npm - @librechat/agents - Versions diffs - 3.2.39 → 3.2.41 - Mend

@librechat/agents 3.2.39 → 3.2.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

package/dist/cjs/tools/local/LocalCodingTools.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"LocalCodingTools.cjs","names":["truncateLocalOutput","runPostEditSyntaxCheck","path","encodeFile","getWorkspaceFS","resolveWorkspacePathSafe","classifyAttachment","imageAttachmentContent","decodeFile","diff","locateEdit","applyEdit","getSpawn","spawnLocalProcess","input","createLocalFileCheckpointer","createCompileCheckTool","createLocalBashExecutionTool","createLocalCodeExecutionTool","createLocalProgrammaticToolCallingTool","createLocalBashProgrammaticToolCallingTool","createCompileCheckToolDefinition"],"sources":["../../../../src/tools/local/LocalCodingTools.ts"],"sourcesContent":["import { basename, dirname } from 'path';\nimport { createTwoFilesPatch } from 'diff';\nimport { tool } from '@langchain/core/tools';\nimport type { DynamicStructuredTool } from '@langchain/core/tools';\nimport type * as t from '@/types';\nimport {\n createLocalBashProgrammaticToolCallingTool,\n createLocalProgrammaticToolCallingTool,\n} from './LocalProgrammaticToolCalling';\nimport {\n getSpawn,\n getWorkspaceFS,\n resolveWorkspacePathSafe,\n spawnLocalProcess,\n truncateLocalOutput,\n} from './LocalExecutionEngine';\nimport {\n createLocalBashExecutionTool,\n createLocalCodeExecutionTool,\n} from './LocalExecutionTools';\nimport {\n createCompileCheckTool,\n createCompileCheckToolDefinition,\n} from './CompileCheckTool';\nimport { classifyAttachment, imageAttachmentContent } from './attachments';\nimport { createLocalFileCheckpointer } from './FileCheckpointer';\nimport { applyEdit, locateEdit } from './editStrategies';\nimport { decodeFile, encodeFile } from './textEncoding';\nimport { runPostEditSyntaxCheck } from './syntaxCheck';\nimport { Constants } from '@/common';\n\nconst MAX_READ_CHARS = 256000;\nconst DEFAULT_MAX_RESULTS = 200;\nconst DEFAULT_MAX_READ_BYTES = 10 * 1024 * 1024;\nconst BINARY_DETECTION_BYTES = 8000;\n\n/*\n Tool name aliases retained for back-compat with consumers that imported\n * the per-file `LocalToolName` constants. The canonical names live on\n `Constants.` (see `src/common/enum.ts`); these aliases just point at\n them so a typo upstream gets caught at the type level.\n /\nexport const LocalWriteFileToolName = Constants.WRITE_FILE;\nexport const LocalEditFileToolName = Constants.EDIT_FILE;\nexport const LocalGrepSearchToolName = Constants.GREP_SEARCH;\nexport const LocalGlobSearchToolName = Constants.GLOB_SEARCH;\nexport const LocalListDirectoryToolName = Constants.LIST_DIRECTORY;\n\nexport const LocalReadFileToolSchema: t.JsonSchemaType = {\n type: 'object',\n properties: {\n file_path: {\n type: 'string',\n description:\n 'Path to a local file, relative to the configured cwd unless absolute paths are allowed.',\n },\n offset: {\n type: 'integer',\n description: 'Optional 1-indexed line offset for large files.',\n },\n limit: {\n type: 'integer',\n description: 'Optional maximum number of lines to return.',\n },\n },\n required: ['file_path'],\n};\n\nexport const LocalWriteFileToolSchema: t.JsonSchemaType = {\n type: 'object',\n properties: {\n file_path: {\n type: 'string',\n description:\n 'Path to write, relative to the configured cwd unless absolute paths are allowed.',\n },\n content: {\n type: 'string',\n description: 'Complete file contents to write.',\n },\n },\n required: ['file_path', 'content'],\n};\n\nexport const LocalEditFileToolSchema: t.JsonSchemaType = {\n type: 'object',\n properties: {\n file_path: {\n type: 'string',\n description:\n 'Path to edit, relative to the configured cwd unless absolute paths are allowed.',\n },\n old_text: {\n type: 'string',\n description: 'Exact text to replace. Must appear exactly once.',\n },\n new_text: {\n type: 'string',\n description: 'Replacement text.',\n },\n edits: {\n type: 'array',\n description:\n 'Optional batch of exact replacements. Each old_text must appear exactly once in the original file.',\n items: {\n type: 'object',\n properties: {\n old_text: { type: 'string' },\n new_text: { type: 'string' },\n },\n required: ['old_text', 'new_text'],\n },\n },\n },\n required: ['file_path'],\n};\n\nexport const LocalGrepSearchToolSchema: t.JsonSchemaType = {\n type: 'object',\n properties: {\n pattern: {\n type: 'string',\n description: 'Regex pattern to search for.',\n },\n path: {\n type: 'string',\n description: 'Directory or file to search. Defaults to cwd.',\n },\n glob: {\n type: 'string',\n description: 'Optional file glob passed to rg -g.',\n },\n max_results: {\n type: 'integer',\n description: 'Maximum matching lines to return.',\n },\n },\n required: ['pattern'],\n};\n\nexport const LocalGlobSearchToolSchema: t.JsonSchemaType = {\n type: 'object',\n properties: {\n pattern: {\n type: 'string',\n description: 'File glob pattern, for example \"src//.ts\".',\n },\n path: {\n type: 'string',\n description: 'Directory to search. Defaults to cwd.',\n },\n max_results: {\n type: 'integer',\n description: 'Maximum file paths to return.',\n },\n },\n required: ['pattern'],\n};\n\nexport const LocalListDirectoryToolSchema: t.JsonSchemaType = {\n type: 'object',\n properties: {\n path: {\n type: 'string',\n description: 'Directory to list. Defaults to cwd.',\n },\n },\n};\n\nfunction lineWindow(\n content: string,\n offset?: number,\n limit?: number\n): { text: string; truncated: boolean } {\n const start = Math.max((offset ?? 1) - 1, 0);\n // Avoid splitting the whole file when the caller asked for a small\n // window. For a 10 MB file with `offset: 1, limit: 10`, the prior\n // `content.split('\\n')` allocated millions of strings to throw all\n // but 10 away. We walk newline indices directly: O(start + limit)\n // instead of O(file). When `limit` is omitted, fall back to the\n // simple split — it's the same amount of work either way.\n if (limit == null \|\| limit <= 0) {\n const lines = content.split('\\n');\n const selected = lines.slice(start);\n const numbered = selected\n .map(\n (line, index) =>\n `${String(start + index + 1).padStart(6, ' ')}\\t${line}`\n )\n .join('\\n');\n return {\n text: truncateLocalOutput(numbered, MAX_READ_CHARS),\n truncated: numbered.length > MAX_READ_CHARS,\n };\n }\n // Walk to the start line by counting newlines.\n let cursor = 0;\n for (let i = 0; i < start; i++) {\n const next = content.indexOf('\\n', cursor);\n if (next === -1) {\n // File has fewer lines than `offset` — return empty window.\n return { text: '', truncated: false };\n }\n cursor = next + 1;\n }\n // Collect up to `limit` lines from `cursor`.\n const out: string[] = [];\n let pos = cursor;\n let exhausted = true;\n for (let k = 0; k < limit; k++) {\n const next = content.indexOf('\\n', pos);\n if (next === -1) {\n out.push(content.slice(pos));\n break;\n }\n out.push(content.slice(pos, next));\n pos = next + 1;\n if (k === limit - 1 && pos < content.length) {\n exhausted = false;\n }\n }\n const numbered = out\n .map(\n (text, index) => `${String(start + index + 1).padStart(6, ' ')}\\t${text}`\n )\n .join('\\n');\n return {\n text: truncateLocalOutput(numbered, MAX_READ_CHARS),\n truncated: !exhausted \|\| numbered.length > MAX_READ_CHARS,\n };\n}\n\nconst MAX_DIFF_CHARS = 4000;\n\ntype SyntaxRun =\n \| {\n mode: 'auto' \| 'strict';\n outcome: import('./syntaxCheck').SyntaxCheckOutcome;\n }\n \| undefined;\n\nasync function maybeRunSyntaxCheck(\n path: string,\n config: t.LocalExecutionConfig\n): Promise<SyntaxRun> {\n const mode = config.postEditSyntaxCheck ?? 'off';\n if (mode === 'off') return undefined;\n const outcome = await runPostEditSyntaxCheck(path, config);\n if (outcome == null) return undefined;\n return { mode, outcome };\n}\n\nfunction appendSyntaxCheckSummary(base: string, run: SyntaxRun): string {\n if (run == null) return base;\n if (run.outcome.ok) return base;\n const banner =\n run.mode === 'strict'\n ? `\\n\\n[syntax-check FAILED via ${run.outcome.checker}]\\n`\n : `\\n\\n[syntax-check warning via ${run.outcome.checker}]\\n`;\n return `${base}${banner}${run.outcome.output}`;\n}\n\n/*\n Revert a write_file/edit_file mutation in `postEditSyntaxCheck:\n * 'strict'` mode after the post-write syntax check failed. Strict\n * mode advertises a safety gate, so leaving the corrupted file on\n * disk + throwing is a half-broken contract — the model \"reacts\" to\n * the error but the next call sees broken on-disk state. Codex P2\n * [49]. Best-effort: a swallowed error here means the workspace is\n * still in the bad post-write state, but we still throw the\n * original syntax-check error so the caller knows.\n \n - If the file existed pre-write: restore the previous bytes with\n * the original encoding.\n * - If the file is brand-new: unlink it.\n /\nasync function revertStrictWrite(\n fs: import('./workspaceFS').WorkspaceFS,\n path: string,\n existed: boolean,\n before: string,\n encoding: { text: string; hasBom: boolean; newline: '\\n' \| '\\r\\n' }\n): Promise<void> {\n try {\n if (existed) {\n // encodeFile uses encoding.{hasBom,newline} to restore the\n // on-disk shape; the `text` field is overridden by the\n // explicit `before` arg we pass in.\n await fs.writeFile(\n path,\n encodeFile(before, { ...encoding, text: before }),\n 'utf8'\n );\n } else {\n await fs.unlink(path);\n }\n } catch {\n / best-effort: caller still sees the original syntax error /\n }\n}\n\nfunction summariseDiff(\n filePath: string,\n before: string,\n after: string\n): string {\n if (before === after) {\n return '(no textual changes)';\n }\n const name = basename(filePath);\n const patch = createTwoFilesPatch(name, name, before, after, '', '', {\n context: 3,\n });\n if (patch.length <= MAX_DIFF_CHARS) {\n return patch;\n }\n return (\n patch.slice(0, MAX_DIFF_CHARS) +\n `\\n[... diff truncated, ${patch.length - MAX_DIFF_CHARS} more chars ...]`\n );\n}\n\nfunction normalizeEdits(input: {\n old_text?: string;\n new_text?: string;\n edits?: Array<{ old_text?: string; new_text?: string }>;\n}): Array<{ oldText: string; newText: string }> {\n const edits = Array.isArray(input.edits)\n ? input.edits.map((edit) => ({\n oldText: edit.old_text ?? '',\n newText: edit.new_text ?? '',\n }))\n : [];\n\n if (input.old_text != null \|\| input.new_text != null) {\n edits.push({\n oldText: input.old_text ?? '',\n newText: input.new_text ?? '',\n });\n }\n\n return edits;\n}\n\nfunction toolDefinition(\n name: string,\n description: string,\n parameters: t.JsonSchemaType\n): t.LCTool {\n return {\n name,\n description,\n parameters,\n allowed_callers: ['direct', 'code_execution'],\n responseFormat: Constants.CONTENT_AND_ARTIFACT,\n toolType: 'builtin',\n };\n}\n\nasync function looksBinary(\n path: string,\n fs: import('./workspaceFS').WorkspaceFS\n): Promise<boolean> {\n let handle;\n try {\n handle = await fs.open(path, 'r');\n const sample = Buffer.alloc(BINARY_DETECTION_BYTES);\n const { bytesRead } = await handle.read(\n sample,\n 0,\n BINARY_DETECTION_BYTES,\n 0\n );\n for (let i = 0; i < bytesRead; i++) {\n if (sample[i] === 0) {\n return true;\n }\n }\n return false;\n } finally {\n await handle?.close();\n }\n}\n\nconst DEFAULT_MAX_ATTACHMENT_BYTES = 5 1024 * 1024;\n\nexport function createLocalReadFileTool(\n config: t.LocalExecutionConfig = {}\n): DynamicStructuredTool {\n const fs = getWorkspaceFS(config);\n return tool(\n async (rawInput) => {\n const input = rawInput as {\n file_path: string;\n offset?: number;\n limit?: number;\n };\n const path = await resolveWorkspacePathSafe(\n input.file_path,\n config,\n 'read'\n );\n const fileStat = await fs.stat(path);\n if (!fileStat.isFile()) {\n throw new Error(`Path is not a file: ${input.file_path}`);\n }\n const maxBytes = Math.max(\n config.maxReadBytes ?? DEFAULT_MAX_READ_BYTES,\n 1\n );\n if (fileStat.size > maxBytes) {\n const stub = `File is ${fileStat.size} bytes, exceeds the ${maxBytes}-byte read cap. Read a slice via bash (e.g. head/sed) or raise local.maxReadBytes.`;\n return [stub, { path, bytes: fileStat.size, truncated: true }];\n }\n\n if (await looksBinary(path, fs)) {\n const attachmentMode = config.attachReadAttachments ?? 'off';\n if (attachmentMode !== 'off') {\n const attachment = await classifyAttachment({\n path,\n bytes: fileStat.size,\n mode: attachmentMode,\n maxBytes: config.maxAttachmentBytes ?? DEFAULT_MAX_ATTACHMENT_BYTES,\n // Route through the configured WorkspaceFS so a custom\n // engine sees the same path semantics as `read_file`\n // itself (manual review finding F).\n fs,\n });\n if (attachment.kind === 'image') {\n return [\n imageAttachmentContent(path, attachment),\n {\n path,\n bytes: fileStat.size,\n mime: attachment.mime,\n attachment: 'image',\n },\n ];\n }\n if (attachment.kind === 'pdf') {\n return [\n [\n {\n type: 'text',\n text: `Read ${path} (application/pdf, ${fileStat.size} bytes). PDF attached as base64 data URL; vision-capable models that accept PDF will render it.`,\n },\n {\n type: 'image_url',\n image_url: { url: attachment.dataUrl },\n },\n ],\n {\n path,\n bytes: fileStat.size,\n mime: attachment.mime,\n attachment: 'pdf',\n },\n ];\n }\n if (attachment.kind === 'oversize') {\n return [\n `Refusing to embed ${attachment.mime} attachment (${attachment.bytes} bytes exceeds ${attachment.maxBytes}-byte cap).`,\n {\n path,\n bytes: fileStat.size,\n mime: attachment.mime,\n attachment: 'oversize',\n },\n ];\n }\n if (attachment.kind === 'binary') {\n return [\n `Refusing to read binary file (${fileStat.size} bytes, ${attachment.mime}): ${path}`,\n {\n path,\n bytes: fileStat.size,\n mime: attachment.mime,\n binary: true,\n },\n ];\n }\n // text-or-unknown falls through to the text-read path below.\n } else {\n return [\n `Refusing to read binary file (${fileStat.size} bytes): ${path}`,\n { path, bytes: fileStat.size, binary: true },\n ];\n }\n }\n\n const content = await fs.readFile(path, 'utf8');\n const result = lineWindow(content, input.offset, input.limit);\n return [\n result.truncated ? `${result.text}\\n[truncated]` : result.text,\n { path, bytes: fileStat.size },\n ];\n },\n {\n name: Constants.READ_FILE,\n description:\n 'Read a local text file from the configured working directory with line numbers. ' +\n 'When `attachReadAttachments` is enabled (e.g. images-only), reading an image returns an ' +\n '`image_url` content block so vision-capable models can see the file directly.',\n schema: LocalReadFileToolSchema,\n responseFormat: Constants.CONTENT_AND_ARTIFACT,\n }\n );\n}\n\nexport function createLocalWriteFileTool(\n config: t.LocalExecutionConfig = {},\n checkpointer?: t.LocalFileCheckpointer\n): DynamicStructuredTool {\n const fs = getWorkspaceFS(config);\n return tool(\n async (rawInput) => {\n const input = rawInput as { file_path: string; content: string };\n if (config.readOnly === true) {\n throw new Error('write_file is blocked in read-only local mode.');\n }\n const path = await resolveWorkspacePathSafe(\n input.file_path,\n config,\n 'write'\n );\n if (checkpointer != null) {\n await checkpointer.captureBeforeWrite(path);\n }\n\n let before = '';\n let encoding = { text: '', hasBom: false, newline: '\\n' as const } as\n \| ReturnType<typeof decodeFile>\n \| { text: string; hasBom: false; newline: '\\n' };\n let existed = false;\n try {\n const raw = await fs.readFile(path, 'utf8');\n const decoded = decodeFile(raw);\n before = decoded.text;\n encoding = decoded;\n existed = true;\n } catch {\n existed = false;\n }\n\n await fs.mkdir(dirname(path), { recursive: true });\n const finalText = encodeFile(input.content, encoding);\n await fs.writeFile(path, finalText, 'utf8');\n\n const syntax = await maybeRunSyntaxCheck(path, config);\n\n const diff = existed\n ? summariseDiff(path, before, input.content)\n : `(new file, ${input.content.length} chars)`;\n const baseSummary = existed\n ? `Overwrote ${path} (${input.content.length} chars). Diff:\\n${diff}`\n : `Created ${path} (${input.content.length} chars).`;\n const summary = appendSyntaxCheckSummary(baseSummary, syntax);\n if (syntax?.outcome.ok === false && syntax.mode === 'strict') {\n // Roll back the write so strict mode is an actual gate, not\n // \"fail the call AND leave the corrupted file on disk\".\n // Codex P2 [49].\n await revertStrictWrite(fs, path, existed, before, encoding);\n throw new Error(\n `write_file syntax check failed (${syntax.outcome.checker}); reverted to pre-write state.\\n${syntax.outcome.output}`\n );\n }\n return [\n summary,\n {\n path,\n bytes: finalText.length,\n new_file: !existed,\n newline: encoding.newline === '\\r\\n' ? 'CRLF' : 'LF',\n had_bom: encoding.hasBom,\n ...(syntax != null && syntax.outcome.ok === false\n ? { syntax_error: syntax.outcome.checker }\n : {}),\n },\n ];\n },\n {\n name: LocalWriteFileToolName,\n description:\n 'Create or overwrite a local text file in the configured working directory. ' +\n 'Preserves the existing BOM and line endings when overwriting; defaults to LF without BOM for new files. ' +\n 'Returns a unified diff of the changes when overwriting.',\n schema: LocalWriteFileToolSchema,\n responseFormat: Constants.CONTENT_AND_ARTIFACT,\n }\n );\n}\n\nexport function createLocalEditFileTool(\n config: t.LocalExecutionConfig = {},\n checkpointer?: t.LocalFileCheckpointer\n): DynamicStructuredTool {\n const fs = getWorkspaceFS(config);\n return tool(\n async (rawInput) => {\n const input = rawInput as {\n file_path: string;\n old_text?: string;\n new_text?: string;\n edits?: Array<{ old_text?: string; new_text?: string }>;\n };\n if (config.readOnly === true) {\n throw new Error('edit_file is blocked in read-only local mode.');\n }\n const edits = normalizeEdits(input);\n if (edits.length === 0) {\n throw new Error('edit_file requires old_text/new_text or edits[].');\n }\n\n const path = await resolveWorkspacePathSafe(\n input.file_path,\n config,\n 'write'\n );\n const raw = await fs.readFile(path, 'utf8');\n const encoding = decodeFile(raw);\n const original = encoding.text;\n\n let next = original;\n const strategiesUsed: string[] = [];\n for (let i = 0; i < edits.length; i++) {\n const edit = edits[i];\n const match = locateEdit(next, edit.oldText);\n if (match == null) {\n throw new Error(\n `Edit ${i + 1}/${edits.length}: could not locate old_text in ${input.file_path}. ` +\n 'Tried exact, line-trimmed, whitespace-normalized, and indentation-flexible matching. ' +\n 'Re-read the file and copy the literal lines.'\n );\n }\n strategiesUsed.push(match.strategy);\n next = applyEdit(next, match, edit.newText);\n }\n\n if (checkpointer != null) {\n await checkpointer.captureBeforeWrite(path);\n }\n const finalText = encodeFile(next, encoding);\n await fs.writeFile(path, finalText, 'utf8');\n\n const syntax = await maybeRunSyntaxCheck(path, config);\n\n const diff = summariseDiff(path, original, next);\n const fuzzy = strategiesUsed.some((s) => s !== 'exact');\n const baseSummary =\n `Applied ${edits.length} edit(s) to ${path}` +\n (fuzzy ? ` (strategies: ${strategiesUsed.join(', ')})` : '') +\n `. Diff:\\n${diff}`;\n const summary = appendSyntaxCheckSummary(baseSummary, syntax);\n if (syntax?.outcome.ok === false && syntax.mode === 'strict') {\n // Restore the pre-edit bytes so strict mode is an actual\n // gate (Codex P2 [49]). edit_file always operates on an\n // existing file, so `existed = true` here.\n await revertStrictWrite(fs, path, true, original, encoding);\n throw new Error(\n `edit_file syntax check failed (${syntax.outcome.checker}); reverted to pre-edit state.\\n${syntax.outcome.output}`\n );\n }\n return [\n summary,\n {\n path,\n edits: edits.length,\n strategies: strategiesUsed,\n newline: encoding.newline === '\\r\\n' ? 'CRLF' : 'LF',\n had_bom: encoding.hasBom,\n ...(syntax != null && syntax.outcome.ok === false\n ? { syntax_error: syntax.outcome.checker }\n : {}),\n },\n ];\n },\n {\n name: LocalEditFileToolName,\n description:\n 'Apply exact text replacements to a local file. The matcher tries exact, line-trimmed, whitespace-normalized, and indentation-flexible strategies in order so common LLM whitespace mistakes are recoverable. Each old_text must still match exactly one location. Returns a unified diff of the changes.',\n schema: LocalEditFileToolSchema,\n responseFormat: Constants.CONTENT_AND_ARTIFACT,\n }\n );\n}\n\n/*\n Ripgrep availability cache, keyed on the effective execution\n backend* — whatever function `getSpawn(config)` returns. Without\n * the backend key, a Run that probes `rg` over Node's\n * `child_process.spawn` would poison subsequent Runs whose\n * `local.exec.spawn` routes to a remote sandbox or container that\n * doesn't have rg installed: the cached `true` would skip the probe,\n * the rg invocation would throw, and the Node fallback wouldn't be\n * reached. Per-backend caching avoids that without paying for a\n * spawn-per-search.\n /\n// Per-backend × per-env cache. Codex P1 #34 — keying by spawn\n// backend alone misses the case where two Runs share a backend but\n// vary `local.env` (especially PATH). Stale cache then claims `rg`\n// is available, the rg path runs, and the spawn fails with ENOENT\n// instead of falling back to the Node walker. The inner Map is\n// keyed by a stable JSON hash of the effective env so each unique\n// env gets its own probe.\nlet ripgrepAvailabilityByBackend = new WeakMap<\n t.LocalSpawn,\n Map<string, Promise<boolean>>\n>();\n\nfunction envCacheKey(env: NodeJS.ProcessEnv \| undefined): string {\n // PATH is the only env entry that affects command lookup, but\n // hashing the whole env keeps the key correct for hosts that\n // vary anything else relevant. Stable JSON via sorted keys so\n // {A:1,B:2} and {B:2,A:1} produce the same hash.\n if (env == null) return '';\n const sorted: Record<string, string \| undefined> = {};\n for (const k of Object.keys(env).sort()) {\n sorted[k] = env[k];\n }\n return JSON.stringify(sorted);\n}\n\nasync function isRipgrepAvailable(\n config: t.LocalExecutionConfig\n): Promise<boolean> {\n const backend = getSpawn(config);\n let envMap = ripgrepAvailabilityByBackend.get(backend);\n if (envMap == null) {\n envMap = new Map();\n ripgrepAvailabilityByBackend.set(backend, envMap);\n }\n const envKey = envCacheKey(config.env);\n let probePromise = envMap.get(envKey);\n if (probePromise == null) {\n probePromise = spawnLocalProcess(\n 'rg',\n ['--version'],\n { ...config, timeoutMs: 5000, sandbox: { enabled: false } },\n { internal: true }\n )\n .then((probe) => probe.exitCode === 0)\n .catch(() => false);\n envMap.set(envKey, probePromise);\n }\n return probePromise;\n}\n\n/\n Test-only reset hook. Clears the ripgrep-availability cache so\n * tests can swap in mocked spawn backends and reprobe deterministically.\n \n @internal Not part of the public SDK surface; the leading underscore\n * and `@internal` tag together signal that consumers should not call\n * this. Tests import it via the module path directly.\n /\nexport function _resetRipgrepCacheForTests(): void {\n ripgrepAvailabilityByBackend = new WeakMap();\n}\n\n// Skipped by the Node-fallback walker (used when ripgrep is\n// unavailable). Covers common build outputs, virtualenvs, and\n// caches so a `grep_search`/`glob_search` on a large monorepo or a\n// Python project with `.venv/` doesn't read every file under those\n// trees. ripgrep itself respects .gitignore so it doesn't need this\n// list. Audit follow-up from the comprehensive review (finding #3).\nconst SKIP_DIRS = new Set([\n '.git',\n '.svn',\n '.hg',\n 'node_modules',\n '.next',\n '.nuxt',\n '.cache',\n '.parcel-cache',\n '.turbo',\n 'dist',\n 'build',\n 'out',\n 'target',\n 'vendor',\n 'coverage',\n '.nyc_output',\n '__pycache__',\n '.venv',\n 'venv',\n 'env',\n '.tox',\n '.mypy_cache',\n '.pytest_cache',\n '.ruff_cache',\n]);\n\nfunction globToRegExp(pattern: string): RegExp {\n let result = '^';\n for (let i = 0; i < pattern.length; i++) {\n const c = pattern[i];\n if (c === '') {\n if (pattern[i + 1] === '') {\n result += '.';\n i += 1;\n if (pattern[i + 1] === '/') {\n i += 1;\n }\n } else {\n result += '[^/]';\n }\n } else if (c === '?') {\n result += '[^/]';\n } else if ('.+^$\|(){}[]\\\\'.includes(c)) {\n result += '\\\\' + c;\n } else {\n result += c;\n }\n }\n result += '$';\n return new RegExp(result);\n}\n\nasync function walkFiles(\n root: string,\n fs: import('./workspaceFS').WorkspaceFS\n): AsyncGenerator<string> {\n const stack: string[] = [root];\n while (stack.length > 0) {\n const dir = stack.pop() as string;\n let entries;\n try {\n entries = await fs.readdir(dir, { withFileTypes: true });\n } catch {\n continue;\n }\n for (const entry of entries) {\n if (entry.name.startsWith('.git') \|\| SKIP_DIRS.has(entry.name)) {\n continue;\n }\n const full = `${dir}/${entry.name}`;\n if (entry.isDirectory()) {\n stack.push(full);\n } else if (entry.isFile()) {\n yield full;\n }\n }\n }\n}\n\n/*\n Catastrophic-backtracking guardrails for the fallback grep path.\n \n Without ripgrep we run the model-supplied pattern through Node's\n * `RegExp` engine, which uses a backtracking implementation. Patterns\n * with nested unbounded quantifiers (`(a+)+`, `(.)`, etc.) can\n * monopolise the event loop for arbitrary wall-clock time on\n * pathological input, and `setTimeout` cannot interrupt a synchronous\n * `RegExp.exec`. Manual review (finding D) flagged this as a real DoS.\n \n Mitigations applied here, in order of severity:\n * 1. Cap pattern length so an obviously oversize regex is rejected\n * before compile.\n * 2. Reject patterns that contain a nested unbounded quantifier of\n * the form `(...+\|)([+]\|{n,})` — the standard pathological\n * shape. Still a heuristic (not a full safety proof), but blocks\n * every common DoS construction we've seen in coding-agent logs.\n * 3. Wall-clock budget for the overall search: each file's regex\n * pass is checked against a deadline; once exceeded the search\n * bails with a partial result. Doesn't interrupt a stuck\n * `exec()` call, but stops a slow pattern from making the whole\n * Run hang once the first hung file finishes.\n \n Hosts that need bulletproof regex safety should install `rg` —\n * ripgrep uses RE2 internally and has no backtracking.\n /\nconst MAX_FALLBACK_PATTERN_LENGTH = 1024;\nconst FALLBACK_GREP_BUDGET_MS = 5000;\n// Per-file byte cap. Codex P2 #41 — without it, the whole-file\n// `readFile` + `split('\\n')` for a multi-GB log is an unbounded\n// allocation that the wall-clock budget (checked between files)\n// can't interrupt. Hosts that need to grep large files should\n// install ripgrep.\nconst FALLBACK_GREP_MAX_FILE_BYTES = 5 1024 * 1024;\n\n/*\n Heuristic: walks `pattern` to find any `(<contents>)<quant>` where\n * `<contents>` itself has an unbounded quantifier. Catches the\n * classic `(a+)+` form AND the double-nested `((a+)+)` form (which a\n * single-pass regex misses because `[^)]` stops at the first inner\n close-paren). Misses sufficiently obfuscated cases — bulletproof\n * ReDoS detection requires a real parser. The 5 s wall-clock budget\n * is the hard backstop for anything this slip past.\n /\nfunction hasNestedUnboundedQuantifier(pattern: string): boolean {\n for (let i = 1; i < pattern.length - 1; i++) {\n if (pattern[i] !== ')') continue;\n if (pattern[i - 1] === '\\\\') continue;\n const next = pattern[i + 1];\n if (next !== '+' && next !== '' && next !== '{') continue;\n // Walk back to find the matching opening paren (respecting depth\n // and `\$` escapes).\n let depth = 1;\n let j = i - 1;\n while (j >= 0) {\n const c = pattern[j];\n const escaped = j > 0 && pattern[j - 1] === '\\\\';\n if (!escaped) {\n if (c === ')') depth++;\n else if (c === '(') {\n depth--;\n if (depth === 0) break;\n }\n }\n j--;\n }\n if (j < 0) continue;\n const inner = pattern.slice(j + 1, i);\n if (/(?<!\\\$[+]/.test(inner)) return true;\n }\n return false;\n}\n\nclass FallbackGrepError extends Error {\n readonly kind: 'pattern-too-long' \| 'unsafe-pattern' \| 'invalid-pattern';\n constructor(\n kind: 'pattern-too-long' \| 'unsafe-pattern' \| 'invalid-pattern',\n message: string\n ) {\n super(message);\n this.kind = kind;\n }\n}\n\nfunction compileFallbackRegex(pattern: string): RegExp {\n if (pattern.length > MAX_FALLBACK_PATTERN_LENGTH) {\n throw new FallbackGrepError(\n 'pattern-too-long',\n `Pattern exceeds ${MAX_FALLBACK_PATTERN_LENGTH}-char fallback cap (install ripgrep for unbounded patterns).`\n );\n }\n if (hasNestedUnboundedQuantifier(pattern)) {\n throw new FallbackGrepError(\n 'unsafe-pattern',\n 'Pattern contains a nested unbounded quantifier (e.g. `(a+)+` or `((a+)+)`) which can cause catastrophic backtracking in the Node fallback. Install ripgrep for RE2-safe matching.'\n );\n }\n try {\n return new RegExp(pattern);\n } catch (e) {\n throw new FallbackGrepError(\n 'invalid-pattern',\n `Invalid regex: ${(e as Error).message}`\n );\n }\n}\n\n/* Structured return so callers can count matches separately from\n * diagnostic skip-sentinels (Codex P2 [43]). /\ntype FallbackGrepResult = { matches: string[]; skipped: string[] };\n\n/* Renders fallback-grep output: real matches first, skip diagnostics appended. /\nfunction formatFallbackGrepDisplay(result: FallbackGrepResult): string {\n if (result.matches.length > 0) {\n return [...result.matches, ...result.skipped].join('\\n');\n }\n if (result.skipped.length > 0) {\n return result.skipped.join('\\n');\n }\n return 'No matches found.';\n}\n\nasync function fallbackGrep(\n root: string,\n pattern: string,\n globFilter: string \| undefined,\n maxResults: number,\n fs: import('./workspaceFS').WorkspaceFS\n): Promise<FallbackGrepResult> {\n const rx = compileFallbackRegex(pattern);\n const deadline = Date.now() + FALLBACK_GREP_BUDGET_MS;\n const globRx =\n globFilter != null && globFilter !== ''\n ? globToRegExp(globFilter)\n : undefined;\n const matches: string[] = [];\n // Track skipped (oversize) files separately so they don't consume\n // the maxResults budget. Codex P2 [43]: round 14's fix pushed skip\n // sentinels into `matches`, so a directory of one oversize non-\n // matching file falsely reported `matches: 1`, and enough\n // oversize files could fill the budget before any real match was\n // scanned. Now diagnostics are appended after real matches and\n // independent of the budget.\n const skippedDiagnostics: string[] = [];\n for await (const file of walkFiles(root, fs)) {\n if (Date.now() > deadline) {\n // Wall-clock budget exceeded — return partial results rather\n // than letting a slow pattern hang the Run.\n return { matches, skipped: skippedDiagnostics };\n }\n if (globRx != null) {\n const rel = file.startsWith(root + '/')\n ? file.slice(root.length + 1)\n : file;\n if (!globRx.test(rel)) {\n continue;\n }\n }\n // Skip files larger than the per-file cap and remember them as\n // diagnostics (NOT as matches). Codex P2 [41]: pre-fix\n // `fs.readFile` then `.split('\\n')` allocated the whole file +\n // an array of every line, which a single multi-GB log could\n // turn into an OOM even after the regex DoS guards.\n let stat;\n try {\n stat = await fs.stat(file);\n } catch {\n continue;\n }\n if (stat.size > FALLBACK_GREP_MAX_FILE_BYTES) {\n skippedDiagnostics.push(\n `${file}:0:[skipped: file > ${FALLBACK_GREP_MAX_FILE_BYTES} bytes; install ripgrep for unbounded grep]`\n );\n continue;\n }\n let content;\n try {\n content = await fs.readFile(file, 'utf8');\n } catch {\n continue;\n }\n if (content.includes('\\0')) {\n continue;\n }\n // Re-check the deadline AFTER the read — a slow disk on one\n // file can blow the budget without us noticing.\n if (Date.now() > deadline) {\n return { matches, skipped: skippedDiagnostics };\n }\n const lines = content.split('\\n');\n for (let i = 0; i < lines.length; i++) {\n if (rx.test(lines[i])) {\n matches.push(`${file}:${i + 1}:${lines[i]}`);\n if (matches.length >= maxResults) {\n return { matches, skipped: skippedDiagnostics };\n }\n }\n }\n }\n return { matches, skipped: skippedDiagnostics };\n}\n\nasync function fallbackGlob(\n root: string,\n pattern: string,\n maxResults: number,\n fs: import('./workspaceFS').WorkspaceFS\n): Promise<string[]> {\n const rx = globToRegExp(pattern);\n const out: string[] = [];\n for await (const file of walkFiles(root, fs)) {\n const rel = file.startsWith(root + '/')\n ? file.slice(root.length + 1)\n : file;\n if (rx.test(rel)) {\n out.push(file);\n if (out.length >= maxResults) {\n break;\n }\n }\n }\n return out;\n}\n\nexport function createLocalGrepSearchTool(\n config: t.LocalExecutionConfig = {}\n): DynamicStructuredTool {\n const fs = getWorkspaceFS(config);\n return tool(\n async (rawInput) => {\n const input = rawInput as {\n pattern: string;\n path?: string;\n glob?: string;\n max_results?: number;\n };\n const target = await resolveWorkspacePathSafe(\n input.path ?? '.',\n config,\n 'read'\n );\n const maxResults = Math.max(input.max_results ?? DEFAULT_MAX_RESULTS, 1);\n\n if (await isRipgrepAvailable(config)) {\n // Pass the pattern through `-e` so dash-prefixed patterns\n // like `-foo` are treated as the search regex, not as a\n // (probably-unknown) flag. `rg --help` explicitly requires\n // `-e/--regexp` (or `--`) for that case. Same trick avoids\n // any future flag-conflict if a user query happens to look\n // like an rg long option.\n const args = [\n '--line-number',\n '--column',\n '--hidden',\n '--glob',\n '!.git/',\n ...(input.glob != null && input.glob !== ''\n ? ['--glob', input.glob]\n : []),\n '-e',\n input.pattern,\n target,\n ];\n const result = await spawnLocalProcess('rg', args, {\n ...config,\n timeoutMs: config.timeoutMs ?? 30000,\n });\n // ripgrep exit codes:\n // 0 → at least one match\n // 1 → no matches (clean — \"No matches found.\")\n // 2 → real error (bad regex, unreadable target, etc.)\n // Without this branch (Codex P2 #23 — same fix shape glob_search\n // got from P2 #13), exit-2 errors silently mapped to\n // `matches: 0`, so the agent treated tooling failures as a\n // genuine absence of matches.\n if (\n result.timedOut \|\|\n (result.exitCode != null && result.exitCode > 1)\n ) {\n const detail = result.stderr.trim() \|\| `rg exited ${result.exitCode}`;\n return [\n `grep_search failed: ${detail}`,\n {\n matches: 0,\n engine: 'ripgrep',\n error: detail,\n exitCode: result.exitCode,\n },\n ];\n }\n const lines = result.stdout\n .split('\\n')\n .filter(Boolean)\n .slice(0, maxResults);\n const output =\n lines.length > 0\n ? lines.join('\\n')\n : result.stderr.trim() \|\| 'No matches found.';\n return [output, { matches: lines.length, engine: 'ripgrep' }];\n }\n\n try {\n const { matches, skipped } = await fallbackGrep(\n target,\n input.pattern,\n input.glob,\n maxResults,\n fs\n );\n // Artifact count: ONLY real matches (Codex P2 [43] —\n // skip sentinels used to inflate the count and the budget).\n const display = formatFallbackGrepDisplay({ matches, skipped });\n return [\n display,\n {\n matches: matches.length,\n skipped: skipped.length,\n engine: 'node-fallback',\n },\n ];\n } catch (e) {\n if (e instanceof FallbackGrepError) {\n return [\n `grep_search refused the pattern: ${e.message}`,\n {\n matches: 0,\n engine: 'node-fallback',\n error: e.message,\n kind: e.kind,\n },\n ];\n }\n throw e;\n }\n },\n {\n name: LocalGrepSearchToolName,\n description:\n 'Search local files for a regex pattern (ripgrep when available, Node fallback otherwise).',\n schema: LocalGrepSearchToolSchema,\n responseFormat: Constants.CONTENT_AND_ARTIFACT,\n }\n );\n}\n\nexport function createLocalGlobSearchTool(\n config: t.LocalExecutionConfig = {}\n): DynamicStructuredTool {\n const fs = getWorkspaceFS(config);\n return tool(\n async (rawInput) => {\n const input = rawInput as {\n pattern: string;\n path?: string;\n max_results?: number;\n };\n const target = await resolveWorkspacePathSafe(\n input.path ?? '.',\n config,\n 'read'\n );\n const maxResults = Math.max(input.max_results ?? DEFAULT_MAX_RESULTS, 1);\n\n if (await isRipgrepAvailable(config)) {\n const result = await spawnLocalProcess(\n 'rg',\n [\n '--files',\n '--hidden',\n '--glob',\n '!.git/',\n '--glob',\n input.pattern,\n target,\n ],\n { ...config, timeoutMs: config.timeoutMs ?? 30000 }\n );\n // rg --files exit codes:\n // 0 → at least one file matched\n // 1 → no files matched (clean — \"No files found.\")\n // 2 → real error (bad glob, unreadable target, etc.)\n // Without this branch, exit-2 errors used to silently map to\n // \"No files found.\" — the agent then treats a tooling failure\n // as a real absence of matches.\n if (\n result.timedOut \|\|\n (result.exitCode != null && result.exitCode > 1)\n ) {\n const detail = result.stderr.trim() \|\| `rg exited ${result.exitCode}`;\n return [\n `glob_search failed: ${detail}`,\n {\n files: [],\n engine: 'ripgrep',\n error: detail,\n exitCode: result.exitCode,\n },\n ];\n }\n const lines = result.stdout\n .split('\\n')\n .filter(Boolean)\n .slice(0, maxResults);\n return [\n lines.length > 0 ? lines.join('\\n') : 'No files found.',\n { files: lines, engine: 'ripgrep' },\n ];\n }\n\n const files = await fallbackGlob(target, input.pattern, maxResults, fs);\n return [\n files.length > 0 ? files.join('\\n') : 'No files found.',\n { files, engine: 'node-fallback' },\n ];\n },\n {\n name: LocalGlobSearchToolName,\n description:\n 'Find local files matching a glob pattern (ripgrep when available, Node fallback otherwise).',\n schema: LocalGlobSearchToolSchema,\n responseFormat: Constants.CONTENT_AND_ARTIFACT,\n }\n );\n}\n\nexport function createLocalListDirectoryTool(\n config: t.LocalExecutionConfig = {}\n): DynamicStructuredTool {\n const fs = getWorkspaceFS(config);\n return tool(\n async (rawInput) => {\n const input = rawInput as { path?: string };\n const path = await resolveWorkspacePathSafe(\n input.path ?? '.',\n config,\n 'read'\n );\n const entries = await fs.readdir(path, { withFileTypes: true });\n const output = entries\n .map(\n (entry) => `${entry.isDirectory() ? 'dir ' : 'file'}\\t${entry.name}`\n )\n .join('\\n');\n return [output \|\| 'Directory is empty.', { path, count: entries.length }];\n },\n {\n name: LocalListDirectoryToolName,\n description: 'List files and directories in a local directory.',\n schema: LocalListDirectoryToolSchema,\n responseFormat: Constants.CONTENT_AND_ARTIFACT,\n }\n );\n}\n\nexport type LocalCodingToolBundle = {\n tools: DynamicStructuredTool[];\n /\n Present when `config.fileCheckpointing === true` or a `checkpointer`\n * was passed in. Callers can call `rewind()` to restore captured\n * pre-write contents.\n /\n checkpointer?: t.LocalFileCheckpointer;\n};\n\nexport function createLocalCodingTools(\n config: t.LocalExecutionConfig = {},\n options: { checkpointer?: t.LocalFileCheckpointer } = {}\n): DynamicStructuredTool[] {\n const checkpointer =\n options.checkpointer ??\n (config.fileCheckpointing === true\n ? createLocalFileCheckpointer({ fs: config.exec?.fs })\n : undefined);\n return [\n createLocalReadFileTool(config),\n createLocalWriteFileTool(config, checkpointer),\n createLocalEditFileTool(config, checkpointer),\n createLocalGrepSearchTool(config),\n createLocalGlobSearchTool(config),\n createLocalListDirectoryTool(config),\n createCompileCheckTool(config),\n createLocalBashExecutionTool({ config }),\n createLocalCodeExecutionTool(config),\n createLocalProgrammaticToolCallingTool(config),\n createLocalBashProgrammaticToolCallingTool(config),\n ];\n}\n\n/\n Variant of `createLocalCodingTools` that returns the bundle alongside\n * the file checkpointer so callers can later call\n * `bundle.checkpointer?.rewind()`.\n */\nexport function createLocalCodingToolBundle(\n config: t.LocalExecutionConfig = {},\n options: { checkpointer?: t.LocalFileCheckpointer } = {}\n): LocalCodingToolBundle {\n const checkpointer =\n options.checkpointer ??\n (config.fileCheckpointing === true\n ? createLocalFileCheckpointer({ fs: config.exec?.fs })\n : undefined);\n return {\n tools: createLocalCodingTools(config, { checkpointer }),\n checkpointer,\n };\n}\n\nexport function createLocalCodingToolDefinitions(): t.LCTool[] {\n return [\n toolDefinition(\n Constants.READ_FILE,\n 'Read a local text file from the configured working directory with line numbers.',\n LocalReadFileToolSchema as t.JsonSchemaType\n ),\n toolDefinition(\n LocalWriteFileToolName,\n 'Create or overwrite a local text file in the configured working directory.',\n LocalWriteFileToolSchema as t.JsonSchemaType\n ),\n toolDefinition(\n LocalEditFileToolName,\n 'Apply exact text replacements to a local file.',\n LocalEditFileToolSchema as t.JsonSchemaType\n ),\n toolDefinition(\n LocalGrepSearchToolName,\n 'Search local files with ripgrep and return matching lines.',\n LocalGrepSearchToolSchema as t.JsonSchemaType\n ),\n toolDefinition(\n LocalGlobSearchToolName,\n 'Find local files matching a glob pattern.',\n LocalGlobSearchToolSchema as t.JsonSchemaType\n ),\n toolDefinition(\n LocalListDirectoryToolName,\n 'List files and directories in a local directory.',\n LocalListDirectoryToolSchema as t.JsonSchemaType\n ),\n createCompileCheckToolDefinition(),\n ];\n}\n\nexport function createLocalCodingToolRegistry(): t.LCToolRegistry {\n return new Map(\n createLocalCodingToolDefinitions().map((definition) => [\n definition.name,\n definition,\n ])\n );\n}\n"],"mappings":";;;;;;;;;;;;;;;AA+BA,MAAM,iBAAiB;AACvB,MAAM,sBAAsB;AAC5B,MAAM,yBAAyB,KAAK,OAAO;AAC3C,MAAM,yBAAyB;;;;;;;AAQ/B,MAAa,yBAAA;AACb,MAAa,wBAAA;AACb,MAAa,0BAAA;AACb,MAAa,0BAAA;AACb,MAAa,6BAAA;AAEb,MAAa,0BAA4C;CACvD,MAAM;CACN,YAAY;EACV,WAAW;GACT,MAAM;GACN,aACE;EACJ;EACA,QAAQ;GACN,MAAM;GACN,aAAa;EACf;EACA,OAAO;GACL,MAAM;GACN,aAAa;EACf;CACF;CACA,UAAU,CAAC,WAAW;AACxB;AAEA,MAAa,2BAA6C;CACxD,MAAM;CACN,YAAY;EACV,WAAW;GACT,MAAM;GACN,aACE;EACJ;EACA,SAAS;GACP,MAAM;GACN,aAAa;EACf;CACF;CACA,UAAU,CAAC,aAAa,SAAS;AACnC;AAEA,MAAa,0BAA4C;CACvD,MAAM;CACN,YAAY;EACV,WAAW;GACT,MAAM;GACN,aACE;EACJ;EACA,UAAU;GACR,MAAM;GACN,aAAa;EACf;EACA,UAAU;GACR,MAAM;GACN,aAAa;EACf;EACA,OAAO;GACL,MAAM;GACN,aACE;GACF,OAAO;IACL,MAAM;IACN,YAAY;KACV,UAAU,EAAE,MAAM,SAAS;KAC3B,UAAU,EAAE,MAAM,SAAS;IAC7B;IACA,UAAU,CAAC,YAAY,UAAU;GACnC;EACF;CACF;CACA,UAAU,CAAC,WAAW;AACxB;AAEA,MAAa,4BAA8C;CACzD,MAAM;CACN,YAAY;EACV,SAAS;GACP,MAAM;GACN,aAAa;EACf;EACA,MAAM;GACJ,MAAM;GACN,aAAa;EACf;EACA,MAAM;GACJ,MAAM;GACN,aAAa;EACf;EACA,aAAa;GACX,MAAM;GACN,aAAa;EACf;CACF;CACA,UAAU,CAAC,SAAS;AACtB;AAEA,MAAa,4BAA8C;CACzD,MAAM;CACN,YAAY;EACV,SAAS;GACP,MAAM;GACN,aAAa;EACf;EACA,MAAM;GACJ,MAAM;GACN,aAAa;EACf;EACA,aAAa;GACX,MAAM;GACN,aAAa;EACf;CACF;CACA,UAAU,CAAC,SAAS;AACtB;AAEA,MAAa,+BAAiD;CAC5D,MAAM;CACN,YAAY,EACV,MAAM;EACJ,MAAM;EACN,aAAa;CACf,EACF;AACF;AAEA,SAAS,WACP,SACA,QACA,OACsC;CACtC,MAAM,QAAQ,KAAK,KAAK,UAAU,KAAK,GAAG,CAAC;CAO3C,IAAI,SAAS,QAAQ,SAAS,GAAG;EAG/B,MAAM,WAFQ,QAAQ,MAAM,IACP,CAAC,CAAC,MAAM,KACL,CAAC,CACtB,KACE,MAAM,UACL,GAAG,OAAO,QAAQ,QAAQ,CAAC,CAAC,CAAC,SAAS,GAAG,GAAG,EAAE,IAAI,MACtD,CAAC,CACA,KAAK,IAAI;EACZ,OAAO;GACL,MAAMA,6BAAAA,oBAAoB,UAAU,cAAc;GAClD,WAAW,SAAS,SAAS;EAC/B;CACF;CAEA,IAAI,SAAS;CACb,KAAK,IAAI,IAAI,GAAG,IAAI,OAAO,KAAK;EAC9B,MAAM,OAAO,QAAQ,QAAQ,MAAM,MAAM;EACzC,IAAI,SAAS,IAEX,OAAO;GAAE,MAAM;GAAI,WAAW;EAAM;EAEtC,SAAS,OAAO;CAClB;CAEA,MAAM,MAAgB,CAAC;CACvB,IAAI,MAAM;CACV,IAAI,YAAY;CAChB,KAAK,IAAI,IAAI,GAAG,IAAI,OAAO,KAAK;EAC9B,MAAM,OAAO,QAAQ,QAAQ,MAAM,GAAG;EACtC,IAAI,SAAS,IAAI;GACf,IAAI,KAAK,QAAQ,MAAM,GAAG,CAAC;GAC3B;EACF;EACA,IAAI,KAAK,QAAQ,MAAM,KAAK,IAAI,CAAC;EACjC,MAAM,OAAO;EACb,IAAI,MAAM,QAAQ,KAAK,MAAM,QAAQ,QACnC,YAAY;CAEhB;CACA,MAAM,WAAW,IACd,KACE,MAAM,UAAU,GAAG,OAAO,QAAQ,QAAQ,CAAC,CAAC,CAAC,SAAS,GAAG,GAAG,EAAE,IAAI,MACrE,CAAC,CACA,KAAK,IAAI;CACZ,OAAO;EACL,MAAMA,6BAAAA,oBAAoB,UAAU,cAAc;EAClD,WAAW,CAAC,aAAa,SAAS,SAAS;CAC7C;AACF;AAEA,MAAM,iBAAiB;AASvB,eAAe,oBACb,QACA,QACoB;CACpB,MAAM,OAAO,OAAO,uBAAuB;CAC3C,IAAI,SAAS,OAAO,OAAO,KAAA;CAC3B,MAAM,UAAU,MAAMC,oBAAAA,uBAAuBC,QAAM,MAAM;CACzD,IAAI,WAAW,MAAM,OAAO,KAAA;CAC5B,OAAO;EAAE;EAAM;CAAQ;AACzB;AAEA,SAAS,yBAAyB,MAAc,KAAwB;CACtE,IAAI,OAAO,MAAM,OAAO;CACxB,IAAI,IAAI,QAAQ,IAAI,OAAO;CAK3B,OAAO,GAAG,OAHR,IAAI,SAAS,WACT,gCAAgC,IAAI,QAAQ,QAAQ,OACpD,iCAAiC,IAAI,QAAQ,QAAQ,OACjC,IAAI,QAAQ;AACxC;;;;;;;;;;;;;;;AAgBA,eAAe,kBACb,IACA,QACA,SACA,QACA,UACe;CACf,IAAI;EACF,IAAI,SAIF,MAAM,GAAG,UACPA,QACAC,qBAAAA,WAAW,QAAQ;GAAE,GAAG;GAAU,MAAM;EAAO,CAAC,GAChD,MACF;OAEA,MAAM,GAAG,OAAOD,MAAI;CAExB,QAAQ,CAER;AACF;AAEA,SAAS,cACP,UACA,QACA,OACQ;CACR,IAAI,WAAW,OACb,OAAO;CAET,MAAM,QAAA,GAAA,KAAA,SAAA,CAAgB,QAAQ;CAC9B,MAAM,SAAA,GAAA,KAAA,oBAAA,CAA4B,MAAM,MAAM,QAAQ,OAAO,IAAI,IAAI,EACnE,SAAS,EACX,CAAC;CACD,IAAI,MAAM,UAAU,gBAClB,OAAO;CAET,OACE,MAAM,MAAM,GAAG,cAAc,IAC7B,0BAA0B,MAAM,SAAS,eAAe;AAE5D;AAEA,SAAS,eAAe,OAIwB;CAC9C,MAAM,QAAQ,MAAM,QAAQ,MAAM,KAAK,IACnC,MAAM,MAAM,KAAK,UAAU;EAC3B,SAAS,KAAK,YAAY;EAC1B,SAAS,KAAK,YAAY;CAC5B,EAAE,IACA,CAAC;CAEL,IAAI,MAAM,YAAY,QAAQ,MAAM,YAAY,MAC9C,MAAM,KAAK;EACT,SAAS,MAAM,YAAY;EAC3B,SAAS,MAAM,YAAY;CAC7B,CAAC;CAGH,OAAO;AACT;AAEA,SAAS,eACP,MACA,aACA,YACU;CACV,OAAO;EACL;EACA;EACA;EACA,iBAAiB,CAAC,UAAU,gBAAgB;EAC5C,gBAAA;EACA,UAAU;CACZ;AACF;AAEA,eAAe,YACb,QACA,IACkB;CAClB,IAAI;CACJ,IAAI;EACF,SAAS,MAAM,GAAG,KAAKA,QAAM,GAAG;EAChC,MAAM,SAAS,OAAO,MAAM,sBAAsB;EAClD,MAAM,EAAE,cAAc,MAAM,OAAO,KACjC,QACA,GACA,wBACA,CACF;EACA,KAAK,IAAI,IAAI,GAAG,IAAI,WAAW,KAC7B,IAAI,OAAO,OAAO,GAChB,OAAO;EAGX,OAAO;CACT,UAAU;EACR,MAAM,QAAQ,MAAM;CACtB;AACF;AAEA,MAAM,+BAA+B,IAAI,OAAO;AAEhD,SAAgB,wBACd,SAAiC,CAAC,GACX;CACvB,MAAM,KAAKE,6BAAAA,eAAe,MAAM;CAChC,QAAA,GAAA,sBAAA,KAAA,CACE,OAAO,aAAa;EAClB,MAAM,QAAQ;EAKd,MAAMF,SAAO,MAAMG,6BAAAA,yBACjB,MAAM,WACN,QACA,MACF;EACA,MAAM,WAAW,MAAM,GAAG,KAAKH,MAAI;EACnC,IAAI,CAAC,SAAS,OAAO,GACnB,MAAM,IAAI,MAAM,uBAAuB,MAAM,WAAW;EAE1D,MAAM,WAAW,KAAK,IACpB,OAAO,gBAAgB,wBACvB,CACF;EACA,IAAI,SAAS,OAAO,UAElB,OAAO,CAAC,WADgB,SAAS,KAAK,sBAAsB,SAAS,qFACvD;GAAE,MAAA;GAAM,OAAO,SAAS;GAAM,WAAW;EAAK,CAAC;EAG/D,IAAI,MAAM,YAAYA,QAAM,EAAE,GAAG;GAC/B,MAAM,iBAAiB,OAAO,yBAAyB;GACvD,IAAI,mBAAmB,OAAO;IAC5B,MAAM,aAAa,MAAMI,oBAAAA,mBAAmB;KAC1C,MAAA;KACA,OAAO,SAAS;KAChB,MAAM;KACN,UAAU,OAAO,sBAAsB;KAIvC;IACF,CAAC;IACD,IAAI,WAAW,SAAS,SACtB,OAAO,CACLC,oBAAAA,uBAAuBL,QAAM,UAAU,GACvC;KACE,MAAA;KACA,OAAO,SAAS;KAChB,MAAM,WAAW;KACjB,YAAY;IACd,CACF;IAEF,IAAI,WAAW,SAAS,OACtB,OAAO,CACL,CACE;KACE,MAAM;KACN,MAAM,QAAQA,OAAK,qBAAqB,SAAS,KAAK;IACxD,GACA;KACE,MAAM;KACN,WAAW,EAAE,KAAK,WAAW,QAAQ;IACvC,CACF,GACA;KACE,MAAA;KACA,OAAO,SAAS;KAChB,MAAM,WAAW;KACjB,YAAY;IACd,CACF;IAEF,IAAI,WAAW,SAAS,YACtB,OAAO,CACL,qBAAqB,WAAW,KAAK,eAAe,WAAW,MAAM,iBAAiB,WAAW,SAAS,cAC1G;KACE,MAAA;KACA,OAAO,SAAS;KAChB,MAAM,WAAW;KACjB,YAAY;IACd,CACF;IAEF,IAAI,WAAW,SAAS,UACtB,OAAO,CACL,iCAAiC,SAAS,KAAK,UAAU,WAAW,KAAK,KAAKA,UAC9E;KACE,MAAA;KACA,OAAO,SAAS;KAChB,MAAM,WAAW;KACjB,QAAQ;IACV,CACF;GAGJ,OACE,OAAO,CACL,iCAAiC,SAAS,KAAK,WAAWA,UAC1D;IAAE,MAAA;IAAM,OAAO,SAAS;IAAM,QAAQ;GAAK,CAC7C;EAEJ;EAGA,MAAM,SAAS,WAAW,MADJ,GAAG,SAASA,QAAM,MAAM,GACX,MAAM,QAAQ,MAAM,KAAK;EAC5D,OAAO,CACL,OAAO,YAAY,GAAG,OAAO,KAAK,iBAAiB,OAAO,MAC1D;GAAE,MAAA;GAAM,OAAO,SAAS;EAAK,CAC/B;CACF,GACA;EACE,MAAA;EACA,aACE;EAGF,QAAQ;EACR,gBAAA;CACF,CACF;AACF;AAEA,SAAgB,yBACd,SAAiC,CAAC,GAClC,cACuB;CACvB,MAAM,KAAKE,6BAAAA,eAAe,MAAM;CAChC,QAAA,GAAA,sBAAA,KAAA,CACE,OAAO,aAAa;EAClB,MAAM,QAAQ;EACd,IAAI,OAAO,aAAa,MACtB,MAAM,IAAI,MAAM,gDAAgD;EAElE,MAAMF,SAAO,MAAMG,6BAAAA,yBACjB,MAAM,WACN,QACA,OACF;EACA,IAAI,gBAAgB,MAClB,MAAM,aAAa,mBAAmBH,MAAI;EAG5C,IAAI,SAAS;EACb,IAAI,WAAW;GAAE,MAAM;GAAI,QAAQ;GAAO,SAAS;EAAc;EAGjE,IAAI,UAAU;EACd,IAAI;GAEF,MAAM,UAAUM,qBAAAA,WAAW,MADT,GAAG,SAASN,QAAM,MAAM,CACZ;GAC9B,SAAS,QAAQ;GACjB,WAAW;GACX,UAAU;EACZ,QAAQ;GACN,UAAU;EACZ;EAEA,MAAM,GAAG,OAAA,GAAA,KAAA,QAAA,CAAcA,MAAI,GAAG,EAAE,WAAW,KAAK,CAAC;EACjD,MAAM,YAAYC,qBAAAA,WAAW,MAAM,SAAS,QAAQ;EACpD,MAAM,GAAG,UAAUD,QAAM,WAAW,MAAM;EAE1C,MAAM,SAAS,MAAM,oBAAoBA,QAAM,MAAM;EAErD,MAAMO,SAAO,UACT,cAAcP,QAAM,QAAQ,MAAM,OAAO,IACzC,cAAc,MAAM,QAAQ,OAAO;EAIvC,MAAM,UAAU,yBAHI,UAChB,aAAaA,OAAK,IAAI,MAAM,QAAQ,OAAO,kBAAkBO,WAC7D,WAAWP,OAAK,IAAI,MAAM,QAAQ,OAAO,WACS,MAAM;EAC5D,IAAI,QAAQ,QAAQ,OAAO,SAAS,OAAO,SAAS,UAAU;GAI5D,MAAM,kBAAkB,IAAIA,QAAM,SAAS,QAAQ,QAAQ;GAC3D,MAAM,IAAI,MACR,mCAAmC,OAAO,QAAQ,QAAQ,mCAAmC,OAAO,QAAQ,QAC9G;EACF;EACA,OAAO,CACL,SACA;GACE,MAAA;GACA,OAAO,UAAU;GACjB,UAAU,CAAC;GACX,SAAS,SAAS,YAAY,SAAS,SAAS;GAChD,SAAS,SAAS;GAClB,GAAI,UAAU,QAAQ,OAAO,QAAQ,OAAO,QACxC,EAAE,cAAc,OAAO,QAAQ,QAAQ,IACvC,CAAC;EACP,CACF;CACF,GACA;EACE,MAAM;EACN,aACE;EAGF,QAAQ;EACR,gBAAA;CACF,CACF;AACF;AAEA,SAAgB,wBACd,SAAiC,CAAC,GAClC,cACuB;CACvB,MAAM,KAAKE,6BAAAA,eAAe,MAAM;CAChC,QAAA,GAAA,sBAAA,KAAA,CACE,OAAO,aAAa;EAClB,MAAM,QAAQ;EAMd,IAAI,OAAO,aAAa,MACtB,MAAM,IAAI,MAAM,+CAA+C;EAEjE,MAAM,QAAQ,eAAe,KAAK;EAClC,IAAI,MAAM,WAAW,GACnB,MAAM,IAAI,MAAM,kDAAkD;EAGpE,MAAMF,SAAO,MAAMG,6BAAAA,yBACjB,MAAM,WACN,QACA,OACF;EAEA,MAAM,WAAWG,qBAAAA,WAAW,MADV,GAAG,SAASN,QAAM,MAAM,CACX;EAC/B,MAAM,WAAW,SAAS;EAE1B,IAAI,OAAO;EACX,MAAM,iBAA2B,CAAC;EAClC,KAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;GACrC,MAAM,OAAO,MAAM;GACnB,MAAM,QAAQQ,uBAAAA,WAAW,MAAM,KAAK,OAAO;GAC3C,IAAI,SAAS,MACX,MAAM,IAAI,MACR,QAAQ,IAAI,EAAE,GAAG,MAAM,OAAO,iCAAiC,MAAM,UAAU,oIAGjF;GAEF,eAAe,KAAK,MAAM,QAAQ;GAClC,OAAOC,uBAAAA,UAAU,MAAM,OAAO,KAAK,OAAO;EAC5C;EAEA,IAAI,gBAAgB,MAClB,MAAM,aAAa,mBAAmBT,MAAI;EAE5C,MAAM,YAAYC,qBAAAA,WAAW,MAAM,QAAQ;EAC3C,MAAM,GAAG,UAAUD,QAAM,WAAW,MAAM;EAE1C,MAAM,SAAS,MAAM,oBAAoBA,QAAM,MAAM;EAErD,MAAMO,SAAO,cAAcP,QAAM,UAAU,IAAI;EAC/C,MAAM,QAAQ,eAAe,MAAM,MAAM,MAAM,OAAO;EAKtD,MAAM,UAAU,yBAHd,WAAW,MAAM,OAAO,cAAcA,YACrC,QAAQ,iBAAiB,eAAe,KAAK,IAAI,EAAE,KAAK,MACzD,YAAYO,UACwC,MAAM;EAC5D,IAAI,QAAQ,QAAQ,OAAO,SAAS,OAAO,SAAS,UAAU;GAI5D,MAAM,kBAAkB,IAAIP,QAAM,MAAM,UAAU,QAAQ;GAC1D,MAAM,IAAI,MACR,kCAAkC,OAAO,QAAQ,QAAQ,kCAAkC,OAAO,QAAQ,QAC5G;EACF;EACA,OAAO,CACL,SACA;GACE,MAAA;GACA,OAAO,MAAM;GACb,YAAY;GACZ,SAAS,SAAS,YAAY,SAAS,SAAS;GAChD,SAAS,SAAS;GAClB,GAAI,UAAU,QAAQ,OAAO,QAAQ,OAAO,QACxC,EAAE,cAAc,OAAO,QAAQ,QAAQ,IACvC,CAAC;EACP,CACF;CACF,GACA;EACE,MAAM;EACN,aACE;EACF,QAAQ;EACR,gBAAA;CACF,CACF;AACF;;;;;;;;;;;;AAoBA,IAAI,+CAA+B,IAAI,QAGrC;AAEF,SAAS,YAAY,KAA4C;CAK/D,IAAI,OAAO,MAAM,OAAO;CACxB,MAAM,SAA6C,CAAC;CACpD,KAAK,MAAM,KAAK,OAAO,KAAK,GAAG,CAAC,CAAC,KAAK,GACpC,OAAO,KAAK,IAAI;CAElB,OAAO,KAAK,UAAU,MAAM;AAC9B;AAEA,eAAe,mBACb,QACkB;CAClB,MAAM,UAAUU,6BAAAA,SAAS,MAAM;CAC/B,IAAI,SAAS,6BAA6B,IAAI,OAAO;CACrD,IAAI,UAAU,MAAM;EAClB,yBAAS,IAAI,IAAI;EACjB,6BAA6B,IAAI,SAAS,MAAM;CAClD;CACA,MAAM,SAAS,YAAY,OAAO,GAAG;CACrC,IAAI,eAAe,OAAO,IAAI,MAAM;CACpC,IAAI,gBAAgB,MAAM;EACxB,eAAeC,6BAAAA,kBACb,MACA,CAAC,WAAW,GACZ;GAAE,GAAG;GAAQ,WAAW;GAAM,SAAS,EAAE,SAAS,MAAM;EAAE,GAC1D,EAAE,UAAU,KAAK,CACnB,CAAC,CACE,MAAM,UAAU,MAAM,aAAa,CAAC,CAAC,CACrC,YAAY,KAAK;EACpB,OAAO,IAAI,QAAQ,YAAY;CACjC;CACA,OAAO;AACT;;;;;;;;;AAUA,SAAgB,6BAAmC;CACjD,+CAA+B,IAAI,QAAQ;AAC7C;AAQA,MAAM,YAAY,IAAI,IAAI;CACxB;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;AACF,CAAC;AAED,SAAS,aAAa,SAAyB;CAC7C,IAAI,SAAS;CACb,KAAK,IAAI,IAAI,GAAG,IAAI,QAAQ,QAAQ,KAAK;EACvC,MAAM,IAAI,QAAQ;EAClB,IAAI,MAAM,KACR,IAAI,QAAQ,IAAI,OAAO,KAAK;GAC1B,UAAU;GACV,KAAK;GACL,IAAI,QAAQ,IAAI,OAAO,KACrB,KAAK;EAET,OACE,UAAU;OAEP,IAAI,MAAM,KACf,UAAU;OACL,IAAI,gBAAgB,SAAS,CAAC,GACnC,UAAU,OAAO;OAEjB,UAAU;CAEd;CACA,UAAU;CACV,OAAO,IAAI,OAAO,MAAM;AAC1B;AAEA,gBAAgB,UACd,MACA,IACwB;CACxB,MAAM,QAAkB,CAAC,IAAI;CAC7B,OAAO,MAAM,SAAS,GAAG;EACvB,MAAM,MAAM,MAAM,IAAI;EACtB,IAAI;EACJ,IAAI;GACF,UAAU,MAAM,GAAG,QAAQ,KAAK,EAAE,eAAe,KAAK,CAAC;EACzD,QAAQ;GACN;EACF;EACA,KAAK,MAAM,SAAS,SAAS;GAC3B,IAAI,MAAM,KAAK,WAAW,MAAM,KAAK,UAAU,IAAI,MAAM,IAAI,GAC3D;GAEF,MAAM,OAAO,GAAG,IAAI,GAAG,MAAM;GAC7B,IAAI,MAAM,YAAY,GACpB,MAAM,KAAK,IAAI;QACV,IAAI,MAAM,OAAO,GACtB,MAAM;EAEV;CACF;AACF;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4BA,MAAM,8BAA8B;AACpC,MAAM,0BAA0B;AAMhC,MAAM,+BAA+B,IAAI,OAAO;;;;;;;;;;AAWhD,SAAS,6BAA6B,SAA0B;CAC9D,KAAK,IAAI,IAAI,GAAG,IAAI,QAAQ,SAAS,GAAG,KAAK;EAC3C,IAAI,QAAQ,OAAO,KAAK;EACxB,IAAI,QAAQ,IAAI,OAAO,MAAM;EAC7B,MAAM,OAAO,QAAQ,IAAI;EACzB,IAAI,SAAS,OAAO,SAAS,OAAO,SAAS,KAAK;EAGlD,IAAI,QAAQ;EACZ,IAAI,IAAI,IAAI;EACZ,OAAO,KAAK,GAAG;GACb,MAAM,IAAI,QAAQ;GAElB,IAAI,EADY,IAAI,KAAK,QAAQ,IAAI,OAAO;QAEtC,MAAM,KAAK;SACV,IAAI,MAAM,KAAK;KAClB;KACA,IAAI,UAAU,GAAG;IACnB;;GAEF;EACF;EACA,IAAI,IAAI,GAAG;EACX,MAAM,QAAQ,QAAQ,MAAM,IAAI,GAAG,CAAC;EACpC,IAAI,cAAc,KAAK,KAAK,GAAG,OAAO;CACxC;CACA,OAAO;AACT;AAEA,IAAM,oBAAN,cAAgC,MAAM;CACpC;CACA,YACE,MACA,SACA;EACA,MAAM,OAAO;EACb,KAAK,OAAO;CACd;AACF;AAEA,SAAS,qBAAqB,SAAyB;CACrD,IAAI,QAAQ,SAAS,6BACnB,MAAM,IAAI,kBACR,oBACA,mBAAmB,4BAA4B,6DACjD;CAEF,IAAI,6BAA6B,OAAO,GACtC,MAAM,IAAI,kBACR,kBACA,mLACF;CAEF,IAAI;EACF,OAAO,IAAI,OAAO,OAAO;CAC3B,SAAS,GAAG;EACV,MAAM,IAAI,kBACR,mBACA,kBAAmB,EAAY,SACjC;CACF;AACF;;AAOA,SAAS,0BAA0B,QAAoC;CACrE,IAAI,OAAO,QAAQ,SAAS,GAC1B,OAAO,CAAC,GAAG,OAAO,SAAS,GAAG,OAAO,OAAO,CAAC,CAAC,KAAK,IAAI;CAEzD,IAAI,OAAO,QAAQ,SAAS,GAC1B,OAAO,OAAO,QAAQ,KAAK,IAAI;CAEjC,OAAO;AACT;AAEA,eAAe,aACb,MACA,SACA,YACA,YACA,IAC6B;CAC7B,MAAM,KAAK,qBAAqB,OAAO;CACvC,MAAM,WAAW,KAAK,IAAI,IAAI;CAC9B,MAAM,SACJ,cAAc,QAAQ,eAAe,KACjC,aAAa,UAAU,IACvB,KAAA;CACN,MAAM,UAAoB,CAAC;CAQ3B,MAAM,qBAA+B,CAAC;CACtC,WAAW,MAAM,QAAQ,UAAU,MAAM,EAAE,GAAG;EAC5C,IAAI,KAAK,IAAI,IAAI,UAGf,OAAO;GAAE;GAAS,SAAS;EAAmB;EAEhD,IAAI,UAAU,MAAM;GAClB,MAAM,MAAM,KAAK,WAAW,OAAO,GAAG,IAClC,KAAK,MAAM,KAAK,SAAS,CAAC,IAC1B;GACJ,IAAI,CAAC,OAAO,KAAK,GAAG,GAClB;EAEJ;EAMA,IAAI;EACJ,IAAI;GACF,OAAO,MAAM,GAAG,KAAK,IAAI;EAC3B,QAAQ;GACN;EACF;EACA,IAAI,KAAK,OAAO,8BAA8B;GAC5C,mBAAmB,KACjB,GAAG,KAAK,sBAAsB,6BAA6B,4CAC7D;GACA;EACF;EACA,IAAI;EACJ,IAAI;GACF,UAAU,MAAM,GAAG,SAAS,MAAM,MAAM;EAC1C,QAAQ;GACN;EACF;EACA,IAAI,QAAQ,SAAS,IAAI,GACvB;EAIF,IAAI,KAAK,IAAI,IAAI,UACf,OAAO;GAAE;GAAS,SAAS;EAAmB;EAEhD,MAAM,QAAQ,QAAQ,MAAM,IAAI;EAChC,KAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAChC,IAAI,GAAG,KAAK,MAAM,EAAE,GAAG;GACrB,QAAQ,KAAK,GAAG,KAAK,GAAG,IAAI,EAAE,GAAG,MAAM,IAAI;GAC3C,IAAI,QAAQ,UAAU,YACpB,OAAO;IAAE;IAAS,SAAS;GAAmB;EAElD;CAEJ;CACA,OAAO;EAAE;EAAS,SAAS;CAAmB;AAChD;AAEA,eAAe,aACb,MACA,SACA,YACA,IACmB;CACnB,MAAM,KAAK,aAAa,OAAO;CAC/B,MAAM,MAAgB,CAAC;CACvB,WAAW,MAAM,QAAQ,UAAU,MAAM,EAAE,GAAG;EAC5C,MAAM,MAAM,KAAK,WAAW,OAAO,GAAG,IAClC,KAAK,MAAM,KAAK,SAAS,CAAC,IAC1B;EACJ,IAAI,GAAG,KAAK,GAAG,GAAG;GAChB,IAAI,KAAK,IAAI;GACb,IAAI,IAAI,UAAU,YAChB;EAEJ;CACF;CACA,OAAO;AACT;AAEA,SAAgB,0BACd,SAAiC,CAAC,GACX;CACvB,MAAM,KAAKT,6BAAAA,eAAe,MAAM;CAChC,QAAA,GAAA,sBAAA,KAAA,CACE,OAAO,aAAa;EAClB,MAAM,QAAQ;EAMd,MAAM,SAAS,MAAMC,6BAAAA,yBACnB,MAAM,QAAQ,KACd,QACA,MACF;EACA,MAAM,aAAa,KAAK,IAAI,MAAM,eAAe,qBAAqB,CAAC;EAEvE,IAAI,MAAM,mBAAmB,MAAM,GAAG;GAoBpC,MAAM,SAAS,MAAMQ,6BAAAA,kBAAkB,MAAM;IAZ3C;IACA;IACA;IACA;IACA;IACA,GAAI,MAAM,QAAQ,QAAQ,MAAM,SAAS,KACrC,CAAC,UAAU,MAAM,IAAI,IACrB,CAAC;IACL;IACA,MAAM;IACN;GAE8C,GAAG;IACjD,GAAG;IACH,WAAW,OAAO,aAAa;GACjC,CAAC;GASD,IACE,OAAO,YACN,OAAO,YAAY,QAAQ,OAAO,WAAW,GAC9C;IACA,MAAM,SAAS,OAAO,OAAO,KAAK,KAAK,aAAa,OAAO;IAC3D,OAAO,CACL,uBAAuB,UACvB;KACE,SAAS;KACT,QAAQ;KACR,OAAO;KACP,UAAU,OAAO;IACnB,CACF;GACF;GACA,MAAM,QAAQ,OAAO,OAClB,MAAM,IAAI,CAAC,CACX,OAAO,OAAO,CAAC,CACf,MAAM,GAAG,UAAU;GAKtB,OAAO,CAHL,MAAM,SAAS,IACX,MAAM,KAAK,IAAI,IACf,OAAO,OAAO,KAAK,KAAK,qBACd;IAAE,SAAS,MAAM;IAAQ,QAAQ;GAAU,CAAC;EAC9D;EAEA,IAAI;GACF,MAAM,EAAE,SAAS,YAAY,MAAM,aACjC,QACA,MAAM,SACN,MAAM,MACN,YACA,EACF;GAIA,OAAO,CADS,0BAA0B;IAAE;IAAS;GAAQ,CAErD,GACN;IACE,SAAS,QAAQ;IACjB,SAAS,QAAQ;IACjB,QAAQ;GACV,CACF;EACF,SAAS,GAAG;GACV,IAAI,aAAa,mBACf,OAAO,CACL,oCAAoC,EAAE,WACtC;IACE,SAAS;IACT,QAAQ;IACR,OAAO,EAAE;IACT,MAAM,EAAE;GACV,CACF;GAEF,MAAM;EACR;CACF,GACA;EACE,MAAM;EACN,aACE;EACF,QAAQ;EACR,gBAAA;CACF,CACF;AACF;AAEA,SAAgB,0BACd,SAAiC,CAAC,GACX;CACvB,MAAM,KAAKT,6BAAAA,eAAe,MAAM;CAChC,QAAA,GAAA,sBAAA,KAAA,CACE,OAAO,aAAa;EAClB,MAAM,QAAQ;EAKd,MAAM,SAAS,MAAMC,6BAAAA,yBACnB,MAAM,QAAQ,KACd,QACA,MACF;EACA,MAAM,aAAa,KAAK,IAAI,MAAM,eAAe,qBAAqB,CAAC;EAEvE,IAAI,MAAM,mBAAmB,MAAM,GAAG;GACpC,MAAM,SAAS,MAAMQ,6BAAAA,kBACnB,MACA;IACE;IACA;IACA;IACA;IACA;IACA,MAAM;IACN;GACF,GACA;IAAE,GAAG;IAAQ,WAAW,OAAO,aAAa;GAAM,CACpD;GAQA,IACE,OAAO,YACN,OAAO,YAAY,QAAQ,OAAO,WAAW,GAC9C;IACA,MAAM,SAAS,OAAO,OAAO,KAAK,KAAK,aAAa,OAAO;IAC3D,OAAO,CACL,uBAAuB,UACvB;KACE,OAAO,CAAC;KACR,QAAQ;KACR,OAAO;KACP,UAAU,OAAO;IACnB,CACF;GACF;GACA,MAAM,QAAQ,OAAO,OAClB,MAAM,IAAI,CAAC,CACX,OAAO,OAAO,CAAC,CACf,MAAM,GAAG,UAAU;GACtB,OAAO,CACL,MAAM,SAAS,IAAI,MAAM,KAAK,IAAI,IAAI,mBACtC;IAAE,OAAO;IAAO,QAAQ;GAAU,CACpC;EACF;EAEA,MAAM,QAAQ,MAAM,aAAa,QAAQ,MAAM,SAAS,YAAY,EAAE;EACtE,OAAO,CACL,MAAM,SAAS,IAAI,MAAM,KAAK,IAAI,IAAI,mBACtC;GAAE;GAAO,QAAQ;EAAgB,CACnC;CACF,GACA;EACE,MAAM;EACN,aACE;EACF,QAAQ;EACR,gBAAA;CACF,CACF;AACF;AAEA,SAAgB,6BACd,SAAiC,CAAC,GACX;CACvB,MAAM,KAAKT,6BAAAA,eAAe,MAAM;CAChC,QAAA,GAAA,sBAAA,KAAA,CACE,OAAO,aAAa;EAElB,MAAMF,SAAO,MAAMG,6BAAAA,yBACjBS,SAAM,QAAQ,KACd,QACA,MACF;EACA,MAAM,UAAU,MAAM,GAAG,QAAQZ,QAAM,EAAE,eAAe,KAAK,CAAC;EAM9D,OAAO,CALQ,QACZ,KACE,UAAU,GAAG,MAAM,YAAY,IAAI,SAAS,OAAO,IAAI,MAAM,MAChE,CAAC,CACA,KAAK,IACK,KAAK,uBAAuB;GAAE,MAAA;GAAM,OAAO,QAAQ;EAAO,CAAC;CAC1E,GACA;EACE,MAAM;EACN,aAAa;EACb,QAAQ;EACR,gBAAA;CACF,CACF;AACF;AAYA,SAAgB,uBACd,SAAiC,CAAC,GAClC,UAAsD,CAAC,GAC9B;CACzB,MAAM,eACJ,QAAQ,iBACP,OAAO,sBAAsB,OAC1Ba,yBAAAA,4BAA4B,EAAE,IAAI,OAAO,MAAM,GAAG,CAAC,IACnD,KAAA;CACN,OAAO;EACL,wBAAwB,MAAM;EAC9B,yBAAyB,QAAQ,YAAY;EAC7C,wBAAwB,QAAQ,YAAY;EAC5C,0BAA0B,MAAM;EAChC,0BAA0B,MAAM;EAChC,6BAA6B,MAAM;EACnCC,yBAAAA,uBAAuB,MAAM;EAC7BC,4BAAAA,6BAA6B,EAAE,OAAO,CAAC;EACvCC,4BAAAA,6BAA6B,MAAM;EACnCC,qCAAAA,uCAAuC,MAAM;EAC7CC,qCAAAA,2CAA2C,MAAM;CACnD;AACF;;;;;;AAOA,SAAgB,4BACd,SAAiC,CAAC,GAClC,UAAsD,CAAC,GAChC;CACvB,MAAM,eACJ,QAAQ,iBACP,OAAO,sBAAsB,OAC1BL,yBAAAA,4BAA4B,EAAE,IAAI,OAAO,MAAM,GAAG,CAAC,IACnD,KAAA;CACN,OAAO;EACL,OAAO,uBAAuB,QAAQ,EAAE,aAAa,CAAC;EACtD;CACF;AACF;AAEA,SAAgB,mCAA+C;CAC7D,OAAO;EACL,eAAA,aAEE,mFACA,uBACF;EACA,eACE,wBACA,8EACA,wBACF;EACA,eACE,uBACA,kDACA,uBACF;EACA,eACE,yBACA,8DACA,yBACF;EACA,eACE,yBACA,6CACA,yBACF;EACA,eACE,4BACA,oDACA,4BACF;EACAM,yBAAAA,iCAAiC;CACnC;AACF;AAEA,SAAgB,gCAAkD;CAChE,OAAO,IAAI,IACT,iCAAiC,CAAC,CAAC,KAAK,eAAe,CACrD,WAAW,MACX,UACF,CAAC,CACH;AACF"}
1	+ {"version":3,"file":"LocalCodingTools.cjs","names":["truncateLocalOutput","runPostEditSyntaxCheck","path","encodeFile","getWorkspaceFS","resolveWorkspacePathSafe","classifyAttachment","imageAttachmentContent","decodeFile","diff","locateEdit","applyEdit","getSpawn","spawnLocalProcess","input","createLocalFileCheckpointer","createCompileCheckTool","createLocalBashExecutionTool","createLocalCodeExecutionTool","createLocalProgrammaticToolCallingTool","createLocalBashProgrammaticToolCallingTool","createCompileCheckToolDefinition"],"sources":["../../../../src/tools/local/LocalCodingTools.ts"],"sourcesContent":["import { basename, dirname } from 'path';\nimport { createTwoFilesPatch } from 'diff';\nimport { tool } from '@langchain/core/tools';\nimport type { DynamicStructuredTool } from '@langchain/core/tools';\nimport type * as t from '@/types';\nimport {\n createLocalBashProgrammaticToolCallingTool,\n createLocalProgrammaticToolCallingTool,\n} from './LocalProgrammaticToolCalling';\nimport {\n getSpawn,\n getWorkspaceFS,\n resolveWorkspacePathSafe,\n spawnLocalProcess,\n truncateLocalOutput,\n} from './LocalExecutionEngine';\nimport {\n createLocalBashExecutionTool,\n createLocalCodeExecutionTool,\n} from './LocalExecutionTools';\nimport {\n createCompileCheckTool,\n createCompileCheckToolDefinition,\n} from './CompileCheckTool';\nimport { classifyAttachment, imageAttachmentContent } from './attachments';\nimport { createLocalFileCheckpointer } from './FileCheckpointer';\nimport { applyEdit, locateEdit } from './editStrategies';\nimport { decodeFile, encodeFile } from './textEncoding';\nimport { runPostEditSyntaxCheck } from './syntaxCheck';\nimport { Constants } from '@/common';\n\nconst MAX_READ_CHARS = 256000;\nconst DEFAULT_MAX_RESULTS = 200;\nconst DEFAULT_MAX_READ_BYTES = 10 * 1024 * 1024;\nconst BINARY_DETECTION_BYTES = 8000;\n\n/*\n Tool name aliases retained for back-compat with consumers that imported\n * the per-file `LocalToolName` constants. The canonical names live on\n `Constants.` (see `src/common/enum.ts`); these aliases just point at\n them so a typo upstream gets caught at the type level.\n /\nexport const LocalWriteFileToolName = Constants.WRITE_FILE;\nexport const LocalEditFileToolName = Constants.EDIT_FILE;\nexport const LocalGrepSearchToolName = Constants.GREP_SEARCH;\nexport const LocalGlobSearchToolName = Constants.GLOB_SEARCH;\nexport const LocalListDirectoryToolName = Constants.LIST_DIRECTORY;\n\nexport const LocalReadFileToolSchema: t.JsonSchemaType = {\n type: 'object',\n properties: {\n path: {\n type: 'string',\n description:\n 'Path to a local file, relative to the configured cwd unless absolute paths are allowed.',\n },\n offset: {\n type: 'integer',\n description: 'Optional 1-indexed line offset for large files.',\n },\n limit: {\n type: 'integer',\n description: 'Optional maximum number of lines to return.',\n },\n },\n required: ['path'],\n};\n\nexport const LocalWriteFileToolSchema: t.JsonSchemaType = {\n type: 'object',\n properties: {\n path: {\n type: 'string',\n description:\n 'Path to write, relative to the configured cwd unless absolute paths are allowed.',\n },\n content: {\n type: 'string',\n description: 'Complete file contents to write.',\n },\n },\n required: ['path', 'content'],\n};\n\nexport const LocalEditFileToolSchema: t.JsonSchemaType = {\n type: 'object',\n properties: {\n path: {\n type: 'string',\n description:\n 'Path to edit, relative to the configured cwd unless absolute paths are allowed.',\n },\n old_text: {\n type: 'string',\n description: 'Exact text to replace. Must appear exactly once.',\n },\n new_text: {\n type: 'string',\n description: 'Replacement text.',\n },\n edits: {\n type: 'array',\n description:\n 'Optional batch of exact replacements. Each old_text must appear exactly once in the original file.',\n items: {\n type: 'object',\n properties: {\n old_text: { type: 'string' },\n new_text: { type: 'string' },\n },\n required: ['old_text', 'new_text'],\n },\n },\n },\n required: ['path'],\n};\n\nexport const LocalGrepSearchToolSchema: t.JsonSchemaType = {\n type: 'object',\n properties: {\n pattern: {\n type: 'string',\n description: 'Regex pattern to search for.',\n },\n path: {\n type: 'string',\n description: 'Directory or file to search. Defaults to cwd.',\n },\n glob: {\n type: 'string',\n description: 'Optional file glob passed to rg -g.',\n },\n max_results: {\n type: 'integer',\n description: 'Maximum matching lines to return.',\n },\n },\n required: ['pattern'],\n};\n\nexport const LocalGlobSearchToolSchema: t.JsonSchemaType = {\n type: 'object',\n properties: {\n pattern: {\n type: 'string',\n description: 'File glob pattern, for example \"src//.ts\".',\n },\n path: {\n type: 'string',\n description: 'Directory to search. Defaults to cwd.',\n },\n max_results: {\n type: 'integer',\n description: 'Maximum file paths to return.',\n },\n },\n required: ['pattern'],\n};\n\nexport const LocalListDirectoryToolSchema: t.JsonSchemaType = {\n type: 'object',\n properties: {\n path: {\n type: 'string',\n description: 'Directory to list. Defaults to cwd.',\n },\n },\n};\n\nfunction lineWindow(\n content: string,\n offset?: number,\n limit?: number\n): { text: string; truncated: boolean } {\n const start = Math.max((offset ?? 1) - 1, 0);\n // Avoid splitting the whole file when the caller asked for a small\n // window. For a 10 MB file with `offset: 1, limit: 10`, the prior\n // `content.split('\\n')` allocated millions of strings to throw all\n // but 10 away. We walk newline indices directly: O(start + limit)\n // instead of O(file). When `limit` is omitted, fall back to the\n // simple split — it's the same amount of work either way.\n if (limit == null \|\| limit <= 0) {\n const lines = content.split('\\n');\n const selected = lines.slice(start);\n const numbered = selected\n .map(\n (line, index) =>\n `${String(start + index + 1).padStart(6, ' ')}\\t${line}`\n )\n .join('\\n');\n return {\n text: truncateLocalOutput(numbered, MAX_READ_CHARS),\n truncated: numbered.length > MAX_READ_CHARS,\n };\n }\n // Walk to the start line by counting newlines.\n let cursor = 0;\n for (let i = 0; i < start; i++) {\n const next = content.indexOf('\\n', cursor);\n if (next === -1) {\n // File has fewer lines than `offset` — return empty window.\n return { text: '', truncated: false };\n }\n cursor = next + 1;\n }\n // Collect up to `limit` lines from `cursor`.\n const out: string[] = [];\n let pos = cursor;\n let exhausted = true;\n for (let k = 0; k < limit; k++) {\n const next = content.indexOf('\\n', pos);\n if (next === -1) {\n out.push(content.slice(pos));\n break;\n }\n out.push(content.slice(pos, next));\n pos = next + 1;\n if (k === limit - 1 && pos < content.length) {\n exhausted = false;\n }\n }\n const numbered = out\n .map(\n (text, index) => `${String(start + index + 1).padStart(6, ' ')}\\t${text}`\n )\n .join('\\n');\n return {\n text: truncateLocalOutput(numbered, MAX_READ_CHARS),\n truncated: !exhausted \|\| numbered.length > MAX_READ_CHARS,\n };\n}\n\nconst MAX_DIFF_CHARS = 4000;\n\ntype SyntaxRun =\n \| {\n mode: 'auto' \| 'strict';\n outcome: import('./syntaxCheck').SyntaxCheckOutcome;\n }\n \| undefined;\n\nasync function maybeRunSyntaxCheck(\n path: string,\n config: t.LocalExecutionConfig\n): Promise<SyntaxRun> {\n const mode = config.postEditSyntaxCheck ?? 'off';\n if (mode === 'off') return undefined;\n const outcome = await runPostEditSyntaxCheck(path, config);\n if (outcome == null) return undefined;\n return { mode, outcome };\n}\n\nfunction appendSyntaxCheckSummary(base: string, run: SyntaxRun): string {\n if (run == null) return base;\n if (run.outcome.ok) return base;\n const banner =\n run.mode === 'strict'\n ? `\\n\\n[syntax-check FAILED via ${run.outcome.checker}]\\n`\n : `\\n\\n[syntax-check warning via ${run.outcome.checker}]\\n`;\n return `${base}${banner}${run.outcome.output}`;\n}\n\n/*\n Revert a write_file/edit_file mutation in `postEditSyntaxCheck:\n * 'strict'` mode after the post-write syntax check failed. Strict\n * mode advertises a safety gate, so leaving the corrupted file on\n * disk + throwing is a half-broken contract — the model \"reacts\" to\n * the error but the next call sees broken on-disk state. Codex P2\n * [49]. Best-effort: a swallowed error here means the workspace is\n * still in the bad post-write state, but we still throw the\n * original syntax-check error so the caller knows.\n \n - If the file existed pre-write: restore the previous bytes with\n * the original encoding.\n * - If the file is brand-new: unlink it.\n /\nasync function revertStrictWrite(\n fs: import('./workspaceFS').WorkspaceFS,\n path: string,\n existed: boolean,\n before: string,\n encoding: { text: string; hasBom: boolean; newline: '\\n' \| '\\r\\n' }\n): Promise<void> {\n try {\n if (existed) {\n // encodeFile uses encoding.{hasBom,newline} to restore the\n // on-disk shape; the `text` field is overridden by the\n // explicit `before` arg we pass in.\n await fs.writeFile(\n path,\n encodeFile(before, { ...encoding, text: before }),\n 'utf8'\n );\n } else {\n await fs.unlink(path);\n }\n } catch {\n / best-effort: caller still sees the original syntax error /\n }\n}\n\nfunction summariseDiff(\n filePath: string,\n before: string,\n after: string\n): string {\n if (before === after) {\n return '(no textual changes)';\n }\n const name = basename(filePath);\n const patch = createTwoFilesPatch(name, name, before, after, '', '', {\n context: 3,\n });\n if (patch.length <= MAX_DIFF_CHARS) {\n return patch;\n }\n return (\n patch.slice(0, MAX_DIFF_CHARS) +\n `\\n[... diff truncated, ${patch.length - MAX_DIFF_CHARS} more chars ...]`\n );\n}\n\nfunction normalizeEdits(input: {\n old_text?: string;\n new_text?: string;\n edits?: Array<{ old_text?: string; new_text?: string }>;\n}): Array<{ oldText: string; newText: string }> {\n const edits = Array.isArray(input.edits)\n ? input.edits.map((edit) => ({\n oldText: edit.old_text ?? '',\n newText: edit.new_text ?? '',\n }))\n : [];\n\n if (input.old_text != null \|\| input.new_text != null) {\n edits.push({\n oldText: input.old_text ?? '',\n newText: input.new_text ?? '',\n });\n }\n\n return edits;\n}\n\nfunction toolDefinition(\n name: string,\n description: string,\n parameters: t.JsonSchemaType\n): t.LCTool {\n return {\n name,\n description,\n parameters,\n allowed_callers: ['direct', 'code_execution'],\n responseFormat: Constants.CONTENT_AND_ARTIFACT,\n toolType: 'builtin',\n };\n}\n\nasync function looksBinary(\n path: string,\n fs: import('./workspaceFS').WorkspaceFS\n): Promise<boolean> {\n let handle;\n try {\n handle = await fs.open(path, 'r');\n const sample = Buffer.alloc(BINARY_DETECTION_BYTES);\n const { bytesRead } = await handle.read(\n sample,\n 0,\n BINARY_DETECTION_BYTES,\n 0\n );\n for (let i = 0; i < bytesRead; i++) {\n if (sample[i] === 0) {\n return true;\n }\n }\n return false;\n } finally {\n await handle?.close();\n }\n}\n\nconst DEFAULT_MAX_ATTACHMENT_BYTES = 5 1024 * 1024;\n\nexport function createLocalReadFileTool(\n config: t.LocalExecutionConfig = {}\n): DynamicStructuredTool {\n const fs = getWorkspaceFS(config);\n return tool(\n async (rawInput) => {\n const input = rawInput as {\n path: string;\n offset?: number;\n limit?: number;\n };\n const path = await resolveWorkspacePathSafe(\n input.path,\n config,\n 'read'\n );\n const fileStat = await fs.stat(path);\n if (!fileStat.isFile()) {\n throw new Error(`Path is not a file: ${input.path}`);\n }\n const maxBytes = Math.max(\n config.maxReadBytes ?? DEFAULT_MAX_READ_BYTES,\n 1\n );\n if (fileStat.size > maxBytes) {\n const stub = `File is ${fileStat.size} bytes, exceeds the ${maxBytes}-byte read cap. Read a slice via bash (e.g. head/sed) or raise local.maxReadBytes.`;\n return [stub, { path, bytes: fileStat.size, truncated: true }];\n }\n\n if (await looksBinary(path, fs)) {\n const attachmentMode = config.attachReadAttachments ?? 'off';\n if (attachmentMode !== 'off') {\n const attachment = await classifyAttachment({\n path,\n bytes: fileStat.size,\n mode: attachmentMode,\n maxBytes: config.maxAttachmentBytes ?? DEFAULT_MAX_ATTACHMENT_BYTES,\n // Route through the configured WorkspaceFS so a custom\n // engine sees the same path semantics as `read_file`\n // itself (manual review finding F).\n fs,\n });\n if (attachment.kind === 'image') {\n return [\n imageAttachmentContent(path, attachment),\n {\n path,\n bytes: fileStat.size,\n mime: attachment.mime,\n attachment: 'image',\n },\n ];\n }\n if (attachment.kind === 'pdf') {\n return [\n [\n {\n type: 'text',\n text: `Read ${path} (application/pdf, ${fileStat.size} bytes). PDF attached as base64 data URL; vision-capable models that accept PDF will render it.`,\n },\n {\n type: 'image_url',\n image_url: { url: attachment.dataUrl },\n },\n ],\n {\n path,\n bytes: fileStat.size,\n mime: attachment.mime,\n attachment: 'pdf',\n },\n ];\n }\n if (attachment.kind === 'oversize') {\n return [\n `Refusing to embed ${attachment.mime} attachment (${attachment.bytes} bytes exceeds ${attachment.maxBytes}-byte cap).`,\n {\n path,\n bytes: fileStat.size,\n mime: attachment.mime,\n attachment: 'oversize',\n },\n ];\n }\n if (attachment.kind === 'binary') {\n return [\n `Refusing to read binary file (${fileStat.size} bytes, ${attachment.mime}): ${path}`,\n {\n path,\n bytes: fileStat.size,\n mime: attachment.mime,\n binary: true,\n },\n ];\n }\n // text-or-unknown falls through to the text-read path below.\n } else {\n return [\n `Refusing to read binary file (${fileStat.size} bytes): ${path}`,\n { path, bytes: fileStat.size, binary: true },\n ];\n }\n }\n\n const content = await fs.readFile(path, 'utf8');\n const result = lineWindow(content, input.offset, input.limit);\n return [\n result.truncated ? `${result.text}\\n[truncated]` : result.text,\n { path, bytes: fileStat.size },\n ];\n },\n {\n name: Constants.READ_FILE,\n description:\n 'Read a local text file from the configured working directory with line numbers. ' +\n 'When `attachReadAttachments` is enabled (e.g. images-only), reading an image returns an ' +\n '`image_url` content block so vision-capable models can see the file directly.',\n schema: LocalReadFileToolSchema,\n responseFormat: Constants.CONTENT_AND_ARTIFACT,\n }\n );\n}\n\nexport function createLocalWriteFileTool(\n config: t.LocalExecutionConfig = {},\n checkpointer?: t.LocalFileCheckpointer\n): DynamicStructuredTool {\n const fs = getWorkspaceFS(config);\n return tool(\n async (rawInput) => {\n const input = rawInput as { path: string; content: string };\n if (config.readOnly === true) {\n throw new Error('write_file is blocked in read-only local mode.');\n }\n const path = await resolveWorkspacePathSafe(\n input.path,\n config,\n 'write'\n );\n if (checkpointer != null) {\n await checkpointer.captureBeforeWrite(path);\n }\n\n let before = '';\n let encoding = { text: '', hasBom: false, newline: '\\n' as const } as\n \| ReturnType<typeof decodeFile>\n \| { text: string; hasBom: false; newline: '\\n' };\n let existed = false;\n try {\n const raw = await fs.readFile(path, 'utf8');\n const decoded = decodeFile(raw);\n before = decoded.text;\n encoding = decoded;\n existed = true;\n } catch {\n existed = false;\n }\n\n await fs.mkdir(dirname(path), { recursive: true });\n const finalText = encodeFile(input.content, encoding);\n await fs.writeFile(path, finalText, 'utf8');\n\n const syntax = await maybeRunSyntaxCheck(path, config);\n\n const diff = existed\n ? summariseDiff(path, before, input.content)\n : `(new file, ${input.content.length} chars)`;\n const baseSummary = existed\n ? `Overwrote ${path} (${input.content.length} chars). Diff:\\n${diff}`\n : `Created ${path} (${input.content.length} chars).`;\n const summary = appendSyntaxCheckSummary(baseSummary, syntax);\n if (syntax?.outcome.ok === false && syntax.mode === 'strict') {\n // Roll back the write so strict mode is an actual gate, not\n // \"fail the call AND leave the corrupted file on disk\".\n // Codex P2 [49].\n await revertStrictWrite(fs, path, existed, before, encoding);\n throw new Error(\n `write_file syntax check failed (${syntax.outcome.checker}); reverted to pre-write state.\\n${syntax.outcome.output}`\n );\n }\n return [\n summary,\n {\n path,\n bytes: finalText.length,\n new_file: !existed,\n newline: encoding.newline === '\\r\\n' ? 'CRLF' : 'LF',\n had_bom: encoding.hasBom,\n ...(syntax != null && syntax.outcome.ok === false\n ? { syntax_error: syntax.outcome.checker }\n : {}),\n },\n ];\n },\n {\n name: LocalWriteFileToolName,\n description:\n 'Create or overwrite a local text file in the configured working directory. ' +\n 'Preserves the existing BOM and line endings when overwriting; defaults to LF without BOM for new files. ' +\n 'Returns a unified diff of the changes when overwriting.',\n schema: LocalWriteFileToolSchema,\n responseFormat: Constants.CONTENT_AND_ARTIFACT,\n }\n );\n}\n\nexport function createLocalEditFileTool(\n config: t.LocalExecutionConfig = {},\n checkpointer?: t.LocalFileCheckpointer\n): DynamicStructuredTool {\n const fs = getWorkspaceFS(config);\n return tool(\n async (rawInput) => {\n const input = rawInput as {\n path: string;\n old_text?: string;\n new_text?: string;\n edits?: Array<{ old_text?: string; new_text?: string }>;\n };\n if (config.readOnly === true) {\n throw new Error('edit_file is blocked in read-only local mode.');\n }\n const edits = normalizeEdits(input);\n if (edits.length === 0) {\n throw new Error('edit_file requires old_text/new_text or edits[].');\n }\n\n const path = await resolveWorkspacePathSafe(\n input.path,\n config,\n 'write'\n );\n const raw = await fs.readFile(path, 'utf8');\n const encoding = decodeFile(raw);\n const original = encoding.text;\n\n let next = original;\n const strategiesUsed: string[] = [];\n for (let i = 0; i < edits.length; i++) {\n const edit = edits[i];\n const match = locateEdit(next, edit.oldText);\n if (match == null) {\n throw new Error(\n `Edit ${i + 1}/${edits.length}: could not locate old_text in ${input.path}. ` +\n 'Tried exact, line-trimmed, whitespace-normalized, and indentation-flexible matching. ' +\n 'Re-read the file and copy the literal lines.'\n );\n }\n strategiesUsed.push(match.strategy);\n next = applyEdit(next, match, edit.newText);\n }\n\n if (checkpointer != null) {\n await checkpointer.captureBeforeWrite(path);\n }\n const finalText = encodeFile(next, encoding);\n await fs.writeFile(path, finalText, 'utf8');\n\n const syntax = await maybeRunSyntaxCheck(path, config);\n\n const diff = summariseDiff(path, original, next);\n const fuzzy = strategiesUsed.some((s) => s !== 'exact');\n const baseSummary =\n `Applied ${edits.length} edit(s) to ${path}` +\n (fuzzy ? ` (strategies: ${strategiesUsed.join(', ')})` : '') +\n `. Diff:\\n${diff}`;\n const summary = appendSyntaxCheckSummary(baseSummary, syntax);\n if (syntax?.outcome.ok === false && syntax.mode === 'strict') {\n // Restore the pre-edit bytes so strict mode is an actual\n // gate (Codex P2 [49]). edit_file always operates on an\n // existing file, so `existed = true` here.\n await revertStrictWrite(fs, path, true, original, encoding);\n throw new Error(\n `edit_file syntax check failed (${syntax.outcome.checker}); reverted to pre-edit state.\\n${syntax.outcome.output}`\n );\n }\n return [\n summary,\n {\n path,\n edits: edits.length,\n strategies: strategiesUsed,\n newline: encoding.newline === '\\r\\n' ? 'CRLF' : 'LF',\n had_bom: encoding.hasBom,\n ...(syntax != null && syntax.outcome.ok === false\n ? { syntax_error: syntax.outcome.checker }\n : {}),\n },\n ];\n },\n {\n name: LocalEditFileToolName,\n description:\n 'Apply exact text replacements to a local file. The matcher tries exact, line-trimmed, whitespace-normalized, and indentation-flexible strategies in order so common LLM whitespace mistakes are recoverable. Each old_text must still match exactly one location. Returns a unified diff of the changes.',\n schema: LocalEditFileToolSchema,\n responseFormat: Constants.CONTENT_AND_ARTIFACT,\n }\n );\n}\n\n/*\n Ripgrep availability cache, keyed on the effective execution\n backend* — whatever function `getSpawn(config)` returns. Without\n * the backend key, a Run that probes `rg` over Node's\n * `child_process.spawn` would poison subsequent Runs whose\n * `local.exec.spawn` routes to a remote sandbox or container that\n * doesn't have rg installed: the cached `true` would skip the probe,\n * the rg invocation would throw, and the Node fallback wouldn't be\n * reached. Per-backend caching avoids that without paying for a\n * spawn-per-search.\n /\n// Per-backend × per-env cache. Codex P1 #34 — keying by spawn\n// backend alone misses the case where two Runs share a backend but\n// vary `local.env` (especially PATH). Stale cache then claims `rg`\n// is available, the rg path runs, and the spawn fails with ENOENT\n// instead of falling back to the Node walker. The inner Map is\n// keyed by a stable JSON hash of the effective env so each unique\n// env gets its own probe.\nlet ripgrepAvailabilityByBackend = new WeakMap<\n t.LocalSpawn,\n Map<string, Promise<boolean>>\n>();\n\nfunction envCacheKey(env: NodeJS.ProcessEnv \| undefined): string {\n // PATH is the only env entry that affects command lookup, but\n // hashing the whole env keeps the key correct for hosts that\n // vary anything else relevant. Stable JSON via sorted keys so\n // {A:1,B:2} and {B:2,A:1} produce the same hash.\n if (env == null) return '';\n const sorted: Record<string, string \| undefined> = {};\n for (const k of Object.keys(env).sort()) {\n sorted[k] = env[k];\n }\n return JSON.stringify(sorted);\n}\n\nasync function isRipgrepAvailable(\n config: t.LocalExecutionConfig\n): Promise<boolean> {\n const backend = getSpawn(config);\n let envMap = ripgrepAvailabilityByBackend.get(backend);\n if (envMap == null) {\n envMap = new Map();\n ripgrepAvailabilityByBackend.set(backend, envMap);\n }\n const envKey = envCacheKey(config.env);\n let probePromise = envMap.get(envKey);\n if (probePromise == null) {\n probePromise = spawnLocalProcess(\n 'rg',\n ['--version'],\n { ...config, timeoutMs: 5000, sandbox: { enabled: false } },\n { internal: true }\n )\n .then((probe) => probe.exitCode === 0)\n .catch(() => false);\n envMap.set(envKey, probePromise);\n }\n return probePromise;\n}\n\n/\n Test-only reset hook. Clears the ripgrep-availability cache so\n * tests can swap in mocked spawn backends and reprobe deterministically.\n \n @internal Not part of the public SDK surface; the leading underscore\n * and `@internal` tag together signal that consumers should not call\n * this. Tests import it via the module path directly.\n /\nexport function _resetRipgrepCacheForTests(): void {\n ripgrepAvailabilityByBackend = new WeakMap();\n}\n\n// Skipped by the Node-fallback walker (used when ripgrep is\n// unavailable). Covers common build outputs, virtualenvs, and\n// caches so a `grep_search`/`glob_search` on a large monorepo or a\n// Python project with `.venv/` doesn't read every file under those\n// trees. ripgrep itself respects .gitignore so it doesn't need this\n// list. Audit follow-up from the comprehensive review (finding #3).\nconst SKIP_DIRS = new Set([\n '.git',\n '.svn',\n '.hg',\n 'node_modules',\n '.next',\n '.nuxt',\n '.cache',\n '.parcel-cache',\n '.turbo',\n 'dist',\n 'build',\n 'out',\n 'target',\n 'vendor',\n 'coverage',\n '.nyc_output',\n '__pycache__',\n '.venv',\n 'venv',\n 'env',\n '.tox',\n '.mypy_cache',\n '.pytest_cache',\n '.ruff_cache',\n]);\n\nfunction globToRegExp(pattern: string): RegExp {\n let result = '^';\n for (let i = 0; i < pattern.length; i++) {\n const c = pattern[i];\n if (c === '') {\n if (pattern[i + 1] === '') {\n result += '.';\n i += 1;\n if (pattern[i + 1] === '/') {\n i += 1;\n }\n } else {\n result += '[^/]';\n }\n } else if (c === '?') {\n result += '[^/]';\n } else if ('.+^$\|(){}[]\\\\'.includes(c)) {\n result += '\\\\' + c;\n } else {\n result += c;\n }\n }\n result += '$';\n return new RegExp(result);\n}\n\nasync function walkFiles(\n root: string,\n fs: import('./workspaceFS').WorkspaceFS\n): AsyncGenerator<string> {\n const stack: string[] = [root];\n while (stack.length > 0) {\n const dir = stack.pop() as string;\n let entries;\n try {\n entries = await fs.readdir(dir, { withFileTypes: true });\n } catch {\n continue;\n }\n for (const entry of entries) {\n if (entry.name.startsWith('.git') \|\| SKIP_DIRS.has(entry.name)) {\n continue;\n }\n const full = `${dir}/${entry.name}`;\n if (entry.isDirectory()) {\n stack.push(full);\n } else if (entry.isFile()) {\n yield full;\n }\n }\n }\n}\n\n/*\n Catastrophic-backtracking guardrails for the fallback grep path.\n \n Without ripgrep we run the model-supplied pattern through Node's\n * `RegExp` engine, which uses a backtracking implementation. Patterns\n * with nested unbounded quantifiers (`(a+)+`, `(.)`, etc.) can\n * monopolise the event loop for arbitrary wall-clock time on\n * pathological input, and `setTimeout` cannot interrupt a synchronous\n * `RegExp.exec`. Manual review (finding D) flagged this as a real DoS.\n \n Mitigations applied here, in order of severity:\n * 1. Cap pattern length so an obviously oversize regex is rejected\n * before compile.\n * 2. Reject patterns that contain a nested unbounded quantifier of\n * the form `(...+\|)([+]\|{n,})` — the standard pathological\n * shape. Still a heuristic (not a full safety proof), but blocks\n * every common DoS construction we've seen in coding-agent logs.\n * 3. Wall-clock budget for the overall search: each file's regex\n * pass is checked against a deadline; once exceeded the search\n * bails with a partial result. Doesn't interrupt a stuck\n * `exec()` call, but stops a slow pattern from making the whole\n * Run hang once the first hung file finishes.\n \n Hosts that need bulletproof regex safety should install `rg` —\n * ripgrep uses RE2 internally and has no backtracking.\n /\nconst MAX_FALLBACK_PATTERN_LENGTH = 1024;\nconst FALLBACK_GREP_BUDGET_MS = 5000;\n// Per-file byte cap. Codex P2 #41 — without it, the whole-file\n// `readFile` + `split('\\n')` for a multi-GB log is an unbounded\n// allocation that the wall-clock budget (checked between files)\n// can't interrupt. Hosts that need to grep large files should\n// install ripgrep.\nconst FALLBACK_GREP_MAX_FILE_BYTES = 5 1024 * 1024;\n\n/*\n Heuristic: walks `pattern` to find any `(<contents>)<quant>` where\n * `<contents>` itself has an unbounded quantifier. Catches the\n * classic `(a+)+` form AND the double-nested `((a+)+)` form (which a\n * single-pass regex misses because `[^)]` stops at the first inner\n close-paren). Misses sufficiently obfuscated cases — bulletproof\n * ReDoS detection requires a real parser. The 5 s wall-clock budget\n * is the hard backstop for anything this slip past.\n /\nfunction hasNestedUnboundedQuantifier(pattern: string): boolean {\n for (let i = 1; i < pattern.length - 1; i++) {\n if (pattern[i] !== ')') continue;\n if (pattern[i - 1] === '\\\\') continue;\n const next = pattern[i + 1];\n if (next !== '+' && next !== '' && next !== '{') continue;\n // Walk back to find the matching opening paren (respecting depth\n // and `\$` escapes).\n let depth = 1;\n let j = i - 1;\n while (j >= 0) {\n const c = pattern[j];\n const escaped = j > 0 && pattern[j - 1] === '\\\\';\n if (!escaped) {\n if (c === ')') depth++;\n else if (c === '(') {\n depth--;\n if (depth === 0) break;\n }\n }\n j--;\n }\n if (j < 0) continue;\n const inner = pattern.slice(j + 1, i);\n if (/(?<!\\\$[+]/.test(inner)) return true;\n }\n return false;\n}\n\nclass FallbackGrepError extends Error {\n readonly kind: 'pattern-too-long' \| 'unsafe-pattern' \| 'invalid-pattern';\n constructor(\n kind: 'pattern-too-long' \| 'unsafe-pattern' \| 'invalid-pattern',\n message: string\n ) {\n super(message);\n this.kind = kind;\n }\n}\n\nfunction compileFallbackRegex(pattern: string): RegExp {\n if (pattern.length > MAX_FALLBACK_PATTERN_LENGTH) {\n throw new FallbackGrepError(\n 'pattern-too-long',\n `Pattern exceeds ${MAX_FALLBACK_PATTERN_LENGTH}-char fallback cap (install ripgrep for unbounded patterns).`\n );\n }\n if (hasNestedUnboundedQuantifier(pattern)) {\n throw new FallbackGrepError(\n 'unsafe-pattern',\n 'Pattern contains a nested unbounded quantifier (e.g. `(a+)+` or `((a+)+)`) which can cause catastrophic backtracking in the Node fallback. Install ripgrep for RE2-safe matching.'\n );\n }\n try {\n return new RegExp(pattern);\n } catch (e) {\n throw new FallbackGrepError(\n 'invalid-pattern',\n `Invalid regex: ${(e as Error).message}`\n );\n }\n}\n\n/* Structured return so callers can count matches separately from\n * diagnostic skip-sentinels (Codex P2 [43]). /\ntype FallbackGrepResult = { matches: string[]; skipped: string[] };\n\n/* Renders fallback-grep output: real matches first, skip diagnostics appended. /\nfunction formatFallbackGrepDisplay(result: FallbackGrepResult): string {\n if (result.matches.length > 0) {\n return [...result.matches, ...result.skipped].join('\\n');\n }\n if (result.skipped.length > 0) {\n return result.skipped.join('\\n');\n }\n return 'No matches found.';\n}\n\nasync function fallbackGrep(\n root: string,\n pattern: string,\n globFilter: string \| undefined,\n maxResults: number,\n fs: import('./workspaceFS').WorkspaceFS\n): Promise<FallbackGrepResult> {\n const rx = compileFallbackRegex(pattern);\n const deadline = Date.now() + FALLBACK_GREP_BUDGET_MS;\n const globRx =\n globFilter != null && globFilter !== ''\n ? globToRegExp(globFilter)\n : undefined;\n const matches: string[] = [];\n // Track skipped (oversize) files separately so they don't consume\n // the maxResults budget. Codex P2 [43]: round 14's fix pushed skip\n // sentinels into `matches`, so a directory of one oversize non-\n // matching file falsely reported `matches: 1`, and enough\n // oversize files could fill the budget before any real match was\n // scanned. Now diagnostics are appended after real matches and\n // independent of the budget.\n const skippedDiagnostics: string[] = [];\n for await (const file of walkFiles(root, fs)) {\n if (Date.now() > deadline) {\n // Wall-clock budget exceeded — return partial results rather\n // than letting a slow pattern hang the Run.\n return { matches, skipped: skippedDiagnostics };\n }\n if (globRx != null) {\n const rel = file.startsWith(root + '/')\n ? file.slice(root.length + 1)\n : file;\n if (!globRx.test(rel)) {\n continue;\n }\n }\n // Skip files larger than the per-file cap and remember them as\n // diagnostics (NOT as matches). Codex P2 [41]: pre-fix\n // `fs.readFile` then `.split('\\n')` allocated the whole file +\n // an array of every line, which a single multi-GB log could\n // turn into an OOM even after the regex DoS guards.\n let stat;\n try {\n stat = await fs.stat(file);\n } catch {\n continue;\n }\n if (stat.size > FALLBACK_GREP_MAX_FILE_BYTES) {\n skippedDiagnostics.push(\n `${file}:0:[skipped: file > ${FALLBACK_GREP_MAX_FILE_BYTES} bytes; install ripgrep for unbounded grep]`\n );\n continue;\n }\n let content;\n try {\n content = await fs.readFile(file, 'utf8');\n } catch {\n continue;\n }\n if (content.includes('\\0')) {\n continue;\n }\n // Re-check the deadline AFTER the read — a slow disk on one\n // file can blow the budget without us noticing.\n if (Date.now() > deadline) {\n return { matches, skipped: skippedDiagnostics };\n }\n const lines = content.split('\\n');\n for (let i = 0; i < lines.length; i++) {\n if (rx.test(lines[i])) {\n matches.push(`${file}:${i + 1}:${lines[i]}`);\n if (matches.length >= maxResults) {\n return { matches, skipped: skippedDiagnostics };\n }\n }\n }\n }\n return { matches, skipped: skippedDiagnostics };\n}\n\nasync function fallbackGlob(\n root: string,\n pattern: string,\n maxResults: number,\n fs: import('./workspaceFS').WorkspaceFS\n): Promise<string[]> {\n const rx = globToRegExp(pattern);\n const out: string[] = [];\n for await (const file of walkFiles(root, fs)) {\n const rel = file.startsWith(root + '/')\n ? file.slice(root.length + 1)\n : file;\n if (rx.test(rel)) {\n out.push(file);\n if (out.length >= maxResults) {\n break;\n }\n }\n }\n return out;\n}\n\nexport function createLocalGrepSearchTool(\n config: t.LocalExecutionConfig = {}\n): DynamicStructuredTool {\n const fs = getWorkspaceFS(config);\n return tool(\n async (rawInput) => {\n const input = rawInput as {\n pattern: string;\n path?: string;\n glob?: string;\n max_results?: number;\n };\n const target = await resolveWorkspacePathSafe(\n input.path ?? '.',\n config,\n 'read'\n );\n const maxResults = Math.max(input.max_results ?? DEFAULT_MAX_RESULTS, 1);\n\n if (await isRipgrepAvailable(config)) {\n // Pass the pattern through `-e` so dash-prefixed patterns\n // like `-foo` are treated as the search regex, not as a\n // (probably-unknown) flag. `rg --help` explicitly requires\n // `-e/--regexp` (or `--`) for that case. Same trick avoids\n // any future flag-conflict if a user query happens to look\n // like an rg long option.\n const args = [\n '--line-number',\n '--column',\n '--hidden',\n '--glob',\n '!.git/',\n ...(input.glob != null && input.glob !== ''\n ? ['--glob', input.glob]\n : []),\n '-e',\n input.pattern,\n target,\n ];\n const result = await spawnLocalProcess('rg', args, {\n ...config,\n timeoutMs: config.timeoutMs ?? 30000,\n });\n // ripgrep exit codes:\n // 0 → at least one match\n // 1 → no matches (clean — \"No matches found.\")\n // 2 → real error (bad regex, unreadable target, etc.)\n // Without this branch (Codex P2 #23 — same fix shape glob_search\n // got from P2 #13), exit-2 errors silently mapped to\n // `matches: 0`, so the agent treated tooling failures as a\n // genuine absence of matches.\n if (\n result.timedOut \|\|\n (result.exitCode != null && result.exitCode > 1)\n ) {\n const detail = result.stderr.trim() \|\| `rg exited ${result.exitCode}`;\n return [\n `grep_search failed: ${detail}`,\n {\n matches: 0,\n engine: 'ripgrep',\n error: detail,\n exitCode: result.exitCode,\n },\n ];\n }\n const lines = result.stdout\n .split('\\n')\n .filter(Boolean)\n .slice(0, maxResults);\n const output =\n lines.length > 0\n ? lines.join('\\n')\n : result.stderr.trim() \|\| 'No matches found.';\n return [output, { matches: lines.length, engine: 'ripgrep' }];\n }\n\n try {\n const { matches, skipped } = await fallbackGrep(\n target,\n input.pattern,\n input.glob,\n maxResults,\n fs\n );\n // Artifact count: ONLY real matches (Codex P2 [43] —\n // skip sentinels used to inflate the count and the budget).\n const display = formatFallbackGrepDisplay({ matches, skipped });\n return [\n display,\n {\n matches: matches.length,\n skipped: skipped.length,\n engine: 'node-fallback',\n },\n ];\n } catch (e) {\n if (e instanceof FallbackGrepError) {\n return [\n `grep_search refused the pattern: ${e.message}`,\n {\n matches: 0,\n engine: 'node-fallback',\n error: e.message,\n kind: e.kind,\n },\n ];\n }\n throw e;\n }\n },\n {\n name: LocalGrepSearchToolName,\n description:\n 'Search local files for a regex pattern (ripgrep when available, Node fallback otherwise).',\n schema: LocalGrepSearchToolSchema,\n responseFormat: Constants.CONTENT_AND_ARTIFACT,\n }\n );\n}\n\nexport function createLocalGlobSearchTool(\n config: t.LocalExecutionConfig = {}\n): DynamicStructuredTool {\n const fs = getWorkspaceFS(config);\n return tool(\n async (rawInput) => {\n const input = rawInput as {\n pattern: string;\n path?: string;\n max_results?: number;\n };\n const target = await resolveWorkspacePathSafe(\n input.path ?? '.',\n config,\n 'read'\n );\n const maxResults = Math.max(input.max_results ?? DEFAULT_MAX_RESULTS, 1);\n\n if (await isRipgrepAvailable(config)) {\n const result = await spawnLocalProcess(\n 'rg',\n [\n '--files',\n '--hidden',\n '--glob',\n '!.git/',\n '--glob',\n input.pattern,\n target,\n ],\n { ...config, timeoutMs: config.timeoutMs ?? 30000 }\n );\n // rg --files exit codes:\n // 0 → at least one file matched\n // 1 → no files matched (clean — \"No files found.\")\n // 2 → real error (bad glob, unreadable target, etc.)\n // Without this branch, exit-2 errors used to silently map to\n // \"No files found.\" — the agent then treats a tooling failure\n // as a real absence of matches.\n if (\n result.timedOut \|\|\n (result.exitCode != null && result.exitCode > 1)\n ) {\n const detail = result.stderr.trim() \|\| `rg exited ${result.exitCode}`;\n return [\n `glob_search failed: ${detail}`,\n {\n files: [],\n engine: 'ripgrep',\n error: detail,\n exitCode: result.exitCode,\n },\n ];\n }\n const lines = result.stdout\n .split('\\n')\n .filter(Boolean)\n .slice(0, maxResults);\n return [\n lines.length > 0 ? lines.join('\\n') : 'No files found.',\n { files: lines, engine: 'ripgrep' },\n ];\n }\n\n const files = await fallbackGlob(target, input.pattern, maxResults, fs);\n return [\n files.length > 0 ? files.join('\\n') : 'No files found.',\n { files, engine: 'node-fallback' },\n ];\n },\n {\n name: LocalGlobSearchToolName,\n description:\n 'Find local files matching a glob pattern (ripgrep when available, Node fallback otherwise).',\n schema: LocalGlobSearchToolSchema,\n responseFormat: Constants.CONTENT_AND_ARTIFACT,\n }\n );\n}\n\nexport function createLocalListDirectoryTool(\n config: t.LocalExecutionConfig = {}\n): DynamicStructuredTool {\n const fs = getWorkspaceFS(config);\n return tool(\n async (rawInput) => {\n const input = rawInput as { path?: string };\n const path = await resolveWorkspacePathSafe(\n input.path ?? '.',\n config,\n 'read'\n );\n const entries = await fs.readdir(path, { withFileTypes: true });\n const output = entries\n .map(\n (entry) => `${entry.isDirectory() ? 'dir ' : 'file'}\\t${entry.name}`\n )\n .join('\\n');\n return [output \|\| 'Directory is empty.', { path, count: entries.length }];\n },\n {\n name: LocalListDirectoryToolName,\n description: 'List files and directories in a local directory.',\n schema: LocalListDirectoryToolSchema,\n responseFormat: Constants.CONTENT_AND_ARTIFACT,\n }\n );\n}\n\nexport type LocalCodingToolBundle = {\n tools: DynamicStructuredTool[];\n /\n Present when `config.fileCheckpointing === true` or a `checkpointer`\n * was passed in. Callers can call `rewind()` to restore captured\n * pre-write contents.\n /\n checkpointer?: t.LocalFileCheckpointer;\n};\n\nexport function createLocalCodingTools(\n config: t.LocalExecutionConfig = {},\n options: { checkpointer?: t.LocalFileCheckpointer } = {}\n): DynamicStructuredTool[] {\n const checkpointer =\n options.checkpointer ??\n (config.fileCheckpointing === true\n ? createLocalFileCheckpointer({ fs: config.exec?.fs })\n : undefined);\n return [\n createLocalReadFileTool(config),\n createLocalWriteFileTool(config, checkpointer),\n createLocalEditFileTool(config, checkpointer),\n createLocalGrepSearchTool(config),\n createLocalGlobSearchTool(config),\n createLocalListDirectoryTool(config),\n createCompileCheckTool(config),\n createLocalBashExecutionTool({ config }),\n createLocalCodeExecutionTool(config),\n createLocalProgrammaticToolCallingTool(config),\n createLocalBashProgrammaticToolCallingTool(config),\n ];\n}\n\n/\n Variant of `createLocalCodingTools` that returns the bundle alongside\n * the file checkpointer so callers can later call\n * `bundle.checkpointer?.rewind()`.\n */\nexport function createLocalCodingToolBundle(\n config: t.LocalExecutionConfig = {},\n options: { checkpointer?: t.LocalFileCheckpointer } = {}\n): LocalCodingToolBundle {\n const checkpointer =\n options.checkpointer ??\n (config.fileCheckpointing === true\n ? createLocalFileCheckpointer({ fs: config.exec?.fs })\n : undefined);\n return {\n tools: createLocalCodingTools(config, { checkpointer }),\n checkpointer,\n };\n}\n\nexport function createLocalCodingToolDefinitions(): t.LCTool[] {\n return [\n toolDefinition(\n Constants.READ_FILE,\n 'Read a local text file from the configured working directory with line numbers.',\n LocalReadFileToolSchema as t.JsonSchemaType\n ),\n toolDefinition(\n LocalWriteFileToolName,\n 'Create or overwrite a local text file in the configured working directory.',\n LocalWriteFileToolSchema as t.JsonSchemaType\n ),\n toolDefinition(\n LocalEditFileToolName,\n 'Apply exact text replacements to a local file.',\n LocalEditFileToolSchema as t.JsonSchemaType\n ),\n toolDefinition(\n LocalGrepSearchToolName,\n 'Search local files with ripgrep and return matching lines.',\n LocalGrepSearchToolSchema as t.JsonSchemaType\n ),\n toolDefinition(\n LocalGlobSearchToolName,\n 'Find local files matching a glob pattern.',\n LocalGlobSearchToolSchema as t.JsonSchemaType\n ),\n toolDefinition(\n LocalListDirectoryToolName,\n 'List files and directories in a local directory.',\n LocalListDirectoryToolSchema as t.JsonSchemaType\n ),\n createCompileCheckToolDefinition(),\n ];\n}\n\nexport function createLocalCodingToolRegistry(): t.LCToolRegistry {\n return new Map(\n createLocalCodingToolDefinitions().map((definition) => [\n definition.name,\n definition,\n ])\n );\n}\n"],"mappings":";;;;;;;;;;;;;;;AA+BA,MAAM,iBAAiB;AACvB,MAAM,sBAAsB;AAC5B,MAAM,yBAAyB,KAAK,OAAO;AAC3C,MAAM,yBAAyB;;;;;;;AAQ/B,MAAa,yBAAA;AACb,MAAa,wBAAA;AACb,MAAa,0BAAA;AACb,MAAa,0BAAA;AACb,MAAa,6BAAA;AAEb,MAAa,0BAA4C;CACvD,MAAM;CACN,YAAY;EACV,MAAM;GACJ,MAAM;GACN,aACE;EACJ;EACA,QAAQ;GACN,MAAM;GACN,aAAa;EACf;EACA,OAAO;GACL,MAAM;GACN,aAAa;EACf;CACF;CACA,UAAU,CAAC,MAAM;AACnB;AAEA,MAAa,2BAA6C;CACxD,MAAM;CACN,YAAY;EACV,MAAM;GACJ,MAAM;GACN,aACE;EACJ;EACA,SAAS;GACP,MAAM;GACN,aAAa;EACf;CACF;CACA,UAAU,CAAC,QAAQ,SAAS;AAC9B;AAEA,MAAa,0BAA4C;CACvD,MAAM;CACN,YAAY;EACV,MAAM;GACJ,MAAM;GACN,aACE;EACJ;EACA,UAAU;GACR,MAAM;GACN,aAAa;EACf;EACA,UAAU;GACR,MAAM;GACN,aAAa;EACf;EACA,OAAO;GACL,MAAM;GACN,aACE;GACF,OAAO;IACL,MAAM;IACN,YAAY;KACV,UAAU,EAAE,MAAM,SAAS;KAC3B,UAAU,EAAE,MAAM,SAAS;IAC7B;IACA,UAAU,CAAC,YAAY,UAAU;GACnC;EACF;CACF;CACA,UAAU,CAAC,MAAM;AACnB;AAEA,MAAa,4BAA8C;CACzD,MAAM;CACN,YAAY;EACV,SAAS;GACP,MAAM;GACN,aAAa;EACf;EACA,MAAM;GACJ,MAAM;GACN,aAAa;EACf;EACA,MAAM;GACJ,MAAM;GACN,aAAa;EACf;EACA,aAAa;GACX,MAAM;GACN,aAAa;EACf;CACF;CACA,UAAU,CAAC,SAAS;AACtB;AAEA,MAAa,4BAA8C;CACzD,MAAM;CACN,YAAY;EACV,SAAS;GACP,MAAM;GACN,aAAa;EACf;EACA,MAAM;GACJ,MAAM;GACN,aAAa;EACf;EACA,aAAa;GACX,MAAM;GACN,aAAa;EACf;CACF;CACA,UAAU,CAAC,SAAS;AACtB;AAEA,MAAa,+BAAiD;CAC5D,MAAM;CACN,YAAY,EACV,MAAM;EACJ,MAAM;EACN,aAAa;CACf,EACF;AACF;AAEA,SAAS,WACP,SACA,QACA,OACsC;CACtC,MAAM,QAAQ,KAAK,KAAK,UAAU,KAAK,GAAG,CAAC;CAO3C,IAAI,SAAS,QAAQ,SAAS,GAAG;EAG/B,MAAM,WAFQ,QAAQ,MAAM,IACP,CAAC,CAAC,MAAM,KACL,CAAC,CACtB,KACE,MAAM,UACL,GAAG,OAAO,QAAQ,QAAQ,CAAC,CAAC,CAAC,SAAS,GAAG,GAAG,EAAE,IAAI,MACtD,CAAC,CACA,KAAK,IAAI;EACZ,OAAO;GACL,MAAMA,6BAAAA,oBAAoB,UAAU,cAAc;GAClD,WAAW,SAAS,SAAS;EAC/B;CACF;CAEA,IAAI,SAAS;CACb,KAAK,IAAI,IAAI,GAAG,IAAI,OAAO,KAAK;EAC9B,MAAM,OAAO,QAAQ,QAAQ,MAAM,MAAM;EACzC,IAAI,SAAS,IAEX,OAAO;GAAE,MAAM;GAAI,WAAW;EAAM;EAEtC,SAAS,OAAO;CAClB;CAEA,MAAM,MAAgB,CAAC;CACvB,IAAI,MAAM;CACV,IAAI,YAAY;CAChB,KAAK,IAAI,IAAI,GAAG,IAAI,OAAO,KAAK;EAC9B,MAAM,OAAO,QAAQ,QAAQ,MAAM,GAAG;EACtC,IAAI,SAAS,IAAI;GACf,IAAI,KAAK,QAAQ,MAAM,GAAG,CAAC;GAC3B;EACF;EACA,IAAI,KAAK,QAAQ,MAAM,KAAK,IAAI,CAAC;EACjC,MAAM,OAAO;EACb,IAAI,MAAM,QAAQ,KAAK,MAAM,QAAQ,QACnC,YAAY;CAEhB;CACA,MAAM,WAAW,IACd,KACE,MAAM,UAAU,GAAG,OAAO,QAAQ,QAAQ,CAAC,CAAC,CAAC,SAAS,GAAG,GAAG,EAAE,IAAI,MACrE,CAAC,CACA,KAAK,IAAI;CACZ,OAAO;EACL,MAAMA,6BAAAA,oBAAoB,UAAU,cAAc;EAClD,WAAW,CAAC,aAAa,SAAS,SAAS;CAC7C;AACF;AAEA,MAAM,iBAAiB;AASvB,eAAe,oBACb,QACA,QACoB;CACpB,MAAM,OAAO,OAAO,uBAAuB;CAC3C,IAAI,SAAS,OAAO,OAAO,KAAA;CAC3B,MAAM,UAAU,MAAMC,oBAAAA,uBAAuBC,QAAM,MAAM;CACzD,IAAI,WAAW,MAAM,OAAO,KAAA;CAC5B,OAAO;EAAE;EAAM;CAAQ;AACzB;AAEA,SAAS,yBAAyB,MAAc,KAAwB;CACtE,IAAI,OAAO,MAAM,OAAO;CACxB,IAAI,IAAI,QAAQ,IAAI,OAAO;CAK3B,OAAO,GAAG,OAHR,IAAI,SAAS,WACT,gCAAgC,IAAI,QAAQ,QAAQ,OACpD,iCAAiC,IAAI,QAAQ,QAAQ,OACjC,IAAI,QAAQ;AACxC;;;;;;;;;;;;;;;AAgBA,eAAe,kBACb,IACA,QACA,SACA,QACA,UACe;CACf,IAAI;EACF,IAAI,SAIF,MAAM,GAAG,UACPA,QACAC,qBAAAA,WAAW,QAAQ;GAAE,GAAG;GAAU,MAAM;EAAO,CAAC,GAChD,MACF;OAEA,MAAM,GAAG,OAAOD,MAAI;CAExB,QAAQ,CAER;AACF;AAEA,SAAS,cACP,UACA,QACA,OACQ;CACR,IAAI,WAAW,OACb,OAAO;CAET,MAAM,QAAA,GAAA,KAAA,SAAA,CAAgB,QAAQ;CAC9B,MAAM,SAAA,GAAA,KAAA,oBAAA,CAA4B,MAAM,MAAM,QAAQ,OAAO,IAAI,IAAI,EACnE,SAAS,EACX,CAAC;CACD,IAAI,MAAM,UAAU,gBAClB,OAAO;CAET,OACE,MAAM,MAAM,GAAG,cAAc,IAC7B,0BAA0B,MAAM,SAAS,eAAe;AAE5D;AAEA,SAAS,eAAe,OAIwB;CAC9C,MAAM,QAAQ,MAAM,QAAQ,MAAM,KAAK,IACnC,MAAM,MAAM,KAAK,UAAU;EAC3B,SAAS,KAAK,YAAY;EAC1B,SAAS,KAAK,YAAY;CAC5B,EAAE,IACA,CAAC;CAEL,IAAI,MAAM,YAAY,QAAQ,MAAM,YAAY,MAC9C,MAAM,KAAK;EACT,SAAS,MAAM,YAAY;EAC3B,SAAS,MAAM,YAAY;CAC7B,CAAC;CAGH,OAAO;AACT;AAEA,SAAS,eACP,MACA,aACA,YACU;CACV,OAAO;EACL;EACA;EACA;EACA,iBAAiB,CAAC,UAAU,gBAAgB;EAC5C,gBAAA;EACA,UAAU;CACZ;AACF;AAEA,eAAe,YACb,QACA,IACkB;CAClB,IAAI;CACJ,IAAI;EACF,SAAS,MAAM,GAAG,KAAKA,QAAM,GAAG;EAChC,MAAM,SAAS,OAAO,MAAM,sBAAsB;EAClD,MAAM,EAAE,cAAc,MAAM,OAAO,KACjC,QACA,GACA,wBACA,CACF;EACA,KAAK,IAAI,IAAI,GAAG,IAAI,WAAW,KAC7B,IAAI,OAAO,OAAO,GAChB,OAAO;EAGX,OAAO;CACT,UAAU;EACR,MAAM,QAAQ,MAAM;CACtB;AACF;AAEA,MAAM,+BAA+B,IAAI,OAAO;AAEhD,SAAgB,wBACd,SAAiC,CAAC,GACX;CACvB,MAAM,KAAKE,6BAAAA,eAAe,MAAM;CAChC,QAAA,GAAA,sBAAA,KAAA,CACE,OAAO,aAAa;EAClB,MAAM,QAAQ;EAKd,MAAMF,SAAO,MAAMG,6BAAAA,yBACjB,MAAM,MACN,QACA,MACF;EACA,MAAM,WAAW,MAAM,GAAG,KAAKH,MAAI;EACnC,IAAI,CAAC,SAAS,OAAO,GACnB,MAAM,IAAI,MAAM,uBAAuB,MAAM,MAAM;EAErD,MAAM,WAAW,KAAK,IACpB,OAAO,gBAAgB,wBACvB,CACF;EACA,IAAI,SAAS,OAAO,UAElB,OAAO,CAAC,WADgB,SAAS,KAAK,sBAAsB,SAAS,qFACvD;GAAE,MAAA;GAAM,OAAO,SAAS;GAAM,WAAW;EAAK,CAAC;EAG/D,IAAI,MAAM,YAAYA,QAAM,EAAE,GAAG;GAC/B,MAAM,iBAAiB,OAAO,yBAAyB;GACvD,IAAI,mBAAmB,OAAO;IAC5B,MAAM,aAAa,MAAMI,oBAAAA,mBAAmB;KAC1C,MAAA;KACA,OAAO,SAAS;KAChB,MAAM;KACN,UAAU,OAAO,sBAAsB;KAIvC;IACF,CAAC;IACD,IAAI,WAAW,SAAS,SACtB,OAAO,CACLC,oBAAAA,uBAAuBL,QAAM,UAAU,GACvC;KACE,MAAA;KACA,OAAO,SAAS;KAChB,MAAM,WAAW;KACjB,YAAY;IACd,CACF;IAEF,IAAI,WAAW,SAAS,OACtB,OAAO,CACL,CACE;KACE,MAAM;KACN,MAAM,QAAQA,OAAK,qBAAqB,SAAS,KAAK;IACxD,GACA;KACE,MAAM;KACN,WAAW,EAAE,KAAK,WAAW,QAAQ;IACvC,CACF,GACA;KACE,MAAA;KACA,OAAO,SAAS;KAChB,MAAM,WAAW;KACjB,YAAY;IACd,CACF;IAEF,IAAI,WAAW,SAAS,YACtB,OAAO,CACL,qBAAqB,WAAW,KAAK,eAAe,WAAW,MAAM,iBAAiB,WAAW,SAAS,cAC1G;KACE,MAAA;KACA,OAAO,SAAS;KAChB,MAAM,WAAW;KACjB,YAAY;IACd,CACF;IAEF,IAAI,WAAW,SAAS,UACtB,OAAO,CACL,iCAAiC,SAAS,KAAK,UAAU,WAAW,KAAK,KAAKA,UAC9E;KACE,MAAA;KACA,OAAO,SAAS;KAChB,MAAM,WAAW;KACjB,QAAQ;IACV,CACF;GAGJ,OACE,OAAO,CACL,iCAAiC,SAAS,KAAK,WAAWA,UAC1D;IAAE,MAAA;IAAM,OAAO,SAAS;IAAM,QAAQ;GAAK,CAC7C;EAEJ;EAGA,MAAM,SAAS,WAAW,MADJ,GAAG,SAASA,QAAM,MAAM,GACX,MAAM,QAAQ,MAAM,KAAK;EAC5D,OAAO,CACL,OAAO,YAAY,GAAG,OAAO,KAAK,iBAAiB,OAAO,MAC1D;GAAE,MAAA;GAAM,OAAO,SAAS;EAAK,CAC/B;CACF,GACA;EACE,MAAA;EACA,aACE;EAGF,QAAQ;EACR,gBAAA;CACF,CACF;AACF;AAEA,SAAgB,yBACd,SAAiC,CAAC,GAClC,cACuB;CACvB,MAAM,KAAKE,6BAAAA,eAAe,MAAM;CAChC,QAAA,GAAA,sBAAA,KAAA,CACE,OAAO,aAAa;EAClB,MAAM,QAAQ;EACd,IAAI,OAAO,aAAa,MACtB,MAAM,IAAI,MAAM,gDAAgD;EAElE,MAAMF,SAAO,MAAMG,6BAAAA,yBACjB,MAAM,MACN,QACA,OACF;EACA,IAAI,gBAAgB,MAClB,MAAM,aAAa,mBAAmBH,MAAI;EAG5C,IAAI,SAAS;EACb,IAAI,WAAW;GAAE,MAAM;GAAI,QAAQ;GAAO,SAAS;EAAc;EAGjE,IAAI,UAAU;EACd,IAAI;GAEF,MAAM,UAAUM,qBAAAA,WAAW,MADT,GAAG,SAASN,QAAM,MAAM,CACZ;GAC9B,SAAS,QAAQ;GACjB,WAAW;GACX,UAAU;EACZ,QAAQ;GACN,UAAU;EACZ;EAEA,MAAM,GAAG,OAAA,GAAA,KAAA,QAAA,CAAcA,MAAI,GAAG,EAAE,WAAW,KAAK,CAAC;EACjD,MAAM,YAAYC,qBAAAA,WAAW,MAAM,SAAS,QAAQ;EACpD,MAAM,GAAG,UAAUD,QAAM,WAAW,MAAM;EAE1C,MAAM,SAAS,MAAM,oBAAoBA,QAAM,MAAM;EAErD,MAAMO,SAAO,UACT,cAAcP,QAAM,QAAQ,MAAM,OAAO,IACzC,cAAc,MAAM,QAAQ,OAAO;EAIvC,MAAM,UAAU,yBAHI,UAChB,aAAaA,OAAK,IAAI,MAAM,QAAQ,OAAO,kBAAkBO,WAC7D,WAAWP,OAAK,IAAI,MAAM,QAAQ,OAAO,WACS,MAAM;EAC5D,IAAI,QAAQ,QAAQ,OAAO,SAAS,OAAO,SAAS,UAAU;GAI5D,MAAM,kBAAkB,IAAIA,QAAM,SAAS,QAAQ,QAAQ;GAC3D,MAAM,IAAI,MACR,mCAAmC,OAAO,QAAQ,QAAQ,mCAAmC,OAAO,QAAQ,QAC9G;EACF;EACA,OAAO,CACL,SACA;GACE,MAAA;GACA,OAAO,UAAU;GACjB,UAAU,CAAC;GACX,SAAS,SAAS,YAAY,SAAS,SAAS;GAChD,SAAS,SAAS;GAClB,GAAI,UAAU,QAAQ,OAAO,QAAQ,OAAO,QACxC,EAAE,cAAc,OAAO,QAAQ,QAAQ,IACvC,CAAC;EACP,CACF;CACF,GACA;EACE,MAAM;EACN,aACE;EAGF,QAAQ;EACR,gBAAA;CACF,CACF;AACF;AAEA,SAAgB,wBACd,SAAiC,CAAC,GAClC,cACuB;CACvB,MAAM,KAAKE,6BAAAA,eAAe,MAAM;CAChC,QAAA,GAAA,sBAAA,KAAA,CACE,OAAO,aAAa;EAClB,MAAM,QAAQ;EAMd,IAAI,OAAO,aAAa,MACtB,MAAM,IAAI,MAAM,+CAA+C;EAEjE,MAAM,QAAQ,eAAe,KAAK;EAClC,IAAI,MAAM,WAAW,GACnB,MAAM,IAAI,MAAM,kDAAkD;EAGpE,MAAMF,SAAO,MAAMG,6BAAAA,yBACjB,MAAM,MACN,QACA,OACF;EAEA,MAAM,WAAWG,qBAAAA,WAAW,MADV,GAAG,SAASN,QAAM,MAAM,CACX;EAC/B,MAAM,WAAW,SAAS;EAE1B,IAAI,OAAO;EACX,MAAM,iBAA2B,CAAC;EAClC,KAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;GACrC,MAAM,OAAO,MAAM;GACnB,MAAM,QAAQQ,uBAAAA,WAAW,MAAM,KAAK,OAAO;GAC3C,IAAI,SAAS,MACX,MAAM,IAAI,MACR,QAAQ,IAAI,EAAE,GAAG,MAAM,OAAO,iCAAiC,MAAM,KAAK,oIAG5E;GAEF,eAAe,KAAK,MAAM,QAAQ;GAClC,OAAOC,uBAAAA,UAAU,MAAM,OAAO,KAAK,OAAO;EAC5C;EAEA,IAAI,gBAAgB,MAClB,MAAM,aAAa,mBAAmBT,MAAI;EAE5C,MAAM,YAAYC,qBAAAA,WAAW,MAAM,QAAQ;EAC3C,MAAM,GAAG,UAAUD,QAAM,WAAW,MAAM;EAE1C,MAAM,SAAS,MAAM,oBAAoBA,QAAM,MAAM;EAErD,MAAMO,SAAO,cAAcP,QAAM,UAAU,IAAI;EAC/C,MAAM,QAAQ,eAAe,MAAM,MAAM,MAAM,OAAO;EAKtD,MAAM,UAAU,yBAHd,WAAW,MAAM,OAAO,cAAcA,YACrC,QAAQ,iBAAiB,eAAe,KAAK,IAAI,EAAE,KAAK,MACzD,YAAYO,UACwC,MAAM;EAC5D,IAAI,QAAQ,QAAQ,OAAO,SAAS,OAAO,SAAS,UAAU;GAI5D,MAAM,kBAAkB,IAAIP,QAAM,MAAM,UAAU,QAAQ;GAC1D,MAAM,IAAI,MACR,kCAAkC,OAAO,QAAQ,QAAQ,kCAAkC,OAAO,QAAQ,QAC5G;EACF;EACA,OAAO,CACL,SACA;GACE,MAAA;GACA,OAAO,MAAM;GACb,YAAY;GACZ,SAAS,SAAS,YAAY,SAAS,SAAS;GAChD,SAAS,SAAS;GAClB,GAAI,UAAU,QAAQ,OAAO,QAAQ,OAAO,QACxC,EAAE,cAAc,OAAO,QAAQ,QAAQ,IACvC,CAAC;EACP,CACF;CACF,GACA;EACE,MAAM;EACN,aACE;EACF,QAAQ;EACR,gBAAA;CACF,CACF;AACF;;;;;;;;;;;;AAoBA,IAAI,+CAA+B,IAAI,QAGrC;AAEF,SAAS,YAAY,KAA4C;CAK/D,IAAI,OAAO,MAAM,OAAO;CACxB,MAAM,SAA6C,CAAC;CACpD,KAAK,MAAM,KAAK,OAAO,KAAK,GAAG,CAAC,CAAC,KAAK,GACpC,OAAO,KAAK,IAAI;CAElB,OAAO,KAAK,UAAU,MAAM;AAC9B;AAEA,eAAe,mBACb,QACkB;CAClB,MAAM,UAAUU,6BAAAA,SAAS,MAAM;CAC/B,IAAI,SAAS,6BAA6B,IAAI,OAAO;CACrD,IAAI,UAAU,MAAM;EAClB,yBAAS,IAAI,IAAI;EACjB,6BAA6B,IAAI,SAAS,MAAM;CAClD;CACA,MAAM,SAAS,YAAY,OAAO,GAAG;CACrC,IAAI,eAAe,OAAO,IAAI,MAAM;CACpC,IAAI,gBAAgB,MAAM;EACxB,eAAeC,6BAAAA,kBACb,MACA,CAAC,WAAW,GACZ;GAAE,GAAG;GAAQ,WAAW;GAAM,SAAS,EAAE,SAAS,MAAM;EAAE,GAC1D,EAAE,UAAU,KAAK,CACnB,CAAC,CACE,MAAM,UAAU,MAAM,aAAa,CAAC,CAAC,CACrC,YAAY,KAAK;EACpB,OAAO,IAAI,QAAQ,YAAY;CACjC;CACA,OAAO;AACT;;;;;;;;;AAUA,SAAgB,6BAAmC;CACjD,+CAA+B,IAAI,QAAQ;AAC7C;AAQA,MAAM,YAAY,IAAI,IAAI;CACxB;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;AACF,CAAC;AAED,SAAS,aAAa,SAAyB;CAC7C,IAAI,SAAS;CACb,KAAK,IAAI,IAAI,GAAG,IAAI,QAAQ,QAAQ,KAAK;EACvC,MAAM,IAAI,QAAQ;EAClB,IAAI,MAAM,KACR,IAAI,QAAQ,IAAI,OAAO,KAAK;GAC1B,UAAU;GACV,KAAK;GACL,IAAI,QAAQ,IAAI,OAAO,KACrB,KAAK;EAET,OACE,UAAU;OAEP,IAAI,MAAM,KACf,UAAU;OACL,IAAI,gBAAgB,SAAS,CAAC,GACnC,UAAU,OAAO;OAEjB,UAAU;CAEd;CACA,UAAU;CACV,OAAO,IAAI,OAAO,MAAM;AAC1B;AAEA,gBAAgB,UACd,MACA,IACwB;CACxB,MAAM,QAAkB,CAAC,IAAI;CAC7B,OAAO,MAAM,SAAS,GAAG;EACvB,MAAM,MAAM,MAAM,IAAI;EACtB,IAAI;EACJ,IAAI;GACF,UAAU,MAAM,GAAG,QAAQ,KAAK,EAAE,eAAe,KAAK,CAAC;EACzD,QAAQ;GACN;EACF;EACA,KAAK,MAAM,SAAS,SAAS;GAC3B,IAAI,MAAM,KAAK,WAAW,MAAM,KAAK,UAAU,IAAI,MAAM,IAAI,GAC3D;GAEF,MAAM,OAAO,GAAG,IAAI,GAAG,MAAM;GAC7B,IAAI,MAAM,YAAY,GACpB,MAAM,KAAK,IAAI;QACV,IAAI,MAAM,OAAO,GACtB,MAAM;EAEV;CACF;AACF;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4BA,MAAM,8BAA8B;AACpC,MAAM,0BAA0B;AAMhC,MAAM,+BAA+B,IAAI,OAAO;;;;;;;;;;AAWhD,SAAS,6BAA6B,SAA0B;CAC9D,KAAK,IAAI,IAAI,GAAG,IAAI,QAAQ,SAAS,GAAG,KAAK;EAC3C,IAAI,QAAQ,OAAO,KAAK;EACxB,IAAI,QAAQ,IAAI,OAAO,MAAM;EAC7B,MAAM,OAAO,QAAQ,IAAI;EACzB,IAAI,SAAS,OAAO,SAAS,OAAO,SAAS,KAAK;EAGlD,IAAI,QAAQ;EACZ,IAAI,IAAI,IAAI;EACZ,OAAO,KAAK,GAAG;GACb,MAAM,IAAI,QAAQ;GAElB,IAAI,EADY,IAAI,KAAK,QAAQ,IAAI,OAAO;QAEtC,MAAM,KAAK;SACV,IAAI,MAAM,KAAK;KAClB;KACA,IAAI,UAAU,GAAG;IACnB;;GAEF;EACF;EACA,IAAI,IAAI,GAAG;EACX,MAAM,QAAQ,QAAQ,MAAM,IAAI,GAAG,CAAC;EACpC,IAAI,cAAc,KAAK,KAAK,GAAG,OAAO;CACxC;CACA,OAAO;AACT;AAEA,IAAM,oBAAN,cAAgC,MAAM;CACpC;CACA,YACE,MACA,SACA;EACA,MAAM,OAAO;EACb,KAAK,OAAO;CACd;AACF;AAEA,SAAS,qBAAqB,SAAyB;CACrD,IAAI,QAAQ,SAAS,6BACnB,MAAM,IAAI,kBACR,oBACA,mBAAmB,4BAA4B,6DACjD;CAEF,IAAI,6BAA6B,OAAO,GACtC,MAAM,IAAI,kBACR,kBACA,mLACF;CAEF,IAAI;EACF,OAAO,IAAI,OAAO,OAAO;CAC3B,SAAS,GAAG;EACV,MAAM,IAAI,kBACR,mBACA,kBAAmB,EAAY,SACjC;CACF;AACF;;AAOA,SAAS,0BAA0B,QAAoC;CACrE,IAAI,OAAO,QAAQ,SAAS,GAC1B,OAAO,CAAC,GAAG,OAAO,SAAS,GAAG,OAAO,OAAO,CAAC,CAAC,KAAK,IAAI;CAEzD,IAAI,OAAO,QAAQ,SAAS,GAC1B,OAAO,OAAO,QAAQ,KAAK,IAAI;CAEjC,OAAO;AACT;AAEA,eAAe,aACb,MACA,SACA,YACA,YACA,IAC6B;CAC7B,MAAM,KAAK,qBAAqB,OAAO;CACvC,MAAM,WAAW,KAAK,IAAI,IAAI;CAC9B,MAAM,SACJ,cAAc,QAAQ,eAAe,KACjC,aAAa,UAAU,IACvB,KAAA;CACN,MAAM,UAAoB,CAAC;CAQ3B,MAAM,qBAA+B,CAAC;CACtC,WAAW,MAAM,QAAQ,UAAU,MAAM,EAAE,GAAG;EAC5C,IAAI,KAAK,IAAI,IAAI,UAGf,OAAO;GAAE;GAAS,SAAS;EAAmB;EAEhD,IAAI,UAAU,MAAM;GAClB,MAAM,MAAM,KAAK,WAAW,OAAO,GAAG,IAClC,KAAK,MAAM,KAAK,SAAS,CAAC,IAC1B;GACJ,IAAI,CAAC,OAAO,KAAK,GAAG,GAClB;EAEJ;EAMA,IAAI;EACJ,IAAI;GACF,OAAO,MAAM,GAAG,KAAK,IAAI;EAC3B,QAAQ;GACN;EACF;EACA,IAAI,KAAK,OAAO,8BAA8B;GAC5C,mBAAmB,KACjB,GAAG,KAAK,sBAAsB,6BAA6B,4CAC7D;GACA;EACF;EACA,IAAI;EACJ,IAAI;GACF,UAAU,MAAM,GAAG,SAAS,MAAM,MAAM;EAC1C,QAAQ;GACN;EACF;EACA,IAAI,QAAQ,SAAS,IAAI,GACvB;EAIF,IAAI,KAAK,IAAI,IAAI,UACf,OAAO;GAAE;GAAS,SAAS;EAAmB;EAEhD,MAAM,QAAQ,QAAQ,MAAM,IAAI;EAChC,KAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAChC,IAAI,GAAG,KAAK,MAAM,EAAE,GAAG;GACrB,QAAQ,KAAK,GAAG,KAAK,GAAG,IAAI,EAAE,GAAG,MAAM,IAAI;GAC3C,IAAI,QAAQ,UAAU,YACpB,OAAO;IAAE;IAAS,SAAS;GAAmB;EAElD;CAEJ;CACA,OAAO;EAAE;EAAS,SAAS;CAAmB;AAChD;AAEA,eAAe,aACb,MACA,SACA,YACA,IACmB;CACnB,MAAM,KAAK,aAAa,OAAO;CAC/B,MAAM,MAAgB,CAAC;CACvB,WAAW,MAAM,QAAQ,UAAU,MAAM,EAAE,GAAG;EAC5C,MAAM,MAAM,KAAK,WAAW,OAAO,GAAG,IAClC,KAAK,MAAM,KAAK,SAAS,CAAC,IAC1B;EACJ,IAAI,GAAG,KAAK,GAAG,GAAG;GAChB,IAAI,KAAK,IAAI;GACb,IAAI,IAAI,UAAU,YAChB;EAEJ;CACF;CACA,OAAO;AACT;AAEA,SAAgB,0BACd,SAAiC,CAAC,GACX;CACvB,MAAM,KAAKT,6BAAAA,eAAe,MAAM;CAChC,QAAA,GAAA,sBAAA,KAAA,CACE,OAAO,aAAa;EAClB,MAAM,QAAQ;EAMd,MAAM,SAAS,MAAMC,6BAAAA,yBACnB,MAAM,QAAQ,KACd,QACA,MACF;EACA,MAAM,aAAa,KAAK,IAAI,MAAM,eAAe,qBAAqB,CAAC;EAEvE,IAAI,MAAM,mBAAmB,MAAM,GAAG;GAoBpC,MAAM,SAAS,MAAMQ,6BAAAA,kBAAkB,MAAM;IAZ3C;IACA;IACA;IACA;IACA;IACA,GAAI,MAAM,QAAQ,QAAQ,MAAM,SAAS,KACrC,CAAC,UAAU,MAAM,IAAI,IACrB,CAAC;IACL;IACA,MAAM;IACN;GAE8C,GAAG;IACjD,GAAG;IACH,WAAW,OAAO,aAAa;GACjC,CAAC;GASD,IACE,OAAO,YACN,OAAO,YAAY,QAAQ,OAAO,WAAW,GAC9C;IACA,MAAM,SAAS,OAAO,OAAO,KAAK,KAAK,aAAa,OAAO;IAC3D,OAAO,CACL,uBAAuB,UACvB;KACE,SAAS;KACT,QAAQ;KACR,OAAO;KACP,UAAU,OAAO;IACnB,CACF;GACF;GACA,MAAM,QAAQ,OAAO,OAClB,MAAM,IAAI,CAAC,CACX,OAAO,OAAO,CAAC,CACf,MAAM,GAAG,UAAU;GAKtB,OAAO,CAHL,MAAM,SAAS,IACX,MAAM,KAAK,IAAI,IACf,OAAO,OAAO,KAAK,KAAK,qBACd;IAAE,SAAS,MAAM;IAAQ,QAAQ;GAAU,CAAC;EAC9D;EAEA,IAAI;GACF,MAAM,EAAE,SAAS,YAAY,MAAM,aACjC,QACA,MAAM,SACN,MAAM,MACN,YACA,EACF;GAIA,OAAO,CADS,0BAA0B;IAAE;IAAS;GAAQ,CAErD,GACN;IACE,SAAS,QAAQ;IACjB,SAAS,QAAQ;IACjB,QAAQ;GACV,CACF;EACF,SAAS,GAAG;GACV,IAAI,aAAa,mBACf,OAAO,CACL,oCAAoC,EAAE,WACtC;IACE,SAAS;IACT,QAAQ;IACR,OAAO,EAAE;IACT,MAAM,EAAE;GACV,CACF;GAEF,MAAM;EACR;CACF,GACA;EACE,MAAM;EACN,aACE;EACF,QAAQ;EACR,gBAAA;CACF,CACF;AACF;AAEA,SAAgB,0BACd,SAAiC,CAAC,GACX;CACvB,MAAM,KAAKT,6BAAAA,eAAe,MAAM;CAChC,QAAA,GAAA,sBAAA,KAAA,CACE,OAAO,aAAa;EAClB,MAAM,QAAQ;EAKd,MAAM,SAAS,MAAMC,6BAAAA,yBACnB,MAAM,QAAQ,KACd,QACA,MACF;EACA,MAAM,aAAa,KAAK,IAAI,MAAM,eAAe,qBAAqB,CAAC;EAEvE,IAAI,MAAM,mBAAmB,MAAM,GAAG;GACpC,MAAM,SAAS,MAAMQ,6BAAAA,kBACnB,MACA;IACE;IACA;IACA;IACA;IACA;IACA,MAAM;IACN;GACF,GACA;IAAE,GAAG;IAAQ,WAAW,OAAO,aAAa;GAAM,CACpD;GAQA,IACE,OAAO,YACN,OAAO,YAAY,QAAQ,OAAO,WAAW,GAC9C;IACA,MAAM,SAAS,OAAO,OAAO,KAAK,KAAK,aAAa,OAAO;IAC3D,OAAO,CACL,uBAAuB,UACvB;KACE,OAAO,CAAC;KACR,QAAQ;KACR,OAAO;KACP,UAAU,OAAO;IACnB,CACF;GACF;GACA,MAAM,QAAQ,OAAO,OAClB,MAAM,IAAI,CAAC,CACX,OAAO,OAAO,CAAC,CACf,MAAM,GAAG,UAAU;GACtB,OAAO,CACL,MAAM,SAAS,IAAI,MAAM,KAAK,IAAI,IAAI,mBACtC;IAAE,OAAO;IAAO,QAAQ;GAAU,CACpC;EACF;EAEA,MAAM,QAAQ,MAAM,aAAa,QAAQ,MAAM,SAAS,YAAY,EAAE;EACtE,OAAO,CACL,MAAM,SAAS,IAAI,MAAM,KAAK,IAAI,IAAI,mBACtC;GAAE;GAAO,QAAQ;EAAgB,CACnC;CACF,GACA;EACE,MAAM;EACN,aACE;EACF,QAAQ;EACR,gBAAA;CACF,CACF;AACF;AAEA,SAAgB,6BACd,SAAiC,CAAC,GACX;CACvB,MAAM,KAAKT,6BAAAA,eAAe,MAAM;CAChC,QAAA,GAAA,sBAAA,KAAA,CACE,OAAO,aAAa;EAElB,MAAMF,SAAO,MAAMG,6BAAAA,yBACjBS,SAAM,QAAQ,KACd,QACA,MACF;EACA,MAAM,UAAU,MAAM,GAAG,QAAQZ,QAAM,EAAE,eAAe,KAAK,CAAC;EAM9D,OAAO,CALQ,QACZ,KACE,UAAU,GAAG,MAAM,YAAY,IAAI,SAAS,OAAO,IAAI,MAAM,MAChE,CAAC,CACA,KAAK,IACK,KAAK,uBAAuB;GAAE,MAAA;GAAM,OAAO,QAAQ;EAAO,CAAC;CAC1E,GACA;EACE,MAAM;EACN,aAAa;EACb,QAAQ;EACR,gBAAA;CACF,CACF;AACF;AAYA,SAAgB,uBACd,SAAiC,CAAC,GAClC,UAAsD,CAAC,GAC9B;CACzB,MAAM,eACJ,QAAQ,iBACP,OAAO,sBAAsB,OAC1Ba,yBAAAA,4BAA4B,EAAE,IAAI,OAAO,MAAM,GAAG,CAAC,IACnD,KAAA;CACN,OAAO;EACL,wBAAwB,MAAM;EAC9B,yBAAyB,QAAQ,YAAY;EAC7C,wBAAwB,QAAQ,YAAY;EAC5C,0BAA0B,MAAM;EAChC,0BAA0B,MAAM;EAChC,6BAA6B,MAAM;EACnCC,yBAAAA,uBAAuB,MAAM;EAC7BC,4BAAAA,6BAA6B,EAAE,OAAO,CAAC;EACvCC,4BAAAA,6BAA6B,MAAM;EACnCC,qCAAAA,uCAAuC,MAAM;EAC7CC,qCAAAA,2CAA2C,MAAM;CACnD;AACF;;;;;;AAOA,SAAgB,4BACd,SAAiC,CAAC,GAClC,UAAsD,CAAC,GAChC;CACvB,MAAM,eACJ,QAAQ,iBACP,OAAO,sBAAsB,OAC1BL,yBAAAA,4BAA4B,EAAE,IAAI,OAAO,MAAM,GAAG,CAAC,IACnD,KAAA;CACN,OAAO;EACL,OAAO,uBAAuB,QAAQ,EAAE,aAAa,CAAC;EACtD;CACF;AACF;AAEA,SAAgB,mCAA+C;CAC7D,OAAO;EACL,eAAA,aAEE,mFACA,uBACF;EACA,eACE,wBACA,8EACA,wBACF;EACA,eACE,uBACA,kDACA,uBACF;EACA,eACE,yBACA,8DACA,yBACF;EACA,eACE,yBACA,6CACA,yBACF;EACA,eACE,4BACA,oDACA,4BACF;EACAM,yBAAAA,iCAAiC;CACnC;AACF;AAEA,SAAgB,gCAAkD;CAChE,OAAO,IAAI,IACT,iCAAiC,CAAC,CAAC,KAAK,eAAe,CACrD,WAAW,MACX,UACF,CAAC,CACH;AACF"}

package/dist/esm/hooks/createWorkspacePolicyHook.mjs CHANGED Viewed

@@ -75,10 +75,11 @@ function extractCompileCheckPaths(input) {
 	for (const match of command.matchAll(ABSOLUTE_PATH_TOKEN)) out.push(expandHomeRelative(match[1]));
 	return out;
 }
+const extractPath = (i) => typeof i.path === "string" && i.path !== "" ? [i.path] : [];
 const DEFAULT_EXTRACTORS = {
-	["read_file"]: (i) => typeof i.file_path === "string" ? [i.file_path] : [],
-	["write_file"]: (i) => typeof i.file_path === "string" ? [i.file_path] : [],
-	["edit_file"]: (i) => typeof i.file_path === "string" ? [i.file_path] : [],
+	["read_file"]: extractPath,
+	["write_file"]: extractPath,
+	["edit_file"]: extractPath,
 	["grep_search"]: (i) => typeof i.path === "string" && i.path !== "" ? [i.path] : [],
 	["glob_search"]: (i) => typeof i.path === "string" && i.path !== "" ? [i.path] : [],
 	["list_directory"]: (i) => typeof i.path === "string" && i.path !== "" ? [i.path] : [],

package/dist/esm/hooks/createWorkspacePolicyHook.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"createWorkspacePolicyHook.mjs","names":[],"sources":["../../../src/hooks/createWorkspacePolicyHook.ts"],"sourcesContent":["/*\n Workspace boundary policy as a `PreToolUse` hook.\n \n Local-engine file tools enforce a hard workspace boundary at the\n * tool implementation layer (`resolveWorkspacePathSafe`). This hook\n * adds a complementary, host-controlled layer on top that uses the\n * standard PreToolUse / HITL machinery to negotiate access to\n * paths outside the workspace — instead of just throwing.\n \n The host opts in by registering this hook on a `HookRegistry`; the\n * hook inspects each tool call's input, extracts the file paths it\n * mentions via per-tool extractors, and returns:\n \n - `allow` — every path is inside `workspace.root`\n * (or `additionalRoots`)\n * - `deny` — at least one path is outside, and the\n * configured outside-policy is `'deny'`\n * - `ask` — at least one path is outside, and the\n * outside-policy is `'ask'` (default).\n * When `humanInTheLoop.enabled` is true,\n * the existing PreToolUse `'ask'` flow\n * raises a tool_approval interrupt the\n * host UI can render. When HITL is off,\n * `'ask'` collapses to `deny` (matches\n * the rest of the SDK's default).\n \n Default per-tool path extractors cover the local-engine coding\n * suite (`read_file`, `write_file`, `edit_file`, `grep_search`,\n * `glob_search`, `list_directory`, `compile_check`). The host can\n * override or extend via `pathExtractors`. Bash/code paths are not\n * extracted by default — bash command parsing is its own concern, and\n * the existing `bashAst` validator + sandbox-runtime fs allowlist are\n * the right gates for those.\n \n Important: this hook does NOT replace `resolveWorkspacePathSafe`.\n * Even if the hook returns `allow`, the file tool still enforces its\n * own clamp unless `workspace.allowReadOutside` /\n * `workspace.allowWriteOutside` (or the legacy\n * `allowOutsideWorkspace`) is set. The recommended composition for\n * \"ask the user\" semantics is:\n \n workspace: {\n * root,\n * allowReadOutside: true,\n * allowWriteOutside: true,\n * },\n * // …with the hook installed and humanInTheLoop.enabled = true.\n /\n\nimport { homedir } from 'os';\nimport { realpath } from 'fs/promises';\nimport { isAbsolute, relative, resolve } from 'path';\nimport type {\n HookCallback,\n PreToolUseHookInput,\n PreToolUseHookOutput,\n ToolDecision,\n} from './types';\nimport { Constants } from '@/common';\n\n/\n What to do when a tool call references a path outside the workspace.\n \n - `'ask'` : default. Raise a PreToolUse `ask` (host UI prompts\n * via the HITL interrupt path).\n * - `'allow'` : let the call through (use the existing tool clamp\n * to actually enforce — the hook is purely advisory).\n * - `'deny'` : block the call with an error ToolMessage.\n /\nexport type OutsideAccessPolicy = 'ask' \| 'allow' \| 'deny';\n\nexport interface WorkspacePolicyConfig {\n /* Canonical workspace root. Required. /\n root: string;\n /* Sibling roots that count as inside-workspace. /\n additionalRoots?: readonly string[];\n /* Policy applied to read-only file tools. Defaults to `'ask'`. /\n outsideRead?: OutsideAccessPolicy;\n /* Policy applied to write-shaped file tools. Defaults to `'ask'`. /\n outsideWrite?: OutsideAccessPolicy;\n /\n Optional reason template surfaced in the `ask`/`deny` decision.\n * Supports `{tool}` and `{paths}` substitution.\n /\n reason?: string;\n /\n Per-tool path extractors. Defaults cover the local-engine coding\n * suite. Returning an empty array opts that tool out of policy.\n /\n pathExtractors?: Record<string, PathExtractor>;\n}\n\nexport type PathExtractor = (\n toolInput: Record<string, unknown>\n) => readonly string[];\n\nconst READ_TOOLS = new Set<string>([\n Constants.READ_FILE,\n Constants.GREP_SEARCH,\n Constants.GLOB_SEARCH,\n Constants.LIST_DIRECTORY,\n Constants.COMPILE_CHECK,\n]);\n\nconst WRITE_TOOLS = new Set<string>([\n Constants.WRITE_FILE,\n Constants.EDIT_FILE,\n]);\n\n/\n Best-effort extractor for `compile_check` — pulls absolute and `~/`\n * path tokens out of the `command` string so the workspace boundary\n * sees them. Without this, a model could ship `command: 'cat\n * /etc/passwd'` and the policy hook would short-circuit to `allow`\n * (Codex P1 #26 — the prior `() => []` made the hook a no-op for\n * compile_check). Conservative by design:\n \n - Matches `/foo`, `~/foo`, `$HOME/foo`, `${HOME}/foo` followed by\n * non-shell-special chars. Stops at whitespace, quotes, redirect\n * operators, pipes, semicolons.\n * - Strips a leading `--flag=` so `--out=/etc/foo` extracts as\n * `/etc/foo` (the path the agent's actually trying to write).\n * - Misses relative paths (intended — those resolve under cwd\n * anyway), and shell-substituted paths whose final form isn't\n * visible at extract time. Hosts that need bulletproof gating\n * should pair this with a `bash_tool`-level policy.\n /\n// `[\"']?` slots before AND after the captured path cover quoted\n// forms like `cat \"/etc/passwd\"` and `--out='/tmp/x'`. Codex P1 #31\n// — the previous regex only matched unquoted tokens, so a model\n// could trivially bypass the workspace policy by quoting any\n// destination path. The path content character class still excludes\n// quotes/whitespace/shell-specials so we don't over-extract; that's\n// the defensive trade we want for fallback-grep style matching.\n//\n// The `\\.\\.(?:\\/[^…])?` alternation covers parent-traversal forms\n// (`..`, `../secrets.txt`, `../foo/bar`). Without it, a model could\n// exfiltrate parent-directory files via `cat ../secrets` and the\n// hook would short-circuit to `allow` because the extractor saw no\n// \"absolute\" token. The boundary check at the call site resolves\n// non-absolute extracted tokens against `root`, so `../secrets`\n// becomes `<parent-of-workspace>/secrets` which the boundary then\n// correctly flags as outside. Codex P2 #35.\nconst PATH_TOKEN =\n /(?:^\|[\\s=])(?:--[^\\s=]+=)?[\"']?(\\/[^\\s'\"\|;&<>()`]+\|~\\/[^\\s'\"\|;&<>()`]+\|\\$\\{?HOME\\}?\\/[^\\s'\"\|;&<>()`]+\|\\.\\.(?:\\/[^\\s'\"\|;&<>()`])?)[\"']?/g;\n// Back-compat alias kept for any downstream import.\nconst ABSOLUTE_PATH_TOKEN = PATH_TOKEN;\nfunction expandHomeRelative(token: string): string {\n // Expand ~/foo and $HOME/foo and ${HOME}/foo to absolute. The\n // workspace boundary check resolves non-absolute paths against the\n // workspace root, which would silently treat `~/secret` as\n // `<workspace>/~/secret` — exactly the bypass the codex flagged.\n const home = homedir();\n if (token.startsWith('~/')) return `${home}/${token.slice(2)}`;\n if (token.startsWith('${HOME}/')) return `${home}/${token.slice(8)}`;\n if (token.startsWith('$HOME/')) return `${home}/${token.slice(6)}`;\n return token;\n}\nfunction extractCompileCheckPaths(input: Record<string, unknown>): string[] {\n const command = typeof input.command === 'string' ? input.command : '';\n if (command === '') return [];\n const out: string[] = [];\n for (const match of command.matchAll(ABSOLUTE_PATH_TOKEN)) {\n out.push(expandHomeRelative(match[1]));\n }\n return out;\n}\n\nconst DEFAULT_EXTRACTORS: Record<string, PathExtractor> = {\n [Constants.READ_FILE]: (i) =>\n typeof i.file_path === 'string' ? [i.file_path] : [],\n [Constants.WRITE_FILE]: (i) =>\n typeof i.file_path === 'string' ? [i.file_path] : [],\n [Constants.EDIT_FILE]: (i) =>\n typeof i.file_path === 'string' ? [i.file_path] : [],\n [Constants.GREP_SEARCH]: (i) =>\n typeof i.path === 'string' && i.path !== '' ? [i.path] : [],\n [Constants.GLOB_SEARCH]: (i) =>\n typeof i.path === 'string' && i.path !== '' ? [i.path] : [],\n [Constants.LIST_DIRECTORY]: (i) =>\n typeof i.path === 'string' && i.path !== '' ? [i.path] : [],\n [Constants.COMPILE_CHECK]: extractCompileCheckPaths,\n};\n\nfunction isInsideAnyRoot(absolutePath: string, roots: string[]): boolean {\n for (const root of roots) {\n if (absolutePath === root) return true;\n const rel = relative(root, absolutePath);\n if (!rel.startsWith('..') && !isAbsolute(rel)) return true;\n }\n return false;\n}\n\n/\n Symlink-aware variant: realpaths the candidate AND the roots before\n * comparing. Without this, a symlink inside the workspace pointing\n * outside (e.g. `workspace/link → /etc/passwd`) compares as\n * \"in-workspace\" lexically, but actually grants the agent reach\n * outside the boundary. Critical when this hook is the primary gate\n * (i.e. the host opted into `workspace.allowReadOutside: true` /\n * `allowWriteOutside: true` so the file tools' own clamp is off).\n \n Handles paths that don't yet exist (e.g. `write_file` to a brand\n * new path) by walking up to the nearest existing ancestor and\n * realpathing that, then re-attaching the unresolved suffix. Mirrors\n * `resolveWorkspacePathSafe`'s approach in LocalExecutionEngine.\n /\nasync function realpathOrSelf(absolutePath: string): Promise<string> {\n try {\n return await realpath(absolutePath);\n } catch {\n return absolutePath;\n }\n}\n\nasync function realpathOfPathOrAncestor(absolutePath: string): Promise<string> {\n let current = absolutePath;\n let suffix = '';\n // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition\n while (true) {\n try {\n const real = await realpath(current);\n return suffix === '' ? real : resolve(real, suffix);\n } catch {\n const parent = resolve(current, '..');\n if (parent === current) {\n return absolutePath;\n }\n const base = current.slice(parent.length + 1);\n suffix = suffix === '' ? base : `${base}/${suffix}`;\n current = parent;\n }\n }\n}\n\nasync function isInsideAnyRootRealpath(\n absolutePath: string,\n realRoots: readonly string[]\n): Promise<boolean> {\n const real = await realpathOfPathOrAncestor(absolutePath);\n return isInsideAnyRoot(real, [...realRoots]);\n}\n\nfunction formatReason(\n template: string \| undefined,\n toolName: string,\n outsidePaths: readonly string[]\n): string {\n const fallback = `Tool \"${toolName}\" wants to touch ${outsidePaths.length} path(s) outside the workspace: ${outsidePaths.join(', ')}`;\n if (template == null) return fallback;\n return template\n .replace(/\\{tool\\}/g, toolName)\n .replace(/\\{paths\\}/g, outsidePaths.join(', '));\n}\n\n/\n Build a `PreToolUse` callback that enforces the workspace policy.\n * Register it on a `HookRegistry`:\n \n ```ts\n * registry.register('PreToolUse', {\n * hooks: [createWorkspacePolicyHook({ root, outsideWrite: 'ask' })],\n * });\n * ```\n \n The hook is composable with `createToolPolicyHook` — register both;\n * `executeHooks` precedence (`deny > ask > allow`) sorts out which\n * decision wins per call.\n /\nexport function createWorkspacePolicyHook(\n config: WorkspacePolicyConfig\n): HookCallback<'PreToolUse'> {\n const root = resolve(config.root);\n // Relative `additionalRoots` entries are anchored to `root` so a\n // monorepo config like `additionalRoots: ['../shared']` resolves\n // to a sibling of `root`, not of process.cwd. Matches\n // `getWorkspaceRoots` in LocalExecutionEngine.\n const additionalRoots = (config.additionalRoots ?? []).map((p) =>\n isAbsolute(p) ? resolve(p) : resolve(root, p)\n );\n const allRoots = [root, ...additionalRoots];\n\n // Pre-realpath the roots once at construction — these are stable\n // per Run. The candidate paths get realpath'd lazily inside the\n // hook callback. Cached so the per-call cost is just one realpath.\n let realRootsPromise: Promise<string[]> \| undefined;\n const getRealRoots = (): Promise<string[]> => {\n if (realRootsPromise == null) {\n realRootsPromise = Promise.all(allRoots.map(realpathOrSelf));\n }\n return realRootsPromise;\n };\n\n const readPolicy: OutsideAccessPolicy = config.outsideRead ?? 'ask';\n const writePolicy: OutsideAccessPolicy = config.outsideWrite ?? 'ask';\n\n const extractors: Record<string, PathExtractor \| undefined> = {\n ...DEFAULT_EXTRACTORS,\n ...(config.pathExtractors ?? {}),\n };\n\n /* Unknown tools are treated as writes (the stricter policy). */\n const resolvePolicy = (toolName: string): OutsideAccessPolicy => {\n if (WRITE_TOOLS.has(toolName)) {\n return writePolicy;\n }\n if (READ_TOOLS.has(toolName)) {\n return readPolicy;\n }\n return writePolicy;\n };\n\n return async (input: PreToolUseHookInput): Promise<PreToolUseHookOutput> => {\n const extractor = extractors[input.toolName];\n if (extractor == null) return { decision: 'allow' };\n\n const paths = extractor(input.toolInput);\n if (paths.length === 0) return { decision: 'allow' };\n\n // Two-stage check:\n // 1. Lexical fast path — anything that's lexically inside the\n // workspace AND doesn't get redirected by realpath stays\n // allow-able without paying the realpath cost on every call.\n // 2. For paths that look outside lexically OR look inside but\n // may have been routed through a symlink, realpath both the\n // candidate and the roots and compare. This catches the\n // `workspace/link → /etc/passwd` escape that lexical-only\n // checks miss.\n const outside: string[] = [];\n const realRoots = await getRealRoots();\n for (const p of paths) {\n const abs = isAbsolute(p) ? resolve(p) : resolve(root, p);\n // Realpath is the source of truth — it catches both the\n // symlink-escape case (lexically-inside path that resolves\n // outside) and the alternate-mount case (lexically-outside\n // path that resolves back inside the workspace). The lexical\n // check alone gives the wrong answer for either, so we don't\n // bother computing it.\n const realInside = await isInsideAnyRootRealpath(abs, realRoots);\n if (!realInside) {\n outside.push(p);\n }\n }\n if (outside.length === 0) return { decision: 'allow' };\n\n const policy = resolvePolicy(input.toolName);\n if (policy === 'allow') return { decision: 'allow' };\n\n const decision: ToolDecision = policy === 'deny' ? 'deny' : 'ask';\n return {\n decision,\n reason: formatReason(config.reason, input.toolName, outside),\n ...(decision === 'ask'\n ? { allowedDecisions: ['approve', 'reject'] as const }\n : {}),\n };\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgGA,MAAM,aAAa,IAAI,IAAY;;;;;;AAMnC,CAAC;AAED,MAAM,cAAc,IAAI,IAAY,CAAA,cAAA,WAGpC,CAAC;AAuCD,MAAM,sBAAsB;AAC5B,SAAS,mBAAmB,OAAuB;CAKjD,MAAM,OAAO,QAAQ;CACrB,IAAI,MAAM,WAAW,IAAI,GAAG,OAAO,GAAG,KAAK,GAAG,MAAM,MAAM,CAAC;CAC3D,IAAI,MAAM,WAAW,UAAU,GAAG,OAAO,GAAG,KAAK,GAAG,MAAM,MAAM,CAAC;CACjE,IAAI,MAAM,WAAW,QAAQ,GAAG,OAAO,GAAG,KAAK,GAAG,MAAM,MAAM,CAAC;CAC/D,OAAO;AACT;AACA,SAAS,yBAAyB,OAA0C;CAC1E,MAAM,UAAU,OAAO,MAAM,YAAY,WAAW,MAAM,UAAU;CACpE,IAAI,YAAY,IAAI,OAAO,CAAC;CAC5B,MAAM,MAAgB,CAAC;CACvB,KAAK,MAAM,SAAS,QAAQ,SAAS,mBAAmB,GACtD,IAAI,KAAK,mBAAmB,MAAM,EAAE,CAAC;CAEvC,OAAO;AACT;AAEA,MAAM,qBAAoD;iBAChC,MACtB,OAAO,EAAE,cAAc,WAAW,CAAC,EAAE,SAAS,IAAI,CAAC;kBAC5B,MACvB,OAAO,EAAE,cAAc,WAAW,CAAC,EAAE,SAAS,IAAI,CAAC;iBAC7B,MACtB,OAAO,EAAE,cAAc,WAAW,CAAC,EAAE,SAAS,IAAI,CAAC;mBAC3B,MACxB,OAAO,EAAE,SAAS,YAAY,EAAE,SAAS,KAAK,CAAC,EAAE,IAAI,IAAI,CAAC;mBAClC,MACxB,OAAO,EAAE,SAAS,YAAY,EAAE,SAAS,KAAK,CAAC,EAAE,IAAI,IAAI,CAAC;sBAC/B,MAC3B,OAAO,EAAE,SAAS,YAAY,EAAE,SAAS,KAAK,CAAC,EAAE,IAAI,IAAI,CAAC;oBACjC;AAC7B;AAEA,SAAS,gBAAgB,cAAsB,OAA0B;CACvE,KAAK,MAAM,QAAQ,OAAO;EACxB,IAAI,iBAAiB,MAAM,OAAO;EAClC,MAAM,MAAM,SAAS,MAAM,YAAY;EACvC,IAAI,CAAC,IAAI,WAAW,IAAI,KAAK,CAAC,WAAW,GAAG,GAAG,OAAO;CACxD;CACA,OAAO;AACT;;;;;;;;;;;;;;;AAgBA,eAAe,eAAe,cAAuC;CACnE,IAAI;EACF,OAAO,MAAM,SAAS,YAAY;CACpC,QAAQ;EACN,OAAO;CACT;AACF;AAEA,eAAe,yBAAyB,cAAuC;CAC7E,IAAI,UAAU;CACd,IAAI,SAAS;CAEb,OAAO,MACL,IAAI;EACF,MAAM,OAAO,MAAM,SAAS,OAAO;EACnC,OAAO,WAAW,KAAK,OAAO,QAAQ,MAAM,MAAM;CACpD,QAAQ;EACN,MAAM,SAAS,QAAQ,SAAS,IAAI;EACpC,IAAI,WAAW,SACb,OAAO;EAET,MAAM,OAAO,QAAQ,MAAM,OAAO,SAAS,CAAC;EAC5C,SAAS,WAAW,KAAK,OAAO,GAAG,KAAK,GAAG;EAC3C,UAAU;CACZ;AAEJ;AAEA,eAAe,wBACb,cACA,WACkB;CAElB,OAAO,gBAAgB,MADJ,yBAAyB,YAAY,GAC3B,CAAC,GAAG,SAAS,CAAC;AAC7C;AAEA,SAAS,aACP,UACA,UACA,cACQ;CACR,MAAM,WAAW,SAAS,SAAS,mBAAmB,aAAa,OAAO,kCAAkC,aAAa,KAAK,IAAI;CAClI,IAAI,YAAY,MAAM,OAAO;CAC7B,OAAO,SACJ,QAAQ,aAAa,QAAQ,CAAC,CAC9B,QAAQ,cAAc,aAAa,KAAK,IAAI,CAAC;AAClD;;;;;;;;;;;;;;;AAgBA,SAAgB,0BACd,QAC4B;CAC5B,MAAM,OAAO,QAAQ,OAAO,IAAI;CAQhC,MAAM,WAAW,CAAC,MAAM,IAHC,OAAO,mBAAmB,CAAC,EAAA,CAAG,KAAK,MAC1D,WAAW,CAAC,IAAI,QAAQ,CAAC,IAAI,QAAQ,MAAM,CAAC,CAEL,CAAC;CAK1C,IAAI;CACJ,MAAM,qBAAwC;EAC5C,IAAI,oBAAoB,MACtB,mBAAmB,QAAQ,IAAI,SAAS,IAAI,cAAc,CAAC;EAE7D,OAAO;CACT;CAEA,MAAM,aAAkC,OAAO,eAAe;CAC9D,MAAM,cAAmC,OAAO,gBAAgB;CAEhE,MAAM,aAAwD;EAC5D,GAAG;EACH,GAAI,OAAO,kBAAkB,CAAC;CAChC;;CAGA,MAAM,iBAAiB,aAA0C;EAC/D,IAAI,YAAY,IAAI,QAAQ,GAC1B,OAAO;EAET,IAAI,WAAW,IAAI,QAAQ,GACzB,OAAO;EAET,OAAO;CACT;CAEA,OAAO,OAAO,UAA8D;EAC1E,MAAM,YAAY,WAAW,MAAM;EACnC,IAAI,aAAa,MAAM,OAAO,EAAE,UAAU,QAAQ;EAElD,MAAM,QAAQ,UAAU,MAAM,SAAS;EACvC,IAAI,MAAM,WAAW,GAAG,OAAO,EAAE,UAAU,QAAQ;EAWnD,MAAM,UAAoB,CAAC;EAC3B,MAAM,YAAY,MAAM,aAAa;EACrC,KAAK,MAAM,KAAK,OASd,IAAI,CAAC,MADoB,wBAPb,WAAW,CAAC,IAAI,QAAQ,CAAC,IAAI,QAAQ,MAAM,CAAC,GAOF,SAAS,GAE7D,QAAQ,KAAK,CAAC;EAGlB,IAAI,QAAQ,WAAW,GAAG,OAAO,EAAE,UAAU,QAAQ;EAErD,MAAM,SAAS,cAAc,MAAM,QAAQ;EAC3C,IAAI,WAAW,SAAS,OAAO,EAAE,UAAU,QAAQ;EAEnD,MAAM,WAAyB,WAAW,SAAS,SAAS;EAC5D,OAAO;GACL;GACA,QAAQ,aAAa,OAAO,QAAQ,MAAM,UAAU,OAAO;GAC3D,GAAI,aAAa,QACb,EAAE,kBAAkB,CAAC,WAAW,QAAQ,EAAW,IACnD,CAAC;EACP;CACF;AACF"}
1	+ {"version":3,"file":"createWorkspacePolicyHook.mjs","names":[],"sources":["../../../src/hooks/createWorkspacePolicyHook.ts"],"sourcesContent":["/*\n Workspace boundary policy as a `PreToolUse` hook.\n \n Local-engine file tools enforce a hard workspace boundary at the\n * tool implementation layer (`resolveWorkspacePathSafe`). This hook\n * adds a complementary, host-controlled layer on top that uses the\n * standard PreToolUse / HITL machinery to negotiate access to\n * paths outside the workspace — instead of just throwing.\n \n The host opts in by registering this hook on a `HookRegistry`; the\n * hook inspects each tool call's input, extracts the file paths it\n * mentions via per-tool extractors, and returns:\n \n - `allow` — every path is inside `workspace.root`\n * (or `additionalRoots`)\n * - `deny` — at least one path is outside, and the\n * configured outside-policy is `'deny'`\n * - `ask` — at least one path is outside, and the\n * outside-policy is `'ask'` (default).\n * When `humanInTheLoop.enabled` is true,\n * the existing PreToolUse `'ask'` flow\n * raises a tool_approval interrupt the\n * host UI can render. When HITL is off,\n * `'ask'` collapses to `deny` (matches\n * the rest of the SDK's default).\n \n Default per-tool path extractors cover the local-engine coding\n * suite (`read_file`, `write_file`, `edit_file`, `grep_search`,\n * `glob_search`, `list_directory`, `compile_check`). The host can\n * override or extend via `pathExtractors`. Bash/code paths are not\n * extracted by default — bash command parsing is its own concern, and\n * the existing `bashAst` validator + sandbox-runtime fs allowlist are\n * the right gates for those.\n \n Important: this hook does NOT replace `resolveWorkspacePathSafe`.\n * Even if the hook returns `allow`, the file tool still enforces its\n * own clamp unless `workspace.allowReadOutside` /\n * `workspace.allowWriteOutside` (or the legacy\n * `allowOutsideWorkspace`) is set. The recommended composition for\n * \"ask the user\" semantics is:\n \n workspace: {\n * root,\n * allowReadOutside: true,\n * allowWriteOutside: true,\n * },\n * // …with the hook installed and humanInTheLoop.enabled = true.\n /\n\nimport { homedir } from 'os';\nimport { realpath } from 'fs/promises';\nimport { isAbsolute, relative, resolve } from 'path';\nimport type {\n HookCallback,\n PreToolUseHookInput,\n PreToolUseHookOutput,\n ToolDecision,\n} from './types';\nimport { Constants } from '@/common';\n\n/\n What to do when a tool call references a path outside the workspace.\n \n - `'ask'` : default. Raise a PreToolUse `ask` (host UI prompts\n * via the HITL interrupt path).\n * - `'allow'` : let the call through (use the existing tool clamp\n * to actually enforce — the hook is purely advisory).\n * - `'deny'` : block the call with an error ToolMessage.\n /\nexport type OutsideAccessPolicy = 'ask' \| 'allow' \| 'deny';\n\nexport interface WorkspacePolicyConfig {\n /* Canonical workspace root. Required. /\n root: string;\n /* Sibling roots that count as inside-workspace. /\n additionalRoots?: readonly string[];\n /* Policy applied to read-only file tools. Defaults to `'ask'`. /\n outsideRead?: OutsideAccessPolicy;\n /* Policy applied to write-shaped file tools. Defaults to `'ask'`. /\n outsideWrite?: OutsideAccessPolicy;\n /\n Optional reason template surfaced in the `ask`/`deny` decision.\n * Supports `{tool}` and `{paths}` substitution.\n /\n reason?: string;\n /\n Per-tool path extractors. Defaults cover the local-engine coding\n * suite. Returning an empty array opts that tool out of policy.\n /\n pathExtractors?: Record<string, PathExtractor>;\n}\n\nexport type PathExtractor = (\n toolInput: Record<string, unknown>\n) => readonly string[];\n\nconst READ_TOOLS = new Set<string>([\n Constants.READ_FILE,\n Constants.GREP_SEARCH,\n Constants.GLOB_SEARCH,\n Constants.LIST_DIRECTORY,\n Constants.COMPILE_CHECK,\n]);\n\nconst WRITE_TOOLS = new Set<string>([\n Constants.WRITE_FILE,\n Constants.EDIT_FILE,\n]);\n\n/\n Best-effort extractor for `compile_check` — pulls absolute and `~/`\n * path tokens out of the `command` string so the workspace boundary\n * sees them. Without this, a model could ship `command: 'cat\n * /etc/passwd'` and the policy hook would short-circuit to `allow`\n * (Codex P1 #26 — the prior `() => []` made the hook a no-op for\n * compile_check). Conservative by design:\n \n - Matches `/foo`, `~/foo`, `$HOME/foo`, `${HOME}/foo` followed by\n * non-shell-special chars. Stops at whitespace, quotes, redirect\n * operators, pipes, semicolons.\n * - Strips a leading `--flag=` so `--out=/etc/foo` extracts as\n * `/etc/foo` (the path the agent's actually trying to write).\n * - Misses relative paths (intended — those resolve under cwd\n * anyway), and shell-substituted paths whose final form isn't\n * visible at extract time. Hosts that need bulletproof gating\n * should pair this with a `bash_tool`-level policy.\n /\n// `[\"']?` slots before AND after the captured path cover quoted\n// forms like `cat \"/etc/passwd\"` and `--out='/tmp/x'`. Codex P1 #31\n// — the previous regex only matched unquoted tokens, so a model\n// could trivially bypass the workspace policy by quoting any\n// destination path. The path content character class still excludes\n// quotes/whitespace/shell-specials so we don't over-extract; that's\n// the defensive trade we want for fallback-grep style matching.\n//\n// The `\\.\\.(?:\\/[^…])?` alternation covers parent-traversal forms\n// (`..`, `../secrets.txt`, `../foo/bar`). Without it, a model could\n// exfiltrate parent-directory files via `cat ../secrets` and the\n// hook would short-circuit to `allow` because the extractor saw no\n// \"absolute\" token. The boundary check at the call site resolves\n// non-absolute extracted tokens against `root`, so `../secrets`\n// becomes `<parent-of-workspace>/secrets` which the boundary then\n// correctly flags as outside. Codex P2 #35.\nconst PATH_TOKEN =\n /(?:^\|[\\s=])(?:--[^\\s=]+=)?[\"']?(\\/[^\\s'\"\|;&<>()`]+\|~\\/[^\\s'\"\|;&<>()`]+\|\\$\\{?HOME\\}?\\/[^\\s'\"\|;&<>()`]+\|\\.\\.(?:\\/[^\\s'\"\|;&<>()`])?)[\"']?/g;\n// Back-compat alias kept for any downstream import.\nconst ABSOLUTE_PATH_TOKEN = PATH_TOKEN;\nfunction expandHomeRelative(token: string): string {\n // Expand ~/foo and $HOME/foo and ${HOME}/foo to absolute. The\n // workspace boundary check resolves non-absolute paths against the\n // workspace root, which would silently treat `~/secret` as\n // `<workspace>/~/secret` — exactly the bypass the codex flagged.\n const home = homedir();\n if (token.startsWith('~/')) return `${home}/${token.slice(2)}`;\n if (token.startsWith('${HOME}/')) return `${home}/${token.slice(8)}`;\n if (token.startsWith('$HOME/')) return `${home}/${token.slice(6)}`;\n return token;\n}\nfunction extractCompileCheckPaths(input: Record<string, unknown>): string[] {\n const command = typeof input.command === 'string' ? input.command : '';\n if (command === '') return [];\n const out: string[] = [];\n for (const match of command.matchAll(ABSOLUTE_PATH_TOKEN)) {\n out.push(expandHomeRelative(match[1]));\n }\n return out;\n}\n\n// All built-in coding tools take their file/dir target in `path`.\nconst extractPath: PathExtractor = (i) =>\n typeof i.path === 'string' && i.path !== '' ? [i.path] : [];\n\nconst DEFAULT_EXTRACTORS: Record<string, PathExtractor> = {\n [Constants.READ_FILE]: extractPath,\n [Constants.WRITE_FILE]: extractPath,\n [Constants.EDIT_FILE]: extractPath,\n [Constants.GREP_SEARCH]: (i) =>\n typeof i.path === 'string' && i.path !== '' ? [i.path] : [],\n [Constants.GLOB_SEARCH]: (i) =>\n typeof i.path === 'string' && i.path !== '' ? [i.path] : [],\n [Constants.LIST_DIRECTORY]: (i) =>\n typeof i.path === 'string' && i.path !== '' ? [i.path] : [],\n [Constants.COMPILE_CHECK]: extractCompileCheckPaths,\n};\n\nfunction isInsideAnyRoot(absolutePath: string, roots: string[]): boolean {\n for (const root of roots) {\n if (absolutePath === root) return true;\n const rel = relative(root, absolutePath);\n if (!rel.startsWith('..') && !isAbsolute(rel)) return true;\n }\n return false;\n}\n\n/\n Symlink-aware variant: realpaths the candidate AND the roots before\n * comparing. Without this, a symlink inside the workspace pointing\n * outside (e.g. `workspace/link → /etc/passwd`) compares as\n * \"in-workspace\" lexically, but actually grants the agent reach\n * outside the boundary. Critical when this hook is the primary gate\n * (i.e. the host opted into `workspace.allowReadOutside: true` /\n * `allowWriteOutside: true` so the file tools' own clamp is off).\n \n Handles paths that don't yet exist (e.g. `write_file` to a brand\n * new path) by walking up to the nearest existing ancestor and\n * realpathing that, then re-attaching the unresolved suffix. Mirrors\n * `resolveWorkspacePathSafe`'s approach in LocalExecutionEngine.\n /\nasync function realpathOrSelf(absolutePath: string): Promise<string> {\n try {\n return await realpath(absolutePath);\n } catch {\n return absolutePath;\n }\n}\n\nasync function realpathOfPathOrAncestor(absolutePath: string): Promise<string> {\n let current = absolutePath;\n let suffix = '';\n // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition\n while (true) {\n try {\n const real = await realpath(current);\n return suffix === '' ? real : resolve(real, suffix);\n } catch {\n const parent = resolve(current, '..');\n if (parent === current) {\n return absolutePath;\n }\n const base = current.slice(parent.length + 1);\n suffix = suffix === '' ? base : `${base}/${suffix}`;\n current = parent;\n }\n }\n}\n\nasync function isInsideAnyRootRealpath(\n absolutePath: string,\n realRoots: readonly string[]\n): Promise<boolean> {\n const real = await realpathOfPathOrAncestor(absolutePath);\n return isInsideAnyRoot(real, [...realRoots]);\n}\n\nfunction formatReason(\n template: string \| undefined,\n toolName: string,\n outsidePaths: readonly string[]\n): string {\n const fallback = `Tool \"${toolName}\" wants to touch ${outsidePaths.length} path(s) outside the workspace: ${outsidePaths.join(', ')}`;\n if (template == null) return fallback;\n return template\n .replace(/\\{tool\\}/g, toolName)\n .replace(/\\{paths\\}/g, outsidePaths.join(', '));\n}\n\n/\n Build a `PreToolUse` callback that enforces the workspace policy.\n * Register it on a `HookRegistry`:\n \n ```ts\n * registry.register('PreToolUse', {\n * hooks: [createWorkspacePolicyHook({ root, outsideWrite: 'ask' })],\n * });\n * ```\n \n The hook is composable with `createToolPolicyHook` — register both;\n * `executeHooks` precedence (`deny > ask > allow`) sorts out which\n * decision wins per call.\n /\nexport function createWorkspacePolicyHook(\n config: WorkspacePolicyConfig\n): HookCallback<'PreToolUse'> {\n const root = resolve(config.root);\n // Relative `additionalRoots` entries are anchored to `root` so a\n // monorepo config like `additionalRoots: ['../shared']` resolves\n // to a sibling of `root`, not of process.cwd. Matches\n // `getWorkspaceRoots` in LocalExecutionEngine.\n const additionalRoots = (config.additionalRoots ?? []).map((p) =>\n isAbsolute(p) ? resolve(p) : resolve(root, p)\n );\n const allRoots = [root, ...additionalRoots];\n\n // Pre-realpath the roots once at construction — these are stable\n // per Run. The candidate paths get realpath'd lazily inside the\n // hook callback. Cached so the per-call cost is just one realpath.\n let realRootsPromise: Promise<string[]> \| undefined;\n const getRealRoots = (): Promise<string[]> => {\n if (realRootsPromise == null) {\n realRootsPromise = Promise.all(allRoots.map(realpathOrSelf));\n }\n return realRootsPromise;\n };\n\n const readPolicy: OutsideAccessPolicy = config.outsideRead ?? 'ask';\n const writePolicy: OutsideAccessPolicy = config.outsideWrite ?? 'ask';\n\n const extractors: Record<string, PathExtractor \| undefined> = {\n ...DEFAULT_EXTRACTORS,\n ...(config.pathExtractors ?? {}),\n };\n\n /* Unknown tools are treated as writes (the stricter policy). */\n const resolvePolicy = (toolName: string): OutsideAccessPolicy => {\n if (WRITE_TOOLS.has(toolName)) {\n return writePolicy;\n }\n if (READ_TOOLS.has(toolName)) {\n return readPolicy;\n }\n return writePolicy;\n };\n\n return async (input: PreToolUseHookInput): Promise<PreToolUseHookOutput> => {\n const extractor = extractors[input.toolName];\n if (extractor == null) return { decision: 'allow' };\n\n const paths = extractor(input.toolInput);\n if (paths.length === 0) return { decision: 'allow' };\n\n // Two-stage check:\n // 1. Lexical fast path — anything that's lexically inside the\n // workspace AND doesn't get redirected by realpath stays\n // allow-able without paying the realpath cost on every call.\n // 2. For paths that look outside lexically OR look inside but\n // may have been routed through a symlink, realpath both the\n // candidate and the roots and compare. This catches the\n // `workspace/link → /etc/passwd` escape that lexical-only\n // checks miss.\n const outside: string[] = [];\n const realRoots = await getRealRoots();\n for (const p of paths) {\n const abs = isAbsolute(p) ? resolve(p) : resolve(root, p);\n // Realpath is the source of truth — it catches both the\n // symlink-escape case (lexically-inside path that resolves\n // outside) and the alternate-mount case (lexically-outside\n // path that resolves back inside the workspace). The lexical\n // check alone gives the wrong answer for either, so we don't\n // bother computing it.\n const realInside = await isInsideAnyRootRealpath(abs, realRoots);\n if (!realInside) {\n outside.push(p);\n }\n }\n if (outside.length === 0) return { decision: 'allow' };\n\n const policy = resolvePolicy(input.toolName);\n if (policy === 'allow') return { decision: 'allow' };\n\n const decision: ToolDecision = policy === 'deny' ? 'deny' : 'ask';\n return {\n decision,\n reason: formatReason(config.reason, input.toolName, outside),\n ...(decision === 'ask'\n ? { allowedDecisions: ['approve', 'reject'] as const }\n : {}),\n };\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgGA,MAAM,aAAa,IAAI,IAAY;;;;;;AAMnC,CAAC;AAED,MAAM,cAAc,IAAI,IAAY,CAAA,cAAA,WAGpC,CAAC;AAuCD,MAAM,sBAAsB;AAC5B,SAAS,mBAAmB,OAAuB;CAKjD,MAAM,OAAO,QAAQ;CACrB,IAAI,MAAM,WAAW,IAAI,GAAG,OAAO,GAAG,KAAK,GAAG,MAAM,MAAM,CAAC;CAC3D,IAAI,MAAM,WAAW,UAAU,GAAG,OAAO,GAAG,KAAK,GAAG,MAAM,MAAM,CAAC;CACjE,IAAI,MAAM,WAAW,QAAQ,GAAG,OAAO,GAAG,KAAK,GAAG,MAAM,MAAM,CAAC;CAC/D,OAAO;AACT;AACA,SAAS,yBAAyB,OAA0C;CAC1E,MAAM,UAAU,OAAO,MAAM,YAAY,WAAW,MAAM,UAAU;CACpE,IAAI,YAAY,IAAI,OAAO,CAAC;CAC5B,MAAM,MAAgB,CAAC;CACvB,KAAK,MAAM,SAAS,QAAQ,SAAS,mBAAmB,GACtD,IAAI,KAAK,mBAAmB,MAAM,EAAE,CAAC;CAEvC,OAAO;AACT;AAGA,MAAM,eAA8B,MAClC,OAAO,EAAE,SAAS,YAAY,EAAE,SAAS,KAAK,CAAC,EAAE,IAAI,IAAI,CAAC;AAE5D,MAAM,qBAAoD;gBACjC;iBACC;gBACD;mBACG,MACxB,OAAO,EAAE,SAAS,YAAY,EAAE,SAAS,KAAK,CAAC,EAAE,IAAI,IAAI,CAAC;mBAClC,MACxB,OAAO,EAAE,SAAS,YAAY,EAAE,SAAS,KAAK,CAAC,EAAE,IAAI,IAAI,CAAC;sBAC/B,MAC3B,OAAO,EAAE,SAAS,YAAY,EAAE,SAAS,KAAK,CAAC,EAAE,IAAI,IAAI,CAAC;oBACjC;AAC7B;AAEA,SAAS,gBAAgB,cAAsB,OAA0B;CACvE,KAAK,MAAM,QAAQ,OAAO;EACxB,IAAI,iBAAiB,MAAM,OAAO;EAClC,MAAM,MAAM,SAAS,MAAM,YAAY;EACvC,IAAI,CAAC,IAAI,WAAW,IAAI,KAAK,CAAC,WAAW,GAAG,GAAG,OAAO;CACxD;CACA,OAAO;AACT;;;;;;;;;;;;;;;AAgBA,eAAe,eAAe,cAAuC;CACnE,IAAI;EACF,OAAO,MAAM,SAAS,YAAY;CACpC,QAAQ;EACN,OAAO;CACT;AACF;AAEA,eAAe,yBAAyB,cAAuC;CAC7E,IAAI,UAAU;CACd,IAAI,SAAS;CAEb,OAAO,MACL,IAAI;EACF,MAAM,OAAO,MAAM,SAAS,OAAO;EACnC,OAAO,WAAW,KAAK,OAAO,QAAQ,MAAM,MAAM;CACpD,QAAQ;EACN,MAAM,SAAS,QAAQ,SAAS,IAAI;EACpC,IAAI,WAAW,SACb,OAAO;EAET,MAAM,OAAO,QAAQ,MAAM,OAAO,SAAS,CAAC;EAC5C,SAAS,WAAW,KAAK,OAAO,GAAG,KAAK,GAAG;EAC3C,UAAU;CACZ;AAEJ;AAEA,eAAe,wBACb,cACA,WACkB;CAElB,OAAO,gBAAgB,MADJ,yBAAyB,YAAY,GAC3B,CAAC,GAAG,SAAS,CAAC;AAC7C;AAEA,SAAS,aACP,UACA,UACA,cACQ;CACR,MAAM,WAAW,SAAS,SAAS,mBAAmB,aAAa,OAAO,kCAAkC,aAAa,KAAK,IAAI;CAClI,IAAI,YAAY,MAAM,OAAO;CAC7B,OAAO,SACJ,QAAQ,aAAa,QAAQ,CAAC,CAC9B,QAAQ,cAAc,aAAa,KAAK,IAAI,CAAC;AAClD;;;;;;;;;;;;;;;AAgBA,SAAgB,0BACd,QAC4B;CAC5B,MAAM,OAAO,QAAQ,OAAO,IAAI;CAQhC,MAAM,WAAW,CAAC,MAAM,IAHC,OAAO,mBAAmB,CAAC,EAAA,CAAG,KAAK,MAC1D,WAAW,CAAC,IAAI,QAAQ,CAAC,IAAI,QAAQ,MAAM,CAAC,CAEL,CAAC;CAK1C,IAAI;CACJ,MAAM,qBAAwC;EAC5C,IAAI,oBAAoB,MACtB,mBAAmB,QAAQ,IAAI,SAAS,IAAI,cAAc,CAAC;EAE7D,OAAO;CACT;CAEA,MAAM,aAAkC,OAAO,eAAe;CAC9D,MAAM,cAAmC,OAAO,gBAAgB;CAEhE,MAAM,aAAwD;EAC5D,GAAG;EACH,GAAI,OAAO,kBAAkB,CAAC;CAChC;;CAGA,MAAM,iBAAiB,aAA0C;EAC/D,IAAI,YAAY,IAAI,QAAQ,GAC1B,OAAO;EAET,IAAI,WAAW,IAAI,QAAQ,GACzB,OAAO;EAET,OAAO;CACT;CAEA,OAAO,OAAO,UAA8D;EAC1E,MAAM,YAAY,WAAW,MAAM;EACnC,IAAI,aAAa,MAAM,OAAO,EAAE,UAAU,QAAQ;EAElD,MAAM,QAAQ,UAAU,MAAM,SAAS;EACvC,IAAI,MAAM,WAAW,GAAG,OAAO,EAAE,UAAU,QAAQ;EAWnD,MAAM,UAAoB,CAAC;EAC3B,MAAM,YAAY,MAAM,aAAa;EACrC,KAAK,MAAM,KAAK,OASd,IAAI,CAAC,MADoB,wBAPb,WAAW,CAAC,IAAI,QAAQ,CAAC,IAAI,QAAQ,MAAM,CAAC,GAOF,SAAS,GAE7D,QAAQ,KAAK,CAAC;EAGlB,IAAI,QAAQ,WAAW,GAAG,OAAO,EAAE,UAAU,QAAQ;EAErD,MAAM,SAAS,cAAc,MAAM,QAAQ;EAC3C,IAAI,WAAW,SAAS,OAAO,EAAE,UAAU,QAAQ;EAEnD,MAAM,WAAyB,WAAW,SAAS,SAAS;EAC5D,OAAO;GACL;GACA,QAAQ,aAAa,OAAO,QAAQ,MAAM,UAAU,OAAO;GAC3D,GAAI,aAAa,QACb,EAAE,kBAAkB,CAAC,WAAW,QAAQ,EAAW,IACnD,CAAC;EACP;CACF;AACF"}

package/dist/esm/tools/ReadFile.mjs CHANGED Viewed

@@ -19,11 +19,11 @@ CONSTRAINTS:
 - Do not guess file paths. Use paths from the skill documentation or tool output.`;
 const ReadFileToolSchema = {
 	type: "object",
-	properties: { file_path: {
+	properties: { path: {
 		type: "string",
 		description: "Path to the file. For skill files: \"{skillName}/{path}\" (e.g. \"pdf-analyzer/src/utils.py\"). For code execution output: the path as returned by the execution tool."
 	} },
-	required: ["file_path"]
+	required: ["path"]
 };
 const ReadFileToolDefinition = {
 	name: ReadFileToolName,

package/dist/esm/tools/ReadFile.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"ReadFile.mjs","names":[],"sources":["../../../src/tools/ReadFile.ts"],"sourcesContent":["// src/tools/ReadFile.ts\nimport { Constants } from '@/common';\n\nexport const ReadFileToolName = Constants.READ_FILE;\n\nexport const ReadFileToolDescription = `Read the contents of a file. Returns text content with line numbers for easy reference.\n\nFor skill files, use the path format: {skillName}/{filePath} (e.g. \"pdf-analyzer/src/utils.py\", \"code-review/SKILL.md\").\n\nBEHAVIOR:\n- Text files: returned with numbered lines.\n- Images (png, jpeg, gif, webp): returned as visual content the model can see.\n- PDFs: returned as document content.\n- Other binary files: metadata returned with a note to use bash for processing.\n- Large files (>256KB text, >10MB binary): metadata only.\n- SKILL.md: returns the skill's instructions directly.\n\nCONSTRAINTS:\n- Only files from invoked skills or code execution output are accessible.\n- Do not guess file paths. Use paths from the skill documentation or tool output.`;\n\nexport const ReadFileToolSchema = {\n type: 'object',\n properties: {\n ~~file_path~~: {\n type: 'string',\n description:\n 'Path to the file. For skill files: \"{skillName}/{path}\" (e.g. \"pdf-analyzer/src/utils.py\"). For code execution output: the path as returned by the execution tool.',\n },\n },\n required: ['~~file_path~~'],\n} as const;\n\nexport const ReadFileToolDefinition = {\n name: ReadFileToolName,\n description: ReadFileToolDescription,\n parameters: ReadFileToolSchema,\n responseFormat: 'content_and_artifact' as const,\n} as const;\n"],"mappings":";;;AAGA,MAAa,mBAAA;AAEb,MAAa,0BAA0B;;;;;;;;;;;;;;;AAgBvC,MAAa,qBAAqB;CAChC,MAAM;CACN,YAAY,EACV,~~WAAW~~;~~EACT~~,MAAM;EACN,aACE;CACJ,EACF;CACA,UAAU,CAAC,~~WAAW~~;~~AACxB~~;AAEA,MAAa,yBAAyB;CACpC,MAAM;CACN,aAAa;CACb,YAAY;CACZ,gBAAgB;AAClB"}
1	+ {"version":3,"file":"ReadFile.mjs","names":[],"sources":["../../../src/tools/ReadFile.ts"],"sourcesContent":["// src/tools/ReadFile.ts\nimport { Constants } from '@/common';\n\nexport const ReadFileToolName = Constants.READ_FILE;\n\nexport const ReadFileToolDescription = `Read the contents of a file. Returns text content with line numbers for easy reference.\n\nFor skill files, use the path format: {skillName}/{filePath} (e.g. \"pdf-analyzer/src/utils.py\", \"code-review/SKILL.md\").\n\nBEHAVIOR:\n- Text files: returned with numbered lines.\n- Images (png, jpeg, gif, webp): returned as visual content the model can see.\n- PDFs: returned as document content.\n- Other binary files: metadata returned with a note to use bash for processing.\n- Large files (>256KB text, >10MB binary): metadata only.\n- SKILL.md: returns the skill's instructions directly.\n\nCONSTRAINTS:\n- Only files from invoked skills or code execution output are accessible.\n- Do not guess file paths. Use paths from the skill documentation or tool output.`;\n\nexport const ReadFileToolSchema = {\n type: 'object',\n properties: {\n path: {\n type: 'string',\n description:\n 'Path to the file. For skill files: \"{skillName}/{path}\" (e.g. \"pdf-analyzer/src/utils.py\"). For code execution output: the path as returned by the execution tool.',\n },\n },\n required: ['path'],\n} as const;\n\nexport const ReadFileToolDefinition = {\n name: ReadFileToolName,\n description: ReadFileToolDescription,\n parameters: ReadFileToolSchema,\n responseFormat: 'content_and_artifact' as const,\n} as const;\n"],"mappings":";;;AAGA,MAAa,mBAAA;AAEb,MAAa,0BAA0B;;;;;;;;;;;;;;;AAgBvC,MAAa,qBAAqB;CAChC,MAAM;CACN,YAAY,EACV,MAAM;EACJ,MAAM;EACN,aACE;CACJ,EACF;CACA,UAAU,CAAC,MAAM;AACnB;AAEA,MAAa,yBAAyB;CACpC,MAAM;CACN,aAAa;CACb,YAAY;CACZ,gBAAgB;AAClB"}

package/dist/esm/tools/cloudflare/CloudflareProgrammaticToolCalling.mjs CHANGED Viewed

@@ -360,30 +360,30 @@ async def execute_code(lang, code, args=None):
     finally:
         shutil.rmtree(temp_dir, ignore_errors=True)
-async def read_file(file_path, offset=None, limit=None):
-    resolved = _resolve(file_path)
+async def read_file(path, offset=None, limit=None):
+    resolved = _resolve(path)
     with open(resolved, encoding="utf-8") as handle:
         return _line_window(handle.read(), offset, limit)
-async def write_file(file_path, content):
+async def write_file(path, content):
     _assert_writable("write_file")
-    resolved = _resolve(file_path)
+    resolved = _resolve(path)
     os.makedirs(os.path.dirname(resolved), exist_ok=True)
     existed = os.path.exists(resolved)
     with open(resolved, "w", encoding="utf-8") as handle:
         handle.write(content)
     return f"{'Overwrote' if existed else 'Created'} {resolved} ({len(content)} chars)."
-async def edit_file(file_path, old_text=None, new_text=None, edits=None):
+async def edit_file(path, old_text=None, new_text=None, edits=None):
     _assert_writable("edit_file")
-    resolved = _resolve(file_path)
+    resolved = _resolve(path)
     edits = edits or [{"old_text": old_text, "new_text": new_text}]
     content = open(resolved, encoding="utf-8").read()
     for edit in edits:
         old = edit.get("old_text") or ""
         new = edit.get("new_text") or ""
         if content.count(old) != 1:
-            raise ValueError(f"Could not locate old_text exactly once in {file_path}")
+            raise ValueError(f"Could not locate old_text exactly once in {path}")
         content = content.replace(old, new, 1)
     open(resolved, "w", encoding="utf-8").write(content)
     return f"Applied {len(edits)} edit(s) to {resolved}."
@@ -759,13 +759,13 @@ async function execute_code(payload) {
 }
 async function read_file(payload) {
-  const resolved = resolvePath(payload.file_path);
+  const resolved = resolvePath(payload.path);
   return lineWindow(await fsp.readFile(resolved, "utf8"), payload.offset, payload.limit);
 }
 async function write_file(payload) {
   assertWritable("write_file");
-  const resolved = resolvePath(payload.file_path);
+  const resolved = resolvePath(payload.path);
   await fsp.mkdir(path.dirname(resolved), { recursive: true });
   const existed = fs.existsSync(resolved);
   await fsp.writeFile(resolved, payload.content, "utf8");
@@ -774,14 +774,14 @@ async function write_file(payload) {
 async function edit_file(payload) {
   assertWritable("edit_file");
-  const resolved = resolvePath(payload.file_path);
+  const resolved = resolvePath(payload.path);
   const edits = payload.edits || [{ old_text: payload.old_text, new_text: payload.new_text }];
   let content = await fsp.readFile(resolved, "utf8");
   for (const edit of edits) {
     const oldText = edit.old_text || "";
     const newText = edit.new_text || "";
     if (oldText === "" || content.split(oldText).length - 1 !== 1) {
-      throw new Error("Could not locate old_text exactly once in " + payload.file_path);
+      throw new Error("Could not locate old_text exactly once in " + payload.path);
     }
     content = content.replace(oldText, newText);
   }