@loomfsm/mcp-server 0.1.0

package/dist/src/tools/extensions-list.js

@@ -0,0 +1,49 @@
+// pipeline_extensions_list — read-only inspection of the
+// installed_extensions registry. Filters narrow the result set via
+// SQL WHERE clauses; `include_manifest` toggles whether the canonical
+// manifest_json column is parsed back into a typed manifest object.
+import { openDb } from "@loomfsm/kernel";
+export function createExtensionsListTool() {
+    return async (input) => {
+        const db = openDb(input.project_dir);
+        const wheres = [];
+        const params = [];
+        if (input.kind !== undefined) {
+            wheres.push("kind = ?");
+            params.push(input.kind);
+        }
+        if (input.status !== undefined) {
+            wheres.push("status = ?");
+            params.push(input.status);
+        }
+        const whereClause = wheres.length > 0 ? ` WHERE ${wheres.join(" AND ")}` : "";
+        const rows = db
+            .prepare("SELECT id, kind, name, publisher, version, status, installed_at, updated_at, failure_reason, manifest_json " +
+            "FROM installed_extensions" +
+            whereClause +
+            " ORDER BY id")
+            .all(...params);
+        const include = input.include_manifest === true;
+        const extensions = rows.map((r) => {
+            const entry = {
+                id: r.id,
+                kind: r.kind,
+                name: r.name,
+                publisher: r.publisher,
+                version: r.version,
+                status: r.status,
+                installed_at: r.installed_at,
+                updated_at: r.updated_at,
+            };
+            if (r.failure_reason !== null) {
+                entry.failure_reason = r.failure_reason;
+            }
+            if (include) {
+                entry.manifest = JSON.parse(r.manifest_json);
+            }
+            return entry;
+        });
+        return { extensions };
+    };
+}
+//# sourceMappingURL=extensions-list.js.map

package/dist/src/tools/extensions-list.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"extensions-list.js","sourceRoot":"","sources":["../../../src/tools/extensions-list.ts"],"names":[],"mappings":"AAAA,yDAAyD;AACzD,mEAAmE;AACnE,sEAAsE;AACtE,oEAAoE;AAEpE,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAuBzC,MAAM,UAAU,wBAAwB;IAItC,OAAO,KAAK,EAAE,KAAK,EAAE,EAAE;QACrB,MAAM,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAErC,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAwB,EAAE,CAAC;QACvC,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QACD,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC1B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC5B,CAAC;QACD,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAE9E,MAAM,IAAI,GAAG,EAAE;aACZ,OAAO,CACN,6GAA6G;YAC3G,2BAA2B;YAC3B,WAAW;YACX,cAAc,CACjB;aACA,GAAG,CAAC,GAAG,MAAM,CAA8B,CAAC;QAE/C,MAAM,OAAO,GAAG,KAAK,CAAC,gBAAgB,KAAK,IAAI,CAAC;QAEhD,MAAM,UAAU,GAA0B,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACvD,MAAM,KAAK,GAAwB;gBACjC,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,IAAI,EAAE,CAAC,CAAC,IAAqB;gBAC7B,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,OAAO,EAAE,CAAC,CAAC,OAAO;gBAClB,MAAM,EAAE,CAAC,CAAC,MAAuC;gBACjD,YAAY,EAAE,CAAC,CAAC,YAAY;gBAC5B,UAAU,EAAE,CAAC,CAAC,UAAU;aACzB,CAAC;YACF,IAAI,CAAC,CAAC,cAAc,KAAK,IAAI,EAAE,CAAC;gBAC9B,KAAK,CAAC,cAAc,GAAG,CAAC,CAAC,cAAc,CAAC;YAC1C,CAAC;YACD,IAAI,OAAO,EAAE,CAAC;gBACZ,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,aAAa,CAAsB,CAAC;YACpE,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC,CAAC;QAEH,OAAO,EAAE,UAAU,EAAE,CAAC;IACxB,CAAC,CAAC;AACJ,CAAC"}

package/dist/src/tools/issue-marker.d.ts

@@ -0,0 +1,5 @@
+import type { IssueCrossOwnerMarkerInput, IssueCrossOwnerMarkerResponse, ToolHandler } from "../types.js";
+export interface IssueMarkerDeps {
+    allowlistPath?: string;
+}
+export declare function createIssueCrossOwnerMarkerTool(deps?: IssueMarkerDeps): ToolHandler<IssueCrossOwnerMarkerInput, IssueCrossOwnerMarkerResponse>;

package/dist/src/tools/issue-marker.js

@@ -0,0 +1,57 @@
+// pipeline_issue_cross_owner_marker — mint a single-use, TTL-bounded
+// cross-owner bypass marker.
+//
+// Composition: project-dir allowlist → mint inside one
+// withStateTransaction (the bypass_markers row is written under the
+// threaded NowToken; the TTL is tx.now + ttl_ms with no host-clock read)
+// → return the full marker the caller passes verbatim to pipeline_recover.
+//
+// Possessing the signing key (env var or user-global key file, both
+// OUTSIDE any project dir) IS the authorization to mint — there is no
+// owner check here. Absent a key the mint refuses with BYPASS_KEY_MISSING.
+//
+// Refusals (allowlist, missing key, bad TTL) are error-shaped responses;
+// only programmer errors throw.
+import { assertProjectDirAllowed, captureNow, issueCrossOwnerMarker, KernelError, withStateTransaction, } from "@loomfsm/kernel";
+export function createIssueCrossOwnerMarkerTool(deps = {}) {
+    return async (input) => {
+        // 1. Project-dir allowlist.
+        try {
+            await assertProjectDirAllowed(input.project_dir, deps.allowlistPath !== undefined ? { allowlistPath: deps.allowlistPath } : undefined);
+        }
+        catch (err) {
+            return refusal(err);
+        }
+        // 2. Mint + persist the marker inside one tx.
+        try {
+            const marker = await withStateTransaction(input.project_dir, captureNow(), (tx) => issueCrossOwnerMarker(tx, {
+                driver_state_id: input.driver_state_id,
+                ttl_ms: input.ttl_ms,
+            }));
+            return {
+                key_id: marker.key_id,
+                hmac: marker.hmac,
+                issued_at: marker.issued_at,
+                expires_at: marker.expires_at,
+                reason: marker.reason,
+            };
+        }
+        catch (err) {
+            return refusal(err);
+        }
+    };
+}
+function refusal(err) {
+    if (err instanceof KernelError) {
+        return {
+            key_id: null,
+            hmac: null,
+            issued_at: null,
+            expires_at: null,
+            reason: null,
+            error: { code: err.code, message: err.message },
+        };
+    }
+    throw err;
+}
+//# sourceMappingURL=issue-marker.js.map

package/dist/src/tools/issue-marker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"issue-marker.js","sourceRoot":"","sources":["../../../src/tools/issue-marker.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,6BAA6B;AAC7B,EAAE;AACF,uDAAuD;AACvD,oEAAoE;AACpE,yEAAyE;AACzE,2EAA2E;AAC3E,EAAE;AACF,oEAAoE;AACpE,sEAAsE;AACtE,2EAA2E;AAC3E,EAAE;AACF,yEAAyE;AACzE,gCAAgC;AAEhC,OAAO,EACL,uBAAuB,EACvB,UAAU,EACV,qBAAqB,EACrB,WAAW,EACX,oBAAoB,GACrB,MAAM,iBAAiB,CAAC;AAYzB,MAAM,UAAU,+BAA+B,CAC7C,OAAwB,EAAE;IAE1B,OAAO,KAAK,EAAE,KAAK,EAAE,EAAE;QACrB,4BAA4B;QAC5B,IAAI,CAAC;YACH,MAAM,uBAAuB,CAC3B,KAAK,CAAC,WAAW,EACjB,IAAI,CAAC,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,SAAS,CACrF,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC;QACtB,CAAC;QAED,8CAA8C;QAC9C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,oBAAoB,CACvC,KAAK,CAAC,WAAW,EACjB,UAAU,EAAE,EACZ,CAAC,EAAE,EAAE,EAAE,CACL,qBAAqB,CAAC,EAAE,EAAE;gBACxB,eAAe,EAAE,KAAK,CAAC,eAAe;gBACtC,MAAM,EAAE,KAAK,CAAC,MAAM;aACrB,CAAC,CACL,CAAC;YACF,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,MAAM,EAAE,MAAM,CAAC,MAAM;aACtB,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC;QACtB,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,OAAO,CAAC,GAAY;IAC3B,IAAI,GAAG,YAAY,WAAW,EAAE,CAAC;QAC/B,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,IAAI,EAAE,IAAI;YACV,SAAS,EAAE,IAAI;YACf,UAAU,EAAE,IAAI;YAChB,MAAM,EAAE,IAAI;YACZ,KAAK,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE;SAChD,CAAC;IACJ,CAAC;IACD,MAAM,GAAG,CAAC;AACZ,CAAC"}

package/dist/src/tools/meta.d.ts

@@ -0,0 +1,6 @@
+import type { MetaInput, PipelineMetaResponse, ToolHandler } from "../types.js";
+interface MetaInputWithProject extends MetaInput {
+    project_dir: string;
+}
+export declare function createMetaTool(): ToolHandler<MetaInputWithProject, PipelineMetaResponse>;
+export type { MetaInputWithProject };

package/dist/src/tools/meta.js

@@ -0,0 +1,52 @@
+// pipeline_meta — protocol-discovery handler. Reads providers and
+// bundles from the installed_extensions registry; advertises the
+// host-neutral flag vocabulary derived from FLAG_TO_PRESET so the
+// parser surface and the meta echo can never drift.
+import { openDb } from "@loomfsm/kernel";
+import { FLAG_TO_PRESET } from "../lib/parse-task-args.js";
+import { KERNEL_VERSION, PLUGIN_API_VERSION, PROTOCOL_VERSION, } from "../version.js";
+const ACTIVE_TRANSPORT = "mcp-server";
+const AVAILABLE_TRANSPORTS = [ACTIVE_TRANSPORT];
+const SANDBOX_KIND = "passthrough";
+// No-API-key fallback that ships with the kernel; once the provider-
+// router config layer wires into kernel boot, this switches to the
+// router-resolved value.
+const ACTIVE_DEFAULT_PROVIDER = "claude-code-shuttle";
+export function createMetaTool() {
+    return async (input) => {
+        const db = openDb(input.project_dir);
+        const providerRows = db
+            .prepare("SELECT name, version FROM installed_extensions " +
+            "WHERE kind = 'provider' AND status = 'enabled' " +
+            "ORDER BY name")
+            .all();
+        const bundleRows = db
+            .prepare("SELECT name, version FROM installed_extensions " +
+            "WHERE kind = 'bundle' AND status = 'enabled' " +
+            "ORDER BY name")
+            .all();
+        const enabled = providerRows.map((r) => r.name);
+        return {
+            protocol_version: PROTOCOL_VERSION,
+            plugin_api_version: PLUGIN_API_VERSION,
+            kernel_version: KERNEL_VERSION,
+            client_identifier_unverified: typeof input.client_identifier_unverified === "string" &&
+                input.client_identifier_unverified.length > 0
+                ? input.client_identifier_unverified
+                : "unknown",
+            flag_vocabulary: Object.keys(FLAG_TO_PRESET),
+            transports: {
+                active: ACTIVE_TRANSPORT,
+                available: AVAILABLE_TRANSPORTS.slice(),
+            },
+            providers: {
+                enabled,
+                active_default: ACTIVE_DEFAULT_PROVIDER,
+                compatible_with_client: enabled.slice(),
+            },
+            bundles_available: bundleRows.map((r) => ({ name: r.name, version: r.version })),
+            sandbox: { kind: SANDBOX_KIND },
+        };
+    };
+}
+//# sourceMappingURL=meta.js.map

package/dist/src/tools/meta.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"meta.js","sourceRoot":"","sources":["../../../src/tools/meta.ts"],"names":[],"mappings":"AAAA,kEAAkE;AAClE,iEAAiE;AACjE,kEAAkE;AAClE,oDAAoD;AAEpD,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAEzC,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAM3D,OAAO,EACL,cAAc,EACd,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,eAAe,CAAC;AAEvB,MAAM,gBAAgB,GAAG,YAAY,CAAC;AACtC,MAAM,oBAAoB,GAAG,CAAC,gBAAgB,CAAC,CAAC;AAChD,MAAM,YAAY,GAAG,aAAa,CAAC;AACnC,qEAAqE;AACrE,mEAAmE;AACnE,yBAAyB;AACzB,MAAM,uBAAuB,GAAG,qBAAqB,CAAC;AAWtD,MAAM,UAAU,cAAc;IAC5B,OAAO,KAAK,EAAE,KAAK,EAAE,EAAE;QACrB,MAAM,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAErC,MAAM,YAAY,GAAG,EAAE;aACpB,OAAO,CACN,iDAAiD;YAC/C,iDAAiD;YACjD,eAAe,CAClB;aACA,GAAG,EAAyB,CAAC;QAEhC,MAAM,UAAU,GAAG,EAAE;aAClB,OAAO,CACN,iDAAiD;YAC/C,+CAA+C;YAC/C,eAAe,CAClB;aACA,GAAG,EAAyB,CAAC;QAEhC,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAEhD,OAAO;YACL,gBAAgB,EAAE,gBAAgB;YAClC,kBAAkB,EAAE,kBAAkB;YACtC,cAAc,EAAE,cAAc;YAC9B,4BAA4B,EAC1B,OAAO,KAAK,CAAC,4BAA4B,KAAK,QAAQ;gBACtD,KAAK,CAAC,4BAA4B,CAAC,MAAM,GAAG,CAAC;gBAC3C,CAAC,CAAC,KAAK,CAAC,4BAA4B;gBACpC,CAAC,CAAC,SAAS;YACf,eAAe,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC;YAC5C,UAAU,EAAE;gBACV,MAAM,EAAE,gBAAgB;gBACxB,SAAS,EAAE,oBAAoB,CAAC,KAAK,EAAE;aACxC;YACD,SAAS,EAAE;gBACT,OAAO;gBACP,cAAc,EAAE,uBAAuB;gBACvC,sBAAsB,EAAE,OAAO,CAAC,KAAK,EAAE;aACxC;YACD,iBAAiB,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YAChF,OAAO,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE;SAChC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC"}

package/dist/src/tools/recover.d.ts

@@ -0,0 +1,7 @@
+import { type Registry } from "@loomfsm/kernel";
+import type { RecoverTaskInput, RecoverTaskResponse, ToolHandler } from "../types.js";
+export interface RecoverDeps {
+    resolveRegistry?: (projectDir: string) => Promise<Registry> | Registry;
+    allowlistPath?: string;
+}
+export declare function createRecoverTool(deps?: RecoverDeps): ToolHandler<RecoverTaskInput, RecoverTaskResponse>;

package/dist/src/tools/recover.js

@@ -0,0 +1,243 @@
+// pipeline_recover — the five-choice recovery surface.
+//
+// Composition mirrors pipeline_continue_task: project-dir allowlist gate
+// → ledger replay lookup → recover inside one withStateTransaction (the
+// owner check + the recovery-keyed ledger row + a co-committed audit row
+// land with the state mutation) → for the re-entrant choices (retry /
+// retry-failed / cancel-pending) resolve the next directive; for the
+// terminal choices (abandon / force-close) shape the terminal response
+// directly → materialize the cached response on the ledger row.
+//
+// Owner check + cross-owner marker: the owner comparison runs INSIDE the
+// recovery tx via `ownerCheckGuard`. Same-owner / unclaimed tasks pass
+// untouched. A cross-owner recovery is refused with CROSS_OWNER_REQUIRED
+// unless the caller presents a signed `marker`; a presented marker is
+// verified (signature, target, expiry, key) and CONSUMED in the same tx
+// as the recovery — no read-then-act window. `client_identifier_unverified`
+// stays forensics-only (the kernel never branches on it).
+//
+// retry-failed: the named pending rows are re-shuttled reusing their
+// existing agent_run_id (no fresh begin_spawn → no duplicate-window
+// trip), gated on provider idempotency — a non-idempotent provider is
+// refused with PROVIDER_NOT_IDEMPOTENT.
+//
+// recovery_id is server-issued: omit it on the first call (the kernel
+// mints one and returns it); pass it back to replay the cached response
+// verbatim; omit it to issue a NEW recovery action. The response always
+// carries the (minted-or-supplied) recovery_id so a client retry is
+// keyable — even when the response is an error envelope.
+//
+// Refusals (allowlist, owner / marker, invalid/stale/terminal recovery,
+// missing registry) are error-shaped wire envelopes; only programmer
+// errors throw.
+import { assertProjectDirAllowed, buildRetryFailedDirective, captureNow, KernelError, loadState, makeRecoveryId, openDb, ownerCheckGuard, readLedgerRow, recoverTask, runFSM, TransactionImpl, withStateTransaction, writeLedgerRow, } from "@loomfsm/kernel";
+import { createTransportAdapter } from "../transport-adapter.js";
+const REENTRANT = new Set([
+    "retry",
+    "retry-failed",
+    "cancel-pending",
+]);
+const DEFAULT_OWNER = "anonymous";
+export function createRecoverTool(deps = {}) {
+    const adapter = createTransportAdapter();
+    return async (input) => {
+        const driverStateId = input.driver_state_id;
+        // recovery_id is resolved BEFORE any work so every exit path — refusal
+        // or success — echoes a keyable id back to the caller.
+        const recoveryId = resolveRecoveryId(input.recovery_id);
+        // 1. Project-dir allowlist.
+        try {
+            await assertProjectDirAllowed(input.project_dir, deps.allowlistPath !== undefined ? { allowlistPath: deps.allowlistPath } : undefined);
+        }
+        catch (err) {
+            return refusal(err, driverStateId, recoveryId);
+        }
+        const callerOwner = typeof input.owner_id === "string" && input.owner_id.length > 0
+            ? input.owner_id
+            : DEFAULT_OWNER;
+        const marker = toBypassMarker(input.marker);
+        // 2. Replay — a materialized ledger blob for this exact recovery action
+        //    replays the cached envelope verbatim (same recovery_id echoed).
+        const ledgerKey = `recovery:${driverStateId}:${input.choice}:${recoveryId}`;
+        const cached = await readCachedRecovery(input.project_dir, ledgerKey);
+        if (cached !== null) {
+            return { response: cached, recovery_id: recoveryId };
+        }
+        // 3. The re-entrant choices need a flow to tick; without a registry
+        //    they refuse. Terminal choices (abandon / force-close) shape a
+        //    terminal response with no FSM tick, so they proceed regardless.
+        const reentrant = REENTRANT.has(input.choice);
+        if (reentrant && deps.resolveRegistry === undefined) {
+            return {
+                response: errorResponse(driverStateId, "REGISTRY_UNAVAILABLE", "no registry resolver is wired for the re-entrant recovery path"),
+                recovery_id: recoveryId,
+            };
+        }
+        const identifier = typeof input.client_identifier_unverified === "string" &&
+            input.client_identifier_unverified.length > 0
+            ? input.client_identifier_unverified
+            : "unknown";
+        // 4. Owner check + recover + co-committed audit row, all in one tx. The
+        //    cross-owner marker (if any) is verified and CONSUMED here, atomic
+        //    with the recovery it authorizes.
+        let result;
+        try {
+            result = await withStateTransaction(input.project_dir, captureNow(), async (tx) => {
+                await ownerCheckGuard(tx, { driver_state_id: driverStateId, caller_owner_id: callerOwner }, marker);
+                const recovered = await recoverTask(tx, {
+                    driver_state_id: driverStateId,
+                    choice: input.choice,
+                    ...(input.agent_run_ids !== undefined ? { agent_run_ids: input.agent_run_ids } : {}),
+                    recovery_id: recoveryId,
+                });
+                const taskId = await readTaskId(tx);
+                await writeAuditRow(tx, "pipeline_recover", taskId, driverStateId, {
+                    client_identifier_unverified: identifier,
+                    choice: input.choice,
+                    recovery_id: recoveryId,
+                }, outcomeErrorClass(recovered.outcome));
+                return recovered;
+            });
+        }
+        catch (err) {
+            return refusal(err, driverStateId, recoveryId);
+        }
+        // 5. Shape the response: re-entrant choices resume the FSM (retry /
+        //    cancel-pending) or re-shuttle the named pending rows (retry-failed);
+        //    terminal choices read the now-closed state and shape directly. The
+        //    recovery has already committed, so a kernel-coded failure of the
+        //    re-entry (e.g. PROVIDER_NOT_IDEMPOTENT on a retry-failed against a
+        //    non-idempotent provider) is shaped as an error envelope, not
+        //    thrown — the cached envelope makes a replay return the same outcome.
+        let response;
+        if (result.reenter) {
+            try {
+                const registry = await deps.resolveRegistry(input.project_dir);
+                const loaded = await readState(input.project_dir);
+                if (input.choice === "retry-failed") {
+                    const directive = buildRetryFailedDirective(loaded, registry, input.agent_run_ids ?? []);
+                    response = adapter.shape(directive, { driver_state_id: driverStateId });
+                }
+                else {
+                    const { directive } = await runFSM(loaded, registry);
+                    response = adapter.shape(directive, { driver_state_id: driverStateId });
+                }
+            }
+            catch (err) {
+                if (!(err instanceof KernelError))
+                    throw err;
+                response = errorResponse(driverStateId, err.code, err.message);
+            }
+        }
+        else {
+            response = await terminalResponse(input.project_dir, input.choice);
+        }
+        // 6. Materialize the cached response on the recovery ledger row.
+        await withStateTransaction(input.project_dir, captureNow(), async (tx) => {
+            const taskId = await readTaskId(tx);
+            await writeLedgerRow(tx, ledgerKey, {
+                driver_state_id: driverStateId,
+                task_id: taskId,
+                response_blob: JSON.stringify(response),
+            });
+        });
+        return { response, recovery_id: recoveryId };
+    };
+}
+function resolveRecoveryId(supplied) {
+    if (typeof supplied === "string" && supplied.length > 0)
+        return supplied;
+    return makeRecoveryId();
+}
+// Map the wire marker (plain strings) onto the kernel BypassMarker
+// (NowToken-branded timestamps). The kernel re-derives the HMAC and
+// verifies it — a tampered field simply fails the signature check.
+function toBypassMarker(input) {
+    if (input === undefined)
+        return undefined;
+    return {
+        issued_at: input.issued_at,
+        expires_at: input.expires_at,
+        reason: input.reason,
+        hmac: input.hmac,
+        key_id: input.key_id,
+    };
+}
+// The forensic recovery outcome maps to the audit error_class: an
+// idempotent / raced recovery is a successful no-op tagged for forensics,
+// not a failure — verdict stays 'ok' and the tag rides on error_class.
+function outcomeErrorClass(outcome) {
+    switch (outcome) {
+        case "idempotent":
+            return "recovery-idempotent";
+        case "raced":
+            return "recovery-raced";
+        case "applied":
+            return null;
+    }
+}
+async function readCachedRecovery(projectDir, key) {
+    const db = openDb(projectDir);
+    const tx = new TransactionImpl(db, captureNow());
+    const row = await readLedgerRow(tx, key);
+    if (row === null || row.response_blob === null)
+        return null;
+    return JSON.parse(row.response_blob);
+}
+async function terminalResponse(projectDir, choice) {
+    const db = openDb(projectDir);
+    const tx = new TransactionImpl(db, captureNow());
+    const taskId = await readTaskId(tx);
+    if (choice === "force-close") {
+        return {
+            status: "complete",
+            task_id: taskId,
+            verdict: "failed_force_closed",
+            summary: "task force-closed via recovery",
+        };
+    }
+    // abandon — the canonical pipeline verdict is NULL (status='abandoned').
+    // The wire `complete` form has no abandoned/null verdict, so the wire
+    // verdict maps to 'rejected' (the abandon-intent terminal); the stored
+    // verdict stays NULL and is distinct from a force-close.
+    return {
+        status: "complete",
+        task_id: taskId,
+        verdict: "rejected",
+        summary: "task abandoned via recovery",
+    };
+}
+async function readState(projectDir) {
+    const db = openDb(projectDir);
+    const tx = new TransactionImpl(db, captureNow());
+    return await loadState(tx);
+}
+async function readTaskId(tx) {
+    const row = await tx.queryRow("SELECT task_id FROM pipeline_state WHERE id = 1");
+    if (row === null || row.task_id === null)
+        return null;
+    return String(row.task_id);
+}
+async function writeAuditRow(tx, type, taskId, driverStateId, payload, errorClass) {
+    await tx.exec("INSERT INTO audit (ts, type, task_id, driver_state_id, payload, verdict, error_class) " +
+        "VALUES (?, ?, ?, ?, ?, 'ok', ?)", [tx.now, type, taskId, driverStateId, JSON.stringify(payload), errorClass]);
+}
+function refusal(err, driverStateId, recoveryId) {
+    if (err instanceof KernelError) {
+        return {
+            response: errorResponse(driverStateId, err.code, err.message),
+            recovery_id: recoveryId,
+        };
+    }
+    throw err;
+}
+function errorResponse(driverStateId, code, message) {
+    return {
+        status: "error",
+        driver_state_id: driverStateId,
+        code,
+        message,
+        recovery_options: [],
+    };
+}
+//# sourceMappingURL=recover.js.map

package/dist/src/tools/recover.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"recover.js","sourceRoot":"","sources":["../../../src/tools/recover.ts"],"names":[],"mappings":"AAAA,uDAAuD;AACvD,EAAE;AACF,yEAAyE;AACzE,wEAAwE;AACxE,yEAAyE;AACzE,sEAAsE;AACtE,qEAAqE;AACrE,uEAAuE;AACvE,gEAAgE;AAChE,EAAE;AACF,yEAAyE;AACzE,uEAAuE;AACvE,yEAAyE;AACzE,sEAAsE;AACtE,wEAAwE;AACxE,4EAA4E;AAC5E,0DAA0D;AAC1D,EAAE;AACF,qEAAqE;AACrE,oEAAoE;AACpE,sEAAsE;AACtE,wCAAwC;AACxC,EAAE;AACF,sEAAsE;AACtE,wEAAwE;AACxE,wEAAwE;AACxE,oEAAoE;AACpE,yDAAyD;AACzD,EAAE;AACF,wEAAwE;AACxE,qEAAqE;AACrE,gBAAgB;AAEhB,OAAO,EACL,uBAAuB,EACvB,yBAAyB,EACzB,UAAU,EACV,WAAW,EACX,SAAS,EACT,cAAc,EACd,MAAM,EACN,eAAe,EACf,aAAa,EACb,WAAW,EACX,MAAM,EACN,eAAe,EACf,oBAAoB,EACpB,cAAc,GAMf,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AAajE,MAAM,SAAS,GAAqC,IAAI,GAAG,CAAsB;IAC/E,OAAO;IACP,cAAc;IACd,gBAAgB;CACjB,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,WAAW,CAAC;AAElC,MAAM,UAAU,iBAAiB,CAC/B,OAAoB,EAAE;IAEtB,MAAM,OAAO,GAAG,sBAAsB,EAAE,CAAC;IAEzC,OAAO,KAAK,EAAE,KAAK,EAAE,EAAE;QACrB,MAAM,aAAa,GAAG,KAAK,CAAC,eAAe,CAAC;QAC5C,uEAAuE;QACvE,uDAAuD;QACvD,MAAM,UAAU,GAAG,iBAAiB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAExD,4BAA4B;QAC5B,IAAI,CAAC;YACH,MAAM,uBAAuB,CAC3B,KAAK,CAAC,WAAW,EACjB,IAAI,CAAC,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,SAAS,CACrF,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,OAAO,CAAC,GAAG,EAAE,aAAa,EAAE,UAAU,CAAC,CAAC;QACjD,CAAC;QAED,MAAM,WAAW,GACf,OAAO,KAAK,CAAC,QAAQ,KAAK,QAAQ,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;YAC7D,CAAC,CAAC,KAAK,CAAC,QAAQ;YAChB,CAAC,CAAC,aAAa,CAAC;QACpB,MAAM,MAAM,GAAG,cAAc,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAE5C,wEAAwE;QACxE,qEAAqE;QACrE,MAAM,SAAS,GAAG,YAAY,aAAa,IAAI,KAAK,CAAC,MAAM,IAAI,UAAU,EAAE,CAAC;QAC5E,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,KAAK,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;QACtE,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC;QACvD,CAAC;QAED,oEAAoE;QACpE,mEAAmE;QACnE,qEAAqE;QACrE,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,SAAS,IAAI,IAAI,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;YACpD,OAAO;gBACL,QAAQ,EAAE,aAAa,CACrB,aAAa,EACb,sBAAsB,EACtB,gEAAgE,CACjE;gBACD,WAAW,EAAE,UAAU;aACxB,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GACd,OAAO,KAAK,CAAC,4BAA4B,KAAK,QAAQ;YACtD,KAAK,CAAC,4BAA4B,CAAC,MAAM,GAAG,CAAC;YAC3C,CAAC,CAAC,KAAK,CAAC,4BAA4B;YACpC,CAAC,CAAC,SAAS,CAAC;QAEhB,wEAAwE;QACxE,uEAAuE;QACvE,sCAAsC;QACtC,IAAI,MAA2E,CAAC;QAChF,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,oBAAoB,CAAC,KAAK,CAAC,WAAW,EAAE,UAAU,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE;gBAChF,MAAM,eAAe,CACnB,EAAE,EACF,EAAE,eAAe,EAAE,aAAa,EAAE,eAAe,EAAE,WAAW,EAAE,EAChE,MAAM,CACP,CAAC;gBACF,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE;oBACtC,eAAe,EAAE,aAAa;oBAC9B,MAAM,EAAE,KAAK,CAAC,MAAM;oBACpB,GAAG,CAAC,KAAK,CAAC,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACpF,WAAW,EAAE,UAAU;iBACxB,CAAC,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,EAAE,CAAC,CAAC;gBACpC,MAAM,aAAa,CAAC,EAAE,EAAE,kBAAkB,EAAE,MAAM,EAAE,aAAa,EAAE;oBACjE,4BAA4B,EAAE,UAAU;oBACxC,MAAM,EAAE,KAAK,CAAC,MAAM;oBACpB,WAAW,EAAE,UAAU;iBACxB,EAAE,iBAAiB,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;gBACzC,OAAO,SAAS,CAAC;YACnB,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,OAAO,CAAC,GAAG,EAAE,aAAa,EAAE,UAAU,CAAC,CAAC;QACjD,CAAC;QAED,oEAAoE;QACpE,0EAA0E;QAC1E,wEAAwE;QACxE,sEAAsE;QACtE,wEAAwE;QACxE,kEAAkE;QAClE,0EAA0E;QAC1E,IAAI,QAA2B,CAAC;QAChC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAgB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;gBAChE,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;gBAClD,IAAI,KAAK,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;oBACpC,MAAM,SAAS,GAAG,yBAAyB,CACzC,MAAM,EACN,QAAQ,EACR,KAAK,CAAC,aAAa,IAAI,EAAE,CAC1B,CAAC;oBACF,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,eAAe,EAAE,aAAa,EAAE,CAAC,CAAC;gBAC1E,CAAC;qBAAM,CAAC;oBACN,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;oBACrD,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,eAAe,EAAE,aAAa,EAAE,CAAC,CAAC;gBAC1E,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,CAAC,GAAG,YAAY,WAAW,CAAC;oBAAE,MAAM,GAAG,CAAC;gBAC7C,QAAQ,GAAG,aAAa,CAAC,aAAa,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YACjE,CAAC;QACH,CAAC;aAAM,CAAC;YACN,QAAQ,GAAG,MAAM,gBAAgB,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC;QAED,iEAAiE;QACjE,MAAM,oBAAoB,CAAC,KAAK,CAAC,WAAW,EAAE,UAAU,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE;YACvE,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,EAAE,CAAC,CAAC;YACpC,MAAM,cAAc,CAAC,EAAE,EAAE,SAAS,EAAE;gBAClC,eAAe,EAAE,aAAa;gBAC9B,OAAO,EAAE,MAAM;gBACf,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;aACxC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC;IAC/C,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,QAA4B;IACrD,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IACzE,OAAO,cAAc,EAAE,CAAC;AAC1B,CAAC;AAED,mEAAmE;AACnE,oEAAoE;AACpE,mEAAmE;AACnE,SAAS,cAAc,CACrB,KAAiC;IAEjC,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IAC1C,OAAO;QACL,SAAS,EAAE,KAAK,CAAC,SAAqB;QACtC,UAAU,EAAE,KAAK,CAAC,UAAsB;QACxC,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,MAAM,EAAE,KAAK,CAAC,MAAM;KACrB,CAAC;AACJ,CAAC;AAED,kEAAkE;AAClE,0EAA0E;AAC1E,uEAAuE;AACvE,SAAS,iBAAiB,CAAC,OAAwB;IACjD,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,YAAY;YACf,OAAO,qBAAqB,CAAC;QAC/B,KAAK,OAAO;YACV,OAAO,gBAAgB,CAAC;QAC1B,KAAK,SAAS;YACZ,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,kBAAkB,CAC/B,UAAkB,EAClB,GAAW;IAEX,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;IAC9B,MAAM,EAAE,GAAG,IAAI,eAAe,CAAC,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;IACjD,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;IACzC,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,CAAC,aAAa,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAC5D,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,CAAsB,CAAC;AAC5D,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,UAAkB,EAClB,MAA2B;IAE3B,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;IAC9B,MAAM,EAAE,GAAG,IAAI,eAAe,CAAC,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,EAAE,CAAC,CAAC;IACpC,IAAI,MAAM,KAAK,aAAa,EAAE,CAAC;QAC7B,OAAO;YACL,MAAM,EAAE,UAAU;YAClB,OAAO,EAAE,MAAM;YACf,OAAO,EAAE,qBAAqB;YAC9B,OAAO,EAAE,gCAAgC;SAC1C,CAAC;IACJ,CAAC;IACD,yEAAyE;IACzE,sEAAsE;IACtE,uEAAuE;IACvE,yDAAyD;IACzD,OAAO;QACL,MAAM,EAAE,UAAU;QAClB,OAAO,EAAE,MAAM;QACf,OAAO,EAAE,UAAU;QACnB,OAAO,EAAE,6BAA6B;KACvC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,UAAkB;IACzC,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;IAC9B,MAAM,EAAE,GAAG,IAAI,eAAe,CAAC,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;IACjD,OAAO,MAAM,SAAS,CAAC,EAAE,CAAC,CAAC;AAC7B,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,EAAe;IACvC,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAC3B,iDAAiD,CAClD,CAAC;IACF,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,CAAC,OAAO,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACtD,OAAO,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AAC7B,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,EAAe,EACf,IAAY,EACZ,MAAqB,EACrB,aAAqB,EACrB,OAAgC,EAChC,UAAyB;IAEzB,MAAM,EAAE,CAAC,IAAI,CACX,wFAAwF;QACtF,iCAAiC,EACnC,CAAC,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,UAAU,CAAC,CAC3E,CAAC;AACJ,CAAC;AAED,SAAS,OAAO,CACd,GAAY,EACZ,aAAqB,EACrB,UAAkB;IAElB,IAAI,GAAG,YAAY,WAAW,EAAE,CAAC;QAC/B,OAAO;YACL,QAAQ,EAAE,aAAa,CAAC,aAAa,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC;YAC7D,WAAW,EAAE,UAAU;SACxB,CAAC;IACJ,CAAC;IACD,MAAM,GAAG,CAAC;AACZ,CAAC;AAED,SAAS,aAAa,CACpB,aAAqB,EACrB,IAAY,EACZ,OAAe;IAEf,OAAO;QACL,MAAM,EAAE,OAAO;QACf,eAAe,EAAE,aAAa;QAC9B,IAAI;QACJ,OAAO;QACP,gBAAgB,EAAE,EAAE;KACrB,CAAC;AACJ,CAAC"}

package/dist/src/tools/restore.d.ts

@@ -0,0 +1,5 @@
+import type { RestoreInput, RestoreResponse, ToolHandler } from "../types.js";
+export interface RestoreDeps {
+    allowlistPath?: string;
+}
+export declare function createRestoreTool(deps?: RestoreDeps): ToolHandler<RestoreInput, RestoreResponse>;

package/dist/src/tools/restore.js

@@ -0,0 +1,82 @@
+// pipeline_restore — restore project state from a backup.
+//
+// Two formats:
+//   sql    — the dump is UNTRUSTED input. It is parsed through the DDL
+//            allowlist (parseRestoreSql), which classifies each statement
+//            and refuses anything outside the allowed set; the parsed,
+//            allowlisted statements are then applied inside one
+//            withStateTransaction. A backup file never reaches
+//            `db.exec(rawSql)` — an out-of-allowlist statement surfaces
+//            RESTORE_REJECTED naming the offender.
+//   binary — operator-explicit ("trust the source file"): close the
+//            project connection and copy the .db over the project's
+//            state.db with no kernel validation. The next kernel start
+//            re-applies migrations and refuses on schema mismatch.
+//
+// Both formats refuse without confirm:true (RESTORE_CONFIRM_REQUIRED) and
+// thread the NowToken for `ts`.
+import { copyFileSync, readFileSync } from "node:fs";
+import { join, resolve } from "node:path";
+import { applyRestoreStatements, assertProjectDirAllowed, captureNow, closeDb, KernelError, parseRestoreSql, withStateTransaction, } from "@loomfsm/kernel";
+export function createRestoreTool(deps = {}) {
+    return async (input) => {
+        const now = captureNow();
+        // 1. Project-dir allowlist.
+        try {
+            await assertProjectDirAllowed(input.project_dir, deps.allowlistPath !== undefined ? { allowlistPath: deps.allowlistPath } : undefined);
+        }
+        catch (err) {
+            return refusal(err, now);
+        }
+        // 2. A restore overwrites canonical state — require explicit confirm.
+        if (input.confirm !== true) {
+            return {
+                restored: false,
+                ts: now,
+                error: {
+                    code: "RESTORE_CONFIRM_REQUIRED",
+                    message: "pipeline_restore overwrites state and requires confirm:true",
+                },
+            };
+        }
+        const from = resolve(input.project_dir, input.from);
+        if (input.format === "binary") {
+            // Operator-explicit file swap — no kernel validation.
+            try {
+                closeDb(input.project_dir);
+                const dest = join(input.project_dir, ".claude", "state.db");
+                copyFileSync(from, dest);
+            }
+            catch (err) {
+                return refusal(err, now);
+            }
+            return { restored: true, ts: now };
+        }
+        // SQL path — parse the untrusted dump, then apply the allowlisted set.
+        let statements;
+        try {
+            const sql = readFileSync(from, "utf8");
+            statements = parseRestoreSql(sql);
+        }
+        catch (err) {
+            return refusal(err, now);
+        }
+        try {
+            await withStateTransaction(input.project_dir, now, (tx) => applyRestoreStatements(tx, statements));
+        }
+        catch (err) {
+            return refusal(err, now);
+        }
+        return { restored: true, ts: now };
+    };
+}
+function refusal(err, ts) {
+    if (err instanceof KernelError) {
+        return { restored: false, ts, error: { code: err.code, message: err.message } };
+    }
+    if (err instanceof Error) {
+        return { restored: false, ts, error: { code: "RESTORE_FAILED", message: err.message } };
+    }
+    throw err;
+}
+//# sourceMappingURL=restore.js.map

package/dist/src/tools/restore.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"restore.js","sourceRoot":"","sources":["../../../src/tools/restore.ts"],"names":[],"mappings":"AAAA,0DAA0D;AAC1D,EAAE;AACF,eAAe;AACf,uEAAuE;AACvE,0EAA0E;AAC1E,uEAAuE;AACvE,gEAAgE;AAChE,+DAA+D;AAC/D,wEAAwE;AACxE,mDAAmD;AACnD,oEAAoE;AACpE,oEAAoE;AACpE,uEAAuE;AACvE,mEAAmE;AACnE,EAAE;AACF,0EAA0E;AAC1E,gCAAgC;AAEhC,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACrD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAE1C,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,UAAU,EACV,OAAO,EACP,WAAW,EACX,eAAe,EACf,oBAAoB,GACrB,MAAM,iBAAiB,CAAC;AAQzB,MAAM,UAAU,iBAAiB,CAC/B,OAAoB,EAAE;IAEtB,OAAO,KAAK,EAAE,KAAK,EAAE,EAAE;QACrB,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;QAEzB,4BAA4B;QAC5B,IAAI,CAAC;YACH,MAAM,uBAAuB,CAC3B,KAAK,CAAC,WAAW,EACjB,IAAI,CAAC,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,SAAS,CACrF,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC3B,CAAC;QAED,sEAAsE;QACtE,IAAI,KAAK,CAAC,OAAO,KAAK,IAAI,EAAE,CAAC;YAC3B,OAAO;gBACL,QAAQ,EAAE,KAAK;gBACf,EAAE,EAAE,GAAG;gBACP,KAAK,EAAE;oBACL,IAAI,EAAE,0BAA0B;oBAChC,OAAO,EAAE,6DAA6D;iBACvE;aACF,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAEpD,IAAI,KAAK,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC9B,sDAAsD;YACtD,IAAI,CAAC;gBACH,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;gBAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;gBAC5D,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YAC3B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAC3B,CAAC;YACD,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC;QACrC,CAAC;QAED,uEAAuE;QACvE,IAAI,UAAoB,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YACvC,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QACpC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC3B,CAAC;QAED,IAAI,CAAC;YACH,MAAM,oBAAoB,CAAC,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,EAAE,CACxD,sBAAsB,CAAC,EAAE,EAAE,UAAU,CAAC,CACvC,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC3B,CAAC;QAED,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC;IACrC,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,OAAO,CAAC,GAAY,EAAE,EAAU;IACvC,IAAI,GAAG,YAAY,WAAW,EAAE,CAAC;QAC/B,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;IAClF,CAAC;IACD,IAAI,GAAG,YAAY,KAAK,EAAE,CAAC;QACzB,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;IAC1F,CAAC;IACD,MAAM,GAAG,CAAC;AACZ,CAAC"}

package/dist/src/tools/run-task.d.ts

@@ -0,0 +1,7 @@
+import { type Registry } from "@loomfsm/kernel";
+import type { RunTaskInput, RunTaskResponse, ToolHandler } from "../types.js";
+export interface RunTaskDeps {
+    resolveRegistry?: (projectDir: string) => Promise<Registry> | Registry;
+    allowlistPath?: string;
+}
+export declare function createRunTaskTool(deps?: RunTaskDeps): ToolHandler<RunTaskInput, RunTaskResponse>;