@pixelzx/genesis 2026.5.5-2 → 2026.5.5-3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1017) hide show
  1. package/CHANGELOG.md +1 -0
  2. package/dist/.buildstamp +1 -1
  3. package/dist/abort-Yw60gQ-C.js +201 -0
  4. package/dist/abort.runtime-DYQuut_O.js +2 -0
  5. package/dist/abort.runtime.js +1 -1
  6. package/dist/accounts-BSCHGPHp.js +107 -0
  7. package/dist/accounts-Bb0FqxV2.js +104 -0
  8. package/dist/accounts-BjGgx8lz.js +2 -0
  9. package/dist/acp-cli-emMnOaiO.js +2193 -0
  10. package/dist/acp-spawn-BmyUZuJX.js +1093 -0
  11. package/dist/acp-spawn-DPF5zmnN.js +2 -0
  12. package/dist/acp-stateful-target-driver-CJ4JyIHf.js +89 -0
  13. package/dist/action-agents-D1tXt8Kj.js +67 -0
  14. package/dist/action-focus-Bk6AJsNH.js +132 -0
  15. package/dist/action-help-4nFSAuVo.js +7 -0
  16. package/dist/action-info-D-byoefn.js +101 -0
  17. package/dist/action-kill-Bo-NwBVR.js +33 -0
  18. package/dist/action-list-lAa4rlzN.js +21 -0
  19. package/dist/action-log-BasoUC3L.js +30 -0
  20. package/dist/action-send-DwLkiz4x.js +39 -0
  21. package/dist/action-spawn-C70_iR8d.js +47 -0
  22. package/dist/action-unfocus-dUVMx5Fh.js +29 -0
  23. package/dist/actions.runtime-BdSo6rN8.js +18 -0
  24. package/dist/actions.runtime-BvY67XKu.js +5 -0
  25. package/dist/actions.runtime.js +1 -1
  26. package/dist/agent-DDBv3Vgl.js +2 -0
  27. package/dist/agent-command-DC7I_88W.js +874 -0
  28. package/dist/agent-harness-runtime-TA6YH7Ud.js +144 -0
  29. package/dist/agent-runner-utils-CMe-JIDq.js +239 -0
  30. package/dist/agent-runner.runtime-le6AmJRw.js +3455 -0
  31. package/dist/agent-runner.runtime.js +1 -1
  32. package/dist/agent-runtime-CONy4fDD.js +18 -0
  33. package/dist/agents-BlbOM4XW.js +953 -0
  34. package/dist/agents-Byj8CDAP.js +5 -0
  35. package/dist/aliases-C3Ks5x38.js +2 -0
  36. package/dist/aliases-CxBcx9gF.js +96 -0
  37. package/dist/api-CLoj7nYH.js +3 -0
  38. package/dist/api-DZiRkVPk.js +5 -0
  39. package/dist/api-_Y4nIHNo.js +139 -0
  40. package/dist/approval-gateway-resolver-Ba_2kb3B.js +29 -0
  41. package/dist/approval-gateway-runtime-7VMivk0A.js +2 -0
  42. package/dist/approval-handler-runtime-Bh0onoHD.js +439 -0
  43. package/dist/approval-native-runtime-IYFyT8Hf.js +729 -0
  44. package/dist/attempt-execution.runtime-CpL2tsYd.js +509 -0
  45. package/dist/attempt-execution.runtime.js +1 -1
  46. package/dist/attempt.prompt-helpers-Gx9nGKbW.js +221 -0
  47. package/dist/attempt.tool-run-context-BmuljBMs.js +933 -0
  48. package/dist/audit-CsjqOEVE.js +939 -0
  49. package/dist/audit.runtime-BybEaYH4.js +7 -0
  50. package/dist/audit.runtime.js +1 -1
  51. package/dist/auth-BFbLz2gx.js +383 -0
  52. package/dist/auth-DdoNShRm.js +2 -0
  53. package/dist/auth-order-CtO2WQTH.js +2 -0
  54. package/dist/auth-order-zXIiW-Cn.js +96 -0
  55. package/dist/bash-tools-CnDYSbnX.js +2824 -0
  56. package/dist/bash-tools-DiOcKaak.js +3 -0
  57. package/dist/binding-routing-E9Gh_NqO.js +85 -0
  58. package/dist/binding-targets-C5PbBaZ6.js +121 -0
  59. package/dist/bridge-server-DragdaQD.js +113 -0
  60. package/dist/browser-control-auth-D_M31xJ1.js +2 -0
  61. package/dist/browser-node-runtime-Bgu82luB.js +12 -0
  62. package/dist/browser-profiles-C3ffkgOt.js +2 -0
  63. package/dist/browser-runtime-D84IBo4A.js +387 -0
  64. package/dist/browser-setup-tools-VC7rGCyn.js +13 -0
  65. package/dist/build-DeGDX_pJ.js +550 -0
  66. package/dist/build-info.json +3 -3
  67. package/dist/bundled/boot-md/handler.js +2 -2
  68. package/dist/bundled/session-memory/handler.js +1 -1
  69. package/dist/call-CbvF41H8.js +3 -0
  70. package/dist/call-DuDGOVT1.js +331 -0
  71. package/dist/call.runtime-DztWXjMr.js +2 -0
  72. package/dist/call.runtime.js +1 -1
  73. package/dist/capability-cli-DoJLi3eS.js +1401 -0
  74. package/dist/catchup-Dk-5hIwm.js +300 -0
  75. package/dist/channel-BJ9iEC4Y.js +595 -0
  76. package/dist/channel-BdvsbgZE.js +453 -0
  77. package/dist/channel-Bu-7KaIx.js +1802 -0
  78. package/dist/channel-C9vQNMK1.js +350 -0
  79. package/dist/channel-CZoVAZyW.js +491 -0
  80. package/dist/channel-Cr2KTwyo.js +840 -0
  81. package/dist/channel-DCeC6AEQ.js +297 -0
  82. package/dist/channel-DOGp2TfT.js +1320 -0
  83. package/dist/channel-Dfq1lxxI.js +226 -0
  84. package/dist/channel-core-DiltAzdr.js +5 -0
  85. package/dist/channel-hZDaTBpm.js +1100 -0
  86. package/dist/channel-inbound-DvOS-Z1s.js +31 -0
  87. package/dist/channel-plugin-runtime-PFRHQ61T.js +771 -0
  88. package/dist/channel-runtime-BAjxIEfQ.js +425 -0
  89. package/dist/channel-szBwbQZB.js +1174 -0
  90. package/dist/channel.runtime-B1Ry35gt.js +89 -0
  91. package/dist/channel.runtime-BNp6GxaQ.js +34702 -0
  92. package/dist/channel.runtime-BfjvNvbj.js +2364 -0
  93. package/dist/channel.runtime-BlGn4QYV.js +4 -0
  94. package/dist/channel.runtime-D7bv5rJl.js +576 -0
  95. package/dist/channel.runtime-DQ5gSgeW.js +109 -0
  96. package/dist/channel.runtime-IxClQMdT.js +430 -0
  97. package/dist/channel.setup-BsfyGPgV.js +10 -0
  98. package/dist/channels-Dn2VHRmZ.js +733 -0
  99. package/dist/channels-cli-l4xjPvDv.js +268 -0
  100. package/dist/chat-zUeX8mQw.js +2758 -0
  101. package/dist/clawbot-cli-C3BFdHJB.js +9 -0
  102. package/dist/cli/daemon-cli.js +4 -4
  103. package/dist/cli-BTnpFsj1.js +2 -0
  104. package/dist/cli-CAFQ6Cwy.js +72 -0
  105. package/dist/cli-CiqIbwtg.js +219 -0
  106. package/dist/cli-DL1ppK38.js +2 -0
  107. package/dist/cli-runner-DO6lEPJr.js +286 -0
  108. package/dist/cli-runner.runtime-B-Ic4DyC.js +3 -0
  109. package/dist/cli-runner.runtime-C4cAORcg.js +4 -0
  110. package/dist/cli-runner.runtime.js +1 -1
  111. package/dist/cli-startup-metadata.json +2 -2
  112. package/dist/cli.runtime-CYHctHVS.js +1261 -0
  113. package/dist/cli.runtime.js +1 -1
  114. package/dist/client-Bb_miREU.js +138 -0
  115. package/dist/client-CrPccv7a.js +713 -0
  116. package/dist/command-auth-B7P-1IeA.js +76 -0
  117. package/dist/command-config-resolution-BB-SsCob.js +23 -0
  118. package/dist/command-config-resolution-DMKYb0Kh.js +2 -0
  119. package/dist/command-config-resolution.runtime-Coeaa9lz.js +2 -0
  120. package/dist/command-config-resolution.runtime.js +1 -1
  121. package/dist/command-registry-B2JzWHqy.js +9 -0
  122. package/dist/command-registry-CNUpJUp8.js +4 -0
  123. package/dist/command-registry-core-BLap9aka.js +101 -0
  124. package/dist/command-secret-gateway-ChRXthnT.js +528 -0
  125. package/dist/command-status.runtime-D8VWyC3v.js +87 -0
  126. package/dist/command-status.runtime.js +1 -1
  127. package/dist/commands-acp-QLk1cU5f.js +77 -0
  128. package/dist/commands-compact.runtime-BIHG2RSY.js +10 -0
  129. package/dist/commands-compact.runtime.js +1 -1
  130. package/dist/commands-handlers.runtime-DjimbxSJ.js +4597 -0
  131. package/dist/commands-handlers.runtime.js +1 -1
  132. package/dist/commands-status-DiIQSYSt.js +16 -0
  133. package/dist/commands-status.runtime-DBRxICN6.js +3 -0
  134. package/dist/commands-status.runtime.js +1 -1
  135. package/dist/commands-subagents-control.runtime-BmqXiKHu.js +3 -0
  136. package/dist/commands-subagents-control.runtime-CVQSOd8H.js +2 -0
  137. package/dist/commands-subagents-control.runtime.js +1 -1
  138. package/dist/commands-system-prompt-2qwZc3xL.js +158 -0
  139. package/dist/commands-system-prompt-Clnn_Gct.js +2 -0
  140. package/dist/commands.runtime-DAqpiDPr.js +166 -0
  141. package/dist/commands.runtime.js +1 -1
  142. package/dist/compact-DqOkQZYr.js +1118 -0
  143. package/dist/compact.runtime-CC_l29j4.js +12 -0
  144. package/dist/compact.runtime.js +1 -1
  145. package/dist/completion-cli-DZFJPSiF.js +328 -0
  146. package/dist/config-D9XEe0Cd.js +251 -0
  147. package/dist/config-cli-DVDwIjKr.js +1078 -0
  148. package/dist/configure-39oQUHuK.js +1245 -0
  149. package/dist/configure-BGD8tViZ.js +2 -0
  150. package/dist/connect-options-Fpky6zuL.js +699 -0
  151. package/dist/control-auth-BlqH4IVx.js +125 -0
  152. package/dist/control-service-CaqDohiY.js +156 -0
  153. package/dist/conversation-id-BH9GFVB2.js +235 -0
  154. package/dist/conversation-id-UdIegcf4.js +38 -0
  155. package/dist/conversation-runtime-Bao0kIPf.js +31 -0
  156. package/dist/core-DXUh5Xbm.js +275 -0
  157. package/dist/cron-cli-B1mxHnGP.js +713 -0
  158. package/dist/daemon-cli-CaHBNwMy.js +12 -0
  159. package/dist/daemon-install-BBwOxf1q.js +64 -0
  160. package/dist/delegate-7G7R4C-C.js +64 -0
  161. package/dist/detached-task-runtime-BMdSrcuz.js +73 -0
  162. package/dist/devices-cli-DnEQH3R2.js +496 -0
  163. package/dist/diagnostics-C8VwSDtU.js +154 -0
  164. package/dist/direct-dm-BSEkIiOe.js +64 -0
  165. package/dist/dispatch-1gv6It-6.js +1131 -0
  166. package/dist/dispatch-acp-hbhR9aHr.js +981 -0
  167. package/dist/dispatch-acp-manager.runtime-BXQbK1cO.js +3 -0
  168. package/dist/dispatch-acp-manager.runtime.js +1 -1
  169. package/dist/dispatch-acp.runtime-Dhx090J2.js +19 -0
  170. package/dist/dispatch-acp.runtime.js +1 -1
  171. package/dist/doctor-device-pairing-1gf3tk3g.js +307 -0
  172. package/dist/doctor-gateway-daemon-flow-LEnN6pL-.js +250 -0
  173. package/dist/doctor-gateway-health-DwxLkTV4.js +60 -0
  174. package/dist/doctor-gateway-services-BhqUOY_e.js +316 -0
  175. package/dist/doctor-health-CdJkaUYf.js +59 -0
  176. package/dist/doctor-health-contributions-BaTnIzCT.js +486 -0
  177. package/dist/doctor-prompter-BZTb5rOn.js +56 -0
  178. package/dist/doctor-workspace-status-DnBARoPa.js +75 -0
  179. package/dist/dreaming-BAGFdUxh.js +1574 -0
  180. package/dist/dreaming-narrative-XoOfVb0x.js +595 -0
  181. package/dist/embedded-gateway-stub.runtime-xwZ-M7Ei.js +9 -0
  182. package/dist/embedded-gateway-stub.runtime.js +1 -1
  183. package/dist/entry.js +2 -2
  184. package/dist/exec-approvals-cli-CWVWSMk-.js +498 -0
  185. package/dist/extensionAPI.js +1 -1
  186. package/dist/extensions/active-memory/index.js +1 -1
  187. package/dist/extensions/bluebubbles/api.js +3 -3
  188. package/dist/extensions/bluebubbles/channel-plugin-api.js +1 -1
  189. package/dist/extensions/browser/browser-bridge.js +1 -1
  190. package/dist/extensions/browser/browser-config.js +4 -4
  191. package/dist/extensions/browser/browser-control-auth.js +2 -2
  192. package/dist/extensions/browser/browser-doctor.js +2 -2
  193. package/dist/extensions/browser/browser-maintenance.js +2 -2
  194. package/dist/extensions/browser/browser-profiles.js +2 -2
  195. package/dist/extensions/browser/browser-runtime-api.js +10 -10
  196. package/dist/extensions/browser/index.js +1 -1
  197. package/dist/extensions/browser/plugin-registration.js +1 -1
  198. package/dist/extensions/browser/register.runtime.js +3 -3
  199. package/dist/extensions/browser/runtime-api.js +11 -11
  200. package/dist/extensions/browser/test-support.js +1 -1
  201. package/dist/extensions/device-pair/api.js +1 -1
  202. package/dist/extensions/device-pair/index.js +3 -3
  203. package/dist/extensions/device-pair/notify.js +1 -1
  204. package/dist/extensions/device-pair/pair-command-approve.js +1 -1
  205. package/dist/extensions/google-meet/index.js +2 -2
  206. package/dist/extensions/imessage/api.js +3 -3
  207. package/dist/extensions/imessage/channel-plugin-api.js +1 -1
  208. package/dist/extensions/imessage/runtime-api.js +3 -3
  209. package/dist/extensions/irc/api.js +2 -2
  210. package/dist/extensions/irc/channel-plugin-api.js +1 -1
  211. package/dist/extensions/line/api.js +2 -2
  212. package/dist/extensions/line/channel-plugin-api.js +1 -1
  213. package/dist/extensions/line/contract-api.js +1 -1
  214. package/dist/extensions/line/runtime-api.js +4 -4
  215. package/dist/extensions/line/setup-api.js +1 -1
  216. package/dist/extensions/llm-task/index.js +2 -2
  217. package/dist/extensions/lobster/index.js +3 -3
  218. package/dist/extensions/lobster/runtime-api.js +1 -1
  219. package/dist/extensions/mattermost/api.js +1 -1
  220. package/dist/extensions/mattermost/channel-plugin-api.js +1 -1
  221. package/dist/extensions/mattermost/channel-plugin-runtime.js +1 -1
  222. package/dist/extensions/mattermost/policy-api.js +1 -1
  223. package/dist/extensions/mattermost/runtime-api.js +4 -4
  224. package/dist/extensions/mattermost/slash-route-api.js +1 -1
  225. package/dist/extensions/memory-core/api.js +1 -1
  226. package/dist/extensions/memory-core/cli-metadata.js +2 -2
  227. package/dist/extensions/memory-core/index.js +3 -3
  228. package/dist/extensions/memory-lancedb/cli-metadata.js +1 -1
  229. package/dist/extensions/msteams/api.js +1 -1
  230. package/dist/extensions/msteams/channel-plugin-api.js +1 -1
  231. package/dist/extensions/msteams/runtime-api.js +3 -3
  232. package/dist/extensions/msteams/test-api.js +1 -1
  233. package/dist/extensions/nextcloud-talk/api.js +1 -1
  234. package/dist/extensions/nextcloud-talk/channel-plugin-api.js +1 -1
  235. package/dist/extensions/nextcloud-talk/runtime-api.js +2 -2
  236. package/dist/extensions/openshell/index.js +2 -2
  237. package/dist/extensions/signal/api.js +6 -6
  238. package/dist/extensions/signal/channel-plugin-api.js +1 -1
  239. package/dist/extensions/signal/reaction-runtime-api.js +1 -1
  240. package/dist/extensions/signal/runtime-api.js +7 -7
  241. package/dist/extensions/skill-workshop/api.js +1 -1
  242. package/dist/extensions/skill-workshop/index.js +1 -1
  243. package/dist/extensions/synology-chat/api.js +1 -1
  244. package/dist/extensions/synology-chat/channel-plugin-api.js +1 -1
  245. package/dist/extensions/tlon/api.js +2 -2
  246. package/dist/extensions/tlon/channel-plugin-api.js +1 -1
  247. package/dist/extensions/tlon/runtime-api.js +1 -1
  248. package/dist/extensions/tlon/test-api.js +1 -1
  249. package/dist/extensions/twitch/api.js +1 -1
  250. package/dist/extensions/twitch/channel-plugin-api.js +1 -1
  251. package/dist/extensions/twitch/setup-plugin-api.js +1 -1
  252. package/dist/extensions/zalo/api.js +3 -3
  253. package/dist/extensions/zalo/channel-plugin-api.js +1 -1
  254. package/dist/extensions/zalo/runtime-api.js +2 -2
  255. package/dist/extensions/zalo/setup-api.js +2 -2
  256. package/dist/extensions/zalouser/api.js +3 -3
  257. package/dist/extensions/zalouser/channel-plugin-api.js +1 -1
  258. package/dist/extensions/zalouser/runtime-api.js +6 -6
  259. package/dist/extensions/zalouser/setup-plugin-api.js +1 -1
  260. package/dist/extensions/zalouser/test-api.js +1 -1
  261. package/dist/fallbacks-BKA5XrxA.js +31 -0
  262. package/dist/fallbacks-QvezaDAr.js +2 -0
  263. package/dist/fallbacks-shared-DS-qTOLR.js +111 -0
  264. package/dist/gateway-C0YHaLXO.js +115 -0
  265. package/dist/gateway-cli-DJBCD8J5.js +1325 -0
  266. package/dist/gateway-rpc-CmJXd4SU.js +14 -0
  267. package/dist/gateway-rpc.runtime-C9Fs2mSx.js +23 -0
  268. package/dist/gateway-rpc.runtime.js +1 -1
  269. package/dist/gateway-runtime-Bm2_MhFn.js +15 -0
  270. package/dist/gateway-status-DXKMKFtB.js +584 -0
  271. package/dist/genesis-tools-AolFZ-0I.js +8999 -0
  272. package/dist/genesis-tools.runtime-CBWXJqzw.js +2 -0
  273. package/dist/genesis-tools.runtime.js +1 -1
  274. package/dist/get-reply-BpxjHQBp.js +3879 -0
  275. package/dist/get-reply-from-config.runtime-DJKEqLSi.js +2 -0
  276. package/dist/get-reply-from-config.runtime.js +1 -1
  277. package/dist/graph-users-D2Q5UTGQ.js +1337 -0
  278. package/dist/health-BNKpuAPB.js +469 -0
  279. package/dist/health-BkxZfKx8.js +3 -0
  280. package/dist/heartbeat-runner-Bdu2q6k3.js +5 -0
  281. package/dist/heartbeat-runner-C0B-c-fv.js +1292 -0
  282. package/dist/heartbeat-runner.runtime-Cic23eNy.js +4 -0
  283. package/dist/heartbeat-runner.runtime.js +1 -1
  284. package/dist/hooks-cli-BfCr2In5.js +433 -0
  285. package/dist/image-fallbacks-Dgy-LmDo.js +2 -0
  286. package/dist/image-fallbacks-RlfTqOne.js +31 -0
  287. package/dist/inbound-reply-dispatch-D4KJHWLG.js +73 -0
  288. package/dist/index.js +2 -2
  289. package/dist/infra-runtime-BTJv3KK8.js +39 -0
  290. package/dist/init-q4INH9uv.js +59 -0
  291. package/dist/install-BT4BNeMX.js +190 -0
  292. package/dist/install.runtime-BnqPyIyn.js +2 -0
  293. package/dist/launchd-BM_37PLv.js +698 -0
  294. package/dist/library-DGd4UZKC.js +45 -0
  295. package/dist/lifecycle-B_RLw4uY.js +229 -0
  296. package/dist/lifecycle-Bw01evSl.js +571 -0
  297. package/dist/lifecycle-core-CTjCo-k0.js +422 -0
  298. package/dist/lifecycle.runtime-BxpD2Ol7.js +2 -0
  299. package/dist/lifecycle.runtime.js +1 -1
  300. package/dist/list-BXa4zUF-.js +2 -0
  301. package/dist/list-BugTSXmQ.js +131 -0
  302. package/dist/list-CgC_rsta.js +1201 -0
  303. package/dist/list-D2sk1YPs.js +2 -0
  304. package/dist/list.probe-C6zfgLdG.js +419 -0
  305. package/dist/llm-slug-generator-DsWJvqNx.js +79 -0
  306. package/dist/llm-slug-generator.js +1 -1
  307. package/dist/load-config-D6ZKPY7I.js +35 -0
  308. package/dist/local-dispatch.runtime-MWMxyZKj.js +8 -0
  309. package/dist/local-dispatch.runtime.js +1 -1
  310. package/dist/logs-cli-Dn-8jl3z.js +265 -0
  311. package/dist/logs-cli.runtime-DwsccWUJ.js +2 -0
  312. package/dist/logs-cli.runtime.js +1 -1
  313. package/dist/main-session-restart-recovery-6Uh4W8ZJ.js +206 -0
  314. package/dist/managed-image-attachments-DHawPS1-.js +2 -0
  315. package/dist/managed-image-attachments-DjtxwZ9o.js +635 -0
  316. package/dist/manager-D0tkR46e.js +2057 -0
  317. package/dist/manager-g_P1RDky.js +2 -0
  318. package/dist/markdown-to-line-7AxR7QFo.js +790 -0
  319. package/dist/mcp/plugin-tools-serve.js +1 -1
  320. package/dist/mcp-cli-Cw2XQMOA.js +725 -0
  321. package/dist/mcp-http-DFKqya8U.js +529 -0
  322. package/dist/memory-core-host-runtime-cli-DaAsOXiU.js +9 -0
  323. package/dist/message-BDCG7eWj.js +232 -0
  324. package/dist/message-action-runner-6C7kXcC9.js +2 -0
  325. package/dist/message-action-runner-C2P3efhU.js +1407 -0
  326. package/dist/message-actions-BWQWt5gT.js +143 -0
  327. package/dist/message.gateway.runtime-BXChuYAf.js +2 -0
  328. package/dist/message.gateway.runtime.js +1 -1
  329. package/dist/models-auth-status-B8lnM1PS.js +201 -0
  330. package/dist/models-cli-DbUA18AN.js +219 -0
  331. package/dist/monitor-BEJe2ceJ.js +1237 -0
  332. package/dist/monitor-BO9i6U5R.js +1459 -0
  333. package/dist/monitor-BZLrxL_x.js +1661 -0
  334. package/dist/monitor-CDDxHGlD.js +788 -0
  335. package/dist/monitor-D779kLc0.js +671 -0
  336. package/dist/monitor-V5ZNCrQL.js +2 -0
  337. package/dist/monitor-auth-D2rCHNgr.js +207 -0
  338. package/dist/monitor-processing-BLbsNFVv.js +1974 -0
  339. package/dist/monitor.runtime-RrusGXVO.js +2 -0
  340. package/dist/monitor.runtime.js +1 -1
  341. package/dist/monitor.webhook-B0DuBNWa.js +180 -0
  342. package/dist/msteams-hh9nwLlZ.js +35 -0
  343. package/dist/native-hook-relay-BygYZoeR.js +519 -0
  344. package/dist/nextcloud-talk-AadRCqXn.js +17 -0
  345. package/dist/node-cli-FF1zz0JU.js +2506 -0
  346. package/dist/node-service-f8mmgM5L.js +68 -0
  347. package/dist/nodes-cli-tQ5dpecZ.js +1046 -0
  348. package/dist/nodes-utils-BfpGcUca.js +84 -0
  349. package/dist/nodes.helpers-CMXxavTs.js +34 -0
  350. package/dist/notify-DaNP5Zyh.js +315 -0
  351. package/dist/onboard-B9hx80Dm.js +632 -0
  352. package/dist/onboard-helpers-BlPrFJHK.js +204 -0
  353. package/dist/onboard-helpers-kL8mgUkl.js +6 -0
  354. package/dist/onboard-remote-ByHuQd1m.js +193 -0
  355. package/dist/onboard-remote-CRPXcrWy.js +2 -0
  356. package/dist/onboard-skills-ChtyNRCd.js +2 -0
  357. package/dist/onboard-skills-DROlYXya.js +134 -0
  358. package/dist/openai-http-2An5HAJU.js +500 -0
  359. package/dist/openresponses-http-DpbJXZP4.js +1128 -0
  360. package/dist/operator-approvals-client-BoN_VmkB.js +68 -0
  361. package/dist/outbound.runtime-D_aebUn6.js +2 -0
  362. package/dist/outbound.runtime.js +1 -1
  363. package/dist/pair-command-approve-i-1VECJx.js +44 -0
  364. package/dist/persistent-bindings.lifecycle-eZyKQ1D8.js +85 -0
  365. package/dist/persistent-bindings.lifecycle-mxY73TJR.js +2 -0
  366. package/dist/pi-embedded-0fErjTQ7.js +2905 -0
  367. package/dist/pi-embedded-Bc1jC2x0.js +4 -0
  368. package/dist/pi-embedded.runtime-Bn_RZ5z8.js +4 -0
  369. package/dist/pi-embedded.runtime.js +1 -1
  370. package/dist/pi-tool-definition-adapter-thh7LO1t.js +217 -0
  371. package/dist/pi-tools-BtlLDovQ.js +1057 -0
  372. package/dist/pi-tools.before-tool-call-BJ_X8Dq3.js +2 -0
  373. package/dist/pi-tools.before-tool-call-DdPCGWCs.js +433 -0
  374. package/dist/plugin-CdHHk4Xn.js +12195 -0
  375. package/dist/plugin-enabled-DybhbjKQ.js +140 -0
  376. package/dist/plugin-registration-Bgwpsokw.js +23 -0
  377. package/dist/plugin-sdk/.boundary-entry-shims.stamp +1 -1
  378. package/dist/plugin-sdk/acp-binding-runtime.js +1 -1
  379. package/dist/plugin-sdk/acp-runtime.js +2 -2
  380. package/dist/plugin-sdk/agent-harness-runtime.js +5 -5
  381. package/dist/plugin-sdk/agent-harness.js +6 -6
  382. package/dist/plugin-sdk/agent-runtime.js +2 -2
  383. package/dist/plugin-sdk/approval-gateway-runtime.js +2 -2
  384. package/dist/plugin-sdk/approval-handler-runtime.js +3 -3
  385. package/dist/plugin-sdk/approval-runtime.js +1 -1
  386. package/dist/plugin-sdk/browser-node-runtime.js +4 -4
  387. package/dist/plugin-sdk/browser-setup-tools.js +3 -3
  388. package/dist/plugin-sdk/browser-support.js +7 -7
  389. package/dist/plugin-sdk/channel-core.js +2 -2
  390. package/dist/plugin-sdk/channel-inbound.js +2 -2
  391. package/dist/plugin-sdk/command-auth.js +1 -1
  392. package/dist/plugin-sdk/command-status-runtime.js +1 -1
  393. package/dist/plugin-sdk/compat.js +1 -1
  394. package/dist/plugin-sdk/conversation-binding-runtime.js +1 -1
  395. package/dist/plugin-sdk/conversation-runtime.js +3 -3
  396. package/dist/plugin-sdk/core.js +2 -2
  397. package/dist/plugin-sdk/direct-dm.js +1 -1
  398. package/dist/plugin-sdk/gateway-runtime.js +3 -3
  399. package/dist/plugin-sdk/inbound-reply-dispatch.js +1 -1
  400. package/dist/plugin-sdk/index.js +1 -1
  401. package/dist/plugin-sdk/infra-runtime.js +2 -2
  402. package/dist/plugin-sdk/irc.js +2 -2
  403. package/dist/plugin-sdk/matrix.js +1 -1
  404. package/dist/plugin-sdk/memory-core-host-runtime-cli.js +2 -2
  405. package/dist/plugin-sdk/memory-core.js +2 -2
  406. package/dist/plugin-sdk/msteams.js +2 -2
  407. package/dist/plugin-sdk/nextcloud-talk.js +2 -2
  408. package/dist/plugin-sdk/nostr.js +1 -1
  409. package/dist/plugin-sdk/reply-dispatch-runtime.js +1 -1
  410. package/dist/plugin-sdk/reply-runtime.js +4 -4
  411. package/dist/plugin-sdk/runtime-secret-resolution.js +1 -1
  412. package/dist/plugin-sdk/runtime.js +2 -2
  413. package/dist/plugin-sdk/session-visibility.js +1 -1
  414. package/dist/plugin-sdk/testing.js +4 -4
  415. package/dist/plugin-sdk/tlon.js +1 -1
  416. package/dist/plugin-sdk/zalo.js +1 -1
  417. package/dist/plugin-sdk/zalouser.js +1 -1
  418. package/dist/plugin-service-ClhrJfT3.js +2890 -0
  419. package/dist/plugins/runtime/index.js +1 -1
  420. package/dist/policy-CoqHgREn.js +328 -0
  421. package/dist/postinstall-inventory.json +418 -418
  422. package/dist/prepare.runtime-CawO_32K.js +815 -0
  423. package/dist/prepare.runtime.js +1 -1
  424. package/dist/probe-BP3QS65i.js +74 -0
  425. package/dist/probe-BdCXAH_u.js +2 -0
  426. package/dist/probe-Cv5tXOMP.js +2205 -0
  427. package/dist/probe-D-D_1oc4.js +241 -0
  428. package/dist/probe-DO-gll0g.js +2 -0
  429. package/dist/probe-T6c0F73q.js +45 -0
  430. package/dist/probe-dxji7IxZ.js +1443 -0
  431. package/dist/program-GMPfHt5E.js +111 -0
  432. package/dist/prompt-select-styled-BvuJNEJG.js +20 -0
  433. package/dist/protocol-Batc2DmY.js +2234 -0
  434. package/dist/provider-dispatcher-CGYoOdKf.js +2 -0
  435. package/dist/provider-dispatcher-iTEDM88F.js +22 -0
  436. package/dist/qr-cli-6IxenO1C.js +349 -0
  437. package/dist/qr-cli-D63piSog.js +2 -0
  438. package/dist/reaction-runtime-api-DgwRXTz2.js +116 -0
  439. package/dist/reactions-Dnh7t4Zl.js +998 -0
  440. package/dist/register-service-commands-D7w01SKL.js +71 -0
  441. package/dist/register.agent-j1Eno4xr.js +248 -0
  442. package/dist/register.configure-ubwxTkGt.js +15 -0
  443. package/dist/register.maintenance-B7FuM_ZW.js +438 -0
  444. package/dist/register.message-QR3u9rBl.js +329 -0
  445. package/dist/register.onboard-Bdcf_lH0.js +81 -0
  446. package/dist/register.runtime-QDduc4yj.js +81 -0
  447. package/dist/register.runtime.js +1 -1
  448. package/dist/register.setup-DzVV6tdQ.js +150 -0
  449. package/dist/register.status-health-sessions-Brw3VcxG.js +1215 -0
  450. package/dist/register.subclis-B8qDbqPl.js +29 -0
  451. package/dist/register.subclis-DdoN3nZi.js +3 -0
  452. package/dist/register.subclis-core-CWHmnIoe.js +249 -0
  453. package/dist/reply-dispatch-runtime-BVLvCeJ0.js +13 -0
  454. package/dist/reply-runtime-BXkvfLv_.js +11 -0
  455. package/dist/reply.runtime-BTkpxI5R.js +2 -0
  456. package/dist/reply.runtime.js +1 -1
  457. package/dist/restart-health-6cjrRBpF.js +202 -0
  458. package/dist/restart-health-b6Qw43Tj.js +2 -0
  459. package/dist/root-help-DDa1oEtT.js +44 -0
  460. package/dist/routes-CoCMty69.js +2 -0
  461. package/dist/routes-D9uC_Zdy.js +3341 -0
  462. package/dist/rpc-DpLGM3FH.js +61 -0
  463. package/dist/rpc.runtime-B27EA5A0.js +21 -0
  464. package/dist/rpc.runtime.js +1 -1
  465. package/dist/run-delivery.runtime-OmILefLX.js +530 -0
  466. package/dist/run-delivery.runtime.js +1 -1
  467. package/dist/run-embedded.runtime-Dc43u_Z7.js +4 -0
  468. package/dist/run-embedded.runtime.js +1 -1
  469. package/dist/run-execution-cli.runtime-DL5w7Ac8.js +4 -0
  470. package/dist/run-execution-cli.runtime.js +1 -1
  471. package/dist/run-executor.runtime-Bzwt0zP-.js +277 -0
  472. package/dist/run-executor.runtime.js +1 -1
  473. package/dist/run-main-BLD1wTLU.js +516 -0
  474. package/dist/run-subagent-registry.runtime-CddCeg6W.js +2 -0
  475. package/dist/run-subagent-registry.runtime.js +1 -1
  476. package/dist/run-wait-D4Gxuyru.js +135 -0
  477. package/dist/runtime-8BuIPrSY.js +973 -0
  478. package/dist/runtime-Co8r21pw.js +9 -0
  479. package/dist/runtime-api-BG0XWkir.js +4 -0
  480. package/dist/runtime-api-BjBzlgns.js +9 -0
  481. package/dist/runtime-api-DlYbbA-n.js +14 -0
  482. package/dist/runtime-api-faT33SE2.js +9 -0
  483. package/dist/runtime-embedded-pi.runtime-QdJ7K4t0.js +2 -0
  484. package/dist/runtime-embedded-pi.runtime.js +1 -1
  485. package/dist/runtime-internal-C0xc_Zhf.js +2 -0
  486. package/dist/runtime-options-DLv7ygkO.js +275 -0
  487. package/dist/runtime-schema-CQK5R5Pl.js +27780 -0
  488. package/dist/scan-Yz6DoQn5.js +523 -0
  489. package/dist/scan-k38hL_6o.js +2 -0
  490. package/dist/secrets-cli-Bjvr0bOw.js +2101 -0
  491. package/dist/security-cli-C2gkMFcB.js +486 -0
  492. package/dist/selection-DC8EXnRg.js +7736 -0
  493. package/dist/selection-DmSFI5k4.js +2 -0
  494. package/dist/send-CT6EfHrc.js +102 -0
  495. package/dist/send-_ANvjE_C.js +156 -0
  496. package/dist/send.runtime-COIjG4BV.js +2 -0
  497. package/dist/send.runtime.js +1 -1
  498. package/dist/server-COkv9Si4.js +13 -0
  499. package/dist/server-DHLQZJL8.js +77 -0
  500. package/dist/server-context-6jnr-aAw.js +2 -0
  501. package/dist/server-context-DK1QsdLh.js +847 -0
  502. package/dist/server-node-events-q8H0odkq.js +481 -0
  503. package/dist/server-plugin-bootstrap-Bw4a88yA.js +2 -0
  504. package/dist/server-plugin-bootstrap-By_w9ngt.js +11333 -0
  505. package/dist/server-restart-sentinel-CGLYF3mk.js +697 -0
  506. package/dist/server.impl-8j4SImks.js +12735 -0
  507. package/dist/service-CNjb_qXC.js +2 -0
  508. package/dist/service-CyR3mZIU.js +120 -0
  509. package/dist/service-audit-DIL0OiMa.js +260 -0
  510. package/dist/service-audit-pwloDggS.js +2 -0
  511. package/dist/session-kill-http-Dek5w0Ee.js +110 -0
  512. package/dist/session-reset-service-B_9Ps0kr.js +471 -0
  513. package/dist/session-route-Cr6vOd9_.js +93 -0
  514. package/dist/session-status.runtime-C_x1MHH5.js +2 -0
  515. package/dist/session-status.runtime.js +1 -1
  516. package/dist/session-subagent-reactivation.runtime-BKWuNild.js +2 -0
  517. package/dist/session-subagent-reactivation.runtime.js +1 -1
  518. package/dist/session-tab-registry-C08V5jx6.js +491 -0
  519. package/dist/session-visibility-D4j8hN_B.js +147 -0
  520. package/dist/sessions-helpers-DmUVRk16.js +304 -0
  521. package/dist/sessions-history-http-DN3KzEnX.js +383 -0
  522. package/dist/sessions-patch-BPtlF0Lu.js +309 -0
  523. package/dist/sessions-resolve-D6KPfG_4.js +174 -0
  524. package/dist/sessions.runtime-DGL1-G20.js +2 -0
  525. package/dist/sessions.runtime.js +1 -1
  526. package/dist/setup-CkYiQoP0.js +495 -0
  527. package/dist/setup-api-CUGYqGNT.js +29 -0
  528. package/dist/setup-core-BmplfubJ.js +171 -0
  529. package/dist/setup-core-C5ddWpfy.js +176 -0
  530. package/dist/setup-surface-2JmEfowI.js +219 -0
  531. package/dist/setup-surface-BzHQx_GD.js +403 -0
  532. package/dist/setup-surface-DOH6kc6w.js +286 -0
  533. package/dist/setup.finalize-Ci2HBkDq.js +539 -0
  534. package/dist/setup.gateway-config-CyG_Fzaa.js +250 -0
  535. package/dist/shared-BItUH43s.js +121 -0
  536. package/dist/shared-D7diJkX6.js +198 -0
  537. package/dist/shared-DJU_HCJ1.js +76 -0
  538. package/dist/slash-state-C4YD-tLz.js +1911 -0
  539. package/dist/src-8HdytGc7.js +3974 -0
  540. package/dist/startup-context-CfcCyUU0.js +312 -0
  541. package/dist/status-B94yciC9.js +397 -0
  542. package/dist/status-BUkUYtFm.js +190 -0
  543. package/dist/status-BsHC-0MV.js +2 -0
  544. package/dist/status-D4jNATg0.js +209 -0
  545. package/dist/status-U8ut-X2Q.js +2 -0
  546. package/dist/status-all-CIzsXQnV.js +498 -0
  547. package/dist/status-json-alPkfWTd.js +14 -0
  548. package/dist/status-json-command-CAkzWzw7.js +84 -0
  549. package/dist/status-jxNdVQVZ.js +3 -0
  550. package/dist/status-runtime-shared-BSsA48i9.js +257 -0
  551. package/dist/status-subagents.runtime-hIKg6PXV.js +18 -0
  552. package/dist/status-subagents.runtime.js +1 -1
  553. package/dist/status-text-BmLJrLth.js +237 -0
  554. package/dist/status.gateway-connection.runtime-Dr7HJ1wZ.js +2 -0
  555. package/dist/status.gateway-connection.runtime.js +1 -1
  556. package/dist/status.gather-DFY0T97g.js +2 -0
  557. package/dist/status.gather-e6sfNh8I.js +292 -0
  558. package/dist/status.runtime-DBvapXQS.js +2 -0
  559. package/dist/status.runtime.js +1 -1
  560. package/dist/status.scan-DSpkE-Q-.js +65 -0
  561. package/dist/status.scan-overview-Dr72bkbi.js +379 -0
  562. package/dist/status.scan.fast-json-C7k_m46S.js +2 -0
  563. package/dist/status.scan.fast-json-KHh7R3wX.js +132 -0
  564. package/dist/status.summary-C4r9lkCH.js +214 -0
  565. package/dist/status.summary-D0EJwkmX.js +2 -0
  566. package/dist/subagent-announce-Bu5-8O3P.js +351 -0
  567. package/dist/subagent-announce-delivery-4hk9P48s.js +726 -0
  568. package/dist/subagent-announce-output-Csyi1-Kz.js +364 -0
  569. package/dist/subagent-control-DAeNsV_G.js +506 -0
  570. package/dist/subagent-followup.runtime-Bch92LIq.js +68 -0
  571. package/dist/subagent-followup.runtime.js +1 -1
  572. package/dist/subagent-orphan-recovery-mNzyr1b-.js +305 -0
  573. package/dist/subagent-registry-BMjQxBxi.js +3 -0
  574. package/dist/subagent-registry-D4DFKQCL.js +1753 -0
  575. package/dist/subagent-registry.runtime.js +1 -1
  576. package/dist/subagent-spawn-C13uUm47.js +1005 -0
  577. package/dist/system-cli-BU6GhJxG.js +59 -0
  578. package/dist/targets-eYkepVzz.js +67 -0
  579. package/dist/task-executor-DzJLcm4D.js +360 -0
  580. package/dist/task-owner-access-DW9EbhjP.js +74 -0
  581. package/dist/task-registry-DBJkAtFF.js +2366 -0
  582. package/dist/task-registry-delivery-runtime-BdkPeGC1.js +2 -0
  583. package/dist/task-registry-delivery-runtime-Ov88LGnv.js +3 -0
  584. package/dist/task-registry.maintenance-BU6Z4V_9.js +416 -0
  585. package/dist/task-registry.maintenance-sEo6eYdx.js +2 -0
  586. package/dist/telegram/token.js +1 -1
  587. package/dist/testing-B2jHeQft.js +575 -0
  588. package/dist/text-report-HYrgZP8-.js +587 -0
  589. package/dist/tool-resolution-BZxaDOKg.js +90 -0
  590. package/dist/tools-effective-inventory-BCvCprpD.js +152 -0
  591. package/dist/tools-invoke-http-Dt1rsx4a.js +206 -0
  592. package/dist/trash-F4tvjrKS.js +24 -0
  593. package/dist/tui-cli-DlQ1oejy.js +4575 -0
  594. package/dist/update-cli-DHMdwQWA.js +1759 -0
  595. package/dist/upgrade-UR-EI5pO.js +1226 -0
  596. package/dist/video-generation-task-status-qtHrIZLt.js +163 -0
  597. package/dist/wait-for-idle-before-flush-CYB_61O0.js +5986 -0
  598. package/dist/wizard-models-BKqMCaCm.js +161 -0
  599. package/package.json +1 -1
  600. package/dist/abort-BHSttDhY.js +0 -201
  601. package/dist/abort.runtime-VJ9lFsZS.js +0 -2
  602. package/dist/accounts-BNvagEOQ.js +0 -104
  603. package/dist/accounts-CPIuzenz.js +0 -107
  604. package/dist/accounts-r08DQWhZ.js +0 -2
  605. package/dist/acp-cli-i0L-eRs9.js +0 -2193
  606. package/dist/acp-spawn-CHzVLe9q.js +0 -1093
  607. package/dist/acp-spawn-CqvxDuBq.js +0 -2
  608. package/dist/acp-stateful-target-driver-CWRLc_NP.js +0 -89
  609. package/dist/action-agents-SNCscX_-.js +0 -67
  610. package/dist/action-focus-B2s0PF2E.js +0 -132
  611. package/dist/action-help-CXKbyaZ7.js +0 -7
  612. package/dist/action-info-B3IDKxWu.js +0 -101
  613. package/dist/action-kill-idGvCNhT.js +0 -33
  614. package/dist/action-list-Di7gO3qL.js +0 -21
  615. package/dist/action-log-BCsz-gFi.js +0 -30
  616. package/dist/action-send-DLsdZnVc.js +0 -39
  617. package/dist/action-spawn-DhKEOdL0.js +0 -47
  618. package/dist/action-unfocus-Dh7ti5UP.js +0 -29
  619. package/dist/actions.runtime-BPf03SN3.js +0 -18
  620. package/dist/actions.runtime-CJg_lweh.js +0 -5
  621. package/dist/agent-C3PLvvws.js +0 -2
  622. package/dist/agent-command-UroeNrV4.js +0 -874
  623. package/dist/agent-harness-runtime-MXvI9FlJ.js +0 -144
  624. package/dist/agent-runner-utils-CaVgLZrf.js +0 -239
  625. package/dist/agent-runner.runtime-Csqm3m09.js +0 -3455
  626. package/dist/agent-runtime-B9nUYDUz.js +0 -18
  627. package/dist/agents-BP4p-1q2.js +0 -5
  628. package/dist/agents-CDiXfrfc.js +0 -953
  629. package/dist/aliases-BBCtCq2A.js +0 -96
  630. package/dist/aliases-DrFtFq1p.js +0 -2
  631. package/dist/api-BH0oEwR1.js +0 -5
  632. package/dist/api-D-4gHdrl.js +0 -139
  633. package/dist/api-DE6RYTxv.js +0 -3
  634. package/dist/approval-gateway-resolver-URpDQMld.js +0 -29
  635. package/dist/approval-gateway-runtime-B087BMms.js +0 -2
  636. package/dist/approval-handler-runtime-BEl3ua8-.js +0 -439
  637. package/dist/approval-native-runtime-ghjYGufu.js +0 -729
  638. package/dist/attempt-execution.runtime-PCTFYqLh.js +0 -509
  639. package/dist/attempt.prompt-helpers-CkWEozQ2.js +0 -221
  640. package/dist/attempt.tool-run-context-DbqVgXFk.js +0 -933
  641. package/dist/audit-Lb1yNEwg.js +0 -939
  642. package/dist/audit.runtime-DOnixKE_.js +0 -7
  643. package/dist/auth-BrlJ7NM9.js +0 -2
  644. package/dist/auth-CJoP7Yst.js +0 -383
  645. package/dist/auth-order-D0KFgBib.js +0 -96
  646. package/dist/auth-order-_xlUHzCg.js +0 -2
  647. package/dist/bash-tools-BEVEHCl9.js +0 -2824
  648. package/dist/bash-tools-DJ0D8Wr5.js +0 -3
  649. package/dist/binding-routing-IfKqPcfO.js +0 -85
  650. package/dist/binding-targets-2huR0hTX.js +0 -121
  651. package/dist/bridge-server-D8Y8Fzdz.js +0 -113
  652. package/dist/browser-control-auth-Q6UpVLEj.js +0 -2
  653. package/dist/browser-node-runtime-C9KvsOyx.js +0 -12
  654. package/dist/browser-profiles-DFcwiMEf.js +0 -2
  655. package/dist/browser-runtime-sbZ3hKg6.js +0 -387
  656. package/dist/browser-setup-tools-CP4BkZ9z.js +0 -13
  657. package/dist/build-DzHX2LrH.js +0 -550
  658. package/dist/call-ORivR4Db.js +0 -331
  659. package/dist/call-qzfm6lro.js +0 -3
  660. package/dist/call.runtime-BkzJe07B.js +0 -2
  661. package/dist/capability-cli-BDCvm93o.js +0 -1401
  662. package/dist/catchup-CjZa2PrP.js +0 -300
  663. package/dist/channel-B3UAL9Pk.js +0 -840
  664. package/dist/channel-B5L9LJBF.js +0 -453
  665. package/dist/channel-BGXl6A-E.js +0 -297
  666. package/dist/channel-BNUblayu.js +0 -1320
  667. package/dist/channel-Bej-TN7f.js +0 -491
  668. package/dist/channel-BzOKSC4e.js +0 -350
  669. package/dist/channel-CY2xEOzR.js +0 -1802
  670. package/dist/channel-D2kKLWUA.js +0 -226
  671. package/dist/channel-DcjCe46M.js +0 -1100
  672. package/dist/channel-GqA96nmt.js +0 -595
  673. package/dist/channel-YI2aIJFQ.js +0 -1174
  674. package/dist/channel-core-DqPUhmTt.js +0 -5
  675. package/dist/channel-inbound-CzgMd2Xi.js +0 -31
  676. package/dist/channel-plugin-runtime-DI5uUbxx.js +0 -771
  677. package/dist/channel-runtime-BJqKQitD.js +0 -425
  678. package/dist/channel.runtime-BBn9mgbB.js +0 -89
  679. package/dist/channel.runtime-Bhj1b9gQ.js +0 -34702
  680. package/dist/channel.runtime-BzOVx90Z.js +0 -576
  681. package/dist/channel.runtime-CQkLKWlq.js +0 -109
  682. package/dist/channel.runtime-D8qT4A1x.js +0 -4
  683. package/dist/channel.runtime-DjK9Re1w.js +0 -2364
  684. package/dist/channel.runtime-tWwM8hFw.js +0 -430
  685. package/dist/channel.setup-gaiRZ-r8.js +0 -10
  686. package/dist/channels-BXIl3hBo.js +0 -733
  687. package/dist/channels-cli-CrmBqaul.js +0 -268
  688. package/dist/chat-C42usv-F.js +0 -2758
  689. package/dist/clawbot-cli-BGYO_ymZ.js +0 -9
  690. package/dist/cli-BbD25CFK.js +0 -2
  691. package/dist/cli-CYD4Wfcq.js +0 -219
  692. package/dist/cli-D-6ycHAw.js +0 -72
  693. package/dist/cli-DX4CK-bw.js +0 -2
  694. package/dist/cli-runner-C5_PBTxm.js +0 -286
  695. package/dist/cli-runner.runtime-DE7RpQ27.js +0 -3
  696. package/dist/cli-runner.runtime-ueVMICzY.js +0 -4
  697. package/dist/cli.runtime-DSO8Vfrh.js +0 -1261
  698. package/dist/client-BKro32pr.js +0 -138
  699. package/dist/client-Vx7pseEY.js +0 -713
  700. package/dist/command-auth-CvFUTCCJ.js +0 -76
  701. package/dist/command-config-resolution-BnW1XGnW.js +0 -23
  702. package/dist/command-config-resolution-BrlfYyiN.js +0 -2
  703. package/dist/command-config-resolution.runtime-DYMr8J0t.js +0 -2
  704. package/dist/command-registry-Bi9thw1b.js +0 -9
  705. package/dist/command-registry-D__zH4Fg.js +0 -4
  706. package/dist/command-registry-core-DQoNFQZT.js +0 -101
  707. package/dist/command-secret-gateway-B27Zpgo9.js +0 -528
  708. package/dist/command-status.runtime-fERQMzeI.js +0 -87
  709. package/dist/commands-acp-BmORmf3-.js +0 -77
  710. package/dist/commands-compact.runtime-BUaXIw-I.js +0 -10
  711. package/dist/commands-handlers.runtime-BxbkeuTc.js +0 -4597
  712. package/dist/commands-status-4OW5sqmg.js +0 -16
  713. package/dist/commands-status.runtime-Cl7nJp_7.js +0 -3
  714. package/dist/commands-subagents-control.runtime-BR4qBGkk.js +0 -2
  715. package/dist/commands-subagents-control.runtime-C8ufgKPI.js +0 -3
  716. package/dist/commands-system-prompt-BsimvjJt.js +0 -158
  717. package/dist/commands-system-prompt-CKrY0h7P.js +0 -2
  718. package/dist/commands.runtime-BHsDdaEU.js +0 -166
  719. package/dist/compact-BHYLQst3.js +0 -1118
  720. package/dist/compact.runtime-7-tZRdgw.js +0 -12
  721. package/dist/completion-cli-1sAiSIYc.js +0 -328
  722. package/dist/config-BZ3FuFjH.js +0 -251
  723. package/dist/config-cli-B_dNq5hD.js +0 -1078
  724. package/dist/configure-BOvmX2NJ.js +0 -2
  725. package/dist/configure-DR9NYN9e.js +0 -1245
  726. package/dist/connect-options-DlmPTyhG.js +0 -699
  727. package/dist/control-auth-C_zNiV10.js +0 -125
  728. package/dist/control-service-B1TL51jf.js +0 -156
  729. package/dist/conversation-id-B3lLiTfF.js +0 -235
  730. package/dist/conversation-id-DORmTZm_.js +0 -38
  731. package/dist/conversation-runtime-DDxZZZXE.js +0 -31
  732. package/dist/core-DbPzffGG.js +0 -275
  733. package/dist/cron-cli-AoH4jhFt.js +0 -713
  734. package/dist/daemon-cli-BOJdM3wT.js +0 -12
  735. package/dist/daemon-install-D8HPES4u.js +0 -64
  736. package/dist/delegate-Dmdda3kT.js +0 -64
  737. package/dist/detached-task-runtime-BB5az34R.js +0 -73
  738. package/dist/devices-cli-Cy9DF-DP.js +0 -496
  739. package/dist/diagnostics-CTE0TWR1.js +0 -154
  740. package/dist/direct-dm-9jzadx9u.js +0 -64
  741. package/dist/dispatch-DU7cqfv6.js +0 -1131
  742. package/dist/dispatch-acp-Cu_nUtKg.js +0 -981
  743. package/dist/dispatch-acp-manager.runtime-8MOQ5BRn.js +0 -3
  744. package/dist/dispatch-acp.runtime-DatcHNJq.js +0 -19
  745. package/dist/doctor-device-pairing-Qm-r7mwu.js +0 -307
  746. package/dist/doctor-gateway-daemon-flow-BN2uGhFJ.js +0 -250
  747. package/dist/doctor-gateway-health-CD7Vzth9.js +0 -60
  748. package/dist/doctor-gateway-services-CIypZgv_.js +0 -316
  749. package/dist/doctor-health-ByjG3620.js +0 -59
  750. package/dist/doctor-health-contributions-CxNByg_i.js +0 -486
  751. package/dist/doctor-prompter-BYIoKiZ8.js +0 -56
  752. package/dist/doctor-workspace-status-DL2fRPoT.js +0 -75
  753. package/dist/dreaming-CCctNgkQ.js +0 -1574
  754. package/dist/dreaming-narrative-BPtXKc2-.js +0 -595
  755. package/dist/embedded-gateway-stub.runtime-Hi36BeCq.js +0 -9
  756. package/dist/exec-approvals-cli-DyslUWtQ.js +0 -498
  757. package/dist/fallbacks-B3xZC-ms.js +0 -2
  758. package/dist/fallbacks-CWDz-tSa.js +0 -31
  759. package/dist/fallbacks-shared-BlZBjxHL.js +0 -111
  760. package/dist/gateway-NYBkUx5r.js +0 -115
  761. package/dist/gateway-cli-E5gYA0U1.js +0 -1325
  762. package/dist/gateway-rpc-BrG5Lkfm.js +0 -14
  763. package/dist/gateway-rpc.runtime-BrTGchr9.js +0 -23
  764. package/dist/gateway-runtime-DctMRv_p.js +0 -15
  765. package/dist/gateway-status-B6ol1agz.js +0 -584
  766. package/dist/genesis-tools-D_ah3Zek.js +0 -8999
  767. package/dist/genesis-tools.runtime-Cy7aTWEN.js +0 -2
  768. package/dist/get-reply-BvVkxYum.js +0 -3879
  769. package/dist/get-reply-from-config.runtime-DR3yiK1R.js +0 -2
  770. package/dist/graph-users-yBNugoFz.js +0 -1337
  771. package/dist/health-D_wk2s7j.js +0 -3
  772. package/dist/health-MRnjOx-_.js +0 -469
  773. package/dist/heartbeat-runner-NuhhYnxs.js +0 -5
  774. package/dist/heartbeat-runner-Y4NeUV3L.js +0 -1292
  775. package/dist/heartbeat-runner.runtime-eGfKtcpP.js +0 -4
  776. package/dist/hooks-cli-CtfN2vc-.js +0 -433
  777. package/dist/image-fallbacks-CgeDMYZo.js +0 -2
  778. package/dist/image-fallbacks-CzQ85Eo8.js +0 -31
  779. package/dist/inbound-reply-dispatch-jVlLaSqn.js +0 -73
  780. package/dist/infra-runtime-D2Pqjk-r.js +0 -39
  781. package/dist/init-D_MTYqrw.js +0 -59
  782. package/dist/install-X7wgrwQ1.js +0 -190
  783. package/dist/install.runtime-C4wO4Nr9.js +0 -2
  784. package/dist/launchd-lFgfiDrN.js +0 -688
  785. package/dist/library-DIykYIWD.js +0 -45
  786. package/dist/lifecycle-BNuFzffC.js +0 -571
  787. package/dist/lifecycle-IWN9qlwo.js +0 -229
  788. package/dist/lifecycle-core-CFv5qkS8.js +0 -422
  789. package/dist/lifecycle.runtime-9oo2JCI2.js +0 -2
  790. package/dist/list-BZ3mMSpA.js +0 -2
  791. package/dist/list-CzQs_k0U.js +0 -131
  792. package/dist/list-CzTJTFOH.js +0 -1201
  793. package/dist/list-qDXsgKhB.js +0 -2
  794. package/dist/list.probe-EOZR6ueo.js +0 -419
  795. package/dist/llm-slug-generator-DzWIx0nh.js +0 -79
  796. package/dist/load-config-C_8uUnXU.js +0 -35
  797. package/dist/local-dispatch.runtime-DLd10Xb1.js +0 -8
  798. package/dist/logs-cli-mnOTmC9R.js +0 -265
  799. package/dist/logs-cli.runtime-BvP3aise.js +0 -2
  800. package/dist/main-session-restart-recovery-D7Vxmu7e.js +0 -206
  801. package/dist/managed-image-attachments-BB5u0Zq8.js +0 -2
  802. package/dist/managed-image-attachments-BeRGNdL9.js +0 -635
  803. package/dist/manager-BhNWV4EC.js +0 -2
  804. package/dist/manager-CbZ9ncZs.js +0 -2057
  805. package/dist/markdown-to-line-DyB8w7ef.js +0 -790
  806. package/dist/mcp-cli-CWzLBrDF.js +0 -725
  807. package/dist/mcp-http-1jD7LE0a.js +0 -529
  808. package/dist/memory-core-host-runtime-cli-P80xoEfr.js +0 -9
  809. package/dist/message-BAhd_1ud.js +0 -232
  810. package/dist/message-action-runner-CH2jjT21.js +0 -1407
  811. package/dist/message-action-runner-DW7z_bMx.js +0 -2
  812. package/dist/message-actions-BjBGSsJB.js +0 -143
  813. package/dist/message.gateway.runtime-sUc85g7X.js +0 -2
  814. package/dist/models-auth-status-D6lrM56M.js +0 -201
  815. package/dist/models-cli-CmnbAk2M.js +0 -219
  816. package/dist/monitor-AyGe8vyk.js +0 -1237
  817. package/dist/monitor-DQuy2kx-.js +0 -671
  818. package/dist/monitor-DmtJiX5o.js +0 -788
  819. package/dist/monitor-GB8lcnal.js +0 -1459
  820. package/dist/monitor-IuVjATac.js +0 -1661
  821. package/dist/monitor-auth-rF7mr3Cm.js +0 -207
  822. package/dist/monitor-bnOvJyLN.js +0 -2
  823. package/dist/monitor-processing-B1ewr2qF.js +0 -1974
  824. package/dist/monitor.runtime-BrUD5_VN.js +0 -2
  825. package/dist/monitor.webhook-BvJG6Xbh.js +0 -180
  826. package/dist/msteams-DUDRy3xt.js +0 -35
  827. package/dist/native-hook-relay-CTpTLgCA.js +0 -519
  828. package/dist/nextcloud-talk-BH2uWRZ2.js +0 -17
  829. package/dist/node-cli-AWE1ZFfV.js +0 -2506
  830. package/dist/node-service-DCI-s3Mm.js +0 -68
  831. package/dist/nodes-cli-B7IWCrYq.js +0 -1046
  832. package/dist/nodes-utils-Dg2hrC3z.js +0 -84
  833. package/dist/nodes.helpers-CkJO5i0d.js +0 -34
  834. package/dist/notify-bsxfkOWp.js +0 -315
  835. package/dist/onboard-BQaZtwIU.js +0 -632
  836. package/dist/onboard-helpers-Cc2AnoIU.js +0 -6
  837. package/dist/onboard-helpers-DIxfEXNM.js +0 -204
  838. package/dist/onboard-remote-CYhQbOXH.js +0 -2
  839. package/dist/onboard-remote-DrH3yVxE.js +0 -193
  840. package/dist/onboard-skills-DCI3hVXa.js +0 -134
  841. package/dist/onboard-skills-i4KuFzS4.js +0 -2
  842. package/dist/openai-http-D_7Nk3iN.js +0 -500
  843. package/dist/openresponses-http-BITxvD4V.js +0 -1128
  844. package/dist/operator-approvals-client-C0t_-2xC.js +0 -68
  845. package/dist/outbound.runtime-C8_lBQcx.js +0 -2
  846. package/dist/pair-command-approve-D3s1W5go.js +0 -44
  847. package/dist/persistent-bindings.lifecycle-CCR6khHJ.js +0 -85
  848. package/dist/persistent-bindings.lifecycle-Dgoo5bpE.js +0 -2
  849. package/dist/pi-embedded-C2l80M7j.js +0 -4
  850. package/dist/pi-embedded-DMHGJgoQ.js +0 -2905
  851. package/dist/pi-embedded.runtime-fA0EsIue.js +0 -4
  852. package/dist/pi-tool-definition-adapter-B4hSYdYX.js +0 -217
  853. package/dist/pi-tools-YCHBvJG0.js +0 -1057
  854. package/dist/pi-tools.before-tool-call-BsyruRs4.js +0 -433
  855. package/dist/pi-tools.before-tool-call-D1maRTbl.js +0 -2
  856. package/dist/plugin-DmBZwzWQ.js +0 -12195
  857. package/dist/plugin-enabled-rr_Y1Kwh.js +0 -140
  858. package/dist/plugin-registration-J1JWqMZg.js +0 -23
  859. package/dist/plugin-service-CPY8FSW2.js +0 -2890
  860. package/dist/policy-DDUw681i.js +0 -328
  861. package/dist/prepare.runtime-BfnpyhHB.js +0 -815
  862. package/dist/probe-CCdD6_vN.js +0 -1443
  863. package/dist/probe-CakOsrSu.js +0 -241
  864. package/dist/probe-Ctrcd_Q7.js +0 -2205
  865. package/dist/probe-D9IFIte1.js +0 -2
  866. package/dist/probe-DXMI0QlZ.js +0 -74
  867. package/dist/probe-KtX2HjXM.js +0 -45
  868. package/dist/probe-OcOYm1bj.js +0 -2
  869. package/dist/program-DxZA1yAX.js +0 -111
  870. package/dist/prompt-select-styled-CATG4Xp5.js +0 -20
  871. package/dist/protocol-C40iRm9c.js +0 -2234
  872. package/dist/provider-dispatcher-BZp3Stzr.js +0 -2
  873. package/dist/provider-dispatcher-JJxN7BDL.js +0 -22
  874. package/dist/qr-cli-IMKzycXh.js +0 -349
  875. package/dist/qr-cli-W8X3Ha5T.js +0 -2
  876. package/dist/reaction-runtime-api-D7i4oMn9.js +0 -116
  877. package/dist/reactions-D9eRHeXM.js +0 -998
  878. package/dist/register-service-commands-D37K4_BJ.js +0 -71
  879. package/dist/register.agent-p1q6ZWSs.js +0 -248
  880. package/dist/register.configure-tgXCoIHv.js +0 -15
  881. package/dist/register.maintenance-BtBgu8zC.js +0 -438
  882. package/dist/register.message-B5msOUKt.js +0 -329
  883. package/dist/register.onboard-BO11PDUs.js +0 -81
  884. package/dist/register.runtime-D8XvwfoZ.js +0 -81
  885. package/dist/register.setup-Ba19XSJi.js +0 -150
  886. package/dist/register.status-health-sessions-Bne0mmgw.js +0 -1215
  887. package/dist/register.subclis--mdYCZZM.js +0 -3
  888. package/dist/register.subclis-_kuyreQm.js +0 -29
  889. package/dist/register.subclis-core-UkVTqwB1.js +0 -249
  890. package/dist/reply-dispatch-runtime-DcxOLr7n.js +0 -13
  891. package/dist/reply-runtime-B4VQJnqi.js +0 -11
  892. package/dist/reply.runtime-B990ty9C.js +0 -2
  893. package/dist/restart-health-BWUPc4R-.js +0 -202
  894. package/dist/restart-health-CWvsjHVN.js +0 -2
  895. package/dist/root-help-D9aeVXNr.js +0 -44
  896. package/dist/routes-BSmEgP46.js +0 -2
  897. package/dist/routes-Z67chkN5.js +0 -3341
  898. package/dist/rpc-CBQZvJME.js +0 -61
  899. package/dist/rpc.runtime-ClhNVRer.js +0 -21
  900. package/dist/run-delivery.runtime-Bj566BTH.js +0 -530
  901. package/dist/run-embedded.runtime-DuB-mQh2.js +0 -4
  902. package/dist/run-execution-cli.runtime-Oy4FGfj5.js +0 -4
  903. package/dist/run-executor.runtime-B7-lfFh3.js +0 -277
  904. package/dist/run-main-1Fvwazhp.js +0 -516
  905. package/dist/run-subagent-registry.runtime-Bx9Wga3d.js +0 -2
  906. package/dist/run-wait-C-VgbefQ.js +0 -135
  907. package/dist/runtime-BV7JmOaE.js +0 -9
  908. package/dist/runtime-D7npxl4G.js +0 -973
  909. package/dist/runtime-api-BkVIoPU9.js +0 -4
  910. package/dist/runtime-api-CdhgyHMB.js +0 -9
  911. package/dist/runtime-api-CmlBBCCY.js +0 -9
  912. package/dist/runtime-api-DnhXPE_z.js +0 -14
  913. package/dist/runtime-embedded-pi.runtime-DpKqDUrl.js +0 -2
  914. package/dist/runtime-internal-Bu1n9i4P.js +0 -2
  915. package/dist/runtime-options-CN4g8VJE.js +0 -275
  916. package/dist/runtime-schema-Jjsquqvq.js +0 -27780
  917. package/dist/scan-C8jthyct.js +0 -523
  918. package/dist/scan-DEd4q4aN.js +0 -2
  919. package/dist/secrets-cli-iBL8NBAq.js +0 -2101
  920. package/dist/security-cli-CzYBRa4n.js +0 -486
  921. package/dist/selection-BOalx5uy.js +0 -2
  922. package/dist/selection-BZFVKdFz.js +0 -7736
  923. package/dist/send-C4mKkkWW.js +0 -156
  924. package/dist/send-C_36w3lb.js +0 -102
  925. package/dist/send.runtime-vJT5TzDj.js +0 -2
  926. package/dist/server-BTmWWR_9.js +0 -13
  927. package/dist/server-CBQVrNY0.js +0 -77
  928. package/dist/server-context-Dq2VA7I4.js +0 -2
  929. package/dist/server-context-O_WUP8OV.js +0 -847
  930. package/dist/server-node-events-B8PLg0eQ.js +0 -481
  931. package/dist/server-plugin-bootstrap-ChIvqLMw.js +0 -2
  932. package/dist/server-plugin-bootstrap-Rbxd2g6a.js +0 -11333
  933. package/dist/server-restart-sentinel-BCd6AqrQ.js +0 -697
  934. package/dist/server.impl-CEOWGKN5.js +0 -12735
  935. package/dist/service-ChLFBF7Q.js +0 -120
  936. package/dist/service-XI052xiT.js +0 -2
  937. package/dist/service-audit-BFxGImYM.js +0 -254
  938. package/dist/service-audit-cqHyD5gB.js +0 -2
  939. package/dist/session-kill-http-ChCr5CQ3.js +0 -110
  940. package/dist/session-reset-service-DsYIDYdh.js +0 -471
  941. package/dist/session-route-rem428sJ.js +0 -93
  942. package/dist/session-status.runtime-CFmGwoCm.js +0 -2
  943. package/dist/session-subagent-reactivation.runtime-DLkpnURC.js +0 -2
  944. package/dist/session-tab-registry-DWyzIez5.js +0 -491
  945. package/dist/session-visibility-CJocpWP0.js +0 -147
  946. package/dist/sessions-helpers-CMf9gVTZ.js +0 -304
  947. package/dist/sessions-history-http-C5iZkW8x.js +0 -383
  948. package/dist/sessions-patch-2sBcHc9a.js +0 -309
  949. package/dist/sessions-resolve-D1hmolC-.js +0 -174
  950. package/dist/sessions.runtime-DMPmzLE0.js +0 -2
  951. package/dist/setup-D1ekkhVk.js +0 -495
  952. package/dist/setup-api-DilgjV01.js +0 -29
  953. package/dist/setup-core-CFAiauCt.js +0 -171
  954. package/dist/setup-core-RgJfQc-C.js +0 -176
  955. package/dist/setup-surface-C0l9bHY3.js +0 -286
  956. package/dist/setup-surface-CfcFHZln.js +0 -403
  957. package/dist/setup-surface-CyDRXq_1.js +0 -219
  958. package/dist/setup.finalize-JPqhcPh5.js +0 -539
  959. package/dist/setup.gateway-config-Df6Jm4vX.js +0 -250
  960. package/dist/shared-3gP_6DZV.js +0 -76
  961. package/dist/shared-C9fN-WCy.js +0 -198
  962. package/dist/shared-Cz9c46Aj.js +0 -121
  963. package/dist/slash-state-C7nXXf23.js +0 -1911
  964. package/dist/src-LnF0REtW.js +0 -3974
  965. package/dist/startup-context-CxTy7OzN.js +0 -312
  966. package/dist/status-4n9xL7HY.js +0 -2
  967. package/dist/status-B4kD5cCF.js +0 -2
  968. package/dist/status-CARBoVql.js +0 -209
  969. package/dist/status-COK71LP_.js +0 -3
  970. package/dist/status-DxcqzXtf.js +0 -397
  971. package/dist/status-all-r7zyk41X.js +0 -498
  972. package/dist/status-f2DLmjOF.js +0 -190
  973. package/dist/status-json-C_wESP21.js +0 -14
  974. package/dist/status-json-command-C6w9ZAHp.js +0 -84
  975. package/dist/status-runtime-shared-Bq_SUJpC.js +0 -257
  976. package/dist/status-subagents.runtime-03fp3eBE.js +0 -18
  977. package/dist/status-text-CNvz374U.js +0 -237
  978. package/dist/status.gateway-connection.runtime-zjQmormq.js +0 -2
  979. package/dist/status.gather-BhjoJVEs.js +0 -2
  980. package/dist/status.gather-zdywRvBb.js +0 -292
  981. package/dist/status.runtime-DB31ZRnK.js +0 -2
  982. package/dist/status.scan-DjhdTOWP.js +0 -65
  983. package/dist/status.scan-overview-BYxTBsOw.js +0 -379
  984. package/dist/status.scan.fast-json-Dz0JcORG.js +0 -2
  985. package/dist/status.scan.fast-json-FroEIZ9d.js +0 -132
  986. package/dist/status.summary-3UVa_X5B.js +0 -214
  987. package/dist/status.summary-BGzGsyZB.js +0 -2
  988. package/dist/subagent-announce-BvRFZ87M.js +0 -351
  989. package/dist/subagent-announce-delivery-QvuOM46S.js +0 -726
  990. package/dist/subagent-announce-output-fOtzkOiP.js +0 -364
  991. package/dist/subagent-control-DwnzmG6T.js +0 -506
  992. package/dist/subagent-followup.runtime-DxR1eP_x.js +0 -68
  993. package/dist/subagent-orphan-recovery-CiBbDxX3.js +0 -305
  994. package/dist/subagent-registry-D5FrT_tn.js +0 -3
  995. package/dist/subagent-registry-DbPekx8d.js +0 -1753
  996. package/dist/subagent-spawn-W-bTaU9l.js +0 -1005
  997. package/dist/system-cli-B443uVHG.js +0 -59
  998. package/dist/targets-3Lcm8HoL.js +0 -67
  999. package/dist/task-executor-B5e9_Hmt.js +0 -360
  1000. package/dist/task-owner-access-CIEssJ78.js +0 -74
  1001. package/dist/task-registry-M1bHrFvP.js +0 -2366
  1002. package/dist/task-registry-delivery-runtime-CiHBC7sJ.js +0 -3
  1003. package/dist/task-registry-delivery-runtime-M4O7ffju.js +0 -2
  1004. package/dist/task-registry.maintenance-BURvMU0r.js +0 -2
  1005. package/dist/task-registry.maintenance-CgrLoBqi.js +0 -416
  1006. package/dist/testing-CRy_6-wt.js +0 -575
  1007. package/dist/text-report-B3-4Dvfb.js +0 -587
  1008. package/dist/tool-resolution-C52y5Qtc.js +0 -90
  1009. package/dist/tools-effective-inventory-WlIlqM7G.js +0 -152
  1010. package/dist/tools-invoke-http-B04Rc8tG.js +0 -206
  1011. package/dist/trash-BV5Gcx3a.js +0 -24
  1012. package/dist/tui-cli-DMZ07qRK.js +0 -4575
  1013. package/dist/update-cli-DeBm7b4g.js +0 -1759
  1014. package/dist/upgrade-C9ke1SCc.js +0 -1226
  1015. package/dist/video-generation-task-status-I3jvAjUL.js +0 -163
  1016. package/dist/wait-for-idle-before-flush-BZhF2ejZ.js +0 -5986
  1017. package/dist/wizard-models-CMKeAr_M.js +0 -161
package/dist/node-cli-AWE1ZFfV.js DELETED
@@ -1,2506 +0,0 @@
1
- import { a as normalizeLowercaseStringOrEmpty, c as normalizeOptionalString, o as normalizeNullableString } from "./string-coerce-C1IzJjqi.js";
2
- import { n as defaultRuntime } from "./runtime-CQ7eH0le.js";
3
- import { t as formatDocsLink } from "./links-DmsJCU7L.js";
4
- import { r as theme, t as colorize } from "./theme-BrRleVfL.js";
5
- import { t as formatCliCommand } from "./command-format-DAeUlu7u.js";
6
- import { c as sanitizeSystemRunEnvOverrides, o as sanitizeHostExecEnv, t as inspectHostExecEnvOverrides } from "./host-env-security-Bin-AhM4.js";
7
- import { _ as resolveNodeSystemdServiceName, g as resolveNodeLaunchAgentLabel, u as formatNodeServiceDescription, v as resolveNodeWindowsTaskName } from "./paths-Dk_PxD7g.js";
8
- import { a as resolveNodeProgramArguments, n as resolveDaemonInstallRuntimeInputs, r as resolveDaemonNodeBinDir, t as emitDaemonInstallRuntimeWarning } from "./daemon-install-plan.shared-WG_DYWei.js";
9
- import { n as VERSION } from "./version-BoqlEm3e.js";
10
- import { s as buildNodeServiceEnvironment } from "./runtime-paths-CYF3ghl0.js";
11
- import { r as isGatewayDaemonRuntime, t as DEFAULT_GATEWAY_DAEMON_RUNTIME } from "./daemon-runtime-BFK5T_3J.js";
12
- import { a as logWarn } from "./logger-DxTAquCB.js";
13
- import { t as sameFileIdentity } from "./file-identity-DBd-elc3.js";
14
- import { a as loadConfig } from "./io-DNd8mbjy.js";
15
- import { c as normalizeAgentId } from "./session-key-EpIbK3Oz.js";
16
- import { A as unwrapKnownShellMultiplexerInvocation, L as unwrapKnownDispatchWrapperInvocation, N as resolveInlineCommandMatch, O as isShellWrapperInvocation, P as extractEnvAssignmentKeysFromDispatchWrappers, R as normalizeExecutableToken, S as POSIX_SHELL_WRAPPERS, d as resolveApprovalAuditCandidatePath, j as POSIX_INLINE_COMMAND_FLAGS, k as resolveShellWrapperTransportArgv, p as resolveCommandResolutionFromArgv, y as resolveExecutableFromPathEnv } from "./exec-safe-bin-trust-D3m9TQoQ.js";
17
- import { d as resolveRuntimeStatusColor, h as installDaemonServiceAndEmit, n as createDaemonInstallActionContext, p as buildDaemonServiceSnapshot, r as failIfNixDaemonInstallMode, t as createCliStatusTextStyles } from "./shared-BdZN5DvO.js";
18
- import { n as buildPlatformServiceStartHints, r as formatRuntimeStatus, t as buildPlatformRuntimeLogHints } from "./runtime-hints-U-UR-C6L.js";
19
- import { t as parsePort } from "./parse-port-OVyfw_Ty.js";
20
- import "./config-3He3LWHw.js";
21
- import { t as GatewayClient } from "./client-Vx7pseEY.js";
22
- import { n as loadOrCreateDeviceIdentity } from "./device-identity-CqT162U8.js";
23
- import { i as GATEWAY_CLIENT_NAMES, r as GATEWAY_CLIENT_MODES } from "./client-info-CfESmEX1.js";
24
- import { i as runServiceUninstall, r as runServiceStop, t as runServiceRestart } from "./lifecycle-core-CFv5qkS8.js";
25
- import { i as NODE_SYSTEM_RUN_COMMANDS, n as NODE_EXEC_APPROVALS_COMMANDS } from "./node-commands-gl3_egiE.js";
26
- import { a as getActivePluginRegistry } from "./runtime-Sn8KleIb.js";
27
- import { t as getMachineDisplayName } from "./machine-name-C0HO_9mJ.js";
28
- import { t as splitShellArgs } from "./shell-argv-CYZYGBfB.js";
29
- import { _ as resolvePlannedSegmentArgv, c as describeInterpreterInlineEval, d as analyzeArgvCommand, l as detectInterpreterInlineEvalArgv, n as evaluateShellAllowlist, t as evaluateExecAllowlist } from "./exec-approvals-allowlist-BNwpLnkv.js";
30
- import { r as resolveExecSafeBinRuntimePolicy, t as isInterpreterLikeSafeBin } from "./exec-safe-bin-runtime-policy-9WKan9iE.js";
31
- import { C as requiresExecApproval, E as resolveExecApprovals, M as requestJsonlSocket, a as addDurableCommandApproval, b as recordAllowlistMatchesUse, d as mergeExecApprovalsSocketDefaults, j as saveExecApprovals, o as ensureExecApprovals, p as normalizeExecApprovals, s as hasDurableExecApproval, v as persistAllowAlwaysPatterns, y as readExecApprovalsSnapshot } from "./exec-approvals-BD-zKkI1.js";
32
- import { t as resolveGatewayConnectionAuth } from "./connection-auth-ClOE-Fdq.js";
33
- import { t as formatHelpExamples } from "./help-format-DM-hbV3N.js";
34
- import { n as resolveSystemRunCommandRequest, s as normalizeSystemRunApprovalPlan, t as formatExecCommand } from "./system-run-command-DpmKt0vV.js";
35
- import { t as ensureGenesisCliOnPath } from "./path-env-4eKek7HW.js";
36
- import { n as loadNodeHostConfig, r as saveNodeHostConfig, t as ensureNodeHostConfig } from "./config-DoFfuScP.js";
37
- import { t as resolveNodeService } from "./node-service-DCI-s3Mm.js";
38
- import fs from "node:fs";
39
- import path from "node:path";
40
- import { spawn, spawnSync } from "node:child_process";
41
- import crypto from "node:crypto";
42
- //#region src/infra/exec-host.ts
43
- async function requestExecHostViaSocket(params) {
44
- const { socketPath, token, request } = params;
45
- if (!socketPath || !token) return null;
46
- const timeoutMs = params.timeoutMs ?? 2e4;
47
- const requestJson = JSON.stringify(request);
48
- const nonce = crypto.randomBytes(16).toString("hex");
49
- const ts = Date.now();
50
- const hmac = crypto.createHmac("sha256", token).update(`${nonce}:${ts}:${requestJson}`).digest("hex");
51
- return await requestJsonlSocket({
52
- socketPath,
53
- requestLine: JSON.stringify({
54
- type: "exec",
55
- id: crypto.randomUUID(),
56
- nonce,
57
- ts,
58
- hmac,
59
- requestJson
60
- }),
61
- timeoutMs,
62
- accept: (value) => {
63
- const msg = value;
64
- if (msg?.type !== "exec-res") return;
65
- if (msg.ok === true && msg.payload) return {
66
- ok: true,
67
- payload: msg.payload
68
- };
69
- if (msg.ok === false && msg.error) return {
70
- ok: false,
71
- error: msg.error
72
- };
73
- return null;
74
- }
75
- });
76
- }
77
- //#endregion
78
- //#region src/node-host/exec-policy.ts
79
- function resolveExecApprovalDecision(value) {
80
- if (value === "allow-once" || value === "allow-always") return value;
81
- return null;
82
- }
83
- function formatSystemRunAllowlistMissMessage(params) {
84
- if (params?.windowsShellWrapperBlocked) return "SYSTEM_RUN_DENIED: allowlist miss (Windows shell wrappers like cmd.exe /c require approval; approve once/always or run with --ask on-miss|always)";
85
- if (params?.shellWrapperBlocked) return "SYSTEM_RUN_DENIED: allowlist miss (shell wrappers like sh/bash/zsh -c require approval; approve once/always or run with --ask on-miss|always)";
86
- return "SYSTEM_RUN_DENIED: allowlist miss";
87
- }
88
- function evaluateSystemRunPolicy(params) {
89
- const windowsShellWrapperBlocked = params.security === "allowlist" && params.shellWrapperInvocation && params.isWindows && params.cmdInvocation;
90
- const shellWrapperBlocked = windowsShellWrapperBlocked;
91
- const analysisOk = shellWrapperBlocked ? false : params.analysisOk;
92
- const allowlistSatisfied = shellWrapperBlocked ? false : params.allowlistSatisfied;
93
- const approvedByAsk = params.approvalDecision !== null || params.approved === true;
94
- if (params.security === "deny") return {
95
- allowed: false,
96
- eventReason: "security=deny",
97
- errorMessage: "SYSTEM_RUN_DISABLED: security=deny",
98
- analysisOk,
99
- allowlistSatisfied,
100
- shellWrapperBlocked,
101
- windowsShellWrapperBlocked,
102
- requiresAsk: false,
103
- approvalDecision: params.approvalDecision,
104
- approvedByAsk
105
- };
106
- const requiresAsk = requiresExecApproval({
107
- ask: params.ask,
108
- security: params.security,
109
- analysisOk,
110
- allowlistSatisfied,
111
- durableApprovalSatisfied: params.durableApprovalSatisfied
112
- });
113
- if (requiresAsk && !approvedByAsk) return {
114
- allowed: false,
115
- eventReason: "approval-required",
116
- errorMessage: "SYSTEM_RUN_DENIED: approval required",
117
- analysisOk,
118
- allowlistSatisfied,
119
- shellWrapperBlocked,
120
- windowsShellWrapperBlocked,
121
- requiresAsk,
122
- approvalDecision: params.approvalDecision,
123
- approvedByAsk
124
- };
125
- if (params.security === "allowlist" && (!analysisOk || !allowlistSatisfied) && !approvedByAsk) {
126
- if (params.durableApprovalSatisfied) return {
127
- allowed: true,
128
- analysisOk,
129
- allowlistSatisfied,
130
- shellWrapperBlocked,
131
- windowsShellWrapperBlocked,
132
- requiresAsk,
133
- approvalDecision: params.approvalDecision,
134
- approvedByAsk
135
- };
136
- return {
137
- allowed: false,
138
- eventReason: "allowlist-miss",
139
- errorMessage: formatSystemRunAllowlistMissMessage({
140
- shellWrapperBlocked,
141
- windowsShellWrapperBlocked
142
- }),
143
- analysisOk,
144
- allowlistSatisfied,
145
- shellWrapperBlocked,
146
- windowsShellWrapperBlocked,
147
- requiresAsk,
148
- approvalDecision: params.approvalDecision,
149
- approvedByAsk
150
- };
151
- }
152
- return {
153
- allowed: true,
154
- analysisOk,
155
- allowlistSatisfied,
156
- shellWrapperBlocked,
157
- windowsShellWrapperBlocked,
158
- requiresAsk,
159
- approvalDecision: params.approvalDecision,
160
- approvedByAsk
161
- };
162
- }
163
- //#endregion
164
- //#region src/node-host/invoke-system-run-allowlist.ts
165
- function evaluateSystemRunAllowlist(params) {
166
- if (params.shellCommand) {
167
- const allowlistEval = evaluateShellAllowlist({
168
- command: params.shellCommand,
169
- allowlist: params.approvals.allowlist,
170
- safeBins: params.safeBins,
171
- safeBinProfiles: params.safeBinProfiles,
172
- cwd: params.cwd,
173
- env: params.env,
174
- trustedSafeBinDirs: params.trustedSafeBinDirs,
175
- skillBins: params.skillBins,
176
- autoAllowSkills: params.autoAllowSkills,
177
- platform: process.platform
178
- });
179
- return {
180
- analysisOk: allowlistEval.analysisOk,
181
- allowlistMatches: allowlistEval.allowlistMatches,
182
- allowlistSatisfied: params.security === "allowlist" && allowlistEval.analysisOk ? allowlistEval.allowlistSatisfied : false,
183
- segments: allowlistEval.segments,
184
- segmentAllowlistEntries: allowlistEval.segmentAllowlistEntries
185
- };
186
- }
187
- const analysis = analyzeArgvCommand({
188
- argv: params.argv,
189
- cwd: params.cwd,
190
- env: params.env
191
- });
192
- const allowlistEval = evaluateExecAllowlist({
193
- analysis,
194
- allowlist: params.approvals.allowlist,
195
- safeBins: params.safeBins,
196
- safeBinProfiles: params.safeBinProfiles,
197
- cwd: params.cwd,
198
- trustedSafeBinDirs: params.trustedSafeBinDirs,
199
- skillBins: params.skillBins,
200
- autoAllowSkills: params.autoAllowSkills
201
- });
202
- return {
203
- analysisOk: analysis.ok,
204
- allowlistMatches: allowlistEval.allowlistMatches,
205
- allowlistSatisfied: params.security === "allowlist" && analysis.ok ? allowlistEval.allowlistSatisfied : false,
206
- segments: analysis.segments,
207
- segmentAllowlistEntries: allowlistEval.segmentAllowlistEntries
208
- };
209
- }
210
- function resolvePlannedAllowlistArgv(params) {
211
- if (params.security !== "allowlist" || params.policy.approvedByAsk || params.shellCommand || !params.policy.analysisOk || !params.policy.allowlistSatisfied || params.segments.length !== 1) return;
212
- const plannedAllowlistArgv = resolvePlannedSegmentArgv(params.segments[0]);
213
- return plannedAllowlistArgv && plannedAllowlistArgv.length > 0 ? plannedAllowlistArgv : null;
214
- }
215
- function resolveSystemRunExecArgv(params) {
216
- let execArgv = params.plannedAllowlistArgv ?? params.argv;
217
- if (params.security === "allowlist" && params.isWindows && !params.policy.approvedByAsk && params.shellCommand && params.policy.analysisOk && params.policy.allowlistSatisfied && params.segments.length === 1 && params.segments[0]?.argv.length > 0) execArgv = params.segments[0].argv;
218
- return execArgv;
219
- }
220
- function applyOutputTruncation(result) {
221
- if (!result.truncated) return;
222
- const suffix = "... (truncated)";
223
- if (result.stderr.trim().length > 0) result.stderr = `${result.stderr}\n${suffix}`;
224
- else result.stdout = `${result.stdout}\n${suffix}`;
225
- }
226
- //#endregion
227
- //#region src/node-host/invoke-system-run-plan.ts
228
- const MUTABLE_ARGV1_INTERPRETER_PATTERNS = [
229
- /^(?:node|nodejs)$/,
230
- /^perl$/,
231
- /^php$/,
232
- /^python(?:\d+(?:\.\d+)*)?$/,
233
- /^ruby$/
234
- ];
235
- const GENERIC_MUTABLE_SCRIPT_RUNNERS = new Set([
236
- "esno",
237
- "jiti",
238
- "ts-node",
239
- "ts-node-esm",
240
- "tsx",
241
- "vite-node"
242
- ]);
243
- const OPAQUE_MUTABLE_SCRIPT_RUNNERS = new Set(["busybox", "toybox"]);
244
- const BUN_SUBCOMMANDS = new Set([
245
- "add",
246
- "audit",
247
- "completions",
248
- "create",
249
- "exec",
250
- "help",
251
- "init",
252
- "install",
253
- "link",
254
- "outdated",
255
- "patch",
256
- "pm",
257
- "publish",
258
- "remove",
259
- "repl",
260
- "run",
261
- "test",
262
- "unlink",
263
- "update",
264
- "upgrade",
265
- "x"
266
- ]);
267
- const BUN_OPTIONS_WITH_VALUE = new Set([
268
- "--backend",
269
- "--bunfig",
270
- "--conditions",
271
- "--config",
272
- "--console-depth",
273
- "--cwd",
274
- "--define",
275
- "--elide-lines",
276
- "--env-file",
277
- "--extension-order",
278
- "--filter",
279
- "--hot",
280
- "--inspect",
281
- "--inspect-brk",
282
- "--inspect-wait",
283
- "--install",
284
- "--jsx-factory",
285
- "--jsx-fragment",
286
- "--jsx-import-source",
287
- "--loader",
288
- "--origin",
289
- "--port",
290
- "--preload",
291
- "--smol",
292
- "--tsconfig-override",
293
- "-c",
294
- "-e",
295
- "-p",
296
- "-r"
297
- ]);
298
- const DENO_RUN_OPTIONS_WITH_VALUE = new Set([
299
- "--cached-only",
300
- "--cert",
301
- "--config",
302
- "--env-file",
303
- "--ext",
304
- "--harmony-import-attributes",
305
- "--import-map",
306
- "--inspect",
307
- "--inspect-brk",
308
- "--inspect-wait",
309
- "--location",
310
- "--log-level",
311
- "--lock",
312
- "--node-modules-dir",
313
- "--no-check",
314
- "--preload",
315
- "--reload",
316
- "--seed",
317
- "--strace-ops",
318
- "--unstable-bare-node-builtins",
319
- "--v8-flags",
320
- "--watch",
321
- "--watch-exclude",
322
- "-L"
323
- ]);
324
- const NODE_OPTIONS_WITH_FILE_VALUE = new Set([
325
- "-r",
326
- "--experimental-loader",
327
- "--import",
328
- "--loader",
329
- "--require"
330
- ]);
331
- const RUBY_UNSAFE_APPROVAL_FLAGS = new Set([
332
- "-I",
333
- "-r",
334
- "--require"
335
- ]);
336
- const PERL_UNSAFE_APPROVAL_FLAGS = new Set([
337
- "-I",
338
- "-M",
339
- "-m"
340
- ]);
341
- function normalizeOptionFlag(token) {
342
- return normalizeLowercaseStringOrEmpty(token.split("=", 1)[0]);
343
- }
344
- function readTrimmedArgToken(argv, index) {
345
- return normalizeNullableString(argv[index]) ?? "";
346
- }
347
- const POSIX_SHELL_OPTIONS_WITH_VALUE = new Set([
348
- "--init-file",
349
- "--rcfile",
350
- "--startup-script",
351
- "-o"
352
- ]);
353
- const NPM_EXEC_OPTIONS_WITH_VALUE = new Set([
354
- "--cache",
355
- "--package",
356
- "--prefix",
357
- "--script-shell",
358
- "--userconfig",
359
- "--workspace",
360
- "-p",
361
- "-w"
362
- ]);
363
- const NPM_EXEC_FLAG_OPTIONS = new Set([
364
- "--no",
365
- "--quiet",
366
- "--ws",
367
- "--workspaces",
368
- "--yes",
369
- "-q",
370
- "-y"
371
- ]);
372
- const PNPM_OPTIONS_WITH_VALUE = new Set([
373
- "--config",
374
- "--dir",
375
- "--filter",
376
- "--reporter",
377
- "--stream",
378
- "--test-pattern",
379
- "--workspace-concurrency",
380
- "-C"
381
- ]);
382
- const PNPM_FLAG_OPTIONS = new Set([
383
- "--aggregate-output",
384
- "--color",
385
- "--parallel",
386
- "--recursive",
387
- "--silent",
388
- "--workspace-root",
389
- "-r",
390
- "-s",
391
- "-w"
392
- ]);
393
- const PNPM_DLX_OPTIONS_WITH_VALUE = new Set([
394
- "--allow-build",
395
- "--package",
396
- "-p"
397
- ]);
398
- function pathComponentsFromRootSync(targetPath) {
399
- const absolute = path.resolve(targetPath);
400
- const parts = [];
401
- let cursor = absolute;
402
- while (true) {
403
- parts.unshift(cursor);
404
- const parent = path.dirname(cursor);
405
- if (parent === cursor) return parts;
406
- cursor = parent;
407
- }
408
- }
409
- function isOwnedByCurrentProcessSync(candidate) {
410
- if (process.platform === "win32" || typeof process.getuid !== "function") return false;
411
- try {
412
- return fs.statSync(candidate).uid === process.getuid();
413
- } catch {
414
- return false;
415
- }
416
- }
417
- function isMutableByCurrentProcessSync(candidate) {
418
- try {
419
- fs.accessSync(candidate, fs.constants.W_OK);
420
- return true;
421
- } catch {
422
- return isOwnedByCurrentProcessSync(candidate);
423
- }
424
- }
425
- function hasMutableSymlinkPathComponentSync(targetPath) {
426
- for (const component of pathComponentsFromRootSync(targetPath)) try {
427
- if (!fs.lstatSync(component).isSymbolicLink()) continue;
428
- if (isMutableByCurrentProcessSync(path.dirname(component))) return true;
429
- } catch {
430
- return true;
431
- }
432
- return false;
433
- }
434
- function pathLooksMutableForShellPayloadSync(targetPath) {
435
- if (isMutableByCurrentProcessSync(targetPath) || isMutableByCurrentProcessSync(path.dirname(targetPath)) || hasMutableSymlinkPathComponentSync(targetPath)) return true;
436
- let realPath;
437
- try {
438
- realPath = fs.realpathSync(targetPath);
439
- } catch {
440
- return true;
441
- }
442
- return isMutableByCurrentProcessSync(realPath) || isMutableByCurrentProcessSync(path.dirname(realPath)) || hasMutableSymlinkPathComponentSync(realPath);
443
- }
444
- function shouldPinExecutableForApproval(params) {
445
- if (params.shellCommand !== null) return false;
446
- return (params.wrapperChain?.length ?? 0) === 0;
447
- }
448
- function hashFileContentsSync(filePath) {
449
- return crypto.createHash("sha256").update(fs.readFileSync(filePath)).digest("hex");
450
- }
451
- function looksLikePathToken(token) {
452
- return token.startsWith(".") || token.startsWith("/") || token.startsWith("\\") || token.includes("/") || token.includes("\\") || path.extname(token).length > 0;
453
- }
454
- function resolvesToExistingFileSync(rawOperand, cwd) {
455
- if (!rawOperand) return false;
456
- try {
457
- return fs.statSync(path.resolve(cwd ?? process.cwd(), rawOperand)).isFile();
458
- } catch {
459
- return false;
460
- }
461
- }
462
- function isKnownBinaryExecutableHeader(buffer) {
463
- if (buffer.length >= 4 && buffer.subarray(0, 4).equals(Buffer.from([
464
- 127,
465
- 69,
466
- 76,
467
- 70
468
- ]))) return true;
469
- if (buffer.length >= 4 && (buffer.subarray(0, 4).equals(Buffer.from([
470
- 254,
471
- 237,
472
- 250,
473
- 206
474
- ])) || buffer.subarray(0, 4).equals(Buffer.from([
475
- 206,
476
- 250,
477
- 237,
478
- 254
479
- ])) || buffer.subarray(0, 4).equals(Buffer.from([
480
- 254,
481
- 237,
482
- 250,
483
- 207
484
- ])) || buffer.subarray(0, 4).equals(Buffer.from([
485
- 207,
486
- 250,
487
- 237,
488
- 254
489
- ])) || buffer.subarray(0, 4).equals(Buffer.from([
490
- 202,
491
- 254,
492
- 186,
493
- 190
494
- ])) || buffer.subarray(0, 4).equals(Buffer.from([
495
- 190,
496
- 186,
497
- 254,
498
- 202
499
- ])) || buffer.subarray(0, 4).equals(Buffer.from([
500
- 202,
501
- 254,
502
- 186,
503
- 191
504
- ])) || buffer.subarray(0, 4).equals(Buffer.from([
505
- 191,
506
- 186,
507
- 254,
508
- 202
509
- ])))) return true;
510
- if (buffer.length < 64 || !buffer.subarray(0, 2).equals(Buffer.from([77, 90]))) return false;
511
- const peOffset = buffer.readUInt32LE(60);
512
- return peOffset >= 0 && peOffset <= buffer.length - 4 && buffer.subarray(peOffset, peOffset + 4).equals(Buffer.from([
513
- 80,
514
- 69,
515
- 0,
516
- 0
517
- ]));
518
- }
519
- function isLikelyScriptLikePathSync(targetPath) {
520
- let stat;
521
- try {
522
- stat = fs.statSync(targetPath);
523
- } catch {
524
- return true;
525
- }
526
- if (!stat.isFile()) return true;
527
- let header;
528
- try {
529
- const fd = fs.openSync(targetPath, "r");
530
- try {
531
- header = Buffer.alloc(1024);
532
- const bytesRead = fs.readSync(fd, header, 0, header.length, 0);
533
- header = header.subarray(0, bytesRead);
534
- } finally {
535
- fs.closeSync(fd);
536
- }
537
- } catch {
538
- return true;
539
- }
540
- if (header.length === 0) return true;
541
- if (header.subarray(0, 2).equals(Buffer.from("#!"))) return true;
542
- if (isKnownBinaryExecutableHeader(header)) return false;
543
- return true;
544
- }
545
- function unwrapArgvForMutableOperand(argv) {
546
- let current = argv;
547
- let baseIndex = 0;
548
- let opaqueMultiplexerSeen = false;
549
- while (true) {
550
- const dispatchUnwrap = unwrapKnownDispatchWrapperInvocation(current);
551
- if (dispatchUnwrap.kind === "unwrapped") {
552
- baseIndex += current.length - dispatchUnwrap.argv.length;
553
- current = dispatchUnwrap.argv;
554
- continue;
555
- }
556
- const shellMultiplexerUnwrap = unwrapKnownShellMultiplexerInvocation(current);
557
- if (shellMultiplexerUnwrap.kind === "unwrapped") {
558
- if (OPAQUE_MUTABLE_SCRIPT_RUNNERS.has(shellMultiplexerUnwrap.wrapper)) opaqueMultiplexerSeen = true;
559
- baseIndex += current.length - shellMultiplexerUnwrap.argv.length;
560
- current = shellMultiplexerUnwrap.argv;
561
- continue;
562
- }
563
- const packageManagerUnwrap = unwrapKnownPackageManagerExecInvocation(current);
564
- if (packageManagerUnwrap) {
565
- baseIndex += current.length - packageManagerUnwrap.length;
566
- current = packageManagerUnwrap;
567
- continue;
568
- }
569
- return {
570
- argv: current,
571
- baseIndex,
572
- opaqueMultiplexerSeen
573
- };
574
- }
575
- }
576
- function unwrapKnownPackageManagerExecInvocation(argv) {
577
- switch (normalizePackageManagerExecToken(argv[0] ?? "")) {
578
- case "npm": return unwrapNpmExecInvocation(argv);
579
- case "npx":
580
- case "bunx": return unwrapDirectPackageExecInvocation(argv);
581
- case "pnpm": return unwrapPnpmExecInvocation(argv);
582
- default: return null;
583
- }
584
- }
585
- function normalizePackageManagerExecToken(token) {
586
- const normalized = normalizeExecutableToken(token);
587
- if (!normalized) return normalized;
588
- return normalized.replace(/\.(?:c|m)?js$/i, "");
589
- }
590
- function unwrapPnpmExecInvocation(argv) {
591
- let idx = 1;
592
- while (idx < argv.length) {
593
- const token = readTrimmedArgToken(argv, idx);
594
- if (!token) {
595
- idx += 1;
596
- continue;
597
- }
598
- if (token === "--") {
599
- idx += 1;
600
- continue;
601
- }
602
- if (!token.startsWith("-")) {
603
- if (token === "exec") {
604
- if (idx + 1 >= argv.length) return null;
605
- const tail = argv.slice(idx + 1);
606
- return tail[0] === "--" ? tail.length > 1 ? tail.slice(1) : null : tail;
607
- }
608
- if (token === "dlx") return unwrapPnpmDlxInvocation(argv.slice(idx + 1));
609
- if (token === "node") {
610
- const tail = argv.slice(idx + 1);
611
- return ["node", ...tail[0] === "--" ? tail.slice(1) : tail];
612
- }
613
- return null;
614
- }
615
- const flag = normalizeOptionFlag(token);
616
- if (PNPM_OPTIONS_WITH_VALUE.has(flag) || PNPM_DLX_OPTIONS_WITH_VALUE.has(flag)) {
617
- idx += token.includes("=") ? 1 : 2;
618
- continue;
619
- }
620
- if (PNPM_FLAG_OPTIONS.has(flag)) {
621
- idx += 1;
622
- continue;
623
- }
624
- return null;
625
- }
626
- return null;
627
- }
628
- function unwrapPnpmDlxInvocation(argv) {
629
- let idx = 0;
630
- while (idx < argv.length) {
631
- const token = readTrimmedArgToken(argv, idx);
632
- if (!token) {
633
- idx += 1;
634
- continue;
635
- }
636
- if (token === "--") {
637
- const tail = argv.slice(idx + 1);
638
- return tail.length > 0 ? tail : null;
639
- }
640
- if (!token.startsWith("-")) return argv.slice(idx);
641
- const flag = normalizeOptionFlag(token);
642
- if (flag === "-c" || flag === "--shell-mode") return null;
643
- if (PNPM_OPTIONS_WITH_VALUE.has(flag) || PNPM_DLX_OPTIONS_WITH_VALUE.has(flag)) {
644
- idx += token.includes("=") ? 1 : 2;
645
- continue;
646
- }
647
- if (PNPM_FLAG_OPTIONS.has(flag)) {
648
- idx += 1;
649
- continue;
650
- }
651
- return null;
652
- }
653
- return null;
654
- }
655
- function unwrapDirectPackageExecInvocation(argv) {
656
- let idx = 1;
657
- while (idx < argv.length) {
658
- const token = readTrimmedArgToken(argv, idx);
659
- if (!token) {
660
- idx += 1;
661
- continue;
662
- }
663
- if (!token.startsWith("-")) return argv.slice(idx);
664
- const flag = normalizeOptionFlag(token);
665
- if (flag === "-c" || flag === "--call") return null;
666
- if (NPM_EXEC_OPTIONS_WITH_VALUE.has(flag)) {
667
- idx += token.includes("=") ? 1 : 2;
668
- continue;
669
- }
670
- if (NPM_EXEC_FLAG_OPTIONS.has(flag)) {
671
- idx += 1;
672
- continue;
673
- }
674
- return null;
675
- }
676
- return null;
677
- }
678
- function unwrapNpmExecInvocation(argv) {
679
- let idx = 1;
680
- while (idx < argv.length) {
681
- const token = readTrimmedArgToken(argv, idx);
682
- if (!token) {
683
- idx += 1;
684
- continue;
685
- }
686
- if (!token.startsWith("-")) {
687
- if (token !== "exec") return null;
688
- idx += 1;
689
- break;
690
- }
691
- if ((token === "-C" || token === "--prefix" || token === "--userconfig") && !token.includes("=")) {
692
- idx += 2;
693
- continue;
694
- }
695
- idx += 1;
696
- }
697
- if (idx >= argv.length) return null;
698
- const tail = argv.slice(idx);
699
- if (tail[0] === "--") return tail.length > 1 ? tail.slice(1) : null;
700
- return unwrapDirectPackageExecInvocation(["npx", ...tail]);
701
- }
702
- function resolvePosixShellScriptOperandIndex(argv) {
703
- if (resolveInlineCommandMatch(argv, POSIX_INLINE_COMMAND_FLAGS, { allowCombinedC: true }).valueTokenIndex !== null) return null;
704
- let afterDoubleDash = false;
705
- for (let i = 1; i < argv.length; i += 1) {
706
- const token = readTrimmedArgToken(argv, i);
707
- if (!token) continue;
708
- if (token === "-") return null;
709
- if (!afterDoubleDash && token === "--") {
710
- afterDoubleDash = true;
711
- continue;
712
- }
713
- if (!afterDoubleDash && token === "-s") return null;
714
- if (!afterDoubleDash && token.startsWith("-")) {
715
- const flag = normalizeOptionFlag(token);
716
- if (POSIX_SHELL_OPTIONS_WITH_VALUE.has(flag)) {
717
- if (!token.includes("=")) i += 1;
718
- continue;
719
- }
720
- continue;
721
- }
722
- return i;
723
- }
724
- return null;
725
- }
726
- function resolveOptionFilteredFileOperandIndex(params) {
727
- let afterDoubleDash = false;
728
- for (let i = params.startIndex; i < params.argv.length; i += 1) {
729
- const token = readTrimmedArgToken(params.argv, i);
730
- if (!token) continue;
731
- if (afterDoubleDash) return resolvesToExistingFileSync(token, params.cwd) ? i : null;
732
- if (token === "--") {
733
- afterDoubleDash = true;
734
- continue;
735
- }
736
- if (token === "-") return null;
737
- if (token.startsWith("-")) {
738
- if (!token.includes("=") && params.optionsWithValue?.has(token)) i += 1;
739
- continue;
740
- }
741
- return resolvesToExistingFileSync(token, params.cwd) ? i : null;
742
- }
743
- return null;
744
- }
745
- function resolveOptionFilteredPositionalIndex(params) {
746
- let afterDoubleDash = false;
747
- for (let i = params.startIndex; i < params.argv.length; i += 1) {
748
- const token = readTrimmedArgToken(params.argv, i);
749
- if (!token) continue;
750
- if (afterDoubleDash) return i;
751
- if (token === "--") {
752
- afterDoubleDash = true;
753
- continue;
754
- }
755
- if (token === "-") return null;
756
- if (token.startsWith("-")) {
757
- if (!token.includes("=") && params.optionsWithValue?.has(token)) i += 1;
758
- continue;
759
- }
760
- return i;
761
- }
762
- return null;
763
- }
764
- function collectExistingFileOperandIndexes(params) {
765
- let afterDoubleDash = false;
766
- const hits = [];
767
- for (let i = params.startIndex; i < params.argv.length; i += 1) {
768
- const token = readTrimmedArgToken(params.argv, i);
769
- if (!token) continue;
770
- if (afterDoubleDash) {
771
- if (resolvesToExistingFileSync(token, params.cwd)) hits.push(i);
772
- continue;
773
- }
774
- if (token === "--") {
775
- afterDoubleDash = true;
776
- continue;
777
- }
778
- if (token === "-") return {
779
- hits: [],
780
- sawOptionValueFile: false
781
- };
782
- if (token.startsWith("-")) {
783
- const [flag, inlineValue] = token.split("=", 2);
784
- if (params.optionsWithFileValue?.has(normalizeLowercaseStringOrEmpty(flag))) {
785
- if (inlineValue && resolvesToExistingFileSync(inlineValue, params.cwd)) {
786
- hits.push(i);
787
- return {
788
- hits,
789
- sawOptionValueFile: true
790
- };
791
- }
792
- const nextToken = readTrimmedArgToken(params.argv, i + 1);
793
- if (!inlineValue && nextToken && resolvesToExistingFileSync(nextToken, params.cwd)) {
794
- hits.push(i + 1);
795
- return {
796
- hits,
797
- sawOptionValueFile: true
798
- };
799
- }
800
- }
801
- continue;
802
- }
803
- if (resolvesToExistingFileSync(token, params.cwd)) hits.push(i);
804
- }
805
- return {
806
- hits,
807
- sawOptionValueFile: false
808
- };
809
- }
810
- function resolveGenericInterpreterScriptOperandIndex(params) {
811
- const collection = collectExistingFileOperandIndexes({
812
- argv: params.argv,
813
- startIndex: 1,
814
- cwd: params.cwd,
815
- optionsWithFileValue: params.optionsWithFileValue
816
- });
817
- if (collection.sawOptionValueFile) return null;
818
- return collection.hits.length === 1 ? collection.hits[0] : null;
819
- }
820
- function resolveBunScriptOperandIndex(params) {
821
- const directIndex = resolveOptionFilteredPositionalIndex({
822
- argv: params.argv,
823
- startIndex: 1,
824
- optionsWithValue: BUN_OPTIONS_WITH_VALUE
825
- });
826
- if (directIndex === null) return null;
827
- const directToken = readTrimmedArgToken(params.argv, directIndex);
828
- if (directToken === "run") return resolveOptionFilteredFileOperandIndex({
829
- argv: params.argv,
830
- startIndex: directIndex + 1,
831
- cwd: params.cwd,
832
- optionsWithValue: BUN_OPTIONS_WITH_VALUE
833
- });
834
- if (BUN_SUBCOMMANDS.has(directToken)) return null;
835
- if (!looksLikePathToken(directToken)) return null;
836
- return directIndex;
837
- }
838
- function resolveDenoRunScriptOperandIndex(params) {
839
- if (readTrimmedArgToken(params.argv, 1) !== "run") return null;
840
- return resolveOptionFilteredFileOperandIndex({
841
- argv: params.argv,
842
- startIndex: 2,
843
- cwd: params.cwd,
844
- optionsWithValue: DENO_RUN_OPTIONS_WITH_VALUE
845
- });
846
- }
847
- function hasRubyUnsafeApprovalFlag(argv) {
848
- let afterDoubleDash = false;
849
- for (let i = 1; i < argv.length; i += 1) {
850
- const token = readTrimmedArgToken(argv, i);
851
- if (!token) continue;
852
- if (afterDoubleDash) return false;
853
- if (token === "--") {
854
- afterDoubleDash = true;
855
- continue;
856
- }
857
- if (token === "-I" || token === "-r") return true;
858
- if (token.startsWith("-I") || token.startsWith("-r")) return true;
859
- if (RUBY_UNSAFE_APPROVAL_FLAGS.has(normalizeLowercaseStringOrEmpty(token))) return true;
860
- }
861
- return false;
862
- }
863
- function hasPerlUnsafeApprovalFlag(argv) {
864
- let afterDoubleDash = false;
865
- for (let i = 1; i < argv.length; i += 1) {
866
- const token = readTrimmedArgToken(argv, i);
867
- if (!token) continue;
868
- if (afterDoubleDash) return false;
869
- if (token === "--") {
870
- afterDoubleDash = true;
871
- continue;
872
- }
873
- if (token === "-I" || token === "-M" || token === "-m") return true;
874
- if (token.startsWith("-I") || token.startsWith("-M") || token.startsWith("-m")) return true;
875
- if (PERL_UNSAFE_APPROVAL_FLAGS.has(token)) return true;
876
- }
877
- return false;
878
- }
879
- function isMutableScriptRunner(executable) {
880
- return GENERIC_MUTABLE_SCRIPT_RUNNERS.has(executable) || OPAQUE_MUTABLE_SCRIPT_RUNNERS.has(executable) || isInterpreterLikeSafeBin(executable);
881
- }
882
- function resolveMutableFileOperandIndex(argv, cwd) {
883
- const unwrapped = unwrapArgvForMutableOperand(argv);
884
- const executable = normalizeExecutableToken(unwrapped.argv[0] ?? "");
885
- if (!executable) return null;
886
- if (unwrapped.opaqueMultiplexerSeen || OPAQUE_MUTABLE_SCRIPT_RUNNERS.has(executable)) return null;
887
- if (POSIX_SHELL_WRAPPERS.has(executable)) {
888
- const shellIndex = resolvePosixShellScriptOperandIndex(unwrapped.argv);
889
- return shellIndex === null ? null : unwrapped.baseIndex + shellIndex;
890
- }
891
- if (MUTABLE_ARGV1_INTERPRETER_PATTERNS.some((pattern) => pattern.test(executable))) {
892
- const operand = readTrimmedArgToken(unwrapped.argv, 1);
893
- if (operand && operand !== "-" && !operand.startsWith("-")) return unwrapped.baseIndex + 1;
894
- }
895
- if (executable === "bun") {
896
- const bunIndex = resolveBunScriptOperandIndex({
897
- argv: unwrapped.argv,
898
- cwd
899
- });
900
- if (bunIndex !== null) return unwrapped.baseIndex + bunIndex;
901
- }
902
- if (executable === "deno") {
903
- const denoIndex = resolveDenoRunScriptOperandIndex({
904
- argv: unwrapped.argv,
905
- cwd
906
- });
907
- if (denoIndex !== null) return unwrapped.baseIndex + denoIndex;
908
- }
909
- if (executable === "ruby" && hasRubyUnsafeApprovalFlag(unwrapped.argv)) return null;
910
- if (executable === "perl" && hasPerlUnsafeApprovalFlag(unwrapped.argv)) return null;
911
- if (!isMutableScriptRunner(executable)) return null;
912
- const genericIndex = resolveGenericInterpreterScriptOperandIndex({
913
- argv: unwrapped.argv,
914
- cwd,
915
- optionsWithFileValue: executable === "node" || executable === "nodejs" ? NODE_OPTIONS_WITH_FILE_VALUE : void 0
916
- });
917
- return genericIndex === null ? null : unwrapped.baseIndex + genericIndex;
918
- }
919
- function shellPayloadNeedsStableBinding(shellCommand, cwd) {
920
- const argv = splitShellArgs(shellCommand);
921
- if (!argv || argv.length === 0) return false;
922
- const snapshot = resolveMutableFileOperandSnapshotSync({
923
- argv,
924
- cwd,
925
- shellCommand: null
926
- });
927
- if (!snapshot.ok) return true;
928
- if (snapshot.snapshot) return true;
929
- const firstToken = readTrimmedArgToken(argv, 0);
930
- if (!resolvesToExistingFileSync(firstToken, cwd)) return false;
931
- if (!path.isAbsolute(firstToken)) return true;
932
- const resolvedPath = path.resolve(cwd ?? process.cwd(), firstToken);
933
- if (pathLooksMutableForShellPayloadSync(resolvedPath)) return true;
934
- return isLikelyScriptLikePathSync(resolvedPath);
935
- }
936
- function requiresStableInterpreterApprovalBindingWithShellCommand(params) {
937
- const unwrapped = unwrapArgvForMutableOperand(params.argv);
938
- if (unwrapped.opaqueMultiplexerSeen) return true;
939
- if (params.shellCommand !== null) return shellPayloadNeedsStableBinding(params.shellCommand, params.cwd);
940
- if (pnpmDlxInvocationNeedsFailClosedBinding(params.argv, params.cwd)) return true;
941
- const executable = normalizeExecutableToken(unwrapped.argv[0] ?? "");
942
- if (!executable) return false;
943
- if (POSIX_SHELL_WRAPPERS.has(executable)) return false;
944
- return isMutableScriptRunner(executable);
945
- }
946
- function pnpmDlxInvocationNeedsFailClosedBinding(argv, cwd) {
947
- if (normalizePackageManagerExecToken(argv[0] ?? "") !== "pnpm") return false;
948
- let idx = 1;
949
- while (idx < argv.length) {
950
- const token = readTrimmedArgToken(argv, idx);
951
- if (!token) {
952
- idx += 1;
953
- continue;
954
- }
955
- if (token === "--") {
956
- idx += 1;
957
- continue;
958
- }
959
- if (!token.startsWith("-")) {
960
- if (token !== "dlx") return false;
961
- return pnpmDlxTailNeedsFailClosedBinding(argv.slice(idx + 1), cwd);
962
- }
963
- const flag = normalizeOptionFlag(token);
964
- if (PNPM_OPTIONS_WITH_VALUE.has(flag) || PNPM_DLX_OPTIONS_WITH_VALUE.has(flag)) {
965
- idx += token.includes("=") ? 1 : 2;
966
- continue;
967
- }
968
- if (PNPM_FLAG_OPTIONS.has(flag)) {
969
- idx += 1;
970
- continue;
971
- }
972
- return true;
973
- }
974
- return false;
975
- }
976
- function pnpmDlxTailNeedsFailClosedBinding(argv, cwd) {
977
- let idx = 0;
978
- while (idx < argv.length) {
979
- const token = readTrimmedArgToken(argv, idx);
980
- if (!token) {
981
- idx += 1;
982
- continue;
983
- }
984
- if (token === "--") return pnpmDlxTailMayNeedStableBinding(argv.slice(idx + 1), cwd);
985
- if (!token.startsWith("-")) return pnpmDlxTailMayNeedStableBinding(argv.slice(idx), cwd);
986
- const flag = normalizeOptionFlag(token);
987
- if (flag === "-c" || flag === "--shell-mode") return false;
988
- if (PNPM_OPTIONS_WITH_VALUE.has(flag) || PNPM_DLX_OPTIONS_WITH_VALUE.has(flag)) {
989
- idx += token.includes("=") ? 1 : 2;
990
- continue;
991
- }
992
- if (PNPM_FLAG_OPTIONS.has(flag)) {
993
- idx += 1;
994
- continue;
995
- }
996
- return true;
997
- }
998
- return true;
999
- }
1000
- function pnpmDlxTailMayNeedStableBinding(argv, cwd) {
1001
- const snapshot = resolveMutableFileOperandSnapshotSync({
1002
- argv,
1003
- cwd,
1004
- shellCommand: null
1005
- });
1006
- return snapshot.ok && snapshot.snapshot !== null;
1007
- }
1008
- function resolveMutableFileOperandSnapshotSync(params) {
1009
- const argvIndex = resolveMutableFileOperandIndex(params.argv, params.cwd);
1010
- if (argvIndex === null) {
1011
- if (requiresStableInterpreterApprovalBindingWithShellCommand({
1012
- argv: params.argv,
1013
- shellCommand: params.shellCommand,
1014
- cwd: params.cwd
1015
- })) return {
1016
- ok: false,
1017
- message: "SYSTEM_RUN_DENIED: approval cannot safely bind this interpreter/runtime command"
1018
- };
1019
- return {
1020
- ok: true,
1021
- snapshot: null
1022
- };
1023
- }
1024
- const rawOperand = readTrimmedArgToken(params.argv, argvIndex);
1025
- if (!rawOperand) return {
1026
- ok: false,
1027
- message: "SYSTEM_RUN_DENIED: approval requires a stable script operand"
1028
- };
1029
- const resolvedPath = path.resolve(params.cwd ?? process.cwd(), rawOperand);
1030
- let realPath;
1031
- let stat;
1032
- try {
1033
- realPath = fs.realpathSync(resolvedPath);
1034
- stat = fs.statSync(realPath);
1035
- } catch {
1036
- return {
1037
- ok: false,
1038
- message: "SYSTEM_RUN_DENIED: approval requires an existing script operand"
1039
- };
1040
- }
1041
- if (!stat.isFile()) return {
1042
- ok: false,
1043
- message: "SYSTEM_RUN_DENIED: approval requires a file script operand"
1044
- };
1045
- return {
1046
- ok: true,
1047
- snapshot: {
1048
- argvIndex,
1049
- path: realPath,
1050
- sha256: hashFileContentsSync(realPath)
1051
- }
1052
- };
1053
- }
1054
- function resolveCanonicalApprovalCwdSync(cwd) {
1055
- const requestedCwd = path.resolve(cwd);
1056
- let cwdLstat;
1057
- let cwdStat;
1058
- let cwdReal;
1059
- let cwdRealStat;
1060
- try {
1061
- cwdLstat = fs.lstatSync(requestedCwd);
1062
- cwdStat = fs.statSync(requestedCwd);
1063
- cwdReal = fs.realpathSync(requestedCwd);
1064
- cwdRealStat = fs.statSync(cwdReal);
1065
- } catch {
1066
- return {
1067
- ok: false,
1068
- message: "SYSTEM_RUN_DENIED: approval requires an existing canonical cwd"
1069
- };
1070
- }
1071
- if (!cwdStat.isDirectory()) return {
1072
- ok: false,
1073
- message: "SYSTEM_RUN_DENIED: approval requires cwd to be a directory"
1074
- };
1075
- if (hasMutableSymlinkPathComponentSync(requestedCwd)) return {
1076
- ok: false,
1077
- message: "SYSTEM_RUN_DENIED: approval requires canonical cwd (no symlink path components)"
1078
- };
1079
- if (cwdLstat.isSymbolicLink()) return {
1080
- ok: false,
1081
- message: "SYSTEM_RUN_DENIED: approval requires canonical cwd (no symlink cwd)"
1082
- };
1083
- if (!sameFileIdentity(cwdStat, cwdLstat) || !sameFileIdentity(cwdStat, cwdRealStat) || !sameFileIdentity(cwdLstat, cwdRealStat)) return {
1084
- ok: false,
1085
- message: "SYSTEM_RUN_DENIED: approval cwd identity mismatch"
1086
- };
1087
- return {
1088
- ok: true,
1089
- snapshot: {
1090
- cwd: cwdReal,
1091
- stat: cwdStat
1092
- }
1093
- };
1094
- }
1095
- function revalidateApprovedCwdSnapshot(params) {
1096
- const current = resolveCanonicalApprovalCwdSync(params.snapshot.cwd);
1097
- if (!current.ok) return false;
1098
- return sameFileIdentity(params.snapshot.stat, current.snapshot.stat);
1099
- }
1100
- function revalidateApprovedMutableFileOperand(params) {
1101
- const operand = params.argv[params.snapshot.argvIndex]?.trim();
1102
- if (!operand) return false;
1103
- const resolvedPath = path.resolve(params.cwd ?? process.cwd(), operand);
1104
- let realPath;
1105
- try {
1106
- realPath = fs.realpathSync(resolvedPath);
1107
- } catch {
1108
- return false;
1109
- }
1110
- if (realPath !== params.snapshot.path) return false;
1111
- try {
1112
- return hashFileContentsSync(realPath) === params.snapshot.sha256;
1113
- } catch {
1114
- return false;
1115
- }
1116
- }
1117
- function hardenApprovedExecutionPaths(params) {
1118
- if (!params.approvedByAsk) return {
1119
- ok: true,
1120
- argv: params.argv,
1121
- argvChanged: false,
1122
- cwd: params.cwd,
1123
- approvedCwdSnapshot: void 0
1124
- };
1125
- let hardenedCwd = params.cwd;
1126
- let approvedCwdSnapshot;
1127
- if (hardenedCwd) {
1128
- const canonicalCwd = resolveCanonicalApprovalCwdSync(hardenedCwd);
1129
- if (!canonicalCwd.ok) return canonicalCwd;
1130
- hardenedCwd = canonicalCwd.snapshot.cwd;
1131
- approvedCwdSnapshot = canonicalCwd.snapshot;
1132
- }
1133
- if (params.argv.length === 0) return {
1134
- ok: true,
1135
- argv: params.argv,
1136
- argvChanged: false,
1137
- cwd: hardenedCwd,
1138
- approvedCwdSnapshot
1139
- };
1140
- const resolution = resolveCommandResolutionFromArgv(params.argv, hardenedCwd);
1141
- if (!shouldPinExecutableForApproval({
1142
- shellCommand: params.shellCommand,
1143
- wrapperChain: resolution?.wrapperChain
1144
- })) return {
1145
- ok: true,
1146
- argv: params.argv,
1147
- argvChanged: false,
1148
- cwd: hardenedCwd,
1149
- approvedCwdSnapshot
1150
- };
1151
- const pinnedExecutable = resolution?.execution.resolvedRealPath ?? resolution?.execution.resolvedPath;
1152
- if (!pinnedExecutable) return {
1153
- ok: false,
1154
- message: "SYSTEM_RUN_DENIED: approval requires a stable executable path"
1155
- };
1156
- if (pinnedExecutable === params.argv[0]) return {
1157
- ok: true,
1158
- argv: params.argv,
1159
- argvChanged: false,
1160
- cwd: hardenedCwd,
1161
- approvedCwdSnapshot
1162
- };
1163
- const argv = [...params.argv];
1164
- argv[0] = pinnedExecutable;
1165
- return {
1166
- ok: true,
1167
- argv,
1168
- argvChanged: true,
1169
- cwd: hardenedCwd,
1170
- approvedCwdSnapshot
1171
- };
1172
- }
1173
- function buildSystemRunApprovalPlan(params) {
1174
- const command = resolveSystemRunCommandRequest({
1175
- command: params.command,
1176
- rawCommand: params.rawCommand
1177
- });
1178
- if (!command.ok) return {
1179
- ok: false,
1180
- message: command.message
1181
- };
1182
- if (command.argv.length === 0) return {
1183
- ok: false,
1184
- message: "command required"
1185
- };
1186
- const hardening = hardenApprovedExecutionPaths({
1187
- approvedByAsk: true,
1188
- argv: command.argv,
1189
- shellCommand: command.shellPayload,
1190
- cwd: normalizeNullableString(params.cwd) ?? void 0
1191
- });
1192
- if (!hardening.ok) return {
1193
- ok: false,
1194
- message: hardening.message
1195
- };
1196
- const commandText = formatExecCommand(hardening.argv);
1197
- const commandPreview = command.previewText?.trim() && command.previewText.trim() !== commandText ? command.previewText.trim() : null;
1198
- const mutableFileOperand = resolveMutableFileOperandSnapshotSync({
1199
- argv: hardening.argv,
1200
- cwd: hardening.cwd,
1201
- shellCommand: command.shellPayload
1202
- });
1203
- if (!mutableFileOperand.ok) return {
1204
- ok: false,
1205
- message: mutableFileOperand.message
1206
- };
1207
- return {
1208
- ok: true,
1209
- plan: {
1210
- argv: hardening.argv,
1211
- cwd: hardening.cwd ?? null,
1212
- commandText,
1213
- commandPreview,
1214
- agentId: normalizeNullableString(params.agentId),
1215
- sessionKey: normalizeNullableString(params.sessionKey),
1216
- mutableFileOperand: mutableFileOperand.snapshot ?? void 0
1217
- }
1218
- };
1219
- }
1220
- //#endregion
1221
- //#region src/node-host/invoke-system-run.ts
1222
- const safeBinTrustedDirWarningCache = /* @__PURE__ */ new Set();
1223
- const APPROVAL_CWD_DRIFT_DENIED_MESSAGE = "SYSTEM_RUN_DENIED: approval cwd changed before execution";
1224
- const APPROVAL_SCRIPT_OPERAND_BINDING_DENIED_MESSAGE = "SYSTEM_RUN_DENIED: approval missing script operand binding";
1225
- const APPROVAL_SCRIPT_OPERAND_DRIFT_DENIED_MESSAGE = "SYSTEM_RUN_DENIED: approval script operand changed before execution";
1226
- function warnWritableTrustedDirOnce(message) {
1227
- if (safeBinTrustedDirWarningCache.has(message)) return;
1228
- safeBinTrustedDirWarningCache.add(message);
1229
- logWarn(message);
1230
- }
1231
- function normalizeDeniedReason(reason) {
1232
- switch (reason) {
1233
- case "security=deny":
1234
- case "approval-required":
1235
- case "allowlist-miss":
1236
- case "execution-plan-miss":
1237
- case "companion-unavailable":
1238
- case "permission:screenRecording": return reason;
1239
- default: return "approval-required";
1240
- }
1241
- }
1242
- function resolveAgentExecConfig(cfg, agentId) {
1243
- if (!agentId) return;
1244
- const normalizedAgentId = normalizeAgentId(agentId);
1245
- return (cfg.agents?.list?.find((candidate) => candidate !== null && typeof candidate === "object" && normalizeAgentId(candidate.id) === normalizedAgentId))?.tools?.exec;
1246
- }
1247
- async function loadSystemRunConfig(opts) {
1248
- if (opts.loadConfig) return opts.loadConfig();
1249
- const { loadConfig } = await import("./config-DDoTcXdn.js");
1250
- return loadConfig();
1251
- }
1252
- async function sendSystemRunDenied(opts, execution, params) {
1253
- await opts.sendNodeEvent(opts.client, "exec.denied", opts.buildExecEventPayload({
1254
- sessionKey: execution.sessionKey,
1255
- runId: execution.runId,
1256
- host: "node",
1257
- command: execution.commandText,
1258
- reason: params.reason,
1259
- suppressNotifyOnExit: execution.suppressNotifyOnExit
1260
- }));
1261
- await opts.sendInvokeResult({
1262
- ok: false,
1263
- error: {
1264
- code: "UNAVAILABLE",
1265
- message: params.message
1266
- }
1267
- });
1268
- }
1269
- async function sendSystemRunCompleted(opts, execution, result, payloadJSON) {
1270
- await opts.sendExecFinishedEvent({
1271
- sessionKey: execution.sessionKey,
1272
- runId: execution.runId,
1273
- commandText: execution.commandText,
1274
- result,
1275
- suppressNotifyOnExit: execution.suppressNotifyOnExit
1276
- });
1277
- await opts.sendInvokeResult({
1278
- ok: true,
1279
- payloadJSON
1280
- });
1281
- }
1282
- async function parseSystemRunPhase(opts) {
1283
- const command = resolveSystemRunCommandRequest({
1284
- command: opts.params.command,
1285
- rawCommand: opts.params.rawCommand
1286
- });
1287
- if (!command.ok) {
1288
- await opts.sendInvokeResult({
1289
- ok: false,
1290
- error: {
1291
- code: "INVALID_REQUEST",
1292
- message: command.message
1293
- }
1294
- });
1295
- return null;
1296
- }
1297
- if (command.argv.length === 0) {
1298
- await opts.sendInvokeResult({
1299
- ok: false,
1300
- error: {
1301
- code: "INVALID_REQUEST",
1302
- message: "command required"
1303
- }
1304
- });
1305
- return null;
1306
- }
1307
- const shellPayload = command.shellPayload;
1308
- const shellWrapperInvocation = isShellWrapperInvocation(command.argv);
1309
- const commandText = command.commandText;
1310
- const approvalPlan = opts.params.systemRunPlan === void 0 ? null : normalizeSystemRunApprovalPlan(opts.params.systemRunPlan);
1311
- if (opts.params.systemRunPlan !== void 0 && !approvalPlan) {
1312
- await opts.sendInvokeResult({
1313
- ok: false,
1314
- error: {
1315
- code: "INVALID_REQUEST",
1316
- message: "systemRunPlan invalid"
1317
- }
1318
- });
1319
- return null;
1320
- }
1321
- const agentId = normalizeOptionalString(opts.params.agentId);
1322
- const sessionKey = normalizeOptionalString(opts.params.sessionKey) ?? "node";
1323
- const runId = normalizeOptionalString(opts.params.runId) ?? crypto.randomUUID();
1324
- const suppressNotifyOnExit = opts.params.suppressNotifyOnExit === true;
1325
- const envAssignmentKeys = extractEnvAssignmentKeysFromDispatchWrappers(command.argv);
1326
- const envAssignmentDiagnostics = inspectHostExecEnvOverrides({
1327
- overrides: envAssignmentKeys.length > 0 ? Object.fromEntries(envAssignmentKeys.map((key) => [key, "1"])) : void 0,
1328
- blockPathOverrides: true
1329
- });
1330
- if (envAssignmentDiagnostics.rejectedOverrideBlockedKeys.length > 0) {
1331
- await opts.sendInvokeResult({
1332
- ok: false,
1333
- error: {
1334
- code: "INVALID_REQUEST",
1335
- message: `SYSTEM_RUN_DENIED: command env assignment rejected (blocked env assignment keys: ${envAssignmentDiagnostics.rejectedOverrideBlockedKeys.join(", ")})`
1336
- }
1337
- });
1338
- return null;
1339
- }
1340
- const envOverrideDiagnostics = inspectHostExecEnvOverrides({
1341
- overrides: opts.params.env ?? void 0,
1342
- blockPathOverrides: true
1343
- });
1344
- if (envOverrideDiagnostics.rejectedOverrideBlockedKeys.length > 0 || envOverrideDiagnostics.rejectedOverrideInvalidKeys.length > 0) {
1345
- const details = [];
1346
- if (envOverrideDiagnostics.rejectedOverrideBlockedKeys.length > 0) details.push(`blocked override keys: ${envOverrideDiagnostics.rejectedOverrideBlockedKeys.join(", ")}`);
1347
- if (envOverrideDiagnostics.rejectedOverrideInvalidKeys.length > 0) details.push(`invalid non-portable override keys: ${envOverrideDiagnostics.rejectedOverrideInvalidKeys.join(", ")}`);
1348
- await opts.sendInvokeResult({
1349
- ok: false,
1350
- error: {
1351
- code: "INVALID_REQUEST",
1352
- message: `SYSTEM_RUN_DENIED: environment override rejected (${details.join("; ")})`
1353
- }
1354
- });
1355
- return null;
1356
- }
1357
- const envOverrides = sanitizeSystemRunEnvOverrides({
1358
- overrides: opts.params.env ?? void 0,
1359
- shellWrapper: shellWrapperInvocation
1360
- });
1361
- return {
1362
- argv: command.argv,
1363
- shellPayload,
1364
- shellWrapperInvocation,
1365
- commandText,
1366
- commandPreview: command.previewText,
1367
- approvalPlan,
1368
- agentId,
1369
- sessionKey,
1370
- runId,
1371
- execution: {
1372
- sessionKey,
1373
- runId,
1374
- commandText,
1375
- suppressNotifyOnExit
1376
- },
1377
- approvalDecision: resolveExecApprovalDecision(opts.params.approvalDecision),
1378
- envOverrides,
1379
- env: opts.sanitizeEnv(envOverrides),
1380
- cwd: normalizeOptionalString(opts.params.cwd),
1381
- timeoutMs: opts.params.timeoutMs ?? void 0,
1382
- needsScreenRecording: opts.params.needsScreenRecording === true,
1383
- approved: opts.params.approved === true,
1384
- suppressNotifyOnExit
1385
- };
1386
- }
1387
- async function evaluateSystemRunPolicyPhase(opts, parsed) {
1388
- const cfg = await loadSystemRunConfig(opts);
1389
- const agentExec = resolveAgentExecConfig(cfg, parsed.agentId);
1390
- const configuredSecurity = opts.resolveExecSecurity(agentExec?.security ?? cfg.tools?.exec?.security);
1391
- const configuredAsk = opts.resolveExecAsk(agentExec?.ask ?? cfg.tools?.exec?.ask);
1392
- const approvals = resolveExecApprovals(parsed.agentId, {
1393
- security: configuredSecurity,
1394
- ask: configuredAsk
1395
- });
1396
- const security = approvals.agent.security;
1397
- const ask = approvals.agent.ask;
1398
- const autoAllowSkills = approvals.agent.autoAllowSkills;
1399
- const { safeBins, safeBinProfiles, trustedSafeBinDirs } = resolveExecSafeBinRuntimePolicy({
1400
- global: cfg.tools?.exec,
1401
- local: agentExec,
1402
- onWarning: warnWritableTrustedDirOnce
1403
- });
1404
- const bins = autoAllowSkills ? await opts.skillBins.current() : [];
1405
- let { analysisOk, allowlistMatches, allowlistSatisfied, segments, segmentAllowlistEntries } = evaluateSystemRunAllowlist({
1406
- shellCommand: parsed.shellPayload,
1407
- argv: parsed.argv,
1408
- approvals,
1409
- security,
1410
- safeBins,
1411
- safeBinProfiles,
1412
- trustedSafeBinDirs,
1413
- cwd: parsed.cwd,
1414
- env: parsed.env,
1415
- skillBins: bins,
1416
- autoAllowSkills
1417
- });
1418
- const strictInlineEval = agentExec?.strictInlineEval === true || cfg.tools?.exec?.strictInlineEval === true;
1419
- const inlineEvalHit = strictInlineEval ? segments.map((segment) => detectInterpreterInlineEvalArgv(segment.resolution?.effectiveArgv ?? segment.argv)).find((entry) => entry !== null) ?? null : null;
1420
- const isWindows = process.platform === "win32";
1421
- const cmdDetectionArgv = resolveShellWrapperTransportArgv(parsed.argv) ?? parsed.argv;
1422
- const cmdInvocation = opts.isCmdExeInvocation(cmdDetectionArgv);
1423
- const durableApprovalSatisfied = hasDurableExecApproval({
1424
- analysisOk,
1425
- segmentAllowlistEntries,
1426
- allowlist: approvals.allowlist,
1427
- commandText: parsed.commandText
1428
- });
1429
- const inlineEvalExecutableTrusted = inlineEvalHit !== null && segmentAllowlistEntries.some((entry) => entry?.source === "allow-always");
1430
- const policy = evaluateSystemRunPolicy({
1431
- security,
1432
- ask,
1433
- analysisOk,
1434
- allowlistSatisfied,
1435
- durableApprovalSatisfied: durableApprovalSatisfied || inlineEvalExecutableTrusted,
1436
- approvalDecision: parsed.approvalDecision,
1437
- approved: parsed.approved,
1438
- isWindows,
1439
- cmdInvocation,
1440
- shellWrapperInvocation: parsed.shellPayload !== null
1441
- });
1442
- analysisOk = policy.analysisOk;
1443
- allowlistSatisfied = policy.allowlistSatisfied;
1444
- if (inlineEvalHit !== null && !policy.approvedByAsk && (policy.allowed ? true : policy.eventReason !== "security=deny")) {
1445
- await sendSystemRunDenied(opts, parsed.execution, {
1446
- reason: "approval-required",
1447
- message: `SYSTEM_RUN_DENIED: approval required (${describeInterpreterInlineEval(inlineEvalHit)} requires explicit approval in strictInlineEval mode)`
1448
- });
1449
- return null;
1450
- }
1451
- if (!policy.allowed) {
1452
- await sendSystemRunDenied(opts, parsed.execution, {
1453
- reason: policy.eventReason,
1454
- message: policy.errorMessage
1455
- });
1456
- return null;
1457
- }
1458
- if (policy.shellWrapperBlocked && !policy.approvedByAsk && !durableApprovalSatisfied) {
1459
- await sendSystemRunDenied(opts, parsed.execution, {
1460
- reason: "approval-required",
1461
- message: "SYSTEM_RUN_DENIED: approval required"
1462
- });
1463
- return null;
1464
- }
1465
- const hardenedPaths = hardenApprovedExecutionPaths({
1466
- approvedByAsk: policy.approvedByAsk,
1467
- argv: parsed.argv,
1468
- shellCommand: parsed.shellPayload,
1469
- cwd: parsed.cwd
1470
- });
1471
- if (!hardenedPaths.ok) {
1472
- await sendSystemRunDenied(opts, parsed.execution, {
1473
- reason: "approval-required",
1474
- message: hardenedPaths.message
1475
- });
1476
- return null;
1477
- }
1478
- const approvedCwdSnapshot = policy.approvedByAsk ? hardenedPaths.approvedCwdSnapshot : void 0;
1479
- if (policy.approvedByAsk && hardenedPaths.cwd && !approvedCwdSnapshot) {
1480
- await sendSystemRunDenied(opts, parsed.execution, {
1481
- reason: "approval-required",
1482
- message: APPROVAL_CWD_DRIFT_DENIED_MESSAGE
1483
- });
1484
- return null;
1485
- }
1486
- const plannedAllowlistArgv = resolvePlannedAllowlistArgv({
1487
- security,
1488
- shellCommand: parsed.shellPayload,
1489
- policy,
1490
- segments
1491
- });
1492
- if (plannedAllowlistArgv === null) {
1493
- await sendSystemRunDenied(opts, parsed.execution, {
1494
- reason: "execution-plan-miss",
1495
- message: "SYSTEM_RUN_DENIED: execution plan mismatch"
1496
- });
1497
- return null;
1498
- }
1499
- return {
1500
- ...parsed,
1501
- argv: hardenedPaths.argv,
1502
- cwd: hardenedPaths.cwd,
1503
- approvals,
1504
- security,
1505
- policy,
1506
- durableApprovalSatisfied,
1507
- strictInlineEval,
1508
- inlineEvalHit,
1509
- allowlistMatches,
1510
- analysisOk,
1511
- allowlistSatisfied,
1512
- segments,
1513
- plannedAllowlistArgv: plannedAllowlistArgv ?? void 0,
1514
- isWindows,
1515
- approvedCwdSnapshot
1516
- };
1517
- }
1518
- async function executeSystemRunPhase(opts, phase) {
1519
- if (phase.approvedCwdSnapshot && !revalidateApprovedCwdSnapshot({ snapshot: phase.approvedCwdSnapshot })) {
1520
- logWarn(`security: system.run approval cwd drift blocked (runId=${phase.runId})`);
1521
- await sendSystemRunDenied(opts, phase.execution, {
1522
- reason: "approval-required",
1523
- message: APPROVAL_CWD_DRIFT_DENIED_MESSAGE
1524
- });
1525
- return;
1526
- }
1527
- const expectedMutableFileOperand = phase.approvalPlan ? resolveMutableFileOperandSnapshotSync({
1528
- argv: phase.argv,
1529
- cwd: phase.cwd,
1530
- shellCommand: phase.shellPayload
1531
- }) : null;
1532
- if (expectedMutableFileOperand && !expectedMutableFileOperand.ok) {
1533
- logWarn(`security: system.run approval script binding blocked (runId=${phase.runId})`);
1534
- await sendSystemRunDenied(opts, phase.execution, {
1535
- reason: "approval-required",
1536
- message: expectedMutableFileOperand.message
1537
- });
1538
- return;
1539
- }
1540
- if (expectedMutableFileOperand?.snapshot && !phase.approvalPlan?.mutableFileOperand) {
1541
- logWarn(`security: system.run approval script binding missing (runId=${phase.runId})`);
1542
- await sendSystemRunDenied(opts, phase.execution, {
1543
- reason: "approval-required",
1544
- message: APPROVAL_SCRIPT_OPERAND_BINDING_DENIED_MESSAGE
1545
- });
1546
- return;
1547
- }
1548
- if (phase.approvalPlan?.mutableFileOperand && !revalidateApprovedMutableFileOperand({
1549
- snapshot: phase.approvalPlan.mutableFileOperand,
1550
- argv: phase.argv,
1551
- cwd: phase.cwd
1552
- })) {
1553
- logWarn(`security: system.run approval script drift blocked (runId=${phase.runId})`);
1554
- await sendSystemRunDenied(opts, phase.execution, {
1555
- reason: "approval-required",
1556
- message: APPROVAL_SCRIPT_OPERAND_DRIFT_DENIED_MESSAGE
1557
- });
1558
- return;
1559
- }
1560
- if (opts.preferMacAppExecHost) {
1561
- const execRequest = {
1562
- command: phase.plannedAllowlistArgv ?? phase.argv,
1563
- rawCommand: phase.commandText || null,
1564
- cwd: phase.cwd ?? null,
1565
- env: phase.envOverrides ?? null,
1566
- timeoutMs: phase.timeoutMs ?? null,
1567
- needsScreenRecording: phase.needsScreenRecording,
1568
- agentId: phase.agentId ?? null,
1569
- sessionKey: phase.sessionKey ?? null,
1570
- approvalDecision: phase.approvalDecision
1571
- };
1572
- const response = await opts.runViaMacAppExecHost({
1573
- approvals: phase.approvals,
1574
- request: execRequest
1575
- });
1576
- if (!response) {
1577
- if (opts.execHostEnforced || !opts.execHostFallbackAllowed) {
1578
- await sendSystemRunDenied(opts, phase.execution, {
1579
- reason: "companion-unavailable",
1580
- message: "COMPANION_APP_UNAVAILABLE: macOS app exec host unreachable"
1581
- });
1582
- return;
1583
- }
1584
- } else if (!response.ok) {
1585
- await sendSystemRunDenied(opts, phase.execution, {
1586
- reason: normalizeDeniedReason(response.error.reason),
1587
- message: response.error.message
1588
- });
1589
- return;
1590
- } else {
1591
- const result = response.payload;
1592
- await sendSystemRunCompleted(opts, phase.execution, result, JSON.stringify(result));
1593
- return;
1594
- }
1595
- }
1596
- if (phase.policy.approvalDecision === "allow-always" && phase.inlineEvalHit === null) {
1597
- if ((phase.policy.analysisOk ? persistAllowAlwaysPatterns({
1598
- approvals: phase.approvals.file,
1599
- agentId: phase.agentId,
1600
- segments: phase.segments,
1601
- cwd: phase.cwd,
1602
- env: phase.env,
1603
- platform: process.platform,
1604
- strictInlineEval: phase.strictInlineEval
1605
- }) : []).length === 0) addDurableCommandApproval(phase.approvals.file, phase.agentId, phase.commandText);
1606
- }
1607
- recordAllowlistMatchesUse({
1608
- approvals: phase.approvals.file,
1609
- agentId: phase.agentId,
1610
- matches: phase.allowlistMatches,
1611
- command: phase.commandText,
1612
- resolvedPath: resolveApprovalAuditCandidatePath(phase.segments[0]?.resolution ?? null, phase.cwd)
1613
- });
1614
- if (phase.needsScreenRecording) {
1615
- await sendSystemRunDenied(opts, phase.execution, {
1616
- reason: "permission:screenRecording",
1617
- message: "PERMISSION_MISSING: screenRecording"
1618
- });
1619
- return;
1620
- }
1621
- const execArgv = resolveSystemRunExecArgv({
1622
- plannedAllowlistArgv: phase.plannedAllowlistArgv,
1623
- argv: phase.argv,
1624
- security: phase.security,
1625
- isWindows: phase.isWindows,
1626
- policy: phase.policy,
1627
- shellCommand: phase.shellPayload,
1628
- segments: phase.segments
1629
- });
1630
- const result = await opts.runCommand(execArgv, phase.cwd, phase.env, phase.timeoutMs);
1631
- applyOutputTruncation(result);
1632
- await sendSystemRunCompleted(opts, phase.execution, result, JSON.stringify({
1633
- exitCode: result.exitCode,
1634
- timedOut: result.timedOut,
1635
- success: result.success,
1636
- stdout: result.stdout,
1637
- stderr: result.stderr,
1638
- error: result.error ?? null
1639
- }));
1640
- }
1641
- async function handleSystemRunInvoke(opts) {
1642
- const parsed = await parseSystemRunPhase(opts);
1643
- if (!parsed) return;
1644
- const policyPhase = await evaluateSystemRunPolicyPhase(opts, parsed);
1645
- if (!policyPhase) return;
1646
- await executeSystemRunPhase(opts, policyPhase);
1647
- }
1648
- //#endregion
1649
- //#region src/node-host/plugin-node-host.ts
1650
- let pluginRegistryLoaderModulePromise;
1651
- async function loadPluginRegistryLoaderModule() {
1652
- pluginRegistryLoaderModulePromise ??= import("./runtime-registry-loader-CGNT5-qz.js");
1653
- return await pluginRegistryLoaderModulePromise;
1654
- }
1655
- async function ensureNodeHostPluginRegistry(params) {
1656
- (await loadPluginRegistryLoaderModule()).ensurePluginRegistryLoaded({
1657
- scope: "all",
1658
- config: params.config,
1659
- activationSourceConfig: params.config,
1660
- env: params.env
1661
- });
1662
- }
1663
- function listRegisteredNodeHostCapsAndCommands() {
1664
- const registry = getActivePluginRegistry();
1665
- const caps = /* @__PURE__ */ new Set();
1666
- const commands = /* @__PURE__ */ new Set();
1667
- for (const entry of registry?.nodeHostCommands ?? []) {
1668
- if (entry.command.cap) caps.add(entry.command.cap);
1669
- commands.add(entry.command.command);
1670
- }
1671
- return {
1672
- caps: [...caps].toSorted((left, right) => left.localeCompare(right)),
1673
- commands: [...commands].toSorted((left, right) => left.localeCompare(right))
1674
- };
1675
- }
1676
- async function invokeRegisteredNodeHostCommand(command, paramsJSON) {
1677
- const match = (getActivePluginRegistry()?.nodeHostCommands ?? []).find((entry) => entry.command.command === command);
1678
- if (!match) return null;
1679
- return await match.command.handle(paramsJSON);
1680
- }
1681
- //#endregion
1682
- //#region src/node-host/invoke.ts
1683
- const OUTPUT_CAP = 2e5;
1684
- const OUTPUT_EVENT_TAIL = 2e4;
1685
- const DEFAULT_NODE_PATH$1 = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin";
1686
- const WINDOWS_CODEPAGE_ENCODING_MAP = {
1687
- 65001: "utf-8",
1688
- 54936: "gb18030",
1689
- 936: "gbk",
1690
- 950: "big5",
1691
- 932: "shift_jis",
1692
- 949: "euc-kr",
1693
- 1252: "windows-1252"
1694
- };
1695
- let cachedWindowsConsoleEncoding;
1696
- const execHostEnforced = normalizeLowercaseStringOrEmpty(process.env.GENESIS_NODE_EXEC_HOST ?? "") === "app";
1697
- const execHostFallbackAllowed = normalizeLowercaseStringOrEmpty(process.env.GENESIS_NODE_EXEC_FALLBACK ?? "") !== "0";
1698
- const preferMacAppExecHost = process.platform === "darwin" && execHostEnforced;
1699
- function resolveExecSecurity(value) {
1700
- return value === "deny" || value === "allowlist" || value === "full" ? value : "allowlist";
1701
- }
1702
- function isCmdExeInvocation(argv) {
1703
- const token = argv[0]?.trim();
1704
- if (!token) return false;
1705
- const base = normalizeLowercaseStringOrEmpty(path.win32.basename(token));
1706
- return base === "cmd.exe" || base === "cmd";
1707
- }
1708
- function resolveExecAsk(value) {
1709
- return value === "off" || value === "on-miss" || value === "always" ? value : "on-miss";
1710
- }
1711
- function sanitizeEnv(overrides) {
1712
- return sanitizeHostExecEnv({
1713
- overrides,
1714
- blockPathOverrides: true
1715
- });
1716
- }
1717
- function truncateOutput(raw, maxChars) {
1718
- if (raw.length <= maxChars) return {
1719
- text: raw,
1720
- truncated: false
1721
- };
1722
- return {
1723
- text: `... (truncated) ${raw.slice(raw.length - maxChars)}`,
1724
- truncated: true
1725
- };
1726
- }
1727
- function parseWindowsCodePage(raw) {
1728
- if (!raw) return null;
1729
- const match = raw.match(/\b(\d{3,5})\b/);
1730
- if (!match?.[1]) return null;
1731
- const codePage = Number.parseInt(match[1], 10);
1732
- if (!Number.isFinite(codePage) || codePage <= 0) return null;
1733
- return codePage;
1734
- }
1735
- function resolveWindowsConsoleEncoding() {
1736
- if (process.platform !== "win32") return null;
1737
- if (cachedWindowsConsoleEncoding !== void 0) return cachedWindowsConsoleEncoding;
1738
- try {
1739
- const result = spawnSync("cmd.exe", [
1740
- "/d",
1741
- "/s",
1742
- "/c",
1743
- "chcp"
1744
- ], {
1745
- windowsHide: true,
1746
- encoding: "utf8",
1747
- stdio: [
1748
- "ignore",
1749
- "pipe",
1750
- "pipe"
1751
- ]
1752
- });
1753
- const codePage = parseWindowsCodePage(`${result.stdout ?? ""}\n${result.stderr ?? ""}`);
1754
- cachedWindowsConsoleEncoding = codePage !== null ? WINDOWS_CODEPAGE_ENCODING_MAP[codePage] ?? null : null;
1755
- } catch {
1756
- cachedWindowsConsoleEncoding = null;
1757
- }
1758
- return cachedWindowsConsoleEncoding;
1759
- }
1760
- function decodeCapturedOutputBuffer(params) {
1761
- const utf8 = params.buffer.toString("utf8");
1762
- if ((params.platform ?? process.platform) !== "win32") return utf8;
1763
- const encoding = params.windowsEncoding ?? resolveWindowsConsoleEncoding();
1764
- if (!encoding || normalizeLowercaseStringOrEmpty(encoding) === "utf-8") return utf8;
1765
- try {
1766
- return new TextDecoder(encoding).decode(params.buffer);
1767
- } catch {
1768
- return utf8;
1769
- }
1770
- }
1771
- function redactExecApprovals(file) {
1772
- const socketPath = file.socket?.path?.trim();
1773
- return {
1774
- ...file,
1775
- socket: socketPath ? { path: socketPath } : void 0
1776
- };
1777
- }
1778
- function requireExecApprovalsBaseHash(params, snapshot) {
1779
- if (!snapshot.exists) return;
1780
- if (!snapshot.hash) throw new Error("INVALID_REQUEST: exec approvals base hash unavailable; reload and retry");
1781
- const baseHash = typeof params.baseHash === "string" ? params.baseHash.trim() : "";
1782
- if (!baseHash) throw new Error("INVALID_REQUEST: exec approvals base hash required; reload and retry");
1783
- if (baseHash !== snapshot.hash) throw new Error("INVALID_REQUEST: exec approvals changed; reload and retry");
1784
- }
1785
- async function runCommand(argv, cwd, env, timeoutMs) {
1786
- return await new Promise((resolve) => {
1787
- const stdoutChunks = [];
1788
- const stderrChunks = [];
1789
- let outputLen = 0;
1790
- let truncated = false;
1791
- let timedOut = false;
1792
- let settled = false;
1793
- const windowsEncoding = resolveWindowsConsoleEncoding();
1794
- const child = spawn(argv[0], argv.slice(1), {
1795
- cwd,
1796
- env,
1797
- stdio: [
1798
- "ignore",
1799
- "pipe",
1800
- "pipe"
1801
- ],
1802
- windowsHide: true
1803
- });
1804
- const onChunk = (chunk, target) => {
1805
- if (outputLen >= OUTPUT_CAP) {
1806
- truncated = true;
1807
- return;
1808
- }
1809
- const remaining = OUTPUT_CAP - outputLen;
1810
- const slice = chunk.length > remaining ? chunk.subarray(0, remaining) : chunk;
1811
- outputLen += slice.length;
1812
- if (target === "stdout") stdoutChunks.push(slice);
1813
- else stderrChunks.push(slice);
1814
- if (chunk.length > remaining) truncated = true;
1815
- };
1816
- child.stdout?.on("data", (chunk) => onChunk(chunk, "stdout"));
1817
- child.stderr?.on("data", (chunk) => onChunk(chunk, "stderr"));
1818
- let timer;
1819
- if (timeoutMs && timeoutMs > 0) timer = setTimeout(() => {
1820
- timedOut = true;
1821
- try {
1822
- child.kill("SIGKILL");
1823
- } catch {}
1824
- }, timeoutMs);
1825
- const finalize = (exitCode, error) => {
1826
- if (settled) return;
1827
- settled = true;
1828
- if (timer) clearTimeout(timer);
1829
- const stdout = decodeCapturedOutputBuffer({
1830
- buffer: Buffer.concat(stdoutChunks),
1831
- windowsEncoding
1832
- });
1833
- const stderr = decodeCapturedOutputBuffer({
1834
- buffer: Buffer.concat(stderrChunks),
1835
- windowsEncoding
1836
- });
1837
- resolve({
1838
- exitCode,
1839
- timedOut,
1840
- success: exitCode === 0 && !timedOut && !error,
1841
- stdout,
1842
- stderr,
1843
- error: error ?? null,
1844
- truncated
1845
- });
1846
- };
1847
- child.on("error", (err) => {
1848
- finalize(void 0, err.message);
1849
- });
1850
- child.on("exit", (code) => {
1851
- finalize(code === null ? void 0 : code, null);
1852
- });
1853
- });
1854
- }
1855
- function resolveEnvPath(env) {
1856
- return (env?.PATH ?? env?.Path ?? process.env.PATH ?? process.env.Path ?? DEFAULT_NODE_PATH$1).split(path.delimiter).filter(Boolean);
1857
- }
1858
- function resolveExecutable(bin, env) {
1859
- if (bin.includes("/") || bin.includes("\\")) return null;
1860
- const extensions = process.platform === "win32" ? (process.env.PATHEXT ?? process.env.PathExt ?? ".EXE;.CMD;.BAT;.COM").split(";").map((ext) => normalizeLowercaseStringOrEmpty(ext)) : [""];
1861
- for (const dir of resolveEnvPath(env)) for (const ext of extensions) {
1862
- const candidate = path.join(dir, bin + ext);
1863
- if (fs.existsSync(candidate)) return candidate;
1864
- }
1865
- return null;
1866
- }
1867
- async function handleSystemWhich(params, env) {
1868
- const bins = params.bins.map((bin) => bin.trim()).filter(Boolean);
1869
- const found = {};
1870
- for (const bin of bins) {
1871
- const path = resolveExecutable(bin, env);
1872
- if (path) found[bin] = path;
1873
- }
1874
- return { bins: found };
1875
- }
1876
- function buildExecEventPayload(payload) {
1877
- if (!payload.output) return payload;
1878
- const trimmed = payload.output.trim();
1879
- if (!trimmed) return payload;
1880
- const { text } = truncateOutput(trimmed, OUTPUT_EVENT_TAIL);
1881
- return {
1882
- ...payload,
1883
- output: text
1884
- };
1885
- }
1886
- async function sendExecFinishedEvent(params) {
1887
- const combined = [
1888
- params.result.stdout,
1889
- params.result.stderr,
1890
- params.result.error
1891
- ].filter(Boolean).join("\n");
1892
- await sendNodeEvent(params.client, "exec.finished", buildExecEventPayload({
1893
- sessionKey: params.sessionKey,
1894
- runId: params.runId,
1895
- host: "node",
1896
- command: params.commandText,
1897
- exitCode: params.result.exitCode ?? void 0,
1898
- timedOut: params.result.timedOut,
1899
- success: params.result.success,
1900
- output: combined,
1901
- suppressNotifyOnExit: params.suppressNotifyOnExit
1902
- }));
1903
- }
1904
- async function runViaMacAppExecHost(params) {
1905
- const { approvals, request } = params;
1906
- return await requestExecHostViaSocket({
1907
- socketPath: approvals.socketPath,
1908
- token: approvals.token,
1909
- request
1910
- });
1911
- }
1912
- async function sendJsonPayloadResult(client, frame, payload) {
1913
- await sendInvokeResult(client, frame, {
1914
- ok: true,
1915
- payloadJSON: JSON.stringify(payload)
1916
- });
1917
- }
1918
- async function sendRawPayloadResult(client, frame, payloadJSON) {
1919
- await sendInvokeResult(client, frame, {
1920
- ok: true,
1921
- payloadJSON
1922
- });
1923
- }
1924
- async function sendErrorResult(client, frame, code, message) {
1925
- await sendInvokeResult(client, frame, {
1926
- ok: false,
1927
- error: {
1928
- code,
1929
- message
1930
- }
1931
- });
1932
- }
1933
- async function sendInvalidRequestResult(client, frame, err) {
1934
- await sendErrorResult(client, frame, "INVALID_REQUEST", String(err));
1935
- }
1936
- async function handleInvoke(frame, client, skillBins) {
1937
- const command = frame.command ?? "";
1938
- if (command === "system.execApprovals.get") {
1939
- try {
1940
- ensureExecApprovals();
1941
- const snapshot = readExecApprovalsSnapshot();
1942
- await sendJsonPayloadResult(client, frame, {
1943
- path: snapshot.path,
1944
- exists: snapshot.exists,
1945
- hash: snapshot.hash,
1946
- file: redactExecApprovals(snapshot.file)
1947
- });
1948
- } catch (err) {
1949
- const message = String(err);
1950
- await sendErrorResult(client, frame, normalizeLowercaseStringOrEmpty(message).includes("timed out") ? "TIMEOUT" : "INVALID_REQUEST", message);
1951
- }
1952
- return;
1953
- }
1954
- if (command === "system.execApprovals.set") {
1955
- try {
1956
- const params = decodeParams(frame.paramsJSON);
1957
- if (!params.file || typeof params.file !== "object") throw new Error("INVALID_REQUEST: exec approvals file required");
1958
- ensureExecApprovals();
1959
- const snapshot = readExecApprovalsSnapshot();
1960
- requireExecApprovalsBaseHash(params, snapshot);
1961
- saveExecApprovals(mergeExecApprovalsSocketDefaults({
1962
- normalized: normalizeExecApprovals(params.file),
1963
- current: snapshot.file
1964
- }));
1965
- const nextSnapshot = readExecApprovalsSnapshot();
1966
- await sendJsonPayloadResult(client, frame, {
1967
- path: nextSnapshot.path,
1968
- exists: nextSnapshot.exists,
1969
- hash: nextSnapshot.hash,
1970
- file: redactExecApprovals(nextSnapshot.file)
1971
- });
1972
- } catch (err) {
1973
- await sendInvalidRequestResult(client, frame, err);
1974
- }
1975
- return;
1976
- }
1977
- if (command === "system.which") {
1978
- try {
1979
- const params = decodeParams(frame.paramsJSON);
1980
- if (!Array.isArray(params.bins)) throw new Error("INVALID_REQUEST: bins required");
1981
- await sendJsonPayloadResult(client, frame, await handleSystemWhich(params, sanitizeEnv(void 0)));
1982
- } catch (err) {
1983
- await sendInvalidRequestResult(client, frame, err);
1984
- }
1985
- return;
1986
- }
1987
- try {
1988
- const pluginNodeHostResult = await invokeRegisteredNodeHostCommand(command, frame.paramsJSON);
1989
- if (pluginNodeHostResult !== null) {
1990
- await sendRawPayloadResult(client, frame, pluginNodeHostResult);
1991
- return;
1992
- }
1993
- } catch (err) {
1994
- await sendInvalidRequestResult(client, frame, err);
1995
- return;
1996
- }
1997
- if (command === "system.run.prepare") {
1998
- try {
1999
- const prepared = buildSystemRunApprovalPlan(decodeParams(frame.paramsJSON));
2000
- if (!prepared.ok) {
2001
- await sendErrorResult(client, frame, "INVALID_REQUEST", prepared.message);
2002
- return;
2003
- }
2004
- await sendJsonPayloadResult(client, frame, { plan: prepared.plan });
2005
- } catch (err) {
2006
- await sendInvalidRequestResult(client, frame, err);
2007
- }
2008
- return;
2009
- }
2010
- if (command !== "system.run") {
2011
- await sendErrorResult(client, frame, "UNAVAILABLE", "command not supported");
2012
- return;
2013
- }
2014
- let params;
2015
- try {
2016
- params = decodeParams(frame.paramsJSON);
2017
- } catch (err) {
2018
- await sendInvalidRequestResult(client, frame, err);
2019
- return;
2020
- }
2021
- if (!Array.isArray(params.command) || params.command.length === 0) {
2022
- await sendErrorResult(client, frame, "INVALID_REQUEST", "command required");
2023
- return;
2024
- }
2025
- await handleSystemRunInvoke({
2026
- client,
2027
- params,
2028
- skillBins,
2029
- execHostEnforced,
2030
- execHostFallbackAllowed,
2031
- resolveExecSecurity,
2032
- resolveExecAsk,
2033
- isCmdExeInvocation,
2034
- sanitizeEnv,
2035
- runCommand,
2036
- runViaMacAppExecHost,
2037
- sendNodeEvent,
2038
- buildExecEventPayload,
2039
- sendInvokeResult: async (result) => {
2040
- await sendInvokeResult(client, frame, result);
2041
- },
2042
- sendExecFinishedEvent: async ({ sessionKey, runId, commandText, result }) => {
2043
- await sendExecFinishedEvent({
2044
- client,
2045
- sessionKey,
2046
- runId,
2047
- commandText,
2048
- result
2049
- });
2050
- },
2051
- preferMacAppExecHost
2052
- });
2053
- }
2054
- function decodeParams(raw) {
2055
- if (!raw) throw new Error("INVALID_REQUEST: paramsJSON required");
2056
- return JSON.parse(raw);
2057
- }
2058
- function coerceNodeInvokePayload(payload) {
2059
- if (!payload || typeof payload !== "object") return null;
2060
- const obj = payload;
2061
- const id = typeof obj.id === "string" ? obj.id.trim() : "";
2062
- const nodeId = typeof obj.nodeId === "string" ? obj.nodeId.trim() : "";
2063
- const command = typeof obj.command === "string" ? obj.command.trim() : "";
2064
- if (!id || !nodeId || !command) return null;
2065
- return {
2066
- id,
2067
- nodeId,
2068
- command,
2069
- paramsJSON: typeof obj.paramsJSON === "string" ? obj.paramsJSON : obj.params !== void 0 ? JSON.stringify(obj.params) : null,
2070
- timeoutMs: typeof obj.timeoutMs === "number" ? obj.timeoutMs : null,
2071
- idempotencyKey: typeof obj.idempotencyKey === "string" ? obj.idempotencyKey : null
2072
- };
2073
- }
2074
- async function sendInvokeResult(client, frame, result) {
2075
- try {
2076
- await client.request("node.invoke.result", buildNodeInvokeResultParams(frame, result));
2077
- } catch {}
2078
- }
2079
- function buildNodeInvokeResultParams(frame, result) {
2080
- const params = {
2081
- id: frame.id,
2082
- nodeId: frame.nodeId,
2083
- ok: result.ok
2084
- };
2085
- if (result.payload !== void 0) params.payload = result.payload;
2086
- if (typeof result.payloadJSON === "string") params.payloadJSON = result.payloadJSON;
2087
- if (result.error) params.error = result.error;
2088
- return params;
2089
- }
2090
- async function sendNodeEvent(client, event, payload) {
2091
- try {
2092
- await client.request("node.event", {
2093
- event,
2094
- payloadJSON: payload ? JSON.stringify(payload) : null
2095
- });
2096
- } catch {}
2097
- }
2098
- //#endregion
2099
- //#region src/node-host/runner.ts
2100
- const DEFAULT_NODE_PATH = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin";
2101
- function writeStderrLine(message) {
2102
- process.stderr.write(`${message}\n`);
2103
- }
2104
- function resolveExecutablePathFromEnv(bin, pathEnv) {
2105
- if (bin.includes("/") || bin.includes("\\")) return null;
2106
- return resolveExecutableFromPathEnv(bin, pathEnv) ?? null;
2107
- }
2108
- function resolveSkillBinTrustEntries(bins, pathEnv) {
2109
- const trustEntries = [];
2110
- const seen = /* @__PURE__ */ new Set();
2111
- for (const bin of bins) {
2112
- const name = bin.trim();
2113
- if (!name) continue;
2114
- const resolvedPath = resolveExecutablePathFromEnv(name, pathEnv);
2115
- if (!resolvedPath) continue;
2116
- const key = `${name}\u0000${resolvedPath}`;
2117
- if (seen.has(key)) continue;
2118
- seen.add(key);
2119
- trustEntries.push({
2120
- name,
2121
- resolvedPath
2122
- });
2123
- }
2124
- return trustEntries.toSorted((left, right) => left.name.localeCompare(right.name) || left.resolvedPath.localeCompare(right.resolvedPath));
2125
- }
2126
- var SkillBinsCache = class {
2127
- constructor(fetch, pathEnv) {
2128
- this.bins = [];
2129
- this.lastRefresh = 0;
2130
- this.ttlMs = 9e4;
2131
- this.fetch = fetch;
2132
- this.pathEnv = pathEnv;
2133
- }
2134
- async current(force = false) {
2135
- if (force || Date.now() - this.lastRefresh > this.ttlMs) await this.refresh();
2136
- return this.bins;
2137
- }
2138
- async refresh() {
2139
- try {
2140
- const bins = await this.fetch();
2141
- this.bins = resolveSkillBinTrustEntries(bins, this.pathEnv);
2142
- this.lastRefresh = Date.now();
2143
- } catch {
2144
- if (!this.lastRefresh) this.bins = [];
2145
- }
2146
- }
2147
- };
2148
- function ensureNodePathEnv() {
2149
- ensureGenesisCliOnPath({ pathEnv: process.env.PATH ?? "" });
2150
- const current = process.env.PATH ?? "";
2151
- if (current.trim()) return current;
2152
- process.env.PATH = DEFAULT_NODE_PATH;
2153
- return DEFAULT_NODE_PATH;
2154
- }
2155
- async function resolveNodeHostGatewayCredentials(params) {
2156
- return await resolveGatewayConnectionAuth({
2157
- config: (params.config.gateway?.mode === "remote" ? "remote" : "local") === "local" ? buildNodeHostLocalAuthConfig(params.config) : params.config,
2158
- env: params.env,
2159
- localTokenPrecedence: "env-first",
2160
- localPasswordPrecedence: "env-first",
2161
- remoteTokenPrecedence: "env-first",
2162
- remotePasswordPrecedence: "env-first"
2163
- });
2164
- }
2165
- function buildNodeHostLocalAuthConfig(config) {
2166
- if (!config.gateway?.remote?.token && !config.gateway?.remote?.password) return config;
2167
- const nextConfig = structuredClone(config);
2168
- if (nextConfig.gateway?.remote) {
2169
- nextConfig.gateway.remote.token = void 0;
2170
- nextConfig.gateway.remote.password = void 0;
2171
- }
2172
- return nextConfig;
2173
- }
2174
- async function runNodeHost(opts) {
2175
- const config = await ensureNodeHostConfig();
2176
- const nodeId = opts.nodeId?.trim() || config.nodeId;
2177
- if (nodeId !== config.nodeId) config.nodeId = nodeId;
2178
- const displayName = opts.displayName?.trim() || config.displayName || await getMachineDisplayName();
2179
- config.displayName = displayName;
2180
- const gateway = {
2181
- host: opts.gatewayHost,
2182
- port: opts.gatewayPort,
2183
- tls: opts.gatewayTls ?? loadConfig().gateway?.tls?.enabled ?? false,
2184
- tlsFingerprint: opts.gatewayTlsFingerprint
2185
- };
2186
- config.gateway = gateway;
2187
- await saveNodeHostConfig(config);
2188
- const cfg = loadConfig();
2189
- await ensureNodeHostPluginRegistry({
2190
- config: cfg,
2191
- env: process.env
2192
- });
2193
- const pluginNodeHost = listRegisteredNodeHostCapsAndCommands();
2194
- const { token, password } = await resolveNodeHostGatewayCredentials({
2195
- config: cfg,
2196
- env: process.env
2197
- });
2198
- const host = gateway.host ?? "127.0.0.1";
2199
- const port = gateway.port ?? 18789;
2200
- const url = `${gateway.tls ? "wss" : "ws"}://${host}:${port}`;
2201
- const pathEnv = ensureNodePathEnv();
2202
- const client = new GatewayClient({
2203
- url,
2204
- token: token || void 0,
2205
- password: password || void 0,
2206
- instanceId: nodeId,
2207
- clientName: GATEWAY_CLIENT_NAMES.NODE_HOST,
2208
- clientDisplayName: displayName,
2209
- clientVersion: VERSION,
2210
- platform: process.platform,
2211
- mode: GATEWAY_CLIENT_MODES.NODE,
2212
- role: "node",
2213
- scopes: [],
2214
- caps: ["system", ...pluginNodeHost.caps],
2215
- commands: [
2216
- ...NODE_SYSTEM_RUN_COMMANDS,
2217
- ...NODE_EXEC_APPROVALS_COMMANDS,
2218
- ...pluginNodeHost.commands
2219
- ],
2220
- pathEnv,
2221
- permissions: void 0,
2222
- deviceIdentity: loadOrCreateDeviceIdentity(),
2223
- tlsFingerprint: gateway.tlsFingerprint,
2224
- onEvent: (evt) => {
2225
- if (evt.event !== "node.invoke.request") return;
2226
- const payload = coerceNodeInvokePayload(evt.payload);
2227
- if (!payload) return;
2228
- handleInvoke(payload, client, skillBins);
2229
- },
2230
- onConnectError: (err) => {
2231
- writeStderrLine(`node host gateway connect failed: ${err.message}`);
2232
- },
2233
- onClose: (code, reason) => {
2234
- writeStderrLine(`node host gateway closed (${code}): ${reason}`);
2235
- }
2236
- });
2237
- const skillBins = new SkillBinsCache(async () => {
2238
- const res = await client.request("skills.bins", {});
2239
- return Array.isArray(res?.bins) ? res.bins.map((bin) => String(bin)) : [];
2240
- }, pathEnv);
2241
- client.start();
2242
- await new Promise(() => {});
2243
- }
2244
- //#endregion
2245
- //#region src/commands/node-daemon-install-helpers.ts
2246
- async function buildNodeInstallPlan(params) {
2247
- const { devMode, nodePath } = await resolveDaemonInstallRuntimeInputs({
2248
- env: params.env,
2249
- runtime: params.runtime,
2250
- devMode: params.devMode,
2251
- nodePath: params.nodePath
2252
- });
2253
- const { programArguments, workingDirectory } = await resolveNodeProgramArguments({
2254
- host: params.host,
2255
- port: params.port,
2256
- tls: params.tls,
2257
- tlsFingerprint: params.tlsFingerprint,
2258
- nodeId: params.nodeId,
2259
- displayName: params.displayName,
2260
- dev: devMode,
2261
- runtime: params.runtime,
2262
- nodePath
2263
- });
2264
- await emitDaemonInstallRuntimeWarning({
2265
- env: params.env,
2266
- runtime: params.runtime,
2267
- programArguments,
2268
- warn: params.warn,
2269
- title: "Node daemon runtime"
2270
- });
2271
- const environment = buildNodeServiceEnvironment({
2272
- env: params.env,
2273
- extraPathDirs: resolveDaemonNodeBinDir(nodePath)
2274
- });
2275
- return {
2276
- programArguments,
2277
- workingDirectory,
2278
- environment,
2279
- description: formatNodeServiceDescription({ version: environment.GENESIS_SERVICE_VERSION })
2280
- };
2281
- }
2282
- //#endregion
2283
- //#region src/commands/node-daemon-runtime.ts
2284
- const DEFAULT_NODE_DAEMON_RUNTIME = DEFAULT_GATEWAY_DAEMON_RUNTIME;
2285
- function isNodeDaemonRuntime(value) {
2286
- return isGatewayDaemonRuntime(value);
2287
- }
2288
- //#endregion
2289
- //#region src/cli/node-cli/daemon.ts
2290
- function renderNodeServiceStartHints() {
2291
- return buildPlatformServiceStartHints({
2292
- installCommand: formatCliCommand("genesis node install"),
2293
- startCommand: formatCliCommand("genesis node start"),
2294
- launchAgentPlistPath: `~/Library/LaunchAgents/${resolveNodeLaunchAgentLabel()}.plist`,
2295
- systemdServiceName: resolveNodeSystemdServiceName(),
2296
- windowsTaskName: resolveNodeWindowsTaskName()
2297
- });
2298
- }
2299
- function buildNodeRuntimeHints(env = process.env) {
2300
- return buildPlatformRuntimeLogHints({
2301
- env,
2302
- systemdServiceName: resolveNodeSystemdServiceName(),
2303
- windowsTaskName: resolveNodeWindowsTaskName()
2304
- });
2305
- }
2306
- function resolveNodeDefaults(opts, config) {
2307
- const host = normalizeOptionalString(opts.host) || config?.gateway?.host || "127.0.0.1";
2308
- const portOverride = parsePort(opts.port);
2309
- if (opts.port !== void 0 && portOverride === null) return {
2310
- host,
2311
- port: null
2312
- };
2313
- return {
2314
- host,
2315
- port: portOverride ?? config?.gateway?.port ?? 18789
2316
- };
2317
- }
2318
- async function runNodeDaemonInstall(opts) {
2319
- const { json, stdout, warnings, emit, fail } = createDaemonInstallActionContext(opts.json);
2320
- if (failIfNixDaemonInstallMode(fail)) return;
2321
- const config = await loadNodeHostConfig();
2322
- const { host, port } = resolveNodeDefaults(opts, config);
2323
- if (!Number.isFinite(port ?? NaN) || (port ?? 0) <= 0) {
2324
- fail("Invalid port");
2325
- return;
2326
- }
2327
- const runtimeRaw = opts.runtime ? opts.runtime : DEFAULT_NODE_DAEMON_RUNTIME;
2328
- if (!isNodeDaemonRuntime(runtimeRaw)) {
2329
- fail("Invalid --runtime (use \"node\" or \"bun\")");
2330
- return;
2331
- }
2332
- const service = resolveNodeService();
2333
- let loaded = false;
2334
- try {
2335
- loaded = await service.isLoaded({ env: process.env });
2336
- } catch (err) {
2337
- fail(`Node service check failed: ${String(err)}`);
2338
- return;
2339
- }
2340
- if (loaded && !opts.force) {
2341
- emit({
2342
- ok: true,
2343
- result: "already-installed",
2344
- message: `Node service already ${service.loadedText}.`,
2345
- service: buildDaemonServiceSnapshot(service, loaded),
2346
- warnings: warnings.length ? warnings : void 0
2347
- });
2348
- if (!json) {
2349
- defaultRuntime.log(`Node service already ${service.loadedText}.`);
2350
- defaultRuntime.log(`Reinstall with: ${formatCliCommand("genesis node install --force")}`);
2351
- }
2352
- return;
2353
- }
2354
- const tlsFingerprint = normalizeOptionalString(opts.tlsFingerprint) || config?.gateway?.tlsFingerprint;
2355
- const tls = Boolean(opts.tls) || Boolean(tlsFingerprint) || Boolean(config?.gateway?.tls);
2356
- const { programArguments, workingDirectory, environment, description } = await buildNodeInstallPlan({
2357
- env: process.env,
2358
- host,
2359
- port: port ?? 18789,
2360
- tls,
2361
- tlsFingerprint: tlsFingerprint || void 0,
2362
- nodeId: opts.nodeId,
2363
- displayName: opts.displayName,
2364
- runtime: runtimeRaw,
2365
- warn: (message) => {
2366
- if (json) warnings.push(message);
2367
- else defaultRuntime.log(message);
2368
- }
2369
- });
2370
- await installDaemonServiceAndEmit({
2371
- serviceNoun: "Node",
2372
- service,
2373
- warnings,
2374
- emit,
2375
- fail,
2376
- install: async () => {
2377
- await service.install({
2378
- env: process.env,
2379
- stdout,
2380
- programArguments,
2381
- workingDirectory,
2382
- environment,
2383
- description
2384
- });
2385
- }
2386
- });
2387
- }
2388
- async function runNodeDaemonUninstall(opts = {}) {
2389
- return await runServiceUninstall({
2390
- serviceNoun: "Node",
2391
- service: resolveNodeService(),
2392
- opts,
2393
- stopBeforeUninstall: false,
2394
- assertNotLoadedAfterUninstall: false
2395
- });
2396
- }
2397
- async function runNodeDaemonRestart(opts = {}) {
2398
- await runServiceRestart({
2399
- serviceNoun: "Node",
2400
- service: resolveNodeService(),
2401
- renderStartHints: renderNodeServiceStartHints,
2402
- opts
2403
- });
2404
- }
2405
- async function runNodeDaemonStop(opts = {}) {
2406
- return await runServiceStop({
2407
- serviceNoun: "Node",
2408
- service: resolveNodeService(),
2409
- opts
2410
- });
2411
- }
2412
- async function runNodeDaemonStatus(opts = {}) {
2413
- const json = Boolean(opts.json);
2414
- const service = resolveNodeService();
2415
- const [loaded, command, runtime] = await Promise.all([
2416
- service.isLoaded({ env: process.env }).catch(() => false),
2417
- service.readCommand(process.env).catch(() => null),
2418
- service.readRuntime(process.env).catch((err) => ({
2419
- status: "unknown",
2420
- detail: String(err)
2421
- }))
2422
- ]);
2423
- const payload = { service: {
2424
- ...buildDaemonServiceSnapshot(service, loaded),
2425
- command,
2426
- runtime
2427
- } };
2428
- if (json) {
2429
- defaultRuntime.writeJson(payload);
2430
- return;
2431
- }
2432
- const { rich, label, accent, infoText, okText, warnText, errorText } = createCliStatusTextStyles();
2433
- const serviceStatus = loaded ? okText(service.loadedText) : warnText(service.notLoadedText);
2434
- defaultRuntime.log(`${label("Service:")} ${accent(service.label)} (${serviceStatus})`);
2435
- if (command?.programArguments?.length) defaultRuntime.log(`${label("Command:")} ${infoText(command.programArguments.join(" "))}`);
2436
- if (command?.sourcePath) defaultRuntime.log(`${label("Service file:")} ${infoText(command.sourcePath)}`);
2437
- if (command?.workingDirectory) defaultRuntime.log(`${label("Working dir:")} ${infoText(command.workingDirectory)}`);
2438
- const runtimeLine = formatRuntimeStatus(runtime);
2439
- if (runtimeLine) {
2440
- const runtimeColor = resolveRuntimeStatusColor(runtime?.status);
2441
- defaultRuntime.log(`${label("Runtime:")} ${colorize(rich, runtimeColor, runtimeLine)}`);
2442
- }
2443
- if (!loaded) {
2444
- defaultRuntime.log("");
2445
- for (const hint of renderNodeServiceStartHints()) defaultRuntime.log(`${warnText("Start with:")} ${infoText(hint)}`);
2446
- return;
2447
- }
2448
- const baseEnv = {
2449
- ...process.env,
2450
- ...command?.environment ?? void 0
2451
- };
2452
- const hintEnv = {
2453
- ...baseEnv,
2454
- GENESIS_LOG_PREFIX: baseEnv.GENESIS_LOG_PREFIX ?? "node"
2455
- };
2456
- if (runtime?.missingUnit) {
2457
- defaultRuntime.error(errorText("Service unit not found."));
2458
- for (const hint of buildNodeRuntimeHints(hintEnv)) defaultRuntime.error(errorText(hint));
2459
- return;
2460
- }
2461
- if (runtime?.status === "stopped") {
2462
- defaultRuntime.error(errorText("Service is loaded but not running."));
2463
- for (const hint of buildNodeRuntimeHints(hintEnv)) defaultRuntime.error(errorText(hint));
2464
- }
2465
- }
2466
- //#endregion
2467
- //#region src/cli/node-cli/register.ts
2468
- function parsePortWithFallback(value, fallback) {
2469
- return parsePort(value) ?? fallback;
2470
- }
2471
- function registerNodeCli(program) {
2472
- const node = program.command("node").description("Run and manage the headless node host service").addHelpText("after", () => `\n${theme.heading("Examples:")}\n${formatHelpExamples([
2473
- ["genesis node run --host 127.0.0.1 --port 18789", "Run the node host in the foreground."],
2474
- ["genesis node status", "Check node host service status."],
2475
- ["genesis node install", "Install the node host service."],
2476
- ["genesis node restart", "Restart the installed node host service."]
2477
- ])}\n\n${theme.muted("Docs:")} ${formatDocsLink("/cli/node", "docs.genesis.ai/cli/node")}\n`);
2478
- node.command("run").description("Run the headless node host (foreground)").option("--host <host>", "Gateway host").option("--port <port>", "Gateway port").option("--tls", "Use TLS for the gateway connection", false).option("--tls-fingerprint <sha256>", "Expected TLS certificate fingerprint (sha256)").option("--node-id <id>", "Override node id (clears pairing token)").option("--display-name <name>", "Override node display name").action(async (opts) => {
2479
- const existing = await loadNodeHostConfig();
2480
- await runNodeHost({
2481
- gatewayHost: normalizeOptionalString(opts.host) || existing?.gateway?.host || "127.0.0.1",
2482
- gatewayPort: parsePortWithFallback(opts.port, existing?.gateway?.port ?? 18789),
2483
- gatewayTls: Boolean(opts.tls) || Boolean(opts.tlsFingerprint),
2484
- gatewayTlsFingerprint: opts.tlsFingerprint,
2485
- nodeId: opts.nodeId,
2486
- displayName: opts.displayName
2487
- });
2488
- });
2489
- node.command("status").description("Show node host status").option("--json", "Output JSON", false).action(async (opts) => {
2490
- await runNodeDaemonStatus(opts);
2491
- });
2492
- node.command("install").description("Install the node host service (launchd/systemd/schtasks)").option("--host <host>", "Gateway host").option("--port <port>", "Gateway port").option("--tls", "Use TLS for the gateway connection", false).option("--tls-fingerprint <sha256>", "Expected TLS certificate fingerprint (sha256)").option("--node-id <id>", "Override node id (clears pairing token)").option("--display-name <name>", "Override node display name").option("--runtime <runtime>", "Service runtime (node|bun). Default: node").option("--force", "Reinstall/overwrite if already installed", false).option("--json", "Output JSON", false).action(async (opts) => {
2493
- await runNodeDaemonInstall(opts);
2494
- });
2495
- node.command("uninstall").description("Uninstall the node host service (launchd/systemd/schtasks)").option("--json", "Output JSON", false).action(async (opts) => {
2496
- await runNodeDaemonUninstall(opts);
2497
- });
2498
- node.command("stop").description("Stop the node host service (launchd/systemd/schtasks)").option("--json", "Output JSON", false).action(async (opts) => {
2499
- await runNodeDaemonStop(opts);
2500
- });
2501
- node.command("restart").description("Restart the node host service (launchd/systemd/schtasks)").option("--json", "Output JSON", false).action(async (opts) => {
2502
- await runNodeDaemonRestart(opts);
2503
- });
2504
- }
2505
- //#endregion
2506
- export { registerNodeCli };