@matthias-hausberger/beige 0.0.1

package/dist/gateway/audit.js

@@ -0,0 +1,82 @@
+import { appendFileSync, mkdirSync } from "fs";
+import { dirname } from "path";
+/** Format a Date as "YYYY-MM-DD HH:mm:ss" in local time. */
+function formatTimestamp(date) {
+    const pad = (n, w = 2) => String(n).padStart(w, "0");
+    return (`${date.getFullYear()}-${pad(date.getMonth() + 1)}-${pad(date.getDate())} ` +
+        `${pad(date.getHours())}:${pad(date.getMinutes())}:${pad(date.getSeconds())}`);
+}
+export class AuditLogger {
+    logPath;
+    constructor(logPath) {
+        this.logPath = logPath;
+        mkdirSync(dirname(logPath), { recursive: true });
+    }
+    log(entry) {
+        const line = JSON.stringify(entry) + "\n";
+        appendFileSync(this.logPath, line);
+        const ts = formatTimestamp(new Date(entry.ts));
+        const emoji = entry.decision === "allowed" ? "✓" : "✗";
+        const typeLabel = entry.type === "core_tool" ? "CORE" : "TOOL";
+        const argsStr = entry.args.join(" ");
+        const agentTool = `${entry.agent}/${entry.tool}`;
+        if (entry.phase === "started") {
+            // "→ started" line — no duration yet
+            console.log(`[AUDIT] [${ts}] ${emoji} ${typeLabel} ${agentTool} ${argsStr} → ${entry.decision}, started`);
+        }
+        else {
+            // "→ finished" line — include duration (and error if present)
+            const durationStr = entry.durationMs !== undefined ? ` (${entry.durationMs}ms)` : "";
+            const errorStr = entry.error ? `, error: ${entry.error}` : "";
+            console.log(`[AUDIT] [${ts}] ${emoji} ${typeLabel} ${agentTool} ${argsStr} → finished${durationStr}${errorStr}`);
+        }
+    }
+    /**
+     * Create a timed audit entry. Call .finish() when done.
+     * For "denied" decisions, logs immediately (no started/finished split).
+     * For "allowed" decisions, logs a "started" line immediately, then a "finished"
+     * line when .finish() is called.
+     */
+    start(agent, type, tool, args, decision, target) {
+        const entry = {
+            ts: new Date().toISOString(),
+            agent,
+            phase: decision === "denied" ? "finished" : "started",
+            type,
+            tool,
+            args,
+            decision,
+            target,
+        };
+        // Always log on start — denied tools are fully logged here; allowed tools
+        // get a "started" line now and a "finished" line after execution.
+        this.log(entry);
+        return new AuditTimer(this, entry);
+    }
+}
+export class AuditTimer {
+    logger;
+    entry;
+    startTime;
+    constructor(logger, entry) {
+        this.logger = logger;
+        this.entry = entry;
+        this.startTime = Date.now();
+    }
+    finish(result) {
+        // Only write a "finished" entry for allowed tools (denied was already fully logged).
+        if (this.entry.decision === "denied")
+            return;
+        const finishedEntry = {
+            ...this.entry,
+            ts: new Date().toISOString(),
+            phase: "finished",
+            durationMs: Date.now() - this.startTime,
+            exitCode: result.exitCode,
+            outputBytes: result.outputBytes,
+            error: result.error,
+        };
+        this.logger.log(finishedEntry);
+    }
+}
+//# sourceMappingURL=audit.js.map

package/dist/gateway/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/gateway/audit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AAC/C,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAiB/B,4DAA4D;AAC5D,SAAS,eAAe,CAAC,IAAU;IACjC,MAAM,GAAG,GAAG,CAAC,CAAS,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC7D,OAAO,CACL,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,GAAG;QAC3E,GAAG,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,EAAE,CAC9E,CAAC;AACJ,CAAC;AAED,MAAM,OAAO,WAAW;IACd,OAAO,CAAS;IAExB,YAAY,OAAe;QACzB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACnD,CAAC;IAED,GAAG,CAAC,KAAiB;QACnB,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;QAC1C,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAEnC,MAAM,EAAE,GAAG,eAAe,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACvD,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;QAC/D,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrC,MAAM,SAAS,GAAG,GAAG,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;QAEjD,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC9B,qCAAqC;YACrC,OAAO,CAAC,GAAG,CACT,YAAY,EAAE,KAAK,KAAK,IAAI,SAAS,IAAI,SAAS,IAAI,OAAO,MAAM,KAAK,CAAC,QAAQ,WAAW,CAC7F,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,8DAA8D;YAC9D,MAAM,WAAW,GAAG,KAAK,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,UAAU,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YACrF,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,YAAY,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9D,OAAO,CAAC,GAAG,CACT,YAAY,EAAE,KAAK,KAAK,IAAI,SAAS,IAAI,SAAS,IAAI,OAAO,cAAc,WAAW,GAAG,QAAQ,EAAE,CACpG,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,CACH,KAAa,EACb,IAA0B,EAC1B,IAAY,EACZ,IAAc,EACd,QAA8B,EAC9B,MAA8B;QAE9B,MAAM,KAAK,GAAe;YACxB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,KAAK;YACL,KAAK,EAAE,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;YACrD,IAAI;YACJ,IAAI;YACJ,IAAI;YACJ,QAAQ;YACR,MAAM;SACP,CAAC;QAEF,0EAA0E;QAC1E,kEAAkE;QAClE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAEhB,OAAO,IAAI,UAAU,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACrC,CAAC;CACF;AAED,MAAM,OAAO,UAAU;IAIX;IACA;IAJF,SAAS,CAAS;IAE1B,YACU,MAAmB,EACnB,KAAiB;QADjB,WAAM,GAAN,MAAM,CAAa;QACnB,UAAK,GAAL,KAAK,CAAY;QAEzB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,MAAmE;QACxE,qFAAqF;QACrF,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,KAAK,QAAQ;YAAE,OAAO;QAE7C,MAAM,aAAa,GAAe;YAChC,GAAG,IAAI,CAAC,KAAK;YACb,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,KAAK,EAAE,UAAU;YACjB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS;YACvC,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,KAAK,EAAE,MAAM,CAAC,KAAK;SACpB,CAAC;QACF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IACjC,CAAC;CACF"}

package/dist/gateway/audit.spec.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=audit.spec.d.ts.map

package/dist/gateway/audit.spec.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.spec.d.ts","sourceRoot":"","sources":["../../src/gateway/audit.spec.ts"],"names":[],"mappings":""}

package/dist/gateway/audit.spec.js

@@ -0,0 +1,212 @@
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { AuditLogger, AuditTimer } from "./audit.js";
+import { readFileSync, mkdirSync, rmSync, existsSync } from "fs";
+import { join } from "path";
+import { tmpdir } from "os";
+describe("AuditLogger", () => {
+    let tempDir;
+    let logPath;
+    let logger;
+    beforeEach(() => {
+        tempDir = join(tmpdir(), `beige-audit-test-${Date.now()}`);
+        mkdirSync(tempDir, { recursive: true });
+        logPath = join(tempDir, "audit.jsonl");
+        logger = new AuditLogger(logPath);
+    });
+    afterEach(() => {
+        rmSync(tempDir, { recursive: true, force: true });
+    });
+    describe("log", () => {
+        it("writes JSONL entry to file", () => {
+            logger.log({
+                ts: "2026-03-08T00:00:00.000Z",
+                agent: "assistant",
+                phase: "finished",
+                type: "core_tool",
+                tool: "exec",
+                args: ["ls"],
+                decision: "allowed",
+                exitCode: 0,
+                outputBytes: 100,
+            });
+            const content = readFileSync(logPath, "utf-8");
+            const lines = content.trim().split("\n");
+            expect(lines.length).toBe(1);
+            expect(JSON.parse(lines[0]).tool).toBe("exec");
+        });
+        it("appends multiple entries", () => {
+            logger.log({
+                ts: "2026-03-08T00:00:00.000Z",
+                agent: "assistant",
+                phase: "finished",
+                type: "core_tool",
+                tool: "read",
+                args: ["/test.txt"],
+                decision: "allowed",
+            });
+            logger.log({
+                ts: "2026-03-08T00:00:01.000Z",
+                agent: "assistant",
+                phase: "finished",
+                type: "core_tool",
+                tool: "write",
+                args: ["/test.txt"],
+                decision: "allowed",
+            });
+            const content = readFileSync(logPath, "utf-8");
+            const lines = content.trim().split("\n");
+            expect(lines.length).toBe(2);
+        });
+        it("includes all required fields", () => {
+            logger.log({
+                ts: "2026-03-08T00:00:00.000Z",
+                agent: "assistant",
+                phase: "finished",
+                type: "core_tool",
+                tool: "exec",
+                args: ["ls", "-la"],
+                decision: "allowed",
+                durationMs: 123,
+                exitCode: 0,
+                outputBytes: 500,
+            });
+            const content = readFileSync(logPath, "utf-8");
+            const entry = JSON.parse(content);
+            expect(entry.ts).toBe("2026-03-08T00:00:00.000Z");
+            expect(entry.agent).toBe("assistant");
+            expect(entry.phase).toBe("finished");
+            expect(entry.type).toBe("core_tool");
+            expect(entry.tool).toBe("exec");
+            expect(entry.args).toEqual(["ls", "-la"]);
+            expect(entry.decision).toBe("allowed");
+            expect(entry.durationMs).toBe(123);
+            expect(entry.exitCode).toBe(0);
+            expect(entry.outputBytes).toBe(500);
+        });
+        it("logs denied decisions", () => {
+            logger.log({
+                ts: "2026-03-08T00:00:00.000Z",
+                agent: "assistant",
+                phase: "finished",
+                type: "tool",
+                tool: "kv",
+                args: ["set", "key", "value"],
+                decision: "denied",
+                error: "Permission denied",
+            });
+            const content = readFileSync(logPath, "utf-8");
+            const entry = JSON.parse(content);
+            expect(entry.decision).toBe("denied");
+            expect(entry.error).toBe("Permission denied");
+        });
+        it("logs with target field for tool calls", () => {
+            logger.log({
+                ts: "2026-03-08T00:00:00.000Z",
+                agent: "assistant",
+                phase: "finished",
+                type: "tool",
+                tool: "kv",
+                args: ["get", "key"],
+                decision: "allowed",
+                target: "gateway",
+            });
+            const content = readFileSync(logPath, "utf-8");
+            const entry = JSON.parse(content);
+            expect(entry.target).toBe("gateway");
+        });
+    });
+    describe("start/finish pattern", () => {
+        it("creates a timer for allowed decisions", () => {
+            const timer = logger.start("assistant", "core_tool", "exec", ["ls"], "allowed");
+            expect(timer).toBeInstanceOf(AuditTimer);
+        });
+        it("logs immediately for denied decisions", () => {
+            logger.start("assistant", "tool", "kv", ["set", "key"], "denied");
+            const content = readFileSync(logPath, "utf-8");
+            const lines = content.trim().split("\n");
+            // Denied decisions log immediately as "finished"
+            expect(lines.length).toBe(1);
+            const entry = JSON.parse(lines[0]);
+            expect(entry.phase).toBe("finished");
+            expect(entry.decision).toBe("denied");
+        });
+        it("logs 'started' phase for allowed decisions", () => {
+            logger.start("assistant", "core_tool", "exec", ["ls"], "allowed");
+            const content = readFileSync(logPath, "utf-8");
+            const lines = content.trim().split("\n");
+            expect(lines.length).toBe(1);
+            const entry = JSON.parse(lines[0]);
+            expect(entry.phase).toBe("started");
+        });
+        it("logs 'finished' phase when timer.finish() is called", () => {
+            const timer = logger.start("assistant", "core_tool", "exec", ["ls"], "allowed");
+            timer.finish({ exitCode: 0, outputBytes: 100 });
+            const content = readFileSync(logPath, "utf-8");
+            const lines = content.trim().split("\n");
+            expect(lines.length).toBe(2);
+            const startedEntry = JSON.parse(lines[0]);
+            const finishedEntry = JSON.parse(lines[1]);
+            expect(startedEntry.phase).toBe("started");
+            expect(finishedEntry.phase).toBe("finished");
+        });
+        it("tracks duration between start and finish", async () => {
+            const timer = logger.start("assistant", "core_tool", "exec", ["ls"], "allowed");
+            await new Promise((resolve) => setTimeout(resolve, 50));
+            timer.finish({ exitCode: 0 });
+            const content = readFileSync(logPath, "utf-8");
+            const lines = content.trim().split("\n");
+            const finishedEntry = JSON.parse(lines[1]);
+            expect(finishedEntry.durationMs).toBeGreaterThanOrEqual(40);
+        });
+        it("finish() does nothing for denied decisions", () => {
+            const timer = logger.start("assistant", "tool", "kv", ["get"], "denied");
+            timer.finish({ exitCode: 1, error: "Denied" });
+            const content = readFileSync(logPath, "utf-8");
+            const lines = content.trim().split("\n");
+            // Only one line (the immediate "finished" log)
+            expect(lines.length).toBe(1);
+        });
+        it("includes error in finish result", () => {
+            const timer = logger.start("assistant", "core_tool", "exec", ["fail"], "allowed");
+            timer.finish({ exitCode: 1, error: "Command failed" });
+            const content = readFileSync(logPath, "utf-8");
+            const lines = content.trim().split("\n");
+            const finishedEntry = JSON.parse(lines[1]);
+            expect(finishedEntry.error).toBe("Command failed");
+        });
+    });
+    describe("concurrent writes", () => {
+        it("handles multiple concurrent log calls", async () => {
+            const promises = Array.from({ length: 10 }, (_, i) => Promise.resolve(logger.log({
+                ts: new Date().toISOString(),
+                agent: "assistant",
+                phase: "finished",
+                type: "core_tool",
+                tool: "exec",
+                args: [`cmd${i}`],
+                decision: "allowed",
+            })));
+            await Promise.all(promises);
+            const content = readFileSync(logPath, "utf-8");
+            const lines = content.trim().split("\n");
+            expect(lines.length).toBe(10);
+        });
+    });
+    describe("directory creation", () => {
+        it("creates parent directories if they don't exist", () => {
+            const nestedPath = join(tempDir, "deeply", "nested", "audit.jsonl");
+            const nestedLogger = new AuditLogger(nestedPath);
+            nestedLogger.log({
+                ts: "2026-03-08T00:00:00.000Z",
+                agent: "assistant",
+                phase: "finished",
+                type: "core_tool",
+                tool: "exec",
+                args: [],
+                decision: "allowed",
+            });
+            expect(existsSync(nestedPath)).toBe(true);
+        });
+    });
+});
+//# sourceMappingURL=audit.spec.js.map

package/dist/gateway/audit.spec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.spec.js","sourceRoot":"","sources":["../../src/gateway/audit.spec.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACrD,OAAO,EAAiB,YAAY,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAChF,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC;AAE5B,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,IAAI,OAAe,CAAC;IACpB,IAAI,OAAe,CAAC;IACpB,IAAI,MAAmB,CAAC;IAExB,UAAU,CAAC,GAAG,EAAE;QACd,OAAO,GAAG,IAAI,CAAC,MAAM,EAAE,EAAE,oBAAoB,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC3D,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACxC,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QACvC,MAAM,GAAG,IAAI,WAAW,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,KAAK,EAAE,GAAG,EAAE;QACnB,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YACpC,MAAM,CAAC,GAAG,CAAC;gBACT,EAAE,EAAE,0BAA0B;gBAC9B,KAAK,EAAE,WAAW;gBAClB,KAAK,EAAE,UAAU;gBACjB,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,SAAS;gBACnB,QAAQ,EAAE,CAAC;gBACX,WAAW,EAAE,GAAG;aACjB,CAAC,CAAC;YAEH,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAEzC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;YAClC,MAAM,CAAC,GAAG,CAAC;gBACT,EAAE,EAAE,0BAA0B;gBAC9B,KAAK,EAAE,WAAW;gBAClB,KAAK,EAAE,UAAU;gBACjB,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,CAAC,WAAW,CAAC;gBACnB,QAAQ,EAAE,SAAS;aACpB,CAAC,CAAC;YAEH,MAAM,CAAC,GAAG,CAAC;gBACT,EAAE,EAAE,0BAA0B;gBAC9B,KAAK,EAAE,WAAW;gBAClB,KAAK,EAAE,UAAU;gBACjB,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,CAAC,WAAW,CAAC;gBACnB,QAAQ,EAAE,SAAS;aACpB,CAAC,CAAC;YAEH,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAEzC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,MAAM,CAAC,GAAG,CAAC;gBACT,EAAE,EAAE,0BAA0B;gBAC9B,KAAK,EAAE,WAAW;gBAClB,KAAK,EAAE,UAAU;gBACjB,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,CAAC,IAAI,EAAE,KAAK,CAAC;gBACnB,QAAQ,EAAE,SAAS;gBACnB,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE,CAAC;gBACX,WAAW,EAAE,GAAG;aACjB,CAAC,CAAC;YAEH,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAElC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;YAClD,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACtC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACrC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACrC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAChC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;YAC1C,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACvC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC/B,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;YAC/B,MAAM,CAAC,GAAG,CAAC;gBACT,EAAE,EAAE,0BAA0B;gBAC9B,KAAK,EAAE,WAAW;gBAClB,KAAK,EAAE,UAAU;gBACjB,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,IAAI;gBACV,IAAI,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC;gBAC7B,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,mBAAmB;aAC3B,CAAC,CAAC;YAEH,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAElC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACtC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,CAAC,GAAG,CAAC;gBACT,EAAE,EAAE,0BAA0B;gBAC9B,KAAK,EAAE,WAAW;gBAClB,KAAK,EAAE,UAAU;gBACjB,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,IAAI;gBACV,IAAI,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;gBACpB,QAAQ,EAAE,SAAS;gBACnB,MAAM,EAAE,SAAS;aAClB,CAAC,CAAC;YAEH,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAElC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;QACpC,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CACxB,WAAW,EACX,WAAW,EACX,MAAM,EACN,CAAC,IAAI,CAAC,EACN,SAAS,CACV,CAAC;YAEF,MAAM,CAAC,KAAK,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,CAAC,KAAK,CACV,WAAW,EACX,MAAM,EACN,IAAI,EACJ,CAAC,KAAK,EAAE,KAAK,CAAC,EACd,QAAQ,CACT,CAAC;YAEF,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAEzC,iDAAiD;YACjD,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACnC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACrC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,MAAM,CAAC,KAAK,CACV,WAAW,EACX,WAAW,EACX,MAAM,EACN,CAAC,IAAI,CAAC,EACN,SAAS,CACV,CAAC;YAEF,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAEzC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACnC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;YAC7D,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CACxB,WAAW,EACX,WAAW,EACX,MAAM,EACN,CAAC,IAAI,CAAC,EACN,SAAS,CACV,CAAC;YAEF,KAAK,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC;YAEhD,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAEzC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAE7B,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1C,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAE3C,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC3C,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;YACxD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CACxB,WAAW,EACX,WAAW,EACX,MAAM,EACN,CAAC,IAAI,CAAC,EACN,SAAS,CACV,CAAC;YAEF,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;YAExD,KAAK,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC;YAE9B,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACzC,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAE3C,MAAM,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,sBAAsB,CAAC,EAAE,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CACxB,WAAW,EACX,MAAM,EACN,IAAI,EACJ,CAAC,KAAK,CAAC,EACP,QAAQ,CACT,CAAC;YAEF,KAAK,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;YAE/C,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAEzC,+CAA+C;YAC/C,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACzC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CACxB,WAAW,EACX,WAAW,EACX,MAAM,EACN,CAAC,MAAM,CAAC,EACR,SAAS,CACV,CAAC;YAEF,KAAK,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;YAEvD,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACzC,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAE3C,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;YACrD,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACnD,OAAO,CAAC,OAAO,CACb,MAAM,CAAC,GAAG,CAAC;gBACT,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBAC5B,KAAK,EAAE,WAAW;gBAClB,KAAK,EAAE,UAAU;gBACjB,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjB,QAAQ,EAAE,SAAS;aACpB,CAAC,CACH,CACF,CAAC;YAEF,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAE5B,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAEzC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;YACxD,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;YACpE,MAAM,YAAY,GAAG,IAAI,WAAW,CAAC,UAAU,CAAC,CAAC;YAEjD,YAAY,CAAC,GAAG,CAAC;gBACf,EAAE,EAAE,0BAA0B;gBAC9B,KAAK,EAAE,WAAW;gBAClB,KAAK,EAAE,UAAU;gBACjB,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,EAAE;gBACR,QAAQ,EAAE,SAAS;aACpB,CAAC,CAAC;YAEH,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/gateway/gateway.d.ts

@@ -0,0 +1,27 @@
+import type { BeigeConfig } from "../config/schema.js";
+export declare class Gateway {
+    private config;
+    private configPath;
+    private audit;
+    private policy;
+    private toolRunner;
+    private sessionStore;
+    private settingsStore;
+    private sandboxManager;
+    private agentManager;
+    private api;
+    private socketServers;
+    private telegramChannel?;
+    private loadedTools;
+    private loadedSkills;
+    private channelRegistry;
+    private restarting;
+    constructor(config: BeigeConfig, configPath: string);
+    start(): Promise<void>;
+    stop(): Promise<void>;
+    restart(): Promise<void>;
+    private teardown;
+    private startAgentInfra;
+    private setupAuth;
+}
+//# sourceMappingURL=gateway.d.ts.map

package/dist/gateway/gateway.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"gateway.d.ts","sourceRoot":"","sources":["../../src/gateway/gateway.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAgBvD,qBAAa,OAAO;IAClB,OAAO,CAAC,MAAM,CAAc;IAC5B,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,KAAK,CAAc;IAC3B,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,YAAY,CAAoB;IACxC,OAAO,CAAC,aAAa,CAAuB;IAC5C,OAAO,CAAC,cAAc,CAAkB;IACxC,OAAO,CAAC,YAAY,CAAgB;IACpC,OAAO,CAAC,GAAG,CAAc;IACzB,OAAO,CAAC,aAAa,CAAwC;IAC7D,OAAO,CAAC,eAAe,CAAC,CAAkB;IAC1C,OAAO,CAAC,WAAW,CAA2B;IAC9C,OAAO,CAAC,YAAY,CAA4B;IAChD,OAAO,CAAC,eAAe,CAAmB;IAC1C,OAAO,CAAC,UAAU,CAAS;gBAEf,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM;IAY7C,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IA0EtB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAMrB,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;YAmChB,QAAQ;YAsBR,eAAe;IAoB7B,OAAO,CAAC,SAAS;CAWlB"}

package/dist/gateway/gateway.js

@@ -0,0 +1,158 @@
+import { resolve } from "path";
+import { homedir } from "os";
+import { AuthStorage, ModelRegistry } from "@mariozechner/pi-coding-agent";
+import { loadConfig } from "../config/loader.js";
+import { AuditLogger } from "./audit.js";
+import { PolicyEngine } from "./policy.js";
+import { AgentManager } from "./agent-manager.js";
+import { BeigeSessionStore } from "./sessions.js";
+import { SessionSettingsStore } from "./session-settings.js";
+import { GatewayAPI } from "./api.js";
+import { SandboxManager } from "../sandbox/manager.js";
+import { AgentSocketServer } from "../socket/server.js";
+import { ToolRunner } from "../tools/runner.js";
+import { loadTools } from "../tools/registry.js";
+import { loadSkills } from "../skills/registry.js";
+import { TelegramChannel } from "../channels/telegram.js";
+import { ChannelRegistry } from "../channels/registry.js";
+export class Gateway {
+    config;
+    configPath;
+    audit;
+    policy;
+    toolRunner;
+    sessionStore;
+    settingsStore;
+    sandboxManager;
+    agentManager;
+    api;
+    socketServers = new Map();
+    telegramChannel;
+    loadedTools;
+    loadedSkills;
+    channelRegistry;
+    restarting = false;
+    constructor(config, configPath) {
+        this.config = config;
+        this.configPath = resolve(configPath);
+        this.audit = new AuditLogger(resolve(homedir(), ".beige", "logs", "audit.jsonl"));
+        this.policy = new PolicyEngine(config);
+        this.toolRunner = new ToolRunner();
+        this.sessionStore = new BeigeSessionStore();
+        this.settingsStore = new SessionSettingsStore();
+    }
+    async start() {
+        console.log("[GATEWAY] Starting Beige gateway...");
+        // 1. Create channel registry
+        this.channelRegistry = new ChannelRegistry();
+        // 2. Load tool packages and register handlers
+        this.loadedTools = await loadTools(this.config, this.toolRunner, this.channelRegistry);
+        console.log(`[GATEWAY] Loaded ${this.loadedTools.size} tool(s)`);
+        // 3. Load skill packages
+        this.loadedSkills = await loadSkills(this.config);
+        console.log(`[GATEWAY] Loaded ${this.loadedSkills.size} skill(s)`);
+        // 4. Set up auth and model registry for pi SDK
+        const authStorage = this.setupAuth();
+        const modelRegistry = new ModelRegistry(authStorage);
+        // 5. Create sandbox manager
+        this.sandboxManager = new SandboxManager(this.config, this.loadedTools, this.loadedSkills);
+        // 6. Create agent manager
+        this.agentManager = new AgentManager(this.config, this.sandboxManager, this.audit, this.loadedTools, this.loadedSkills, authStorage, modelRegistry, this.sessionStore);
+        // 7. Build beige-sandbox image if any agent needs it (no-op otherwise)
+        await this.sandboxManager.ensureSandboxImage();
+        // 8. Start sandboxes and socket servers for each agent
+        for (const agentName of Object.keys(this.config.agents)) {
+            await this.startAgentInfra(agentName);
+        }
+        // 9. Start HTTP API (for TUI and other external channels)
+        const host = this.config.gateway?.host ?? "127.0.0.1";
+        const port = this.config.gateway?.port ?? 7433;
+        this.api = new GatewayAPI({
+            config: this.config,
+            gateway: this,
+            agentManager: this.agentManager,
+            sessionStore: this.sessionStore,
+            sandbox: this.sandboxManager,
+            audit: this.audit,
+            host,
+            port,
+        });
+        await this.api.start();
+        // 10. Start Telegram channel (non-blocking)
+        if (this.config.channels?.telegram?.enabled) {
+            this.telegramChannel = new TelegramChannel(this.config.channels.telegram, this.agentManager, this.sessionStore, this.settingsStore, this.channelRegistry);
+            this.telegramChannel.start().catch((err) => {
+                console.error("[GATEWAY] Telegram bot error:", err);
+            });
+        }
+        console.log("[GATEWAY] Beige gateway started ✓");
+    }
+    async stop() {
+        console.log("[GATEWAY] Shutting down...");
+        await this.teardown({ drain: true });
+        console.log("[GATEWAY] Shutdown complete");
+    }
+    async restart() {
+        if (this.restarting) {
+            console.log("[GATEWAY] Restart already in progress — ignoring duplicate request");
+            return;
+        }
+        this.restarting = true;
+        try {
+            console.log("[GATEWAY] ── Restart requested ──────────────────────────────");
+            console.log("[GATEWAY] Phase 1/3: Draining in-flight calls...");
+            await this.agentManager?.drainAll();
+            console.log("[GATEWAY] Phase 2/3: Tearing down infrastructure...");
+            await this.teardown({ drain: false });
+            console.log(`[GATEWAY] Phase 3/3: Reloading config from ${this.configPath}...`);
+            try {
+                this.config = loadConfig(this.configPath);
+            }
+            catch (err) {
+                console.error("[GATEWAY] Failed to reload config — aborting restart:", err);
+                console.error("[GATEWAY] Gateway is now stopped. Fix the config and run 'beige gateway start'.");
+                return;
+            }
+            this.policy = new PolicyEngine(this.config);
+            this.toolRunner = new ToolRunner();
+            await this.start();
+            console.log("[GATEWAY] ── Restart complete ───────────────────────────────");
+        }
+        finally {
+            this.restarting = false;
+        }
+    }
+    async teardown(opts) {
+        if (opts.drain) {
+            await this.agentManager?.drainAll();
+        }
+        if (this.telegramChannel) {
+            await this.telegramChannel.stop();
+            this.telegramChannel = undefined;
+        }
+        await this.api?.stop();
+        for (const [, server] of this.socketServers) {
+            await server.stop();
+        }
+        this.socketServers.clear();
+        await this.agentManager?.shutdown();
+        await this.sandboxManager?.shutdown();
+    }
+    async startAgentInfra(agentName) {
+        const socketPath = resolve(homedir(), ".beige", "sockets", `${agentName}.sock`);
+        const socketServer = new AgentSocketServer(agentName, socketPath, this.audit, this.policy, this.toolRunner);
+        await socketServer.start();
+        this.socketServers.set(agentName, socketServer);
+        await this.sandboxManager.createSandbox(agentName);
+    }
+    setupAuth() {
+        const authStorage = AuthStorage.create();
+        for (const [providerName, providerConfig] of Object.entries(this.config.llm.providers)) {
+            if (providerConfig.apiKey) {
+                authStorage.setRuntimeApiKey(providerName, providerConfig.apiKey);
+            }
+        }
+        return authStorage;
+    }
+}
+//# sourceMappingURL=gateway.js.map

package/dist/gateway/gateway.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gateway.js","sourceRoot":"","sources":["../../src/gateway/gateway.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAC/B,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAC7B,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAE3E,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAClD,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AACtC,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAmB,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAAE,UAAU,EAAoB,MAAM,uBAAuB,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE1D,MAAM,OAAO,OAAO;IACV,MAAM,CAAc;IACpB,UAAU,CAAS;IACnB,KAAK,CAAc;IACnB,MAAM,CAAe;IACrB,UAAU,CAAa;IACvB,YAAY,CAAoB;IAChC,aAAa,CAAuB;IACpC,cAAc,CAAkB;IAChC,YAAY,CAAgB;IAC5B,GAAG,CAAc;IACjB,aAAa,GAAG,IAAI,GAAG,EAA6B,CAAC;IACrD,eAAe,CAAmB;IAClC,WAAW,CAA2B;IACtC,YAAY,CAA4B;IACxC,eAAe,CAAmB;IAClC,UAAU,GAAG,KAAK,CAAC;IAE3B,YAAY,MAAmB,EAAE,UAAkB;QACjD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;QACtC,IAAI,CAAC,KAAK,GAAG,IAAI,WAAW,CAC1B,OAAO,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,CAAC,CACpD,CAAC;QACF,IAAI,CAAC,MAAM,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,CAAC,YAAY,GAAG,IAAI,iBAAiB,EAAE,CAAC;QAC5C,IAAI,CAAC,aAAa,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAClD,CAAC;IAED,KAAK,CAAC,KAAK;QACT,OAAO,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC;QAEnD,6BAA6B;QAC7B,IAAI,CAAC,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;QAE7C,8CAA8C;QAC9C,IAAI,CAAC,WAAW,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;QACvF,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,CAAC,WAAW,CAAC,IAAI,UAAU,CAAC,CAAC;QAEjE,yBAAyB;QACzB,IAAI,CAAC,YAAY,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAClD,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,CAAC,YAAY,CAAC,IAAI,WAAW,CAAC,CAAC;QAEnE,+CAA+C;QAC/C,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QACrC,MAAM,aAAa,GAAG,IAAI,aAAa,CAAC,WAAW,CAAC,CAAC;QAErD,4BAA4B;QAC5B,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QAE3F,0BAA0B;QAC1B,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAClC,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,YAAY,EACjB,WAAW,EACX,aAAa,EACb,IAAI,CAAC,YAAY,CAClB,CAAC;QAEF,uEAAuE;QACvE,MAAM,IAAI,CAAC,cAAc,CAAC,kBAAkB,EAAE,CAAC;QAE/C,uDAAuD;QACvD,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YACxD,MAAM,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;QACxC,CAAC;QAED,0DAA0D;QAC1D,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,IAAI,WAAW,CAAC;QACtD,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,IAAI,IAAI,CAAC;QAE/C,IAAI,CAAC,GAAG,GAAG,IAAI,UAAU,CAAC;YACxB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,OAAO,EAAE,IAAI;YACb,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,OAAO,EAAE,IAAI,CAAC,cAAc;YAC5B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI;YACJ,IAAI;SACL,CAAC,CAAC;QACH,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QAEvB,4CAA4C;QAC5C,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;YAC5C,IAAI,CAAC,eAAe,GAAG,IAAI,eAAe,CACxC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAC7B,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,eAAe,CACrB,CAAC;YACF,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACzC,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,GAAG,CAAC,CAAC;YACtD,CAAC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,IAAI;QACR,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;QAC1C,MAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,oEAAoE,CAAC,CAAC;YAClF,OAAO;QACT,CAAC;QACD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QAEvB,IAAI,CAAC;YACH,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;YAE7E,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;YAChE,MAAM,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,CAAC;YAEpC,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC;YACnE,MAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;YAEtC,OAAO,CAAC,GAAG,CAAC,8CAA8C,IAAI,CAAC,UAAU,KAAK,CAAC,CAAC;YAChF,IAAI,CAAC;gBACH,IAAI,CAAC,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC5C,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,uDAAuD,EAAE,GAAG,CAAC,CAAC;gBAC5E,OAAO,CAAC,KAAK,CAAC,iFAAiF,CAAC,CAAC;gBACjG,OAAO;YACT,CAAC;YAED,IAAI,CAAC,MAAM,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC5C,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,EAAE,CAAC;YAEnC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;YACnB,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;QAC/E,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC;QAC1B,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,QAAQ,CAAC,IAAwB;QAC7C,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,CAAC;QACtC,CAAC;QAED,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,eAAe,GAAG,SAAS,CAAC;QACnC,CAAC;QAED,MAAM,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;QAEvB,KAAK,MAAM,CAAC,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YAC5C,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;QAE3B,MAAM,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,CAAC;QAEpC,MAAM,IAAI,CAAC,cAAc,EAAE,QAAQ,EAAE,CAAC;IACxC,CAAC;IAEO,KAAK,CAAC,eAAe,CAAC,SAAiB;QAC7C,MAAM,UAAU,GAAG,OAAO,CACxB,OAAO,EAAE,EACT,QAAQ,EACR,SAAS,EACT,GAAG,SAAS,OAAO,CACpB,CAAC;QACF,MAAM,YAAY,GAAG,IAAI,iBAAiB,CACxC,SAAS,EACT,UAAU,EACV,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,UAAU,CAChB,CAAC;QACF,MAAM,YAAY,CAAC,KAAK,EAAE,CAAC;QAC3B,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QAEhD,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;IACrD,CAAC;IAEO,SAAS;QACf,MAAM,WAAW,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC;QACzC,KAAK,MAAM,CAAC,YAAY,EAAE,cAAc,CAAC,IAAI,MAAM,CAAC,OAAO,CACzD,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAC1B,EAAE,CAAC;YACF,IAAI,cAAc,CAAC,MAAM,EAAE,CAAC;gBAC1B,WAAW,CAAC,gBAAgB,CAAC,YAAY,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;QACD,OAAO,WAAW,CAAC;IACrB,CAAC;CACF"}

package/dist/gateway/policy.d.ts

@@ -0,0 +1,27 @@
+import type { BeigeConfig } from "../config/schema.js";
+/**
+ * Policy engine. Deny by default.
+ * Checks whether an agent is allowed to use a specific tool.
+ */
+export declare class PolicyEngine {
+    private config;
+    constructor(config: BeigeConfig);
+    /**
+     * Check if an agent is allowed to use a core tool (read, write, patch, exec).
+     * Core tools are always allowed for any configured agent.
+     */
+    isCoreTool(tool: string): boolean;
+    /**
+     * Check if an agent is allowed to execute a tool.
+     */
+    isToolAllowed(agentName: string, toolName: string): boolean;
+    /**
+     * Check if an agent exists in the config.
+     */
+    isAgentValid(agentName: string): boolean;
+    /**
+     * Get the target for a tool (gateway or sandbox).
+     */
+    getToolTarget(toolName: string): "gateway" | "sandbox" | undefined;
+}
+//# sourceMappingURL=policy.d.ts.map

package/dist/gateway/policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../src/gateway/policy.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAEvD;;;GAGG;AACH,qBAAa,YAAY;IACX,OAAO,CAAC,MAAM;gBAAN,MAAM,EAAE,WAAW;IAEvC;;;OAGG;IACH,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAIjC;;OAEG;IACH,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO;IAM3D;;OAEG;IACH,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAIxC;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS,GAAG,SAAS;CAInE"}

package/dist/gateway/policy.js

@@ -0,0 +1,40 @@
+/**
+ * Policy engine. Deny by default.
+ * Checks whether an agent is allowed to use a specific tool.
+ */
+export class PolicyEngine {
+    config;
+    constructor(config) {
+        this.config = config;
+    }
+    /**
+     * Check if an agent is allowed to use a core tool (read, write, patch, exec).
+     * Core tools are always allowed for any configured agent.
+     */
+    isCoreTool(tool) {
+        return ["read", "write", "patch", "exec"].includes(tool);
+    }
+    /**
+     * Check if an agent is allowed to execute a tool.
+     */
+    isToolAllowed(agentName, toolName) {
+        const agent = this.config.agents[agentName];
+        if (!agent)
+            return false;
+        return agent.tools.includes(toolName);
+    }
+    /**
+     * Check if an agent exists in the config.
+     */
+    isAgentValid(agentName) {
+        return agentName in this.config.agents;
+    }
+    /**
+     * Get the target for a tool (gateway or sandbox).
+     */
+    getToolTarget(toolName) {
+        const tool = this.config.tools[toolName];
+        return tool?.target;
+    }
+}
+//# sourceMappingURL=policy.js.map

package/dist/gateway/policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../src/gateway/policy.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,MAAM,OAAO,YAAY;IACH;IAApB,YAAoB,MAAmB;QAAnB,WAAM,GAAN,MAAM,CAAa;IAAG,CAAC;IAE3C;;;OAGG;IACH,UAAU,CAAC,IAAY;QACrB,OAAO,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC3D,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,SAAiB,EAAE,QAAgB;QAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC5C,IAAI,CAAC,KAAK;YAAE,OAAO,KAAK,CAAC;QACzB,OAAO,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,SAAiB;QAC5B,OAAO,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,QAAgB;QAC5B,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACzC,OAAO,IAAI,EAAE,MAAM,CAAC;IACtB,CAAC;CACF"}

package/dist/gateway/policy.spec.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=policy.spec.d.ts.map

package/dist/gateway/policy.spec.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.spec.d.ts","sourceRoot":"","sources":["../../src/gateway/policy.spec.ts"],"names":[],"mappings":""}