npm - @hybridaione/hybridclaw - Versions diffs - 0.15.0 → 0.16.0 - Mend

@hybridaione/hybridclaw 0.15.0 → 0.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (546) hide show

package/CHANGELOG.md +108 -0
package/README.md +41 -7
package/config.example.json +7 -1
package/console/dist/assets/chat-9B6dFbBr.js +157 -0
package/console/dist/assets/chat-BLTK7IwH.css +1 -0
package/console/dist/assets/{cx-BhUTAaHw.js → cx-WK-JkhB9.js} +1 -1
package/console/dist/assets/index-Cla9A2NT.js +16 -0
package/console/dist/assets/terminal-BqDi2uWz.js +1 -0
package/console/dist/icons/hybridai.png +0 -0
package/console/dist/index.html +2 -2
package/container/dist/approval-policy.js +642 -212
package/container/dist/approval-policy.js.map +1 -1
package/container/dist/browser-tools.js +1167 -121
package/container/dist/browser-tools.js.map +1 -1
package/container/dist/extensions.js +2 -9
package/container/dist/extensions.js.map +1 -1
package/container/dist/index.js +20 -14
package/container/dist/index.js.map +1 -1
package/container/dist/ipc.js +25 -9
package/container/dist/ipc.js.map +1 -1
package/container/dist/stakes-middleware.js +38 -0
package/container/dist/stakes-middleware.js.map +1 -0
package/container/dist/tool-args.js +25 -0
package/container/dist/tool-args.js.map +1 -0
package/container/dist/tools.js +158 -3
package/container/dist/tools.js.map +1 -1
package/container/dist/types.js.map +1 -1
package/container/package-lock.json +2 -2
package/container/package.json +1 -1
package/container/shared/browser-navigation.d.ts +12 -0
package/container/shared/browser-navigation.js +98 -0
package/container/shared/browser-profile.d.ts +1 -0
package/container/shared/browser-profile.js +14 -0
package/container/shared/middleware-contract.d.ts +38 -0
package/container/shared/middleware-contract.js +1 -0
package/container/shared/middleware-runner.d.ts +51 -0
package/container/shared/middleware-runner.js +158 -0
package/container/src/approval-policy.ts +908 -233
package/container/src/browser-tools.ts +1454 -131
package/container/src/extensions.ts +5 -8
package/container/src/index.ts +22 -14
package/container/src/ipc.ts +25 -9
package/container/src/stakes-middleware.ts +64 -0
package/container/src/tool-args.ts +28 -0
package/container/src/tools.ts +213 -6
package/container/src/types.ts +3 -0
package/dist/a2a/a2a-agent-card.d.ts +20 -0
package/dist/a2a/a2a-agent-card.d.ts.map +1 -0
package/dist/a2a/a2a-agent-card.js +101 -0
package/dist/a2a/a2a-agent-card.js.map +1 -0
package/dist/a2a/a2a-json-rpc.d.ts +46 -0
package/dist/a2a/a2a-json-rpc.d.ts.map +1 -0
package/dist/a2a/a2a-json-rpc.js +97 -0
package/dist/a2a/a2a-json-rpc.js.map +1 -0
package/dist/a2a/a2a-outbound.d.ts +17 -0
package/dist/a2a/a2a-outbound.d.ts.map +1 -0
package/dist/a2a/a2a-outbound.js +25 -0
package/dist/a2a/a2a-outbound.js.map +1 -0
package/dist/a2a/a2a-outbox-delivery.d.ts +19 -0
package/dist/a2a/a2a-outbox-delivery.d.ts.map +1 -0
package/dist/a2a/a2a-outbox-delivery.js +378 -0
package/dist/a2a/a2a-outbox-delivery.js.map +1 -0
package/dist/a2a/a2a-outbox-persistence.d.ts +39 -0
package/dist/a2a/a2a-outbox-persistence.d.ts.map +1 -0
package/dist/a2a/a2a-outbox-persistence.js +82 -0
package/dist/a2a/a2a-outbox-persistence.js.map +1 -0
package/dist/a2a/a2a-outbox-processor.d.ts +13 -0
package/dist/a2a/a2a-outbox-processor.d.ts.map +1 -0
package/dist/a2a/a2a-outbox-processor.js +72 -0
package/dist/a2a/a2a-outbox-processor.js.map +1 -0
package/dist/a2a/a2a-retry-policy.d.ts +4 -0
package/dist/a2a/a2a-retry-policy.d.ts.map +1 -0
package/dist/a2a/a2a-retry-policy.js +17 -0
package/dist/a2a/a2a-retry-policy.js.map +1 -0
package/dist/a2a/envelope.d.ts +7 -0
package/dist/a2a/envelope.d.ts.map +1 -1
package/dist/a2a/envelope.js +10 -3
package/dist/a2a/envelope.js.map +1 -1
package/dist/a2a/handoff-context.d.ts +6 -0
package/dist/a2a/handoff-context.d.ts.map +1 -0
package/dist/a2a/handoff-context.js +78 -0
package/dist/a2a/handoff-context.js.map +1 -0
package/dist/a2a/identity.d.ts +0 -1
package/dist/a2a/identity.d.ts.map +1 -1
package/dist/a2a/identity.js +4 -41
package/dist/a2a/identity.js.map +1 -1
package/dist/a2a/inbound-pipeline.d.ts +10 -0
package/dist/a2a/inbound-pipeline.d.ts.map +1 -0
package/dist/a2a/inbound-pipeline.js +9 -0
package/dist/a2a/inbound-pipeline.js.map +1 -0
package/dist/a2a/peer-descriptor.d.ts +32 -0
package/dist/a2a/peer-descriptor.d.ts.map +1 -0
package/dist/a2a/peer-descriptor.js +254 -0
package/dist/a2a/peer-descriptor.js.map +1 -0
package/dist/a2a/runtime.d.ts +28 -0
package/dist/a2a/runtime.d.ts.map +1 -0
package/dist/a2a/runtime.js +43 -0
package/dist/a2a/runtime.js.map +1 -0
package/dist/a2a/store.d.ts +1 -0
package/dist/a2a/store.d.ts.map +1 -1
package/dist/a2a/store.js +45 -3
package/dist/a2a/store.js.map +1 -1
package/dist/a2a/transport-registry.d.ts +45 -0
package/dist/a2a/transport-registry.d.ts.map +1 -0
package/dist/a2a/transport-registry.js +195 -0
package/dist/a2a/transport-registry.js.map +1 -0
package/dist/a2a/trust-ledger.d.ts +30 -0
package/dist/a2a/trust-ledger.d.ts.map +1 -0
package/dist/a2a/trust-ledger.js +171 -0
package/dist/a2a/trust-ledger.js.map +1 -0
package/dist/a2a/utils.d.ts +6 -0
package/dist/a2a/utils.d.ts.map +1 -1
package/dist/a2a/utils.js +39 -0
package/dist/a2a/utils.js.map +1 -1
package/dist/a2a/webhook-inbound.d.ts +31 -0
package/dist/a2a/webhook-inbound.d.ts.map +1 -0
package/dist/a2a/webhook-inbound.js +377 -0
package/dist/a2a/webhook-inbound.js.map +1 -0
package/dist/a2a/webhook-outbound.d.ts +87 -0
package/dist/a2a/webhook-outbound.d.ts.map +1 -0
package/dist/a2a/webhook-outbound.js +482 -0
package/dist/a2a/webhook-outbound.js.map +1 -0
package/dist/agent/agent.d.ts.map +1 -1
package/dist/agent/agent.js +130 -5
package/dist/agent/agent.js.map +1 -1
package/dist/agent/confidential-middleware.d.ts +4 -0
package/dist/agent/confidential-middleware.d.ts.map +1 -0
package/dist/agent/confidential-middleware.js +47 -0
package/dist/agent/confidential-middleware.js.map +1 -0
package/dist/agent/executor-types.d.ts +13 -0
package/dist/agent/executor-types.d.ts.map +1 -1
package/dist/agent/executor.d.ts +2 -1
package/dist/agent/executor.d.ts.map +1 -1
package/dist/agent/executor.js +7 -0
package/dist/agent/executor.js.map +1 -1
package/dist/agent/middleware.d.ts +42 -0
package/dist/agent/middleware.d.ts.map +1 -0
package/dist/agent/middleware.js +159 -0
package/dist/agent/middleware.js.map +1 -0
package/dist/agent/prompt-hooks.d.ts.map +1 -1
package/dist/agent/prompt-hooks.js +3 -1
package/dist/agent/prompt-hooks.js.map +1 -1
package/dist/agent/tool-summary.d.ts.map +1 -1
package/dist/agent/tool-summary.js +2 -0
package/dist/agent/tool-summary.js.map +1 -1
package/dist/agents/agent-registry.d.ts +4 -0
package/dist/agents/agent-registry.d.ts.map +1 -1
package/dist/agents/agent-registry.js +28 -2
package/dist/agents/agent-registry.js.map +1 -1
package/dist/agents/org-chart.d.ts +8 -0
package/dist/agents/org-chart.d.ts.map +1 -0
package/dist/agents/org-chart.js +62 -0
package/dist/agents/org-chart.js.map +1 -0
package/dist/audit/leak-scanner.d.ts.map +1 -1
package/dist/audit/leak-scanner.js +3 -1
package/dist/audit/leak-scanner.js.map +1 -1
package/dist/browser/browser-login.d.ts +2 -0
package/dist/browser/browser-login.d.ts.map +1 -1
package/dist/browser/browser-login.js +3 -12
package/dist/browser/browser-login.js.map +1 -1
package/dist/browser/browser-use-cloud-provider.d.ts +107 -0
package/dist/browser/browser-use-cloud-provider.d.ts.map +1 -0
package/dist/browser/browser-use-cloud-provider.js +391 -0
package/dist/browser/browser-use-cloud-provider.js.map +1 -0
package/dist/browser/local-provider.d.ts +61 -0
package/dist/browser/local-provider.d.ts.map +1 -0
package/dist/browser/local-provider.js +156 -0
package/dist/browser/local-provider.js.map +1 -0
package/dist/browser/playwright-utils.d.ts +21 -0
package/dist/browser/playwright-utils.d.ts.map +1 -0
package/dist/browser/playwright-utils.js +60 -0
package/dist/browser/playwright-utils.js.map +1 -0
package/dist/browser/provider.d.ts +118 -0
package/dist/browser/provider.d.ts.map +1 -0
package/dist/browser/provider.js +2 -0
package/dist/browser/provider.js.map +1 -0
package/dist/channels/email/connection.d.ts.map +1 -1
package/dist/channels/email/connection.js +12 -1
package/dist/channels/email/connection.js.map +1 -1
package/dist/cli/help.d.ts.map +1 -1
package/dist/cli/help.js +4 -3
package/dist/cli/help.js.map +1 -1
package/dist/cli/secret-command.d.ts.map +1 -1
package/dist/cli/secret-command.js +104 -39
package/dist/cli/secret-command.js.map +1 -1
package/dist/command-registry.d.ts.map +1 -1
package/dist/command-registry.js +2 -2
package/dist/command-registry.js.map +1 -1
package/dist/config/runtime-config-revisions.d.ts +7 -1
package/dist/config/runtime-config-revisions.d.ts.map +1 -1
package/dist/config/runtime-config-revisions.js +31 -0
package/dist/config/runtime-config-revisions.js.map +1 -1
package/dist/config/runtime-config.d.ts +17 -2
package/dist/config/runtime-config.d.ts.map +1 -1
package/dist/config/runtime-config.js +127 -9
package/dist/config/runtime-config.js.map +1 -1
package/dist/doctor/checks/browser-use.d.ts +9 -0
package/dist/doctor/checks/browser-use.d.ts.map +1 -0
package/dist/doctor/checks/browser-use.js +61 -0
package/dist/doctor/checks/browser-use.js.map +1 -0
package/dist/doctor/checks/index.d.ts.map +1 -1
package/dist/doctor/checks/index.js +6 -0
package/dist/doctor/checks/index.js.map +1 -1
package/dist/doctor/types.d.ts +1 -1
package/dist/doctor/types.d.ts.map +1 -1
package/dist/doctor/types.js +1 -0
package/dist/doctor/types.js.map +1 -1
package/dist/doctor/utils.d.ts.map +1 -1
package/dist/doctor/utils.js +3 -0
package/dist/doctor/utils.js.map +1 -1
package/dist/evals/hybridai-skills-command.d.ts.map +1 -1
package/dist/evals/hybridai-skills-command.js +1 -0
package/dist/evals/hybridai-skills-command.js.map +1 -1
package/dist/gateway/coworker-liveness.d.ts +9 -0
package/dist/gateway/coworker-liveness.d.ts.map +1 -0
package/dist/gateway/coworker-liveness.js +373 -0
package/dist/gateway/coworker-liveness.js.map +1 -0
package/dist/gateway/gateway-agent-cards.d.ts +2 -1
package/dist/gateway/gateway-agent-cards.d.ts.map +1 -1
package/dist/gateway/gateway-agent-cards.js +1 -0
package/dist/gateway/gateway-agent-cards.js.map +1 -1
package/dist/gateway/gateway-chat-service.d.ts.map +1 -1
package/dist/gateway/gateway-chat-service.js +103 -4
package/dist/gateway/gateway-chat-service.js.map +1 -1
package/dist/gateway/gateway-error-service.d.ts +10 -0
package/dist/gateway/gateway-error-service.d.ts.map +1 -0
package/dist/gateway/gateway-error-service.js +40 -0
package/dist/gateway/gateway-error-service.js.map +1 -0
package/dist/gateway/gateway-health-service.d.ts +1 -0
package/dist/gateway/gateway-health-service.d.ts.map +1 -1
package/dist/gateway/gateway-health-service.js.map +1 -1
package/dist/gateway/gateway-http-proxy.d.ts.map +1 -1
package/dist/gateway/gateway-http-proxy.js +206 -32
package/dist/gateway/gateway-http-proxy.js.map +1 -1
package/dist/gateway/gateway-http-server.d.ts.map +1 -1
package/dist/gateway/gateway-http-server.js +287 -4
package/dist/gateway/gateway-http-server.js.map +1 -1
package/dist/gateway/gateway-provider-service.d.ts.map +1 -1
package/dist/gateway/gateway-provider-service.js +3 -2
package/dist/gateway/gateway-provider-service.js.map +1 -1
package/dist/gateway/gateway-secret-injection.d.ts +48 -0
package/dist/gateway/gateway-secret-injection.d.ts.map +1 -0
package/dist/gateway/gateway-secret-injection.js +145 -0
package/dist/gateway/gateway-secret-injection.js.map +1 -0
package/dist/gateway/gateway-service.d.ts +4 -1
package/dist/gateway/gateway-service.d.ts.map +1 -1
package/dist/gateway/gateway-service.js +213 -47
package/dist/gateway/gateway-service.js.map +1 -1
package/dist/gateway/gateway-tunnel-service.d.ts.map +1 -1
package/dist/gateway/gateway-tunnel-service.js +29 -13
package/dist/gateway/gateway-tunnel-service.js.map +1 -1
package/dist/gateway/gateway-types.d.ts +54 -0
package/dist/gateway/gateway-types.d.ts.map +1 -1
package/dist/gateway/gateway-types.js.map +1 -1
package/dist/gateway/gateway.js +40 -65
package/dist/gateway/gateway.js.map +1 -1
package/dist/gateway/interactive-escalation.d.ts +129 -0
package/dist/gateway/interactive-escalation.d.ts.map +1 -0
package/dist/gateway/interactive-escalation.js +539 -0
package/dist/gateway/interactive-escalation.js.map +1 -0
package/dist/gateway/openai-compatible.d.ts.map +1 -1
package/dist/gateway/openai-compatible.js +42 -22
package/dist/gateway/openai-compatible.js.map +1 -1
package/dist/gateway/pending-approvals.d.ts.map +1 -1
package/dist/gateway/pending-approvals.js +120 -9
package/dist/gateway/pending-approvals.js.map +1 -1
package/dist/gateway/provider-fallback.d.ts +55 -0
package/dist/gateway/provider-fallback.d.ts.map +1 -0
package/dist/gateway/provider-fallback.js +191 -0
package/dist/gateway/provider-fallback.js.map +1 -0
package/dist/identity/agent-id.d.ts +32 -0
package/dist/identity/agent-id.d.ts.map +1 -0
package/dist/identity/agent-id.js +214 -0
package/dist/identity/agent-id.js.map +1 -0
package/dist/identity/resolver.d.ts +63 -0
package/dist/identity/resolver.d.ts.map +1 -0
package/dist/identity/resolver.js +236 -0
package/dist/identity/resolver.js.map +1 -0
package/dist/identity/user-id.d.ts +22 -0
package/dist/identity/user-id.d.ts.map +1 -0
package/dist/identity/user-id.js +80 -0
package/dist/identity/user-id.js.map +1 -0
package/dist/infra/container-runner.d.ts +3 -1
package/dist/infra/container-runner.d.ts.map +1 -1
package/dist/infra/container-runner.js +10 -23
package/dist/infra/container-runner.js.map +1 -1
package/dist/infra/host-runner.d.ts +3 -1
package/dist/infra/host-runner.d.ts.map +1 -1
package/dist/infra/host-runner.js +10 -23
package/dist/infra/host-runner.js.map +1 -1
package/dist/infra/ipc.d.ts +5 -0
package/dist/infra/ipc.d.ts.map +1 -1
package/dist/infra/ipc.js +39 -13
package/dist/infra/ipc.js.map +1 -1
package/dist/infra/warm-runner-utils.d.ts +17 -0
package/dist/infra/warm-runner-utils.d.ts.map +1 -1
package/dist/infra/warm-runner-utils.js +96 -1
package/dist/infra/warm-runner-utils.js.map +1 -1
package/dist/logger.d.ts.map +1 -1
package/dist/logger.js +31 -0
package/dist/logger.js.map +1 -1
package/dist/{gateway/memory-consolidation-runner.d.ts → memory/consolidation-runner.d.ts} +2 -2
package/dist/memory/consolidation-runner.d.ts.map +1 -0
package/dist/{gateway/memory-consolidation-runner.js → memory/consolidation-runner.js} +2 -2
package/dist/memory/consolidation-runner.js.map +1 -0
package/dist/memory/db.d.ts +11 -2
package/dist/memory/db.d.ts.map +1 -1
package/dist/memory/db.js +234 -7
package/dist/memory/db.js.map +1 -1
package/dist/plugins/plugin-api.d.ts.map +1 -1
package/dist/plugins/plugin-api.js +3 -0
package/dist/plugins/plugin-api.js.map +1 -1
package/dist/plugins/plugin-manager.d.ts +14 -2
package/dist/plugins/plugin-manager.d.ts.map +1 -1
package/dist/plugins/plugin-manager.js +276 -108
package/dist/plugins/plugin-manager.js.map +1 -1
package/dist/plugins/plugin-sdk.d.ts +1 -1
package/dist/plugins/plugin-sdk.d.ts.map +1 -1
package/dist/plugins/plugin-sdk.js.map +1 -1
package/dist/plugins/plugin-types.d.ts +24 -5
package/dist/plugins/plugin-types.d.ts.map +1 -1
package/dist/policy/secret-route-policy.d.ts +22 -0
package/dist/policy/secret-route-policy.d.ts.map +1 -0
package/dist/policy/secret-route-policy.js +165 -0
package/dist/policy/secret-route-policy.js.map +1 -0
package/dist/providers/anthropic.d.ts.map +1 -1
package/dist/providers/anthropic.js +2 -0
package/dist/providers/anthropic.js.map +1 -1
package/dist/providers/auxiliary.d.ts +1 -1
package/dist/providers/auxiliary.d.ts.map +1 -1
package/dist/providers/auxiliary.js +11 -10
package/dist/providers/auxiliary.js.map +1 -1
package/dist/providers/discovery-error-utils.d.ts +12 -0
package/dist/providers/discovery-error-utils.d.ts.map +1 -0
package/dist/providers/discovery-error-utils.js +36 -0
package/dist/providers/discovery-error-utils.js.map +1 -0
package/dist/providers/huggingface.d.ts.map +1 -1
package/dist/providers/huggingface.js +1 -0
package/dist/providers/huggingface.js.map +1 -1
package/dist/providers/hybridai-discovery.d.ts +2 -0
package/dist/providers/hybridai-discovery.d.ts.map +1 -1
package/dist/providers/hybridai-discovery.js +53 -0
package/dist/providers/hybridai-discovery.js.map +1 -1
package/dist/providers/hybridai.d.ts.map +1 -1
package/dist/providers/hybridai.js +1 -0
package/dist/providers/hybridai.js.map +1 -1
package/dist/providers/local-ollama.d.ts.map +1 -1
package/dist/providers/local-ollama.js +1 -0
package/dist/providers/local-ollama.js.map +1 -1
package/dist/providers/local-openai-compat.d.ts.map +1 -1
package/dist/providers/local-openai-compat.js +1 -0
package/dist/providers/local-openai-compat.js.map +1 -1
package/dist/providers/mistral.d.ts.map +1 -1
package/dist/providers/mistral.js +1 -0
package/dist/providers/mistral.js.map +1 -1
package/dist/providers/model-catalog.d.ts.map +1 -1
package/dist/providers/model-catalog.js +6 -1
package/dist/providers/model-catalog.js.map +1 -1
package/dist/providers/openai-compat-discovery.d.ts +1 -4
package/dist/providers/openai-compat-discovery.d.ts.map +1 -1
package/dist/providers/openai-compat-discovery.js +10 -5
package/dist/providers/openai-compat-discovery.js.map +1 -1
package/dist/providers/openai-compat-remote.d.ts.map +1 -1
package/dist/providers/openai-compat-remote.js +1 -0
package/dist/providers/openai-compat-remote.js.map +1 -1
package/dist/providers/openai.d.ts.map +1 -1
package/dist/providers/openai.js +1 -0
package/dist/providers/openai.js.map +1 -1
package/dist/providers/openrouter.d.ts.map +1 -1
package/dist/providers/openrouter.js +1 -0
package/dist/providers/openrouter.js.map +1 -1
package/dist/providers/task-routing.d.ts +1 -0
package/dist/providers/task-routing.d.ts.map +1 -1
package/dist/providers/task-routing.js +8 -1
package/dist/providers/task-routing.js.map +1 -1
package/dist/providers/types.d.ts +1 -0
package/dist/providers/types.d.ts.map +1 -1
package/dist/scheduler/heartbeat.d.ts.map +1 -1
package/dist/scheduler/heartbeat.js +70 -18
package/dist/scheduler/heartbeat.js.map +1 -1
package/dist/security/confidential-runtime.d.ts +1 -1
package/dist/security/confidential-runtime.d.ts.map +1 -1
package/dist/security/confidential-runtime.js +13 -3
package/dist/security/confidential-runtime.js.map +1 -1
package/dist/security/secret-handles.d.ts +29 -0
package/dist/security/secret-handles.d.ts.map +1 -0
package/dist/security/secret-handles.js +58 -0
package/dist/security/secret-handles.js.map +1 -0
package/dist/security/secret-leak-corpus.d.ts +8 -0
package/dist/security/secret-leak-corpus.d.ts.map +1 -0
package/dist/security/secret-leak-corpus.js +61 -0
package/dist/security/secret-leak-corpus.js.map +1 -0
package/dist/security/secret-normalization.d.ts +4 -0
package/dist/security/secret-normalization.d.ts.map +1 -0
package/dist/security/secret-normalization.js +10 -0
package/dist/security/secret-normalization.js.map +1 -0
package/dist/security/secret-policy.d.ts +27 -0
package/dist/security/secret-policy.d.ts.map +1 -0
package/dist/security/secret-policy.js +202 -0
package/dist/security/secret-policy.js.map +1 -0
package/dist/security/secret-refs.d.ts +13 -0
package/dist/security/secret-refs.d.ts.map +1 -1
package/dist/security/secret-refs.js +21 -2
package/dist/security/secret-refs.js.map +1 -1
package/dist/session/session-preview.d.ts.map +1 -1
package/dist/session/session-preview.js +2 -1
package/dist/session/session-preview.js.map +1 -1
package/dist/session/session-title-constants.d.ts +2 -0
package/dist/session/session-title-constants.d.ts.map +1 -0
package/dist/session/session-title-constants.js +2 -0
package/dist/session/session-title-constants.js.map +1 -0
package/dist/session/session-title.d.ts +16 -0
package/dist/session/session-title.d.ts.map +1 -0
package/dist/session/session-title.js +77 -0
package/dist/session/session-title.js.map +1 -0
package/dist/skills/agent-cv.d.ts.map +1 -1
package/dist/skills/agent-cv.js +6 -1
package/dist/skills/agent-cv.js.map +1 -1
package/dist/skills/skill-manifest.d.ts +5 -0
package/dist/skills/skill-manifest.d.ts.map +1 -1
package/dist/skills/skill-manifest.js +14 -0
package/dist/skills/skill-manifest.js.map +1 -1
package/dist/skills/skills-lifecycle.d.ts.map +1 -1
package/dist/skills/skills-lifecycle.js +2 -0
package/dist/skills/skills-lifecycle.js.map +1 -1
package/dist/tui-stop.d.ts +8 -0
package/dist/tui-stop.d.ts.map +1 -0
package/dist/tui-stop.js +11 -0
package/dist/tui-stop.js.map +1 -0
package/dist/tui.d.ts +18 -0
package/dist/tui.d.ts.map +1 -1
package/dist/tui.js +225 -44
package/dist/tui.js.map +1 -1
package/dist/tunnel/cloudflare-tunnel-provider.d.ts +87 -0
package/dist/tunnel/cloudflare-tunnel-provider.d.ts.map +1 -0
package/dist/tunnel/cloudflare-tunnel-provider.js +537 -0
package/dist/tunnel/cloudflare-tunnel-provider.js.map +1 -0
package/dist/tunnel/ngrok-tunnel-provider.d.ts +1 -5
package/dist/tunnel/ngrok-tunnel-provider.d.ts.map +1 -1
package/dist/tunnel/ngrok-tunnel-provider.js +2 -10
package/dist/tunnel/ngrok-tunnel-provider.js.map +1 -1
package/dist/tunnel/tunnel-provider-utils.d.ts +5 -0
package/dist/tunnel/tunnel-provider-utils.d.ts.map +1 -1
package/dist/tunnel/tunnel-provider-utils.js +8 -0
package/dist/tunnel/tunnel-provider-utils.js.map +1 -1
package/dist/types/container.d.ts +3 -0
package/dist/types/container.d.ts.map +1 -1
package/dist/types/models.d.ts +1 -1
package/dist/types/models.d.ts.map +1 -1
package/dist/types/models.js +1 -0
package/dist/types/models.js.map +1 -1
package/dist/types/session.d.ts +3 -0
package/dist/types/session.d.ts.map +1 -1
package/dist/utils/json-object.d.ts +2 -0
package/dist/utils/json-object.d.ts.map +1 -0
package/dist/utils/json-object.js +13 -0
package/dist/utils/json-object.js.map +1 -0
package/dist/utils/transport-errors.d.ts.map +1 -1
package/dist/utils/transport-errors.js +3 -1
package/dist/utils/transport-errors.js.map +1 -1
package/dist/workflow/schema.d.ts +85 -0
package/dist/workflow/schema.d.ts.map +1 -0
package/dist/workflow/schema.js +131 -0
package/dist/workflow/schema.js.map +1 -0
package/dist/workspace.d.ts.map +1 -1
package/dist/workspace.js +21 -0
package/dist/workspace.js.map +1 -1
package/docs/content/README.md +24 -3
package/docs/content/channels/admin-console.md +1 -1
package/docs/content/developer-guide/README.md +3 -0
package/docs/content/developer-guide/approvals.md +27 -0
package/docs/content/developer-guide/architecture.md +3 -0
package/docs/content/developer-guide/identity.md +119 -0
package/docs/content/developer-guide/workflows.md +64 -0
package/docs/content/extensibility/adaptive-skills.md +1 -1
package/docs/content/extensibility/plugins.md +46 -4
package/docs/content/extensibility/skills.md +60 -1
package/docs/content/getting-started/README.md +1 -0
package/docs/content/getting-started/authentication.md +148 -4
package/docs/content/getting-started/first-channel.md +1 -1
package/docs/content/getting-started/local-vs-cloud.md +254 -0
package/docs/content/getting-started/quickstart.md +20 -0
package/docs/content/guides/bundled-skills.md +4 -3
package/docs/content/guides/cloudflare-tunnel.md +136 -0
package/docs/content/guides/remote-access.md +38 -0
package/docs/content/guides/skills/README.md +3 -3
package/docs/content/guides/skills/communication.md +2 -1
package/docs/content/guides/skills/development.md +54 -0
package/docs/content/guides/skills/integrations.md +44 -0
package/docs/content/internal/approval-rule-pipeline.md +69 -0
package/docs/content/internal/roadmap.md +394 -50
package/docs/content/manifesto.md +1 -1
package/docs/content/reference/commands.md +5 -2
package/docs/content/reference/configuration.md +23 -7
package/docs/content/reference/diagnostics.md +8 -3
package/docs/content/reference/faq.md +4 -1
package/docs/static/docs.js +4 -1
package/package.json +13 -5
package/skills/brand-voice/SKILL.md +7 -5
package/skills/download-platform-invoices/SKILL.md +146 -0
package/skills/download-platform-invoices/adapters/anthropic.cjs +4 -0
package/skills/download-platform-invoices/adapters/atlassian.cjs +4 -0
package/skills/download-platform-invoices/adapters/aws.cjs +143 -0
package/skills/download-platform-invoices/adapters/azure.cjs +115 -0
package/skills/download-platform-invoices/adapters/datev-unternehmen-online.cjs +206 -0
package/skills/download-platform-invoices/adapters/gcp.cjs +408 -0
package/skills/download-platform-invoices/adapters/github.cjs +4 -0
package/skills/download-platform-invoices/adapters/google-ads.cjs +298 -0
package/skills/download-platform-invoices/adapters/linkedin.cjs +4 -0
package/skills/download-platform-invoices/adapters/openai.cjs +4 -0
package/skills/download-platform-invoices/adapters/recorded-fixture.cjs +100 -0
package/skills/download-platform-invoices/adapters/scrape.cjs +451 -0
package/skills/download-platform-invoices/adapters/stripe.cjs +103 -0
package/skills/download-platform-invoices/fixtures/datev-unternehmen-online-upload.json +13 -0
package/skills/download-platform-invoices/fixtures/recorded-anthropic.json +87 -0
package/skills/download-platform-invoices/fixtures/recorded-atlassian.json +87 -0
package/skills/download-platform-invoices/fixtures/recorded-aws.json +68 -0
package/skills/download-platform-invoices/fixtures/recorded-azure.json +87 -0
package/skills/download-platform-invoices/fixtures/recorded-gcp.json +87 -0
package/skills/download-platform-invoices/fixtures/recorded-github.json +87 -0
package/skills/download-platform-invoices/fixtures/recorded-google-ads.json +68 -0
package/skills/download-platform-invoices/fixtures/recorded-linkedin.json +87 -0
package/skills/download-platform-invoices/fixtures/recorded-openai.json +87 -0
package/skills/download-platform-invoices/fixtures/recorded-stripe.json +68 -0
package/skills/download-platform-invoices/fixtures/stripe-invoices.json +16 -0
package/skills/download-platform-invoices/harvester.cjs +449 -0
package/skills/download-platform-invoices/helpers/audit.cjs +25 -0
package/skills/download-platform-invoices/helpers/config.cjs +245 -0
package/skills/download-platform-invoices/helpers/escalation.cjs +51 -0
package/skills/download-platform-invoices/helpers/money.cjs +125 -0
package/skills/download-platform-invoices/helpers/schema.cjs +50 -0
package/skills/download-platform-invoices/helpers/totp.cjs +37 -0
package/skills/download-platform-invoices/index.cjs +30 -0
package/skills/download-platform-invoices/schema.json +37 -0
package/skills/warehouse-sql/SKILL.md +164 -0
package/skills/warehouse-sql/evals/tpch_eval_planner.py +132 -0
package/skills/warehouse-sql/evals/tpch_scenarios.json +86 -0
package/skills/warehouse-sql/evals/tpch_tiny.sql +80 -0
package/skills/warehouse-sql/references/backend-contract.md +64 -0
package/skills/warehouse-sql/scripts/warehouse_sql.py +1469 -0
package/console/dist/assets/chat-CwaxVsg1.js +0 -93
package/console/dist/assets/chat-DN6j8zuG.css +0 -1
package/console/dist/assets/index-De9e9-ta.js +0 -16
package/console/dist/assets/terminal-DFbKWIqg.js +0 -1
package/dist/gateway/memory-consolidation-runner.d.ts.map +0 -1
package/dist/gateway/memory-consolidation-runner.js.map +0 -1

package/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,114 @@
 ## Unreleased
+## [0.16.0](https://github.com/HybridAIOne/hybridclaw/tree/v0.16.0) - 2026-05-07
+### Added
+- **macOS desktop wrapper**: Source builds can run `npm run desktop` for a
+  native Electron shell around the existing `/chat` experience, with menu
+  access to `/admin`, automatic local-gateway startup, packaged runtime
+  preparation, and DMG build scripts.
+- **Browser provider substrate**: Browser automation can run through a local
+  persistent Playwright profile or Browser Use Cloud CDP sessions. Browser Use
+  Cloud reads `BROWSER_USE_API_KEY` from the encrypted secret store, records
+  usage/audit events, rejects unsafe local profile hints, and reports setup
+  problems through `hybridclaw doctor browser-use`.
+- **Cloudflare Tunnel provider**: Local gateways can use
+  `deployment.tunnel.provider=cloudflare` with `CLOUDFLARE_TUNNEL_TOKEN` or
+  certificate credentials from encrypted runtime secrets, plus a dedicated
+  setup guide and admin tunnel status.
+- **A2A outbound delivery**: Agent-to-agent envelopes can be delivered through
+  JSON-RPC Agent Card peers or signed webhook peers with an outbox processor,
+  retry/backoff, audit events, secret-backed bearer tokens, and operator
+  escalation when delivery cannot continue safely.
+- **A2A webhook inbound endpoint**: Gateways accept signed envelopes from
+  trusted non-A2A peers at `POST /a2a/webhook/:peerId` with HMAC-SHA256
+  verification, replay-window enforcement, per-peer SecretRef-backed shared
+  secrets, sender/recipient validation against local agents, configurable
+  per-peer rate limiting (default 60/min → 429), and structured audit events
+  for every inbound POST.
+- **Monthly invoice harvester skill**: The bundled
+  `download-platform-invoices` skill collects official SaaS invoice PDFs and
+  normalized records across Stripe, Google Ads, AWS, Azure, GCP, browser-driven
+  SaaS portals, and DATEV Unternehmen Online handoff flows.
+- **Warehouse SQL skill**: The bundled `warehouse-sql` skill reviews and runs
+  read-only natural-language SQL against cached warehouse schemas, with a
+  deterministic SQLite eval fixture and optional connector-backed execution for
+  production warehouses.
+- **Google OAuth secret routes**: `hybridclaw secret route ...` and
+  `/secret route ...` can map URL prefixes to stored secrets or short-lived
+  Google OAuth access tokens for direct `http_request` calls such as Google Ads
+  API access.
+- **Interactive escalation handoff**: Runtime middleware can pause for
+  operator-facing escalation, collect resumable interaction context, and expose
+  browser controls for continuing or resolving pending approvals.
+- **AI-generated session titles**: `auxiliaryModels.session_title` can use an
+  auxiliary model to title recent sessions from the first user message while
+  preserving the local preview fallback when disabled.
+- **Canonical identity discovery**: User and agent identities now have shared
+  parsers, local instance-id allocation, and DNS-style TXT discovery records
+  that map canonical identities to peer URLs and public keys for federation.
+- **Per-agent liveness surface**: Gateway status now includes agent liveness
+  metadata for admin and health surfaces.
+- **Workflow definition schema**: YAML workflow definitions can declare
+  agent-owned steps, transitions, and `stakes_threshold` escalation hints with
+  validation coverage.
+- **Classifier middleware contract**: Agent middleware can classify, warn,
+  transform, block, or escalate pre-send and post-receive content, giving
+  plugins such as `brand-voice` and confidential leak checks a shared runtime
+  surface.
+- **Console skill ZIP overwrite control**: The admin Skills page can upload a
+  skill ZIP with an explicit `--force` overwrite option while preserving the
+  existing skill if the replacement copy fails.
+### Changed
+- **Approval policy rule pipeline**: Container approval evaluation now runs
+  through a hook-fed, policy-orderable rule pipeline, preserving the existing
+  trust-store layout while giving plugins pre/post tool-use visibility.
+- **Provider fallback chains**: `HYBRIDAI_FALLBACK_CHAIN` can route model calls
+  to alternate providers on auth and rate-limit failures, with primary-provider
+  cooldowns and streaming-safe retry gates.
+- **A2A retry classification is shared**: Outbound A2A delivery and transport
+  error handling use common retry classifications so transient failures,
+  permanent failures, and escalation paths stay consistent.
+- **Web chat sessions are easier to resume**: Recent-session history has clearer
+  titles/snippets, agent switching is more stable, and active-session routing is
+  less prone to stale agent state after UI changes.
+- **Browser tooling is stricter and more capable**: Browser tools share
+  navigation/profile guards, support reusable browser login state across host
+  and container runtimes, and handle download-heavy invoice flows more
+  predictably.
+- **TUI activity rendering is calmer**: Tool activity rows stack and de-dupe
+  more cleanly, repeated activity lines are suppressed, and `Esc` stops the
+  active run instead of leaving the session running in the background.
+- **Secret-bearing tool calls are narrower**: Gateway-side secret injection
+  resolves non-LLM credentials and Google OAuth tokens at request time instead
+  of exposing long-lived credentials to agent context.
+- **Provider discovery errors are clearer**: Shared discovery-error helpers and
+  normalized OpenRouter fallback hints keep model selection output less noisy.
+- **IMAP polling failures stay local**: Email transport timeouts are contained
+  to the IMAP connection path instead of leaking into broader gateway state.
+- **Release automation is stricter**: Release workflows validate promoted image
+  tags, pin newer checkout/setup actions, tolerate build-cache export failures,
+  and enforce the Node engine during npm installs.
+### Fixed
+- **Gateway transport timeout resilience**: Host/container transport timeouts no
+  longer bring down the gateway; affected runs fail locally while the gateway
+  stays available for subsequent work.
+- **Google Ads invoice harvesting**: Google Ads invoice discovery and PDF
+  downloads use the correct InvoiceService and GoogleAdsService paths,
+  including accessible-customer, manager-client, and billing-setup discovery.
+- **TUI stop behavior**: Pressing `Esc` reliably stops the in-flight TUI
+  session run.
+- **TUI tool activity duplication**: Repeated and stacked tool rows no longer
+  produce noisy duplicate output.
+- **OpenRouter fallback hints**: HybridAI-prefixed model hints are stripped
+  before OpenRouter fallback resolution.
 ## [0.15.0](https://github.com/HybridAIOne/hybridclaw/tree/v0.15.0) - 2026-04-29
 ### Added

package/README.md CHANGED Viewed

@@ -84,6 +84,18 @@ Open locally:
 Requirement: Node.js 22 (Docker recommended for sandbox)
+Desktop wrapper from source:
+```bash
+npm install
+npm run desktop
+```
+The Electron workspace opens the existing `/chat` surface in a native macOS
+window, exposes `/admin` from the app menu, reuses a running local gateway when
+available, and starts the bundled gateway automatically when it is not already
+listening on `http://127.0.0.1:9090`.
 Release notes live in [CHANGELOG.md](./CHANGELOG.md), and the browsable
 operator and maintainer manual lives at
 [hybridclaw.io/docs](https://www.hybridclaw.io/docs/).
@@ -96,7 +108,8 @@ Once the gateway is running, open HybridClaw locally:
 - Web Chat keeps a recent-session sidebar and can search conversation titles
   with contextual snippets before you reopen an older browser session
 - Web Chat shows live context-window usage, accepts `/context`, and lets you
-  switch the active agent and model from the composer
+  switch the active agent and model from the composer; active agent switching is
+  preserved across session reloads and UI route changes
 - Web Chat accepts `/btw <question>` side questions while a primary run is
   active, so you can ask an ephemeral follow-up without interrupting the
   current run
@@ -133,6 +146,8 @@ Once the gateway is running, open HybridClaw locally:
   Signal QR linking, Twilio voice settings, and per-channel instructions that
   are injected into prompts at runtime.
 - `/admin/approvals` manages approval policies from the browser.
+- Approval policy evaluation runs through a hook-fed rule pipeline, so
+  workspace policy ordering and plugin tool-use hooks share one approval path.
 - `/admin/gateway` reloads runtime config and refreshes secrets from the
   browser, and shows public URL plus tunnel status, without tearing down the
   enclosing workspace container; keep `hybridclaw gateway restart` for
@@ -144,14 +159,18 @@ Once the gateway is running, open HybridClaw locally:
   share when that split is configured.
 - `deployment.mode`, `deployment.public_url`, `deployment.tunnel.provider`, and
   `deployment.tunnel.health_check_interval_ms` describe local/cloud exposure
-  and tunnel health cadence. The built-in ngrok and Tailscale Funnel providers
-  read `NGROK_AUTHTOKEN` and `TS_AUTHKEY` from the encrypted runtime secret
-  store.
+  and tunnel health cadence. The built-in ngrok, Tailscale Funnel, and
+  Cloudflare Tunnel providers read `NGROK_AUTHTOKEN`, `TS_AUTHKEY`,
+  `CLOUDFLARE_TUNNEL_TOKEN`, and Cloudflare certificate credentials from the
+  encrypted runtime secret store.
 - `container.warmPool` keeps a bounded adaptive pool of idle host/container
   runtimes for recently active agents when low cold-start latency matters.
 - `container.persistBashState` controls whether bash tool calls share shell
   state (`cd`, exported env vars, aliases) across turns in the same active
   runtime session; `/admin/config` exposes the same setting as `Persistent bash state`.
+- `security.confidentialRedactionEnabled` controls whether optional
+  `.confidential.yml` rules redact prompts and block matching outbound text;
+  `/admin/config` exposes the same setting as `Confidential leak guard`.
 - `hybridclaw audit scan-leaks` scans historical audit logs against optional
   `.confidential.yml` rules for NDA-class client, project, person, keyword,
   and regex matches.
@@ -159,9 +178,12 @@ Once the gateway is running, open HybridClaw locally:
   exposes a custom workspace display root such as `/app`.
 - `hybridclaw tui` includes live delegate progress, pulsing tool rows,
   completion checkmarks, a keyboard-driven approval picker, and a ready-to-run
-  `hybridclaw tui --resume <sessionId>` command on exit.
+  `hybridclaw tui --resume <sessionId>` command on exit. Pressing `Esc` stops
+  the active run and returns control to the prompt.
 - `hybridclaw doctor` checks runtime health including resource hygiene
-  maintenance for stale gateway artifacts.
+  maintenance for stale gateway artifacts. `hybridclaw doctor browser-use`
+  checks the local browser automation substrate and can install missing
+  Playwright Chromium support with `--fix`.
 - `hybridclaw onboarding` and related local setup flows can restore the last
   known-good saved config snapshot or roll back to a tracked revision when
   `config.json` becomes invalid.
@@ -201,6 +223,13 @@ Once the gateway is running, open HybridClaw locally:
 - Google OAuth credentials for Workspace skills live in the encrypted runtime
   secret store; agent runtimes receive short-lived access tokens for `gog` and
   `gws` instead of long-lived refresh tokens.
+- Canonical user and agent identities use stable lowercase IDs and DNS-style
+  discovery records so A2A peers can resolve remote URLs and public keys.
+- `hybridclaw secret route ...` and `/secret route ...` can attach stored
+  secrets or Google OAuth access tokens to matching `http_request` URL
+  prefixes, including Google Ads API calls.
+- `HYBRIDAI_FALLBACK_CHAIN` can route auth and rate-limit provider failures to
+  alternate models/providers with cooldowns before retrying the primary.
 - Skills can be enabled or disabled globally or per channel from
   `hybridclaw skill enable|disable`, TUI `/skill config`, or the admin
   `Skills` page.
@@ -208,7 +237,12 @@ Once the gateway is running, open HybridClaw locally:
   credentials, supported channels, and per-agent autonomy policy.
 - Bundled skills include API-backed Google Workspace workflows (`gog`, `gws`),
   Salesforce inspection, GitHub issue queue processing (`gh-issues`),
-  brand-voice drafting, and editable Excalidraw diagram creation.
+  monthly SaaS invoice harvesting (`download-platform-invoices`),
+  natural-language warehouse SQL (`warehouse-sql`), brand-voice drafting, and
+  editable Excalidraw diagram creation.
+- Browser automation can use local persistent Playwright profiles or Browser
+  Use Cloud sessions with encrypted `BROWSER_USE_API_KEY` storage, usage
+  metering, and shared navigation guards.
 - The repo-shipped `brand-voice` plugin can flag, rewrite, or block final
   responses that violate configured voice rules before they reach users.
 - Built-in office skills handle longer PDF creation flows cleanly: the bundled

package/config.example.json CHANGED Viewed

@@ -4,7 +4,8 @@
     "trustModelAccepted": false,
     "trustModelAcceptedAt": "",
     "trustModelVersion": "",
-    "trustModelAcceptedBy": ""
+    "trustModelAcceptedBy": "",
+    "confidentialRedactionEnabled": false
   },
   "deployment": {
     "mode": "local",
@@ -398,6 +399,11 @@
       "provider": "auto",
       "model": "",
       "maxTokens": 0
+    },
+    "session_title": {
+      "provider": "auto",
+      "model": "",
+      "maxTokens": 0
     }
   },
   "container": {