@praveencs/agent 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (279) hide show
  1. package/README.md +1007 -0
  2. package/bin/agent.ts +6 -0
  3. package/dist/bin/agent.d.ts +3 -0
  4. package/dist/bin/agent.d.ts.map +1 -0
  5. package/dist/bin/agent.js +5 -0
  6. package/dist/bin/agent.js.map +1 -0
  7. package/dist/src/cli/commands/config.d.ts +3 -0
  8. package/dist/src/cli/commands/config.d.ts.map +1 -0
  9. package/dist/src/cli/commands/config.js +54 -0
  10. package/dist/src/cli/commands/config.js.map +1 -0
  11. package/dist/src/cli/commands/daemon.d.ts +3 -0
  12. package/dist/src/cli/commands/daemon.d.ts.map +1 -0
  13. package/dist/src/cli/commands/daemon.js +43 -0
  14. package/dist/src/cli/commands/daemon.js.map +1 -0
  15. package/dist/src/cli/commands/doctor.d.ts +3 -0
  16. package/dist/src/cli/commands/doctor.d.ts.map +1 -0
  17. package/dist/src/cli/commands/doctor.js +84 -0
  18. package/dist/src/cli/commands/doctor.js.map +1 -0
  19. package/dist/src/cli/commands/init.d.ts +8 -0
  20. package/dist/src/cli/commands/init.d.ts.map +1 -0
  21. package/dist/src/cli/commands/init.js +112 -0
  22. package/dist/src/cli/commands/init.js.map +1 -0
  23. package/dist/src/cli/commands/mcp.d.ts +3 -0
  24. package/dist/src/cli/commands/mcp.d.ts.map +1 -0
  25. package/dist/src/cli/commands/mcp.js +26 -0
  26. package/dist/src/cli/commands/mcp.js.map +1 -0
  27. package/dist/src/cli/commands/plan.d.ts +3 -0
  28. package/dist/src/cli/commands/plan.d.ts.map +1 -0
  29. package/dist/src/cli/commands/plan.js +220 -0
  30. package/dist/src/cli/commands/plan.js.map +1 -0
  31. package/dist/src/cli/commands/run.d.ts +3 -0
  32. package/dist/src/cli/commands/run.d.ts.map +1 -0
  33. package/dist/src/cli/commands/run.js +192 -0
  34. package/dist/src/cli/commands/run.js.map +1 -0
  35. package/dist/src/cli/commands/skills.d.ts +3 -0
  36. package/dist/src/cli/commands/skills.d.ts.map +1 -0
  37. package/dist/src/cli/commands/skills.js +143 -0
  38. package/dist/src/cli/commands/skills.js.map +1 -0
  39. package/dist/src/cli/index.d.ts +6 -0
  40. package/dist/src/cli/index.d.ts.map +1 -0
  41. package/dist/src/cli/index.js +33 -0
  42. package/dist/src/cli/index.js.map +1 -0
  43. package/dist/src/cli/ui/progress.d.ts +17 -0
  44. package/dist/src/cli/ui/progress.d.ts.map +1 -0
  45. package/dist/src/cli/ui/progress.js +43 -0
  46. package/dist/src/cli/ui/progress.js.map +1 -0
  47. package/dist/src/cli/ui/prompt.d.ts +10 -0
  48. package/dist/src/cli/ui/prompt.d.ts.map +1 -0
  49. package/dist/src/cli/ui/prompt.js +53 -0
  50. package/dist/src/cli/ui/prompt.js.map +1 -0
  51. package/dist/src/cli/ui/report.d.ts +6 -0
  52. package/dist/src/cli/ui/report.d.ts.map +1 -0
  53. package/dist/src/cli/ui/report.js +81 -0
  54. package/dist/src/cli/ui/report.js.map +1 -0
  55. package/dist/src/config/defaults.d.ts +3 -0
  56. package/dist/src/config/defaults.d.ts.map +1 -0
  57. package/dist/src/config/defaults.js +82 -0
  58. package/dist/src/config/defaults.js.map +1 -0
  59. package/dist/src/config/loader.d.ts +33 -0
  60. package/dist/src/config/loader.d.ts.map +1 -0
  61. package/dist/src/config/loader.js +161 -0
  62. package/dist/src/config/loader.js.map +1 -0
  63. package/dist/src/config/schema.d.ts +530 -0
  64. package/dist/src/config/schema.d.ts.map +1 -0
  65. package/dist/src/config/schema.js +97 -0
  66. package/dist/src/config/schema.js.map +1 -0
  67. package/dist/src/config/secrets.d.ts +31 -0
  68. package/dist/src/config/secrets.d.ts.map +1 -0
  69. package/dist/src/config/secrets.js +98 -0
  70. package/dist/src/config/secrets.js.map +1 -0
  71. package/dist/src/daemon/manager.d.ts +28 -0
  72. package/dist/src/daemon/manager.d.ts.map +1 -0
  73. package/dist/src/daemon/manager.js +77 -0
  74. package/dist/src/daemon/manager.js.map +1 -0
  75. package/dist/src/daemon/scheduler.d.ts +6 -0
  76. package/dist/src/daemon/scheduler.d.ts.map +1 -0
  77. package/dist/src/daemon/scheduler.js +82 -0
  78. package/dist/src/daemon/scheduler.js.map +1 -0
  79. package/dist/src/daemon/watcher.d.ts +16 -0
  80. package/dist/src/daemon/watcher.d.ts.map +1 -0
  81. package/dist/src/daemon/watcher.js +59 -0
  82. package/dist/src/daemon/watcher.js.map +1 -0
  83. package/dist/src/engine/executor.d.ts +51 -0
  84. package/dist/src/engine/executor.d.ts.map +1 -0
  85. package/dist/src/engine/executor.js +189 -0
  86. package/dist/src/engine/executor.js.map +1 -0
  87. package/dist/src/engine/rollback.d.ts +37 -0
  88. package/dist/src/engine/rollback.d.ts.map +1 -0
  89. package/dist/src/engine/rollback.js +95 -0
  90. package/dist/src/engine/rollback.js.map +1 -0
  91. package/dist/src/engine/types.d.ts +31 -0
  92. package/dist/src/engine/types.d.ts.map +1 -0
  93. package/dist/src/engine/types.js +2 -0
  94. package/dist/src/engine/types.js.map +1 -0
  95. package/dist/src/engine/verification.d.ts +27 -0
  96. package/dist/src/engine/verification.d.ts.map +1 -0
  97. package/dist/src/engine/verification.js +75 -0
  98. package/dist/src/engine/verification.js.map +1 -0
  99. package/dist/src/index.d.ts +17 -0
  100. package/dist/src/index.d.ts.map +1 -0
  101. package/dist/src/index.js +13 -0
  102. package/dist/src/index.js.map +1 -0
  103. package/dist/src/llm/cache.d.ts +20 -0
  104. package/dist/src/llm/cache.d.ts.map +1 -0
  105. package/dist/src/llm/cache.js +45 -0
  106. package/dist/src/llm/cache.js.map +1 -0
  107. package/dist/src/llm/providers/anthropic.d.ts +13 -0
  108. package/dist/src/llm/providers/anthropic.d.ts.map +1 -0
  109. package/dist/src/llm/providers/anthropic.js +69 -0
  110. package/dist/src/llm/providers/anthropic.js.map +1 -0
  111. package/dist/src/llm/providers/azure.d.ts +14 -0
  112. package/dist/src/llm/providers/azure.d.ts.map +1 -0
  113. package/dist/src/llm/providers/azure.js +98 -0
  114. package/dist/src/llm/providers/azure.js.map +1 -0
  115. package/dist/src/llm/providers/ollama.d.ts +13 -0
  116. package/dist/src/llm/providers/ollama.d.ts.map +1 -0
  117. package/dist/src/llm/providers/ollama.js +80 -0
  118. package/dist/src/llm/providers/ollama.js.map +1 -0
  119. package/dist/src/llm/providers/openai.d.ts +13 -0
  120. package/dist/src/llm/providers/openai.d.ts.map +1 -0
  121. package/dist/src/llm/providers/openai.js +74 -0
  122. package/dist/src/llm/providers/openai.js.map +1 -0
  123. package/dist/src/llm/router.d.ts +26 -0
  124. package/dist/src/llm/router.d.ts.map +1 -0
  125. package/dist/src/llm/router.js +104 -0
  126. package/dist/src/llm/router.js.map +1 -0
  127. package/dist/src/llm/types.d.ts +44 -0
  128. package/dist/src/llm/types.d.ts.map +1 -0
  129. package/dist/src/llm/types.js +2 -0
  130. package/dist/src/llm/types.js.map +1 -0
  131. package/dist/src/logging/audit-log.d.ts +89 -0
  132. package/dist/src/logging/audit-log.d.ts.map +1 -0
  133. package/dist/src/logging/audit-log.js +132 -0
  134. package/dist/src/logging/audit-log.js.map +1 -0
  135. package/dist/src/logging/logger.d.ts +13 -0
  136. package/dist/src/logging/logger.d.ts.map +1 -0
  137. package/dist/src/logging/logger.js +57 -0
  138. package/dist/src/logging/logger.js.map +1 -0
  139. package/dist/src/logging/redactor.d.ts +14 -0
  140. package/dist/src/logging/redactor.d.ts.map +1 -0
  141. package/dist/src/logging/redactor.js +48 -0
  142. package/dist/src/logging/redactor.js.map +1 -0
  143. package/dist/src/mcp/handlers.d.ts +21 -0
  144. package/dist/src/mcp/handlers.d.ts.map +1 -0
  145. package/dist/src/mcp/handlers.js +156 -0
  146. package/dist/src/mcp/handlers.js.map +1 -0
  147. package/dist/src/mcp/server.d.ts +8 -0
  148. package/dist/src/mcp/server.d.ts.map +1 -0
  149. package/dist/src/mcp/server.js +40 -0
  150. package/dist/src/mcp/server.js.map +1 -0
  151. package/dist/src/mcp/types.d.ts +20 -0
  152. package/dist/src/mcp/types.d.ts.map +1 -0
  153. package/dist/src/mcp/types.js +2 -0
  154. package/dist/src/mcp/types.js.map +1 -0
  155. package/dist/src/plans/parser.d.ts +33 -0
  156. package/dist/src/plans/parser.d.ts.map +1 -0
  157. package/dist/src/plans/parser.js +93 -0
  158. package/dist/src/plans/parser.js.map +1 -0
  159. package/dist/src/plans/propose.d.ts +26 -0
  160. package/dist/src/plans/propose.d.ts.map +1 -0
  161. package/dist/src/plans/propose.js +85 -0
  162. package/dist/src/plans/propose.js.map +1 -0
  163. package/dist/src/plans/runner.d.ts +19 -0
  164. package/dist/src/plans/runner.d.ts.map +1 -0
  165. package/dist/src/plans/runner.js +159 -0
  166. package/dist/src/plans/runner.js.map +1 -0
  167. package/dist/src/plans/triggers.d.ts +12 -0
  168. package/dist/src/plans/triggers.d.ts.map +1 -0
  169. package/dist/src/plans/triggers.js +43 -0
  170. package/dist/src/plans/triggers.js.map +1 -0
  171. package/dist/src/plans/types.d.ts +454 -0
  172. package/dist/src/plans/types.d.ts.map +1 -0
  173. package/dist/src/plans/types.js +56 -0
  174. package/dist/src/plans/types.js.map +1 -0
  175. package/dist/src/policy/audit.d.ts +35 -0
  176. package/dist/src/policy/audit.d.ts.map +1 -0
  177. package/dist/src/policy/audit.js +39 -0
  178. package/dist/src/policy/audit.js.map +1 -0
  179. package/dist/src/policy/engine.d.ts +35 -0
  180. package/dist/src/policy/engine.d.ts.map +1 -0
  181. package/dist/src/policy/engine.js +134 -0
  182. package/dist/src/policy/engine.js.map +1 -0
  183. package/dist/src/policy/scope.d.ts +27 -0
  184. package/dist/src/policy/scope.d.ts.map +1 -0
  185. package/dist/src/policy/scope.js +89 -0
  186. package/dist/src/policy/scope.js.map +1 -0
  187. package/dist/src/policy/types.d.ts +15 -0
  188. package/dist/src/policy/types.d.ts.map +1 -0
  189. package/dist/src/policy/types.js +2 -0
  190. package/dist/src/policy/types.js.map +1 -0
  191. package/dist/src/self-extend/generator.d.ts +27 -0
  192. package/dist/src/self-extend/generator.d.ts.map +1 -0
  193. package/dist/src/self-extend/generator.js +107 -0
  194. package/dist/src/self-extend/generator.js.map +1 -0
  195. package/dist/src/self-extend/publisher.d.ts +5 -0
  196. package/dist/src/self-extend/publisher.d.ts.map +1 -0
  197. package/dist/src/self-extend/publisher.js +40 -0
  198. package/dist/src/self-extend/publisher.js.map +1 -0
  199. package/dist/src/self-extend/sandbox.d.ts +10 -0
  200. package/dist/src/self-extend/sandbox.d.ts.map +1 -0
  201. package/dist/src/self-extend/sandbox.js +22 -0
  202. package/dist/src/self-extend/sandbox.js.map +1 -0
  203. package/dist/src/skills/hub/lockfile.d.ts +15 -0
  204. package/dist/src/skills/hub/lockfile.d.ts.map +1 -0
  205. package/dist/src/skills/hub/lockfile.js +13 -0
  206. package/dist/src/skills/hub/lockfile.js.map +1 -0
  207. package/dist/src/skills/hub/publisher.d.ts +7 -0
  208. package/dist/src/skills/hub/publisher.d.ts.map +1 -0
  209. package/dist/src/skills/hub/publisher.js +10 -0
  210. package/dist/src/skills/hub/publisher.js.map +1 -0
  211. package/dist/src/skills/hub/registry.d.ts +16 -0
  212. package/dist/src/skills/hub/registry.d.ts.map +1 -0
  213. package/dist/src/skills/hub/registry.js +24 -0
  214. package/dist/src/skills/hub/registry.js.map +1 -0
  215. package/dist/src/skills/index.d.ts +12 -0
  216. package/dist/src/skills/index.d.ts.map +1 -0
  217. package/dist/src/skills/index.js +82 -0
  218. package/dist/src/skills/index.js.map +1 -0
  219. package/dist/src/skills/lifecycle.d.ts +19 -0
  220. package/dist/src/skills/lifecycle.d.ts.map +1 -0
  221. package/dist/src/skills/lifecycle.js +48 -0
  222. package/dist/src/skills/lifecycle.js.map +1 -0
  223. package/dist/src/skills/loader.d.ts +43 -0
  224. package/dist/src/skills/loader.d.ts.map +1 -0
  225. package/dist/src/skills/loader.js +142 -0
  226. package/dist/src/skills/loader.js.map +1 -0
  227. package/dist/src/skills/runner.d.ts +43 -0
  228. package/dist/src/skills/runner.d.ts.map +1 -0
  229. package/dist/src/skills/runner.js +198 -0
  230. package/dist/src/skills/runner.js.map +1 -0
  231. package/dist/src/skills/types.d.ts +150 -0
  232. package/dist/src/skills/types.d.ts.map +1 -0
  233. package/dist/src/skills/types.js +31 -0
  234. package/dist/src/skills/types.js.map +1 -0
  235. package/dist/src/skills/validator.d.ts +19 -0
  236. package/dist/src/skills/validator.d.ts.map +1 -0
  237. package/dist/src/skills/validator.js +92 -0
  238. package/dist/src/skills/validator.js.map +1 -0
  239. package/dist/src/tools/core/cmd.d.ts +24 -0
  240. package/dist/src/tools/core/cmd.d.ts.map +1 -0
  241. package/dist/src/tools/core/cmd.js +55 -0
  242. package/dist/src/tools/core/cmd.js.map +1 -0
  243. package/dist/src/tools/core/fs.d.ts +76 -0
  244. package/dist/src/tools/core/fs.d.ts.map +1 -0
  245. package/dist/src/tools/core/fs.js +173 -0
  246. package/dist/src/tools/core/fs.js.map +1 -0
  247. package/dist/src/tools/core/git.d.ts +62 -0
  248. package/dist/src/tools/core/git.d.ts.map +1 -0
  249. package/dist/src/tools/core/git.js +138 -0
  250. package/dist/src/tools/core/git.js.map +1 -0
  251. package/dist/src/tools/core/project.d.ts +17 -0
  252. package/dist/src/tools/core/project.d.ts.map +1 -0
  253. package/dist/src/tools/core/project.js +104 -0
  254. package/dist/src/tools/core/project.js.map +1 -0
  255. package/dist/src/tools/plugins/loader.d.ts +13 -0
  256. package/dist/src/tools/plugins/loader.d.ts.map +1 -0
  257. package/dist/src/tools/plugins/loader.js +36 -0
  258. package/dist/src/tools/plugins/loader.js.map +1 -0
  259. package/dist/src/tools/registry.d.ts +38 -0
  260. package/dist/src/tools/registry.d.ts.map +1 -0
  261. package/dist/src/tools/registry.js +118 -0
  262. package/dist/src/tools/registry.js.map +1 -0
  263. package/dist/src/tools/types.d.ts +46 -0
  264. package/dist/src/tools/types.d.ts.map +1 -0
  265. package/dist/src/tools/types.js +10 -0
  266. package/dist/src/tools/types.js.map +1 -0
  267. package/dist/src/utils/hash.d.ts +13 -0
  268. package/dist/src/utils/hash.d.ts.map +1 -0
  269. package/dist/src/utils/hash.js +22 -0
  270. package/dist/src/utils/hash.js.map +1 -0
  271. package/dist/src/utils/paths.d.ts +45 -0
  272. package/dist/src/utils/paths.d.ts.map +1 -0
  273. package/dist/src/utils/paths.js +71 -0
  274. package/dist/src/utils/paths.js.map +1 -0
  275. package/dist/src/utils/schema.d.ts +16 -0
  276. package/dist/src/utils/schema.d.ts.map +1 -0
  277. package/dist/src/utils/schema.js +66 -0
  278. package/dist/src/utils/schema.js.map +1 -0
  279. package/package.json +77 -0
@@ -0,0 +1,134 @@
1
+ import { ScopeChecker } from './scope.js';
2
+ import { auditEmitter, AuditEventType } from './audit.js';
3
+ /**
4
+ * Policy Engine — enforces permissions, approvals, and scope limits
5
+ * This is an immutable core component that MUST NOT be modified by autonomous runs.
6
+ */
7
+ export class PolicyEngine {
8
+ config;
9
+ scopeChecker;
10
+ sessionApprovals = new Set();
11
+ constructor(config, projectRoot) {
12
+ this.config = config;
13
+ this.scopeChecker = new ScopeChecker(config, projectRoot);
14
+ }
15
+ /**
16
+ * Check if an action is permitted based on policy rules
17
+ */
18
+ async checkPermission(action, ctx) {
19
+ // Check each required permission
20
+ for (const perm of action.permissions) {
21
+ const rule = this.findRule(perm);
22
+ // If session has pre-approved this permission
23
+ if (ctx.approvedPermissions.has(perm) || this.sessionApprovals.has(`${action.tool}:${perm}`)) {
24
+ continue;
25
+ }
26
+ switch (rule) {
27
+ case 'allow':
28
+ continue;
29
+ case 'deny':
30
+ auditEmitter.emit(AuditEventType.PERMISSION_DENIED, {
31
+ tool: action.tool,
32
+ permission: perm,
33
+ reason: 'Denied by policy',
34
+ });
35
+ return {
36
+ allowed: false,
37
+ reason: `Permission "${perm}" is denied by policy for tool "${action.tool}"`,
38
+ requiresApproval: false,
39
+ };
40
+ case 'confirm':
41
+ return {
42
+ allowed: false,
43
+ reason: `Action "${action.description}" requires approval (${perm})`,
44
+ requiresApproval: true,
45
+ };
46
+ }
47
+ }
48
+ return { allowed: true, requiresApproval: false };
49
+ }
50
+ /**
51
+ * Request approval from the user for a specific action
52
+ */
53
+ async requestApproval(action, ctx) {
54
+ // In autonomous mode, auto-approve low-risk actions
55
+ if (ctx.autonomous && action.riskLevel === 'low') {
56
+ this.grantSessionApproval(action);
57
+ return true;
58
+ }
59
+ // Call the approval handler
60
+ if (ctx.onApproval) {
61
+ const approved = await ctx.onApproval(action);
62
+ if (approved) {
63
+ this.grantSessionApproval(action);
64
+ auditEmitter.emit(AuditEventType.APPROVAL_GRANTED, {
65
+ tool: action.tool,
66
+ permissions: action.permissions,
67
+ description: action.description,
68
+ });
69
+ }
70
+ else {
71
+ auditEmitter.emit(AuditEventType.APPROVAL_DENIED, {
72
+ tool: action.tool,
73
+ permissions: action.permissions,
74
+ description: action.description,
75
+ });
76
+ }
77
+ return approved;
78
+ }
79
+ // No approval handler = deny
80
+ return false;
81
+ }
82
+ /**
83
+ * Check if a tool invocation is within the configured scope
84
+ */
85
+ checkScope(toolName, args) {
86
+ // Filesystem scope
87
+ if (toolName.startsWith('fs.') && args['path']) {
88
+ const check = this.scopeChecker.checkFilesystemScope(args['path']);
89
+ if (!check.inScope)
90
+ return false;
91
+ }
92
+ // Command scope
93
+ if (toolName === 'cmd.run' && args['command']) {
94
+ const check = this.scopeChecker.checkCommandScope(args['command']);
95
+ if (!check.inScope)
96
+ return false;
97
+ }
98
+ return true;
99
+ }
100
+ /**
101
+ * Grant session-level approval (persists for current run)
102
+ */
103
+ grantSessionApproval(action) {
104
+ for (const perm of action.permissions) {
105
+ this.sessionApprovals.add(`${action.tool}:${perm}`);
106
+ }
107
+ }
108
+ /**
109
+ * Clear all session approvals
110
+ */
111
+ clearSessionApprovals() {
112
+ this.sessionApprovals.clear();
113
+ }
114
+ // ─── Private ───
115
+ findRule(permission) {
116
+ // Check specific rules first
117
+ for (const rule of this.config.policy.rules) {
118
+ if (rule.permission === permission) {
119
+ return rule.action;
120
+ }
121
+ }
122
+ // Check parent category (e.g., filesystem.read → filesystem)
123
+ const parentPerm = permission.split('.')[0];
124
+ if (parentPerm !== permission) {
125
+ for (const rule of this.config.policy.rules) {
126
+ if (rule.permission === parentPerm) {
127
+ return rule.action;
128
+ }
129
+ }
130
+ }
131
+ return this.config.policy.defaultApproval;
132
+ }
133
+ }
134
+ //# sourceMappingURL=engine.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"engine.js","sourceRoot":"","sources":["../../../src/policy/engine.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAE1D;;;GAGG;AACH,MAAM,OAAO,YAAY;IACb,MAAM,CAAc;IACpB,YAAY,CAAe;IAC3B,gBAAgB,GAAgB,IAAI,GAAG,EAAE,CAAC;IAElD,YAAY,MAAmB,EAAE,WAAmB;QAChD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAC9D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CACjB,MAAwB,EACxB,GAAqB;QAErB,iCAAiC;QACjC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACpC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAEjC,8CAA8C;YAC9C,IAAI,GAAG,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC,EAAE,CAAC;gBAC3F,SAAS;YACb,CAAC;YAED,QAAQ,IAAI,EAAE,CAAC;gBACX,KAAK,OAAO;oBACR,SAAS;gBACb,KAAK,MAAM;oBACP,YAAY,CAAC,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE;wBAChD,IAAI,EAAE,MAAM,CAAC,IAAI;wBACjB,UAAU,EAAE,IAAI;wBAChB,MAAM,EAAE,kBAAkB;qBAC7B,CAAC,CAAC;oBACH,OAAO;wBACH,OAAO,EAAE,KAAK;wBACd,MAAM,EAAE,eAAe,IAAI,mCAAmC,MAAM,CAAC,IAAI,GAAG;wBAC5E,gBAAgB,EAAE,KAAK;qBAC1B,CAAC;gBACN,KAAK,SAAS;oBACV,OAAO;wBACH,OAAO,EAAE,KAAK;wBACd,MAAM,EAAE,WAAW,MAAM,CAAC,WAAW,wBAAwB,IAAI,GAAG;wBACpE,gBAAgB,EAAE,IAAI;qBACzB,CAAC;YACV,CAAC;QACL,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC;IACtD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CACjB,MAAwB,EACxB,GAAqB;QAErB,oDAAoD;QACpD,IAAI,GAAG,CAAC,UAAU,IAAI,MAAM,CAAC,SAAS,KAAK,KAAK,EAAE,CAAC;YAC/C,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;YAClC,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,4BAA4B;QAC5B,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;YACjB,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YAC9C,IAAI,QAAQ,EAAE,CAAC;gBACX,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;gBAClC,YAAY,CAAC,IAAI,CAAC,cAAc,CAAC,gBAAgB,EAAE;oBAC/C,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC/B,WAAW,EAAE,MAAM,CAAC,WAAW;iBAClC,CAAC,CAAC;YACP,CAAC;iBAAM,CAAC;gBACJ,YAAY,CAAC,IAAI,CAAC,cAAc,CAAC,eAAe,EAAE;oBAC9C,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC/B,WAAW,EAAE,MAAM,CAAC,WAAW;iBAClC,CAAC,CAAC;YACP,CAAC;YACD,OAAO,QAAQ,CAAC;QACpB,CAAC;QAED,6BAA6B;QAC7B,OAAO,KAAK,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,QAAgB,EAAE,IAA6B;QACtD,mBAAmB;QACnB,IAAI,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7C,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,IAAI,CAAC,MAAM,CAAW,CAAC,CAAC;YAC7E,IAAI,CAAC,KAAK,CAAC,OAAO;gBAAE,OAAO,KAAK,CAAC;QACrC,CAAC;QAED,gBAAgB;QAChB,IAAI,QAAQ,KAAK,SAAS,IAAI,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAW,CAAC,CAAC;YAC7E,IAAI,CAAC,KAAK,CAAC,OAAO;gBAAE,OAAO,KAAK,CAAC;QACrC,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,oBAAoB,CAAC,MAAwB;QACzC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACpC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;IACL,CAAC;IAED;;OAEG;IACH,qBAAqB;QACjB,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC;IAClC,CAAC;IAED,kBAAkB;IAEV,QAAQ,CAAC,UAA8B;QAC3C,6BAA6B;QAC7B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAC1C,IAAI,IAAI,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;gBACjC,OAAO,IAAI,CAAC,MAAM,CAAC;YACvB,CAAC;QACL,CAAC;QAED,6DAA6D;QAC7D,MAAM,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5C,IAAI,UAAU,KAAK,UAAU,EAAE,CAAC;YAC5B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAC1C,IAAI,IAAI,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;oBACjC,OAAO,IAAI,CAAC,MAAM,CAAC;gBACvB,CAAC;YACL,CAAC;QACL,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC;IAC9C,CAAC;CACJ"}
@@ -0,0 +1,27 @@
1
+ import type { AgentConfig } from '../config/schema.js';
2
+ import type { ScopeCheckResult } from './types.js';
3
+ /**
4
+ * Scope controls: filesystem allowlist, command allowlist, domain allowlist
5
+ */
6
+ export declare class ScopeChecker {
7
+ private config;
8
+ private projectRoot;
9
+ constructor(config: AgentConfig, projectRoot: string);
10
+ /**
11
+ * Check if a filesystem path is within the allowed scope
12
+ */
13
+ checkFilesystemScope(filePath: string): ScopeCheckResult;
14
+ /**
15
+ * Check if a command is within the allowed scope
16
+ */
17
+ checkCommandScope(command: string): ScopeCheckResult;
18
+ /**
19
+ * Check if a domain is within the allowed scope
20
+ */
21
+ checkDomainScope(domain: string): ScopeCheckResult;
22
+ /**
23
+ * Simple glob match (supports ** and *)
24
+ */
25
+ private matchGlob;
26
+ }
27
+ //# sourceMappingURL=scope.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"scope.d.ts","sourceRoot":"","sources":["../../../src/policy/scope.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAEnD;;GAEG;AACH,qBAAa,YAAY;IACrB,OAAO,CAAC,MAAM,CAAc;IAC5B,OAAO,CAAC,WAAW,CAAS;gBAEhB,MAAM,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM;IAKpD;;OAEG;IACH,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,gBAAgB;IAuBxD;;OAEG;IACH,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,gBAAgB;IAwBpD;;OAEG;IACH,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,gBAAgB;IAkBlD;;OAEG;IACH,OAAO,CAAC,SAAS;CAYpB"}
@@ -0,0 +1,89 @@
1
+ import path from 'node:path';
2
+ /**
3
+ * Scope controls: filesystem allowlist, command allowlist, domain allowlist
4
+ */
5
+ export class ScopeChecker {
6
+ config;
7
+ projectRoot;
8
+ constructor(config, projectRoot) {
9
+ this.config = config;
10
+ this.projectRoot = projectRoot;
11
+ }
12
+ /**
13
+ * Check if a filesystem path is within the allowed scope
14
+ */
15
+ checkFilesystemScope(filePath) {
16
+ const absPath = path.resolve(this.projectRoot, filePath);
17
+ const relPath = path.relative(this.projectRoot, absPath);
18
+ // Prevent path traversal outside project
19
+ if (relPath.startsWith('..')) {
20
+ return { inScope: false, violation: `Path "${filePath}" is outside project root` };
21
+ }
22
+ const allowlist = this.config.policy.filesystemAllowlist;
23
+ if (allowlist.length === 0) {
24
+ return { inScope: false, violation: 'Filesystem allowlist is empty' };
25
+ }
26
+ // Check if path matches any allowlist pattern
27
+ const matches = allowlist.some((pattern) => this.matchGlob(relPath, pattern));
28
+ if (!matches) {
29
+ return { inScope: false, violation: `Path "${relPath}" not in filesystem allowlist` };
30
+ }
31
+ return { inScope: true };
32
+ }
33
+ /**
34
+ * Check if a command is within the allowed scope
35
+ */
36
+ checkCommandScope(command) {
37
+ const allowlist = this.config.policy.commandAllowlist;
38
+ // If allowlist is empty, all commands require approval (but aren't blocked)
39
+ if (allowlist.length === 0) {
40
+ return { inScope: true };
41
+ }
42
+ const matches = allowlist.some((pattern) => {
43
+ if (pattern === command)
44
+ return true;
45
+ try {
46
+ return new RegExp(pattern).test(command);
47
+ }
48
+ catch {
49
+ return false;
50
+ }
51
+ });
52
+ if (!matches) {
53
+ return { inScope: false, violation: `Command "${command}" not in command allowlist` };
54
+ }
55
+ return { inScope: true };
56
+ }
57
+ /**
58
+ * Check if a domain is within the allowed scope
59
+ */
60
+ checkDomainScope(domain) {
61
+ const allowlist = this.config.policy.domainAllowlist;
62
+ if (allowlist.length === 0) {
63
+ return { inScope: true };
64
+ }
65
+ const matches = allowlist.some((d) => domain === d || domain.endsWith(`.${d}`));
66
+ if (!matches) {
67
+ return { inScope: false, violation: `Domain "${domain}" not in domain allowlist` };
68
+ }
69
+ return { inScope: true };
70
+ }
71
+ /**
72
+ * Simple glob match (supports ** and *)
73
+ */
74
+ matchGlob(str, pattern) {
75
+ if (pattern === '**/*' || pattern === '*')
76
+ return true;
77
+ const regexStr = pattern
78
+ .replace(/\*\*/g, '{{DOUBLE_STAR}}')
79
+ .replace(/\*/g, '[^/]*')
80
+ .replace(/{{DOUBLE_STAR}}/g, '.*');
81
+ try {
82
+ return new RegExp(`^${regexStr}$`).test(str);
83
+ }
84
+ catch {
85
+ return false;
86
+ }
87
+ }
88
+ }
89
+ //# sourceMappingURL=scope.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"scope.js","sourceRoot":"","sources":["../../../src/policy/scope.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAI7B;;GAEG;AACH,MAAM,OAAO,YAAY;IACb,MAAM,CAAc;IACpB,WAAW,CAAS;IAE5B,YAAY,MAAmB,EAAE,WAAmB;QAChD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,oBAAoB,CAAC,QAAgB;QACjC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAEzD,yCAAyC;QACzC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,QAAQ,2BAA2B,EAAE,CAAC;QACvF,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,mBAAmB,CAAC;QACzD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,+BAA+B,EAAE,CAAC;QAC1E,CAAC;QAED,8CAA8C;QAC9C,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QAC9E,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,OAAO,+BAA+B,EAAE,CAAC;QAC1F,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,iBAAiB,CAAC,OAAe;QAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC;QAEtD,4EAA4E;QAC5E,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC7B,CAAC;QAED,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;YACvC,IAAI,OAAO,KAAK,OAAO;gBAAE,OAAO,IAAI,CAAC;YACrC,IAAI,CAAC;gBACD,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC7C,CAAC;YAAC,MAAM,CAAC;gBACL,OAAO,KAAK,CAAC;YACjB,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,YAAY,OAAO,4BAA4B,EAAE,CAAC;QAC1F,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,MAAc;QAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC;QAErD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC7B,CAAC;QAED,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAC1B,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAClD,CAAC;QAEF,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,MAAM,2BAA2B,EAAE,CAAC;QACvF,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC7B,CAAC;IAED;;OAEG;IACK,SAAS,CAAC,GAAW,EAAE,OAAe;QAC1C,IAAI,OAAO,KAAK,MAAM,IAAI,OAAO,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QACvD,MAAM,QAAQ,GAAG,OAAO;aACnB,OAAO,CAAC,OAAO,EAAE,iBAAiB,CAAC;aACnC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC;aACvB,OAAO,CAAC,kBAAkB,EAAE,IAAI,CAAC,CAAC;QACvC,IAAI,CAAC;YACD,OAAO,IAAI,MAAM,CAAC,IAAI,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjD,CAAC;QAAC,MAAM,CAAC;YACL,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;CACJ"}
@@ -0,0 +1,15 @@
1
+ /**
2
+ * Permission category type definitions
3
+ */
4
+ export type PermissionCategory = 'filesystem' | 'filesystem.read' | 'filesystem.write' | 'exec' | 'network' | 'ui_automation' | 'secrets';
5
+ export type ApprovalAction = 'allow' | 'deny' | 'confirm';
6
+ export interface PermissionResult {
7
+ allowed: boolean;
8
+ reason?: string;
9
+ requiresApproval: boolean;
10
+ }
11
+ export interface ScopeCheckResult {
12
+ inScope: boolean;
13
+ violation?: string;
14
+ }
15
+ //# sourceMappingURL=types.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/policy/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,MAAM,kBAAkB,GACxB,YAAY,GACZ,iBAAiB,GACjB,kBAAkB,GAClB,MAAM,GACN,SAAS,GACT,eAAe,GACf,SAAS,CAAC;AAEhB,MAAM,MAAM,cAAc,GAAG,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC;AAE1D,MAAM,WAAW,gBAAgB;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gBAAgB,EAAE,OAAO,CAAC;CAC7B;AAED,MAAM,WAAW,gBAAgB;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACtB"}
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=types.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/policy/types.ts"],"names":[],"mappings":""}
@@ -0,0 +1,27 @@
1
+ import type { AgentConfig } from '../config/schema.js';
2
+ /**
3
+ * Self-extension: generate, validate, and activate new skills
4
+ *
5
+ * GUARDRAIL: This module CANNOT modify:
6
+ * - src/policy/ (policy engine)
7
+ * - src/tools/registry.ts (tool router)
8
+ * - Any approval enforcement code
9
+ */
10
+ export declare class SkillGenerator {
11
+ private config;
12
+ constructor(config: AgentConfig);
13
+ /**
14
+ * Generate a new skill from a description
15
+ */
16
+ generateSkillDraft(name: string, description: string, tools: string[]): Promise<string>;
17
+ /**
18
+ * Validate a generated skill
19
+ */
20
+ validateDraft(skillDir: string): Promise<{
21
+ valid: boolean;
22
+ errors: string[];
23
+ }>;
24
+ private inferPermissions;
25
+ private generatePrompt;
26
+ }
27
+ //# sourceMappingURL=generator.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"generator.d.ts","sourceRoot":"","sources":["../../../src/self-extend/generator.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAEvD;;;;;;;GAOG;AACH,qBAAa,cAAc;IACvB,OAAO,CAAC,MAAM,CAAc;gBAEhB,MAAM,EAAE,WAAW;IAI/B;;OAEG;IACG,kBAAkB,CACpB,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,MAAM,EAAE,GAChB,OAAO,CAAC,MAAM,CAAC;IA8BlB;;OAEG;IACG,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAapF,OAAO,CAAC,gBAAgB;IAsBxB,OAAO,CAAC,cAAc;CA6BzB"}
@@ -0,0 +1,107 @@
1
+ import { mkdir, writeFile } from 'node:fs/promises';
2
+ import path from 'node:path';
3
+ import { getSkillsDir } from '../utils/paths.js';
4
+ import { validateSkill } from '../skills/validator.js';
5
+ import { SkillLoader } from '../skills/loader.js';
6
+ /**
7
+ * Self-extension: generate, validate, and activate new skills
8
+ *
9
+ * GUARDRAIL: This module CANNOT modify:
10
+ * - src/policy/ (policy engine)
11
+ * - src/tools/registry.ts (tool router)
12
+ * - Any approval enforcement code
13
+ */
14
+ export class SkillGenerator {
15
+ config;
16
+ constructor(config) {
17
+ this.config = config;
18
+ }
19
+ /**
20
+ * Generate a new skill from a description
21
+ */
22
+ async generateSkillDraft(name, description, tools) {
23
+ const skillDir = path.join(getSkillsDir(), name);
24
+ await mkdir(skillDir, { recursive: true });
25
+ // Generate skill.json manifest
26
+ const manifest = {
27
+ name,
28
+ version: '0.1.0',
29
+ description,
30
+ tools,
31
+ permissions: {
32
+ required: this.inferPermissions(tools),
33
+ },
34
+ entrypoint: 'prompt.md',
35
+ state: 'draft',
36
+ };
37
+ await writeFile(path.join(skillDir, 'skill.json'), JSON.stringify(manifest, null, 2) + '\n', 'utf-8');
38
+ // Generate prompt.md
39
+ const prompt = this.generatePrompt(name, description, tools);
40
+ await writeFile(path.join(skillDir, 'prompt.md'), prompt, 'utf-8');
41
+ return skillDir;
42
+ }
43
+ /**
44
+ * Validate a generated skill
45
+ */
46
+ async validateDraft(skillDir) {
47
+ const loader = new SkillLoader(this.config);
48
+ const skill = await loader.loadSkill(skillDir);
49
+ if (!skill) {
50
+ return { valid: false, errors: ['Failed to load skill'] };
51
+ }
52
+ const result = await validateSkill(skill);
53
+ return { valid: result.valid, errors: [...result.errors, ...result.warnings] };
54
+ }
55
+ // ─── Private ───
56
+ inferPermissions(tools) {
57
+ const perms = new Set();
58
+ for (const tool of tools) {
59
+ if (tool.startsWith('fs.read') || tool === 'fs.list' || tool === 'fs.search') {
60
+ perms.add('filesystem.read');
61
+ }
62
+ if (tool === 'fs.write' || tool === 'fs.patch') {
63
+ perms.add('filesystem.write');
64
+ }
65
+ if (tool === 'cmd.run') {
66
+ perms.add('exec');
67
+ }
68
+ if (tool.startsWith('git.')) {
69
+ perms.add('filesystem.read');
70
+ }
71
+ if (tool === 'git.commit') {
72
+ perms.add('exec');
73
+ }
74
+ }
75
+ return Array.from(perms);
76
+ }
77
+ generatePrompt(name, description, tools) {
78
+ return `# ${name}
79
+
80
+ ## Description
81
+ ${description}
82
+
83
+ ## Available Tools
84
+ ${tools.map((t) => `- \`${t}\``).join('\n')}
85
+
86
+ ## Instructions
87
+ You are a skill that accomplishes the following goal:
88
+ ${description}
89
+
90
+ Use the available tools to complete this task.
91
+ Follow these guidelines:
92
+ 1. Plan your approach before taking action
93
+ 2. Verify your work after each step
94
+ 3. Handle errors gracefully
95
+ 4. Report your progress clearly
96
+
97
+ ## Input Variables
98
+ {{input}}
99
+
100
+ ## Completion Criteria
101
+ - Task described above is complete
102
+ - All outputs are verified
103
+ - No errors remain
104
+ `;
105
+ }
106
+ }
107
+ //# sourceMappingURL=generator.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"generator.js","sourceRoot":"","sources":["../../../src/self-extend/generator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEjD,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAGlD;;;;;;;GAOG;AACH,MAAM,OAAO,cAAc;IACf,MAAM,CAAc;IAE5B,YAAY,MAAmB;QAC3B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CACpB,IAAY,EACZ,WAAmB,EACnB,KAAe;QAEf,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,IAAI,CAAC,CAAC;QACjD,MAAM,KAAK,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE3C,+BAA+B;QAC/B,MAAM,QAAQ,GAAkB;YAC5B,IAAI;YACJ,OAAO,EAAE,OAAO;YAChB,WAAW;YACX,KAAK;YACL,WAAW,EAAE;gBACT,QAAQ,EAAE,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC;aACzC;YACD,UAAU,EAAE,WAAW;YACvB,KAAK,EAAE,OAAO;SACA,CAAC;QAEnB,MAAM,SAAS,CACX,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,EACjC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EACxC,OAAO,CACV,CAAC;QAEF,qBAAqB;QACrB,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;QAC7D,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAEnE,OAAO,QAAQ,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,QAAgB;QAChC,MAAM,MAAM,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5C,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC/C,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,sBAAsB,CAAC,EAAE,CAAC;QAC9D,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;QAC1C,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;IACnF,CAAC;IAED,kBAAkB;IAEV,gBAAgB,CAAC,KAAe;QACpC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;QAChC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACvB,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;gBAC3E,KAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YACjC,CAAC;YACD,IAAI,IAAI,KAAK,UAAU,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;gBAC7C,KAAK,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YAClC,CAAC;YACD,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;gBACrB,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACtB,CAAC;YACD,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC1B,KAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YACjC,CAAC;YACD,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;gBACxB,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACtB,CAAC;QACL,CAAC;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7B,CAAC;IAEO,cAAc,CAAC,IAAY,EAAE,WAAmB,EAAE,KAAe;QACrE,OAAO,KAAK,IAAI;;;EAGtB,WAAW;;;EAGX,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;;;;EAIzC,WAAW;;;;;;;;;;;;;;;;CAgBZ,CAAC;IACE,CAAC;CACJ"}
@@ -0,0 +1,5 @@
1
+ /**
2
+ * Version bump and changelog for self-generated skills
3
+ */
4
+ export declare function bumpVersion(skillDir: string, bumpType?: 'patch' | 'minor' | 'major'): Promise<string>;
5
+ //# sourceMappingURL=publisher.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"publisher.d.ts","sourceRoot":"","sources":["../../../src/self-extend/publisher.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,wBAAsB,WAAW,CAC7B,QAAQ,EAAE,MAAM,EAChB,QAAQ,GAAE,OAAO,GAAG,OAAO,GAAG,OAAiB,GAChD,OAAO,CAAC,MAAM,CAAC,CAsCjB"}
@@ -0,0 +1,40 @@
1
+ import { readFile, writeFile, access } from 'node:fs/promises';
2
+ import path from 'node:path';
3
+ /**
4
+ * Version bump and changelog for self-generated skills
5
+ */
6
+ export async function bumpVersion(skillDir, bumpType = 'patch') {
7
+ const manifestPath = path.join(skillDir, 'skill.json');
8
+ const content = await readFile(manifestPath, 'utf-8');
9
+ const manifest = JSON.parse(content);
10
+ const [major, minor, patch] = manifest.version.split('.').map(Number);
11
+ let newVersion;
12
+ switch (bumpType) {
13
+ case 'major':
14
+ newVersion = `${major + 1}.0.0`;
15
+ break;
16
+ case 'minor':
17
+ newVersion = `${major}.${minor + 1}.0`;
18
+ break;
19
+ case 'patch':
20
+ default:
21
+ newVersion = `${major}.${minor}.${patch + 1}`;
22
+ break;
23
+ }
24
+ manifest.version = newVersion;
25
+ await writeFile(manifestPath, JSON.stringify(manifest, null, 2) + '\n', 'utf-8');
26
+ // Update changelog
27
+ const changelogPath = path.join(skillDir, 'CHANGELOG.md');
28
+ const date = new Date().toISOString().split('T')[0];
29
+ const entry = `\n## ${newVersion} (${date})\n\n- Version bump\n`;
30
+ try {
31
+ await access(changelogPath);
32
+ const existing = await readFile(changelogPath, 'utf-8');
33
+ await writeFile(changelogPath, entry + existing, 'utf-8');
34
+ }
35
+ catch {
36
+ await writeFile(changelogPath, `# Changelog\n${entry}`, 'utf-8');
37
+ }
38
+ return newVersion;
39
+ }
40
+ //# sourceMappingURL=publisher.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"publisher.js","sourceRoot":"","sources":["../../../src/self-extend/publisher.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC/D,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC7B,QAAgB,EAChB,WAAwC,OAAO;IAE/C,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IACvD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAErC,MAAM,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACtE,IAAI,UAAkB,CAAC;IAEvB,QAAQ,QAAQ,EAAE,CAAC;QACf,KAAK,OAAO;YACR,UAAU,GAAG,GAAG,KAAK,GAAG,CAAC,MAAM,CAAC;YAChC,MAAM;QACV,KAAK,OAAO;YACR,UAAU,GAAG,GAAG,KAAK,IAAI,KAAK,GAAG,CAAC,IAAI,CAAC;YACvC,MAAM;QACV,KAAK,OAAO,CAAC;QACb;YACI,UAAU,GAAG,GAAG,KAAK,IAAI,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YAC9C,MAAM;IACd,CAAC;IAED,QAAQ,CAAC,OAAO,GAAG,UAAU,CAAC;IAC9B,MAAM,SAAS,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IAEjF,mBAAmB;IACnB,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAC1D,MAAM,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACpD,MAAM,KAAK,GAAG,QAAQ,UAAU,KAAK,IAAI,uBAAuB,CAAC;IAEjE,IAAI,CAAC;QACD,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QAC5B,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACxD,MAAM,SAAS,CAAC,aAAa,EAAE,KAAK,GAAG,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC9D,CAAC;IAAC,MAAM,CAAC;QACL,MAAM,SAAS,CAAC,aAAa,EAAE,gBAAgB,KAAK,EAAE,EAAE,OAAO,CAAC,CAAC;IACrE,CAAC;IAED,OAAO,UAAU,CAAC;AACtB,CAAC"}
@@ -0,0 +1,10 @@
1
+ /**
2
+ * Sandbox for running skill validators safely
3
+ * Placeholder for Phase 3 — will add proper sandboxing
4
+ */
5
+ export declare function runInSandbox(command: string, cwd: string, timeout?: number): Promise<{
6
+ exitCode: number;
7
+ stdout: string;
8
+ stderr: string;
9
+ }>;
10
+ //# sourceMappingURL=sandbox.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"sandbox.d.ts","sourceRoot":"","sources":["../../../src/self-extend/sandbox.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,wBAAsB,YAAY,CAC9B,OAAO,EAAE,MAAM,EACf,GAAG,EAAE,MAAM,EACX,OAAO,GAAE,MAAc,GACxB,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CAoB/D"}
@@ -0,0 +1,22 @@
1
+ /**
2
+ * Sandbox for running skill validators safely
3
+ * Placeholder for Phase 3 — will add proper sandboxing
4
+ */
5
+ export async function runInSandbox(command, cwd, timeout = 30000) {
6
+ const { execFile } = await import('node:child_process');
7
+ const { promisify } = await import('node:util');
8
+ const execFileAsync = promisify(execFile);
9
+ try {
10
+ const { stdout, stderr } = await execFileAsync(command.split(' ')[0], command.split(' ').slice(1), { cwd, timeout, shell: true });
11
+ return { exitCode: 0, stdout: stdout.toString(), stderr: stderr.toString() };
12
+ }
13
+ catch (err) {
14
+ const error = err;
15
+ return {
16
+ exitCode: error.code ?? 1,
17
+ stdout: error.stdout?.toString() ?? '',
18
+ stderr: error.stderr?.toString() ?? '',
19
+ };
20
+ }
21
+ }
22
+ //# sourceMappingURL=sandbox.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../../../src/self-extend/sandbox.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAC9B,OAAe,EACf,GAAW,EACX,UAAkB,KAAK;IAEvB,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;IACxD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;IAChD,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IAE1C,IAAI,CAAC;QACD,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAC1C,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EACrB,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAC3B,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAChC,CAAC;QACF,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IACjF,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,MAAM,KAAK,GAAG,GAA0D,CAAC;QACzE,OAAO;YACH,QAAQ,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;YACzB,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE;YACtC,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE;SACzC,CAAC;IACN,CAAC;AACL,CAAC"}
@@ -0,0 +1,15 @@
1
+ /**
2
+ * Skill lockfile management (Phase 3)
3
+ */
4
+ export interface LockfileEntry {
5
+ name: string;
6
+ version: string;
7
+ hash: string;
8
+ installedAt: string;
9
+ }
10
+ export declare class LockfileManager {
11
+ read(): Promise<LockfileEntry[]>;
12
+ write(_entries: LockfileEntry[]): Promise<void>;
13
+ addEntry(_entry: LockfileEntry): Promise<void>;
14
+ }
15
+ //# sourceMappingURL=lockfile.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"lockfile.d.ts","sourceRoot":"","sources":["../../../../src/skills/hub/lockfile.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,aAAa;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;CACvB;AAED,qBAAa,eAAe;IAClB,IAAI,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;IAKhC,KAAK,CAAC,QAAQ,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/C,QAAQ,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;CAGvD"}
@@ -0,0 +1,13 @@
1
+ export class LockfileManager {
2
+ async read() {
3
+ // Phase 3
4
+ return [];
5
+ }
6
+ async write(_entries) {
7
+ // Phase 3
8
+ }
9
+ async addEntry(_entry) {
10
+ // Phase 3
11
+ }
12
+ }
13
+ //# sourceMappingURL=lockfile.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"lockfile.js","sourceRoot":"","sources":["../../../../src/skills/hub/lockfile.ts"],"names":[],"mappings":"AAUA,MAAM,OAAO,eAAe;IACxB,KAAK,CAAC,IAAI;QACN,UAAU;QACV,OAAO,EAAE,CAAC;IACd,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,QAAyB;QACjC,UAAU;IACd,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,MAAqB;QAChC,UAAU;IACd,CAAC;CACJ"}
@@ -0,0 +1,7 @@
1
+ /**
2
+ * Skill publisher (Phase 3)
3
+ */
4
+ export declare class SkillPublisher {
5
+ publish(_skillDir: string, _registryUrl: string): Promise<void>;
6
+ }
7
+ //# sourceMappingURL=publisher.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"publisher.d.ts","sourceRoot":"","sources":["../../../../src/skills/hub/publisher.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,qBAAa,cAAc;IACjB,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAIxE"}
@@ -0,0 +1,10 @@
1
+ /**
2
+ * Skill publisher (Phase 3)
3
+ */
4
+ export class SkillPublisher {
5
+ async publish(_skillDir, _registryUrl) {
6
+ // Phase 3
7
+ console.log('Skill publishing not yet available');
8
+ }
9
+ }
10
+ //# sourceMappingURL=publisher.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"publisher.js","sourceRoot":"","sources":["../../../../src/skills/hub/publisher.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,OAAO,cAAc;IACvB,KAAK,CAAC,OAAO,CAAC,SAAiB,EAAE,YAAoB;QACjD,UAAU;QACV,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;IACtD,CAAC;CACJ"}
@@ -0,0 +1,16 @@
1
+ /**
2
+ * Skill Hub registry client (Phase 3)
3
+ * Handles remote skill installation and publishing
4
+ */
5
+ export declare class RegistryClient {
6
+ readonly baseUrl: string;
7
+ constructor(baseUrl: string);
8
+ search(query: string): Promise<{
9
+ name: string;
10
+ version: string;
11
+ description: string;
12
+ }[]>;
13
+ install(name: string, version?: string): Promise<void>;
14
+ publish(skillDir: string): Promise<void>;
15
+ }
16
+ //# sourceMappingURL=registry.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../../../src/skills/hub/registry.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,qBAAa,cAAc;aACK,OAAO,EAAE,MAAM;gBAAf,OAAO,EAAE,MAAM;IAErC,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IAMxF,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAKtD,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAIjD"}