npm - @kodelyth/lobster - Versions diffs - 2026.5.39 → 2026.5.42 - Mend

@kodelyth/lobster 2026.5.39 → 2026.5.42

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/README.md +74 -0
package/SKILL.md +97 -0
package/dist/index.js +654 -0
package/dist/runtime-api.js +3 -0
package/index.ts +24 -0
package/klaw.plugin.json +1 -3
package/package.json +2 -2
package/runtime-api.ts +12 -0
package/src/lobster-ajv-cache.ts +142 -0
package/src/lobster-core.d.ts +60 -0
package/src/lobster-runner.test.ts +597 -0
package/src/lobster-runner.ts +395 -0
package/src/lobster-taskflow.test.ts +227 -0
package/src/lobster-taskflow.ts +279 -0
package/src/lobster-tool.test.ts +352 -0
package/src/lobster-tool.ts +320 -0
package/src/taskflow-test-helpers.ts +48 -0
package/tsconfig.json +16 -0
package/index.js +0 -7
package/runtime-api.js +0 -7

package/README.md ADDED Viewed

@@ -0,0 +1,74 @@
+# Lobster (plugin)
+Adds the `lobster` agent tool as an **optional** plugin tool.
+## What this is
+- Lobster is a standalone workflow shell (typed JSON-first pipelines + approvals/resume).
+- This plugin integrates Lobster with Klaw _without core changes_.
+## Enable
+Because this tool can trigger side effects (via workflows), it is registered with `optional: true`.
+Enable it in an agent allowlist:
+```json
+{
+  "agents": {
+    "list": [
+      {
+        "id": "main",
+        "tools": {
+          "allow": [
+            "lobster" // plugin id (enables all tools from this plugin)
+          ]
+        }
+      }
+    ]
+  }
+}
+```
+## Using `klaw.invoke` (Lobster → Klaw tools)
+Some Lobster pipelines may include a `klaw.invoke` step to call back into Klaw tools/plugins (for example: `gog` for Google Workspace, `gh` for GitHub, `message.send`, etc.).
+For this to work, the Klaw Gateway must expose the tool bridge endpoint and the target tool must be allowed by policy:
+- Klaw provides an HTTP endpoint: `POST /tools/invoke`.
+- The request is gated by **gateway auth** (e.g. `Authorization: Bearer …` when token auth is enabled).
+- The invoked tool is gated by **tool policy** (global + per-agent + provider + group policy). If the tool is not allowed, Klaw returns `404 Tool not available`.
+### Allowlisting recommended
+To avoid letting workflows call arbitrary tools, set a tight allowlist on the agent that will be used by `klaw.invoke`.
+Example (allow only a small set of tools):
+```jsonc
+{
+  "agents": {
+    "list": [
+      {
+        "id": "main",
+        "tools": {
+          "allow": ["lobster", "web_fetch", "web_search", "gog", "gh"],
+          "deny": ["gateway"],
+        },
+      },
+    ],
+  },
+}
+```
+Notes:
+- If `tools.allow` is omitted or empty, it behaves like "allow everything (except denied)". For a real allowlist, set a **non-empty** `allow`.
+- Tool names depend on which plugins you have installed/enabled.
+## Security
+- Runs Lobster in process via the published `@clawdbot/lobster/core` runtime.
+- Does not manage OAuth/tokens.
+- Uses timeouts, stdout caps, and strict JSON envelope parsing.

package/SKILL.md ADDED Viewed

@@ -0,0 +1,97 @@
+# Lobster
+Lobster executes multi-step workflows with approval checkpoints. Use it when:
+- User wants a repeatable automation (triage, monitor, sync)
+- Actions need human approval before executing (send, post, delete)
+- Multiple tool calls should run as one deterministic operation
+## When to use Lobster
+| User intent                                            | Use Lobster?                                  |
+| ------------------------------------------------------ | --------------------------------------------- |
+| "Triage my email"                                      | Yes — multi-step, may send replies            |
+| "Send a message"                                       | No — single action, use message tool directly |
+| "Check my email every morning and ask before replying" | Yes — scheduled workflow with approval        |
+| "What's the weather?"                                  | No — simple query                             |
+| "Monitor this PR and notify me of changes"             | Yes — stateful, recurring                     |
+## Basic usage
+### Run a pipeline
+```json
+{
+  "action": "run",
+  "pipeline": "gog.gmail.search --query 'newer_than:1d' --max 20 | email.triage"
+}
+```
+Returns structured result:
+```json
+{
+  "protocolVersion": 1,
+  "ok": true,
+  "status": "ok",
+  "output": [{ "summary": {...}, "items": [...] }],
+  "requiresApproval": null
+}
+```
+### Handle approval
+If the workflow needs approval:
+```json
+{
+  "status": "needs_approval",
+  "output": [],
+  "requiresApproval": {
+    "prompt": "Send 3 draft replies?",
+    "items": [...],
+    "resumeToken": "..."
+  }
+}
+```
+Present the prompt to the user. If they approve:
+```json
+{
+  "action": "resume",
+  "token": "<resumeToken>",
+  "approve": true
+}
+```
+## Example workflows
+### Email triage
+```
+gog.gmail.search --query 'newer_than:1d' --max 20 | email.triage
+```
+Fetches recent emails, classifies into buckets (needs_reply, needs_action, fyi).
+### Email triage with approval gate
+```
+gog.gmail.search --query 'newer_than:1d' | email.triage | approve --prompt 'Process these?'
+```
+Same as above, but halts for approval before returning.
+## Key behaviors
+- **Deterministic**: Same input → same output (no LLM variance in pipeline execution)
+- **Approval gates**: `approve` command halts execution, returns token
+- **Resumable**: Use `resume` action with token to continue
+- **Structured output**: Always returns JSON envelope with `protocolVersion`
+## Don't use Lobster for
+- Simple single-action requests (just use the tool directly)
+- Queries that need LLM interpretation mid-flow
+- One-off tasks that won't be repeated