@rubytech/create-maxy-code 0.1.23 → 0.1.26

package/payload/platform/services/claude-session-manager/dist/index.js

@@ -1,8 +1,10 @@
 import { serve } from '@hono/node-server';
 import { spawn as ptySpawn } from 'node-pty';
+import { join } from 'node:path';
 import { loadConfig } from './config.js';
 import { buildHttpApp } from './http-server.js';
 import { SessionStore } from './session-store.js';
+import { loadToolSurface, ToolSurfaceError } from './tool-surface.js';
 const TAG = '[claude-session-manager]';
 const log = (line) => console.log(`${TAG} ${line}`);
 function spawnPtyAdapter(cmd, args, env, cwd) {
@@ -27,6 +29,30 @@ async function main() {
     log(`boot port=${config.port} persistDir=${config.persistDir} spawnCwd=${config.spawnCwd}`);
     log(`host hostname=${config.host.hostname} lanIPv4=${config.host.lanIPv4 ?? 'unresolved'} adminUrl=${config.host.adminUrl} tunnelUrl=${config.host.tunnelUrl ?? 'none'}` +
         (config.host.lanIPv4Diagnostic ? ` diagnostic=${JSON.stringify(config.host.lanIPv4Diagnostic)}` : ''));
+    // Task 005 — load the tool surface once at boot. Refuse to start if any
+    // PLUGIN.md tool entry lacks a publicAllowlist field (or has a malformed
+    // one). The HTTP listener is only bound after this returns successfully,
+    // so a malformed manifest never silently produces public spawns.
+    const platformRoot = process.env.PLATFORM_ROOT ?? process.env.MAXY_PLATFORM_ROOT;
+    if (!platformRoot) {
+        log('boot-failed reason=platform-root-missing detail="PLATFORM_ROOT env var not set; cannot locate plugins/"');
+        process.exit(1);
+    }
+    const pluginsRoot = join(platformRoot, 'plugins');
+    let toolSurface;
+    try {
+        toolSurface = loadToolSurface(pluginsRoot);
+    }
+    catch (err) {
+        if (err instanceof ToolSurfaceError) {
+            log(`boot-failed reason=${err.reason} tool=${err.detail}`);
+        }
+        else {
+            log(`boot-failed reason=tool-surface-load detail=${err instanceof Error ? err.message : String(err)}`);
+        }
+        process.exit(1);
+    }
+    log(`tool-surface admin=${toolSurface.admin.size} public=${toolSurface.public.size}`);
     const app = buildHttpApp({
         store,
         spawnCwd: config.spawnCwd,
@@ -37,6 +63,7 @@ async function main() {
         logger: log,
         spawnPty: (cmd, args, env) => spawnPtyAdapter(cmd, args, env, config.spawnCwd),
         host: config.host,
+        toolSurface,
     });
     serve({ fetch: app.fetch, port: config.port, hostname: '127.0.0.1' }, (info) => {
         log(`listening address=127.0.0.1:${info.port}`);

package/payload/platform/services/claude-session-manager/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAA;AACzC,OAAO,EAAE,KAAK,IAAI,QAAQ,EAAE,MAAM,UAAU,CAAA;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AAGjD,MAAM,GAAG,GAAG,0BAA0B,CAAA;AACtC,MAAM,GAAG,GAAG,CAAC,IAAY,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,CAAA;AAE3D,SAAS,eAAe,CACtB,GAAW,EACX,IAAc,EACd,GAAsB,EACtB,GAAW;IAEX,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE;QAChC,IAAI,EAAE,gBAAgB;QACtB,IAAI,EAAE,GAAG;QACT,IAAI,EAAE,EAAE;QACR,GAAG;QACH,GAAG,EAAE,GAAgC;KACtC,CAAC,CAAA;IACF,OAAO;QACL,GAAG,EAAE,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;QAChC,MAAM,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;QACnF,KAAK,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC;QAClC,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;KACrC,CAAA;AACH,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,UAAU,EAAE,CAAA;IAC3B,MAAM,KAAK,GAAG,IAAI,YAAY,EAAE,CAAA;IAChC,GAAG,CAAC,aAAa,MAAM,CAAC,IAAI,eAAe,MAAM,CAAC,UAAU,aAAa,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAA;IAC3F,GAAG,CACD,iBAAiB,MAAM,CAAC,IAAI,CAAC,QAAQ,YAAY,MAAM,CAAC,IAAI,CAAC,OAAO,IAAI,YAAY,aAAa,MAAM,CAAC,IAAI,CAAC,QAAQ,cAAc,MAAM,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM,EAAE;QAClK,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,eAAe,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CACxG,CAAA;IAED,MAAM,GAAG,GAAG,YAAY,CAAC;QACvB,KAAK;QACL,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,mBAAmB,EAAE,MAAM,CAAC,mBAAmB;QAC/C,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;QAC3C,MAAM,EAAE,GAAG;QACX,QAAQ,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,eAAe,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC;QAC9E,IAAI,EAAE,MAAM,CAAC,IAAI;KAClB,CAAC,CAAA;IAEF,KAAK,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,CAAC,IAAI,EAAE,EAAE;QAC7E,GAAG,CAAC,+BAA+B,IAAI,CAAC,IAAI,EAAE,CAAC,CAAA;IACjD,CAAC,CAAC,CAAA;IAEF,MAAM,QAAQ,GAAG,CAAC,MAAc,EAAE,EAAE;QAClC,GAAG,CAAC,mBAAmB,MAAM,aAAa,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;QACzD,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,GAAG,EAAE,EAAE,CAAC;YAC5B,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;YACrB,GAAG,CAAC,YAAY,CAAC,CAAC,GAAG,sCAAsC,CAAC,CAAA;QAC9D,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC,CAAA;IACD,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAA;IAChD,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAA;AAChD,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,GAAG,GAAG,UAAU,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IAC/E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC,CAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAA;AACzC,OAAO,EAAE,KAAK,IAAI,QAAQ,EAAE,MAAM,UAAU,CAAA;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAChC,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAA;AAGrE,MAAM,GAAG,GAAG,0BAA0B,CAAA;AACtC,MAAM,GAAG,GAAG,CAAC,IAAY,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,CAAA;AAE3D,SAAS,eAAe,CACtB,GAAW,EACX,IAAc,EACd,GAAsB,EACtB,GAAW;IAEX,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE;QAChC,IAAI,EAAE,gBAAgB;QACtB,IAAI,EAAE,GAAG;QACT,IAAI,EAAE,EAAE;QACR,GAAG;QACH,GAAG,EAAE,GAAgC;KACtC,CAAC,CAAA;IACF,OAAO;QACL,GAAG,EAAE,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;QAChC,MAAM,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;QACnF,KAAK,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC;QAClC,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;KACrC,CAAA;AACH,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,UAAU,EAAE,CAAA;IAC3B,MAAM,KAAK,GAAG,IAAI,YAAY,EAAE,CAAA;IAChC,GAAG,CAAC,aAAa,MAAM,CAAC,IAAI,eAAe,MAAM,CAAC,UAAU,aAAa,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAA;IAC3F,GAAG,CACD,iBAAiB,MAAM,CAAC,IAAI,CAAC,QAAQ,YAAY,MAAM,CAAC,IAAI,CAAC,OAAO,IAAI,YAAY,aAAa,MAAM,CAAC,IAAI,CAAC,QAAQ,cAAc,MAAM,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM,EAAE;QAClK,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,eAAe,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CACxG,CAAA;IAED,wEAAwE;IACxE,yEAAyE;IACzE,yEAAyE;IACzE,iEAAiE;IACjE,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAA;IAChF,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,GAAG,CAAC,yGAAyG,CAAC,CAAA;QAC9G,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IACD,MAAM,WAAW,GAAG,IAAI,CAAC,YAAY,EAAE,SAAS,CAAC,CAAA;IACjD,IAAI,WAA+C,CAAA;IACnD,IAAI,CAAC;QACH,WAAW,GAAG,eAAe,CAAC,WAAW,CAAC,CAAA;IAC5C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,gBAAgB,EAAE,CAAC;YACpC,GAAG,CAAC,sBAAsB,GAAG,CAAC,MAAM,SAAS,GAAG,CAAC,MAAM,EAAE,CAAC,CAAA;QAC5D,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,+CAA+C,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QACxG,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IACD,GAAG,CAAC,sBAAsB,WAAW,CAAC,KAAK,CAAC,IAAI,WAAW,WAAW,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAA;IAErF,MAAM,GAAG,GAAG,YAAY,CAAC;QACvB,KAAK;QACL,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,mBAAmB,EAAE,MAAM,CAAC,mBAAmB;QAC/C,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;QAC3C,MAAM,EAAE,GAAG;QACX,QAAQ,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,eAAe,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC;QAC9E,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,WAAW;KACZ,CAAC,CAAA;IAEF,KAAK,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,CAAC,IAAI,EAAE,EAAE;QAC7E,GAAG,CAAC,+BAA+B,IAAI,CAAC,IAAI,EAAE,CAAC,CAAA;IACjD,CAAC,CAAC,CAAA;IAEF,MAAM,QAAQ,GAAG,CAAC,MAAc,EAAE,EAAE;QAClC,GAAG,CAAC,mBAAmB,MAAM,aAAa,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;QACzD,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,GAAG,EAAE,EAAE,CAAC;YAC5B,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;YACrB,GAAG,CAAC,YAAY,CAAC,CAAC,GAAG,sCAAsC,CAAC,CAAA;QAC9D,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC,CAAA;IACD,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAA;IAChD,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAA;AAChD,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,GAAG,GAAG,UAAU,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IAC/E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC,CAAA"}

package/payload/platform/services/claude-session-manager/dist/pty-spawner.d.ts

@@ -1,6 +1,8 @@
 import type { Logger, PtyHandle, Role, Channel } from './types.js';
 import { SessionStore, type StoredSession } from './session-store.js';
+import { type OnboardingPayload } from './system-prompt.js';
 import type { HostResolution } from './config.js';
+import type { ToolSurface } from './tool-surface.js';
 export type SpawnResult = {
     ok: true;
     session: StoredSession;
@@ -23,6 +25,12 @@ export interface SpawnDeps {
      * `lanIPv4` is null. One edit to this block changes the doctrine for
      * every agent in every session. */
     host: HostResolution;
+    /** Task 005 — precomputed tool surface for both roles. Loaded once at
+     *  manager boot from a directory walk of platform/plugins/<name>/PLUGIN.md.
+     *  The boot path refuses to start if any tool's PLUGIN.md entry lacks a
+     *  publicAllowlist field, so by the time pty-spawner sees this struct, the
+     *  per-tool decisions are guaranteed complete. */
+    toolSurface: ToolSurface;
 }
 export interface SpawnArgs {
     senderId: string;
@@ -38,7 +46,35 @@ export interface SpawnArgs {
      *  When omitted or empty, argv is byte-identical to today — existing
      *  Maxy installs with no channel plugins pay nothing for the addition. */
     channels?: string[];
+    /** Task 043 — admin onboarding directive. When provided, the manager
+     *  appends a third sentinel-wrapped section (`<onboarding-state>`) to the
+     *  --append-system-prompt block at PTY spawn time. The operator's first
+     *  /input therefore carries only their raw text; the directive is part
+     *  of the system prompt, not the user transcript. Resumed sessions and
+     *  step-9 (complete) sessions never receive this payload. */
+    onboarding?: OnboardingPayload;
+    /** Task 043 — for observability log line only. The admin UI wrapper
+     *  resolves accountId server-side; the manager echoes the first 8 chars
+     *  in `[onboarding-prompt]` so a tail can correlate the spawn with the
+     *  source account without persisting the full id. Public/non-admin
+     *  spawns omit this. */
+    accountId?: string;
+    /** Task 010 — operator-selected permission mode. When set to anything
+     *  other than `default`, the manager appends `--permission-mode <mode>`
+     *  to the spawn argv so the claude CLI starts the session in that mode.
+     *  `default` (or omitted) leaves argv byte-identical to today. */
+    permissionMode?: PermissionMode;
+    /** Task 051 — per-session attachment directory for role=public. When set,
+     *  pty-spawner pre-creates the directory and appends `--add-dir <dir>` plus
+     *  `--allowed-tools "Read(<dir>/**)"` to argv so claude can read public-chat
+     *  uploads referenced in the dispatched turn. Ignored for non-public roles.
+     *  The directory is per-(accountId, senderId) and deterministic; the bridge
+     *  passes it at session-creation time so it covers every turn in the
+     *  session, not just the first turn carrying attachments. */
+    attachmentDir?: string;
 }
+export type PermissionMode = 'default' | 'acceptEdits' | 'plan' | 'auto';
+export declare const PERMISSION_MODES: readonly PermissionMode[];
 export declare function spawnClaudeSession(deps: SpawnDeps, args: SpawnArgs): Promise<SpawnResult>;
 export interface DeleteDeps {
     store: SessionStore;

package/payload/platform/services/claude-session-manager/dist/pty-spawner.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"pty-spawner.d.ts","sourceRoot":"","sources":["../src/pty-spawner.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AAElE,OAAO,EAAE,YAAY,EAAE,KAAK,aAAa,EAAE,MAAM,oBAAoB,CAAA;AAGrE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AAEjD,MAAM,MAAM,WAAW,GACnB;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,OAAO,EAAE,aAAa,CAAA;CAAE,GACpC;IACE,EAAE,EAAE,KAAK,CAAA;IACT,MAAM,EACF,wBAAwB,GACxB,kBAAkB,GAClB,qBAAqB,GACrB,yBAAyB,CAAA;IAC7B,UAAU,EAAE,MAAM,CAAA;CACnB,CAAA;AAEL,MAAM,WAAW,SAAS;IACxB,QAAQ,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,UAAU,KAAK,SAAS,CAAA;IAC5E,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,mBAAmB,EAAE,MAAM,CAAA;IAC3B,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,YAAY,CAAA;IACnB;;;;;uCAKmC;IACnC,IAAI,EAAE,cAAc,CAAA;CACrB;AAED,MAAM,WAAW,SAAS;IACxB,QAAQ,EAAE,MAAM,CAAA;IAChB,IAAI,EAAE,IAAI,CAAA;IACV,OAAO,EAAE,OAAO,CAAA;IAChB;;gCAE4B;IAC5B,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B;;;;8EAI0E;IAC1E,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;CACpB;AAED,wBAAsB,kBAAkB,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,CA8E/F;AAED,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,YAAY,CAAA;IACnB,WAAW,EAAE,MAAM,CAAA;IACnB,MAAM,EAAE,MAAM,CAAA;CACf;AAED,wBAAsB,aAAa,CACjC,IAAI,EAAE,UAAU,EAChB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,CAAC,CAqBzC"}
+{"version":3,"file":"pty-spawner.d.ts","sourceRoot":"","sources":["../src/pty-spawner.ts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AAElE,OAAO,EAAE,YAAY,EAAE,KAAK,aAAa,EAAE,MAAM,oBAAoB,CAAA;AAErE,OAAO,EAAoD,KAAK,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AAC7G,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AACjD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAEpD,MAAM,MAAM,WAAW,GACnB;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,OAAO,EAAE,aAAa,CAAA;CAAE,GACpC;IACE,EAAE,EAAE,KAAK,CAAA;IACT,MAAM,EACF,wBAAwB,GACxB,kBAAkB,GAClB,qBAAqB,GACrB,yBAAyB,CAAA;IAC7B,UAAU,EAAE,MAAM,CAAA;CACnB,CAAA;AAEL,MAAM,WAAW,SAAS;IACxB,QAAQ,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,UAAU,KAAK,SAAS,CAAA;IAC5E,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,mBAAmB,EAAE,MAAM,CAAA;IAC3B,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,YAAY,CAAA;IACnB;;;;;uCAKmC;IACnC,IAAI,EAAE,cAAc,CAAA;IACpB;;;;sDAIkD;IAClD,WAAW,EAAE,WAAW,CAAA;CACzB;AAED,MAAM,WAAW,SAAS;IACxB,QAAQ,EAAE,MAAM,CAAA;IAChB,IAAI,EAAE,IAAI,CAAA;IACV,OAAO,EAAE,OAAO,CAAA;IAChB;;gCAE4B;IAC5B,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B;;;;8EAI0E;IAC1E,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;IACnB;;;;;iEAK6D;IAC7D,UAAU,CAAC,EAAE,iBAAiB,CAAA;IAC9B;;;;4BAIwB;IACxB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB;;;sEAGkE;IAClE,cAAc,CAAC,EAAE,cAAc,CAAA;IAC/B;;;;;;iEAM6D;IAC7D,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB;AAED,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,aAAa,GAAG,MAAM,GAAG,MAAM,CAAA;AACxE,eAAO,MAAM,gBAAgB,EAAE,SAAS,cAAc,EAA+C,CAAA;AAErG,wBAAsB,kBAAkB,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,CAsH/F;AAED,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,YAAY,CAAA;IACnB,WAAW,EAAE,MAAM,CAAA;IACnB,MAAM,EAAE,MAAM,CAAA;CACf;AAED,wBAAsB,aAAa,CACjC,IAAI,EAAE,UAAU,EAChB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,CAAC,CAqBzC"}

package/payload/platform/services/claude-session-manager/dist/pty-spawner.js

@@ -9,14 +9,16 @@
 // child is killed (if alive) before the error surfaces to the caller. The
 // `[claude-session-manager] spawn-failed` line names the reason.
 import { randomUUID } from 'node:crypto';
+import { mkdirSync } from 'node:fs';
 import { startUrlCapture } from './url-capture.js';
 import { deriveJsonlPath } from './jsonl-path.js';
-import { composeAppendSystemPrompt } from './system-prompt.js';
+import { composeAppendSystemPrompt, renderOnboardingBlock } from './system-prompt.js';
+export const PERMISSION_MODES = ['default', 'acceptEdits', 'plan', 'auto'];
 export async function spawnClaudeSession(deps, args) {
     const sessionId = randomUUID();
     const startedAt = new Date().toISOString();
     const start = Date.now();
-    const appendSystemPrompt = composeAppendSystemPrompt(deps.host);
+    const appendSystemPrompt = composeAppendSystemPrompt(deps.host, args.onboarding);
     if (!appendSystemPrompt) {
         const stderrTail = deps.host.lanIPv4Diagnostic ?? 'append-system-prompt unresolved';
         deps.logger(`spawn-failed reason=host-context-unresolved stderr-tail=${JSON.stringify(stderrTail)}`);
@@ -36,6 +38,35 @@ export async function spawnClaudeSession(deps, args) {
             argv.push('--channels', ch);
         }
     }
+    // Task 005 — per-role tool-allowlist argv. The set is precomputed at boot
+    // and never inferred per call; this loop just renders it. Sorted output
+    // gives byte-stable argv for snapshot tests and grep-friendly log lines.
+    const allowedSet = args.role === 'public' ? deps.toolSurface.public : deps.toolSurface.admin;
+    const allowed = Array.from(allowedSet).sort();
+    for (const tool of allowed) {
+        argv.push('--allowed-tools', tool);
+    }
+    // Observability — sample up to 5 excluded tool names so an operator
+    // grepping the spawn log can see at a glance what a public role cannot
+    // touch. Admin role excludes nothing; the field is still emitted (empty)
+    // so the line shape is uniform across roles.
+    const excludedSample = args.role === 'public'
+        ? Array.from(deps.toolSurface.admin).filter((t) => !deps.toolSurface.public.has(t)).sort().slice(0, 5).join(',')
+        : '';
+    deps.logger(`tool-allowlist role=${args.role} count=${allowed.length} excluded=${excludedSample}`);
+    if (args.permissionMode && args.permissionMode !== 'default') {
+        argv.push('--permission-mode', args.permissionMode);
+    }
+    // Task 051 — public-chat attachment passthrough. Pre-create the per-session
+    // upload dir (so --add-dir does not fail on a missing path), then grant
+    // claude scoped Read access to it. The Read allow-rule mirrors the dir, so
+    // a `Read("/etc/passwd")` call from the PTY is refused by claude's
+    // permissions layer regardless of any operator instruction in the turn.
+    if (args.role === 'public' && args.attachmentDir) {
+        mkdirSync(args.attachmentDir, { recursive: true });
+        argv.push('--add-dir', args.attachmentDir);
+        argv.push('--allowed-tools', `Read(${args.attachmentDir}/**)`);
+    }
     let pty;
     try {
         pty = deps.spawnPty(deps.claudeBin, argv, {
@@ -74,8 +105,15 @@ export async function spawnClaudeSession(deps, args) {
                     session.exited = true;
                     deps.logger(`kill pid=${pty.pid} reason=process-exited exit-code=0`);
                 });
-                deps.logger(`spawn pid=${pty.pid} sessionUrl=${url} jsonlPath=${jsonlPath ?? 'unknown'} senderId=${args.senderId} role=${args.role} channel=${args.channel} latency-ms=${Date.now() - start}`);
+                deps.logger(`spawn pid=${pty.pid} sessionUrl=${url} jsonlPath=${jsonlPath ?? 'unknown'} senderId=${args.senderId} role=${args.role} channel=${args.channel} permissionMode=${args.permissionMode ?? 'default'} latency-ms=${Date.now() - start}`);
                 deps.logger(`[pty-spawn] sessionId=${sessionId} appendSystemPromptBytes=${Buffer.byteLength(appendSystemPrompt, 'utf8')} hostname=${deps.host.hostname} lanIPv4=${deps.host.lanIPv4} adminUrl=${deps.host.adminUrl} tunnelUrl=${deps.host.tunnelUrl ?? 'none'}`);
+                if (args.onboarding) {
+                    const rendered = renderOnboardingBlock(args.onboarding.step);
+                    if (rendered) {
+                        const accountIdShort = args.accountId ? args.accountId.slice(0, 8) : '';
+                        deps.logger(`[onboarding-prompt] step=${rendered.label} bytes=${Buffer.byteLength(rendered.block, 'utf8')} sessionId=${sessionId.slice(0, 8)} accountId=${accountIdShort}`);
+                    }
+                }
                 resolve({ ok: true, session });
             },
             onTimeout: () => {

package/payload/platform/services/claude-session-manager/dist/pty-spawner.js.map

@@ -1 +1 @@
-{"version":3,"file":"pty-spawner.js","sourceRoot":"","sources":["../src/pty-spawner.ts"],"names":[],"mappings":"AAAA,yEAAyE;AACzE,yEAAyE;AACzE,0DAA0D;AAC1D,0EAA0E;AAC1E,2EAA2E;AAC3E,eAAe;AACf,EAAE;AACF,0EAA0E;AAC1E,0EAA0E;AAC1E,iEAAiE;AAEjE,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAExC,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAElD,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;AACjD,OAAO,EAAE,yBAAyB,EAAE,MAAM,oBAAoB,CAAA;AA+C9D,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,IAAe,EAAE,IAAe;IACvE,MAAM,SAAS,GAAG,UAAU,EAAE,CAAA;IAC9B,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;IAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IACxB,MAAM,kBAAkB,GAAG,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC/D,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,IAAI,iCAAiC,CAAA;QACnF,IAAI,CAAC,MAAM,CAAC,2DAA2D,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC,CAAA;QACpG,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,EAAE,UAAU,EAAE,CAAA;IACrE,CAAC;IACD,MAAM,IAAI,GAAa;QACrB,WAAW;QACX,kBAAkB;QAClB,wBAAwB;QACxB,kBAAkB;KACnB,CAAA;IACD,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC/B,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,qBAAqB,CAAC,CAAA;IACnD,CAAC;IACD,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC/B,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC,CAAA;QAC7B,CAAC;IACH,CAAC;IAED,IAAI,GAAc,CAAA;IAClB,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE;YACxC,GAAG,OAAO,CAAC,GAAG;YACd,IAAI,EAAE,gBAAgB;SACvB,CAAC,CAAA;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,GAAG,GAA4B,CAAA;QACtC,MAAM,MAAM,GAAG,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,kBAAkB,CAAA;QAClF,MAAM,UAAU,GAAG,CAAC,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAA;QAC/C,IAAI,CAAC,MAAM,CAAC,uBAAuB,MAAM,gBAAgB,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC,CAAA;QACtF,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,CAAA;IAC1C,CAAC;IAED,OAAO,MAAM,IAAI,OAAO,CAAc,CAAC,OAAO,EAAE,EAAE;QAChD,eAAe,CAAC;YACd,GAAG;YACH,SAAS,EAAE,IAAI,CAAC,mBAAmB;YACnC,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE;gBACb,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;gBACrD,MAAM,OAAO,GAAkB;oBAC7B,SAAS;oBACT,GAAG,EAAE,GAAG,CAAC,GAAG;oBACZ,GAAG;oBACH,SAAS;oBACT,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,OAAO,EAAE,IAAI,CAAC,OAAO;oBACrB,SAAS;oBACT,GAAG;oBACH,MAAM,EAAE,KAAK;iBACd,CAAA;gBACD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;gBACvB,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE;oBACd,OAAO,CAAC,MAAM,GAAG,IAAI,CAAA;oBACrB,IAAI,CAAC,MAAM,CAAC,YAAY,GAAG,CAAC,GAAG,oCAAoC,CAAC,CAAA;gBACtE,CAAC,CAAC,CAAA;gBACF,IAAI,CAAC,MAAM,CACT,aAAa,GAAG,CAAC,GAAG,eAAe,GAAG,cAAc,SAAS,IAAI,SAAS,aAAa,IAAI,CAAC,QAAQ,SAAS,IAAI,CAAC,IAAI,YAAY,IAAI,CAAC,OAAO,eAAe,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,CAClL,CAAA;gBACD,IAAI,CAAC,MAAM,CACT,yBAAyB,SAAS,4BAA4B,MAAM,CAAC,UAAU,CAAC,kBAAkB,EAAE,MAAM,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,QAAQ,YAAY,IAAI,CAAC,IAAI,CAAC,OAAO,aAAa,IAAI,CAAC,IAAI,CAAC,QAAQ,cAAc,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM,EAAE,CACpP,CAAA;gBACD,OAAO,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;YAChC,CAAC;YACD,SAAS,EAAE,GAAG,EAAE;gBACd,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;gBACnB,IAAI,CAAC,MAAM,CAAC,wDAAwD,CAAC,CAAA;gBACrE,OAAO,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAA;YACvE,CAAC;SACF,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC;AAQD,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,IAAgB,EAChB,SAAiB;IAEjB,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;IACnC,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;IAC3C,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;QACb,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QAC5B,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;IACpC,CAAC;IACD,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;IACrB,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;QAClC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,IAAI,CAAC,CAAC,CAAC,MAAM;gBAAE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;YACpC,OAAO,EAAE,CAAA;QACX,CAAC,EAAE,IAAI,CAAC,WAAW,CAAC,CAAA;QACpB,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE;YAChB,YAAY,CAAC,KAAK,CAAC,CAAA;YACnB,OAAO,EAAE,CAAA;QACX,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IACF,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;IAC5B,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,GAAG,sCAAsC,CAAC,CAAA;IACpE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;AACpC,CAAC"}
+{"version":3,"file":"pty-spawner.js","sourceRoot":"","sources":["../src/pty-spawner.ts"],"names":[],"mappings":"AAAA,yEAAyE;AACzE,yEAAyE;AACzE,0DAA0D;AAC1D,0EAA0E;AAC1E,2EAA2E;AAC3E,eAAe;AACf,EAAE;AACF,0EAA0E;AAC1E,0EAA0E;AAC1E,iEAAiE;AAEjE,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,OAAO,EAAE,SAAS,EAAE,MAAM,SAAS,CAAA;AAEnC,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAElD,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;AACjD,OAAO,EAAE,yBAAyB,EAAE,qBAAqB,EAA0B,MAAM,oBAAoB,CAAA;AAiF7G,MAAM,CAAC,MAAM,gBAAgB,GAA8B,CAAC,SAAS,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;AAErG,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,IAAe,EAAE,IAAe;IACvE,MAAM,SAAS,GAAG,UAAU,EAAE,CAAA;IAC9B,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;IAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IACxB,MAAM,kBAAkB,GAAG,yBAAyB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,CAAA;IAChF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,IAAI,iCAAiC,CAAA;QACnF,IAAI,CAAC,MAAM,CAAC,2DAA2D,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC,CAAA;QACpG,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,EAAE,UAAU,EAAE,CAAA;IACrE,CAAC;IACD,MAAM,IAAI,GAAa;QACrB,WAAW;QACX,kBAAkB;QAClB,wBAAwB;QACxB,kBAAkB;KACnB,CAAA;IACD,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC/B,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,qBAAqB,CAAC,CAAA;IACnD,CAAC;IACD,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC/B,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC,CAAA;QAC7B,CAAC;IACH,CAAC;IACD,0EAA0E;IAC1E,wEAAwE;IACxE,yEAAyE;IACzE,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAA;IAC5F,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,IAAI,EAAE,CAAA;IAC7C,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAA;IACpC,CAAC;IACD,oEAAoE;IACpE,uEAAuE;IACvE,yEAAyE;IACzE,6CAA6C;IAC7C,MAAM,cAAc,GAClB,IAAI,CAAC,IAAI,KAAK,QAAQ;QACpB,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;QAChH,CAAC,CAAC,EAAE,CAAA;IACR,IAAI,CAAC,MAAM,CAAC,uBAAuB,IAAI,CAAC,IAAI,UAAU,OAAO,CAAC,MAAM,aAAa,cAAc,EAAE,CAAC,CAAA;IAClG,IAAI,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;QAC7D,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,IAAI,CAAC,cAAc,CAAC,CAAA;IACrD,CAAC;IAED,4EAA4E;IAC5E,wEAAwE;IACxE,2EAA2E;IAC3E,mEAAmE;IACnE,wEAAwE;IACxE,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;QAClD,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,aAAa,CAAC,CAAA;QAC1C,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,QAAQ,IAAI,CAAC,aAAa,MAAM,CAAC,CAAA;IAChE,CAAC;IAED,IAAI,GAAc,CAAA;IAClB,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE;YACxC,GAAG,OAAO,CAAC,GAAG;YACd,IAAI,EAAE,gBAAgB;SACvB,CAAC,CAAA;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,GAAG,GAA4B,CAAA;QACtC,MAAM,MAAM,GAAG,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,kBAAkB,CAAA;QAClF,MAAM,UAAU,GAAG,CAAC,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAA;QAC/C,IAAI,CAAC,MAAM,CAAC,uBAAuB,MAAM,gBAAgB,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC,CAAA;QACtF,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,CAAA;IAC1C,CAAC;IAED,OAAO,MAAM,IAAI,OAAO,CAAc,CAAC,OAAO,EAAE,EAAE;QAChD,eAAe,CAAC;YACd,GAAG;YACH,SAAS,EAAE,IAAI,CAAC,mBAAmB;YACnC,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE;gBACb,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;gBACrD,MAAM,OAAO,GAAkB;oBAC7B,SAAS;oBACT,GAAG,EAAE,GAAG,CAAC,GAAG;oBACZ,GAAG;oBACH,SAAS;oBACT,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,OAAO,EAAE,IAAI,CAAC,OAAO;oBACrB,SAAS;oBACT,GAAG;oBACH,MAAM,EAAE,KAAK;iBACd,CAAA;gBACD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;gBACvB,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE;oBACd,OAAO,CAAC,MAAM,GAAG,IAAI,CAAA;oBACrB,IAAI,CAAC,MAAM,CAAC,YAAY,GAAG,CAAC,GAAG,oCAAoC,CAAC,CAAA;gBACtE,CAAC,CAAC,CAAA;gBACF,IAAI,CAAC,MAAM,CACT,aAAa,GAAG,CAAC,GAAG,eAAe,GAAG,cAAc,SAAS,IAAI,SAAS,aAAa,IAAI,CAAC,QAAQ,SAAS,IAAI,CAAC,IAAI,YAAY,IAAI,CAAC,OAAO,mBAAmB,IAAI,CAAC,cAAc,IAAI,SAAS,eAAe,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,CACrO,CAAA;gBACD,IAAI,CAAC,MAAM,CACT,yBAAyB,SAAS,4BAA4B,MAAM,CAAC,UAAU,CAAC,kBAAkB,EAAE,MAAM,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,QAAQ,YAAY,IAAI,CAAC,IAAI,CAAC,OAAO,aAAa,IAAI,CAAC,IAAI,CAAC,QAAQ,cAAc,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM,EAAE,CACpP,CAAA;gBACD,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;oBACpB,MAAM,QAAQ,GAAG,qBAAqB,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;oBAC5D,IAAI,QAAQ,EAAE,CAAC;wBACb,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;wBACvE,IAAI,CAAC,MAAM,CACT,4BAA4B,QAAQ,CAAC,KAAK,UAAU,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC,cAAc,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,cAAc,cAAc,EAAE,CAC/J,CAAA;oBACH,CAAC;gBACH,CAAC;gBACD,OAAO,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;YAChC,CAAC;YACD,SAAS,EAAE,GAAG,EAAE;gBACd,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;gBACnB,IAAI,CAAC,MAAM,CAAC,wDAAwD,CAAC,CAAA;gBACrE,OAAO,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAA;YACvE,CAAC;SACF,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC;AAQD,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,IAAgB,EAChB,SAAiB;IAEjB,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;IACnC,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;IAC3C,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;QACb,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QAC5B,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;IACpC,CAAC;IACD,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;IACrB,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;QAClC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,IAAI,CAAC,CAAC,CAAC,MAAM;gBAAE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;YACpC,OAAO,EAAE,CAAA;QACX,CAAC,EAAE,IAAI,CAAC,WAAW,CAAC,CAAA;QACpB,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE;YAChB,YAAY,CAAC,KAAK,CAAC,CAAA;YACnB,OAAO,EAAE,CAAA;QACX,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IACF,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;IAC5B,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,GAAG,sCAAsC,CAAC,CAAA;IACpE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;AACpC,CAAC"}

package/payload/platform/services/claude-session-manager/dist/system-prompt.d.ts

@@ -4,6 +4,30 @@ export interface HostContext {
     adminUrl: string;
     tunnelUrl: string | null;
 }
+/** Onboarding state forwarded by the admin UI wrapper to the manager.
+ *  `step` is the raw value returned by `loadOnboardingStep(accountId)` —
+ *  0..8 = in-progress, 9 = complete, -1 = no node (defensive), null =
+ *  Neo4j unreachable. Task 043 moves the onboarding directive from PTY
+ *  keystrokes (where the Claude CLI's Ink TextInput interpreted each
+ *  `\n` in a multi-line block as Enter, dropping the bytes before they
+ *  reached the agent) into the spawn-time append-system-prompt block. */
+export interface OnboardingPayload {
+    step: number | null;
+}
 export declare const ATTACHMENT_CEILING_BYTES = 31457280;
-export declare function composeAppendSystemPrompt(host: HostContext): string | null;
+export declare function composeAppendSystemPrompt(host: HostContext, onboarding?: OnboardingPayload): string | null;
+export interface RenderedOnboardingBlock {
+    /** Block body without a leading newline; callers join with `\n`. */
+    block: string;
+    /** Label for observability: `<n>` for in-progress steps, `missing` for
+     *  step === -1, `graph-unreachable` for step === null. Never emitted
+     *  for the complete (step === 9) case — that returns null. */
+    label: string;
+}
+/** Render the onboarding-state section for a given step. Returns null when
+ *  the agent should see no onboarding block (step === 9 = complete). The
+ *  prose contract — declarative two-tool sequence, forbidden preamble
+ *  phrasings — is pinned by tests in `__tests__/system-prompt.test.ts`
+ *  and `platform/ui/app/lib/__tests__/onboarding-prompt-complete-onboarding.test.ts`. */
+export declare function renderOnboardingBlock(step: number | null): RenderedOnboardingBlock | null;
 //# sourceMappingURL=system-prompt.d.ts.map

package/payload/platform/services/claude-session-manager/dist/system-prompt.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"system-prompt.d.ts","sourceRoot":"","sources":["../src/system-prompt.ts"],"names":[],"mappings":"AAkBA,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAA;IACtB,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;CACzB;AAED,eAAO,MAAM,wBAAwB,WAAa,CAAA;AAElD,wBAAgB,yBAAyB,CAAC,IAAI,EAAE,WAAW,GAAG,MAAM,GAAG,IAAI,CAc1E"}
+{"version":3,"file":"system-prompt.d.ts","sourceRoot":"","sources":["../src/system-prompt.ts"],"names":[],"mappings":"AAwBA,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAA;IACtB,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;CACzB;AAED;;;;;;yEAMyE;AACzE,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAA;CACpB;AAED,eAAO,MAAM,wBAAwB,WAAa,CAAA;AAElD,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,WAAW,EACjB,UAAU,CAAC,EAAE,iBAAiB,GAC7B,MAAM,GAAG,IAAI,CAmBf;AAED,MAAM,WAAW,uBAAuB;IACtC,oEAAoE;IACpE,KAAK,EAAE,MAAM,CAAA;IACb;;kEAE8D;IAC9D,KAAK,EAAE,MAAM,CAAA;CACd;AAED;;;;yFAIyF;AACzF,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,uBAAuB,GAAG,IAAI,CASzF"}

package/payload/platform/services/claude-session-manager/dist/system-prompt.js

@@ -1,5 +1,5 @@
 // Composes the `--append-system-prompt` block injected into every spawned
-// `claude --verbose --remote-control` PTY. Two sentinel-wrapped sections:
+// `claude --verbose --remote-control` PTY. Three sentinel-wrapped sections:
 //
 //   <host> ... </host>                    — hostname, LAN IPv4, admin URL,
 //                                            tunnel URL (or "none")
@@ -7,6 +7,12 @@
 //                                          — 30 MiB SendUserFile ceiling and
 //                                            the tunnel-link workaround for
 //                                            oversize files
+//   <onboarding-state> ... </onboarding-state>
+//                                          — optional. Present only when the
+//                                            caller supplies an `onboarding`
+//                                            payload AND the resolved step
+//                                            is anything other than 9
+//                                            (complete). Task 043.
 //
 // The block is the only doctrine surface that survives Claude Code SDK
 // upgrades. Per Task 037, no skill carries a copy; one edit here changes the
@@ -16,11 +22,11 @@
 // caller passes that case as `null` to indicate the spawner should reject
 // with `host-context-unresolved` rather than emit a malformed block.
 export const ATTACHMENT_CEILING_BYTES = 31_457_280; // 30 MiB, mirrors the SDK uploader
-export function composeAppendSystemPrompt(host) {
+export function composeAppendSystemPrompt(host, onboarding) {
     if (!host.lanIPv4)
         return null;
     const tunnelLine = host.tunnelUrl ? host.tunnelUrl : 'none';
-    return [
+    const sections = [
         '<host>',
         `hostname: ${host.hostname}`,
         `lan-ipv4: ${host.lanIPv4}`,
@@ -30,6 +36,51 @@ export function composeAppendSystemPrompt(host) {
         '<attachment-ceiling>',
         'SendUserFile and any inline attachment surface accept at most 30 MiB per file. Over that ceiling, write the file under <spawn-cwd>/output/ and send the operator the public URL at <tunnel-url>/files/<relative-path>; never call SendUserFile with a file whose on-disk size exceeds 30 MiB. The tool returns "N files delivered to user" even when the byte upload silently fails, so the response is not evidence of delivery.',
         '</attachment-ceiling>',
+    ];
+    if (onboarding) {
+        const rendered = renderOnboardingBlock(onboarding.step);
+        if (rendered)
+            sections.push(rendered.block);
+    }
+    return sections.join('\n');
+}
+/** Render the onboarding-state section for a given step. Returns null when
+ *  the agent should see no onboarding block (step === 9 = complete). The
+ *  prose contract — declarative two-tool sequence, forbidden preamble
+ *  phrasings — is pinned by tests in `__tests__/system-prompt.test.ts`
+ *  and `platform/ui/app/lib/__tests__/onboarding-prompt-complete-onboarding.test.ts`. */
+export function renderOnboardingBlock(step) {
+    if (step === 9)
+        return null;
+    if (step === null) {
+        return { block: renderUnreachableBlock(), label: 'graph-unreachable' };
+    }
+    if (step < 0) {
+        return { block: renderIncompleteBlock(-1), label: 'missing' };
+    }
+    return { block: renderIncompleteBlock(step), label: String(step) };
+}
+function renderIncompleteBlock(currentStep) {
+    const stepAttr = currentStep < 0 ? 'missing' : String(currentStep);
+    const resumeStep = currentStep < 0 ? 0 : currentStep + 1;
+    // Task 038 Outcome E1 — declarative, no menu phrasing, no pre-skill preamble.
+    // Two-tool contract: first `skill-load(name=onboarding)`, then
+    // `render-component` for the next step. Operator-visible drift (any "let
+    // me check", "let me figure out", "let me list" preamble) is the
+    // failure mode the precision-check rule `onboarding-skill-drift` watches
+    // for; the prose below names it so the agent treats the constraint as
+    // structural rather than stylistic.
+    return [
+        `<onboarding-state currentStep="${stepAttr}" resumeStep="${resumeStep}">`,
+        `Onboarding is incomplete. Your first tool call this turn is \`skill-load\` with \`skillName=onboarding\`. Your second tool call is \`render-component\` for step ${resumeStep}, exactly as the skill body directs. Do not greet, do not summarise, do not write a preamble (\`let me check\`, \`let me figure out\`, \`let me list\` and similar phrasings are forbidden). The skill body is the only authority for what the operator sees next.`,
+        `</onboarding-state>`,
+    ].join('\n');
+}
+function renderUnreachableBlock() {
+    return [
+        `<onboarding-state currentStep="unknown" graphUnreachable="true">`,
+        `Neo4j is unreachable, so onboarding state cannot be read. Do not assume onboarding is complete. Tell the operator the graph is unreachable, name the symptom in one line, and stop — do not improvise an onboarding flow without state, and do not silently skip the step the operator was on.`,
+        `</onboarding-state>`,
     ].join('\n');
 }
 //# sourceMappingURL=system-prompt.js.map

package/payload/platform/services/claude-session-manager/dist/system-prompt.js.map

@@ -1 +1 @@
-{"version":3,"file":"system-prompt.js","sourceRoot":"","sources":["../src/system-prompt.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,0EAA0E;AAC1E,EAAE;AACF,2EAA2E;AAC3E,oEAAoE;AACpE,mDAAmD;AACnD,6EAA6E;AAC7E,4EAA4E;AAC5E,4DAA4D;AAC5D,EAAE;AACF,uEAAuE;AACvE,6EAA6E;AAC7E,0DAA0D;AAC1D,EAAE;AACF,yEAAyE;AACzE,0EAA0E;AAC1E,qEAAqE;AASrE,MAAM,CAAC,MAAM,wBAAwB,GAAG,UAAU,CAAA,CAAC,mCAAmC;AAEtF,MAAM,UAAU,yBAAyB,CAAC,IAAiB;IACzD,IAAI,CAAC,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAA;IAC9B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAA;IAC3D,OAAO;QACL,QAAQ;QACR,aAAa,IAAI,CAAC,QAAQ,EAAE;QAC5B,aAAa,IAAI,CAAC,OAAO,EAAE;QAC3B,cAAc,IAAI,CAAC,QAAQ,EAAE;QAC7B,eAAe,UAAU,EAAE;QAC3B,SAAS;QACT,sBAAsB;QACtB,maAAma;QACna,uBAAuB;KACxB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACd,CAAC"}
+{"version":3,"file":"system-prompt.js","sourceRoot":"","sources":["../src/system-prompt.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,4EAA4E;AAC5E,EAAE;AACF,2EAA2E;AAC3E,oEAAoE;AACpE,mDAAmD;AACnD,6EAA6E;AAC7E,4EAA4E;AAC5E,4DAA4D;AAC5D,+CAA+C;AAC/C,6EAA6E;AAC7E,6EAA6E;AAC7E,2EAA2E;AAC3E,sEAAsE;AACtE,mEAAmE;AACnE,EAAE;AACF,uEAAuE;AACvE,6EAA6E;AAC7E,0DAA0D;AAC1D,EAAE;AACF,yEAAyE;AACzE,0EAA0E;AAC1E,qEAAqE;AAoBrE,MAAM,CAAC,MAAM,wBAAwB,GAAG,UAAU,CAAA,CAAC,mCAAmC;AAEtF,MAAM,UAAU,yBAAyB,CACvC,IAAiB,EACjB,UAA8B;IAE9B,IAAI,CAAC,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAA;IAC9B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAA;IAC3D,MAAM,QAAQ,GAAa;QACzB,QAAQ;QACR,aAAa,IAAI,CAAC,QAAQ,EAAE;QAC5B,aAAa,IAAI,CAAC,OAAO,EAAE;QAC3B,cAAc,IAAI,CAAC,QAAQ,EAAE;QAC7B,eAAe,UAAU,EAAE;QAC3B,SAAS;QACT,sBAAsB;QACtB,maAAma;QACna,uBAAuB;KACxB,CAAA;IACD,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,QAAQ,GAAG,qBAAqB,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;QACvD,IAAI,QAAQ;YAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;IAC7C,CAAC;IACD,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AAC5B,CAAC;AAWD;;;;yFAIyF;AACzF,MAAM,UAAU,qBAAqB,CAAC,IAAmB;IACvD,IAAI,IAAI,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAC3B,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;QAClB,OAAO,EAAE,KAAK,EAAE,sBAAsB,EAAE,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAA;IACxE,CAAC;IACD,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;QACb,OAAO,EAAE,KAAK,EAAE,qBAAqB,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,CAAA;IAC/D,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,qBAAqB,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAA;AACpE,CAAC;AAED,SAAS,qBAAqB,CAAC,WAAmB;IAChD,MAAM,QAAQ,GAAG,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;IAClE,MAAM,UAAU,GAAG,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,GAAG,CAAC,CAAA;IACxD,8EAA8E;IAC9E,+DAA+D;IAC/D,yEAAyE;IACzE,iEAAiE;IACjE,yEAAyE;IACzE,sEAAsE;IACtE,oCAAoC;IACpC,OAAO;QACL,kCAAkC,QAAQ,iBAAiB,UAAU,IAAI;QACzE,oKAAoK,UAAU,oQAAoQ;QAClb,qBAAqB;KACtB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACd,CAAC;AAED,SAAS,sBAAsB;IAC7B,OAAO;QACL,kEAAkE;QAClE,gSAAgS;QAChS,qBAAqB;KACtB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACd,CAAC"}

package/payload/platform/services/claude-session-manager/dist/tool-surface.d.ts

@@ -0,0 +1,25 @@
+export interface ToolSurface {
+    admin: ReadonlySet<string>;
+    public: ReadonlySet<string>;
+}
+export declare class ToolSurfaceError extends Error {
+    readonly reason: string;
+    readonly detail: string;
+    constructor(reason: string, detail: string);
+}
+interface ToolEntry {
+    name: string;
+    publicAllowlist: boolean;
+}
+/** Parse the tools: block out of a PLUGIN.md frontmatter body. Returns an
+ *  empty array when the frontmatter has no tools: key or declares `tools: []`.
+ *  Throws ToolSurfaceError on any malformed entry (missing name, missing or
+ *  non-boolean publicAllowlist). */
+export declare function parseToolsBlock(frontmatter: string, pluginDir: string): ToolEntry[];
+/** Walk a plugins root directory, parse every <name>/PLUGIN.md, and return
+ *  the {admin, public} sets of fully qualified tool names. Throws on the
+ *  first malformed manifest — the caller (the manager boot) must exit
+ *  non-zero so the operator sees the gap. */
+export declare function loadToolSurface(pluginsRoot: string): ToolSurface;
+export {};
+//# sourceMappingURL=tool-surface.d.ts.map

package/payload/platform/services/claude-session-manager/dist/tool-surface.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-surface.d.ts","sourceRoot":"","sources":["../src/tool-surface.ts"],"names":[],"mappings":"AAuBA,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,WAAW,CAAC,MAAM,CAAC,CAAA;IAC1B,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,CAAA;CAC5B;AAED,qBAAa,gBAAiB,SAAQ,KAAK;aACb,MAAM,EAAE,MAAM;aAAkB,MAAM,EAAE,MAAM;gBAA9C,MAAM,EAAE,MAAM,EAAkB,MAAM,EAAE,MAAM;CAI3E;AAED,UAAU,SAAS;IACjB,IAAI,EAAE,MAAM,CAAA;IACZ,eAAe,EAAE,OAAO,CAAA;CACzB;AAYD;;;oCAGoC;AACpC,wBAAgB,eAAe,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,SAAS,EAAE,CAsEnF;AAED;;;6CAG6C;AAC7C,wBAAgB,eAAe,CAAC,WAAW,EAAE,MAAM,GAAG,WAAW,CA0BhE"}

package/payload/platform/services/claude-session-manager/dist/tool-surface.js

@@ -0,0 +1,149 @@
+// Tool-surface resolver — Task 005.
+//
+// Loaded once at manager boot from a directory walk of every
+// platform/plugins/<name>/PLUGIN.md. The frontmatter of each PLUGIN.md
+// declares a list of tools; every tool entry must specify both `name` and
+// `publicAllowlist: <bool>`. The resolver produces two sets of fully
+// qualified tool names (`mcp__<plugin-dir>__<tool>`):
+//
+//   - admin:  every tool, every plugin.
+//   - public: subset where publicAllowlist === true.
+//
+// A tool missing the publicAllowlist field is a refusal-to-boot condition,
+// not a silent default. The decision belongs at the tool's declaration
+// site; defaulting either way hides the question from the writer.
+//
+// The parser uses a hand-rolled YAML-ish walker over the frontmatter block
+// — there is no js-yaml dependency in this service today and the schema
+// is intentionally narrow (a sequence of `- name: <s>` + `publicAllowlist:
+// <bool>` pairs). Anything outside that shape is rejected loudly.
+import { readFileSync, readdirSync, statSync, existsSync } from 'node:fs';
+import { join } from 'node:path';
+export class ToolSurfaceError extends Error {
+    reason;
+    detail;
+    constructor(reason, detail) {
+        super(`${reason}: ${detail}`);
+        this.reason = reason;
+        this.detail = detail;
+        this.name = 'ToolSurfaceError';
+    }
+}
+const FRONTMATTER_RE = /^---\r?\n([\s\S]*?)\r?\n---/;
+function extractFrontmatter(raw, pluginDir) {
+    const m = raw.match(FRONTMATTER_RE);
+    if (!m) {
+        throw new ToolSurfaceError('frontmatter-missing', `${pluginDir}/PLUGIN.md has no '---' delimited frontmatter`);
+    }
+    return m[1];
+}
+/** Parse the tools: block out of a PLUGIN.md frontmatter body. Returns an
+ *  empty array when the frontmatter has no tools: key or declares `tools: []`.
+ *  Throws ToolSurfaceError on any malformed entry (missing name, missing or
+ *  non-boolean publicAllowlist). */
+export function parseToolsBlock(frontmatter, pluginDir) {
+    const lines = frontmatter.split(/\r?\n/);
+    let i = 0;
+    while (i < lines.length) {
+        const line = lines[i];
+        // Skip blank lines and other top-level keys until we hit `tools:`.
+        if (/^tools:\s*\[\s*\]\s*$/.test(line))
+            return [];
+        if (/^tools:\s*$/.test(line)) {
+            i++;
+            break;
+        }
+        i++;
+    }
+    if (i >= lines.length)
+        return [];
+    const out = [];
+    let current = null;
+    const flush = () => {
+        if (!current)
+            return;
+        if (typeof current.name !== 'string' || current.name.length === 0) {
+            throw new ToolSurfaceError('tool-name-missing', `${pluginDir}/PLUGIN.md has a tool entry with no name`);
+        }
+        if (typeof current.publicAllowlist !== 'boolean') {
+            if (current.publicAllowlist === undefined) {
+                throw new ToolSurfaceError('public-allowlist-missing', `${pluginDir}/${current.name} — every tool must declare publicAllowlist: <true|false>`);
+            }
+            throw new ToolSurfaceError('public-allowlist-not-boolean', `${pluginDir}/${current.name} — publicAllowlist must be a YAML boolean (true|false), got ${JSON.stringify(current.publicAllowlist)}`);
+        }
+        out.push(current);
+        current = null;
+    };
+    for (; i < lines.length; i++) {
+        const line = lines[i];
+        if (line.length === 0)
+            continue;
+        // A top-level key (no leading space) ends the tools block.
+        if (/^[A-Za-z_]/.test(line))
+            break;
+        const newEntry = line.match(/^\s+-\s+name:\s*(.+?)\s*$/);
+        if (newEntry) {
+            flush();
+            current = { name: newEntry[1] };
+            continue;
+        }
+        // A list item that does NOT lead with `name:` is malformed — the entry
+        // has no name field. Surface it loudly rather than silently ignoring.
+        const orphanListItem = line.match(/^\s+-\s+(?!name:)/);
+        if (orphanListItem) {
+            throw new ToolSurfaceError('tool-name-missing', `${pluginDir}/PLUGIN.md tool entry lacks a name field`);
+        }
+        const allowlist = line.match(/^\s+publicAllowlist:\s*(.+?)\s*$/);
+        if (allowlist && current) {
+            const v = allowlist[1].trim();
+            if (v === 'true')
+                current.publicAllowlist = true;
+            else if (v === 'false')
+                current.publicAllowlist = false;
+            else
+                current.publicAllowlist = v;
+            continue;
+        }
+        // Other per-entry fields (e.g. nested name on its own line, or unknown
+        // keys we don't care about) are ignored — only name and publicAllowlist
+        // affect the resolver.
+    }
+    flush();
+    return out;
+}
+/** Walk a plugins root directory, parse every <name>/PLUGIN.md, and return
+ *  the {admin, public} sets of fully qualified tool names. Throws on the
+ *  first malformed manifest — the caller (the manager boot) must exit
+ *  non-zero so the operator sees the gap. */
+export function loadToolSurface(pluginsRoot) {
+    if (!existsSync(pluginsRoot)) {
+        throw new ToolSurfaceError('plugins-root-missing', pluginsRoot);
+    }
+    const admin = new Set();
+    const pub = new Set();
+    const entries = readdirSync(pluginsRoot).sort();
+    for (const plugin of entries) {
+        const pluginDir = join(pluginsRoot, plugin);
+        try {
+            if (!statSync(pluginDir).isDirectory())
+                continue;
+        }
+        catch {
+            continue;
+        }
+        const manifestPath = join(pluginDir, 'PLUGIN.md');
+        if (!existsSync(manifestPath))
+            continue;
+        const raw = readFileSync(manifestPath, 'utf-8');
+        const frontmatter = extractFrontmatter(raw, plugin);
+        const tools = parseToolsBlock(frontmatter, plugin);
+        for (const t of tools) {
+            const qualified = `mcp__${plugin}__${t.name}`;
+            admin.add(qualified);
+            if (t.publicAllowlist)
+                pub.add(qualified);
+        }
+    }
+    return { admin, public: pub };
+}
+//# sourceMappingURL=tool-surface.js.map

package/payload/platform/services/claude-session-manager/dist/tool-surface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-surface.js","sourceRoot":"","sources":["../src/tool-surface.ts"],"names":[],"mappings":"AAAA,oCAAoC;AACpC,EAAE;AACF,6DAA6D;AAC7D,uEAAuE;AACvE,0EAA0E;AAC1E,qEAAqE;AACrE,sDAAsD;AACtD,EAAE;AACF,wCAAwC;AACxC,qDAAqD;AACrD,EAAE;AACF,2EAA2E;AAC3E,uEAAuE;AACvE,kEAAkE;AAClE,EAAE;AACF,2EAA2E;AAC3E,wEAAwE;AACxE,2EAA2E;AAC3E,kEAAkE;AAElE,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AACzE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAOhC,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IACb;IAAgC;IAA5D,YAA4B,MAAc,EAAkB,MAAc;QACxE,KAAK,CAAC,GAAG,MAAM,KAAK,MAAM,EAAE,CAAC,CAAA;QADH,WAAM,GAAN,MAAM,CAAQ;QAAkB,WAAM,GAAN,MAAM,CAAQ;QAExE,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAA;IAChC,CAAC;CACF;AAOD,MAAM,cAAc,GAAG,6BAA6B,CAAA;AAEpD,SAAS,kBAAkB,CAAC,GAAW,EAAE,SAAiB;IACxD,MAAM,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,cAAc,CAAC,CAAA;IACnC,IAAI,CAAC,CAAC,EAAE,CAAC;QACP,MAAM,IAAI,gBAAgB,CAAC,qBAAqB,EAAE,GAAG,SAAS,+CAA+C,CAAC,CAAA;IAChH,CAAC;IACD,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;AACb,CAAC;AAED;;;oCAGoC;AACpC,MAAM,UAAU,eAAe,CAAC,WAAmB,EAAE,SAAiB;IACpE,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;IACxC,IAAI,CAAC,GAAG,CAAC,CAAA;IACT,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;QACxB,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACrB,mEAAmE;QACnE,IAAI,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO,EAAE,CAAA;QACjD,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,CAAC,EAAE,CAAA;YACH,MAAK;QACP,CAAC;QACD,CAAC,EAAE,CAAA;IACL,CAAC;IACD,IAAI,CAAC,IAAI,KAAK,CAAC,MAAM;QAAE,OAAO,EAAE,CAAA;IAEhC,MAAM,GAAG,GAAgB,EAAE,CAAA;IAC3B,IAAI,OAAO,GAA8B,IAAI,CAAA;IAC7C,MAAM,KAAK,GAAG,GAAS,EAAE;QACvB,IAAI,CAAC,OAAO;YAAE,OAAM;QACpB,IAAI,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClE,MAAM,IAAI,gBAAgB,CAAC,mBAAmB,EAAE,GAAG,SAAS,0CAA0C,CAAC,CAAA;QACzG,CAAC;QACD,IAAI,OAAO,OAAO,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;YACjD,IAAI,OAAO,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;gBAC1C,MAAM,IAAI,gBAAgB,CACxB,0BAA0B,EAC1B,GAAG,SAAS,IAAI,OAAO,CAAC,IAAI,0DAA0D,CACvF,CAAA;YACH,CAAC;YACD,MAAM,IAAI,gBAAgB,CACxB,8BAA8B,EAC9B,GAAG,SAAS,IAAI,OAAO,CAAC,IAAI,+DAA+D,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CACrI,CAAA;QACH,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,OAAoB,CAAC,CAAA;QAC9B,OAAO,GAAG,IAAI,CAAA;IAChB,CAAC,CAAA;IAED,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACrB,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,SAAQ;QAC/B,2DAA2D;QAC3D,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,MAAK;QAElC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAA;QACxD,IAAI,QAAQ,EAAE,CAAC;YACb,KAAK,EAAE,CAAA;YACP,OAAO,GAAG,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAA;YAC/B,SAAQ;QACV,CAAC;QACD,uEAAuE;QACvE,sEAAsE;QACtE,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;QACtD,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,IAAI,gBAAgB,CAAC,mBAAmB,EAAE,GAAG,SAAS,0CAA0C,CAAC,CAAA;QACzG,CAAC;QACD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAA;QAChE,IAAI,SAAS,IAAI,OAAO,EAAE,CAAC;YACzB,MAAM,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;YAC7B,IAAI,CAAC,KAAK,MAAM;gBAAE,OAAO,CAAC,eAAe,GAAG,IAAI,CAAA;iBAC3C,IAAI,CAAC,KAAK,OAAO;gBAAE,OAAO,CAAC,eAAe,GAAG,KAAK,CAAA;;gBAClD,OAAO,CAAC,eAAe,GAAG,CAAuB,CAAA;YACtD,SAAQ;QACV,CAAC;QACD,uEAAuE;QACvE,wEAAwE;QACxE,uBAAuB;IACzB,CAAC;IACD,KAAK,EAAE,CAAA;IACP,OAAO,GAAG,CAAA;AACZ,CAAC;AAED;;;6CAG6C;AAC7C,MAAM,UAAU,eAAe,CAAC,WAAmB;IACjD,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,gBAAgB,CAAC,sBAAsB,EAAE,WAAW,CAAC,CAAA;IACjE,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAA;IAC/B,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAA;IAC7B,MAAM,OAAO,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC,IAAI,EAAE,CAAA;IAC/C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,CAAA;QAC3C,IAAI,CAAC;YACH,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;gBAAE,SAAQ;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,SAAQ;QACV,CAAC;QACD,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAA;QACjD,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC;YAAE,SAAQ;QACvC,MAAM,GAAG,GAAG,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAA;QAC/C,MAAM,WAAW,GAAG,kBAAkB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;QACnD,MAAM,KAAK,GAAG,eAAe,CAAC,WAAW,EAAE,MAAM,CAAC,CAAA;QAClD,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,MAAM,SAAS,GAAG,QAAQ,MAAM,KAAK,CAAC,CAAC,IAAI,EAAE,CAAA;YAC7C,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;YACpB,IAAI,CAAC,CAAC,eAAe;gBAAE,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QAC3C,CAAC;IACH,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,CAAA;AAC/B,CAAC"}