@llmtune/cli 0.1.8 → 0.2.0

package/dist/tools/protocol.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"protocol.js","sourceRoot":"","sources":["../../src/tools/protocol.ts"],"names":[],"mappings":""}

package/dist/tools/registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../src/tools/registry.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAGzE,YAAY,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,CAAA;AAEvD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACpC,UAAU,CAAC,EAAE,OAAO,CAAA;IACpB,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,GAAG,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,WAAW,KAAK,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAA;CAC5F;AAmBD,wBAAgB,UAAU,CAAC,GAAG,EAAE,cAAc,GAAG,IAAI,CAEpD;AAED,qBAAa,YAAY;IACvB,OAAO,CAAC,KAAK,CAA+B;IAE5C,QAAQ,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI;IAS1B,SAAS,IAAI,QAAQ,EAAE;IAIvB,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS;IAInC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,WAAW,GAAG,UAAU;IAqB9E,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;CAgBzG"}

package/dist/tools/registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/tools/registry.ts"],"names":[],"mappings":";;;AA+BA,gCAEC;AAhCD,6CAAiD;AAajD,MAAM,YAAY;IACR,GAAG,CAAgB;IAC3B,YAAY,GAAmB,IAAI,IAAI,CAAC,GAAG,GAAG,GAAG,CAAA,CAAC,CAAC;IACnD,IAAI;QACF,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI;YACnB,WAAW,EAAE,IAAI,CAAC,GAAG,CAAC,WAAW;YACjC,WAAW,EAAE,IAAI,CAAC,GAAG,CAAC,WAAW;YACjC,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,UAAU;YAC/B,aAAa,EAAE,IAAI,CAAC,GAAG,CAAC,aAAa;SACtC,CAAA;IACH,CAAC;IACD,GAAG,CAAC,KAA8B,EAAE,GAAgB;QAClD,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;IACjC,CAAC;CACF;AAED,SAAgB,UAAU,CAAC,GAAmB;IAC5C,OAAO,IAAI,YAAY,CAAC,GAAG,CAAC,CAAA;AAC9B,CAAC;AAED,MAAa,YAAY;IACf,KAAK,GAAsB,IAAI,GAAG,EAAE,CAAA;IAE5C,QAAQ,CAAC,IAAU;QACjB,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAA;QACxB,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAA;QACnC,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,wBAAwB,IAAI,CAAC,IAAI,EAAE,CAAC,CAAA;QACtD,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;IAC3B,CAAC;IAED,SAAS;QACP,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAA;IAC7D,CAAC;IAED,GAAG,CAAC,IAAY;QACd,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAA;IAC3C,CAAC;IAED,QAAQ,CAAC,IAAY,EAAE,KAA8B,EAAE,GAAgB;QACrE,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;QAC3B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,iBAAiB,IAAI,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;QAC5E,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAA;QACxB,IAAI,CAAC;YACH,IAAA,+BAAkB,EAAC,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,CAAA;QAC7C,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YAC5D,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;QACnE,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;QACnC,IAAI,MAAM,YAAY,OAAO,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAA;QAC3F,CAAC;QACD,OAAO,MAAM,CAAA;IACf,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,IAAY,EAAE,KAA8B,EAAE,GAAgB;QAChF,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;QAC3B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,iBAAiB,IAAI,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;QAC5E,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAA;QACxB,IAAI,CAAC;YACH,IAAA,+BAAkB,EAAC,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,CAAA;QAC7C,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YAC5D,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;QACnE,CAAC;QAED,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;IAC7B,CAAC;CACF;AAzDD,oCAyDC"}

package/dist/tools/sandbox/docker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../../src/tools/sandbox/docker.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAS7C,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAA;IAChB,KAAK,EAAE,MAAM,CAAA;IACb,SAAS,EAAE,MAAM,CAAA;IACjB,aAAa,EAAE,MAAM,EAAE,CAAA;IACvB,WAAW,EAAE,MAAM,CAAA;CACpB;AAED,eAAO,MAAM,sBAAsB,EAAE,aAMpC,CAAA;AAID,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,OAAO,CAAC,aAAa,CAAC,GAAG,IAAI,CAErE;AAED,wBAAgB,gBAAgB,IAAI,OAAO,CAE1C;AAED,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,OAAO,CAAC,CAS1D;AAED,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,OAAO,CAAC,CAgB3D;AAED,wBAAsB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAgFpF;AAED,wBAAsB,kBAAkB,CACtC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,UAAU,CAAC,CAyDrB"}

package/dist/tools/sandbox/docker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"docker.js","sourceRoot":"","sources":["../../../src/tools/sandbox/docker.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqCA,4CAEC;AAED,4CAEC;AAED,8CASC;AAED,gDAgBC;AAED,oCAgFC;AAED,gDA6DC;AAzND;;;;GAIG;AACH,iDAAwC;AACxC,+BAAgC;AAChC,2CAA4B;AAC5B,uCAAwB;AACxB,uCAAwB;AAGxB,MAAM,aAAa,GAAG,IAAA,gBAAS,EAAC,wBAAQ,CAAC,CAAA;AAEzC,MAAM,aAAa,GAAG,wBAAwB,CAAA;AAC9C,MAAM,eAAe,GAAG,YAAY,CAAA;AACpC,MAAM,oBAAoB,GAAG,MAAM,CAAA;AACnC,MAAM,gBAAgB,GAAG,OAAO,CAAA;AAUnB,QAAA,sBAAsB,GAAkB;IACnD,OAAO,EAAE,KAAK;IACd,KAAK,EAAE,aAAa;IACpB,SAAS,EAAE,oBAAoB;IAC/B,aAAa,EAAE,EAAE;IACjB,WAAW,EAAE,GAAG;CACjB,CAAA;AAED,IAAI,aAAa,GAAkB,EAAE,GAAG,8BAAsB,EAAE,CAAA;AAEhE,SAAgB,gBAAgB,CAAC,MAA8B;IAC7D,aAAa,GAAG,EAAE,GAAG,aAAa,EAAE,GAAG,MAAM,EAAE,CAAA;AACjD,CAAC;AAED,SAAgB,gBAAgB;IAC9B,OAAO,aAAa,CAAC,OAAO,CAAA;AAC9B,CAAC;AAEM,KAAK,UAAU,iBAAiB;IACrC,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,CAAC,WAAW,CAAC,EAAE;YAC9D,OAAO,EAAE,IAAI;SACd,CAAC,CAAA;QACF,OAAO,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,kBAAkB;IACtC,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,IAAI,EAAE,aAAa,CAAC,KAAK,CAAC,EAAE;YACtF,OAAO,EAAE,KAAK;SACf,CAAC,CAAA;QACF,IAAI,MAAM,CAAC,IAAI,EAAE;YAAE,OAAO,IAAI,CAAA;QAE9B,8BAA8B;QAC9B,OAAO,CAAC,GAAG,CAAC,0BAA0B,aAAa,CAAC,KAAK,KAAK,CAAC,CAAA;QAC/D,MAAM,aAAa,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,aAAa,CAAC,KAAK,CAAC,EAAE;YAC3D,OAAO,EAAE,OAAO;SACjB,CAAC,CAAA;QACF,OAAO,IAAI,CAAA;IACb,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,YAAY,CAAC,OAAe,EAAE,GAAW;IAC7D,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;QAC3B,OAAO;YACL,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,EAAE,KAAK,EAAE,wBAAwB,EAAE;YAC3C,OAAO,EAAE,IAAI;SACd,CAAA;IACH,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,iBAAiB,EAAE,CAAA;IACjD,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO;YACL,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,EAAE,KAAK,EAAE,8DAA8D,EAAE;YACjF,OAAO,EAAE,IAAI;SACd,CAAA;IACH,CAAC;IAED,MAAM,cAAc,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,eAAe,EAAE,CAAA;IAChE,MAAM,WAAW,GAAG,GAAG,aAAa,CAAC,WAAW,GAAG,CAAA;IACnD,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;IAE1D,MAAM,IAAI,GAAG;QACX,KAAK;QACL,MAAM;QACN,WAAW,EAAE,MAAM;QACnB,UAAU,EAAE,WAAW;QACvB,QAAQ,EAAE,GAAG;QACb,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;QAC9C,IAAI,EAAE,GAAG,cAAc,KAAK;QAC5B,WAAW,EAAE,eAAe;QAC5B,aAAa,CAAC,KAAK;QACnB,IAAI,EAAE,IAAI,EAAE,OAAO;KACpB,CAAA;IAED,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,IAAI,EAAE;YAC7D,OAAO,EAAE,OAAO,GAAG,MAAM;YACzB,SAAS,EAAE,gBAAgB;SAC5B,CAAC,CAAA;QAEF,IAAI,MAAM,GAAG,EAAE,CAAA;QACf,IAAI,MAAM;YAAE,MAAM,IAAI,cAAc,CAAC,MAAM,CAAC,CAAA;QAC5C,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,IAAI,oBAAoB,CAAA;YAC9B,MAAM,IAAI,cAAc,CAAC,MAAM,CAAC,CAAA;QAClC,CAAC;QAED,OAAO;YACL,IAAI,EAAE,SAAS;YACf,MAAM,EAAE;gBACN,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE;gBACrB,SAAS,EAAE,CAAC;gBACZ,SAAS,EAAE,IAAI;aAChB;YACD,OAAO,EAAE,KAAK;SACf,CAAA;IACH,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,OAAO,GAAG,GAA4E,CAAA;QAC5F,IAAI,MAAM,GAAG,EAAE,CAAA;QACf,IAAI,OAAO,CAAC,MAAM;YAAE,MAAM,IAAI,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;QAC5D,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,MAAM,IAAI,oBAAoB,CAAA;YAC9B,MAAM,IAAI,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;QAC1C,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,MAAM,IAAI,oDAAoD,CAAA;QAChE,CAAC;QAED,OAAO;YACL,IAAI,EAAE,SAAS;YACf,MAAM,EAAE;gBACN,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE;gBACrB,SAAS,EAAE,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAC9D,SAAS,EAAE,IAAI;gBACf,SAAS,EAAE,OAAO,CAAC,MAAM,IAAI,KAAK;aACnC;YACD,OAAO,EAAE,IAAI;SACd,CAAA;IACH,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,kBAAkB,CACtC,QAAgB,EAChB,OAAe,EACf,GAAW;IAEX,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;QAC3B,OAAO;YACL,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,EAAE,KAAK,EAAE,wBAAwB,EAAE;YAC3C,OAAO,EAAE,IAAI;SACd,CAAA;IACH,CAAC;IAED,yDAAyD;IACzD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,iBAAiB,CAAC,CAAA;IACxD,EAAE,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;IACzC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;IAC5D,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAA;IAE3C,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;QAC7C,MAAM,aAAa,GAAG,GAAG,eAAe,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE,CAAA;QAC/F,MAAM,cAAc,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,eAAe,EAAE,CAAA;QAEhE,MAAM,UAAU,GAAG;YACjB,KAAK;YACL,MAAM;YACN,WAAW,EAAE,MAAM;YACnB,UAAU,EAAE,GAAG,aAAa,CAAC,WAAW,GAAG;YAC3C,IAAI,EAAE,GAAG,cAAc,EAAE;YACzB,IAAI,EAAE,GAAG,OAAO,4BAA4B;YAC5C,WAAW,EAAE,eAAe;YAC5B,aAAa,CAAC,KAAK;YACnB,IAAI,EAAE,IAAI,EAAE,wBAAwB,aAAa,qCAAqC,aAAa,GAAG;SACvG,CAAA;QAED,MAAM,aAAa,CAAC,QAAQ,EAAE,UAAU,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAA;QAE9D,OAAO;YACL,IAAI,EAAE,SAAS;YACf,MAAM,EAAE;gBACN,IAAI,EAAE,MAAM;gBACZ,QAAQ;gBACR,YAAY,EAAE,MAAM,CAAC,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC;gBACjD,SAAS,EAAE,IAAI;aAChB;YACD,OAAO,EAAE,KAAK;SACf,CAAA;IACH,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,OAAO;YACL,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,EAAE,KAAK,EAAE,yBAA0B,GAAa,CAAC,OAAO,EAAE,EAAE;YACpE,OAAO,EAAE,IAAI;SACd,CAAA;IACH,CAAC;YAAS,CAAC;QACT,IAAI,CAAC;YACH,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;QACxB,CAAC;QAAC,MAAM,CAAC;YACP,kCAAkC;QACpC,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,MAAc;IACpC,IAAI,MAAM,CAAC,MAAM,GAAG,MAAM,EAAE,CAAC;QAC3B,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,GAAG,mBAAmB,CAAA;IACtD,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC"}

package/dist/tools/sandbox/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/tools/sandbox/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAG7C,MAAM,MAAM,WAAW,GAAG,KAAK,GAAG,WAAW,GAAG,UAAU,CAAA;AAK1D,wBAAgB,cAAc,IAAI,WAAW,CAE5C;AAED,wBAAgB,cAAc,CAAC,IAAI,EAAE,WAAW,GAAG,IAAI,CAGtD;AAED,wBAAgB,iBAAiB,IAAI,OAAO,CAW3C;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,MAAM,EACf,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,UAAU,CAAC,CAoBrB"}

package/dist/tools/sandbox/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/tools/sandbox/index.ts"],"names":[],"mappings":";;AAgBA,wCAEC;AAED,wCAGC;AAED,8CAWC;AAKD,sCAwBC;AAxDD,qCAAuC;AAIvC,IAAI,WAAW,GAAgB,KAAK,CAAA;AACpC,IAAI,eAAe,GAAmB,IAAI,CAAA;AAE1C,SAAgB,cAAc;IAC5B,OAAO,WAAW,CAAA;AACpB,CAAC;AAED,SAAgB,cAAc,CAAC,IAAiB;IAC9C,WAAW,GAAG,IAAI,CAAA;IAClB,eAAe,GAAG,IAAI,CAAA,CAAC,uBAAuB;AAChD,CAAC;AAED,SAAgB,iBAAiB;IAC/B,IAAI,eAAe,KAAK,IAAI;QAAE,OAAO,eAAe,CAAA;IACpD,yCAAyC;IACzC,IAAI,CAAC;QACH,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,eAAe,CAAmC,CAAA;QAC/E,QAAQ,CAAC,aAAa,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAA;QACzD,eAAe,GAAG,IAAI,CAAA;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,eAAe,GAAG,KAAK,CAAA;IACzB,CAAC;IACD,OAAO,eAAe,CAAA;AACxB,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,aAAa,CACjC,OAAe,EACf,GAAW,EACX,OAAe;IAEf,IAAI,WAAW,KAAK,KAAK,EAAE,CAAC;QAC1B,OAAO,SAAS,CAAC,OAAO,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;IACzC,CAAC;IAED,IAAI,WAAW,KAAK,WAAW,IAAI,CAAC,iBAAiB,EAAE,EAAE,CAAC;QACxD,OAAO,SAAS,CAAC,OAAO,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;IACzC,CAAC;IAED,IAAI,WAAW,KAAK,UAAU,IAAI,CAAC,iBAAiB,EAAE,EAAE,CAAC;QACvD,OAAO;YACL,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE;gBACN,KAAK,EAAE,yGAAyG;aACjH;YACD,OAAO,EAAE,IAAI;SACd,CAAA;IACH,CAAC;IAED,OAAO,IAAA,qBAAY,EAAC,OAAO,EAAE,GAAG,CAAC,CAAA;AACnC,CAAC;AAED,SAAS,SAAS,CAAC,OAAe,EAAE,GAAW,EAAE,OAAe;IAC9D,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,eAAe,CAAmC,CAAA;IAC/E,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,EAAE;YAC/B,GAAG;YACH,OAAO;YACP,SAAS,EAAE,IAAI,GAAG,IAAI,GAAG,EAAE;YAC3B,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW;SAC9D,CAAC,CAAA;QACF,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,IAAI,aAAa,EAAE,QAAQ,EAAE,CAAC,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;IACnG,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,CAAC,GAAG,GAA8E,CAAA;QACxF,IAAI,MAAM,GAAG,EAAE,CAAA;QACf,IAAI,CAAC,CAAC,MAAM;YAAE,MAAM,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAA;QACzD,IAAI,CAAC,CAAC,MAAM;YAAE,MAAM,IAAI,oBAAoB,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAA;QAChF,IAAI,CAAC,CAAC,MAAM;YAAE,MAAM,IAAI,iCAAiC,OAAO,QAAQ,CAAA;QACxE,OAAO;YACL,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE;YAC1D,OAAO,EAAE,IAAI;SACd,CAAA;IACH,CAAC;AACH,CAAC"}

package/dist/tools/sanitize.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Security: validate that a file path is within the workspace root.
+ * Prevents path traversal attacks (e.g. ../../etc/passwd).
+ */
+export declare function sanitizeFilePath(filePath: string, workspaceRoot: string): string;
+/**
+ * Validate a URL is safe for web-fetch (http/https only, no internal IPs by default).
+ */
+export declare function sanitizeUrl(url: string): void;
+//# sourceMappingURL=sanitize.d.ts.map

package/dist/tools/sanitize.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitize.d.ts","sourceRoot":"","sources":["../../src/tools/sanitize.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,MAAM,CAgBhF;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAkC7C"}

package/dist/tools/sanitize.js

@@ -0,0 +1,87 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sanitizeFilePath = sanitizeFilePath;
+exports.sanitizeUrl = sanitizeUrl;
+const path = __importStar(require("path"));
+/**
+ * Security: validate that a file path is within the workspace root.
+ * Prevents path traversal attacks (e.g. ../../etc/passwd).
+ */
+function sanitizeFilePath(filePath, workspaceRoot) {
+    const resolved = path.resolve(workspaceRoot, filePath);
+    // Normalize for comparison (handle .., ., symlinks)
+    const normalizedWorkspace = path.normalize(workspaceRoot);
+    const normalizedResolved = path.normalize(resolved);
+    if (!normalizedResolved.startsWith(normalizedWorkspace + path.sep) &&
+        normalizedResolved !== normalizedWorkspace) {
+        throw new Error(`Path traversal blocked: "${filePath}" resolves outside workspace root. ` +
+            `Resolved: ${normalizedResolved}, Workspace: ${normalizedWorkspace}`);
+    }
+    return resolved;
+}
+/**
+ * Validate a URL is safe for web-fetch (http/https only, no internal IPs by default).
+ */
+function sanitizeUrl(url) {
+    let parsed;
+    try {
+        parsed = new URL(url);
+    }
+    catch {
+        throw new Error(`Invalid URL: ${url}`);
+    }
+    if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+        throw new Error(`Only http:// and https:// URLs are allowed. Got: ${parsed.protocol}`);
+    }
+    // Block internal IPs (basic SSRF protection)
+    const hostname = parsed.hostname;
+    const internalPatterns = [
+        /^127\./,
+        /^10\./,
+        /^172\.(1[6-9]|2\d|3[01])\./,
+        /^192\.168\./,
+        /^0\./,
+        /^localhost$/i,
+        /^::1$/,
+        /^fd/i,
+    ];
+    for (const pattern of internalPatterns) {
+        if (pattern.test(hostname)) {
+            throw new Error(`Internal/private network addresses are not allowed: ${hostname}`);
+        }
+    }
+}
+//# sourceMappingURL=sanitize.js.map

package/dist/tools/sanitize.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitize.js","sourceRoot":"","sources":["../../src/tools/sanitize.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAMA,4CAgBC;AAKD,kCAkCC;AA7DD,2CAA4B;AAE5B;;;GAGG;AACH,SAAgB,gBAAgB,CAAC,QAAgB,EAAE,aAAqB;IACtE,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAA;IAEtD,oDAAoD;IACpD,MAAM,mBAAmB,GAAG,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAA;IACzD,MAAM,kBAAkB,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAA;IAEnD,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,mBAAmB,GAAG,IAAI,CAAC,GAAG,CAAC;QAC9D,kBAAkB,KAAK,mBAAmB,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CACb,4BAA4B,QAAQ,qCAAqC;YACzE,aAAa,kBAAkB,gBAAgB,mBAAmB,EAAE,CACrE,CAAA;IACH,CAAC;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW,CAAC,GAAW;IACrC,IAAI,MAAW,CAAA;IACf,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,gBAAgB,GAAG,EAAE,CAAC,CAAA;IACxC,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CACb,oDAAoD,MAAM,CAAC,QAAQ,EAAE,CACtE,CAAA;IACH,CAAC;IAED,6CAA6C;IAC7C,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAA;IAChC,MAAM,gBAAgB,GAAG;QACvB,QAAQ;QACR,OAAO;QACP,4BAA4B;QAC5B,aAAa;QACb,MAAM;QACN,cAAc;QACd,OAAO;QACP,MAAM;KACP,CAAA;IAED,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;QACvC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,uDAAuD,QAAQ,EAAE,CAClE,CAAA;QACH,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/tools/tools/ask-user.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ask-user.d.ts","sourceRoot":"","sources":["../../../src/tools/tools/ask-user.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,IAAI,EAAqC,MAAM,aAAa,CAAA;AAE1E,eAAO,MAAM,WAAW,EAAE,IAwDzB,CAAA"}

package/dist/tools/tools/ask-user.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ask-user.js","sourceRoot":"","sources":["../../../src/tools/tools/ask-user.ts"],"names":[],"mappings":";;;AAAA,uCAA0C;AAG7B,QAAA,WAAW,GAAS;IAC/B,IAAI;QACF,OAAO;YACL,IAAI,EAAE,UAAU;YAChB,WAAW,EACT,kJAAkJ;YACpJ,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,QAAQ,EAAE;wBACR,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,8BAA8B;qBAC5C;oBACD,OAAO,EAAE;wBACP,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,WAAW,EAAE,oDAAoD;qBAClE;iBACF;gBACD,QAAQ,EAAE,CAAC,UAAU,CAAC;aACvB;YACD,UAAU,EAAE,IAAI;SACjB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,KAA8B,EAAE,IAAiB;QACzD,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAA;QAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,sBAAsB,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;QACvF,CAAC;QAED,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;QAE7E,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,OAAO,QAAQ,EAAE,CAAC,CAAA;YAC9B,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC,CAAA;YAChE,OAAO,CAAC,GAAG,EAAE,CAAA;QACf,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,OAAO,QAAQ,IAAI,CAAC,CAAA;QAClC,CAAC;QAED,MAAM,EAAE,GAAG,IAAA,0BAAe,EAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAA;QAE5E,MAAM,MAAM,GAAG,MAAM,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,EAAE;YACnD,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE;gBAC1B,EAAE,CAAC,KAAK,EAAE,CAAA;gBACV,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAA;YACrB,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QAEF,OAAO;YACL,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE;YACpG,OAAO,EAAE,KAAK;SACf,CAAA;IACH,CAAC;CACF,CAAA"}

package/dist/tools/tools/bash.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bash.d.ts","sourceRoot":"","sources":["../../../src/tools/tools/bash.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,IAAI,EAAqC,MAAM,aAAa,CAAA;AAO1E,eAAO,MAAM,QAAQ,EAAE,IA0GtB,CAAA"}

package/dist/tools/tools/bash.js

@@ -1,8 +1,42 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.bashTool = void 0;
 const child_process_1 = require("child_process");
 const util_1 = require("util");
+const path = __importStar(require("path"));
 const execAsync = (0, util_1.promisify)(child_process_1.exec);
 const MAX_OUTPUT = 50_000;
 const TIMEOUT_MS = 120_000;
@@ -22,6 +56,10 @@ exports.bashTool = {
                         type: "number",
                         description: "Optional timeout in ms (default 120000, max 300000)",
                     },
+                    cwd: {
+                        type: "string",
+                        description: "Working directory for the command. Defaults to the current working directory. Must be within the workspace.",
+                    },
                 },
                 required: ["command"],
             },
@@ -29,9 +67,21 @@ exports.bashTool = {
             isDestructive: true,
         };
     },
-    async run(input, _ctx) {
+    async run(input, ctx) {
         const command = String(input.command ?? "");
         const timeout = Math.min(typeof input.timeout === "number" ? input.timeout : TIMEOUT_MS, 300_000);
+        // Resolve cwd — validate it's within the workspace
+        let cwd;
+        if (typeof input.cwd === "string" && input.cwd.trim()) {
+            cwd = path.resolve(ctx.workspaceRoot, input.cwd);
+            if (!cwd.startsWith(ctx.workspaceRoot)) {
+                return {
+                    name: "bash",
+                    output: { error: `Working directory must be within the workspace: ${ctx.workspaceRoot}` },
+                    isError: true,
+                };
+            }
+        }
         if (!command.trim()) {
             return { name: "bash", output: { error: "command is required" }, isError: true };
         }
@@ -39,6 +89,7 @@ exports.bashTool = {
             const { stdout, stderr } = await execAsync(command, {
                 maxBuffer: 1024 * 1024 * 10,
                 timeout,
+                cwd: cwd ?? ctx.cwd,
                 shell: process.platform === "win32" ? "cmd" : "/bin/bash",
             });
             let output = "";

package/dist/tools/tools/bash.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bash.js","sourceRoot":"","sources":["../../../src/tools/tools/bash.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAoC;AACpC,+BAAgC;AAChC,2CAA4B;AAG5B,MAAM,SAAS,GAAG,IAAA,gBAAS,EAAC,oBAAI,CAAC,CAAA;AAEjC,MAAM,UAAU,GAAG,MAAM,CAAA;AACzB,MAAM,UAAU,GAAG,OAAO,CAAA;AAEb,QAAA,QAAQ,GAAS;IAC5B,IAAI;QACF,OAAO;YACL,IAAI,EAAE,MAAM;YACZ,WAAW,EACT,0IAA0I;YAC5I,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,OAAO,EAAE;wBACP,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,wBAAwB;qBACtC;oBACD,OAAO,EAAE;wBACP,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,qDAAqD;qBACnE;oBACD,GAAG,EAAE;wBACH,IAAI,EAAE,QAAQ;wBACd,WAAW,EACT,6GAA6G;qBAChH;iBACF;gBACD,QAAQ,EAAE,CAAC,SAAS,CAAC;aACtB;YACD,UAAU,EAAE,KAAK;YACjB,aAAa,EAAE,IAAI;SACpB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,GAAG,CACP,KAA8B,EAC9B,GAAgB;QAEhB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC,CAAA;QAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CACtB,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAC9D,OAAO,CACR,CAAA;QAED,mDAAmD;QACnD,IAAI,GAAuB,CAAA;QAC3B,IAAI,OAAO,KAAK,CAAC,GAAG,KAAK,QAAQ,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;YACtD,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;YAChD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;gBACvC,OAAO;oBACL,IAAI,EAAE,MAAM;oBACZ,MAAM,EAAE,EAAE,KAAK,EAAE,mDAAmD,GAAG,CAAC,aAAa,EAAE,EAAE;oBACzF,OAAO,EAAE,IAAI;iBACd,CAAA;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;YACpB,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;QAClF,CAAC;QAED,IAAI,CAAC;YACH,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE;gBAClD,SAAS,EAAE,IAAI,GAAG,IAAI,GAAG,EAAE;gBAC3B,OAAO;gBACP,GAAG,EAAE,GAAG,IAAI,GAAG,CAAC,GAAG;gBACnB,KAAK,EAAE,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,WAAW;aAC1D,CAAC,CAAA;YAEF,IAAI,MAAM,GAAG,EAAE,CAAA;YACf,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,UAAU;oBAClC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,GAAG,mBAAmB;oBACnD,CAAC,CAAC,MAAM,CAAA;YACZ,CAAC;YACD,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,IAAI,oBAAoB,CAAA;gBAC9B,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,UAAU;oBAClC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,GAAG,mBAAmB;oBACnD,CAAC,CAAC,MAAM,CAAA;YACZ,CAAC;YAED,OAAO;gBACL,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE;gBAC/C,OAAO,EAAE,KAAK;aACf,CAAA;QACH,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,CAAC,GAAG,GAAqF,CAAA;YAC/F,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,IAAI,EAAE,CAAA;YAC7B,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,IAAI,EAAE,CAAA;YAC7B,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAA;YAExD,IAAI,MAAM,GAAG,EAAE,CAAA;YACf,IAAI,MAAM;gBAAE,MAAM,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAA;YACjD,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,IAAI,oBAAoB,CAAA;gBAC9B,MAAM,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAA;YACvC,CAAC;YACD,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;gBACb,MAAM,IAAI,iCAAiC,OAAO,QAAQ,CAAA;YAC5D,CAAC;YAED,OAAO;gBACL,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE;gBACtD,OAAO,EAAE,IAAI;aACd,CAAA;QACH,CAAC;IACH,CAAC;CACF,CAAA"}

package/dist/tools/tools/edit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"edit.d.ts","sourceRoot":"","sources":["../../../src/tools/tools/edit.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAA2B,MAAM,aAAa,CAAA;AAKhE,eAAO,MAAM,QAAQ,EAAE,IA+GtB,CAAA"}

package/dist/tools/tools/edit.js

@@ -35,7 +35,8 @@ var __importStar = (this && this.__importStar) || (function () {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.editTool = void 0;
 const fs = __importStar(require("fs/promises"));
-const path = __importStar(require("path"));
+const sanitize_1 = require("../sanitize");
+const MAX_FILE_SIZE = 5 * 1024 * 1024; // 5MB limit for edit operations
 exports.editTool = {
     spec() {
         return {
@@ -78,7 +79,13 @@ exports.editTool = {
         if (!oldString) {
             return { name: "edit", output: { error: "old_string is required" }, isError: true };
         }
-        const resolved = path.resolve(ctx.cwd, filePath);
+        let resolved;
+        try {
+            resolved = (0, sanitize_1.sanitizeFilePath)(filePath, ctx.workspaceRoot);
+        }
+        catch (err) {
+            return { name: "edit", output: { error: err.message }, isError: true };
+        }
         let content;
         try {
             content = await fs.readFile(resolved, "utf-8");

package/dist/tools/tools/edit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"edit.js","sourceRoot":"","sources":["../../../src/tools/tools/edit.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,gDAAiC;AAGjC,0CAA8C;AAE9C,MAAM,aAAa,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAA,CAAC,gCAAgC;AAEzD,QAAA,QAAQ,GAAS;IAC5B,IAAI;QACF,OAAO;YACL,IAAI,EAAE,MAAM;YACZ,WAAW,EACT,sFAAsF;YACxF,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,SAAS,EAAE;wBACT,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,0BAA0B;qBACxC;oBACD,UAAU,EAAE;wBACV,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,8BAA8B;qBAC5C;oBACD,UAAU,EAAE;wBACV,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,sBAAsB;qBACpC;oBACD,WAAW,EAAE;wBACX,IAAI,EAAE,SAAS;wBACf,WAAW,EAAE,0CAA0C;qBACxD;iBACF;gBACD,QAAQ,EAAE,CAAC,WAAW,EAAE,YAAY,EAAE,YAAY,CAAC;aACpD;YACD,UAAU,EAAE,KAAK;YACjB,aAAa,EAAE,IAAI;SACpB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,KAA8B,EAAE,GAAgB;QACxD,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,IAAI,EAAE,CAAC,CAAA;QAC9C,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC,CAAA;QAChD,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC,CAAA;QAChD,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAA;QAE7C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;QACpF,CAAC;QACD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,wBAAwB,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;QACrF,CAAC;QAED,IAAI,QAAgB,CAAA;QACpB,IAAI,CAAC;YACH,QAAQ,GAAG,IAAA,2BAAgB,EAAC,QAAQ,EAAE,GAAG,CAAC,aAAa,CAAC,CAAA;QAC1D,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;QACnF,CAAC;QAED,IAAI,OAAe,CAAA;QACnB,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;QAChD,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,OAAO;gBACL,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE,EAAE,KAAK,EAAE,wBAAyB,GAAa,CAAC,OAAO,EAAE,EAAE;gBACnE,OAAO,EAAE,IAAI;aACd,CAAA;QACH,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YACjC,OAAO;gBACL,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE;oBACN,KAAK,EAAE,2BAA2B,QAAQ,EAAE;oBAC5C,IAAI,EAAE,iEAAiE;iBACxE;gBACD,OAAO,EAAE,IAAI;aACd,CAAA;QACH,CAAC;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC,CAAA;QACvD,IAAI,WAAW,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACnC,OAAO;gBACL,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE;oBACN,KAAK,EAAE,SAAS,WAAW,0EAA0E;oBACrG,WAAW;iBACZ;gBACD,OAAO,EAAE,IAAI;aACd,CAAA;QACH,CAAC;QAED,MAAM,UAAU,GAAG,UAAU;YAC3B,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC;YAC1C,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;QAEzC,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,EAAE,OAAO,CAAC,CAAA;QACnD,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,OAAO;gBACL,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE,EAAE,KAAK,EAAE,yBAA0B,GAAa,CAAC,OAAO,EAAE,EAAE;gBACpE,OAAO,EAAE,IAAI;aACd,CAAA;QACH,CAAC;QAED,OAAO;YACL,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE;gBACN,SAAS,EAAE,QAAQ;gBACnB,YAAY,EAAE,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;gBAC1C,MAAM,EAAE,QAAQ;aACjB;YACD,OAAO,EAAE,KAAK;SACf,CAAA;IACH,CAAC;CACF,CAAA"}

package/dist/tools/tools/glob.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"glob.d.ts","sourceRoot":"","sources":["../../../src/tools/tools/glob.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,IAAI,EAAqC,MAAM,aAAa,CAAA;AAE1E,eAAO,MAAM,QAAQ,EAAE,IA8DtB,CAAA"}

package/dist/tools/tools/glob.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"glob.js","sourceRoot":"","sources":["../../../src/tools/tools/glob.ts"],"names":[],"mappings":";;;AAAA,+BAA2B;AAGd,QAAA,QAAQ,GAAS;IAC5B,IAAI;QACF,OAAO;YACL,IAAI,EAAE,MAAM;YACZ,WAAW,EACT,uGAAuG;YACzG,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,OAAO,EAAE;wBACP,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,8CAA8C;qBAC5D;oBACD,IAAI,EAAE;wBACJ,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,yDAAyD;qBACvE;iBACF;gBACD,QAAQ,EAAE,CAAC,SAAS,CAAC;aACtB;YACD,UAAU,EAAE,IAAI;SACjB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,KAA8B,EAAE,GAAgB;QACxD,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC,CAAA;QAC3C,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,IAAI,GAAG,CAAC,aAAa,CAAC,CAAA;QAEvD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;QAClF,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAA,WAAI,EAAC,OAAO,EAAE;gBAClC,GAAG,EAAE,OAAO;gBACZ,KAAK,EAAE,IAAI;gBACX,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,CAAC,oBAAoB,EAAE,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC;aAC1E,CAAC,CAAA;YAEF,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;YACtC,MAAM,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAA;YAE3D,OAAO;gBACL,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE;oBACN,OAAO;oBACP,OAAO;oBACP,OAAO,EAAE,OAAO;oBAChB,QAAQ,EAAE,OAAO,CAAC,MAAM;oBACxB,SAAS;iBACV;gBACD,OAAO,EAAE,KAAK;aACf,CAAA;QACH,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,OAAO;gBACL,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE,EAAE,KAAK,EAAE,MAAM,CAAE,GAAa,CAAC,OAAO,IAAI,GAAG,CAAC,EAAE;gBACxD,OAAO,EAAE,IAAI;aACd,CAAA;QACH,CAAC;IACH,CAAC;CACF,CAAA"}

package/dist/tools/tools/grep.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"grep.d.ts","sourceRoot":"","sources":["../../../src/tools/tools/grep.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAqC,MAAM,aAAa,CAAA;AAE1E,eAAO,MAAM,QAAQ,EAAE,IAgHtB,CAAA"}

package/dist/tools/tools/grep.js

@@ -34,6 +34,7 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.grepTool = void 0;
+const child_process_1 = require("child_process");
 const path = __importStar(require("path"));
 exports.grepTool = {
     spec() {
@@ -86,7 +87,7 @@ exports.grepTool = {
                 const includeOpt = include ? ` --include="${include}"` : "";
                 cmd = `grep -r -n -E${includeOpt} "${pattern.replace(/"/g, "")}" "${searchPath}" 2>/dev/null | head -${maxResults}`;
             }
-            const result = execSync(cmd, { maxBuffer: 1024 * 1024, timeout: 30000 });
+            const result = (0, child_process_1.execSync)(cmd, { maxBuffer: 1024 * 1024, timeout: 30000 });
             const output = result.toString().trim();
             const lines = output.split("\n").filter(Boolean);
             const matches = lines.slice(0, maxResults).map((line) => {
@@ -110,7 +111,7 @@ exports.grepTool = {
                 output: {
                     pattern,
                     path: searchPath,
-                    matches: matches,
+                    matches,
                     numFiles: files.length,
                     numMatches: matches.length,
                     truncated: matches.length >= maxResults,
@@ -119,7 +120,8 @@ exports.grepTool = {
             };
         }
         catch (err) {
-            if (err.status === 1 || err.status === 2) {
+            const execErr = err;
+            if (execErr.status === 1 || execErr.status === 2) {
                 return {
                     name: "grep",
                     output: {
@@ -135,14 +137,10 @@ exports.grepTool = {
             }
             return {
                 name: "grep",
-                output: { error: `grep failed: ${err.message}` },
+                output: { error: `grep failed: ${execErr.message ?? String(err)}` },
                 isError: true,
             };
         }
     },
 };
-function execSync(cmd, opts) {
-    const { execSync: _execSync } = require("child_process");
-    return _execSync(cmd, opts);
-}
 //# sourceMappingURL=grep.js.map

package/dist/tools/tools/grep.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"grep.js","sourceRoot":"","sources":["../../../src/tools/tools/grep.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAwC;AACxC,2CAA4B;AAGf,QAAA,QAAQ,GAAS;IAC5B,IAAI;QACF,OAAO;YACL,IAAI,EAAE,MAAM;YACZ,WAAW,EACT,gGAAgG;YAClG,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,OAAO,EAAE;wBACP,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,6CAA6C;qBAC3D;oBACD,IAAI,EAAE;wBACJ,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,kDAAkD;qBAChE;oBACD,OAAO,EAAE;wBACP,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,iDAAiD;qBAC/D;oBACD,WAAW,EAAE;wBACX,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,yCAAyC;qBACvD;iBACF;gBACD,QAAQ,EAAE,CAAC,SAAS,CAAC;aACtB;YACD,UAAU,EAAE,IAAI;SACjB,CAAA;IACH,CAAC;IAED,GAAG,CAAC,KAA8B,EAAE,GAAgB;QAClD,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC,CAAA;QAC3C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;QAClF,CAAC;QAED,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI;YAC3B,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC3C,CAAC,CAAC,GAAG,CAAC,GAAG,CAAA;QAEX,MAAM,UAAU,GAAG,OAAO,KAAK,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,CAAA;QACjF,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QAEjE,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAA;YAC1C,IAAI,GAAW,CAAA;YACf,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,aAAa,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;gBAC1E,GAAG,GAAG,oBAAoB,UAAU,KAAK,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,UAAU,MAAM,CAAA;YAC1F,CAAC;iBAAM,CAAC;gBACN,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,eAAe,OAAO,GAAG,CAAC,CAAC,CAAC,EAAE,CAAA;gBAC3D,GAAG,GAAG,gBAAgB,UAAU,KAAK,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,UAAU,yBAAyB,UAAU,EAAE,CAAA;YACrH,CAAC;YAED,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAA;YACxE,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,CAAA;YACvC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;YAEhD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;gBACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBAClC,IAAI,QAAQ,KAAK,CAAC,CAAC;oBAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAA;gBAC7D,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAA;gBAC3C,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;gBAC9C,IAAI,SAAS,KAAK,CAAC,CAAC,EAAE,CAAC;oBACrB,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,EAAE,CAAA;gBACvE,CAAC;gBACD,OAAO;oBACL,IAAI,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC;oBACrC,IAAI,EAAE,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC;oBACzD,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC;iBAC/B,CAAA;YACH,CAAC,CAAC,CAAA;YAEF,MAAM,KAAK,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;YAEtD,OAAO;gBACL,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE;oBACN,OAAO;oBACP,IAAI,EAAE,UAAU;oBAChB,OAAO;oBACP,QAAQ,EAAE,KAAK,CAAC,MAAM;oBACtB,UAAU,EAAE,OAAO,CAAC,MAAM;oBAC1B,SAAS,EAAE,OAAO,CAAC,MAAM,IAAI,UAAU;iBACxC;gBACD,OAAO,EAAE,KAAK;aACf,CAAA;QACH,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,GAA4C,CAAA;YAC5D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACjD,OAAO;oBACL,IAAI,EAAE,MAAM;oBACZ,MAAM,EAAE;wBACN,OAAO;wBACP,IAAI,EAAE,UAAU;wBAChB,OAAO,EAAE,EAAE;wBACX,QAAQ,EAAE,CAAC;wBACX,UAAU,EAAE,CAAC;wBACb,SAAS,EAAE,KAAK;qBACjB;oBACD,OAAO,EAAE,KAAK;iBACf,CAAA;YACH,CAAC;YACD,OAAO;gBACL,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE,EAAE,KAAK,EAAE,gBAAgB,OAAO,CAAC,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE;gBACnE,OAAO,EAAE,IAAI;aACd,CAAA;QACH,CAAC;IACH,CAAC;CACF,CAAA"}

package/dist/tools/tools/read.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"read.d.ts","sourceRoot":"","sources":["../../../src/tools/tools/read.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,IAAI,EAAqC,MAAM,aAAa,CAAA;AAG1E,eAAO,MAAM,QAAQ,EAAE,IAsDtB,CAAA"}

package/dist/tools/tools/read.js

@@ -35,7 +35,7 @@ var __importStar = (this && this.__importStar) || (function () {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.readTool = void 0;
 const fs = __importStar(require("fs"));
-const path = __importStar(require("path"));
+const sanitize_1 = require("../sanitize");
 exports.readTool = {
     spec() {
         return {
@@ -54,9 +54,12 @@ exports.readTool = {
         };
     },
     run(input, ctx) {
-        const filePath = path.resolve(ctx.cwd, String(input.file_path ?? ""));
-        if (!filePath.startsWith(ctx.cwd)) {
-            return { name: "read", output: { error: "Path is outside the workspace" }, isError: true };
+        let filePath;
+        try {
+            filePath = (0, sanitize_1.sanitizeFilePath)(String(input.file_path ?? ""), ctx.workspaceRoot);
+        }
+        catch (err) {
+            return { name: "read", output: { error: err.message }, isError: true };
         }
         if (!fs.existsSync(filePath)) {
             return { name: "read", output: { error: `File not found: ${input.file_path}` }, isError: true };

package/dist/tools/tools/read.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"read.js","sourceRoot":"","sources":["../../../src/tools/tools/read.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAwB;AAExB,0CAA8C;AAEjC,QAAA,QAAQ,GAAS;IAC5B,IAAI;QACF,OAAO;YACL,IAAI,EAAE,MAAM;YACZ,WAAW,EACT,uHAAuH;YACzH,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,0BAA0B,EAAE;oBACtE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,6CAA6C,EAAE;oBACtF,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iCAAiC,EAAE;iBAC1E;gBACD,QAAQ,EAAE,CAAC,WAAW,CAAC;aACxB;YACD,UAAU,EAAE,IAAI;SACjB,CAAA;IACH,CAAC;IAED,GAAG,CAAC,KAA8B,EAAE,GAAgB;QAClD,IAAI,QAAgB,CAAA;QACpB,IAAI,CAAC;YACH,QAAQ,GAAG,IAAA,2BAAgB,EAAC,MAAM,CAAC,KAAK,CAAC,SAAS,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,aAAa,CAAC,CAAA;QAC/E,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;QACnF,CAAC;QAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,mBAAmB,KAAK,CAAC,SAAS,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;QACjG,CAAC;QAED,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;QAClC,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;YACvB,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,wBAAwB,KAAK,CAAC,SAAS,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;QACtG,CAAC;QACD,IAAI,IAAI,CAAC,IAAI,GAAG,SAAS,EAAE,CAAC;YAC1B,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,mBAAmB,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,wBAAwB,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;QACrI,CAAC;QAED,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;QAC9C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAC7B,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAA;QAC/B,MAAM,MAAM,GAAG,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;QAC/E,MAAM,KAAK,GAAG,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,GAAG,MAAM,GAAG,CAAC,EAAE,IAAI,CAAC,CAAA;QAErG,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,MAAM,GAAG,CAAC,GAAG,KAAK,CAAC,CAAA;QAC1D,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAEhG,OAAO;YACL,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE;YAChJ,OAAO,EAAE,KAAK;SACf,CAAA;IACH,CAAC;CACF,CAAA"}

package/dist/tools/tools/web-fetch.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"web-fetch.d.ts","sourceRoot":"","sources":["../../../src/tools/tools/web-fetch.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAqC,MAAM,aAAa,CAAA;AAQ1E,eAAO,MAAM,YAAY,EAAE,IAqD1B,CAAA"}

package/dist/tools/tools/web-fetch.js

@@ -7,24 +7,20 @@ exports.webFetchTool = void 0;
 const https_1 = __importDefault(require("https"));
 const http_1 = __importDefault(require("http"));
 const version_1 = require("../../version");
+const sanitize_1 = require("../sanitize");
 const MAX_RESPONSE_SIZE = 500_000;
 const TIMEOUT_MS = 30_000;
+const MAX_REDIRECTS = 5;
 exports.webFetchTool = {
     spec() {
         return {
             name: "web-fetch",
-            description: "Fetch content from a URL. Returns the response body as text. Supports HTTP and HTTPS. Use for reading web pages, API responses, or documentation.",
+            description: "Fetch content from a URL. Returns the response body as text. Supports HTTP and HTTPS.",
             inputSchema: {
                 type: "object",
                 properties: {
-                    url: {
-                        type: "string",
-                        description: "The URL to fetch (http:// or https://)",
-                    },
-                    method: {
-                        type: "string",
-                        description: "HTTP method (default: GET)",
-                    },
+                    url: { type: "string", description: "The URL to fetch (http:// or https://)" },
+                    method: { type: "string", description: "HTTP method (default: GET)" },
                     headers: {
                         type: "object",
                         description: "Optional request headers as key-value pairs",
@@ -35,109 +31,88 @@ exports.webFetchTool = {
             isReadOnly: true,
         };
     },
-    run(input, _ctx) {
+    async run(input, _ctx) {
         const url = String(input.url ?? "");
-        const method = String(input.method ?? "GET").toUpperCase();
-        const headers = input.headers ?? {};
+        const method = String(input.method || "GET").toUpperCase();
+        const headers = input.headers || {};
+        const redirectCount = parseInt(String(input._redirectCount || "0"), 10);
         if (!url) {
-            return Promise.resolve({
-                name: "web-fetch",
-                output: { error: "url is required" },
-                isError: true,
-            });
+            return { name: "web-fetch", output: { error: "url is required" }, isError: true };
         }
-        let parsedUrl;
         try {
-            parsedUrl = new URL(url);
+            (0, sanitize_1.sanitizeUrl)(url);
         }
-        catch {
-            return Promise.resolve({
-                name: "web-fetch",
-                output: { error: `Invalid URL: ${url}` },
-                isError: true,
-            });
+        catch (err) {
+            return { name: "web-fetch", output: { error: err.message }, isError: true };
         }
-        if (parsedUrl.protocol !== "http:" && parsedUrl.protocol !== "https:") {
-            return Promise.resolve({
-                name: "web-fetch",
-                output: { error: `Unsupported protocol: ${parsedUrl.protocol}. Use http:// or https://` },
-                isError: true,
-            });
+        const result = await doFetch(url, method, headers);
+        if (result._redirect) {
+            if (redirectCount >= MAX_REDIRECTS) {
+                return { name: "web-fetch", output: { error: `Too many redirects (max ${MAX_REDIRECTS})` }, isError: true };
+            }
+            try {
+                (0, sanitize_1.sanitizeUrl)(result._redirect);
+            }
+            catch (err) {
+                return { name: "web-fetch", output: { error: `Redirect to blocked URL: ${err.message}` }, isError: true };
+            }
+            return exports.webFetchTool.run({ ...input, url: result._redirect, _redirectCount: redirectCount + 1 }, _ctx);
         }
-        return new Promise((resolve) => {
-            const lib = parsedUrl.protocol === "https:" ? https_1.default : http_1.default;
-            const req = lib.request(url, {
-                method,
-                headers: {
-                    "User-Agent": `LLMTune-CLI/${version_1.CLI_VERSION}`,
-                    Accept: "text/html,application/json,text/plain,*/*",
-                    ...headers,
-                },
-                timeout: TIMEOUT_MS,
-            }, (res) => {
-                // Follow redirects (up to 5)
-                if (res.statusCode && res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
-                    const redirectUrl = new URL(res.headers.location, url).toString();
-                    return Promise.resolve(exports.webFetchTool.run({ ...input, url: redirectUrl }, _ctx)).then(resolve);
-                }
-                const chunks = [];
-                let size = 0;
-                res.on("data", (chunk) => {
-                    size += chunk.length;
-                    if (size > MAX_RESPONSE_SIZE) {
-                        req.destroy();
-                        resolve({
-                            name: "web-fetch",
-                            output: {
-                                error: `Response too large (${(size / 1024).toFixed(0)}KB). Maximum is ${MAX_RESPONSE_SIZE / 1024}KB.`,
-                            },
-                            isError: true,
-                        });
-                        return;
+        return result;
+    },
+};
+function doFetch(url, method, headers) {
+    return new Promise((resolve) => {
+        const parsedUrl = new URL(url);
+        const httpModule = parsedUrl.protocol === "https:" ? https_1.default : http_1.default;
+        const options = {
+            method,
+            hostname: parsedUrl.hostname,
+            port: parsedUrl.port,
+            path: parsedUrl.pathname + parsedUrl.search,
+            headers: {
+                "User-Agent": `llmtune-cli/${version_1.CLI_VERSION}`,
+                ...headers,
+            },
+            timeout: TIMEOUT_MS,
+        };
+        const req = httpModule.request(options, (res) => {
+            if (res.statusCode && res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
+                const redirectUrl = new URL(res.headers.location, url).toString();
+                res.resume();
+                resolve({ name: "web-fetch", output: {}, isError: false, _redirect: redirectUrl });
+                return;
+            }
+            let body = "";
+            let truncated = false;
+            res.on("data", (chunk) => {
+                if (!truncated) {
+                    body += chunk.toString();
+                    if (body.length > MAX_RESPONSE_SIZE) {
+                        body = body.slice(0, MAX_RESPONSE_SIZE);
+                        truncated = true;
                     }
-                    chunks.push(chunk);
-                });
-                res.on("end", () => {
-                    const body = Buffer.concat(chunks).toString("utf-8");
-                    const truncated = body.length > 50_000;
-                    const content = truncated ? body.slice(0, 50_000) + "\n... (truncated)" : body;
-                    resolve({
-                        name: "web-fetch",
-                        output: {
-                            url,
-                            status: res.statusCode ?? 0,
-                            contentType: res.headers["content-type"] ?? "unknown",
-                            content,
-                            truncated,
-                        },
-                        isError: false,
-                    });
-                });
-                res.on("error", (err) => {
-                    resolve({
-                        name: "web-fetch",
-                        output: { error: `Response error: ${err.message}` },
-                        isError: true,
-                    });
-                });
+                }
             });
-            req.on("error", (err) => {
+            res.on("end", () => {
                 resolve({
                     name: "web-fetch",
-                    output: { error: `Request failed: ${err.message}` },
-                    isError: true,
+                    output: { url, status: res.statusCode, content: body, truncated },
+                    isError: false,
                 });
             });
-            req.on("timeout", () => {
-                req.destroy();
-                resolve({
-                    name: "web-fetch",
-                    output: { error: `Request timed out after ${TIMEOUT_MS / 1000}s` },
-                    isError: true,
-                });
+            res.on("error", (err) => {
+                resolve({ name: "web-fetch", output: { error: `Response error: ${err.message}` }, isError: true });
             });
-            req.end();
         });
-    },
-};
+        req.on("error", (err) => {
+            resolve({ name: "web-fetch", output: { error: `Request error: ${err.message}` }, isError: true });
+        });
+        req.on("timeout", () => {
+            req.destroy();
+            resolve({ name: "web-fetch", output: { error: `Request timed out after ${TIMEOUT_MS / 1000}s` }, isError: true });
+        });
+        req.end();
+    });
+}
 //# sourceMappingURL=web-fetch.js.map