@runtypelabs/cli 2.22.9 → 2.22.10

package/dist/index.js

@@ -16692,7 +16692,8 @@ var AGENT_CONTENT_CONFIG_KEYS = {
   artifacts: true,
   loggingPolicy: true,
   temporal: true,
-  memory: true
+  memory: true,
+  sandbox: true
 };
 var AGENT_CONTENT_CONFIG_KEY_LIST = Object.keys(AGENT_CONTENT_CONFIG_KEYS).sort();
 var configurationStatusSchema = external_exports.enum([
@@ -20163,6 +20164,15 @@ function collectCodeModeToolNameCheck(toolsConfig, stepIndex, stepRef, pendingCh
 }
 var SINGLE_BRACE_VARIABLE_PATTERN = /(?<!\{)\{([a-zA-Z_][a-zA-Z0-9_.]*)\}(?!\})/g;
 var DOUBLE_BRACE_VARIABLE_PATTERN = TEMPLATE_EXPRESSION_PATTERN;
+var STRING_LITERAL_OPERAND = /(?:'[^']*'|"[^"]*"|`[^`]*`)/.source;
+var EQUALITY_OPERATOR = /(?:===|!==|==|!=)/.source;
+var UNQUOTED_TEMPLATE = /(?<!['"`])\{\{[^{}]+\}\}(?!['"`])/.source;
+var UNQUOTED_TEMPLATE_BEFORE_OP = new RegExp(
+  `${UNQUOTED_TEMPLATE}\\s*${EQUALITY_OPERATOR}\\s*${STRING_LITERAL_OPERAND}`
+);
+var UNQUOTED_TEMPLATE_AFTER_OP = new RegExp(
+  `${STRING_LITERAL_OPERAND}\\s*${EQUALITY_OPERATOR}\\s*${UNQUOTED_TEMPLATE}`
+);
 var TEMPLATE_STRING_FIELDS = /* @__PURE__ */ new Set([
   "text",
   "userPrompt",
@@ -20393,6 +20403,82 @@ function validateUpsertRecordSourceShape(flowSteps, buckets) {
     }
   }
 }
+function checkConditionExpression(expr, path18, stepRef, buckets) {
+  if (typeof expr !== "string" || !expr.includes("{{")) return;
+  const match = UNQUOTED_TEMPLATE_BEFORE_OP.exec(expr) || UNQUOTED_TEMPLATE_AFTER_OP.exec(expr);
+  if (!match) return;
+  const snippet = match[0].trim();
+  addIssue(
+    "warning",
+    {
+      code: "CONDITION_UNQUOTED_TEMPLATE_COMPARISON",
+      message: `Expression compares an unquoted {{...}} placeholder against a string literal (\`${snippet}\`). \`condition\` / \`when\` predicates are JavaScript evaluated after template substitution, so a non-numeric value substitutes in as a bare identifier (e.g. \`healthy === 'watch'\`) and throws "ReferenceError: <value> is not defined" at runtime. Quote the placeholder \u2014 e.g. '{{var}}' === '...' \u2014 or compare numerically.`,
+      path: path18,
+      step: stepRef,
+      details: { snippet }
+    },
+    buckets
+  );
+}
+var CONDITIONAL_BRANCH_STEP_KEYS = [
+  "trueSteps",
+  "falseSteps",
+  "true_steps",
+  "false_steps",
+  "otherwiseSteps"
+];
+function walkStepConditionExpressions(node, basePath, stepRef, buckets, depth) {
+  if (!isObjectRecord(node)) return;
+  if (node.enabled === false) return;
+  checkConditionExpression(node.when, `${basePath}.when`, stepRef, buckets);
+  if (node.type !== "conditional" || !isObjectRecord(node.config)) return;
+  const config3 = node.config;
+  checkConditionExpression(config3.condition, `${basePath}.config.condition`, stepRef, buckets);
+  if (depth >= MAX_CONDITIONAL_NESTING_DEPTH) return;
+  if (Array.isArray(config3.branches)) {
+    config3.branches.forEach((branch, branchIndex) => {
+      if (!isObjectRecord(branch)) return;
+      checkConditionExpression(
+        branch.condition,
+        `${basePath}.config.branches[${branchIndex}].condition`,
+        stepRef,
+        buckets
+      );
+      if (Array.isArray(branch.steps)) {
+        branch.steps.forEach(
+          (nested, nestedIndex) => walkStepConditionExpressions(
+            nested,
+            `${basePath}.config.branches[${branchIndex}].steps[${nestedIndex}]`,
+            stepRef,
+            buckets,
+            depth + 1
+          )
+        );
+      }
+    });
+  }
+  for (const key of CONDITIONAL_BRANCH_STEP_KEYS) {
+    const arr = config3[key];
+    if (!Array.isArray(arr)) continue;
+    arr.forEach(
+      (nested, nestedIndex) => walkStepConditionExpressions(
+        nested,
+        `${basePath}.config.${key}[${nestedIndex}]`,
+        stepRef,
+        buckets,
+        depth + 1
+      )
+    );
+  }
+}
+function validateConditionExpressions(flowSteps, buckets, conditionalStepsExceedingDepth) {
+  for (const [stepIndex, step] of flowSteps.entries()) {
+    if (step.enabled === false) continue;
+    if (conditionalStepsExceedingDepth.has(stepIndex)) continue;
+    const stepRef = { index: stepIndex, name: step.name, type: step.type };
+    walkStepConditionExpressions(step, `flowSteps[${stepIndex}]`, stepRef, buckets, 1);
+  }
+}
 function collectAccountScopedReferences(step, stepIndex, pendingChecks) {
   const stepRef = {
     index: stepIndex,
@@ -20974,6 +21060,7 @@ function collectFlowStructureIssues(flowData, deps, buckets) {
     deps.declaredFlowInputs
   );
   validateUpsertRecordSourceShape(flowData.flowSteps, buckets);
+  validateConditionExpressions(flowData.flowSteps, buckets, conditionalStepsExceedingDepth);
   return { pendingChecks };
 }
 function validateFlowStructure(flowData, deps = {}) {
@@ -32553,6 +32640,7 @@ var BuiltInToolGroup = {
   UCP_COMMERCE: "ucp_commerce",
   SANDBOX_USE: "sandbox_use",
   SANDBOX_SESSION: "sandbox_session",
+  SANDBOX_AGENT: "sandbox_agent",
   TEMPORAL: "temporal"
 };
 var BROWSER_RUN_DOCUMENTATION_URL = "https://developers.cloudflare.com/browser-run/quick-actions/";
@@ -35651,6 +35739,150 @@ var CORE_BUILTIN_TOOLS_REGISTRY = [
     requiresApiKey: false,
     platformKeySupport: true
   },
+  // -----------------------------------------------------------------------
+  // Agent Sandbox tools — the implicit-computer surface.
+  //
+  // Injected (not catalog-selected) when an agent has `config.sandbox.enabled`,
+  // so they are `hidden` from tool discovery. The agent believes it is already
+  // inside a Linux machine: it runs `bash`, reads/edits files, and exposes
+  // ports — it never provisions, names, or tears down infrastructure. The
+  // machine is created lazily on the first call. See ADR 0010 and
+  // `.planning/agent-sandbox-bash/PLAN.md`.
+  // -----------------------------------------------------------------------
+  {
+    id: "bash",
+    name: "Bash",
+    description: "Run a shell command on your Linux computer (Node 22, Python 3.12, git, pnpm, uv preinstalled). Commands run in /workspace; files you write there stay available to later commands while you work on this task, but system-level changes outside /workspace may not. Combined stdout/stderr is returned. Long output is truncated (head + tail) with the full output spilled to a file. Pass slow_ok=true for commands that take a while (installs, builds, test suites).",
+    category: BuiltInToolCategory.SANDBOX,
+    toolGroup: BuiltInToolGroup.SANDBOX_AGENT,
+    providers: [BuiltInToolProvider.MULTI],
+    parametersSchema: {
+      type: "object",
+      properties: {
+        command: {
+          type: "string",
+          description: "Shell command to execute (runs in bash, cwd is /workspace).",
+          minLength: 1
+        },
+        slow_ok: {
+          type: "boolean",
+          description: "Allow a longer timeout for commands expected to take a while (installs, builds, tests). Defaults to false (short timeout)."
+        }
+      },
+      required: ["command"]
+    },
+    executionHint: "platform",
+    requiresApiKey: false,
+    platformKeySupport: true,
+    hidden: true
+  },
+  {
+    id: "read_file",
+    name: "Read File",
+    description: "Read a file from your computer. Returns the file contents as a string.",
+    category: BuiltInToolCategory.SANDBOX,
+    toolGroup: BuiltInToolGroup.SANDBOX_AGENT,
+    providers: [BuiltInToolProvider.MULTI],
+    parametersSchema: {
+      type: "object",
+      properties: {
+        path: {
+          type: "string",
+          description: "File path to read (relative paths resolve against /workspace).",
+          minLength: 1
+        }
+      },
+      required: ["path"]
+    },
+    executionHint: "platform",
+    requiresApiKey: false,
+    platformKeySupport: true,
+    hidden: true
+  },
+  {
+    id: "write_file",
+    name: "Write File",
+    description: "Write a file on your computer, creating parent directories as needed. Overwrites any existing file at the path. More reliable than shell heredocs for multi-line content.",
+    category: BuiltInToolCategory.SANDBOX,
+    toolGroup: BuiltInToolGroup.SANDBOX_AGENT,
+    providers: [BuiltInToolProvider.MULTI],
+    parametersSchema: {
+      type: "object",
+      properties: {
+        path: {
+          type: "string",
+          description: "File path to write (relative paths resolve against /workspace).",
+          minLength: 1
+        },
+        contents: {
+          type: "string",
+          description: "Full file contents to write."
+        }
+      },
+      required: ["path", "contents"]
+    },
+    executionHint: "platform",
+    requiresApiKey: false,
+    platformKeySupport: true,
+    hidden: true
+  },
+  {
+    id: "edit_file",
+    name: "Edit File",
+    description: 'Replace an exact substring in a file with new text. The "old" text must appear exactly once in the file. Use this for surgical edits instead of rewriting the whole file.',
+    category: BuiltInToolCategory.SANDBOX,
+    toolGroup: BuiltInToolGroup.SANDBOX_AGENT,
+    providers: [BuiltInToolProvider.MULTI],
+    parametersSchema: {
+      type: "object",
+      properties: {
+        path: {
+          type: "string",
+          description: "File path to edit (relative paths resolve against /workspace).",
+          minLength: 1
+        },
+        old: {
+          type: "string",
+          description: "The exact text to find. Must occur exactly once in the file."
+        },
+        new: {
+          type: "string",
+          description: "The replacement text."
+        }
+      },
+      required: ["path", "old", "new"]
+    },
+    executionHint: "platform",
+    requiresApiKey: false,
+    platformKeySupport: true,
+    hidden: true
+  },
+  {
+    id: "expose_port",
+    name: "Expose Port",
+    description: 'Get a public preview URL for a server you started on your computer. Start the server first (e.g. bash("node server.js &")), then expose its port.',
+    category: BuiltInToolCategory.SANDBOX,
+    toolGroup: BuiltInToolGroup.SANDBOX_AGENT,
+    providers: [BuiltInToolProvider.MULTI],
+    parametersSchema: {
+      type: "object",
+      properties: {
+        port: {
+          type: "number",
+          description: "Port your server listens on (must not be 3000, which is reserved)."
+        },
+        name: {
+          type: "string",
+          description: "Optional label for the preview URL."
+        }
+      },
+      required: ["port"]
+    },
+    executionHint: "platform",
+    requiresApiKey: false,
+    platformKeySupport: true,
+    hidden: true
+  },
   // Send email via Resend. Mirrors the send-email context step so agents can
   // dispatch transactional email without wrapping it in a flow.
   {
@@ -39979,6 +40211,25 @@ var memoryConfigSchema = external_exports.object({
   // Resolved via `shouldInjectMemorySummary` so the default lives in one place.
   injectSummary: external_exports.boolean().optional()
 });
+var sandboxNetworkAccessSchema = external_exports.union([
+  external_exports.enum(["none", "essentials"]),
+  external_exports.object({
+    profile: external_exports.enum(["none", "essentials"]).optional(),
+    allow: external_exports.array(external_exports.string()).optional()
+  })
+]);
+var sandboxConfigSchema = external_exports.object({
+  enabled: external_exports.boolean(),
+  provider: external_exports.enum(["runtype-sandbox", "daytona"]).optional(),
+  persistence: external_exports.enum(["ephemeral", "conversation", "named"]).optional(),
+  instanceType: external_exports.enum(["standard-1", "standard-2", "standard-3", "standard-4"]).optional(),
+  networkAccess: sandboxNetworkAccessSchema.optional(),
+  ttl: external_exports.enum(["5m", "1h", "24h", "unlimited"]).optional(),
+  sleepAfter: external_exports.enum(["5m", "15m", "30m", "1h"]).optional(),
+  // Opt-in approval gate on `bash`. Default false; wiring lands in Phase 3. The
+  // approval decision is on tool name + params only — never the agent's reason.
+  requireApprovalForBash: external_exports.boolean().optional()
+});
 var agentRuntimeConfigSchema = external_exports.object({
   model: external_exports.string().optional(),
   systemPrompt: external_exports.string().optional(),
@@ -40117,7 +40368,12 @@ var agentRuntimeConfigSchema = external_exports.object({
   // `memoryConfigSchema` (below) and reused by the update-agent, dispatch
   // inline-agent, and FPO agent schemas so the four surfaces never drift —
   // mirroring how `temporalConfigSchema` is shared.
-  memory: memoryConfigSchema.optional()
+  memory: memoryConfigSchema.optional(),
+  // Agent Sandbox (Linux computer). When enabled, the agent gets the sandbox
+  // builtin tools + system-prompt frame at dispatch. Single-sourced as
+  // `sandboxConfigSchema` (above), mirroring `memory`. The live machine is agent
+  // state; this block is the operator Definition that enables it.
+  sandbox: sandboxConfigSchema.optional()
 });
 function extractSecretReferences(template) {
   const keys = /* @__PURE__ */ new Set();
@@ -43348,7 +43604,12 @@ var AgentInputSchema = external_exports.object({
     model: external_exports.string(),
     systemPrompt: external_exports.string().optional()
   }).optional().nullable(),
-  memory: memoryConfigSchema.optional()
+  memory: memoryConfigSchema.optional(),
+  // Agent Sandbox (Linux computer). When enabled (and the enable-agent-sandbox
+  // flag is on), dispatch injects the sandbox builtin tools + system-prompt
+  // frame — mirroring the saved-agent execute route so the two hosted-agent
+  // entry points stay in lockstep.
+  sandbox: sandboxConfigSchema.optional()
 }).superRefine((val, ctx) => {
   if (val.agentType !== "claude_managed") {
     if (!val.name) {
@@ -64624,8 +64885,8 @@ import { execFileSync } from "child_process";
 // src/lib/persona-init.ts
 init_credential_store();
 
-// ../../node_modules/.pnpm/@runtypelabs+persona@3.37.0/node_modules/@runtypelabs/persona/dist/codegen.js
-var S = "3.37.0";
+// ../../node_modules/.pnpm/@runtypelabs+persona@4.0.0/node_modules/@runtypelabs/persona/dist/codegen.js
+var S = "4.0.0";
 var c = S;
 function u(e) {
   if (e !== void 0) return typeof e == "string" ? e : Array.isArray(e) ? `[${e.map((r) => r.toString()).join(", ")}]` : e.toString();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@runtypelabs/cli",
-  "version": "2.22.9",
+  "version": "2.22.10",
   "description": "Command-line interface for Runtype AI platform",
   "type": "module",
   "main": "dist/index.js",
@@ -24,11 +24,11 @@
     "rosie-skills": "0.8.1",
     "yaml": "^2.9.0",
     "@runtypelabs/ink-components": "0.3.2",
-    "@runtypelabs/terminal-animations": "0.2.1",
-    "@runtypelabs/sdk": "5.2.1"
+    "@runtypelabs/sdk": "5.2.2",
+    "@runtypelabs/terminal-animations": "0.2.1"
   },
   "devDependencies": {
-    "@runtypelabs/persona": "3.37.0",
+    "@runtypelabs/persona": "4.0.0",
     "@types/express": "^5.0.6",
     "@types/micromatch": "^4.0.9",
     "@types/node": "^25.3.3",
@@ -39,7 +39,7 @@
     "tsx": "^4.7.1",
     "typescript": "^5.3.3",
     "vitest": "^4.1.0",
-    "@runtypelabs/shared": "1.39.0"
+    "@runtypelabs/shared": "1.40.0"
   },
   "engines": {
     "node": ">=22.0.0"