@lobu/worker 3.3.0 → 3.4.0

package/dist/embedded/just-bash-bootstrap.d.ts

@@ -9,13 +9,28 @@
  * just-bash customCommands that delegate to real exec.
  */
 import type { BashOperations } from "@mariozechner/pi-coding-agent";
+import type { GatewayParams } from "../shared/tool-implementations";
+import type { McpRuntimeRef } from "./mcp-cli-commands";
 export declare function buildBinaryInvocation(binaryPath: string, args: string[]): {
     command: string;
     args: string[];
 };
+export interface EmbeddedBashOpsOptions {
+    /**
+     * When provided together with `gw`, MCP servers are exposed as one
+     * `just-bash` custom command per server (e.g. `owletto search_knowledge
+     * <<<'{...}'`). Only applied when `mcpExposure === "cli"`. The ref's
+     * optional `refresh()` is invoked after successful auth operations so
+     * CLI handlers pick up freshly-discovered MCP tools without rebuilding Bash.
+     */
+    mcpRuntimeRef?: McpRuntimeRef;
+    gw?: GatewayParams;
+    /** `"tools"` (default) keeps today's first-class MCP tools. `"cli"` swaps to sandboxed bash CLIs. */
+    mcpExposure?: "tools" | "cli";
+}
 /**
  * Create a BashOperations adapter backed by a just-bash Bash instance.
  * Reads configuration from environment variables.
  */
-export declare function createEmbeddedBashOps(): Promise<BashOperations>;
+export declare function createEmbeddedBashOps(options?: EmbeddedBashOpsOptions): Promise<BashOperations>;
 //# sourceMappingURL=just-bash-bootstrap.d.ts.map

package/dist/embedded/just-bash-bootstrap.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"just-bash-bootstrap.d.ts","sourceRoot":"","sources":["../../src/embedded/just-bash-bootstrap.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AASpE,wBAAgB,qBAAqB,CACnC,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,MAAM,EAAE,GACb;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,EAAE,CAAA;CAAE,CAYrC;AAoGD;;;GAGG;AACH,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,cAAc,CAAC,CA+ErE"}
+{"version":3,"file":"just-bash-bootstrap.d.ts","sourceRoot":"","sources":["../../src/embedded/just-bash-bootstrap.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAEpE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,KAAK,EAAiB,aAAa,EAAE,MAAM,oBAAoB,CAAC;AASvE,wBAAgB,qBAAqB,CACnC,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,MAAM,EAAE,GACb;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,EAAE,CAAA;CAAE,CAYrC;AAoGD,MAAM,WAAW,sBAAsB;IACrC;;;;;;OAMG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,EAAE,CAAC,EAAE,aAAa,CAAC;IACnB,qGAAqG;IACrG,WAAW,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC;CAC/B;AAgBD;;;GAGG;AACH,wBAAsB,qBAAqB,CACzC,OAAO,GAAE,sBAA2B,GACnC,OAAO,CAAC,cAAc,CAAC,CAyGzB"}

package/dist/embedded/just-bash-bootstrap.js

@@ -52,6 +52,7 @@ const node_child_process_1 = require("node:child_process");
 const node_fs_1 = __importDefault(require("node:fs"));
 const node_path_1 = __importDefault(require("node:path"));
 const sensitive_env_1 = require("../shared/sensitive-env");
+const mcp_cli_commands_1 = require("./mcp-cli-commands");
 const EMBEDDED_BASH_LIMITS = {
     maxCommandCount: 50_000,
     maxLoopIterations: 50_000,
@@ -152,11 +153,22 @@ async function buildCustomCommands(binaries) {
     }
     return commands;
 }
+/**
+ * Convert an in-process MCP CLI handler into a just-bash `defineCommand` entry.
+ */
+async function adaptMcpCliCommand(cmd) {
+    const { defineCommand } = await Promise.resolve().then(() => __importStar(require("just-bash")));
+    return defineCommand(cmd.name, async (args, ctx) => {
+        const stdin = typeof ctx.stdin === "string" ? ctx.stdin : "";
+        const signal = ctx.signal;
+        return cmd.execute(args, { stdin, signal });
+    });
+}
 /**
  * Create a BashOperations adapter backed by a just-bash Bash instance.
  * Reads configuration from environment variables.
  */
-async function createEmbeddedBashOps() {
+async function createEmbeddedBashOps(options = {}) {
     const { Bash, ReadWriteFs } = await Promise.resolve().then(() => __importStar(require("just-bash")));
     const workspaceDir = process.env.WORKSPACE_DIR || "/workspace";
     const bashFs = new ReadWriteFs({ root: workspaceDir });
@@ -179,13 +191,30 @@ async function createEmbeddedBashOps() {
             allowedMethods: ["GET", "HEAD", "POST", "PUT", "PATCH", "DELETE"],
         }
         : undefined;
-    // Discover nix binaries and known CLI tools, register as custom commands
+    // Build MCP CLI commands first so that explicit MCP registrations win over
+    // any PATH-discovered binary with the same name (e.g. `owletto` is both an
+    // installed nix binary and an MCP server).
+    let mcpCliCommands = [];
+    if (options.mcpExposure === "cli" && options.mcpRuntimeRef && options.gw) {
+        mcpCliCommands = (0, mcp_cli_commands_1.buildMcpCliCommands)(options.mcpRuntimeRef, options.gw);
+    }
+    const mcpCliNames = new Set(mcpCliCommands.map((c) => c.name));
+    // Discover nix binaries and known CLI tools, register as custom commands.
+    // Strip names claimed by MCP CLIs so the MCP-backed handler takes precedence.
     const binaries = discoverBinaries();
-    const customCommands = binaries.size > 0 ? await buildCustomCommands(binaries) : [];
+    for (const name of mcpCliNames) {
+        binaries.delete(name);
+    }
+    const binaryCommands = binaries.size > 0 ? await buildCustomCommands(binaries) : [];
+    const mcpCommandEntries = await Promise.all(mcpCliCommands.map((c) => adaptMcpCliCommand(c)));
+    const customCommands = [...mcpCommandEntries, ...binaryCommands];
     if (binaries.size > 0) {
         const names = [...binaries.keys()].slice(0, 20).join(", ");
         const suffix = binaries.size > 20 ? `, ... (${binaries.size} total)` : "";
-        console.log(`[embedded] Registered ${binaries.size} custom commands: ${names}${suffix}`);
+        console.log(`[embedded] Registered ${binaries.size} binary commands: ${names}${suffix}`);
+    }
+    if (mcpCliCommands.length > 0) {
+        console.log(`[embedded] Registered ${mcpCliCommands.length} MCP CLI commands: ${mcpCliCommands.map((c) => c.name).join(", ")}`);
     }
     const bashInstance = new Bash({
         fs: bashFs,

package/dist/embedded/just-bash-bootstrap.js.map

@@ -1 +1 @@
-{"version":3,"file":"just-bash-bootstrap.js","sourceRoot":"","sources":["../../src/embedded/just-bash-bootstrap.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAcH,sDAeC;AAwGD,sDA+EC;AAlND,2DAA8C;AAC9C,sDAAyB;AACzB,0DAA6B;AAE7B,2DAAkE;AAElE,MAAM,oBAAoB,GAAG;IAC3B,eAAe,EAAE,MAAM;IACvB,iBAAiB,EAAE,MAAM;IACzB,YAAY,EAAE,EAAE;CACR,CAAC;AAEX,SAAgB,qBAAqB,CACnC,UAAkB,EAClB,IAAc;IAEd,IAAI,CAAC;QACH,MAAM,SAAS,GACb,iBAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9D,IAAI,SAAS,KAAK,qBAAqB,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACvE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,UAAU,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QAC1D,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,8CAA8C;IAChD,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;AACvC,CAAC;AAED;;;;GAIG;AACH,SAAS,gBAAgB;IACvB,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC3C,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAErD,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC;YAAE,SAAS;QAC3C,IAAI,CAAC;YACH,KAAK,MAAM,KAAK,IAAI,iBAAE,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxC,MAAM,QAAQ,GAAG,mBAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;gBACvC,IAAI,CAAC;oBACH,iBAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,iBAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;oBAC3C,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC;wBAAE,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;gBAC1D,CAAC;gBAAC,MAAM,CAAC;oBACP,iBAAiB;gBACnB,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,yBAAyB;QAC3B,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,KAAK,MAAM,IAAI,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAC/B,IAAI,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,SAAS;QACjC,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;YAC3B,MAAM,QAAQ,GAAG,mBAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YACtC,IAAI,CAAC;gBACH,iBAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,iBAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;gBAC3C,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;gBAC7B,MAAM;YACR,CAAC;YAAC,MAAM,CAAC;gBACP,YAAY;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,mBAAmB,CAChC,QAA6B;IAE7B,MAAM,EAAE,aAAa,EAAE,GAAG,wDAAa,WAAW,GAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,EAAE,CAAC;IAEpB,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,QAAQ,EAAE,CAAC;QAC1C,QAAQ,CAAC,IAAI,CACX,aAAa,CAAC,IAAI,EAAE,KAAK,EAAE,IAAc,EAAE,GAAG,EAAE,EAAE;YAChD,MAAM,UAAU,GAAG,qBAAqB,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;YAE3D,iEAAiE;YACjE,MAAM,SAAS,GAAG,IAAA,uCAAuB,EAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACvD,IAAI,GAAG,CAAC,GAAG,IAAI,OAAO,GAAG,CAAC,GAAG,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;gBACrD,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE;oBACvC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;gBACnB,CAAC,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,GAAG,CAAC,GAAG,IAAI,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;gBAClD,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YAED,OAAO,IAAI,OAAO,CAIf,CAAC,OAAO,EAAE,EAAE;gBACb,IAAA,6BAAQ,EACN,UAAU,CAAC,OAAO,EAClB,UAAU,CAAC,IAAI,EACf;oBACE,GAAG,EAAE,GAAG,CAAC,GAAG;oBACZ,GAAG,EAAE,SAAS;oBACd,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;iBAC5B,EACD,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;oBACxB,OAAO,CAAC;wBACN,MAAM,EAAE,MAAM,IAAI,EAAE;wBACpB,MAAM,EAAE,MAAM,IAAI,CAAC,KAAK,EAAE,OAAO,IAAI,EAAE,CAAC;wBACxC,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;qBACpD,CAAC,CAAC;gBACL,CAAC,CACF,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CACH,CAAC;IACJ,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,qBAAqB;IACzC,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,wDAAa,WAAW,GAAC,CAAC;IAExD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,YAAY,CAAC;IAC/D,MAAM,MAAM,GAAG,IAAI,WAAW,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;IAEvD,sDAAsD;IACtD,IAAI,cAAc,GAAa,EAAE,CAAC;IAClC,IAAI,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,CAAC;QAC1C,IAAI,CAAC;YACH,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACrE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,KAAK,CACX,yDAAyD,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,CACjG,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GACX,cAAc,CAAC,MAAM,GAAG,CAAC;QACvB,CAAC,CAAC;YACE,kBAAkB,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,MAAc,EAAE,EAAE,CAAC;gBAC7D,WAAW,MAAM,GAAG;gBACpB,UAAU,MAAM,GAAG;aACpB,CAAC;YACF,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAO7D;SACJ;QACH,CAAC,CAAC,SAAS,CAAC;IAEhB,yEAAyE;IACzE,MAAM,QAAQ,GAAG,gBAAgB,EAAE,CAAC;IACpC,MAAM,cAAc,GAClB,QAAQ,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,mBAAmB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAE/D,IAAI,QAAQ,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,KAAK,GAAG,CAAC,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,UAAU,QAAQ,CAAC,IAAI,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;QAC1E,OAAO,CAAC,GAAG,CACT,yBAAyB,QAAQ,CAAC,IAAI,qBAAqB,KAAK,GAAG,MAAM,EAAE,CAC5E,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,IAAI,CAAC;QAC5B,EAAE,EAAE,MAAM;QACV,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,IAAA,uCAAuB,EAAC,OAAO,CAAC,GAAG,CAAC;QACzC,eAAe,EAAE,oBAAoB;QACrC,GAAG,CAAC,OAAO,IAAI,EAAE,OAAO,EAAE,CAAC;QAC3B,GAAG,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,cAAc,EAAE,CAAC;KACrD,CAAC,CAAC;IAEH,OAAO;QACL,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE;YAClD,MAAM,SAAS,GACb,OAAO,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YAEpE,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,OAAO,EAAE;gBAC9C,GAAG;gBACH,MAAM;gBACN,GAAG,EAAE,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE;aACxD,CAAC,CAAC;YAEH,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAClB,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;YACrC,CAAC;YACD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAClB,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;YACrC,CAAC;YAED,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC;QACvC,CAAC;KACF,CAAC;AACJ,CAAC"}
+{"version":3,"file":"just-bash-bootstrap.js","sourceRoot":"","sources":["../../src/embedded/just-bash-bootstrap.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiBH,sDAeC;AAoID,sDA2GC;AA7QD,2DAA8C;AAC9C,sDAAyB;AACzB,0DAA6B;AAE7B,2DAAkE;AAGlE,yDAAyD;AAEzD,MAAM,oBAAoB,GAAG;IAC3B,eAAe,EAAE,MAAM;IACvB,iBAAiB,EAAE,MAAM;IACzB,YAAY,EAAE,EAAE;CACR,CAAC;AAEX,SAAgB,qBAAqB,CACnC,UAAkB,EAClB,IAAc;IAEd,IAAI,CAAC;QACH,MAAM,SAAS,GACb,iBAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9D,IAAI,SAAS,KAAK,qBAAqB,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACvE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,UAAU,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QAC1D,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,8CAA8C;IAChD,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;AACvC,CAAC;AAED;;;;GAIG;AACH,SAAS,gBAAgB;IACvB,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC3C,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAErD,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC;YAAE,SAAS;QAC3C,IAAI,CAAC;YACH,KAAK,MAAM,KAAK,IAAI,iBAAE,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxC,MAAM,QAAQ,GAAG,mBAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;gBACvC,IAAI,CAAC;oBACH,iBAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,iBAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;oBAC3C,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC;wBAAE,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;gBAC1D,CAAC;gBAAC,MAAM,CAAC;oBACP,iBAAiB;gBACnB,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,yBAAyB;QAC3B,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,KAAK,MAAM,IAAI,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAC/B,IAAI,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,SAAS;QACjC,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;YAC3B,MAAM,QAAQ,GAAG,mBAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YACtC,IAAI,CAAC;gBACH,iBAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,iBAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;gBAC3C,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;gBAC7B,MAAM;YACR,CAAC;YAAC,MAAM,CAAC;gBACP,YAAY;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,mBAAmB,CAChC,QAA6B;IAE7B,MAAM,EAAE,aAAa,EAAE,GAAG,wDAAa,WAAW,GAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,EAAE,CAAC;IAEpB,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,QAAQ,EAAE,CAAC;QAC1C,QAAQ,CAAC,IAAI,CACX,aAAa,CAAC,IAAI,EAAE,KAAK,EAAE,IAAc,EAAE,GAAG,EAAE,EAAE;YAChD,MAAM,UAAU,GAAG,qBAAqB,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;YAE3D,iEAAiE;YACjE,MAAM,SAAS,GAAG,IAAA,uCAAuB,EAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACvD,IAAI,GAAG,CAAC,GAAG,IAAI,OAAO,GAAG,CAAC,GAAG,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;gBACrD,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE;oBACvC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;gBACnB,CAAC,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,GAAG,CAAC,GAAG,IAAI,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;gBAClD,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YAED,OAAO,IAAI,OAAO,CAIf,CAAC,OAAO,EAAE,EAAE;gBACb,IAAA,6BAAQ,EACN,UAAU,CAAC,OAAO,EAClB,UAAU,CAAC,IAAI,EACf;oBACE,GAAG,EAAE,GAAG,CAAC,GAAG;oBACZ,GAAG,EAAE,SAAS;oBACd,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;iBAC5B,EACD,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;oBACxB,OAAO,CAAC;wBACN,MAAM,EAAE,MAAM,IAAI,EAAE;wBACpB,MAAM,EAAE,MAAM,IAAI,CAAC,KAAK,EAAE,OAAO,IAAI,EAAE,CAAC;wBACxC,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;qBACpD,CAAC,CAAC;gBACL,CAAC,CACF,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CACH,CAAC;IACJ,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAgBD;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAC/B,GAAkB;IAElB,MAAM,EAAE,aAAa,EAAE,GAAG,wDAAa,WAAW,GAAC,CAAC;IACpD,OAAO,aAAa,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,IAAc,EAAE,GAAG,EAAE,EAAE;QAC3D,MAAM,KAAK,GAAG,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7D,MAAM,MAAM,GAAG,GAAG,CAAC,MAAiC,CAAC;QACrD,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,qBAAqB,CACzC,UAAkC,EAAE;IAEpC,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,wDAAa,WAAW,GAAC,CAAC;IAExD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,YAAY,CAAC;IAC/D,MAAM,MAAM,GAAG,IAAI,WAAW,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;IAEvD,sDAAsD;IACtD,IAAI,cAAc,GAAa,EAAE,CAAC;IAClC,IAAI,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,CAAC;QAC1C,IAAI,CAAC;YACH,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACrE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,KAAK,CACX,yDAAyD,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,CACjG,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GACX,cAAc,CAAC,MAAM,GAAG,CAAC;QACvB,CAAC,CAAC;YACE,kBAAkB,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,MAAc,EAAE,EAAE,CAAC;gBAC7D,WAAW,MAAM,GAAG;gBACpB,UAAU,MAAM,GAAG;aACpB,CAAC;YACF,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAO7D;SACJ;QACH,CAAC,CAAC,SAAS,CAAC;IAEhB,2EAA2E;IAC3E,2EAA2E;IAC3E,2CAA2C;IAC3C,IAAI,cAAc,GAAoB,EAAE,CAAC;IACzC,IAAI,OAAO,CAAC,WAAW,KAAK,KAAK,IAAI,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,EAAE,EAAE,CAAC;QACzE,cAAc,GAAG,IAAA,sCAAmB,EAAC,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;IAC1E,CAAC;IACD,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAE/D,0EAA0E;IAC1E,8EAA8E;IAC9E,MAAM,QAAQ,GAAG,gBAAgB,EAAE,CAAC;IACpC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACxB,CAAC;IACD,MAAM,cAAc,GAClB,QAAQ,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,mBAAmB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAE/D,MAAM,iBAAiB,GAAG,MAAM,OAAO,CAAC,GAAG,CACzC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CACjD,CAAC;IAEF,MAAM,cAAc,GAAG,CAAC,GAAG,iBAAiB,EAAE,GAAG,cAAc,CAAC,CAAC;IAEjE,IAAI,QAAQ,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,KAAK,GAAG,CAAC,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,UAAU,QAAQ,CAAC,IAAI,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;QAC1E,OAAO,CAAC,GAAG,CACT,yBAAyB,QAAQ,CAAC,IAAI,qBAAqB,KAAK,GAAG,MAAM,EAAE,CAC5E,CAAC;IACJ,CAAC;IACD,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,GAAG,CACT,yBACE,cAAc,CAAC,MACjB,sBAAsB,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACrE,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,IAAI,CAAC;QAC5B,EAAE,EAAE,MAAM;QACV,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,IAAA,uCAAuB,EAAC,OAAO,CAAC,GAAG,CAAC;QACzC,eAAe,EAAE,oBAAoB;QACrC,GAAG,CAAC,OAAO,IAAI,EAAE,OAAO,EAAE,CAAC;QAC3B,GAAG,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,cAAc,EAAE,CAAC;KACrD,CAAC,CAAC;IAEH,OAAO;QACL,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE;YAClD,MAAM,SAAS,GACb,OAAO,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YAEpE,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,OAAO,EAAE;gBAC9C,GAAG;gBACH,MAAM;gBACN,GAAG,EAAE,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE;aACxD,CAAC,CAAC;YAEH,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAClB,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;YACrC,CAAC;YACD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAClB,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;YACrC,CAAC;YAED,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC;QACvC,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/embedded/mcp-cli-commands.d.ts

@@ -0,0 +1,75 @@
+/**
+ * Worker-side MCP-as-CLI bootstrap for embedded deployment mode.
+ *
+ * Registers one `just-bash` custom command per MCP server (e.g. `owletto`,
+ * `gmail`). The agent invokes MCP tools via the sandboxed bash:
+ *
+ *   owletto search_knowledge <<<'{"query":"foo"}'
+ *   owletto --help
+ *   owletto save_knowledge --schema
+ *   owletto auth login
+ *
+ * Payload is read from `ctx.stdin` as JSON. If stdin is empty, falls back to
+ * `args[1]` as a JSON string (defense-in-depth for models that write the JSON
+ * inline).
+ */
+import type { McpStatus, McpToolDef } from "@lobu/core";
+import type { GatewayParams } from "../shared/tool-implementations";
+import { callMcpTool } from "../shared/tool-implementations";
+/**
+ * Mutable snapshot of MCP session state. CLI handlers read through `current`
+ * so that `auth login|check|logout` can refresh tools/state via `refresh()`
+ * without rebuilding the Bash instance. New servers discovered after startup
+ * are not retro-registered — they require a worker restart.
+ */
+export interface McpRuntimeState {
+    mcpTools: Record<string, McpToolDef[]>;
+    mcpStatus: McpStatus[];
+    mcpContext: Record<string, string>;
+}
+export interface McpRuntimeRef {
+    current: McpRuntimeState;
+    /** Re-fetch session context and return a fresh snapshot, or `null` on failure. */
+    refresh?: () => Promise<McpRuntimeState | null>;
+}
+export interface McpCliCommand {
+    name: string;
+    execute: (args: string[], ctx: {
+        stdin?: string;
+        signal?: AbortSignal;
+    }) => Promise<{
+        stdout: string;
+        stderr: string;
+        exitCode: number;
+    }>;
+}
+export interface McpCliDeps {
+    callTool: typeof callMcpTool;
+}
+/** Check whether an MCP id would collide with a bash builtin or deny-prefix. */
+export declare function isMcpIdReserved(mcpId: string): string | null;
+export declare function renderHelp(mcpId: string, state: McpRuntimeState): {
+    stdout: string;
+    exitCode: number;
+};
+export declare function parsePayload(stdin: string | undefined, inlineArg: string | undefined): {
+    ok: true;
+    payload: Record<string, unknown>;
+} | {
+    ok: false;
+    error: string;
+};
+/**
+ * Build the execute handler for a single MCP server CLI.
+ * Exposed for unit testing.
+ */
+export declare function buildMcpServerHandler(mcpId: string, ref: McpRuntimeRef, gw: GatewayParams, deps?: McpCliDeps): McpCliCommand["execute"];
+export declare function summariseAuthStart(rawText: string, mcpId: string): string;
+export declare function summariseAuthCheck(parsed: Record<string, unknown> | null, mcpId: string, fallback: string): string;
+/**
+ * Build one command per MCP server in `ref.current.mcpStatus`, including
+ * servers that currently have no discovered tools (so `<server> auth login`
+ * still works for unauthenticated servers).
+ */
+export declare function buildMcpCliCommands(ref: McpRuntimeRef, gw: GatewayParams, deps?: Partial<McpCliDeps>): McpCliCommand[];
+//# sourceMappingURL=mcp-cli-commands.d.ts.map

package/dist/embedded/mcp-cli-commands.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-cli-commands.d.ts","sourceRoot":"","sources":["../../src/embedded/mcp-cli-commands.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAExD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAuB7D;;;;;GAKG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC;IACvC,SAAS,EAAE,SAAS,EAAE,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,eAAe,CAAC;IACzB,kFAAkF;IAClF,OAAO,CAAC,EAAE,MAAM,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAC;CACjD;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,CACP,IAAI,EAAE,MAAM,EAAE,EACd,GAAG,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,WAAW,CAAA;KAAE,KAC1C,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACpE;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,OAAO,WAAW,CAAC;CAC9B;AAMD,gFAAgF;AAChF,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAkB5D;AAQD,wBAAgB,UAAU,CACxB,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,eAAe,GACrB;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAoCtC;AAUD,wBAAgB,YAAY,CAC1B,KAAK,EAAE,MAAM,GAAG,SAAS,EACzB,SAAS,EAAE,MAAM,GAAG,SAAS,GAE3B;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAAE,GAC9C;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAiB/B;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CACnC,KAAK,EAAE,MAAM,EACb,GAAG,EAAE,aAAa,EAClB,EAAE,EAAE,aAAa,EACjB,IAAI,GAAE,UAAyB,GAC9B,aAAa,CAAC,SAAS,CAAC,CA8D1B;AA8ED,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAmBzE;AAED,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,EACtC,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,GACf,MAAM,CAOR;AAaD;;;;GAIG;AACH,wBAAgB,mBAAmB,CACjC,GAAG,EAAE,aAAa,EAClB,EAAE,EAAE,aAAa,EACjB,IAAI,GAAE,OAAO,CAAC,UAAU,CAAM,GAC7B,aAAa,EAAE,CAuBjB"}

package/dist/embedded/mcp-cli-commands.js

@@ -0,0 +1,336 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isMcpIdReserved = isMcpIdReserved;
+exports.renderHelp = renderHelp;
+exports.parsePayload = parsePayload;
+exports.buildMcpServerHandler = buildMcpServerHandler;
+exports.summariseAuthStart = summariseAuthStart;
+exports.summariseAuthCheck = summariseAuthCheck;
+exports.buildMcpCliCommands = buildMcpCliCommands;
+const core_1 = require("@lobu/core");
+const tool_implementations_1 = require("../shared/tool-implementations");
+const tool_policy_1 = require("../openclaw/tool-policy");
+const logger = (0, core_1.createLogger)("mcp-cli");
+/** Names reserved by just-bash / POSIX shells that we must not shadow. */
+const RESERVED_COMMAND_NAMES = new Set([
+    "cd",
+    "echo",
+    "export",
+    "test",
+    "true",
+    "false",
+    "pwd",
+    "set",
+    "unset",
+    "exit",
+    "source",
+    ".",
+    ":",
+    "[",
+]);
+const DEFAULT_DEPS = {
+    callTool: tool_implementations_1.callMcpTool,
+};
+/** Check whether an MCP id would collide with a bash builtin or deny-prefix. */
+function isMcpIdReserved(mcpId) {
+    if (RESERVED_COMMAND_NAMES.has(mcpId)) {
+        return `reserved bash builtin`;
+    }
+    // Probe against the package-install denylist using invocations that match
+    // its actual patterns (install/add/require/upgrade/etc.).
+    const probes = [
+        `${mcpId} install`,
+        `${mcpId} i`,
+        `${mcpId} add`,
+        `${mcpId} upgrade`,
+        `${mcpId} require`,
+        mcpId,
+    ];
+    if (probes.some((p) => (0, tool_policy_1.isDirectPackageInstallCommand)(p))) {
+        return `matches package-install denylist`;
+    }
+    return null;
+}
+function truncate(text, max) {
+    if (!text)
+        return "";
+    const clean = text.replace(/\s+/g, " ").trim();
+    return clean.length > max ? `${clean.slice(0, max - 1)}…` : clean;
+}
+function renderHelp(mcpId, state) {
+    const tools = state.mcpTools[mcpId] ?? [];
+    const status = state.mcpStatus.find((s) => s.id === mcpId);
+    const contextPrefix = state.mcpContext[mcpId];
+    const lines = [];
+    lines.push(`${mcpId} — MCP server CLI`);
+    if (contextPrefix) {
+        lines.push(contextPrefix);
+    }
+    lines.push("");
+    lines.push("Usage:");
+    lines.push(`  ${mcpId} <tool> <<'EOF'`);
+    lines.push(`  { ...json args... }`);
+    lines.push(`  EOF`);
+    lines.push("");
+    lines.push(`  ${mcpId} <tool> --schema     # print the JSON schema`);
+    lines.push(`  ${mcpId} --help              # this message`);
+    if (status?.requiresAuth) {
+        lines.push(`  ${mcpId} auth login|check|logout`);
+    }
+    lines.push("");
+    if (tools.length === 0) {
+        lines.push("(no tools discovered — the server may need authentication or configuration)");
+    }
+    else {
+        lines.push("Tools:");
+        for (const tool of tools) {
+            const desc = truncate(tool.description ?? "", 80);
+            lines.push(`  ${tool.name}${desc ? `  ${desc}` : ""}`);
+        }
+    }
+    return { stdout: `${lines.join("\n")}\n`, exitCode: 0 };
+}
+function findTool(mcpId, toolName, state) {
+    return state.mcpTools[mcpId]?.find((t) => t.name === toolName);
+}
+function parsePayload(stdin, inlineArg) {
+    const raw = (stdin && stdin.trim()) || (inlineArg && inlineArg.trim()) || "";
+    if (!raw) {
+        return { ok: true, payload: {} };
+    }
+    try {
+        const parsed = JSON.parse(raw);
+        if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+            return { ok: false, error: "expected a JSON object payload" };
+        }
+        return { ok: true, payload: parsed };
+    }
+    catch (err) {
+        return {
+            ok: false,
+            error: `invalid JSON payload: ${err instanceof Error ? err.message : String(err)}`,
+        };
+    }
+}
+/**
+ * Build the execute handler for a single MCP server CLI.
+ * Exposed for unit testing.
+ */
+function buildMcpServerHandler(mcpId, ref, gw, deps = DEFAULT_DEPS) {
+    return async (args, ctx) => {
+        const subcommand = args[0];
+        const state = ref.current;
+        if (!subcommand || subcommand === "--help" || subcommand === "-h") {
+            const { stdout, exitCode } = renderHelp(mcpId, state);
+            return { stdout, stderr: "", exitCode };
+        }
+        if (subcommand === "auth") {
+            return runAuthSubcommand(mcpId, args.slice(1), gw, ref);
+        }
+        // <tool> --schema
+        if (args[1] === "--schema") {
+            const tool = findTool(mcpId, subcommand, state);
+            if (!tool) {
+                return {
+                    stdout: "",
+                    stderr: `unknown tool: ${subcommand}. Run \`${mcpId} --help\`.\n`,
+                    exitCode: 2,
+                };
+            }
+            const schema = tool.inputSchema ?? {};
+            return {
+                stdout: `${JSON.stringify(schema, null, 2)}\n`,
+                stderr: "",
+                exitCode: 0,
+            };
+        }
+        // <tool> [json]
+        const tool = findTool(mcpId, subcommand, state);
+        if (!tool) {
+            return {
+                stdout: "",
+                stderr: `unknown tool: ${subcommand}. Run \`${mcpId} --help\`.\n`,
+                exitCode: 2,
+            };
+        }
+        const parsed = parsePayload(ctx.stdin, args[1]);
+        if (!parsed.ok) {
+            return { stdout: "", stderr: `${parsed.error}\n`, exitCode: 2 };
+        }
+        try {
+            const result = await deps.callTool(gw, mcpId, subcommand, parsed.payload);
+            const text = result.content
+                .filter((c) => c.type === "text")
+                .map((c) => c.text)
+                .join("\n");
+            return { stdout: text ? `${text}\n` : "", stderr: "", exitCode: 0 };
+        }
+        catch (err) {
+            return {
+                stdout: "",
+                stderr: `${err instanceof Error ? err.message : String(err)}\n`,
+                exitCode: 1,
+            };
+        }
+    };
+}
+async function refreshRef(ref, mcpId, verb) {
+    if (!ref.refresh)
+        return;
+    try {
+        const fresh = await ref.refresh();
+        if (fresh)
+            ref.current = fresh;
+    }
+    catch (err) {
+        logger.warn(`Failed to refresh MCP state after ${mcpId} auth ${verb}: ${err instanceof Error ? err.message : String(err)}`);
+    }
+}
+async function runAuthSubcommand(mcpId, args, gw, ref) {
+    const verb = args[0];
+    // Lazy import to avoid a heavy dependency cycle in tests.
+    const impl = await Promise.resolve().then(() => __importStar(require("../shared/tool-implementations")));
+    if (verb === "login") {
+        const res = await impl.startMcpLogin(gw, { mcpId });
+        const text = extractText(res.content);
+        return {
+            stdout: `${summariseAuthStart(text, mcpId)}\n`,
+            stderr: "",
+            exitCode: 0,
+        };
+    }
+    if (verb === "check") {
+        const res = await impl.checkMcpLogin(gw, { mcpId });
+        const text = extractText(res.content);
+        const parsed = tryJson(text);
+        if (parsed?.authenticated === true) {
+            await refreshRef(ref, mcpId, "check");
+        }
+        return {
+            stdout: `${summariseAuthCheck(parsed, mcpId, text)}\n`,
+            stderr: "",
+            exitCode: 0,
+        };
+    }
+    if (verb === "logout") {
+        const res = await impl.logoutMcp(gw, { mcpId });
+        const text = extractText(res.content);
+        // Tools that required auth are now unreachable — refresh so the next
+        // invocation sees the empty state.
+        await refreshRef(ref, mcpId, "logout");
+        return { stdout: `${text}\n`, stderr: "", exitCode: 0 };
+    }
+    return {
+        stdout: "",
+        stderr: `unknown auth subcommand: ${verb ?? "(none)"}. Use login|check|logout.\n`,
+        exitCode: 2,
+    };
+}
+function extractText(content) {
+    return content
+        .filter((c) => c.type === "text" && typeof c.text === "string")
+        .map((c) => c.text)
+        .join("\n");
+}
+function summariseAuthStart(rawText, mcpId) {
+    const parsed = tryJson(rawText);
+    if (!parsed)
+        return rawText;
+    if (parsed.status === "already_authenticated") {
+        return JSON.stringify({ status: "already_authenticated", mcp_id: mcpId });
+    }
+    if (parsed.status === "login_started") {
+        const interactionPosted = Boolean(parsed.interaction_posted);
+        // If the link-button side-channel didn't fire, fall back to the raw payload
+        // so the verification URL + user_code remain reachable by the model.
+        if (!interactionPosted)
+            return rawText;
+        return JSON.stringify({
+            status: "login_started",
+            mcp_id: mcpId,
+            interaction_posted: true,
+            message: `Login link sent directly to the user. Run \`${mcpId} auth check\` after they confirm.`,
+        });
+    }
+    return rawText;
+}
+function summariseAuthCheck(parsed, mcpId, fallback) {
+    if (!parsed)
+        return fallback;
+    return JSON.stringify({
+        status: parsed.status ?? "unknown",
+        mcp_id: mcpId,
+        authenticated: parsed.authenticated ?? false,
+    });
+}
+function tryJson(text) {
+    try {
+        const v = JSON.parse(text);
+        return v && typeof v === "object" && !Array.isArray(v)
+            ? v
+            : null;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Build one command per MCP server in `ref.current.mcpStatus`, including
+ * servers that currently have no discovered tools (so `<server> auth login`
+ * still works for unauthenticated servers).
+ */
+function buildMcpCliCommands(ref, gw, deps = {}) {
+    const resolvedDeps = { ...DEFAULT_DEPS, ...deps };
+    const state = ref.current;
+    const serverIds = new Set([
+        ...Object.keys(state.mcpTools ?? {}),
+        ...(state.mcpStatus ?? []).map((s) => s.id),
+    ]);
+    const commands = [];
+    for (const mcpId of serverIds) {
+        const reserved = isMcpIdReserved(mcpId);
+        if (reserved) {
+            logger.warn(`Skipping MCP CLI registration for "${mcpId}" — ${reserved}. Rename the MCP server to enable CLI mode.`);
+            continue;
+        }
+        commands.push({
+            name: mcpId,
+            execute: buildMcpServerHandler(mcpId, ref, gw, resolvedDeps),
+        });
+    }
+    return commands;
+}
+//# sourceMappingURL=mcp-cli-commands.js.map

package/dist/embedded/mcp-cli-commands.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-cli-commands.js","sourceRoot":"","sources":["../../src/embedded/mcp-cli-commands.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4EA,0CAkBC;AAQD,gCAuCC;AAUD,oCAsBC;AAMD,sDAmEC;AA8ED,gDAmBC;AAED,gDAWC;AAkBD,kDA2BC;AAjYD,qCAA0C;AAE1C,yEAA6D;AAC7D,yDAAwE;AAExE,MAAM,MAAM,GAAG,IAAA,mBAAY,EAAC,SAAS,CAAC,CAAC;AAEvC,0EAA0E;AAC1E,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC;IACrC,IAAI;IACJ,MAAM;IACN,QAAQ;IACR,MAAM;IACN,MAAM;IACN,OAAO;IACP,KAAK;IACL,KAAK;IACL,OAAO;IACP,MAAM;IACN,QAAQ;IACR,GAAG;IACH,GAAG;IACH,GAAG;CACJ,CAAC,CAAC;AAgCH,MAAM,YAAY,GAAe;IAC/B,QAAQ,EAAE,kCAAW;CACtB,CAAC;AAEF,gFAAgF;AAChF,SAAgB,eAAe,CAAC,KAAa;IAC3C,IAAI,sBAAsB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QACtC,OAAO,uBAAuB,CAAC;IACjC,CAAC;IACD,0EAA0E;IAC1E,0DAA0D;IAC1D,MAAM,MAAM,GAAG;QACb,GAAG,KAAK,UAAU;QAClB,GAAG,KAAK,IAAI;QACZ,GAAG,KAAK,MAAM;QACd,GAAG,KAAK,UAAU;QAClB,GAAG,KAAK,UAAU;QAClB,KAAK;KACN,CAAC;IACF,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,2CAA6B,EAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACzD,OAAO,kCAAkC,CAAC;IAC5C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,QAAQ,CAAC,IAAY,EAAE,GAAW;IACzC,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,CAAC;IACrB,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAC/C,OAAO,KAAK,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC;AACpE,CAAC;AAED,SAAgB,UAAU,CACxB,KAAa,EACb,KAAsB;IAEtB,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;IAC1C,MAAM,MAAM,GAAG,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,KAAK,CAAC,CAAC;IAC3D,MAAM,aAAa,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IAC9C,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,CAAC,IAAI,CAAC,GAAG,KAAK,mBAAmB,CAAC,CAAC;IACxC,IAAI,aAAa,EAAE,CAAC;QAClB,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAC5B,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACrB,KAAK,CAAC,IAAI,CAAC,KAAK,KAAK,iBAAiB,CAAC,CAAC;IACxC,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IACpC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,KAAK,KAAK,8CAA8C,CAAC,CAAC;IACrE,KAAK,CAAC,IAAI,CAAC,KAAK,KAAK,qCAAqC,CAAC,CAAC;IAC5D,IAAI,MAAM,EAAE,YAAY,EAAE,CAAC;QACzB,KAAK,CAAC,IAAI,CAAC,KAAK,KAAK,0BAA0B,CAAC,CAAC;IACnD,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CACR,6EAA6E,CAC9E,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;YAClD,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;AAC1D,CAAC;AAED,SAAS,QAAQ,CACf,KAAa,EACb,QAAgB,EAChB,KAAsB;IAEtB,OAAO,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;AACjE,CAAC;AAED,SAAgB,YAAY,CAC1B,KAAyB,EACzB,SAA6B;IAI7B,MAAM,GAAG,GAAG,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC;IAC7E,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IACnC,CAAC;IACD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACnE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,gCAAgC,EAAE,CAAC;QAChE,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,MAAiC,EAAE,CAAC;IAClE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,yBAAyB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;SACnF,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,qBAAqB,CACnC,KAAa,EACb,GAAkB,EAClB,EAAiB,EACjB,OAAmB,YAAY;IAE/B,OAAO,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE;QACzB,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QAC3B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC;QAE1B,IAAI,CAAC,UAAU,IAAI,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;YAClE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;YACtD,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC;QAC1C,CAAC;QAED,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;YAC1B,OAAO,iBAAiB,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;QAC1D,CAAC;QAED,kBAAkB;QAClB,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,UAAU,EAAE,CAAC;YAC3B,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO;oBACL,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,iBAAiB,UAAU,WAAW,KAAK,cAAc;oBACjE,QAAQ,EAAE,CAAC;iBACZ,CAAC;YACJ,CAAC;YACD,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC;YACtC,OAAO;gBACL,MAAM,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI;gBAC9C,MAAM,EAAE,EAAE;gBACV,QAAQ,EAAE,CAAC;aACZ,CAAC;QACJ,CAAC;QAED,gBAAgB;QAChB,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC;QAChD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO;gBACL,MAAM,EAAE,EAAE;gBACV,MAAM,EAAE,iBAAiB,UAAU,WAAW,KAAK,cAAc;gBACjE,QAAQ,EAAE,CAAC;aACZ,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAChD,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;QAClE,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAC1E,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO;iBACxB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC;iBAChC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;iBAClB,IAAI,CAAC,IAAI,CAAC,CAAC;YACd,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;QACtE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,MAAM,EAAE,EAAE;gBACV,MAAM,EAAE,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI;gBAC/D,QAAQ,EAAE,CAAC;aACZ,CAAC;QACJ,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,GAAkB,EAClB,KAAa,EACb,IAAY;IAEZ,IAAI,CAAC,GAAG,CAAC,OAAO;QAAE,OAAO;IACzB,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,OAAO,EAAE,CAAC;QAClC,IAAI,KAAK;YAAE,GAAG,CAAC,OAAO,GAAG,KAAK,CAAC;IACjC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CACT,qCAAqC,KAAK,SAAS,IAAI,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAC/G,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,KAAa,EACb,IAAc,EACd,EAAiB,EACjB,GAAkB;IAElB,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACrB,0DAA0D;IAC1D,MAAM,IAAI,GAAG,wDAAa,gCAAgC,GAAC,CAAC;IAE5D,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QACpD,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACtC,OAAO;YACL,MAAM,EAAE,GAAG,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI;YAC9C,MAAM,EAAE,EAAE;YACV,QAAQ,EAAE,CAAC;SACZ,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QACpD,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAC7B,IAAI,MAAM,EAAE,aAAa,KAAK,IAAI,EAAE,CAAC;YACnC,MAAM,UAAU,CAAC,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QACxC,CAAC;QACD,OAAO;YACL,MAAM,EAAE,GAAG,kBAAkB,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,IAAI;YACtD,MAAM,EAAE,EAAE;YACV,QAAQ,EAAE,CAAC;SACZ,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAChD,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACtC,qEAAqE;QACrE,mCAAmC;QACnC,MAAM,UAAU,CAAC,GAAG,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;QACvC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IAC1D,CAAC;IAED,OAAO;QACL,MAAM,EAAE,EAAE;QACV,MAAM,EAAE,4BAA4B,IAAI,IAAI,QAAQ,6BAA6B;QACjF,QAAQ,EAAE,CAAC;KACZ,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,OAA+C;IAClE,OAAO,OAAO;SACX,MAAM,CACL,CAAC,CAAC,EAAuC,EAAE,CACzC,CAAC,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,CAClD;SACA,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SAClB,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,SAAgB,kBAAkB,CAAC,OAAe,EAAE,KAAa;IAC/D,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAChC,IAAI,CAAC,MAAM;QAAE,OAAO,OAAO,CAAC;IAC5B,IAAI,MAAM,CAAC,MAAM,KAAK,uBAAuB,EAAE,CAAC;QAC9C,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,uBAAuB,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,KAAK,eAAe,EAAE,CAAC;QACtC,MAAM,iBAAiB,GAAG,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;QAC7D,4EAA4E;QAC5E,qEAAqE;QACrE,IAAI,CAAC,iBAAiB;YAAE,OAAO,OAAO,CAAC;QACvC,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,MAAM,EAAE,eAAe;YACvB,MAAM,EAAE,KAAK;YACb,kBAAkB,EAAE,IAAI;YACxB,OAAO,EAAE,+CAA+C,KAAK,mCAAmC;SACjG,CAAC,CAAC;IACL,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAgB,kBAAkB,CAChC,MAAsC,EACtC,KAAa,EACb,QAAgB;IAEhB,IAAI,CAAC,MAAM;QAAE,OAAO,QAAQ,CAAC;IAC7B,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,SAAS;QAClC,MAAM,EAAE,KAAK;QACb,aAAa,EAAE,MAAM,CAAC,aAAa,IAAI,KAAK;KAC7C,CAAC,CAAC;AACL,CAAC;AAED,SAAS,OAAO,CAAC,IAAY;IAC3B,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,OAAO,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;YACpD,CAAC,CAAE,CAA6B;YAChC,CAAC,CAAC,IAAI,CAAC;IACX,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAgB,mBAAmB,CACjC,GAAkB,EAClB,EAAiB,EACjB,OAA4B,EAAE;IAE9B,MAAM,YAAY,GAAe,EAAE,GAAG,YAAY,EAAE,GAAG,IAAI,EAAE,CAAC;IAC9D,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC;IAC1B,MAAM,SAAS,GAAG,IAAI,GAAG,CAAS;QAChC,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,IAAI,EAAE,CAAC;QACpC,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC5C,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;QACxC,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CACT,sCAAsC,KAAK,OAAO,QAAQ,6CAA6C,CACxG,CAAC;YACF,SAAS;QACX,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,KAAK;YACX,OAAO,EAAE,qBAAqB,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,EAAE,YAAY,CAAC;SAC7D,CAAC,CAAC;IACL,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/openclaw/sandbox-leak.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Detects and redacts "sandbox leaks" — cases where the agent presents a
+ * local workspace path (or a Claude `sandbox://` URL) as if it were a
+ * user-downloadable artifact, without having actually called
+ * `UploadUserFile`.
+ *
+ * Key design decision: we only flag **structural** delivery claims, not
+ * free-text mentions. An agent that *describes* workspace paths in a probe
+ * or ls-style answer is legitimate; an agent that hands the path to the
+ * user as a clickable link or file URL is not. This eliminates the false
+ * positives that the previous broad substring check produced.
+ */
+export interface LeakCheckResult {
+    /** True if the final message makes an unfulfilled file-delivery claim. */
+    leaked: boolean;
+    /** `finalText` with offending link/URL targets neutralised. Equal to
+     * `finalText` when `leaked` is false. */
+    redactedText: string;
+}
+/**
+ * Inspect the agent's final user-facing message for unfulfilled file-delivery
+ * claims. If `sawUploadedFileEvent` is true (the agent actually called
+ * UploadUserFile during this turn), no check is performed — the agent did
+ * deliver something, and any remaining path references are assumed
+ * descriptive.
+ */
+export declare function checkSandboxLeak(finalText: string, sawUploadedFileEvent: boolean): LeakCheckResult;
+//# sourceMappingURL=sandbox-leak.d.ts.map

package/dist/openclaw/sandbox-leak.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox-leak.d.ts","sourceRoot":"","sources":["../../src/openclaw/sandbox-leak.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAyBH,MAAM,WAAW,eAAe;IAC9B,0EAA0E;IAC1E,MAAM,EAAE,OAAO,CAAC;IAChB;6CACyC;IACzC,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAC9B,SAAS,EAAE,MAAM,EACjB,oBAAoB,EAAE,OAAO,GAC5B,eAAe,CAiCjB"}