@kynver-app/runtime 0.1.129 → 0.1.134
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bounded-build/exec.d.ts +3 -1
- package/dist/cli.js +49 -49
- package/dist/heavy-verification/command-classify.d.ts +9 -0
- package/dist/heavy-verification/index.d.ts +2 -0
- package/dist/heavy-verification/worker-command-gate.d.ts +23 -0
- package/dist/index.d.ts +2 -2
- package/dist/index.js +64 -64
- package/dist/instruction-bundle/contract.js +2 -2
- package/dist/prompt.d.ts +1 -1
- package/dist/runner-identity.d.ts +7 -0
- package/dist/server/heavy-verification.js +1 -1
- package/dist/server/worker-policy.d.ts +2 -0
- package/dist/server/worker-policy.js +1 -1
- package/dist/status.d.ts +3 -3
- package/package.json +1 -1
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import{createHash as u}from"node:crypto";function o(e){return JSON.stringify(i(e))}function i(e){if(Array.isArray(e))return e.map(i);if(e&&typeof e=="object"){let t={};for(let n of Object.keys(e).sort())t[n]=i(e[n]);return t}return e}function L(e){return`ib1-${u("sha256").update(o(e),"utf8").digest("hex").slice(0,16)}`}function N(e){return`ib-${u("sha256").update(Buffer.from(e)).digest("hex").slice(0,12)}`}function a(e){if(!e)return null;let t=e.trim();if(!t)return null;if(/^[0-9a-fA-F]{64}$/.test(t))return new Uint8Array(t.match(/.{2}/g).map(n=>parseInt(n,16)));try{let n=Buffer.from(t,"base64");if(n.length===32)return new Uint8Array(n)}catch{}return null}function s(e){if(!e||typeof e!="object")return!1;let t=e;if(typeof t.signature!="string"||!t.signature||typeof t.publicKeyId!="string"||!t.publicKeyId)return!1;let n=t.bundle;return!(!n||typeof n!="object"||typeof n.version!="string"||!n.version||typeof n.generatedAt!="string"||!Array.isArray(n.personas)||!n.instructions||typeof n.instructions!="object"||!n.policyThresholds||typeof n.policyThresholds!="object")}var
|
|
1
|
+
import{createHash as u}from"node:crypto";function o(e){return JSON.stringify(i(e))}function i(e){if(Array.isArray(e))return e.map(i);if(e&&typeof e=="object"){let t={};for(let n of Object.keys(e).sort())t[n]=i(e[n]);return t}return e}function L(e){return`ib1-${u("sha256").update(o(e),"utf8").digest("hex").slice(0,16)}`}function N(e){return`ib-${u("sha256").update(Buffer.from(e)).digest("hex").slice(0,12)}`}function a(e){if(!e)return null;let t=e.trim();if(!t)return null;if(/^[0-9a-fA-F]{64}$/.test(t))return new Uint8Array(t.match(/.{2}/g).map(n=>parseInt(n,16)));try{let n=Buffer.from(t,"base64");if(n.length===32)return new Uint8Array(n)}catch{}return null}function s(e){if(!e||typeof e!="object")return!1;let t=e;if(typeof t.signature!="string"||!t.signature||typeof t.publicKeyId!="string"||!t.publicKeyId)return!1;let n=t.bundle;return!(!n||typeof n!="object"||typeof n.version!="string"||!n.version||typeof n.generatedAt!="string"||!Array.isArray(n.personas)||!n.instructions||typeof n.instructions!="object"||!n.policyThresholds||typeof n.policyThresholds!="object")}var c={"ib-3bab6314f0ba":"53a2040646cd479e1f5f1aea9abf7848ce8b62e32001efb8044dfd90e8ab87ed","ib-26e6c695da06":"bb1700f25b2ee7d7cdcdb9f446f0f44ef2cc22a3096bc161232fb658e7cdaf38"};function l(e,t=process.env){let n=a(t.KYNVER_INSTRUCTION_BUNDLE_PUBLIC_KEY);if(n)return n;let r=c[e];return r?a(r):null}import{createPublicKey as f,verify as m}from"node:crypto";var g=Buffer.from("302a300506032b6570032100","hex");function y(e){return f({key:Buffer.concat([g,Buffer.from(e)]),format:"der",type:"spki"})}function d(e,t){if(!s(e))return{ok:!1,reason:"malformed signed bundle payload"};let n;try{n=Buffer.from(e.signature,"base64url")}catch{return{ok:!1,reason:"signature is not base64url"}}if(n.length!==64)return{ok:!1,reason:"signature is not a 64-byte Ed25519 signature"};try{let r=Buffer.from(o(e.bundle),"utf8");return m(null,r,y(t),n)?{ok:!0,bundle:e.bundle}:{ok:!1,reason:"Ed25519 signature mismatch"}}catch(r){return{ok:!1,reason:`signature verification failed: ${r.message}`}}}function h(e,t=process.env){if(!s(e))return{ok:!1,reason:"malformed signed bundle payload"};let n=l(e.publicKeyId,t);return n?d(e,n):{ok:!1,reason:`no verification key for publicKeyId "${e.publicKeyId}" (not pinned; set KYNVER_INSTRUCTION_BUNDLE_PUBLIC_KEY)`}}var p="embedded-1",I=[{slug:"ghost",displayName:"Ghost",description:"Orchestration persona.",dispatchLane:null,defaultRoleLane:"system"},{slug:"astra",displayName:"Astra",description:"Planning persona.",dispatchLane:"implementation",defaultRoleLane:"plan_author"},{slug:"rhea",displayName:"Rhea",description:"Implementation persona.",dispatchLane:"implementation",defaultRoleLane:"implementer"},{slug:"mnemo",displayName:"Mnemo",description:"Implementation persona.",dispatchLane:"implementation",defaultRoleLane:"implementer"},{slug:"sentinel",displayName:"Sentinel",description:"Review persona.",dispatchLane:"review",defaultRoleLane:"deep_reviewer"},{slug:"pixel",displayName:"Pixel",description:"Implementation persona.",dispatchLane:"implementation",defaultRoleLane:"implementer"},{slug:"schema",displayName:"Schema",description:"Implementation persona.",dispatchLane:"implementation",defaultRoleLane:"implementer"},{slug:"atlas",displayName:"Atlas",description:"Implementation persona.",dispatchLane:"implementation",defaultRoleLane:"runtime_verifier"},{slug:"bridge",displayName:"Bridge",description:"Implementation persona.",dispatchLane:"implementation",defaultRoleLane:"implementer"},{slug:"catalyst",displayName:"Catalyst",description:"Implementation persona.",dispatchLane:"implementation",defaultRoleLane:"implementer"},{slug:"lorentz",displayName:"Lorentz",description:"Review persona.",dispatchLane:"review",defaultRoleLane:"report_reviewer"},{slug:"dalton",displayName:"Dalton",description:"Landing persona.",dispatchLane:"landing",defaultRoleLane:"implementer"}],b={"worker.prompt.core_rules":["Structured final result (recommended): record completion as JSON with summary, files, PR URLs, verification, risks, and blockers.","Completion handoff (required): before you stop, summarize the outcome in your last message and append a heartbeat line with phase `complete`. Commit your work cleanly and open a GitHub PR (draft OK) for substantial changes \u2014 never leave uncommitted changes behind without reporting them.","Review-only workers must not open new implementation PRs \u2014 review the existing PR and record a verdict in the final result.","Keep verification targeted to touched paths; avoid full-monorepo verification unless explicitly requested.","Do not run `npm publish`.","If verification fails, append a heartbeat line immediately with the failing command, reason, and next action."].join(`
|
|
2
2
|
`),"worker.prompt.progress.compact":"Plan progress: when planId is set, report progress with `kynver plan progress --plan <planId> --row <rowKey> --role implementer --status in_progress|running|partial|blocked`. Do not mark rows done from the worker CLI.","worker.prompt.progress.full":["Structured plan progress (required when planId is set):","- Report checkpoints with `kynver plan progress --plan <planId> --row <rowKey> --role implementer --status in_progress|running|partial|blocked`.","- When a slice is finished, emit `partial` with evidence (`--evidence pr:<url>`, `--evidence path:<file>`, or `--evidence command:<cmd>`).","- Do not propose or confirm row `done` from the worker CLI."].join(`
|
|
3
3
|
`),"worker.prompt.merge_gate.compact":"Verification cost control: prefer local verification before requesting CI runs; do not push empty commits to re-trigger CI; record verification evidence on the PR.","worker.prompt.merge_gate.full":["Verification cost control:","- Prefer local verification of touched paths before requesting any CI run.","- Do not push empty commits to re-trigger CI.","- Record verification evidence on the PR before requesting review."].join(`
|
|
4
4
|
`),"worker.prompt.plan_artifacts.compact":"Plan artifacts: when authoring or revising plan documents, open a GitHub PR early and iterate from that PR branch; do not leave the canonical plan only in a local worktree.","worker.prompt.plan_artifacts.full":["Plan artifacts (when authoring or revising plan documents):","- Create a feature branch and open a GitHub PR (draft OK) before substantial drafting; commit and push the plan file.","- Iterate on that PR branch and link the PR URL on the related task and progress evidence."].join(`
|
|
5
|
-
`)},R={"harness.maxTaskAttempts":4,"harness.dispatchCooldownMs":5e3,"daemon.idleIntervalMs":5*6e4,"daemon.maxIdleStreak":10},B={version:
|
|
5
|
+
`)},R={"harness.maxTaskAttempts":4,"harness.dispatchCooldownMs":5e3,"daemon.idleIntervalMs":5*6e4,"daemon.maxIdleStreak":10},B={version:p,generatedAt:"1970-01-01T00:00:00.000Z",personas:I,instructions:b,policyThresholds:R};export{B as EMBEDDED_INSTRUCTION_BUNDLE,p as EMBEDDED_INSTRUCTION_BUNDLE_VERSION,c as PINNED_INSTRUCTION_BUNDLE_PUBLIC_KEYS,o as canonicalJsonStringify,L as computeInstructionBundleVersion,N as deriveInstructionBundleKeyId,s as isSignedInstructionBundleShape,a as parseRawEd25519Key,l as resolveInstructionBundlePublicKey,d as verifyInstructionBundleSignatureWithKey,h as verifySignedInstructionBundle};
|
package/dist/prompt.d.ts
CHANGED
|
@@ -5,7 +5,7 @@ export declare function buildPrompt(input: {
|
|
|
5
5
|
heartbeatPath: string;
|
|
6
6
|
planId?: string;
|
|
7
7
|
taskId?: string;
|
|
8
|
-
/**
|
|
8
|
+
/** Operating rules from dispatch-next `harnessWorkerContext`. */
|
|
9
9
|
instructionPolicyMarkdown?: string | null;
|
|
10
10
|
/** Anchored task context-envelope persona block (required when task has personaSlug). */
|
|
11
11
|
personaMarkdown?: string | null;
|
|
@@ -4,6 +4,13 @@ export interface RunnerPresencePayload {
|
|
|
4
4
|
profile: string | null;
|
|
5
5
|
harnessRepo: string | null;
|
|
6
6
|
runId?: string | null;
|
|
7
|
+
/**
|
|
8
|
+
* Active server-delivered instruction bundle version (M6); additive. Reports
|
|
9
|
+
* the embedded fallback version (`embedded-1`) when no server bundle has
|
|
10
|
+
* loaded — the System console instruction-freshness panel reads this from
|
|
11
|
+
* the runner registry to flag daemons running stale content.
|
|
12
|
+
*/
|
|
13
|
+
instructionBundleVersion?: string | null;
|
|
7
14
|
}
|
|
8
15
|
/** True when this host belongs to the Ghost orchestrator pool (not Hermes Forge). */
|
|
9
16
|
export declare function isGhostPoolHost(env?: NodeJS.ProcessEnv): boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{closeSync as
|
|
1
|
+
import{closeSync as z,existsSync as l,mkdirSync as I,openSync as Q,readdirSync as y,readFileSync as N,unlinkSync as O,writeFileSync as Z}from"node:fs";import S from"node:path";function f(e){if(!e)return!1;try{return process.kill(e,0),!0}catch{return!1}}import{mkdirSync as C}from"node:fs";import{tmpdir as b}from"node:os";import a from"node:path";import{homedir as _}from"node:os";import m from"node:path";function d(){let e=process.env.KYNVER_STATE_ROOT;return e?m.resolve(e):m.join(_(),".kynver","state")}function M(){return!!(process.env.VERCEL||process.env.VERCEL_ENV||process.env.AWS_LAMBDA_FUNCTION_NAME||process.env.AWS_EXECUTION_ENV)}function P(){let e=process.env.KYNVER_HEAVY_VERIFICATION_STATE_ROOT;return e?a.resolve(e):M()?a.join(b(),"kynver","state","heavy-verification"):a.join(d(),"heavy-verification")}function g(){return a.join(P(),"slots")}function c(){let e=g();return C(e,{recursive:!0}),e}var u=120*6e4,v=1;function V(e,r){let t=Number(e);return!Number.isFinite(t)||t<=0?r:Math.floor(t)}function E(){let e=process.env.KYNVER_HEAVY_VERIFICATION_SKIP?.trim().toLowerCase();return e==="1"||e==="true"||e==="yes"}function p(){let e=process.env.KYNVER_HEAVY_VERIFICATION_MAX_CONCURRENT;return e?V(e,v):v}function R(e){if(!l(e))return null;try{let r=JSON.parse(N(e,"utf8"));if(typeof r.slotId=="string"&&typeof r.pid=="number"&&typeof r.acquiredAt=="string"&&typeof r.command=="string")return r}catch{return null}return null}function k(e,r=u){if(!e||!f(e.pid))return!0;let t=Date.parse(e.acquiredAt);return Number.isNaN(t)?!0:Date.now()-t>r}function T(e,r){let t=R(e);if(k(t,r))try{O(e)}catch{}}function D(e){return I(e,{recursive:!0}),e}function h(e={}){let r=D(e.slotsDir??c()),t=e.staleMs??u,o=0;for(let n of y(r)){if(!n.endsWith(".json"))continue;let s=S.join(r,n),i=l(s);T(s,t),i&&!l(s)&&(o+=1)}return o}function w(e={}){let r=e.slotsDir??c(),t=e.staleMs??u;h({slotsDir:r,staleMs:t});let o=[];for(let n of y(r)){if(!n.endsWith(".json"))continue;let s=R(S.join(r,n));s&&!k(s,t)&&o.push(s)}return o}function A(e={}){return w(e).length}function H(e,r={}){if(E())return{admitted:!0,slotId:null,activeSlots:0,maxSlots:p(),reason:null};let t=r.slotsDir??c(),o=r.staleMs??u,n=r.maxSlots??p();h({slotsDir:t,staleMs:o});let s=A({slotsDir:t,staleMs:o}),i=s<n;return{admitted:i,slotId:null,activeSlots:s,maxSlots:n,reason:i?null:`heavy verification at capacity (${s}/${n} slots); waiting for ${e}`}}var $=["ANTHROPIC_API_KEY","ANALYST_API_KEY","RECRUITER_API_KEY","AUTH_SECRET","NEXTAUTH_SECRET","DATABASE_URL","PRODUCTION_DATABASE_URL","KYNVER_PRODUCTION_DATABASE_URL","REDIS_URL","GOOGLE_CLIENT_SECRET","GITHUB_CLIENT_SECRET","KYNVER_API_KEY","KYNVER_SERVICE_SECRET","KYNVER_RUNTIME_SECRET","KYNVER_CRON_SECRET","OPENCLAW_CRON_SECRET","QSTASH_TOKEN","QSTASH_CURRENT_SIGNING_KEY","QSTASH_NEXT_SIGNING_KEY","TOOL_SECRETS_KEK","TOOL_EXECUTOR_DISPATCH_SECRET","CLOUDFLARE_API_TOKEN","STRIPE_SECRET_KEY","STRIPE_WEBHOOK_SECRET","STRIPE_IDENTITY_WEBHOOK_SECRET","VOYAGE_API_KEY","PERPLEXITY_API_KEY","FRED_API_KEY","FMP_API_KEY","CURSOR_API_KEY"],oe=new Set($);var G={"@kynver-app/runtime":"0.1.83","@kynver-app/openclaw-agent-os":"0.1.43","@kynver-app/mcp-agent-os":"0.3.34"},ke=Object.keys(G);function x(e){let r=e.trim().split("-")[0]?.split("+")[0];if(!r)return null;let t=r.split(".");if(t.length<1||t.length>3)return null;let o=t.map(n=>Number.parseInt(n,10));if(o.some(n=>!Number.isFinite(n)||n<0))return null;for(;o.length<3;)o.push(0);return[o[0],o[1],o[2]]}function K(e,r){let t=x(e),o=x(r);if(!t||!o)return 0;for(let n=0;n<3;n+=1){if(t[n]>o[n])return 1;if(t[n]<o[n])return-1}return 0}export{H as assessHeavyVerificationGate,K as compareSemver,A as countActiveHeavyVerificationSlots,E as isHeavyVerificationGateSkipped,p as resolveHeavyVerificationMaxConcurrent};
|
|
@@ -1,2 +1,4 @@
|
|
|
1
1
|
export { auditWorkerEnv, scrubWorkerEnv, listForbiddenWorkerEnvKeys, isForbiddenWorkerEnvKey, } from "../worker-env.js";
|
|
2
2
|
export { DEFAULT_WORKER_PROVIDER, resolveConfiguredWorkerProvider, isClaudeFamilyProvider, taskAllowsClaudeWorker, enforceCursorWorkerProvider, preferCursorExecutor, type EnforceCursorWorkerProviderInput, } from "../worker-provider-policy.js";
|
|
3
|
+
export { classifyHeavyShellCommand } from "../heavy-verification/command-classify.js";
|
|
4
|
+
export { gateWorkerShellCommand, HEAVY_VERIFICATION_TOKEN_REQUIRED, type GateWorkerShellCommandOpts, type WorkerCommandGateOutcome, type WorkerCommandGateResult, } from "../heavy-verification/worker-command-gate.js";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
var
|
|
1
|
+
var n=(e,r)=>()=>(e&&(r=e(e=0)),r);function I(e){return we.has(e)?!0:Ie.some(r=>e.endsWith(r))}function X(e){return Object.keys(e).filter(I).sort()}function f(e){let r={...e};for(let t of Object.keys(r))I(t)&&delete r[t];return r}function Be(e){let r=X(e);return{forbiddenPresent:r,safe:r.length===0}}var Pe,we,Ie,d=n(()=>{"use strict";Pe=["ANTHROPIC_API_KEY","ANALYST_API_KEY","RECRUITER_API_KEY","AUTH_SECRET","NEXTAUTH_SECRET","DATABASE_URL","PRODUCTION_DATABASE_URL","KYNVER_PRODUCTION_DATABASE_URL","REDIS_URL","GOOGLE_CLIENT_SECRET","GITHUB_CLIENT_SECRET","KYNVER_API_KEY","KYNVER_SERVICE_SECRET","KYNVER_RUNTIME_SECRET","KYNVER_CRON_SECRET","OPENCLAW_CRON_SECRET","QSTASH_TOKEN","QSTASH_CURRENT_SIGNING_KEY","QSTASH_NEXT_SIGNING_KEY","TOOL_SECRETS_KEK","TOOL_EXECUTOR_DISPATCH_SECRET","CLOUDFLARE_API_TOKEN","STRIPE_SECRET_KEY","STRIPE_WEBHOOK_SECRET","STRIPE_IDENTITY_WEBHOOK_SECRET","VOYAGE_API_KEY","PERPLEXITY_API_KEY","FRED_API_KEY","FMP_API_KEY","CURSOR_API_KEY"],we=new Set(Pe),Ie=["_SECRET","_API_KEY"]});function B(e){if(!e)return!1;try{return process.kill(e,0),!0}catch{return!1}}var a=n(()=>{"use strict"});var T=n(()=>{"use strict";a();d()});var v=n(()=>{"use strict"});var Q=n(()=>{"use strict";T();v()});var M=n(()=>{"use strict"});var Z=n(()=>{"use strict"});var Ur,Hr,ee=n(()=>{"use strict";Ur=25*1024*1024*1024,Hr=12*1024*1024*1024});var jr,Vr,W=n(()=>{"use strict";ee();jr=30*1024*1024*1024,Vr=15*1024*1024*1024});import{homedir as Te}from"node:os";import Me from"node:path";var Qr,re=n(()=>{"use strict";k();v();a();Qr=Me.join(Te(),".openclaw","harness")});var K=n(()=>{"use strict";re();a()});var ne=n(()=>{"use strict";K();a()});var oe=n(()=>{"use strict"});var ie=n(()=>{"use strict";oe();a()});var se=n(()=>{"use strict"});var ae=n(()=>{"use strict";se()});var ce=n(()=>{"use strict";ae();a()});var le=n(()=>{"use strict"});var ue=n(()=>{"use strict"});var de=n(()=>{"use strict"});var U=n(()=>{"use strict"});var me=n(()=>{"use strict";U()});var fe=n(()=>{"use strict";ie();ce();le();ue();T();de();me();U();a()});var pe=n(()=>{"use strict";fe()});var Fe,Le,ge=n(()=>{"use strict";Z();k();M();H();W();K();ne();pe();a();Fe=500*1024*1024,Le=4*1024*1024*1024});var H=n(()=>{"use strict";ge()});import{homedir as $e,totalmem as Kn}from"node:os";import F from"node:path";var he,Yn,Gn,zn,qn,k=n(()=>{"use strict";Q();v();a();M();H();W();he=F.join($e(),".kynver"),Yn=F.join(he,"config.json"),Gn=F.join(he,"credentials"),zn=500*1024*1024,qn=4*1024*1024*1024});d();k();d();a();d();a();d();a();var jo=process.env.KYNVER_CODEX_DEFAULT_MODEL?.trim()||"gpt-5.4";function ze(){return process.env.KYNVER_CODEX_DEFAULT_MODEL?.trim()||"gpt-5.4"}var qe=ze();var ve="composer-2.5";var u="cursor",Je=new Set(["claude","opus","anthropic"]),Xe=[/\[worker-provider:\s*claude\]/i,/\[use-claude-worker\]/i,/\[operator-worker-provider:\s*claude\]/i];function $(e,r){let t=e[r];return typeof t=="string"?t.trim():""}function c(e){if(!e?.trim())return!1;let r=e.trim().toLowerCase();return Je.has(r)?!0:r.includes("claude")||r.includes("opus")}function L(e){if(!e)return!1;let r=e.workerProviderOverride;if(typeof r=="string"&&c(r))return!0;let t=$(e,"executorRef").toLowerCase();if(t==="provider:claude"||t.startsWith("provider:claude:")||t.includes("claude-worker-override")||t.includes("operator-claude"))return!0;let i=$(e,"description");if(Xe.some(s=>s.test(i)))return!0;let o=$(e,"title");return!!/\[use-claude-worker\]/i.test(o)}function Qe(e,r){return{provider:u,model:ve,rule:`policy:cursor_default${r}`,requestedModel:e}}function ke(e){let{routing:r,task:t}=e,i=e.explicitProvider?.trim().toLowerCase();if(e.explicitProviderIsOperatorOverride&&c(i))return{...r,provider:"claude",rule:r.rule.startsWith("explicit:")?r.rule:"explicit:operator_provider"};if(L(t)||r.rule==="explicit:cli"&&c(r.provider)||!c(r.provider))return r;let o=r.rule&&r.rule!=="default:global"?`:${r.rule.replace(/:/g,"_")}`:"";return Qe(r.model,o)}function Ze(e,r=u){let t=e?.trim();return t?c(t)?u:t==="codex"?"codex":t:r}function er(e){let r=[...new Set(e.map(t=>t.trim().toLowerCase()).filter(Boolean))];return r.includes(u)?[...new Set(r.map(t=>c(t)?u:t))]:r.every(t=>c(t))?[u]:r}var rr=/\b(npm run typecheck|tsc\b[^|&;]*--noEmit|node scripts\/verify-pr-local\.mjs|kynver (harness )?verify)\b/i,tr=/\b(npm run build\b|next build\b)\b/i,nr=/\b(vercel (build|deploy|--prod))\b/i,or=/\b(openai|anthropic|perplexity|voyage)\b.*\b(api|cli)\b|\b(paid|billable)[-_ ]?compute\b/i;function j(e){let r=e.trim();return r?or.test(r)?{heavy:!0,commandClass:"paid_compute",reason:"paid external compute requires heavy-verification token and operator approval"}:nr.test(r)?{heavy:!0,commandClass:"vercel_verify",reason:"Vercel build/deploy verification requires heavy-verification token"}:tr.test(r)?{heavy:!0,commandClass:"full_build",reason:"full app build requires heavy-verification token"}:rr.test(r)?{heavy:!0,commandClass:"full_typecheck",reason:"full repo typecheck requires heavy-verification token"}:{heavy:!1,commandClass:"allowed",reason:null}:{heavy:!1,commandClass:"allowed",reason:null}}var _="heavy_verification_token_required";import{spawnSync as Rr}from"node:child_process";a();import{closeSync as ur,existsSync as Y,mkdirSync as dr,openSync as mr,readdirSync as Se,readFileSync as fr,unlinkSync as Ce,writeFileSync as pr}from"node:fs";import z from"node:path";import{mkdirSync as sr}from"node:fs";import{tmpdir as ar}from"node:os";import S from"node:path";import{homedir as ir}from"node:os";import Re from"node:path";function xe(){let e=process.env.KYNVER_STATE_ROOT;return e?Re.resolve(e):Re.join(ir(),".kynver","state")}function cr(){return!!(process.env.VERCEL||process.env.VERCEL_ENV||process.env.AWS_LAMBDA_FUNCTION_NAME||process.env.AWS_EXECUTION_ENV)}function lr(){let e=process.env.KYNVER_HEAVY_VERIFICATION_STATE_ROOT;return e?S.resolve(e):cr()?S.join(ar(),"kynver","state","heavy-verification"):S.join(xe(),"heavy-verification")}function V(){return S.join(lr(),"slots")}function g(){let e=V();return sr(e,{recursive:!0}),e}var h=120*6e4,_e=1;function gr(e,r){let t=Number(e);return!Number.isFinite(t)||t<=0?r:Math.floor(t)}function A(){let e=process.env.KYNVER_HEAVY_VERIFICATION_SKIP?.trim().toLowerCase();return e==="1"||e==="true"||e==="yes"}function C(){let e=process.env.KYNVER_HEAVY_VERIFICATION_MAX_CONCURRENT;return e?gr(e,_e):_e}function hr(e){return`slot-${e}`}function yr(e,r=V()){return z.join(r,`${e}.json`)}function q(e){if(!Y(e))return null;try{let r=JSON.parse(fr(e,"utf8"));if(typeof r.slotId=="string"&&typeof r.pid=="number"&&typeof r.acquiredAt=="string"&&typeof r.command=="string")return r}catch{return null}return null}function E(e,r=h){if(!e||!B(e.pid))return!0;let t=Date.parse(e.acquiredAt);return Number.isNaN(t)?!0:Date.now()-t>r}function br(e,r){let t=q(e);if(E(t,r))try{Ce(e)}catch{}}function vr(e){return dr(e,{recursive:!0}),e}function J(e={}){let r=vr(e.slotsDir??g()),t=e.staleMs??h,i=0;for(let o of Se(r)){if(!o.endsWith(".json"))continue;let s=z.join(r,o),l=Y(s);br(s,t),l&&!Y(s)&&(i+=1)}return i}function kr(e={}){let r=e.slotsDir??g(),t=e.staleMs??h;J({slotsDir:r,staleMs:t});let i=[];for(let o of Se(r)){if(!o.endsWith(".json"))continue;let s=q(z.join(r,o));s&&!E(s,t)&&i.push(s)}return i}function G(e={}){return kr(e).length}function y(e,r={}){if(A())return{admitted:!0,slotId:null,activeSlots:0,maxSlots:C(),reason:null};let t=r.slotsDir??g(),i=r.staleMs??h,o=r.maxSlots??C();J({slotsDir:t,staleMs:i});for(let l=0;l<o;l+=1){let P=hr(l),w=yr(P,t),b=q(w);if(b&&E(b,i))try{Ce(w)}catch{}else if(b&&!E(b,i))continue;let Ae={slotId:P,pid:process.pid,acquiredAt:new Date().toISOString(),command:e};try{let m=mr(w,"wx");pr(m,JSON.stringify(Ae,null,2),"utf8"),ur(m);let Oe=G({slotsDir:t,staleMs:i});return{admitted:!0,slotId:P,activeSlots:Oe,maxSlots:o,reason:null}}catch(m){if(m.code==="EEXIST")continue;throw m}}let s=G({slotsDir:t,staleMs:i});return{admitted:!1,slotId:null,activeSlots:s,maxSlots:o,reason:`heavy verification at capacity (${s}/${o} slots)`}}function O(e,r={}){if(A())return{admitted:!0,slotId:null,activeSlots:0,maxSlots:C(),reason:null};let t=r.slotsDir??g(),i=r.staleMs??h,o=r.maxSlots??C();J({slotsDir:t,staleMs:i});let s=G({slotsDir:t,staleMs:i}),l=s<o;return{admitted:l,slotId:null,activeSlots:s,maxSlots:o,reason:l?null:`heavy verification at capacity (${s}/${o} slots); waiting for ${e}`}}function xr(e){e<=0||Rr(process.execPath,["-e",`const d=Date.now()+${Math.floor(e)};while(Date.now()<d);`],{stdio:"ignore"})}function Ee(e,r,t=2e3,i={}){let o=Date.now()+Math.max(0,r),s=y(e,i);for(;!s.admitted&&Date.now()<o;)xr(Math.min(t,o-Date.now())),s=y(e,i);return s}function _r(e,r={}){let t=j(e);if(!t.heavy)return{allowed:!0,outcome:"allowed",commandClass:t.commandClass,reason:"command does not require heavy-verification token",verificationGate:{...O(e),slotId:null}};if(A())return{allowed:!0,outcome:"heavy_verification_skipped",commandClass:t.commandClass,reason:"KYNVER_HEAVY_VERIFICATION_SKIP bypasses gate",verificationGate:{...O(e),slotId:null}};let i=r.waitMs??0,o=i>0?Ee(e,i,r.pollMs):y(e);return o.admitted?{allowed:!0,outcome:"allowed",commandClass:t.commandClass,reason:t.reason??"heavy-verification token acquired",verificationGate:o}:{allowed:!1,outcome:_,commandClass:t.commandClass,reason:t.reason??o.reason??_,verificationGate:o}}export{u as DEFAULT_WORKER_PROVIDER,_ as HEAVY_VERIFICATION_TOKEN_REQUIRED,Be as auditWorkerEnv,j as classifyHeavyShellCommand,ke as enforceCursorWorkerProvider,_r as gateWorkerShellCommand,c as isClaudeFamilyProvider,I as isForbiddenWorkerEnvKey,X as listForbiddenWorkerEnvKeys,er as preferCursorExecutor,Ze as resolveConfiguredWorkerProvider,f as scrubWorkerEnv,L as taskAllowsClaudeWorker};
|
package/dist/status.d.ts
CHANGED
|
@@ -6,7 +6,7 @@ export interface WorkerAttention {
|
|
|
6
6
|
state: "done" | "needs_attention" | "blocked" | "stale" | "ok";
|
|
7
7
|
reason: string;
|
|
8
8
|
}
|
|
9
|
-
/** Snapshot of
|
|
9
|
+
/** Snapshot of operating-rules policy injection at worker spawn (from dispatch-next). */
|
|
10
10
|
export interface InstructionPolicyEvidenceSnapshot {
|
|
11
11
|
fingerprint?: string;
|
|
12
12
|
ruleSlugs?: string[];
|
|
@@ -66,7 +66,7 @@ export interface HarnessWorkerRecord {
|
|
|
66
66
|
agentOsId?: string;
|
|
67
67
|
taskId?: string;
|
|
68
68
|
planId?: string;
|
|
69
|
-
/**
|
|
69
|
+
/** Operating-rules policy fingerprint when dispatch injected operating rules. */
|
|
70
70
|
instructionPolicyFingerprint?: string;
|
|
71
71
|
instructionPolicyEvidence?: InstructionPolicyEvidenceSnapshot;
|
|
72
72
|
memoryQualityCapture?: HarnessMemoryQualityCaptureSnapshot;
|
|
@@ -174,7 +174,7 @@ export interface RawHarnessWorkerStatus {
|
|
|
174
174
|
disposableArtifactsRemoved?: string[];
|
|
175
175
|
/** Fencing token from claim — echoed on completion when set. */
|
|
176
176
|
leaseToken?: string;
|
|
177
|
-
/**
|
|
177
|
+
/** Operating-rules policy fields echoed on completion status for mirror recovery. */
|
|
178
178
|
instructionPolicyFingerprint?: string | null;
|
|
179
179
|
instructionPolicyEvidence?: InstructionPolicyEvidenceSnapshot | null;
|
|
180
180
|
/** Model the worker was launched with — echoed from worker.json for usage tracking. */
|