@mono-agent/agent-runtime 0.3.0 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/ARCHITECTURE.md +75 -9
- package/MIGRATION.md +293 -0
- package/README.md +46 -20
- package/package.json +104 -10
- package/src/agent/allowlists.js +3 -0
- package/src/agent/approval.js +3 -0
- package/src/agent/compaction.js +231 -654
- package/src/agent/index.js +1 -1
- package/src/agent/prompt/skill-index.js +6 -0
- package/src/agent/sandbox-seam.js +227 -0
- package/src/agent/tool-bloat.js +8 -2
- package/src/agent/tools/bash.js +16 -8
- package/src/agent/tools/edit.js +7 -3
- package/src/agent/tools/glob.js +11 -5
- package/src/agent/tools/grep.js +11 -5
- package/src/agent/tools/pi-bridge.js +272 -54
- package/src/agent/tools/read.js +28 -3
- package/src/agent/tools/shared/output-truncation.js +8 -3
- package/src/agent/tools/shared/path-resolver.js +24 -18
- package/src/agent/tools/shared/ripgrep.js +33 -6
- package/src/agent/tools/shared/runtime-context.js +60 -50
- package/src/agent/tools/shared/tool-context.js +157 -0
- package/src/agent/tools/web-fetch.js +65 -18
- package/src/agent/tools/web-search.js +11 -4
- package/src/agent/tools/write.js +7 -3
- package/src/agent/transcript.js +16 -1
- package/src/ai/cost.js +128 -3
- package/src/ai/failure.js +96 -4
- package/src/ai/index.js +1 -0
- package/src/ai/live-input-prompt.js +11 -1
- package/src/ai/providers/claude-cli.js +6 -2
- package/src/ai/providers/claude-sdk.js +55 -12
- package/src/ai/providers/codex-app.js +36 -23
- package/src/ai/providers/opencode-app.js +2 -2
- package/src/ai/providers/opencode-discovery.js +2 -2
- package/src/ai/providers/pi-errors.js +65 -0
- package/src/ai/providers/pi-events.js +5 -0
- package/src/ai/providers/pi-models.js +21 -4
- package/src/ai/providers/pi-native/compaction-driver.js +394 -0
- package/src/ai/providers/pi-native/result-builder.js +312 -0
- package/src/ai/providers/pi-native/session-lifecycle.js +438 -0
- package/src/ai/providers/pi-native/stream-subscriber.js +148 -0
- package/src/ai/providers/pi-native/structured-output.js +130 -0
- package/src/ai/providers/pi-native/turn-runner.js +278 -0
- package/src/ai/providers/pi-native.js +754 -0
- package/src/ai/runtime/capabilities.js +3 -0
- package/src/ai/runtime/model-refs.js +30 -0
- package/src/ai/runtime/registry.js +33 -2
- package/src/ai/runtime/router.js +119 -19
- package/src/ai/runtime/session-liveness.js +110 -0
- package/src/ai/runtime/sessions.js +19 -2
- package/src/ai/types.js +252 -20
- package/src/index.js +1 -1
- package/src/pi-auth.js +147 -16
- package/src/runtime-brand.js +21 -1
- package/src/runtime.js +75 -10
- package/types/agent/allowlists.d.ts +25 -0
- package/types/agent/approval.d.ts +30 -0
- package/types/agent/compaction.d.ts +97 -0
- package/types/agent/index.d.ts +5 -0
- package/types/agent/prompt/skill-index.d.ts +19 -0
- package/types/agent/sandbox-seam.d.ts +148 -0
- package/types/agent/tool-bloat.d.ts +22 -0
- package/types/agent/tools/bash.d.ts +16 -0
- package/types/agent/tools/edit.d.ts +14 -0
- package/types/agent/tools/glob.d.ts +16 -0
- package/types/agent/tools/grep.d.ts +22 -0
- package/types/agent/tools/index.d.ts +10 -0
- package/types/agent/tools/pi-bridge.d.ts +144 -0
- package/types/agent/tools/read.d.ts +19 -0
- package/types/agent/tools/shared/constants.d.ts +13 -0
- package/types/agent/tools/shared/dedup.d.ts +8 -0
- package/types/agent/tools/shared/output-truncation.d.ts +22 -0
- package/types/agent/tools/shared/path-resolver.d.ts +6 -0
- package/types/agent/tools/shared/ripgrep.d.ts +38 -0
- package/types/agent/tools/shared/runtime-context.d.ts +27 -0
- package/types/agent/tools/shared/tool-context.d.ts +48 -0
- package/types/agent/tools/web-fetch.d.ts +13 -0
- package/types/agent/tools/web-search.d.ts +11 -0
- package/types/agent/tools/write.d.ts +12 -0
- package/types/agent/transcript.d.ts +45 -0
- package/types/ai/backend.d.ts +41 -0
- package/types/ai/cost.d.ts +96 -0
- package/types/ai/failure.d.ts +117 -0
- package/types/ai/file-change-stats.d.ts +75 -0
- package/types/ai/index.d.ts +7 -0
- package/types/ai/live-input-prompt.d.ts +6 -0
- package/types/ai/observer.d.ts +68 -0
- package/types/ai/providers/claude-cli.d.ts +211 -0
- package/types/ai/providers/claude-sdk.d.ts +66 -0
- package/types/ai/providers/claude-subagents.d.ts +2 -0
- package/types/ai/providers/codex-app.d.ts +151 -0
- package/types/ai/providers/opencode-app.d.ts +95 -0
- package/types/ai/providers/opencode-discovery.d.ts +4 -0
- package/types/ai/providers/pi-errors.d.ts +3 -0
- package/types/ai/providers/pi-events.d.ts +24 -0
- package/types/ai/providers/pi-messages.d.ts +5 -0
- package/types/ai/providers/pi-models.d.ts +57 -0
- package/types/ai/providers/pi-native/compaction-driver.d.ts +86 -0
- package/types/ai/providers/pi-native/result-builder.d.ts +168 -0
- package/types/ai/providers/pi-native/session-lifecycle.d.ts +62 -0
- package/types/ai/providers/pi-native/stream-subscriber.d.ts +50 -0
- package/types/ai/providers/pi-native/structured-output.d.ts +69 -0
- package/types/ai/providers/pi-native/turn-runner.d.ts +60 -0
- package/types/ai/providers/pi-native.d.ts +18 -0
- package/types/ai/registry.d.ts +1 -0
- package/types/ai/runtime/capabilities-used.d.ts +21 -0
- package/types/ai/runtime/capabilities.d.ts +33 -0
- package/types/ai/runtime/context-windows.d.ts +8 -0
- package/types/ai/runtime/fast-mode.d.ts +2 -0
- package/types/ai/runtime/model-refs.d.ts +35 -0
- package/types/ai/runtime/registry.d.ts +38 -0
- package/types/ai/runtime/router.d.ts +56 -0
- package/types/ai/runtime/session-liveness.d.ts +55 -0
- package/types/ai/runtime/sessions.d.ts +38 -0
- package/types/ai/streaming/codex-events.d.ts +30 -0
- package/types/ai/streaming/opencode-events.d.ts +41 -0
- package/types/ai/types.d.ts +702 -0
- package/types/index.d.ts +7 -0
- package/types/pi-auth.d.ts +28 -0
- package/types/runtime-brand.d.ts +30 -0
- package/types/runtime.d.ts +10 -0
- package/src/ai/providers/pi-sdk.js +0 -1310
package/src/runtime.js
CHANGED
|
@@ -1,13 +1,16 @@
|
|
|
1
1
|
// Top-level runtime factory.
|
|
2
2
|
//
|
|
3
3
|
// `createRuntime(host)` is the ergonomic entry point for hosts. It binds the
|
|
4
|
-
// host integration callbacks (pricing, persistence, credentials),
|
|
5
|
-
//
|
|
4
|
+
// host integration callbacks (pricing, persistence, credentials), builds a
|
|
5
|
+
// per-instance `ToolContext` (agent/tools/shared/tool-context.js) that this
|
|
6
|
+
// runtime instance threads to every bridge call via `options.toolContext`
|
|
7
|
+
// instead of a process-global, and returns a `.run(systemPrompt, options)`
|
|
6
8
|
// method that resolves the right provider bridge based on `options.model` +
|
|
7
9
|
// `options.executionMode`.
|
|
8
10
|
//
|
|
9
|
-
//
|
|
10
|
-
// register themselves on import via the runtime registry. Hosts
|
|
11
|
+
// The built-in bridges (claude-sdk, claude-cli, pi-native, codex-app,
|
|
12
|
+
// opencode-app) register themselves on import via the runtime registry. Hosts
|
|
13
|
+
// that need
|
|
11
14
|
// finer control can keep using the named exports (resolveRuntimeBridge,
|
|
12
15
|
// generateClaudeResponse, etc.) directly.
|
|
13
16
|
//
|
|
@@ -23,12 +26,22 @@
|
|
|
23
26
|
// a product-specific result object,
|
|
24
27
|
// task envelopes, etc.) parse it themselves.
|
|
25
28
|
|
|
29
|
+
// @ts-check
|
|
30
|
+
|
|
26
31
|
import { resolveRuntimeBridge } from "./ai/runtime/registry.js";
|
|
27
32
|
import { createObserverHub } from "./ai/observer.js";
|
|
28
33
|
import { disposeAllProviderSessions, disposeProviderSession } from "./ai/runtime/sessions.js";
|
|
29
|
-
import {
|
|
34
|
+
import { createToolContext, updateToolContext } from "./agent/tools/shared/tool-context.js";
|
|
30
35
|
import { resolveRuntimeBrand } from "./runtime-brand.js";
|
|
31
36
|
|
|
37
|
+
/**
|
|
38
|
+
* @typedef {import('./ai/types.js').AgentRuntimeHostOptions} AgentRuntimeHostOptions
|
|
39
|
+
* @typedef {import('./ai/types.js').AgentRuntimeToolOptions} AgentRuntimeToolOptions
|
|
40
|
+
* @typedef {import('./ai/types.js').AgentRuntimeInstance} AgentRuntimeInstance
|
|
41
|
+
* @typedef {import('./ai/types.js').RuntimeRunOptions} RuntimeRunOptions
|
|
42
|
+
* @typedef {import('./ai/types.js').RuntimeResult} RuntimeResult
|
|
43
|
+
*/
|
|
44
|
+
|
|
32
45
|
const HOST_KEYS = [
|
|
33
46
|
"resolveCustomPricing",
|
|
34
47
|
"resolvePiApiKey",
|
|
@@ -47,8 +60,15 @@ const TOOL_RUNTIME_KEYS = [
|
|
|
47
60
|
"ripgrepPath",
|
|
48
61
|
"qaOutputDir",
|
|
49
62
|
"sandboxPolicy",
|
|
63
|
+
"sandboxEngine",
|
|
64
|
+
"sandbox",
|
|
50
65
|
];
|
|
51
66
|
|
|
67
|
+
/**
|
|
68
|
+
* @param {Object<string, *>} source
|
|
69
|
+
* @param {Array<string>} keys
|
|
70
|
+
* @returns {Object<string, *>}
|
|
71
|
+
*/
|
|
52
72
|
function pickDefined(source, keys) {
|
|
53
73
|
const out = {};
|
|
54
74
|
for (const key of keys) {
|
|
@@ -57,17 +77,53 @@ function pickDefined(source, keys) {
|
|
|
57
77
|
return out;
|
|
58
78
|
}
|
|
59
79
|
|
|
80
|
+
const PROMPT_OVERRIDE_KEYS = ["structuredOutputInstruction", "structuredOutputFinalization", "liveInputGuidance"];
|
|
81
|
+
|
|
82
|
+
/**
|
|
83
|
+
* Per-field merge of the prompt overrides: a run-level override wins over the
|
|
84
|
+
* host-level default wins over the bridge's built-in default (an absent field
|
|
85
|
+
* leaves the bridge on its built-in string). Kept out of the `...hostDefaults,
|
|
86
|
+
* ...options` spread so a run that overrides ONE prompt does not drop the host's
|
|
87
|
+
* other prompt defaults (an object-replacing spread would).
|
|
88
|
+
* @param {import('./ai/types.js').RuntimePromptOverrides} [hostPrompts]
|
|
89
|
+
* @param {import('./ai/types.js').RuntimePromptOverrides} [runPrompts]
|
|
90
|
+
* @returns {import('./ai/types.js').RuntimePromptOverrides|undefined}
|
|
91
|
+
*/
|
|
92
|
+
function resolvePrompts(hostPrompts, runPrompts) {
|
|
93
|
+
if (!hostPrompts && !runPrompts) return undefined;
|
|
94
|
+
/** @type {Record<string, *>} */
|
|
95
|
+
const merged = {};
|
|
96
|
+
for (const key of PROMPT_OVERRIDE_KEYS) {
|
|
97
|
+
const value = /** @type {any} */ (runPrompts)?.[key] ?? /** @type {any} */ (hostPrompts)?.[key];
|
|
98
|
+
if (value !== undefined) merged[key] = value;
|
|
99
|
+
}
|
|
100
|
+
return merged;
|
|
101
|
+
}
|
|
102
|
+
|
|
103
|
+
/**
|
|
104
|
+
* @param {AgentRuntimeHostOptions} [host]
|
|
105
|
+
* @returns {AgentRuntimeInstance}
|
|
106
|
+
*/
|
|
60
107
|
export function createRuntime(host = {}) {
|
|
61
108
|
const hostDefaults = pickDefined(host, HOST_KEYS);
|
|
62
109
|
const toolRuntime = pickDefined(host, TOOL_RUNTIME_KEYS);
|
|
63
110
|
const runtimeBrand = resolveRuntimeBrand(host.runtimeBrand);
|
|
64
111
|
const hostObservers = Array.isArray(host.observers) ? host.observers.slice() : [];
|
|
65
|
-
//
|
|
66
|
-
//
|
|
67
|
-
//
|
|
68
|
-
|
|
112
|
+
// Per-instance tool context, built once and threaded to every bridge via
|
|
113
|
+
// `options.toolContext` (below). It replaces the former global side effect:
|
|
114
|
+
// two runtimes in one process now keep independent workspace/brand/sandbox
|
|
115
|
+
// config instead of clobbering a shared singleton. `configureTools` mutates
|
|
116
|
+
// THIS object so later runs of this instance observe the update.
|
|
117
|
+
const toolContext = createToolContext({ ...toolRuntime, runtimeBrand });
|
|
69
118
|
|
|
70
119
|
return {
|
|
120
|
+
/**
|
|
121
|
+
* @param {string} systemPrompt
|
|
122
|
+
* @param {Partial<RuntimeRunOptions>} [options] Optional only so the
|
|
123
|
+
* `options.model` guard below can throw a descriptive error; every
|
|
124
|
+
* real caller must supply a model (see AgentRuntimeInstance.run).
|
|
125
|
+
* @returns {Promise<RuntimeResult>}
|
|
126
|
+
*/
|
|
71
127
|
async run(systemPrompt, options = {}) {
|
|
72
128
|
if (!options.model) throw new Error("createRuntime.run requires options.model");
|
|
73
129
|
const executionMode = typeof options.executionMode === "string" ? options.executionMode : "sdk";
|
|
@@ -80,19 +136,28 @@ export function createRuntime(host = {}) {
|
|
|
80
136
|
observers: [...hostObservers, ...callObservers],
|
|
81
137
|
onEvent: options.onEvent,
|
|
82
138
|
});
|
|
139
|
+
const prompts = resolvePrompts(host.prompts, options.prompts);
|
|
83
140
|
const result = await bridge.execute(systemPrompt, {
|
|
84
141
|
...hostDefaults,
|
|
85
142
|
...options,
|
|
143
|
+
// `...options` alone doesn't carry the `options.model` narrowing above
|
|
144
|
+
// (spread reads the parameter's declared — Partial — type); re-assert
|
|
145
|
+
// the already-validated model so the request satisfies RuntimeRequest.
|
|
146
|
+
model: options.model,
|
|
86
147
|
executionMode,
|
|
87
148
|
runtimeBrand,
|
|
149
|
+
toolContext,
|
|
88
150
|
observerHub: hub,
|
|
89
151
|
onEvent: hub.emit,
|
|
152
|
+
// Merged AFTER the spreads so the per-field run>host>default precedence
|
|
153
|
+
// wins over either bag's whole-object `prompts`.
|
|
154
|
+
...(prompts === undefined ? {} : { prompts }),
|
|
90
155
|
});
|
|
91
156
|
await hub.flush();
|
|
92
157
|
return result;
|
|
93
158
|
},
|
|
94
159
|
configureTools(next = {}) {
|
|
95
|
-
|
|
160
|
+
updateToolContext(toolContext, pickDefined(next, TOOL_RUNTIME_KEYS));
|
|
96
161
|
},
|
|
97
162
|
async disposeSession(providerSessionId) {
|
|
98
163
|
return disposeProviderSession(providerSessionId);
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
export function normalizeList(value: any): any[];
|
|
2
|
+
export function normalizeAllowlistMode(value: any): any;
|
|
3
|
+
export function storedAllowlistMode(value: any): "all" | "custom";
|
|
4
|
+
export function parseStoredAllowlist(value: any): any[];
|
|
5
|
+
/**
|
|
6
|
+
* @param {{mode?: string, list?: any, fallback?: string}} [options]
|
|
7
|
+
*/
|
|
8
|
+
export function inferAllowlistMode({ mode, list, fallback }?: {
|
|
9
|
+
mode?: string;
|
|
10
|
+
list?: any;
|
|
11
|
+
fallback?: string;
|
|
12
|
+
}): any;
|
|
13
|
+
export function resolveAllowlist({ mode, allowlist, all, getName }: {
|
|
14
|
+
mode: any;
|
|
15
|
+
allowlist: any;
|
|
16
|
+
all: any;
|
|
17
|
+
getName?: (item: any) => any;
|
|
18
|
+
}): any;
|
|
19
|
+
export function resolveAllowlistMap({ mode, allowlist, all }: {
|
|
20
|
+
mode: any;
|
|
21
|
+
allowlist: any;
|
|
22
|
+
all: any;
|
|
23
|
+
}): any;
|
|
24
|
+
export const ALLOWLIST_MODE_ALL: "all";
|
|
25
|
+
export const ALLOWLIST_MODE_CUSTOM: "custom";
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @param {{onToolApprovalRequest?: any, defaultRiskTier?: string, timeoutMs?: number, onEvent?: (event: any) => void, riskTiersByTool?: any, alwaysAllowTools?: any}} [options]
|
|
3
|
+
*/
|
|
4
|
+
export function createApprovalManager({ onToolApprovalRequest, defaultRiskTier, timeoutMs, onEvent, riskTiersByTool, alwaysAllowTools, }?: {
|
|
5
|
+
onToolApprovalRequest?: any;
|
|
6
|
+
defaultRiskTier?: string;
|
|
7
|
+
timeoutMs?: number;
|
|
8
|
+
onEvent?: (event: any) => void;
|
|
9
|
+
riskTiersByTool?: any;
|
|
10
|
+
alwaysAllowTools?: any;
|
|
11
|
+
}): {
|
|
12
|
+
request: (toolCall?: {}) => Promise<{
|
|
13
|
+
decision: string;
|
|
14
|
+
reason: string;
|
|
15
|
+
riskTier: any;
|
|
16
|
+
} | {
|
|
17
|
+
requestId: any;
|
|
18
|
+
riskTier: any;
|
|
19
|
+
decision: any;
|
|
20
|
+
reason: any;
|
|
21
|
+
}>;
|
|
22
|
+
riskTierFor: (toolName: any) => any;
|
|
23
|
+
sessionAllowlist: () => Set<any>;
|
|
24
|
+
isAlwaysAllowed: (toolName: any) => boolean;
|
|
25
|
+
};
|
|
26
|
+
export function wrapToolsWithApprovalGate(tools: any, approvalManager: any, { model }?: {
|
|
27
|
+
model?: any;
|
|
28
|
+
}): any[];
|
|
29
|
+
export const APPROVAL_DECISIONS: readonly string[];
|
|
30
|
+
export const RISK_TIERS: readonly string[];
|
|
@@ -0,0 +1,97 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @param {Object<string, *>} [settings]
|
|
3
|
+
* @param {Object} [model]
|
|
4
|
+
* @param {number} [model.contextWindow]
|
|
5
|
+
* @returns {AgentCompactionPolicy}
|
|
6
|
+
*/
|
|
7
|
+
export function resolveAgentCompactionPolicy(settings?: {
|
|
8
|
+
[x: string]: any;
|
|
9
|
+
}, model?: {
|
|
10
|
+
contextWindow?: number;
|
|
11
|
+
}): AgentCompactionPolicy;
|
|
12
|
+
/**
|
|
13
|
+
* Fold the typed `toolLimits` / `compaction` policy objects and the deprecated
|
|
14
|
+
* `settings` bag into ONE settings-like object resolveAgentCompactionPolicy
|
|
15
|
+
* consumes, honoring PER-GROUP precedence: when a typed object is present its
|
|
16
|
+
* fields win and the legacy settings keys for that group are ignored entirely;
|
|
17
|
+
* when the typed object is absent, that group's settings keys are consumed (and
|
|
18
|
+
* reported in `consumedSettingsKeys` so the caller can emit exactly one
|
|
19
|
+
* deprecation warning per run).
|
|
20
|
+
* @param {{toolLimits?: Object<string, *>, compaction?: Object<string, *>, settings?: Object<string, *>}} [options]
|
|
21
|
+
* @returns {{settingsLike: Object<string, *>, consumedSettingsKeys: Array<string>}}
|
|
22
|
+
*/
|
|
23
|
+
export function resolveRuntimePolicyInputs({ toolLimits, compaction, settings }?: {
|
|
24
|
+
toolLimits?: {
|
|
25
|
+
[x: string]: any;
|
|
26
|
+
};
|
|
27
|
+
compaction?: {
|
|
28
|
+
[x: string]: any;
|
|
29
|
+
};
|
|
30
|
+
settings?: {
|
|
31
|
+
[x: string]: any;
|
|
32
|
+
};
|
|
33
|
+
}): {
|
|
34
|
+
settingsLike: {
|
|
35
|
+
[x: string]: any;
|
|
36
|
+
};
|
|
37
|
+
consumedSettingsKeys: Array<string>;
|
|
38
|
+
};
|
|
39
|
+
/**
|
|
40
|
+
* Build the one-per-run deprecation warning fired when the legacy `settings`
|
|
41
|
+
* bag was consumed as a policy fallback. Shape matches the other pi/claude
|
|
42
|
+
* bridge runtime warnings ({warning_kind, source, message}).
|
|
43
|
+
* @param {ReadonlyArray<string>} consumedKeys
|
|
44
|
+
* @returns {{warning_kind: string, source: string, message: string, settings_keys: Array<string>}}
|
|
45
|
+
*/
|
|
46
|
+
export function deprecatedSettingsWarning(consumedKeys: ReadonlyArray<string>): {
|
|
47
|
+
warning_kind: string;
|
|
48
|
+
source: string;
|
|
49
|
+
message: string;
|
|
50
|
+
settings_keys: Array<string>;
|
|
51
|
+
};
|
|
52
|
+
/**
|
|
53
|
+
* @param {Object} [options]
|
|
54
|
+
* @param {string} [options.systemPrompt]
|
|
55
|
+
* @param {Array<Object>} [options.tools]
|
|
56
|
+
* @param {Array<Object>} [options.messages]
|
|
57
|
+
* @returns {{systemPromptTokens: number, toolSchemaTokens: number, userMessageTokens: number, fixedOverheadTokens: number}}
|
|
58
|
+
*/
|
|
59
|
+
export function estimateFixedOverheadTokens({ systemPrompt, tools, messages }?: {
|
|
60
|
+
systemPrompt?: string;
|
|
61
|
+
tools?: Array<any>;
|
|
62
|
+
messages?: Array<any>;
|
|
63
|
+
}): {
|
|
64
|
+
systemPromptTokens: number;
|
|
65
|
+
toolSchemaTokens: number;
|
|
66
|
+
userMessageTokens: number;
|
|
67
|
+
fixedOverheadTokens: number;
|
|
68
|
+
};
|
|
69
|
+
/**
|
|
70
|
+
* @param {string} message
|
|
71
|
+
* @param {Object<string, *>} [diagnostics]
|
|
72
|
+
* @returns {boolean}
|
|
73
|
+
*/
|
|
74
|
+
export function isLikelyContextTermination(message: string, diagnostics?: {
|
|
75
|
+
[x: string]: any;
|
|
76
|
+
}): boolean;
|
|
77
|
+
export const DEPRECATED_SETTINGS_WARNING_KIND: "deprecated_settings_option";
|
|
78
|
+
export type AgentCompactionPolicy = {
|
|
79
|
+
enabled: boolean;
|
|
80
|
+
contextWindow: number;
|
|
81
|
+
triggerRatio: number;
|
|
82
|
+
triggerTokens: number;
|
|
83
|
+
keepRecentTokens: number;
|
|
84
|
+
summaryMaxTokens: number;
|
|
85
|
+
fixedOverheadEnabled: boolean;
|
|
86
|
+
compactionMinSavingsTokens: number;
|
|
87
|
+
toolPayloadCompactionTriggerChars: number;
|
|
88
|
+
toolPruneTriggerTokens: number;
|
|
89
|
+
toolTextLimitChars: number;
|
|
90
|
+
bashOutputLimitChars: number;
|
|
91
|
+
mcpTextLimitChars: number;
|
|
92
|
+
searchResultLimit: number;
|
|
93
|
+
imageInlineMaxBytes: number;
|
|
94
|
+
toolPayloadMaxBytes: number;
|
|
95
|
+
mcpCallTimeoutMs: number;
|
|
96
|
+
mcpCallMaxTotalTimeoutMs: number;
|
|
97
|
+
};
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
export { isLikelyContextTermination, resolveAgentCompactionPolicy } from "./compaction.js";
|
|
2
|
+
export { buildTranscriptTailSnapshot, renderResumeSnapshot } from "./transcript.js";
|
|
3
|
+
export { ALLOWLIST_MODE_ALL, ALLOWLIST_MODE_CUSTOM, inferAllowlistMode, normalizeAllowlistMode, normalizeList, parseStoredAllowlist, resolveAllowlist, resolveAllowlistMap, storedAllowlistMode } from "./allowlists.js";
|
|
4
|
+
export { APPROVAL_DECISIONS, RISK_TIERS, createApprovalManager, wrapToolsWithApprovalGate } from "./approval.js";
|
|
5
|
+
export { BINARY_BLOAT_TOOLS, DEFAULT_TOOL_BLOAT_CONFIG, MAX_TOOL_RESULT_BYTES } from "./tool-bloat.js";
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
export function inferSkillsRoot(skills?: any[]): string;
|
|
2
|
+
export function getSkillAccessDirs(skills?: any[]): string[];
|
|
3
|
+
/**
|
|
4
|
+
* @param {{assetsPath?: string, skillsRoot?: any}} [options]
|
|
5
|
+
*/
|
|
6
|
+
export function buildSkillPathNote({ assetsPath, skillsRoot }?: {
|
|
7
|
+
assetsPath?: string;
|
|
8
|
+
skillsRoot?: any;
|
|
9
|
+
}): string;
|
|
10
|
+
/**
|
|
11
|
+
* @param {{body?: string, assetsPath?: string, skillsRoot?: any, maxChars?: number}} [options]
|
|
12
|
+
*/
|
|
13
|
+
export function formatSkillBodyWithPathNote({ body, assetsPath, skillsRoot, maxChars }?: {
|
|
14
|
+
body?: string;
|
|
15
|
+
assetsPath?: string;
|
|
16
|
+
skillsRoot?: any;
|
|
17
|
+
maxChars?: number;
|
|
18
|
+
}): string;
|
|
19
|
+
export function buildSkillIndex(skills: any): string;
|
|
@@ -0,0 +1,148 @@
|
|
|
1
|
+
/** @type {RuntimeSandbox} */
|
|
2
|
+
export const passthroughSandbox: RuntimeSandbox;
|
|
3
|
+
export type SandboxCommandSpec = {
|
|
4
|
+
command: string;
|
|
5
|
+
args?: ReadonlyArray<string>;
|
|
6
|
+
cwd?: string;
|
|
7
|
+
env?: {
|
|
8
|
+
[x: string]: string;
|
|
9
|
+
};
|
|
10
|
+
};
|
|
11
|
+
export type PreparedSandboxCommand = SandboxCommandSpec & {
|
|
12
|
+
sandboxed: boolean;
|
|
13
|
+
cleanup?: () => Promise<void>;
|
|
14
|
+
};
|
|
15
|
+
export type SandboxNetworkPolicyLike = {
|
|
16
|
+
mode?: string;
|
|
17
|
+
allowlist?: ReadonlyArray<string>;
|
|
18
|
+
};
|
|
19
|
+
/**
|
|
20
|
+
* Opaque, host-defined sandbox policy. The kernel itself only ever inspects
|
|
21
|
+
* `mode` (passthroughSandbox's fail-closed check) and `network.mode`
|
|
22
|
+
* (passthroughSandbox's networkAllowsUrl) — every other field (root,
|
|
23
|
+
* readableRoots, writableRoots, denyWrite, ...) is read directly off whatever
|
|
24
|
+
* the injected `mergePolicies` returns by path-resolver.js, and is opaque
|
|
25
|
+
* pass-through data as far as this module is concerned. Real hosts get the
|
|
26
|
+
* full, richly-typed policy from
|
|
27
|
+
*/
|
|
28
|
+
export type SandboxPolicy = any;
|
|
29
|
+
/**
|
|
30
|
+
* Optional concrete sandboxing backend a caller can hand to `prepareCommand`
|
|
31
|
+
* (matches
|
|
32
|
+
*/
|
|
33
|
+
export type RuntimeSandboxEngine = any;
|
|
34
|
+
export type PrepareSandboxedCommandInput = {
|
|
35
|
+
policy?: SandboxPolicy;
|
|
36
|
+
engine?: RuntimeSandboxEngine;
|
|
37
|
+
command: SandboxCommandSpec;
|
|
38
|
+
};
|
|
39
|
+
/**
|
|
40
|
+
* The injectable sandbox seam. A host constructs one (or reuses
|
|
41
|
+
* `passthroughSandbox`) and passes it to `createRuntime({sandbox})`.
|
|
42
|
+
*/
|
|
43
|
+
export type RuntimeSandbox = {
|
|
44
|
+
/**
|
|
45
|
+
* Monotonic tighten-only merge (I13): the result must never allow anything
|
|
46
|
+
* `configured` alone would have denied.
|
|
47
|
+
*/
|
|
48
|
+
mergePolicies: (configured: (SandboxPolicy | undefined), request: (SandboxPolicy | undefined)) => (SandboxPolicy | undefined);
|
|
49
|
+
/**
|
|
50
|
+
* Resolves a command spec into whatever the underlying process spawner
|
|
51
|
+
* should actually exec (identity when no enforcement is needed).
|
|
52
|
+
*/
|
|
53
|
+
prepareCommand: (input: PrepareSandboxedCommandInput) => Promise<PreparedSandboxCommand>;
|
|
54
|
+
/**
|
|
55
|
+
* Whether a tool call to `url` is allowed under `policy`.
|
|
56
|
+
*/
|
|
57
|
+
networkAllowsUrl: (policy: (SandboxPolicy | undefined), url: string) => boolean;
|
|
58
|
+
/**
|
|
59
|
+
* Optional host-provided extra read-allowed roots beyond the tool
|
|
60
|
+
* context's workspace/repoRoot. Not consumed by any kernel helper today;
|
|
61
|
+
* documented for forward-compatibility with host-side path resolution.
|
|
62
|
+
*/
|
|
63
|
+
additionalReadPaths?: ReadonlyArray<string>;
|
|
64
|
+
};
|
|
65
|
+
/**
|
|
66
|
+
* Plain Error with a `.code`/`.details` shape matching the workspace's
|
|
67
|
+
* CodedError convention (code discriminant + details that echo it, see the
|
|
68
|
+
* agent-contracts package's CodedError) — duplicated here rather than
|
|
69
|
+
* imported, since the kernel must not depend on any workspace package.
|
|
70
|
+
*/
|
|
71
|
+
export class SandboxUnavailableError extends Error {
|
|
72
|
+
/**
|
|
73
|
+
* @param {string} message
|
|
74
|
+
* @param {Record<string, unknown>} [details]
|
|
75
|
+
*/
|
|
76
|
+
constructor(message: string, details?: Record<string, unknown>);
|
|
77
|
+
code: string;
|
|
78
|
+
details: {
|
|
79
|
+
code: string;
|
|
80
|
+
};
|
|
81
|
+
}
|
|
82
|
+
/**
|
|
83
|
+
* @typedef {Object} SandboxCommandSpec
|
|
84
|
+
* @property {string} command
|
|
85
|
+
* @property {ReadonlyArray<string>} [args]
|
|
86
|
+
* @property {string} [cwd]
|
|
87
|
+
* @property {Object<string, string|undefined>} [env]
|
|
88
|
+
*/
|
|
89
|
+
/**
|
|
90
|
+
* @typedef {SandboxCommandSpec & {sandboxed: boolean, cleanup?: () => Promise<void>}} PreparedSandboxCommand
|
|
91
|
+
*/
|
|
92
|
+
/**
|
|
93
|
+
* @typedef {Object} SandboxNetworkPolicyLike
|
|
94
|
+
* @property {string} [mode]
|
|
95
|
+
* @property {ReadonlyArray<string>} [allowlist]
|
|
96
|
+
*/
|
|
97
|
+
/**
|
|
98
|
+
* @typedef {Object} SandboxPolicy
|
|
99
|
+
* Opaque, host-defined sandbox policy. The kernel itself only ever inspects
|
|
100
|
+
* `mode` (passthroughSandbox's fail-closed check) and `network.mode`
|
|
101
|
+
* (passthroughSandbox's networkAllowsUrl) — every other field (root,
|
|
102
|
+
* readableRoots, writableRoots, denyWrite, ...) is read directly off whatever
|
|
103
|
+
* the injected `mergePolicies` returns by path-resolver.js, and is opaque
|
|
104
|
+
* pass-through data as far as this module is concerned. Real hosts get the
|
|
105
|
+
* full, richly-typed policy from @mono-agent/runtime-adapter
|
|
106
|
+
* (`packages/runtime-adapter/src/sandbox.ts`), whose `SandboxPolicy` is a
|
|
107
|
+
* structural superset of this shape.
|
|
108
|
+
* @property {string} [mode]
|
|
109
|
+
* @property {SandboxNetworkPolicyLike} [network]
|
|
110
|
+
* @property {ReadonlyArray<string>} [readableRoots]
|
|
111
|
+
* @property {ReadonlyArray<string>} [writableRoots]
|
|
112
|
+
* @property {ReadonlyArray<string>} [denyWrite]
|
|
113
|
+
* @property {string} [root]
|
|
114
|
+
*/
|
|
115
|
+
/**
|
|
116
|
+
* @typedef {Object} RuntimeSandboxEngine
|
|
117
|
+
* Optional concrete sandboxing backend a caller can hand to `prepareCommand`
|
|
118
|
+
* (matches @mono-agent/runtime-adapter's `SandboxEngine`). Not used by
|
|
119
|
+
* `passthroughSandbox` (see module doc: adapters live in runtime-adapter, not
|
|
120
|
+
* the kernel) — documented here only because it is part of the
|
|
121
|
+
* `prepareCommand` input shape real implementations accept.
|
|
122
|
+
* @property {() => Promise<boolean>} isAvailable
|
|
123
|
+
* @property {(command: SandboxCommandSpec, policy: SandboxPolicy) => Promise<PreparedSandboxCommand>} prepareCommand
|
|
124
|
+
*/
|
|
125
|
+
/**
|
|
126
|
+
* @typedef {Object} PrepareSandboxedCommandInput
|
|
127
|
+
* @property {SandboxPolicy} [policy]
|
|
128
|
+
* @property {RuntimeSandboxEngine} [engine]
|
|
129
|
+
* @property {SandboxCommandSpec} command
|
|
130
|
+
*/
|
|
131
|
+
/**
|
|
132
|
+
* @typedef {Object} RuntimeSandbox
|
|
133
|
+
* The injectable sandbox seam. A host constructs one (or reuses
|
|
134
|
+
* `passthroughSandbox`) and passes it to `createRuntime({sandbox})`.
|
|
135
|
+
* @property {(configured: (SandboxPolicy|undefined), request: (SandboxPolicy|undefined)) => (SandboxPolicy|undefined)} mergePolicies
|
|
136
|
+
* Monotonic tighten-only merge (I13): the result must never allow anything
|
|
137
|
+
* `configured` alone would have denied.
|
|
138
|
+
* @property {(input: PrepareSandboxedCommandInput) => Promise<PreparedSandboxCommand>} prepareCommand
|
|
139
|
+
* Resolves a command spec into whatever the underlying process spawner
|
|
140
|
+
* should actually exec (identity when no enforcement is needed).
|
|
141
|
+
* @property {(policy: (SandboxPolicy|undefined), url: string) => boolean} networkAllowsUrl
|
|
142
|
+
* Whether a tool call to `url` is allowed under `policy`.
|
|
143
|
+
* @property {ReadonlyArray<string>} [additionalReadPaths]
|
|
144
|
+
* Optional host-provided extra read-allowed roots beyond the tool
|
|
145
|
+
* context's workspace/repoRoot. Not consumed by any kernel helper today;
|
|
146
|
+
* documented for forward-compatibility with host-side path resolution.
|
|
147
|
+
*/
|
|
148
|
+
export const SANDBOX_UNAVAILABLE_CODE: "sandbox_unavailable";
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
export function summarisePayload(toolName: any, contentBlocks: any, persistArtifact: any, options?: {}): {
|
|
2
|
+
rewrittenBlocks: any[];
|
|
3
|
+
savedPaths: any[];
|
|
4
|
+
originalBytes: any;
|
|
5
|
+
truncated: boolean;
|
|
6
|
+
} | {
|
|
7
|
+
rewrittenBlocks: {
|
|
8
|
+
type: string;
|
|
9
|
+
text: string;
|
|
10
|
+
}[];
|
|
11
|
+
savedPaths: any[];
|
|
12
|
+
originalBytes: any;
|
|
13
|
+
truncated: boolean;
|
|
14
|
+
};
|
|
15
|
+
export function applyToolBloatGuard(toolName: any, executePromise: any, options?: {}): Promise<any>;
|
|
16
|
+
export function wrapToolsWithBloatGuard(tools: any, options?: {}): any[];
|
|
17
|
+
export const MAX_TOOL_RESULT_BYTES: 262144;
|
|
18
|
+
export const BINARY_BLOAT_TOOLS: readonly string[];
|
|
19
|
+
export const DEFAULT_TOOL_BLOAT_CONFIG: Readonly<{
|
|
20
|
+
maxBytes: 262144;
|
|
21
|
+
binaryBloatTools: readonly string[];
|
|
22
|
+
}>;
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
export function normalizeBashTimeoutMs(value: any, fallback?: number): number;
|
|
2
|
+
/**
|
|
3
|
+
* @param {{command: string, timeout?: number, max_output_chars?: number, workdir?: string}} params
|
|
4
|
+
* @param {{signal?: any, sandboxPolicy?: any, sandboxEngine?: any, ctx?: any}} [options]
|
|
5
|
+
*/
|
|
6
|
+
export function bashToolImpl({ command, timeout, max_output_chars, workdir }: {
|
|
7
|
+
command: string;
|
|
8
|
+
timeout?: number;
|
|
9
|
+
max_output_chars?: number;
|
|
10
|
+
workdir?: string;
|
|
11
|
+
}, { signal, sandboxPolicy, sandboxEngine, ctx }?: {
|
|
12
|
+
signal?: any;
|
|
13
|
+
sandboxPolicy?: any;
|
|
14
|
+
sandboxEngine?: any;
|
|
15
|
+
ctx?: any;
|
|
16
|
+
}): Promise<string>;
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @param {{file_path: string, old_string: string, new_string: string, replace_all?: boolean, workdir?: string}} params
|
|
3
|
+
* @param {{sandboxPolicy?: any, ctx?: any}} [options]
|
|
4
|
+
*/
|
|
5
|
+
export function editToolImpl({ file_path, old_string, new_string, replace_all, workdir }: {
|
|
6
|
+
file_path: string;
|
|
7
|
+
old_string: string;
|
|
8
|
+
new_string: string;
|
|
9
|
+
replace_all?: boolean;
|
|
10
|
+
workdir?: string;
|
|
11
|
+
}, { sandboxPolicy, ctx }?: {
|
|
12
|
+
sandboxPolicy?: any;
|
|
13
|
+
ctx?: any;
|
|
14
|
+
}): Promise<string>;
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @param {{pattern: string, path?: string, limit?: number, offset?: number, max_matches?: number, max_output_chars?: number, workdir?: string}} params
|
|
3
|
+
* @param {{sandboxPolicy?: any, ctx?: any}} [options]
|
|
4
|
+
*/
|
|
5
|
+
export function globToolImpl({ pattern, path, limit, offset, max_matches, max_output_chars, workdir }: {
|
|
6
|
+
pattern: string;
|
|
7
|
+
path?: string;
|
|
8
|
+
limit?: number;
|
|
9
|
+
offset?: number;
|
|
10
|
+
max_matches?: number;
|
|
11
|
+
max_output_chars?: number;
|
|
12
|
+
workdir?: string;
|
|
13
|
+
}, { sandboxPolicy, ctx }?: {
|
|
14
|
+
sandboxPolicy?: any;
|
|
15
|
+
ctx?: any;
|
|
16
|
+
}): Promise<string>;
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @param {{pattern: string, path?: string, glob?: string, type?: string, output_mode?: string, context?: number, case_insensitive?: boolean, multiline?: boolean, head_limit?: number, offset?: number, max_matches?: number, max_output_chars?: number, workdir?: string}} params
|
|
3
|
+
* @param {{sandboxPolicy?: any, ctx?: any}} [options]
|
|
4
|
+
*/
|
|
5
|
+
export function grepToolImpl({ pattern, path, glob, type, output_mode, context, case_insensitive, multiline, head_limit, offset, max_matches, max_output_chars, workdir, }: {
|
|
6
|
+
pattern: string;
|
|
7
|
+
path?: string;
|
|
8
|
+
glob?: string;
|
|
9
|
+
type?: string;
|
|
10
|
+
output_mode?: string;
|
|
11
|
+
context?: number;
|
|
12
|
+
case_insensitive?: boolean;
|
|
13
|
+
multiline?: boolean;
|
|
14
|
+
head_limit?: number;
|
|
15
|
+
offset?: number;
|
|
16
|
+
max_matches?: number;
|
|
17
|
+
max_output_chars?: number;
|
|
18
|
+
workdir?: string;
|
|
19
|
+
}, { sandboxPolicy, ctx }?: {
|
|
20
|
+
sandboxPolicy?: any;
|
|
21
|
+
ctx?: any;
|
|
22
|
+
}): Promise<string>;
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
export { readToolImpl } from "./read.js";
|
|
2
|
+
export { writeToolImpl } from "./write.js";
|
|
3
|
+
export { editToolImpl } from "./edit.js";
|
|
4
|
+
export { globToolImpl } from "./glob.js";
|
|
5
|
+
export { grepToolImpl } from "./grep.js";
|
|
6
|
+
export { webFetchToolImpl } from "./web-fetch.js";
|
|
7
|
+
export { webSearchToolImpl } from "./web-search.js";
|
|
8
|
+
export { resolveRgPath } from "./shared/ripgrep.js";
|
|
9
|
+
export { bashToolImpl, normalizeBashTimeoutMs } from "./bash.js";
|
|
10
|
+
export { isPathAllowed, isWorkdirAllowed } from "./shared/path-resolver.js";
|