@pixelzx/genesis 2026.7.8 → 2026.7.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1003) hide show
  1. package/CHANGELOG.md +6 -0
  2. package/dist/.buildstamp +1 -1
  3. package/dist/abort-Cp36iDXn.js +201 -0
  4. package/dist/abort.runtime-BqMH4Ch0.js +2 -0
  5. package/dist/abort.runtime.js +1 -1
  6. package/dist/accounts-Cj71Cowh.js +107 -0
  7. package/dist/accounts-QWkosmHS.js +104 -0
  8. package/dist/accounts-WfCxilPE.js +2 -0
  9. package/dist/acp-cli-DR-AhXGk.js +2217 -0
  10. package/dist/acp-spawn--QIKNFAi.js +2 -0
  11. package/dist/acp-spawn-C6RL4_5_.js +1042 -0
  12. package/dist/acp-stateful-target-driver-Dhv06vdx.js +89 -0
  13. package/dist/action-agents-CIt7iEZU.js +67 -0
  14. package/dist/action-focus-opQp57IZ.js +132 -0
  15. package/dist/action-help-_OV2kuH9.js +7 -0
  16. package/dist/action-info-aoU6FqoU.js +101 -0
  17. package/dist/action-kill-DFlW_b4o.js +33 -0
  18. package/dist/action-list-CAYQg5qC.js +21 -0
  19. package/dist/action-log-COWtMTRe.js +30 -0
  20. package/dist/action-send-CzGaLKxg.js +39 -0
  21. package/dist/action-spawn-D0HNlqJQ.js +47 -0
  22. package/dist/action-unfocus-BA2c_9o-.js +29 -0
  23. package/dist/actions.runtime-C-MtRkM5.js +18 -0
  24. package/dist/actions.runtime-_O63acg1.js +5 -0
  25. package/dist/actions.runtime.js +1 -1
  26. package/dist/agent-D7gQ7Xo9.js +2 -0
  27. package/dist/agent-command-ByKQHVY7.js +874 -0
  28. package/dist/agent-harness-runtime-BMjFYW9y.js +144 -0
  29. package/dist/agent-runner-utils-DJds4BS5.js +239 -0
  30. package/dist/agent-runner.runtime-DIZ31zSD.js +3443 -0
  31. package/dist/agent-runner.runtime.js +1 -1
  32. package/dist/agent-runtime-CBfPv0EK.js +18 -0
  33. package/dist/agents-CV4vTeP8.js +5 -0
  34. package/dist/agents-imogqXBP.js +954 -0
  35. package/dist/aliases-BTJj8BqV.js +2 -0
  36. package/dist/aliases-Bx--0eZ4.js +96 -0
  37. package/dist/api-B2wEDg4s.js +139 -0
  38. package/dist/api-Bd2qlRZB.js +3 -0
  39. package/dist/api-C_BLyG0v.js +5 -0
  40. package/dist/approval-gateway-resolver-L5mCgEE8.js +29 -0
  41. package/dist/approval-gateway-runtime-CzzYNVSz.js +2 -0
  42. package/dist/approval-handler-runtime-DGphch5Y.js +439 -0
  43. package/dist/approval-native-runtime-DiA39Qd-.js +729 -0
  44. package/dist/attempt-execution.runtime-BR_1bcQh.js +509 -0
  45. package/dist/attempt-execution.runtime.js +1 -1
  46. package/dist/attempt.prompt-helpers-BcjLCIQW.js +206 -0
  47. package/dist/attempt.tool-run-context-CCbj8Rx9.js +933 -0
  48. package/dist/audit-gZVWGq5L.js +939 -0
  49. package/dist/audit.runtime-C24h5tOz.js +7 -0
  50. package/dist/audit.runtime.js +1 -1
  51. package/dist/auth-CVlSRgzI.js +2 -0
  52. package/dist/auth-MA9UN5hQ.js +550 -0
  53. package/dist/auth-order-BTnSGQgv.js +139 -0
  54. package/dist/auth-order-BdoWVq-E.js +2 -0
  55. package/dist/bash-tools-ByIhi7m1.js +3 -0
  56. package/dist/bash-tools-CyEIAadh.js +2853 -0
  57. package/dist/binding-routing-ZcY40RZ4.js +85 -0
  58. package/dist/binding-targets-CNRFfBh-.js +121 -0
  59. package/dist/bridge-server-C7dKRq-V.js +113 -0
  60. package/dist/browser-control-auth-BWH3BUNZ.js +2 -0
  61. package/dist/browser-node-runtime-QLZUFybf.js +12 -0
  62. package/dist/browser-profiles-BBpvhLrT.js +2 -0
  63. package/dist/browser-runtime-DhpIPNIt.js +387 -0
  64. package/dist/browser-setup-tools-DHwGt1YE.js +13 -0
  65. package/dist/build-BGXvMkW_.js +550 -0
  66. package/dist/build-info.json +3 -3
  67. package/dist/bundled/boot-md/handler.js +2 -2
  68. package/dist/bundled/session-memory/handler.js +1 -1
  69. package/dist/call-CoL9QpLf.js +330 -0
  70. package/dist/call-DUTlBMzC.js +3 -0
  71. package/dist/call.runtime-CwonrfG0.js +2 -0
  72. package/dist/call.runtime.js +1 -1
  73. package/dist/capability-cli-n36Okw1e.js +1401 -0
  74. package/dist/catchup-DKwaJXrj.js +300 -0
  75. package/dist/channel-BUjWV80s.js +491 -0
  76. package/dist/channel-Bqqe4ogf.js +1174 -0
  77. package/dist/channel-CUWOSF7I.js +1100 -0
  78. package/dist/channel-DO73puJq.js +840 -0
  79. package/dist/channel-DQb3yAT-.js +595 -0
  80. package/dist/channel-DonHeltj.js +1802 -0
  81. package/dist/channel-Dr3phGJH.js +350 -0
  82. package/dist/channel-OFr1VaIT.js +297 -0
  83. package/dist/channel-Q67N7Qga.js +453 -0
  84. package/dist/channel-QEIrCXvY.js +1320 -0
  85. package/dist/channel-TwbdYiU4.js +226 -0
  86. package/dist/channel-core-DpS9ac5M.js +5 -0
  87. package/dist/channel-inbound-BN7-W5Mp.js +31 -0
  88. package/dist/channel-plugin-runtime-Bpu2ATcW.js +771 -0
  89. package/dist/channel-runtime-DW0jiVp9.js +425 -0
  90. package/dist/channel.runtime-BIqZ_VoM.js +2364 -0
  91. package/dist/channel.runtime-BbeuZu_w.js +4 -0
  92. package/dist/channel.runtime-CUNubKGY.js +576 -0
  93. package/dist/channel.runtime-DVr4sNnj.js +42398 -0
  94. package/dist/channel.runtime-DuoIAiw0.js +89 -0
  95. package/dist/channel.runtime-FHKyPUs2.js +430 -0
  96. package/dist/channel.runtime.js +1 -1
  97. package/dist/channel.setup-DYQ46vWl.js +10 -0
  98. package/dist/channel2.runtime-45gwMiMC.js +109 -0
  99. package/dist/channel2.runtime.js +1 -1
  100. package/dist/channels-Cx87p2Mc.js +733 -0
  101. package/dist/channels-cli-Ch81ruvl.js +268 -0
  102. package/dist/chat-BvSWsydx.js +2830 -0
  103. package/dist/clawbot-cli-jsnS_FnN.js +9 -0
  104. package/dist/cli/daemon-cli.js +3 -3
  105. package/dist/cli-BWZ_fxIG.js +72 -0
  106. package/dist/cli-CyvueCG9.js +219 -0
  107. package/dist/cli-DRZG-g_Y.js +2 -0
  108. package/dist/cli-DqxnA2Tb.js +2 -0
  109. package/dist/cli-runner-DPw2qsP4.js +286 -0
  110. package/dist/cli-runner.runtime-B93gCaXR.js +4 -0
  111. package/dist/cli-runner.runtime-D3uL1Tqw.js +3 -0
  112. package/dist/cli-runner.runtime.js +1 -1
  113. package/dist/cli-startup-metadata.json +2 -2
  114. package/dist/cli.runtime-CJ-0cVHG.js +1261 -0
  115. package/dist/cli.runtime.js +1 -1
  116. package/dist/client-DZ9fRoos.js +723 -0
  117. package/dist/client-DaDWtov7.js +138 -0
  118. package/dist/command-auth-BNlTWl8C.js +76 -0
  119. package/dist/command-config-resolution-C5mMj3s6.js +2 -0
  120. package/dist/command-config-resolution-D_HiK2Df.js +23 -0
  121. package/dist/command-config-resolution.runtime-r_wK8SAB.js +2 -0
  122. package/dist/command-config-resolution.runtime.js +1 -1
  123. package/dist/command-registry-BwJMoAw8.js +9 -0
  124. package/dist/command-registry-CcPwbywf.js +4 -0
  125. package/dist/command-registry-core-BO-Zu0fZ.js +106 -0
  126. package/dist/command-secret-gateway-BOotrpN5.js +528 -0
  127. package/dist/command-status.runtime-Cnj5_5ga.js +87 -0
  128. package/dist/command-status.runtime.js +1 -1
  129. package/dist/commands-acp-Bp2GjOx3.js +77 -0
  130. package/dist/commands-compact.runtime-C3pOotHP.js +10 -0
  131. package/dist/commands-compact.runtime.js +1 -1
  132. package/dist/commands-handlers.runtime-vaz_uwzA.js +4599 -0
  133. package/dist/commands-handlers.runtime.js +1 -1
  134. package/dist/commands-status-Vd07pidW.js +16 -0
  135. package/dist/commands-status.runtime-BEKT_jrn.js +3 -0
  136. package/dist/commands-status.runtime.js +1 -1
  137. package/dist/commands-subagents-control.runtime-B8iWwqJX.js +3 -0
  138. package/dist/commands-subagents-control.runtime-Rsy5Lnz2.js +2 -0
  139. package/dist/commands-subagents-control.runtime.js +1 -1
  140. package/dist/commands-system-prompt-Bq6ojpCi.js +157 -0
  141. package/dist/commands-system-prompt-C7C6i6nq.js +2 -0
  142. package/dist/commands.runtime-B7f6s9df.js +167 -0
  143. package/dist/commands.runtime.js +1 -1
  144. package/dist/compact-wrJq7Lu7.js +1096 -0
  145. package/dist/compact.runtime-LNHoeWuF.js +12 -0
  146. package/dist/compact.runtime.js +1 -1
  147. package/dist/completion-cli-CD7DN6ny.js +328 -0
  148. package/dist/config-cli-Dp5K4ftz.js +1078 -0
  149. package/dist/config-y_0ApyNl.js +252 -0
  150. package/dist/configure-D3mU878p.js +1252 -0
  151. package/dist/configure-wyGVTr5h.js +2 -0
  152. package/dist/connect-options-1DmmZpSB.js +699 -0
  153. package/dist/control-auth-BpLXdP_i.js +125 -0
  154. package/dist/control-service-Bsdg53R4.js +156 -0
  155. package/dist/conversation-id-BO0qFsIe.js +38 -0
  156. package/dist/conversation-id-KB5kfzff.js +235 -0
  157. package/dist/conversation-runtime-9HKKmLHt.js +31 -0
  158. package/dist/core-OPQr8UZ9.js +275 -0
  159. package/dist/cron-cli-BvlxWG-0.js +713 -0
  160. package/dist/daemon-cli-C4rj1fY_.js +12 -0
  161. package/dist/dashboard-B_D8FKSf.js +2 -0
  162. package/dist/dashboard-DHcTfjq_.js +81 -0
  163. package/dist/delegate-D5OjBi3s.js +64 -0
  164. package/dist/detached-task-runtime-DzyjU1m1.js +73 -0
  165. package/dist/devices-cli-DvMb9Y1g.js +498 -0
  166. package/dist/diagnostics-B6OHDp0s.js +154 -0
  167. package/dist/direct-dm-D6l72pHR.js +64 -0
  168. package/dist/dispatch-MnxNMsTX.js +1131 -0
  169. package/dist/dispatch-acp-CkcF0OCD.js +981 -0
  170. package/dist/dispatch-acp-manager.runtime-C1nWu1uE.js +3 -0
  171. package/dist/dispatch-acp-manager.runtime.js +1 -1
  172. package/dist/dispatch-acp.runtime-CWcJoK7v.js +19 -0
  173. package/dist/dispatch-acp.runtime.js +1 -1
  174. package/dist/doctor-device-pairing-Ccd9bfi0.js +307 -0
  175. package/dist/doctor-gateway-daemon-flow-vXXN636C.js +250 -0
  176. package/dist/doctor-gateway-health-to-oUHeN.js +63 -0
  177. package/dist/doctor-health-C3ZtwUoH.js +59 -0
  178. package/dist/doctor-health-contributions-C6IlokOG.js +493 -0
  179. package/dist/doctor-prompter-DtNoFi2a.js +56 -0
  180. package/dist/doctor-workspace-status-CQB7xbnW.js +75 -0
  181. package/dist/dreaming-BbN5wJdM.js +1582 -0
  182. package/dist/dreaming-narrative-Dra5GiQh.js +596 -0
  183. package/dist/embedded-gateway-stub.runtime-B9NXS2Vr.js +9 -0
  184. package/dist/embedded-gateway-stub.runtime.js +1 -1
  185. package/dist/entry.js +2 -2
  186. package/dist/exec-approvals-cli-BMIvTLCd.js +498 -0
  187. package/dist/extensionAPI.js +1 -1
  188. package/dist/extensions/active-memory/index.js +1 -1
  189. package/dist/extensions/bluebubbles/api.js +3 -3
  190. package/dist/extensions/bluebubbles/channel-plugin-api.js +1 -1
  191. package/dist/extensions/browser/browser-bridge.js +1 -1
  192. package/dist/extensions/browser/browser-config.js +4 -4
  193. package/dist/extensions/browser/browser-control-auth.js +2 -2
  194. package/dist/extensions/browser/browser-doctor.js +2 -2
  195. package/dist/extensions/browser/browser-maintenance.js +2 -2
  196. package/dist/extensions/browser/browser-profiles.js +2 -2
  197. package/dist/extensions/browser/browser-runtime-api.js +10 -10
  198. package/dist/extensions/browser/index.js +1 -1
  199. package/dist/extensions/browser/plugin-registration.js +1 -1
  200. package/dist/extensions/browser/register.runtime.js +3 -3
  201. package/dist/extensions/browser/runtime-api.js +11 -11
  202. package/dist/extensions/browser/test-support.js +1 -1
  203. package/dist/extensions/device-pair/api.js +1 -1
  204. package/dist/extensions/device-pair/index.js +3 -3
  205. package/dist/extensions/device-pair/notify.js +1 -1
  206. package/dist/extensions/device-pair/pair-command-approve.js +1 -1
  207. package/dist/extensions/google-meet/index.js +2 -2
  208. package/dist/extensions/imessage/api.js +3 -3
  209. package/dist/extensions/imessage/channel-plugin-api.js +1 -1
  210. package/dist/extensions/imessage/runtime-api.js +3 -3
  211. package/dist/extensions/irc/api.js +2 -2
  212. package/dist/extensions/irc/channel-plugin-api.js +1 -1
  213. package/dist/extensions/line/api.js +2 -2
  214. package/dist/extensions/line/channel-plugin-api.js +1 -1
  215. package/dist/extensions/line/contract-api.js +1 -1
  216. package/dist/extensions/line/runtime-api.js +4 -4
  217. package/dist/extensions/line/setup-api.js +1 -1
  218. package/dist/extensions/llm-task/index.js +2 -2
  219. package/dist/extensions/lobster/index.js +3 -3
  220. package/dist/extensions/lobster/runtime-api.js +1 -1
  221. package/dist/extensions/mattermost/api.js +1 -1
  222. package/dist/extensions/mattermost/channel-plugin-api.js +1 -1
  223. package/dist/extensions/mattermost/channel-plugin-runtime.js +1 -1
  224. package/dist/extensions/mattermost/policy-api.js +1 -1
  225. package/dist/extensions/mattermost/runtime-api.js +4 -4
  226. package/dist/extensions/mattermost/slash-route-api.js +1 -1
  227. package/dist/extensions/memory-core/api.js +1 -1
  228. package/dist/extensions/memory-core/cli-metadata.js +2 -2
  229. package/dist/extensions/memory-core/index.js +3 -3
  230. package/dist/extensions/memory-lancedb/cli-metadata.js +1 -1
  231. package/dist/extensions/msteams/api.js +1 -1
  232. package/dist/extensions/msteams/channel-plugin-api.js +1 -1
  233. package/dist/extensions/msteams/runtime-api.js +3 -3
  234. package/dist/extensions/msteams/test-api.js +1 -1
  235. package/dist/extensions/nextcloud-talk/api.js +1 -1
  236. package/dist/extensions/nextcloud-talk/channel-plugin-api.js +1 -1
  237. package/dist/extensions/nextcloud-talk/runtime-api.js +2 -2
  238. package/dist/extensions/openshell/index.js +2 -2
  239. package/dist/extensions/signal/api.js +6 -6
  240. package/dist/extensions/signal/channel-plugin-api.js +1 -1
  241. package/dist/extensions/signal/reaction-runtime-api.js +1 -1
  242. package/dist/extensions/signal/runtime-api.js +7 -7
  243. package/dist/extensions/skill-workshop/api.js +1 -1
  244. package/dist/extensions/skill-workshop/index.js +1 -1
  245. package/dist/extensions/synology-chat/api.js +1 -1
  246. package/dist/extensions/synology-chat/channel-plugin-api.js +1 -1
  247. package/dist/extensions/tlon/api.js +2 -2
  248. package/dist/extensions/tlon/channel-plugin-api.js +1 -1
  249. package/dist/extensions/tlon/runtime-api.js +1 -1
  250. package/dist/extensions/tlon/test-api.js +1 -1
  251. package/dist/extensions/twitch/api.js +1 -1
  252. package/dist/extensions/twitch/channel-plugin-api.js +1 -1
  253. package/dist/extensions/twitch/setup-plugin-api.js +1 -1
  254. package/dist/extensions/zalo/api.js +3 -3
  255. package/dist/extensions/zalo/channel-plugin-api.js +1 -1
  256. package/dist/extensions/zalo/runtime-api.js +2 -2
  257. package/dist/extensions/zalo/setup-api.js +2 -2
  258. package/dist/extensions/zalouser/api.js +3 -3
  259. package/dist/extensions/zalouser/channel-plugin-api.js +1 -1
  260. package/dist/extensions/zalouser/runtime-api.js +6 -6
  261. package/dist/extensions/zalouser/setup-plugin-api.js +1 -1
  262. package/dist/extensions/zalouser/test-api.js +1 -1
  263. package/dist/fallbacks-CNYcJGsI.js +31 -0
  264. package/dist/fallbacks-CpvN52vL.js +2 -0
  265. package/dist/fallbacks-shared-BMRmctbx.js +111 -0
  266. package/dist/gateway-_SCycjaN.js +115 -0
  267. package/dist/gateway-cli-CqpPxleQ.js +1283 -0
  268. package/dist/gateway-rpc-BsLYIv5w.js +14 -0
  269. package/dist/gateway-rpc.runtime-CyZZSmG_.js +23 -0
  270. package/dist/gateway-rpc.runtime.js +1 -1
  271. package/dist/gateway-runtime-BHDtRng9.js +15 -0
  272. package/dist/gateway-status-CZIozTnz.js +584 -0
  273. package/dist/genesis-tools-C0nPYE5t.js +9435 -0
  274. package/dist/genesis-tools.runtime-CY_LbvH7.js +2 -0
  275. package/dist/genesis-tools.runtime.js +1 -1
  276. package/dist/get-reply-from-config.runtime-BT7Vqesa.js +2 -0
  277. package/dist/get-reply-from-config.runtime.js +1 -1
  278. package/dist/get-reply-tZVDzC6p.js +3946 -0
  279. package/dist/graph-users-CeLSqImM.js +1337 -0
  280. package/dist/health-BWIRYEwF.js +3 -0
  281. package/dist/health-QMMhy2Dz.js +420 -0
  282. package/dist/health-route--sJRGxK7.js +41 -0
  283. package/dist/health-route-Nshh2-05.js +2 -0
  284. package/dist/hooks-cli-qlVfZ69O.js +433 -0
  285. package/dist/image-fallbacks-DqJubFFl.js +2 -0
  286. package/dist/image-fallbacks-Dw2qDUfx.js +31 -0
  287. package/dist/inbound-reply-dispatch-CACe9Tz8.js +73 -0
  288. package/dist/index.js +2 -2
  289. package/dist/infra-runtime-fiXnmsj0.js +38 -0
  290. package/dist/init-Biz2hP6-.js +59 -0
  291. package/dist/library-B1Qi-7is.js +45 -0
  292. package/dist/lifecycle-CwTeSNb3.js +571 -0
  293. package/dist/lifecycle-DTuqSjDi.js +229 -0
  294. package/dist/lifecycle.runtime-L87U4LxS.js +2 -0
  295. package/dist/lifecycle.runtime.js +1 -1
  296. package/dist/list-C9_Rnbic.js +131 -0
  297. package/dist/list-DhQ19wW5.js +2 -0
  298. package/dist/list-GcjeBBI7.js +2 -0
  299. package/dist/list-O4TnoMHO.js +1212 -0
  300. package/dist/list.probe-DYyzi71E.js +419 -0
  301. package/dist/llm-slug-generator-yBet6xOg.js +79 -0
  302. package/dist/llm-slug-generator.js +1 -1
  303. package/dist/load-config-Cp-DUOb2.js +35 -0
  304. package/dist/local-dispatch.runtime-RVsdeP5H.js +8 -0
  305. package/dist/local-dispatch.runtime.js +1 -1
  306. package/dist/logs-cli-D9A-A-9o.js +265 -0
  307. package/dist/logs-cli.runtime-IDuSVdCP.js +2 -0
  308. package/dist/logs-cli.runtime.js +1 -1
  309. package/dist/main-session-restart-recovery-Ck4FVNm4.js +206 -0
  310. package/dist/managed-image-attachments-C5QQL-vS.js +2 -0
  311. package/dist/managed-image-attachments-XoAQCwbd.js +635 -0
  312. package/dist/manager-CSBGjyBv.js +2057 -0
  313. package/dist/manager-wkR4Iytv.js +2 -0
  314. package/dist/markdown-to-line-BTkqph9t.js +790 -0
  315. package/dist/mcp/plugin-tools-serve.js +1 -1
  316. package/dist/mcp-cli-BYatxokX.js +725 -0
  317. package/dist/mcp-http-D5Jg_G_4.js +529 -0
  318. package/dist/memory-core-host-runtime-cli-D5FBfgB5.js +9 -0
  319. package/dist/message-DYkh5sOP.js +232 -0
  320. package/dist/message-action-runner-CJGAC14u.js +1407 -0
  321. package/dist/message-action-runner-DEc3L86w.js +2 -0
  322. package/dist/message-actions-Dh0dkVuL.js +143 -0
  323. package/dist/message.gateway.runtime-C66L1TQ8.js +2 -0
  324. package/dist/message.gateway.runtime.js +1 -1
  325. package/dist/models-auth-status-hLHyMRg4.js +217 -0
  326. package/dist/models-cli-A3K5ngLW.js +271 -0
  327. package/dist/monitor-BGPc6S-l.js +788 -0
  328. package/dist/monitor-C8edroDo.js +671 -0
  329. package/dist/monitor-CFsyjwnu.js +1661 -0
  330. package/dist/monitor-Dl0w1_43.js +1237 -0
  331. package/dist/monitor-DlxT-Knr.js +2 -0
  332. package/dist/monitor-auth-ke97RkAT.js +207 -0
  333. package/dist/monitor-c-H6NZB1.js +1459 -0
  334. package/dist/monitor-processing-B39UHhPl.js +1974 -0
  335. package/dist/monitor.runtime-bk4_-UQP.js +2 -0
  336. package/dist/monitor.runtime.js +1 -1
  337. package/dist/monitor.webhook-h5bgSJwm.js +180 -0
  338. package/dist/msteams-ISVbP_K_.js +35 -0
  339. package/dist/native-hook-relay-Bc5mlw9g.js +519 -0
  340. package/dist/nextcloud-talk-CbYNP-yd.js +17 -0
  341. package/dist/node-cli-0u8AZQyg.js +2276 -0
  342. package/dist/nodes-cli-CQMWvWMg.js +1046 -0
  343. package/dist/nodes-utils-DOQtMWOk.js +84 -0
  344. package/dist/nodes.helpers-C4kSQFC6.js +34 -0
  345. package/dist/notify-nTgfrNiE.js +315 -0
  346. package/dist/onboard-C3joem4P.js +2 -0
  347. package/dist/onboard-CLxVG_dm.js +70 -0
  348. package/dist/onboard-helpers-CzWgl6b5.js +204 -0
  349. package/dist/onboard-helpers-DN7Wm9fW.js +6 -0
  350. package/dist/onboard-interactive-BGd6aTeV.js +24 -0
  351. package/dist/onboard-non-interactive-CtThtPt1.js +635 -0
  352. package/dist/onboard-remote-C-N2VHxH.js +2 -0
  353. package/dist/onboard-remote-C8Pd_O6i.js +193 -0
  354. package/dist/onboard-skills-CVLAHKbc.js +2 -0
  355. package/dist/onboard-skills-Dfyg3uoq.js +134 -0
  356. package/dist/openai-http-BEKA7a56.js +500 -0
  357. package/dist/openresponses-http-CXR1xS4b.js +1128 -0
  358. package/dist/operator-approvals-client-Cbb5L4kC.js +68 -0
  359. package/dist/outbound.runtime-BfwyPtqz.js +2 -0
  360. package/dist/outbound.runtime.js +1 -1
  361. package/dist/pair-command-approve-DxGuoQgs.js +44 -0
  362. package/dist/persistent-bindings.lifecycle-Cm2JgJ1m.js +2 -0
  363. package/dist/persistent-bindings.lifecycle-G6-GKVJ-.js +85 -0
  364. package/dist/pi-embedded-BhegMC8S.js +4 -0
  365. package/dist/pi-embedded-DSK_Kmte.js +2905 -0
  366. package/dist/pi-embedded.runtime-De_h6P_Z.js +4 -0
  367. package/dist/pi-embedded.runtime.js +1 -1
  368. package/dist/pi-tool-definition-adapter-NXBjo73N.js +229 -0
  369. package/dist/pi-tools-DZSC_w6D.js +1118 -0
  370. package/dist/pi-tools.before-tool-call-BwU95vEl.js +433 -0
  371. package/dist/pi-tools.before-tool-call-D_7nYeEk.js +2 -0
  372. package/dist/plugin-Buwbxy6j.js +12195 -0
  373. package/dist/plugin-enabled-K5XYrDLJ.js +140 -0
  374. package/dist/plugin-registration-BCJ8Erq-.js +23 -0
  375. package/dist/plugin-sdk/.boundary-entry-shims.stamp +1 -1
  376. package/dist/plugin-sdk/acp-binding-runtime.js +1 -1
  377. package/dist/plugin-sdk/acp-runtime.js +2 -2
  378. package/dist/plugin-sdk/agent-harness-runtime.js +5 -5
  379. package/dist/plugin-sdk/agent-harness.js +6 -6
  380. package/dist/plugin-sdk/agent-runtime.js +2 -2
  381. package/dist/plugin-sdk/approval-gateway-runtime.js +2 -2
  382. package/dist/plugin-sdk/approval-handler-runtime.js +3 -3
  383. package/dist/plugin-sdk/approval-runtime.js +1 -1
  384. package/dist/plugin-sdk/browser-node-runtime.js +4 -4
  385. package/dist/plugin-sdk/browser-setup-tools.js +3 -3
  386. package/dist/plugin-sdk/browser-support.js +7 -7
  387. package/dist/plugin-sdk/channel-core.js +2 -2
  388. package/dist/plugin-sdk/channel-inbound.js +2 -2
  389. package/dist/plugin-sdk/command-auth.js +1 -1
  390. package/dist/plugin-sdk/command-status-runtime.js +1 -1
  391. package/dist/plugin-sdk/compat.js +1 -1
  392. package/dist/plugin-sdk/conversation-binding-runtime.js +1 -1
  393. package/dist/plugin-sdk/conversation-runtime.js +3 -3
  394. package/dist/plugin-sdk/core.js +2 -2
  395. package/dist/plugin-sdk/direct-dm.js +1 -1
  396. package/dist/plugin-sdk/gateway-runtime.js +3 -3
  397. package/dist/plugin-sdk/inbound-reply-dispatch.js +1 -1
  398. package/dist/plugin-sdk/index.js +1 -1
  399. package/dist/plugin-sdk/infra-runtime.js +2 -2
  400. package/dist/plugin-sdk/irc.js +2 -2
  401. package/dist/plugin-sdk/matrix.js +1 -1
  402. package/dist/plugin-sdk/memory-core-host-runtime-cli.js +2 -2
  403. package/dist/plugin-sdk/memory-core.js +2 -2
  404. package/dist/plugin-sdk/msteams.js +2 -2
  405. package/dist/plugin-sdk/nextcloud-talk.js +2 -2
  406. package/dist/plugin-sdk/nostr.js +1 -1
  407. package/dist/plugin-sdk/reply-dispatch-runtime.js +1 -1
  408. package/dist/plugin-sdk/reply-runtime.js +4 -4
  409. package/dist/plugin-sdk/runtime-secret-resolution.js +1 -1
  410. package/dist/plugin-sdk/runtime.js +2 -2
  411. package/dist/plugin-sdk/session-visibility.js +1 -1
  412. package/dist/plugin-sdk/testing.js +4 -4
  413. package/dist/plugin-sdk/tlon.js +1 -1
  414. package/dist/plugin-sdk/zalo.js +1 -1
  415. package/dist/plugin-sdk/zalouser.js +1 -1
  416. package/dist/plugin-service-O0Nka2ql.js +2893 -0
  417. package/dist/plugins/runtime/index.js +1 -1
  418. package/dist/policy-BcEBQrBb.js +328 -0
  419. package/dist/postinstall-inventory.json +411 -411
  420. package/dist/prepare.runtime-4-4zFPyi.js +807 -0
  421. package/dist/prepare.runtime.js +1 -1
  422. package/dist/probe-Bj5TYODu.js +2 -0
  423. package/dist/probe-CM64ZU4h.js +2205 -0
  424. package/dist/probe-D-WslSkr.js +1443 -0
  425. package/dist/probe-DDW3LKLY.js +240 -0
  426. package/dist/probe-DIojWUct.js +45 -0
  427. package/dist/probe-DUvHddgr.js +2 -0
  428. package/dist/probe-DcVkQ45O.js +74 -0
  429. package/dist/program-C2WMGRGS.js +111 -0
  430. package/dist/prompt-select-styled-DyuhVmKx.js +20 -0
  431. package/dist/protocol-D-HTtPao.js +2586 -0
  432. package/dist/provider-dispatcher-B9Bi64PF.js +2 -0
  433. package/dist/provider-dispatcher-W0BQ6JBa.js +22 -0
  434. package/dist/qr-cli-CuHAMWri.js +349 -0
  435. package/dist/qr-cli-XFbmt6Yy.js +2 -0
  436. package/dist/reaction-runtime-api-BVLM-96j.js +116 -0
  437. package/dist/reactions-C1FEqLK1.js +998 -0
  438. package/dist/register-service-commands-BfHk7oaS.js +71 -0
  439. package/dist/register.agent-DXzxIclN.js +248 -0
  440. package/dist/register.configure-CXufs_DG.js +15 -0
  441. package/dist/register.maintenance-WJgi56ww.js +363 -0
  442. package/dist/register.message-D644NowA.js +329 -0
  443. package/dist/register.onboard-Dts_81Kq.js +88 -0
  444. package/dist/register.runtime-BGFNAs1W.js +81 -0
  445. package/dist/register.runtime.js +1 -1
  446. package/dist/register.setup-xdxtWT9Z.js +150 -0
  447. package/dist/register.status-health-sessions-cA5f30SV.js +1215 -0
  448. package/dist/register.subclis-BC8Xib58.js +29 -0
  449. package/dist/register.subclis-DMX7WW9_.js +3 -0
  450. package/dist/register.subclis-core-BQwVVxk1.js +249 -0
  451. package/dist/reply-dispatch-runtime-B8XDaURF.js +13 -0
  452. package/dist/reply-runtime-NyMLCW3E.js +10 -0
  453. package/dist/reply.runtime-edT3K6N7.js +2 -0
  454. package/dist/reply.runtime.js +1 -1
  455. package/dist/restart-health-1UMkTis9.js +202 -0
  456. package/dist/restart-health-DOVEX2Dr.js +2 -0
  457. package/dist/root-help-DOab9o7V.js +44 -0
  458. package/dist/routes-C6KcWOET.js +3341 -0
  459. package/dist/routes-YiOyu7uC.js +2 -0
  460. package/dist/rpc-D58sqWd5.js +61 -0
  461. package/dist/rpc.runtime-B7TMomww.js +21 -0
  462. package/dist/rpc.runtime.js +1 -1
  463. package/dist/run-delivery.runtime-unYfe21X.js +530 -0
  464. package/dist/run-delivery.runtime.js +1 -1
  465. package/dist/run-embedded.runtime-zHl2AfPi.js +4 -0
  466. package/dist/run-embedded.runtime.js +1 -1
  467. package/dist/run-execution-cli.runtime-Dz1dsRHM.js +4 -0
  468. package/dist/run-execution-cli.runtime.js +1 -1
  469. package/dist/run-executor.runtime-KX7eaa3W.js +277 -0
  470. package/dist/run-executor.runtime.js +1 -1
  471. package/dist/run-main-DDIezO6z.js +567 -0
  472. package/dist/run-subagent-registry.runtime-DJC3g4ZR.js +2 -0
  473. package/dist/run-subagent-registry.runtime.js +1 -1
  474. package/dist/run-wait-CpiyL2yQ.js +135 -0
  475. package/dist/runtime-DFsWYp04.js +961 -0
  476. package/dist/runtime-api-B-Rvnz8K.js +9 -0
  477. package/dist/runtime-api-BGjsjeDs.js +4 -0
  478. package/dist/runtime-api-BLmoQDr9.js +9 -0
  479. package/dist/runtime-api-C7sFkqAw.js +14 -0
  480. package/dist/runtime-cvZCV2Ia.js +9 -0
  481. package/dist/runtime-embedded-pi.runtime-DhHN3TPm.js +2 -0
  482. package/dist/runtime-embedded-pi.runtime.js +1 -1
  483. package/dist/runtime-internal-BgtZ9qQE.js +2 -0
  484. package/dist/runtime-options-DP77Ol0F.js +275 -0
  485. package/dist/runtime-schema-UykYqADC.js +28599 -0
  486. package/dist/scan-DFZp_kSW.js +523 -0
  487. package/dist/scan-DGA0ZzcA.js +2 -0
  488. package/dist/secrets-cli-ea7rK5BG.js +2101 -0
  489. package/dist/security-cli-ho4WnkD2.js +486 -0
  490. package/dist/selection-9k1d9_Da.js +7743 -0
  491. package/dist/selection-Cp3CrNux.js +2 -0
  492. package/dist/send-CBwqDOfQ.js +156 -0
  493. package/dist/send-DpYdCf3A.js +102 -0
  494. package/dist/send.runtime-DPgv2Lc5.js +2 -0
  495. package/dist/send.runtime.js +1 -1
  496. package/dist/server-D7iFLwV2.js +13 -0
  497. package/dist/server-context-B8N_gqtd.js +2 -0
  498. package/dist/server-context-LNf4RJwd.js +847 -0
  499. package/dist/server-node-events-B0Jy5ges.js +474 -0
  500. package/dist/server-plugin-bootstrap-C50m7eyR.js +2 -0
  501. package/dist/server-plugin-bootstrap-CLJHt826.js +13703 -0
  502. package/dist/server-restart-sentinel--uTnlfGF.js +684 -0
  503. package/dist/server-yVgPsLY3.js +77 -0
  504. package/dist/server.impl-BlCJe-26.js +12804 -0
  505. package/dist/session-kill-http-CGcsBC5N.js +110 -0
  506. package/dist/session-reset-service-BdvoF6l9.js +497 -0
  507. package/dist/session-route-C6YYamP7.js +93 -0
  508. package/dist/session-status.runtime-DpxWfh54.js +2 -0
  509. package/dist/session-status.runtime.js +1 -1
  510. package/dist/session-subagent-reactivation.runtime-Ddt2B8nq.js +2 -0
  511. package/dist/session-subagent-reactivation.runtime.js +1 -1
  512. package/dist/session-tab-registry-Bwj7OJds.js +581 -0
  513. package/dist/session-visibility-CMeipx_x.js +147 -0
  514. package/dist/sessions-helpers-Crbc2V-c.js +305 -0
  515. package/dist/sessions-history-http-B1jARJH5.js +371 -0
  516. package/dist/sessions-patch-C1oxNf4r.js +309 -0
  517. package/dist/sessions-resolve-D8eCbDqe.js +174 -0
  518. package/dist/sessions.runtime-Dh0ghDyO.js +2 -0
  519. package/dist/sessions.runtime.js +1 -1
  520. package/dist/setup-DoOZ7cOr.js +636 -0
  521. package/dist/setup-api-COR0Hcnk.js +29 -0
  522. package/dist/setup-core-C5-HYDHu.js +176 -0
  523. package/dist/setup-core-Q7Gtw1Ov.js +171 -0
  524. package/dist/setup-surface-CBScP5vZ.js +219 -0
  525. package/dist/setup-surface-CPW1hR9X.js +286 -0
  526. package/dist/setup-surface-w8AJYpAw.js +403 -0
  527. package/dist/setup.finalize-CFQ5dk9P.js +547 -0
  528. package/dist/setup.gateway-config-CevZkqsU.js +250 -0
  529. package/dist/shared-BJOo71CE.js +121 -0
  530. package/dist/shared-C9DEgBKO.js +76 -0
  531. package/dist/shared-DWeIx7H_.js +198 -0
  532. package/dist/slash-state-DfyIhVQa.js +1911 -0
  533. package/dist/src-D_pOANWx.js +3974 -0
  534. package/dist/startup-context-u6H-cGD5.js +312 -0
  535. package/dist/status-Bax-CYIA.js +2 -0
  536. package/dist/status-Bm_lDIZA.js +2 -0
  537. package/dist/status-C41OfbgU.js +209 -0
  538. package/dist/status-CJA5y0Ot.js +190 -0
  539. package/dist/status-JI5DGJgd.js +395 -0
  540. package/dist/status-all-CyMiAz9D.js +498 -0
  541. package/dist/status-json-command-D3gfSQpJ.js +82 -0
  542. package/dist/status-json-wAtoMvEU.js +14 -0
  543. package/dist/status-liaGeQBF.js +3 -0
  544. package/dist/status-runtime-shared-BHVKTX8F.js +241 -0
  545. package/dist/status-subagents.runtime-Dqn8rGt3.js +18 -0
  546. package/dist/status-subagents.runtime.js +1 -1
  547. package/dist/status-text-XpgxLRUx.js +237 -0
  548. package/dist/status.gateway-connection.runtime-CAujaH_M.js +2 -0
  549. package/dist/status.gateway-connection.runtime.js +1 -1
  550. package/dist/status.gather-DABnWYhg.js +2 -0
  551. package/dist/status.gather-DvP7veWJ.js +292 -0
  552. package/dist/status.runtime-BNG-ykFb.js +2 -0
  553. package/dist/status.scan-CPCLfxhs.js +65 -0
  554. package/dist/status.scan-overview-cd-sFbN_.js +379 -0
  555. package/dist/status.scan.fast-json-BlK1NH9B.js +2 -0
  556. package/dist/status.scan.fast-json-RzD6XYyb.js +132 -0
  557. package/dist/status.summary-BzdECSg9.js +200 -0
  558. package/dist/status.summary-D5HGi7Bf.js +2 -0
  559. package/dist/subagent-announce-Cs_FbejL.js +351 -0
  560. package/dist/subagent-announce-delivery-DMwYIqZg.js +726 -0
  561. package/dist/subagent-announce-output-B9tl5MCY.js +364 -0
  562. package/dist/subagent-control-CJBFHJGn.js +506 -0
  563. package/dist/subagent-followup.runtime-Bn5iFlY5.js +68 -0
  564. package/dist/subagent-followup.runtime.js +1 -1
  565. package/dist/subagent-orphan-recovery-Bd_lhKXg.js +305 -0
  566. package/dist/subagent-registry-ChyubSrS.js +3 -0
  567. package/dist/subagent-registry-gH5jdXLj.js +1753 -0
  568. package/dist/subagent-registry.runtime.js +1 -1
  569. package/dist/subagent-spawn-CGEv7PUE.js +1005 -0
  570. package/dist/system-cli-BXWEki_N.js +43 -0
  571. package/dist/targets-Df5NUAMJ.js +67 -0
  572. package/dist/task-executor-CNDdWsuX.js +360 -0
  573. package/dist/task-owner-access-DxjrTxvr.js +74 -0
  574. package/dist/task-registry-CdNs7r4r.js +2357 -0
  575. package/dist/task-registry-delivery-runtime-BDu6uG2H.js +3 -0
  576. package/dist/task-registry-delivery-runtime-DOWKFjeQ.js +2 -0
  577. package/dist/task-registry.maintenance-DASywxLv.js +416 -0
  578. package/dist/task-registry.maintenance-NbdyYsF6.js +2 -0
  579. package/dist/telegram/token.js +1 -1
  580. package/dist/testing-DSzznIMh.js +575 -0
  581. package/dist/text-report-C5TiNkIC.js +549 -0
  582. package/dist/tool-resolution-BpN_yXJT.js +90 -0
  583. package/dist/tools-effective-inventory-DzZfmONO.js +152 -0
  584. package/dist/tools-invoke-http-Cc5lWdVY.js +206 -0
  585. package/dist/trash-gujb8L0g.js +24 -0
  586. package/dist/tui-cli-5Sm6YmJ7.js +4585 -0
  587. package/dist/update-cli-BcUEQuiM.js +1759 -0
  588. package/dist/upgrade-uEpCTUNv.js +1226 -0
  589. package/dist/video-generation-task-status-Ch4hR1ge.js +163 -0
  590. package/dist/wait-for-idle-before-flush-D9yKEs2F.js +6025 -0
  591. package/dist/wizard-models-DQ9CKzTp.js +334 -0
  592. package/package.json +4 -1
  593. package/dist/abort-xF_zj8_u.js +0 -201
  594. package/dist/abort.runtime-JUukGuW3.js +0 -2
  595. package/dist/accounts-C0jW92It.js +0 -104
  596. package/dist/accounts-C2ZexWg6.js +0 -107
  597. package/dist/accounts-tEPx6Fnd.js +0 -2
  598. package/dist/acp-cli-De2oyz3e.js +0 -2217
  599. package/dist/acp-spawn-7VB8ie8I.js +0 -1042
  600. package/dist/acp-spawn-C6VfLE4o.js +0 -2
  601. package/dist/acp-stateful-target-driver-ctUymwnI.js +0 -89
  602. package/dist/action-agents-Dy45TQ9X.js +0 -67
  603. package/dist/action-focus-hzygEAz5.js +0 -132
  604. package/dist/action-help-D1h2Czko.js +0 -7
  605. package/dist/action-info-EDBi7fre.js +0 -101
  606. package/dist/action-kill-CBNgmCsz.js +0 -33
  607. package/dist/action-list-C6KC8Ulv.js +0 -21
  608. package/dist/action-log-C0R9AwnB.js +0 -30
  609. package/dist/action-send-DZw27QoS.js +0 -39
  610. package/dist/action-spawn-BXEOYBEH.js +0 -47
  611. package/dist/action-unfocus-DWFUpr-g.js +0 -29
  612. package/dist/actions.runtime-1HHNbwPa.js +0 -5
  613. package/dist/actions.runtime-GFSX3jST.js +0 -18
  614. package/dist/agent-CU42dfye.js +0 -2
  615. package/dist/agent-command-Baehh2jJ.js +0 -874
  616. package/dist/agent-harness-runtime-Bmln4mlS.js +0 -144
  617. package/dist/agent-runner-utils-xPwHxFwc.js +0 -239
  618. package/dist/agent-runner.runtime-BBx0eqAs.js +0 -3443
  619. package/dist/agent-runtime-mKUGZmYk.js +0 -18
  620. package/dist/agents-C_kp6PcN.js +0 -954
  621. package/dist/agents-D7-4l9xG.js +0 -5
  622. package/dist/aliases-BR-85AbT.js +0 -96
  623. package/dist/aliases-DH4MEghL.js +0 -2
  624. package/dist/api-8dcgPyEO.js +0 -139
  625. package/dist/api-C6Dl-nsC.js +0 -3
  626. package/dist/api-CeoOTFsR.js +0 -5
  627. package/dist/approval-gateway-resolver-B5iZVyl3.js +0 -29
  628. package/dist/approval-gateway-runtime-DJMhFL8_.js +0 -2
  629. package/dist/approval-handler-runtime-CvlNyTSd.js +0 -439
  630. package/dist/approval-native-runtime-DIP1UVwF.js +0 -729
  631. package/dist/attempt-execution.runtime-Dnj7Dunz.js +0 -509
  632. package/dist/attempt.prompt-helpers-yXlkhGj_.js +0 -206
  633. package/dist/attempt.tool-run-context-DplnP36r.js +0 -933
  634. package/dist/audit-CP153cHC.js +0 -939
  635. package/dist/audit.runtime-BPEAdYYt.js +0 -7
  636. package/dist/auth-CGB_0fnH.js +0 -550
  637. package/dist/auth-_41Zyvnc.js +0 -2
  638. package/dist/auth-order-Cnl7fD4m.js +0 -2
  639. package/dist/auth-order-DTEvHo9G.js +0 -139
  640. package/dist/bash-tools-E5RKIMX4.js +0 -2853
  641. package/dist/bash-tools-n2uf-L6x.js +0 -3
  642. package/dist/binding-routing-MxZZJi7B.js +0 -85
  643. package/dist/binding-targets-DOjf91v9.js +0 -121
  644. package/dist/bridge-server-C9sdVkxe.js +0 -113
  645. package/dist/browser-control-auth-Ds_CXo7-.js +0 -2
  646. package/dist/browser-node-runtime-CrrZhgmT.js +0 -12
  647. package/dist/browser-profiles-DSq_VuWU.js +0 -2
  648. package/dist/browser-runtime-D3bUe2ki.js +0 -387
  649. package/dist/browser-setup-tools-BzBeI9sr.js +0 -13
  650. package/dist/build-BQ7uMjfi.js +0 -550
  651. package/dist/call-C5EHc2Ve.js +0 -3
  652. package/dist/call-DgFhP0IB.js +0 -330
  653. package/dist/call.runtime-CBWpY5ek.js +0 -2
  654. package/dist/capability-cli-CF-5WxGW.js +0 -1401
  655. package/dist/catchup-DEgTzUZf.js +0 -300
  656. package/dist/channel-B9Z1yOBL.js +0 -1100
  657. package/dist/channel-BQalh8q5.js +0 -1320
  658. package/dist/channel-B_D0qB8f.js +0 -297
  659. package/dist/channel-CveiiHEq.js +0 -226
  660. package/dist/channel-DPRWC_X5.js +0 -1802
  661. package/dist/channel-DTNwXKB7.js +0 -350
  662. package/dist/channel-DsWHOdeO.js +0 -840
  663. package/dist/channel-IYn5sG7l.js +0 -453
  664. package/dist/channel-MwEUOERy.js +0 -1174
  665. package/dist/channel-core-C3RFVpjy.js +0 -5
  666. package/dist/channel-geAqqK_e.js +0 -491
  667. package/dist/channel-inbound-BRCAVWH1.js +0 -31
  668. package/dist/channel-plugin-runtime-B7guFbbq.js +0 -771
  669. package/dist/channel-runtime-B2HmUto-.js +0 -425
  670. package/dist/channel-zfFLswBu.js +0 -595
  671. package/dist/channel.runtime-60XStiek.js +0 -2364
  672. package/dist/channel.runtime-BK8atBx7.js +0 -430
  673. package/dist/channel.runtime-CjfgGDJR.js +0 -576
  674. package/dist/channel.runtime-Cuc72hD3.js +0 -89
  675. package/dist/channel.runtime-D4i6q9PJ.js +0 -4
  676. package/dist/channel.runtime-mLdKu3mE.js +0 -42398
  677. package/dist/channel.setup-BxdBjfQG.js +0 -10
  678. package/dist/channel2.runtime-DhBM75gc.js +0 -109
  679. package/dist/channels-YP0r9T7z.js +0 -733
  680. package/dist/channels-cli-BA8x-0ie.js +0 -268
  681. package/dist/chat-C-K_PnVS.js +0 -2830
  682. package/dist/clawbot-cli-CcTWZznd.js +0 -9
  683. package/dist/cli-B9pz-wec.js +0 -2
  684. package/dist/cli-BDqmMCNa.js +0 -219
  685. package/dist/cli-CFANcv9h.js +0 -2
  686. package/dist/cli-oSszUBF4.js +0 -72
  687. package/dist/cli-runner-ziqCSXFY.js +0 -286
  688. package/dist/cli-runner.runtime-B-P8SxLi.js +0 -4
  689. package/dist/cli-runner.runtime-BmqwbMTX.js +0 -3
  690. package/dist/cli.runtime-4isBQRbc.js +0 -1261
  691. package/dist/client-CcimlPth.js +0 -138
  692. package/dist/client-DQsu_IXu.js +0 -723
  693. package/dist/command-auth-BWQO7kca.js +0 -76
  694. package/dist/command-config-resolution-ClTknI2S.js +0 -2
  695. package/dist/command-config-resolution-CrkcVij4.js +0 -23
  696. package/dist/command-config-resolution.runtime-D6B4s-Uv.js +0 -2
  697. package/dist/command-registry-B_U-oRjT.js +0 -4
  698. package/dist/command-registry-CJ8y08cJ.js +0 -9
  699. package/dist/command-registry-core-CjYDA5Hb.js +0 -106
  700. package/dist/command-secret-gateway-BN5JN_4V.js +0 -528
  701. package/dist/command-status.runtime-BwGSaGwK.js +0 -87
  702. package/dist/commands-acp-Di5EZJSo.js +0 -77
  703. package/dist/commands-compact.runtime-Dm1rBnbf.js +0 -10
  704. package/dist/commands-handlers.runtime-C8uzW3Za.js +0 -4599
  705. package/dist/commands-status-D_wsDlQe.js +0 -16
  706. package/dist/commands-status.runtime-BYT0Y8Xk.js +0 -3
  707. package/dist/commands-subagents-control.runtime-BozyiWar.js +0 -3
  708. package/dist/commands-subagents-control.runtime-DDCzt8Ub.js +0 -2
  709. package/dist/commands-system-prompt-ClkTGvNr.js +0 -157
  710. package/dist/commands-system-prompt-qRoqhQKL.js +0 -2
  711. package/dist/commands.runtime-DdZErCma.js +0 -167
  712. package/dist/compact-BCs9ORLb.js +0 -1096
  713. package/dist/compact.runtime-DvG7GWYV.js +0 -12
  714. package/dist/completion-cli-C4J7V5YR.js +0 -328
  715. package/dist/config-B0uPLzV0.js +0 -252
  716. package/dist/config-cli-Bt8euI41.js +0 -1078
  717. package/dist/configure-BIB6QKXD.js +0 -2
  718. package/dist/configure-DuXRvaw-.js +0 -1252
  719. package/dist/connect-options-DdLRs3mC.js +0 -699
  720. package/dist/control-auth-BboB6-Q9.js +0 -125
  721. package/dist/control-service-zISWiuJ_.js +0 -156
  722. package/dist/conversation-id-BzYtax7n.js +0 -235
  723. package/dist/conversation-id-HBz3v6j3.js +0 -38
  724. package/dist/conversation-runtime-CkcxSb_S.js +0 -31
  725. package/dist/core-DxVEjt5f.js +0 -275
  726. package/dist/cron-cli-CAkqablA.js +0 -713
  727. package/dist/daemon-cli-CCC_5IkN.js +0 -12
  728. package/dist/dashboard-Bqpn6xD_.js +0 -81
  729. package/dist/dashboard-Cd6TkhpW.js +0 -2
  730. package/dist/delegate-D7D8iTtT.js +0 -64
  731. package/dist/detached-task-runtime-D2jixP5C.js +0 -73
  732. package/dist/devices-cli-CMnaKl01.js +0 -498
  733. package/dist/diagnostics-B8Z9UWlG.js +0 -154
  734. package/dist/direct-dm-c4Qb2Nzg.js +0 -64
  735. package/dist/dispatch-acp-BL2QahHP.js +0 -981
  736. package/dist/dispatch-acp-manager.runtime-CynWPlJS.js +0 -3
  737. package/dist/dispatch-acp.runtime-OwR8G8Qt.js +0 -19
  738. package/dist/dispatch-r6Uv7puk.js +0 -1131
  739. package/dist/doctor-device-pairing-GsLelCah.js +0 -307
  740. package/dist/doctor-gateway-daemon-flow-Bj6Y5WoB.js +0 -250
  741. package/dist/doctor-gateway-health-D7WY6zgb.js +0 -63
  742. package/dist/doctor-health-C9GRQaPA.js +0 -59
  743. package/dist/doctor-health-contributions-Dk9ho6TO.js +0 -493
  744. package/dist/doctor-prompter-Ct6Jv52M.js +0 -56
  745. package/dist/doctor-workspace-status-CJCfWEI6.js +0 -75
  746. package/dist/dreaming-_hTKF5lN.js +0 -1582
  747. package/dist/dreaming-narrative-D5XTDttN.js +0 -596
  748. package/dist/embedded-gateway-stub.runtime-CEmoodA9.js +0 -9
  749. package/dist/exec-approvals-cli-ClDMlOmM.js +0 -498
  750. package/dist/fallbacks-7zSQjTV3.js +0 -31
  751. package/dist/fallbacks-CZiqVR5O.js +0 -2
  752. package/dist/fallbacks-shared-ChkX-wC9.js +0 -111
  753. package/dist/gateway-CHyZ16Py.js +0 -115
  754. package/dist/gateway-cli-Ddf-bjxV.js +0 -1283
  755. package/dist/gateway-rpc-DksPpMA7.js +0 -14
  756. package/dist/gateway-rpc.runtime-BKaQsdOu.js +0 -23
  757. package/dist/gateway-runtime-Ca4l5F_e.js +0 -15
  758. package/dist/gateway-status-CTPWttLS.js +0 -584
  759. package/dist/genesis-tools-Bkxp7zlI.js +0 -9435
  760. package/dist/genesis-tools.runtime-BCkQJQBx.js +0 -2
  761. package/dist/get-reply-HzKdsGO7.js +0 -3946
  762. package/dist/get-reply-from-config.runtime-C5ISSvQ1.js +0 -2
  763. package/dist/graph-users-BVVUU02O.js +0 -1337
  764. package/dist/health-3Ot3RyLe.js +0 -420
  765. package/dist/health-B1Ww7M60.js +0 -3
  766. package/dist/health-route--L24U5vY.js +0 -2
  767. package/dist/health-route-DQ3RbNHQ.js +0 -41
  768. package/dist/hooks-cli-CsJbTM0O.js +0 -433
  769. package/dist/image-fallbacks--ElXneWp.js +0 -31
  770. package/dist/image-fallbacks-D3vJILOu.js +0 -2
  771. package/dist/inbound-reply-dispatch-B7wRXjgc.js +0 -73
  772. package/dist/infra-runtime-CBfd1WMP.js +0 -38
  773. package/dist/init-D0hOJH3x.js +0 -59
  774. package/dist/library-oLeJ7WB2.js +0 -45
  775. package/dist/lifecycle-CeE5vcbI.js +0 -571
  776. package/dist/lifecycle-CqOQyQkN.js +0 -229
  777. package/dist/lifecycle.runtime-3bkEDR0o.js +0 -2
  778. package/dist/list-C3cLeCpB.js +0 -2
  779. package/dist/list-CcZ_ONLT.js +0 -2
  780. package/dist/list-DUXsFAZJ.js +0 -1212
  781. package/dist/list-gnrIqPtd.js +0 -131
  782. package/dist/list.probe-BwRgShwM.js +0 -419
  783. package/dist/llm-slug-generator-BkDTThCe.js +0 -79
  784. package/dist/load-config-CfZQrUUz.js +0 -35
  785. package/dist/local-dispatch.runtime-CtXGZ70F.js +0 -8
  786. package/dist/logs-cli-zd_9yCKn.js +0 -265
  787. package/dist/logs-cli.runtime-BWvHh5zg.js +0 -2
  788. package/dist/main-session-restart-recovery-Bnvjo9E1.js +0 -206
  789. package/dist/managed-image-attachments-Cib67JTY.js +0 -2
  790. package/dist/managed-image-attachments-Pl-_Wh-s.js +0 -635
  791. package/dist/manager-CfFNGdWA.js +0 -2057
  792. package/dist/manager-TXSNaq3B.js +0 -2
  793. package/dist/markdown-to-line-C83mDLjZ.js +0 -790
  794. package/dist/mcp-cli-CNy5N1fa.js +0 -725
  795. package/dist/mcp-http-Cp3nlyRC.js +0 -529
  796. package/dist/memory-core-host-runtime-cli-BegfMQ60.js +0 -9
  797. package/dist/message-BEIYueeC.js +0 -232
  798. package/dist/message-action-runner-BMAw7gfU.js +0 -2
  799. package/dist/message-action-runner-DbqkVVXA.js +0 -1407
  800. package/dist/message-actions-CagfUya_.js +0 -143
  801. package/dist/message.gateway.runtime-8N00rzUd.js +0 -2
  802. package/dist/models-auth-status-dUVFT_f1.js +0 -217
  803. package/dist/models-cli-VqeddndJ.js +0 -271
  804. package/dist/monitor-BgwZHXAs.js +0 -2
  805. package/dist/monitor-BrGXztev.js +0 -1661
  806. package/dist/monitor-DXqHkIkY.js +0 -788
  807. package/dist/monitor-DoS0pnRS.js +0 -671
  808. package/dist/monitor-SUo0OdqH.js +0 -1459
  809. package/dist/monitor-auth-BjLpAGxu.js +0 -207
  810. package/dist/monitor-hVTP1bQv.js +0 -1237
  811. package/dist/monitor-processing-CIokCAUz.js +0 -1974
  812. package/dist/monitor.runtime-BU4RKNXx.js +0 -2
  813. package/dist/monitor.webhook-DaTTjWrL.js +0 -180
  814. package/dist/msteams-CmdWCuQl.js +0 -35
  815. package/dist/native-hook-relay-Crk4McKb.js +0 -519
  816. package/dist/nextcloud-talk-D23cNPfx.js +0 -17
  817. package/dist/node-cli-DQ2FAUD5.js +0 -2276
  818. package/dist/nodes-cli-rSfhRw3_.js +0 -1046
  819. package/dist/nodes-utils-DlayGjaD.js +0 -84
  820. package/dist/nodes.helpers-DDUs18Tb.js +0 -34
  821. package/dist/notify-BSOvLWmd.js +0 -315
  822. package/dist/onboard-CpNpQ0N8.js +0 -70
  823. package/dist/onboard-helpers-BSqq4yEX.js +0 -204
  824. package/dist/onboard-helpers-Cw8cHMwk.js +0 -6
  825. package/dist/onboard-interactive-CIJMPUNi.js +0 -24
  826. package/dist/onboard-non-interactive-CCGFunM1.js +0 -635
  827. package/dist/onboard-remote-BIFjzB0v.js +0 -193
  828. package/dist/onboard-remote-DdfKS44K.js +0 -2
  829. package/dist/onboard-skills-C9Oz7pMM.js +0 -134
  830. package/dist/onboard-skills-DFZIuIBM.js +0 -2
  831. package/dist/onboard-ygfHgwjs.js +0 -2
  832. package/dist/openai-http-V8-EZ-Tx.js +0 -500
  833. package/dist/openresponses-http-B2Z5eD7p.js +0 -1128
  834. package/dist/operator-approvals-client-DcLaJSYz.js +0 -68
  835. package/dist/outbound.runtime-BioZr0Xk.js +0 -2
  836. package/dist/pair-command-approve-CKQ5PFPa.js +0 -44
  837. package/dist/persistent-bindings.lifecycle-Cc3nJyXl.js +0 -2
  838. package/dist/persistent-bindings.lifecycle-DMUm3wFX.js +0 -85
  839. package/dist/pi-embedded-DLQZrdL6.js +0 -2905
  840. package/dist/pi-embedded-kfFiSGXN.js +0 -4
  841. package/dist/pi-embedded.runtime-DXAilonb.js +0 -4
  842. package/dist/pi-tool-definition-adapter-D5M4iVmd.js +0 -229
  843. package/dist/pi-tools-CymfaKhy.js +0 -1118
  844. package/dist/pi-tools.before-tool-call-CBjigYgQ.js +0 -2
  845. package/dist/pi-tools.before-tool-call-CrhLIm2q.js +0 -433
  846. package/dist/plugin-DJ_g-ddv.js +0 -12195
  847. package/dist/plugin-enabled-CqvTLQjg.js +0 -140
  848. package/dist/plugin-registration-awDDNZjN.js +0 -23
  849. package/dist/plugin-service-Bcg-shsL.js +0 -2893
  850. package/dist/policy-DIf26_n6.js +0 -328
  851. package/dist/prepare.runtime-DCLXK1uq.js +0 -807
  852. package/dist/probe-0w9S79sF.js +0 -45
  853. package/dist/probe-BQT29JH7.js +0 -74
  854. package/dist/probe-CB6KR9ri.js +0 -240
  855. package/dist/probe-CWtFr2jl.js +0 -2
  856. package/dist/probe-CcBuLmYT.js +0 -2205
  857. package/dist/probe-DYqlJBSk.js +0 -2
  858. package/dist/probe-_IUalbC8.js +0 -1443
  859. package/dist/program-sXJs6Lyj.js +0 -111
  860. package/dist/prompt-select-styled-jucMgA5f.js +0 -20
  861. package/dist/protocol-DgMCJAA_.js +0 -2586
  862. package/dist/provider-dispatcher-9z9Dw59_.js +0 -2
  863. package/dist/provider-dispatcher-DyQNST2Z.js +0 -22
  864. package/dist/qr-cli-Dwc3sjiV.js +0 -2
  865. package/dist/qr-cli-hTiyQbbK.js +0 -349
  866. package/dist/reaction-runtime-api-Q9NHKbpw.js +0 -116
  867. package/dist/reactions-DGczAFsd.js +0 -998
  868. package/dist/register-service-commands-Dxwl01rR.js +0 -71
  869. package/dist/register.agent-Drovpr_f.js +0 -248
  870. package/dist/register.configure-BzQtmjqp.js +0 -15
  871. package/dist/register.maintenance-PRykY6qq.js +0 -363
  872. package/dist/register.message-Dw6OLnap.js +0 -329
  873. package/dist/register.onboard-CB7aqo8I.js +0 -88
  874. package/dist/register.runtime-5QpZP1PI.js +0 -81
  875. package/dist/register.setup-GLc__3H1.js +0 -150
  876. package/dist/register.status-health-sessions-DuQnS6V7.js +0 -1215
  877. package/dist/register.subclis-Bupq6ckp.js +0 -3
  878. package/dist/register.subclis-Df0YvsXg.js +0 -29
  879. package/dist/register.subclis-core-CK63Nor4.js +0 -249
  880. package/dist/reply-dispatch-runtime-D63ANCTQ.js +0 -13
  881. package/dist/reply-runtime-CLq8xugv.js +0 -10
  882. package/dist/reply.runtime-FitoWYiX.js +0 -2
  883. package/dist/restart-health-CNE6ENF8.js +0 -202
  884. package/dist/restart-health-DriNCEEo.js +0 -2
  885. package/dist/root-help-BsG62TUK.js +0 -44
  886. package/dist/routes-B8SmZM_C.js +0 -3341
  887. package/dist/routes-CVtIuQaj.js +0 -2
  888. package/dist/rpc-AJw8-VEF.js +0 -61
  889. package/dist/rpc.runtime-NzXXr3IH.js +0 -21
  890. package/dist/run-delivery.runtime-DDc5pTuc.js +0 -530
  891. package/dist/run-embedded.runtime-BlLE0DKl.js +0 -4
  892. package/dist/run-execution-cli.runtime-Dx9bn2nL.js +0 -4
  893. package/dist/run-executor.runtime-Bx0-xr66.js +0 -277
  894. package/dist/run-main-Q7WXDun9.js +0 -567
  895. package/dist/run-subagent-registry.runtime-DN441nGA.js +0 -2
  896. package/dist/run-wait-DOOBZLr5.js +0 -135
  897. package/dist/runtime-B56xKFjA.js +0 -9
  898. package/dist/runtime-D--xK0Me.js +0 -961
  899. package/dist/runtime-api-BGOAhjcp.js +0 -9
  900. package/dist/runtime-api-CcUMXjjy.js +0 -14
  901. package/dist/runtime-api-L9lB-rDz.js +0 -4
  902. package/dist/runtime-api-ap0gPIKQ.js +0 -9
  903. package/dist/runtime-embedded-pi.runtime-CQ5TsVlh.js +0 -2
  904. package/dist/runtime-internal-DwAoh64o.js +0 -2
  905. package/dist/runtime-options-CtF_gotz.js +0 -275
  906. package/dist/runtime-schema-7aqYdEly.js +0 -28599
  907. package/dist/scan-BmfJ_GUd.js +0 -2
  908. package/dist/scan-BwUXPVa4.js +0 -523
  909. package/dist/secrets-cli-Byrmt5p3.js +0 -2101
  910. package/dist/security-cli-Cb_qzWSU.js +0 -486
  911. package/dist/selection-BaZ-7Sz6.js +0 -2
  912. package/dist/selection-C8rwxPqg.js +0 -7743
  913. package/dist/send-C3Ht9Buu.js +0 -102
  914. package/dist/send-NpRBz3rn.js +0 -156
  915. package/dist/send.runtime-Buvd_P2p.js +0 -2
  916. package/dist/server-B8tim7RO.js +0 -13
  917. package/dist/server-ClAvfJJm.js +0 -77
  918. package/dist/server-context-Dl7OQ56d.js +0 -2
  919. package/dist/server-context-F2Jh0JBO.js +0 -847
  920. package/dist/server-node-events-Db8SbNO0.js +0 -474
  921. package/dist/server-plugin-bootstrap-DxpFA7AU.js +0 -13703
  922. package/dist/server-plugin-bootstrap-t6Z_tN0J.js +0 -2
  923. package/dist/server-restart-sentinel-VLhFJOy5.js +0 -684
  924. package/dist/server.impl-BNDZK6Lv.js +0 -12804
  925. package/dist/session-kill-http-C35_XMK_.js +0 -110
  926. package/dist/session-reset-service-Cs7o8vTZ.js +0 -497
  927. package/dist/session-route-DwjrtcvV.js +0 -93
  928. package/dist/session-status.runtime-Cp9hECfs.js +0 -2
  929. package/dist/session-subagent-reactivation.runtime-3hC6cwVh.js +0 -2
  930. package/dist/session-tab-registry-BHn1P3lZ.js +0 -581
  931. package/dist/session-visibility-C5yhLdDZ.js +0 -147
  932. package/dist/sessions-helpers-C_xGZAo7.js +0 -305
  933. package/dist/sessions-history-http-CQ-Ga5H3.js +0 -371
  934. package/dist/sessions-patch-XzBTc4fY.js +0 -309
  935. package/dist/sessions-resolve-CF4QOXiX.js +0 -174
  936. package/dist/sessions.runtime-CEV3VtEH.js +0 -2
  937. package/dist/setup-D218KRK6.js +0 -636
  938. package/dist/setup-api-BvHlVezg.js +0 -29
  939. package/dist/setup-core-BjceveVY.js +0 -171
  940. package/dist/setup-core-CxDIk2Qq.js +0 -176
  941. package/dist/setup-surface-6hnrFGJ3.js +0 -286
  942. package/dist/setup-surface-BBDyg26_.js +0 -219
  943. package/dist/setup-surface-HREO9zEo.js +0 -403
  944. package/dist/setup.finalize-CAJxf_Mm.js +0 -547
  945. package/dist/setup.gateway-config-g6JfCjT4.js +0 -250
  946. package/dist/shared-CJ2_38Ar.js +0 -198
  947. package/dist/shared-CecRnN5i.js +0 -76
  948. package/dist/shared-Zan1S92i.js +0 -121
  949. package/dist/slash-state-EXy1B2EX.js +0 -1911
  950. package/dist/src-Dda8Fvmo.js +0 -3974
  951. package/dist/startup-context-BLtyYbKu.js +0 -312
  952. package/dist/status-B1RXiDvc.js +0 -3
  953. package/dist/status-B4tnoXkV.js +0 -2
  954. package/dist/status-BWXZC-dF.js +0 -2
  955. package/dist/status-DNnTegVL.js +0 -395
  956. package/dist/status-G3Z29Cb_.js +0 -190
  957. package/dist/status-all-pjolmMGB.js +0 -498
  958. package/dist/status-json-BKR5uVlE.js +0 -14
  959. package/dist/status-json-command-DuIQ8dNz.js +0 -82
  960. package/dist/status-n2SrcSeP.js +0 -209
  961. package/dist/status-runtime-shared-9akPh3OB.js +0 -241
  962. package/dist/status-subagents.runtime-C-2-94r7.js +0 -18
  963. package/dist/status-text-DY-AMW7D.js +0 -237
  964. package/dist/status.gateway-connection.runtime-CGwlyVSQ.js +0 -2
  965. package/dist/status.gather-C17tVkff.js +0 -2
  966. package/dist/status.gather-CGXwFKnq.js +0 -292
  967. package/dist/status.runtime-DdcRs0mC.js +0 -2
  968. package/dist/status.scan-BSIqJF_S.js +0 -65
  969. package/dist/status.scan-overview-CbwLYoIT.js +0 -379
  970. package/dist/status.scan.fast-json-BnpfFSN8.js +0 -2
  971. package/dist/status.scan.fast-json-W54JDFUy.js +0 -132
  972. package/dist/status.summary-CeaTG93y.js +0 -2
  973. package/dist/status.summary-LPaYBiqB.js +0 -200
  974. package/dist/subagent-announce-Dn5xl49E.js +0 -351
  975. package/dist/subagent-announce-delivery-CpVHT0KZ.js +0 -726
  976. package/dist/subagent-announce-output-Ba8GDqQZ.js +0 -364
  977. package/dist/subagent-control-Clm3gsra.js +0 -506
  978. package/dist/subagent-followup.runtime-OlILj5hg.js +0 -68
  979. package/dist/subagent-orphan-recovery-Dqi7ktSy.js +0 -305
  980. package/dist/subagent-registry-BfT1dA_H.js +0 -3
  981. package/dist/subagent-registry-DsOeyo6i.js +0 -1753
  982. package/dist/subagent-spawn-IMKDJ_Ai.js +0 -1005
  983. package/dist/system-cli-QcbUPgUP.js +0 -43
  984. package/dist/targets-rJXMe19f.js +0 -67
  985. package/dist/task-executor-CT_QfGPJ.js +0 -360
  986. package/dist/task-owner-access-Bm14vxJa.js +0 -74
  987. package/dist/task-registry-D6gK7iIt.js +0 -2357
  988. package/dist/task-registry-delivery-runtime-CDAeASdU.js +0 -2
  989. package/dist/task-registry-delivery-runtime-CeWw5kdc.js +0 -3
  990. package/dist/task-registry.maintenance-B5hpULqB.js +0 -416
  991. package/dist/task-registry.maintenance-DZFQCCjc.js +0 -2
  992. package/dist/testing-B2Y0vJ76.js +0 -575
  993. package/dist/text-report-0Q8c04if.js +0 -549
  994. package/dist/tool-resolution-CHcj9HdC.js +0 -90
  995. package/dist/tools-effective-inventory-Giuks2Dt.js +0 -152
  996. package/dist/tools-invoke-http-FlaWbmCS.js +0 -206
  997. package/dist/trash-BzlpkaUi.js +0 -24
  998. package/dist/tui-cli-B9Emgd5Q.js +0 -4585
  999. package/dist/update-cli-ln47pDmA.js +0 -1759
  1000. package/dist/upgrade-Ctu4zfU3.js +0 -1226
  1001. package/dist/video-generation-task-status-AzBxxMK4.js +0 -163
  1002. package/dist/wait-for-idle-before-flush-D4a3dGVX.js +0 -6025
  1003. package/dist/wizard-models-DpLispoG.js +0 -334
@@ -1,2853 +0,0 @@
1
- import { i as formatErrorMessage } from "./errors-CufR9eHH.js";
2
- import { a as normalizeLowercaseStringOrEmpty, c as normalizeOptionalString, s as normalizeOptionalLowercaseString } from "./string-coerce-DPP_aYVc.js";
3
- import { c as escapeRegExp } from "./utils-CWrkFsp0.js";
4
- import { s as sanitizeHostExecEnvWithDiagnostics } from "./host-env-security-PtrzxCxY.js";
5
- import { a as logWarn, r as logInfo } from "./logger-BbnBrdB_.js";
6
- import { K as getShellPathFromLoginShell, q as resolveShellEnvFallbackTimeoutMs } from "./io-Cy5vajWd.js";
7
- import { i as isCronSessionKey, o as isSubagentSessionKey, s as parseAgentSessionKey } from "./session-key-utils-DDwuwYKT.js";
8
- import { u as resolveAgentIdFromSessionKey } from "./session-key-CI3KvTQC.js";
9
- import { d as resolveApprovalAuditCandidatePath } from "./exec-safe-bin-trust-DMrCONj2.js";
10
- import { t as killProcessTree } from "./kill-tree-BbGiB2xY.js";
11
- import { c as isGatewayMessageChannel, u as normalizeMessageChannel } from "./message-channel-8hna3ogc.js";
12
- import { i as normalizeDeliveryContext } from "./delivery-context.shared-DnaA0DbE.js";
13
- import { b as EXEC_TOOL_DISPLAY_SUMMARY, x as PROCESS_TOOL_DISPLAY_SUMMARY } from "./tool-policy-BIGITEMh.js";
14
- import { C as formatExecDeniedUserMessage, T as parseExecApprovalResultText, u as sanitizeUserFacingText, w as isExecDeniedResultText } from "./sanitize-user-facing-text-DKqUCgHB.js";
15
- import { o as failedTextResult, v as textResult } from "./common-C4_5xEM_.js";
16
- import { t as callGatewayTool } from "./gateway-CHyZ16Py.js";
17
- import { t as splitShellArgs } from "./shell-argv-BaDMAO0_.js";
18
- import { c as describeInterpreterInlineEval, f as analyzeShellCommand, l as detectInterpreterInlineEvalArgv, n as evaluateShellAllowlist, p as buildEnforcedShellCommand } from "./exec-approvals-allowlist-BBW7JMg0.js";
19
- import { r as resolveExecSafeBinRuntimePolicy } from "./exec-safe-bin-runtime-policy-DUcKpnC_.js";
20
- import { C as requiresExecApproval, D as resolveExecApprovalsFromFile, E as resolveExecApprovals, _ as normalizeExecTarget, a as addDurableCommandApproval, b as recordAllowlistMatchesUse, f as minSecurity, g as normalizeExecSecurity, l as loadExecApprovals, m as normalizeExecAsk, s as hasDurableExecApproval, u as maxAsk, v as persistAllowAlwaysPatterns, w as resolveExecApprovalAllowedDecisions } from "./exec-approvals-D0DTIzDT.js";
21
- import { n as describeProcessTool, t as describeExecTool } from "./bash-tools.descriptions-DzPYV0Li.js";
22
- import { n as processSchema, t as execSchema } from "./bash-tools.schemas-B8_wOdjn.js";
23
- import "./delivery-context-Pj68kbuc.js";
24
- import { n as getDiagnosticSessionState } from "./diagnostic-session-state-BzRMvtlj.js";
25
- import { i as resolveNodeIdFromList, t as listNodes } from "./nodes-utils-DlayGjaD.js";
26
- import { t as sendMessage } from "./message-BEIYueeC.js";
27
- import { t as resolveExternalBestEffortDeliveryTarget } from "./best-effort-delivery-CPpGc0xQ.js";
28
- import { t as formatDurationCompact } from "./format-duration-D7ua_Cv_.js";
29
- import { a as coerceEnv, c as readEnvInt, d as sliceLogLines, f as truncateMiddle, i as clampWithDefault, l as resolveSandboxWorkdir, n as buildSandboxEnv, o as deriveSessionName, s as pad, u as resolveWorkdir } from "./bash-tools.shared-tggOw0Pu.js";
30
- import { f as resolveExecApprovalInitiatingSurfaceState, s as buildExecApprovalUnavailableReplyPayload } from "./exec-approval-reply-BhbjoK1B.js";
31
- import { i as normalizePathPrepend, t as applyPathPrepend } from "./path-prepend-DR8e0z7b.js";
32
- import { t as getProcessSupervisor } from "./supervisor-DgpKTzey.js";
33
- import { C as setJobTtlMs, S as markExited, _ as getFinishedSession, a as DEFAULT_PENDING_MAX_OUTPUT, b as listRunningSessions, c as createApprovalSlug, f as resolveApprovalRunningNoticeMs, g as drainSession, h as deleteSession, i as DEFAULT_PATH, m as runExecProcess, n as DEFAULT_APPROVAL_TIMEOUT_MS, o as applyShellPath, p as resolveExecTarget, r as DEFAULT_MAX_OUTPUT, s as buildApprovalPendingMessage, t as DEFAULT_APPROVAL_REQUEST_TIMEOUT_MS, u as normalizeNotifyOutput, v as getSession, w as tail, x as markBackgrounded, y as listFinishedSessions } from "./bash-tools.exec-runtime-BSErqAOv.js";
34
- import { a as parseModelRiskVerdict, i as mergeSafeguardVerdicts, n as evaluateExecSafeguard, r as isAmbiguousForModel } from "./exec-safeguard-DMM6KaOP.js";
35
- import { t as parsePreparedSystemRunPayload } from "./system-run-approval-context-CmtECXC_.js";
36
- import { n as recordCommandPoll, r as resetCommandPollCount } from "./command-poll-backoff-BzCxMvUa.js";
37
- import path from "node:path";
38
- import crypto from "node:crypto";
39
- //#region src/agents/bash-tools.exec-approval-request.ts
40
- function buildExecApprovalRequestToolParams(params) {
41
- return {
42
- id: params.id,
43
- ...params.command ? { command: params.command } : {},
44
- ...params.commandArgv ? { commandArgv: params.commandArgv } : {},
45
- systemRunPlan: params.systemRunPlan,
46
- env: params.env,
47
- cwd: params.cwd,
48
- nodeId: params.nodeId,
49
- host: params.host,
50
- security: params.security,
51
- ask: params.ask,
52
- agentId: params.agentId,
53
- resolvedPath: params.resolvedPath,
54
- sessionKey: params.sessionKey,
55
- turnSourceChannel: params.turnSourceChannel,
56
- turnSourceTo: params.turnSourceTo,
57
- turnSourceAccountId: params.turnSourceAccountId,
58
- turnSourceThreadId: params.turnSourceThreadId,
59
- timeoutMs: DEFAULT_APPROVAL_TIMEOUT_MS,
60
- twoPhase: true
61
- };
62
- }
63
- function parseDecision(value) {
64
- if (!value || typeof value !== "object") return {
65
- present: false,
66
- value: null
67
- };
68
- if (!Object.hasOwn(value, "decision")) return {
69
- present: false,
70
- value: null
71
- };
72
- const decision = value.decision;
73
- return {
74
- present: true,
75
- value: typeof decision === "string" ? decision : null
76
- };
77
- }
78
- function parseString(value) {
79
- return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
80
- }
81
- function parseExpiresAtMs(value) {
82
- return typeof value === "number" && Number.isFinite(value) ? value : void 0;
83
- }
84
- async function registerExecApprovalRequest(params) {
85
- const registrationResult = await callGatewayTool("exec.approval.request", { timeoutMs: DEFAULT_APPROVAL_REQUEST_TIMEOUT_MS }, buildExecApprovalRequestToolParams(params), { expectFinal: false });
86
- const decision = parseDecision(registrationResult);
87
- const id = parseString(registrationResult?.id) ?? params.id;
88
- const expiresAtMs = parseExpiresAtMs(registrationResult?.expiresAtMs) ?? Date.now() + DEFAULT_APPROVAL_TIMEOUT_MS;
89
- if (decision.present) return {
90
- id,
91
- expiresAtMs,
92
- finalDecision: decision.value
93
- };
94
- return {
95
- id,
96
- expiresAtMs
97
- };
98
- }
99
- async function waitForExecApprovalDecision(id) {
100
- try {
101
- return parseDecision(await callGatewayTool("exec.approval.waitDecision", { timeoutMs: DEFAULT_APPROVAL_REQUEST_TIMEOUT_MS }, { id })).value;
102
- } catch (err) {
103
- if (normalizeLowercaseStringOrEmpty(String(err)).includes("approval expired or not found")) return null;
104
- throw err;
105
- }
106
- }
107
- async function resolveRegisteredExecApprovalDecision(params) {
108
- if (params.preResolvedDecision !== void 0) return params.preResolvedDecision ?? null;
109
- return await waitForExecApprovalDecision(params.approvalId);
110
- }
111
- function buildExecApprovalRequesterContext(params) {
112
- return {
113
- agentId: params.agentId,
114
- sessionKey: params.sessionKey
115
- };
116
- }
117
- function buildExecApprovalTurnSourceContext(params) {
118
- return {
119
- turnSourceChannel: params.turnSourceChannel,
120
- turnSourceTo: params.turnSourceTo,
121
- turnSourceAccountId: params.turnSourceAccountId,
122
- turnSourceThreadId: params.turnSourceThreadId
123
- };
124
- }
125
- function buildHostApprovalDecisionParams(params) {
126
- return {
127
- id: params.approvalId,
128
- command: params.command,
129
- commandArgv: params.commandArgv,
130
- systemRunPlan: params.systemRunPlan,
131
- env: params.env,
132
- cwd: params.workdir,
133
- nodeId: params.nodeId,
134
- host: params.host,
135
- security: params.security,
136
- ask: params.ask,
137
- ...buildExecApprovalRequesterContext({
138
- agentId: params.agentId,
139
- sessionKey: params.sessionKey
140
- }),
141
- resolvedPath: params.resolvedPath,
142
- ...buildExecApprovalTurnSourceContext(params)
143
- };
144
- }
145
- async function registerExecApprovalRequestForHost(params) {
146
- return await registerExecApprovalRequest(buildHostApprovalDecisionParams(params));
147
- }
148
- async function registerExecApprovalRequestForHostOrThrow(params) {
149
- try {
150
- return await registerExecApprovalRequestForHost(params);
151
- } catch (err) {
152
- throw new Error(`Exec approval registration failed: ${String(err)}`, { cause: err });
153
- }
154
- }
155
- //#endregion
156
- //#region src/agents/bash-tools.exec-approval-followup.ts
157
- function buildExecDeniedFollowupPrompt(resultText) {
158
- return [
159
- "An async command did not run.",
160
- "Do not run the command again.",
161
- "There is no new command output.",
162
- "Do not mention, summarize, or reuse output from any earlier run in this session.",
163
- "",
164
- "Exact completion details:",
165
- resultText.trim(),
166
- "",
167
- "Reply to the user in a helpful way.",
168
- "Explain that the command did not run and why.",
169
- "Do not claim there is new command output."
170
- ].join("\n");
171
- }
172
- function formatUnknownError(error) {
173
- if (error instanceof Error) return error.message;
174
- if (typeof error === "string") return error;
175
- try {
176
- return JSON.stringify(error);
177
- } catch {
178
- return "unknown error";
179
- }
180
- }
181
- function buildExecApprovalFollowupPrompt(resultText) {
182
- const trimmed = resultText.trim();
183
- if (isExecDeniedResultText(trimmed)) return buildExecDeniedFollowupPrompt(trimmed);
184
- return [
185
- "An async command the user already approved has completed.",
186
- "Do not run the command again.",
187
- "If the task requires more steps, continue from this result before replying to the user.",
188
- "Only ask the user for help if you are actually blocked.",
189
- "",
190
- "Exact completion details:",
191
- trimmed,
192
- "",
193
- "Continue the task if needed, then reply to the user in a helpful way.",
194
- "If it succeeded, share the relevant output.",
195
- "If it failed, explain what went wrong."
196
- ].join("\n");
197
- }
198
- function shouldSuppressExecDeniedFollowup(sessionKey) {
199
- return isSubagentSessionKey(sessionKey) || isCronSessionKey(sessionKey);
200
- }
201
- function formatDirectExecApprovalFollowupText(resultText, opts = {}) {
202
- const parsed = parseExecApprovalResultText(resultText);
203
- if (parsed.kind === "other" && !parsed.raw) return null;
204
- if (parsed.kind === "denied") return opts.allowDenied ? formatExecDeniedUserMessage(parsed.raw) : null;
205
- if (parsed.kind === "finished") {
206
- const metadata = normalizeLowercaseStringOrEmpty(parsed.metadata);
207
- const body = sanitizeUserFacingText(parsed.body, { errorContext: !metadata.includes("code 0") }).trim();
208
- let prefix = "";
209
- if (!body) prefix = metadata.includes("code 0") ? "Background command finished." : metadata.includes("signal") ? "Background command stopped unexpectedly." : "Background command finished with an error.";
210
- return body ? `${prefix ? `${prefix}\n\n` : ""}${body}` : prefix || null;
211
- }
212
- if (parsed.kind === "completed") return sanitizeUserFacingText(parsed.body, { errorContext: true }).trim() || "Background command finished.";
213
- return sanitizeUserFacingText(parsed.raw, { errorContext: true }).trim() || null;
214
- }
215
- function buildSessionResumeFallbackPrefix() {
216
- return "Automatic session resume failed, so sending the status directly.\n\n";
217
- }
218
- function canDirectSendDeniedFollowup(sessionError) {
219
- return sessionError !== null;
220
- }
221
- function buildAgentFollowupArgs(params) {
222
- const { deliveryTarget, sessionOnlyOriginChannel } = params;
223
- return {
224
- sessionKey: params.sessionKey,
225
- message: buildExecApprovalFollowupPrompt(params.resultText),
226
- deliver: deliveryTarget.deliver,
227
- ...deliveryTarget.deliver ? { bestEffortDeliver: true } : {},
228
- channel: deliveryTarget.deliver ? deliveryTarget.channel : sessionOnlyOriginChannel,
229
- to: deliveryTarget.deliver ? deliveryTarget.to : sessionOnlyOriginChannel ? params.turnSourceTo : void 0,
230
- accountId: deliveryTarget.deliver ? deliveryTarget.accountId : sessionOnlyOriginChannel ? params.turnSourceAccountId : void 0,
231
- threadId: deliveryTarget.deliver ? deliveryTarget.threadId : sessionOnlyOriginChannel ? params.turnSourceThreadId : void 0,
232
- idempotencyKey: `exec-approval-followup:${params.approvalId}`
233
- };
234
- }
235
- async function sendDirectFollowupFallback(params) {
236
- const directText = formatDirectExecApprovalFollowupText(params.resultText, { allowDenied: canDirectSendDeniedFollowup(params.sessionError) });
237
- if (!params.deliveryTarget.deliver || !directText) return false;
238
- const prefix = params.sessionError ? buildSessionResumeFallbackPrefix() : "";
239
- await sendMessage({
240
- channel: params.deliveryTarget.channel,
241
- to: params.deliveryTarget.to ?? "",
242
- accountId: params.deliveryTarget.accountId,
243
- threadId: params.deliveryTarget.threadId,
244
- content: `${prefix}${directText}`,
245
- agentId: void 0,
246
- idempotencyKey: `exec-approval-followup:${params.approvalId}`
247
- });
248
- return true;
249
- }
250
- async function sendExecApprovalFollowup(params) {
251
- const sessionKey = params.sessionKey?.trim();
252
- const resultText = params.resultText.trim();
253
- if (!resultText) return false;
254
- const isDenied = isExecDeniedResultText(resultText);
255
- if (isDenied && shouldSuppressExecDeniedFollowup(sessionKey)) return false;
256
- const deliveryTarget = resolveExternalBestEffortDeliveryTarget({
257
- channel: params.turnSourceChannel,
258
- to: params.turnSourceTo,
259
- accountId: params.turnSourceAccountId,
260
- threadId: params.turnSourceThreadId
261
- });
262
- const normalizedTurnSourceChannel = normalizeMessageChannel(params.turnSourceChannel);
263
- const sessionOnlyOriginChannel = normalizedTurnSourceChannel && isGatewayMessageChannel(normalizedTurnSourceChannel) ? normalizedTurnSourceChannel : void 0;
264
- let sessionError = null;
265
- if (sessionKey) try {
266
- await callGatewayTool("agent", { timeoutMs: 6e4 }, buildAgentFollowupArgs({
267
- approvalId: params.approvalId,
268
- sessionKey,
269
- resultText,
270
- deliveryTarget,
271
- sessionOnlyOriginChannel,
272
- turnSourceTo: params.turnSourceTo,
273
- turnSourceAccountId: params.turnSourceAccountId,
274
- turnSourceThreadId: params.turnSourceThreadId
275
- }), { expectFinal: true });
276
- return true;
277
- } catch (err) {
278
- sessionError = err;
279
- }
280
- if (await sendDirectFollowupFallback({
281
- approvalId: params.approvalId,
282
- deliveryTarget,
283
- resultText,
284
- sessionError
285
- })) return true;
286
- if (sessionError) throw new Error(`Session followup failed: ${formatUnknownError(sessionError)}`);
287
- if (isDenied) return false;
288
- throw new Error("Session key or deliverable origin route is required");
289
- }
290
- const loggedExecApprovalFollowupFailures = /* @__PURE__ */ new Set();
291
- function rememberExecApprovalFollowupFailureKey(key) {
292
- if (loggedExecApprovalFollowupFailures.has(key)) return false;
293
- loggedExecApprovalFollowupFailures.add(key);
294
- if (loggedExecApprovalFollowupFailures.size > 256) {
295
- const oldestKey = loggedExecApprovalFollowupFailures.values().next().value;
296
- if (typeof oldestKey === "string") loggedExecApprovalFollowupFailures.delete(oldestKey);
297
- }
298
- return true;
299
- }
300
- function isHeadlessExecTrigger(trigger) {
301
- return trigger === "cron";
302
- }
303
- function createExecApprovalPendingState(params) {
304
- return {
305
- warningText: params.warnings.length ? `${params.warnings.join("\n")}\n\n` : "",
306
- expiresAtMs: Date.now() + params.timeoutMs,
307
- preResolvedDecision: void 0
308
- };
309
- }
310
- function createExecApprovalRequestState(params) {
311
- return {
312
- ...createExecApprovalPendingState({
313
- warnings: params.warnings,
314
- timeoutMs: params.timeoutMs
315
- }),
316
- noticeSeconds: Math.max(1, Math.round(params.approvalRunningNoticeMs / 1e3))
317
- };
318
- }
319
- function createExecApprovalRequestContext(params) {
320
- const approvalId = crypto.randomUUID();
321
- return {
322
- ...createExecApprovalRequestState({
323
- warnings: params.warnings,
324
- timeoutMs: params.timeoutMs,
325
- approvalRunningNoticeMs: params.approvalRunningNoticeMs
326
- }),
327
- approvalId,
328
- approvalSlug: params.createApprovalSlug(approvalId),
329
- contextKey: `exec:${approvalId}`
330
- };
331
- }
332
- function createDefaultExecApprovalRequestContext(params) {
333
- return createExecApprovalRequestContext({
334
- warnings: params.warnings,
335
- timeoutMs: DEFAULT_APPROVAL_TIMEOUT_MS,
336
- approvalRunningNoticeMs: params.approvalRunningNoticeMs,
337
- createApprovalSlug: params.createApprovalSlug
338
- });
339
- }
340
- function resolveBaseExecApprovalDecision(params) {
341
- if (params.decision === "deny") return {
342
- approvedByAsk: false,
343
- deniedReason: "user-denied",
344
- timedOut: false
345
- };
346
- if (!params.decision) {
347
- if (params.askFallback === "full") return {
348
- approvedByAsk: true,
349
- deniedReason: null,
350
- timedOut: true
351
- };
352
- if (params.askFallback === "deny") return {
353
- approvedByAsk: false,
354
- deniedReason: "approval-timeout",
355
- timedOut: true
356
- };
357
- return {
358
- approvedByAsk: false,
359
- deniedReason: null,
360
- timedOut: true
361
- };
362
- }
363
- return {
364
- approvedByAsk: false,
365
- deniedReason: null,
366
- timedOut: false
367
- };
368
- }
369
- function resolveExecHostApprovalContext(params) {
370
- const approvals = resolveExecApprovals(params.agentId, {
371
- security: params.security,
372
- ask: params.ask
373
- });
374
- const hostSecurity = minSecurity(params.security, approvals.agent.security);
375
- const hostAsk = maxAsk(params.ask, approvals.agent.ask);
376
- const askFallback = minSecurity(hostSecurity, approvals.agent.askFallback);
377
- if (hostSecurity === "deny") throw new Error(`exec denied: host=${params.host} security=deny`);
378
- return {
379
- approvals,
380
- hostSecurity,
381
- hostAsk,
382
- askFallback
383
- };
384
- }
385
- async function resolveApprovalDecisionOrUndefined(params) {
386
- try {
387
- return await resolveRegisteredExecApprovalDecision({
388
- approvalId: params.approvalId,
389
- preResolvedDecision: params.preResolvedDecision
390
- });
391
- } catch {
392
- params.onFailure();
393
- return;
394
- }
395
- }
396
- function resolveExecApprovalUnavailableState(params) {
397
- const initiatingSurface = resolveExecApprovalInitiatingSurfaceState({
398
- channel: params.turnSourceChannel,
399
- accountId: params.turnSourceAccountId
400
- });
401
- return {
402
- initiatingSurface,
403
- sentApproverDms: false,
404
- unavailableReason: params.preResolvedDecision === null ? "no-approval-route" : initiatingSurface.kind === "disabled" ? "initiating-platform-disabled" : initiatingSurface.kind === "unsupported" ? "initiating-platform-unsupported" : null
405
- };
406
- }
407
- async function createAndRegisterDefaultExecApprovalRequest(params) {
408
- const { approvalId, approvalSlug, warningText, expiresAtMs: defaultExpiresAtMs, preResolvedDecision: defaultPreResolvedDecision } = createDefaultExecApprovalRequestContext({
409
- warnings: params.warnings,
410
- approvalRunningNoticeMs: params.approvalRunningNoticeMs,
411
- createApprovalSlug: params.createApprovalSlug
412
- });
413
- const registration = await params.register(approvalId);
414
- const preResolvedDecision = registration.finalDecision;
415
- const { initiatingSurface, sentApproverDms, unavailableReason } = resolveExecApprovalUnavailableState({
416
- turnSourceChannel: params.turnSourceChannel,
417
- turnSourceAccountId: params.turnSourceAccountId,
418
- preResolvedDecision
419
- });
420
- return {
421
- approvalId,
422
- approvalSlug,
423
- warningText,
424
- expiresAtMs: registration.expiresAtMs ?? defaultExpiresAtMs,
425
- preResolvedDecision: registration.finalDecision === void 0 ? defaultPreResolvedDecision : registration.finalDecision,
426
- initiatingSurface,
427
- sentApproverDms,
428
- unavailableReason
429
- };
430
- }
431
- function buildDefaultExecApprovalRequestArgs(params) {
432
- return {
433
- warnings: params.warnings,
434
- approvalRunningNoticeMs: params.approvalRunningNoticeMs,
435
- createApprovalSlug: params.createApprovalSlug,
436
- turnSourceChannel: params.turnSourceChannel,
437
- turnSourceAccountId: params.turnSourceAccountId
438
- };
439
- }
440
- function buildExecApprovalFollowupTarget(params) {
441
- return {
442
- approvalId: params.approvalId,
443
- sessionKey: params.sessionKey,
444
- turnSourceChannel: params.turnSourceChannel,
445
- turnSourceTo: params.turnSourceTo,
446
- turnSourceAccountId: params.turnSourceAccountId,
447
- turnSourceThreadId: params.turnSourceThreadId
448
- };
449
- }
450
- function createExecApprovalDecisionState(params) {
451
- const baseDecision = resolveBaseExecApprovalDecision({
452
- decision: params.decision ?? null,
453
- askFallback: params.askFallback
454
- });
455
- return {
456
- baseDecision,
457
- approvedByAsk: baseDecision.approvedByAsk,
458
- deniedReason: baseDecision.deniedReason
459
- };
460
- }
461
- function enforceStrictInlineEvalApprovalBoundary(params) {
462
- if (!params.baseDecision.timedOut || !params.requiresInlineEvalApproval || !params.approvedByAsk) return {
463
- approvedByAsk: params.approvedByAsk,
464
- deniedReason: params.deniedReason
465
- };
466
- return {
467
- approvedByAsk: false,
468
- deniedReason: params.deniedReason ?? "approval-timeout"
469
- };
470
- }
471
- function shouldResolveExecApprovalUnavailableInline(params) {
472
- return isHeadlessExecTrigger(params.trigger) && params.unavailableReason === "no-approval-route" && params.preResolvedDecision === null;
473
- }
474
- function buildHeadlessExecApprovalDeniedMessage(params) {
475
- return [
476
- `exec denied: ${params.trigger === "cron" ? "Cron runs" : "Headless runs"} cannot wait for interactive exec approval.`,
477
- `Effective host exec policy: security=${params.security} ask=${params.ask} askFallback=${params.askFallback}`,
478
- "Stricter values from tools.exec and ~/.genesis/exec-approvals.json both apply.",
479
- "Fix one of these:",
480
- "- align both files to security=\"full\" and ask=\"off\" for trusted local automation",
481
- "- keep allowlist mode and add an explicit allowlist entry for this command",
482
- "- enable Web UI, terminal UI, or chat exec approvals and rerun interactively",
483
- "Tip: run \"genesis doctor\" and \"genesis approvals get --gateway\" to inspect the effective policy."
484
- ].join("\n");
485
- }
486
- async function sendExecApprovalFollowupResult(target, resultText, deps = {}) {
487
- const send = deps.sendExecApprovalFollowup ?? sendExecApprovalFollowup;
488
- const warn = deps.logWarn ?? logWarn;
489
- await send({
490
- approvalId: target.approvalId,
491
- sessionKey: target.sessionKey,
492
- turnSourceChannel: target.turnSourceChannel,
493
- turnSourceTo: target.turnSourceTo,
494
- turnSourceAccountId: target.turnSourceAccountId,
495
- turnSourceThreadId: target.turnSourceThreadId,
496
- resultText
497
- }).catch((error) => {
498
- const message = formatErrorMessage(error);
499
- if (!rememberExecApprovalFollowupFailureKey(`${target.approvalId}:${message}`)) return;
500
- warn(`exec approval followup dispatch failed (id=${target.approvalId}): ${message}`);
501
- });
502
- }
503
- function buildExecApprovalPendingToolResult(params) {
504
- const allowedDecisions = params.allowedDecisions ?? resolveExecApprovalAllowedDecisions();
505
- return {
506
- content: [{
507
- type: "text",
508
- text: params.unavailableReason !== null ? buildExecApprovalUnavailableReplyPayload({
509
- warningText: params.warningText,
510
- reason: params.unavailableReason,
511
- channel: params.initiatingSurface.channel,
512
- channelLabel: params.initiatingSurface.channelLabel,
513
- accountId: params.initiatingSurface.accountId,
514
- sentApproverDms: params.sentApproverDms
515
- }).text ?? "" : buildApprovalPendingMessage({
516
- warningText: params.warningText,
517
- approvalSlug: params.approvalSlug,
518
- approvalId: params.approvalId,
519
- allowedDecisions,
520
- command: params.command,
521
- cwd: params.cwd,
522
- host: params.host,
523
- nodeId: params.nodeId
524
- })
525
- }],
526
- details: params.unavailableReason !== null ? {
527
- status: "approval-unavailable",
528
- reason: params.unavailableReason,
529
- channel: params.initiatingSurface.channel,
530
- channelLabel: params.initiatingSurface.channelLabel,
531
- accountId: params.initiatingSurface.accountId,
532
- sentApproverDms: params.sentApproverDms,
533
- host: params.host,
534
- command: params.command,
535
- cwd: params.cwd,
536
- nodeId: params.nodeId,
537
- warningText: params.warningText
538
- } : {
539
- status: "approval-pending",
540
- approvalId: params.approvalId,
541
- approvalSlug: params.approvalSlug,
542
- expiresAtMs: params.expiresAtMs,
543
- allowedDecisions,
544
- host: params.host,
545
- command: params.command,
546
- cwd: params.cwd,
547
- nodeId: params.nodeId,
548
- warningText: params.warningText
549
- }
550
- };
551
- }
552
- //#endregion
553
- //#region src/agents/bash-tools.exec-host-gateway.ts
554
- function hasGatewayAllowlistMiss(params) {
555
- return params.hostSecurity === "allowlist" && (!params.analysisOk || !params.allowlistSatisfied) && !params.durableApprovalSatisfied;
556
- }
557
- async function processGatewayAllowlist(params) {
558
- const { approvals, hostSecurity, hostAsk, askFallback } = resolveExecHostApprovalContext({
559
- agentId: params.agentId,
560
- security: params.security,
561
- ask: params.ask,
562
- host: "gateway"
563
- });
564
- const allowlistEval = evaluateShellAllowlist({
565
- command: params.command,
566
- allowlist: approvals.allowlist,
567
- safeBins: params.safeBins,
568
- safeBinProfiles: params.safeBinProfiles,
569
- cwd: params.workdir,
570
- env: params.env,
571
- platform: process.platform,
572
- trustedSafeBinDirs: params.trustedSafeBinDirs
573
- });
574
- const allowlistMatches = allowlistEval.allowlistMatches;
575
- const analysisOk = allowlistEval.analysisOk;
576
- const allowlistSatisfied = hostSecurity === "allowlist" && analysisOk ? allowlistEval.allowlistSatisfied : false;
577
- const durableApprovalSatisfied = hasDurableExecApproval({
578
- analysisOk,
579
- segmentAllowlistEntries: allowlistEval.segmentAllowlistEntries,
580
- allowlist: approvals.allowlist,
581
- commandText: params.command
582
- });
583
- const inlineEvalHit = params.strictInlineEval === true ? allowlistEval.segments.map((segment) => detectInterpreterInlineEvalArgv(segment.resolution?.effectiveArgv ?? segment.argv)).find((entry) => entry !== null) ?? null : null;
584
- if (inlineEvalHit) params.warnings.push(`Warning: strict inline-eval mode requires explicit approval for ${describeInterpreterInlineEval(inlineEvalHit)}.`);
585
- let enforcedCommand;
586
- let allowlistPlanUnavailableReason = null;
587
- if (hostSecurity === "allowlist" && analysisOk && allowlistSatisfied) {
588
- const enforced = buildEnforcedShellCommand({
589
- command: params.command,
590
- segments: allowlistEval.segments,
591
- platform: process.platform
592
- });
593
- if (!enforced.ok || !enforced.command) allowlistPlanUnavailableReason = enforced.reason ?? "unsupported platform";
594
- else enforcedCommand = enforced.command;
595
- }
596
- const recordMatchedAllowlistUse = (resolvedPath) => recordAllowlistMatchesUse({
597
- approvals: approvals.file,
598
- agentId: params.agentId,
599
- matches: allowlistMatches,
600
- command: params.command,
601
- resolvedPath
602
- });
603
- const hasHeredocSegment = allowlistEval.segments.some((segment) => segment.argv.some((token) => token.startsWith("<<")));
604
- const requiresHeredocApproval = hostSecurity === "allowlist" && analysisOk && allowlistSatisfied && hasHeredocSegment;
605
- const requiresInlineEvalApproval = inlineEvalHit !== null;
606
- const requiresAllowlistPlanApproval = hostSecurity === "allowlist" && analysisOk && allowlistSatisfied && !enforcedCommand && allowlistPlanUnavailableReason !== null;
607
- const requiresAsk = requiresExecApproval({
608
- ask: hostAsk,
609
- security: hostSecurity,
610
- analysisOk,
611
- allowlistSatisfied,
612
- durableApprovalSatisfied
613
- }) || requiresAllowlistPlanApproval || requiresHeredocApproval || requiresInlineEvalApproval;
614
- if (requiresHeredocApproval) params.warnings.push("Warning: heredoc execution requires explicit approval in allowlist mode.");
615
- if (requiresAllowlistPlanApproval) params.warnings.push(`Warning: allowlist auto-execution is unavailable on ${process.platform}; explicit approval is required.`);
616
- if (requiresAsk) {
617
- const requestArgs = buildDefaultExecApprovalRequestArgs({
618
- warnings: params.warnings,
619
- approvalRunningNoticeMs: params.approvalRunningNoticeMs,
620
- createApprovalSlug,
621
- turnSourceChannel: params.turnSourceChannel,
622
- turnSourceAccountId: params.turnSourceAccountId
623
- });
624
- const registerGatewayApproval = async (approvalId) => await registerExecApprovalRequestForHostOrThrow({
625
- approvalId,
626
- command: params.command,
627
- env: params.requestedEnv,
628
- workdir: params.workdir,
629
- host: "gateway",
630
- security: hostSecurity,
631
- ask: hostAsk,
632
- ...buildExecApprovalRequesterContext({
633
- agentId: params.agentId,
634
- sessionKey: params.sessionKey
635
- }),
636
- resolvedPath: resolveApprovalAuditCandidatePath(allowlistEval.segments[0]?.resolution ?? null, params.workdir),
637
- ...buildExecApprovalTurnSourceContext(params)
638
- });
639
- const { approvalId, approvalSlug, warningText, expiresAtMs, preResolvedDecision, initiatingSurface, sentApproverDms, unavailableReason } = await createAndRegisterDefaultExecApprovalRequest({
640
- ...requestArgs,
641
- register: registerGatewayApproval
642
- });
643
- if (shouldResolveExecApprovalUnavailableInline({
644
- trigger: params.trigger,
645
- unavailableReason,
646
- preResolvedDecision
647
- })) {
648
- const { baseDecision, approvedByAsk, deniedReason } = createExecApprovalDecisionState({
649
- decision: preResolvedDecision,
650
- askFallback
651
- });
652
- const strictInlineEvalDecision = enforceStrictInlineEvalApprovalBoundary({
653
- baseDecision,
654
- approvedByAsk,
655
- deniedReason,
656
- requiresInlineEvalApproval
657
- });
658
- if (strictInlineEvalDecision.deniedReason || !strictInlineEvalDecision.approvedByAsk) throw new Error(buildHeadlessExecApprovalDeniedMessage({
659
- trigger: params.trigger,
660
- host: "gateway",
661
- security: hostSecurity,
662
- ask: hostAsk,
663
- askFallback
664
- }));
665
- recordMatchedAllowlistUse(resolveApprovalAuditCandidatePath(allowlistEval.segments[0]?.resolution ?? null, params.workdir));
666
- return {
667
- execCommandOverride: enforcedCommand,
668
- allowWithoutEnforcedCommand: enforcedCommand === void 0
669
- };
670
- }
671
- const resolvedPath = resolveApprovalAuditCandidatePath(allowlistEval.segments[0]?.resolution ?? null, params.workdir);
672
- const effectiveTimeout = typeof params.timeoutSec === "number" ? params.timeoutSec : params.defaultTimeoutSec;
673
- const followupTarget = buildExecApprovalFollowupTarget({
674
- approvalId,
675
- sessionKey: params.notifySessionKey ?? params.sessionKey,
676
- turnSourceChannel: params.turnSourceChannel,
677
- turnSourceTo: params.turnSourceTo,
678
- turnSourceAccountId: params.turnSourceAccountId,
679
- turnSourceThreadId: params.turnSourceThreadId
680
- });
681
- (async () => {
682
- const decision = await resolveApprovalDecisionOrUndefined({
683
- approvalId,
684
- preResolvedDecision,
685
- onFailure: () => void sendExecApprovalFollowupResult(followupTarget, `Exec denied (gateway id=${approvalId}, approval-request-failed): ${params.command}`)
686
- });
687
- if (decision === void 0) return;
688
- const { baseDecision, approvedByAsk: initialApprovedByAsk, deniedReason: initialDeniedReason } = createExecApprovalDecisionState({
689
- decision,
690
- askFallback
691
- });
692
- let approvedByAsk = initialApprovedByAsk;
693
- let deniedReason = initialDeniedReason;
694
- if (baseDecision.timedOut && askFallback === "allowlist") if (!analysisOk || !allowlistSatisfied) deniedReason = "approval-timeout (allowlist-miss)";
695
- else approvedByAsk = true;
696
- else if (decision === "allow-once") approvedByAsk = true;
697
- else if (decision === "allow-always") {
698
- approvedByAsk = true;
699
- if (!requiresInlineEvalApproval) {
700
- if (persistAllowAlwaysPatterns({
701
- approvals: approvals.file,
702
- agentId: params.agentId,
703
- segments: allowlistEval.segments,
704
- cwd: params.workdir,
705
- env: params.env,
706
- platform: process.platform,
707
- strictInlineEval: params.strictInlineEval === true
708
- }).length === 0) addDurableCommandApproval(approvals.file, params.agentId, params.command);
709
- }
710
- }
711
- ({approvedByAsk, deniedReason} = enforceStrictInlineEvalApprovalBoundary({
712
- baseDecision,
713
- approvedByAsk,
714
- deniedReason,
715
- requiresInlineEvalApproval
716
- }));
717
- if (!approvedByAsk && hasGatewayAllowlistMiss({
718
- hostSecurity,
719
- analysisOk,
720
- allowlistSatisfied,
721
- durableApprovalSatisfied
722
- })) deniedReason = deniedReason ?? "allowlist-miss";
723
- if (deniedReason) {
724
- await sendExecApprovalFollowupResult(followupTarget, `Exec denied (gateway id=${approvalId}, ${deniedReason}): ${params.command}`);
725
- return;
726
- }
727
- recordMatchedAllowlistUse(resolvedPath ?? void 0);
728
- let run = null;
729
- try {
730
- run = await runExecProcess({
731
- command: params.command,
732
- execCommand: enforcedCommand,
733
- workdir: params.workdir,
734
- env: params.env,
735
- sandbox: void 0,
736
- containerWorkdir: null,
737
- usePty: params.pty,
738
- warnings: params.warnings,
739
- maxOutput: params.maxOutput,
740
- pendingMaxOutput: params.pendingMaxOutput,
741
- notifyOnExit: false,
742
- notifyOnExitEmptySuccess: false,
743
- scopeKey: params.scopeKey,
744
- sessionKey: params.notifySessionKey ?? params.sessionKey,
745
- timeoutSec: effectiveTimeout
746
- });
747
- } catch {
748
- await sendExecApprovalFollowupResult(followupTarget, `Exec denied (gateway id=${approvalId}, spawn-failed): ${params.command}`);
749
- return;
750
- }
751
- markBackgrounded(run.session);
752
- const outcome = await run.promise;
753
- const output = normalizeNotifyOutput(tail(outcome.aggregated || "", 400));
754
- const exitLabel = outcome.timedOut ? "timeout" : `code ${outcome.exitCode ?? "?"}`;
755
- await sendExecApprovalFollowupResult(followupTarget, output ? `Exec finished (gateway id=${approvalId}, session=${run.session.id}, ${exitLabel})\n${output}` : `Exec finished (gateway id=${approvalId}, session=${run.session.id}, ${exitLabel})`);
756
- })();
757
- return { pendingResult: buildExecApprovalPendingToolResult({
758
- host: "gateway",
759
- command: params.command,
760
- cwd: params.workdir,
761
- warningText,
762
- approvalId,
763
- approvalSlug,
764
- expiresAtMs,
765
- initiatingSurface,
766
- sentApproverDms,
767
- unavailableReason,
768
- allowedDecisions: resolveExecApprovalAllowedDecisions({ ask: hostAsk })
769
- }) };
770
- }
771
- if (hasGatewayAllowlistMiss({
772
- hostSecurity,
773
- analysisOk,
774
- allowlistSatisfied,
775
- durableApprovalSatisfied
776
- })) throw new Error("exec denied: allowlist miss");
777
- recordMatchedAllowlistUse(resolveApprovalAuditCandidatePath(allowlistEval.segments[0]?.resolution ?? null, params.workdir));
778
- return { execCommandOverride: enforcedCommand };
779
- }
780
- //#endregion
781
- //#region src/infra/node-shell.ts
782
- function buildNodeShellCommand(command, platform) {
783
- if (normalizeLowercaseStringOrEmpty((platform ?? "").trim()).startsWith("win")) return [
784
- "cmd.exe",
785
- "/d",
786
- "/s",
787
- "/c",
788
- command
789
- ];
790
- return [
791
- "/bin/sh",
792
- "-lc",
793
- command
794
- ];
795
- }
796
- //#endregion
797
- //#region src/agents/bash-tools.exec-host-node.ts
798
- async function executeNodeHostCommand(params) {
799
- const { hostSecurity, hostAsk, askFallback } = resolveExecHostApprovalContext({
800
- agentId: params.agentId,
801
- security: params.security,
802
- ask: params.ask,
803
- host: "node"
804
- });
805
- if (params.boundNode && params.requestedNode && params.boundNode !== params.requestedNode) throw new Error(`exec node not allowed (bound to ${params.boundNode})`);
806
- const nodeQuery = params.boundNode || params.requestedNode;
807
- const nodes = await listNodes({});
808
- if (nodes.length === 0) throw new Error("exec host=node requires a paired node (none available). This requires a companion app or node host.");
809
- let nodeId;
810
- try {
811
- nodeId = resolveNodeIdFromList(nodes, nodeQuery, !nodeQuery);
812
- } catch (err) {
813
- if (!nodeQuery && String(err).includes("node required")) throw new Error("exec host=node requires a node id when multiple nodes are available (set tools.exec.node or exec.node).", { cause: err });
814
- throw err;
815
- }
816
- const nodeInfo = nodes.find((entry) => entry.nodeId === nodeId);
817
- if (!(Array.isArray(nodeInfo?.commands) ? nodeInfo?.commands?.includes("system.run") : false)) throw new Error("exec host=node requires a node that supports system.run (companion app or node host).");
818
- const argv = buildNodeShellCommand(params.command, nodeInfo?.platform);
819
- const prepared = parsePreparedSystemRunPayload((await callGatewayTool("node.invoke", { timeoutMs: 15e3 }, {
820
- nodeId,
821
- command: "system.run.prepare",
822
- params: {
823
- command: argv,
824
- rawCommand: params.command,
825
- ...params.workdir != null ? { cwd: params.workdir } : {},
826
- agentId: params.agentId,
827
- sessionKey: params.sessionKey
828
- },
829
- idempotencyKey: crypto.randomUUID()
830
- }))?.payload);
831
- if (!prepared) throw new Error("invalid system.run.prepare response");
832
- const runArgv = prepared.plan.argv;
833
- const runRawCommand = prepared.plan.commandText;
834
- const runCwd = prepared.plan.cwd ?? params.workdir;
835
- const runAgentId = prepared.plan.agentId ?? params.agentId;
836
- const runSessionKey = prepared.plan.sessionKey ?? params.sessionKey;
837
- const nodeEnv = params.requestedEnv ? { ...params.requestedEnv } : void 0;
838
- const baseAllowlistEval = evaluateShellAllowlist({
839
- command: params.command,
840
- allowlist: [],
841
- safeBins: /* @__PURE__ */ new Set(),
842
- cwd: params.workdir,
843
- env: params.env,
844
- platform: nodeInfo?.platform,
845
- trustedSafeBinDirs: params.trustedSafeBinDirs
846
- });
847
- let analysisOk = baseAllowlistEval.analysisOk;
848
- let allowlistSatisfied = false;
849
- let durableApprovalSatisfied = false;
850
- const inlineEvalHit = params.strictInlineEval === true ? baseAllowlistEval.segments.map((segment) => detectInterpreterInlineEvalArgv(segment.resolution?.effectiveArgv ?? segment.argv)).find((entry) => entry !== null) ?? null : null;
851
- if (inlineEvalHit) params.warnings.push(`Warning: strict inline-eval mode requires explicit approval for ${describeInterpreterInlineEval(inlineEvalHit)}.`);
852
- if ((hostAsk === "always" || hostSecurity === "allowlist") && analysisOk) try {
853
- const approvalsSnapshot = await callGatewayTool("exec.approvals.node.get", { timeoutMs: 1e4 }, { nodeId });
854
- const approvalsFile = approvalsSnapshot && typeof approvalsSnapshot === "object" ? approvalsSnapshot.file : void 0;
855
- if (approvalsFile && typeof approvalsFile === "object") {
856
- const resolved = resolveExecApprovalsFromFile({
857
- file: approvalsFile,
858
- agentId: params.agentId,
859
- overrides: { security: "full" }
860
- });
861
- const allowlistEval = evaluateShellAllowlist({
862
- command: params.command,
863
- allowlist: resolved.allowlist,
864
- safeBins: /* @__PURE__ */ new Set(),
865
- cwd: params.workdir,
866
- env: params.env,
867
- platform: nodeInfo?.platform,
868
- trustedSafeBinDirs: params.trustedSafeBinDirs
869
- });
870
- durableApprovalSatisfied = hasDurableExecApproval({
871
- analysisOk: allowlistEval.analysisOk,
872
- segmentAllowlistEntries: allowlistEval.segmentAllowlistEntries,
873
- allowlist: resolved.allowlist,
874
- commandText: runRawCommand
875
- });
876
- allowlistSatisfied = allowlistEval.allowlistSatisfied;
877
- analysisOk = allowlistEval.analysisOk;
878
- }
879
- } catch {}
880
- const requiresAsk = requiresExecApproval({
881
- ask: hostAsk,
882
- security: hostSecurity,
883
- analysisOk,
884
- allowlistSatisfied,
885
- durableApprovalSatisfied
886
- }) || inlineEvalHit !== null;
887
- const invokeTimeoutMs = Math.max(1e4, (typeof params.timeoutSec === "number" ? params.timeoutSec : params.defaultTimeoutSec) * 1e3 + 5e3);
888
- const buildInvokeParams = (approvedByAsk, approvalDecision, runId, suppressNotifyOnExit) => ({
889
- nodeId,
890
- command: "system.run",
891
- params: {
892
- command: runArgv,
893
- rawCommand: runRawCommand,
894
- systemRunPlan: prepared.plan,
895
- cwd: runCwd,
896
- env: nodeEnv,
897
- timeoutMs: typeof params.timeoutSec === "number" ? params.timeoutSec * 1e3 : void 0,
898
- agentId: runAgentId,
899
- sessionKey: runSessionKey,
900
- approved: approvedByAsk,
901
- approvalDecision: approvalDecision === "allow-always" && inlineEvalHit !== null ? "allow-once" : approvalDecision ?? void 0,
902
- runId: runId ?? void 0,
903
- suppressNotifyOnExit: suppressNotifyOnExit === true || params.notifyOnExit === false ? true : void 0
904
- },
905
- idempotencyKey: crypto.randomUUID()
906
- });
907
- let inlineApprovedByAsk = false;
908
- let inlineApprovalDecision = null;
909
- let inlineApprovalId;
910
- if (requiresAsk) {
911
- const requestArgs = buildDefaultExecApprovalRequestArgs({
912
- warnings: params.warnings,
913
- approvalRunningNoticeMs: params.approvalRunningNoticeMs,
914
- createApprovalSlug,
915
- turnSourceChannel: params.turnSourceChannel,
916
- turnSourceAccountId: params.turnSourceAccountId
917
- });
918
- const registerNodeApproval = async (approvalId) => await registerExecApprovalRequestForHostOrThrow({
919
- approvalId,
920
- systemRunPlan: prepared.plan,
921
- env: nodeEnv,
922
- workdir: runCwd,
923
- host: "node",
924
- nodeId,
925
- security: hostSecurity,
926
- ask: hostAsk,
927
- ...buildExecApprovalRequesterContext({
928
- agentId: runAgentId,
929
- sessionKey: runSessionKey
930
- }),
931
- ...buildExecApprovalTurnSourceContext(params)
932
- });
933
- const { approvalId, approvalSlug, warningText, expiresAtMs, preResolvedDecision, initiatingSurface, sentApproverDms, unavailableReason } = await createAndRegisterDefaultExecApprovalRequest({
934
- ...requestArgs,
935
- register: registerNodeApproval
936
- });
937
- if (shouldResolveExecApprovalUnavailableInline({
938
- trigger: params.trigger,
939
- unavailableReason,
940
- preResolvedDecision
941
- })) {
942
- const { baseDecision, approvedByAsk, deniedReason } = createExecApprovalDecisionState({
943
- decision: preResolvedDecision,
944
- askFallback
945
- });
946
- const strictInlineEvalDecision = enforceStrictInlineEvalApprovalBoundary({
947
- baseDecision,
948
- approvedByAsk,
949
- deniedReason,
950
- requiresInlineEvalApproval: inlineEvalHit !== null
951
- });
952
- if (strictInlineEvalDecision.deniedReason || !strictInlineEvalDecision.approvedByAsk) throw new Error(buildHeadlessExecApprovalDeniedMessage({
953
- trigger: params.trigger,
954
- host: "node",
955
- security: hostSecurity,
956
- ask: hostAsk,
957
- askFallback
958
- }));
959
- inlineApprovedByAsk = strictInlineEvalDecision.approvedByAsk;
960
- inlineApprovalDecision = strictInlineEvalDecision.approvedByAsk ? "allow-once" : null;
961
- inlineApprovalId = approvalId;
962
- } else {
963
- const followupTarget = buildExecApprovalFollowupTarget({
964
- approvalId,
965
- sessionKey: params.notifySessionKey ?? params.sessionKey,
966
- turnSourceChannel: params.turnSourceChannel,
967
- turnSourceTo: params.turnSourceTo,
968
- turnSourceAccountId: params.turnSourceAccountId,
969
- turnSourceThreadId: params.turnSourceThreadId
970
- });
971
- (async () => {
972
- const decision = await resolveApprovalDecisionOrUndefined({
973
- approvalId,
974
- preResolvedDecision,
975
- onFailure: () => void sendExecApprovalFollowupResult(followupTarget, `Exec denied (node=${nodeId} id=${approvalId}, approval-request-failed): ${params.command}`)
976
- });
977
- if (decision === void 0) return;
978
- const { baseDecision, approvedByAsk: initialApprovedByAsk, deniedReason: initialDeniedReason } = createExecApprovalDecisionState({
979
- decision,
980
- askFallback
981
- });
982
- let approvedByAsk = initialApprovedByAsk;
983
- let approvalDecision = null;
984
- let deniedReason = initialDeniedReason;
985
- if (baseDecision.timedOut && askFallback === "full" && approvedByAsk) approvalDecision = "allow-once";
986
- else if (decision === "allow-once") {
987
- approvedByAsk = true;
988
- approvalDecision = "allow-once";
989
- } else if (decision === "allow-always") {
990
- approvedByAsk = true;
991
- approvalDecision = "allow-always";
992
- }
993
- ({approvedByAsk, deniedReason} = enforceStrictInlineEvalApprovalBoundary({
994
- baseDecision,
995
- approvedByAsk,
996
- deniedReason,
997
- requiresInlineEvalApproval: inlineEvalHit !== null
998
- }));
999
- if (deniedReason) approvalDecision = null;
1000
- if (deniedReason) {
1001
- await sendExecApprovalFollowupResult(followupTarget, `Exec denied (node=${nodeId} id=${approvalId}, ${deniedReason}): ${params.command}`);
1002
- return;
1003
- }
1004
- try {
1005
- const raw = await callGatewayTool("node.invoke", { timeoutMs: invokeTimeoutMs }, buildInvokeParams(approvedByAsk, approvalDecision, approvalId, true));
1006
- const payload = raw?.payload && typeof raw.payload === "object" ? raw.payload : {};
1007
- const output = normalizeNotifyOutput([
1008
- payload.stdout,
1009
- payload.stderr,
1010
- payload.error
1011
- ].filter(Boolean).join("\n").slice(-400));
1012
- const exitLabel = payload.timedOut ? "timeout" : `code ${payload.exitCode ?? "?"}`;
1013
- await sendExecApprovalFollowupResult(followupTarget, output ? `Exec finished (node=${nodeId} id=${approvalId}, ${exitLabel})\n${output}` : `Exec finished (node=${nodeId} id=${approvalId}, ${exitLabel})`);
1014
- } catch {
1015
- await sendExecApprovalFollowupResult(followupTarget, `Exec denied (node=${nodeId} id=${approvalId}, invoke-failed): ${params.command}`);
1016
- }
1017
- })();
1018
- return buildExecApprovalPendingToolResult({
1019
- host: "node",
1020
- command: params.command,
1021
- cwd: params.workdir,
1022
- warningText,
1023
- approvalId,
1024
- approvalSlug,
1025
- expiresAtMs,
1026
- initiatingSurface,
1027
- sentApproverDms,
1028
- unavailableReason,
1029
- allowedDecisions: resolveExecApprovalAllowedDecisions({ ask: hostAsk }),
1030
- nodeId
1031
- });
1032
- }
1033
- }
1034
- const startedAt = Date.now();
1035
- const raw = await callGatewayTool("node.invoke", { timeoutMs: invokeTimeoutMs }, buildInvokeParams(inlineApprovedByAsk, inlineApprovalDecision, inlineApprovalId));
1036
- const payload = raw && typeof raw === "object" ? raw.payload : void 0;
1037
- const payloadObj = payload && typeof payload === "object" ? payload : {};
1038
- const stdout = typeof payloadObj.stdout === "string" ? payloadObj.stdout : "";
1039
- const stderr = typeof payloadObj.stderr === "string" ? payloadObj.stderr : "";
1040
- const errorText = typeof payloadObj.error === "string" ? payloadObj.error : "";
1041
- const success = typeof payloadObj.success === "boolean" ? payloadObj.success : false;
1042
- const exitCode = typeof payloadObj.exitCode === "number" ? payloadObj.exitCode : null;
1043
- return {
1044
- content: [{
1045
- type: "text",
1046
- text: stdout || stderr || errorText || ""
1047
- }],
1048
- details: {
1049
- status: success ? "completed" : "failed",
1050
- exitCode,
1051
- durationMs: Date.now() - startedAt,
1052
- aggregated: [
1053
- stdout,
1054
- stderr,
1055
- errorText
1056
- ].filter(Boolean).join("\n"),
1057
- cwd: params.workdir
1058
- }
1059
- };
1060
- }
1061
- //#endregion
1062
- //#region src/agents/bash-tools.exec.ts
1063
- function buildExecForegroundResult(params) {
1064
- const warningText = params.warningText?.trim() ? `${params.warningText}\n\n` : "";
1065
- if (params.outcome.status === "failed") return failedTextResult(`${warningText}${params.outcome.reason}`, {
1066
- status: "failed",
1067
- exitCode: params.outcome.exitCode ?? null,
1068
- durationMs: params.outcome.durationMs,
1069
- aggregated: params.outcome.aggregated,
1070
- timedOut: params.outcome.timedOut,
1071
- cwd: params.cwd
1072
- });
1073
- return textResult(`${warningText}${params.outcome.aggregated || "(no output)"}`, {
1074
- status: "completed",
1075
- exitCode: params.outcome.exitCode,
1076
- durationMs: params.outcome.durationMs,
1077
- aggregated: params.outcome.aggregated,
1078
- cwd: params.cwd
1079
- });
1080
- }
1081
- const PREFLIGHT_ENV_OPTIONS_WITH_VALUES = new Set([
1082
- "-C",
1083
- "-S",
1084
- "-u",
1085
- "--argv0",
1086
- "--block-signal",
1087
- "--chdir",
1088
- "--default-signal",
1089
- "--ignore-signal",
1090
- "--split-string",
1091
- "--unset"
1092
- ]);
1093
- const SKIPPABLE_SCRIPT_PREFLIGHT_FS_ERROR_CODES = new Set([
1094
- "EACCES",
1095
- "EISDIR",
1096
- "ELOOP",
1097
- "EINVAL",
1098
- "ENAMETOOLONG",
1099
- "ENOENT",
1100
- "ENOTDIR",
1101
- "EPERM"
1102
- ]);
1103
- function getNodeErrorCode(error) {
1104
- if (typeof error !== "object" || error === null || !("code" in error)) return;
1105
- return String(error.code);
1106
- }
1107
- let fsSafeModulePromise;
1108
- async function loadFsSafeModule() {
1109
- fsSafeModulePromise ??= import("./fs-safe-BKyLKWBX.js");
1110
- return await fsSafeModulePromise;
1111
- }
1112
- function shouldSkipScriptPreflightPathError(error, SafeOpenError) {
1113
- if (error instanceof SafeOpenError) return true;
1114
- const errorCode = getNodeErrorCode(error);
1115
- return !!(errorCode && SKIPPABLE_SCRIPT_PREFLIGHT_FS_ERROR_CODES.has(errorCode));
1116
- }
1117
- function resolvePreflightRelativePath(params) {
1118
- const root = path.resolve(params.rootDir);
1119
- const candidate = path.resolve(params.absPath);
1120
- const relative = path.relative(root, candidate);
1121
- if (/^\.\.(?:[\\/]|$)/u.test(relative) || path.isAbsolute(relative)) return null;
1122
- return /^~(?:$|[\\/])/u.test(relative) ? `.${path.sep}${relative}` : relative;
1123
- }
1124
- function isShellEnvAssignmentToken(token) {
1125
- return /^[A-Za-z_][A-Za-z0-9_]*=.*$/u.test(token);
1126
- }
1127
- function isEnvExecutableToken(token) {
1128
- if (!token) return false;
1129
- const base = normalizeOptionalLowercaseString(token.split(/[\\/]/u).at(-1)) ?? "";
1130
- return (base.endsWith(".exe") ? base.slice(0, -4) : base) === "env";
1131
- }
1132
- function stripPreflightEnvPrefix(argv) {
1133
- if (argv.length === 0) return argv;
1134
- let idx = 0;
1135
- while (idx < argv.length && isShellEnvAssignmentToken(argv[idx])) idx += 1;
1136
- if (!isEnvExecutableToken(argv[idx])) return argv;
1137
- idx += 1;
1138
- while (idx < argv.length) {
1139
- const token = argv[idx];
1140
- if (token === "--") {
1141
- idx += 1;
1142
- break;
1143
- }
1144
- if (isShellEnvAssignmentToken(token)) {
1145
- idx += 1;
1146
- continue;
1147
- }
1148
- if (!token.startsWith("-") || token === "-") break;
1149
- idx += 1;
1150
- const option = token.split("=", 1)[0];
1151
- if (PREFLIGHT_ENV_OPTIONS_WITH_VALUES.has(option) && !token.includes("=") && idx < argv.length) idx += 1;
1152
- }
1153
- return argv.slice(idx);
1154
- }
1155
- function findFirstPythonScriptArg(tokens) {
1156
- const optionsWithSeparateValue = new Set([
1157
- "-W",
1158
- "-X",
1159
- "-Q",
1160
- "--check-hash-based-pycs"
1161
- ]);
1162
- for (let i = 0; i < tokens.length; i += 1) {
1163
- const token = tokens[i];
1164
- if (token === "--") {
1165
- const next = tokens[i + 1];
1166
- return normalizeLowercaseStringOrEmpty(next).endsWith(".py") ? next : null;
1167
- }
1168
- if (token === "-") return null;
1169
- if (token === "-c" || token === "-m") return null;
1170
- if ((token.startsWith("-c") || token.startsWith("-m")) && token.length > 2) return null;
1171
- if (optionsWithSeparateValue.has(token)) {
1172
- i += 1;
1173
- continue;
1174
- }
1175
- if (token.startsWith("-")) continue;
1176
- return normalizeLowercaseStringOrEmpty(token).endsWith(".py") ? token : null;
1177
- }
1178
- return null;
1179
- }
1180
- function findNodeScriptArgs(tokens) {
1181
- const optionsWithSeparateValue = new Set([
1182
- "-r",
1183
- "--require",
1184
- "--import"
1185
- ]);
1186
- const preloadScripts = [];
1187
- let entryScript = null;
1188
- let hasInlineEvalOrPrint = false;
1189
- for (let i = 0; i < tokens.length; i += 1) {
1190
- const token = tokens[i];
1191
- if (token === "--") {
1192
- if (!hasInlineEvalOrPrint && !entryScript) {
1193
- const next = tokens[i + 1];
1194
- if (normalizeLowercaseStringOrEmpty(next).endsWith(".js")) entryScript = next;
1195
- }
1196
- break;
1197
- }
1198
- if (token === "-e" || token === "-p" || token === "--eval" || token === "--print" || token.startsWith("--eval=") || token.startsWith("--print=") || (token.startsWith("-e") || token.startsWith("-p")) && token.length > 2) {
1199
- hasInlineEvalOrPrint = true;
1200
- if (token === "-e" || token === "-p" || token === "--eval" || token === "--print") i += 1;
1201
- continue;
1202
- }
1203
- if (optionsWithSeparateValue.has(token)) {
1204
- const next = tokens[i + 1];
1205
- if (normalizeLowercaseStringOrEmpty(next).endsWith(".js")) preloadScripts.push(next);
1206
- i += 1;
1207
- continue;
1208
- }
1209
- if (token.startsWith("-r") && token.length > 2 || token.startsWith("--require=") || token.startsWith("--import=")) {
1210
- const inlineValue = token.startsWith("-r") ? token.slice(2) : token.slice(token.indexOf("=") + 1);
1211
- if (normalizeLowercaseStringOrEmpty(inlineValue).endsWith(".js")) preloadScripts.push(inlineValue);
1212
- continue;
1213
- }
1214
- if (token.startsWith("-")) continue;
1215
- if (!hasInlineEvalOrPrint && !entryScript && normalizeLowercaseStringOrEmpty(token).endsWith(".js")) entryScript = token;
1216
- break;
1217
- }
1218
- const targets = [...preloadScripts];
1219
- if (entryScript) targets.push(entryScript);
1220
- return targets;
1221
- }
1222
- function extractInterpreterScriptTargetFromArgv(argv) {
1223
- if (!argv || argv.length === 0) return null;
1224
- let commandIdx = 0;
1225
- while (commandIdx < argv.length && /^[A-Za-z_][A-Za-z0-9_]*=.*$/u.test(argv[commandIdx])) commandIdx += 1;
1226
- const executable = normalizeOptionalLowercaseString(argv[commandIdx]);
1227
- if (!executable) return null;
1228
- const args = argv.slice(commandIdx + 1);
1229
- if (/^python(?:3(?:\.\d+)?)?$/i.test(executable)) {
1230
- const script = findFirstPythonScriptArg(args);
1231
- if (script) return {
1232
- kind: "python",
1233
- relOrAbsPaths: [script]
1234
- };
1235
- return null;
1236
- }
1237
- if (executable === "node") {
1238
- const scripts = findNodeScriptArgs(args);
1239
- if (scripts.length > 0) return {
1240
- kind: "node",
1241
- relOrAbsPaths: scripts
1242
- };
1243
- return null;
1244
- }
1245
- return null;
1246
- }
1247
- function extractInterpreterScriptPathsFromSegment(rawSegment) {
1248
- const argv = splitShellArgs(rawSegment.trim());
1249
- if (!argv || argv.length === 0) return [];
1250
- return extractInterpreterScriptTargetFromArgv(stripPreflightEnvPrefix(/^(?:if|then|do|elif|else|while|until|time)$/i.test(argv[0] ?? "") ? argv.slice(1) : argv))?.relOrAbsPaths ?? [];
1251
- }
1252
- function extractScriptTargetFromCommand(command) {
1253
- const raw = command.trim();
1254
- const splitShellArgsPreservingBackslashes = (value) => {
1255
- const tokens = [];
1256
- let buf = "";
1257
- let inSingle = false;
1258
- let inDouble = false;
1259
- const pushToken = () => {
1260
- if (buf.length > 0) {
1261
- tokens.push(buf);
1262
- buf = "";
1263
- }
1264
- };
1265
- for (let i = 0; i < value.length; i += 1) {
1266
- const ch = value[i];
1267
- if (inSingle) {
1268
- if (ch === "'") inSingle = false;
1269
- else buf += ch;
1270
- continue;
1271
- }
1272
- if (inDouble) {
1273
- if (ch === "\"") inDouble = false;
1274
- else buf += ch;
1275
- continue;
1276
- }
1277
- if (ch === "'") {
1278
- inSingle = true;
1279
- continue;
1280
- }
1281
- if (ch === "\"") {
1282
- inDouble = true;
1283
- continue;
1284
- }
1285
- if (/\s/.test(ch)) {
1286
- pushToken();
1287
- continue;
1288
- }
1289
- buf += ch;
1290
- }
1291
- if (inSingle || inDouble) return null;
1292
- pushToken();
1293
- return tokens;
1294
- };
1295
- const candidateArgv = process.platform === "win32" && /(?:^|[\s"'`])(?:[A-Za-z]:\\|\\\\|[^\s"'`|&;()<>]+\\[^\s"'`|&;()<>]+)/.test(raw) ? [splitShellArgsPreservingBackslashes(raw)] : [splitShellArgs(raw)];
1296
- for (const argv of candidateArgv) {
1297
- const attempts = [argv, argv ? stripPreflightEnvPrefix(argv) : null];
1298
- for (const attempt of attempts) {
1299
- const target = extractInterpreterScriptTargetFromArgv(attempt);
1300
- if (target) return target;
1301
- }
1302
- }
1303
- return null;
1304
- }
1305
- function extractUnquotedShellText(raw) {
1306
- let out = "";
1307
- let inSingle = false;
1308
- let inDouble = false;
1309
- let escaped = false;
1310
- for (let i = 0; i < raw.length; i += 1) {
1311
- const ch = raw[i];
1312
- if (escaped) {
1313
- if (!inSingle && !inDouble) out += `\\${ch}`;
1314
- escaped = false;
1315
- continue;
1316
- }
1317
- if (!inSingle && ch === "\\") {
1318
- escaped = true;
1319
- continue;
1320
- }
1321
- if (inSingle) {
1322
- if (ch === "'") inSingle = false;
1323
- continue;
1324
- }
1325
- if (inDouble) {
1326
- const next = raw[i + 1];
1327
- if (ch === "\\" && next && /[\\'"$`\n\r]/.test(next)) {
1328
- i += 1;
1329
- continue;
1330
- }
1331
- if (ch === "\"") inDouble = false;
1332
- continue;
1333
- }
1334
- if (ch === "'") {
1335
- inSingle = true;
1336
- continue;
1337
- }
1338
- if (ch === "\"") {
1339
- inDouble = true;
1340
- continue;
1341
- }
1342
- out += ch;
1343
- }
1344
- if (escaped || inSingle || inDouble) return null;
1345
- return out;
1346
- }
1347
- function splitShellSegmentsOutsideQuotes(rawText, params) {
1348
- const segments = [];
1349
- let buf = "";
1350
- let inSingle = false;
1351
- let inDouble = false;
1352
- let escaped = false;
1353
- const pushSegment = () => {
1354
- if (buf.trim().length > 0) segments.push(buf);
1355
- buf = "";
1356
- };
1357
- for (let i = 0; i < rawText.length; i += 1) {
1358
- const ch = rawText[i];
1359
- const next = rawText[i + 1];
1360
- if (escaped) {
1361
- buf += ch;
1362
- escaped = false;
1363
- continue;
1364
- }
1365
- if (!inSingle && ch === "\\") {
1366
- buf += ch;
1367
- escaped = true;
1368
- continue;
1369
- }
1370
- if (inSingle) {
1371
- buf += ch;
1372
- if (ch === "'") inSingle = false;
1373
- continue;
1374
- }
1375
- if (inDouble) {
1376
- buf += ch;
1377
- if (ch === "\"") inDouble = false;
1378
- continue;
1379
- }
1380
- if (ch === "'") {
1381
- inSingle = true;
1382
- buf += ch;
1383
- continue;
1384
- }
1385
- if (ch === "\"") {
1386
- inDouble = true;
1387
- buf += ch;
1388
- continue;
1389
- }
1390
- if (ch === "\n" || ch === "\r") {
1391
- pushSegment();
1392
- continue;
1393
- }
1394
- if (ch === ";") {
1395
- pushSegment();
1396
- continue;
1397
- }
1398
- if (ch === "&" && next === "&") {
1399
- pushSegment();
1400
- i += 1;
1401
- continue;
1402
- }
1403
- if (ch === "|" && next === "|") {
1404
- pushSegment();
1405
- i += 1;
1406
- continue;
1407
- }
1408
- if (params.splitPipes && ch === "|") {
1409
- pushSegment();
1410
- continue;
1411
- }
1412
- buf += ch;
1413
- }
1414
- pushSegment();
1415
- return segments;
1416
- }
1417
- function isInterpreterExecutable(executable) {
1418
- if (!executable) return false;
1419
- return /^python(?:3(?:\.\d+)?)?$/i.test(executable) || executable === "node";
1420
- }
1421
- function hasUnescapedSequence(raw, sequence) {
1422
- if (sequence.length === 0) return false;
1423
- let escaped = false;
1424
- for (let i = 0; i < raw.length; i += 1) {
1425
- const ch = raw[i];
1426
- if (escaped) {
1427
- escaped = false;
1428
- continue;
1429
- }
1430
- if (ch === "\\") {
1431
- escaped = true;
1432
- continue;
1433
- }
1434
- if (raw.startsWith(sequence, i)) return true;
1435
- }
1436
- return false;
1437
- }
1438
- function hasUnquotedScriptHint(raw) {
1439
- let inSingle = false;
1440
- let inDouble = false;
1441
- let escaped = false;
1442
- let token = "";
1443
- const flushToken = () => {
1444
- const normalizedToken = normalizeLowercaseStringOrEmpty(token);
1445
- if (normalizedToken.endsWith(".py") || normalizedToken.endsWith(".js")) return true;
1446
- token = "";
1447
- return false;
1448
- };
1449
- for (let i = 0; i < raw.length; i += 1) {
1450
- const ch = raw[i];
1451
- if (escaped) {
1452
- if (!inSingle && !inDouble) token += ch;
1453
- escaped = false;
1454
- continue;
1455
- }
1456
- if (!inSingle && ch === "\\") {
1457
- escaped = true;
1458
- continue;
1459
- }
1460
- if (inSingle) {
1461
- if (ch === "'") inSingle = false;
1462
- continue;
1463
- }
1464
- if (inDouble) {
1465
- if (ch === "\"") inDouble = false;
1466
- continue;
1467
- }
1468
- if (ch === "'") {
1469
- if (flushToken()) return true;
1470
- inSingle = true;
1471
- continue;
1472
- }
1473
- if (ch === "\"") {
1474
- if (flushToken()) return true;
1475
- inDouble = true;
1476
- continue;
1477
- }
1478
- if (/\s/u.test(ch) || "|&;()<>".includes(ch)) {
1479
- if (flushToken()) return true;
1480
- continue;
1481
- }
1482
- token += ch;
1483
- }
1484
- return flushToken();
1485
- }
1486
- function resolveLeadingShellSegmentExecutable(rawSegment) {
1487
- const argv = splitShellArgs((extractUnquotedShellText(rawSegment) ?? rawSegment).trim());
1488
- if (!argv || argv.length === 0) return;
1489
- const withoutLeadingKeyword = /^(?:if|then|do|elif|else|while|until|time)$/i.test(argv[0] ?? "") ? argv.slice(1) : argv;
1490
- if (withoutLeadingKeyword.length === 0) return;
1491
- const normalizedArgv = stripPreflightEnvPrefix(withoutLeadingKeyword);
1492
- let commandIdx = 0;
1493
- while (commandIdx < normalizedArgv.length && /^[A-Za-z_][A-Za-z0-9_]*=.*$/u.test(normalizedArgv[commandIdx] ?? "")) commandIdx += 1;
1494
- return normalizeOptionalLowercaseString(normalizedArgv[commandIdx]);
1495
- }
1496
- function analyzeInterpreterHeuristicsFromUnquoted(raw) {
1497
- const hasPython = splitShellSegmentsOutsideQuotes(raw, { splitPipes: true }).some((segment) => /^python(?:3(?:\.\d+)?)?$/i.test(resolveLeadingShellSegmentExecutable(segment) ?? ""));
1498
- const hasNode = splitShellSegmentsOutsideQuotes(raw, { splitPipes: true }).some((segment) => resolveLeadingShellSegmentExecutable(segment) === "node");
1499
- const hasProcessSubstitution = hasUnescapedSequence(raw, "<(") || hasUnescapedSequence(raw, ">(");
1500
- return {
1501
- hasPython,
1502
- hasNode,
1503
- hasComplexSyntax: hasUnescapedSequence(raw, "|") || hasUnescapedSequence(raw, "&&") || hasUnescapedSequence(raw, "||") || hasUnescapedSequence(raw, ";") || raw.includes("\n") || raw.includes("\r") || hasUnescapedSequence(raw, "$(") || hasUnescapedSequence(raw, "`") || hasProcessSubstitution,
1504
- hasProcessSubstitution,
1505
- hasScriptHint: hasUnquotedScriptHint(raw)
1506
- };
1507
- }
1508
- function extractShellWrappedCommandPayload(executable, args) {
1509
- if (!executable) return null;
1510
- const executableBase = normalizeOptionalLowercaseString(executable.split(/[\\/]/u).at(-1)) ?? "";
1511
- const normalizedExecutable = executableBase.endsWith(".exe") ? executableBase.slice(0, -4) : executableBase;
1512
- if (!/^(?:bash|dash|fish|ksh|sh|zsh)$/i.test(normalizedExecutable)) return null;
1513
- const shortOptionsWithSeparateValue = new Set(["-O", "-o"]);
1514
- for (let i = 0; i < args.length; i += 1) {
1515
- const arg = args[i];
1516
- if (arg === "--") return null;
1517
- if (arg === "-c") return args[i + 1] ?? null;
1518
- if (/^-[A-Za-z]+$/u.test(arg)) {
1519
- if (arg.includes("c")) return args[i + 1] ?? null;
1520
- if (shortOptionsWithSeparateValue.has(arg)) i += 1;
1521
- continue;
1522
- }
1523
- if (/^--[A-Za-z0-9][A-Za-z0-9-]*(?:=.*)?$/u.test(arg)) {
1524
- if (!arg.includes("=")) {
1525
- const next = args[i + 1];
1526
- if (next && next !== "--" && !next.startsWith("-")) i += 1;
1527
- }
1528
- continue;
1529
- }
1530
- return null;
1531
- }
1532
- return null;
1533
- }
1534
- function shouldFailClosedInterpreterPreflight(command) {
1535
- const raw = command.trim();
1536
- const rawArgv = splitShellArgs(raw);
1537
- const argv = rawArgv ? stripPreflightEnvPrefix(rawArgv) : null;
1538
- let commandIdx = 0;
1539
- if (argv) while (commandIdx < argv.length && /^[A-Za-z_][A-Za-z0-9_]*=.*$/u.test(argv[commandIdx] ?? "")) commandIdx += 1;
1540
- const directExecutable = normalizeOptionalLowercaseString(argv?.[commandIdx]);
1541
- const args = argv ? argv.slice(commandIdx + 1) : [];
1542
- const isDirectInterpreterCommand = Boolean(directExecutable && /^python(?:3(?:\.\d+)?)?$/i.test(directExecutable)) || directExecutable === "node";
1543
- const topLevel = analyzeInterpreterHeuristicsFromUnquoted(extractUnquotedShellText(raw) ?? raw);
1544
- const shellWrappedPayload = extractShellWrappedCommandPayload(directExecutable, args);
1545
- const nestedUnquoted = shellWrappedPayload ? extractUnquotedShellText(shellWrappedPayload) ?? shellWrappedPayload : "";
1546
- const nested = shellWrappedPayload ? analyzeInterpreterHeuristicsFromUnquoted(nestedUnquoted) : {
1547
- hasPython: false,
1548
- hasNode: false,
1549
- hasComplexSyntax: false,
1550
- hasProcessSubstitution: false,
1551
- hasScriptHint: false
1552
- };
1553
- const hasInterpreterInvocationInSegment = (rawSegment) => isInterpreterExecutable(resolveLeadingShellSegmentExecutable(rawSegment));
1554
- const isScriptExecutingInterpreterCommand = (rawCommand) => {
1555
- const argv = splitShellArgs(rawCommand.trim());
1556
- if (!argv || argv.length === 0) return false;
1557
- const withoutLeadingKeyword = /^(?:if|then|do|elif|else|while|until|time)$/i.test(argv[0] ?? "") ? argv.slice(1) : argv;
1558
- if (withoutLeadingKeyword.length === 0) return false;
1559
- const normalizedArgv = stripPreflightEnvPrefix(withoutLeadingKeyword);
1560
- let commandIdx = 0;
1561
- while (commandIdx < normalizedArgv.length && /^[A-Za-z_][A-Za-z0-9_]*=.*$/u.test(normalizedArgv[commandIdx] ?? "")) commandIdx += 1;
1562
- const executable = normalizeOptionalLowercaseString(normalizedArgv[commandIdx]);
1563
- if (!executable) return false;
1564
- const args = normalizedArgv.slice(commandIdx + 1);
1565
- if (/^python(?:3(?:\.\d+)?)?$/i.test(executable)) {
1566
- const pythonInfoOnlyFlags = new Set([
1567
- "-V",
1568
- "--version",
1569
- "-h",
1570
- "--help"
1571
- ]);
1572
- if (args.some((arg) => pythonInfoOnlyFlags.has(arg))) return false;
1573
- if (args.some((arg) => arg === "-c" || arg === "-m" || arg.startsWith("-c") || arg.startsWith("-m") || arg === "--check-hash-based-pycs")) return false;
1574
- return true;
1575
- }
1576
- if (executable === "node") {
1577
- const nodeInfoOnlyFlags = new Set([
1578
- "-v",
1579
- "--version",
1580
- "-h",
1581
- "--help",
1582
- "-c",
1583
- "--check"
1584
- ]);
1585
- if (args.some((arg) => nodeInfoOnlyFlags.has(arg))) return false;
1586
- if (args.some((arg) => arg === "-e" || arg === "-p" || arg === "--eval" || arg === "--print" || arg.startsWith("--eval=") || arg.startsWith("--print=") || (arg.startsWith("-e") || arg.startsWith("-p")) && arg.length > 2)) return false;
1587
- return true;
1588
- }
1589
- return false;
1590
- };
1591
- const hasScriptHintInSegment = (segment) => extractInterpreterScriptPathsFromSegment(segment).length > 0 || hasUnquotedScriptHint(segment);
1592
- const hasInterpreterAndScriptHintInSameSegment = (rawText) => {
1593
- return splitShellSegmentsOutsideQuotes(rawText, { splitPipes: true }).some((segment) => {
1594
- if (!isScriptExecutingInterpreterCommand(segment)) return false;
1595
- return hasScriptHintInSegment(segment);
1596
- });
1597
- };
1598
- const hasInterpreterPipelineScriptHintInSameSegment = (rawText) => {
1599
- return splitShellSegmentsOutsideQuotes(rawText, { splitPipes: false }).some((segment) => {
1600
- if (!splitShellSegmentsOutsideQuotes(segment, { splitPipes: true }).slice(1).some((pipelineCommand) => isScriptExecutingInterpreterCommand(pipelineCommand))) return false;
1601
- return hasScriptHintInSegment(segment);
1602
- });
1603
- };
1604
- const hasInterpreterSegmentScriptHint = hasInterpreterAndScriptHintInSameSegment(raw) || shellWrappedPayload !== null && hasInterpreterAndScriptHintInSameSegment(shellWrappedPayload);
1605
- const hasInterpreterPipelineScriptHint = hasInterpreterPipelineScriptHintInSameSegment(raw) || shellWrappedPayload !== null && hasInterpreterPipelineScriptHintInSameSegment(shellWrappedPayload);
1606
- const hasShellWrappedInterpreterSegmentScriptHint = shellWrappedPayload !== null && hasInterpreterAndScriptHintInSameSegment(shellWrappedPayload);
1607
- const hasShellWrappedInterpreterInvocation = (nested.hasPython || nested.hasNode) && (hasShellWrappedInterpreterSegmentScriptHint || nested.hasScriptHint || nested.hasComplexSyntax || nested.hasProcessSubstitution);
1608
- const hasTopLevelInterpreterInvocation = splitShellSegmentsOutsideQuotes(raw, { splitPipes: true }).some((segment) => hasInterpreterInvocationInSegment(segment));
1609
- return {
1610
- hasInterpreterInvocation: isDirectInterpreterCommand || hasShellWrappedInterpreterInvocation || hasTopLevelInterpreterInvocation,
1611
- hasComplexSyntax: topLevel.hasComplexSyntax || hasShellWrappedInterpreterInvocation,
1612
- hasProcessSubstitution: topLevel.hasProcessSubstitution || nested.hasProcessSubstitution,
1613
- hasInterpreterSegmentScriptHint,
1614
- hasInterpreterPipelineScriptHint,
1615
- isDirectInterpreterCommand
1616
- };
1617
- }
1618
- async function validateScriptFileForShellBleed(params) {
1619
- const target = extractScriptTargetFromCommand(params.command);
1620
- if (!target) {
1621
- const { hasInterpreterInvocation, hasComplexSyntax, hasProcessSubstitution, hasInterpreterSegmentScriptHint, hasInterpreterPipelineScriptHint, isDirectInterpreterCommand } = shouldFailClosedInterpreterPreflight(params.command);
1622
- if (hasInterpreterInvocation && hasComplexSyntax && (hasInterpreterSegmentScriptHint || hasInterpreterPipelineScriptHint || hasProcessSubstitution && isDirectInterpreterCommand)) throw new Error("exec preflight: complex interpreter invocation detected; refusing to run without script preflight validation. Use a direct `python <file>.py` or `node <file>.js` command.");
1623
- return;
1624
- }
1625
- const { SafeOpenError, readFileWithinRoot } = await loadFsSafeModule();
1626
- for (const relOrAbsPath of target.relOrAbsPaths) {
1627
- const absPath = path.isAbsolute(relOrAbsPath) ? path.resolve(relOrAbsPath) : path.resolve(params.workdir, relOrAbsPath);
1628
- const relativePath = resolvePreflightRelativePath({
1629
- rootDir: params.workdir,
1630
- absPath
1631
- });
1632
- if (!relativePath) continue;
1633
- let content;
1634
- try {
1635
- content = (await readFileWithinRoot({
1636
- rootDir: params.workdir,
1637
- relativePath,
1638
- nonBlockingRead: true,
1639
- allowSymlinkTargetWithinRoot: true,
1640
- maxBytes: 512 * 1024
1641
- })).buffer.toString("utf-8");
1642
- } catch (error) {
1643
- if (shouldSkipScriptPreflightPathError(error, SafeOpenError)) continue;
1644
- throw error;
1645
- }
1646
- const first = /\$[A-Z_][A-Z0-9_]{1,}/g.exec(content);
1647
- if (first) {
1648
- const idx = first.index;
1649
- const line = content.slice(0, idx).split("\n").length;
1650
- const token = first[0];
1651
- throw new Error([
1652
- `exec preflight: detected likely shell variable injection (${token}) in ${target.kind} script: ${path.basename(absPath)}:${line}.`,
1653
- target.kind === "python" ? `In Python, use os.environ.get(${JSON.stringify(token.slice(1))}) instead of raw ${token}.` : `In Node.js, use process.env[${JSON.stringify(token.slice(1))}] instead of raw ${token}.`,
1654
- "(If this is inside a string literal on purpose, escape it or restructure the code.)"
1655
- ].join("\n"));
1656
- }
1657
- if (target.kind === "node") {
1658
- const firstNonEmpty = content.split(/\r?\n/).map((l) => l.trim()).find((l) => l.length > 0);
1659
- if (firstNonEmpty && /^NODE\b/.test(firstNonEmpty)) throw new Error(`exec preflight: JS file starts with shell syntax (${firstNonEmpty}). This looks like a shell command, not JavaScript.`);
1660
- }
1661
- }
1662
- }
1663
- function shouldSkipExecScriptPreflight(params) {
1664
- return params.host === "gateway" && params.security === "full" && params.ask === "off";
1665
- }
1666
- function parseExecApprovalShellCommand(raw) {
1667
- const match = raw.trimStart().match(/^\/approve(?:@[^\s]+)?\s+([A-Za-z0-9][A-Za-z0-9._:-]*)\s+(allow-once|allow-always|always|deny)\b/i);
1668
- if (!match) return null;
1669
- return {
1670
- approvalId: match[1],
1671
- decision: normalizeLowercaseStringOrEmpty(match[2]) === "always" ? "allow-always" : normalizeLowercaseStringOrEmpty(match[2])
1672
- };
1673
- }
1674
- function rejectExecApprovalShellCommand(command) {
1675
- const isEnvAssignmentToken = (token) => /^[A-Za-z_][A-Za-z0-9_]*=.*$/u.test(token);
1676
- const shellWrappers = new Set([
1677
- "bash",
1678
- "dash",
1679
- "fish",
1680
- "ksh",
1681
- "sh",
1682
- "zsh"
1683
- ]);
1684
- const commandStandaloneOptions = new Set([
1685
- "-p",
1686
- "-v",
1687
- "-V"
1688
- ]);
1689
- const envOptionsWithValues = new Set([
1690
- "-C",
1691
- "-S",
1692
- "-u",
1693
- "--argv0",
1694
- "--block-signal",
1695
- "--chdir",
1696
- "--default-signal",
1697
- "--ignore-signal",
1698
- "--split-string",
1699
- "--unset"
1700
- ]);
1701
- const execOptionsWithValues = new Set(["-a"]);
1702
- const execStandaloneOptions = new Set(["-c", "-l"]);
1703
- const sudoOptionsWithValues = new Set([
1704
- "-C",
1705
- "-D",
1706
- "-g",
1707
- "-p",
1708
- "-R",
1709
- "-T",
1710
- "-U",
1711
- "-u",
1712
- "--chdir",
1713
- "--close-from",
1714
- "--group",
1715
- "--host",
1716
- "--other-user",
1717
- "--prompt",
1718
- "--role",
1719
- "--type",
1720
- "--user"
1721
- ]);
1722
- const sudoStandaloneOptions = new Set([
1723
- "-A",
1724
- "-E",
1725
- "--askpass",
1726
- "--preserve-env"
1727
- ]);
1728
- const extractEnvSplitStringPayload = (argv) => {
1729
- const remaining = [...argv];
1730
- while (remaining[0] && isEnvAssignmentToken(remaining[0])) remaining.shift();
1731
- if (remaining[0] !== "env") return [];
1732
- remaining.shift();
1733
- const payloads = [];
1734
- while (remaining.length > 0) {
1735
- while (remaining[0] && isEnvAssignmentToken(remaining[0])) remaining.shift();
1736
- const token = remaining[0];
1737
- if (!token) break;
1738
- if (token === "--") {
1739
- remaining.shift();
1740
- continue;
1741
- }
1742
- if (!token.startsWith("-") || token === "-") break;
1743
- const option = remaining.shift();
1744
- const normalized = option.split("=", 1)[0];
1745
- if (normalized === "-S" || normalized === "--split-string") {
1746
- const value = option.includes("=") ? option.slice(option.indexOf("=") + 1) : remaining.shift();
1747
- if (value?.trim()) payloads.push(value);
1748
- continue;
1749
- }
1750
- if (envOptionsWithValues.has(normalized) && !option.includes("=") && remaining[0]) remaining.shift();
1751
- }
1752
- return payloads;
1753
- };
1754
- const stripApprovalCommandPrefixes = (argv) => {
1755
- const remaining = [...argv];
1756
- while (remaining.length > 0) {
1757
- while (remaining[0] && isEnvAssignmentToken(remaining[0])) remaining.shift();
1758
- const token = remaining[0];
1759
- if (!token) break;
1760
- if (token === "--") {
1761
- remaining.shift();
1762
- continue;
1763
- }
1764
- if (token === "env") {
1765
- remaining.shift();
1766
- while (remaining.length > 0) {
1767
- while (remaining[0] && isEnvAssignmentToken(remaining[0])) remaining.shift();
1768
- const envToken = remaining[0];
1769
- if (!envToken) break;
1770
- if (envToken === "--") {
1771
- remaining.shift();
1772
- continue;
1773
- }
1774
- if (!envToken.startsWith("-") || envToken === "-") break;
1775
- const option = remaining.shift();
1776
- const normalized = option.split("=", 1)[0];
1777
- if (envOptionsWithValues.has(normalized) && !option.includes("=") && remaining[0]) remaining.shift();
1778
- }
1779
- continue;
1780
- }
1781
- if (token === "command" || token === "builtin") {
1782
- remaining.shift();
1783
- while (remaining[0]?.startsWith("-")) {
1784
- const option = remaining.shift();
1785
- if (option === "--") break;
1786
- if (!commandStandaloneOptions.has(option.split("=", 1)[0])) continue;
1787
- }
1788
- continue;
1789
- }
1790
- if (token === "exec") {
1791
- remaining.shift();
1792
- while (remaining[0]?.startsWith("-")) {
1793
- const option = remaining.shift();
1794
- if (option === "--") break;
1795
- const normalized = option.split("=", 1)[0];
1796
- if (execStandaloneOptions.has(normalized)) continue;
1797
- if (execOptionsWithValues.has(normalized) && !option.includes("=") && remaining[0]) remaining.shift();
1798
- }
1799
- continue;
1800
- }
1801
- if (token === "sudo") {
1802
- remaining.shift();
1803
- while (remaining[0]?.startsWith("-")) {
1804
- const option = remaining.shift();
1805
- if (option === "--") break;
1806
- const normalized = option.split("=", 1)[0];
1807
- if (sudoStandaloneOptions.has(normalized)) continue;
1808
- if (sudoOptionsWithValues.has(normalized) && !option.includes("=") && remaining[0]) remaining.shift();
1809
- }
1810
- continue;
1811
- }
1812
- break;
1813
- }
1814
- return remaining;
1815
- };
1816
- const extractShellWrapperPayload = (argv) => {
1817
- const [commandName, ...rest] = argv;
1818
- if (!commandName || !shellWrappers.has(path.basename(commandName))) return [];
1819
- for (let i = 0; i < rest.length; i += 1) {
1820
- const token = rest[i];
1821
- if (!token) continue;
1822
- if (token === "-c" || token === "-lc" || token === "-ic" || token === "-xc") return rest[i + 1] ? [rest[i + 1]] : [];
1823
- if (/^-[^-]*c[^-]*$/u.test(token)) return rest[i + 1] ? [rest[i + 1]] : [];
1824
- }
1825
- return [];
1826
- };
1827
- const buildCandidates = (argv) => {
1828
- const envSplitCandidates = extractEnvSplitStringPayload(argv).flatMap((payload) => {
1829
- const innerArgv = splitShellArgs(payload);
1830
- return innerArgv ? buildCandidates(innerArgv) : [payload];
1831
- });
1832
- const stripped = stripApprovalCommandPrefixes(argv);
1833
- const shellWrapperCandidates = extractShellWrapperPayload(stripped).flatMap((payload) => {
1834
- const innerArgv = splitShellArgs(payload);
1835
- return innerArgv ? buildCandidates(innerArgv) : [payload];
1836
- });
1837
- return [
1838
- ...stripped.length > 0 ? [stripped.join(" ")] : [],
1839
- ...envSplitCandidates,
1840
- ...shellWrapperCandidates
1841
- ];
1842
- };
1843
- const rawCommand = command.trim();
1844
- const analysis = analyzeShellCommand({ command: rawCommand });
1845
- const candidates = analysis.ok ? analysis.segments.flatMap((segment) => buildCandidates(segment.argv)) : rawCommand.split(/\r?\n/).map((line) => line.trim()).filter(Boolean).flatMap((line) => {
1846
- const argv = splitShellArgs(line);
1847
- return argv ? buildCandidates(argv) : [line];
1848
- });
1849
- for (const candidate of candidates) {
1850
- if (!parseExecApprovalShellCommand(candidate)) continue;
1851
- throw new Error(["exec cannot run /approve commands.", "Show the /approve command to the user as chat text, or route it through the approval command handler instead of shell execution."].join(" "));
1852
- }
1853
- }
1854
- function createExecTool(defaults) {
1855
- const defaultBackgroundMs = clampWithDefault(defaults?.backgroundMs ?? readEnvInt("PI_BASH_YIELD_MS"), 1e4, 10, 12e4);
1856
- const allowBackground = defaults?.allowBackground ?? true;
1857
- const defaultTimeoutSec = typeof defaults?.timeoutSec === "number" && defaults.timeoutSec > 0 ? defaults.timeoutSec : 1800;
1858
- const defaultPathPrepend = normalizePathPrepend(defaults?.pathPrepend);
1859
- const { safeBins, safeBinProfiles, trustedSafeBinDirs, unprofiledSafeBins, unprofiledInterpreterSafeBins } = resolveExecSafeBinRuntimePolicy({
1860
- local: {
1861
- safeBins: defaults?.safeBins,
1862
- safeBinTrustedDirs: defaults?.safeBinTrustedDirs,
1863
- safeBinProfiles: defaults?.safeBinProfiles
1864
- },
1865
- onWarning: (message) => {
1866
- logInfo(message);
1867
- }
1868
- });
1869
- if (unprofiledSafeBins.length > 0) logInfo(`exec: ignoring unprofiled safeBins entries (${unprofiledSafeBins.toSorted().join(", ")}); use allowlist or define tools.exec.safeBinProfiles.<bin>`);
1870
- if (unprofiledInterpreterSafeBins.length > 0) logInfo(`exec: interpreter/runtime binaries in safeBins (${unprofiledInterpreterSafeBins.join(", ")}) are unsafe without explicit hardened profiles; prefer allowlist entries`);
1871
- const notifyOnExit = defaults?.notifyOnExit !== false;
1872
- const notifyOnExitEmptySuccess = defaults?.notifyOnExitEmptySuccess === true;
1873
- const notifySessionKey = normalizeOptionalString(defaults?.sessionKey);
1874
- const notifyDeliveryContext = normalizeDeliveryContext({
1875
- channel: defaults?.messageProvider,
1876
- to: defaults?.currentChannelId,
1877
- accountId: defaults?.accountId,
1878
- threadId: defaults?.currentThreadTs
1879
- });
1880
- const approvalRunningNoticeMs = resolveApprovalRunningNoticeMs(defaults?.approvalRunningNoticeMs);
1881
- const parsedAgentSession = parseAgentSessionKey(defaults?.sessionKey);
1882
- const agentId = defaults?.agentId ?? (parsedAgentSession ? resolveAgentIdFromSessionKey(defaults?.sessionKey) : void 0);
1883
- return {
1884
- name: "exec",
1885
- label: "exec",
1886
- displaySummary: EXEC_TOOL_DISPLAY_SUMMARY,
1887
- get description() {
1888
- return describeExecTool({
1889
- agentId,
1890
- hasCronTool: defaults?.hasCronTool === true
1891
- });
1892
- },
1893
- parameters: execSchema,
1894
- execute: async (_toolCallId, args, signal, onUpdate) => {
1895
- const params = args;
1896
- if (!params.command) throw new Error("Provide a command to start.");
1897
- const maxOutput = DEFAULT_MAX_OUTPUT;
1898
- const pendingMaxOutput = DEFAULT_PENDING_MAX_OUTPUT;
1899
- const warnings = [];
1900
- let execCommandOverride;
1901
- const backgroundRequested = params.background === true;
1902
- const yieldRequested = typeof params.yieldMs === "number";
1903
- if (!allowBackground && (backgroundRequested || yieldRequested)) warnings.push("Warning: background execution is disabled; running synchronously.");
1904
- const yieldWindow = allowBackground ? backgroundRequested ? 0 : clampWithDefault(params.yieldMs ?? defaultBackgroundMs, defaultBackgroundMs, 10, 12e4) : null;
1905
- const elevatedDefaults = defaults?.elevated;
1906
- const elevatedAllowed = Boolean(elevatedDefaults?.enabled && elevatedDefaults.allowed);
1907
- const elevatedDefaultMode = elevatedDefaults?.defaultLevel === "full" ? "full" : elevatedDefaults?.defaultLevel === "ask" ? "ask" : elevatedDefaults?.defaultLevel === "on" ? "ask" : "off";
1908
- const effectiveDefaultMode = elevatedAllowed ? elevatedDefaultMode : "off";
1909
- const elevatedMode = typeof params.elevated === "boolean" ? params.elevated ? elevatedDefaultMode === "full" ? "full" : "ask" : "off" : effectiveDefaultMode;
1910
- const elevatedRequested = elevatedMode !== "off";
1911
- if (elevatedRequested) {
1912
- if (!elevatedDefaults?.enabled || !elevatedDefaults.allowed) {
1913
- const runtime = defaults?.sandbox ? "sandboxed" : "direct";
1914
- const gates = [];
1915
- const contextParts = [];
1916
- const provider = normalizeOptionalString(defaults?.messageProvider);
1917
- const sessionKey = normalizeOptionalString(defaults?.sessionKey);
1918
- if (provider) contextParts.push(`provider=${provider}`);
1919
- if (sessionKey) contextParts.push(`session=${sessionKey}`);
1920
- if (!elevatedDefaults?.enabled) gates.push("enabled (tools.elevated.enabled / agents.list[].tools.elevated.enabled)");
1921
- else gates.push("allowFrom (tools.elevated.allowFrom.<provider> / agents.list[].tools.elevated.allowFrom.<provider>)");
1922
- throw new Error([
1923
- `elevated is not available right now (runtime=${runtime}).`,
1924
- `Failing gates: ${gates.join(", ")}`,
1925
- contextParts.length > 0 ? `Context: ${contextParts.join(" ")}` : void 0,
1926
- "Fix-it keys:",
1927
- "- tools.elevated.enabled",
1928
- "- tools.elevated.allowFrom.<provider>",
1929
- "- agents.list[].tools.elevated.enabled",
1930
- "- agents.list[].tools.elevated.allowFrom.<provider>"
1931
- ].filter(Boolean).join("\n"));
1932
- }
1933
- }
1934
- if (elevatedRequested) logInfo(`exec: elevated command ${truncateMiddle(params.command, 120)}`);
1935
- const target = resolveExecTarget({
1936
- configuredTarget: defaults?.host,
1937
- requestedTarget: normalizeExecTarget(params.host),
1938
- elevatedRequested,
1939
- sandboxAvailable: Boolean(defaults?.sandbox)
1940
- });
1941
- const host = target.effectiveHost;
1942
- const approvalDefaults = loadExecApprovals().defaults;
1943
- const configuredSecurity = defaults?.security ?? approvalDefaults?.security ?? (host === "sandbox" ? "deny" : "full");
1944
- let security = minSecurity(configuredSecurity, normalizeExecSecurity(params.security) ?? configuredSecurity);
1945
- if (elevatedRequested && elevatedMode === "full") security = "full";
1946
- const configuredAsk = defaults?.ask ?? approvalDefaults?.ask ?? "off";
1947
- let ask = maxAsk(configuredAsk, normalizeExecAsk(params.ask) ?? configuredAsk);
1948
- const bypassApprovals = elevatedRequested && elevatedMode === "full";
1949
- if (bypassApprovals) ask = "off";
1950
- if (defaults?.safeguard?.enabled !== false) {
1951
- const safeguardAnalysis = analyzeShellCommand({ command: params.command });
1952
- let verdict = evaluateExecSafeguard(safeguardAnalysis, { rawCommand: params.command });
1953
- const evaluateModel = defaults?.safeguard?.evaluateCommandImpact;
1954
- if (evaluateModel && verdict.risk !== "high" && isAmbiguousForModel(safeguardAnalysis)) {
1955
- const timeoutMs = Math.max(1, Math.floor(defaults?.safeguard?.timeoutSeconds ?? 20)) * 1e3;
1956
- const controller = new AbortController();
1957
- const onOuterAbort = () => controller.abort();
1958
- signal?.addEventListener("abort", onOuterAbort, { once: true });
1959
- const timer = setTimeout(() => controller.abort(), timeoutMs);
1960
- try {
1961
- const modelVerdict = parseModelRiskVerdict(await evaluateModel(params.command, controller.signal));
1962
- if (modelVerdict) verdict = mergeSafeguardVerdicts(verdict, modelVerdict);
1963
- } catch {} finally {
1964
- clearTimeout(timer);
1965
- signal?.removeEventListener("abort", onOuterAbort);
1966
- }
1967
- }
1968
- if (verdict.risk === "high") throw new Error([
1969
- "Safeguard blocked this command: predicted high system impact.",
1970
- `Reasons: ${verdict.reasons.join("; ")}`,
1971
- "This command was not run. If it is genuinely required, run it yourself or adjust tools.exec.safeguard."
1972
- ].join("\n"));
1973
- if (verdict.risk === "medium" && !bypassApprovals) {
1974
- ask = "always";
1975
- warnings.push(`Safeguard: medium-risk command requires approval (${verdict.reasons.join("; ")}).`);
1976
- }
1977
- }
1978
- const sandbox = host === "sandbox" ? defaults?.sandbox : void 0;
1979
- if (target.selectedTarget === "sandbox" && !sandbox) throw new Error(["exec host=sandbox requires a sandbox runtime for this session.", "Enable sandbox mode (`agents.defaults.sandbox.mode=\"non-main\"` or `\"all\"`) or use host=auto/gateway/node."].join("\n"));
1980
- const explicitWorkdir = normalizeOptionalString(params.workdir);
1981
- const defaultWorkdir = normalizeOptionalString(defaults?.cwd);
1982
- let workdir;
1983
- let containerWorkdir = sandbox?.containerWorkdir;
1984
- if (sandbox) {
1985
- const resolved = await resolveSandboxWorkdir({
1986
- workdir: explicitWorkdir ?? defaultWorkdir ?? process.cwd(),
1987
- sandbox,
1988
- warnings
1989
- });
1990
- workdir = resolved.hostWorkdir;
1991
- containerWorkdir = resolved.containerWorkdir;
1992
- } else if (host === "node") workdir = explicitWorkdir;
1993
- else workdir = resolveWorkdir(explicitWorkdir ?? defaultWorkdir ?? process.cwd(), warnings);
1994
- rejectExecApprovalShellCommand(params.command);
1995
- const inheritedBaseEnv = coerceEnv(process.env);
1996
- const hostEnvResult = host === "sandbox" ? null : sanitizeHostExecEnvWithDiagnostics({
1997
- baseEnv: inheritedBaseEnv,
1998
- overrides: params.env,
1999
- blockPathOverrides: true
2000
- });
2001
- if (hostEnvResult && params.env && (hostEnvResult.rejectedOverrideBlockedKeys.length > 0 || hostEnvResult.rejectedOverrideInvalidKeys.length > 0)) {
2002
- const blockedKeys = hostEnvResult.rejectedOverrideBlockedKeys;
2003
- const invalidKeys = hostEnvResult.rejectedOverrideInvalidKeys;
2004
- const pathBlocked = blockedKeys.includes("PATH");
2005
- if (pathBlocked && blockedKeys.length === 1 && invalidKeys.length === 0) throw new Error("Security Violation: Custom 'PATH' variable is forbidden during host execution.");
2006
- if (blockedKeys.length === 1 && invalidKeys.length === 0) throw new Error(`Security Violation: Environment variable '${blockedKeys[0]}' is forbidden during host execution.`);
2007
- const details = [];
2008
- if (blockedKeys.length > 0) details.push(`blocked override keys: ${blockedKeys.join(", ")}`);
2009
- if (invalidKeys.length > 0) details.push(`invalid non-portable override keys: ${invalidKeys.join(", ")}`);
2010
- const suffix = details.join("; ");
2011
- if (pathBlocked) throw new Error(`Security Violation: Custom 'PATH' variable is forbidden during host execution (${suffix}).`);
2012
- throw new Error(`Security Violation: ${suffix}.`);
2013
- }
2014
- const env = sandbox && host === "sandbox" ? buildSandboxEnv({
2015
- defaultPath: DEFAULT_PATH,
2016
- paramsEnv: params.env,
2017
- sandboxEnv: sandbox.env,
2018
- containerWorkdir: containerWorkdir ?? sandbox.containerWorkdir
2019
- }) : hostEnvResult?.env ?? inheritedBaseEnv;
2020
- if (!sandbox && host === "gateway" && !params.env?.PATH) applyShellPath(env, getShellPathFromLoginShell({
2021
- env: process.env,
2022
- timeoutMs: resolveShellEnvFallbackTimeoutMs(process.env)
2023
- }));
2024
- if (host === "node" && defaultPathPrepend.length > 0) warnings.push("Warning: tools.exec.pathPrepend is ignored for host=node. Configure PATH on the node host/service instead.");
2025
- else applyPathPrepend(env, defaultPathPrepend);
2026
- if (host === "node") return executeNodeHostCommand({
2027
- command: params.command,
2028
- workdir,
2029
- env,
2030
- requestedEnv: params.env,
2031
- requestedNode: params.node?.trim(),
2032
- boundNode: defaults?.node?.trim(),
2033
- sessionKey: defaults?.sessionKey,
2034
- turnSourceChannel: defaults?.messageProvider,
2035
- turnSourceTo: defaults?.currentChannelId,
2036
- turnSourceAccountId: defaults?.accountId,
2037
- turnSourceThreadId: defaults?.currentThreadTs,
2038
- agentId,
2039
- security,
2040
- ask,
2041
- strictInlineEval: defaults?.strictInlineEval,
2042
- trigger: defaults?.trigger,
2043
- timeoutSec: params.timeout,
2044
- defaultTimeoutSec,
2045
- approvalRunningNoticeMs,
2046
- warnings,
2047
- notifySessionKey,
2048
- notifyOnExit,
2049
- trustedSafeBinDirs
2050
- });
2051
- if (!workdir) throw new Error("exec internal error: local execution requires a resolved workdir");
2052
- if (host === "gateway" && !bypassApprovals) {
2053
- const gatewayResult = await processGatewayAllowlist({
2054
- command: params.command,
2055
- workdir,
2056
- env,
2057
- requestedEnv: params.env,
2058
- pty: params.pty === true && !sandbox,
2059
- timeoutSec: params.timeout,
2060
- defaultTimeoutSec,
2061
- security,
2062
- ask,
2063
- safeBins,
2064
- safeBinProfiles,
2065
- strictInlineEval: defaults?.strictInlineEval,
2066
- trigger: defaults?.trigger,
2067
- agentId,
2068
- sessionKey: defaults?.sessionKey,
2069
- turnSourceChannel: defaults?.messageProvider,
2070
- turnSourceTo: defaults?.currentChannelId,
2071
- turnSourceAccountId: defaults?.accountId,
2072
- turnSourceThreadId: defaults?.currentThreadTs,
2073
- scopeKey: defaults?.scopeKey,
2074
- warnings,
2075
- notifySessionKey,
2076
- approvalRunningNoticeMs,
2077
- maxOutput,
2078
- pendingMaxOutput,
2079
- trustedSafeBinDirs
2080
- });
2081
- if (gatewayResult.pendingResult) return gatewayResult.pendingResult;
2082
- execCommandOverride = gatewayResult.execCommandOverride;
2083
- if (gatewayResult.allowWithoutEnforcedCommand) execCommandOverride = void 0;
2084
- }
2085
- const explicitTimeoutSec = typeof params.timeout === "number" ? params.timeout : null;
2086
- const effectiveTimeout = allowBackground && explicitTimeoutSec === null && (backgroundRequested || yieldRequested) ? null : explicitTimeoutSec ?? defaultTimeoutSec;
2087
- const getWarningText = () => warnings.length ? `${warnings.join("\n")}\n\n` : "";
2088
- const usePty = params.pty === true && !sandbox;
2089
- if (!shouldSkipExecScriptPreflight({
2090
- host,
2091
- security,
2092
- ask
2093
- })) await validateScriptFileForShellBleed({
2094
- command: params.command,
2095
- workdir
2096
- });
2097
- const run = await runExecProcess({
2098
- command: params.command,
2099
- execCommand: execCommandOverride,
2100
- workdir,
2101
- env,
2102
- sandbox,
2103
- containerWorkdir,
2104
- usePty,
2105
- warnings,
2106
- maxOutput,
2107
- pendingMaxOutput,
2108
- notifyOnExit,
2109
- notifyOnExitEmptySuccess,
2110
- scopeKey: defaults?.scopeKey,
2111
- sessionKey: notifySessionKey,
2112
- notifyDeliveryContext,
2113
- timeoutSec: effectiveTimeout,
2114
- onUpdate
2115
- });
2116
- let yielded = false;
2117
- let yieldTimer = null;
2118
- const onAbortSignal = () => {
2119
- run.disableUpdates();
2120
- if (yielded || run.session.backgrounded) return;
2121
- run.kill();
2122
- };
2123
- if (signal?.aborted) onAbortSignal();
2124
- else if (signal) signal.addEventListener("abort", onAbortSignal, { once: true });
2125
- return new Promise((resolve, reject) => {
2126
- const resolveRunning = () => resolve({
2127
- content: [{
2128
- type: "text",
2129
- text: `${getWarningText()}Command still running (session ${run.session.id}, pid ${run.session.pid ?? "n/a"}). Use process (list/poll/log/write/kill/clear/remove) for follow-up.`
2130
- }],
2131
- details: {
2132
- status: "running",
2133
- sessionId: run.session.id,
2134
- pid: run.session.pid ?? void 0,
2135
- startedAt: run.startedAt,
2136
- cwd: run.session.cwd,
2137
- tail: run.session.tail
2138
- }
2139
- });
2140
- const onYieldNow = () => {
2141
- if (yieldTimer) clearTimeout(yieldTimer);
2142
- if (yielded) return;
2143
- yielded = true;
2144
- markBackgrounded(run.session);
2145
- resolveRunning();
2146
- };
2147
- if (allowBackground && yieldWindow !== null) if (yieldWindow === 0) onYieldNow();
2148
- else yieldTimer = setTimeout(() => {
2149
- if (yielded) return;
2150
- yielded = true;
2151
- markBackgrounded(run.session);
2152
- resolveRunning();
2153
- }, yieldWindow);
2154
- run.promise.then((outcome) => {
2155
- if (yieldTimer) clearTimeout(yieldTimer);
2156
- if (yielded || run.session.backgrounded) return;
2157
- resolve(buildExecForegroundResult({
2158
- outcome,
2159
- cwd: run.session.cwd,
2160
- warningText: getWarningText()
2161
- }));
2162
- }).catch((err) => {
2163
- if (yieldTimer) clearTimeout(yieldTimer);
2164
- if (yielded || run.session.backgrounded) return;
2165
- reject(err);
2166
- });
2167
- });
2168
- }
2169
- };
2170
- }
2171
- const execTool = createExecTool();
2172
- //#endregion
2173
- //#region src/agents/pty-keys.ts
2174
- const ESC = "\x1B";
2175
- const CR = "\r";
2176
- const TAB = " ";
2177
- const BACKSPACE = "";
2178
- const BRACKETED_PASTE_START = `${ESC}[200~`;
2179
- const BRACKETED_PASTE_END = `${ESC}[201~`;
2180
- /** SS3 sequences for DECCKM application cursor key mode (smkx). */
2181
- const DECCKM_SS3_KEYS = {
2182
- up: `${ESC}OA`,
2183
- down: `${ESC}OB`,
2184
- right: `${ESC}OC`,
2185
- left: `${ESC}OD`,
2186
- home: `${ESC}OH`,
2187
- end: `${ESC}OF`
2188
- };
2189
- const namedKeyMap = new Map([
2190
- ["enter", CR],
2191
- ["return", CR],
2192
- ["tab", TAB],
2193
- ["escape", ESC],
2194
- ["esc", ESC],
2195
- ["space", " "],
2196
- ["bspace", BACKSPACE],
2197
- ["backspace", BACKSPACE],
2198
- ["up", `${ESC}[A`],
2199
- ["down", `${ESC}[B`],
2200
- ["right", `${ESC}[C`],
2201
- ["left", `${ESC}[D`],
2202
- ["home", `${ESC}[1~`],
2203
- ["end", `${ESC}[4~`],
2204
- ["pageup", `${ESC}[5~`],
2205
- ["pgup", `${ESC}[5~`],
2206
- ["ppage", `${ESC}[5~`],
2207
- ["pagedown", `${ESC}[6~`],
2208
- ["pgdn", `${ESC}[6~`],
2209
- ["npage", `${ESC}[6~`],
2210
- ["insert", `${ESC}[2~`],
2211
- ["ic", `${ESC}[2~`],
2212
- ["delete", `${ESC}[3~`],
2213
- ["del", `${ESC}[3~`],
2214
- ["dc", `${ESC}[3~`],
2215
- ["btab", `${ESC}[Z`],
2216
- ["f1", `${ESC}OP`],
2217
- ["f2", `${ESC}OQ`],
2218
- ["f3", `${ESC}OR`],
2219
- ["f4", `${ESC}OS`],
2220
- ["f5", `${ESC}[15~`],
2221
- ["f6", `${ESC}[17~`],
2222
- ["f7", `${ESC}[18~`],
2223
- ["f8", `${ESC}[19~`],
2224
- ["f9", `${ESC}[20~`],
2225
- ["f10", `${ESC}[21~`],
2226
- ["f11", `${ESC}[23~`],
2227
- ["f12", `${ESC}[24~`],
2228
- ["kp/", `${ESC}Oo`],
2229
- ["kp*", `${ESC}Oj`],
2230
- ["kp-", `${ESC}Om`],
2231
- ["kp+", `${ESC}Ok`],
2232
- ["kp7", `${ESC}Ow`],
2233
- ["kp8", `${ESC}Ox`],
2234
- ["kp9", `${ESC}Oy`],
2235
- ["kp4", `${ESC}Ot`],
2236
- ["kp5", `${ESC}Ou`],
2237
- ["kp6", `${ESC}Ov`],
2238
- ["kp1", `${ESC}Oq`],
2239
- ["kp2", `${ESC}Or`],
2240
- ["kp3", `${ESC}Os`],
2241
- ["kp0", `${ESC}Op`],
2242
- ["kp.", `${ESC}On`],
2243
- ["kpenter", `${ESC}OM`]
2244
- ]);
2245
- const modifiableNamedKeys = new Set([
2246
- "up",
2247
- "down",
2248
- "left",
2249
- "right",
2250
- "home",
2251
- "end",
2252
- "pageup",
2253
- "pgup",
2254
- "ppage",
2255
- "pagedown",
2256
- "pgdn",
2257
- "npage",
2258
- "insert",
2259
- "ic",
2260
- "delete",
2261
- "del",
2262
- "dc"
2263
- ]);
2264
- function hasCursorModeSensitiveKeys(request) {
2265
- return request.keys?.some((raw) => {
2266
- const token = raw.trim();
2267
- if (!token) return false;
2268
- const parsed = parseModifiers(token);
2269
- if (hasAnyModifier(parsed.mods)) return false;
2270
- return normalizeLowercaseStringOrEmpty(parsed.base) in DECCKM_SS3_KEYS;
2271
- }) ?? false;
2272
- }
2273
- function encodeKeySequence(request, cursorKeyMode) {
2274
- const warnings = [];
2275
- let data = "";
2276
- if (request.literal) data += request.literal;
2277
- if (request.hex?.length) for (const raw of request.hex) {
2278
- const byte = parseHexByte(raw);
2279
- if (byte === null) {
2280
- warnings.push(`Invalid hex byte: ${raw}`);
2281
- continue;
2282
- }
2283
- data += String.fromCharCode(byte);
2284
- }
2285
- if (request.keys?.length) for (const token of request.keys) data += encodeKeyToken(token, warnings, cursorKeyMode);
2286
- return {
2287
- data,
2288
- warnings
2289
- };
2290
- }
2291
- function encodePaste(text, bracketed = true) {
2292
- if (!bracketed) return text;
2293
- return `${BRACKETED_PASTE_START}${text}${BRACKETED_PASTE_END}`;
2294
- }
2295
- function encodeKeyToken(raw, warnings, cursorKeyMode) {
2296
- const token = raw.trim();
2297
- if (!token) return "";
2298
- if (token.length === 2 && token.startsWith("^")) {
2299
- const ctrl = toCtrlChar(token[1]);
2300
- if (ctrl) return ctrl;
2301
- }
2302
- const parsed = parseModifiers(token);
2303
- const base = parsed.base;
2304
- const baseLower = normalizeLowercaseStringOrEmpty(base);
2305
- if (baseLower === "tab" && parsed.mods.shift) return `${ESC}[Z`;
2306
- if (modifiableNamedKeys.has(baseLower) && cursorKeyMode === "application" && !hasAnyModifier(parsed.mods)) {
2307
- const ss3Seq = DECCKM_SS3_KEYS[baseLower];
2308
- if (ss3Seq) return ss3Seq;
2309
- }
2310
- const baseSeq = namedKeyMap.get(baseLower);
2311
- if (baseSeq) {
2312
- let seq = baseSeq;
2313
- if (modifiableNamedKeys.has(baseLower) && hasAnyModifier(parsed.mods)) {
2314
- const mod = xtermModifier(parsed.mods);
2315
- if (mod > 1) {
2316
- const modified = applyXtermModifier(seq, mod);
2317
- if (modified) {
2318
- seq = modified;
2319
- return seq;
2320
- }
2321
- }
2322
- }
2323
- if (parsed.mods.alt) return `${ESC}${seq}`;
2324
- return seq;
2325
- }
2326
- if (base.length === 1) return applyCharModifiers(base, parsed.mods);
2327
- if (parsed.hasModifiers) warnings.push(`Unknown key "${base}" for modifiers; sending literal.`);
2328
- return base;
2329
- }
2330
- function parseModifiers(token) {
2331
- const mods = {
2332
- ctrl: false,
2333
- alt: false,
2334
- shift: false
2335
- };
2336
- let rest = token;
2337
- let sawModifiers = false;
2338
- while (rest.length > 2 && rest[1] === "-") {
2339
- const mod = normalizeLowercaseStringOrEmpty(rest[0]);
2340
- if (mod === "c") mods.ctrl = true;
2341
- else if (mod === "m") mods.alt = true;
2342
- else if (mod === "s") mods.shift = true;
2343
- else break;
2344
- sawModifiers = true;
2345
- rest = rest.slice(2);
2346
- }
2347
- return {
2348
- mods,
2349
- base: rest,
2350
- hasModifiers: sawModifiers
2351
- };
2352
- }
2353
- function applyCharModifiers(char, mods) {
2354
- let value = char;
2355
- if (mods.shift && value.length === 1 && /[a-z]/.test(value)) value = value.toUpperCase();
2356
- if (mods.ctrl) {
2357
- const ctrl = toCtrlChar(value);
2358
- if (ctrl) value = ctrl;
2359
- }
2360
- if (mods.alt) value = `${ESC}${value}`;
2361
- return value;
2362
- }
2363
- function toCtrlChar(char) {
2364
- if (char.length !== 1) return null;
2365
- if (char === "?") return "";
2366
- const code = char.toUpperCase().charCodeAt(0);
2367
- if (code >= 64 && code <= 95) return String.fromCharCode(code & 31);
2368
- return null;
2369
- }
2370
- function xtermModifier(mods) {
2371
- let mod = 1;
2372
- if (mods.shift) mod += 1;
2373
- if (mods.alt) mod += 2;
2374
- if (mods.ctrl) mod += 4;
2375
- return mod;
2376
- }
2377
- function applyXtermModifier(sequence, modifier) {
2378
- const escPattern = escapeRegExp(ESC);
2379
- const csiNumber = new RegExp(`^${escPattern}\\[(\\d+)([~A-Z])$`);
2380
- const csiArrow = new RegExp(`^${escPattern}\\[(A|B|C|D|H|F)$`);
2381
- const numberMatch = sequence.match(csiNumber);
2382
- if (numberMatch) return `${ESC}[${numberMatch[1]};${modifier}${numberMatch[2]}`;
2383
- const arrowMatch = sequence.match(csiArrow);
2384
- if (arrowMatch) return `${ESC}[1;${modifier}${arrowMatch[1]}`;
2385
- return null;
2386
- }
2387
- function hasAnyModifier(mods) {
2388
- return mods.ctrl || mods.alt || mods.shift;
2389
- }
2390
- function parseHexByte(raw) {
2391
- const lower = normalizeLowercaseStringOrEmpty(raw);
2392
- const normalized = lower.startsWith("0x") ? lower.slice(2) : lower;
2393
- if (!/^[0-9a-f]{1,2}$/.test(normalized)) return null;
2394
- const value = Number.parseInt(normalized, 16);
2395
- if (Number.isNaN(value) || value < 0 || value > 255) return null;
2396
- return value;
2397
- }
2398
- //#endregion
2399
- //#region src/agents/bash-tools.process-send-keys.ts
2400
- function failText$1(text) {
2401
- return {
2402
- content: [{
2403
- type: "text",
2404
- text
2405
- }],
2406
- details: { status: "failed" }
2407
- };
2408
- }
2409
- async function writeToStdin(stdin, data) {
2410
- await new Promise((resolve, reject) => {
2411
- stdin.write(data, (err) => {
2412
- if (err) reject(err);
2413
- else resolve();
2414
- });
2415
- });
2416
- }
2417
- async function handleProcessSendKeys(params) {
2418
- const request = {
2419
- keys: params.keys,
2420
- hex: params.hex,
2421
- literal: params.literal
2422
- };
2423
- if (params.session.cursorKeyMode === "unknown" && hasCursorModeSensitiveKeys(request)) return failText$1(`Session ${params.sessionId} cursor key mode is not known yet. Poll or log until startup output appears, then retry send-keys.`);
2424
- const { data, warnings } = encodeKeySequence(request, params.session.cursorKeyMode === "unknown" ? void 0 : params.session.cursorKeyMode);
2425
- if (!data) return failText$1("No key data provided.");
2426
- await writeToStdin(params.stdin, data);
2427
- return {
2428
- content: [{
2429
- type: "text",
2430
- text: `Sent ${data.length} bytes to session ${params.sessionId}.` + (warnings.length ? `\nWarnings:\n- ${warnings.join("\n- ")}` : "")
2431
- }],
2432
- details: {
2433
- status: "running",
2434
- sessionId: params.sessionId,
2435
- name: deriveSessionName(params.session.command)
2436
- }
2437
- };
2438
- }
2439
- //#endregion
2440
- //#region src/agents/bash-tools.process.ts
2441
- const DEFAULT_LOG_TAIL_LINES = 200;
2442
- function resolveLogSliceWindow(offset, limit) {
2443
- const usingDefaultTail = offset === void 0 && limit === void 0;
2444
- return {
2445
- effectiveOffset: offset,
2446
- effectiveLimit: typeof limit === "number" && Number.isFinite(limit) ? limit : usingDefaultTail ? DEFAULT_LOG_TAIL_LINES : void 0,
2447
- usingDefaultTail
2448
- };
2449
- }
2450
- function defaultTailNote(totalLines, usingDefaultTail) {
2451
- if (!usingDefaultTail || totalLines <= DEFAULT_LOG_TAIL_LINES) return "";
2452
- return `\n\n[showing last ${DEFAULT_LOG_TAIL_LINES} of ${totalLines} lines; pass offset/limit to page]`;
2453
- }
2454
- const MAX_POLL_WAIT_MS = 12e4;
2455
- function resolvePollWaitMs(value) {
2456
- if (typeof value === "number" && Number.isFinite(value)) return Math.max(0, Math.min(MAX_POLL_WAIT_MS, Math.floor(value)));
2457
- if (typeof value === "string") {
2458
- const parsed = Number.parseInt(value.trim(), 10);
2459
- if (Number.isFinite(parsed)) return Math.max(0, Math.min(MAX_POLL_WAIT_MS, parsed));
2460
- }
2461
- return 0;
2462
- }
2463
- function failText(text) {
2464
- return {
2465
- content: [{
2466
- type: "text",
2467
- text
2468
- }],
2469
- details: { status: "failed" }
2470
- };
2471
- }
2472
- function recordPollRetrySuggestion(sessionId, hasNewOutput) {
2473
- try {
2474
- return recordCommandPoll(getDiagnosticSessionState({ sessionId }), sessionId, hasNewOutput);
2475
- } catch {
2476
- return;
2477
- }
2478
- }
2479
- function resetPollRetrySuggestion(sessionId) {
2480
- try {
2481
- resetCommandPollCount(getDiagnosticSessionState({ sessionId }), sessionId);
2482
- } catch {}
2483
- }
2484
- function createProcessTool(defaults) {
2485
- if (defaults?.cleanupMs !== void 0) setJobTtlMs(defaults.cleanupMs);
2486
- const scopeKey = defaults?.scopeKey;
2487
- const supervisor = getProcessSupervisor();
2488
- const isInScope = (session) => !scopeKey || session?.scopeKey === scopeKey;
2489
- const cancelManagedSession = (sessionId) => {
2490
- const record = supervisor.getRecord(sessionId);
2491
- if (!record || record.state === "exited") return false;
2492
- supervisor.cancel(sessionId, "manual-cancel");
2493
- return true;
2494
- };
2495
- const terminateSessionFallback = (session) => {
2496
- const pid = session.pid ?? session.child?.pid;
2497
- if (typeof pid !== "number" || !Number.isFinite(pid) || pid <= 0) return false;
2498
- killProcessTree(pid);
2499
- return true;
2500
- };
2501
- return {
2502
- name: "process",
2503
- label: "process",
2504
- displaySummary: PROCESS_TOOL_DISPLAY_SUMMARY,
2505
- description: describeProcessTool({ hasCronTool: defaults?.hasCronTool === true }),
2506
- parameters: processSchema,
2507
- execute: async (_toolCallId, args, _signal, _onUpdate) => {
2508
- const params = args;
2509
- if (params.action === "list") {
2510
- const running = listRunningSessions().filter((s) => isInScope(s)).map((s) => ({
2511
- sessionId: s.id,
2512
- status: "running",
2513
- pid: s.pid ?? void 0,
2514
- startedAt: s.startedAt,
2515
- runtimeMs: Date.now() - s.startedAt,
2516
- cwd: s.cwd,
2517
- command: s.command,
2518
- name: deriveSessionName(s.command),
2519
- tail: s.tail,
2520
- truncated: s.truncated
2521
- }));
2522
- const finished = listFinishedSessions().filter((s) => isInScope(s)).map((s) => ({
2523
- sessionId: s.id,
2524
- status: s.status,
2525
- startedAt: s.startedAt,
2526
- endedAt: s.endedAt,
2527
- runtimeMs: s.endedAt - s.startedAt,
2528
- cwd: s.cwd,
2529
- command: s.command,
2530
- name: deriveSessionName(s.command),
2531
- tail: s.tail,
2532
- truncated: s.truncated,
2533
- exitCode: s.exitCode ?? void 0,
2534
- exitSignal: s.exitSignal ?? void 0
2535
- }));
2536
- return {
2537
- content: [{
2538
- type: "text",
2539
- text: [...running, ...finished].toSorted((a, b) => b.startedAt - a.startedAt).map((s) => {
2540
- const label = s.name ? truncateMiddle(s.name, 80) : truncateMiddle(s.command, 120);
2541
- return `${s.sessionId} ${pad(s.status, 9)} ${formatDurationCompact(s.runtimeMs) ?? "n/a"} :: ${label}`;
2542
- }).join("\n") || "No running or recent sessions."
2543
- }],
2544
- details: {
2545
- status: "completed",
2546
- sessions: [...running, ...finished]
2547
- }
2548
- };
2549
- }
2550
- if (!params.sessionId) return {
2551
- content: [{
2552
- type: "text",
2553
- text: "sessionId is required for this action."
2554
- }],
2555
- details: { status: "failed" }
2556
- };
2557
- const session = getSession(params.sessionId);
2558
- const finished = getFinishedSession(params.sessionId);
2559
- const scopedSession = isInScope(session) ? session : void 0;
2560
- const scopedFinished = isInScope(finished) ? finished : void 0;
2561
- const failedResult = (text) => ({
2562
- content: [{
2563
- type: "text",
2564
- text
2565
- }],
2566
- details: { status: "failed" }
2567
- });
2568
- const resolveBackgroundedWritableStdin = () => {
2569
- if (!scopedSession) return {
2570
- ok: false,
2571
- result: failedResult(`No active session found for ${params.sessionId}`)
2572
- };
2573
- if (!scopedSession.backgrounded) return {
2574
- ok: false,
2575
- result: failedResult(`Session ${params.sessionId} is not backgrounded.`)
2576
- };
2577
- const stdin = scopedSession.stdin ?? scopedSession.child?.stdin;
2578
- if (!stdin || stdin.destroyed) return {
2579
- ok: false,
2580
- result: failedResult(`Session ${params.sessionId} stdin is not writable.`)
2581
- };
2582
- return {
2583
- ok: true,
2584
- session: scopedSession,
2585
- stdin
2586
- };
2587
- };
2588
- const writeToStdin = async (stdin, data) => {
2589
- await new Promise((resolve, reject) => {
2590
- stdin.write(data, (err) => {
2591
- if (err) reject(err);
2592
- else resolve();
2593
- });
2594
- });
2595
- };
2596
- const runningSessionResult = (session, text) => ({
2597
- content: [{
2598
- type: "text",
2599
- text
2600
- }],
2601
- details: {
2602
- status: "running",
2603
- sessionId: params.sessionId,
2604
- name: deriveSessionName(session.command)
2605
- }
2606
- });
2607
- switch (params.action) {
2608
- case "poll": {
2609
- if (!scopedSession) {
2610
- if (scopedFinished) {
2611
- resetPollRetrySuggestion(params.sessionId);
2612
- return {
2613
- content: [{
2614
- type: "text",
2615
- text: (scopedFinished.tail || `(no output recorded${scopedFinished.truncated ? " — truncated to cap" : ""})`) + `\n\nProcess exited with ${scopedFinished.exitSignal ? `signal ${scopedFinished.exitSignal}` : `code ${scopedFinished.exitCode ?? 0}`}.`
2616
- }],
2617
- details: {
2618
- status: scopedFinished.status === "completed" ? "completed" : "failed",
2619
- sessionId: params.sessionId,
2620
- exitCode: scopedFinished.exitCode ?? void 0,
2621
- aggregated: scopedFinished.aggregated,
2622
- name: deriveSessionName(scopedFinished.command)
2623
- }
2624
- };
2625
- }
2626
- resetPollRetrySuggestion(params.sessionId);
2627
- return failText(`No session found for ${params.sessionId}`);
2628
- }
2629
- if (!scopedSession.backgrounded) return failText(`Session ${params.sessionId} is not backgrounded.`);
2630
- const pollWaitMs = resolvePollWaitMs(params.timeout);
2631
- if (pollWaitMs > 0 && !scopedSession.exited) {
2632
- const deadline = Date.now() + pollWaitMs;
2633
- while (!scopedSession.exited && Date.now() < deadline) await new Promise((resolve) => setTimeout(resolve, Math.max(0, Math.min(250, deadline - Date.now()))));
2634
- }
2635
- const { stdout, stderr } = drainSession(scopedSession);
2636
- const exited = scopedSession.exited;
2637
- const exitCode = scopedSession.exitCode ?? 0;
2638
- const exitSignal = scopedSession.exitSignal ?? void 0;
2639
- if (exited) {
2640
- const status = exitCode === 0 && exitSignal == null ? "completed" : "failed";
2641
- markExited(scopedSession, scopedSession.exitCode ?? null, scopedSession.exitSignal ?? null, status);
2642
- }
2643
- const status = exited ? exitCode === 0 && exitSignal == null ? "completed" : "failed" : "running";
2644
- const output = [stdout.trimEnd(), stderr.trimEnd()].filter(Boolean).join("\n").trim();
2645
- const hasNewOutput = output.length > 0;
2646
- const retryInMs = exited ? void 0 : recordPollRetrySuggestion(params.sessionId, hasNewOutput);
2647
- if (exited) resetPollRetrySuggestion(params.sessionId);
2648
- return {
2649
- content: [{
2650
- type: "text",
2651
- text: (output || "(no new output)") + (exited ? `\n\nProcess exited with ${exitSignal ? `signal ${exitSignal}` : `code ${exitCode}`}.` : "\n\nProcess still running.")
2652
- }],
2653
- details: {
2654
- status,
2655
- sessionId: params.sessionId,
2656
- exitCode: exited ? exitCode : void 0,
2657
- aggregated: scopedSession.aggregated,
2658
- name: deriveSessionName(scopedSession.command),
2659
- ...typeof retryInMs === "number" ? { retryInMs } : {}
2660
- }
2661
- };
2662
- }
2663
- case "log":
2664
- if (scopedSession) {
2665
- if (!scopedSession.backgrounded) return {
2666
- content: [{
2667
- type: "text",
2668
- text: `Session ${params.sessionId} is not backgrounded.`
2669
- }],
2670
- details: { status: "failed" }
2671
- };
2672
- const window = resolveLogSliceWindow(params.offset, params.limit);
2673
- const { slice, totalLines, totalChars } = sliceLogLines(scopedSession.aggregated, window.effectiveOffset, window.effectiveLimit);
2674
- const logDefaultTailNote = defaultTailNote(totalLines, window.usingDefaultTail);
2675
- return {
2676
- content: [{
2677
- type: "text",
2678
- text: (slice || "(no output yet)") + logDefaultTailNote
2679
- }],
2680
- details: {
2681
- status: scopedSession.exited ? "completed" : "running",
2682
- sessionId: params.sessionId,
2683
- total: totalLines,
2684
- totalLines,
2685
- totalChars,
2686
- truncated: scopedSession.truncated,
2687
- name: deriveSessionName(scopedSession.command)
2688
- }
2689
- };
2690
- }
2691
- if (scopedFinished) {
2692
- const window = resolveLogSliceWindow(params.offset, params.limit);
2693
- const { slice, totalLines, totalChars } = sliceLogLines(scopedFinished.aggregated, window.effectiveOffset, window.effectiveLimit);
2694
- const status = scopedFinished.status === "completed" ? "completed" : "failed";
2695
- const logDefaultTailNote = defaultTailNote(totalLines, window.usingDefaultTail);
2696
- return {
2697
- content: [{
2698
- type: "text",
2699
- text: (slice || "(no output recorded)") + logDefaultTailNote
2700
- }],
2701
- details: {
2702
- status,
2703
- sessionId: params.sessionId,
2704
- total: totalLines,
2705
- totalLines,
2706
- totalChars,
2707
- truncated: scopedFinished.truncated,
2708
- exitCode: scopedFinished.exitCode ?? void 0,
2709
- exitSignal: scopedFinished.exitSignal ?? void 0,
2710
- name: deriveSessionName(scopedFinished.command)
2711
- }
2712
- };
2713
- }
2714
- return {
2715
- content: [{
2716
- type: "text",
2717
- text: `No session found for ${params.sessionId}`
2718
- }],
2719
- details: { status: "failed" }
2720
- };
2721
- case "write": {
2722
- const resolved = resolveBackgroundedWritableStdin();
2723
- if (!resolved.ok) return resolved.result;
2724
- await writeToStdin(resolved.stdin, params.data ?? "");
2725
- if (params.eof) resolved.stdin.end();
2726
- return runningSessionResult(resolved.session, `Wrote ${(params.data ?? "").length} bytes to session ${params.sessionId}${params.eof ? " (stdin closed)" : ""}.`);
2727
- }
2728
- case "send-keys": {
2729
- const resolved = resolveBackgroundedWritableStdin();
2730
- if (!resolved.ok) return resolved.result;
2731
- return await handleProcessSendKeys({
2732
- sessionId: params.sessionId,
2733
- session: resolved.session,
2734
- stdin: resolved.stdin,
2735
- keys: params.keys,
2736
- hex: params.hex,
2737
- literal: params.literal
2738
- });
2739
- }
2740
- case "submit": {
2741
- const resolved = resolveBackgroundedWritableStdin();
2742
- if (!resolved.ok) return resolved.result;
2743
- await writeToStdin(resolved.stdin, "\r");
2744
- return runningSessionResult(resolved.session, `Submitted session ${params.sessionId} (sent CR).`);
2745
- }
2746
- case "paste": {
2747
- const resolved = resolveBackgroundedWritableStdin();
2748
- if (!resolved.ok) return resolved.result;
2749
- const payload = encodePaste(params.text ?? "", params.bracketed !== false);
2750
- if (!payload) return {
2751
- content: [{
2752
- type: "text",
2753
- text: "No paste text provided."
2754
- }],
2755
- details: { status: "failed" }
2756
- };
2757
- await writeToStdin(resolved.stdin, payload);
2758
- return runningSessionResult(resolved.session, `Pasted ${params.text?.length ?? 0} chars to session ${params.sessionId}.`);
2759
- }
2760
- case "kill": {
2761
- if (!scopedSession) return failText(`No active session found for ${params.sessionId}`);
2762
- if (!scopedSession.backgrounded) return failText(`Session ${params.sessionId} is not backgrounded.`);
2763
- const canceled = cancelManagedSession(scopedSession.id);
2764
- if (!canceled) {
2765
- if (!terminateSessionFallback(scopedSession)) return failText(`Unable to terminate session ${params.sessionId}: no active supervisor run or process id.`);
2766
- markExited(scopedSession, null, "SIGKILL", "failed");
2767
- }
2768
- resetPollRetrySuggestion(params.sessionId);
2769
- return {
2770
- content: [{
2771
- type: "text",
2772
- text: canceled ? `Termination requested for session ${params.sessionId}.` : `Killed session ${params.sessionId}.`
2773
- }],
2774
- details: {
2775
- status: "failed",
2776
- name: scopedSession ? deriveSessionName(scopedSession.command) : void 0
2777
- }
2778
- };
2779
- }
2780
- case "clear":
2781
- if (scopedFinished) {
2782
- resetPollRetrySuggestion(params.sessionId);
2783
- deleteSession(params.sessionId);
2784
- return {
2785
- content: [{
2786
- type: "text",
2787
- text: `Cleared session ${params.sessionId}.`
2788
- }],
2789
- details: { status: "completed" }
2790
- };
2791
- }
2792
- return {
2793
- content: [{
2794
- type: "text",
2795
- text: `No finished session found for ${params.sessionId}`
2796
- }],
2797
- details: { status: "failed" }
2798
- };
2799
- case "remove":
2800
- if (scopedSession) {
2801
- const canceled = cancelManagedSession(scopedSession.id);
2802
- if (canceled) {
2803
- scopedSession.backgrounded = false;
2804
- deleteSession(params.sessionId);
2805
- } else {
2806
- if (!terminateSessionFallback(scopedSession)) return failText(`Unable to remove session ${params.sessionId}: no active supervisor run or process id.`);
2807
- markExited(scopedSession, null, "SIGKILL", "failed");
2808
- deleteSession(params.sessionId);
2809
- }
2810
- resetPollRetrySuggestion(params.sessionId);
2811
- return {
2812
- content: [{
2813
- type: "text",
2814
- text: canceled ? `Removed session ${params.sessionId} (termination requested).` : `Removed session ${params.sessionId}.`
2815
- }],
2816
- details: {
2817
- status: "failed",
2818
- name: scopedSession ? deriveSessionName(scopedSession.command) : void 0
2819
- }
2820
- };
2821
- }
2822
- if (scopedFinished) {
2823
- resetPollRetrySuggestion(params.sessionId);
2824
- deleteSession(params.sessionId);
2825
- return {
2826
- content: [{
2827
- type: "text",
2828
- text: `Removed session ${params.sessionId}.`
2829
- }],
2830
- details: { status: "completed" }
2831
- };
2832
- }
2833
- return {
2834
- content: [{
2835
- type: "text",
2836
- text: `No session found for ${params.sessionId}`
2837
- }],
2838
- details: { status: "failed" }
2839
- };
2840
- }
2841
- return {
2842
- content: [{
2843
- type: "text",
2844
- text: `Unknown action ${params.action}`
2845
- }],
2846
- details: { status: "failed" }
2847
- };
2848
- }
2849
- };
2850
- }
2851
- const processTool = createProcessTool();
2852
- //#endregion
2853
- export { execTool as i, processTool as n, createExecTool as r, createProcessTool as t };