 0) + 1);
+  }
+  remove(id) {
+    const d = this.docs.get(id);
+    if (!d) return;
+    this.docs.delete(id);
+    this.totalLen -= d.len;
+    for (const t of d.tf.keys()) {
+      const n = (this.df.get(t) ?? 1) - 1;
+      if (n <= 0) this.df.delete(t);
+      else this.df.set(t, n);
+    }
+  }
+  search(query, candidates, k) {
+    const N = this.docs.size || 1;
+    const avg = this.totalLen / N || 1;
+    const q = [...new Set(terms(query))];
+    const scored = [];
+    for (const id of candidates) {
+      const d = this.docs.get(id);
+      if (!d) continue;
+      let score = 0;
+      for (const t of q) {
+        const tf = d.tf.get(t);
+        if (!tf) continue;
+        const df = this.df.get(t) ?? 1;
+        const idf = Math.log(1 + (N - df + 0.5) / (df + 0.5));
+        score += idf * (tf * (this.k1 + 1)) / (tf + this.k1 * (1 - this.b + this.b * d.len / avg));
+      }
+      if (score > 0) scored.push({ id, score });
+    }
+    return scored.sort((a, b) => b.score - a.score).slice(0, k).map((x) => x.id);
+  }
+};
+var VectorRecaller = class {
+  constructor(embed) {
+    this.embed = embed;
+  }
+  vecs = /* @__PURE__ */ new Map();
+  index(id, body) {
+    this.vecs.set(id, this.embed(segText(body)));
+  }
+  remove(id) {
+    this.vecs.delete(id);
+  }
+  search(query, candidates, k) {
+    const q = this.embed(query);
+    return [...candidates].map((id) => ({ id, s: cosine(q, this.vecs.get(id) ?? []) })).filter((x) => x.s > 0).sort((a, b) => b.s - a.s).slice(0, k).map((x) => x.id);
+  }
+};
+function hashEmbed(dim = 64) {
+  const h = (w) => {
+    let x = 2166136261;
+    for (let i = 0; i < w.length; i++) {
+      x ^= w.charCodeAt(i);
+      x = Math.imul(x, 16777619);
+    }
+    return (x >>> 0) % dim;
+  };
+  return (text) => {
+    const v = new Array(dim).fill(0);
+    for (const w of terms(text)) v[h(w)] += 1;
+    const norm2 = Math.sqrt(v.reduce((s, x) => s + x * x, 0)) || 1;
+    return v.map((x) => x / norm2);
+  };
+}
+function cosine(a, b) {
+  if (a.length !== b.length) return 0;
+  let dot = 0;
+  for (let i = 0; i < a.length; i++) dot += a[i] * b[i];
+  return dot;
+}
+var Context = class _Context {
+  constructor(ceiling, pager, recaller = new KeywordRecaller()) {
+    this.ceiling = ceiling;
+    this.pager = pager;
+    this.recaller = recaller;
+  }
+  resident = /* @__PURE__ */ new Map();
+  // insertion ≈ recency
+  swap = /* @__PURE__ */ new Map();
+  // paged-out ("disk")
+  size = 0;
+  get watermark() {
+    return this.ceiling === void 0 ? void 0 : Math.floor(this.ceiling * 0.8);
+  }
+  async remember(body, tokens, pinned) {
+    const id = newSegId();
+    this.resident.set(id, { id, body, tokens, pinned });
+    this.size += tokens;
+    await this.relieve();
+    return id;
+  }
+  workingSet() {
+    return [...this.resident.values()];
+  }
+  async recall(query, k) {
+    const ids = this.recaller.search(query, new Set(this.swap.keys()), k);
+    const out = [];
+    for (const id of ids) {
+      const s = this.swap.get(id);
+      if (!s) continue;
+      this.swap.delete(id);
+      this.recaller.remove(id);
+      this.resident.set(id, s);
+      this.size += s.tokens;
+      out.push(s);
+    }
+    await this.relieve();
+    return out;
+  }
+  pin(id, on) {
+    const s = this.resident.get(id);
+    if (s) s.pinned = on;
+  }
+  forget(id) {
+    const r = this.resident.get(id);
+    if (r) {
+      this.resident.delete(id);
+      this.size -= r.tokens;
+    } else {
+      this.swap.delete(id);
+      this.recaller.remove(id);
+    }
+  }
+  stats() {
+    return { resident: this.resident.size, swapped: this.swap.size, size: this.size, ceiling: this.ceiling };
+  }
+  /** Serialize the durable state of the context (for snapshot/migration). */
+  dump() {
+    return [...this.resident.values(), ...this.swap.values()].map((s) => ({ body: s.body, tokens: s.tokens, pinned: s.pinned }));
+  }
+  /** Rebuild a context from a dump, then page down under the watermark if over ceiling (e.g.
+   *  restored on a kernel with a smaller memory cap). Throws QuotaExceeded if the pinned working
+   *  set alone surpasses the ceiling. */
+  static async from(ceiling, pager, segs, recaller) {
+    const c = new _Context(ceiling, pager, recaller);
+    for (const s of segs) {
+      const id = newSegId();
+      c.resident.set(id, { id, body: s.body, tokens: s.tokens, pinned: s.pinned });
+      c.size += s.tokens;
+    }
+    await c.relieve();
+    return c;
+  }
+  /** Resident segments coldest-first. The Map's insertion order already tracks recency — remember
+   *  appends, recall re-inserts (swap→resident) at the end, and no resident key is re-set in place —
+   *  so iteration is LRU-ascending with no sort. (Keep that invariant if you touch resident.set.) */
+  lru() {
+    return [...this.resident.values()];
+  }
+  /** Page out until under the watermark (or only pinned remain); OOM if the pinned set busts the ceiling. */
+  async relieve() {
+    const wm = this.watermark;
+    if (wm === void 0) return;
+    while (this.size > wm) {
+      const before = this.size;
+      const need = this.size - Math.floor(this.ceiling * 0.6);
+      const { evict, summary } = await this.pager.pageOut(this.lru(), need);
+      if (evict.length === 0) break;
+      for (const id of evict) {
+        const s = this.resident.get(id);
+        if (s) {
+          this.resident.delete(id);
+          this.size -= s.tokens;
+          this.swap.set(id, s);
+          this.recaller.index(id, s.body);
+        }
+      }
+      if (summary) {
+        const id = newSegId();
+        this.resident.set(id, { id, ...summary });
+        this.size += summary.tokens;
+      }
+      if (this.size >= before) break;
+    }
+    if (this.size > this.ceiling) throw new QuotaExceeded("mem");
+  }
+};
+
+// src/kernel/journal.ts
+var Journal = class _Journal {
+  io = /* @__PURE__ */ new Map();
+  seq = [];
+  static key(pid, op) {
+    return `${pid}:${op}`;
+  }
+  record(pid, op, result) {
+    this.io.set(_Journal.key(pid, op), result);
+    this.seq.push({ pid, op, result });
+  }
+  get(pid, op) {
+    return this.io.get(_Journal.key(pid, op));
+  }
+  get size() {
+    return this.seq.length;
+  }
+  /** Serialize a recorded run so it can be persisted and replayed later. */
+  toJSON() {
+    return this.seq;
+  }
+  static fromJSON(seq) {
+    const j = new _Journal();
+    for (const e of seq) j.record(e.pid, e.op, e.result);
+    return j;
+  }
+};
+
+// src/kernel/clock.ts
+var RealClock = class {
+  virtual = false;
+  handles = /* @__PURE__ */ new WeakMap();
+  now() {
+    return Date.now();
+  }
+  after(ms, cb) {
+    const t = { fire: Date.now() + ms, cb };
+    this.handles.set(t, setTimeout(() => {
+      if (!t.cancelled) cb();
+    }, ms));
+    return t;
+  }
+  cancel(t) {
+    t.cancelled = true;
+    const h = this.handles.get(t);
+    if (h) clearTimeout(h);
+  }
+  advance() {
+    return false;
+  }
+  // wall time advances itself
+};
+var VirtualClock = class {
+  virtual = true;
+  t = 0;
+  pending = [];
+  // kept sorted by fire time (earliest first)
+  now() {
+    return this.t;
+  }
+  after(ms, cb) {
+    const t = { fire: this.t + Math.max(0, ms), cb };
+    this.pending.push(t);
+    this.pending.sort((a, b) => a.fire - b.fire);
+    return t;
+  }
+  cancel(t) {
+    t.cancelled = true;
+    this.pending = this.pending.filter((x) => x !== t);
+  }
+  advance() {
+    let next = this.pending.shift();
+    while (next && next.cancelled) next = this.pending.shift();
+    if (!next) return false;
+    this.t = Math.max(this.t, next.fire);
+    next.cb();
+    return true;
+  }
+};
+
+// src/kernel/store.ts
+import { appendFileSync, readFileSync, existsSync, writeFileSync } from "node:fs";
+var MemoryStore = class {
+  recs = [];
+  append(rec) {
+    this.recs.push(rec);
+  }
+  load() {
+    return this.recs;
+  }
+};
+var FileStore = class {
+  constructor(path) {
+    this.path = path;
+  }
+  append(rec) {
+    appendFileSync(this.path, JSON.stringify(rec) + "\n");
+  }
+  load() {
+    if (!existsSync(this.path)) return [];
+    return readFileSync(this.path, "utf8").split("\n").filter(Boolean).map((l) => JSON.parse(l));
+  }
+  reset() {
+    writeFileSync(this.path, "");
+  }
+};
+function journalFromStore(records) {
+  const j = new Journal();
+  for (const r of records) if (r.kind === "io") j.record(r.data.pid, r.data.op, r.data.result);
+  return j;
+}
+function eventsFromStore(records) {
+  return records.filter((r) => r.kind === "event").map((r) => r.data);
+}
+
+// src/kernel/transport.ts
+import { createHmac, timingSafeEqual } from "node:crypto";
+function canon(v) {
+  const out = [];
+  canonInto(v, out);
+  return out.join("");
+}
+function canonInto(v, out) {
+  if (v === null || typeof v !== "object") {
+    out.push(JSON.stringify(v) ?? "null");
+    return;
+  }
+  if (Array.isArray(v)) {
+    out.push("[");
+    for (let i = 0; i < v.length; i++) {
+      if (i) out.push(",");
+      canonInto(v[i], out);
+    }
+    out.push("]");
+    return;
+  }
+  const o = v;
+  const keys = Object.keys(o).sort();
+  out.push("{");
+  for (let i = 0; i < keys.length; i++) {
+    if (i) out.push(",");
+    out.push(JSON.stringify(keys[i]), ":");
+    canonInto(o[keys[i]], out);
+  }
+  out.push("}");
+}
+function mac(key, to, nonce, ts, body) {
+  return createHmac("sha256", key).update(`${to}\0${nonce}\0${ts}\0${canon(body)}`).digest("hex");
+}
+var _nonceSeq = 0;
+function freshNonce(rand) {
+  return `${(_nonceSeq++).toString(36)}.${rand()}`;
+}
+function seal(key, to, body, nonce, ts = Date.now()) {
+  return { to, nonce, ts, body, mac: mac(key, to, nonce, ts, body) };
+}
+function verify(key, env) {
+  try {
+    const want = mac(key, env.to, env.nonce, env.ts, env.body);
+    if (typeof env.mac !== "string" || want.length !== env.mac.length) return false;
+    return timingSafeEqual(Buffer.from(want), Buffer.from(env.mac));
+  } catch {
+    return false;
+  }
+}
+var NonceGuard = class {
+  // nonce → first-seen time (ms)
+  constructor(windowMs = 3e5, cap = 1 << 20) {
+    this.windowMs = windowMs;
+    this.cap = cap;
+  }
+  seen = /* @__PURE__ */ new Map();
+  /** True the first time a nonce is seen within the window; false on replay. `now` is the kernel clock. */
+  admit(nonce, now) {
+    for (const [n, t] of this.seen) {
+      if (now - t > this.windowMs) this.seen.delete(n);
+      else break;
+    }
+    if (this.seen.has(nonce)) return false;
+    this.seen.set(nonce, now);
+    if (this.seen.size > this.cap) this.seen.delete(this.seen.keys().next().value);
+    return true;
+  }
+};
+
+// src/kernel/kernel.ts
+var QUANTUM = 2e3;
+var AGE_EVERY = 4;
+var AGE_MAX = 8;
+var ageBoost = (age) => Math.min(AGE_MAX, Math.floor(age / AGE_EVERY));
+var KernelError = class extends Error {
+  constructor(msg) {
+    super(msg);
+    this.name = "KernelError";
+  }
+};
+var Kernel = class _Kernel {
+  proc = new ProcTable();
+  caps = new CapTable(() => this.clock.now());
+  // caveat expiry uses the kernel clock (deterministic/replayable)
+  log;
+  drivers = /* @__PURE__ */ new Map();
+  onLog;
+  pager;
+  mode;
+  journal;
+  clock;
+  mkRecaller;
+  store;
+  transportKey;
+  nodeId;
+  peers = /* @__PURE__ */ new Map();
+  // node id → egress (a dialTcp.send, or any envelope sink)
+  egressSeq = 0;
+  // node-scoped nonce counter for outbound envelopes
+  images = /* @__PURE__ */ new Map();
+  // remotely-spawnable images, by name
+  pendingSpawns = /* @__PURE__ */ new Map();
+  // corr id → spawnRemote resolver
+  remoteMonitors = /* @__PURE__ */ new Map();
+  // local pid → peers watching it; sent a Down on death
+  freshWindowMs = 3e5;
+  // ±5 min: cross-node clock-skew tolerance for replay freshness
+  nonces = new NonceGuard(this.freshWindowMs);
+  /* scheduler state */
+  runQueue = [];
+  // the ready set; dispatch picks the best (priority → EDF → FIFO)
+  qHead = 0;
+  // consumed-prefix index → O(1) dequeue on the common FIFO path
+  special = 0;
+  // # enqueued procs with priority≠0 or a deadline; 0 ⇒ pure FIFO
+  enqSeq = 0;
+  current = null;
+  shutdownFlag = false;
+  exitWaiters = /* @__PURE__ */ new Map();
+  // kernel-level waitExit (test/orchestration); resolves raw promises
+  exitHooks = /* @__PURE__ */ new Map();
+  // in-process waitpid wakers (fire inside terminate, then re-dispatch the waiter)
+  reaped = /* @__PURE__ */ new Map();
+  // recently-dead → reason, so waitpid AFTER death still returns it (bounded)
+  registry = /* @__PURE__ */ new Map();
+  // service name → owning pid (name service); entries cleared when the owner dies
+  initPid = null;
+  // pid 1 — orphans reparent here when their parent dies
+  constructor(cfg = {}) {
+    this.clock = cfg.clock ?? new RealClock();
+    this.store = cfg.store;
+    this.mode = cfg.mode ?? "live";
+    const sink = (e) => {
+      cfg.logSink?.(e);
+      if (this.mode !== "recover") this.store?.append({ kind: "event", data: e });
+    };
+    this.log = new EventLog(cfg.logCap, sink, () => this.clock.now());
+    this.onLog = cfg.onLog;
+    this.pager = cfg.pager ?? new DefaultPager();
+    this.journal = cfg.journal ?? new Journal();
+    this.mkRecaller = cfg.recaller ?? (() => new Bm25Recaller());
+    this.transportKey = cfg.transportKey;
+    this.nodeId = cfg.nodeId ?? "";
+  }
+  /** The I/O journal (record mode populates it; persist via journal.toJSON()). */
+  get io() {
+    return this.journal;
+  }
+  /** Run a driver op through record/replay: replay returns the journaled result; record logs the live one. */
+  async journaled(pcb, live) {
+    const op = pcb.op++;
+    if (this.mode === "replay" || this.mode === "recover" && !pcb.recovered) {
+      const r = this.journal.get(pcb.pid, op);
+      if (r) {
+        if ("error" in r) throw new KernelError(r.error);
+        return r;
+      }
+      if (this.mode === "replay") throw new KernelError(`replay: no journal entry for ${pcb.pid}:${op}`);
+      pcb.recovered = true;
+    }
+    let res, caught, threw = false;
+    try {
+      res = await live();
+    } catch (e) {
+      caught = e;
+      threw = true;
+    }
+    if (this.mode === "record" || this.mode === "recover") {
+      const entry = threw ? { error: caught instanceof Error ? caught.message : String(caught) } : res;
+      this.journal.record(pcb.pid, op, entry);
+      this.store?.append({ kind: "io", data: { pid: pcb.pid, op, result: entry } });
+    }
+    if (threw) throw caught;
+    return res;
+  }
+  /* ════════════════════════════════════════════════════════════
+   * Public: boot / drivers / introspection
+   * ════════════════════════════════════════════════════════════ */
+  /** Register a driver (LLM, tools, KV, gateway, WASM, worker) so the kernel
+   *  can hand its device capabilities to processes at boot/grant time. */
+  registerDriver(driver) {
+    this.drivers.set(driver.name, driver);
+  }
+  /** Crash recovery: build a kernel that REPLAYS persisted driver I/O from a store. Re-running the
+   *  same images reproduces the original run exactly — every read/write returns its journaled result,
+   *  so no live driver is touched. The event-sourcing log IS the recovery mechanism. */
+  static replayFrom(store, cfg = {}) {
+    return new _Kernel({ ...cfg, mode: "replay", journal: journalFromStore(store.load()) });
+  }
+  /** Partial crash recovery: REPLAY the persisted prefix (no live I/O), then — when a process runs past the
+   *  point the journal reaches (the original run crashed mid-flight) — RESUME it live, appending the new ops to
+   *  the same store. Unlike replayFrom (strict reproduce; aborts on a missing op), this lets a long-running run
+   *  pick up where it died. Keeps the store so the resumed tail is durable and a second crash is recoverable too. */
+  static recoverFrom(store, cfg = {}) {
+    return new _Kernel({ ...cfg, mode: "recover", journal: journalFromStore(store.load()), store });
+  }
+  /** Boot the system: create pid 1 (init) with the given image, optional root
+   *  quota, and a set of driver names it may open. Init receives a `BootGrant`
+   *  as its first message, carrying a `spawn` cap and `devices` record. */
+  async boot(init, opts = {}) {
+    this.log.emit({ t: "boot" });
+    const pid = this.proc.alloc();
+    this.initPid = pid;
+    const acct = new Account(opts.quota, () => this.clock.now());
+    const pcb = makePCB(pid, null, init, opts.args, acct, new Context(acct.mem, this.pager, this.mkRecaller()));
+    this.proc.add(pcb);
+    const spawn = this.caps.mint(pid, { kind: "spawn" }, ["spawn"]);
+    const devices = {};
+    for (const name of opts.grant ?? []) {
+      if (!this.drivers.has(name)) throw new KernelError(`boot: no such driver "${name}"`);
+      devices[name] = this.caps.mint(pid, { kind: "device", driver: drv(name) }, ["open"]);
+    }
+    pcb.mailbox.push({ id: newMsgId(), from: pid, to: pid, body: { $: "boot", spawn, devices }, caps: [] });
+    this.log.emit({ t: "spawn", pid, parent: null, name: pcb.name });
+    this.makeRunnable(pcb);
+    return pid;
+  }
+  /** Resolve when a process terminates (test/orchestration helper). */
+  waitExit(pid) {
+    const dead = this.proc.get(pid);
+    if (!dead) return Promise.resolve({ kind: "normal" });
+    return new Promise((res) => {
+      const arr = this.exitWaiters.get(pid) ?? [];
+      arr.push(res);
+      this.exitWaiters.set(pid, arr);
+    });
+  }
+  /** Query a snapshot of live processes: pid, name, status, mailbox depth,
+   *  remaining budget, usage, and memory stats — the userland `ps` analogue. */
+  ps() {
+    return [...this.proc.all()].map((p) => ({
+      pid: p.pid,
+      name: p.name,
+      parent: p.parent,
+      status: p.status,
+      stopped: p.stopped,
+      mailbox: p.mailbox.len,
+      budget: p.account.remaining(),
+      used: p.account.usage(),
+      mem: p.context.stats()
+    }));
+  }
+  /** Tail the last N stamped events from the kernel event log (audit trail). */
+  trace(n = 50) {
+    return this.log.tail(n);
+  }
+  /** Monitoring snapshot: live process count + running aggregates over the whole event history. */
+  metrics() {
+    const s = this.log.stats();
+    return {
+      processes: this.proc.count,
+      events: this.log.count,
+      spawns: s.byType["spawn"] ?? 0,
+      exits: s.byType["exit"] ?? 0,
+      sends: s.byType["send"] ?? 0,
+      scheds: s.byType["sched"] ?? 0,
+      faults: s.byType["fault"] ?? 0,
+      exitsByReason: s.exitsByReason,
+      charged: s.charged
+    };
+  }
+  /** Prometheus text-exposition of the same counters — scrape it straight into a TSDB. */
+  metricsText() {
+    const m = this.metrics();
+    const out = [];
+    const line = (name, v, labels = "") => out.push(`agentos_${name}${labels} ${v}`);
+    line("processes", m.processes);
+    line("events_total", m.events);
+    line("spawns_total", m.spawns);
+    line("exits_total", m.exits);
+    line("sends_total", m.sends);
+    line("scheds_total", m.scheds);
+    line("faults_total", m.faults);
+    for (const [k, v] of Object.entries(m.exitsByReason)) line("exits_total", v, `{reason="${k}"}`);
+    for (const [k, v] of Object.entries(m.charged)) line("charged_total", v, `{meter="${k}"}`);
+    return out.join("\n") + "\n";
+  }
+  /** Inspect the resident context (working set) of a live process — the
+   *  segments currently visible to its LLM. For observability / debugging. */
+  inspect(pid) {
+    return this.req(pid).context.workingSet();
+  }
+  /** Transport ingress: inject a message into a local process from OUTSIDE the kernel
+   *  (a gateway/transport bridging another node). Returns false if no such live process. */
+  deliverExternal(pid, body) {
+    const p = this.proc.get(pid);
+    if (!p || p.status === "dead") return false;
+    const lim = p.account.maxMailbox;
+    if (lim !== void 0 && p.mailbox.len >= lim) {
+      this.log.emit({ t: "fault", pid, error: "ingress: mailbox full \u2014 dropped" });
+      return false;
+    }
+    this.deliver(p, { id: newMsgId(), from: 0, to: pid, body, caps: [] });
+    return true;
+  }
+  /** Register a route to a peer node: `send` will egress envelopes addressed to it (a dialTcp.send, or any
+   *  sink for tests). The matching transportKey must be shared with the peer, whose ingress() verifies them. */
+  connect(node, egress) {
+    this.peers.set(node, egress);
+  }
+  /** Publish an image that PEER nodes may spawn by name (a ProcessImage holds closures → it can't cross the
+   *  wire; the host already has it, so remote spawn is "spawn the image you registered as N"). `grant` lists
+   *  the driver devices the spawned process may open. */
+  registerImage(name, image, grant) {
+    this.images.set(name, { image, grant });
+  }
+  /** Egress a Down to a peer node's watcher pid (a normal data envelope; ingress delivers it to the mailbox). */
+  sendDown(node, watcher, deadPid, reason) {
+    const e = this.peers.get(node);
+    if (e && this.transportKey) e(seal(this.transportKey, watcher, { $: "down", pid: deadPid, node: this.nodeId, reason }, `${this.nodeId}.${this.egressSeq++}`, this.clock.now()));
+  }
+  /** Control-channel envelope (addressed to pid 0): a remote-spawn request/reply, or a remote-monitor request. */
+  handleControl(body) {
+    const m = body;
+    if (m.$ === "mon-req") {
+      const tp = this.proc.get(m.target);
+      if (!tp || tp.status === "dead") this.sendDown(m.from, m.watcher, m.target, this.reaped.get(m.target) ?? tp?.exitReason ?? { kind: "normal" });
+      else {
+        const arr = this.remoteMonitors.get(m.target) ?? [];
+        arr.push({ node: m.from, watcher: m.watcher });
+        this.remoteMonitors.set(m.target, arr);
+      }
+      return true;
+    }
+    if (m.$ === "spawn-req") {
+      const reply = (r) => {
+        const e = this.peers.get(m.from);
+        if (e && this.transportKey) e(seal(this.transportKey, 0, { $: "spawn-rep", corr: m.corr, ...r }, `${this.nodeId}.${this.egressSeq++}`, this.clock.now()));
+      };
+      const entry = this.images.get(m.name);
+      if (!entry) {
+        reply({ error: `no image "${m.name}"` });
+        return false;
+      }
+      reply({ pid: this.hostRemote(entry, m.args, m.from, m.reply) });
+      return true;
+    }
+    if (m.$ === "spawn-rep") {
+      this.pendingSpawns.get(m.corr)?.({ pid: m.pid, error: m.error });
+      return true;
+    }
+    return false;
+  }
+  /** Spawn a peer-requested image locally, granting it a spawn cap, its allowed devices, and a `reply` proxy
+   *  cap back to the requester (so the two can talk). Orphans reparent to init like any process. */
+  hostRemote(entry, args, fromNode, replyPid) {
+    const pid = this.proc.alloc();
+    const acct = new Account({}, () => this.clock.now());
+    const pcb = makePCB(pid, this.initPid, entry.image, args, acct, new Context(acct.mem, this.pager, this.mkRecaller()));
+    this.proc.add(pcb);
+    const spawn = this.caps.mint(pid, { kind: "spawn" }, ["spawn"]);
+    const devices = {};
+    for (const n of entry.grant ?? []) if (this.drivers.has(n)) devices[n] = this.caps.mint(pid, { kind: "device", driver: drv(n) }, ["open"]);
+    const reply = this.caps.mint(pid, { kind: "remote", node: fromNode, pid: replyPid }, ["send"]);
+    pcb.mailbox.push({ id: newMsgId(), from: pid, to: pid, body: { $: "boot", spawn, devices, reply }, caps: [] });
+    this.log.emit({ t: "spawn", pid, parent: this.initPid, name: pcb.name });
+    this.makeRunnable(pcb);
+    return pid;
+  }
+  /** AUTHENTICATED transport ingress: the trust boundary for messages off the wire.
+   *  Verifies the HMAC (constant-time) and rejects replays before anything reaches a
+   *  process; a bad MAC, a reused nonce, or a dead target are all dropped (→ false).
+   *  Capabilities never cross — a verified sender can address a pid, not forge authority. */
+  ingress(env) {
+    if (!this.transportKey) throw new KernelError("ingress: no transportKey configured");
+    if (!verify(this.transportKey, env)) {
+      this.log.emit({ t: "fault", pid: 0, error: "transport: bad MAC (forged/tampered) \u2014 dropped" });
+      return false;
+    }
+    const now = this.clock.now();
+    if (typeof env.ts !== "number" || !Number.isFinite(env.ts) || Math.abs(now - env.ts) > this.freshWindowMs) {
+      this.log.emit({ t: "fault", pid: 0, error: "transport: stale/future envelope \u2014 dropped" });
+      return false;
+    }
+    if (!this.nonces.admit(env.nonce, now)) {
+      this.log.emit({ t: "fault", pid: 0, error: "transport: replayed nonce \u2014 dropped" });
+      return false;
+    }
+    if (env.to === 0) return this.handleControl(env.body);
+    return this.deliverExternal(env.to, env.body);
+  }
+  /**
+   * Snapshot a process's DURABLE state (context + mailbox + budget + sched).
+   * The JS execution stack is not serializable, so restore resumes by re-running
+   * the image against the restored state — sound for context-driven agents whose
+   * state IS their context. Capabilities are kernel-local authority and are NOT
+   * captured; the restorer re-grants them.
+   */
+  snapshot(pid) {
+    const p = this.req(pid);
+    return {
+      abi: ABI_VERSION,
+      image: p.name,
+      args: p.args,
+      priority: p.priority,
+      deadline: p.deadline === null ? null : Math.max(0, p.deadline - this.clock.now()),
+      // remaining ms
+      stopped: p.stopped,
+      account: p.account.remaining(),
+      mailbox: p.mailbox.drain().map((m) => ({ ...m, caps: [] })),
+      // drop kernel-local caps
+      context: p.context.dump()
+    };
+  }
+  /** Restore a snapshot into THIS kernel as a fresh process running `image`. */
+  async restore(snap, image, opts = {}) {
+    if (snap.abi !== ABI_VERSION) throw new KernelError(`restore: ABI mismatch (snapshot v${snap.abi}, kernel v${ABI_VERSION})`);
+    const pid = this.proc.alloc();
+    const acct = new Account(snap.account, () => this.clock.now());
+    const ctx = await Context.from(acct.mem, this.pager, snap.context, this.mkRecaller());
+    const pcb = makePCB(pid, opts.parent ?? null, image, snap.args, acct, ctx);
+    pcb.priority = snap.priority;
+    pcb.stopped = snap.stopped ?? false;
+    for (const m of snap.mailbox) pcb.mailbox.push({ ...m, to: pid });
+    this.proc.add(pcb);
+    if (snap.deadline !== null) this.armDeadline(pcb, snap.deadline);
+    this.log.emit({ t: "spawn", pid, parent: pcb.parent, name: pcb.name });
+    this.makeRunnable(pcb);
+    return pid;
+  }
+  /** Graceful system shutdown: kill every live process with the given reason
+   *  (default 'shutdown'), flush the event log, and stop scheduling. */
+  async shutdown(reason = { kind: "shutdown" }) {
+    this.shutdownFlag = true;
+    for (const p of [...this.proc.all()]) this.terminate(p.pid, reason);
+    this.log.emit({ t: "shutdown", reason: reason.kind });
+  }
+  /* ════════════════════════════════════════════════════════════
+   * Scheduler (reductions + run queue)
+   * ════════════════════════════════════════════════════════════ */
+  enqueue(pcb) {
+    pcb.enq = ++this.enqSeq;
+    if (pcb.priority !== 0 || pcb.deadline !== null) this.special++;
+    this.runQueue.push(pcb.pid);
+  }
+  makeRunnable(pcb) {
+    if (pcb.status === "dead" || pcb.status === "running" || pcb.stopped) return;
+    pcb.status = "runnable";
+    this.enqueue(pcb);
+    this.dispatch();
+  }
+  /** SIGSTOP — pause a process: it stays alive but is never dispatched until resumed. Descheduled now if
+   *  running; dropped from the ready queue if runnable (re-enqueued on resume); a parked recv just stays parked. */
+  suspendProc(pid) {
+    const pcb = this.proc.get(pid);
+    if (!pcb || pcb.status === "dead" || pcb.stopped) return;
+    pcb.stopped = true;
+    if (this.current === pid) this.current = null;
+    this.log.emit({ t: "signal", pid, sig: "stop" });
+    this.dispatch();
+  }
+  /** SIGCONT — resume a stopped process. Safe even if it has nothing to do: a parked recv re-parks on an
+   *  empty mailbox, so a spurious wake is a no-op. */
+  resumeProc(pid) {
+    const pcb = this.proc.get(pid);
+    if (!pcb || !pcb.stopped) return;
+    pcb.stopped = false;
+    this.log.emit({ t: "signal", pid, sig: "cont" });
+    this.makeRunnable(pcb);
+  }
+  /** SIGTERM — a graceful, CATCHABLE stop request: deliver a `{ $: 'term' }` message the process can
+   *  handle in its recv loop (clean up, then exit). Unlike kill/signal it never force-terminates; the
+   *  handler IS the recv loop. (A stopped target gets it queued; it's seen on resume.) */
+  termProc(pid, from) {
+    const pcb = this.proc.get(pid);
+    if (!pcb || pcb.status === "dead") return;
+    this.log.emit({ t: "signal", pid, sig: "term" });
+    this.deliver(pcb, { id: newMsgId(), from, to: pid, body: { $: "term", from }, caps: [] });
+  }
+  /** Pick the highest-priority runnable; ties broken by earliest deadline (EDF), then FIFO.
+   *  Fast path (no priority/deadline in play): a plain FIFO dequeue, O(1) amortized — the
+   *  general scan is taken only while a special process is queued. Both yield identical order. */
+  pickNext() {
+    const q = this.runQueue;
+    if (this.special === 0) {
+      while (this.qHead < q.length) {
+        const pcb = this.proc.get(q[this.qHead++]);
+        if (!pcb || pcb.status === "dead" || pcb.stopped) continue;
+        if (this.qHead > 64 && this.qHead * 2 >= q.length) {
+          this.runQueue = q.slice(this.qHead);
+          this.qHead = 0;
+        }
+        return pcb;
+      }
+      this.runQueue = [];
+      this.qHead = 0;
+      return void 0;
+    }
+    let best;
+    const live = [];
+    let spec = 0;
+    for (let i = this.qHead; i < q.length; i++) {
+      const pcb = this.proc.get(q[i]);
+      if (!pcb || pcb.status === "dead" || pcb.stopped) continue;
+      live.push(pcb);
+      if (pcb.priority !== 0 || pcb.deadline !== null) spec++;
+      if (!best || this.higher(pcb, best)) best = pcb;
+    }
+    const next = [];
+    for (const pc of live) {
+      if (pc === best) {
+        pc.age = 0;
+        if (pc.priority !== 0 || pc.deadline !== null) spec--;
+        continue;
+      }
+      pc.age++;
+      next.push(pc.pid);
+    }
+    this.runQueue = next;
+    this.qHead = 0;
+    this.special = spec;
+    return best;
+  }
+  higher(a, b) {
+    const ea = a.priority + ageBoost(a.age), eb = b.priority + ageBoost(b.age);
+    if (ea !== eb) return ea > eb;
+    const da = a.deadline ?? Infinity, db = b.deadline ?? Infinity;
+    if (da !== db) return da < db;
+    return a.enq < b.enq;
+  }
+  dispatch() {
+    if (this.current !== null || this.shutdownFlag) return;
+    const pcb = this.pickNext();
+    if (!pcb) {
+      this.clock.advance();
+      return;
+    }
+    this.current = pcb.pid;
+    pcb.status = "running";
+    pcb.reductions = QUANTUM;
+    this.log.emit({ t: "sched", pid: pcb.pid });
+    const cont = pcb.cont;
+    if (cont) {
+      pcb.cont = null;
+      cont();
+    } else this.startMain(pcb);
+  }
+  /** Arm (or re-arm) a deadline: kill the process if it hasn't finished by then. */
+  armDeadline(pcb, ms) {
+    if (pcb.deadlineTimer) this.clock.cancel(pcb.deadlineTimer);
+    pcb.deadline = this.clock.now() + Math.max(0, ms);
+    pcb.deadlineTimer = this.clock.after(ms, () => {
+      pcb.deadlineTimer = null;
+      if (pcb.status !== "dead") this.terminate(pcb.pid, { kind: "deadline" });
+    });
+  }
+  /** Await an external promise (driver I/O) WITHOUT holding the CPU: the process parks so other
+   *  processes run meanwhile; it's rescheduled when the promise settles. Enables true concurrency
+   *  during I/O (e.g. a worker-thread offload runs in parallel while the kernel keeps scheduling). */
+  /** The single blocking primitive: park the running process (status→waiting, yield the CPU) until its
+   *  `cont` is fired by a wake. recv, send-backpressure and parkOn all build their wait loops on this. */
+  block(pcb) {
+    pcb.status = "waiting";
+    if (this.current === pcb.pid) this.current = null;
+    return new Promise((res) => {
+      pcb.cont = res;
+      this.dispatch();
+    });
+  }
+  parkOn(pcb, promise) {
+    let done = false, ok = false;
+    let value;
+    let error;
+    promise.then((v) => {
+      value = v;
+      ok = true;
+      done = true;
+      this.makeRunnable(pcb);
+    }, (e) => {
+      error = e;
+      done = true;
+      this.makeRunnable(pcb);
+    });
+    return (async () => {
+      while (!done) await this.block(pcb);
+      if (ok) return value;
+      throw error;
+    })();
+  }
+  /** Park the running process and hand control to the scheduler (re-enters the ready set). */
+  reschedule(pcb) {
+    pcb.status = "runnable";
+    this.enqueue(pcb);
+    if (this.current === pcb.pid) this.current = null;
+    const p = new Promise((res) => {
+      pcb.cont = res;
+    });
+    this.dispatch();
+    return p;
+  }
+  /** End-of-syscall fairness point: charge reductions; yield if the quantum is spent. */
+  tick(pcb, cost) {
+    pcb.reductions -= cost;
+    if (pcb.reductions > 0) return Promise.resolve();
+    return this.reschedule(pcb);
+  }
+  runCleanups(pcb) {
+    while (pcb.cleanups.length) {
+      const fn = pcb.cleanups.pop();
+      try {
+        fn();
+      } catch {
+      }
+    }
+  }
+  startMain(pcb) {
+    const sys = this.sysFor(pcb.pid);
+    pcb.image.main(sys, pcb.args).then(
+      () => this.terminate(pcb.pid, { kind: "normal" }),
+      (e) => {
+        if (e instanceof ExitSignal) this.terminate(pcb.pid, e.reason);
+        else if (e instanceof QuotaExceeded) this.terminate(pcb.pid, { kind: "quota", resource: e.resource });
+        else this.terminate(pcb.pid, { kind: "fault", error: e instanceof Error ? e.message : String(e) });
+      }
+    );
+  }
+  /* ════════════════════════════════════════════════════════════
+   * IPC + termination
+   * ════════════════════════════════════════════════════════════ */
+  deliver(pcb, msg) {
+    for (const c of msg.caps) this.caps.transfer(c, pcb.pid);
+    pcb.mailbox.push(msg);
+    this.log.emit({ t: "send", from: msg.from, to: pcb.pid });
+    if (pcb.status === "waiting") this.makeRunnable(pcb);
+  }
+  terminate(pid, reason) {
+    const pcb = this.proc.get(pid);
+    if (!pcb || pcb.status === "dead") return;
+    pcb.status = "dead";
+    pcb.exitReason = reason;
+    pcb.account.release();
+    if (pcb.timer) {
+      this.clock.cancel(pcb.timer);
+      pcb.timer = null;
+    }
+    if (pcb.deadlineTimer) {
+      this.clock.cancel(pcb.deadlineTimer);
+      pcb.deadlineTimer = null;
+    }
+    if (this.current === pid) this.current = null;
+    this.runCleanups(pcb);
+    for (const h of pcb.handles.values()) h.close?.().catch(() => {
+    });
+    this.caps.revokeOwnedBy(pid);
+    for (const [n, p] of this.registry) if (p === pid) this.registry.delete(n);
+    this.log.emit({ t: "exit", pid, reason });
+    if (reason.kind === "fault") this.log.emit({ t: "fault", pid, error: reason.error });
+    for (const w of /* @__PURE__ */ new Set([...pcb.links, ...pcb.monitors])) {
+      const wp = this.proc.get(w);
+      if (wp && wp.status !== "dead") {
+        this.deliver(wp, { id: newMsgId(), from: pid, to: w, body: { $: "down", pid, reason }, caps: [] });
+      }
+    }
+    const rms = this.remoteMonitors.get(pid);
+    if (rms) {
+      this.remoteMonitors.delete(pid);
+      for (const rm of rms) this.sendDown(rm.node, rm.watcher, pid, reason);
+    }
+    if (this.initPid !== null && pid !== this.initPid) {
+      for (const c of this.proc.all()) if (c.parent === pid && c.status !== "dead") c.parent = this.initPid;
+    }
+    this.reaped.set(pid, reason);
+    if (this.reaped.size > 1024) this.reaped.delete(this.reaped.keys().next().value);
+    const waiters = this.exitWaiters.get(pid);
+    if (waiters) {
+      this.exitWaiters.delete(pid);
+      for (const r of waiters) r(reason);
+    }
+    const hooks = this.exitHooks.get(pid);
+    if (hooks) {
+      this.exitHooks.delete(pid);
+      for (const h of hooks) h(reason);
+    }
+    this.proc.remove(pid);
+    while (pcb.mailboxWaiters.length) pcb.mailboxWaiters.shift()();
+    this.dispatch();
+  }
+  chargeDriver(pcb, cost) {
+    if (!cost) return;
+    const charge = (m, n) => {
+      if (n) {
+        pcb.account.charge(m, n);
+        this.log.emit({ t: "charge", pid: pcb.pid, meter: m, n });
+      }
+    };
+    charge("tokens", cost.tokens);
+    charge("toolCalls", cost.toolCalls);
+    charge("usd", cost.usd);
+  }
+  req(pid) {
+    const p = this.proc.get(pid);
+    if (!p) throw new KernelError(`no such process ${pid}`);
+    return p;
+  }
+  /* ════════════════════════════════════════════════════════════
+   * The syscall surface — built per process, closes over its pid.
+   * ════════════════════════════════════════════════════════════ */
+  sysFor(pid) {
+    const k = this;
+    return {
+      self: () => pid,
+      selfCap: () => k.caps.mint(pid, { kind: "process", pid }, ["send", "monitor"]),
+      // send + monitor: holders can reach you AND learn when you die (liveness; no kill)
+      /* ── Service registry (name → process discovery; first-come, ambient — a name grants no authority,
+       *    only a SEND-cap to whoever holds it; the service itself decides whether to trust a message) ── */
+      register(name) {
+        const cur = k.registry.get(name);
+        if (cur !== void 0 && cur !== pid && k.proc.get(cur)?.status !== "dead") throw new CapError(`register: name "${name}" already in use`);
+        k.registry.set(name, pid);
+      },
+      unregister(name) {
+        if (k.registry.get(name) === pid) k.registry.delete(name);
+      },
+      async lookup(name) {
+        await k.tick(k.req(pid), 1);
+        const sp = k.registry.get(name);
+        const tp = sp !== void 0 ? k.proc.get(sp) : void 0;
+        if (sp === void 0 || !tp || tp.status === "dead") {
+          if (sp !== void 0) k.registry.delete(name);
+          return void 0;
+        }
+        return k.caps.mint(pid, { kind: "process", pid: sp }, ["send"]);
+      },
+      dial: (node, rpid) => k.caps.mint(pid, { kind: "remote", node, pid: rpid }, ["send", "monitor"]),
+      // proxy to (node, rpid): send egresses, monitor watches its death across the wire
+      async spawnRemote(node, name, args) {
+        const pcb = k.req(pid);
+        if (!k.transportKey) throw new KernelError("spawnRemote: requires a transportKey");
+        const egress = k.peers.get(node);
+        if (!egress) throw new CapError(`spawnRemote: no route to node "${node}"`);
+        const corr = `${k.nodeId}.s${k.egressSeq++}`;
+        const reply = new Promise((res) => k.pendingSpawns.set(corr, res));
+        egress(seal(k.transportKey, 0, { $: "spawn-req", from: k.nodeId, reply: pid, name, args, corr }, `${k.nodeId}.${k.egressSeq++}`, k.clock.now()));
+        const r = await k.parkOn(pcb, reply);
+        k.pendingSpawns.delete(corr);
+        if (r.error || r.pid === void 0) throw new KernelError(`spawnRemote: ${r.error ?? "no pid returned"}`);
+        return k.caps.mint(pid, { kind: "remote", node, pid: r.pid }, ["send", "monitor"]);
+      },
+      async recv() {
+        const pcb = k.req(pid);
+        while (pcb.mailbox.len === 0) await k.block(pcb);
+        const msg = pcb.mailbox.shift();
+        if (pcb.mailboxWaiters.length) pcb.mailboxWaiters.shift()();
+        k.log.emit({ t: "recv", pid });
+        await k.tick(pcb, 1);
+        return msg;
+      },
+      async send(target, body, opts) {
+        const pcb = k.req(pid);
+        pcb.account.checkWall();
+        const cap = k.caps.require(pid, target, "send");
+        if (cap.resource.kind === "remote") {
+          if (opts?.caps?.length) throw new CapError("send: capabilities cannot cross the wire");
+          const egress = k.peers.get(cap.resource.node);
+          if (!egress) throw new CapError(`send: no route to node "${cap.resource.node}"`);
+          if (!k.transportKey) throw new KernelError("send: remote send requires a transportKey");
+          const env = seal(k.transportKey, cap.resource.pid, body, `${k.nodeId}.${k.egressSeq++}`, k.clock.now());
+          await k.tick(pcb, 1);
+          if (!egress(env)) throw new KernelError(`send: remote egress to "${cap.resource.node}" refused (peer down or backlogged)`);
+          return;
+        }
+        if (cap.resource.kind !== "process") throw new CapError("send: capability is not a process");
+        const caps = opts?.caps ?? [];
+        for (const c of caps) {
+          const cc = k.caps.lookup(c);
+          if (!cc || cc.owner !== pid) throw new CapError("send: delegated cap not owned by caller");
+        }
+        const tpid = cap.resource.pid;
+        const lim = k.proc.get(tpid)?.account.maxMailbox;
+        let t = k.proc.get(tpid);
+        while (lim !== void 0 && t && t.mailbox.len >= lim) {
+          t.mailboxWaiters.push(() => k.makeRunnable(pcb));
+          await k.block(pcb);
+          t = k.proc.get(tpid);
+        }
+        const dst = k.proc.get(tpid);
+        if (dst && dst.status !== "dead") k.deliver(dst, { id: newMsgId(), from: pid, to: dst.pid, body, caps, corr: opts?.corr, deadline: opts?.deadline });
+        await k.tick(pcb, 1);
+      },
+      async spawn(image, opts) {
+        const parent = k.req(pid);
+        if (!k.caps.ownsKind(pid, "spawn")) throw new CapError("spawn: caller holds no spawn capability");
+        const acct = parent.account.child(opts?.quota ?? {});
+        const cpid = k.proc.alloc();
+        const child = makePCB(cpid, pid, image, opts?.args, acct, new Context(acct.mem, k.pager, k.mkRecaller()));
+        k.proc.add(child);
+        for (const c of opts?.caps ?? []) {
+          const cc = k.caps.lookup(c);
+          if (!cc || cc.owner !== pid) throw new CapError("spawn: cap not owned by caller");
+          k.caps.transfer(c, cpid);
+        }
+        const cap = k.caps.mint(pid, { kind: "process", pid: cpid }, ["send", "monitor", "kill"]);
+        if (opts?.link) {
+          parent.links.add(cpid);
+          child.links.add(pid);
+        }
+        child.priority = opts?.priority ?? 0;
+        if (opts?.deadline !== void 0) k.armDeadline(child, opts.deadline);
+        k.log.emit({ t: "spawn", pid: cpid, parent: pid, name: child.name });
+        k.makeRunnable(child);
+        await k.tick(parent, 5);
+        return { pid: cpid, cap };
+      },
+      async exit(reason) {
+        throw new ExitSignal(reason ?? { kind: "normal" });
+      },
+      derive(cap, rights) {
+        return k.caps.derive(pid, cap, rights);
+      },
+      attenuate(cap, opts) {
+        const caveats = opts.expiresInMs !== void 0 ? [{ kind: "expires", at: k.clock.now() + Math.max(0, opts.expiresInMs) }] : [];
+        return k.caps.attenuate(pid, cap, opts.rights, caveats);
+      },
+      revoke(cap) {
+        const c = k.caps.lookup(cap);
+        if (c && c.owner === pid) k.caps.revoke(cap);
+      },
+      async open(device) {
+        const pcb = k.req(pid);
+        const cap = k.caps.require(pid, device, "open");
+        if (cap.resource.kind !== "device") throw new CapError("open: capability is not a device");
+        const driver = k.drivers.get(cap.resource.driver);
+        if (!driver) throw new KernelError(`open: no such driver "${cap.resource.driver}"`);
+        const handle = await driver.open(pid);
+        const hcap = k.caps.mint(pid, cap.resource, ["read", "write"]);
+        pcb.handles.set(hcap, handle);
+        await k.tick(pcb, 2);
+        return hcap;
+      },
+      async read(handle, request) {
+        const pcb = k.req(pid);
+        pcb.account.checkWall();
+        k.caps.require(pid, handle, "read");
+        const h = pcb.handles.get(handle);
+        if (!h?.read) throw new KernelError("handle is not readable");
+        const res = await k.parkOn(pcb, k.journaled(pcb, () => h.read(request)));
+        k.chargeDriver(pcb, res.cost);
+        await k.tick(pcb, res.cost?.reductions ?? 1);
+        return res.value;
+      },
+      async readAll(handle, reqs) {
+        const pcb = k.req(pid);
+        pcb.account.checkWall();
+        k.caps.require(pid, handle, "read");
+        const h = pcb.handles.get(handle);
+        if (!h?.read) throw new KernelError("handle is not readable");
+        const settled = await k.parkOn(pcb, Promise.all(reqs.map((r) => k.journaled(pcb, () => h.read(r)))));
+        let red = 0;
+        for (const res of settled) {
+          k.chargeDriver(pcb, res.cost);
+          red += res.cost?.reductions ?? 1;
+        }
+        await k.tick(pcb, red || 1);
+        return settled.map((res) => res.value);
+      },
+      async write(handle, data) {
+        const pcb = k.req(pid);
+        pcb.account.checkWall();
+        k.caps.require(pid, handle, "write");
+        const h = pcb.handles.get(handle);
+        if (!h?.write) throw new KernelError("handle is not writable");
+        const res = await k.parkOn(pcb, k.journaled(pcb, () => h.write(data)));
+        k.chargeDriver(pcb, res.cost);
+        await k.tick(pcb, res.cost?.reductions ?? 1);
+      },
+      async monitor(target) {
+        const pcb = k.req(pid);
+        const cap = k.caps.require(pid, target, "monitor");
+        if (cap.resource.kind === "remote") {
+          if (!k.transportKey) throw new KernelError("monitor: remote monitor requires a transportKey");
+          const egress = k.peers.get(cap.resource.node);
+          if (!egress) throw new CapError(`monitor: no route to node "${cap.resource.node}"`);
+          egress(seal(k.transportKey, 0, { $: "mon-req", from: k.nodeId, watcher: pid, target: cap.resource.pid }, `${k.nodeId}.${k.egressSeq++}`, k.clock.now()));
+          await k.tick(pcb, 1);
+          return;
+        }
+        if (cap.resource.kind !== "process") throw new CapError("monitor: capability is not a process");
+        const tp = k.proc.get(cap.resource.pid);
+        if (!tp || tp.status === "dead") {
+          k.deliver(pcb, { id: newMsgId(), from: cap.resource.pid, to: pid, body: { $: "down", pid: cap.resource.pid, reason: tp?.exitReason ?? { kind: "normal" } }, caps: [] });
+        } else tp.monitors.add(pid);
+        await k.tick(pcb, 1);
+      },
+      async waitpid(target) {
+        const pcb = k.req(pid);
+        const cap = k.caps.require(pid, target, "monitor");
+        if (cap.resource.kind !== "process") throw new CapError("waitpid: capability is not a process");
+        const tpid = cap.resource.pid;
+        const tp = k.proc.get(tpid);
+        if (!tp || tp.status === "dead") {
+          await k.tick(pcb, 1);
+          return k.reaped.get(tpid) ?? tp?.exitReason ?? { kind: "normal" };
+        }
+        let reason = { kind: "normal" };
+        let fired = false;
+        const arr = k.exitHooks.get(tpid) ?? [];
+        arr.push((r) => {
+          reason = r;
+          fired = true;
+          k.makeRunnable(pcb);
+        });
+        k.exitHooks.set(tpid, arr);
+        while (!fired) {
+          pcb.status = "waiting";
+          if (k.current === pid) k.current = null;
+          await new Promise((res) => {
+            pcb.cont = res;
+            k.dispatch();
+          });
+        }
+        await k.tick(pcb, 1);
+        return reason;
+      },
+      async signal(target, reason) {
+        const pcb = k.req(pid);
+        const cap = k.caps.require(pid, target, "kill");
+        if (cap.resource.kind !== "process") throw new CapError("signal: capability is not a process");
+        k.terminate(cap.resource.pid, reason ?? { kind: "killed", by: pid });
+        await k.tick(pcb, 1);
+      },
+      async suspend(target) {
+        const pcb = k.req(pid);
+        const cap = k.caps.require(pid, target, "kill");
+        if (cap.resource.kind !== "process") throw new CapError("suspend: capability is not a process");
+        k.suspendProc(cap.resource.pid);
+        await k.tick(pcb, 1);
+      },
+      async resume(target) {
+        const pcb = k.req(pid);
+        const cap = k.caps.require(pid, target, "kill");
+        if (cap.resource.kind !== "process") throw new CapError("resume: capability is not a process");
+        k.resumeProc(cap.resource.pid);
+        await k.tick(pcb, 1);
+      },
+      async term(target) {
+        const pcb = k.req(pid);
+        const cap = k.caps.require(pid, target, "kill");
+        if (cap.resource.kind !== "process") throw new CapError("term: capability is not a process");
+        k.termProc(cap.resource.pid, pid);
+        await k.tick(pcb, 1);
+      },
+      async sleep(ms) {
+        const pcb = k.req(pid);
+        const until = k.clock.now() + ms;
+        for (let left = ms; left > 0; left = until - k.clock.now()) {
+          pcb.timer = k.clock.after(left, () => {
+            pcb.timer = null;
+            k.makeRunnable(pcb);
+          });
+          await k.block(pcb);
+          if (pcb.timer) {
+            k.clock.cancel(pcb.timer);
+            pcb.timer = null;
+          }
+        }
+        await k.tick(pcb, 1);
+      },
+      async yield() {
+        await k.reschedule(k.req(pid));
+      },
+      sched(opts) {
+        const pcb = k.req(pid);
+        if (opts.priority !== void 0) pcb.priority = opts.priority;
+        if (opts.deadline !== void 0) k.armDeadline(pcb, opts.deadline);
+      },
+      async remember(body, o) {
+        const pcb = k.req(pid);
+        const id = await pcb.context.remember(body, o?.tokens ?? estTokens(body), o?.pin ?? false);
+        await k.tick(pcb, 1);
+        return id;
+      },
+      workingSet() {
+        return k.req(pid).context.workingSet();
+      },
+      async recall(query, n = 4) {
+        const pcb = k.req(pid);
+        const out = await pcb.context.recall(query, n);
+        await k.tick(pcb, 2);
+        return out;
+      },
+      forget(id) {
+        k.req(pid).context.forget(id);
+      },
+      pin(id, on = true) {
+        k.req(pid).context.pin(id, on);
+      },
+      budget() {
+        return k.req(pid).account.remaining();
+      },
+      now() {
+        return k.clock.now();
+      },
+      // kernel clock (virtual under VirtualClock) → deterministic userland timing
+      log(level, msg, fields) {
+        k.onLog?.(pid, level, msg, fields);
+      },
+      onCleanup(fn) {
+        k.proc.get(pid)?.cleanups.push(fn);
+      }
+      // run on terminate (kill included) → release external resources a finally can't
+    };
+  }
+};
+
+// src/net/tcp.ts
+import { createServer, connect } from "node:net";
+function serveTcp(onEnvelope, opts = {}) {
+  const maxLine = opts.maxLine ?? 16 * 1024 * 1024;
+  const sockets = /* @__PURE__ */ new Set();
+  const server = createServer((sock) => {
+    sockets.add(sock);
+    sock.on("close", () => sockets.delete(sock));
+    sock.on("error", () => sockets.delete(sock));
+    let buf = "";
+    sock.setEncoding("utf8");
+    sock.on("data", (chunk) => {
+      buf += chunk;
+      let nl;
+      while ((nl = buf.indexOf("\n")) >= 0) {
+        const line = buf.slice(0, nl);
+        buf = buf.slice(nl + 1);
+        if (!line) continue;
+        try {
+          onEnvelope(JSON.parse(line));
+        } catch {
+        }
+      }
+      if (buf.length > maxLine) {
+        buf = "";
+        sock.destroy();
+      }
+    });
+  });
+  return new Promise((resolve, reject) => {
+    server.once("error", reject);
+    server.listen(opts.port ?? 0, opts.host ?? "127.0.0.1", () => {
+      const addr = server.address();
+      const port = typeof addr === "object" && addr ? addr.port : 0;
+      resolve({
+        port,
+        close: () => new Promise((res) => {
+          for (const s of sockets) s.destroy();
+          server.close(() => res());
+        })
+      });
+    });
+  });
+}
+function dialTcp(host, port, opts = {}) {
+  const maxPending = opts.maxPending ?? 1024;
+  const base = opts.backoffMs ?? 100;
+  const maxBackoff = opts.maxBackoffMs ?? 5e3;
+  const pending = [];
+  let sock = null;
+  let ready = false;
+  let closed = false;
+  let attempt = 0;
+  let timer = null;
+  const dial = () => {
+    if (closed) return;
+    const s = connect(port, host);
+    sock = s;
+    s.setEncoding("utf8");
+    s.on("connect", () => {
+      ready = true;
+      attempt = 0;
+      while (pending.length && sock === s) s.write(pending.shift());
+    });
+    const drop = () => {
+      if (sock !== s) return;
+      ready = false;
+      sock = null;
+      if (closed) return;
+      timer = setTimeout(dial, Math.min(maxBackoff, base * 2 ** attempt++));
+      timer.unref?.();
+    };
+    s.on("error", drop);
+    s.on("close", drop);
+  };
+  dial();
+  return {
+    send(env) {
+      if (closed) return false;
+      const line = JSON.stringify(env) + "\n";
+      if (ready && sock) {
+        sock.write(line);
+        return true;
+      }
+      if (pending.length >= maxPending) return false;
+      pending.push(line);
+      return true;
+    },
+    close() {
+      closed = true;
+      ready = false;
+      if (timer) clearTimeout(timer);
+      sock?.destroy();
+      sock = null;
+    }
+  };
+}
+
+// src/userland/supervisor.ts
+function supervisor(spec) {
+  const max = spec.maxRestarts ?? 5;
+  const period = spec.periodMs ?? 5e3;
+  const backoff = spec.backoffMs ?? 100;
+  const backoffMax = spec.maxBackoffMs ?? 3e4;
+  const order = spec.children.map((c) => c.id);
+  const specOf = (id) => spec.children.find((c) => c.id === id);
+  return { name: "supervisor", async main(sys) {
+    const live = /* @__PURE__ */ new Map();
+    const byPid = /* @__PURE__ */ new Map();
+    const ignore = /* @__PURE__ */ new Set();
+    const stamps = [];
+    const startedAt = /* @__PURE__ */ new Map();
+    const flaps = /* @__PURE__ */ new Map();
+    const start = async (id) => {
+      const c = specOf(id);
+      const { pid, cap } = await sys.spawn(c.image, { args: c.args, quota: c.quota, link: true });
+      live.set(id, { pid, cap });
+      byPid.set(pid, id);
+      startedAt.set(id, sys.now());
+      spec.onStart?.(id, pid);
+    };
+    const stop = async (id, reason) => {
+      const e = live.get(id);
+      if (!e) return;
+      ignore.add(e.pid);
+      try {
+        await sys.signal(e.cap, reason);
+      } catch {
+      }
+      live.delete(id);
+      byPid.delete(e.pid);
+    };
+    for (const id of order) await start(id);
+    while (true) {
+      const down = (await sys.recv()).body;
+      if (down.$ !== "down") continue;
+      const id = byPid.get(down.pid);
+      if (id) {
+        byPid.delete(down.pid);
+        live.delete(id);
+      }
+      if (ignore.delete(down.pid) || !id) continue;
+      const kind = specOf(id).restart ?? "permanent";
+      const abnormal = down.reason.kind !== "normal";
+      if (kind === "temporary" || kind === "transient" && !abnormal) continue;
+      const now = sys.now();
+      stamps.push(now);
+      while (stamps.length && now - stamps[0] > period) stamps.shift();
+      if (stamps.length > max) await sys.exit({ kind: "fault", error: "supervisor: restart intensity exceeded" });
+      const up = now - (startedAt.get(id) ?? now);
+      const flap = up >= period ? 0 : flaps.get(id) ?? 0;
+      flaps.set(id, flap + 1);
+      if (flap > 0) await sys.sleep(Math.min(backoff * 2 ** (flap - 1), backoffMax));
+      const restartable = (oid) => (specOf(oid).restart ?? "permanent") !== "temporary";
+      if (spec.strategy === "one_for_one") {
+        await start(id);
+      } else if (spec.strategy === "one_for_all") {
+        for (const other of order) if (other !== id) await stop(other, { kind: "shutdown" });
+        for (const oid of order) if (restartable(oid)) await start(oid);
+      } else {
+        const after = order.slice(order.indexOf(id) + 1);
+        for (const other of after) await stop(other, { kind: "shutdown" });
+        for (const oid of [id, ...after]) if (restartable(oid)) await start(oid);
+      }
+    }
+  } };
+}
+
+// src/userland/nursery.ts
+var reasonStr = (r) => r.kind === "fault" ? r.error : r.kind === "quota" ? `quota:${r.resource}` : r.kind === "killed" ? `killed by ${r.by}` : r.kind;
+function nursery(sys) {
+  const kids = [];
+  let joined = false;
+  const cancel = () => {
+    for (const k of kids) void sys.signal(k.cap, { kind: "shutdown" }).catch(() => {
+    });
+  };
+  sys.onCleanup(cancel);
+  return {
+    async spawn(image, opts) {
+      if (joined) throw new Error("nursery: spawn after join");
+      const { pid, cap } = await sys.spawn(image, opts);
+      kids.push({ name: image.name, pid, cap });
+      return cap;
+    },
+    async join() {
+      if (joined) return;
+      joined = true;
+      for (const k of kids) await sys.monitor(k.cap);
+      const failed = [];
+      let remaining = kids.length;
+      while (remaining > 0) {
+        const m = await sys.recv();
+        if (m.body.$ !== "down") continue;
+        const dead = kids.find((k) => k.pid === m.body.pid);
+        if (!dead) continue;
+        remaining--;
+        if (m.body.reason.kind !== "normal" && failed.length === 0) {
+          failed.push({ name: dead.name, reason: m.body.reason });
+          cancel();
+        }
+      }
+      const f = failed[0];
+      if (f) throw new Error(`nursery: child "${f.name}" exited ${reasonStr(f.reason)} \u2014 scope cancelled`);
+    }
+  };
+}
+
+// src/userland/nameservice.ts
+var nameService = { name: "names", async main(sys) {
+  const reg = /* @__PURE__ */ new Map();
+  const owned = /* @__PURE__ */ new Map();
+  const watched = /* @__PURE__ */ new Set();
+  const drop = (name) => {
+    const e = reg.get(name);
+    if (e) {
+      reg.delete(name);
+      owned.get(e.owner)?.delete(name);
+    }
+  };
+  while (true) {
+    const m = await sys.recv();
+    const b = m.body;
+    if (b.$ === "down") {
+      for (const n of owned.get(b.pid) ?? []) if (reg.get(n)?.owner === b.pid) reg.delete(n);
+      owned.delete(b.pid);
+      watched.delete(b.pid);
+    } else if (b.$ === "register") {
+      const cap = m.caps[0];
+      if (!cap) continue;
+      drop(b.name);
+      reg.set(b.name, { cap, owner: m.from });
+      (owned.get(m.from) ?? owned.set(m.from, /* @__PURE__ */ new Set()).get(m.from)).add(b.name);
+      if (!watched.has(m.from)) {
+        watched.add(m.from);
+        try {
+          await sys.monitor(cap);
+        } catch {
+        }
+      }
+    } else if (b.$ === "unregister") drop(b.name);
+    else if (b.$ === "lookup") {
+      const reply = m.caps[0];
+      if (!reply) continue;
+      const target = reg.get(b.name)?.cap;
+      const give = target ? sys.derive(target, ["send"]) : void 0;
+      await sys.send(reply, { $: "resolved", name: b.name, found: !!target }, give ? { caps: [give] } : {});
+    }
+  }
+} };
+async function register(sys, names, name) {
+  await sys.send(names, { $: "register", name }, { caps: [sys.selfCap()] });
+}
+async function lookup(sys, names, name) {
+  await sys.send(names, { $: "lookup", name }, { caps: [sys.selfCap()] });
+  while (true) {
+    const m = await sys.recv();
+    if (m.body.$ === "resolved" && m.body.name === name) return m.body.found ? m.caps[0] ?? null : null;
+  }
+}
+
+// src/userland/agent.ts
+var DEFAULT_SYSTEM = "You are a capable autonomous agent. Break the task into steps and keep going \u2014 investigate with tools, then act \u2014 until it is fully done; never stop at a plan or a partial result. Verify before answering, then reply concisely.";
+var HARD_MAX = 384;
+var MAX_TOOL_CHARS = 8e3;
+var isMessage = (b) => !!b && typeof b.role === "string";
+var capResult = (s) => s.length > MAX_TOOL_CHARS ? s.slice(0, MAX_TOOL_CHARS) + `
+\u2026[truncated ${s.length - MAX_TOOL_CHARS} chars]` : s;
+function orderForCache(segs) {
+  const lead = [], sums = [], rest = [];
+  for (const s of segs) (s.pinned && !s.summary ? lead : s.summary ? sums : rest).push(s);
+  return [...lead, ...sums, ...rest];
+}
+function pairToolCalls(messages) {
+  const resultById = /* @__PURE__ */ new Map();
+  for (const m of messages) if (m.role === "tool" && m.toolCallId) resultById.set(m.toolCallId, m);
+  const out = [];
+  for (const m of messages) {
+    if (m.role === "assistant" && m.toolCalls?.length) {
+      const tc = m.toolCalls.filter((c) => resultById.has(c.id));
+      if (tc.length) {
+        out.push({ ...m, toolCalls: tc });
+        for (const c of tc) out.push(resultById.get(c.id));
+      } else if (m.content?.trim()) out.push({ role: "assistant", content: m.content });
+    } else if (m.role !== "tool") out.push(m);
+  }
+  return out;
+}
+function unproductive(out) {
+  if (!out || typeof out !== "object") return false;
+  const o = out;
+  if ("error" in o) return true;
+  const st = o["status"];
+  return typeof st === "number" && (st < 200 || st >= 300);
+}
+async function runTurn(sys, llm, tools, spec) {
+  const ceil = Math.max(1, Math.min(spec.maxSteps ?? HARD_MAX, HARD_MAX));
+  const base = Math.max(1, spec.baseSteps ?? 16);
+  const stallMax = Math.max(1, spec.stallLimit ?? 3);
+  let limit = Math.min(base, ceil);
+  const cache = /* @__PURE__ */ new Map();
+  const promptMessages = () => pairToolCalls(orderForCache(sys.workingSet()).map((s) => s.body).filter(isMessage));
+  let answer = "", steps = 0, stall = 0, forced = false;
+  let investigated = 0, steered = false;
+  let revisions = 0;
+  const maxRev = Math.max(0, spec.maxRevisions ?? 2);
+  let continues = 0;
+  const maxCont = Math.max(0, spec.maxContinue ?? 24);
+  for (; steps < limit; steps++) {
+    const noTools = forced || steps >= limit - 1;
+    const del = spec.delegate;
+    const steer = !!del && investigated >= del.after && !noTools;
+    if (steer && !steered) {
+      steered = true;
+      await sys.remember({ role: "user", content: `You've made ${investigated} direct file-read/search calls in a row \u2014 that floods the transcript and your own context. For broad investigation ("where/how/analyze", or scanning several files), call \`${del.via}\` instead: it runs in a sub-agent and returns a distilled summary, keeping your context clean. The read/search tools are withheld this round, so delegate to \`${del.via}\` or act on what you already know. Prefer \`${del.via}\` over shell for searching.` });
+    }
+    const messages = promptMessages();
+    let offer = noTools ? void 0 : spec.tools;
+    if (steer && offer && del) offer = offer.filter((t) => !del.withhold.includes(t.name));
+    const reply = await sys.read(llm, { messages, tools: offer, maxTokens: spec.maxTokens });
+    for (const s of sys.workingSet()) {
+      const b = s.body;
+      if (b && b.images) delete b.images;
+    }
+    if (reply.toolCalls?.length && tools && !noTools) {
+      await sys.remember({ role: "assistant", content: reply.text ?? "", toolCalls: reply.toolCalls });
+      const calls = reply.toolCalls;
+      const keys = calls.map((tc) => tc.name + ":" + JSON.stringify(tc.args ?? {}));
+      const fresh = [];
+      const ran = /* @__PURE__ */ new Set();
+      for (let i = 0; i < calls.length; i++) {
+        const key = keys[i];
+        if (!cache.has(key) && !ran.has(key)) {
+          ran.add(key);
+          fresh.push({ key, req: { tool: calls[i].name, input: calls[i].args } });
+        }
+      }
+      if (fresh.length) {
+        const outs = await sys.readAll(tools, fresh.map((f) => f.req));
+        fresh.forEach((f, j) => cache.set(f.key, outs[j]));
+      }
+      let progressed = false;
+      for (let i = 0; i < calls.length; i++) {
+        const out = cache.get(keys[i]);
+        await sys.remember({ role: "tool", toolCallId: calls[i].id, name: calls[i].name, content: capResult(JSON.stringify(out)) });
+        if (ran.has(keys[i]) && !unproductive(out)) progressed = true;
+      }
+      if (del) {
+        const inv = calls.filter((c) => del.investigate.includes(c.name)).length;
+        if (inv > 0 && inv === calls.length) investigated += inv;
+        else {
+          investigated = 0;
+          steered = false;
+        }
+      }
+      if (progressed) stall = 0;
+      else if (++stall >= stallMax) {
+        forced = true;
+        await sys.remember({ role: "user", content: "Stop searching \u2014 recent tool calls returned no usable data. Answer now, concisely, with what you already know, and state any uncertainty." });
+      }
+      if (!forced && steps >= limit - 2 && limit < ceil) limit = Math.min(ceil, limit + base);
+      continue;
+    }
+    answer = reply.text ?? "";
+    await sys.remember({ role: "assistant", content: answer });
+    if (answer.trim() && spec.reflect && !forced && steps < limit - 1) {
+      const v = await spec.reflect(promptMessages());
+      const r = !v ? null : typeof v === "string" ? { correction: v, kind: "revise" } : v;
+      if (r?.correction) {
+        const cont = r.kind === "continue";
+        if (cont ? continues < maxCont : revisions < maxRev) {
+          if (cont) continues++;
+          else revisions++;
+          limit = Math.min(ceil, limit + base);
+          answer = "";
+          await sys.remember({ role: "user", content: r.correction });
+          continue;
+        }
+      }
+    }
+    if (answer.trim() || steps >= limit - 1) break;
+    await sys.remember({ role: "user", content: "You did not produce a final answer. Take the next concrete step with a tool, or give your final answer now." });
+  }
+  return { answer, steps: Math.min(steps + 1, limit) };
+}
+async function openDevices(sys) {
+  const boot = await sys.recv();
+  const [llmDev, toolsDev, parent] = boot.caps;
+  return { llm: await sys.open(llmDev), tools: toolsDev ? await sys.open(toolsDev) : null, parent };
+}
+function reactAgent(spec) {
+  return { name: "agent", async main(sys) {
+    const { llm, tools, parent } = await openDevices(sys);
+    await sys.remember({ role: "system", content: spec.system ?? DEFAULT_SYSTEM }, { pin: true });
+    await sys.remember({ role: "user", content: spec.task ?? "" }, { pin: true });
+    const r = await runTurn(sys, llm, tools, spec);
+    if (parent) await sys.send(parent, { $: "result", answer: r.answer, steps: r.steps });
+  } };
+}
+function conversationAgent(spec = {}) {
+  return { name: "agent", async main(sys) {
+    const { llm, tools, parent } = await openDevices(sys);
+    if (spec.history?.length) {
+      let pinned = false;
+      for (const m of spec.history) {
+        const pin = m.role === "system" && !pinned;
+        if (pin) pinned = true;
+        await sys.remember(m.images ? { ...m, images: void 0 } : m, { pin });
+      }
+      if (!pinned) await sys.remember({ role: "system", content: spec.system ?? DEFAULT_SYSTEM }, { pin: true });
+    } else {
+      await sys.remember({ role: "system", content: spec.system ?? DEFAULT_SYSTEM }, { pin: true });
+    }
+    for (; ; ) {
+      const msg = await sys.recv();
+      const userTurn = { role: "user", content: msg.body.task, ...msg.body.images?.length ? { images: msg.body.images } : {} };
+      await sys.remember(userTurn);
+      let r;
+      try {
+        r = await runTurn(sys, llm, tools, spec);
+      } catch (e) {
+        r = { answer: "", steps: 0, error: e instanceof Error ? e.message : String(e) };
+      }
+      if (parent) await sys.send(parent, { $: "result", answer: r.answer, steps: r.steps, error: r.error });
+    }
+  } };
+}
+
+// src/userland/sandbox.ts
+import { Worker } from "node:worker_threads";
+var DEFAULT_ALLOW = ["self", "recv", "send", "remember", "recall", "workingSet", "log", "exit"];
+var DEFAULT_RESOURCE_LIMITS = { maxOldGenerationSizeMb: 256 };
+var harness = (code) => `
+const { parentPort, threadId, workerData } = require('node:worker_threads')
+const pending = new Map(); let seq = 0
+function syscall(name, ...args) {
+  return new Promise((res, rej) => { const id = ++seq; pending.set(id, { res, rej }); parentPort.postMessage({ id, name, args }) })
+}
+parentPort.on('message', (m) => { const p = pending.get(m.id); if (!p) return; pending.delete(m.id); m.ok ? p.res(m.value) : p.rej(new Error(m.error)) })
+// The ONLY surface the untrusted code gets \u2014 every method is a mediated RPC, nothing ambient.
+const sys = new Proxy({}, { get: (_t, name) => (...args) => syscall(String(name), ...args) })
+const args = workerData
+;(async () => { ${code} })().then(
+  (value) => parentPort.postMessage({ done: true, value }),
+  (err)   => parentPort.postMessage({ done: true, error: String((err && err.stack) || err) }))
+`;
+function sandbox(code, opts = {}) {
+  const allow = new Set(opts.allow ?? DEFAULT_ALLOW);
+  return { name: opts.name ?? "sandbox", async main(sys, args) {
+    const w = new Worker(harness(code), { eval: true, workerData: args, resourceLimits: { ...DEFAULT_RESOURCE_LIMITS, ...opts.resourceLimits } });
+    sys.onCleanup(() => void w.terminate());
+    await new Promise((resolve, reject) => {
+      w.on("message", async (m) => {
+        if (m.done) {
+          await w.terminate();
+          m.error ? reject(new Error(m.error)) : resolve();
+          return;
+        }
+        const name = m.name;
+        if (name === "exit") {
+          await w.terminate();
+          resolve();
+          return;
+        }
+        if (!allow.has(name)) {
+          w.postMessage({ id: m.id, ok: false, error: `sandbox: syscall "${name}" denied` });
+          return;
+        }
+        try {
+          const fn = sys[name];
+          if (typeof fn !== "function") throw new Error(`sandbox: no syscall "${name}"`);
+          const value = await fn.apply(sys, m.args ?? []);
+          w.postMessage({ id: m.id, ok: true, value });
+        } catch (e) {
+          w.postMessage({ id: m.id, ok: false, error: e instanceof Error ? e.message : String(e) });
+        }
+      });
+      w.on("error", reject);
+    });
+  } };
+}
+
+// src/userland/longmem.ts
+var norm = (s) => s.trim().replace(/\s+/g, " ").toLowerCase();
+var LongMemory = class {
+  recaller;
+  by = /* @__PURE__ */ new Map();
+  seen = /* @__PURE__ */ new Set();
+  // normalized text → dedup (no lesson rot)
+  persist;
+  now;
+  constructor(opts = {}) {
+    this.recaller = opts.recaller ?? new KeywordRecaller();
+    this.persist = opts.persist;
+    this.now = opts.now ?? Date.now;
+    if (this.persist) for (const l of this.persist.load()) this.ingest(l);
+  }
+  ingest(l) {
+    const n = norm(l.text);
+    if (!n || this.seen.has(n)) return false;
+    this.seen.add(n);
+    this.by.set(l.id, l);
+    this.recaller.index(l.id, l.text);
+    return true;
+  }
+  /** Add a distilled lesson (deduped, lossy by design). Returns false if it was a duplicate/empty. */
+  remember(text, tags = []) {
+    const l = { id: newSegId(), text: text.trim(), tags, ts: this.now(), uses: 0 };
+    if (!this.ingest(l)) return false;
+    this.persist?.append(l);
+    return true;
+  }
+  /** Recall the k most relevant lessons for a query (bumps their use count — popularity signal). */
+  recall(query, k = 4) {
+    const out = [];
+    for (const id of this.recaller.search(query, new Set(this.by.keys()), k)) {
+      const l = this.by.get(id);
+      if (l) {
+        l.uses++;
+        out.push(l);
+      }
+    }
+    return out;
+  }
+  all() {
+    return [...this.by.values()];
+  }
+  get size() {
+    return this.by.size;
+  }
+};
+
+// src/userland/distill.ts
+var DISTILL_SYSTEM = "You distill a finished agent session into AT MOST 3 short, REUSABLE lessons \u2014 concrete tactics or gotchas that would help on a similar task next time (NOT a recap of what happened). One per line, imperative, \u2264140 chars, no numbering. If nothing is genuinely reusable, output nothing.";
+var parseLessons = (text) => text.split("\n").map((s) => s.replace(/^[-*•\d.\s]+/, "").trim()).filter((s) => s.length > 8).slice(0, 3);
+function llmDistiller(chat, maxTokens = 400) {
+  return async (messages) => {
+    const transcript = messages.filter((m) => m.role !== "system").map((m) => `${m.role}: ${typeof m.content === "string" ? m.content : ""}`).join("\n").slice(-6e3);
+    if (!transcript.trim()) return [];
+    const r = await chat({ messages: [{ role: "system", content: DISTILL_SYSTEM }, { role: "user", content: transcript }], maxTokens });
+    return parseLessons(r.text ?? "");
+  };
+}
+async function learn(mem, distill, messages, tags = []) {
+  let n = 0;
+  for (const lesson of await distill(messages)) if (mem.remember(lesson, tags)) n++;
+  return n;
+}
+
+// src/userland/persona.ts
+var PersonaRegistry = class {
+  constructor(persist, now = Date.now) {
+    this.persist = persist;
+    this.now = now;
+    if (persist) for (const p of persist.load()) this.by.set(p.name, p);
+  }
+  by = /* @__PURE__ */ new Map();
+  /** Save (or replace) a persona by name. */
+  save(p) {
+    const full = { ...p, ts: p.ts ?? this.now() };
+    this.by.set(full.name, full);
+    this.persist?.save(full);
+    return full;
+  }
+  get(name) {
+    return this.by.get(name);
+  }
+  list() {
+    return [...this.by.values()];
+  }
+  forDomain(domain) {
+    return this.list().filter((p) => p.domain === domain);
+  }
+};
+function instantiate(p, task, opts = {}) {
+  const lessons = opts.memory?.recall(`${p.domain} ${task}`, opts.recall ?? 4) ?? [];
+  const system = lessons.length ? `${p.system}
+
+Lessons from past work (apply when relevant):
+${lessons.map((l) => `- ${l.text}`).join("\n")}` : p.system;
+  return { task, system, tools: p.tools };
+}
+
+// src/userland/promptsmith.ts
+var SMITH_SYSTEM = "You are a world-class prompt engineer. Write a SYSTEM PROMPT for an autonomous, tool-using agent specialized in the given domain. It must: state the persona + quality bar; prescribe a ground\u2192act\u2192verify workflow; be concrete and concise (\u2264200 words); and bake in any supplied lessons. Output ONLY the system prompt text \u2014 no preamble, no quotes.";
+function brief(b) {
+  const parts = [`Domain: ${b.domain}`];
+  if (b.goal) parts.push(`Goal: ${b.goal}`);
+  if (b.tools?.length) parts.push(`Available tools: ${b.tools.join(", ")}`);
+  if (b.lessons?.length) parts.push(`Lessons to bake in:
+${b.lessons.map((l) => `- ${l}`).join("\n")}`);
+  return parts.join("\n");
+}
+async function forgePrompt(chat, b, maxTokens = 600) {
+  const r = await chat({ messages: [{ role: "system", content: SMITH_SYSTEM }, { role: "user", content: brief(b) }], maxTokens });
+  return (r.text ?? "").trim();
+}
+async function refinePrompt(chat, base, feedback, maxTokens = 600) {
+  const r = await chat({ messages: [
+    { role: "system", content: SMITH_SYSTEM + " You are given a CURRENT prompt and FEEDBACK; return an improved version." },
+    { role: "user", content: `CURRENT PROMPT:
+${base}
+
+FEEDBACK:
+${feedback}` }
+  ], maxTokens });
+  return (r.text ?? "").trim();
+}
+async function forgeFromMemory(chat, domain, mem, opts = {}) {
+  const lessons = mem.recall(domain + (opts.goal ? " " + opts.goal : ""), opts.k ?? 8).map((l) => l.text);
+  return forgePrompt(chat, { domain, goal: opts.goal, lessons, tools: opts.tools });
+}
+
+// src/userland/evolve.ts
+async function tournament(candidates, score) {
+  const scored = await Promise.all(candidates.map(async (c) => ({ ...c, ...await score(c.prompt) })));
+  return scored.sort((a, b) => b.fitness - a.fitness);
+}
+async function evolve(base, variants, score, margin = 0) {
+  const ranked = await tournament([{ prompt: base, label: "baseline" }, ...variants.map((p, i) => ({ prompt: p, label: `v${i + 1}` }))], score);
+  const baseFit = ranked.find((r) => r.label === "baseline").fitness;
+  const top = ranked[0];
+  const improved = top.label !== "baseline" && top.fitness > baseFit + margin;
+  return { winner: improved ? top.prompt : base, improved, ranked };
+}
+function meteredFitness(r) {
+  return r.correct * 1e3 - (r.steps ?? 0) * 2 - (r.tokens ?? 0) / 1e3 - (r.usd ?? 0) * 10;
+}
+
+// src/userland/expert.ts
+var PromptExpert = class {
+  constructor(chat, opts = {}) {
+    this.chat = chat;
+    this.memory = new LongMemory({ persist: opts.memory, now: opts.now });
+    this.personas = new PersonaRegistry(opts.personas, opts.now);
+    this.distill = opts.distiller ?? llmDistiller(chat);
+  }
+  memory;
+  personas;
+  distill;
+  /** Reflect on a finished session → fold reusable lessons into long-term memory. Returns added count. */
+  learn(messages, tags) {
+    return learn(this.memory, this.distill, messages, tags);
+  }
+  /** Forge (or refresh) a domain persona from accumulated lessons, then register it. */
+  async specialize(domain, opts = {}) {
+    const system = await forgeFromMemory(this.chat, domain, this.memory, { goal: opts.goal, tools: opts.tools?.map((t) => t.name) });
+    return this.personas.save({ name: opts.name ?? domain, domain, system, tools: opts.tools });
+  }
+  /** Instantiate a persona for a task (enriched with recalled lessons) → ready for reactAgent/conversationAgent. */
+  hire(name, task, recall = 4) {
+    const p = this.personas.get(name);
+    return p ? instantiate(p, task, { memory: this.memory, recall }) : null;
+  }
+};
+
+// src/drivers/llm.ts
+function llmDriver(chat, name = "llm") {
+  return { name, async open() {
+    return { async read(req) {
+      const r = await chat(req);
+      const u = r.usage ?? {};
+      return { value: r, cost: { tokens: (u.promptTokens ?? 0) + (u.completionTokens ?? 0), usd: u.usd } };
+    } };
+  } };
+}
+
+// src/drivers/tools.ts
+function toolDriver(tools, name = "tools") {
+  return { name, async open() {
+    return { async read(req) {
+      const { tool, input } = req;
+      const fn = tools[tool];
+      if (!fn) return { value: { error: `no such tool: ${tool}` }, cost: { toolCalls: 1 } };
+      try {
+        return { value: await fn(input), cost: { toolCalls: 1 } };
+      } catch (e) {
+        return { value: { error: e instanceof Error ? e.message : String(e) }, cost: { toolCalls: 1 } };
+      }
+    } };
+  } };
+}
+
+// src/drivers/kv.ts
+function kvDriver(name = "kv") {
+  const store = /* @__PURE__ */ new Map();
+  return { name, async open() {
+    return {
+      async read(req) {
+        const { get } = req;
+        return { value: store.has(get) ? store.get(get) : null };
+      },
+      async write(data) {
+        const { set } = data;
+        store.set(set.key, set.value);
+        return { value: true };
+      }
+    };
+  } };
+}
+
+// src/drivers/gateway.ts
+import { randomUUID } from "node:crypto";
+function gatewayDriver(forward, name = "gateway") {
+  return { name, async open() {
+    return { async write(data) {
+      const { to, body } = data;
+      return { value: forward(to, body), cost: { reductions: 1 } };
+    } };
+  } };
+}
+function secureGatewayDriver(forward, key, name = "gateway") {
+  return { name, async open() {
+    return { async write(data) {
+      const { to, body } = data;
+      return { value: forward(seal(key, to, body, randomUUID())), cost: { reductions: 1 } };
+    } };
+  } };
+}
+
+// src/drivers/worker.ts
+import { Worker as Worker2 } from "node:worker_threads";
+var harness2 = (src) => `
+const { parentPort, workerData, threadId } = require('node:worker_threads')
+const fn = (input) => { ${src} }
+Promise.resolve(fn(workerData.input)).then(
+  (value) => parentPort.postMessage({ ok: true, value, tid: threadId }),
+  (err)   => parentPort.postMessage({ ok: false, error: String((err && err.stack) || err) }))
+`;
+function workerDriver(tasks, name = "worker") {
+  return { name, async open() {
+    return { async read(req) {
+      const { task, input } = req;
+      const src = tasks[task];
+      if (!src) throw new Error(`worker: no such task "${task}"`);
+      const out = await new Promise((resolve, reject) => {
+        const w = new Worker2(harness2(src), { eval: true, workerData: { input } });
+        w.once("message", (m) => {
+          w.terminate();
+          m.ok ? resolve({ value: m.value, tid: m.tid }) : reject(new Error(m.error));
+        });
+        w.once("error", reject);
+      });
+      return { value: out, cost: { toolCalls: 1 } };
+    } };
+  } };
+}
+
+// src/drivers/wasm.ts
+function wasmDriver(modules, name = "wasm") {
+  const compiled = /* @__PURE__ */ new Map();
+  return { name, async open() {
+    return { async read(req) {
+      const { module, fn, args } = req;
+      let mod = compiled.get(module);
+      if (!mod) {
+        const bytes = modules[module];
+        if (!bytes) throw new Error(`wasm: no module "${module}"`);
+        mod = new WebAssembly.Module(bytes);
+        compiled.set(module, mod);
+      }
+      const inst = await WebAssembly.instantiate(mod, {});
+      const f = inst.exports[fn];
+      if (typeof f !== "function") throw new Error(`wasm: no export "${fn}"`);
+      return { value: f(...args ?? []), cost: { toolCalls: 1 } };
+    } };
+  } };
+}
+export {
+  ABI_VERSION,
+  Bm25Recaller,
+  CapError,
+  DEFAULT_ALLOW,
+  DefaultPager,
+  EventLog,
+  FileStore,
+  Journal,
+  Kernel,
+  KernelError,
+  KeywordRecaller,
+  LongMemory,
+  MemoryStore,
+  NonceGuard,
+  PersonaRegistry,
+  PromptExpert,
+  QuotaExceeded,
+  RealClock,
+  VectorRecaller,
+  VirtualClock,
+  conversationAgent,
+  dialTcp,
+  drv,
+  estTokens,
+  eventsFromStore,
+  evolve,
+  forgeFromMemory,
+  forgePrompt,
+  freshNonce,
+  gatewayDriver,
+  hasRight,
+  hashEmbed,
+  instantiate,
+  journalFromStore,
+  kvDriver,
+  learn,
+  llmDistiller,
+  llmDriver,
+  lookup,
+  meteredFitness,
+  nameService,
+  newCapRef,
+  newMsgId,
+  nursery,
+  parseLessons,
+  reactAgent,
+  refinePrompt,
+  register,
+  sandbox,
+  seal,
+  secureGatewayDriver,
+  serveTcp,
+  supervisor,
+  toolDriver,
+  tournament,
+  verify,
+  wasmDriver,
+  workerDriver
+};