@oyasmi/pipiclaw 0.5.9 → 0.6.0

package/dist/runtime/dingtalk.js

@@ -78,6 +78,7 @@ export class DingTalkBot {
         this.isReconnecting = false;
         this.isStopped = false;
         this.reconnectAttempts = 0;
+        this.hasReportedReady = false;
         // Deduplication cache (Set for O(1) lookup, order array for FIFO eviction)
         this.processedIds = new Set();
         this.processedIdsOrder = [];
@@ -180,8 +181,10 @@ export class DingTalkBot {
         this.client.registerCallbackListener(TOPIC_ROBOT, (msg) => {
             return this.handleRawMessage(msg);
         });
-        log.logConnected();
-        await this.doReconnect(true); // Initial connection
+        const connected = await this.doReconnect(true); // Initial connection
+        if (!connected) {
+            log.logWarning("DingTalk: initial stream connection not ready yet; retrying in background");
+        }
     }
     handleRawMessage(msg) {
         // 1. Immediate ACK
@@ -213,16 +216,17 @@ export class DingTalkBot {
     }
     async doReconnect(immediate = false) {
         if (this.isReconnecting || this.isStopped || !this.client)
-            return;
+            return false;
         this.isReconnecting = true;
         let connectionFailed = false;
+        let connected = false;
         if (!immediate && this.reconnectAttempts > 0) {
             const delay = Math.min(1000 * 2 ** this.reconnectAttempts + Math.random() * 1000, 30000);
             log.logInfo(`DingTalk: waiting ${Math.round(delay / 1000)}s before reconnecting...`);
             await this.waitForDelay(delay);
             if (this.isStopped || !this.client) {
                 this.isReconnecting = false;
-                return;
+                return false;
             }
         }
         try {
@@ -234,6 +238,11 @@ export class DingTalkBot {
             this.lastSocketAvailableTime = Date.now();
             this.reconnectAttempts = 0; // Success, reset backoff
             log.logInfo("DingTalk: connected to stream.");
+            if (!this.hasReportedReady) {
+                log.logConnected();
+                this.hasReportedReady = true;
+            }
+            connected = true;
             // Setup keep alive
             this.clearKeepAliveTimer();
             this.keepAliveTimer = this.setTrackedInterval(() => {
@@ -291,6 +300,7 @@ export class DingTalkBot {
         if (connectionFailed && !this.isStopped) {
             this.scheduleReconnect(0, false);
         }
+        return connected;
     }
     async stop() {
         log.logInfo("DingTalk: stopping bot");

package/dist/runtime/events.d.ts

@@ -42,6 +42,9 @@ export declare class EventsWatcher {
     private handlePeriodic;
     private execute;
     private deleteFile;
+    private getInvalidMarkerPath;
+    private markInvalid;
+    private clearInvalidMarker;
     private sleep;
 }
 /**

package/dist/runtime/events.js

@@ -1,5 +1,5 @@
 import { Cron } from "croner";
-import { existsSync, mkdirSync, readdirSync, statSync, unlinkSync, watch } from "fs";
+import { existsSync, mkdirSync, readdirSync, statSync, unlinkSync, watch, writeFileSync } from "fs";
 import { readFile } from "fs/promises";
 import { join } from "path";
 import * as log from "../log.js";
@@ -128,10 +128,11 @@ export class EventsWatcher {
         }
         if (!event) {
             log.logWarning(`Failed to parse event file after ${MAX_RETRIES} retries: ${filename}`, lastError?.message);
-            this.deleteFile(filename);
+            this.markInvalid(filename, lastError?.message ?? "Unknown event parse error");
             return;
         }
         this.knownFiles.add(filename);
+        this.clearInvalidMarker(filename);
         switch (event.type) {
             case "immediate":
                 this.handleImmediate(filename, event);
@@ -196,7 +197,7 @@ export class EventsWatcher {
         const now = Date.now();
         if (!Number.isFinite(atTime)) {
             log.logWarning(`Invalid one-shot time for ${filename}: ${event.at}`);
-            this.deleteFile(filename);
+            this.markInvalid(filename, `Invalid one-shot time: ${event.at}`);
             return;
         }
         if (atTime <= now) {
@@ -207,7 +208,7 @@ export class EventsWatcher {
         const delay = atTime - now;
         if (delay > MAX_TIMEOUT_MS) {
             log.logWarning(`One-shot event exceeds maximum supported delay for ${filename}: ${event.at}. Use a periodic cron event instead.`);
-            this.deleteFile(filename);
+            this.markInvalid(filename, `One-shot event exceeds maximum supported delay: ${event.at}`);
             return;
         }
         log.logInfo(`Scheduling one-shot event: ${filename} in ${Math.round(delay / 1000)}s`);
@@ -230,7 +231,7 @@ export class EventsWatcher {
         }
         catch (err) {
             log.logWarning(`Invalid cron schedule for ${filename}: ${event.schedule}`, String(err));
-            this.deleteFile(filename);
+            this.markInvalid(filename, `Invalid cron schedule: ${event.schedule}\n${String(err)}`);
         }
     }
     execute(filename, event, deleteAfter = true) {
@@ -279,8 +280,32 @@ export class EventsWatcher {
                 log.logWarning(`Failed to delete event file: ${filename}`, String(err));
             }
         }
+        this.clearInvalidMarker(filename);
         this.knownFiles.delete(filename);
     }
+    getInvalidMarkerPath(filename) {
+        return join(this.eventsDir, `${filename}.error.txt`);
+    }
+    markInvalid(filename, message) {
+        try {
+            writeFileSync(this.getInvalidMarkerPath(filename), [`timestamp: ${new Date().toISOString()}`, `file: ${filename}`, "", message.trim()].join("\n"), "utf-8");
+        }
+        catch (err) {
+            log.logWarning(`Failed to write event error marker: ${filename}`, String(err));
+        }
+        this.knownFiles.add(filename);
+    }
+    clearInvalidMarker(filename) {
+        const markerPath = this.getInvalidMarkerPath(filename);
+        try {
+            unlinkSync(markerPath);
+        }
+        catch (err) {
+            if (err instanceof Error && "code" in err && err.code !== "ENOENT") {
+                log.logWarning(`Failed to delete event error marker: ${filename}`, String(err));
+            }
+        }
+    }
     sleep(ms) {
         return new Promise((resolve) => setTimeout(resolve, ms));
     }

package/dist/security/command-guard.js

@@ -1,4 +1,5 @@
 import { basename } from "node:path";
+import { isWindowsPlatform } from "./platform.js";
 const WHITESPACE = /\s+/;
 function stripNullAndNormalize(text) {
     return text.replace(/\0/g, "").normalize("NFKC");
@@ -402,6 +403,9 @@ export function guardCommand(command, config) {
     if (!config.enabled) {
         return { allowed: true };
     }
+    if (isWindowsPlatform()) {
+        return { allowed: true };
+    }
     const atoms = splitCommandChain(command);
     const normalizedWhole = stripNullAndNormalize(command);
     for (const allowPattern of config.allowPatterns) {

package/dist/security/config.d.ts

@@ -1,4 +1,10 @@
+import type { ConfigDiagnostic } from "../shared/config-diagnostics.js";
 import type { SecurityConfig } from "./types.js";
+export interface LoadedSecurityConfig {
+    config: SecurityConfig;
+    diagnostics: ConfigDiagnostic[];
+}
 export declare const DEFAULT_SECURITY_CONFIG: SecurityConfig;
 export declare function getSecurityConfigPath(appHomeDir?: string): string;
+export declare function loadSecurityConfigWithDiagnostics(appHomeDir?: string): LoadedSecurityConfig;
 export declare function loadSecurityConfig(appHomeDir?: string): SecurityConfig;

package/dist/security/config.js

@@ -34,14 +34,30 @@ function asStringArray(value) {
 function asOptionalString(value) {
     return typeof value === "string" && value.trim() ? value : undefined;
 }
-function mergeSecurityConfig(source) {
+function pushInvalidSecurityDiagnostic(diagnostics, configPath, field, message) {
+    diagnostics.push({
+        source: "security",
+        path: configPath,
+        severity: "warning",
+        message: `${field}: ${message}`,
+    });
+}
+function mergeSecurityConfig(source, configPath, diagnostics) {
     if (!isRecord(source)) {
+        pushInvalidSecurityDiagnostic(diagnostics, configPath, "root", "expected a JSON object; using defaults");
         return DEFAULT_SECURITY_CONFIG;
     }
     const commandGuard = isRecord(source.commandGuard) ? source.commandGuard : {};
     const pathGuard = isRecord(source.pathGuard) ? source.pathGuard : {};
     const networkGuard = isRecord(source.networkGuard) ? source.networkGuard : {};
     const audit = isRecord(source.audit) ? source.audit : {};
+    if (networkGuard.maxRedirects !== undefined) {
+        const maxRedirects = networkGuard.maxRedirects;
+        const isValidMaxRedirects = typeof maxRedirects === "number" && Number.isFinite(maxRedirects) && maxRedirects > 0;
+        if (!isValidMaxRedirects) {
+            pushInvalidSecurityDiagnostic(diagnostics, configPath, "networkGuard.maxRedirects", "expected a positive integer; using default");
+        }
+    }
     return {
         enabled: typeof source.enabled === "boolean" ? source.enabled : DEFAULT_SECURITY_CONFIG.enabled,
         commandGuard: {
@@ -85,17 +101,33 @@ function mergeSecurityConfig(source) {
 export function getSecurityConfigPath(appHomeDir = APP_HOME_DIR) {
     return join(appHomeDir, "security.json");
 }
-export function loadSecurityConfig(appHomeDir = APP_HOME_DIR) {
+export function loadSecurityConfigWithDiagnostics(appHomeDir = APP_HOME_DIR) {
     const configPath = getSecurityConfigPath(appHomeDir);
     if (!existsSync(configPath)) {
-        return DEFAULT_SECURITY_CONFIG;
+        return { config: DEFAULT_SECURITY_CONFIG, diagnostics: [] };
     }
     try {
         const raw = JSON.parse(readFileSync(configPath, "utf-8"));
-        return mergeSecurityConfig(raw);
+        const diagnostics = [];
+        return {
+            config: mergeSecurityConfig(raw, configPath, diagnostics),
+            diagnostics,
+        };
     }
     catch (error) {
-        console.warn(`Failed to load security config from ${configPath}: ${error}`);
-        return DEFAULT_SECURITY_CONFIG;
+        return {
+            config: DEFAULT_SECURITY_CONFIG,
+            diagnostics: [
+                {
+                    source: "security",
+                    path: configPath,
+                    severity: "error",
+                    message: error instanceof Error ? error.message : String(error),
+                },
+            ],
+        };
     }
 }
+export function loadSecurityConfig(appHomeDir = APP_HOME_DIR) {
+    return loadSecurityConfigWithDiagnostics(appHomeDir).config;
+}

package/dist/security/path-guard.js

@@ -1,6 +1,7 @@
 import { existsSync, lstatSync, realpathSync } from "node:fs";
 import { homedir, tmpdir } from "node:os";
 import { basename, dirname, isAbsolute, normalize, resolve } from "node:path";
+import { isWindowsPlatform } from "./platform.js";
 const PRIVATE_KEY_EXTENSIONS = new Set([".pem", ".key", ".p12", ".pfx"]);
 const PRIVATE_KEY_NAME_HINTS = /(id_rsa|id_ed25519|private|secret|credentials)/i;
 const PROC_MEM_PATH = /^\/proc\/\d+\/mem(?:\/|$)/;
@@ -197,6 +198,9 @@ export function guardPath(rawPath, operation, ctx) {
     if (!ctx.config.enabled) {
         return { allowed: true, operation, rawPath };
     }
+    if (isWindowsPlatform()) {
+        return { allowed: true, operation, rawPath };
+    }
     const homeDir = ctx.homeDir ?? homedir();
     const effectiveCtx = {
         ...ctx,

package/dist/security/platform.d.ts

@@ -0,0 +1 @@
+export declare function isWindowsPlatform(): boolean;

package/dist/security/platform.js

@@ -0,0 +1,3 @@
+export function isWindowsPlatform() {
+    return process.platform === "win32";
+}

package/dist/settings.d.ts

@@ -7,6 +7,7 @@
  * This module currently provides only PipiclawSettingsManager.
  */
 import type { Transport } from "@mariozechner/pi-ai";
+import type { ConfigDiagnostic } from "./shared/config-diagnostics.js";
 type PackageSource = string | {
     source: string;
     extensions?: string[];
@@ -83,10 +84,13 @@ export interface PipiclawSettings {
 export declare class PipiclawSettingsManager {
     private settingsPath;
     private settings;
+    private loadErrors;
     constructor(baseDir: string);
     private load;
     private save;
     reload(): void;
+    drainErrors(): SettingsError[];
+    getDiagnostics(): ConfigDiagnostic[];
     getCompactionSettings(): PipiclawCompactionSettings;
     getCompactionEnabled(): boolean;
     setCompactionEnabled(enabled: boolean): void;
@@ -176,6 +180,5 @@ export declare class PipiclawSettingsManager {
     getProjectSettings(): Settings;
     applyOverrides(overrides: Partial<Settings>): void;
     flush(): Promise<void>;
-    drainErrors(): SettingsError[];
 }
 export {};

package/dist/settings.js

@@ -8,6 +8,7 @@
  */
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
 import { dirname, join } from "path";
+import * as log from "./log.js";
 const DEFAULT_COMPACTION = {
     enabled: true,
     reserveTokens: 16384,
@@ -40,18 +41,32 @@ const DEFAULT_SESSION_MEMORY = {
  */
 export class PipiclawSettingsManager {
     constructor(baseDir) {
+        this.loadErrors = [];
         this.settingsPath = join(baseDir, "settings.json");
         this.settings = this.load();
     }
     load() {
+        this.loadErrors = [];
         if (!existsSync(this.settingsPath)) {
             return {};
         }
         try {
             const content = readFileSync(this.settingsPath, "utf-8");
-            return JSON.parse(content);
+            const parsed = JSON.parse(content);
+            if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+                this.loadErrors.push({
+                    scope: "global",
+                    error: new Error(`Expected a JSON object in ${this.settingsPath}`),
+                });
+                return {};
+            }
+            return parsed;
         }
-        catch {
+        catch (error) {
+            this.loadErrors.push({
+                scope: "global",
+                error: error instanceof Error ? error : new Error(String(error)),
+            });
             return {};
         }
     }
@@ -64,12 +79,25 @@ export class PipiclawSettingsManager {
             writeFileSync(this.settingsPath, JSON.stringify(this.settings, null, 2), "utf-8");
         }
         catch (error) {
-            console.error(`Warning: Could not save settings file: ${error}`);
+            log.logWarning(`Could not save settings file`, `${this.settingsPath}\n${String(error)}`);
         }
     }
     reload() {
         this.settings = this.load();
     }
+    drainErrors() {
+        const errors = this.loadErrors;
+        this.loadErrors = [];
+        return errors;
+    }
+    getDiagnostics() {
+        return this.loadErrors.map(({ error }) => ({
+            source: "settings",
+            path: this.settingsPath,
+            severity: "error",
+            message: error.message,
+        }));
+    }
     getCompactionSettings() {
         return {
             ...DEFAULT_COMPACTION,
@@ -377,7 +405,4 @@ export class PipiclawSettingsManager {
     flush() {
         return Promise.resolve();
     }
-    drainErrors() {
-        return [];
-    }
 }

package/dist/shared/config-diagnostics.d.ts

@@ -0,0 +1,7 @@
+export interface ConfigDiagnostic {
+    source: "settings" | "tools" | "security";
+    path: string;
+    severity: "warning" | "error";
+    message: string;
+}
+export declare function formatConfigDiagnostic(diagnostic: ConfigDiagnostic): string;

package/dist/shared/config-diagnostics.js

@@ -0,0 +1,3 @@
+export function formatConfigDiagnostic(diagnostic) {
+    return `${diagnostic.source}.json: ${diagnostic.message}`;
+}

package/dist/tools/config.d.ts

@@ -1,3 +1,4 @@
+import type { ConfigDiagnostic } from "../shared/config-diagnostics.js";
 export type WebSearchProvider = "brave" | "tavily" | "jina" | "searxng" | "duckduckgo";
 export interface PipiclawWebSearchConfig {
     provider: WebSearchProvider;
@@ -10,6 +11,7 @@ export interface PipiclawWebFetchConfig {
     maxChars: number;
     timeoutMs: number;
     maxImageBytes: number;
+    maxResponseBytes: number;
     preferJina: boolean;
     enableJinaFallback: boolean;
     defaultExtractMode: "markdown" | "text";
@@ -25,6 +27,11 @@ export interface PipiclawToolsConfig {
         web: PipiclawWebToolsConfig;
     };
 }
+export interface LoadedToolsConfig {
+    config: PipiclawToolsConfig;
+    diagnostics: ConfigDiagnostic[];
+}
 export declare const DEFAULT_TOOLS_CONFIG: PipiclawToolsConfig;
 export declare function getToolsConfigPath(appHomeDir?: string): string;
+export declare function loadToolsConfigWithDiagnostics(appHomeDir?: string): LoadedToolsConfig;
 export declare function loadToolsConfig(appHomeDir?: string): PipiclawToolsConfig;

package/dist/tools/config.js

@@ -19,6 +19,7 @@ export const DEFAULT_TOOLS_CONFIG = {
                 maxChars: 50_000,
                 timeoutMs: 30_000,
                 maxImageBytes: 10 * 1024 * 1024,
+                maxResponseBytes: 5 * 1024 * 1024,
                 preferJina: false,
                 enableJinaFallback: false,
                 defaultExtractMode: "markdown",
@@ -52,8 +53,17 @@ function asOptionalProxy(value) {
     const trimmed = value.trim();
     return trimmed.length > 0 ? trimmed : null;
 }
-function mergeToolsConfig(source) {
+function pushInvalidValueDiagnostic(diagnostics, configPath, field, message) {
+    diagnostics.push({
+        source: "tools",
+        path: configPath,
+        severity: "warning",
+        message: `${field}: ${message}`,
+    });
+}
+function mergeToolsConfig(source, configPath, diagnostics) {
     if (!isRecord(source)) {
+        pushInvalidValueDiagnostic(diagnostics, configPath, "root", "expected a JSON object; using defaults");
         return DEFAULT_TOOLS_CONFIG;
     }
     const tools = isRecord(source.tools) ? source.tools : {};
@@ -63,8 +73,37 @@ function mergeToolsConfig(source) {
     const providerValue = asTrimmedString(search.provider, DEFAULT_TOOLS_CONFIG.tools.web.search.provider).toLowerCase();
     const provider = WEB_SEARCH_PROVIDERS.includes(providerValue)
         ? providerValue
-        : DEFAULT_TOOLS_CONFIG.tools.web.search.provider;
+        : (() => {
+            if (search.provider !== undefined) {
+                pushInvalidValueDiagnostic(diagnostics, configPath, "tools.web.search.provider", `unknown provider "${String(search.provider)}"; using ${DEFAULT_TOOLS_CONFIG.tools.web.search.provider}`);
+            }
+            return DEFAULT_TOOLS_CONFIG.tools.web.search.provider;
+        })();
     const defaultExtractMode = asTrimmedString(fetch.defaultExtractMode, DEFAULT_TOOLS_CONFIG.tools.web.fetch.defaultExtractMode);
+    if (web.proxy !== undefined && web.proxy !== null && typeof web.proxy !== "string") {
+        pushInvalidValueDiagnostic(diagnostics, configPath, "tools.web.proxy", "expected a string or null; using null");
+    }
+    if (search.maxResults !== undefined && clampInteger(search.maxResults, -1, 1, 10) === -1) {
+        pushInvalidValueDiagnostic(diagnostics, configPath, "tools.web.search.maxResults", "expected an integer between 1 and 10; using default");
+    }
+    if (search.timeoutMs !== undefined && clampInteger(search.timeoutMs, -1, 1) === -1) {
+        pushInvalidValueDiagnostic(diagnostics, configPath, "tools.web.search.timeoutMs", "expected a positive integer; using default");
+    }
+    if (fetch.maxChars !== undefined && clampInteger(fetch.maxChars, -1, 100) === -1) {
+        pushInvalidValueDiagnostic(diagnostics, configPath, "tools.web.fetch.maxChars", "expected an integer >= 100; using default");
+    }
+    if (fetch.timeoutMs !== undefined && clampInteger(fetch.timeoutMs, -1, 1) === -1) {
+        pushInvalidValueDiagnostic(diagnostics, configPath, "tools.web.fetch.timeoutMs", "expected a positive integer; using default");
+    }
+    if (fetch.maxImageBytes !== undefined && clampInteger(fetch.maxImageBytes, -1, 1) === -1) {
+        pushInvalidValueDiagnostic(diagnostics, configPath, "tools.web.fetch.maxImageBytes", "expected a positive integer; using default");
+    }
+    if (fetch.maxResponseBytes !== undefined && clampInteger(fetch.maxResponseBytes, -1, 1) === -1) {
+        pushInvalidValueDiagnostic(diagnostics, configPath, "tools.web.fetch.maxResponseBytes", "expected a positive integer; using default");
+    }
+    if (fetch.defaultExtractMode !== undefined && defaultExtractMode !== "text" && defaultExtractMode !== "markdown") {
+        pushInvalidValueDiagnostic(diagnostics, configPath, "tools.web.fetch.defaultExtractMode", `expected "markdown" or "text"; using ${DEFAULT_TOOLS_CONFIG.tools.web.fetch.defaultExtractMode}`);
+    }
     return {
         tools: {
             web: {
@@ -81,6 +120,7 @@ function mergeToolsConfig(source) {
                     maxChars: clampInteger(fetch.maxChars, DEFAULT_TOOLS_CONFIG.tools.web.fetch.maxChars, 100),
                     timeoutMs: clampInteger(fetch.timeoutMs, DEFAULT_TOOLS_CONFIG.tools.web.fetch.timeoutMs, 1),
                     maxImageBytes: clampInteger(fetch.maxImageBytes, DEFAULT_TOOLS_CONFIG.tools.web.fetch.maxImageBytes, 1),
+                    maxResponseBytes: clampInteger(fetch.maxResponseBytes, DEFAULT_TOOLS_CONFIG.tools.web.fetch.maxResponseBytes, 1),
                     preferJina: typeof fetch.preferJina === "boolean"
                         ? fetch.preferJina
                         : DEFAULT_TOOLS_CONFIG.tools.web.fetch.preferJina,
@@ -98,17 +138,33 @@ function mergeToolsConfig(source) {
 export function getToolsConfigPath(appHomeDir = APP_HOME_DIR) {
     return appHomeDir === APP_HOME_DIR ? TOOLS_CONFIG_PATH : join(appHomeDir, "tools.json");
 }
-export function loadToolsConfig(appHomeDir = APP_HOME_DIR) {
+export function loadToolsConfigWithDiagnostics(appHomeDir = APP_HOME_DIR) {
     const configPath = getToolsConfigPath(appHomeDir);
     if (!existsSync(configPath)) {
-        return DEFAULT_TOOLS_CONFIG;
+        return { config: DEFAULT_TOOLS_CONFIG, diagnostics: [] };
     }
     try {
         const raw = JSON.parse(readFileSync(configPath, "utf-8"));
-        return mergeToolsConfig(raw);
+        const diagnostics = [];
+        return {
+            config: mergeToolsConfig(raw, configPath, diagnostics),
+            diagnostics,
+        };
     }
     catch (error) {
-        console.warn(`Failed to load tools config from ${configPath}: ${error}`);
-        return DEFAULT_TOOLS_CONFIG;
+        return {
+            config: DEFAULT_TOOLS_CONFIG,
+            diagnostics: [
+                {
+                    source: "tools",
+                    path: configPath,
+                    severity: "error",
+                    message: error instanceof Error ? error.message : String(error),
+                },
+            ],
+        };
     }
 }
+export function loadToolsConfig(appHomeDir = APP_HOME_DIR) {
+    return loadToolsConfigWithDiagnostics(appHomeDir).config;
+}

package/dist/tools/index.d.ts

@@ -4,6 +4,7 @@ import type { Executor, SandboxConfig } from "../sandbox.js";
 import type { SecurityConfig, SecurityRuntimeContext } from "../security/types.js";
 import type { PipiclawMemoryRecallSettings } from "../settings.js";
 import type { SubAgentDiscoveryResult } from "../subagents/discovery.js";
+import type { PipiclawToolsConfig } from "./config.js";
 export interface CreatePipiclawToolsOptions {
     executor: Executor;
     getCurrentModel: () => Model<Api>;
@@ -16,6 +17,8 @@ export interface CreatePipiclawToolsOptions {
     sandboxConfig: SandboxConfig;
     getSubAgentDiscovery: () => SubAgentDiscoveryResult;
     getMemoryRecallSettings: () => PipiclawMemoryRecallSettings;
+    securityConfig?: SecurityConfig;
+    toolsConfig?: PipiclawToolsConfig;
 }
 export interface CreatePipiclawBaseToolsOptions {
     securityConfig?: SecurityConfig;

package/dist/tools/index.js

@@ -25,8 +25,8 @@ export function createPipiclawBaseTools(executor, options = {}) {
     ];
 }
 export function createPipiclawTools(options) {
-    const securityConfig = loadSecurityConfig(APP_HOME_DIR);
-    const toolsConfig = loadToolsConfig(APP_HOME_DIR);
+    const securityConfig = options.securityConfig ?? loadSecurityConfig(APP_HOME_DIR);
+    const toolsConfig = options.toolsConfig ?? loadToolsConfig(APP_HOME_DIR);
     const securityContext = {
         workspaceDir: options.workspaceDir,
         workspacePath: options.workspacePath,

package/dist/web/client.d.ts

@@ -23,6 +23,7 @@ export interface WebHttpRequestOptions {
     timeoutMs: number;
     signal?: AbortSignal;
     maxRedirects?: number;
+    maxResponseBytes?: number;
 }
 export declare class WebHttpClient {
     private readonly context;

package/dist/web/client.js

@@ -108,24 +108,36 @@ export class WebHttpClient {
                 throw error;
             }
             const agent = getProxyAgent(currentUrl, this.context.webConfig.proxy);
-            const response = await axios.request({
-                method,
-                url: currentUrl,
-                data,
-                headers: {
-                    "User-Agent": WEB_USER_AGENT,
-                    Accept: "*/*",
-                    ...options.headers,
-                },
-                responseType: "arraybuffer",
-                validateStatus: () => true,
-                timeout: options.timeoutMs,
-                signal: options.signal,
-                maxRedirects: 0,
-                proxy: false,
-                httpAgent: agent,
-                httpsAgent: agent,
-            });
+            let response;
+            try {
+                response = await axios.request({
+                    method,
+                    url: currentUrl,
+                    data,
+                    headers: {
+                        "User-Agent": WEB_USER_AGENT,
+                        Accept: "*/*",
+                        ...options.headers,
+                    },
+                    responseType: "arraybuffer",
+                    validateStatus: () => true,
+                    timeout: options.timeoutMs,
+                    signal: options.signal,
+                    maxRedirects: 0,
+                    maxContentLength: options.maxResponseBytes ?? Number.POSITIVE_INFINITY,
+                    proxy: false,
+                    httpAgent: agent,
+                    httpsAgent: agent,
+                });
+            }
+            catch (error) {
+                if (options.maxResponseBytes &&
+                    typeof error?.message === "string" &&
+                    error.message.includes("maxContentLength")) {
+                    throw new Error(`Response exceeds maxResponseBytes (${options.maxResponseBytes} bytes)`);
+                }
+                throw error;
+            }
             const headers = normalizeHeaders(response.headers);
             const body = Buffer.isBuffer(response.data) ? response.data : Buffer.from(response.data);
             if (isRedirectStatus(response.status) && headers.location) {

package/dist/web/config.d.ts

@@ -10,6 +10,7 @@ export interface ResolvedWebFetchRequest {
     maxChars: number;
     timeoutMs: number;
     maxImageBytes: number;
+    maxResponseBytes: number;
     preferJina: boolean;
     enableJinaFallback: boolean;
 }

package/dist/web/config.js

@@ -12,6 +12,7 @@ export function resolveWebFetchRequest(config, url, extractMode, maxChars) {
         maxChars: clamp(maxChars, config.maxChars, 100),
         timeoutMs: config.timeoutMs,
         maxImageBytes: config.maxImageBytes,
+        maxResponseBytes: config.maxResponseBytes,
         preferJina: config.preferJina,
         enableJinaFallback: config.enableJinaFallback,
     };

package/dist/web/fetch.d.ts

@@ -17,6 +17,7 @@ export declare function runWebFetch(context: WebFetchExecutionContext, request:
     extractMode: "markdown" | "text";
     maxChars: number;
     maxImageBytes: number;
+    maxResponseBytes: number;
     preferJina: boolean;
     enableJinaFallback: boolean;
 }, signal?: AbortSignal): Promise<WebFetchOutput>;