@pixelzx/genesis 2026.6.27 → 2026.6.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1090) hide show
  1. package/CHANGELOG.md +6 -0
  2. package/dist/.buildstamp +1 -1
  3. package/dist/abort-DUTWX49H.js +201 -0
  4. package/dist/abort.runtime-B1CZPj3m.js +2 -0
  5. package/dist/abort.runtime.js +1 -1
  6. package/dist/accounts-DFJuQd32.js +107 -0
  7. package/dist/accounts-VbCry_MV.js +104 -0
  8. package/dist/accounts-ZduaK0fO.js +2 -0
  9. package/dist/acp-cli-Cyqn8a7z.js +2217 -0
  10. package/dist/acp-spawn-B1O0qwkN.js +2 -0
  11. package/dist/acp-spawn-C2eEj7wR.js +1042 -0
  12. package/dist/acp-stateful-target-driver-BKL2flGw.js +89 -0
  13. package/dist/action-agents-C9zs0A_N.js +67 -0
  14. package/dist/action-focus-Dj2trHbP.js +132 -0
  15. package/dist/action-help-ENFS-VRC.js +7 -0
  16. package/dist/action-info-IKxta-Me.js +101 -0
  17. package/dist/action-kill-CJGjsHX-.js +33 -0
  18. package/dist/action-list-ChLdMXon.js +21 -0
  19. package/dist/action-log-CdeugqCO.js +30 -0
  20. package/dist/action-send-BvUjnmVw.js +39 -0
  21. package/dist/action-spawn-Xq0DpbW7.js +47 -0
  22. package/dist/action-unfocus-DfcihOhT.js +29 -0
  23. package/dist/actions.runtime-CTjuTpQ1.js +18 -0
  24. package/dist/actions.runtime-Dp93aqpg.js +5 -0
  25. package/dist/actions.runtime.js +1 -1
  26. package/dist/agent-DQZeYp3u.js +2 -0
  27. package/dist/agent-command-CynPQd5_.js +874 -0
  28. package/dist/agent-harness-runtime-D9PrghSe.js +144 -0
  29. package/dist/agent-runner-utils-CwDT31Pp.js +239 -0
  30. package/dist/agent-runner.runtime-kH3GCoKg.js +3443 -0
  31. package/dist/agent-runner.runtime.js +1 -1
  32. package/dist/agent-runtime-BSwK1sup.js +18 -0
  33. package/dist/agents-C9BmPj-C.js +954 -0
  34. package/dist/agents-CQQ7cNF9.js +5 -0
  35. package/dist/aliases-B92uAzO2.js +2 -0
  36. package/dist/aliases-BZsZGqVQ.js +96 -0
  37. package/dist/api-CU22wCTp.js +139 -0
  38. package/dist/api-DD_eTeli.js +5 -0
  39. package/dist/api-sngIL0OQ.js +3 -0
  40. package/dist/approval-gateway-resolver-KouhItZO.js +29 -0
  41. package/dist/approval-gateway-runtime-D7CzOIgq.js +2 -0
  42. package/dist/approval-handler-runtime-CFvI_pZS.js +439 -0
  43. package/dist/approval-native-runtime-rl6s6chH.js +729 -0
  44. package/dist/attempt-execution.runtime-Ba87IenS.js +509 -0
  45. package/dist/attempt-execution.runtime.js +1 -1
  46. package/dist/attempt.prompt-helpers-BbBNMjqU.js +206 -0
  47. package/dist/attempt.tool-run-context-CLlg_9Gq.js +933 -0
  48. package/dist/audit-CQJwJFWH.js +939 -0
  49. package/dist/audit.runtime-CW5CY88A.js +7 -0
  50. package/dist/audit.runtime.js +1 -1
  51. package/dist/auth-DFhah4e4.js +2 -0
  52. package/dist/auth-order-CMWxvLX4.js +2 -0
  53. package/dist/auth-order-D6mEMqD7.js +139 -0
  54. package/dist/auth-s-3q__5n.js +550 -0
  55. package/dist/bash-tools-BCSXSkhx.js +2853 -0
  56. package/dist/bash-tools-D2NO8-ph.js +3 -0
  57. package/dist/binding-routing-DROXsDQk.js +85 -0
  58. package/dist/binding-targets-D33MkugL.js +121 -0
  59. package/dist/bridge-server-3gO7JmL_.js +113 -0
  60. package/dist/browser-control-auth-DS3Wwm1z.js +2 -0
  61. package/dist/browser-node-runtime-DkVkb3tt.js +12 -0
  62. package/dist/browser-profiles-Bk9dcXzv.js +2 -0
  63. package/dist/browser-runtime-dGM3ZeLa.js +387 -0
  64. package/dist/browser-setup-tools-DSgChJEe.js +13 -0
  65. package/dist/build-CjLf_jQl.js +550 -0
  66. package/dist/build-info.json +3 -3
  67. package/dist/bundled/boot-md/handler.js +2 -2
  68. package/dist/bundled/session-memory/handler.js +1 -1
  69. package/dist/call-BxIEVH5N.js +3 -0
  70. package/dist/call-Dwj7PrNe.js +330 -0
  71. package/dist/call.runtime-mZvFxL4G.js +2 -0
  72. package/dist/call.runtime.js +1 -1
  73. package/dist/capability-cli-C-6omBAD.js +1401 -0
  74. package/dist/catchup-Dfw4DEMS.js +300 -0
  75. package/dist/channel-4YVnFcIj.js +297 -0
  76. package/dist/channel-BajDSspb.js +1320 -0
  77. package/dist/channel-BcS5ghfF.js +840 -0
  78. package/dist/channel-BlU_cVm0.js +491 -0
  79. package/dist/channel-BmZ19q9d.js +453 -0
  80. package/dist/channel-C4KfOdTm.js +226 -0
  81. package/dist/channel-C7LNJi1M.js +595 -0
  82. package/dist/channel-CFxTIjzU.js +1174 -0
  83. package/dist/channel-CYDnIh3Z.js +350 -0
  84. package/dist/channel-DBUj2Ysq.js +1802 -0
  85. package/dist/channel-DwWdEu7o.js +1100 -0
  86. package/dist/channel-core-VlXrdyfV.js +5 -0
  87. package/dist/channel-inbound-BzALE-tz.js +31 -0
  88. package/dist/channel-plugin-runtime-BMmEKuoC.js +771 -0
  89. package/dist/channel-runtime-BZXgyMUr.js +425 -0
  90. package/dist/channel.runtime-2Kw88P7w.js +576 -0
  91. package/dist/channel.runtime-Bwnky7Bn.js +2364 -0
  92. package/dist/channel.runtime-CDvvT7UR.js +4 -0
  93. package/dist/channel.runtime-CgP4n1an.js +430 -0
  94. package/dist/channel.runtime-MJe9DoSG.js +89 -0
  95. package/dist/channel.runtime-f0WEEj3o.js +42398 -0
  96. package/dist/channel.runtime.js +1 -1
  97. package/dist/channel.setup-DaZBK_2E.js +10 -0
  98. package/dist/channel2.runtime-CfVIjEhU.js +109 -0
  99. package/dist/channel2.runtime.js +1 -1
  100. package/dist/channels-Bq1GXmZX.js +733 -0
  101. package/dist/channels-cli-DzbssQ5L.js +268 -0
  102. package/dist/chat-CNZDzOWR.js +2830 -0
  103. package/dist/clawbot-cli-UIo3UVaj.js +9 -0
  104. package/dist/cli/daemon-cli.js +3 -3
  105. package/dist/cli-BVKDWfwH.js +72 -0
  106. package/dist/cli-Bp52OQjs.js +219 -0
  107. package/dist/cli-C_289Xdv.js +2 -0
  108. package/dist/cli-kOop_NSN.js +2 -0
  109. package/dist/cli-runner-CP51WTPf.js +286 -0
  110. package/dist/cli-runner.runtime-BtArNV63.js +4 -0
  111. package/dist/cli-runner.runtime-Dy1IJ7UX.js +3 -0
  112. package/dist/cli-runner.runtime.js +1 -1
  113. package/dist/cli-startup-metadata.json +2 -2
  114. package/dist/cli.runtime-2ilydgLb.js +1261 -0
  115. package/dist/cli.runtime.js +1 -1
  116. package/dist/client-BN8cDQr7.js +723 -0
  117. package/dist/client-Doc6u1up.js +138 -0
  118. package/dist/command-auth-oo_Iz0oe.js +76 -0
  119. package/dist/command-config-resolution-BNQbV_C6.js +23 -0
  120. package/dist/command-config-resolution-DIvkjwvj.js +2 -0
  121. package/dist/command-config-resolution.runtime-Dlk7LIJ8.js +2 -0
  122. package/dist/command-config-resolution.runtime.js +1 -1
  123. package/dist/command-registry-Dm8ohcSP.js +4 -0
  124. package/dist/command-registry-core-BxyHXEQ3.js +106 -0
  125. package/dist/command-registry-xVmA85-_.js +9 -0
  126. package/dist/command-secret-gateway-Dej2E5rP.js +528 -0
  127. package/dist/command-status.runtime-CWgNMJi1.js +87 -0
  128. package/dist/command-status.runtime.js +1 -1
  129. package/dist/commands-acp-Ca0l7esb.js +77 -0
  130. package/dist/commands-compact.runtime-DBN1EALw.js +10 -0
  131. package/dist/commands-compact.runtime.js +1 -1
  132. package/dist/commands-handlers.runtime-BrCljWio.js +4599 -0
  133. package/dist/commands-handlers.runtime.js +1 -1
  134. package/dist/commands-status-C0WYf99K.js +16 -0
  135. package/dist/commands-status.runtime-Czim-9LY.js +3 -0
  136. package/dist/commands-status.runtime.js +1 -1
  137. package/dist/commands-subagents-control.runtime-CgiW2mpD.js +3 -0
  138. package/dist/commands-subagents-control.runtime-oCqEcwa7.js +2 -0
  139. package/dist/commands-subagents-control.runtime.js +1 -1
  140. package/dist/commands-system-prompt-BQHZNtSZ.js +157 -0
  141. package/dist/commands-system-prompt-ClJDN8rr.js +2 -0
  142. package/dist/commands.runtime-DwmtsbUc.js +167 -0
  143. package/dist/commands.runtime.js +1 -1
  144. package/dist/compact-DDf0xr2o.js +1096 -0
  145. package/dist/compact.runtime-C4BZuDjJ.js +12 -0
  146. package/dist/compact.runtime.js +1 -1
  147. package/dist/completion-cli-85iaysB7.js +328 -0
  148. package/dist/config-CHPRDFh1.js +252 -0
  149. package/dist/config-cli-DSZ7DNtq.js +1078 -0
  150. package/dist/configure-BR6m0uoi.js +1252 -0
  151. package/dist/configure-CC09fyLr.js +2 -0
  152. package/dist/connect-options-HotLjDKX.js +699 -0
  153. package/dist/control-auth-CBtOUnsz.js +125 -0
  154. package/dist/control-service-D2A1PyZC.js +156 -0
  155. package/dist/control-ui/assets/agents-7cSPVJV0.js +1125 -0
  156. package/dist/control-ui/assets/canvas-IIhBIoAa.js +274 -0
  157. package/dist/control-ui/assets/channel-config-extras-sj_UXv9J.js +2 -0
  158. package/dist/control-ui/assets/channels-B4MTYg8u.js +198 -0
  159. package/dist/control-ui/assets/contacts-CSch1ckf.js +49 -0
  160. package/dist/control-ui/assets/cron-B548qeSj.js +250 -0
  161. package/dist/control-ui/assets/de-DOykxjSu.js +2 -0
  162. package/dist/control-ui/assets/debug-DERT6TQG.js +94 -0
  163. package/dist/control-ui/assets/es-BTwWEPGm.js +2 -0
  164. package/dist/control-ui/assets/fr-DVRwR98L.js +2 -0
  165. package/dist/control-ui/assets/i18n-BPOQLrbx.js +3 -0
  166. package/dist/control-ui/assets/id-BSBAUAzK.js +2 -0
  167. package/dist/control-ui/assets/index-C2CxJps0.js +5981 -0
  168. package/dist/control-ui/assets/instances-DwteyRRi.js +57 -0
  169. package/dist/control-ui/assets/ja-JP-BiD5eOfG.js +2 -0
  170. package/dist/control-ui/assets/ko-BNgLBJdW.js +2 -0
  171. package/dist/control-ui/assets/logs-GdE34D7D.js +74 -0
  172. package/dist/control-ui/assets/mcp-z76x2vB5.js +380 -0
  173. package/dist/control-ui/assets/memory-CsTbP2T4.js +50 -0
  174. package/dist/control-ui/assets/memory-graph-DbZEkTHJ.js +30 -0
  175. package/dist/control-ui/assets/models-j_tXq7Pe.js +86 -0
  176. package/dist/control-ui/assets/nodes-cxO9Enln.js +654 -0
  177. package/dist/control-ui/assets/pl-DrVcqC4t.js +2 -0
  178. package/dist/control-ui/assets/plugins-Rt--bQFn.js +259 -0
  179. package/dist/control-ui/assets/presenter-BiJsRhTg.js +2 -0
  180. package/dist/control-ui/assets/preview-JrK1Lfuv.js +2 -0
  181. package/dist/control-ui/assets/pt-BR-BXlBG1WX.js +2 -0
  182. package/dist/control-ui/assets/sessions-CP6r0JAQ.js +56 -0
  183. package/dist/control-ui/assets/skills-CMy2whFb.js +294 -0
  184. package/dist/control-ui/assets/skills-shared-B-3kgWg3.js +11 -0
  185. package/dist/control-ui/assets/th-DjtYmyBR.js +2 -0
  186. package/dist/control-ui/assets/tr-I0LYx0Ew.js +2 -0
  187. package/dist/control-ui/assets/uk-xilwRRzQ.js +2 -0
  188. package/dist/control-ui/assets/wallet-geRdfgso.js +302 -0
  189. package/dist/control-ui/assets/zh-CN-DHz_bYy_.js +2 -0
  190. package/dist/control-ui/assets/zh-TW-LvBbVYeU.js +2 -0
  191. package/dist/control-ui/index.html +2 -2
  192. package/dist/control-ui-Djt0XDNa.js +1043 -0
  193. package/dist/conversation-id-BwNpVXFJ.js +235 -0
  194. package/dist/conversation-id-CTAeVE9E.js +38 -0
  195. package/dist/conversation-runtime-D6miDW4s.js +31 -0
  196. package/dist/core-CYaV0wrq.js +275 -0
  197. package/dist/cron-cli-BZacbTRu.js +713 -0
  198. package/dist/daemon-cli-BXtGpvAS.js +12 -0
  199. package/dist/dashboard-Ds7c6TJm.js +2 -0
  200. package/dist/dashboard-s1prqGuB.js +81 -0
  201. package/dist/delegate-nycMaKrd.js +64 -0
  202. package/dist/detached-task-runtime-DXFEjX_Y.js +73 -0
  203. package/dist/devices-cli-B2T4Rk-c.js +498 -0
  204. package/dist/diagnostics-669Ookpz.js +154 -0
  205. package/dist/direct-dm-Bwx0l0B5.js +64 -0
  206. package/dist/dispatch-CVFq_KHF.js +1131 -0
  207. package/dist/dispatch-acp-AeVrqG1P.js +981 -0
  208. package/dist/dispatch-acp-manager.runtime-t90xTijh.js +3 -0
  209. package/dist/dispatch-acp-manager.runtime.js +1 -1
  210. package/dist/dispatch-acp.runtime-CLS-txJr.js +19 -0
  211. package/dist/dispatch-acp.runtime.js +1 -1
  212. package/dist/doctor-device-pairing-rAiSum7F.js +307 -0
  213. package/dist/doctor-gateway-daemon-flow-BYlbRkfE.js +250 -0
  214. package/dist/doctor-gateway-health-DGaad6OP.js +63 -0
  215. package/dist/doctor-health-contributions-CYangAn3.js +493 -0
  216. package/dist/doctor-health-woICf2XW.js +59 -0
  217. package/dist/doctor-prompter-oNxd62XO.js +56 -0
  218. package/dist/doctor-workspace-status-DrOqBwKh.js +75 -0
  219. package/dist/dreaming-narrative-SeHukrla.js +596 -0
  220. package/dist/dreaming-qiznoCiH.js +1582 -0
  221. package/dist/embedded-gateway-stub.runtime-BiCMn9tm.js +9 -0
  222. package/dist/embedded-gateway-stub.runtime.js +1 -1
  223. package/dist/embeddings-http-DbBwgwsH.js +205 -0
  224. package/dist/entry.js +2 -2
  225. package/dist/exec-approvals-cli-BK9WM7tB.js +498 -0
  226. package/dist/extensionAPI.js +1 -1
  227. package/dist/extensions/active-memory/index.js +1 -1
  228. package/dist/extensions/bluebubbles/api.js +3 -3
  229. package/dist/extensions/bluebubbles/channel-plugin-api.js +1 -1
  230. package/dist/extensions/browser/browser-bridge.js +1 -1
  231. package/dist/extensions/browser/browser-config.js +4 -4
  232. package/dist/extensions/browser/browser-control-auth.js +2 -2
  233. package/dist/extensions/browser/browser-doctor.js +2 -2
  234. package/dist/extensions/browser/browser-maintenance.js +2 -2
  235. package/dist/extensions/browser/browser-profiles.js +2 -2
  236. package/dist/extensions/browser/browser-runtime-api.js +10 -10
  237. package/dist/extensions/browser/index.js +1 -1
  238. package/dist/extensions/browser/plugin-registration.js +1 -1
  239. package/dist/extensions/browser/register.runtime.js +3 -3
  240. package/dist/extensions/browser/runtime-api.js +11 -11
  241. package/dist/extensions/browser/test-support.js +1 -1
  242. package/dist/extensions/device-pair/api.js +1 -1
  243. package/dist/extensions/device-pair/index.js +3 -3
  244. package/dist/extensions/device-pair/notify.js +1 -1
  245. package/dist/extensions/device-pair/pair-command-approve.js +1 -1
  246. package/dist/extensions/google-meet/index.js +2 -2
  247. package/dist/extensions/imessage/api.js +3 -3
  248. package/dist/extensions/imessage/channel-plugin-api.js +1 -1
  249. package/dist/extensions/imessage/runtime-api.js +3 -3
  250. package/dist/extensions/irc/api.js +2 -2
  251. package/dist/extensions/irc/channel-plugin-api.js +1 -1
  252. package/dist/extensions/line/api.js +2 -2
  253. package/dist/extensions/line/channel-plugin-api.js +1 -1
  254. package/dist/extensions/line/contract-api.js +1 -1
  255. package/dist/extensions/line/runtime-api.js +4 -4
  256. package/dist/extensions/line/setup-api.js +1 -1
  257. package/dist/extensions/llm-task/index.js +2 -2
  258. package/dist/extensions/lobster/index.js +3 -3
  259. package/dist/extensions/lobster/runtime-api.js +1 -1
  260. package/dist/extensions/mattermost/api.js +1 -1
  261. package/dist/extensions/mattermost/channel-plugin-api.js +1 -1
  262. package/dist/extensions/mattermost/channel-plugin-runtime.js +1 -1
  263. package/dist/extensions/mattermost/policy-api.js +1 -1
  264. package/dist/extensions/mattermost/runtime-api.js +4 -4
  265. package/dist/extensions/mattermost/slash-route-api.js +1 -1
  266. package/dist/extensions/memory-core/api.js +1 -1
  267. package/dist/extensions/memory-core/cli-metadata.js +2 -2
  268. package/dist/extensions/memory-core/index.js +3 -3
  269. package/dist/extensions/memory-lancedb/cli-metadata.js +1 -1
  270. package/dist/extensions/msteams/api.js +1 -1
  271. package/dist/extensions/msteams/channel-plugin-api.js +1 -1
  272. package/dist/extensions/msteams/runtime-api.js +3 -3
  273. package/dist/extensions/msteams/test-api.js +1 -1
  274. package/dist/extensions/nextcloud-talk/api.js +1 -1
  275. package/dist/extensions/nextcloud-talk/channel-plugin-api.js +1 -1
  276. package/dist/extensions/nextcloud-talk/runtime-api.js +2 -2
  277. package/dist/extensions/openshell/index.js +2 -2
  278. package/dist/extensions/signal/api.js +6 -6
  279. package/dist/extensions/signal/channel-plugin-api.js +1 -1
  280. package/dist/extensions/signal/reaction-runtime-api.js +1 -1
  281. package/dist/extensions/signal/runtime-api.js +7 -7
  282. package/dist/extensions/skill-workshop/api.js +1 -1
  283. package/dist/extensions/skill-workshop/index.js +1 -1
  284. package/dist/extensions/synology-chat/api.js +1 -1
  285. package/dist/extensions/synology-chat/channel-plugin-api.js +1 -1
  286. package/dist/extensions/tlon/api.js +2 -2
  287. package/dist/extensions/tlon/channel-plugin-api.js +1 -1
  288. package/dist/extensions/tlon/runtime-api.js +1 -1
  289. package/dist/extensions/tlon/test-api.js +1 -1
  290. package/dist/extensions/twitch/api.js +1 -1
  291. package/dist/extensions/twitch/channel-plugin-api.js +1 -1
  292. package/dist/extensions/twitch/setup-plugin-api.js +1 -1
  293. package/dist/extensions/zalo/api.js +3 -3
  294. package/dist/extensions/zalo/channel-plugin-api.js +1 -1
  295. package/dist/extensions/zalo/runtime-api.js +2 -2
  296. package/dist/extensions/zalo/setup-api.js +2 -2
  297. package/dist/extensions/zalouser/api.js +3 -3
  298. package/dist/extensions/zalouser/channel-plugin-api.js +1 -1
  299. package/dist/extensions/zalouser/runtime-api.js +6 -6
  300. package/dist/extensions/zalouser/setup-plugin-api.js +1 -1
  301. package/dist/extensions/zalouser/test-api.js +1 -1
  302. package/dist/fallbacks-BHahSac7.js +31 -0
  303. package/dist/fallbacks-CDP89dtv.js +2 -0
  304. package/dist/fallbacks-shared-h_ZN8Ugk.js +111 -0
  305. package/dist/gateway-ClYGJe6R.js +115 -0
  306. package/dist/gateway-cli-D5OEgdCv.js +1283 -0
  307. package/dist/gateway-rpc-Dk_z0RTG.js +14 -0
  308. package/dist/gateway-rpc.runtime-DcDI0Hq7.js +23 -0
  309. package/dist/gateway-rpc.runtime.js +1 -1
  310. package/dist/gateway-runtime-BpOf_2ps.js +15 -0
  311. package/dist/gateway-status-BfT8gHrq.js +584 -0
  312. package/dist/genesis-tools-Dn3v15Cu.js +9435 -0
  313. package/dist/genesis-tools.runtime-BUKXOBx4.js +2 -0
  314. package/dist/genesis-tools.runtime.js +1 -1
  315. package/dist/get-reply-BOvlxgUu.js +3946 -0
  316. package/dist/get-reply-from-config.runtime-Cl8vSh_k.js +2 -0
  317. package/dist/get-reply-from-config.runtime.js +1 -1
  318. package/dist/graph-users-DvflifYV.js +1337 -0
  319. package/dist/health-B2xJjrkJ.js +3 -0
  320. package/dist/health-CWa-e_Y6.js +420 -0
  321. package/dist/health-route-CzxBmoPR.js +41 -0
  322. package/dist/health-route-Dhbg2HGJ.js +2 -0
  323. package/dist/hooks-cli-B08Wk2kj.js +433 -0
  324. package/dist/http-endpoint-helpers-CG3AcjuK.js +41 -0
  325. package/dist/http-utils-L02eBAVo.js +924 -0
  326. package/dist/image-fallbacks-DPTpHhw_.js +2 -0
  327. package/dist/image-fallbacks-DrcfSUln.js +31 -0
  328. package/dist/inbound-reply-dispatch-D2K6Anyc.js +73 -0
  329. package/dist/index.js +2 -2
  330. package/dist/infra-runtime-Pu3jXc5f.js +38 -0
  331. package/dist/init-B2qJ52Z_.js +59 -0
  332. package/dist/library-JmPoINsm.js +45 -0
  333. package/dist/lifecycle-BRey6jez.js +229 -0
  334. package/dist/lifecycle-CvJT6tH9.js +571 -0
  335. package/dist/lifecycle.runtime-DJuQgwAu.js +2 -0
  336. package/dist/lifecycle.runtime.js +1 -1
  337. package/dist/list-0KYh_6xs.js +131 -0
  338. package/dist/list-B1iP8wTX.js +2 -0
  339. package/dist/list-CewinhHi.js +1212 -0
  340. package/dist/list-DPm9exQP.js +2 -0
  341. package/dist/list.probe-M4jUIgk8.js +419 -0
  342. package/dist/llm-slug-generator-CQiB4f0s.js +79 -0
  343. package/dist/llm-slug-generator.js +1 -1
  344. package/dist/load-config-oEWSSW5T.js +35 -0
  345. package/dist/local-dispatch.runtime-rI2L9gZz.js +8 -0
  346. package/dist/local-dispatch.runtime.js +1 -1
  347. package/dist/logs-cli-qUQbKPpd.js +265 -0
  348. package/dist/logs-cli.runtime-DZwxYUL2.js +2 -0
  349. package/dist/logs-cli.runtime.js +1 -1
  350. package/dist/main-session-restart-recovery-Dw8zndAD.js +206 -0
  351. package/dist/managed-image-attachments-B_835Hjd.js +635 -0
  352. package/dist/managed-image-attachments-Dp_0diDL.js +2 -0
  353. package/dist/manager-CRmLomjS.js +2 -0
  354. package/dist/manager-yTOglQEH.js +2057 -0
  355. package/dist/markdown-to-line-D6Y5rN1y.js +790 -0
  356. package/dist/mcp/plugin-tools-serve.js +1 -1
  357. package/dist/mcp-cli-DZi-FzRz.js +725 -0
  358. package/dist/mcp-http-DaXlqh6n.js +529 -0
  359. package/dist/memory-core-host-runtime-cli-K2SeZLMj.js +9 -0
  360. package/dist/message-Bk0q8DmN.js +232 -0
  361. package/dist/message-action-runner-BIi8DCoo.js +2 -0
  362. package/dist/message-action-runner-CmhjNg6K.js +1407 -0
  363. package/dist/message-actions-BDXFXc2E.js +143 -0
  364. package/dist/message.gateway.runtime-fPnMn6QV.js +2 -0
  365. package/dist/message.gateway.runtime.js +1 -1
  366. package/dist/method-scopes-D_AZ7OsK.js +235 -0
  367. package/dist/models-auth-status-0xcMbBhB.js +217 -0
  368. package/dist/models-cli-DuQZ09TC.js +271 -0
  369. package/dist/models-http-DruY6N81.js +92 -0
  370. package/dist/monitor-2KbmBvHU.js +2 -0
  371. package/dist/monitor-B2yQJkAh.js +1459 -0
  372. package/dist/monitor-CD4mrtqF.js +1661 -0
  373. package/dist/monitor-CJ6A4Ro2.js +788 -0
  374. package/dist/monitor-D19pDt5p.js +1237 -0
  375. package/dist/monitor-GQtwMpZn.js +671 -0
  376. package/dist/monitor-auth-DJ9S4EQV.js +207 -0
  377. package/dist/monitor-processing-BMv5voti.js +1974 -0
  378. package/dist/monitor.runtime-GizvASio.js +2 -0
  379. package/dist/monitor.runtime.js +1 -1
  380. package/dist/monitor.webhook-DzvH3io8.js +180 -0
  381. package/dist/msteams-7Jx25GW4.js +35 -0
  382. package/dist/native-hook-relay-DwgVW-el.js +519 -0
  383. package/dist/nextcloud-talk-gXnN0EKl.js +17 -0
  384. package/dist/node-cli-Bd8iT-US.js +2276 -0
  385. package/dist/nodes-cli-xAd3vxyV.js +1046 -0
  386. package/dist/nodes-utils-qg-Bmmy5.js +84 -0
  387. package/dist/nodes.helpers-B42Vi8VW.js +34 -0
  388. package/dist/notify-DArpzHFF.js +315 -0
  389. package/dist/onboard-DKr9c-h5.js +70 -0
  390. package/dist/onboard-f_tqlGVL.js +2 -0
  391. package/dist/onboard-helpers-Begz93UO.js +6 -0
  392. package/dist/onboard-helpers-Di14BUn2.js +204 -0
  393. package/dist/onboard-interactive-DjJo_FLY.js +24 -0
  394. package/dist/onboard-non-interactive-CgxwxSiw.js +635 -0
  395. package/dist/onboard-remote-BhcRxYvn.js +2 -0
  396. package/dist/onboard-remote-CEeT7hEZ.js +193 -0
  397. package/dist/onboard-skills-CTTUg6pf.js +134 -0
  398. package/dist/onboard-skills-DWTbOfH1.js +2 -0
  399. package/dist/openai-http-C2-8VSih.js +500 -0
  400. package/dist/openresponses-http-DgsTPUc1.js +1128 -0
  401. package/dist/operator-approvals-client-D1R6aLFV.js +68 -0
  402. package/dist/outbound.runtime-DDAlqr2n.js +2 -0
  403. package/dist/outbound.runtime.js +1 -1
  404. package/dist/pair-command-approve-BqXU_u3_.js +44 -0
  405. package/dist/persistent-bindings.lifecycle-0cee5HeB.js +85 -0
  406. package/dist/persistent-bindings.lifecycle-DTgwTu9k.js +2 -0
  407. package/dist/pi-embedded-BMKZLrrD.js +2905 -0
  408. package/dist/pi-embedded-C1_8L609.js +4 -0
  409. package/dist/pi-embedded.runtime-CEcUCfnu.js +4 -0
  410. package/dist/pi-embedded.runtime.js +1 -1
  411. package/dist/pi-tool-definition-adapter-B1q4cAB_.js +229 -0
  412. package/dist/pi-tools-CE3UX10v.js +1118 -0
  413. package/dist/pi-tools.before-tool-call-BsMfbO7W.js +433 -0
  414. package/dist/pi-tools.before-tool-call-DGY-rj-6.js +2 -0
  415. package/dist/plugin-dDMX1n9i.js +12195 -0
  416. package/dist/plugin-enabled-CCcxlblr.js +140 -0
  417. package/dist/plugin-registration-CTIg2xi-.js +23 -0
  418. package/dist/plugin-sdk/.boundary-entry-shims.stamp +1 -1
  419. package/dist/plugin-sdk/acp-binding-runtime.js +1 -1
  420. package/dist/plugin-sdk/acp-runtime.js +2 -2
  421. package/dist/plugin-sdk/agent-harness-runtime.js +5 -5
  422. package/dist/plugin-sdk/agent-harness.js +6 -6
  423. package/dist/plugin-sdk/agent-runtime.js +2 -2
  424. package/dist/plugin-sdk/approval-gateway-runtime.js +2 -2
  425. package/dist/plugin-sdk/approval-handler-runtime.js +3 -3
  426. package/dist/plugin-sdk/approval-runtime.js +1 -1
  427. package/dist/plugin-sdk/browser-node-runtime.js +4 -4
  428. package/dist/plugin-sdk/browser-setup-tools.js +3 -3
  429. package/dist/plugin-sdk/browser-support.js +7 -7
  430. package/dist/plugin-sdk/channel-core.js +2 -2
  431. package/dist/plugin-sdk/channel-inbound.js +2 -2
  432. package/dist/plugin-sdk/command-auth.js +1 -1
  433. package/dist/plugin-sdk/command-status-runtime.js +1 -1
  434. package/dist/plugin-sdk/compat.js +1 -1
  435. package/dist/plugin-sdk/conversation-binding-runtime.js +1 -1
  436. package/dist/plugin-sdk/conversation-runtime.js +3 -3
  437. package/dist/plugin-sdk/core.js +2 -2
  438. package/dist/plugin-sdk/direct-dm.js +1 -1
  439. package/dist/plugin-sdk/gateway-runtime.js +3 -3
  440. package/dist/plugin-sdk/inbound-reply-dispatch.js +1 -1
  441. package/dist/plugin-sdk/index.js +1 -1
  442. package/dist/plugin-sdk/infra-runtime.js +2 -2
  443. package/dist/plugin-sdk/irc.js +2 -2
  444. package/dist/plugin-sdk/matrix.js +1 -1
  445. package/dist/plugin-sdk/memory-core-host-runtime-cli.js +2 -2
  446. package/dist/plugin-sdk/memory-core.js +2 -2
  447. package/dist/plugin-sdk/msteams.js +2 -2
  448. package/dist/plugin-sdk/nextcloud-talk.js +2 -2
  449. package/dist/plugin-sdk/nostr.js +1 -1
  450. package/dist/plugin-sdk/reply-dispatch-runtime.js +1 -1
  451. package/dist/plugin-sdk/reply-runtime.js +4 -4
  452. package/dist/plugin-sdk/runtime-secret-resolution.js +1 -1
  453. package/dist/plugin-sdk/runtime.js +2 -2
  454. package/dist/plugin-sdk/session-visibility.js +1 -1
  455. package/dist/plugin-sdk/src/gateway/protocol/index.d.ts +4 -1
  456. package/dist/plugin-sdk/src/gateway/protocol/schema/agents-models-skills.d.ts +95 -0
  457. package/dist/plugin-sdk/testing.js +4 -4
  458. package/dist/plugin-sdk/tlon.js +1 -1
  459. package/dist/plugin-sdk/zalo.js +1 -1
  460. package/dist/plugin-sdk/zalouser.js +1 -1
  461. package/dist/plugin-service-Byv2yfiX.js +2893 -0
  462. package/dist/plugins/runtime/index.js +1 -1
  463. package/dist/policy-BK0iZFZM.js +328 -0
  464. package/dist/postinstall-inventory.json +453 -452
  465. package/dist/prepare.runtime-BMtgLZl1.js +807 -0
  466. package/dist/prepare.runtime.js +1 -1
  467. package/dist/probe-Bj3sjcpc.js +2205 -0
  468. package/dist/probe-C6wNv6c4.js +74 -0
  469. package/dist/probe-CM5o3wKp.js +240 -0
  470. package/dist/probe-D3D0RoQl.js +45 -0
  471. package/dist/probe-DlY3dg7v.js +2 -0
  472. package/dist/probe-TN3P-dCa.js +2 -0
  473. package/dist/probe-pZ61Idl1.js +1443 -0
  474. package/dist/program-TZ54mZzH.js +111 -0
  475. package/dist/prompt-select-styled-DFXPq9zJ.js +20 -0
  476. package/dist/protocol-CWEBsZbG.js +2515 -0
  477. package/dist/provider-dispatcher-9FnI26kR.js +2 -0
  478. package/dist/provider-dispatcher-D30lsDyd.js +22 -0
  479. package/dist/qr-cli-CoEq74Fu.js +2 -0
  480. package/dist/qr-cli-DxaXK8T4.js +349 -0
  481. package/dist/reaction-runtime-api-CGWfmWqF.js +116 -0
  482. package/dist/reactions-D1tny1P_.js +998 -0
  483. package/dist/register-service-commands-D5181r0Q.js +71 -0
  484. package/dist/register.agent-DWwOD6q5.js +248 -0
  485. package/dist/register.configure-CZx6uXuU.js +15 -0
  486. package/dist/register.maintenance-1yV569VU.js +363 -0
  487. package/dist/register.message-DqosH9zI.js +329 -0
  488. package/dist/register.onboard-DBa5bh4F.js +88 -0
  489. package/dist/register.runtime-AUXvOvfy.js +81 -0
  490. package/dist/register.runtime.js +1 -1
  491. package/dist/register.setup-1k0y27Bf.js +150 -0
  492. package/dist/register.status-health-sessions-3SuqckJe.js +1215 -0
  493. package/dist/register.subclis-1vwiREuy.js +3 -0
  494. package/dist/register.subclis-core-CoUcH7R2.js +249 -0
  495. package/dist/register.subclis-d6Uoake0.js +29 -0
  496. package/dist/reply-dispatch-runtime-B2jwG-ti.js +13 -0
  497. package/dist/reply-runtime-BvyACHP_.js +10 -0
  498. package/dist/reply.runtime-B76FIMUm.js +2 -0
  499. package/dist/reply.runtime.js +1 -1
  500. package/dist/restart-health-C1m4VgKE.js +2 -0
  501. package/dist/restart-health-CSxm-1Te.js +202 -0
  502. package/dist/root-help-Cw7ovqRO.js +44 -0
  503. package/dist/routes-B9j5MeTj.js +2 -0
  504. package/dist/routes-BCJWRxzD.js +3341 -0
  505. package/dist/rpc-_zAZRj2-.js +61 -0
  506. package/dist/rpc.runtime-C3rwvN8O.js +21 -0
  507. package/dist/rpc.runtime.js +1 -1
  508. package/dist/run-delivery.runtime-CXmj98lV.js +530 -0
  509. package/dist/run-delivery.runtime.js +1 -1
  510. package/dist/run-embedded.runtime-yli8ukW0.js +4 -0
  511. package/dist/run-embedded.runtime.js +1 -1
  512. package/dist/run-execution-cli.runtime-CjDLajis.js +4 -0
  513. package/dist/run-execution-cli.runtime.js +1 -1
  514. package/dist/run-executor.runtime-SwHBKuy1.js +277 -0
  515. package/dist/run-executor.runtime.js +1 -1
  516. package/dist/run-main-DPHpfv1y.js +567 -0
  517. package/dist/run-subagent-registry.runtime-CWv2s5wn.js +2 -0
  518. package/dist/run-subagent-registry.runtime.js +1 -1
  519. package/dist/run-wait-CpSEiESO.js +135 -0
  520. package/dist/runtime-CMHLmvAl.js +961 -0
  521. package/dist/runtime-api-CLkOuqkP.js +4 -0
  522. package/dist/runtime-api-DgKObkOQ.js +9 -0
  523. package/dist/runtime-api-bWUB21Eg.js +9 -0
  524. package/dist/runtime-api-rryD3LXE.js +14 -0
  525. package/dist/runtime-embedded-pi.runtime-DuHPAbVt.js +2 -0
  526. package/dist/runtime-embedded-pi.runtime.js +1 -1
  527. package/dist/runtime-fF-k_rB8.js +9 -0
  528. package/dist/runtime-internal-By95Az_F.js +2 -0
  529. package/dist/runtime-options-BsxnM5Yt.js +275 -0
  530. package/dist/runtime-schema-P9TAqWy1.js +28599 -0
  531. package/dist/scan-CKfozblZ.js +2 -0
  532. package/dist/scan-CVwpGz6x.js +523 -0
  533. package/dist/secrets-cli-pXjlA7bi.js +2101 -0
  534. package/dist/security-cli-ChIBksL4.js +486 -0
  535. package/dist/selection-CIX2NWC3.js +7743 -0
  536. package/dist/selection-FiKxtpP7.js +2 -0
  537. package/dist/send-13tmI7yl.js +102 -0
  538. package/dist/send-BudgB3Xv.js +156 -0
  539. package/dist/send.runtime-CWWkq3eQ.js +2 -0
  540. package/dist/send.runtime.js +1 -1
  541. package/dist/server-CRbNiI2L.js +13 -0
  542. package/dist/server-DPwckotj.js +77 -0
  543. package/dist/server-context-DnmrGIHL.js +847 -0
  544. package/dist/server-context-GFvl1Fa1.js +2 -0
  545. package/dist/server-node-events-Boy823tY.js +474 -0
  546. package/dist/server-plugin-bootstrap-BEm4d2by.js +2 -0
  547. package/dist/server-plugin-bootstrap-BLp3Ri_D.js +13355 -0
  548. package/dist/server-restart-sentinel-D1dhBlz5.js +684 -0
  549. package/dist/server.impl-CuEQ_ANR.js +12790 -0
  550. package/dist/session-kill-http-CKkRPXTD.js +110 -0
  551. package/dist/session-reset-service-BI9uiJ1F.js +497 -0
  552. package/dist/session-route-Dy5b9CbY.js +93 -0
  553. package/dist/session-status.runtime-HByTPp-H.js +2 -0
  554. package/dist/session-status.runtime.js +1 -1
  555. package/dist/session-subagent-reactivation.runtime-BOWBAfyc.js +2 -0
  556. package/dist/session-subagent-reactivation.runtime.js +1 -1
  557. package/dist/session-tab-registry-Ce31KjnI.js +581 -0
  558. package/dist/session-visibility-BB6i8ptT.js +147 -0
  559. package/dist/sessions-helpers-DYP9dapI.js +305 -0
  560. package/dist/sessions-history-http-j8ZxsBAn.js +371 -0
  561. package/dist/sessions-patch-D4ye8mVh.js +309 -0
  562. package/dist/sessions-resolve-Bi2bj6c-.js +174 -0
  563. package/dist/sessions.runtime-VkodyiYI.js +2 -0
  564. package/dist/sessions.runtime.js +1 -1
  565. package/dist/setup-api-6GX_eeAs.js +29 -0
  566. package/dist/setup-core-BGUg4eV0.js +171 -0
  567. package/dist/setup-core-CpfGqHuS.js +176 -0
  568. package/dist/setup-hFAlSbTL.js +636 -0
  569. package/dist/setup-surface-DSvYQ0Mf.js +219 -0
  570. package/dist/setup-surface-DT8l0x7M.js +403 -0
  571. package/dist/setup-surface-gdmDKJFO.js +286 -0
  572. package/dist/setup.finalize-m_UzKyZ2.js +547 -0
  573. package/dist/setup.gateway-config-DHQ8eaxx.js +250 -0
  574. package/dist/shared-BY5yIWjE.js +198 -0
  575. package/dist/shared-BtY5n-4U.js +76 -0
  576. package/dist/shared-DPf8cDHL.js +121 -0
  577. package/dist/slash-state-j62N8ife.js +1911 -0
  578. package/dist/src-BYHA6DRU.js +3974 -0
  579. package/dist/startup-context-DZml_gZY.js +312 -0
  580. package/dist/status-BCr0D4CJ.js +2 -0
  581. package/dist/status-Bi8EbpXB.js +395 -0
  582. package/dist/status-CPAE20nX.js +209 -0
  583. package/dist/status-D-wIma3c.js +3 -0
  584. package/dist/status-DLmFJkIX.js +2 -0
  585. package/dist/status-DhpFLjkt.js +190 -0
  586. package/dist/status-all-AuiqtGQ-.js +498 -0
  587. package/dist/status-json-BUhA_seV.js +14 -0
  588. package/dist/status-json-command-Dk8RVvC9.js +82 -0
  589. package/dist/status-runtime-shared-BK7fklEl.js +241 -0
  590. package/dist/status-subagents.runtime-DkMpqnmP.js +18 -0
  591. package/dist/status-subagents.runtime.js +1 -1
  592. package/dist/status-text-D71CoS-s.js +237 -0
  593. package/dist/status.gateway-connection.runtime-wWu8Kvt4.js +2 -0
  594. package/dist/status.gateway-connection.runtime.js +1 -1
  595. package/dist/status.gather-BlSA6D3i.js +292 -0
  596. package/dist/status.gather-akCtNgln.js +2 -0
  597. package/dist/status.runtime-tPHKyqSk.js +2 -0
  598. package/dist/status.runtime.js +1 -1
  599. package/dist/status.scan-GF1UDZAB.js +65 -0
  600. package/dist/status.scan-overview-D1tTMWSi.js +379 -0
  601. package/dist/status.scan.fast-json-CoLBFhFk.js +132 -0
  602. package/dist/status.scan.fast-json-K69bqOGh.js +2 -0
  603. package/dist/status.summary-Bxh5WwsL.js +200 -0
  604. package/dist/status.summary-Cyr9PxeP.js +2 -0
  605. package/dist/subagent-announce-Dw7-i1-9.js +351 -0
  606. package/dist/subagent-announce-delivery-HYpoItCd.js +726 -0
  607. package/dist/subagent-announce-output-C7rcYYEc.js +364 -0
  608. package/dist/subagent-control-Ds2GYpWL.js +506 -0
  609. package/dist/subagent-followup.runtime-Cd8hCztp.js +68 -0
  610. package/dist/subagent-followup.runtime.js +1 -1
  611. package/dist/subagent-orphan-recovery-BgjubPqf.js +305 -0
  612. package/dist/subagent-registry-CgpGD3GV.js +1753 -0
  613. package/dist/subagent-registry-DxdVLcdG.js +3 -0
  614. package/dist/subagent-registry.runtime.js +1 -1
  615. package/dist/subagent-spawn-BWBNndsp.js +1005 -0
  616. package/dist/system-cli-DyBkQUQb.js +43 -0
  617. package/dist/targets-BadrXaG2.js +67 -0
  618. package/dist/task-executor-C7Wi33fD.js +360 -0
  619. package/dist/task-owner-access-yQv8xMco.js +74 -0
  620. package/dist/task-registry-W5mFPlZX.js +2357 -0
  621. package/dist/task-registry-delivery-runtime-cBNSvuGT.js +3 -0
  622. package/dist/task-registry-delivery-runtime-cJvq2BuY.js +2 -0
  623. package/dist/task-registry.maintenance-Buzo501v.js +2 -0
  624. package/dist/task-registry.maintenance-pJMW_7Am.js +416 -0
  625. package/dist/telegram/token.js +1 -1
  626. package/dist/testing-Dw49ltmR.js +575 -0
  627. package/dist/text-report-CtyXY05r.js +549 -0
  628. package/dist/tool-resolution-BcUPtTtu.js +90 -0
  629. package/dist/tools-effective-inventory-CL0grjv4.js +152 -0
  630. package/dist/tools-invoke-http-BZ8xqe0f.js +206 -0
  631. package/dist/trash-B6l1GwX9.js +24 -0
  632. package/dist/tui-cli-BCn5UWwT.js +4585 -0
  633. package/dist/update-cli-D8bMov5W.js +1759 -0
  634. package/dist/upgrade-iRXz6ZP4.js +1226 -0
  635. package/dist/video-generation-task-status-ESf4kR6F.js +163 -0
  636. package/dist/wait-for-idle-before-flush-C-_kVutK.js +5985 -0
  637. package/dist/wizard-models-jPGu0o7K.js +334 -0
  638. package/package.json +1 -1
  639. package/dist/abort-eELweWEh.js +0 -201
  640. package/dist/abort.runtime-CTayKbQD.js +0 -2
  641. package/dist/accounts-BGM3WHLv.js +0 -107
  642. package/dist/accounts-CjfvnRr8.js +0 -2
  643. package/dist/accounts-Do4oFjnx.js +0 -104
  644. package/dist/acp-cli-CYsQXo19.js +0 -2217
  645. package/dist/acp-spawn-EQ41IhnW.js +0 -2
  646. package/dist/acp-spawn-kNmVaCJg.js +0 -1042
  647. package/dist/acp-stateful-target-driver-CGEmB873.js +0 -89
  648. package/dist/action-agents-DRZhDohG.js +0 -67
  649. package/dist/action-focus-rtD_IZeK.js +0 -132
  650. package/dist/action-help-BxYZoPLZ.js +0 -7
  651. package/dist/action-info-DKIOeV27.js +0 -101
  652. package/dist/action-kill-BSRgreG1.js +0 -33
  653. package/dist/action-list-D_9VcDkU.js +0 -21
  654. package/dist/action-log-B-14uMf6.js +0 -30
  655. package/dist/action-send-DSAXZyLd.js +0 -39
  656. package/dist/action-spawn-CmQA95xS.js +0 -47
  657. package/dist/action-unfocus-CENAeJCf.js +0 -29
  658. package/dist/actions.runtime-BOFiPCqN.js +0 -18
  659. package/dist/actions.runtime-BokGkMaN.js +0 -5
  660. package/dist/agent-aBFNkVS4.js +0 -2
  661. package/dist/agent-command-CAtrEgLC.js +0 -874
  662. package/dist/agent-harness-runtime-BL32XpUV.js +0 -144
  663. package/dist/agent-runner-utils-DqPHTinZ.js +0 -239
  664. package/dist/agent-runner.runtime-Dau-cd0f.js +0 -3443
  665. package/dist/agent-runtime--LWUNBfA.js +0 -18
  666. package/dist/agents-C3k8MTRw.js +0 -5
  667. package/dist/agents-CFtbcew1.js +0 -954
  668. package/dist/aliases-Cgg9M9wt.js +0 -96
  669. package/dist/aliases-fGREp791.js +0 -2
  670. package/dist/api-BcbAyDG9.js +0 -5
  671. package/dist/api-D0pLMgBK.js +0 -139
  672. package/dist/api-NoVni8Sl.js +0 -3
  673. package/dist/approval-gateway-resolver-Cb_c_Zpw.js +0 -29
  674. package/dist/approval-gateway-runtime-CI5kXM2R.js +0 -2
  675. package/dist/approval-handler-runtime-39P31QLp.js +0 -439
  676. package/dist/approval-native-runtime-CeybpRQ8.js +0 -729
  677. package/dist/attempt-execution.runtime-Dd1qMUKN.js +0 -509
  678. package/dist/attempt.prompt-helpers-CaElAXu4.js +0 -206
  679. package/dist/attempt.tool-run-context-Bmny58yh.js +0 -933
  680. package/dist/audit-C41qeFBb.js +0 -939
  681. package/dist/audit.runtime-D8lnHabB.js +0 -7
  682. package/dist/auth-CsVdaaAe.js +0 -2
  683. package/dist/auth-order-BWk3ViLn.js +0 -139
  684. package/dist/auth-order-BbG3V9qM.js +0 -2
  685. package/dist/auth-pqwbxiw7.js +0 -550
  686. package/dist/bash-tools-C_tOXKUP.js +0 -2853
  687. package/dist/bash-tools-D5q7UFgs.js +0 -3
  688. package/dist/binding-routing-CeClBVpB.js +0 -85
  689. package/dist/binding-targets-DdrE0COF.js +0 -121
  690. package/dist/bridge-server-DeAPQe0C.js +0 -113
  691. package/dist/browser-control-auth-Df3M2eI5.js +0 -2
  692. package/dist/browser-node-runtime-n6vhbxwB.js +0 -12
  693. package/dist/browser-profiles-BcaCN3Q6.js +0 -2
  694. package/dist/browser-runtime-D6wFsSX9.js +0 -387
  695. package/dist/browser-setup-tools-O22i2nzo.js +0 -13
  696. package/dist/build-D2RzyOdJ.js +0 -550
  697. package/dist/call-D1wMcFp1.js +0 -330
  698. package/dist/call-DZwpoxKB.js +0 -3
  699. package/dist/call.runtime-_dVLUHfq.js +0 -2
  700. package/dist/capability-cli-DG1nE-2Q.js +0 -1401
  701. package/dist/catchup-CALuX0EW.js +0 -300
  702. package/dist/channel-CNb4SPiv.js +0 -1320
  703. package/dist/channel-CS0Ik7Dq.js +0 -1174
  704. package/dist/channel-CYBGsrs5.js +0 -226
  705. package/dist/channel-Cnt8iXCs.js +0 -297
  706. package/dist/channel-Cq62QSZR.js +0 -1100
  707. package/dist/channel-CuOrQbPa.js +0 -491
  708. package/dist/channel-CwUVg_e3.js +0 -350
  709. package/dist/channel-CxPOVDOa.js +0 -453
  710. package/dist/channel-D8E3vPYf.js +0 -1802
  711. package/dist/channel-Hkm1aCOg.js +0 -840
  712. package/dist/channel-core-UwaoX83l.js +0 -5
  713. package/dist/channel-hzXuigBm.js +0 -595
  714. package/dist/channel-inbound-C88sBchp.js +0 -31
  715. package/dist/channel-plugin-runtime-CDndBSbs.js +0 -771
  716. package/dist/channel-runtime-CpayqA94.js +0 -425
  717. package/dist/channel.runtime-BTGIlCf_.js +0 -42398
  718. package/dist/channel.runtime-Bo7eYpYT.js +0 -576
  719. package/dist/channel.runtime-Cb7E95Ts.js +0 -2364
  720. package/dist/channel.runtime-DNrozvEo.js +0 -4
  721. package/dist/channel.runtime-DRsan2gc.js +0 -430
  722. package/dist/channel.runtime-Je-Ol2c3.js +0 -89
  723. package/dist/channel.setup-BW4k0T2j.js +0 -10
  724. package/dist/channel2.runtime-Bz0QP9sq.js +0 -109
  725. package/dist/channels-BOUEDeFj.js +0 -733
  726. package/dist/channels-cli-BBM3LCGT.js +0 -268
  727. package/dist/chat-0aqpRXk7.js +0 -2830
  728. package/dist/clawbot-cli-CSpQnlO7.js +0 -9
  729. package/dist/cli-BMMCMk2R.js +0 -72
  730. package/dist/cli-CEQfSSaU.js +0 -2
  731. package/dist/cli-DI0JpbBo.js +0 -2
  732. package/dist/cli-NfaQyvCK.js +0 -219
  733. package/dist/cli-runner-DNyuZ5h6.js +0 -286
  734. package/dist/cli-runner.runtime-CR-JwA4O.js +0 -3
  735. package/dist/cli-runner.runtime-Dz6jbCuw.js +0 -4
  736. package/dist/cli.runtime-oxgwFXYo.js +0 -1261
  737. package/dist/client-Bt55zFEY.js +0 -138
  738. package/dist/client-DdJ17SBT.js +0 -723
  739. package/dist/command-auth-BthdrJZs.js +0 -76
  740. package/dist/command-config-resolution-CVMUB11x.js +0 -2
  741. package/dist/command-config-resolution-Gyx8ZctY.js +0 -23
  742. package/dist/command-config-resolution.runtime-BkW8urG9.js +0 -2
  743. package/dist/command-registry-CzoqAliR.js +0 -4
  744. package/dist/command-registry-core-CBbC7zvE.js +0 -106
  745. package/dist/command-registry-otbvPe2S.js +0 -9
  746. package/dist/command-secret-gateway-96Lg7d56.js +0 -528
  747. package/dist/command-status.runtime-Wz0v1rTj.js +0 -87
  748. package/dist/commands-acp-CTKWdZFc.js +0 -77
  749. package/dist/commands-compact.runtime-BvhuA8PX.js +0 -10
  750. package/dist/commands-handlers.runtime-1lMZVKIF.js +0 -4599
  751. package/dist/commands-status-OROpaZRA.js +0 -16
  752. package/dist/commands-status.runtime-CylmITPm.js +0 -3
  753. package/dist/commands-subagents-control.runtime-DPZM15Y8.js +0 -3
  754. package/dist/commands-subagents-control.runtime-DtPr9n7D.js +0 -2
  755. package/dist/commands-system-prompt-CbFMKfpn.js +0 -2
  756. package/dist/commands-system-prompt-DwCsudJL.js +0 -157
  757. package/dist/commands.runtime-nRjRmUst.js +0 -167
  758. package/dist/compact-Bi9T_Zb_.js +0 -1096
  759. package/dist/compact.runtime-DTvVHwbC.js +0 -12
  760. package/dist/completion-cli-Dj97mkii.js +0 -328
  761. package/dist/config-CY6leWe-.js +0 -252
  762. package/dist/config-cli-B_BsNmBg.js +0 -1078
  763. package/dist/configure-CSRRRV1P.js +0 -2
  764. package/dist/configure-CUG1geJf.js +0 -1252
  765. package/dist/connect-options-CnwJQxN0.js +0 -699
  766. package/dist/control-auth-C5i9U0hQ.js +0 -125
  767. package/dist/control-service-Hpi8EaX5.js +0 -156
  768. package/dist/control-ui/assets/agents-Bm9tbRvl.js +0 -1125
  769. package/dist/control-ui/assets/canvas-Dqcz2P-M.js +0 -274
  770. package/dist/control-ui/assets/channel-config-extras-DPhtzROS.js +0 -2
  771. package/dist/control-ui/assets/channels-C4lCtkuE.js +0 -198
  772. package/dist/control-ui/assets/cron-CDnocp54.js +0 -250
  773. package/dist/control-ui/assets/de-BIxTAu8X.js +0 -2
  774. package/dist/control-ui/assets/debug-CLJUkyM0.js +0 -94
  775. package/dist/control-ui/assets/es-BQWbWgIl.js +0 -2
  776. package/dist/control-ui/assets/fr-CWlA2mjJ.js +0 -2
  777. package/dist/control-ui/assets/i18n-zQZN-KVV.js +0 -3
  778. package/dist/control-ui/assets/id-6rCpPVbX.js +0 -2
  779. package/dist/control-ui/assets/index-DNcb9kKN.js +0 -5972
  780. package/dist/control-ui/assets/instances-BmNOHnr0.js +0 -57
  781. package/dist/control-ui/assets/ja-JP-DF-DP5BG.js +0 -2
  782. package/dist/control-ui/assets/ko-DBqpeGub.js +0 -2
  783. package/dist/control-ui/assets/logs-DbPv07V4.js +0 -74
  784. package/dist/control-ui/assets/mcp-CxU-2jb_.js +0 -380
  785. package/dist/control-ui/assets/memory-Cvr3erHb.js +0 -50
  786. package/dist/control-ui/assets/memory-graph-BpmZbNSk.js +0 -30
  787. package/dist/control-ui/assets/models-C7nRZAXy.js +0 -86
  788. package/dist/control-ui/assets/nodes-f2aGvluM.js +0 -654
  789. package/dist/control-ui/assets/pl-5NAsq-Is.js +0 -2
  790. package/dist/control-ui/assets/plugins-5hOroymh.js +0 -259
  791. package/dist/control-ui/assets/presenter-DsN_oVUG.js +0 -2
  792. package/dist/control-ui/assets/preview-Bpt_pTk6.js +0 -2
  793. package/dist/control-ui/assets/pt-BR-Hv8MDaxx.js +0 -2
  794. package/dist/control-ui/assets/sessions-LDFBoP0u.js +0 -56
  795. package/dist/control-ui/assets/skills-DIujrS1_.js +0 -294
  796. package/dist/control-ui/assets/skills-shared-DTBgPO3R.js +0 -11
  797. package/dist/control-ui/assets/th-cg-0LWw9.js +0 -2
  798. package/dist/control-ui/assets/tr-hpqnmvm6.js +0 -2
  799. package/dist/control-ui/assets/uk-DaVOgu9d.js +0 -2
  800. package/dist/control-ui/assets/wallet-CdJCKiSZ.js +0 -302
  801. package/dist/control-ui/assets/zh-CN-BfPyN3yg.js +0 -2
  802. package/dist/control-ui/assets/zh-TW-WbilNUjy.js +0 -2
  803. package/dist/control-ui-CeGNcKzT.js +0 -1043
  804. package/dist/conversation-id-BCbq5NIc.js +0 -38
  805. package/dist/conversation-id-CQI9g_tF.js +0 -235
  806. package/dist/conversation-runtime-DaqqNX-x.js +0 -31
  807. package/dist/core-Tk-dTIXT.js +0 -275
  808. package/dist/cron-cli-DSGzbLxR.js +0 -713
  809. package/dist/daemon-cli-DeV3LyHQ.js +0 -12
  810. package/dist/dashboard-DloYb4F9.js +0 -2
  811. package/dist/dashboard-tuymsSVS.js +0 -81
  812. package/dist/delegate-Dd5wAxfb.js +0 -64
  813. package/dist/detached-task-runtime-DKySZjwC.js +0 -73
  814. package/dist/devices-cli-CYzBu3hZ.js +0 -498
  815. package/dist/diagnostics-3KiMYFlv.js +0 -154
  816. package/dist/direct-dm-CUE3FyXY.js +0 -64
  817. package/dist/dispatch-_wfSU58C.js +0 -1131
  818. package/dist/dispatch-acp-DeRnweaq.js +0 -981
  819. package/dist/dispatch-acp-manager.runtime-BAIqFxld.js +0 -3
  820. package/dist/dispatch-acp.runtime-JlGpWtEz.js +0 -19
  821. package/dist/doctor-device-pairing-DEjdxNU3.js +0 -307
  822. package/dist/doctor-gateway-daemon-flow-DCKalcSh.js +0 -250
  823. package/dist/doctor-gateway-health-BY7EhLu3.js +0 -63
  824. package/dist/doctor-health-ClRZC0ve.js +0 -59
  825. package/dist/doctor-health-contributions-B65HPALZ.js +0 -493
  826. package/dist/doctor-prompter-YrvCLwpe.js +0 -56
  827. package/dist/doctor-workspace-status-B-BuL017.js +0 -75
  828. package/dist/dreaming-DGYWRYq3.js +0 -1582
  829. package/dist/dreaming-narrative-DRKoF-z9.js +0 -596
  830. package/dist/embedded-gateway-stub.runtime-DdjZKa9q.js +0 -9
  831. package/dist/embeddings-http-B3ACs8Ws.js +0 -205
  832. package/dist/exec-approvals-cli-C5DwVIu5.js +0 -498
  833. package/dist/fallbacks-D6L84vVc.js +0 -31
  834. package/dist/fallbacks-D6jO50XF.js +0 -2
  835. package/dist/fallbacks-shared-Dci4IyaY.js +0 -111
  836. package/dist/gateway-cli-BS9kPc9H.js +0 -1283
  837. package/dist/gateway-rpc-B5GtBJRi.js +0 -14
  838. package/dist/gateway-rpc.runtime-CKtiPql1.js +0 -23
  839. package/dist/gateway-runtime-C-kxmrI5.js +0 -15
  840. package/dist/gateway-status-0kWh50js.js +0 -584
  841. package/dist/gateway-tMGzPO6m.js +0 -115
  842. package/dist/genesis-tools-CtMsMRl9.js +0 -9435
  843. package/dist/genesis-tools.runtime-BptuQNAJ.js +0 -2
  844. package/dist/get-reply-B4NwzjDj.js +0 -3946
  845. package/dist/get-reply-from-config.runtime-D07XOnfu.js +0 -2
  846. package/dist/graph-users-Chk0mBZs.js +0 -1337
  847. package/dist/health-BkcL9i__.js +0 -3
  848. package/dist/health-CgLzUl2R.js +0 -420
  849. package/dist/health-route-BySTIyJQ.js +0 -2
  850. package/dist/health-route-P7I71km-.js +0 -41
  851. package/dist/hooks-cli-BMkgaeq9.js +0 -433
  852. package/dist/http-endpoint-helpers-CC_gglfr.js +0 -41
  853. package/dist/http-utils-C7CfxCac.js +0 -924
  854. package/dist/image-fallbacks-BGCt_6uL.js +0 -31
  855. package/dist/image-fallbacks-OrcyF2DC.js +0 -2
  856. package/dist/inbound-reply-dispatch-DYjgJdlo.js +0 -73
  857. package/dist/infra-runtime-AQfhgBFn.js +0 -38
  858. package/dist/init-DPP54t0W.js +0 -59
  859. package/dist/library-DFR5f_Ir.js +0 -45
  860. package/dist/lifecycle-CW2vdQDb.js +0 -571
  861. package/dist/lifecycle-D11XyL6V.js +0 -229
  862. package/dist/lifecycle.runtime-DSWYu3nX.js +0 -2
  863. package/dist/list-BKM6QdOy.js +0 -1212
  864. package/dist/list-CTNJ4-68.js +0 -2
  865. package/dist/list-DtXUyEzG.js +0 -2
  866. package/dist/list-aEqDnDBI.js +0 -131
  867. package/dist/list.probe-Bou6QQPq.js +0 -419
  868. package/dist/llm-slug-generator-Bnt1pOHN.js +0 -79
  869. package/dist/load-config-CBqnIYCC.js +0 -35
  870. package/dist/local-dispatch.runtime-zcsbNVun.js +0 -8
  871. package/dist/logs-cli-TFV7jUp4.js +0 -265
  872. package/dist/logs-cli.runtime-DtiBn5Ch.js +0 -2
  873. package/dist/main-session-restart-recovery-DxN0yklO.js +0 -206
  874. package/dist/managed-image-attachments-BGssrKSl.js +0 -635
  875. package/dist/managed-image-attachments-oy7vi04e.js +0 -2
  876. package/dist/manager-C86vv_vo.js +0 -2
  877. package/dist/manager-ooYadtSy.js +0 -2057
  878. package/dist/markdown-to-line-COdsSmXH.js +0 -790
  879. package/dist/mcp-cli-CAuVc_Pm.js +0 -725
  880. package/dist/mcp-http-DJ1wHZwo.js +0 -529
  881. package/dist/memory-core-host-runtime-cli-BIS_FL5c.js +0 -9
  882. package/dist/message-Bwxr0xiZ.js +0 -232
  883. package/dist/message-action-runner-B65TS-iS.js +0 -1407
  884. package/dist/message-action-runner-CiaRlq7u.js +0 -2
  885. package/dist/message-actions-D64MkmkC.js +0 -143
  886. package/dist/message.gateway.runtime-RW2Yhu37.js +0 -2
  887. package/dist/method-scopes-BkN09VAs.js +0 -232
  888. package/dist/models-auth-status-DzLtMc97.js +0 -217
  889. package/dist/models-cli-CoFUFTED.js +0 -271
  890. package/dist/models-http-DbtJ3UU_.js +0 -92
  891. package/dist/monitor-B4GOsafr.js +0 -671
  892. package/dist/monitor-BABC3pTm.js +0 -1661
  893. package/dist/monitor-BJrqsLpj.js +0 -1459
  894. package/dist/monitor-DiZfArYU.js +0 -1237
  895. package/dist/monitor-auth-DVJNdnse.js +0 -207
  896. package/dist/monitor-ovv5ZrP8.js +0 -788
  897. package/dist/monitor-processing-25Z4qW74.js +0 -1974
  898. package/dist/monitor-zDAbyj7K.js +0 -2
  899. package/dist/monitor.runtime-9UOZT7UY.js +0 -2
  900. package/dist/monitor.webhook-ksEOpU9Y.js +0 -180
  901. package/dist/msteams-D0FDrYYn.js +0 -35
  902. package/dist/native-hook-relay-C_3-6Eke.js +0 -519
  903. package/dist/nextcloud-talk-DKd_xz3W.js +0 -17
  904. package/dist/node-cli-D5KvQ2CT.js +0 -2276
  905. package/dist/nodes-cli-DNNvVAj2.js +0 -1046
  906. package/dist/nodes-utils-CBwEmmq2.js +0 -84
  907. package/dist/nodes.helpers-CAihaPrl.js +0 -34
  908. package/dist/notify-CC_X0-7j.js +0 -315
  909. package/dist/onboard-BdO5P4vD.js +0 -2
  910. package/dist/onboard-ILwgXLYY.js +0 -70
  911. package/dist/onboard-helpers-7z02DFh9.js +0 -204
  912. package/dist/onboard-helpers-Ms4s2EzO.js +0 -6
  913. package/dist/onboard-interactive-BjPiPpZT.js +0 -24
  914. package/dist/onboard-non-interactive-Dj4NGkhK.js +0 -635
  915. package/dist/onboard-remote-DCYnQ04q.js +0 -193
  916. package/dist/onboard-remote-ofkezDbI.js +0 -2
  917. package/dist/onboard-skills-CUjzYHgj.js +0 -2
  918. package/dist/onboard-skills-CbfWgSt7.js +0 -134
  919. package/dist/openai-http-BaMtk-kT.js +0 -500
  920. package/dist/openresponses-http-WKKDY0q5.js +0 -1128
  921. package/dist/operator-approvals-client-4sga8tKU.js +0 -68
  922. package/dist/outbound.runtime-CDHhU73P.js +0 -2
  923. package/dist/pair-command-approve-OYJIc2fu.js +0 -44
  924. package/dist/persistent-bindings.lifecycle-BfHNJZO4.js +0 -2
  925. package/dist/persistent-bindings.lifecycle-DwKmiJYz.js +0 -85
  926. package/dist/pi-embedded-CGFh2Blz.js +0 -4
  927. package/dist/pi-embedded-ooYGUOJZ.js +0 -2905
  928. package/dist/pi-embedded.runtime-B1NpL8rR.js +0 -4
  929. package/dist/pi-tool-definition-adapter-Bl5ufyu3.js +0 -229
  930. package/dist/pi-tools-82qefK6f.js +0 -1118
  931. package/dist/pi-tools.before-tool-call-Db88CRUS.js +0 -2
  932. package/dist/pi-tools.before-tool-call-Dh-5Kzc8.js +0 -433
  933. package/dist/plugin-DwuhlI2I.js +0 -12195
  934. package/dist/plugin-enabled-CfzRQT1B.js +0 -140
  935. package/dist/plugin-registration-XsebPQqy.js +0 -23
  936. package/dist/plugin-service-QJqtKEG5.js +0 -2893
  937. package/dist/policy-DsGoyetK.js +0 -328
  938. package/dist/prepare.runtime-Ca5X_K9Y.js +0 -807
  939. package/dist/probe-0MgKBFel.js +0 -2205
  940. package/dist/probe-9CryCp2o.js +0 -2
  941. package/dist/probe-B8ogIy1E.js +0 -1443
  942. package/dist/probe-B_t63C0q.js +0 -74
  943. package/dist/probe-Cg5_YE3i.js +0 -240
  944. package/dist/probe-DVxDryxE.js +0 -45
  945. package/dist/probe-MDbiDMWz.js +0 -2
  946. package/dist/program-DPoG-10j.js +0 -111
  947. package/dist/prompt-select-styled-CTHDINxc.js +0 -20
  948. package/dist/protocol-zDWsuAk7.js +0 -2477
  949. package/dist/provider-dispatcher-Bgci1rwg.js +0 -2
  950. package/dist/provider-dispatcher-CwSZMOAg.js +0 -22
  951. package/dist/qr-cli-DvJ5xdsh.js +0 -2
  952. package/dist/qr-cli-gzyNSC5u.js +0 -349
  953. package/dist/reaction-runtime-api-BlDTJpo-.js +0 -116
  954. package/dist/reactions-W4Fy8xu5.js +0 -998
  955. package/dist/register-service-commands-BwL9yJxI.js +0 -71
  956. package/dist/register.agent-DhQz75CX.js +0 -248
  957. package/dist/register.configure-CiW5Nm47.js +0 -15
  958. package/dist/register.maintenance-B-bmcOm_.js +0 -363
  959. package/dist/register.message-CB7RGm0D.js +0 -329
  960. package/dist/register.onboard--s57-W_O.js +0 -88
  961. package/dist/register.runtime-aLzIGvj5.js +0 -81
  962. package/dist/register.setup-EvqU6AWF.js +0 -150
  963. package/dist/register.status-health-sessions-LtIU28tG.js +0 -1215
  964. package/dist/register.subclis-Cdyty_Wl.js +0 -29
  965. package/dist/register.subclis-E0e8IhV6.js +0 -3
  966. package/dist/register.subclis-core-DoJitfZR.js +0 -249
  967. package/dist/reply-dispatch-runtime-yhxku4dH.js +0 -13
  968. package/dist/reply-runtime-DMJCIRLh.js +0 -10
  969. package/dist/reply.runtime-ClSSD2-g.js +0 -2
  970. package/dist/restart-health-BOftTaLm.js +0 -202
  971. package/dist/restart-health-Cq5PQJFt.js +0 -2
  972. package/dist/root-help-gILUFRrb.js +0 -44
  973. package/dist/routes-D4r1ezvE.js +0 -3341
  974. package/dist/routes-QfDdU8qI.js +0 -2
  975. package/dist/rpc-BH3MZf04.js +0 -61
  976. package/dist/rpc.runtime-DEqSCvK_.js +0 -21
  977. package/dist/run-delivery.runtime-Ra2LpyjL.js +0 -530
  978. package/dist/run-embedded.runtime-B-b7dF48.js +0 -4
  979. package/dist/run-execution-cli.runtime-rzYYRquv.js +0 -4
  980. package/dist/run-executor.runtime-D3MC8B3s.js +0 -277
  981. package/dist/run-main-ROsTM9o9.js +0 -567
  982. package/dist/run-subagent-registry.runtime-gvfWvULf.js +0 -2
  983. package/dist/run-wait-DYca4W_o.js +0 -135
  984. package/dist/runtime-1Bb9bT_p.js +0 -9
  985. package/dist/runtime-B4JFGWB4.js +0 -961
  986. package/dist/runtime-api-BTGrUC1e.js +0 -14
  987. package/dist/runtime-api-Bhl3_8yF.js +0 -9
  988. package/dist/runtime-api-C-nx_QzF.js +0 -4
  989. package/dist/runtime-api-DlKoDfhQ.js +0 -9
  990. package/dist/runtime-embedded-pi.runtime-BpNxs_WI.js +0 -2
  991. package/dist/runtime-internal-BbUZ7GRn.js +0 -2
  992. package/dist/runtime-options-DvpcqD1R.js +0 -275
  993. package/dist/runtime-schema-DooxQwin.js +0 -28599
  994. package/dist/scan-DpgK8kOr.js +0 -2
  995. package/dist/scan-U6zeFiF4.js +0 -523
  996. package/dist/secrets-cli-DjWSeoBE.js +0 -2101
  997. package/dist/security-cli-CSD7A3_W.js +0 -486
  998. package/dist/selection-C6LjcruV.js +0 -2
  999. package/dist/selection-DTQuCEn8.js +0 -7743
  1000. package/dist/send-DjtE85vk.js +0 -102
  1001. package/dist/send-DrOoCalT.js +0 -156
  1002. package/dist/send.runtime-CoOsNVP2.js +0 -2
  1003. package/dist/server-Bm7KpOGW.js +0 -77
  1004. package/dist/server-C6MOiNs5.js +0 -13
  1005. package/dist/server-context-B4L8Ko8G.js +0 -847
  1006. package/dist/server-context-CdmUY6o_.js +0 -2
  1007. package/dist/server-node-events-D9LfdT_R.js +0 -474
  1008. package/dist/server-plugin-bootstrap-BzB53IG-.js +0 -2
  1009. package/dist/server-plugin-bootstrap-DnXmVUc8.js +0 -13275
  1010. package/dist/server-restart-sentinel-DSfUKsS9.js +0 -684
  1011. package/dist/server.impl-D6b9jfKp.js +0 -12787
  1012. package/dist/session-kill-http-DyjyFGdE.js +0 -110
  1013. package/dist/session-reset-service-7QjMT-P3.js +0 -497
  1014. package/dist/session-route-C0pUoL-m.js +0 -93
  1015. package/dist/session-status.runtime-C7j8HBWm.js +0 -2
  1016. package/dist/session-subagent-reactivation.runtime-D4lP9Yxw.js +0 -2
  1017. package/dist/session-tab-registry-CPJFtGU8.js +0 -581
  1018. package/dist/session-visibility-Bg3eG7Ud.js +0 -147
  1019. package/dist/sessions-helpers-C0F_CCx_.js +0 -305
  1020. package/dist/sessions-history-http-Bee2KxDh.js +0 -371
  1021. package/dist/sessions-patch-yHBQNF3A.js +0 -309
  1022. package/dist/sessions-resolve-D_3EYokX.js +0 -174
  1023. package/dist/sessions.runtime-CEP1m60d.js +0 -2
  1024. package/dist/setup-HKQAarOb.js +0 -636
  1025. package/dist/setup-api-EpAQ3HZv.js +0 -29
  1026. package/dist/setup-core-BgPN9ltC.js +0 -176
  1027. package/dist/setup-core-DSLCd1rN.js +0 -171
  1028. package/dist/setup-surface-DMN9uyVd.js +0 -403
  1029. package/dist/setup-surface-DhuBlD5J.js +0 -219
  1030. package/dist/setup-surface-E0DezmAi.js +0 -286
  1031. package/dist/setup.finalize-MkGL04S6.js +0 -547
  1032. package/dist/setup.gateway-config-Bnbhn6v-.js +0 -250
  1033. package/dist/shared-DDpJ78zl.js +0 -198
  1034. package/dist/shared-DGn0ibdp.js +0 -121
  1035. package/dist/shared-fUr4aN5q.js +0 -76
  1036. package/dist/slash-state-BXCSlhym.js +0 -1911
  1037. package/dist/src-uTvmDRmY.js +0 -3974
  1038. package/dist/startup-context-D-raEng1.js +0 -312
  1039. package/dist/status-B_d9Cx4z.js +0 -2
  1040. package/dist/status-Cm6eyksx.js +0 -209
  1041. package/dist/status-CmxOcSnZ.js +0 -2
  1042. package/dist/status-DVueyM2F.js +0 -395
  1043. package/dist/status-DbdzfpUI.js +0 -3
  1044. package/dist/status-DzQhntmn.js +0 -190
  1045. package/dist/status-all-m61xmSOw.js +0 -498
  1046. package/dist/status-json-DDMgeSaC.js +0 -14
  1047. package/dist/status-json-command-CK5HTDaU.js +0 -82
  1048. package/dist/status-runtime-shared-p3krF0s5.js +0 -241
  1049. package/dist/status-subagents.runtime-DHuvJr3p.js +0 -18
  1050. package/dist/status-text-CtkqzmoT.js +0 -237
  1051. package/dist/status.gateway-connection.runtime-Baws_5sO.js +0 -2
  1052. package/dist/status.gather-8OGnlbKU.js +0 -292
  1053. package/dist/status.gather-BETbqTkh.js +0 -2
  1054. package/dist/status.runtime-D7lk5mLJ.js +0 -2
  1055. package/dist/status.scan-BCPG9Nfn.js +0 -65
  1056. package/dist/status.scan-overview-BxfXogPo.js +0 -379
  1057. package/dist/status.scan.fast-json-DsYnYXoH.js +0 -2
  1058. package/dist/status.scan.fast-json-Ya7IYP0s.js +0 -132
  1059. package/dist/status.summary-BMSVTd_0.js +0 -200
  1060. package/dist/status.summary-CpaouG_t.js +0 -2
  1061. package/dist/subagent-announce-BHJpD5-v.js +0 -351
  1062. package/dist/subagent-announce-delivery-CKyEeFvA.js +0 -726
  1063. package/dist/subagent-announce-output-4itRkJFz.js +0 -364
  1064. package/dist/subagent-control-DnG7Wuci.js +0 -506
  1065. package/dist/subagent-followup.runtime-CSYnHTuh.js +0 -68
  1066. package/dist/subagent-orphan-recovery-CEGWLVDl.js +0 -305
  1067. package/dist/subagent-registry-BBck4LPP.js +0 -3
  1068. package/dist/subagent-registry-Kop804vg.js +0 -1753
  1069. package/dist/subagent-spawn-CZJpCHIN.js +0 -1005
  1070. package/dist/system-cli-CTd252XD.js +0 -43
  1071. package/dist/targets-CD3QLNpW.js +0 -67
  1072. package/dist/task-executor-BbCXhqDF.js +0 -360
  1073. package/dist/task-owner-access-Be7GpZNB.js +0 -74
  1074. package/dist/task-registry-CZN3bWaG.js +0 -2357
  1075. package/dist/task-registry-delivery-runtime-BQTBKwpP.js +0 -3
  1076. package/dist/task-registry-delivery-runtime-BxmqiCDh.js +0 -2
  1077. package/dist/task-registry.maintenance-3Y9NCOoG.js +0 -2
  1078. package/dist/task-registry.maintenance-DCn5Caci.js +0 -416
  1079. package/dist/testing-BH9BASoR.js +0 -575
  1080. package/dist/text-report-B0Y14E6B.js +0 -549
  1081. package/dist/tool-resolution-D4AhidQx.js +0 -90
  1082. package/dist/tools-effective-inventory-_1V0I8t9.js +0 -152
  1083. package/dist/tools-invoke-http-B6q43oJu.js +0 -206
  1084. package/dist/trash-BEJ9CQ7c.js +0 -24
  1085. package/dist/tui-cli-BHo_XAR4.js +0 -4585
  1086. package/dist/update-cli-yoJZUuTt.js +0 -1759
  1087. package/dist/upgrade-xIQd0f13.js +0 -1226
  1088. package/dist/video-generation-task-status-B9we9j9s.js +0 -163
  1089. package/dist/wait-for-idle-before-flush-A1yDxWJx.js +0 -5985
  1090. package/dist/wizard-models-CRc4fctG.js +0 -334
@@ -0,0 +1,2853 @@
1
+ import { i as formatErrorMessage } from "./errors-CufR9eHH.js";
2
+ import { a as normalizeLowercaseStringOrEmpty, c as normalizeOptionalString, s as normalizeOptionalLowercaseString } from "./string-coerce-DPP_aYVc.js";
3
+ import { c as escapeRegExp } from "./utils-CWrkFsp0.js";
4
+ import { s as sanitizeHostExecEnvWithDiagnostics } from "./host-env-security-PtrzxCxY.js";
5
+ import { a as logWarn, r as logInfo } from "./logger-BbnBrdB_.js";
6
+ import { K as getShellPathFromLoginShell, q as resolveShellEnvFallbackTimeoutMs } from "./io-Cy5vajWd.js";
7
+ import { i as isCronSessionKey, o as isSubagentSessionKey, s as parseAgentSessionKey } from "./session-key-utils-DDwuwYKT.js";
8
+ import { u as resolveAgentIdFromSessionKey } from "./session-key-CI3KvTQC.js";
9
+ import { d as resolveApprovalAuditCandidatePath } from "./exec-safe-bin-trust-DMrCONj2.js";
10
+ import { t as killProcessTree } from "./kill-tree-BbGiB2xY.js";
11
+ import { c as isGatewayMessageChannel, u as normalizeMessageChannel } from "./message-channel-8hna3ogc.js";
12
+ import { i as normalizeDeliveryContext } from "./delivery-context.shared-DnaA0DbE.js";
13
+ import { b as EXEC_TOOL_DISPLAY_SUMMARY, x as PROCESS_TOOL_DISPLAY_SUMMARY } from "./tool-policy-BIGITEMh.js";
14
+ import { C as formatExecDeniedUserMessage, T as parseExecApprovalResultText, u as sanitizeUserFacingText, w as isExecDeniedResultText } from "./sanitize-user-facing-text-DKqUCgHB.js";
15
+ import { o as failedTextResult, v as textResult } from "./common-C4_5xEM_.js";
16
+ import { t as callGatewayTool } from "./gateway-ClYGJe6R.js";
17
+ import { t as splitShellArgs } from "./shell-argv-BaDMAO0_.js";
18
+ import { c as describeInterpreterInlineEval, f as analyzeShellCommand, l as detectInterpreterInlineEvalArgv, n as evaluateShellAllowlist, p as buildEnforcedShellCommand } from "./exec-approvals-allowlist-BBW7JMg0.js";
19
+ import { r as resolveExecSafeBinRuntimePolicy } from "./exec-safe-bin-runtime-policy-DUcKpnC_.js";
20
+ import { C as requiresExecApproval, D as resolveExecApprovalsFromFile, E as resolveExecApprovals, _ as normalizeExecTarget, a as addDurableCommandApproval, b as recordAllowlistMatchesUse, f as minSecurity, g as normalizeExecSecurity, l as loadExecApprovals, m as normalizeExecAsk, s as hasDurableExecApproval, u as maxAsk, v as persistAllowAlwaysPatterns, w as resolveExecApprovalAllowedDecisions } from "./exec-approvals-D0DTIzDT.js";
21
+ import { n as describeProcessTool, t as describeExecTool } from "./bash-tools.descriptions-DzPYV0Li.js";
22
+ import { n as processSchema, t as execSchema } from "./bash-tools.schemas-B8_wOdjn.js";
23
+ import "./delivery-context-Pj68kbuc.js";
24
+ import { n as getDiagnosticSessionState } from "./diagnostic-session-state-BzRMvtlj.js";
25
+ import { i as resolveNodeIdFromList, t as listNodes } from "./nodes-utils-qg-Bmmy5.js";
26
+ import { t as sendMessage } from "./message-Bk0q8DmN.js";
27
+ import { t as resolveExternalBestEffortDeliveryTarget } from "./best-effort-delivery-CPpGc0xQ.js";
28
+ import { t as formatDurationCompact } from "./format-duration-D7ua_Cv_.js";
29
+ import { a as coerceEnv, c as readEnvInt, d as sliceLogLines, f as truncateMiddle, i as clampWithDefault, l as resolveSandboxWorkdir, n as buildSandboxEnv, o as deriveSessionName, s as pad, u as resolveWorkdir } from "./bash-tools.shared-tggOw0Pu.js";
30
+ import { f as resolveExecApprovalInitiatingSurfaceState, s as buildExecApprovalUnavailableReplyPayload } from "./exec-approval-reply-BhbjoK1B.js";
31
+ import { i as normalizePathPrepend, t as applyPathPrepend } from "./path-prepend-DR8e0z7b.js";
32
+ import { t as getProcessSupervisor } from "./supervisor-DaRbw4Gw.js";
33
+ import { C as setJobTtlMs, S as markExited, _ as getFinishedSession, a as DEFAULT_PENDING_MAX_OUTPUT, b as listRunningSessions, c as createApprovalSlug, f as resolveApprovalRunningNoticeMs, g as drainSession, h as deleteSession, i as DEFAULT_PATH, m as runExecProcess, n as DEFAULT_APPROVAL_TIMEOUT_MS, o as applyShellPath, p as resolveExecTarget, r as DEFAULT_MAX_OUTPUT, s as buildApprovalPendingMessage, t as DEFAULT_APPROVAL_REQUEST_TIMEOUT_MS, u as normalizeNotifyOutput, v as getSession, w as tail, x as markBackgrounded, y as listFinishedSessions } from "./bash-tools.exec-runtime-CVOp5fHn.js";
34
+ import { a as parseModelRiskVerdict, i as mergeSafeguardVerdicts, n as evaluateExecSafeguard, r as isAmbiguousForModel } from "./exec-safeguard-DMM6KaOP.js";
35
+ import { t as parsePreparedSystemRunPayload } from "./system-run-approval-context-CmtECXC_.js";
36
+ import { n as recordCommandPoll, r as resetCommandPollCount } from "./command-poll-backoff-BzCxMvUa.js";
37
+ import path from "node:path";
38
+ import crypto from "node:crypto";
39
+ //#region src/agents/bash-tools.exec-approval-request.ts
40
+ function buildExecApprovalRequestToolParams(params) {
41
+ return {
42
+ id: params.id,
43
+ ...params.command ? { command: params.command } : {},
44
+ ...params.commandArgv ? { commandArgv: params.commandArgv } : {},
45
+ systemRunPlan: params.systemRunPlan,
46
+ env: params.env,
47
+ cwd: params.cwd,
48
+ nodeId: params.nodeId,
49
+ host: params.host,
50
+ security: params.security,
51
+ ask: params.ask,
52
+ agentId: params.agentId,
53
+ resolvedPath: params.resolvedPath,
54
+ sessionKey: params.sessionKey,
55
+ turnSourceChannel: params.turnSourceChannel,
56
+ turnSourceTo: params.turnSourceTo,
57
+ turnSourceAccountId: params.turnSourceAccountId,
58
+ turnSourceThreadId: params.turnSourceThreadId,
59
+ timeoutMs: DEFAULT_APPROVAL_TIMEOUT_MS,
60
+ twoPhase: true
61
+ };
62
+ }
63
+ function parseDecision(value) {
64
+ if (!value || typeof value !== "object") return {
65
+ present: false,
66
+ value: null
67
+ };
68
+ if (!Object.hasOwn(value, "decision")) return {
69
+ present: false,
70
+ value: null
71
+ };
72
+ const decision = value.decision;
73
+ return {
74
+ present: true,
75
+ value: typeof decision === "string" ? decision : null
76
+ };
77
+ }
78
+ function parseString(value) {
79
+ return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
80
+ }
81
+ function parseExpiresAtMs(value) {
82
+ return typeof value === "number" && Number.isFinite(value) ? value : void 0;
83
+ }
84
+ async function registerExecApprovalRequest(params) {
85
+ const registrationResult = await callGatewayTool("exec.approval.request", { timeoutMs: DEFAULT_APPROVAL_REQUEST_TIMEOUT_MS }, buildExecApprovalRequestToolParams(params), { expectFinal: false });
86
+ const decision = parseDecision(registrationResult);
87
+ const id = parseString(registrationResult?.id) ?? params.id;
88
+ const expiresAtMs = parseExpiresAtMs(registrationResult?.expiresAtMs) ?? Date.now() + DEFAULT_APPROVAL_TIMEOUT_MS;
89
+ if (decision.present) return {
90
+ id,
91
+ expiresAtMs,
92
+ finalDecision: decision.value
93
+ };
94
+ return {
95
+ id,
96
+ expiresAtMs
97
+ };
98
+ }
99
+ async function waitForExecApprovalDecision(id) {
100
+ try {
101
+ return parseDecision(await callGatewayTool("exec.approval.waitDecision", { timeoutMs: DEFAULT_APPROVAL_REQUEST_TIMEOUT_MS }, { id })).value;
102
+ } catch (err) {
103
+ if (normalizeLowercaseStringOrEmpty(String(err)).includes("approval expired or not found")) return null;
104
+ throw err;
105
+ }
106
+ }
107
+ async function resolveRegisteredExecApprovalDecision(params) {
108
+ if (params.preResolvedDecision !== void 0) return params.preResolvedDecision ?? null;
109
+ return await waitForExecApprovalDecision(params.approvalId);
110
+ }
111
+ function buildExecApprovalRequesterContext(params) {
112
+ return {
113
+ agentId: params.agentId,
114
+ sessionKey: params.sessionKey
115
+ };
116
+ }
117
+ function buildExecApprovalTurnSourceContext(params) {
118
+ return {
119
+ turnSourceChannel: params.turnSourceChannel,
120
+ turnSourceTo: params.turnSourceTo,
121
+ turnSourceAccountId: params.turnSourceAccountId,
122
+ turnSourceThreadId: params.turnSourceThreadId
123
+ };
124
+ }
125
+ function buildHostApprovalDecisionParams(params) {
126
+ return {
127
+ id: params.approvalId,
128
+ command: params.command,
129
+ commandArgv: params.commandArgv,
130
+ systemRunPlan: params.systemRunPlan,
131
+ env: params.env,
132
+ cwd: params.workdir,
133
+ nodeId: params.nodeId,
134
+ host: params.host,
135
+ security: params.security,
136
+ ask: params.ask,
137
+ ...buildExecApprovalRequesterContext({
138
+ agentId: params.agentId,
139
+ sessionKey: params.sessionKey
140
+ }),
141
+ resolvedPath: params.resolvedPath,
142
+ ...buildExecApprovalTurnSourceContext(params)
143
+ };
144
+ }
145
+ async function registerExecApprovalRequestForHost(params) {
146
+ return await registerExecApprovalRequest(buildHostApprovalDecisionParams(params));
147
+ }
148
+ async function registerExecApprovalRequestForHostOrThrow(params) {
149
+ try {
150
+ return await registerExecApprovalRequestForHost(params);
151
+ } catch (err) {
152
+ throw new Error(`Exec approval registration failed: ${String(err)}`, { cause: err });
153
+ }
154
+ }
155
+ //#endregion
156
+ //#region src/agents/bash-tools.exec-approval-followup.ts
157
+ function buildExecDeniedFollowupPrompt(resultText) {
158
+ return [
159
+ "An async command did not run.",
160
+ "Do not run the command again.",
161
+ "There is no new command output.",
162
+ "Do not mention, summarize, or reuse output from any earlier run in this session.",
163
+ "",
164
+ "Exact completion details:",
165
+ resultText.trim(),
166
+ "",
167
+ "Reply to the user in a helpful way.",
168
+ "Explain that the command did not run and why.",
169
+ "Do not claim there is new command output."
170
+ ].join("\n");
171
+ }
172
+ function formatUnknownError(error) {
173
+ if (error instanceof Error) return error.message;
174
+ if (typeof error === "string") return error;
175
+ try {
176
+ return JSON.stringify(error);
177
+ } catch {
178
+ return "unknown error";
179
+ }
180
+ }
181
+ function buildExecApprovalFollowupPrompt(resultText) {
182
+ const trimmed = resultText.trim();
183
+ if (isExecDeniedResultText(trimmed)) return buildExecDeniedFollowupPrompt(trimmed);
184
+ return [
185
+ "An async command the user already approved has completed.",
186
+ "Do not run the command again.",
187
+ "If the task requires more steps, continue from this result before replying to the user.",
188
+ "Only ask the user for help if you are actually blocked.",
189
+ "",
190
+ "Exact completion details:",
191
+ trimmed,
192
+ "",
193
+ "Continue the task if needed, then reply to the user in a helpful way.",
194
+ "If it succeeded, share the relevant output.",
195
+ "If it failed, explain what went wrong."
196
+ ].join("\n");
197
+ }
198
+ function shouldSuppressExecDeniedFollowup(sessionKey) {
199
+ return isSubagentSessionKey(sessionKey) || isCronSessionKey(sessionKey);
200
+ }
201
+ function formatDirectExecApprovalFollowupText(resultText, opts = {}) {
202
+ const parsed = parseExecApprovalResultText(resultText);
203
+ if (parsed.kind === "other" && !parsed.raw) return null;
204
+ if (parsed.kind === "denied") return opts.allowDenied ? formatExecDeniedUserMessage(parsed.raw) : null;
205
+ if (parsed.kind === "finished") {
206
+ const metadata = normalizeLowercaseStringOrEmpty(parsed.metadata);
207
+ const body = sanitizeUserFacingText(parsed.body, { errorContext: !metadata.includes("code 0") }).trim();
208
+ let prefix = "";
209
+ if (!body) prefix = metadata.includes("code 0") ? "Background command finished." : metadata.includes("signal") ? "Background command stopped unexpectedly." : "Background command finished with an error.";
210
+ return body ? `${prefix ? `${prefix}\n\n` : ""}${body}` : prefix || null;
211
+ }
212
+ if (parsed.kind === "completed") return sanitizeUserFacingText(parsed.body, { errorContext: true }).trim() || "Background command finished.";
213
+ return sanitizeUserFacingText(parsed.raw, { errorContext: true }).trim() || null;
214
+ }
215
+ function buildSessionResumeFallbackPrefix() {
216
+ return "Automatic session resume failed, so sending the status directly.\n\n";
217
+ }
218
+ function canDirectSendDeniedFollowup(sessionError) {
219
+ return sessionError !== null;
220
+ }
221
+ function buildAgentFollowupArgs(params) {
222
+ const { deliveryTarget, sessionOnlyOriginChannel } = params;
223
+ return {
224
+ sessionKey: params.sessionKey,
225
+ message: buildExecApprovalFollowupPrompt(params.resultText),
226
+ deliver: deliveryTarget.deliver,
227
+ ...deliveryTarget.deliver ? { bestEffortDeliver: true } : {},
228
+ channel: deliveryTarget.deliver ? deliveryTarget.channel : sessionOnlyOriginChannel,
229
+ to: deliveryTarget.deliver ? deliveryTarget.to : sessionOnlyOriginChannel ? params.turnSourceTo : void 0,
230
+ accountId: deliveryTarget.deliver ? deliveryTarget.accountId : sessionOnlyOriginChannel ? params.turnSourceAccountId : void 0,
231
+ threadId: deliveryTarget.deliver ? deliveryTarget.threadId : sessionOnlyOriginChannel ? params.turnSourceThreadId : void 0,
232
+ idempotencyKey: `exec-approval-followup:${params.approvalId}`
233
+ };
234
+ }
235
+ async function sendDirectFollowupFallback(params) {
236
+ const directText = formatDirectExecApprovalFollowupText(params.resultText, { allowDenied: canDirectSendDeniedFollowup(params.sessionError) });
237
+ if (!params.deliveryTarget.deliver || !directText) return false;
238
+ const prefix = params.sessionError ? buildSessionResumeFallbackPrefix() : "";
239
+ await sendMessage({
240
+ channel: params.deliveryTarget.channel,
241
+ to: params.deliveryTarget.to ?? "",
242
+ accountId: params.deliveryTarget.accountId,
243
+ threadId: params.deliveryTarget.threadId,
244
+ content: `${prefix}${directText}`,
245
+ agentId: void 0,
246
+ idempotencyKey: `exec-approval-followup:${params.approvalId}`
247
+ });
248
+ return true;
249
+ }
250
+ async function sendExecApprovalFollowup(params) {
251
+ const sessionKey = params.sessionKey?.trim();
252
+ const resultText = params.resultText.trim();
253
+ if (!resultText) return false;
254
+ const isDenied = isExecDeniedResultText(resultText);
255
+ if (isDenied && shouldSuppressExecDeniedFollowup(sessionKey)) return false;
256
+ const deliveryTarget = resolveExternalBestEffortDeliveryTarget({
257
+ channel: params.turnSourceChannel,
258
+ to: params.turnSourceTo,
259
+ accountId: params.turnSourceAccountId,
260
+ threadId: params.turnSourceThreadId
261
+ });
262
+ const normalizedTurnSourceChannel = normalizeMessageChannel(params.turnSourceChannel);
263
+ const sessionOnlyOriginChannel = normalizedTurnSourceChannel && isGatewayMessageChannel(normalizedTurnSourceChannel) ? normalizedTurnSourceChannel : void 0;
264
+ let sessionError = null;
265
+ if (sessionKey) try {
266
+ await callGatewayTool("agent", { timeoutMs: 6e4 }, buildAgentFollowupArgs({
267
+ approvalId: params.approvalId,
268
+ sessionKey,
269
+ resultText,
270
+ deliveryTarget,
271
+ sessionOnlyOriginChannel,
272
+ turnSourceTo: params.turnSourceTo,
273
+ turnSourceAccountId: params.turnSourceAccountId,
274
+ turnSourceThreadId: params.turnSourceThreadId
275
+ }), { expectFinal: true });
276
+ return true;
277
+ } catch (err) {
278
+ sessionError = err;
279
+ }
280
+ if (await sendDirectFollowupFallback({
281
+ approvalId: params.approvalId,
282
+ deliveryTarget,
283
+ resultText,
284
+ sessionError
285
+ })) return true;
286
+ if (sessionError) throw new Error(`Session followup failed: ${formatUnknownError(sessionError)}`);
287
+ if (isDenied) return false;
288
+ throw new Error("Session key or deliverable origin route is required");
289
+ }
290
+ const loggedExecApprovalFollowupFailures = /* @__PURE__ */ new Set();
291
+ function rememberExecApprovalFollowupFailureKey(key) {
292
+ if (loggedExecApprovalFollowupFailures.has(key)) return false;
293
+ loggedExecApprovalFollowupFailures.add(key);
294
+ if (loggedExecApprovalFollowupFailures.size > 256) {
295
+ const oldestKey = loggedExecApprovalFollowupFailures.values().next().value;
296
+ if (typeof oldestKey === "string") loggedExecApprovalFollowupFailures.delete(oldestKey);
297
+ }
298
+ return true;
299
+ }
300
+ function isHeadlessExecTrigger(trigger) {
301
+ return trigger === "cron";
302
+ }
303
+ function createExecApprovalPendingState(params) {
304
+ return {
305
+ warningText: params.warnings.length ? `${params.warnings.join("\n")}\n\n` : "",
306
+ expiresAtMs: Date.now() + params.timeoutMs,
307
+ preResolvedDecision: void 0
308
+ };
309
+ }
310
+ function createExecApprovalRequestState(params) {
311
+ return {
312
+ ...createExecApprovalPendingState({
313
+ warnings: params.warnings,
314
+ timeoutMs: params.timeoutMs
315
+ }),
316
+ noticeSeconds: Math.max(1, Math.round(params.approvalRunningNoticeMs / 1e3))
317
+ };
318
+ }
319
+ function createExecApprovalRequestContext(params) {
320
+ const approvalId = crypto.randomUUID();
321
+ return {
322
+ ...createExecApprovalRequestState({
323
+ warnings: params.warnings,
324
+ timeoutMs: params.timeoutMs,
325
+ approvalRunningNoticeMs: params.approvalRunningNoticeMs
326
+ }),
327
+ approvalId,
328
+ approvalSlug: params.createApprovalSlug(approvalId),
329
+ contextKey: `exec:${approvalId}`
330
+ };
331
+ }
332
+ function createDefaultExecApprovalRequestContext(params) {
333
+ return createExecApprovalRequestContext({
334
+ warnings: params.warnings,
335
+ timeoutMs: DEFAULT_APPROVAL_TIMEOUT_MS,
336
+ approvalRunningNoticeMs: params.approvalRunningNoticeMs,
337
+ createApprovalSlug: params.createApprovalSlug
338
+ });
339
+ }
340
+ function resolveBaseExecApprovalDecision(params) {
341
+ if (params.decision === "deny") return {
342
+ approvedByAsk: false,
343
+ deniedReason: "user-denied",
344
+ timedOut: false
345
+ };
346
+ if (!params.decision) {
347
+ if (params.askFallback === "full") return {
348
+ approvedByAsk: true,
349
+ deniedReason: null,
350
+ timedOut: true
351
+ };
352
+ if (params.askFallback === "deny") return {
353
+ approvedByAsk: false,
354
+ deniedReason: "approval-timeout",
355
+ timedOut: true
356
+ };
357
+ return {
358
+ approvedByAsk: false,
359
+ deniedReason: null,
360
+ timedOut: true
361
+ };
362
+ }
363
+ return {
364
+ approvedByAsk: false,
365
+ deniedReason: null,
366
+ timedOut: false
367
+ };
368
+ }
369
+ function resolveExecHostApprovalContext(params) {
370
+ const approvals = resolveExecApprovals(params.agentId, {
371
+ security: params.security,
372
+ ask: params.ask
373
+ });
374
+ const hostSecurity = minSecurity(params.security, approvals.agent.security);
375
+ const hostAsk = maxAsk(params.ask, approvals.agent.ask);
376
+ const askFallback = minSecurity(hostSecurity, approvals.agent.askFallback);
377
+ if (hostSecurity === "deny") throw new Error(`exec denied: host=${params.host} security=deny`);
378
+ return {
379
+ approvals,
380
+ hostSecurity,
381
+ hostAsk,
382
+ askFallback
383
+ };
384
+ }
385
+ async function resolveApprovalDecisionOrUndefined(params) {
386
+ try {
387
+ return await resolveRegisteredExecApprovalDecision({
388
+ approvalId: params.approvalId,
389
+ preResolvedDecision: params.preResolvedDecision
390
+ });
391
+ } catch {
392
+ params.onFailure();
393
+ return;
394
+ }
395
+ }
396
+ function resolveExecApprovalUnavailableState(params) {
397
+ const initiatingSurface = resolveExecApprovalInitiatingSurfaceState({
398
+ channel: params.turnSourceChannel,
399
+ accountId: params.turnSourceAccountId
400
+ });
401
+ return {
402
+ initiatingSurface,
403
+ sentApproverDms: false,
404
+ unavailableReason: params.preResolvedDecision === null ? "no-approval-route" : initiatingSurface.kind === "disabled" ? "initiating-platform-disabled" : initiatingSurface.kind === "unsupported" ? "initiating-platform-unsupported" : null
405
+ };
406
+ }
407
+ async function createAndRegisterDefaultExecApprovalRequest(params) {
408
+ const { approvalId, approvalSlug, warningText, expiresAtMs: defaultExpiresAtMs, preResolvedDecision: defaultPreResolvedDecision } = createDefaultExecApprovalRequestContext({
409
+ warnings: params.warnings,
410
+ approvalRunningNoticeMs: params.approvalRunningNoticeMs,
411
+ createApprovalSlug: params.createApprovalSlug
412
+ });
413
+ const registration = await params.register(approvalId);
414
+ const preResolvedDecision = registration.finalDecision;
415
+ const { initiatingSurface, sentApproverDms, unavailableReason } = resolveExecApprovalUnavailableState({
416
+ turnSourceChannel: params.turnSourceChannel,
417
+ turnSourceAccountId: params.turnSourceAccountId,
418
+ preResolvedDecision
419
+ });
420
+ return {
421
+ approvalId,
422
+ approvalSlug,
423
+ warningText,
424
+ expiresAtMs: registration.expiresAtMs ?? defaultExpiresAtMs,
425
+ preResolvedDecision: registration.finalDecision === void 0 ? defaultPreResolvedDecision : registration.finalDecision,
426
+ initiatingSurface,
427
+ sentApproverDms,
428
+ unavailableReason
429
+ };
430
+ }
431
+ function buildDefaultExecApprovalRequestArgs(params) {
432
+ return {
433
+ warnings: params.warnings,
434
+ approvalRunningNoticeMs: params.approvalRunningNoticeMs,
435
+ createApprovalSlug: params.createApprovalSlug,
436
+ turnSourceChannel: params.turnSourceChannel,
437
+ turnSourceAccountId: params.turnSourceAccountId
438
+ };
439
+ }
440
+ function buildExecApprovalFollowupTarget(params) {
441
+ return {
442
+ approvalId: params.approvalId,
443
+ sessionKey: params.sessionKey,
444
+ turnSourceChannel: params.turnSourceChannel,
445
+ turnSourceTo: params.turnSourceTo,
446
+ turnSourceAccountId: params.turnSourceAccountId,
447
+ turnSourceThreadId: params.turnSourceThreadId
448
+ };
449
+ }
450
+ function createExecApprovalDecisionState(params) {
451
+ const baseDecision = resolveBaseExecApprovalDecision({
452
+ decision: params.decision ?? null,
453
+ askFallback: params.askFallback
454
+ });
455
+ return {
456
+ baseDecision,
457
+ approvedByAsk: baseDecision.approvedByAsk,
458
+ deniedReason: baseDecision.deniedReason
459
+ };
460
+ }
461
+ function enforceStrictInlineEvalApprovalBoundary(params) {
462
+ if (!params.baseDecision.timedOut || !params.requiresInlineEvalApproval || !params.approvedByAsk) return {
463
+ approvedByAsk: params.approvedByAsk,
464
+ deniedReason: params.deniedReason
465
+ };
466
+ return {
467
+ approvedByAsk: false,
468
+ deniedReason: params.deniedReason ?? "approval-timeout"
469
+ };
470
+ }
471
+ function shouldResolveExecApprovalUnavailableInline(params) {
472
+ return isHeadlessExecTrigger(params.trigger) && params.unavailableReason === "no-approval-route" && params.preResolvedDecision === null;
473
+ }
474
+ function buildHeadlessExecApprovalDeniedMessage(params) {
475
+ return [
476
+ `exec denied: ${params.trigger === "cron" ? "Cron runs" : "Headless runs"} cannot wait for interactive exec approval.`,
477
+ `Effective host exec policy: security=${params.security} ask=${params.ask} askFallback=${params.askFallback}`,
478
+ "Stricter values from tools.exec and ~/.genesis/exec-approvals.json both apply.",
479
+ "Fix one of these:",
480
+ "- align both files to security=\"full\" and ask=\"off\" for trusted local automation",
481
+ "- keep allowlist mode and add an explicit allowlist entry for this command",
482
+ "- enable Web UI, terminal UI, or chat exec approvals and rerun interactively",
483
+ "Tip: run \"genesis doctor\" and \"genesis approvals get --gateway\" to inspect the effective policy."
484
+ ].join("\n");
485
+ }
486
+ async function sendExecApprovalFollowupResult(target, resultText, deps = {}) {
487
+ const send = deps.sendExecApprovalFollowup ?? sendExecApprovalFollowup;
488
+ const warn = deps.logWarn ?? logWarn;
489
+ await send({
490
+ approvalId: target.approvalId,
491
+ sessionKey: target.sessionKey,
492
+ turnSourceChannel: target.turnSourceChannel,
493
+ turnSourceTo: target.turnSourceTo,
494
+ turnSourceAccountId: target.turnSourceAccountId,
495
+ turnSourceThreadId: target.turnSourceThreadId,
496
+ resultText
497
+ }).catch((error) => {
498
+ const message = formatErrorMessage(error);
499
+ if (!rememberExecApprovalFollowupFailureKey(`${target.approvalId}:${message}`)) return;
500
+ warn(`exec approval followup dispatch failed (id=${target.approvalId}): ${message}`);
501
+ });
502
+ }
503
+ function buildExecApprovalPendingToolResult(params) {
504
+ const allowedDecisions = params.allowedDecisions ?? resolveExecApprovalAllowedDecisions();
505
+ return {
506
+ content: [{
507
+ type: "text",
508
+ text: params.unavailableReason !== null ? buildExecApprovalUnavailableReplyPayload({
509
+ warningText: params.warningText,
510
+ reason: params.unavailableReason,
511
+ channel: params.initiatingSurface.channel,
512
+ channelLabel: params.initiatingSurface.channelLabel,
513
+ accountId: params.initiatingSurface.accountId,
514
+ sentApproverDms: params.sentApproverDms
515
+ }).text ?? "" : buildApprovalPendingMessage({
516
+ warningText: params.warningText,
517
+ approvalSlug: params.approvalSlug,
518
+ approvalId: params.approvalId,
519
+ allowedDecisions,
520
+ command: params.command,
521
+ cwd: params.cwd,
522
+ host: params.host,
523
+ nodeId: params.nodeId
524
+ })
525
+ }],
526
+ details: params.unavailableReason !== null ? {
527
+ status: "approval-unavailable",
528
+ reason: params.unavailableReason,
529
+ channel: params.initiatingSurface.channel,
530
+ channelLabel: params.initiatingSurface.channelLabel,
531
+ accountId: params.initiatingSurface.accountId,
532
+ sentApproverDms: params.sentApproverDms,
533
+ host: params.host,
534
+ command: params.command,
535
+ cwd: params.cwd,
536
+ nodeId: params.nodeId,
537
+ warningText: params.warningText
538
+ } : {
539
+ status: "approval-pending",
540
+ approvalId: params.approvalId,
541
+ approvalSlug: params.approvalSlug,
542
+ expiresAtMs: params.expiresAtMs,
543
+ allowedDecisions,
544
+ host: params.host,
545
+ command: params.command,
546
+ cwd: params.cwd,
547
+ nodeId: params.nodeId,
548
+ warningText: params.warningText
549
+ }
550
+ };
551
+ }
552
+ //#endregion
553
+ //#region src/agents/bash-tools.exec-host-gateway.ts
554
+ function hasGatewayAllowlistMiss(params) {
555
+ return params.hostSecurity === "allowlist" && (!params.analysisOk || !params.allowlistSatisfied) && !params.durableApprovalSatisfied;
556
+ }
557
+ async function processGatewayAllowlist(params) {
558
+ const { approvals, hostSecurity, hostAsk, askFallback } = resolveExecHostApprovalContext({
559
+ agentId: params.agentId,
560
+ security: params.security,
561
+ ask: params.ask,
562
+ host: "gateway"
563
+ });
564
+ const allowlistEval = evaluateShellAllowlist({
565
+ command: params.command,
566
+ allowlist: approvals.allowlist,
567
+ safeBins: params.safeBins,
568
+ safeBinProfiles: params.safeBinProfiles,
569
+ cwd: params.workdir,
570
+ env: params.env,
571
+ platform: process.platform,
572
+ trustedSafeBinDirs: params.trustedSafeBinDirs
573
+ });
574
+ const allowlistMatches = allowlistEval.allowlistMatches;
575
+ const analysisOk = allowlistEval.analysisOk;
576
+ const allowlistSatisfied = hostSecurity === "allowlist" && analysisOk ? allowlistEval.allowlistSatisfied : false;
577
+ const durableApprovalSatisfied = hasDurableExecApproval({
578
+ analysisOk,
579
+ segmentAllowlistEntries: allowlistEval.segmentAllowlistEntries,
580
+ allowlist: approvals.allowlist,
581
+ commandText: params.command
582
+ });
583
+ const inlineEvalHit = params.strictInlineEval === true ? allowlistEval.segments.map((segment) => detectInterpreterInlineEvalArgv(segment.resolution?.effectiveArgv ?? segment.argv)).find((entry) => entry !== null) ?? null : null;
584
+ if (inlineEvalHit) params.warnings.push(`Warning: strict inline-eval mode requires explicit approval for ${describeInterpreterInlineEval(inlineEvalHit)}.`);
585
+ let enforcedCommand;
586
+ let allowlistPlanUnavailableReason = null;
587
+ if (hostSecurity === "allowlist" && analysisOk && allowlistSatisfied) {
588
+ const enforced = buildEnforcedShellCommand({
589
+ command: params.command,
590
+ segments: allowlistEval.segments,
591
+ platform: process.platform
592
+ });
593
+ if (!enforced.ok || !enforced.command) allowlistPlanUnavailableReason = enforced.reason ?? "unsupported platform";
594
+ else enforcedCommand = enforced.command;
595
+ }
596
+ const recordMatchedAllowlistUse = (resolvedPath) => recordAllowlistMatchesUse({
597
+ approvals: approvals.file,
598
+ agentId: params.agentId,
599
+ matches: allowlistMatches,
600
+ command: params.command,
601
+ resolvedPath
602
+ });
603
+ const hasHeredocSegment = allowlistEval.segments.some((segment) => segment.argv.some((token) => token.startsWith("<<")));
604
+ const requiresHeredocApproval = hostSecurity === "allowlist" && analysisOk && allowlistSatisfied && hasHeredocSegment;
605
+ const requiresInlineEvalApproval = inlineEvalHit !== null;
606
+ const requiresAllowlistPlanApproval = hostSecurity === "allowlist" && analysisOk && allowlistSatisfied && !enforcedCommand && allowlistPlanUnavailableReason !== null;
607
+ const requiresAsk = requiresExecApproval({
608
+ ask: hostAsk,
609
+ security: hostSecurity,
610
+ analysisOk,
611
+ allowlistSatisfied,
612
+ durableApprovalSatisfied
613
+ }) || requiresAllowlistPlanApproval || requiresHeredocApproval || requiresInlineEvalApproval;
614
+ if (requiresHeredocApproval) params.warnings.push("Warning: heredoc execution requires explicit approval in allowlist mode.");
615
+ if (requiresAllowlistPlanApproval) params.warnings.push(`Warning: allowlist auto-execution is unavailable on ${process.platform}; explicit approval is required.`);
616
+ if (requiresAsk) {
617
+ const requestArgs = buildDefaultExecApprovalRequestArgs({
618
+ warnings: params.warnings,
619
+ approvalRunningNoticeMs: params.approvalRunningNoticeMs,
620
+ createApprovalSlug,
621
+ turnSourceChannel: params.turnSourceChannel,
622
+ turnSourceAccountId: params.turnSourceAccountId
623
+ });
624
+ const registerGatewayApproval = async (approvalId) => await registerExecApprovalRequestForHostOrThrow({
625
+ approvalId,
626
+ command: params.command,
627
+ env: params.requestedEnv,
628
+ workdir: params.workdir,
629
+ host: "gateway",
630
+ security: hostSecurity,
631
+ ask: hostAsk,
632
+ ...buildExecApprovalRequesterContext({
633
+ agentId: params.agentId,
634
+ sessionKey: params.sessionKey
635
+ }),
636
+ resolvedPath: resolveApprovalAuditCandidatePath(allowlistEval.segments[0]?.resolution ?? null, params.workdir),
637
+ ...buildExecApprovalTurnSourceContext(params)
638
+ });
639
+ const { approvalId, approvalSlug, warningText, expiresAtMs, preResolvedDecision, initiatingSurface, sentApproverDms, unavailableReason } = await createAndRegisterDefaultExecApprovalRequest({
640
+ ...requestArgs,
641
+ register: registerGatewayApproval
642
+ });
643
+ if (shouldResolveExecApprovalUnavailableInline({
644
+ trigger: params.trigger,
645
+ unavailableReason,
646
+ preResolvedDecision
647
+ })) {
648
+ const { baseDecision, approvedByAsk, deniedReason } = createExecApprovalDecisionState({
649
+ decision: preResolvedDecision,
650
+ askFallback
651
+ });
652
+ const strictInlineEvalDecision = enforceStrictInlineEvalApprovalBoundary({
653
+ baseDecision,
654
+ approvedByAsk,
655
+ deniedReason,
656
+ requiresInlineEvalApproval
657
+ });
658
+ if (strictInlineEvalDecision.deniedReason || !strictInlineEvalDecision.approvedByAsk) throw new Error(buildHeadlessExecApprovalDeniedMessage({
659
+ trigger: params.trigger,
660
+ host: "gateway",
661
+ security: hostSecurity,
662
+ ask: hostAsk,
663
+ askFallback
664
+ }));
665
+ recordMatchedAllowlistUse(resolveApprovalAuditCandidatePath(allowlistEval.segments[0]?.resolution ?? null, params.workdir));
666
+ return {
667
+ execCommandOverride: enforcedCommand,
668
+ allowWithoutEnforcedCommand: enforcedCommand === void 0
669
+ };
670
+ }
671
+ const resolvedPath = resolveApprovalAuditCandidatePath(allowlistEval.segments[0]?.resolution ?? null, params.workdir);
672
+ const effectiveTimeout = typeof params.timeoutSec === "number" ? params.timeoutSec : params.defaultTimeoutSec;
673
+ const followupTarget = buildExecApprovalFollowupTarget({
674
+ approvalId,
675
+ sessionKey: params.notifySessionKey ?? params.sessionKey,
676
+ turnSourceChannel: params.turnSourceChannel,
677
+ turnSourceTo: params.turnSourceTo,
678
+ turnSourceAccountId: params.turnSourceAccountId,
679
+ turnSourceThreadId: params.turnSourceThreadId
680
+ });
681
+ (async () => {
682
+ const decision = await resolveApprovalDecisionOrUndefined({
683
+ approvalId,
684
+ preResolvedDecision,
685
+ onFailure: () => void sendExecApprovalFollowupResult(followupTarget, `Exec denied (gateway id=${approvalId}, approval-request-failed): ${params.command}`)
686
+ });
687
+ if (decision === void 0) return;
688
+ const { baseDecision, approvedByAsk: initialApprovedByAsk, deniedReason: initialDeniedReason } = createExecApprovalDecisionState({
689
+ decision,
690
+ askFallback
691
+ });
692
+ let approvedByAsk = initialApprovedByAsk;
693
+ let deniedReason = initialDeniedReason;
694
+ if (baseDecision.timedOut && askFallback === "allowlist") if (!analysisOk || !allowlistSatisfied) deniedReason = "approval-timeout (allowlist-miss)";
695
+ else approvedByAsk = true;
696
+ else if (decision === "allow-once") approvedByAsk = true;
697
+ else if (decision === "allow-always") {
698
+ approvedByAsk = true;
699
+ if (!requiresInlineEvalApproval) {
700
+ if (persistAllowAlwaysPatterns({
701
+ approvals: approvals.file,
702
+ agentId: params.agentId,
703
+ segments: allowlistEval.segments,
704
+ cwd: params.workdir,
705
+ env: params.env,
706
+ platform: process.platform,
707
+ strictInlineEval: params.strictInlineEval === true
708
+ }).length === 0) addDurableCommandApproval(approvals.file, params.agentId, params.command);
709
+ }
710
+ }
711
+ ({approvedByAsk, deniedReason} = enforceStrictInlineEvalApprovalBoundary({
712
+ baseDecision,
713
+ approvedByAsk,
714
+ deniedReason,
715
+ requiresInlineEvalApproval
716
+ }));
717
+ if (!approvedByAsk && hasGatewayAllowlistMiss({
718
+ hostSecurity,
719
+ analysisOk,
720
+ allowlistSatisfied,
721
+ durableApprovalSatisfied
722
+ })) deniedReason = deniedReason ?? "allowlist-miss";
723
+ if (deniedReason) {
724
+ await sendExecApprovalFollowupResult(followupTarget, `Exec denied (gateway id=${approvalId}, ${deniedReason}): ${params.command}`);
725
+ return;
726
+ }
727
+ recordMatchedAllowlistUse(resolvedPath ?? void 0);
728
+ let run = null;
729
+ try {
730
+ run = await runExecProcess({
731
+ command: params.command,
732
+ execCommand: enforcedCommand,
733
+ workdir: params.workdir,
734
+ env: params.env,
735
+ sandbox: void 0,
736
+ containerWorkdir: null,
737
+ usePty: params.pty,
738
+ warnings: params.warnings,
739
+ maxOutput: params.maxOutput,
740
+ pendingMaxOutput: params.pendingMaxOutput,
741
+ notifyOnExit: false,
742
+ notifyOnExitEmptySuccess: false,
743
+ scopeKey: params.scopeKey,
744
+ sessionKey: params.notifySessionKey ?? params.sessionKey,
745
+ timeoutSec: effectiveTimeout
746
+ });
747
+ } catch {
748
+ await sendExecApprovalFollowupResult(followupTarget, `Exec denied (gateway id=${approvalId}, spawn-failed): ${params.command}`);
749
+ return;
750
+ }
751
+ markBackgrounded(run.session);
752
+ const outcome = await run.promise;
753
+ const output = normalizeNotifyOutput(tail(outcome.aggregated || "", 400));
754
+ const exitLabel = outcome.timedOut ? "timeout" : `code ${outcome.exitCode ?? "?"}`;
755
+ await sendExecApprovalFollowupResult(followupTarget, output ? `Exec finished (gateway id=${approvalId}, session=${run.session.id}, ${exitLabel})\n${output}` : `Exec finished (gateway id=${approvalId}, session=${run.session.id}, ${exitLabel})`);
756
+ })();
757
+ return { pendingResult: buildExecApprovalPendingToolResult({
758
+ host: "gateway",
759
+ command: params.command,
760
+ cwd: params.workdir,
761
+ warningText,
762
+ approvalId,
763
+ approvalSlug,
764
+ expiresAtMs,
765
+ initiatingSurface,
766
+ sentApproverDms,
767
+ unavailableReason,
768
+ allowedDecisions: resolveExecApprovalAllowedDecisions({ ask: hostAsk })
769
+ }) };
770
+ }
771
+ if (hasGatewayAllowlistMiss({
772
+ hostSecurity,
773
+ analysisOk,
774
+ allowlistSatisfied,
775
+ durableApprovalSatisfied
776
+ })) throw new Error("exec denied: allowlist miss");
777
+ recordMatchedAllowlistUse(resolveApprovalAuditCandidatePath(allowlistEval.segments[0]?.resolution ?? null, params.workdir));
778
+ return { execCommandOverride: enforcedCommand };
779
+ }
780
+ //#endregion
781
+ //#region src/infra/node-shell.ts
782
+ function buildNodeShellCommand(command, platform) {
783
+ if (normalizeLowercaseStringOrEmpty((platform ?? "").trim()).startsWith("win")) return [
784
+ "cmd.exe",
785
+ "/d",
786
+ "/s",
787
+ "/c",
788
+ command
789
+ ];
790
+ return [
791
+ "/bin/sh",
792
+ "-lc",
793
+ command
794
+ ];
795
+ }
796
+ //#endregion
797
+ //#region src/agents/bash-tools.exec-host-node.ts
798
+ async function executeNodeHostCommand(params) {
799
+ const { hostSecurity, hostAsk, askFallback } = resolveExecHostApprovalContext({
800
+ agentId: params.agentId,
801
+ security: params.security,
802
+ ask: params.ask,
803
+ host: "node"
804
+ });
805
+ if (params.boundNode && params.requestedNode && params.boundNode !== params.requestedNode) throw new Error(`exec node not allowed (bound to ${params.boundNode})`);
806
+ const nodeQuery = params.boundNode || params.requestedNode;
807
+ const nodes = await listNodes({});
808
+ if (nodes.length === 0) throw new Error("exec host=node requires a paired node (none available). This requires a companion app or node host.");
809
+ let nodeId;
810
+ try {
811
+ nodeId = resolveNodeIdFromList(nodes, nodeQuery, !nodeQuery);
812
+ } catch (err) {
813
+ if (!nodeQuery && String(err).includes("node required")) throw new Error("exec host=node requires a node id when multiple nodes are available (set tools.exec.node or exec.node).", { cause: err });
814
+ throw err;
815
+ }
816
+ const nodeInfo = nodes.find((entry) => entry.nodeId === nodeId);
817
+ if (!(Array.isArray(nodeInfo?.commands) ? nodeInfo?.commands?.includes("system.run") : false)) throw new Error("exec host=node requires a node that supports system.run (companion app or node host).");
818
+ const argv = buildNodeShellCommand(params.command, nodeInfo?.platform);
819
+ const prepared = parsePreparedSystemRunPayload((await callGatewayTool("node.invoke", { timeoutMs: 15e3 }, {
820
+ nodeId,
821
+ command: "system.run.prepare",
822
+ params: {
823
+ command: argv,
824
+ rawCommand: params.command,
825
+ ...params.workdir != null ? { cwd: params.workdir } : {},
826
+ agentId: params.agentId,
827
+ sessionKey: params.sessionKey
828
+ },
829
+ idempotencyKey: crypto.randomUUID()
830
+ }))?.payload);
831
+ if (!prepared) throw new Error("invalid system.run.prepare response");
832
+ const runArgv = prepared.plan.argv;
833
+ const runRawCommand = prepared.plan.commandText;
834
+ const runCwd = prepared.plan.cwd ?? params.workdir;
835
+ const runAgentId = prepared.plan.agentId ?? params.agentId;
836
+ const runSessionKey = prepared.plan.sessionKey ?? params.sessionKey;
837
+ const nodeEnv = params.requestedEnv ? { ...params.requestedEnv } : void 0;
838
+ const baseAllowlistEval = evaluateShellAllowlist({
839
+ command: params.command,
840
+ allowlist: [],
841
+ safeBins: /* @__PURE__ */ new Set(),
842
+ cwd: params.workdir,
843
+ env: params.env,
844
+ platform: nodeInfo?.platform,
845
+ trustedSafeBinDirs: params.trustedSafeBinDirs
846
+ });
847
+ let analysisOk = baseAllowlistEval.analysisOk;
848
+ let allowlistSatisfied = false;
849
+ let durableApprovalSatisfied = false;
850
+ const inlineEvalHit = params.strictInlineEval === true ? baseAllowlistEval.segments.map((segment) => detectInterpreterInlineEvalArgv(segment.resolution?.effectiveArgv ?? segment.argv)).find((entry) => entry !== null) ?? null : null;
851
+ if (inlineEvalHit) params.warnings.push(`Warning: strict inline-eval mode requires explicit approval for ${describeInterpreterInlineEval(inlineEvalHit)}.`);
852
+ if ((hostAsk === "always" || hostSecurity === "allowlist") && analysisOk) try {
853
+ const approvalsSnapshot = await callGatewayTool("exec.approvals.node.get", { timeoutMs: 1e4 }, { nodeId });
854
+ const approvalsFile = approvalsSnapshot && typeof approvalsSnapshot === "object" ? approvalsSnapshot.file : void 0;
855
+ if (approvalsFile && typeof approvalsFile === "object") {
856
+ const resolved = resolveExecApprovalsFromFile({
857
+ file: approvalsFile,
858
+ agentId: params.agentId,
859
+ overrides: { security: "full" }
860
+ });
861
+ const allowlistEval = evaluateShellAllowlist({
862
+ command: params.command,
863
+ allowlist: resolved.allowlist,
864
+ safeBins: /* @__PURE__ */ new Set(),
865
+ cwd: params.workdir,
866
+ env: params.env,
867
+ platform: nodeInfo?.platform,
868
+ trustedSafeBinDirs: params.trustedSafeBinDirs
869
+ });
870
+ durableApprovalSatisfied = hasDurableExecApproval({
871
+ analysisOk: allowlistEval.analysisOk,
872
+ segmentAllowlistEntries: allowlistEval.segmentAllowlistEntries,
873
+ allowlist: resolved.allowlist,
874
+ commandText: runRawCommand
875
+ });
876
+ allowlistSatisfied = allowlistEval.allowlistSatisfied;
877
+ analysisOk = allowlistEval.analysisOk;
878
+ }
879
+ } catch {}
880
+ const requiresAsk = requiresExecApproval({
881
+ ask: hostAsk,
882
+ security: hostSecurity,
883
+ analysisOk,
884
+ allowlistSatisfied,
885
+ durableApprovalSatisfied
886
+ }) || inlineEvalHit !== null;
887
+ const invokeTimeoutMs = Math.max(1e4, (typeof params.timeoutSec === "number" ? params.timeoutSec : params.defaultTimeoutSec) * 1e3 + 5e3);
888
+ const buildInvokeParams = (approvedByAsk, approvalDecision, runId, suppressNotifyOnExit) => ({
889
+ nodeId,
890
+ command: "system.run",
891
+ params: {
892
+ command: runArgv,
893
+ rawCommand: runRawCommand,
894
+ systemRunPlan: prepared.plan,
895
+ cwd: runCwd,
896
+ env: nodeEnv,
897
+ timeoutMs: typeof params.timeoutSec === "number" ? params.timeoutSec * 1e3 : void 0,
898
+ agentId: runAgentId,
899
+ sessionKey: runSessionKey,
900
+ approved: approvedByAsk,
901
+ approvalDecision: approvalDecision === "allow-always" && inlineEvalHit !== null ? "allow-once" : approvalDecision ?? void 0,
902
+ runId: runId ?? void 0,
903
+ suppressNotifyOnExit: suppressNotifyOnExit === true || params.notifyOnExit === false ? true : void 0
904
+ },
905
+ idempotencyKey: crypto.randomUUID()
906
+ });
907
+ let inlineApprovedByAsk = false;
908
+ let inlineApprovalDecision = null;
909
+ let inlineApprovalId;
910
+ if (requiresAsk) {
911
+ const requestArgs = buildDefaultExecApprovalRequestArgs({
912
+ warnings: params.warnings,
913
+ approvalRunningNoticeMs: params.approvalRunningNoticeMs,
914
+ createApprovalSlug,
915
+ turnSourceChannel: params.turnSourceChannel,
916
+ turnSourceAccountId: params.turnSourceAccountId
917
+ });
918
+ const registerNodeApproval = async (approvalId) => await registerExecApprovalRequestForHostOrThrow({
919
+ approvalId,
920
+ systemRunPlan: prepared.plan,
921
+ env: nodeEnv,
922
+ workdir: runCwd,
923
+ host: "node",
924
+ nodeId,
925
+ security: hostSecurity,
926
+ ask: hostAsk,
927
+ ...buildExecApprovalRequesterContext({
928
+ agentId: runAgentId,
929
+ sessionKey: runSessionKey
930
+ }),
931
+ ...buildExecApprovalTurnSourceContext(params)
932
+ });
933
+ const { approvalId, approvalSlug, warningText, expiresAtMs, preResolvedDecision, initiatingSurface, sentApproverDms, unavailableReason } = await createAndRegisterDefaultExecApprovalRequest({
934
+ ...requestArgs,
935
+ register: registerNodeApproval
936
+ });
937
+ if (shouldResolveExecApprovalUnavailableInline({
938
+ trigger: params.trigger,
939
+ unavailableReason,
940
+ preResolvedDecision
941
+ })) {
942
+ const { baseDecision, approvedByAsk, deniedReason } = createExecApprovalDecisionState({
943
+ decision: preResolvedDecision,
944
+ askFallback
945
+ });
946
+ const strictInlineEvalDecision = enforceStrictInlineEvalApprovalBoundary({
947
+ baseDecision,
948
+ approvedByAsk,
949
+ deniedReason,
950
+ requiresInlineEvalApproval: inlineEvalHit !== null
951
+ });
952
+ if (strictInlineEvalDecision.deniedReason || !strictInlineEvalDecision.approvedByAsk) throw new Error(buildHeadlessExecApprovalDeniedMessage({
953
+ trigger: params.trigger,
954
+ host: "node",
955
+ security: hostSecurity,
956
+ ask: hostAsk,
957
+ askFallback
958
+ }));
959
+ inlineApprovedByAsk = strictInlineEvalDecision.approvedByAsk;
960
+ inlineApprovalDecision = strictInlineEvalDecision.approvedByAsk ? "allow-once" : null;
961
+ inlineApprovalId = approvalId;
962
+ } else {
963
+ const followupTarget = buildExecApprovalFollowupTarget({
964
+ approvalId,
965
+ sessionKey: params.notifySessionKey ?? params.sessionKey,
966
+ turnSourceChannel: params.turnSourceChannel,
967
+ turnSourceTo: params.turnSourceTo,
968
+ turnSourceAccountId: params.turnSourceAccountId,
969
+ turnSourceThreadId: params.turnSourceThreadId
970
+ });
971
+ (async () => {
972
+ const decision = await resolveApprovalDecisionOrUndefined({
973
+ approvalId,
974
+ preResolvedDecision,
975
+ onFailure: () => void sendExecApprovalFollowupResult(followupTarget, `Exec denied (node=${nodeId} id=${approvalId}, approval-request-failed): ${params.command}`)
976
+ });
977
+ if (decision === void 0) return;
978
+ const { baseDecision, approvedByAsk: initialApprovedByAsk, deniedReason: initialDeniedReason } = createExecApprovalDecisionState({
979
+ decision,
980
+ askFallback
981
+ });
982
+ let approvedByAsk = initialApprovedByAsk;
983
+ let approvalDecision = null;
984
+ let deniedReason = initialDeniedReason;
985
+ if (baseDecision.timedOut && askFallback === "full" && approvedByAsk) approvalDecision = "allow-once";
986
+ else if (decision === "allow-once") {
987
+ approvedByAsk = true;
988
+ approvalDecision = "allow-once";
989
+ } else if (decision === "allow-always") {
990
+ approvedByAsk = true;
991
+ approvalDecision = "allow-always";
992
+ }
993
+ ({approvedByAsk, deniedReason} = enforceStrictInlineEvalApprovalBoundary({
994
+ baseDecision,
995
+ approvedByAsk,
996
+ deniedReason,
997
+ requiresInlineEvalApproval: inlineEvalHit !== null
998
+ }));
999
+ if (deniedReason) approvalDecision = null;
1000
+ if (deniedReason) {
1001
+ await sendExecApprovalFollowupResult(followupTarget, `Exec denied (node=${nodeId} id=${approvalId}, ${deniedReason}): ${params.command}`);
1002
+ return;
1003
+ }
1004
+ try {
1005
+ const raw = await callGatewayTool("node.invoke", { timeoutMs: invokeTimeoutMs }, buildInvokeParams(approvedByAsk, approvalDecision, approvalId, true));
1006
+ const payload = raw?.payload && typeof raw.payload === "object" ? raw.payload : {};
1007
+ const output = normalizeNotifyOutput([
1008
+ payload.stdout,
1009
+ payload.stderr,
1010
+ payload.error
1011
+ ].filter(Boolean).join("\n").slice(-400));
1012
+ const exitLabel = payload.timedOut ? "timeout" : `code ${payload.exitCode ?? "?"}`;
1013
+ await sendExecApprovalFollowupResult(followupTarget, output ? `Exec finished (node=${nodeId} id=${approvalId}, ${exitLabel})\n${output}` : `Exec finished (node=${nodeId} id=${approvalId}, ${exitLabel})`);
1014
+ } catch {
1015
+ await sendExecApprovalFollowupResult(followupTarget, `Exec denied (node=${nodeId} id=${approvalId}, invoke-failed): ${params.command}`);
1016
+ }
1017
+ })();
1018
+ return buildExecApprovalPendingToolResult({
1019
+ host: "node",
1020
+ command: params.command,
1021
+ cwd: params.workdir,
1022
+ warningText,
1023
+ approvalId,
1024
+ approvalSlug,
1025
+ expiresAtMs,
1026
+ initiatingSurface,
1027
+ sentApproverDms,
1028
+ unavailableReason,
1029
+ allowedDecisions: resolveExecApprovalAllowedDecisions({ ask: hostAsk }),
1030
+ nodeId
1031
+ });
1032
+ }
1033
+ }
1034
+ const startedAt = Date.now();
1035
+ const raw = await callGatewayTool("node.invoke", { timeoutMs: invokeTimeoutMs }, buildInvokeParams(inlineApprovedByAsk, inlineApprovalDecision, inlineApprovalId));
1036
+ const payload = raw && typeof raw === "object" ? raw.payload : void 0;
1037
+ const payloadObj = payload && typeof payload === "object" ? payload : {};
1038
+ const stdout = typeof payloadObj.stdout === "string" ? payloadObj.stdout : "";
1039
+ const stderr = typeof payloadObj.stderr === "string" ? payloadObj.stderr : "";
1040
+ const errorText = typeof payloadObj.error === "string" ? payloadObj.error : "";
1041
+ const success = typeof payloadObj.success === "boolean" ? payloadObj.success : false;
1042
+ const exitCode = typeof payloadObj.exitCode === "number" ? payloadObj.exitCode : null;
1043
+ return {
1044
+ content: [{
1045
+ type: "text",
1046
+ text: stdout || stderr || errorText || ""
1047
+ }],
1048
+ details: {
1049
+ status: success ? "completed" : "failed",
1050
+ exitCode,
1051
+ durationMs: Date.now() - startedAt,
1052
+ aggregated: [
1053
+ stdout,
1054
+ stderr,
1055
+ errorText
1056
+ ].filter(Boolean).join("\n"),
1057
+ cwd: params.workdir
1058
+ }
1059
+ };
1060
+ }
1061
+ //#endregion
1062
+ //#region src/agents/bash-tools.exec.ts
1063
+ function buildExecForegroundResult(params) {
1064
+ const warningText = params.warningText?.trim() ? `${params.warningText}\n\n` : "";
1065
+ if (params.outcome.status === "failed") return failedTextResult(`${warningText}${params.outcome.reason}`, {
1066
+ status: "failed",
1067
+ exitCode: params.outcome.exitCode ?? null,
1068
+ durationMs: params.outcome.durationMs,
1069
+ aggregated: params.outcome.aggregated,
1070
+ timedOut: params.outcome.timedOut,
1071
+ cwd: params.cwd
1072
+ });
1073
+ return textResult(`${warningText}${params.outcome.aggregated || "(no output)"}`, {
1074
+ status: "completed",
1075
+ exitCode: params.outcome.exitCode,
1076
+ durationMs: params.outcome.durationMs,
1077
+ aggregated: params.outcome.aggregated,
1078
+ cwd: params.cwd
1079
+ });
1080
+ }
1081
+ const PREFLIGHT_ENV_OPTIONS_WITH_VALUES = new Set([
1082
+ "-C",
1083
+ "-S",
1084
+ "-u",
1085
+ "--argv0",
1086
+ "--block-signal",
1087
+ "--chdir",
1088
+ "--default-signal",
1089
+ "--ignore-signal",
1090
+ "--split-string",
1091
+ "--unset"
1092
+ ]);
1093
+ const SKIPPABLE_SCRIPT_PREFLIGHT_FS_ERROR_CODES = new Set([
1094
+ "EACCES",
1095
+ "EISDIR",
1096
+ "ELOOP",
1097
+ "EINVAL",
1098
+ "ENAMETOOLONG",
1099
+ "ENOENT",
1100
+ "ENOTDIR",
1101
+ "EPERM"
1102
+ ]);
1103
+ function getNodeErrorCode(error) {
1104
+ if (typeof error !== "object" || error === null || !("code" in error)) return;
1105
+ return String(error.code);
1106
+ }
1107
+ let fsSafeModulePromise;
1108
+ async function loadFsSafeModule() {
1109
+ fsSafeModulePromise ??= import("./fs-safe-BKyLKWBX.js");
1110
+ return await fsSafeModulePromise;
1111
+ }
1112
+ function shouldSkipScriptPreflightPathError(error, SafeOpenError) {
1113
+ if (error instanceof SafeOpenError) return true;
1114
+ const errorCode = getNodeErrorCode(error);
1115
+ return !!(errorCode && SKIPPABLE_SCRIPT_PREFLIGHT_FS_ERROR_CODES.has(errorCode));
1116
+ }
1117
+ function resolvePreflightRelativePath(params) {
1118
+ const root = path.resolve(params.rootDir);
1119
+ const candidate = path.resolve(params.absPath);
1120
+ const relative = path.relative(root, candidate);
1121
+ if (/^\.\.(?:[\\/]|$)/u.test(relative) || path.isAbsolute(relative)) return null;
1122
+ return /^~(?:$|[\\/])/u.test(relative) ? `.${path.sep}${relative}` : relative;
1123
+ }
1124
+ function isShellEnvAssignmentToken(token) {
1125
+ return /^[A-Za-z_][A-Za-z0-9_]*=.*$/u.test(token);
1126
+ }
1127
+ function isEnvExecutableToken(token) {
1128
+ if (!token) return false;
1129
+ const base = normalizeOptionalLowercaseString(token.split(/[\\/]/u).at(-1)) ?? "";
1130
+ return (base.endsWith(".exe") ? base.slice(0, -4) : base) === "env";
1131
+ }
1132
+ function stripPreflightEnvPrefix(argv) {
1133
+ if (argv.length === 0) return argv;
1134
+ let idx = 0;
1135
+ while (idx < argv.length && isShellEnvAssignmentToken(argv[idx])) idx += 1;
1136
+ if (!isEnvExecutableToken(argv[idx])) return argv;
1137
+ idx += 1;
1138
+ while (idx < argv.length) {
1139
+ const token = argv[idx];
1140
+ if (token === "--") {
1141
+ idx += 1;
1142
+ break;
1143
+ }
1144
+ if (isShellEnvAssignmentToken(token)) {
1145
+ idx += 1;
1146
+ continue;
1147
+ }
1148
+ if (!token.startsWith("-") || token === "-") break;
1149
+ idx += 1;
1150
+ const option = token.split("=", 1)[0];
1151
+ if (PREFLIGHT_ENV_OPTIONS_WITH_VALUES.has(option) && !token.includes("=") && idx < argv.length) idx += 1;
1152
+ }
1153
+ return argv.slice(idx);
1154
+ }
1155
+ function findFirstPythonScriptArg(tokens) {
1156
+ const optionsWithSeparateValue = new Set([
1157
+ "-W",
1158
+ "-X",
1159
+ "-Q",
1160
+ "--check-hash-based-pycs"
1161
+ ]);
1162
+ for (let i = 0; i < tokens.length; i += 1) {
1163
+ const token = tokens[i];
1164
+ if (token === "--") {
1165
+ const next = tokens[i + 1];
1166
+ return normalizeLowercaseStringOrEmpty(next).endsWith(".py") ? next : null;
1167
+ }
1168
+ if (token === "-") return null;
1169
+ if (token === "-c" || token === "-m") return null;
1170
+ if ((token.startsWith("-c") || token.startsWith("-m")) && token.length > 2) return null;
1171
+ if (optionsWithSeparateValue.has(token)) {
1172
+ i += 1;
1173
+ continue;
1174
+ }
1175
+ if (token.startsWith("-")) continue;
1176
+ return normalizeLowercaseStringOrEmpty(token).endsWith(".py") ? token : null;
1177
+ }
1178
+ return null;
1179
+ }
1180
+ function findNodeScriptArgs(tokens) {
1181
+ const optionsWithSeparateValue = new Set([
1182
+ "-r",
1183
+ "--require",
1184
+ "--import"
1185
+ ]);
1186
+ const preloadScripts = [];
1187
+ let entryScript = null;
1188
+ let hasInlineEvalOrPrint = false;
1189
+ for (let i = 0; i < tokens.length; i += 1) {
1190
+ const token = tokens[i];
1191
+ if (token === "--") {
1192
+ if (!hasInlineEvalOrPrint && !entryScript) {
1193
+ const next = tokens[i + 1];
1194
+ if (normalizeLowercaseStringOrEmpty(next).endsWith(".js")) entryScript = next;
1195
+ }
1196
+ break;
1197
+ }
1198
+ if (token === "-e" || token === "-p" || token === "--eval" || token === "--print" || token.startsWith("--eval=") || token.startsWith("--print=") || (token.startsWith("-e") || token.startsWith("-p")) && token.length > 2) {
1199
+ hasInlineEvalOrPrint = true;
1200
+ if (token === "-e" || token === "-p" || token === "--eval" || token === "--print") i += 1;
1201
+ continue;
1202
+ }
1203
+ if (optionsWithSeparateValue.has(token)) {
1204
+ const next = tokens[i + 1];
1205
+ if (normalizeLowercaseStringOrEmpty(next).endsWith(".js")) preloadScripts.push(next);
1206
+ i += 1;
1207
+ continue;
1208
+ }
1209
+ if (token.startsWith("-r") && token.length > 2 || token.startsWith("--require=") || token.startsWith("--import=")) {
1210
+ const inlineValue = token.startsWith("-r") ? token.slice(2) : token.slice(token.indexOf("=") + 1);
1211
+ if (normalizeLowercaseStringOrEmpty(inlineValue).endsWith(".js")) preloadScripts.push(inlineValue);
1212
+ continue;
1213
+ }
1214
+ if (token.startsWith("-")) continue;
1215
+ if (!hasInlineEvalOrPrint && !entryScript && normalizeLowercaseStringOrEmpty(token).endsWith(".js")) entryScript = token;
1216
+ break;
1217
+ }
1218
+ const targets = [...preloadScripts];
1219
+ if (entryScript) targets.push(entryScript);
1220
+ return targets;
1221
+ }
1222
+ function extractInterpreterScriptTargetFromArgv(argv) {
1223
+ if (!argv || argv.length === 0) return null;
1224
+ let commandIdx = 0;
1225
+ while (commandIdx < argv.length && /^[A-Za-z_][A-Za-z0-9_]*=.*$/u.test(argv[commandIdx])) commandIdx += 1;
1226
+ const executable = normalizeOptionalLowercaseString(argv[commandIdx]);
1227
+ if (!executable) return null;
1228
+ const args = argv.slice(commandIdx + 1);
1229
+ if (/^python(?:3(?:\.\d+)?)?$/i.test(executable)) {
1230
+ const script = findFirstPythonScriptArg(args);
1231
+ if (script) return {
1232
+ kind: "python",
1233
+ relOrAbsPaths: [script]
1234
+ };
1235
+ return null;
1236
+ }
1237
+ if (executable === "node") {
1238
+ const scripts = findNodeScriptArgs(args);
1239
+ if (scripts.length > 0) return {
1240
+ kind: "node",
1241
+ relOrAbsPaths: scripts
1242
+ };
1243
+ return null;
1244
+ }
1245
+ return null;
1246
+ }
1247
+ function extractInterpreterScriptPathsFromSegment(rawSegment) {
1248
+ const argv = splitShellArgs(rawSegment.trim());
1249
+ if (!argv || argv.length === 0) return [];
1250
+ return extractInterpreterScriptTargetFromArgv(stripPreflightEnvPrefix(/^(?:if|then|do|elif|else|while|until|time)$/i.test(argv[0] ?? "") ? argv.slice(1) : argv))?.relOrAbsPaths ?? [];
1251
+ }
1252
+ function extractScriptTargetFromCommand(command) {
1253
+ const raw = command.trim();
1254
+ const splitShellArgsPreservingBackslashes = (value) => {
1255
+ const tokens = [];
1256
+ let buf = "";
1257
+ let inSingle = false;
1258
+ let inDouble = false;
1259
+ const pushToken = () => {
1260
+ if (buf.length > 0) {
1261
+ tokens.push(buf);
1262
+ buf = "";
1263
+ }
1264
+ };
1265
+ for (let i = 0; i < value.length; i += 1) {
1266
+ const ch = value[i];
1267
+ if (inSingle) {
1268
+ if (ch === "'") inSingle = false;
1269
+ else buf += ch;
1270
+ continue;
1271
+ }
1272
+ if (inDouble) {
1273
+ if (ch === "\"") inDouble = false;
1274
+ else buf += ch;
1275
+ continue;
1276
+ }
1277
+ if (ch === "'") {
1278
+ inSingle = true;
1279
+ continue;
1280
+ }
1281
+ if (ch === "\"") {
1282
+ inDouble = true;
1283
+ continue;
1284
+ }
1285
+ if (/\s/.test(ch)) {
1286
+ pushToken();
1287
+ continue;
1288
+ }
1289
+ buf += ch;
1290
+ }
1291
+ if (inSingle || inDouble) return null;
1292
+ pushToken();
1293
+ return tokens;
1294
+ };
1295
+ const candidateArgv = process.platform === "win32" && /(?:^|[\s"'`])(?:[A-Za-z]:\\|\\\\|[^\s"'`|&;()<>]+\\[^\s"'`|&;()<>]+)/.test(raw) ? [splitShellArgsPreservingBackslashes(raw)] : [splitShellArgs(raw)];
1296
+ for (const argv of candidateArgv) {
1297
+ const attempts = [argv, argv ? stripPreflightEnvPrefix(argv) : null];
1298
+ for (const attempt of attempts) {
1299
+ const target = extractInterpreterScriptTargetFromArgv(attempt);
1300
+ if (target) return target;
1301
+ }
1302
+ }
1303
+ return null;
1304
+ }
1305
+ function extractUnquotedShellText(raw) {
1306
+ let out = "";
1307
+ let inSingle = false;
1308
+ let inDouble = false;
1309
+ let escaped = false;
1310
+ for (let i = 0; i < raw.length; i += 1) {
1311
+ const ch = raw[i];
1312
+ if (escaped) {
1313
+ if (!inSingle && !inDouble) out += `\\${ch}`;
1314
+ escaped = false;
1315
+ continue;
1316
+ }
1317
+ if (!inSingle && ch === "\\") {
1318
+ escaped = true;
1319
+ continue;
1320
+ }
1321
+ if (inSingle) {
1322
+ if (ch === "'") inSingle = false;
1323
+ continue;
1324
+ }
1325
+ if (inDouble) {
1326
+ const next = raw[i + 1];
1327
+ if (ch === "\\" && next && /[\\'"$`\n\r]/.test(next)) {
1328
+ i += 1;
1329
+ continue;
1330
+ }
1331
+ if (ch === "\"") inDouble = false;
1332
+ continue;
1333
+ }
1334
+ if (ch === "'") {
1335
+ inSingle = true;
1336
+ continue;
1337
+ }
1338
+ if (ch === "\"") {
1339
+ inDouble = true;
1340
+ continue;
1341
+ }
1342
+ out += ch;
1343
+ }
1344
+ if (escaped || inSingle || inDouble) return null;
1345
+ return out;
1346
+ }
1347
+ function splitShellSegmentsOutsideQuotes(rawText, params) {
1348
+ const segments = [];
1349
+ let buf = "";
1350
+ let inSingle = false;
1351
+ let inDouble = false;
1352
+ let escaped = false;
1353
+ const pushSegment = () => {
1354
+ if (buf.trim().length > 0) segments.push(buf);
1355
+ buf = "";
1356
+ };
1357
+ for (let i = 0; i < rawText.length; i += 1) {
1358
+ const ch = rawText[i];
1359
+ const next = rawText[i + 1];
1360
+ if (escaped) {
1361
+ buf += ch;
1362
+ escaped = false;
1363
+ continue;
1364
+ }
1365
+ if (!inSingle && ch === "\\") {
1366
+ buf += ch;
1367
+ escaped = true;
1368
+ continue;
1369
+ }
1370
+ if (inSingle) {
1371
+ buf += ch;
1372
+ if (ch === "'") inSingle = false;
1373
+ continue;
1374
+ }
1375
+ if (inDouble) {
1376
+ buf += ch;
1377
+ if (ch === "\"") inDouble = false;
1378
+ continue;
1379
+ }
1380
+ if (ch === "'") {
1381
+ inSingle = true;
1382
+ buf += ch;
1383
+ continue;
1384
+ }
1385
+ if (ch === "\"") {
1386
+ inDouble = true;
1387
+ buf += ch;
1388
+ continue;
1389
+ }
1390
+ if (ch === "\n" || ch === "\r") {
1391
+ pushSegment();
1392
+ continue;
1393
+ }
1394
+ if (ch === ";") {
1395
+ pushSegment();
1396
+ continue;
1397
+ }
1398
+ if (ch === "&" && next === "&") {
1399
+ pushSegment();
1400
+ i += 1;
1401
+ continue;
1402
+ }
1403
+ if (ch === "|" && next === "|") {
1404
+ pushSegment();
1405
+ i += 1;
1406
+ continue;
1407
+ }
1408
+ if (params.splitPipes && ch === "|") {
1409
+ pushSegment();
1410
+ continue;
1411
+ }
1412
+ buf += ch;
1413
+ }
1414
+ pushSegment();
1415
+ return segments;
1416
+ }
1417
+ function isInterpreterExecutable(executable) {
1418
+ if (!executable) return false;
1419
+ return /^python(?:3(?:\.\d+)?)?$/i.test(executable) || executable === "node";
1420
+ }
1421
+ function hasUnescapedSequence(raw, sequence) {
1422
+ if (sequence.length === 0) return false;
1423
+ let escaped = false;
1424
+ for (let i = 0; i < raw.length; i += 1) {
1425
+ const ch = raw[i];
1426
+ if (escaped) {
1427
+ escaped = false;
1428
+ continue;
1429
+ }
1430
+ if (ch === "\\") {
1431
+ escaped = true;
1432
+ continue;
1433
+ }
1434
+ if (raw.startsWith(sequence, i)) return true;
1435
+ }
1436
+ return false;
1437
+ }
1438
+ function hasUnquotedScriptHint(raw) {
1439
+ let inSingle = false;
1440
+ let inDouble = false;
1441
+ let escaped = false;
1442
+ let token = "";
1443
+ const flushToken = () => {
1444
+ const normalizedToken = normalizeLowercaseStringOrEmpty(token);
1445
+ if (normalizedToken.endsWith(".py") || normalizedToken.endsWith(".js")) return true;
1446
+ token = "";
1447
+ return false;
1448
+ };
1449
+ for (let i = 0; i < raw.length; i += 1) {
1450
+ const ch = raw[i];
1451
+ if (escaped) {
1452
+ if (!inSingle && !inDouble) token += ch;
1453
+ escaped = false;
1454
+ continue;
1455
+ }
1456
+ if (!inSingle && ch === "\\") {
1457
+ escaped = true;
1458
+ continue;
1459
+ }
1460
+ if (inSingle) {
1461
+ if (ch === "'") inSingle = false;
1462
+ continue;
1463
+ }
1464
+ if (inDouble) {
1465
+ if (ch === "\"") inDouble = false;
1466
+ continue;
1467
+ }
1468
+ if (ch === "'") {
1469
+ if (flushToken()) return true;
1470
+ inSingle = true;
1471
+ continue;
1472
+ }
1473
+ if (ch === "\"") {
1474
+ if (flushToken()) return true;
1475
+ inDouble = true;
1476
+ continue;
1477
+ }
1478
+ if (/\s/u.test(ch) || "|&;()<>".includes(ch)) {
1479
+ if (flushToken()) return true;
1480
+ continue;
1481
+ }
1482
+ token += ch;
1483
+ }
1484
+ return flushToken();
1485
+ }
1486
+ function resolveLeadingShellSegmentExecutable(rawSegment) {
1487
+ const argv = splitShellArgs((extractUnquotedShellText(rawSegment) ?? rawSegment).trim());
1488
+ if (!argv || argv.length === 0) return;
1489
+ const withoutLeadingKeyword = /^(?:if|then|do|elif|else|while|until|time)$/i.test(argv[0] ?? "") ? argv.slice(1) : argv;
1490
+ if (withoutLeadingKeyword.length === 0) return;
1491
+ const normalizedArgv = stripPreflightEnvPrefix(withoutLeadingKeyword);
1492
+ let commandIdx = 0;
1493
+ while (commandIdx < normalizedArgv.length && /^[A-Za-z_][A-Za-z0-9_]*=.*$/u.test(normalizedArgv[commandIdx] ?? "")) commandIdx += 1;
1494
+ return normalizeOptionalLowercaseString(normalizedArgv[commandIdx]);
1495
+ }
1496
+ function analyzeInterpreterHeuristicsFromUnquoted(raw) {
1497
+ const hasPython = splitShellSegmentsOutsideQuotes(raw, { splitPipes: true }).some((segment) => /^python(?:3(?:\.\d+)?)?$/i.test(resolveLeadingShellSegmentExecutable(segment) ?? ""));
1498
+ const hasNode = splitShellSegmentsOutsideQuotes(raw, { splitPipes: true }).some((segment) => resolveLeadingShellSegmentExecutable(segment) === "node");
1499
+ const hasProcessSubstitution = hasUnescapedSequence(raw, "<(") || hasUnescapedSequence(raw, ">(");
1500
+ return {
1501
+ hasPython,
1502
+ hasNode,
1503
+ hasComplexSyntax: hasUnescapedSequence(raw, "|") || hasUnescapedSequence(raw, "&&") || hasUnescapedSequence(raw, "||") || hasUnescapedSequence(raw, ";") || raw.includes("\n") || raw.includes("\r") || hasUnescapedSequence(raw, "$(") || hasUnescapedSequence(raw, "`") || hasProcessSubstitution,
1504
+ hasProcessSubstitution,
1505
+ hasScriptHint: hasUnquotedScriptHint(raw)
1506
+ };
1507
+ }
1508
+ function extractShellWrappedCommandPayload(executable, args) {
1509
+ if (!executable) return null;
1510
+ const executableBase = normalizeOptionalLowercaseString(executable.split(/[\\/]/u).at(-1)) ?? "";
1511
+ const normalizedExecutable = executableBase.endsWith(".exe") ? executableBase.slice(0, -4) : executableBase;
1512
+ if (!/^(?:bash|dash|fish|ksh|sh|zsh)$/i.test(normalizedExecutable)) return null;
1513
+ const shortOptionsWithSeparateValue = new Set(["-O", "-o"]);
1514
+ for (let i = 0; i < args.length; i += 1) {
1515
+ const arg = args[i];
1516
+ if (arg === "--") return null;
1517
+ if (arg === "-c") return args[i + 1] ?? null;
1518
+ if (/^-[A-Za-z]+$/u.test(arg)) {
1519
+ if (arg.includes("c")) return args[i + 1] ?? null;
1520
+ if (shortOptionsWithSeparateValue.has(arg)) i += 1;
1521
+ continue;
1522
+ }
1523
+ if (/^--[A-Za-z0-9][A-Za-z0-9-]*(?:=.*)?$/u.test(arg)) {
1524
+ if (!arg.includes("=")) {
1525
+ const next = args[i + 1];
1526
+ if (next && next !== "--" && !next.startsWith("-")) i += 1;
1527
+ }
1528
+ continue;
1529
+ }
1530
+ return null;
1531
+ }
1532
+ return null;
1533
+ }
1534
+ function shouldFailClosedInterpreterPreflight(command) {
1535
+ const raw = command.trim();
1536
+ const rawArgv = splitShellArgs(raw);
1537
+ const argv = rawArgv ? stripPreflightEnvPrefix(rawArgv) : null;
1538
+ let commandIdx = 0;
1539
+ if (argv) while (commandIdx < argv.length && /^[A-Za-z_][A-Za-z0-9_]*=.*$/u.test(argv[commandIdx] ?? "")) commandIdx += 1;
1540
+ const directExecutable = normalizeOptionalLowercaseString(argv?.[commandIdx]);
1541
+ const args = argv ? argv.slice(commandIdx + 1) : [];
1542
+ const isDirectInterpreterCommand = Boolean(directExecutable && /^python(?:3(?:\.\d+)?)?$/i.test(directExecutable)) || directExecutable === "node";
1543
+ const topLevel = analyzeInterpreterHeuristicsFromUnquoted(extractUnquotedShellText(raw) ?? raw);
1544
+ const shellWrappedPayload = extractShellWrappedCommandPayload(directExecutable, args);
1545
+ const nestedUnquoted = shellWrappedPayload ? extractUnquotedShellText(shellWrappedPayload) ?? shellWrappedPayload : "";
1546
+ const nested = shellWrappedPayload ? analyzeInterpreterHeuristicsFromUnquoted(nestedUnquoted) : {
1547
+ hasPython: false,
1548
+ hasNode: false,
1549
+ hasComplexSyntax: false,
1550
+ hasProcessSubstitution: false,
1551
+ hasScriptHint: false
1552
+ };
1553
+ const hasInterpreterInvocationInSegment = (rawSegment) => isInterpreterExecutable(resolveLeadingShellSegmentExecutable(rawSegment));
1554
+ const isScriptExecutingInterpreterCommand = (rawCommand) => {
1555
+ const argv = splitShellArgs(rawCommand.trim());
1556
+ if (!argv || argv.length === 0) return false;
1557
+ const withoutLeadingKeyword = /^(?:if|then|do|elif|else|while|until|time)$/i.test(argv[0] ?? "") ? argv.slice(1) : argv;
1558
+ if (withoutLeadingKeyword.length === 0) return false;
1559
+ const normalizedArgv = stripPreflightEnvPrefix(withoutLeadingKeyword);
1560
+ let commandIdx = 0;
1561
+ while (commandIdx < normalizedArgv.length && /^[A-Za-z_][A-Za-z0-9_]*=.*$/u.test(normalizedArgv[commandIdx] ?? "")) commandIdx += 1;
1562
+ const executable = normalizeOptionalLowercaseString(normalizedArgv[commandIdx]);
1563
+ if (!executable) return false;
1564
+ const args = normalizedArgv.slice(commandIdx + 1);
1565
+ if (/^python(?:3(?:\.\d+)?)?$/i.test(executable)) {
1566
+ const pythonInfoOnlyFlags = new Set([
1567
+ "-V",
1568
+ "--version",
1569
+ "-h",
1570
+ "--help"
1571
+ ]);
1572
+ if (args.some((arg) => pythonInfoOnlyFlags.has(arg))) return false;
1573
+ if (args.some((arg) => arg === "-c" || arg === "-m" || arg.startsWith("-c") || arg.startsWith("-m") || arg === "--check-hash-based-pycs")) return false;
1574
+ return true;
1575
+ }
1576
+ if (executable === "node") {
1577
+ const nodeInfoOnlyFlags = new Set([
1578
+ "-v",
1579
+ "--version",
1580
+ "-h",
1581
+ "--help",
1582
+ "-c",
1583
+ "--check"
1584
+ ]);
1585
+ if (args.some((arg) => nodeInfoOnlyFlags.has(arg))) return false;
1586
+ if (args.some((arg) => arg === "-e" || arg === "-p" || arg === "--eval" || arg === "--print" || arg.startsWith("--eval=") || arg.startsWith("--print=") || (arg.startsWith("-e") || arg.startsWith("-p")) && arg.length > 2)) return false;
1587
+ return true;
1588
+ }
1589
+ return false;
1590
+ };
1591
+ const hasScriptHintInSegment = (segment) => extractInterpreterScriptPathsFromSegment(segment).length > 0 || hasUnquotedScriptHint(segment);
1592
+ const hasInterpreterAndScriptHintInSameSegment = (rawText) => {
1593
+ return splitShellSegmentsOutsideQuotes(rawText, { splitPipes: true }).some((segment) => {
1594
+ if (!isScriptExecutingInterpreterCommand(segment)) return false;
1595
+ return hasScriptHintInSegment(segment);
1596
+ });
1597
+ };
1598
+ const hasInterpreterPipelineScriptHintInSameSegment = (rawText) => {
1599
+ return splitShellSegmentsOutsideQuotes(rawText, { splitPipes: false }).some((segment) => {
1600
+ if (!splitShellSegmentsOutsideQuotes(segment, { splitPipes: true }).slice(1).some((pipelineCommand) => isScriptExecutingInterpreterCommand(pipelineCommand))) return false;
1601
+ return hasScriptHintInSegment(segment);
1602
+ });
1603
+ };
1604
+ const hasInterpreterSegmentScriptHint = hasInterpreterAndScriptHintInSameSegment(raw) || shellWrappedPayload !== null && hasInterpreterAndScriptHintInSameSegment(shellWrappedPayload);
1605
+ const hasInterpreterPipelineScriptHint = hasInterpreterPipelineScriptHintInSameSegment(raw) || shellWrappedPayload !== null && hasInterpreterPipelineScriptHintInSameSegment(shellWrappedPayload);
1606
+ const hasShellWrappedInterpreterSegmentScriptHint = shellWrappedPayload !== null && hasInterpreterAndScriptHintInSameSegment(shellWrappedPayload);
1607
+ const hasShellWrappedInterpreterInvocation = (nested.hasPython || nested.hasNode) && (hasShellWrappedInterpreterSegmentScriptHint || nested.hasScriptHint || nested.hasComplexSyntax || nested.hasProcessSubstitution);
1608
+ const hasTopLevelInterpreterInvocation = splitShellSegmentsOutsideQuotes(raw, { splitPipes: true }).some((segment) => hasInterpreterInvocationInSegment(segment));
1609
+ return {
1610
+ hasInterpreterInvocation: isDirectInterpreterCommand || hasShellWrappedInterpreterInvocation || hasTopLevelInterpreterInvocation,
1611
+ hasComplexSyntax: topLevel.hasComplexSyntax || hasShellWrappedInterpreterInvocation,
1612
+ hasProcessSubstitution: topLevel.hasProcessSubstitution || nested.hasProcessSubstitution,
1613
+ hasInterpreterSegmentScriptHint,
1614
+ hasInterpreterPipelineScriptHint,
1615
+ isDirectInterpreterCommand
1616
+ };
1617
+ }
1618
+ async function validateScriptFileForShellBleed(params) {
1619
+ const target = extractScriptTargetFromCommand(params.command);
1620
+ if (!target) {
1621
+ const { hasInterpreterInvocation, hasComplexSyntax, hasProcessSubstitution, hasInterpreterSegmentScriptHint, hasInterpreterPipelineScriptHint, isDirectInterpreterCommand } = shouldFailClosedInterpreterPreflight(params.command);
1622
+ if (hasInterpreterInvocation && hasComplexSyntax && (hasInterpreterSegmentScriptHint || hasInterpreterPipelineScriptHint || hasProcessSubstitution && isDirectInterpreterCommand)) throw new Error("exec preflight: complex interpreter invocation detected; refusing to run without script preflight validation. Use a direct `python <file>.py` or `node <file>.js` command.");
1623
+ return;
1624
+ }
1625
+ const { SafeOpenError, readFileWithinRoot } = await loadFsSafeModule();
1626
+ for (const relOrAbsPath of target.relOrAbsPaths) {
1627
+ const absPath = path.isAbsolute(relOrAbsPath) ? path.resolve(relOrAbsPath) : path.resolve(params.workdir, relOrAbsPath);
1628
+ const relativePath = resolvePreflightRelativePath({
1629
+ rootDir: params.workdir,
1630
+ absPath
1631
+ });
1632
+ if (!relativePath) continue;
1633
+ let content;
1634
+ try {
1635
+ content = (await readFileWithinRoot({
1636
+ rootDir: params.workdir,
1637
+ relativePath,
1638
+ nonBlockingRead: true,
1639
+ allowSymlinkTargetWithinRoot: true,
1640
+ maxBytes: 512 * 1024
1641
+ })).buffer.toString("utf-8");
1642
+ } catch (error) {
1643
+ if (shouldSkipScriptPreflightPathError(error, SafeOpenError)) continue;
1644
+ throw error;
1645
+ }
1646
+ const first = /\$[A-Z_][A-Z0-9_]{1,}/g.exec(content);
1647
+ if (first) {
1648
+ const idx = first.index;
1649
+ const line = content.slice(0, idx).split("\n").length;
1650
+ const token = first[0];
1651
+ throw new Error([
1652
+ `exec preflight: detected likely shell variable injection (${token}) in ${target.kind} script: ${path.basename(absPath)}:${line}.`,
1653
+ target.kind === "python" ? `In Python, use os.environ.get(${JSON.stringify(token.slice(1))}) instead of raw ${token}.` : `In Node.js, use process.env[${JSON.stringify(token.slice(1))}] instead of raw ${token}.`,
1654
+ "(If this is inside a string literal on purpose, escape it or restructure the code.)"
1655
+ ].join("\n"));
1656
+ }
1657
+ if (target.kind === "node") {
1658
+ const firstNonEmpty = content.split(/\r?\n/).map((l) => l.trim()).find((l) => l.length > 0);
1659
+ if (firstNonEmpty && /^NODE\b/.test(firstNonEmpty)) throw new Error(`exec preflight: JS file starts with shell syntax (${firstNonEmpty}). This looks like a shell command, not JavaScript.`);
1660
+ }
1661
+ }
1662
+ }
1663
+ function shouldSkipExecScriptPreflight(params) {
1664
+ return params.host === "gateway" && params.security === "full" && params.ask === "off";
1665
+ }
1666
+ function parseExecApprovalShellCommand(raw) {
1667
+ const match = raw.trimStart().match(/^\/approve(?:@[^\s]+)?\s+([A-Za-z0-9][A-Za-z0-9._:-]*)\s+(allow-once|allow-always|always|deny)\b/i);
1668
+ if (!match) return null;
1669
+ return {
1670
+ approvalId: match[1],
1671
+ decision: normalizeLowercaseStringOrEmpty(match[2]) === "always" ? "allow-always" : normalizeLowercaseStringOrEmpty(match[2])
1672
+ };
1673
+ }
1674
+ function rejectExecApprovalShellCommand(command) {
1675
+ const isEnvAssignmentToken = (token) => /^[A-Za-z_][A-Za-z0-9_]*=.*$/u.test(token);
1676
+ const shellWrappers = new Set([
1677
+ "bash",
1678
+ "dash",
1679
+ "fish",
1680
+ "ksh",
1681
+ "sh",
1682
+ "zsh"
1683
+ ]);
1684
+ const commandStandaloneOptions = new Set([
1685
+ "-p",
1686
+ "-v",
1687
+ "-V"
1688
+ ]);
1689
+ const envOptionsWithValues = new Set([
1690
+ "-C",
1691
+ "-S",
1692
+ "-u",
1693
+ "--argv0",
1694
+ "--block-signal",
1695
+ "--chdir",
1696
+ "--default-signal",
1697
+ "--ignore-signal",
1698
+ "--split-string",
1699
+ "--unset"
1700
+ ]);
1701
+ const execOptionsWithValues = new Set(["-a"]);
1702
+ const execStandaloneOptions = new Set(["-c", "-l"]);
1703
+ const sudoOptionsWithValues = new Set([
1704
+ "-C",
1705
+ "-D",
1706
+ "-g",
1707
+ "-p",
1708
+ "-R",
1709
+ "-T",
1710
+ "-U",
1711
+ "-u",
1712
+ "--chdir",
1713
+ "--close-from",
1714
+ "--group",
1715
+ "--host",
1716
+ "--other-user",
1717
+ "--prompt",
1718
+ "--role",
1719
+ "--type",
1720
+ "--user"
1721
+ ]);
1722
+ const sudoStandaloneOptions = new Set([
1723
+ "-A",
1724
+ "-E",
1725
+ "--askpass",
1726
+ "--preserve-env"
1727
+ ]);
1728
+ const extractEnvSplitStringPayload = (argv) => {
1729
+ const remaining = [...argv];
1730
+ while (remaining[0] && isEnvAssignmentToken(remaining[0])) remaining.shift();
1731
+ if (remaining[0] !== "env") return [];
1732
+ remaining.shift();
1733
+ const payloads = [];
1734
+ while (remaining.length > 0) {
1735
+ while (remaining[0] && isEnvAssignmentToken(remaining[0])) remaining.shift();
1736
+ const token = remaining[0];
1737
+ if (!token) break;
1738
+ if (token === "--") {
1739
+ remaining.shift();
1740
+ continue;
1741
+ }
1742
+ if (!token.startsWith("-") || token === "-") break;
1743
+ const option = remaining.shift();
1744
+ const normalized = option.split("=", 1)[0];
1745
+ if (normalized === "-S" || normalized === "--split-string") {
1746
+ const value = option.includes("=") ? option.slice(option.indexOf("=") + 1) : remaining.shift();
1747
+ if (value?.trim()) payloads.push(value);
1748
+ continue;
1749
+ }
1750
+ if (envOptionsWithValues.has(normalized) && !option.includes("=") && remaining[0]) remaining.shift();
1751
+ }
1752
+ return payloads;
1753
+ };
1754
+ const stripApprovalCommandPrefixes = (argv) => {
1755
+ const remaining = [...argv];
1756
+ while (remaining.length > 0) {
1757
+ while (remaining[0] && isEnvAssignmentToken(remaining[0])) remaining.shift();
1758
+ const token = remaining[0];
1759
+ if (!token) break;
1760
+ if (token === "--") {
1761
+ remaining.shift();
1762
+ continue;
1763
+ }
1764
+ if (token === "env") {
1765
+ remaining.shift();
1766
+ while (remaining.length > 0) {
1767
+ while (remaining[0] && isEnvAssignmentToken(remaining[0])) remaining.shift();
1768
+ const envToken = remaining[0];
1769
+ if (!envToken) break;
1770
+ if (envToken === "--") {
1771
+ remaining.shift();
1772
+ continue;
1773
+ }
1774
+ if (!envToken.startsWith("-") || envToken === "-") break;
1775
+ const option = remaining.shift();
1776
+ const normalized = option.split("=", 1)[0];
1777
+ if (envOptionsWithValues.has(normalized) && !option.includes("=") && remaining[0]) remaining.shift();
1778
+ }
1779
+ continue;
1780
+ }
1781
+ if (token === "command" || token === "builtin") {
1782
+ remaining.shift();
1783
+ while (remaining[0]?.startsWith("-")) {
1784
+ const option = remaining.shift();
1785
+ if (option === "--") break;
1786
+ if (!commandStandaloneOptions.has(option.split("=", 1)[0])) continue;
1787
+ }
1788
+ continue;
1789
+ }
1790
+ if (token === "exec") {
1791
+ remaining.shift();
1792
+ while (remaining[0]?.startsWith("-")) {
1793
+ const option = remaining.shift();
1794
+ if (option === "--") break;
1795
+ const normalized = option.split("=", 1)[0];
1796
+ if (execStandaloneOptions.has(normalized)) continue;
1797
+ if (execOptionsWithValues.has(normalized) && !option.includes("=") && remaining[0]) remaining.shift();
1798
+ }
1799
+ continue;
1800
+ }
1801
+ if (token === "sudo") {
1802
+ remaining.shift();
1803
+ while (remaining[0]?.startsWith("-")) {
1804
+ const option = remaining.shift();
1805
+ if (option === "--") break;
1806
+ const normalized = option.split("=", 1)[0];
1807
+ if (sudoStandaloneOptions.has(normalized)) continue;
1808
+ if (sudoOptionsWithValues.has(normalized) && !option.includes("=") && remaining[0]) remaining.shift();
1809
+ }
1810
+ continue;
1811
+ }
1812
+ break;
1813
+ }
1814
+ return remaining;
1815
+ };
1816
+ const extractShellWrapperPayload = (argv) => {
1817
+ const [commandName, ...rest] = argv;
1818
+ if (!commandName || !shellWrappers.has(path.basename(commandName))) return [];
1819
+ for (let i = 0; i < rest.length; i += 1) {
1820
+ const token = rest[i];
1821
+ if (!token) continue;
1822
+ if (token === "-c" || token === "-lc" || token === "-ic" || token === "-xc") return rest[i + 1] ? [rest[i + 1]] : [];
1823
+ if (/^-[^-]*c[^-]*$/u.test(token)) return rest[i + 1] ? [rest[i + 1]] : [];
1824
+ }
1825
+ return [];
1826
+ };
1827
+ const buildCandidates = (argv) => {
1828
+ const envSplitCandidates = extractEnvSplitStringPayload(argv).flatMap((payload) => {
1829
+ const innerArgv = splitShellArgs(payload);
1830
+ return innerArgv ? buildCandidates(innerArgv) : [payload];
1831
+ });
1832
+ const stripped = stripApprovalCommandPrefixes(argv);
1833
+ const shellWrapperCandidates = extractShellWrapperPayload(stripped).flatMap((payload) => {
1834
+ const innerArgv = splitShellArgs(payload);
1835
+ return innerArgv ? buildCandidates(innerArgv) : [payload];
1836
+ });
1837
+ return [
1838
+ ...stripped.length > 0 ? [stripped.join(" ")] : [],
1839
+ ...envSplitCandidates,
1840
+ ...shellWrapperCandidates
1841
+ ];
1842
+ };
1843
+ const rawCommand = command.trim();
1844
+ const analysis = analyzeShellCommand({ command: rawCommand });
1845
+ const candidates = analysis.ok ? analysis.segments.flatMap((segment) => buildCandidates(segment.argv)) : rawCommand.split(/\r?\n/).map((line) => line.trim()).filter(Boolean).flatMap((line) => {
1846
+ const argv = splitShellArgs(line);
1847
+ return argv ? buildCandidates(argv) : [line];
1848
+ });
1849
+ for (const candidate of candidates) {
1850
+ if (!parseExecApprovalShellCommand(candidate)) continue;
1851
+ throw new Error(["exec cannot run /approve commands.", "Show the /approve command to the user as chat text, or route it through the approval command handler instead of shell execution."].join(" "));
1852
+ }
1853
+ }
1854
+ function createExecTool(defaults) {
1855
+ const defaultBackgroundMs = clampWithDefault(defaults?.backgroundMs ?? readEnvInt("PI_BASH_YIELD_MS"), 1e4, 10, 12e4);
1856
+ const allowBackground = defaults?.allowBackground ?? true;
1857
+ const defaultTimeoutSec = typeof defaults?.timeoutSec === "number" && defaults.timeoutSec > 0 ? defaults.timeoutSec : 1800;
1858
+ const defaultPathPrepend = normalizePathPrepend(defaults?.pathPrepend);
1859
+ const { safeBins, safeBinProfiles, trustedSafeBinDirs, unprofiledSafeBins, unprofiledInterpreterSafeBins } = resolveExecSafeBinRuntimePolicy({
1860
+ local: {
1861
+ safeBins: defaults?.safeBins,
1862
+ safeBinTrustedDirs: defaults?.safeBinTrustedDirs,
1863
+ safeBinProfiles: defaults?.safeBinProfiles
1864
+ },
1865
+ onWarning: (message) => {
1866
+ logInfo(message);
1867
+ }
1868
+ });
1869
+ if (unprofiledSafeBins.length > 0) logInfo(`exec: ignoring unprofiled safeBins entries (${unprofiledSafeBins.toSorted().join(", ")}); use allowlist or define tools.exec.safeBinProfiles.<bin>`);
1870
+ if (unprofiledInterpreterSafeBins.length > 0) logInfo(`exec: interpreter/runtime binaries in safeBins (${unprofiledInterpreterSafeBins.join(", ")}) are unsafe without explicit hardened profiles; prefer allowlist entries`);
1871
+ const notifyOnExit = defaults?.notifyOnExit !== false;
1872
+ const notifyOnExitEmptySuccess = defaults?.notifyOnExitEmptySuccess === true;
1873
+ const notifySessionKey = normalizeOptionalString(defaults?.sessionKey);
1874
+ const notifyDeliveryContext = normalizeDeliveryContext({
1875
+ channel: defaults?.messageProvider,
1876
+ to: defaults?.currentChannelId,
1877
+ accountId: defaults?.accountId,
1878
+ threadId: defaults?.currentThreadTs
1879
+ });
1880
+ const approvalRunningNoticeMs = resolveApprovalRunningNoticeMs(defaults?.approvalRunningNoticeMs);
1881
+ const parsedAgentSession = parseAgentSessionKey(defaults?.sessionKey);
1882
+ const agentId = defaults?.agentId ?? (parsedAgentSession ? resolveAgentIdFromSessionKey(defaults?.sessionKey) : void 0);
1883
+ return {
1884
+ name: "exec",
1885
+ label: "exec",
1886
+ displaySummary: EXEC_TOOL_DISPLAY_SUMMARY,
1887
+ get description() {
1888
+ return describeExecTool({
1889
+ agentId,
1890
+ hasCronTool: defaults?.hasCronTool === true
1891
+ });
1892
+ },
1893
+ parameters: execSchema,
1894
+ execute: async (_toolCallId, args, signal, onUpdate) => {
1895
+ const params = args;
1896
+ if (!params.command) throw new Error("Provide a command to start.");
1897
+ const maxOutput = DEFAULT_MAX_OUTPUT;
1898
+ const pendingMaxOutput = DEFAULT_PENDING_MAX_OUTPUT;
1899
+ const warnings = [];
1900
+ let execCommandOverride;
1901
+ const backgroundRequested = params.background === true;
1902
+ const yieldRequested = typeof params.yieldMs === "number";
1903
+ if (!allowBackground && (backgroundRequested || yieldRequested)) warnings.push("Warning: background execution is disabled; running synchronously.");
1904
+ const yieldWindow = allowBackground ? backgroundRequested ? 0 : clampWithDefault(params.yieldMs ?? defaultBackgroundMs, defaultBackgroundMs, 10, 12e4) : null;
1905
+ const elevatedDefaults = defaults?.elevated;
1906
+ const elevatedAllowed = Boolean(elevatedDefaults?.enabled && elevatedDefaults.allowed);
1907
+ const elevatedDefaultMode = elevatedDefaults?.defaultLevel === "full" ? "full" : elevatedDefaults?.defaultLevel === "ask" ? "ask" : elevatedDefaults?.defaultLevel === "on" ? "ask" : "off";
1908
+ const effectiveDefaultMode = elevatedAllowed ? elevatedDefaultMode : "off";
1909
+ const elevatedMode = typeof params.elevated === "boolean" ? params.elevated ? elevatedDefaultMode === "full" ? "full" : "ask" : "off" : effectiveDefaultMode;
1910
+ const elevatedRequested = elevatedMode !== "off";
1911
+ if (elevatedRequested) {
1912
+ if (!elevatedDefaults?.enabled || !elevatedDefaults.allowed) {
1913
+ const runtime = defaults?.sandbox ? "sandboxed" : "direct";
1914
+ const gates = [];
1915
+ const contextParts = [];
1916
+ const provider = normalizeOptionalString(defaults?.messageProvider);
1917
+ const sessionKey = normalizeOptionalString(defaults?.sessionKey);
1918
+ if (provider) contextParts.push(`provider=${provider}`);
1919
+ if (sessionKey) contextParts.push(`session=${sessionKey}`);
1920
+ if (!elevatedDefaults?.enabled) gates.push("enabled (tools.elevated.enabled / agents.list[].tools.elevated.enabled)");
1921
+ else gates.push("allowFrom (tools.elevated.allowFrom.<provider> / agents.list[].tools.elevated.allowFrom.<provider>)");
1922
+ throw new Error([
1923
+ `elevated is not available right now (runtime=${runtime}).`,
1924
+ `Failing gates: ${gates.join(", ")}`,
1925
+ contextParts.length > 0 ? `Context: ${contextParts.join(" ")}` : void 0,
1926
+ "Fix-it keys:",
1927
+ "- tools.elevated.enabled",
1928
+ "- tools.elevated.allowFrom.<provider>",
1929
+ "- agents.list[].tools.elevated.enabled",
1930
+ "- agents.list[].tools.elevated.allowFrom.<provider>"
1931
+ ].filter(Boolean).join("\n"));
1932
+ }
1933
+ }
1934
+ if (elevatedRequested) logInfo(`exec: elevated command ${truncateMiddle(params.command, 120)}`);
1935
+ const target = resolveExecTarget({
1936
+ configuredTarget: defaults?.host,
1937
+ requestedTarget: normalizeExecTarget(params.host),
1938
+ elevatedRequested,
1939
+ sandboxAvailable: Boolean(defaults?.sandbox)
1940
+ });
1941
+ const host = target.effectiveHost;
1942
+ const approvalDefaults = loadExecApprovals().defaults;
1943
+ const configuredSecurity = defaults?.security ?? approvalDefaults?.security ?? (host === "sandbox" ? "deny" : "full");
1944
+ let security = minSecurity(configuredSecurity, normalizeExecSecurity(params.security) ?? configuredSecurity);
1945
+ if (elevatedRequested && elevatedMode === "full") security = "full";
1946
+ const configuredAsk = defaults?.ask ?? approvalDefaults?.ask ?? "off";
1947
+ let ask = maxAsk(configuredAsk, normalizeExecAsk(params.ask) ?? configuredAsk);
1948
+ const bypassApprovals = elevatedRequested && elevatedMode === "full";
1949
+ if (bypassApprovals) ask = "off";
1950
+ if (defaults?.safeguard?.enabled !== false) {
1951
+ const safeguardAnalysis = analyzeShellCommand({ command: params.command });
1952
+ let verdict = evaluateExecSafeguard(safeguardAnalysis, { rawCommand: params.command });
1953
+ const evaluateModel = defaults?.safeguard?.evaluateCommandImpact;
1954
+ if (evaluateModel && verdict.risk !== "high" && isAmbiguousForModel(safeguardAnalysis)) {
1955
+ const timeoutMs = Math.max(1, Math.floor(defaults?.safeguard?.timeoutSeconds ?? 20)) * 1e3;
1956
+ const controller = new AbortController();
1957
+ const onOuterAbort = () => controller.abort();
1958
+ signal?.addEventListener("abort", onOuterAbort, { once: true });
1959
+ const timer = setTimeout(() => controller.abort(), timeoutMs);
1960
+ try {
1961
+ const modelVerdict = parseModelRiskVerdict(await evaluateModel(params.command, controller.signal));
1962
+ if (modelVerdict) verdict = mergeSafeguardVerdicts(verdict, modelVerdict);
1963
+ } catch {} finally {
1964
+ clearTimeout(timer);
1965
+ signal?.removeEventListener("abort", onOuterAbort);
1966
+ }
1967
+ }
1968
+ if (verdict.risk === "high") throw new Error([
1969
+ "Safeguard blocked this command: predicted high system impact.",
1970
+ `Reasons: ${verdict.reasons.join("; ")}`,
1971
+ "This command was not run. If it is genuinely required, run it yourself or adjust tools.exec.safeguard."
1972
+ ].join("\n"));
1973
+ if (verdict.risk === "medium" && !bypassApprovals) {
1974
+ ask = "always";
1975
+ warnings.push(`Safeguard: medium-risk command requires approval (${verdict.reasons.join("; ")}).`);
1976
+ }
1977
+ }
1978
+ const sandbox = host === "sandbox" ? defaults?.sandbox : void 0;
1979
+ if (target.selectedTarget === "sandbox" && !sandbox) throw new Error(["exec host=sandbox requires a sandbox runtime for this session.", "Enable sandbox mode (`agents.defaults.sandbox.mode=\"non-main\"` or `\"all\"`) or use host=auto/gateway/node."].join("\n"));
1980
+ const explicitWorkdir = normalizeOptionalString(params.workdir);
1981
+ const defaultWorkdir = normalizeOptionalString(defaults?.cwd);
1982
+ let workdir;
1983
+ let containerWorkdir = sandbox?.containerWorkdir;
1984
+ if (sandbox) {
1985
+ const resolved = await resolveSandboxWorkdir({
1986
+ workdir: explicitWorkdir ?? defaultWorkdir ?? process.cwd(),
1987
+ sandbox,
1988
+ warnings
1989
+ });
1990
+ workdir = resolved.hostWorkdir;
1991
+ containerWorkdir = resolved.containerWorkdir;
1992
+ } else if (host === "node") workdir = explicitWorkdir;
1993
+ else workdir = resolveWorkdir(explicitWorkdir ?? defaultWorkdir ?? process.cwd(), warnings);
1994
+ rejectExecApprovalShellCommand(params.command);
1995
+ const inheritedBaseEnv = coerceEnv(process.env);
1996
+ const hostEnvResult = host === "sandbox" ? null : sanitizeHostExecEnvWithDiagnostics({
1997
+ baseEnv: inheritedBaseEnv,
1998
+ overrides: params.env,
1999
+ blockPathOverrides: true
2000
+ });
2001
+ if (hostEnvResult && params.env && (hostEnvResult.rejectedOverrideBlockedKeys.length > 0 || hostEnvResult.rejectedOverrideInvalidKeys.length > 0)) {
2002
+ const blockedKeys = hostEnvResult.rejectedOverrideBlockedKeys;
2003
+ const invalidKeys = hostEnvResult.rejectedOverrideInvalidKeys;
2004
+ const pathBlocked = blockedKeys.includes("PATH");
2005
+ if (pathBlocked && blockedKeys.length === 1 && invalidKeys.length === 0) throw new Error("Security Violation: Custom 'PATH' variable is forbidden during host execution.");
2006
+ if (blockedKeys.length === 1 && invalidKeys.length === 0) throw new Error(`Security Violation: Environment variable '${blockedKeys[0]}' is forbidden during host execution.`);
2007
+ const details = [];
2008
+ if (blockedKeys.length > 0) details.push(`blocked override keys: ${blockedKeys.join(", ")}`);
2009
+ if (invalidKeys.length > 0) details.push(`invalid non-portable override keys: ${invalidKeys.join(", ")}`);
2010
+ const suffix = details.join("; ");
2011
+ if (pathBlocked) throw new Error(`Security Violation: Custom 'PATH' variable is forbidden during host execution (${suffix}).`);
2012
+ throw new Error(`Security Violation: ${suffix}.`);
2013
+ }
2014
+ const env = sandbox && host === "sandbox" ? buildSandboxEnv({
2015
+ defaultPath: DEFAULT_PATH,
2016
+ paramsEnv: params.env,
2017
+ sandboxEnv: sandbox.env,
2018
+ containerWorkdir: containerWorkdir ?? sandbox.containerWorkdir
2019
+ }) : hostEnvResult?.env ?? inheritedBaseEnv;
2020
+ if (!sandbox && host === "gateway" && !params.env?.PATH) applyShellPath(env, getShellPathFromLoginShell({
2021
+ env: process.env,
2022
+ timeoutMs: resolveShellEnvFallbackTimeoutMs(process.env)
2023
+ }));
2024
+ if (host === "node" && defaultPathPrepend.length > 0) warnings.push("Warning: tools.exec.pathPrepend is ignored for host=node. Configure PATH on the node host/service instead.");
2025
+ else applyPathPrepend(env, defaultPathPrepend);
2026
+ if (host === "node") return executeNodeHostCommand({
2027
+ command: params.command,
2028
+ workdir,
2029
+ env,
2030
+ requestedEnv: params.env,
2031
+ requestedNode: params.node?.trim(),
2032
+ boundNode: defaults?.node?.trim(),
2033
+ sessionKey: defaults?.sessionKey,
2034
+ turnSourceChannel: defaults?.messageProvider,
2035
+ turnSourceTo: defaults?.currentChannelId,
2036
+ turnSourceAccountId: defaults?.accountId,
2037
+ turnSourceThreadId: defaults?.currentThreadTs,
2038
+ agentId,
2039
+ security,
2040
+ ask,
2041
+ strictInlineEval: defaults?.strictInlineEval,
2042
+ trigger: defaults?.trigger,
2043
+ timeoutSec: params.timeout,
2044
+ defaultTimeoutSec,
2045
+ approvalRunningNoticeMs,
2046
+ warnings,
2047
+ notifySessionKey,
2048
+ notifyOnExit,
2049
+ trustedSafeBinDirs
2050
+ });
2051
+ if (!workdir) throw new Error("exec internal error: local execution requires a resolved workdir");
2052
+ if (host === "gateway" && !bypassApprovals) {
2053
+ const gatewayResult = await processGatewayAllowlist({
2054
+ command: params.command,
2055
+ workdir,
2056
+ env,
2057
+ requestedEnv: params.env,
2058
+ pty: params.pty === true && !sandbox,
2059
+ timeoutSec: params.timeout,
2060
+ defaultTimeoutSec,
2061
+ security,
2062
+ ask,
2063
+ safeBins,
2064
+ safeBinProfiles,
2065
+ strictInlineEval: defaults?.strictInlineEval,
2066
+ trigger: defaults?.trigger,
2067
+ agentId,
2068
+ sessionKey: defaults?.sessionKey,
2069
+ turnSourceChannel: defaults?.messageProvider,
2070
+ turnSourceTo: defaults?.currentChannelId,
2071
+ turnSourceAccountId: defaults?.accountId,
2072
+ turnSourceThreadId: defaults?.currentThreadTs,
2073
+ scopeKey: defaults?.scopeKey,
2074
+ warnings,
2075
+ notifySessionKey,
2076
+ approvalRunningNoticeMs,
2077
+ maxOutput,
2078
+ pendingMaxOutput,
2079
+ trustedSafeBinDirs
2080
+ });
2081
+ if (gatewayResult.pendingResult) return gatewayResult.pendingResult;
2082
+ execCommandOverride = gatewayResult.execCommandOverride;
2083
+ if (gatewayResult.allowWithoutEnforcedCommand) execCommandOverride = void 0;
2084
+ }
2085
+ const explicitTimeoutSec = typeof params.timeout === "number" ? params.timeout : null;
2086
+ const effectiveTimeout = allowBackground && explicitTimeoutSec === null && (backgroundRequested || yieldRequested) ? null : explicitTimeoutSec ?? defaultTimeoutSec;
2087
+ const getWarningText = () => warnings.length ? `${warnings.join("\n")}\n\n` : "";
2088
+ const usePty = params.pty === true && !sandbox;
2089
+ if (!shouldSkipExecScriptPreflight({
2090
+ host,
2091
+ security,
2092
+ ask
2093
+ })) await validateScriptFileForShellBleed({
2094
+ command: params.command,
2095
+ workdir
2096
+ });
2097
+ const run = await runExecProcess({
2098
+ command: params.command,
2099
+ execCommand: execCommandOverride,
2100
+ workdir,
2101
+ env,
2102
+ sandbox,
2103
+ containerWorkdir,
2104
+ usePty,
2105
+ warnings,
2106
+ maxOutput,
2107
+ pendingMaxOutput,
2108
+ notifyOnExit,
2109
+ notifyOnExitEmptySuccess,
2110
+ scopeKey: defaults?.scopeKey,
2111
+ sessionKey: notifySessionKey,
2112
+ notifyDeliveryContext,
2113
+ timeoutSec: effectiveTimeout,
2114
+ onUpdate
2115
+ });
2116
+ let yielded = false;
2117
+ let yieldTimer = null;
2118
+ const onAbortSignal = () => {
2119
+ run.disableUpdates();
2120
+ if (yielded || run.session.backgrounded) return;
2121
+ run.kill();
2122
+ };
2123
+ if (signal?.aborted) onAbortSignal();
2124
+ else if (signal) signal.addEventListener("abort", onAbortSignal, { once: true });
2125
+ return new Promise((resolve, reject) => {
2126
+ const resolveRunning = () => resolve({
2127
+ content: [{
2128
+ type: "text",
2129
+ text: `${getWarningText()}Command still running (session ${run.session.id}, pid ${run.session.pid ?? "n/a"}). Use process (list/poll/log/write/kill/clear/remove) for follow-up.`
2130
+ }],
2131
+ details: {
2132
+ status: "running",
2133
+ sessionId: run.session.id,
2134
+ pid: run.session.pid ?? void 0,
2135
+ startedAt: run.startedAt,
2136
+ cwd: run.session.cwd,
2137
+ tail: run.session.tail
2138
+ }
2139
+ });
2140
+ const onYieldNow = () => {
2141
+ if (yieldTimer) clearTimeout(yieldTimer);
2142
+ if (yielded) return;
2143
+ yielded = true;
2144
+ markBackgrounded(run.session);
2145
+ resolveRunning();
2146
+ };
2147
+ if (allowBackground && yieldWindow !== null) if (yieldWindow === 0) onYieldNow();
2148
+ else yieldTimer = setTimeout(() => {
2149
+ if (yielded) return;
2150
+ yielded = true;
2151
+ markBackgrounded(run.session);
2152
+ resolveRunning();
2153
+ }, yieldWindow);
2154
+ run.promise.then((outcome) => {
2155
+ if (yieldTimer) clearTimeout(yieldTimer);
2156
+ if (yielded || run.session.backgrounded) return;
2157
+ resolve(buildExecForegroundResult({
2158
+ outcome,
2159
+ cwd: run.session.cwd,
2160
+ warningText: getWarningText()
2161
+ }));
2162
+ }).catch((err) => {
2163
+ if (yieldTimer) clearTimeout(yieldTimer);
2164
+ if (yielded || run.session.backgrounded) return;
2165
+ reject(err);
2166
+ });
2167
+ });
2168
+ }
2169
+ };
2170
+ }
2171
+ const execTool = createExecTool();
2172
+ //#endregion
2173
+ //#region src/agents/pty-keys.ts
2174
+ const ESC = "\x1B";
2175
+ const CR = "\r";
2176
+ const TAB = " ";
2177
+ const BACKSPACE = "";
2178
+ const BRACKETED_PASTE_START = `${ESC}[200~`;
2179
+ const BRACKETED_PASTE_END = `${ESC}[201~`;
2180
+ /** SS3 sequences for DECCKM application cursor key mode (smkx). */
2181
+ const DECCKM_SS3_KEYS = {
2182
+ up: `${ESC}OA`,
2183
+ down: `${ESC}OB`,
2184
+ right: `${ESC}OC`,
2185
+ left: `${ESC}OD`,
2186
+ home: `${ESC}OH`,
2187
+ end: `${ESC}OF`
2188
+ };
2189
+ const namedKeyMap = new Map([
2190
+ ["enter", CR],
2191
+ ["return", CR],
2192
+ ["tab", TAB],
2193
+ ["escape", ESC],
2194
+ ["esc", ESC],
2195
+ ["space", " "],
2196
+ ["bspace", BACKSPACE],
2197
+ ["backspace", BACKSPACE],
2198
+ ["up", `${ESC}[A`],
2199
+ ["down", `${ESC}[B`],
2200
+ ["right", `${ESC}[C`],
2201
+ ["left", `${ESC}[D`],
2202
+ ["home", `${ESC}[1~`],
2203
+ ["end", `${ESC}[4~`],
2204
+ ["pageup", `${ESC}[5~`],
2205
+ ["pgup", `${ESC}[5~`],
2206
+ ["ppage", `${ESC}[5~`],
2207
+ ["pagedown", `${ESC}[6~`],
2208
+ ["pgdn", `${ESC}[6~`],
2209
+ ["npage", `${ESC}[6~`],
2210
+ ["insert", `${ESC}[2~`],
2211
+ ["ic", `${ESC}[2~`],
2212
+ ["delete", `${ESC}[3~`],
2213
+ ["del", `${ESC}[3~`],
2214
+ ["dc", `${ESC}[3~`],
2215
+ ["btab", `${ESC}[Z`],
2216
+ ["f1", `${ESC}OP`],
2217
+ ["f2", `${ESC}OQ`],
2218
+ ["f3", `${ESC}OR`],
2219
+ ["f4", `${ESC}OS`],
2220
+ ["f5", `${ESC}[15~`],
2221
+ ["f6", `${ESC}[17~`],
2222
+ ["f7", `${ESC}[18~`],
2223
+ ["f8", `${ESC}[19~`],
2224
+ ["f9", `${ESC}[20~`],
2225
+ ["f10", `${ESC}[21~`],
2226
+ ["f11", `${ESC}[23~`],
2227
+ ["f12", `${ESC}[24~`],
2228
+ ["kp/", `${ESC}Oo`],
2229
+ ["kp*", `${ESC}Oj`],
2230
+ ["kp-", `${ESC}Om`],
2231
+ ["kp+", `${ESC}Ok`],
2232
+ ["kp7", `${ESC}Ow`],
2233
+ ["kp8", `${ESC}Ox`],
2234
+ ["kp9", `${ESC}Oy`],
2235
+ ["kp4", `${ESC}Ot`],
2236
+ ["kp5", `${ESC}Ou`],
2237
+ ["kp6", `${ESC}Ov`],
2238
+ ["kp1", `${ESC}Oq`],
2239
+ ["kp2", `${ESC}Or`],
2240
+ ["kp3", `${ESC}Os`],
2241
+ ["kp0", `${ESC}Op`],
2242
+ ["kp.", `${ESC}On`],
2243
+ ["kpenter", `${ESC}OM`]
2244
+ ]);
2245
+ const modifiableNamedKeys = new Set([
2246
+ "up",
2247
+ "down",
2248
+ "left",
2249
+ "right",
2250
+ "home",
2251
+ "end",
2252
+ "pageup",
2253
+ "pgup",
2254
+ "ppage",
2255
+ "pagedown",
2256
+ "pgdn",
2257
+ "npage",
2258
+ "insert",
2259
+ "ic",
2260
+ "delete",
2261
+ "del",
2262
+ "dc"
2263
+ ]);
2264
+ function hasCursorModeSensitiveKeys(request) {
2265
+ return request.keys?.some((raw) => {
2266
+ const token = raw.trim();
2267
+ if (!token) return false;
2268
+ const parsed = parseModifiers(token);
2269
+ if (hasAnyModifier(parsed.mods)) return false;
2270
+ return normalizeLowercaseStringOrEmpty(parsed.base) in DECCKM_SS3_KEYS;
2271
+ }) ?? false;
2272
+ }
2273
+ function encodeKeySequence(request, cursorKeyMode) {
2274
+ const warnings = [];
2275
+ let data = "";
2276
+ if (request.literal) data += request.literal;
2277
+ if (request.hex?.length) for (const raw of request.hex) {
2278
+ const byte = parseHexByte(raw);
2279
+ if (byte === null) {
2280
+ warnings.push(`Invalid hex byte: ${raw}`);
2281
+ continue;
2282
+ }
2283
+ data += String.fromCharCode(byte);
2284
+ }
2285
+ if (request.keys?.length) for (const token of request.keys) data += encodeKeyToken(token, warnings, cursorKeyMode);
2286
+ return {
2287
+ data,
2288
+ warnings
2289
+ };
2290
+ }
2291
+ function encodePaste(text, bracketed = true) {
2292
+ if (!bracketed) return text;
2293
+ return `${BRACKETED_PASTE_START}${text}${BRACKETED_PASTE_END}`;
2294
+ }
2295
+ function encodeKeyToken(raw, warnings, cursorKeyMode) {
2296
+ const token = raw.trim();
2297
+ if (!token) return "";
2298
+ if (token.length === 2 && token.startsWith("^")) {
2299
+ const ctrl = toCtrlChar(token[1]);
2300
+ if (ctrl) return ctrl;
2301
+ }
2302
+ const parsed = parseModifiers(token);
2303
+ const base = parsed.base;
2304
+ const baseLower = normalizeLowercaseStringOrEmpty(base);
2305
+ if (baseLower === "tab" && parsed.mods.shift) return `${ESC}[Z`;
2306
+ if (modifiableNamedKeys.has(baseLower) && cursorKeyMode === "application" && !hasAnyModifier(parsed.mods)) {
2307
+ const ss3Seq = DECCKM_SS3_KEYS[baseLower];
2308
+ if (ss3Seq) return ss3Seq;
2309
+ }
2310
+ const baseSeq = namedKeyMap.get(baseLower);
2311
+ if (baseSeq) {
2312
+ let seq = baseSeq;
2313
+ if (modifiableNamedKeys.has(baseLower) && hasAnyModifier(parsed.mods)) {
2314
+ const mod = xtermModifier(parsed.mods);
2315
+ if (mod > 1) {
2316
+ const modified = applyXtermModifier(seq, mod);
2317
+ if (modified) {
2318
+ seq = modified;
2319
+ return seq;
2320
+ }
2321
+ }
2322
+ }
2323
+ if (parsed.mods.alt) return `${ESC}${seq}`;
2324
+ return seq;
2325
+ }
2326
+ if (base.length === 1) return applyCharModifiers(base, parsed.mods);
2327
+ if (parsed.hasModifiers) warnings.push(`Unknown key "${base}" for modifiers; sending literal.`);
2328
+ return base;
2329
+ }
2330
+ function parseModifiers(token) {
2331
+ const mods = {
2332
+ ctrl: false,
2333
+ alt: false,
2334
+ shift: false
2335
+ };
2336
+ let rest = token;
2337
+ let sawModifiers = false;
2338
+ while (rest.length > 2 && rest[1] === "-") {
2339
+ const mod = normalizeLowercaseStringOrEmpty(rest[0]);
2340
+ if (mod === "c") mods.ctrl = true;
2341
+ else if (mod === "m") mods.alt = true;
2342
+ else if (mod === "s") mods.shift = true;
2343
+ else break;
2344
+ sawModifiers = true;
2345
+ rest = rest.slice(2);
2346
+ }
2347
+ return {
2348
+ mods,
2349
+ base: rest,
2350
+ hasModifiers: sawModifiers
2351
+ };
2352
+ }
2353
+ function applyCharModifiers(char, mods) {
2354
+ let value = char;
2355
+ if (mods.shift && value.length === 1 && /[a-z]/.test(value)) value = value.toUpperCase();
2356
+ if (mods.ctrl) {
2357
+ const ctrl = toCtrlChar(value);
2358
+ if (ctrl) value = ctrl;
2359
+ }
2360
+ if (mods.alt) value = `${ESC}${value}`;
2361
+ return value;
2362
+ }
2363
+ function toCtrlChar(char) {
2364
+ if (char.length !== 1) return null;
2365
+ if (char === "?") return "";
2366
+ const code = char.toUpperCase().charCodeAt(0);
2367
+ if (code >= 64 && code <= 95) return String.fromCharCode(code & 31);
2368
+ return null;
2369
+ }
2370
+ function xtermModifier(mods) {
2371
+ let mod = 1;
2372
+ if (mods.shift) mod += 1;
2373
+ if (mods.alt) mod += 2;
2374
+ if (mods.ctrl) mod += 4;
2375
+ return mod;
2376
+ }
2377
+ function applyXtermModifier(sequence, modifier) {
2378
+ const escPattern = escapeRegExp(ESC);
2379
+ const csiNumber = new RegExp(`^${escPattern}\\[(\\d+)([~A-Z])$`);
2380
+ const csiArrow = new RegExp(`^${escPattern}\\[(A|B|C|D|H|F)$`);
2381
+ const numberMatch = sequence.match(csiNumber);
2382
+ if (numberMatch) return `${ESC}[${numberMatch[1]};${modifier}${numberMatch[2]}`;
2383
+ const arrowMatch = sequence.match(csiArrow);
2384
+ if (arrowMatch) return `${ESC}[1;${modifier}${arrowMatch[1]}`;
2385
+ return null;
2386
+ }
2387
+ function hasAnyModifier(mods) {
2388
+ return mods.ctrl || mods.alt || mods.shift;
2389
+ }
2390
+ function parseHexByte(raw) {
2391
+ const lower = normalizeLowercaseStringOrEmpty(raw);
2392
+ const normalized = lower.startsWith("0x") ? lower.slice(2) : lower;
2393
+ if (!/^[0-9a-f]{1,2}$/.test(normalized)) return null;
2394
+ const value = Number.parseInt(normalized, 16);
2395
+ if (Number.isNaN(value) || value < 0 || value > 255) return null;
2396
+ return value;
2397
+ }
2398
+ //#endregion
2399
+ //#region src/agents/bash-tools.process-send-keys.ts
2400
+ function failText$1(text) {
2401
+ return {
2402
+ content: [{
2403
+ type: "text",
2404
+ text
2405
+ }],
2406
+ details: { status: "failed" }
2407
+ };
2408
+ }
2409
+ async function writeToStdin(stdin, data) {
2410
+ await new Promise((resolve, reject) => {
2411
+ stdin.write(data, (err) => {
2412
+ if (err) reject(err);
2413
+ else resolve();
2414
+ });
2415
+ });
2416
+ }
2417
+ async function handleProcessSendKeys(params) {
2418
+ const request = {
2419
+ keys: params.keys,
2420
+ hex: params.hex,
2421
+ literal: params.literal
2422
+ };
2423
+ if (params.session.cursorKeyMode === "unknown" && hasCursorModeSensitiveKeys(request)) return failText$1(`Session ${params.sessionId} cursor key mode is not known yet. Poll or log until startup output appears, then retry send-keys.`);
2424
+ const { data, warnings } = encodeKeySequence(request, params.session.cursorKeyMode === "unknown" ? void 0 : params.session.cursorKeyMode);
2425
+ if (!data) return failText$1("No key data provided.");
2426
+ await writeToStdin(params.stdin, data);
2427
+ return {
2428
+ content: [{
2429
+ type: "text",
2430
+ text: `Sent ${data.length} bytes to session ${params.sessionId}.` + (warnings.length ? `\nWarnings:\n- ${warnings.join("\n- ")}` : "")
2431
+ }],
2432
+ details: {
2433
+ status: "running",
2434
+ sessionId: params.sessionId,
2435
+ name: deriveSessionName(params.session.command)
2436
+ }
2437
+ };
2438
+ }
2439
+ //#endregion
2440
+ //#region src/agents/bash-tools.process.ts
2441
+ const DEFAULT_LOG_TAIL_LINES = 200;
2442
+ function resolveLogSliceWindow(offset, limit) {
2443
+ const usingDefaultTail = offset === void 0 && limit === void 0;
2444
+ return {
2445
+ effectiveOffset: offset,
2446
+ effectiveLimit: typeof limit === "number" && Number.isFinite(limit) ? limit : usingDefaultTail ? DEFAULT_LOG_TAIL_LINES : void 0,
2447
+ usingDefaultTail
2448
+ };
2449
+ }
2450
+ function defaultTailNote(totalLines, usingDefaultTail) {
2451
+ if (!usingDefaultTail || totalLines <= DEFAULT_LOG_TAIL_LINES) return "";
2452
+ return `\n\n[showing last ${DEFAULT_LOG_TAIL_LINES} of ${totalLines} lines; pass offset/limit to page]`;
2453
+ }
2454
+ const MAX_POLL_WAIT_MS = 12e4;
2455
+ function resolvePollWaitMs(value) {
2456
+ if (typeof value === "number" && Number.isFinite(value)) return Math.max(0, Math.min(MAX_POLL_WAIT_MS, Math.floor(value)));
2457
+ if (typeof value === "string") {
2458
+ const parsed = Number.parseInt(value.trim(), 10);
2459
+ if (Number.isFinite(parsed)) return Math.max(0, Math.min(MAX_POLL_WAIT_MS, parsed));
2460
+ }
2461
+ return 0;
2462
+ }
2463
+ function failText(text) {
2464
+ return {
2465
+ content: [{
2466
+ type: "text",
2467
+ text
2468
+ }],
2469
+ details: { status: "failed" }
2470
+ };
2471
+ }
2472
+ function recordPollRetrySuggestion(sessionId, hasNewOutput) {
2473
+ try {
2474
+ return recordCommandPoll(getDiagnosticSessionState({ sessionId }), sessionId, hasNewOutput);
2475
+ } catch {
2476
+ return;
2477
+ }
2478
+ }
2479
+ function resetPollRetrySuggestion(sessionId) {
2480
+ try {
2481
+ resetCommandPollCount(getDiagnosticSessionState({ sessionId }), sessionId);
2482
+ } catch {}
2483
+ }
2484
+ function createProcessTool(defaults) {
2485
+ if (defaults?.cleanupMs !== void 0) setJobTtlMs(defaults.cleanupMs);
2486
+ const scopeKey = defaults?.scopeKey;
2487
+ const supervisor = getProcessSupervisor();
2488
+ const isInScope = (session) => !scopeKey || session?.scopeKey === scopeKey;
2489
+ const cancelManagedSession = (sessionId) => {
2490
+ const record = supervisor.getRecord(sessionId);
2491
+ if (!record || record.state === "exited") return false;
2492
+ supervisor.cancel(sessionId, "manual-cancel");
2493
+ return true;
2494
+ };
2495
+ const terminateSessionFallback = (session) => {
2496
+ const pid = session.pid ?? session.child?.pid;
2497
+ if (typeof pid !== "number" || !Number.isFinite(pid) || pid <= 0) return false;
2498
+ killProcessTree(pid);
2499
+ return true;
2500
+ };
2501
+ return {
2502
+ name: "process",
2503
+ label: "process",
2504
+ displaySummary: PROCESS_TOOL_DISPLAY_SUMMARY,
2505
+ description: describeProcessTool({ hasCronTool: defaults?.hasCronTool === true }),
2506
+ parameters: processSchema,
2507
+ execute: async (_toolCallId, args, _signal, _onUpdate) => {
2508
+ const params = args;
2509
+ if (params.action === "list") {
2510
+ const running = listRunningSessions().filter((s) => isInScope(s)).map((s) => ({
2511
+ sessionId: s.id,
2512
+ status: "running",
2513
+ pid: s.pid ?? void 0,
2514
+ startedAt: s.startedAt,
2515
+ runtimeMs: Date.now() - s.startedAt,
2516
+ cwd: s.cwd,
2517
+ command: s.command,
2518
+ name: deriveSessionName(s.command),
2519
+ tail: s.tail,
2520
+ truncated: s.truncated
2521
+ }));
2522
+ const finished = listFinishedSessions().filter((s) => isInScope(s)).map((s) => ({
2523
+ sessionId: s.id,
2524
+ status: s.status,
2525
+ startedAt: s.startedAt,
2526
+ endedAt: s.endedAt,
2527
+ runtimeMs: s.endedAt - s.startedAt,
2528
+ cwd: s.cwd,
2529
+ command: s.command,
2530
+ name: deriveSessionName(s.command),
2531
+ tail: s.tail,
2532
+ truncated: s.truncated,
2533
+ exitCode: s.exitCode ?? void 0,
2534
+ exitSignal: s.exitSignal ?? void 0
2535
+ }));
2536
+ return {
2537
+ content: [{
2538
+ type: "text",
2539
+ text: [...running, ...finished].toSorted((a, b) => b.startedAt - a.startedAt).map((s) => {
2540
+ const label = s.name ? truncateMiddle(s.name, 80) : truncateMiddle(s.command, 120);
2541
+ return `${s.sessionId} ${pad(s.status, 9)} ${formatDurationCompact(s.runtimeMs) ?? "n/a"} :: ${label}`;
2542
+ }).join("\n") || "No running or recent sessions."
2543
+ }],
2544
+ details: {
2545
+ status: "completed",
2546
+ sessions: [...running, ...finished]
2547
+ }
2548
+ };
2549
+ }
2550
+ if (!params.sessionId) return {
2551
+ content: [{
2552
+ type: "text",
2553
+ text: "sessionId is required for this action."
2554
+ }],
2555
+ details: { status: "failed" }
2556
+ };
2557
+ const session = getSession(params.sessionId);
2558
+ const finished = getFinishedSession(params.sessionId);
2559
+ const scopedSession = isInScope(session) ? session : void 0;
2560
+ const scopedFinished = isInScope(finished) ? finished : void 0;
2561
+ const failedResult = (text) => ({
2562
+ content: [{
2563
+ type: "text",
2564
+ text
2565
+ }],
2566
+ details: { status: "failed" }
2567
+ });
2568
+ const resolveBackgroundedWritableStdin = () => {
2569
+ if (!scopedSession) return {
2570
+ ok: false,
2571
+ result: failedResult(`No active session found for ${params.sessionId}`)
2572
+ };
2573
+ if (!scopedSession.backgrounded) return {
2574
+ ok: false,
2575
+ result: failedResult(`Session ${params.sessionId} is not backgrounded.`)
2576
+ };
2577
+ const stdin = scopedSession.stdin ?? scopedSession.child?.stdin;
2578
+ if (!stdin || stdin.destroyed) return {
2579
+ ok: false,
2580
+ result: failedResult(`Session ${params.sessionId} stdin is not writable.`)
2581
+ };
2582
+ return {
2583
+ ok: true,
2584
+ session: scopedSession,
2585
+ stdin
2586
+ };
2587
+ };
2588
+ const writeToStdin = async (stdin, data) => {
2589
+ await new Promise((resolve, reject) => {
2590
+ stdin.write(data, (err) => {
2591
+ if (err) reject(err);
2592
+ else resolve();
2593
+ });
2594
+ });
2595
+ };
2596
+ const runningSessionResult = (session, text) => ({
2597
+ content: [{
2598
+ type: "text",
2599
+ text
2600
+ }],
2601
+ details: {
2602
+ status: "running",
2603
+ sessionId: params.sessionId,
2604
+ name: deriveSessionName(session.command)
2605
+ }
2606
+ });
2607
+ switch (params.action) {
2608
+ case "poll": {
2609
+ if (!scopedSession) {
2610
+ if (scopedFinished) {
2611
+ resetPollRetrySuggestion(params.sessionId);
2612
+ return {
2613
+ content: [{
2614
+ type: "text",
2615
+ text: (scopedFinished.tail || `(no output recorded${scopedFinished.truncated ? " — truncated to cap" : ""})`) + `\n\nProcess exited with ${scopedFinished.exitSignal ? `signal ${scopedFinished.exitSignal}` : `code ${scopedFinished.exitCode ?? 0}`}.`
2616
+ }],
2617
+ details: {
2618
+ status: scopedFinished.status === "completed" ? "completed" : "failed",
2619
+ sessionId: params.sessionId,
2620
+ exitCode: scopedFinished.exitCode ?? void 0,
2621
+ aggregated: scopedFinished.aggregated,
2622
+ name: deriveSessionName(scopedFinished.command)
2623
+ }
2624
+ };
2625
+ }
2626
+ resetPollRetrySuggestion(params.sessionId);
2627
+ return failText(`No session found for ${params.sessionId}`);
2628
+ }
2629
+ if (!scopedSession.backgrounded) return failText(`Session ${params.sessionId} is not backgrounded.`);
2630
+ const pollWaitMs = resolvePollWaitMs(params.timeout);
2631
+ if (pollWaitMs > 0 && !scopedSession.exited) {
2632
+ const deadline = Date.now() + pollWaitMs;
2633
+ while (!scopedSession.exited && Date.now() < deadline) await new Promise((resolve) => setTimeout(resolve, Math.max(0, Math.min(250, deadline - Date.now()))));
2634
+ }
2635
+ const { stdout, stderr } = drainSession(scopedSession);
2636
+ const exited = scopedSession.exited;
2637
+ const exitCode = scopedSession.exitCode ?? 0;
2638
+ const exitSignal = scopedSession.exitSignal ?? void 0;
2639
+ if (exited) {
2640
+ const status = exitCode === 0 && exitSignal == null ? "completed" : "failed";
2641
+ markExited(scopedSession, scopedSession.exitCode ?? null, scopedSession.exitSignal ?? null, status);
2642
+ }
2643
+ const status = exited ? exitCode === 0 && exitSignal == null ? "completed" : "failed" : "running";
2644
+ const output = [stdout.trimEnd(), stderr.trimEnd()].filter(Boolean).join("\n").trim();
2645
+ const hasNewOutput = output.length > 0;
2646
+ const retryInMs = exited ? void 0 : recordPollRetrySuggestion(params.sessionId, hasNewOutput);
2647
+ if (exited) resetPollRetrySuggestion(params.sessionId);
2648
+ return {
2649
+ content: [{
2650
+ type: "text",
2651
+ text: (output || "(no new output)") + (exited ? `\n\nProcess exited with ${exitSignal ? `signal ${exitSignal}` : `code ${exitCode}`}.` : "\n\nProcess still running.")
2652
+ }],
2653
+ details: {
2654
+ status,
2655
+ sessionId: params.sessionId,
2656
+ exitCode: exited ? exitCode : void 0,
2657
+ aggregated: scopedSession.aggregated,
2658
+ name: deriveSessionName(scopedSession.command),
2659
+ ...typeof retryInMs === "number" ? { retryInMs } : {}
2660
+ }
2661
+ };
2662
+ }
2663
+ case "log":
2664
+ if (scopedSession) {
2665
+ if (!scopedSession.backgrounded) return {
2666
+ content: [{
2667
+ type: "text",
2668
+ text: `Session ${params.sessionId} is not backgrounded.`
2669
+ }],
2670
+ details: { status: "failed" }
2671
+ };
2672
+ const window = resolveLogSliceWindow(params.offset, params.limit);
2673
+ const { slice, totalLines, totalChars } = sliceLogLines(scopedSession.aggregated, window.effectiveOffset, window.effectiveLimit);
2674
+ const logDefaultTailNote = defaultTailNote(totalLines, window.usingDefaultTail);
2675
+ return {
2676
+ content: [{
2677
+ type: "text",
2678
+ text: (slice || "(no output yet)") + logDefaultTailNote
2679
+ }],
2680
+ details: {
2681
+ status: scopedSession.exited ? "completed" : "running",
2682
+ sessionId: params.sessionId,
2683
+ total: totalLines,
2684
+ totalLines,
2685
+ totalChars,
2686
+ truncated: scopedSession.truncated,
2687
+ name: deriveSessionName(scopedSession.command)
2688
+ }
2689
+ };
2690
+ }
2691
+ if (scopedFinished) {
2692
+ const window = resolveLogSliceWindow(params.offset, params.limit);
2693
+ const { slice, totalLines, totalChars } = sliceLogLines(scopedFinished.aggregated, window.effectiveOffset, window.effectiveLimit);
2694
+ const status = scopedFinished.status === "completed" ? "completed" : "failed";
2695
+ const logDefaultTailNote = defaultTailNote(totalLines, window.usingDefaultTail);
2696
+ return {
2697
+ content: [{
2698
+ type: "text",
2699
+ text: (slice || "(no output recorded)") + logDefaultTailNote
2700
+ }],
2701
+ details: {
2702
+ status,
2703
+ sessionId: params.sessionId,
2704
+ total: totalLines,
2705
+ totalLines,
2706
+ totalChars,
2707
+ truncated: scopedFinished.truncated,
2708
+ exitCode: scopedFinished.exitCode ?? void 0,
2709
+ exitSignal: scopedFinished.exitSignal ?? void 0,
2710
+ name: deriveSessionName(scopedFinished.command)
2711
+ }
2712
+ };
2713
+ }
2714
+ return {
2715
+ content: [{
2716
+ type: "text",
2717
+ text: `No session found for ${params.sessionId}`
2718
+ }],
2719
+ details: { status: "failed" }
2720
+ };
2721
+ case "write": {
2722
+ const resolved = resolveBackgroundedWritableStdin();
2723
+ if (!resolved.ok) return resolved.result;
2724
+ await writeToStdin(resolved.stdin, params.data ?? "");
2725
+ if (params.eof) resolved.stdin.end();
2726
+ return runningSessionResult(resolved.session, `Wrote ${(params.data ?? "").length} bytes to session ${params.sessionId}${params.eof ? " (stdin closed)" : ""}.`);
2727
+ }
2728
+ case "send-keys": {
2729
+ const resolved = resolveBackgroundedWritableStdin();
2730
+ if (!resolved.ok) return resolved.result;
2731
+ return await handleProcessSendKeys({
2732
+ sessionId: params.sessionId,
2733
+ session: resolved.session,
2734
+ stdin: resolved.stdin,
2735
+ keys: params.keys,
2736
+ hex: params.hex,
2737
+ literal: params.literal
2738
+ });
2739
+ }
2740
+ case "submit": {
2741
+ const resolved = resolveBackgroundedWritableStdin();
2742
+ if (!resolved.ok) return resolved.result;
2743
+ await writeToStdin(resolved.stdin, "\r");
2744
+ return runningSessionResult(resolved.session, `Submitted session ${params.sessionId} (sent CR).`);
2745
+ }
2746
+ case "paste": {
2747
+ const resolved = resolveBackgroundedWritableStdin();
2748
+ if (!resolved.ok) return resolved.result;
2749
+ const payload = encodePaste(params.text ?? "", params.bracketed !== false);
2750
+ if (!payload) return {
2751
+ content: [{
2752
+ type: "text",
2753
+ text: "No paste text provided."
2754
+ }],
2755
+ details: { status: "failed" }
2756
+ };
2757
+ await writeToStdin(resolved.stdin, payload);
2758
+ return runningSessionResult(resolved.session, `Pasted ${params.text?.length ?? 0} chars to session ${params.sessionId}.`);
2759
+ }
2760
+ case "kill": {
2761
+ if (!scopedSession) return failText(`No active session found for ${params.sessionId}`);
2762
+ if (!scopedSession.backgrounded) return failText(`Session ${params.sessionId} is not backgrounded.`);
2763
+ const canceled = cancelManagedSession(scopedSession.id);
2764
+ if (!canceled) {
2765
+ if (!terminateSessionFallback(scopedSession)) return failText(`Unable to terminate session ${params.sessionId}: no active supervisor run or process id.`);
2766
+ markExited(scopedSession, null, "SIGKILL", "failed");
2767
+ }
2768
+ resetPollRetrySuggestion(params.sessionId);
2769
+ return {
2770
+ content: [{
2771
+ type: "text",
2772
+ text: canceled ? `Termination requested for session ${params.sessionId}.` : `Killed session ${params.sessionId}.`
2773
+ }],
2774
+ details: {
2775
+ status: "failed",
2776
+ name: scopedSession ? deriveSessionName(scopedSession.command) : void 0
2777
+ }
2778
+ };
2779
+ }
2780
+ case "clear":
2781
+ if (scopedFinished) {
2782
+ resetPollRetrySuggestion(params.sessionId);
2783
+ deleteSession(params.sessionId);
2784
+ return {
2785
+ content: [{
2786
+ type: "text",
2787
+ text: `Cleared session ${params.sessionId}.`
2788
+ }],
2789
+ details: { status: "completed" }
2790
+ };
2791
+ }
2792
+ return {
2793
+ content: [{
2794
+ type: "text",
2795
+ text: `No finished session found for ${params.sessionId}`
2796
+ }],
2797
+ details: { status: "failed" }
2798
+ };
2799
+ case "remove":
2800
+ if (scopedSession) {
2801
+ const canceled = cancelManagedSession(scopedSession.id);
2802
+ if (canceled) {
2803
+ scopedSession.backgrounded = false;
2804
+ deleteSession(params.sessionId);
2805
+ } else {
2806
+ if (!terminateSessionFallback(scopedSession)) return failText(`Unable to remove session ${params.sessionId}: no active supervisor run or process id.`);
2807
+ markExited(scopedSession, null, "SIGKILL", "failed");
2808
+ deleteSession(params.sessionId);
2809
+ }
2810
+ resetPollRetrySuggestion(params.sessionId);
2811
+ return {
2812
+ content: [{
2813
+ type: "text",
2814
+ text: canceled ? `Removed session ${params.sessionId} (termination requested).` : `Removed session ${params.sessionId}.`
2815
+ }],
2816
+ details: {
2817
+ status: "failed",
2818
+ name: scopedSession ? deriveSessionName(scopedSession.command) : void 0
2819
+ }
2820
+ };
2821
+ }
2822
+ if (scopedFinished) {
2823
+ resetPollRetrySuggestion(params.sessionId);
2824
+ deleteSession(params.sessionId);
2825
+ return {
2826
+ content: [{
2827
+ type: "text",
2828
+ text: `Removed session ${params.sessionId}.`
2829
+ }],
2830
+ details: { status: "completed" }
2831
+ };
2832
+ }
2833
+ return {
2834
+ content: [{
2835
+ type: "text",
2836
+ text: `No session found for ${params.sessionId}`
2837
+ }],
2838
+ details: { status: "failed" }
2839
+ };
2840
+ }
2841
+ return {
2842
+ content: [{
2843
+ type: "text",
2844
+ text: `Unknown action ${params.action}`
2845
+ }],
2846
+ details: { status: "failed" }
2847
+ };
2848
+ }
2849
+ };
2850
+ }
2851
+ const processTool = createProcessTool();
2852
+ //#endregion
2853
+ export { execTool as i, processTool as n, createExecTool as r, createProcessTool as t };