@machina.ai/cell-cli-core 1.38.1-rc2 → 1.40.1-rc2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (822) hide show
  1. package/dist/docs/AFTER_MERGE_PROMPT.md +1 -1
  2. package/dist/docs/admin/enterprise-controls.md +1 -1
  3. package/dist/docs/changelogs/index.md +42 -0
  4. package/dist/docs/changelogs/latest.md +254 -361
  5. package/dist/docs/changelogs/preview.md +237 -406
  6. package/dist/docs/cli/acp-mode.md +6 -6
  7. package/dist/docs/cli/auto-memory.md +143 -0
  8. package/dist/docs/cli/checkpointing.md +5 -5
  9. package/dist/docs/cli/cli-reference.md +12 -11
  10. package/dist/docs/cli/creating-skills.md +2 -2
  11. package/dist/docs/cli/custom-commands.md +15 -14
  12. package/dist/docs/cli/enterprise.md +17 -14
  13. package/dist/docs/cli/gemini-ignore.md +2 -2
  14. package/dist/docs/cli/generation-settings.md +21 -20
  15. package/dist/docs/cli/model-routing.md +2 -2
  16. package/dist/docs/cli/model-steering.md +1 -1
  17. package/dist/docs/cli/plan-mode.md +11 -6
  18. package/dist/docs/cli/sandbox.md +7 -5
  19. package/dist/docs/cli/settings.md +32 -28
  20. package/dist/docs/cli/system-prompt.md +8 -8
  21. package/dist/docs/cli/telemetry.md +18 -11
  22. package/dist/docs/cli/themes.md +2 -2
  23. package/dist/docs/cli/trusted-folders.md +41 -13
  24. package/dist/docs/cli/tutorials/mcp-setup.md +1 -1
  25. package/dist/docs/cli/tutorials/memory-management.md +3 -1
  26. package/dist/docs/cli/tutorials/plan-mode-steering.md +2 -2
  27. package/dist/docs/cli/tutorials/session-management.md +1 -1
  28. package/dist/docs/cli/tutorials/shell-commands.md +1 -1
  29. package/dist/docs/cli/tutorials/task-planning.md +3 -3
  30. package/dist/docs/core/index.md +5 -6
  31. package/dist/docs/core/local-model-routing.md +1 -1
  32. package/dist/docs/core/remote-agents.md +1 -1
  33. package/dist/docs/core/subagents.md +38 -8
  34. package/dist/docs/extensions/best-practices.md +5 -4
  35. package/dist/docs/extensions/reference.md +6 -5
  36. package/dist/docs/extensions/releasing.md +6 -5
  37. package/dist/docs/extensions/writing-extensions.md +11 -11
  38. package/dist/docs/get-started/{authentication.md → authentication.mdx} +139 -93
  39. package/dist/docs/get-started/gemini-3.md +1 -1
  40. package/dist/docs/get-started/index.md +4 -4
  41. package/dist/docs/get-started/installation.mdx +201 -0
  42. package/dist/docs/hooks/best-practices.md +18 -17
  43. package/dist/docs/hooks/index.md +10 -8
  44. package/dist/docs/hooks/reference.md +10 -10
  45. package/dist/docs/ide-integration/ide-companion-spec.md +14 -14
  46. package/dist/docs/ide-integration/index.md +4 -4
  47. package/dist/docs/index.md +2 -2
  48. package/dist/docs/integration-tests.md +84 -2
  49. package/dist/docs/issue-and-pr-automation.md +8 -7
  50. package/dist/docs/npm.md +2 -2
  51. package/dist/docs/reference/commands.md +11 -11
  52. package/dist/docs/reference/configuration.md +150 -47
  53. package/dist/docs/reference/keyboard-shortcuts.md +79 -2
  54. package/dist/docs/reference/memport.md +2 -3
  55. package/dist/docs/reference/policy-engine.md +60 -26
  56. package/dist/docs/reference/tools.md +38 -4
  57. package/dist/docs/release-confidence.md +1 -1
  58. package/dist/docs/releases.md +19 -19
  59. package/dist/docs/resources/faq.md +5 -5
  60. package/dist/docs/resources/tos-privacy.md +10 -9
  61. package/dist/docs/resources/troubleshooting.md +17 -16
  62. package/dist/docs/resources/uninstall.md +5 -4
  63. package/dist/docs/sidebar.json +13 -1
  64. package/dist/docs/tools/ask-user.md +3 -3
  65. package/dist/docs/tools/file-system.md +7 -7
  66. package/dist/docs/tools/mcp-resources.md +44 -0
  67. package/dist/docs/tools/mcp-server.md +42 -39
  68. package/dist/docs/tools/shell.md +5 -5
  69. package/dist/docs/tools/tracker.md +61 -0
  70. package/dist/package.json +5 -4
  71. package/dist/src/agent/content-utils.d.ts +0 -6
  72. package/dist/src/agent/content-utils.js +0 -14
  73. package/dist/src/agent/content-utils.js.map +1 -1
  74. package/dist/src/agent/content-utils.test.js +1 -18
  75. package/dist/src/agent/content-utils.test.js.map +1 -1
  76. package/dist/src/agent/event-translator.js +8 -3
  77. package/dist/src/agent/event-translator.js.map +1 -1
  78. package/dist/src/agent/event-translator.test.js +14 -9
  79. package/dist/src/agent/event-translator.test.js.map +1 -1
  80. package/dist/src/agent/legacy-agent-session.js +9 -3
  81. package/dist/src/agent/legacy-agent-session.js.map +1 -1
  82. package/dist/src/agent/legacy-agent-session.test.js +4 -3
  83. package/dist/src/agent/legacy-agent-session.test.js.map +1 -1
  84. package/dist/src/agent/tool-display-utils.d.ts +30 -0
  85. package/dist/src/agent/tool-display-utils.js +69 -0
  86. package/dist/src/agent/tool-display-utils.js.map +1 -0
  87. package/dist/src/agent/tool-display-utils.test.js +101 -0
  88. package/dist/src/agent/tool-display-utils.test.js.map +1 -0
  89. package/dist/src/agent/types.d.ts +25 -5
  90. package/dist/src/agents/a2aUtils.js +28 -15
  91. package/dist/src/agents/a2aUtils.js.map +1 -1
  92. package/dist/src/agents/a2aUtils.test.js +43 -0
  93. package/dist/src/agents/a2aUtils.test.js.map +1 -1
  94. package/dist/src/agents/agent-tool.d.ts +31 -0
  95. package/dist/src/agents/agent-tool.js +155 -0
  96. package/dist/src/agents/agent-tool.js.map +1 -0
  97. package/dist/src/agents/agent-tool.test.js +110 -0
  98. package/dist/src/agents/agent-tool.test.js.map +1 -0
  99. package/dist/src/agents/agentLoader.d.ts +79 -4
  100. package/dist/src/agents/agentLoader.js +40 -2
  101. package/dist/src/agents/agentLoader.js.map +1 -1
  102. package/dist/src/agents/agentLoader.test.js +32 -0
  103. package/dist/src/agents/agentLoader.test.js.map +1 -1
  104. package/dist/src/agents/browser/analyzeScreenshot.js +1 -1
  105. package/dist/src/agents/browser/analyzeScreenshot.js.map +1 -1
  106. package/dist/src/agents/browser/analyzeScreenshot.test.js +19 -7
  107. package/dist/src/agents/browser/analyzeScreenshot.test.js.map +1 -1
  108. package/dist/src/agents/browser/browserAgentInvocation.d.ts +2 -2
  109. package/dist/src/agents/browser/browserAgentInvocation.js +2 -1
  110. package/dist/src/agents/browser/browserAgentInvocation.js.map +1 -1
  111. package/dist/src/agents/browser/browserAgentInvocation.test.js +61 -17
  112. package/dist/src/agents/browser/browserAgentInvocation.test.js.map +1 -1
  113. package/dist/src/agents/browser/mcpToolWrapper.js +1 -1
  114. package/dist/src/agents/browser/mcpToolWrapper.js.map +1 -1
  115. package/dist/src/agents/browser/mcpToolWrapper.test.js +22 -10
  116. package/dist/src/agents/browser/mcpToolWrapper.test.js.map +1 -1
  117. package/dist/src/agents/codebase-investigator.js +2 -2
  118. package/dist/src/agents/codebase-investigator.js.map +1 -1
  119. package/dist/src/agents/generalist-agent.js +3 -2
  120. package/dist/src/agents/generalist-agent.js.map +1 -1
  121. package/dist/src/agents/generalist-agent.test.js +1 -0
  122. package/dist/src/agents/generalist-agent.test.js.map +1 -1
  123. package/dist/src/agents/local-executor.d.ts +1 -1
  124. package/dist/src/agents/local-executor.js +10 -7
  125. package/dist/src/agents/local-executor.js.map +1 -1
  126. package/dist/src/agents/local-executor.test.js +5 -3
  127. package/dist/src/agents/local-executor.test.js.map +1 -1
  128. package/dist/src/agents/local-invocation.d.ts +2 -2
  129. package/dist/src/agents/local-invocation.js +8 -2
  130. package/dist/src/agents/local-invocation.js.map +1 -1
  131. package/dist/src/agents/local-invocation.test.js +29 -13
  132. package/dist/src/agents/local-invocation.test.js.map +1 -1
  133. package/dist/src/agents/registry.d.ts +2 -0
  134. package/dist/src/agents/registry.js +20 -19
  135. package/dist/src/agents/registry.js.map +1 -1
  136. package/dist/src/agents/registry.test.js +19 -30
  137. package/dist/src/agents/registry.test.js.map +1 -1
  138. package/dist/src/agents/remote-invocation.d.ts +3 -4
  139. package/dist/src/agents/remote-invocation.js +2 -1
  140. package/dist/src/agents/remote-invocation.js.map +1 -1
  141. package/dist/src/agents/remote-invocation.test.js +45 -18
  142. package/dist/src/agents/remote-invocation.test.js.map +1 -1
  143. package/dist/src/agents/skill-extraction-agent.d.ts +3 -2
  144. package/dist/src/agents/skill-extraction-agent.js +99 -56
  145. package/dist/src/agents/skill-extraction-agent.js.map +1 -1
  146. package/dist/src/agents/skill-extraction-agent.test.js +54 -0
  147. package/dist/src/agents/skill-extraction-agent.test.js.map +1 -0
  148. package/dist/src/availability/policyCatalog.js +1 -1
  149. package/dist/src/availability/policyCatalog.js.map +1 -1
  150. package/dist/src/availability/policyCatalog.test.js +1 -1
  151. package/dist/src/availability/policyCatalog.test.js.map +1 -1
  152. package/dist/src/code_assist/oauth2.js +14 -4
  153. package/dist/src/code_assist/oauth2.js.map +1 -1
  154. package/dist/src/commands/memory.d.ts +77 -0
  155. package/dist/src/commands/memory.js +494 -0
  156. package/dist/src/commands/memory.js.map +1 -1
  157. package/dist/src/commands/memory.test.js +720 -1
  158. package/dist/src/commands/memory.test.js.map +1 -1
  159. package/dist/src/config/config-agents-reload.test.js +26 -31
  160. package/dist/src/config/config-agents-reload.test.js.map +1 -1
  161. package/dist/src/config/config.d.ts +24 -10
  162. package/dist/src/config/config.js +148 -82
  163. package/dist/src/config/config.js.map +1 -1
  164. package/dist/src/config/config.test.js +373 -10
  165. package/dist/src/config/config.test.js.map +1 -1
  166. package/dist/src/config/constants.d.ts +1 -0
  167. package/dist/src/config/constants.js +2 -0
  168. package/dist/src/config/constants.js.map +1 -1
  169. package/dist/src/config/defaultModelConfigs.js +7 -7
  170. package/dist/src/config/defaultModelConfigs.js.map +1 -1
  171. package/dist/src/config/memory.js +1 -1
  172. package/dist/src/config/memory.js.map +1 -1
  173. package/dist/src/config/path-validation.test.js +15 -6
  174. package/dist/src/config/path-validation.test.js.map +1 -1
  175. package/dist/src/config/projectRegistry.js +113 -32
  176. package/dist/src/config/projectRegistry.js.map +1 -1
  177. package/dist/src/config/projectRegistry.test.js +51 -0
  178. package/dist/src/config/projectRegistry.test.js.map +1 -1
  179. package/dist/src/config/storage.d.ts +5 -1
  180. package/dist/src/config/storage.js +14 -1
  181. package/dist/src/config/storage.js.map +1 -1
  182. package/dist/src/config/storage.test.js +12 -0
  183. package/dist/src/config/storage.test.js.map +1 -1
  184. package/dist/src/confirmation-bus/message-bus.d.ts +4 -1
  185. package/dist/src/confirmation-bus/message-bus.js +39 -1
  186. package/dist/src/confirmation-bus/message-bus.js.map +1 -1
  187. package/dist/src/confirmation-bus/message-bus.test.js +43 -0
  188. package/dist/src/confirmation-bus/message-bus.test.js.map +1 -1
  189. package/dist/src/context/config/configLoader.d.ts +13 -0
  190. package/dist/src/context/config/configLoader.js +65 -0
  191. package/dist/src/context/config/configLoader.js.map +1 -0
  192. package/dist/src/context/config/configLoader.test.d.ts +6 -0
  193. package/dist/src/context/config/configLoader.test.js +79 -0
  194. package/dist/src/context/config/configLoader.test.js.map +1 -0
  195. package/dist/src/context/config/profiles.d.ts +17 -0
  196. package/dist/src/context/config/profiles.js +93 -0
  197. package/dist/src/context/config/profiles.js.map +1 -0
  198. package/dist/src/context/config/registry.d.ts +21 -0
  199. package/dist/src/context/config/registry.js +32 -0
  200. package/dist/src/context/config/registry.js.map +1 -0
  201. package/dist/src/context/config/schema.d.ts +45 -0
  202. package/dist/src/context/config/schema.js +47 -0
  203. package/dist/src/context/config/schema.js.map +1 -0
  204. package/dist/src/context/config/types.d.ts +39 -0
  205. package/dist/src/context/config/types.js +7 -0
  206. package/dist/src/context/config/types.js.map +1 -0
  207. package/dist/src/context/contextManager.barrier.test.d.ts +6 -0
  208. package/dist/src/context/contextManager.barrier.test.js +56 -0
  209. package/dist/src/context/contextManager.barrier.test.js.map +1 -0
  210. package/dist/src/context/contextManager.d.ts +49 -0
  211. package/dist/src/context/contextManager.js +120 -0
  212. package/dist/src/context/contextManager.js.map +1 -0
  213. package/dist/src/context/eventBus.d.ts +28 -0
  214. package/dist/src/context/eventBus.js +27 -0
  215. package/dist/src/context/eventBus.js.map +1 -0
  216. package/dist/src/context/graph/behaviorRegistry.d.ts +28 -0
  217. package/dist/src/context/graph/behaviorRegistry.js +14 -0
  218. package/dist/src/context/graph/behaviorRegistry.js.map +1 -0
  219. package/dist/src/context/graph/builtinBehaviors.d.ts +11 -0
  220. package/dist/src/context/graph/builtinBehaviors.js +145 -0
  221. package/dist/src/context/graph/builtinBehaviors.js.map +1 -0
  222. package/dist/src/context/graph/fromGraph.d.ts +9 -0
  223. package/dist/src/context/graph/fromGraph.js +34 -0
  224. package/dist/src/context/graph/fromGraph.js.map +1 -0
  225. package/dist/src/context/graph/mapper.d.ts +16 -0
  226. package/dist/src/context/graph/mapper.js +16 -0
  227. package/dist/src/context/graph/mapper.js.map +1 -0
  228. package/dist/src/context/graph/render.d.ts +15 -0
  229. package/dist/src/context/graph/render.js +72 -0
  230. package/dist/src/context/graph/render.js.map +1 -0
  231. package/dist/src/context/graph/toGraph.d.ts +10 -0
  232. package/dist/src/context/graph/toGraph.js +172 -0
  233. package/dist/src/context/graph/toGraph.js.map +1 -0
  234. package/dist/src/context/graph/types.d.ts +139 -0
  235. package/dist/src/context/graph/types.js +36 -0
  236. package/dist/src/context/graph/types.js.map +1 -0
  237. package/dist/src/context/historyObserver.d.ts +27 -0
  238. package/dist/src/context/historyObserver.js +64 -0
  239. package/dist/src/context/historyObserver.js.map +1 -0
  240. package/dist/src/context/pipeline/contextWorkingBuffer.d.ts +33 -0
  241. package/dist/src/context/pipeline/contextWorkingBuffer.js +197 -0
  242. package/dist/src/context/pipeline/contextWorkingBuffer.js.map +1 -0
  243. package/dist/src/context/pipeline/contextWorkingBuffer.test.d.ts +6 -0
  244. package/dist/src/context/pipeline/contextWorkingBuffer.test.js +89 -0
  245. package/dist/src/context/pipeline/contextWorkingBuffer.test.js.map +1 -0
  246. package/dist/src/context/pipeline/environment.d.ts +27 -0
  247. package/dist/src/context/pipeline/environment.js +2 -0
  248. package/dist/src/context/pipeline/environment.js.map +1 -0
  249. package/dist/src/context/pipeline/environmentImpl.d.ts +28 -0
  250. package/dist/src/context/pipeline/environmentImpl.js +40 -0
  251. package/dist/src/context/pipeline/environmentImpl.js.map +1 -0
  252. package/dist/src/context/pipeline/environmentImpl.test.d.ts +1 -0
  253. package/dist/src/context/pipeline/environmentImpl.test.js +32 -0
  254. package/dist/src/context/pipeline/environmentImpl.test.js.map +1 -0
  255. package/dist/src/context/pipeline/inbox.d.ts +15 -0
  256. package/dist/src/context/pipeline/inbox.js +52 -0
  257. package/dist/src/context/pipeline/inbox.js.map +1 -0
  258. package/dist/src/context/pipeline/inbox.test.d.ts +1 -0
  259. package/dist/src/context/pipeline/inbox.test.js +36 -0
  260. package/dist/src/context/pipeline/inbox.test.js.map +1 -0
  261. package/dist/src/context/pipeline/orchestrator.d.ts +22 -0
  262. package/dist/src/context/pipeline/orchestrator.js +126 -0
  263. package/dist/src/context/pipeline/orchestrator.js.map +1 -0
  264. package/dist/src/context/pipeline/orchestrator.test.d.ts +6 -0
  265. package/dist/src/context/pipeline/orchestrator.test.js +154 -0
  266. package/dist/src/context/pipeline/orchestrator.test.js.map +1 -0
  267. package/dist/src/context/pipeline.d.ts +52 -0
  268. package/dist/src/context/pipeline.js +7 -0
  269. package/dist/src/context/pipeline.js.map +1 -0
  270. package/dist/src/context/processors/blobDegradationProcessor.d.ts +6 -0
  271. package/dist/src/context/processors/blobDegradationProcessor.js +127 -0
  272. package/dist/src/context/processors/blobDegradationProcessor.js.map +1 -0
  273. package/dist/src/context/processors/blobDegradationProcessor.test.d.ts +6 -0
  274. package/dist/src/context/processors/blobDegradationProcessor.test.js +72 -0
  275. package/dist/src/context/processors/blobDegradationProcessor.test.js.map +1 -0
  276. package/dist/src/context/processors/historyTruncationProcessor.d.ts +11 -0
  277. package/dist/src/context/processors/historyTruncationProcessor.js +61 -0
  278. package/dist/src/context/processors/historyTruncationProcessor.js.map +1 -0
  279. package/dist/src/context/processors/nodeDistillationProcessor.d.ts +8 -0
  280. package/dist/src/context/processors/nodeDistillationProcessor.js +167 -0
  281. package/dist/src/context/processors/nodeDistillationProcessor.js.map +1 -0
  282. package/dist/src/context/processors/nodeDistillationProcessor.test.d.ts +6 -0
  283. package/dist/src/context/processors/nodeDistillationProcessor.test.js +77 -0
  284. package/dist/src/context/processors/nodeDistillationProcessor.test.js.map +1 -0
  285. package/dist/src/context/processors/nodeTruncationProcessor.d.ts +8 -0
  286. package/dist/src/context/processors/nodeTruncationProcessor.js +109 -0
  287. package/dist/src/context/processors/nodeTruncationProcessor.js.map +1 -0
  288. package/dist/src/context/processors/nodeTruncationProcessor.test.d.ts +6 -0
  289. package/dist/src/context/processors/nodeTruncationProcessor.test.js +71 -0
  290. package/dist/src/context/processors/nodeTruncationProcessor.test.js.map +1 -0
  291. package/dist/src/context/processors/rollingSummaryProcessor.d.ts +8 -0
  292. package/dist/src/context/processors/rollingSummaryProcessor.js +129 -0
  293. package/dist/src/context/processors/rollingSummaryProcessor.js.map +1 -0
  294. package/dist/src/context/processors/rollingSummaryProcessor.test.d.ts +1 -0
  295. package/dist/src/context/processors/rollingSummaryProcessor.test.js +60 -0
  296. package/dist/src/context/processors/rollingSummaryProcessor.test.js.map +1 -0
  297. package/dist/src/context/processors/stateSnapshotAsyncProcessor.d.ts +9 -0
  298. package/dist/src/context/processors/stateSnapshotAsyncProcessor.js +75 -0
  299. package/dist/src/context/processors/stateSnapshotAsyncProcessor.js.map +1 -0
  300. package/dist/src/context/processors/stateSnapshotAsyncProcessor.test.d.ts +1 -0
  301. package/dist/src/context/processors/stateSnapshotAsyncProcessor.test.js +80 -0
  302. package/dist/src/context/processors/stateSnapshotAsyncProcessor.test.js.map +1 -0
  303. package/dist/src/context/processors/stateSnapshotProcessor.d.ts +9 -0
  304. package/dist/src/context/processors/stateSnapshotProcessor.js +130 -0
  305. package/dist/src/context/processors/stateSnapshotProcessor.js.map +1 -0
  306. package/dist/src/context/processors/stateSnapshotProcessor.test.d.ts +1 -0
  307. package/dist/src/context/processors/stateSnapshotProcessor.test.js +91 -0
  308. package/dist/src/context/processors/stateSnapshotProcessor.test.js.map +1 -0
  309. package/dist/src/context/processors/toolMaskingProcessor.d.ts +8 -0
  310. package/dist/src/context/processors/toolMaskingProcessor.js +194 -0
  311. package/dist/src/context/processors/toolMaskingProcessor.js.map +1 -0
  312. package/dist/src/context/processors/toolMaskingProcessor.test.d.ts +1 -0
  313. package/dist/src/context/processors/toolMaskingProcessor.test.js +50 -0
  314. package/dist/src/context/processors/toolMaskingProcessor.test.js.map +1 -0
  315. package/dist/src/context/system-tests/lifecycle.golden.test.d.ts +6 -0
  316. package/dist/src/context/system-tests/lifecycle.golden.test.js +195 -0
  317. package/dist/src/context/system-tests/lifecycle.golden.test.js.map +1 -0
  318. package/dist/src/context/system-tests/simulationHarness.d.ts +41 -0
  319. package/dist/src/context/system-tests/simulationHarness.js +88 -0
  320. package/dist/src/context/system-tests/simulationHarness.js.map +1 -0
  321. package/dist/src/context/testing/contextTestUtils.d.ts +44 -0
  322. package/dist/src/context/testing/contextTestUtils.js +176 -0
  323. package/dist/src/context/testing/contextTestUtils.js.map +1 -0
  324. package/dist/src/context/testing/testProfile.d.ts +7 -0
  325. package/dist/src/context/testing/testProfile.js +20 -0
  326. package/dist/src/context/testing/testProfile.js.map +1 -0
  327. package/dist/src/context/tracer.d.ts +19 -0
  328. package/dist/src/context/tracer.js +79 -0
  329. package/dist/src/context/tracer.js.map +1 -0
  330. package/dist/src/context/tracer.test.d.ts +6 -0
  331. package/dist/src/context/tracer.test.js +71 -0
  332. package/dist/src/context/tracer.test.js.map +1 -0
  333. package/dist/src/context/utils/contextTokenCalculator.d.ts +53 -0
  334. package/dist/src/context/utils/contextTokenCalculator.js +97 -0
  335. package/dist/src/context/utils/contextTokenCalculator.js.map +1 -0
  336. package/dist/src/context/utils/snapshotGenerator.d.ts +12 -0
  337. package/dist/src/context/utils/snapshotGenerator.js +43 -0
  338. package/dist/src/context/utils/snapshotGenerator.js.map +1 -0
  339. package/dist/src/core/agentChatHistory.d.ts +26 -0
  340. package/dist/src/core/agentChatHistory.js +50 -0
  341. package/dist/src/core/agentChatHistory.js.map +1 -0
  342. package/dist/src/core/client.js +3 -1
  343. package/dist/src/core/client.js.map +1 -1
  344. package/dist/src/core/client.test.js +4 -0
  345. package/dist/src/core/client.test.js.map +1 -1
  346. package/dist/src/core/contentGenerator.d.ts +8 -1
  347. package/dist/src/core/contentGenerator.js +46 -4
  348. package/dist/src/core/contentGenerator.js.map +1 -1
  349. package/dist/src/core/contentGenerator.test.js +174 -8
  350. package/dist/src/core/contentGenerator.test.js.map +1 -1
  351. package/dist/src/core/coreToolHookTriggers.d.ts +1 -1
  352. package/dist/src/core/coreToolHookTriggers.js +5 -1
  353. package/dist/src/core/coreToolHookTriggers.js.map +1 -1
  354. package/dist/src/core/coreToolHookTriggers.test.js +1 -1
  355. package/dist/src/core/coreToolHookTriggers.test.js.map +1 -1
  356. package/dist/src/core/geminiChat.d.ts +2 -1
  357. package/dist/src/core/geminiChat.js +7 -2
  358. package/dist/src/core/geminiChat.js.map +1 -1
  359. package/dist/src/core/geminiChat.test.js +19 -6
  360. package/dist/src/core/geminiChat.test.js.map +1 -1
  361. package/dist/src/core/geminiChat_network_retry.test.js +42 -0
  362. package/dist/src/core/geminiChat_network_retry.test.js.map +1 -1
  363. package/dist/src/core/localLiteRtLmClient.js +2 -0
  364. package/dist/src/core/localLiteRtLmClient.js.map +1 -1
  365. package/dist/src/core/localLiteRtLmClient.test.js +7 -0
  366. package/dist/src/core/localLiteRtLmClient.test.js.map +1 -1
  367. package/dist/src/core/loggingContentGenerator.js +19 -6
  368. package/dist/src/core/loggingContentGenerator.js.map +1 -1
  369. package/dist/src/core/loggingContentGenerator.test.js +55 -0
  370. package/dist/src/core/loggingContentGenerator.test.js.map +1 -1
  371. package/dist/src/core/prompts-substitution.test.js +1 -0
  372. package/dist/src/core/prompts-substitution.test.js.map +1 -1
  373. package/dist/src/core/prompts.d.ts +1 -1
  374. package/dist/src/core/prompts.js +2 -2
  375. package/dist/src/core/prompts.js.map +1 -1
  376. package/dist/src/core/prompts.test.js +39 -8
  377. package/dist/src/core/prompts.test.js.map +1 -1
  378. package/dist/src/generated/git-commit.d.ts +2 -2
  379. package/dist/src/generated/git-commit.js +2 -2
  380. package/dist/src/hooks/hookRunner.js +8 -0
  381. package/dist/src/hooks/hookRunner.js.map +1 -1
  382. package/dist/src/hooks/hookRunner.test.js +23 -0
  383. package/dist/src/hooks/hookRunner.test.js.map +1 -1
  384. package/dist/src/ide/ide-client.js +3 -4
  385. package/dist/src/ide/ide-client.js.map +1 -1
  386. package/dist/src/index.d.ts +7 -3
  387. package/dist/src/index.js +7 -2
  388. package/dist/src/index.js.map +1 -1
  389. package/dist/src/mcp/mcpLauncher.js +1 -1
  390. package/dist/src/mcp/mcpLauncher.js.map +1 -1
  391. package/dist/src/mcp/oauth-provider.test.js +24 -17
  392. package/dist/src/mcp/oauth-provider.test.js.map +1 -1
  393. package/dist/src/policy/config.d.ts +2 -0
  394. package/dist/src/policy/config.js +67 -12
  395. package/dist/src/policy/config.js.map +1 -1
  396. package/dist/src/policy/core-tools-mapping.test.d.ts +6 -0
  397. package/dist/src/policy/core-tools-mapping.test.js +44 -0
  398. package/dist/src/policy/core-tools-mapping.test.js.map +1 -0
  399. package/dist/src/policy/policies/agents.toml +10 -0
  400. package/dist/src/policy/policies/plan.toml +17 -43
  401. package/dist/src/policy/policies/read-only.toml +24 -38
  402. package/dist/src/policy/policy-engine.d.ts +1 -1
  403. package/dist/src/policy/policy-engine.js +72 -67
  404. package/dist/src/policy/policy-engine.js.map +1 -1
  405. package/dist/src/policy/policy-engine.test.js +71 -4
  406. package/dist/src/policy/policy-engine.test.js.map +1 -1
  407. package/dist/src/policy/sandboxPolicyManager.js +4 -4
  408. package/dist/src/policy/sandboxPolicyManager.js.map +1 -1
  409. package/dist/src/policy/shell-safety-regression.test.d.ts +6 -0
  410. package/dist/src/policy/shell-safety-regression.test.js +86 -0
  411. package/dist/src/policy/shell-safety-regression.test.js.map +1 -0
  412. package/dist/src/policy/shell-safety.test.js +24 -0
  413. package/dist/src/policy/shell-safety.test.js.map +1 -1
  414. package/dist/src/policy/shell-substitution.test.d.ts +6 -0
  415. package/dist/src/policy/shell-substitution.test.js +75 -0
  416. package/dist/src/policy/shell-substitution.test.js.map +1 -0
  417. package/dist/src/policy/toml-loader.test.js +25 -11
  418. package/dist/src/policy/toml-loader.test.js.map +1 -1
  419. package/dist/src/policy/types.d.ts +6 -2
  420. package/dist/src/policy/types.js +4 -2
  421. package/dist/src/policy/types.js.map +1 -1
  422. package/dist/src/prompts/promptProvider.d.ts +1 -1
  423. package/dist/src/prompts/promptProvider.js +41 -24
  424. package/dist/src/prompts/promptProvider.js.map +1 -1
  425. package/dist/src/prompts/promptProvider.test.js +36 -2
  426. package/dist/src/prompts/promptProvider.test.js.map +1 -1
  427. package/dist/src/prompts/snippets-memory-v2.test.d.ts +6 -0
  428. package/dist/src/prompts/snippets-memory-v2.test.js +94 -0
  429. package/dist/src/prompts/snippets-memory-v2.test.js.map +1 -0
  430. package/dist/src/prompts/snippets.d.ts +19 -1
  431. package/dist/src/prompts/snippets.js +33 -6
  432. package/dist/src/prompts/snippets.js.map +1 -1
  433. package/dist/src/prompts/snippets.legacy.d.ts +6 -1
  434. package/dist/src/prompts/snippets.legacy.js +14 -7
  435. package/dist/src/prompts/snippets.legacy.js.map +1 -1
  436. package/dist/src/prompts/utils.test.js +1 -0
  437. package/dist/src/prompts/utils.test.js.map +1 -1
  438. package/dist/src/routing/modelRouterService.js +1 -1
  439. package/dist/src/routing/modelRouterService.js.map +1 -1
  440. package/dist/src/sandbox/linux/LinuxSandboxManager.d.ts +2 -0
  441. package/dist/src/sandbox/linux/LinuxSandboxManager.js +43 -19
  442. package/dist/src/sandbox/linux/LinuxSandboxManager.js.map +1 -1
  443. package/dist/src/sandbox/linux/LinuxSandboxManager.test.js +16 -0
  444. package/dist/src/sandbox/linux/LinuxSandboxManager.test.js.map +1 -1
  445. package/dist/src/sandbox/linux/bwrapArgsBuilder.d.ts +3 -7
  446. package/dist/src/sandbox/linux/bwrapArgsBuilder.js +96 -105
  447. package/dist/src/sandbox/linux/bwrapArgsBuilder.js.map +1 -1
  448. package/dist/src/sandbox/linux/bwrapArgsBuilder.test.js +144 -41
  449. package/dist/src/sandbox/linux/bwrapArgsBuilder.test.js.map +1 -1
  450. package/dist/src/sandbox/macos/MacOsSandboxManager.js +19 -10
  451. package/dist/src/sandbox/macos/MacOsSandboxManager.js.map +1 -1
  452. package/dist/src/sandbox/macos/MacOsSandboxManager.test.js +24 -37
  453. package/dist/src/sandbox/macos/MacOsSandboxManager.test.js.map +1 -1
  454. package/dist/src/sandbox/macos/seatbeltArgsBuilder.d.ts +3 -9
  455. package/dist/src/sandbox/macos/seatbeltArgsBuilder.js +129 -96
  456. package/dist/src/sandbox/macos/seatbeltArgsBuilder.js.map +1 -1
  457. package/dist/src/sandbox/macos/seatbeltArgsBuilder.test.js +78 -77
  458. package/dist/src/sandbox/macos/seatbeltArgsBuilder.test.js.map +1 -1
  459. package/dist/src/sandbox/utils/fsUtils.d.ts +2 -3
  460. package/dist/src/sandbox/utils/fsUtils.js +12 -27
  461. package/dist/src/sandbox/utils/fsUtils.js.map +1 -1
  462. package/dist/src/sandbox/utils/fsUtils.test.js +87 -29
  463. package/dist/src/sandbox/utils/fsUtils.test.js.map +1 -1
  464. package/dist/src/sandbox/windows/GeminiSandbox.cs +186 -77
  465. package/dist/src/sandbox/windows/WindowsSandboxManager.d.ts +4 -16
  466. package/dist/src/sandbox/windows/WindowsSandboxManager.js +138 -204
  467. package/dist/src/sandbox/windows/WindowsSandboxManager.js.map +1 -1
  468. package/dist/src/sandbox/windows/WindowsSandboxManager.test.js +105 -122
  469. package/dist/src/sandbox/windows/WindowsSandboxManager.test.js.map +1 -1
  470. package/dist/src/scheduler/policy.js +1 -2
  471. package/dist/src/scheduler/policy.js.map +1 -1
  472. package/dist/src/scheduler/policy.test.js +58 -2
  473. package/dist/src/scheduler/policy.test.js.map +1 -1
  474. package/dist/src/scheduler/scheduler.d.ts +2 -1
  475. package/dist/src/scheduler/scheduler.js +13 -14
  476. package/dist/src/scheduler/scheduler.js.map +1 -1
  477. package/dist/src/scheduler/scheduler.test.js +66 -0
  478. package/dist/src/scheduler/scheduler.test.js.map +1 -1
  479. package/dist/src/scheduler/scheduler_hooks.test.js +1 -0
  480. package/dist/src/scheduler/scheduler_hooks.test.js.map +1 -1
  481. package/dist/src/scheduler/scheduler_parallel.test.js +2 -0
  482. package/dist/src/scheduler/scheduler_parallel.test.js.map +1 -1
  483. package/dist/src/scheduler/tool-executor.js +2 -0
  484. package/dist/src/scheduler/tool-executor.js.map +1 -1
  485. package/dist/src/services/chatRecordingService.d.ts +12 -153
  486. package/dist/src/services/chatRecordingService.js +444 -350
  487. package/dist/src/services/chatRecordingService.js.map +1 -1
  488. package/dist/src/services/chatRecordingService.test.js +174 -128
  489. package/dist/src/services/chatRecordingService.test.js.map +1 -1
  490. package/dist/src/services/chatRecordingTypes.d.ts +111 -0
  491. package/dist/src/services/chatRecordingTypes.js +10 -0
  492. package/dist/src/services/chatRecordingTypes.js.map +1 -0
  493. package/dist/src/services/gitService.d.ts +2 -0
  494. package/dist/src/services/gitService.js +10 -1
  495. package/dist/src/services/gitService.js.map +1 -1
  496. package/dist/src/services/gitService.test.js +6 -2
  497. package/dist/src/services/gitService.test.js.map +1 -1
  498. package/dist/src/services/keychainService.d.ts +2 -2
  499. package/dist/src/services/keychainService.js +9 -9
  500. package/dist/src/services/keychainService.js.map +1 -1
  501. package/dist/src/services/keychainService.test.js +7 -7
  502. package/dist/src/services/keychainService.test.js.map +1 -1
  503. package/dist/src/services/keychainTypes.d.ts +1 -1
  504. package/dist/src/services/memoryPatchUtils.d.ts +42 -0
  505. package/dist/src/services/memoryPatchUtils.js +216 -0
  506. package/dist/src/services/memoryPatchUtils.js.map +1 -0
  507. package/dist/src/services/memoryService.d.ts +21 -1
  508. package/dist/src/services/memoryService.js +405 -64
  509. package/dist/src/services/memoryService.js.map +1 -1
  510. package/dist/src/services/memoryService.test.js +686 -2
  511. package/dist/src/services/memoryService.test.js.map +1 -1
  512. package/dist/src/services/sandboxManager.d.ts +33 -19
  513. package/dist/src/services/sandboxManager.integration.test.js +728 -266
  514. package/dist/src/services/sandboxManager.integration.test.js.map +1 -1
  515. package/dist/src/services/sandboxManager.js +65 -62
  516. package/dist/src/services/sandboxManager.js.map +1 -1
  517. package/dist/src/services/sandboxManager.test.js +17 -114
  518. package/dist/src/services/sandboxManager.test.js.map +1 -1
  519. package/dist/src/services/sandboxedFileSystemService.js +72 -62
  520. package/dist/src/services/sandboxedFileSystemService.js.map +1 -1
  521. package/dist/src/services/sessionSummaryUtils.d.ts +1 -1
  522. package/dist/src/services/sessionSummaryUtils.js +111 -38
  523. package/dist/src/services/sessionSummaryUtils.js.map +1 -1
  524. package/dist/src/services/sessionSummaryUtils.test.js +204 -51
  525. package/dist/src/services/sessionSummaryUtils.test.js.map +1 -1
  526. package/dist/src/services/shellExecutionService.d.ts +19 -0
  527. package/dist/src/services/shellExecutionService.js +88 -34
  528. package/dist/src/services/shellExecutionService.js.map +1 -1
  529. package/dist/src/services/shellExecutionService.test.js +38 -4
  530. package/dist/src/services/shellExecutionService.test.js.map +1 -1
  531. package/dist/src/telemetry/activity-monitor.js +1 -0
  532. package/dist/src/telemetry/activity-monitor.js.map +1 -1
  533. package/dist/src/telemetry/config.js +3 -0
  534. package/dist/src/telemetry/config.js.map +1 -1
  535. package/dist/src/telemetry/conseca-logger.js +18 -20
  536. package/dist/src/telemetry/conseca-logger.js.map +1 -1
  537. package/dist/src/telemetry/conseca-logger.test.js +100 -0
  538. package/dist/src/telemetry/conseca-logger.test.js.map +1 -1
  539. package/dist/src/telemetry/event-loop-monitor.d.ts +17 -0
  540. package/dist/src/telemetry/event-loop-monitor.js +76 -0
  541. package/dist/src/telemetry/event-loop-monitor.js.map +1 -0
  542. package/dist/src/telemetry/index.d.ts +2 -1
  543. package/dist/src/telemetry/index.js +2 -1
  544. package/dist/src/telemetry/index.js.map +1 -1
  545. package/dist/src/telemetry/llmRole.d.ts +2 -1
  546. package/dist/src/telemetry/llmRole.js +1 -0
  547. package/dist/src/telemetry/llmRole.js.map +1 -1
  548. package/dist/src/telemetry/loggers.test.js +184 -8
  549. package/dist/src/telemetry/loggers.test.js.map +1 -1
  550. package/dist/src/telemetry/memory-monitor.d.ts +1 -0
  551. package/dist/src/telemetry/memory-monitor.js +8 -1
  552. package/dist/src/telemetry/memory-monitor.js.map +1 -1
  553. package/dist/src/telemetry/memory-monitor.test.js +6 -1
  554. package/dist/src/telemetry/memory-monitor.test.js.map +1 -1
  555. package/dist/src/telemetry/metrics.d.ts +12 -0
  556. package/dist/src/telemetry/metrics.js +19 -0
  557. package/dist/src/telemetry/metrics.js.map +1 -1
  558. package/dist/src/telemetry/sdk.js +20 -1
  559. package/dist/src/telemetry/sdk.js.map +1 -1
  560. package/dist/src/telemetry/trace.d.ts +23 -6
  561. package/dist/src/telemetry/trace.js +71 -22
  562. package/dist/src/telemetry/trace.js.map +1 -1
  563. package/dist/src/telemetry/trace.test.js +79 -15
  564. package/dist/src/telemetry/trace.test.js.map +1 -1
  565. package/dist/src/telemetry/types.js +61 -15
  566. package/dist/src/telemetry/types.js.map +1 -1
  567. package/dist/src/test-utils/mock-tool.d.ts +3 -2
  568. package/dist/src/test-utils/mock-tool.js +4 -3
  569. package/dist/src/test-utils/mock-tool.js.map +1 -1
  570. package/dist/src/tools/activate-skill.js +1 -1
  571. package/dist/src/tools/activate-skill.js.map +1 -1
  572. package/dist/src/tools/activate-skill.test.js +6 -2
  573. package/dist/src/tools/activate-skill.test.js.map +1 -1
  574. package/dist/src/tools/ask-user.d.ts +2 -2
  575. package/dist/src/tools/ask-user.js +1 -1
  576. package/dist/src/tools/ask-user.js.map +1 -1
  577. package/dist/src/tools/ask-user.test.js +9 -3
  578. package/dist/src/tools/ask-user.test.js.map +1 -1
  579. package/dist/src/tools/complete-task.d.ts +2 -2
  580. package/dist/src/tools/complete-task.js +1 -1
  581. package/dist/src/tools/complete-task.js.map +1 -1
  582. package/dist/src/tools/complete-task.test.js +9 -3
  583. package/dist/src/tools/complete-task.test.js.map +1 -1
  584. package/dist/src/tools/definitions/base-declarations.d.ts +2 -0
  585. package/dist/src/tools/definitions/base-declarations.js +3 -0
  586. package/dist/src/tools/definitions/base-declarations.js.map +1 -1
  587. package/dist/src/tools/definitions/coreTools.d.ts +3 -1
  588. package/dist/src/tools/definitions/coreTools.js +13 -1
  589. package/dist/src/tools/definitions/coreTools.js.map +1 -1
  590. package/dist/src/tools/definitions/model-family-sets/default-legacy.js +29 -1
  591. package/dist/src/tools/definitions/model-family-sets/default-legacy.js.map +1 -1
  592. package/dist/src/tools/definitions/model-family-sets/gemini-3.js +29 -1
  593. package/dist/src/tools/definitions/model-family-sets/gemini-3.js.map +1 -1
  594. package/dist/src/tools/definitions/types.d.ts +2 -0
  595. package/dist/src/tools/edit.js +20 -4
  596. package/dist/src/tools/edit.js.map +1 -1
  597. package/dist/src/tools/edit.test.js +41 -18
  598. package/dist/src/tools/edit.test.js.map +1 -1
  599. package/dist/src/tools/enter-plan-mode.d.ts +2 -2
  600. package/dist/src/tools/enter-plan-mode.js +1 -1
  601. package/dist/src/tools/enter-plan-mode.js.map +1 -1
  602. package/dist/src/tools/enter-plan-mode.test.js +10 -4
  603. package/dist/src/tools/enter-plan-mode.test.js.map +1 -1
  604. package/dist/src/tools/exit-plan-mode.d.ts +2 -2
  605. package/dist/src/tools/exit-plan-mode.js +9 -12
  606. package/dist/src/tools/exit-plan-mode.js.map +1 -1
  607. package/dist/src/tools/exit-plan-mode.test.js +44 -17
  608. package/dist/src/tools/exit-plan-mode.test.js.map +1 -1
  609. package/dist/src/tools/get-internal-docs.js +6 -3
  610. package/dist/src/tools/get-internal-docs.js.map +1 -1
  611. package/dist/src/tools/get-internal-docs.test.js +4 -4
  612. package/dist/src/tools/get-internal-docs.test.js.map +1 -1
  613. package/dist/src/tools/glob.js +1 -1
  614. package/dist/src/tools/glob.js.map +1 -1
  615. package/dist/src/tools/glob.test.js +16 -16
  616. package/dist/src/tools/glob.test.js.map +1 -1
  617. package/dist/src/tools/grep.js +21 -12
  618. package/dist/src/tools/grep.js.map +1 -1
  619. package/dist/src/tools/grep.test.js +18 -18
  620. package/dist/src/tools/grep.test.js.map +1 -1
  621. package/dist/src/tools/line-endings.test.js +3 -3
  622. package/dist/src/tools/line-endings.test.js.map +1 -1
  623. package/dist/src/tools/list-mcp-resources.d.ts +24 -0
  624. package/dist/src/tools/list-mcp-resources.js +74 -0
  625. package/dist/src/tools/list-mcp-resources.js.map +1 -0
  626. package/dist/src/tools/list-mcp-resources.test.d.ts +6 -0
  627. package/dist/src/tools/list-mcp-resources.test.js +79 -0
  628. package/dist/src/tools/list-mcp-resources.test.js.map +1 -0
  629. package/dist/src/tools/ls.js +2 -2
  630. package/dist/src/tools/ls.js.map +1 -1
  631. package/dist/src/tools/ls.test.js +21 -21
  632. package/dist/src/tools/ls.test.js.map +1 -1
  633. package/dist/src/tools/mcp-client-manager.d.ts +3 -1
  634. package/dist/src/tools/mcp-client-manager.js +24 -1
  635. package/dist/src/tools/mcp-client-manager.js.map +1 -1
  636. package/dist/src/tools/mcp-client-manager.test.js +43 -0
  637. package/dist/src/tools/mcp-client-manager.test.js.map +1 -1
  638. package/dist/src/tools/mcp-client.js +10 -12
  639. package/dist/src/tools/mcp-client.js.map +1 -1
  640. package/dist/src/tools/mcp-client.test.js +14 -2
  641. package/dist/src/tools/mcp-client.test.js.map +1 -1
  642. package/dist/src/tools/mcp-tool.d.ts +2 -2
  643. package/dist/src/tools/mcp-tool.js +1 -1
  644. package/dist/src/tools/mcp-tool.js.map +1 -1
  645. package/dist/src/tools/mcp-tool.test.js +51 -21
  646. package/dist/src/tools/mcp-tool.test.js.map +1 -1
  647. package/dist/src/tools/memoryTool.d.ts +4 -3
  648. package/dist/src/tools/memoryTool.js +43 -14
  649. package/dist/src/tools/memoryTool.js.map +1 -1
  650. package/dist/src/tools/memoryTool.test.js +29 -9
  651. package/dist/src/tools/memoryTool.test.js.map +1 -1
  652. package/dist/src/tools/read-file.js +1 -1
  653. package/dist/src/tools/read-file.js.map +1 -1
  654. package/dist/src/tools/read-file.test.js +17 -17
  655. package/dist/src/tools/read-file.test.js.map +1 -1
  656. package/dist/src/tools/read-many-files.js +4 -4
  657. package/dist/src/tools/read-many-files.js.map +1 -1
  658. package/dist/src/tools/read-many-files.test.js +70 -24
  659. package/dist/src/tools/read-many-files.test.js.map +1 -1
  660. package/dist/src/tools/read-mcp-resource.d.ts +25 -0
  661. package/dist/src/tools/read-mcp-resource.js +120 -0
  662. package/dist/src/tools/read-mcp-resource.js.map +1 -0
  663. package/dist/src/tools/read-mcp-resource.test.d.ts +6 -0
  664. package/dist/src/tools/read-mcp-resource.test.js +110 -0
  665. package/dist/src/tools/read-mcp-resource.test.js.map +1 -0
  666. package/dist/src/tools/ripGrep.d.ts +3 -2
  667. package/dist/src/tools/ripGrep.js +26 -55
  668. package/dist/src/tools/ripGrep.js.map +1 -1
  669. package/dist/src/tools/ripGrep.test.js +113 -167
  670. package/dist/src/tools/ripGrep.test.js.map +1 -1
  671. package/dist/src/tools/shell.d.ts +2 -2
  672. package/dist/src/tools/shell.js +51 -21
  673. package/dist/src/tools/shell.js.map +1 -1
  674. package/dist/src/tools/shell.test.js +479 -76
  675. package/dist/src/tools/shell.test.js.map +1 -1
  676. package/dist/src/tools/shellBackgroundTools.d.ts +3 -3
  677. package/dist/src/tools/shellBackgroundTools.integration.test.js +6 -2
  678. package/dist/src/tools/shellBackgroundTools.integration.test.js.map +1 -1
  679. package/dist/src/tools/shellBackgroundTools.js +2 -2
  680. package/dist/src/tools/shellBackgroundTools.js.map +1 -1
  681. package/dist/src/tools/shellBackgroundTools.test.js +30 -10
  682. package/dist/src/tools/shellBackgroundTools.test.js.map +1 -1
  683. package/dist/src/tools/tool-error.d.ts +1 -0
  684. package/dist/src/tools/tool-error.js +1 -0
  685. package/dist/src/tools/tool-error.js.map +1 -1
  686. package/dist/src/tools/tool-names.d.ts +5 -4
  687. package/dist/src/tools/tool-names.js +8 -2
  688. package/dist/src/tools/tool-names.js.map +1 -1
  689. package/dist/src/tools/tool-registry.js +137 -114
  690. package/dist/src/tools/tool-registry.js.map +1 -1
  691. package/dist/src/tools/tool-registry.test.js +3 -1
  692. package/dist/src/tools/tool-registry.test.js.map +1 -1
  693. package/dist/src/tools/tools.d.ts +6 -6
  694. package/dist/src/tools/tools.js +6 -2
  695. package/dist/src/tools/tools.js.map +1 -1
  696. package/dist/src/tools/topicTool.d.ts +2 -2
  697. package/dist/src/tools/topicTool.js +1 -1
  698. package/dist/src/tools/topicTool.js.map +1 -1
  699. package/dist/src/tools/topicTool.test.js +6 -2
  700. package/dist/src/tools/topicTool.test.js.map +1 -1
  701. package/dist/src/tools/trackerTools.d.ts +7 -7
  702. package/dist/src/tools/trackerTools.js +6 -6
  703. package/dist/src/tools/trackerTools.js.map +1 -1
  704. package/dist/src/tools/web-fetch.js +1 -1
  705. package/dist/src/tools/web-fetch.js.map +1 -1
  706. package/dist/src/tools/web-fetch.test.js +59 -23
  707. package/dist/src/tools/web-fetch.test.js.map +1 -1
  708. package/dist/src/tools/web-search.js +1 -1
  709. package/dist/src/tools/web-search.js.map +1 -1
  710. package/dist/src/tools/web-search.test.js +5 -5
  711. package/dist/src/tools/web-search.test.js.map +1 -1
  712. package/dist/src/tools/write-file.js +22 -4
  713. package/dist/src/tools/write-file.js.map +1 -1
  714. package/dist/src/tools/write-file.test.js +29 -11
  715. package/dist/src/tools/write-file.test.js.map +1 -1
  716. package/dist/src/tools/write-todos.js +1 -1
  717. package/dist/src/tools/write-todos.js.map +1 -1
  718. package/dist/src/utils/compatibility.js +6 -1
  719. package/dist/src/utils/compatibility.js.map +1 -1
  720. package/dist/src/utils/compatibility.test.js +23 -0
  721. package/dist/src/utils/compatibility.test.js.map +1 -1
  722. package/dist/src/utils/errors.d.ts +3 -0
  723. package/dist/src/utils/errors.js +6 -0
  724. package/dist/src/utils/errors.js.map +1 -1
  725. package/dist/src/utils/fileUtils.d.ts +1 -2
  726. package/dist/src/utils/fileUtils.js +80 -40
  727. package/dist/src/utils/fileUtils.js.map +1 -1
  728. package/dist/src/utils/fileUtils.test.js +61 -0
  729. package/dist/src/utils/fileUtils.test.js.map +1 -1
  730. package/dist/src/utils/filesearch/fileSearch.d.ts +2 -0
  731. package/dist/src/utils/filesearch/fileSearch.js +97 -6
  732. package/dist/src/utils/filesearch/fileSearch.js.map +1 -1
  733. package/dist/src/utils/filesearch/fileSearch.test.js +54 -0
  734. package/dist/src/utils/filesearch/fileSearch.test.js.map +1 -1
  735. package/dist/src/utils/filesearch/fileWatcher.d.ts +25 -0
  736. package/dist/src/utils/filesearch/fileWatcher.js +86 -0
  737. package/dist/src/utils/filesearch/fileWatcher.js.map +1 -0
  738. package/dist/src/utils/filesearch/fileWatcher.test.js +142 -0
  739. package/dist/src/utils/filesearch/fileWatcher.test.js.map +1 -0
  740. package/dist/src/utils/getFolderStructure.js +4 -2
  741. package/dist/src/utils/getFolderStructure.js.map +1 -1
  742. package/dist/src/utils/gitIgnoreParser.js +1 -1
  743. package/dist/src/utils/gitIgnoreParser.js.map +1 -1
  744. package/dist/src/utils/googleQuotaErrors.d.ts +2 -1
  745. package/dist/src/utils/googleQuotaErrors.js +30 -35
  746. package/dist/src/utils/googleQuotaErrors.js.map +1 -1
  747. package/dist/src/utils/googleQuotaErrors.test.js +24 -0
  748. package/dist/src/utils/googleQuotaErrors.test.js.map +1 -1
  749. package/dist/src/utils/ignoreFileParser.js +1 -1
  750. package/dist/src/utils/ignoreFileParser.js.map +1 -1
  751. package/dist/src/utils/memoryDiscovery.js +15 -5
  752. package/dist/src/utils/memoryDiscovery.js.map +1 -1
  753. package/dist/src/utils/oauth-flow.js +17 -5
  754. package/dist/src/utils/oauth-flow.js.map +1 -1
  755. package/dist/src/utils/oauth-flow.test.js +20 -0
  756. package/dist/src/utils/oauth-flow.test.js.map +1 -1
  757. package/dist/src/utils/paths.d.ts +9 -0
  758. package/dist/src/utils/paths.js +37 -0
  759. package/dist/src/utils/paths.js.map +1 -1
  760. package/dist/src/utils/paths.test.js +45 -1
  761. package/dist/src/utils/paths.test.js.map +1 -1
  762. package/dist/src/utils/planUtils.d.ts +11 -2
  763. package/dist/src/utils/planUtils.js +43 -11
  764. package/dist/src/utils/planUtils.js.map +1 -1
  765. package/dist/src/utils/planUtils.test.js +10 -9
  766. package/dist/src/utils/planUtils.test.js.map +1 -1
  767. package/dist/src/utils/process-utils.d.ts +2 -1
  768. package/dist/src/utils/process-utils.js +64 -33
  769. package/dist/src/utils/process-utils.js.map +1 -1
  770. package/dist/src/utils/process-utils.test.js +9 -0
  771. package/dist/src/utils/process-utils.test.js.map +1 -1
  772. package/dist/src/utils/retry.js +18 -6
  773. package/dist/src/utils/retry.js.map +1 -1
  774. package/dist/src/utils/retry.test.js +30 -0
  775. package/dist/src/utils/retry.test.js.map +1 -1
  776. package/dist/src/utils/sessionOperations.js +3 -2
  777. package/dist/src/utils/sessionOperations.js.map +1 -1
  778. package/dist/src/utils/shell-utils.d.ts +2 -0
  779. package/dist/src/utils/shell-utils.js +237 -107
  780. package/dist/src/utils/shell-utils.js.map +1 -1
  781. package/dist/src/utils/tool-utils.d.ts +1 -29
  782. package/dist/src/utils/tool-utils.js +0 -39
  783. package/dist/src/utils/tool-utils.js.map +1 -1
  784. package/dist/src/utils/tool-utils.test.js +2 -76
  785. package/dist/src/utils/tool-utils.test.js.map +1 -1
  786. package/dist/src/utils/tool-visibility.d.ts +40 -0
  787. package/dist/src/utils/tool-visibility.js +111 -0
  788. package/dist/src/utils/tool-visibility.js.map +1 -0
  789. package/dist/src/utils/tool-visibility.test.d.ts +6 -0
  790. package/dist/src/utils/tool-visibility.test.js +96 -0
  791. package/dist/src/utils/tool-visibility.test.js.map +1 -0
  792. package/dist/src/utils/trust.d.ts +64 -0
  793. package/dist/src/utils/trust.js +276 -0
  794. package/dist/src/utils/trust.js.map +1 -0
  795. package/dist/src/utils/trust.test.d.ts +6 -0
  796. package/dist/src/utils/trust.test.js +159 -0
  797. package/dist/src/utils/trust.test.js.map +1 -0
  798. package/dist/tsconfig.tsbuildinfo +1 -1
  799. package/package.json +5 -4
  800. package/dist/docs/get-started/installation.md +0 -181
  801. package/dist/src/agents/memory-manager-agent.d.ts +0 -25
  802. package/dist/src/agents/memory-manager-agent.js +0 -138
  803. package/dist/src/agents/memory-manager-agent.js.map +0 -1
  804. package/dist/src/agents/memory-manager-agent.test.js +0 -123
  805. package/dist/src/agents/memory-manager-agent.test.js.map +0 -1
  806. package/dist/src/agents/subagent-tool-wrapper.d.ts +0 -38
  807. package/dist/src/agents/subagent-tool-wrapper.js +0 -58
  808. package/dist/src/agents/subagent-tool-wrapper.js.map +0 -1
  809. package/dist/src/agents/subagent-tool-wrapper.test.js +0 -123
  810. package/dist/src/agents/subagent-tool-wrapper.test.js.map +0 -1
  811. package/dist/src/agents/subagent-tool.d.ts +0 -18
  812. package/dist/src/agents/subagent-tool.js +0 -134
  813. package/dist/src/agents/subagent-tool.js.map +0 -1
  814. package/dist/src/agents/subagent-tool.test.js +0 -287
  815. package/dist/src/agents/subagent-tool.test.js.map +0 -1
  816. package/dist/src/policy/policies/tracker.toml +0 -34
  817. package/dist/src/prompts/snippets-memory-manager.test.js +0 -31
  818. package/dist/src/prompts/snippets-memory-manager.test.js.map +0 -1
  819. /package/dist/src/{agents/memory-manager-agent.test.d.ts → agent/tool-display-utils.test.d.ts} +0 -0
  820. /package/dist/src/agents/{subagent-tool.test.d.ts → agent-tool.test.d.ts} +0 -0
  821. /package/dist/src/{prompts/snippets-memory-manager.test.d.ts → agents/skill-extraction-agent.test.d.ts} +0 -0
  822. /package/dist/src/{agents/subagent-tool-wrapper.test.d.ts → utils/filesearch/fileWatcher.test.d.ts} +0 -0
package/dist/src/sandbox/windows/GeminiSandbox.cs CHANGED
@@ -20,12 +20,20 @@ using System.Text;
20
20
  * It also supports internal commands for safe file I/O within the sandbox.
21
21
  */
22
22
  public class GeminiSandbox {
23
- // P/Invoke constants and structures
23
+ // --- P/Invoke Constants and Structures ---
24
24
  private const int JobObjectExtendedLimitInformation = 9;
25
25
  private const int JobObjectNetRateControlInformation = 32;
26
26
  private const uint JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE = 0x00002000;
27
27
  private const uint JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION = 0x00000400;
28
28
  private const uint JOB_OBJECT_LIMIT_ACTIVE_PROCESS = 0x00000008;
29
+
30
+ private const int TokenIntegrityLevel = 25;
31
+ private const uint SE_GROUP_INTEGRITY = 0x00000020;
32
+ private const uint TOKEN_ALL_ACCESS = 0xF01FF;
33
+ private const uint DISABLE_MAX_PRIVILEGE = 0x1;
34
+
35
+ private const int SE_FILE_OBJECT = 1;
36
+ private const uint LABEL_SECURITY_INFORMATION = 0x00000010;
29
37
 
30
38
  [StructLayout(LayoutKind.Sequential)]
31
39
  struct JOBOBJECT_BASIC_LIMIT_INFORMATION {
@@ -67,39 +75,6 @@ public class GeminiSandbox {
67
75
  public byte DscpTag;
68
76
  }
69
77
 
70
- [DllImport("kernel32.dll", SetLastError = true)]
71
- static extern IntPtr CreateJobObject(IntPtr lpJobAttributes, string lpName);
72
-
73
- [DllImport("kernel32.dll", SetLastError = true)]
74
- static extern bool SetInformationJobObject(IntPtr hJob, int JobObjectInfoClass, IntPtr lpJobObjectInfo, uint cbJobObjectInfoLength);
75
-
76
- [DllImport("kernel32.dll", SetLastError = true)]
77
- static extern bool AssignProcessToJobObject(IntPtr hJob, IntPtr hProcess);
78
-
79
- [DllImport("kernel32.dll", SetLastError = true)]
80
- static extern uint ResumeThread(IntPtr hThread);
81
-
82
- [DllImport("advapi32.dll", SetLastError = true)]
83
- static extern bool OpenProcessToken(IntPtr ProcessHandle, uint DesiredAccess, out IntPtr TokenHandle);
84
-
85
- [DllImport("advapi32.dll", SetLastError = true)]
86
- static extern bool DuplicateTokenEx(IntPtr hExistingToken, uint dwDesiredAccess, IntPtr lpTokenAttributes, uint ImpersonationLevel, uint TokenType, out IntPtr phNewToken);
87
-
88
- [DllImport("advapi32.dll", SetLastError = true)]
89
- static extern bool CreateRestrictedToken(IntPtr ExistingTokenHandle, uint Flags, uint DisableSidCount, IntPtr SidsToDisable, uint DeletePrivilegeCount, IntPtr PrivilegesToDelete, uint RestrictedSidCount, IntPtr SidsToRestrict, out IntPtr NewTokenHandle);
90
-
91
- [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
92
- static extern bool CreateProcessAsUser(IntPtr hToken, string lpApplicationName, string lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, ref STARTUPINFO lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation);
93
-
94
- [DllImport("kernel32.dll", SetLastError = true)]
95
- static extern IntPtr GetCurrentProcess();
96
-
97
- [DllImport("kernel32.dll", SetLastError = true)]
98
- static extern bool CloseHandle(IntPtr hObject);
99
-
100
- [DllImport("kernel32.dll", SetLastError = true)]
101
- static extern IntPtr GetStdHandle(int nStdHandle);
102
-
103
78
  [StructLayout(LayoutKind.Sequential)]
104
79
  struct STARTUPINFO {
105
80
  public uint cb;
@@ -130,40 +105,92 @@ public class GeminiSandbox {
130
105
  public uint dwThreadId;
131
106
  }
132
107
 
108
+ [StructLayout(LayoutKind.Sequential)]
109
+ struct SID_AND_ATTRIBUTES {
110
+ public IntPtr Sid;
111
+ public uint Attributes;
112
+ }
113
+
114
+ [StructLayout(LayoutKind.Sequential)]
115
+ struct TOKEN_MANDATORY_LABEL {
116
+ public SID_AND_ATTRIBUTES Label;
117
+ }
118
+
119
+ // --- Kernel32 P/Invokes ---
120
+ [DllImport("kernel32.dll", SetLastError = true)]
121
+ static extern IntPtr CreateJobObject(IntPtr lpJobAttributes, string lpName);
122
+
123
+ [DllImport("kernel32.dll", SetLastError = true)]
124
+ static extern bool SetInformationJobObject(IntPtr hJob, int JobObjectInfoClass, IntPtr lpJobObjectInfo, uint cbJobObjectInfoLength);
125
+
126
+ [DllImport("kernel32.dll", SetLastError = true)]
127
+ static extern bool AssignProcessToJobObject(IntPtr hJob, IntPtr hProcess);
128
+
129
+ [DllImport("kernel32.dll", SetLastError = true)]
130
+ static extern uint ResumeThread(IntPtr hThread);
131
+
132
+ [DllImport("kernel32.dll", SetLastError = true)]
133
+ static extern IntPtr GetCurrentProcess();
134
+
135
+ [DllImport("kernel32.dll", SetLastError = true)]
136
+ static extern bool CloseHandle(IntPtr hObject);
137
+
138
+ [DllImport("kernel32.dll", SetLastError = true)]
139
+ static extern IntPtr GetStdHandle(int nStdHandle);
140
+
141
+ [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
142
+ static extern uint GetLongPathName(string lpszShortPath, [Out] StringBuilder lpszLongPath, uint cchBuffer);
143
+
144
+ [DllImport("kernel32.dll", SetLastError = true)]
145
+ static extern IntPtr LocalFree(IntPtr hMem);
146
+
147
+ [DllImport("kernel32.dll", SetLastError = true)]
148
+ static extern bool TerminateProcess(IntPtr hProcess, uint uExitCode);
149
+
150
+ [DllImport("kernel32.dll", SetLastError = true)]
151
+ static extern uint WaitForSingleObject(IntPtr hHandle, uint dwMilliseconds);
152
+
153
+ [DllImport("kernel32.dll", SetLastError = true)]
154
+ static extern bool GetExitCodeProcess(IntPtr hProcess, out uint lpExitCode);
155
+
156
+ // --- Advapi32 P/Invokes ---
157
+ [DllImport("advapi32.dll", SetLastError = true)]
158
+ static extern bool OpenProcessToken(IntPtr ProcessHandle, uint DesiredAccess, out IntPtr TokenHandle);
159
+
160
+ [DllImport("advapi32.dll", SetLastError = true)]
161
+ static extern bool DuplicateTokenEx(IntPtr hExistingToken, uint dwDesiredAccess, IntPtr lpTokenAttributes, uint ImpersonationLevel, uint TokenType, out IntPtr phNewToken);
162
+
163
+ [DllImport("advapi32.dll", SetLastError = true)]
164
+ static extern bool CreateRestrictedToken(IntPtr ExistingTokenHandle, uint Flags, uint DisableSidCount, IntPtr SidsToDisable, uint DeletePrivilegeCount, IntPtr PrivilegesToDelete, uint RestrictedSidCount, IntPtr SidsToRestrict, out IntPtr NewTokenHandle);
165
+
166
+ [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
167
+ static extern bool CreateProcessAsUser(IntPtr hToken, string lpApplicationName, string lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, ref STARTUPINFO lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation);
168
+
133
169
  [DllImport("advapi32.dll", SetLastError = true)]
134
170
  static extern bool ImpersonateLoggedOnUser(IntPtr hToken);
135
171
 
136
172
  [DllImport("advapi32.dll", SetLastError = true)]
137
173
  static extern bool RevertToSelf();
138
174
 
139
- [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
140
- static extern uint GetLongPathName(string lpszShortPath, [Out] StringBuilder lpszLongPath, uint cchBuffer);
141
-
142
175
  [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Auto)]
143
176
  static extern bool ConvertStringSidToSid(string StringSid, out IntPtr ptrSid);
144
177
 
145
178
  [DllImport("advapi32.dll", SetLastError = true)]
146
179
  static extern bool SetTokenInformation(IntPtr TokenHandle, int TokenInformationClass, IntPtr TokenInformation, uint TokenInformationLength);
147
180
 
148
- [StructLayout(LayoutKind.Sequential)]
149
- struct SID_AND_ATTRIBUTES {
150
- public IntPtr Sid;
151
- public uint Attributes;
152
- }
181
+ [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Auto)]
182
+ static extern bool ConvertStringSecurityDescriptorToSecurityDescriptor(string StringSecurityDescriptor, uint StringSDRevision, out IntPtr SecurityDescriptor, out uint SecurityDescriptorSize);
153
183
 
154
- [StructLayout(LayoutKind.Sequential)]
155
- struct TOKEN_MANDATORY_LABEL {
156
- public SID_AND_ATTRIBUTES Label;
157
- }
184
+ [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Auto)]
185
+ static extern uint SetNamedSecurityInfo(string pObjectName, int ObjectType, uint SecurityInfo, IntPtr psidOwner, IntPtr psidGroup, IntPtr pDacl, IntPtr pSacl);
158
186
 
159
- private const int TokenIntegrityLevel = 25;
160
- private const uint SE_GROUP_INTEGRITY = 0x00000020;
161
- private const uint TOKEN_ALL_ACCESS = 0xF01FF;
162
- private const uint DISABLE_MAX_PRIVILEGE = 0x1;
187
+ [DllImport("advapi32.dll", SetLastError = true)]
188
+ static extern bool GetSecurityDescriptorSacl(IntPtr pSecurityDescriptor, out bool lpbSaclPresent, out IntPtr pSacl, out bool lpbSaclDefaulted);
163
189
 
190
+ // --- Main Entry Point ---
164
191
  static int Main(string[] args) {
165
192
  if (args.Length < 3) {
166
- Console.Error.WriteLine("Usage: GeminiSandbox.exe <network:0|1> <cwd> [--forbidden-manifest <path>] <command> [args...]");
193
+ Console.Error.WriteLine("Usage: GeminiSandbox.exe <network:0|1> <cwd> [--forbidden-manifest <path>] [--allowed-manifest <path>] <command> [args...]");
167
194
  Console.Error.WriteLine("Internal commands: __read <path>, __write <path>");
168
195
  return 1;
169
196
  }
@@ -171,21 +198,32 @@ public class GeminiSandbox {
171
198
  bool networkAccess = args[0] == "1";
172
199
  string cwd = args[1];
173
200
  HashSet<string> forbiddenPaths = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
201
+ HashSet<string> allowedPaths = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
174
202
  int argIndex = 2;
175
203
 
176
- if (argIndex < args.Length && args[argIndex] == "--forbidden-manifest") {
177
- if (argIndex + 1 < args.Length) {
178
- string manifestPath = args[argIndex + 1];
179
- if (File.Exists(manifestPath)) {
180
- foreach (string line in File.ReadAllLines(manifestPath)) {
181
- if (!string.IsNullOrWhiteSpace(line)) {
182
- forbiddenPaths.Add(GetNormalizedPath(line.Trim()));
183
- }
184
- }
204
+ // 1. Parse Command Line Arguments & Manifests
205
+ while (argIndex < args.Length) {
206
+ if (args[argIndex] == "--forbidden-manifest") {
207
+ if (argIndex + 1 < args.Length) {
208
+ ParseManifest(args[argIndex + 1], forbiddenPaths);
209
+ argIndex += 2;
210
+ } else {
211
+ break;
185
212
  }
186
- argIndex += 2;
213
+ } else if (args[argIndex] == "--allowed-manifest") {
214
+ if (argIndex + 1 < args.Length) {
215
+ ParseManifest(args[argIndex + 1], allowedPaths);
216
+ argIndex += 2;
217
+ } else {
218
+ break;
219
+ }
220
+ } else {
221
+ break;
187
222
  }
188
223
  }
224
+
225
+ // 2. Apply Bulk ACLs
226
+ ApplyBulkAcls(allowedPaths, forbiddenPaths);
189
227
 
190
228
  if (argIndex >= args.Length) {
191
229
  Console.Error.WriteLine("Error: Missing command");
@@ -200,20 +238,18 @@ public class GeminiSandbox {
200
238
  PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
201
239
 
202
240
  try {
203
- // 1. Duplicate Primary Token
241
+ // 3. Duplicate Primary Token and Create Restricted Token
204
242
  if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, out hToken)) {
205
243
  Console.Error.WriteLine("Error: OpenProcessToken failed (" + Marshal.GetLastWin32Error() + ")");
206
244
  return 1;
207
245
  }
208
246
 
209
- // Create a restricted token to strip administrative privileges
210
247
  if (!CreateRestrictedToken(hToken, DISABLE_MAX_PRIVILEGE, 0, IntPtr.Zero, 0, IntPtr.Zero, 0, IntPtr.Zero, out hRestrictedToken)) {
211
248
  Console.Error.WriteLine("Error: CreateRestrictedToken failed (" + Marshal.GetLastWin32Error() + ")");
212
249
  return 1;
213
250
  }
214
251
 
215
- // 2. Lower Integrity Level to Low
216
- // S-1-16-4096 is the SID for "Low Mandatory Level"
252
+ // 4. Lower Integrity Level to "Low" (S-1-16-4096)
217
253
  IntPtr lowIntegritySid = IntPtr.Zero;
218
254
  if (ConvertStringSidToSid("S-1-16-4096", out lowIntegritySid)) {
219
255
  TOKEN_MANDATORY_LABEL tml = new TOKEN_MANDATORY_LABEL();
@@ -232,7 +268,7 @@ public class GeminiSandbox {
232
268
  }
233
269
  }
234
270
 
235
- // 3. Setup Job Object for cleanup
271
+ // 5. Setup Job Object
236
272
  hJob = CreateJobObject(IntPtr.Zero, null);
237
273
  if (hJob == IntPtr.Zero) {
238
274
  Console.Error.WriteLine("Error: CreateJobObject failed (" + Marshal.GetLastWin32Error() + ")");
@@ -263,7 +299,6 @@ public class GeminiSandbox {
263
299
  try {
264
300
  Marshal.StructureToPtr(netLimits, lpNetLimits, false);
265
301
  if (!SetInformationJobObject(hJob, JobObjectNetRateControlInformation, lpNetLimits, (uint)Marshal.SizeOf(netLimits))) {
266
- // Some versions of Windows might not support network rate control, but we should know if it fails.
267
302
  Console.Error.WriteLine("Warning: SetInformationJobObject(NetRate) failed (" + Marshal.GetLastWin32Error() + "). Network might not be throttled.");
268
303
  }
269
304
  } finally {
@@ -271,7 +306,7 @@ public class GeminiSandbox {
271
306
  }
272
307
  }
273
308
 
274
- // 4. Handle Internal Commands or External Process
309
+ // 6. Handle Internal Commands or External Process
275
310
  if (command == "__read") {
276
311
  if (argIndex + 1 >= args.Length) {
277
312
  Console.Error.WriteLine("Error: Missing path for __read");
@@ -301,7 +336,6 @@ public class GeminiSandbox {
301
336
 
302
337
  try {
303
338
  using (MemoryStream ms = new MemoryStream()) {
304
- // Buffer stdin before impersonation (as restricted token can't read the inherited pipe).
305
339
  using (Stream stdin = Console.OpenStandardInput()) {
306
340
  stdin.CopyTo(ms);
307
341
  }
@@ -320,7 +354,7 @@ public class GeminiSandbox {
320
354
  }
321
355
  }
322
356
 
323
- // External Process
357
+ // 7. Execute External Process
324
358
  STARTUPINFO si = new STARTUPINFO();
325
359
  si.cb = (uint)Marshal.SizeOf(si);
326
360
  si.dwFlags = 0x00000100; // STARTF_USESTDHANDLES
@@ -374,14 +408,89 @@ public class GeminiSandbox {
374
408
  }
375
409
  }
376
410
 
377
- [DllImport("kernel32.dll", SetLastError = true)]
378
- static extern bool TerminateProcess(IntPtr hProcess, uint uExitCode);
411
+ // --- Helper Methods ---
379
412
 
380
- [DllImport("kernel32.dll", SetLastError = true)]
381
- static extern uint WaitForSingleObject(IntPtr hHandle, uint dwMilliseconds);
413
+ private static void ParseManifest(string manifestPath, HashSet<string> paths) {
414
+ if (!File.Exists(manifestPath)) return;
415
+ foreach (string line in File.ReadAllLines(manifestPath, Encoding.UTF8)) {
416
+ if (!string.IsNullOrWhiteSpace(line)) {
417
+ paths.Add(GetNormalizedPath(line.Trim()));
418
+ }
419
+ }
420
+ }
382
421
 
383
- [DllImport("kernel32.dll", SetLastError = true)]
384
- static extern bool GetExitCodeProcess(IntPtr hProcess, out uint lpExitCode);
422
+ private static void ApplyBulkAcls(HashSet<string> allowedPaths, HashSet<string> forbiddenPaths) {
423
+ SecurityIdentifier lowSid = new SecurityIdentifier("S-1-16-4096");
424
+
425
+ // 1. Apply Deny Rules
426
+ foreach (string path in forbiddenPaths) {
427
+ try {
428
+ if (File.Exists(path)) {
429
+ FileSecurity fs = File.GetAccessControl(path);
430
+ fs.AddAccessRule(new FileSystemAccessRule(lowSid, FileSystemRights.FullControl, AccessControlType.Deny));
431
+ File.SetAccessControl(path, fs);
432
+ } else if (Directory.Exists(path)) {
433
+ DirectorySecurity ds = Directory.GetAccessControl(path);
434
+ ds.AddAccessRule(new FileSystemAccessRule(lowSid, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Deny));
435
+ Directory.SetAccessControl(path, ds);
436
+ }
437
+ } catch (Exception e) {
438
+ Console.Error.WriteLine("Warning: Failed to apply deny ACL to " + path + ": " + e.Message);
439
+ }
440
+ }
441
+
442
+ // 2. Pre-calculate Security Descriptors for Allow Rules
443
+ IntPtr pSdDir = IntPtr.Zero;
444
+ IntPtr pSdFile = IntPtr.Zero;
445
+ IntPtr pSaclDir = IntPtr.Zero;
446
+ IntPtr pSaclFile = IntPtr.Zero;
447
+ uint sdSize = 0;
448
+ bool saclPresent = false;
449
+ bool saclDefaulted = false;
450
+
451
+ if (ConvertStringSecurityDescriptorToSecurityDescriptor("S:(ML;OICI;NW;;;LW)", 1, out pSdDir, out sdSize)) {
452
+ GetSecurityDescriptorSacl(pSdDir, out saclPresent, out pSaclDir, out saclDefaulted);
453
+ }
454
+ if (ConvertStringSecurityDescriptorToSecurityDescriptor("S:(ML;;NW;;;LW)", 1, out pSdFile, out sdSize)) {
455
+ GetSecurityDescriptorSacl(pSdFile, out saclPresent, out pSaclFile, out saclDefaulted);
456
+ }
457
+
458
+ // 3. Apply Allow Rules
459
+ foreach (string path in allowedPaths) {
460
+ try {
461
+ bool isDir = Directory.Exists(path);
462
+ if (isDir) {
463
+ DirectorySecurity ds = Directory.GetAccessControl(path);
464
+ ds.AddAccessRule(new FileSystemAccessRule(lowSid, FileSystemRights.Modify, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
465
+ Directory.SetAccessControl(path, ds);
466
+ } else if (File.Exists(path)) {
467
+ FileSecurity fs = File.GetAccessControl(path);
468
+ fs.AddAccessRule(new FileSystemAccessRule(lowSid, FileSystemRights.Modify, AccessControlType.Allow));
469
+ File.SetAccessControl(path, fs);
470
+ } else {
471
+ continue;
472
+ }
473
+
474
+ // Ensure we use the 8.3 long-name equivalent for robust security checks per guidelines
475
+ StringBuilder sb = new StringBuilder(1024);
476
+ GetLongPathName(path, sb, 1024);
477
+ string longPath = sb.ToString();
478
+
479
+ IntPtr pSacl = isDir ? pSaclDir : pSaclFile;
480
+ if (pSacl != IntPtr.Zero) {
481
+ uint result = SetNamedSecurityInfo(longPath, SE_FILE_OBJECT, LABEL_SECURITY_INFORMATION, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, pSacl);
482
+ if (result != 0) {
483
+ Console.Error.WriteLine("Warning: SetNamedSecurityInfo failed for " + longPath + " with error " + result);
484
+ }
485
+ }
486
+ } catch (Exception e) {
487
+ Console.Error.WriteLine("Warning: Failed to apply allow ACL to " + path + ": " + e.Message);
488
+ }
489
+ }
490
+
491
+ if (pSdDir != IntPtr.Zero) LocalFree(pSdDir);
492
+ if (pSdFile != IntPtr.Zero) LocalFree(pSdFile);
493
+ }
385
494
 
386
495
  private static int RunInImpersonation(IntPtr hToken, Func<int> action) {
387
496
  if (!ImpersonateLoggedOnUser(hToken)) {
@@ -456,4 +565,4 @@ public class GeminiSandbox {
456
565
  sb.Append('\"');
457
566
  return sb.ToString();
458
567
  }
459
- }
568
+ }
package/dist/src/sandbox/windows/WindowsSandboxManager.d.ts CHANGED
@@ -14,32 +14,20 @@ export declare class WindowsSandboxManager implements SandboxManager {
14
14
  private readonly options;
15
15
  static readonly HELPER_EXE = "GeminiSandbox.exe";
16
16
  private readonly helperPath;
17
- private initialized;
18
- private readonly allowedCache;
19
- private readonly deniedCache;
20
17
  private readonly denialCache;
18
+ private static helperCompiled;
19
+ private governanceFilesInitialized;
21
20
  constructor(options: GlobalSandboxOptions);
22
21
  isKnownSafeCommand(args: string[]): boolean;
23
22
  isDangerousCommand(args: string[]): boolean;
24
23
  parseDenials(result: ShellExecutionResult): ParsedSandboxDenial | undefined;
25
24
  getWorkspace(): string;
26
25
  getOptions(): GlobalSandboxOptions;
27
- /**
28
- * Ensures a file or directory exists.
29
- */
30
- private touch;
31
- private ensureInitialized;
26
+ private ensureGovernanceFilesExist;
27
+ private ensureHelperCompiled;
32
28
  /**
33
29
  * Prepares a command for sandboxed execution on Windows.
34
30
  */
35
31
  prepareCommand(req: SandboxRequest): Promise<SandboxedCommand>;
36
- /**
37
- * Grants "Low Mandatory Level" access to a path using icacls.
38
- */
39
- private grantLowIntegrityAccess;
40
- /**
41
- * Explicitly denies access to a path for Low Integrity processes using icacls.
42
- */
43
- private denyLowIntegrityAccess;
44
32
  private isSystemDirectory;
45
33
  }