@pythonluvr/openwar 0.4.0

package/dist/sandbox/host-allowlist.js

@@ -0,0 +1,85 @@
+// HTTP host allowlist. When ~/.openwar/http-allow.json exists, http_fetch
+// rejects any host not in the list before opening a socket. When the file
+// is missing, the http tool is unrestricted (default behavior).
+//
+// File format: a JSON array of strings. Each entry is either an exact host
+// or a wildcard like "*.example.com" (matches example.com AND any subdomain).
+// Comparison is case-insensitive.
+import { readFile } from "node:fs/promises";
+export class HostAllowlistError extends Error {
+    code = "HOST_ALLOWLIST_MALFORMED";
+    constructor(message) {
+        super(message);
+        this.name = "HostAllowlistError";
+    }
+}
+// Load from a JSON file. Returns null when the file does not exist.
+// Throws HostAllowlistError when the file exists but is malformed; callers
+// should treat that as fail-closed (deny everything).
+export async function loadHostAllowlist(path) {
+    let content;
+    try {
+        content = await readFile(path, "utf8");
+    }
+    catch (err) {
+        const code = err.code;
+        if (code === "ENOENT")
+            return null;
+        throw err;
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(content);
+    }
+    catch (err) {
+        throw new HostAllowlistError(`invalid JSON in ${path}: ${err.message}`);
+    }
+    if (!Array.isArray(parsed)) {
+        throw new HostAllowlistError(`${path} must contain a JSON array of host strings`);
+    }
+    return buildAllowlist(parsed);
+}
+// Construct an allowlist from an array of strings. Exposed for tests and
+// for callers that load the list from somewhere other than disk.
+export function buildAllowlist(entries) {
+    const hosts = new Set();
+    const wildcardSuffixes = [];
+    const wildcardBases = new Set();
+    for (const entry of entries) {
+        if (typeof entry !== "string") {
+            throw new HostAllowlistError(`non-string entry in allowlist: ${JSON.stringify(entry)}`);
+        }
+        const trimmed = entry.trim().toLowerCase();
+        if (trimmed.length === 0)
+            continue;
+        if (trimmed.startsWith("*.")) {
+            const base = trimmed.slice(2);
+            if (base.length === 0) {
+                throw new HostAllowlistError(`wildcard entry "${entry}" has no base host`);
+            }
+            wildcardSuffixes.push("." + base);
+            wildcardBases.add(base);
+        }
+        else {
+            hosts.add(trimmed);
+        }
+    }
+    return { hosts, wildcardSuffixes, wildcardBases };
+}
+// Returns true when the hostname is permitted. A null allowlist (file
+// missing) is permissive by design.
+export function isHostAllowed(allowlist, hostname) {
+    if (!allowlist)
+        return true;
+    const host = hostname.toLowerCase();
+    if (allowlist.hosts.has(host))
+        return true;
+    if (allowlist.wildcardBases.has(host))
+        return true;
+    for (const suffix of allowlist.wildcardSuffixes) {
+        if (host.endsWith(suffix))
+            return true;
+    }
+    return false;
+}
+//# sourceMappingURL=host-allowlist.js.map

package/dist/sandbox/host-allowlist.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"host-allowlist.js","sourceRoot":"","sources":["../../src/sandbox/host-allowlist.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,0EAA0E;AAC1E,gEAAgE;AAChE,EAAE;AACF,2EAA2E;AAC3E,8EAA8E;AAC9E,kCAAkC;AAElC,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAW5C,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IAClC,IAAI,GAAG,0BAAmC,CAAC;IACpD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF;AAED,oEAAoE;AACpE,2EAA2E;AAC3E,sDAAsD;AACtD,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,IAAY;IAClD,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACzC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,GAAI,GAA6B,CAAC,IAAI,CAAC;QACjD,IAAI,IAAI,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QACnC,MAAM,GAAG,CAAC;IACZ,CAAC;IACD,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,kBAAkB,CAAC,mBAAmB,IAAI,KAAM,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IACrF,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,kBAAkB,CAAC,GAAG,IAAI,4CAA4C,CAAC,CAAC;IACpF,CAAC;IACD,OAAO,cAAc,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED,yEAAyE;AACzE,iEAAiE;AACjE,MAAM,UAAU,cAAc,CAAC,OAAkB;IAC/C,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;IAChC,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;IACxC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,MAAM,IAAI,kBAAkB,CAAC,kCAAkC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC1F,CAAC;QACD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC3C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QACnC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC9B,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACtB,MAAM,IAAI,kBAAkB,CAAC,mBAAmB,KAAK,oBAAoB,CAAC,CAAC;YAC7E,CAAC;YACD,gBAAgB,CAAC,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YAClC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,aAAa,EAAE,CAAC;AACpD,CAAC;AAED,sEAAsE;AACtE,oCAAoC;AACpC,MAAM,UAAU,aAAa,CAAC,SAA+B,EAAE,QAAgB;IAC7E,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAC5B,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IACpC,IAAI,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAC3C,IAAI,SAAS,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACnD,KAAK,MAAM,MAAM,IAAI,SAAS,CAAC,gBAAgB,EAAE,CAAC;QAChD,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,OAAO,IAAI,CAAC;IACzC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/sandbox/output-cap.d.ts

@@ -0,0 +1,9 @@
+import type { Readable } from "node:stream";
+export interface CapResult {
+    content: Buffer;
+    truncated: boolean;
+    totalBytesSeen: number;
+}
+export declare function capStream(stream: Readable, maxBytes: number): Promise<CapResult>;
+export declare function capChunks(chunks: Iterable<Buffer | string>, maxBytes: number): CapResult;
+//# sourceMappingURL=output-cap.d.ts.map

package/dist/sandbox/output-cap.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"output-cap.d.ts","sourceRoot":"","sources":["../../src/sandbox/output-cap.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAE5C,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,OAAO,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,wBAAsB,SAAS,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CA8BtF;AAID,wBAAgB,SAAS,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,QAAQ,EAAE,MAAM,GAAG,SAAS,CAwBxF"}

package/dist/sandbox/output-cap.js

@@ -0,0 +1,66 @@
+// Output cap for stream-producing tools. Reads from a readable stream,
+// accumulating bytes up to maxBytes, then continues draining without
+// storing further data so the producer can finish cleanly.
+//
+// Used by shell_exec for stdout/stderr and http_fetch for response body.
+export async function capStream(stream, maxBytes) {
+    if (maxBytes < 0)
+        throw new Error(`maxBytes must be >= 0 (got ${maxBytes})`);
+    const chunks = [];
+    let stored = 0;
+    let totalSeen = 0;
+    let truncated = false;
+    for await (const chunk of stream) {
+        const buf = Buffer.isBuffer(chunk)
+            ? chunk
+            : typeof chunk === "string"
+                ? Buffer.from(chunk)
+                : Buffer.from(chunk);
+        totalSeen += buf.length;
+        if (stored >= maxBytes) {
+            truncated = true;
+            continue;
+        }
+        const remaining = maxBytes - stored;
+        if (buf.length <= remaining) {
+            chunks.push(buf);
+            stored += buf.length;
+        }
+        else {
+            chunks.push(buf.subarray(0, remaining));
+            stored = maxBytes;
+            truncated = true;
+        }
+    }
+    return { content: Buffer.concat(chunks), truncated, totalBytesSeen: totalSeen };
+}
+// Same shape but for an iterable of Buffer chunks (no stream backpressure).
+// Useful for tests and synchronous-ish producers.
+export function capChunks(chunks, maxBytes) {
+    if (maxBytes < 0)
+        throw new Error(`maxBytes must be >= 0 (got ${maxBytes})`);
+    const out = [];
+    let stored = 0;
+    let totalSeen = 0;
+    let truncated = false;
+    for (const chunk of chunks) {
+        const buf = typeof chunk === "string" ? Buffer.from(chunk) : chunk;
+        totalSeen += buf.length;
+        if (stored >= maxBytes) {
+            truncated = true;
+            continue;
+        }
+        const remaining = maxBytes - stored;
+        if (buf.length <= remaining) {
+            out.push(buf);
+            stored += buf.length;
+        }
+        else {
+            out.push(buf.subarray(0, remaining));
+            stored = maxBytes;
+            truncated = true;
+        }
+    }
+    return { content: Buffer.concat(out), truncated, totalBytesSeen: totalSeen };
+}
+//# sourceMappingURL=output-cap.js.map

package/dist/sandbox/output-cap.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"output-cap.js","sourceRoot":"","sources":["../../src/sandbox/output-cap.ts"],"names":[],"mappings":"AAAA,uEAAuE;AACvE,qEAAqE;AACrE,2DAA2D;AAC3D,EAAE;AACF,yEAAyE;AAUzE,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,MAAgB,EAAE,QAAgB;IAChE,IAAI,QAAQ,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,QAAQ,GAAG,CAAC,CAAC;IAC7E,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,SAAS,GAAG,KAAK,CAAC;IAEtB,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QACjC,MAAM,GAAG,GAAW,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;YACxC,CAAC,CAAC,KAAK;YACP,CAAC,CAAC,OAAO,KAAK,KAAK,QAAQ;gBAC3B,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;gBACpB,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAmB,CAAC,CAAC;QACrC,SAAS,IAAI,GAAG,CAAC,MAAM,CAAC;QACxB,IAAI,MAAM,IAAI,QAAQ,EAAE,CAAC;YACvB,SAAS,GAAG,IAAI,CAAC;YACjB,SAAS;QACX,CAAC;QACD,MAAM,SAAS,GAAG,QAAQ,GAAG,MAAM,CAAC;QACpC,IAAI,GAAG,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACjB,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;YACxC,MAAM,GAAG,QAAQ,CAAC;YAClB,SAAS,GAAG,IAAI,CAAC;QACnB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,SAAS,EAAE,cAAc,EAAE,SAAS,EAAE,CAAC;AAClF,CAAC;AAED,4EAA4E;AAC5E,kDAAkD;AAClD,MAAM,UAAU,SAAS,CAAC,MAAiC,EAAE,QAAgB;IAC3E,IAAI,QAAQ,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,QAAQ,GAAG,CAAC,CAAC;IAC7E,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,SAAS,GAAG,KAAK,CAAC;IACtB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QACnE,SAAS,IAAI,GAAG,CAAC,MAAM,CAAC;QACxB,IAAI,MAAM,IAAI,QAAQ,EAAE,CAAC;YACvB,SAAS,GAAG,IAAI,CAAC;YACjB,SAAS;QACX,CAAC;QACD,MAAM,SAAS,GAAG,QAAQ,GAAG,MAAM,CAAC;QACpC,IAAI,GAAG,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;YAC5B,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACd,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;YACrC,MAAM,GAAG,QAAQ,CAAC;YAClB,SAAS,GAAG,IAAI,CAAC;QACnB,CAAC;IACH,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,cAAc,EAAE,SAAS,EAAE,CAAC;AAC/E,CAAC"}

package/dist/sandbox/timeout.d.ts

@@ -0,0 +1,7 @@
+export declare class TimeoutError extends Error {
+    readonly afterMs: number;
+    readonly code: "TIMEOUT";
+    constructor(afterMs: number);
+}
+export declare function withTimeout<T>(promise: Promise<T>, ms: number, signal?: AbortSignal): Promise<T>;
+//# sourceMappingURL=timeout.d.ts.map

package/dist/sandbox/timeout.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"timeout.d.ts","sourceRoot":"","sources":["../../src/sandbox/timeout.ts"],"names":[],"mappings":"AAOA,qBAAa,YAAa,SAAQ,KAAK;aAET,OAAO,EAAE,MAAM;IAD3C,QAAQ,CAAC,IAAI,EAAG,SAAS,CAAU;gBACP,OAAO,EAAE,MAAM;CAI5C;AAID,wBAAgB,WAAW,CAAC,CAAC,EAC3B,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,EACnB,EAAE,EAAE,MAAM,EACV,MAAM,CAAC,EAAE,WAAW,GACnB,OAAO,CAAC,CAAC,CAAC,CA0CZ"}

package/dist/sandbox/timeout.js

@@ -0,0 +1,52 @@
+// Generic timeout wrapper for any async tool operation. Wraps a promise with
+// a deadline; rejects with TimeoutError if exceeded.
+//
+// For child_process kills, see src/sandbox/proc-kill.ts (separate concern:
+// timing out a process is more than just rejecting a promise; the process
+// needs SIGTERM then SIGKILL).
+export class TimeoutError extends Error {
+    afterMs;
+    code = "TIMEOUT";
+    constructor(afterMs) {
+        super(`operation exceeded ${afterMs}ms`);
+        this.afterMs = afterMs;
+        this.name = "TimeoutError";
+    }
+}
+// Wrap a promise with a timeout. Optional AbortSignal lets callers cancel
+// independently. ms <= 0 disables the timeout (returns the promise as-is).
+export function withTimeout(promise, ms, signal) {
+    if (ms <= 0)
+        return promise;
+    return new Promise((resolveOuter, rejectOuter) => {
+        let timer = setTimeout(() => {
+            timer = null;
+            rejectOuter(new TimeoutError(ms));
+        }, ms);
+        const clearTimer = () => {
+            if (timer) {
+                clearTimeout(timer);
+                timer = null;
+            }
+        };
+        if (signal) {
+            if (signal.aborted) {
+                clearTimer();
+                rejectOuter(signal.reason ?? new Error("aborted"));
+                return;
+            }
+            signal.addEventListener("abort", () => {
+                clearTimer();
+                rejectOuter(signal.reason ?? new Error("aborted"));
+            }, { once: true });
+        }
+        promise.then((value) => {
+            clearTimer();
+            resolveOuter(value);
+        }, (err) => {
+            clearTimer();
+            rejectOuter(err);
+        });
+    });
+}
+//# sourceMappingURL=timeout.js.map

package/dist/sandbox/timeout.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"timeout.js","sourceRoot":"","sources":["../../src/sandbox/timeout.ts"],"names":[],"mappings":"AAAA,6EAA6E;AAC7E,qDAAqD;AACrD,EAAE;AACF,2EAA2E;AAC3E,0EAA0E;AAC1E,+BAA+B;AAE/B,MAAM,OAAO,YAAa,SAAQ,KAAK;IAET;IADnB,IAAI,GAAG,SAAkB,CAAC;IACnC,YAA4B,OAAe;QACzC,KAAK,CAAC,sBAAsB,OAAO,IAAI,CAAC,CAAC;QADf,YAAO,GAAP,OAAO,CAAQ;QAEzC,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;IAC7B,CAAC;CACF;AAED,0EAA0E;AAC1E,2EAA2E;AAC3E,MAAM,UAAU,WAAW,CACzB,OAAmB,EACnB,EAAU,EACV,MAAoB;IAEpB,IAAI,EAAE,IAAI,CAAC;QAAE,OAAO,OAAO,CAAC;IAC5B,OAAO,IAAI,OAAO,CAAI,CAAC,YAAY,EAAE,WAAW,EAAE,EAAE;QAClD,IAAI,KAAK,GAA0B,UAAU,CAAC,GAAG,EAAE;YACjD,KAAK,GAAG,IAAI,CAAC;YACb,WAAW,CAAC,IAAI,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;QACpC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEP,MAAM,UAAU,GAAG,GAAG,EAAE;YACtB,IAAI,KAAK,EAAE,CAAC;gBACV,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,KAAK,GAAG,IAAI,CAAC;YACf,CAAC;QACH,CAAC,CAAC;QAEF,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,UAAU,EAAE,CAAC;gBACb,WAAW,CAAC,MAAM,CAAC,MAAM,IAAI,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;gBACnD,OAAO;YACT,CAAC;YACD,MAAM,CAAC,gBAAgB,CACrB,OAAO,EACP,GAAG,EAAE;gBACH,UAAU,EAAE,CAAC;gBACb,WAAW,CAAC,MAAM,CAAC,MAAM,IAAI,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;YACrD,CAAC,EACD,EAAE,IAAI,EAAE,IAAI,EAAE,CACf,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,IAAI,CACV,CAAC,KAAK,EAAE,EAAE;YACR,UAAU,EAAE,CAAC;YACb,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC,EACD,CAAC,GAAG,EAAE,EAAE;YACN,UAAU,EAAE,CAAC;YACb,WAAW,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/sandbox/types.d.ts

@@ -0,0 +1,18 @@
+import type { HostAllowlist } from "./host-allowlist.js";
+export interface SandboxContextFields {
+    workdir: string;
+    defaultTimeoutMs: number;
+    defaultMaxOutputBytes: number;
+    httpAllowlist: HostAllowlist | null;
+    shellEnabled: boolean;
+}
+export declare class SandboxContext {
+    readonly workdir: string;
+    readonly defaultTimeoutMs: number;
+    readonly defaultMaxOutputBytes: number;
+    readonly httpAllowlist: HostAllowlist | null;
+    readonly shellEnabled: boolean;
+    private constructor();
+    static _create(fields: SandboxContextFields): SandboxContext;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/sandbox/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/sandbox/types.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEzD,MAAM,WAAW,oBAAoB;IAEnC,OAAO,EAAE,MAAM,CAAC;IAEhB,gBAAgB,EAAE,MAAM,CAAC;IAEzB,qBAAqB,EAAE,MAAM,CAAC;IAE9B,aAAa,EAAE,aAAa,GAAG,IAAI,CAAC;IAGpC,YAAY,EAAE,OAAO,CAAC;CACvB;AAED,qBAAa,cAAc;IACzB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,qBAAqB,EAAE,MAAM,CAAC;IACvC,QAAQ,CAAC,aAAa,EAAE,aAAa,GAAG,IAAI,CAAC;IAC7C,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC;IAE/B,OAAO;IAYP,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,oBAAoB,GAAG,cAAc;CAG7D"}

package/dist/sandbox/types.js

@@ -0,0 +1,27 @@
+// SandboxContext. Carried by every tool execution. Holds the workdir,
+// timeout defaults, output caps, and HTTP allowlist. Tools take this as
+// an argument and cannot construct one themselves: the constructor is
+// private and the factory is named with a leading underscore to mark it
+// as runtime-internal.
+export class SandboxContext {
+    workdir;
+    defaultTimeoutMs;
+    defaultMaxOutputBytes;
+    httpAllowlist;
+    shellEnabled;
+    constructor(fields) {
+        this.workdir = fields.workdir;
+        this.defaultTimeoutMs = fields.defaultTimeoutMs;
+        this.defaultMaxOutputBytes = fields.defaultMaxOutputBytes;
+        this.httpAllowlist = fields.httpAllowlist;
+        this.shellEnabled = fields.shellEnabled;
+        Object.freeze(this);
+    }
+    // Runtime-internal factory. Not re-exported from src/index.ts. Tools that
+    // call this are reaching into sandbox internals on purpose; the convention
+    // is "if you find yourself importing _create, you are no longer a tool."
+    static _create(fields) {
+        return new SandboxContext(fields);
+    }
+}
+//# sourceMappingURL=types.js.map

package/dist/sandbox/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/sandbox/types.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,wEAAwE;AACxE,sEAAsE;AACtE,wEAAwE;AACxE,uBAAuB;AAkBvB,MAAM,OAAO,cAAc;IAChB,OAAO,CAAS;IAChB,gBAAgB,CAAS;IACzB,qBAAqB,CAAS;IAC9B,aAAa,CAAuB;IACpC,YAAY,CAAU;IAE/B,YAAoB,MAA4B;QAC9C,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,CAAC;QAChD,IAAI,CAAC,qBAAqB,GAAG,MAAM,CAAC,qBAAqB,CAAC;QAC1D,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC;QAC1C,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACtB,CAAC;IAED,0EAA0E;IAC1E,2EAA2E;IAC3E,yEAAyE;IACzE,MAAM,CAAC,OAAO,CAAC,MAA4B;QACzC,OAAO,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;IACpC,CAAC;CACF"}

package/dist/sandbox/workdir.d.ts

@@ -0,0 +1,9 @@
+export declare class PathEscapeError extends Error {
+    readonly attempted: string;
+    readonly workdir: string;
+    readonly code: "PATH_ESCAPE";
+    constructor(attempted: string, workdir: string);
+}
+export declare function resolvePathInWorkdir(workdir: string, requested: string): string;
+export declare function resolveAndRealpathInWorkdir(workdir: string, requested: string): Promise<string>;
+//# sourceMappingURL=workdir.d.ts.map

package/dist/sandbox/workdir.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"workdir.d.ts","sourceRoot":"","sources":["../../src/sandbox/workdir.ts"],"names":[],"mappings":"AAYA,qBAAa,eAAgB,SAAQ,KAAK;aAGtB,SAAS,EAAE,MAAM;aACjB,OAAO,EAAE,MAAM;IAHjC,QAAQ,CAAC,IAAI,EAAG,aAAa,CAAU;gBAErB,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM;CAKlC;AAqBD,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAY/E;AAMD,wBAAsB,2BAA2B,CAC/C,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC,CAmBjB"}

package/dist/sandbox/workdir.js

@@ -0,0 +1,83 @@
+// Workdir path resolution. Every filesystem-touching tool calls into this
+// before opening, reading, writing, or listing anything. Tools never resolve
+// paths themselves; they always go through resolvePathInWorkdir.
+//
+// Rejection rules:
+//   1. Absolute paths outside the workdir.
+//   2. Relative paths that resolve outside the workdir via ".." traversal.
+//   3. Symlinks whose realpath escapes the workdir.
+import { resolve, relative, isAbsolute, normalize, sep } from "node:path";
+import { realpath } from "node:fs/promises";
+export class PathEscapeError extends Error {
+    attempted;
+    workdir;
+    code = "PATH_ESCAPE";
+    constructor(attempted, workdir) {
+        super(`path "${attempted}" escapes workdir "${workdir}"`);
+        this.attempted = attempted;
+        this.workdir = workdir;
+        this.name = "PathEscapeError";
+    }
+}
+// On Windows, path comparison is case-insensitive. relative() handles this
+// correctly when both paths are absolute, but we double-check by examining
+// whether the relative path starts with "..".
+function escapesWorkdir(workdirAbs, resolvedAbs) {
+    const rel = relative(workdirAbs, resolvedAbs);
+    if (rel === "")
+        return false;
+    if (rel.startsWith(".."))
+        return true;
+    if (isAbsolute(rel))
+        return true;
+    // Defensive: a single "." segment can't escape, but a relative that
+    // somehow contains a leading separator should be rejected.
+    if (rel.startsWith(sep))
+        return true;
+    return false;
+}
+// Synchronous, no filesystem access. Resolves the requested path against the
+// workdir and rejects ".." traversal and absolute paths outside.
+//
+// Does NOT resolve symlinks; callers that need symlink protection use
+// resolveAndRealpathInWorkdir.
+export function resolvePathInWorkdir(workdir, requested) {
+    if (requested.indexOf("\0") !== -1) {
+        throw new PathEscapeError(requested, workdir);
+    }
+    const workdirAbs = resolve(workdir);
+    const resolved = isAbsolute(requested)
+        ? normalize(requested)
+        : resolve(workdirAbs, requested);
+    if (escapesWorkdir(workdirAbs, resolved)) {
+        throw new PathEscapeError(requested, workdir);
+    }
+    return resolved;
+}
+// Symlink-aware variant. Resolves the candidate path, then realpath's it
+// (and the workdir) to defeat symlink-based escapes. Returns the realpath
+// if the target exists; returns the non-realpath candidate (already inside
+// the workdir) if the target does not exist yet (caller may be creating it).
+export async function resolveAndRealpathInWorkdir(workdir, requested) {
+    const candidate = resolvePathInWorkdir(workdir, requested);
+    const workdirReal = await realpath(workdir).catch(() => resolve(workdir));
+    try {
+        const candidateReal = await realpath(candidate);
+        if (escapesWorkdir(workdirReal, candidateReal)) {
+            throw new PathEscapeError(requested, workdir);
+        }
+        return candidateReal;
+    }
+    catch (err) {
+        if (err instanceof PathEscapeError)
+            throw err;
+        const code = err.code;
+        if (code === "ENOENT") {
+            // Target does not exist yet. The candidate already passed the
+            // non-symlink check; let the caller create the file at that path.
+            return candidate;
+        }
+        throw err;
+    }
+}
+//# sourceMappingURL=workdir.js.map

package/dist/sandbox/workdir.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"workdir.js","sourceRoot":"","sources":["../../src/sandbox/workdir.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,6EAA6E;AAC7E,iEAAiE;AACjE,EAAE;AACF,mBAAmB;AACnB,2CAA2C;AAC3C,2EAA2E;AAC3E,oDAAoD;AAEpD,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,EAAE,MAAM,WAAW,CAAC;AAC1E,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,MAAM,OAAO,eAAgB,SAAQ,KAAK;IAGtB;IACA;IAHT,IAAI,GAAG,aAAsB,CAAC;IACvC,YACkB,SAAiB,EACjB,OAAe;QAE/B,KAAK,CAAC,SAAS,SAAS,sBAAsB,OAAO,GAAG,CAAC,CAAC;QAH1C,cAAS,GAAT,SAAS,CAAQ;QACjB,YAAO,GAAP,OAAO,CAAQ;QAG/B,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAChC,CAAC;CACF;AAED,2EAA2E;AAC3E,2EAA2E;AAC3E,8CAA8C;AAC9C,SAAS,cAAc,CAAC,UAAkB,EAAE,WAAmB;IAC7D,MAAM,GAAG,GAAG,QAAQ,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IAC9C,IAAI,GAAG,KAAK,EAAE;QAAE,OAAO,KAAK,CAAC;IAC7B,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACtC,IAAI,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACjC,oEAAoE;IACpE,2DAA2D;IAC3D,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACrC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,6EAA6E;AAC7E,iEAAiE;AACjE,EAAE;AACF,sEAAsE;AACtE,+BAA+B;AAC/B,MAAM,UAAU,oBAAoB,CAAC,OAAe,EAAE,SAAiB;IACrE,IAAI,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,eAAe,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAChD,CAAC;IACD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACpC,MAAM,QAAQ,GAAG,UAAU,CAAC,SAAS,CAAC;QACpC,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC;QACtB,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IACnC,IAAI,cAAc,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,eAAe,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,yEAAyE;AACzE,0EAA0E;AAC1E,2EAA2E;AAC3E,6EAA6E;AAC7E,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,OAAe,EACf,SAAiB;IAEjB,MAAM,SAAS,GAAG,oBAAoB,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAC3D,MAAM,WAAW,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1E,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,SAAS,CAAC,CAAC;QAChD,IAAI,cAAc,CAAC,WAAW,EAAE,aAAa,CAAC,EAAE,CAAC;YAC/C,MAAM,IAAI,eAAe,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,aAAa,CAAC;IACvB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,eAAe;YAAE,MAAM,GAAG,CAAC;QAC9C,MAAM,IAAI,GAAI,GAA6B,CAAC,IAAI,CAAC;QACjD,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtB,8DAA8D;YAC9D,kEAAkE;YAClE,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/state/index.d.ts

@@ -0,0 +1,4 @@
+export * from "./paths.js";
+export * from "./persist.js";
+export * from "./transcript.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/state/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/state/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,iBAAiB,CAAC"}

package/dist/state/index.js

@@ -0,0 +1,4 @@
+export * from "./paths.js";
+export * from "./persist.js";
+export * from "./transcript.js";
+//# sourceMappingURL=index.js.map

package/dist/state/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/state/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,iBAAiB,CAAC"}

package/dist/state/paths.d.ts

@@ -0,0 +1,5 @@
+export declare function openwarHome(): string;
+export declare function sessionsDir(): string;
+export declare function sessionFile(briefId: string): string;
+export declare function transcriptFile(briefId: string): string;
+//# sourceMappingURL=paths.d.ts.map

package/dist/state/paths.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"paths.d.ts","sourceRoot":"","sources":["../../src/state/paths.ts"],"names":[],"mappings":"AAGA,wBAAgB,WAAW,IAAI,MAAM,CAEpC;AAED,wBAAgB,WAAW,IAAI,MAAM,CAEpC;AAED,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEnD;AAED,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEtD"}

package/dist/state/paths.js

@@ -0,0 +1,18 @@
+import { homedir } from "node:os";
+import { join } from "node:path";
+export function openwarHome() {
+    return process.env.OPENWAR_HOME ?? join(homedir(), ".openwar");
+}
+export function sessionsDir() {
+    return join(openwarHome(), "sessions");
+}
+export function sessionFile(briefId) {
+    return join(sessionsDir(), `${sanitize(briefId)}.json`);
+}
+export function transcriptFile(briefId) {
+    return join(sessionsDir(), `${sanitize(briefId)}.transcript.jsonl`);
+}
+function sanitize(id) {
+    return id.replace(/[^A-Za-z0-9._-]/g, "_");
+}
+//# sourceMappingURL=paths.js.map

package/dist/state/paths.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"paths.js","sourceRoot":"","sources":["../../src/state/paths.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,MAAM,UAAU,WAAW;IACzB,OAAO,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,UAAU,CAAC,CAAC;AACjE,CAAC;AAED,MAAM,UAAU,WAAW;IACzB,OAAO,IAAI,CAAC,WAAW,EAAE,EAAE,UAAU,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,OAAe;IACzC,OAAO,IAAI,CAAC,WAAW,EAAE,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AAC1D,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,OAAe;IAC5C,OAAO,IAAI,CAAC,WAAW,EAAE,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;AACtE,CAAC;AAED,SAAS,QAAQ,CAAC,EAAU;IAC1B,OAAO,EAAE,CAAC,OAAO,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAC;AAC7C,CAAC"}

package/dist/state/persist.d.ts

@@ -0,0 +1,14 @@
+import type { SessionState } from "../types.js";
+export declare function ensureSessionsDir(): string;
+export declare function writeSession(state: SessionState): void;
+export declare function readSession(briefId: string): SessionState | null;
+export interface SessionIndexEntry {
+    brief_id: string;
+    project: string;
+    phase: string;
+    updated_at: string;
+    path: string;
+}
+export declare function listSessions(): SessionIndexEntry[];
+export declare function sessionExists(briefId: string): boolean;
+//# sourceMappingURL=persist.d.ts.map

package/dist/state/persist.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"persist.d.ts","sourceRoot":"","sources":["../../src/state/persist.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AA8EhD,wBAAgB,iBAAiB,IAAI,MAAM,CAI1C;AAED,wBAAgB,YAAY,CAAC,KAAK,EAAE,YAAY,GAAG,IAAI,CActD;AAED,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,YAAY,GAAG,IAAI,CAehE;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,wBAAgB,YAAY,IAAI,iBAAiB,EAAE,CAuBlD;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAQtD"}

package/dist/state/persist.js

@@ -0,0 +1,146 @@
+import { mkdirSync, readFileSync, writeFileSync, existsSync, readdirSync, statSync, renameSync, } from "node:fs";
+import { join } from "node:path";
+import { sessionsDir, sessionFile } from "./paths.js";
+const SCHEMA_VERSION = 3;
+// In-place migrations. Each `migrateVNtoVN+1` is idempotent on already-current
+// data and pure: it mutates the parsed object in place but returns the same
+// reference so callers can chain. v1 was pre-0.3 (no schema_version), v2 is
+// v0.3 (tool calls + session approvals on SessionMeta), v3 is v0.4
+// (coordinator state, plan, subtask states, role transcripts, cost, budgets).
+function migrateV1toV2(parsed) {
+    if ((parsed.schema_version ?? 1) >= 2)
+        return parsed;
+    if (!parsed.meta.session_approved_categories)
+        parsed.meta.session_approved_categories = [];
+    if (!parsed.meta.tool_calls)
+        parsed.meta.tool_calls = [];
+    parsed.schema_version = 2;
+    parsed.meta.schema_version = 2;
+    return parsed;
+}
+function migrateV2toV3(parsed) {
+    if ((parsed.schema_version ?? 2) >= 3)
+        return parsed;
+    const meta = parsed.meta;
+    if (meta.coordinator_state === undefined)
+        meta.coordinator_state = "init";
+    if (meta.plan === undefined)
+        meta.plan = null;
+    if (!meta.subtask_states)
+        meta.subtask_states = {};
+    if (!meta.role_transcripts)
+        meta.role_transcripts = {};
+    if (!meta.cost) {
+        meta.cost = {
+            tokens_used: 0,
+            wall_clock_ms: 0,
+            tool_calls: 0,
+            tool_calls_by_subtask: {},
+            started_at: meta.started_at ?? new Date().toISOString(),
+        };
+    }
+    // v2 sessions are single-agent; v3 default for a migrated v2 session is
+    // single-agent (active_roles: []). Multi-agent sessions started fresh on v3
+    // have this field populated by the runner.
+    if (!meta.active_roles)
+        meta.active_roles = [];
+    if (!meta.budgets) {
+        meta.budgets = {
+            max_tokens: 50_000,
+            max_wall_clock_minutes: 20,
+            max_tool_calls_per_subtask: 15,
+            max_retries_per_subtask: 3,
+        };
+    }
+    if (!meta.coordinator_events)
+        meta.coordinator_events = [];
+    parsed.schema_version = 3;
+    meta.schema_version = 3;
+    return parsed;
+}
+function migrate(parsed) {
+    if ((parsed.schema_version ?? 1) > SCHEMA_VERSION) {
+        throw new Error(`Session schema version ${parsed.schema_version} is newer than this runtime (expects ${SCHEMA_VERSION}). Upgrade openwar.`);
+    }
+    parsed = migrateV1toV2(parsed);
+    parsed = migrateV2toV3(parsed);
+    return parsed;
+}
+export function ensureSessionsDir() {
+    const dir = sessionsDir();
+    mkdirSync(dir, { recursive: true });
+    return dir;
+}
+export function writeSession(state) {
+    ensureSessionsDir();
+    const path = sessionFile(state.meta.brief_id);
+    const payload = { schema_version: SCHEMA_VERSION, ...state };
+    // Write atomically: write to .tmp then rename.
+    const tmp = `${path}.tmp`;
+    writeFileSync(tmp, JSON.stringify(payload, null, 2), "utf8");
+    // On Windows rename over an existing file is supported when the target is closed.
+    // Fall back to a plain write on EPERM.
+    try {
+        renameSync(tmp, path);
+    }
+    catch {
+        writeFileSync(path, JSON.stringify(payload, null, 2), "utf8");
+    }
+}
+export function readSession(briefId) {
+    const path = sessionFile(briefId);
+    if (!existsSync(path))
+        return null;
+    const raw = readFileSync(path, "utf8");
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch (err) {
+        throw new Error(`Session file at ${path} is not valid JSON: ${err.message}`);
+    }
+    parsed = migrate(parsed);
+    // Discard the schema_version field at the API boundary.
+    const { schema_version: _v, ...rest } = parsed;
+    void _v;
+    return rest;
+}
+export function listSessions() {
+    const dir = sessionsDir();
+    if (!existsSync(dir))
+        return [];
+    const entries = [];
+    for (const file of readdirSync(dir)) {
+        if (!file.endsWith(".json"))
+            continue;
+        const path = join(dir, file);
+        try {
+            const raw = readFileSync(path, "utf8");
+            const parsed = JSON.parse(raw);
+            entries.push({
+                brief_id: parsed.meta.brief_id,
+                project: parsed.meta.project,
+                phase: parsed.meta.phase,
+                updated_at: parsed.meta.updated_at,
+                path,
+            });
+        }
+        catch {
+            // Skip unreadable files; do not abort the listing.
+        }
+    }
+    entries.sort((a, b) => b.updated_at.localeCompare(a.updated_at));
+    return entries;
+}
+export function sessionExists(briefId) {
+    const path = sessionFile(briefId);
+    if (!existsSync(path))
+        return false;
+    try {
+        return statSync(path).isFile();
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=persist.js.map

package/dist/state/persist.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"persist.js","sourceRoot":"","sources":["../../src/state/persist.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,EACT,YAAY,EACZ,aAAa,EACb,UAAU,EACV,WAAW,EACX,QAAQ,EACR,UAAU,GACX,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEtD,MAAM,cAAc,GAAG,CAAC,CAAC;AAMzB,+EAA+E;AAC/E,4EAA4E;AAC5E,4EAA4E;AAC5E,mEAAmE;AACnE,8EAA8E;AAE9E,SAAS,aAAa,CAAC,MAAoD;IACzE,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,CAAC,CAAC,IAAI,CAAC;QAAE,OAAO,MAAM,CAAC;IACrD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2BAA2B;QAAE,MAAM,CAAC,IAAI,CAAC,2BAA2B,GAAG,EAAE,CAAC;IAC3F,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU;QAAE,MAAM,CAAC,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;IACzD,MAAM,CAAC,cAAc,GAAG,CAAC,CAAC;IAC1B,MAAM,CAAC,IAAI,CAAC,cAAc,GAAG,CAAC,CAAC;IAC/B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,aAAa,CAAC,MAAoD;IACzE,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,CAAC,CAAC,IAAI,CAAC;QAAE,OAAO,MAAM,CAAC;IACrD,MAAM,IAAI,GAAG,MAAM,CAAC,IASnB,CAAC;IACF,IAAI,IAAI,CAAC,iBAAiB,KAAK,SAAS;QAAE,IAAI,CAAC,iBAAiB,GAAG,MAAM,CAAC;IAC1E,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS;QAAE,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IAC9C,IAAI,CAAC,IAAI,CAAC,cAAc;QAAE,IAAI,CAAC,cAAc,GAAG,EAAE,CAAC;IACnD,IAAI,CAAC,IAAI,CAAC,gBAAgB;QAAE,IAAI,CAAC,gBAAgB,GAAG,EAAE,CAAC;IACvD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACf,IAAI,CAAC,IAAI,GAAG;YACV,WAAW,EAAE,CAAC;YACd,aAAa,EAAE,CAAC;YAChB,UAAU,EAAE,CAAC;YACb,qBAAqB,EAAE,EAAE;YACzB,UAAU,EAAE,IAAI,CAAC,UAAU,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACxD,CAAC;IACJ,CAAC;IACD,wEAAwE;IACxE,4EAA4E;IAC5E,2CAA2C;IAC3C,IAAI,CAAC,IAAI,CAAC,YAAY;QAAE,IAAI,CAAC,YAAY,GAAG,EAAE,CAAC;IAC/C,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QAClB,IAAI,CAAC,OAAO,GAAG;YACb,UAAU,EAAE,MAAM;YAClB,sBAAsB,EAAE,EAAE;YAC1B,0BAA0B,EAAE,EAAE;YAC9B,uBAAuB,EAAE,CAAC;SAC3B,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,kBAAkB;QAAE,IAAI,CAAC,kBAAkB,GAAG,EAAE,CAAC;IAC3D,MAAM,CAAC,cAAc,GAAG,CAAC,CAAC;IAC1B,IAAI,CAAC,cAAc,GAAG,CAAC,CAAC;IACxB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,OAAO,CAAC,MAAoD;IACnE,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,CAAC,CAAC,GAAG,cAAc,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CACb,0BAA0B,MAAM,CAAC,cAAc,wCAAwC,cAAc,qBAAqB,CAC3H,CAAC;IACJ,CAAC;IACD,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IAC/B,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IAC/B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,MAAM,GAAG,GAAG,WAAW,EAAE,CAAC;IAC1B,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpC,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,KAAmB;IAC9C,iBAAiB,EAAE,CAAC;IACpB,MAAM,IAAI,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,OAAO,GAAmB,EAAE,cAAc,EAAE,cAAc,EAAE,GAAG,KAAK,EAAE,CAAC;IAC7E,+CAA+C;IAC/C,MAAM,GAAG,GAAG,GAAG,IAAI,MAAM,CAAC;IAC1B,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAC7D,kFAAkF;IAClF,uCAAuC;IACvC,IAAI,CAAC;QACH,UAAU,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAChE,CAAC;AACH,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,OAAe;IACzC,MAAM,IAAI,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAClC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACvC,IAAI,MAAsB,CAAC;IAC3B,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAmB,CAAC;IAC7C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,mBAAmB,IAAI,uBAAwB,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IAC1F,CAAC;IACD,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACzB,wDAAwD;IACxD,MAAM,EAAE,cAAc,EAAE,EAAE,EAAE,GAAG,IAAI,EAAE,GAAG,MAAM,CAAC;IAC/C,KAAK,EAAE,CAAC;IACR,OAAO,IAAI,CAAC;AACd,CAAC;AAUD,MAAM,UAAU,YAAY;IAC1B,MAAM,GAAG,GAAG,WAAW,EAAE,CAAC;IAC1B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,EAAE,CAAC;IAChC,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;QACpC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;YAAE,SAAS;QACtC,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YACvC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAmB,CAAC;YACjD,OAAO,CAAC,IAAI,CAAC;gBACX,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ;gBAC9B,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO;gBAC5B,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK;gBACxB,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU;gBAClC,IAAI;aACL,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,mDAAmD;QACrD,CAAC;IACH,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;IACjE,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,OAAe;IAC3C,MAAM,IAAI,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAClC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACpC,IAAI,CAAC;QACH,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}