npm - @hasna/loops - Versions diffs - 0.3.12 → 0.3.13 - Mend

@hasna/loops 0.3.12 → 0.3.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/index.js CHANGED Viewed

@@ -368,6 +368,35 @@ function validateTarget(value, label) {
       if (value.provider !== "codewith")
         throw new Error(`${label}.authProfile is currently supported only for provider codewith`);
     }
+    if (value.variant !== undefined)
+      assertString(value.variant, `${label}.variant`);
+    if (value.permissionMode !== undefined) {
+      assertString(value.permissionMode, `${label}.permissionMode`);
+      const permissionModes = ["default", "plan", "auto", "bypass"];
+      if (!permissionModes.includes(value.permissionMode)) {
+        throw new Error(`${label}.permissionMode must be one of ${permissionModes.join(", ")}`);
+      }
+      if (value.permissionMode === "plan" && !["claude", "cursor"].includes(value.provider)) {
+        throw new Error(`${label}.permissionMode plan is currently supported only for provider claude or cursor`);
+      }
+      if (value.permissionMode === "auto" && value.provider !== "claude") {
+        throw new Error(`${label}.permissionMode auto is currently supported only for provider claude`);
+      }
+    }
+    if (value.sandbox !== undefined) {
+      assertString(value.sandbox, `${label}.sandbox`);
+      const codexLike = ["read-only", "workspace-write", "danger-full-access"];
+      const cursorLike = ["enabled", "disabled"];
+      if (["codewith", "codex"].includes(value.provider)) {
+        if (!codexLike.includes(value.sandbox))
+          throw new Error(`${label}.sandbox must be one of ${codexLike.join(", ")}`);
+      } else if (value.provider === "cursor") {
+        if (!cursorLike.includes(value.sandbox))
+          throw new Error(`${label}.sandbox must be one of ${cursorLike.join(", ")}`);
+      } else {
+        throw new Error(`${label}.sandbox is currently supported only for provider codewith, codex, or cursor`);
+      }
+    }
     return value;
   }
   throw new Error(`${label}.type must be command or agent`);
@@ -2353,7 +2382,7 @@ function providerCommand(provider) {
     case "claude":
       return "claude";
     case "cursor":
-      return "cursor-agent";
+      return "sh";
     case "codewith":
       return "codewith";
     case "aicopilot":
@@ -2364,22 +2393,107 @@ function providerCommand(provider) {
       return "codex";
   }
 }
+function codewithLikeSandbox(target) {
+  const sandbox = target.sandbox ?? (target.permissionMode === "bypass" ? "danger-full-access" : "workspace-write");
+  if (sandbox !== "read-only" && sandbox !== "workspace-write" && sandbox !== "danger-full-access") {
+    throw new Error(`${target.provider} sandbox must be read-only, workspace-write, or danger-full-access`);
+  }
+  return sandbox;
+}
+function configStringValue(value) {
+  return JSON.stringify(value);
+}
+function assertStringOption(value, label) {
+  if (value !== undefined && typeof value !== "string")
+    throw new Error(`${label} must be a string`);
+}
+function assertSupportedAgentOptions(target) {
+  assertStringOption(target.variant, `${target.provider}.variant`);
+  assertStringOption(target.model, `${target.provider}.model`);
+  assertStringOption(target.agent, `${target.provider}.agent`);
+  assertStringOption(target.authProfile, `${target.provider}.authProfile`);
+  if (target.authProfile !== undefined && target.provider !== "codewith") {
+    throw new Error(`${target.provider}.authProfile is supported only for codewith`);
+  }
+  if (target.permissionMode && !["default", "plan", "auto", "bypass"].includes(target.permissionMode)) {
+    throw new Error(`${target.provider}.permissionMode must be default, plan, auto, or bypass`);
+  }
+  if (target.sandbox && !["read-only", "workspace-write", "danger-full-access", "enabled", "disabled"].includes(target.sandbox)) {
+    throw new Error(`${target.provider}.sandbox is not supported: ${target.sandbox}`);
+  }
+  if (["codewith", "codex"].includes(target.provider)) {
+    if (target.permissionMode && !["default", "bypass"].includes(target.permissionMode)) {
+      throw new Error(`${target.provider}.permissionMode supports only default or bypass`);
+    }
+    if (target.sandbox)
+      codewithLikeSandbox(target);
+    return;
+  }
+  if (target.provider === "claude") {
+    if (target.sandbox !== undefined)
+      throw new Error("claude.sandbox is not supported");
+    return;
+  }
+  if (target.provider === "cursor") {
+    if (target.permissionMode === "auto")
+      throw new Error("cursor.permissionMode auto is not supported; use provider-specific extraArgs for Cursor auto-review");
+    if (target.sandbox !== undefined && target.sandbox !== "enabled" && target.sandbox !== "disabled") {
+      throw new Error("cursor.sandbox must be enabled or disabled");
+    }
+    return;
+  }
+  if (target.permissionMode && !["default", "bypass"].includes(target.permissionMode)) {
+    throw new Error(`${target.provider}.permissionMode supports only default or bypass`);
+  }
+  if (target.sandbox !== undefined)
+    throw new Error(`${target.provider}.sandbox is not supported`);
+}
 function agentArgs(target) {
+  assertSupportedAgentOptions(target);
   const isolation = target.configIsolation ?? "safe";
+  const permissionMode = target.permissionMode ?? "default";
   const args = [];
   switch (target.provider) {
     case "claude":
       if (isolation === "safe")
         args.push("--safe-mode", "--setting-sources", "local", "--no-session-persistence");
+      if (permissionMode !== "default") {
+        const mode = permissionMode === "bypass" ? "bypassPermissions" : permissionMode === "plan" || permissionMode === "auto" ? permissionMode : undefined;
+        if (mode)
+          args.push("--permission-mode", mode);
+      }
       args.push("-p", "--output-format", "json");
       if (target.model)
         args.push("--model", target.model);
+      if (target.variant)
+        args.push("--effort", target.variant);
       if (target.agent)
         args.push("--agent", target.agent);
       args.push(...target.extraArgs ?? []);
       return args;
     case "cursor":
-      args.push("agent", "-p");
+      args.push("-c", [
+        "set -eu",
+        "if command -v cursor >/dev/null 2>&1; then",
+        '  exec cursor agent "$@"',
+        "elif command -v agent >/dev/null 2>&1; then",
+        '  exec agent "$@"',
+        "else",
+        "  echo 'Executable not found in PATH: cursor agent or agent' >&2",
+        "  exit 127",
+        "fi"
+      ].join(`
+`), "openloops-cursor", "-p");
+      if (permissionMode === "plan")
+        args.push("--mode", "plan");
+      if (permissionMode === "bypass")
+        args.push("--force");
+      const cursorSandbox = target.sandbox ?? (isolation === "safe" ? "enabled" : undefined);
+      if (cursorSandbox) {
+        if (cursorSandbox !== "enabled" && cursorSandbox !== "disabled")
+          throw new Error("cursor sandbox must be enabled or disabled");
+        args.push("--sandbox", cursorSandbox);
+      }
       if (target.model)
         args.push("--model", target.model);
       if (target.agent)
@@ -2387,7 +2501,10 @@ function agentArgs(target) {
       args.push(...target.extraArgs ?? []);
       return args;
     case "codewith":
-      args.push(...target.authProfile ? ["--auth-profile", target.authProfile] : [], "--ask-for-approval", "never", "exec", "--json", "--ephemeral", "--sandbox", "workspace-write", "--skip-git-repo-check");
+      args.push(...target.authProfile ? ["--auth-profile", target.authProfile] : []);
+      if (target.variant)
+        args.push("-c", `model_reasoning_effort=${configStringValue(target.variant)}`);
+      args.push("--ask-for-approval", "never", "exec", "--json", "--ephemeral", "--sandbox", codewithLikeSandbox(target), "--skip-git-repo-check");
       if (isolation === "safe")
         args.push("--ignore-rules");
       if (target.cwd)
@@ -2399,7 +2516,9 @@ function agentArgs(target) {
       args.push(...target.extraArgs ?? []);
       return args;
     case "codex":
-      args.push("exec", "--json", "--ephemeral", "--ask-for-approval", "never", "--sandbox", "workspace-write");
+      if (target.variant)
+        args.push("-c", `model_reasoning_effort=${configStringValue(target.variant)}`);
+      args.push("exec", "--json", "--ephemeral", "--ask-for-approval", "never", "--sandbox", codewithLikeSandbox(target));
       if (isolation === "safe")
         args.push("--ignore-rules");
       if (target.cwd)
@@ -2412,10 +2531,14 @@ function agentArgs(target) {
       args.push("run", "--format", "json");
       if (isolation === "safe")
         args.push("--pure");
+      if (permissionMode === "bypass")
+        args.push("--dangerously-skip-permissions");
       if (target.cwd)
         args.push("--dir", target.cwd);
       if (target.model)
         args.push("--model", target.model);
+      if (target.variant)
+        args.push("--variant", target.variant);
       if (target.agent)
         args.push("--agent", target.agent);
       args.push(...target.extraArgs ?? []);
@@ -2424,10 +2547,14 @@ function agentArgs(target) {
       args.push("run", "--format", "json");
       if (isolation === "safe")
         args.push("--pure");
+      if (permissionMode === "bypass")
+        args.push("--dangerously-skip-permissions");
       if (target.cwd)
         args.push("--dir", target.cwd);
       if (target.model)
         args.push("--model", target.model);
+      if (target.variant)
+        args.push("--variant", target.variant);
       if (target.agent)
         args.push("--agent", target.agent);
       args.push(...target.extraArgs ?? []);
@@ -2456,6 +2583,7 @@ function commandSpec(target) {
     timeoutMs: agentTarget.timeoutMs ?? DEFAULT_TIMEOUT_MS,
     account: agentTarget.account,
     accountTool: agentTarget.account?.tool ?? accountToolForProvider(agentTarget.provider),
+    preflightAnyOf: agentTarget.provider === "cursor" ? ["cursor", "agent"] : undefined,
     stdin: agentTarget.prompt
   };
 }
@@ -2523,11 +2651,15 @@ function remoteScript(spec, metadata) {
 `;
 }
 function remotePreflightScript(spec, metadata) {
-  return [
+  const lines = [
     ...remoteBootstrapLines(spec, metadata),
     "command -v bash >/dev/null 2>&1",
     `command -v ${shellQuote(spec.shell ? "sh" : spec.command)} >/dev/null 2>&1`
-  ].join(`
+  ];
+  if (spec.preflightAnyOf?.length) {
+    lines.push(`if ! ${spec.preflightAnyOf.map((command) => `command -v ${shellQuote(command)} >/dev/null 2>&1`).join(" && ! ")}; then`, `  echo 'none of required executables found: ${spec.preflightAnyOf.join(", ")}' >&2`, "  exit 127", "fi");
+  }
+  return lines.join(`
 `);
 }
 function transportEnv(opts) {
@@ -2680,6 +2812,9 @@ function preflightTarget(target, metadata = {}, opts = {}) {
   if (!spec.shell && !executableExists(spec.command, env)) {
     throw new Error(commandNotFoundMessage(spec.command, env));
   }
+  if (spec.preflightAnyOf?.length && !spec.preflightAnyOf.some((command) => executableExists(command, env))) {
+    throw new Error(`none of required executables found: ${spec.preflightAnyOf.join(", ")}`);
+  }
   return {
     command: spec.command,
     accountProfile: spec.account?.profile,
@@ -2710,6 +2845,17 @@ async function executeTarget(target, metadata = {}, opts = {}) {
       durationMs: 0
     };
   }
+  if (spec.preflightAnyOf?.length && !spec.preflightAnyOf.some((command) => executableExists(command, env))) {
+    return {
+      status: "failed",
+      stdout,
+      stderr,
+      error: `none of required executables found: ${spec.preflightAnyOf.join(", ")}`,
+      startedAt,
+      finishedAt: nowIso(),
+      durationMs: 0
+    };
+  }
   const child = spawn(spec.command, spec.args, {
     cwd: spec.cwd,
     env,
@@ -3813,6 +3959,241 @@ class LoopsClient {
 function loops(opts = {}) {
   return new LoopsClient(opts);
 }
+// src/lib/templates.ts
+var TODOS_TASK_WORKER_VERIFIER_TEMPLATE_ID = "todos-task-worker-verifier";
+var EVENT_WORKER_VERIFIER_TEMPLATE_ID = "event-worker-verifier";
+var TEMPLATE_SUMMARIES = [
+  {
+    id: TODOS_TASK_WORKER_VERIFIER_TEMPLATE_ID,
+    name: "Todos Task Worker + Verifier",
+    description: "Create a one-shot workflow for a todos task: one agent performs the task, then a fresh verifier agent audits the result and records follow-up tasks or completion evidence.",
+    kind: "workflow",
+    variables: [
+      { name: "taskId", required: true, description: "Todos task id to execute." },
+      { name: "taskTitle", description: "Human-readable task title." },
+      { name: "projectPath", required: true, description: "Repository or project working directory." },
+      { name: "provider", default: "codewith", description: "Agent provider: codewith, claude, cursor, opencode, aicopilot, or codex." },
+      { name: "authProfile", description: "Provider-native auth profile, currently Codewith." },
+      { name: "model", description: "Provider model." },
+      { name: "variant", description: "Provider reasoning/model effort variant." },
+      { name: "permissionMode", default: "bypass", description: "Provider permission mode: default, plan, auto, or bypass." },
+      { name: "sandbox", default: "danger-full-access", description: "Provider sandbox mode." }
+    ]
+  },
+  {
+    id: EVENT_WORKER_VERIFIER_TEMPLATE_ID,
+    name: "Hasna Event Worker + Verifier",
+    description: "Create a one-shot workflow for a generic Hasna event: one agent handles the event, then a fresh verifier agent audits the result and records evidence or follow-up tasks.",
+    kind: "workflow",
+    variables: [
+      { name: "eventId", required: true, description: "Hasna event id." },
+      { name: "eventType", required: true, description: "Hasna event type." },
+      { name: "eventSource", required: true, description: "Hasna event source." },
+      { name: "eventJson", required: true, description: "Full event envelope JSON." },
+      { name: "projectPath", required: true, description: "Repository or project working directory." },
+      { name: "provider", default: "codewith", description: "Agent provider: codewith, claude, cursor, opencode, aicopilot, or codex." },
+      { name: "authProfile", description: "Provider-native auth profile, currently Codewith." },
+      { name: "model", description: "Provider model." },
+      { name: "variant", description: "Provider reasoning/model effort variant." },
+      { name: "permissionMode", default: "bypass", description: "Provider permission mode: default, plan, auto, or bypass." },
+      { name: "sandbox", default: "danger-full-access", description: "Provider sandbox mode." }
+    ]
+  }
+];
+function compactJson(value) {
+  return JSON.stringify(value);
+}
+function taskLabel(input) {
+  const head = input.taskTitle?.trim() || input.taskId;
+  return head.length > 160 ? `${head.slice(0, 157)}...` : head;
+}
+function agentTarget(input, prompt) {
+  const provider = input.provider ?? "codewith";
+  const sandbox = input.sandbox ?? (provider === "codewith" || provider === "codex" ? "danger-full-access" : provider === "cursor" ? "disabled" : undefined);
+  return {
+    type: "agent",
+    provider,
+    prompt,
+    cwd: input.projectPath,
+    model: input.model,
+    variant: input.variant,
+    agent: input.agent,
+    authProfile: provider === "codewith" ? input.authProfile : undefined,
+    configIsolation: "safe",
+    permissionMode: input.permissionMode ?? "bypass",
+    sandbox,
+    account: input.account,
+    timeoutMs: 45 * 60000
+  };
+}
+function listLoopTemplates() {
+  return TEMPLATE_SUMMARIES.map((template) => structuredClone(template));
+}
+function getLoopTemplate(id) {
+  return listLoopTemplates().find((template) => template.id === id || template.name === id);
+}
+function renderTodosTaskWorkerVerifierWorkflow(input) {
+  if (!input.taskId?.trim())
+    throw new Error("taskId is required");
+  if (!input.projectPath?.trim())
+    throw new Error("projectPath is required");
+  const taskContext = {
+    taskId: input.taskId,
+    taskTitle: input.taskTitle,
+    taskDescription: input.taskDescription,
+    eventId: input.eventId,
+    eventType: input.eventType,
+    projectPath: input.projectPath
+  };
+  const workerPrompt = [
+    `/goal Complete todos task ${input.taskId} in ${input.projectPath}.`,
+    "",
+    "You are the worker agent for a task-triggered OpenLoops workflow.",
+    "Investigate first before changing files. Use the todos CLI as the source of truth for the task.",
+    "Claim/start the task if appropriate, inspect the repository/project state, implement only the task scope, run focused validation, preserve unrelated user changes, and update the task with comments, evidence, changed files, commits, and blockers.",
+    "Do not mark the task complete unless the work is genuinely done and validated.",
+    "",
+    `Task context JSON: ${compactJson(taskContext)}`
+  ].join(`
+`);
+  const verifierPrompt = [
+    `/goal Verify todos task ${input.taskId} after the worker step.`,
+    "",
+    "You are the verifier agent for a task-triggered OpenLoops workflow.",
+    "Use fresh context. Inspect the task, repository state, commits, tests, and worker evidence. Act as an adversarial reviewer focused on correctness, regressions, missing tests, security, and incomplete requirements.",
+    "If the work is valid, record verification evidence in todos and mark/leave the task in the correct completed state according to the todos CLI. If it is not valid, add precise follow-up tasks or comments and leave the original task open or blocked with clear evidence.",
+    "Do not make broad unrelated changes. Only apply tiny verification fixes when they are necessary and low risk; otherwise create follow-up tasks.",
+    "",
+    `Task context JSON: ${compactJson(taskContext)}`
+  ].join(`
+`);
+  return {
+    name: `todos-task-${input.taskId.slice(0, 8)}-worker-verifier`,
+    description: `Task-triggered worker/verifier workflow for ${taskLabel(input)}`,
+    version: 1,
+    steps: [
+      {
+        id: "worker",
+        name: "Worker",
+        description: "Implement the todos task and record evidence.",
+        target: agentTarget(input, workerPrompt),
+        timeoutMs: 45 * 60000
+      },
+      {
+        id: "verifier",
+        name: "Verifier",
+        description: "Adversarially verify worker output and update todos.",
+        dependsOn: ["worker"],
+        target: agentTarget(input, verifierPrompt),
+        timeoutMs: 30 * 60000
+      }
+    ]
+  };
+}
+function renderEventWorkerVerifierWorkflow(input) {
+  if (!input.eventId?.trim())
+    throw new Error("eventId is required");
+  if (!input.eventType?.trim())
+    throw new Error("eventType is required");
+  if (!input.eventSource?.trim())
+    throw new Error("eventSource is required");
+  if (!input.eventJson?.trim())
+    throw new Error("eventJson is required");
+  if (!input.projectPath?.trim())
+    throw new Error("projectPath is required");
+  const eventContext = {
+    eventId: input.eventId,
+    eventType: input.eventType,
+    eventSource: input.eventSource,
+    eventSubject: input.eventSubject,
+    eventMessage: input.eventMessage,
+    projectPath: input.projectPath
+  };
+  const workerPrompt = [
+    `/goal Handle Hasna event ${input.eventSource}/${input.eventType} (${input.eventId}) in ${input.projectPath}.`,
+    "",
+    "You are the worker agent for an event-triggered OpenLoops workflow.",
+    "Investigate first before changing files. Read the full event envelope and decide the narrow action required by that event. Preserve unrelated user changes and update the relevant local CLI/task/knowledge system with evidence, changed files, commits, and blockers.",
+    "If the event is informational or does not require action, record that finding and stop without making changes.",
+    "",
+    `Event context JSON: ${compactJson(eventContext)}`,
+    `Full event envelope JSON: ${input.eventJson}`
+  ].join(`
+`);
+  const verifierPrompt = [
+    `/goal Verify handling of Hasna event ${input.eventSource}/${input.eventType} (${input.eventId}).`,
+    "",
+    "You are the verifier agent for an event-triggered OpenLoops workflow.",
+    "Use fresh context. Inspect the event, repository/project state, worker evidence, tests, and any created tasks or notes. Act as an adversarial reviewer focused on correctness, regressions, security, missing evidence, and incomplete requirements.",
+    "If the work is valid, record verification evidence in the relevant local system. If it is not valid, add precise follow-up tasks/comments and leave the event handling state open or blocked with clear evidence.",
+    "",
+    `Event context JSON: ${compactJson(eventContext)}`,
+    `Full event envelope JSON: ${input.eventJson}`
+  ].join(`
+`);
+  return {
+    name: `event-${input.eventSource}-${input.eventType}-${input.eventId.slice(0, 8)}-worker-verifier`.replace(/[^a-zA-Z0-9._:-]+/g, "-"),
+    description: `Event-triggered worker/verifier workflow for ${input.eventSource}/${input.eventType}`,
+    version: 1,
+    steps: [
+      {
+        id: "worker",
+        name: "Worker",
+        description: "Handle the Hasna event and record evidence.",
+        target: agentTarget(input, workerPrompt),
+        timeoutMs: 45 * 60000
+      },
+      {
+        id: "verifier",
+        name: "Verifier",
+        description: "Adversarially verify event handling.",
+        dependsOn: ["worker"],
+        target: agentTarget(input, verifierPrompt),
+        timeoutMs: 30 * 60000
+      }
+    ]
+  };
+}
+function renderLoopTemplate(id, values) {
+  if (id === TODOS_TASK_WORKER_VERIFIER_TEMPLATE_ID) {
+    return renderTodosTaskWorkerVerifierWorkflow({
+      taskId: values.taskId ?? "",
+      taskTitle: values.taskTitle,
+      taskDescription: values.taskDescription,
+      projectPath: values.projectPath ?? values.cwd ?? process.cwd(),
+      provider: values.provider,
+      authProfile: values.authProfile,
+      account: values.account ? { profile: values.account, tool: values.accountTool } : undefined,
+      model: values.model,
+      variant: values.variant,
+      agent: values.agent,
+      permissionMode: values.permissionMode,
+      sandbox: values.sandbox,
+      eventId: values.eventId,
+      eventType: values.eventType
+    });
+  }
+  if (id === EVENT_WORKER_VERIFIER_TEMPLATE_ID) {
+    return renderEventWorkerVerifierWorkflow({
+      eventId: values.eventId ?? "",
+      eventType: values.eventType ?? "",
+      eventSource: values.eventSource ?? "",
+      eventSubject: values.eventSubject,
+      eventMessage: values.eventMessage,
+      eventJson: values.eventJson ?? "",
+      projectPath: values.projectPath ?? values.cwd ?? process.cwd(),
+      provider: values.provider,
+      authProfile: values.authProfile,
+      account: values.account ? { profile: values.account, tool: values.accountTool } : undefined,
+      model: values.model,
+      variant: values.variant,
+      agent: values.agent,
+      permissionMode: values.permissionMode,
+      sandbox: values.sandbox
+    });
+  }
+  throw new Error(`unknown template: ${id}`);
+}
 // src/lib/doctor.ts
 import { spawnSync as spawnSync3 } from "child_process";
 import { accessSync as accessSync2, constants as constants2 } from "fs";
@@ -3945,17 +4326,35 @@ async function stopDaemon(opts = {}) {
 // src/lib/doctor.ts
 var PROVIDER_COMMANDS = [
   "claude",
-  "cursor-agent",
+  "cursor agent",
   "codewith",
   "aicopilot",
   "opencode",
   "codex"
 ];
 function hasCommand(command) {
+  if (command === "cursor agent") {
+    return hasCommand("cursor") || hasCommand("agent");
+  }
   const result = spawnSync3("sh", ["-c", 'command -v "$1" >/dev/null', "sh", command], { stdio: "ignore" });
   return (result.status ?? 1) === 0;
 }
 function commandVersion(command) {
+  if (command === "cursor agent") {
+    const cursorResult = spawnSync3("cursor", ["agent", "--version"], {
+      encoding: "utf8",
+      stdio: ["ignore", "pipe", "pipe"]
+    });
+    if ((cursorResult.status ?? 1) === 0)
+      return (cursorResult.stdout || cursorResult.stderr).trim().split(/\r?\n/)[0];
+    const agentResult = spawnSync3("agent", ["--version"], {
+      encoding: "utf8",
+      stdio: ["ignore", "pipe", "pipe"]
+    });
+    if ((agentResult.status ?? 1) === 0)
+      return (agentResult.stdout || agentResult.stderr).trim().split(/\r?\n/)[0];
+    return;
+  }
   const result = spawnSync3(command, ["--version"], {
     encoding: "utf8",
     stdio: ["ignore", "pipe", "pipe"]
@@ -4040,6 +4439,9 @@ export {
   rollupSummary,
   resolveLoopMachine,
   resolveGoalModel,
+  renderTodosTaskWorkerVerifierWorkflow,
+  renderLoopTemplate,
+  renderEventWorkerVerifierWorkflow,
   refreshLoopMachine,
   readyNodeKeys,
   preflightWorkflow,
@@ -4049,13 +4451,17 @@ export {
   nextCronRun,
   loops,
   listOpenMachines,
+  listLoopTemplates,
   isTerminal as isGoalTerminal,
   initialNextRun,
+  getLoopTemplate,
   executeWorkflow,
   executeTarget,
   executeLoopTarget,
   executeLoop,
   computeNextAfter,
+  TODOS_TASK_WORKER_VERIFIER_TEMPLATE_ID,
   Store,
-  LoopsClient
+  LoopsClient,
+  EVENT_WORKER_VERIFIER_TEMPLATE_ID
 };

package/dist/lib/store.js CHANGED Viewed

@@ -368,6 +368,35 @@ function validateTarget(value, label) {
       if (value.provider !== "codewith")
         throw new Error(`${label}.authProfile is currently supported only for provider codewith`);
     }
+    if (value.variant !== undefined)
+      assertString(value.variant, `${label}.variant`);
+    if (value.permissionMode !== undefined) {
+      assertString(value.permissionMode, `${label}.permissionMode`);
+      const permissionModes = ["default", "plan", "auto", "bypass"];
+      if (!permissionModes.includes(value.permissionMode)) {
+        throw new Error(`${label}.permissionMode must be one of ${permissionModes.join(", ")}`);
+      }
+      if (value.permissionMode === "plan" && !["claude", "cursor"].includes(value.provider)) {
+        throw new Error(`${label}.permissionMode plan is currently supported only for provider claude or cursor`);
+      }
+      if (value.permissionMode === "auto" && value.provider !== "claude") {
+        throw new Error(`${label}.permissionMode auto is currently supported only for provider claude`);
+      }
+    }
+    if (value.sandbox !== undefined) {
+      assertString(value.sandbox, `${label}.sandbox`);
+      const codexLike = ["read-only", "workspace-write", "danger-full-access"];
+      const cursorLike = ["enabled", "disabled"];
+      if (["codewith", "codex"].includes(value.provider)) {
+        if (!codexLike.includes(value.sandbox))
+          throw new Error(`${label}.sandbox must be one of ${codexLike.join(", ")}`);
+      } else if (value.provider === "cursor") {
+        if (!cursorLike.includes(value.sandbox))
+          throw new Error(`${label}.sandbox must be one of ${cursorLike.join(", ")}`);
+      } else {
+        throw new Error(`${label}.sandbox is currently supported only for provider codewith, codex, or cursor`);
+      }
+    }
     return value;
   }
   throw new Error(`${label}.type must be command or agent`);

package/dist/lib/templates.d.ts ADDED Viewed

@@ -0,0 +1,41 @@
+import type { AccountRef, AgentPermissionMode, AgentProvider, AgentSandbox, CreateWorkflowInput, LoopTemplateSummary } from "../types.js";
+export declare const TODOS_TASK_WORKER_VERIFIER_TEMPLATE_ID = "todos-task-worker-verifier";
+export declare const EVENT_WORKER_VERIFIER_TEMPLATE_ID = "event-worker-verifier";
+export interface TodosTaskWorkflowTemplateInput {
+    taskId: string;
+    taskTitle?: string;
+    taskDescription?: string;
+    projectPath: string;
+    provider?: AgentProvider;
+    authProfile?: string;
+    account?: AccountRef;
+    model?: string;
+    variant?: string;
+    agent?: string;
+    permissionMode?: AgentPermissionMode;
+    sandbox?: AgentSandbox;
+    eventId?: string;
+    eventType?: string;
+}
+export interface EventWorkflowTemplateInput {
+    eventId: string;
+    eventType: string;
+    eventSource: string;
+    eventSubject?: string;
+    eventMessage?: string;
+    eventJson: string;
+    projectPath: string;
+    provider?: AgentProvider;
+    authProfile?: string;
+    account?: AccountRef;
+    model?: string;
+    variant?: string;
+    agent?: string;
+    permissionMode?: AgentPermissionMode;
+    sandbox?: AgentSandbox;
+}
+export declare function listLoopTemplates(): LoopTemplateSummary[];
+export declare function getLoopTemplate(id: string): LoopTemplateSummary | undefined;
+export declare function renderTodosTaskWorkerVerifierWorkflow(input: TodosTaskWorkflowTemplateInput): CreateWorkflowInput;
+export declare function renderEventWorkerVerifierWorkflow(input: EventWorkflowTemplateInput): CreateWorkflowInput;
+export declare function renderLoopTemplate(id: string, values: Record<string, string | undefined>): CreateWorkflowInput;