@shadowob/cloud 1.1.7 → 1.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (198) hide show
  1. package/README.md +159 -11
  2. package/dist/{agent-browser-CERTMCDL.js → agent-browser-EI7FIK3X.js} +3 -3
  3. package/dist/{agent-browser-CIRZRIY4.js → agent-browser-YXE4ES6Q.js} +3 -3
  4. package/dist/{agent-pack-LF3O5TR4.js → agent-pack-35TFCZKP.js} +1 -1
  5. package/dist/{agent-pack-RQT27V7R.js → agent-pack-UOG6ZAUL.js} +1 -1
  6. package/dist/agentmemory-KP5O7GHB.js +101 -0
  7. package/dist/agentmemory-UV74POU5.js +100 -0
  8. package/dist/{airtable-BG2Q75G2.js → airtable-CXXS3YUN.js} +3 -3
  9. package/dist/{airtable-JCQXFM5D.js → airtable-YZ5JR5JC.js} +3 -3
  10. package/dist/{alipay-TZQI34RB.js → alipay-WED5P3XC.js} +3 -3
  11. package/dist/{alipay-MZX2XCDB.js → alipay-WJTVREMG.js} +3 -3
  12. package/dist/{amap-KPCLZYYL.js → amap-AIN23TQ7.js} +3 -3
  13. package/dist/{amap-5RQB3VGC.js → amap-F6GF7QKB.js} +3 -3
  14. package/dist/{atlassian-LGOEWYC7.js → atlassian-G6PM6UVM.js} +3 -3
  15. package/dist/{atlassian-TVS2A4IU.js → atlassian-IDR2NPJC.js} +3 -3
  16. package/dist/{baidu-appbuilder-QRRL3ETM.js → baidu-appbuilder-JKQIA5TG.js} +3 -3
  17. package/dist/{baidu-appbuilder-6UMESXHW.js → baidu-appbuilder-KVMCIFYH.js} +3 -3
  18. package/dist/{baidu-maps-HEPMVP5D.js → baidu-maps-GWMXV6YT.js} +3 -3
  19. package/dist/{baidu-maps-HXC4FBVP.js → baidu-maps-ZXGT6QZM.js} +3 -3
  20. package/dist/{baidu-netdisk-G5Q6B5NH.js → baidu-netdisk-J5SLQVWW.js} +3 -3
  21. package/dist/{baidu-netdisk-RS2K5W2M.js → baidu-netdisk-PONM3DY6.js} +3 -3
  22. package/dist/{baidu-smartprogram-JHD3XWF6.js → baidu-smartprogram-WJ5JMO6V.js} +3 -3
  23. package/dist/{baidu-smartprogram-EWTK5WKK.js → baidu-smartprogram-Y5WBR7RX.js} +3 -3
  24. package/dist/{browserbase-IUIYVYI7.js → browserbase-CGVQHRC4.js} +3 -3
  25. package/dist/{browserbase-JFO2PCIA.js → browserbase-PVWYTEZC.js} +3 -3
  26. package/dist/{canva-3YOFL7JS.js → canva-COCBQAT2.js} +3 -3
  27. package/dist/{canva-FMYN65SM.js → canva-RSTJSEX5.js} +3 -3
  28. package/dist/{chunk-35LJYCQF.js → chunk-3CT6RQNM.js} +745 -482
  29. package/dist/{chunk-KODMGZUC.js → chunk-4YO3NA26.js} +1 -1
  30. package/dist/{chunk-RECNVWMT.js → chunk-6V7MW4HU.js} +17 -3
  31. package/dist/{chunk-C6OI4ZNO.js → chunk-EVV774KS.js} +1 -1
  32. package/dist/{chunk-SVMXSIMG.js → chunk-F6CQ6GAG.js} +2 -1
  33. package/dist/{chunk-JUPAE5IA.js → chunk-OL5VH6RN.js} +72 -69
  34. package/dist/{chunk-POSVEKIY.js → chunk-OYY64ZSX.js} +17 -3
  35. package/dist/{chunk-ZHVYNIHA.js → chunk-P5Y6F2NH.js} +745 -482
  36. package/dist/{chunk-EEFMJYKB.js → chunk-PSK2SYZ3.js} +2 -1
  37. package/dist/{chunk-6YAYCWGK.js → chunk-PYJRFKPN.js} +1 -1
  38. package/dist/{chunk-JY2HTT7Q.js → chunk-RMDY3W4V.js} +6 -0
  39. package/dist/{chunk-EWB7L7IW.js → chunk-X2SREECR.js} +6 -6
  40. package/dist/{chunk-LXJBQBGL.js → chunk-X5VOIA72.js} +6 -6
  41. package/dist/{chunk-CTNUKOQE.js → chunk-Y5BJ3EW2.js} +6 -0
  42. package/dist/{chunk-SAP2DBHO.js → chunk-Y6BKVDG7.js} +1 -1
  43. package/dist/{chunk-6P2K6QZR.js → chunk-ZGMWSSCC.js} +72 -69
  44. package/dist/{claude-plugin-577TAQVS.js → claude-plugin-FPN32WMT.js} +1 -1
  45. package/dist/{claude-plugin-L3MXJJ6J.js → claude-plugin-IYHOVTVL.js} +1 -1
  46. package/dist/cli.js +930 -149
  47. package/dist/{cloudflare-RDFPKMM5.js → cloudflare-U3RHJJKK.js} +3 -3
  48. package/dist/{cloudflare-HBBABPK6.js → cloudflare-ZHN7UGPX.js} +3 -3
  49. package/dist/{cnb-FLP3QX46.js → cnb-AMXC5I7D.js} +3 -3
  50. package/dist/{cnb-YAVVEYFB.js → cnb-P3IZ4JTD.js} +3 -3
  51. package/dist/console/index.html +1 -1
  52. package/dist/console/static/css/index.f4563d95.css +1 -0
  53. package/dist/console/static/js/index.020abc71.js +1 -0
  54. package/dist/{coze-E6VGRNLV.js → coze-66RYMKVB.js} +3 -3
  55. package/dist/{coze-C6PMDPBI.js → coze-YE3BINXP.js} +3 -3
  56. package/dist/{dashboard.command-ZMQFKLNQ.js → dashboard.command-BRPZCZER.js} +1 -1
  57. package/dist/{dashboard.command-2AM45SIT.js → dashboard.command-GUHSJ2CN.js} +1 -1
  58. package/dist/{dingtalk-JNRNRN7E.js → dingtalk-4RFQG7N2.js} +3 -3
  59. package/dist/{dingtalk-WZGGIAHJ.js → dingtalk-VNFKXD2P.js} +3 -3
  60. package/dist/{douyin-miniprogram-AIJPPIZH.js → douyin-miniprogram-UEALAGOS.js} +3 -3
  61. package/dist/{douyin-miniprogram-HCYZ5NBW.js → douyin-miniprogram-UNB6UO2I.js} +3 -3
  62. package/dist/{figma-2YYNSCDX.js → figma-A264OWU5.js} +3 -3
  63. package/dist/{figma-RYOBMENP.js → figma-Y4TGSDZP.js} +3 -3
  64. package/dist/{firebase-OYSY6HPT.js → firebase-AI3MAGYG.js} +3 -3
  65. package/dist/{firebase-2IJDDBXX.js → firebase-ZGQARUIH.js} +3 -3
  66. package/dist/{firecrawl-2T3SBUW7.js → firecrawl-2JW7DMTH.js} +3 -3
  67. package/dist/{firecrawl-IYYXLAZM.js → firecrawl-UURQ5P5N.js} +3 -3
  68. package/dist/{flyai-QS5Q6FJR.js → flyai-EJGDMYFA.js} +3 -3
  69. package/dist/{flyai-7FJ4TRAG.js → flyai-ZFMZBBHJ.js} +3 -3
  70. package/dist/{gitagent-MWI75OIX.js → gitagent-5SDBYFNA.js} +1 -1
  71. package/dist/{gitagent-YBMWY7NZ.js → gitagent-ODXPCR4X.js} +1 -1
  72. package/dist/{gitee-3N7OFOM7.js → gitee-5UMJ4BC7.js} +3 -3
  73. package/dist/{gitee-KVNK6KLZ.js → gitee-D6NAZTCO.js} +3 -3
  74. package/dist/{github-LUEC2LID.js → github-JBLDKIA3.js} +3 -3
  75. package/dist/{github-XRO5Z3GC.js → github-PZQAVEZP.js} +3 -3
  76. package/dist/{google-ads-VPKWTX67.js → google-ads-BIFQOJ5M.js} +3 -3
  77. package/dist/{google-ads-A3QAJI4D.js → google-ads-QU3LJE4O.js} +3 -3
  78. package/dist/{google-analytics-C4UR5ZR2.js → google-analytics-7VZ6YZVA.js} +3 -3
  79. package/dist/{google-analytics-XDYZA2B7.js → google-analytics-HXMPCL5V.js} +3 -3
  80. package/dist/{google-workspace-YX35SHHX.js → google-workspace-6SEBJ4VA.js} +2 -2
  81. package/dist/{google-workspace-LL3EWVHH.js → google-workspace-L3AMJLCF.js} +2 -2
  82. package/dist/{huawei-xiaoyi-KPWLTSHB.js → huawei-xiaoyi-C6QIJMPM.js} +3 -3
  83. package/dist/{huawei-xiaoyi-6BSMGJHR.js → huawei-xiaoyi-JGLXWU5P.js} +3 -3
  84. package/dist/{hubspot-FTIEMNZO.js → hubspot-LACJGE6D.js} +3 -3
  85. package/dist/{hubspot-DIUHGEDI.js → hubspot-XWPRO4KZ.js} +3 -3
  86. package/dist/{huggingface-UUXK2RHK.js → huggingface-26QQZK4C.js} +3 -3
  87. package/dist/{huggingface-MJCOXA7E.js → huggingface-CQICNA2R.js} +3 -3
  88. package/dist/index.d.ts +1338 -1
  89. package/dist/index.js +1364 -226
  90. package/dist/{inference-ai-image-generation-PXV6IG4U.js → inference-ai-image-generation-5KYIUWT6.js} +3 -3
  91. package/dist/{inference-ai-image-generation-CMI6R5T3.js → inference-ai-image-generation-J2NYDCLZ.js} +3 -3
  92. package/dist/{inference-sh-7AZOLEFI.js → inference-sh-5SWQTK73.js} +3 -3
  93. package/dist/{inference-sh-ABQOD3YF.js → inference-sh-PTQF6T3R.js} +3 -3
  94. package/dist/{init.command-YVG4X6II.js → init.command-C7UKPK2Y.js} +3 -3
  95. package/dist/{init.command-JKE3SXAS.js → init.command-UNL66BMR.js} +3 -3
  96. package/dist/{klaviyo-LDPBWBSS.js → klaviyo-4UNPMBFT.js} +3 -3
  97. package/dist/{klaviyo-6K5YEFNH.js → klaviyo-SLYNEULT.js} +3 -3
  98. package/dist/{kuaidi100-HGFM5VK2.js → kuaidi100-HZKV5AIS.js} +3 -3
  99. package/dist/{kuaidi100-UHPFCVXP.js → kuaidi100-ZQUW7GHH.js} +3 -3
  100. package/dist/lark-HQUZNHDI.js +382 -0
  101. package/dist/lark-PAV7XWJS.js +381 -0
  102. package/dist/{linear-T4ORUP7N.js → linear-PYGQ5SLK.js} +3 -3
  103. package/dist/{linear-7QFSFPOD.js → linear-VJLYNTUF.js} +3 -3
  104. package/dist/{lovart-PDUXRUHJ.js → lovart-KC6SVNAJ.js} +3 -3
  105. package/dist/{lovart-QO3SK55T.js → lovart-WVKY4RR4.js} +3 -3
  106. package/dist/{meta-ads-SCNFI45S.js → meta-ads-E6XT33GI.js} +3 -3
  107. package/dist/{meta-ads-V6XPZWX3.js → meta-ads-RJ6DWRYN.js} +3 -3
  108. package/dist/{miclaw-TPPPS2WN.js → miclaw-4BA3A2YN.js} +3 -3
  109. package/dist/{miclaw-5CNTW7VV.js → miclaw-LUV6DCHX.js} +3 -3
  110. package/dist/{model-provider-KFB76XV5.js → model-provider-SYXJZ3JD.js} +1 -1
  111. package/dist/{model-provider-AVSFJSZP.js → model-provider-U7NEYA3Y.js} +1 -1
  112. package/dist/nature-skills-G76ABIWZ.js +143 -0
  113. package/dist/nature-skills-SQHMFXKT.js +142 -0
  114. package/dist/{notion-WFA7KGZZ.js → notion-2JZAKOFP.js} +1 -1
  115. package/dist/{notion-FZK76MN2.js → notion-O3NO5TJH.js} +1 -1
  116. package/dist/{oceanengine-3JZUS3PP.js → oceanengine-D23UZGVB.js} +3 -3
  117. package/dist/{oceanengine-5BRIJVJE.js → oceanengine-WDK2OXX5.js} +3 -3
  118. package/dist/{opencli-PFXHGCS2.js → opencli-36P63YNU.js} +3 -3
  119. package/dist/{opencli-VIGRJTGH.js → opencli-SUHDFR33.js} +3 -3
  120. package/dist/{paypal-Z5JYHIWD.js → paypal-K27SUW3B.js} +3 -3
  121. package/dist/{paypal-33UADIPR.js → paypal-OPZ3KOV5.js} +3 -3
  122. package/dist/{playwright-SQAQ3DZG.js → playwright-2ULT3NIC.js} +3 -3
  123. package/dist/{playwright-MG5WHK47.js → playwright-3Q7LBILG.js} +3 -3
  124. package/dist/{plugins-HZBWK3WQ.js → plugins-2MITZ4ZD.js} +2 -2
  125. package/dist/{plugins-I4GD5SZX.js → plugins-UK2QWD6G.js} +2 -2
  126. package/dist/{posthog-MU5MAJOQ.js → posthog-E3EHXLAN.js} +3 -3
  127. package/dist/{posthog-RJRRKDWB.js → posthog-KPJVLGX6.js} +3 -3
  128. package/dist/{salesforce-34FVIJTG.js → salesforce-FGPNG7FB.js} +3 -3
  129. package/dist/{salesforce-3QZ6OFVO.js → salesforce-TVHISKBC.js} +3 -3
  130. package/dist/{sentry-PIWW46VA.js → sentry-BZ3J3MZM.js} +3 -3
  131. package/dist/{sentry-MCIRMACU.js → sentry-XC57YRAJ.js} +3 -3
  132. package/dist/{seo-suite-WJXMA3S4.js → seo-suite-2MDEDLAB.js} +3 -3
  133. package/dist/{seo-suite-4SQ3I67Q.js → seo-suite-U75O3QP6.js} +3 -3
  134. package/dist/{serve.command-XLBJUOV6.js → serve.command-G5RVQFUD.js} +3 -3
  135. package/dist/{serve.command-RD6I6MFD.js → serve.command-PYGDG7K3.js} +3 -3
  136. package/dist/{shadowob-PRSMI5MW.js → shadowob-3QZ7DLDW.js} +158 -31
  137. package/dist/{shadowob-JELOWHWX.js → shadowob-CJLOEKFP.js} +158 -31
  138. package/dist/{sherlock-2PKY2E2Y.js → sherlock-CQFUHKDH.js} +3 -3
  139. package/dist/{sherlock-C5ZWPPVT.js → sherlock-DONK2I6E.js} +3 -3
  140. package/dist/{shopify-GL3NFVGE.js → shopify-NO5GI3WD.js} +3 -3
  141. package/dist/{shopify-R4G3UXM6.js → shopify-VW2KLKH5.js} +3 -3
  142. package/dist/{skill-discovery-YPXXV622.js → skill-discovery-6JEPPKKM.js} +3 -3
  143. package/dist/{skill-discovery-7INAUP4D.js → skill-discovery-PWRAVGIS.js} +3 -3
  144. package/dist/skills/shadowob-cli/SKILL.md +7 -0
  145. package/dist/{stripe-LJNPQ3CQ.js → stripe-HCNCKG4C.js} +1 -1
  146. package/dist/{stripe-C22RR4ZS.js → stripe-IU3KTJ4H.js} +1 -1
  147. package/dist/{supabase-IRNQ54FJ.js → supabase-KRL7JW2D.js} +3 -3
  148. package/dist/{supabase-N4ONFJNQ.js → supabase-TYEBTZNO.js} +3 -3
  149. package/dist/{taobao-aipaas-LRR4GMO3.js → taobao-aipaas-PEUIDOYP.js} +3 -3
  150. package/dist/{taobao-aipaas-RVKORSF4.js → taobao-aipaas-SA5E4MZA.js} +3 -3
  151. package/dist/{tapd-TMQRSMFG.js → tapd-6DDIUPVQ.js} +3 -3
  152. package/dist/{tapd-3JPVJ7XH.js → tapd-OTYLSZGY.js} +3 -3
  153. package/dist/{tencent-ads-UHC6OPBV.js → tencent-ads-OW2TAMH5.js} +3 -3
  154. package/dist/{tencent-ads-IGD33LO7.js → tencent-ads-XTQZ27YT.js} +3 -3
  155. package/dist/{tencent-docs-C3A4J3CJ.js → tencent-docs-6D6A2VCO.js} +3 -3
  156. package/dist/{tencent-docs-O2SC4FHL.js → tencent-docs-K3TMUIWD.js} +3 -3
  157. package/dist/{tencent-maps-OQOKHVW2.js → tencent-maps-IZYWITJZ.js} +3 -3
  158. package/dist/{tencent-maps-HMMWMNF4.js → tencent-maps-SWI7CLQY.js} +3 -3
  159. package/dist/text-to-cad-B2UP6PKA.js +192 -0
  160. package/dist/text-to-cad-I4B6VBFV.js +193 -0
  161. package/dist/{vercel-KOXDDTHX.js → vercel-CCKRC76D.js} +3 -3
  162. package/dist/{vercel-OLNVDWMG.js → vercel-SBGEMIJJ.js} +3 -3
  163. package/dist/{webflow-OMJKZM54.js → webflow-C3EHNNSN.js} +3 -3
  164. package/dist/{webflow-FULU5Q2I.js → webflow-ZFBJH4CR.js} +3 -3
  165. package/dist/{wechat-miniprogram-skyline-KYCDMQNW.js → wechat-miniprogram-skyline-VNCRERHX.js} +3 -3
  166. package/dist/{wechat-miniprogram-skyline-VR4FVIQL.js → wechat-miniprogram-skyline-Z5JQUV5Q.js} +3 -3
  167. package/dist/{wechat-pay-BCMAJ6UW.js → wechat-pay-RPDKPUEB.js} +3 -3
  168. package/dist/{wechat-pay-YQQKXVUI.js → wechat-pay-XVDGJRF2.js} +3 -3
  169. package/dist/{wonda-NGWIORYN.js → wonda-EL2P44S7.js} +3 -3
  170. package/dist/{wonda-RBABXFNM.js → wonda-XK5JK4X3.js} +3 -3
  171. package/dist/{wordpress-woocommerce-RNA5HB3N.js → wordpress-woocommerce-4MEE5A2M.js} +3 -3
  172. package/dist/{wordpress-woocommerce-RDIUTHYT.js → wordpress-woocommerce-6ECNM2QU.js} +3 -3
  173. package/dist/{wps-LUWHMZQQ.js → wps-E4OZEMOF.js} +3 -3
  174. package/dist/{wps-DAEFQHDE.js → wps-JNQUC4JS.js} +3 -3
  175. package/dist/{yuque-HCHTJWNI.js → yuque-GLAAOS7X.js} +3 -3
  176. package/dist/{yuque-KRH5O74J.js → yuque-MEF6VFLJ.js} +3 -3
  177. package/images/RUNNERS.md +15 -0
  178. package/images/cc-connect-runner/entrypoint.mjs +228 -0
  179. package/images/claude-runner/RUNNER.md +5 -3
  180. package/images/codex-runner/RUNNER.md +5 -3
  181. package/images/gemini-runner/RUNNER.md +5 -2
  182. package/images/hermes-runner/RUNNER.md +4 -2
  183. package/images/hermes-runner/entrypoint.mjs +269 -1
  184. package/images/openclaw-runner/Dockerfile +1 -0
  185. package/images/openclaw-runner/RUNNER.md +3 -0
  186. package/images/openclaw-runner/entrypoint.mjs +249 -1
  187. package/images/openclaw-runner/warm-runtime-deps.mjs +1 -3
  188. package/images/opencode-runner/RUNNER.md +5 -3
  189. package/package.json +3 -3
  190. package/templates/agent-marketplace-buddy.template.json +4 -1
  191. package/templates/bmad-method-buddy.template.json +4 -1
  192. package/templates/code-trainer.template.json +331 -0
  193. package/templates/gstack-buddy.template.json +4 -1
  194. package/templates/little-match-girl.template.json +10 -3
  195. package/dist/console/static/css/index.7f91f806.css +0 -1
  196. package/dist/console/static/js/index.4487e1ff.js +0 -1
  197. package/dist/lark-6LNA3LUQ.js +0 -103
  198. package/dist/lark-URVBZNS4.js +0 -102
package/dist/index.d.ts CHANGED
@@ -1010,6 +1010,7 @@ interface SharedWorkspaceConfig {
1010
1010
  accessMode?: 'ReadWriteOnce' | 'ReadWriteMany' | 'ReadOnlyMany';
1011
1011
  }
1012
1012
  type CloudWorkloadBackend = 'agent-sandbox' | 'deployment';
1013
+ type CloudWorkloadBackendPolicy = 'sandbox-required' | 'sandbox-preferred' | 'deployment-only';
1013
1014
  type SandboxBackupDriver = 'volumeSnapshot' | 'restic';
1014
1015
  type SandboxWarmPoolUpdateStrategy = 'OnReplenish' | 'Recreate';
1015
1016
  interface AgentSandboxStateConfig {
@@ -1054,7 +1055,7 @@ interface AgentSandboxWarmPoolConfig {
1054
1055
  updateStrategy?: SandboxWarmPoolUpdateStrategy;
1055
1056
  }
1056
1057
  interface AgentSandboxConfig {
1057
- /** RuntimeClass used by sandbox pods. Defaults to gvisor. */
1058
+ /** RuntimeClass used by sandbox pods. Defaults to gvisor unless a managed cluster injects one. */
1058
1059
  runtimeClassName?: string;
1059
1060
  /** Per-agent OpenClaw state volume config. */
1060
1061
  state?: AgentSandboxStateConfig;
@@ -1065,6 +1066,14 @@ interface AgentSandboxConfig {
1065
1066
  /** Warm pool config. */
1066
1067
  warmPool?: AgentSandboxWarmPoolConfig;
1067
1068
  }
1069
+ interface AgentSchedulingConfig {
1070
+ /** Kubernetes nodeSelector applied to agent pods. */
1071
+ nodeSelector?: Record<string, string>;
1072
+ /** Kubernetes affinity applied to agent pods. */
1073
+ affinity?: Record<string, unknown>;
1074
+ /** Kubernetes tolerations applied to agent pods. */
1075
+ tolerations?: Array<Record<string, unknown>>;
1076
+ }
1068
1077
  /**
1069
1078
  * Agent-level configuration that can extend a base config.
1070
1079
  */
@@ -1167,6 +1176,8 @@ interface AgentDeployment {
1167
1176
  networking?: AgentNetworking;
1168
1177
  /** agent-sandbox backend options. */
1169
1178
  sandbox?: AgentSandboxConfig;
1179
+ /** Per-agent scheduling overrides. */
1180
+ scheduling?: AgentSchedulingConfig;
1170
1181
  /**
1171
1182
  * Agent configuration version (semver).
1172
1183
  * Recorded in K8s Deployment annotations for rollback tracking.
@@ -1183,8 +1194,17 @@ interface DeploymentsConfig {
1183
1194
  namespace?: string;
1184
1195
  /** Kubernetes workload backend. Defaults to agent-sandbox for new deployments. */
1185
1196
  backend?: CloudWorkloadBackend;
1197
+ /**
1198
+ * Backend selection policy.
1199
+ * - sandbox-required: fail fast if agent-sandbox is unavailable.
1200
+ * - sandbox-preferred: use agent-sandbox when preflight passes, otherwise fall back to Deployment.
1201
+ * - deployment-only: always use Kubernetes Deployment.
1202
+ */
1203
+ backendPolicy?: CloudWorkloadBackendPolicy;
1186
1204
  /** Default agent-sandbox options inherited by agents. */
1187
1205
  sandbox?: AgentSandboxConfig;
1206
+ /** Default scheduling applied to all agent pods. */
1207
+ scheduling?: AgentSchedulingConfig;
1188
1208
  /** Agent deployments */
1189
1209
  agents: AgentDeployment[];
1190
1210
  }
@@ -1256,6 +1276,39 @@ interface CloudSkillsConfig {
1256
1276
  entries?: CloudSkillEntry[];
1257
1277
  }
1258
1278
 
1279
+ /**
1280
+ * Cloud template routines — scheduled agent work. Delivery surfaces are owned
1281
+ * by plugins so template routines stay independent from any one channel system.
1282
+ */
1283
+
1284
+ interface CloudRoutineSchedule {
1285
+ /** Cron expression in the deployment timezone, e.g. "0 9 * * *". */
1286
+ cron?: string;
1287
+ /** Human interval supported by runtime syncers, e.g. "15m", "1h", "1d". */
1288
+ interval?: string;
1289
+ /** IANA timezone for cron evaluation. Defaults to deployment runtime context. */
1290
+ timezone?: string;
1291
+ /** Maximum overlapping runs for this routine. Defaults to the runtime's behavior. */
1292
+ maxConcurrentRuns?: number & tags.Type<'uint32'>;
1293
+ }
1294
+ interface CloudRoutineConfig {
1295
+ /** Stable routine id. Used as the sync key in runtime cron stores. */
1296
+ id: string;
1297
+ /** Agent deployment id that owns the routine. */
1298
+ agentId: string;
1299
+ /** Human-readable label for dashboards/runtime UIs. */
1300
+ title?: string;
1301
+ /** Optional operator-facing description. */
1302
+ description?: string;
1303
+ /** Disable without removing the template definition. */
1304
+ enabled?: boolean;
1305
+ /** Schedule definition. At least one of cron or interval should be set. */
1306
+ schedule: CloudRoutineSchedule;
1307
+ /** Prompt/task sent to the agent when the routine fires. */
1308
+ prompt: string;
1309
+ metadata?: Record<string, unknown>;
1310
+ }
1311
+
1259
1312
  /**
1260
1313
  * Top-level CloudConfig — the root shadowob-cloud.json schema.
1261
1314
  */
@@ -1307,6 +1360,12 @@ interface CloudConfig {
1307
1360
  * }
1308
1361
  */
1309
1362
  i18n?: Record<string, Record<string, string>>;
1363
+ /**
1364
+ * Scheduled routines owned by template agents.
1365
+ * Delivery surfaces are contributed by plugins, so this section remains
1366
+ * independent from Shadow, Slack, webhooks, or other channel providers.
1367
+ */
1368
+ routines?: CloudRoutineConfig[];
1310
1369
  /**
1311
1370
  * Team / agent pack definition.
1312
1371
  * Groups agents with shared defaults.
@@ -1439,6 +1498,15 @@ interface PluginMCPServer {
1439
1498
  interface PluginRuntimeDependency {
1440
1499
  id: string;
1441
1500
  kind: 'npm-global' | 'system-package' | 'binary' | 'shell';
1501
+ /**
1502
+ * Install order within the runtime asset init container.
1503
+ *
1504
+ * Defaults to `pre-source`, which preserves the historical behavior where
1505
+ * dependencies are installed before external skill/subagent sources are
1506
+ * copied. Use `post-source` for commands that need files from mounted
1507
+ * skill sources, such as package installs inside a checked-out skill bundle.
1508
+ */
1509
+ phase?: 'pre-source' | 'post-source';
1442
1510
  packages?: string[];
1443
1511
  command?: string[];
1444
1512
  targetPath?: string;
@@ -1580,11 +1648,24 @@ interface PluginShadowobRuntime {
1580
1648
  defaultAccountEnvKey?: string;
1581
1649
  capabilities?: Record<string, unknown>;
1582
1650
  }
1651
+ interface PluginRoutineDelivery {
1652
+ /** Cloud routine id this plugin wires to an external delivery surface. */
1653
+ routineId: string;
1654
+ /** Plugin that owns the delivery semantics, e.g. "shadowob". */
1655
+ pluginId: string;
1656
+ /** Plugin-defined delivery kind, e.g. "channel". */
1657
+ kind: string;
1658
+ /** Runtime-readable target metadata. Keep secrets as env keys/placeholders. */
1659
+ target: Record<string, unknown>;
1660
+ /** Optional env placeholders needed by a runtime bridge for this delivery. */
1661
+ env?: Record<string, string>;
1662
+ }
1583
1663
  interface PluginRuntimeExtension {
1584
1664
  openclaw?: {
1585
1665
  manifestPatches?: PluginOpenClawManifestPatch[];
1586
1666
  };
1587
1667
  shadowob?: PluginShadowobRuntime;
1668
+ routineDeliveries?: PluginRoutineDelivery[];
1588
1669
  artifacts?: PluginRuntimeArtifact[];
1589
1670
  runtimeDependencies?: PluginRuntimeDependency[];
1590
1671
  skillSources?: PluginRuntimeSource[];
@@ -1850,6 +1931,13 @@ interface VolumeSnapshotReadyStatus {
1850
1931
  ready: boolean;
1851
1932
  error?: string;
1852
1933
  }
1934
+ interface AgentSandboxPreflightResult {
1935
+ ok: boolean;
1936
+ missing: string[];
1937
+ warnings: string[];
1938
+ runtimeClassName?: string;
1939
+ runtimeClassNames?: string[];
1940
+ }
1853
1941
  declare function resolveSandboxNameAsync(namespace: string, agentName: string, kubeconfig?: string): Promise<string>;
1854
1942
  declare function getAgentSandboxStatusAsync(namespace: string, agentName: string, kubeconfig?: string): Promise<AgentSandboxStatus>;
1855
1943
  declare function scaleAgentSandboxAsync(namespace: string, agentName: string, replicas: 0 | 1, kubeconfig?: string): Promise<void>;
@@ -2012,36 +2100,376 @@ declare const NodeConfigSchema: z.ZodEffects<z.ZodObject<{
2012
2100
  user: z.ZodString;
2013
2101
  /** Path to SSH private key (supports ~) — mutually inclusive with or exclusive of password */
2014
2102
  sshKeyPath: z.ZodOptional<z.ZodString>;
2103
+ /** SSH private key passphrase — use ${env:VAR} to avoid storing plaintext */
2104
+ sshKeyPassphrase: z.ZodOptional<z.ZodString>;
2105
+ /**
2106
+ * SSH agent socket. Use true for SSH_AUTH_SOCK, or a socket path/template.
2107
+ * Useful for encrypted private keys already loaded into an agent.
2108
+ */
2109
+ sshAgent: z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodString]>>;
2015
2110
  /** SSH password — use ${env:VAR} to avoid storing plaintext */
2016
2111
  password: z.ZodOptional<z.ZodString>;
2112
+ /** Optional per-node k3s installer overrides for mixed-region clusters. */
2113
+ install: z.ZodOptional<z.ZodObject<{
2114
+ /** k3s release version. Example: v1.35.4+k3s1 */
2115
+ k3sVersion: z.ZodOptional<z.ZodString>;
2116
+ /** k3s release channel used when k3sVersion is omitted. */
2117
+ k3sChannel: z.ZodOptional<z.ZodString>;
2118
+ /** k3s channel endpoint used by the official install script. */
2119
+ k3sChannelUrl: z.ZodOptional<z.ZodString>;
2120
+ /** k3s release artifact URL prefix. */
2121
+ k3sArtifactUrl: z.ZodOptional<z.ZodString>;
2122
+ /** Common mirror shortcut. "cn" maps to Rancher's China mirror. */
2123
+ k3sMirror: z.ZodOptional<z.ZodString>;
2124
+ /** Registry prefix used by k3s for bundled system images. */
2125
+ systemDefaultRegistry: z.ZodOptional<z.ZodString>;
2126
+ /** Sandbox pause image used by k3s/containerd. Useful when Docker Hub is unreachable. */
2127
+ pauseImage: z.ZodOptional<z.ZodString>;
2128
+ /** Optional k3s containerd registry mirrors/auth config for workload images. */
2129
+ registries: z.ZodOptional<z.ZodObject<{
2130
+ /**
2131
+ * k3s containerd mirrors. Written to /etc/rancher/k3s/registries.yaml as JSON/YAML.
2132
+ * Example: { "docker.io": { "endpoint": ["https://registry-1.docker.io"] } }
2133
+ */
2134
+ mirrors: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
2135
+ endpoint: z.ZodArray<z.ZodString, "many">;
2136
+ }, "strip", z.ZodTypeAny, {
2137
+ endpoint: string[];
2138
+ }, {
2139
+ endpoint: string[];
2140
+ }>>>;
2141
+ configs: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
2142
+ auth: z.ZodOptional<z.ZodObject<{
2143
+ username: z.ZodOptional<z.ZodString>;
2144
+ password: z.ZodOptional<z.ZodString>;
2145
+ auth: z.ZodOptional<z.ZodString>;
2146
+ identityToken: z.ZodOptional<z.ZodString>;
2147
+ }, "strip", z.ZodTypeAny, {
2148
+ password?: string | undefined;
2149
+ auth?: string | undefined;
2150
+ username?: string | undefined;
2151
+ identityToken?: string | undefined;
2152
+ }, {
2153
+ password?: string | undefined;
2154
+ auth?: string | undefined;
2155
+ username?: string | undefined;
2156
+ identityToken?: string | undefined;
2157
+ }>>;
2158
+ tls: z.ZodOptional<z.ZodObject<{
2159
+ caFile: z.ZodOptional<z.ZodString>;
2160
+ certFile: z.ZodOptional<z.ZodString>;
2161
+ keyFile: z.ZodOptional<z.ZodString>;
2162
+ insecureSkipVerify: z.ZodOptional<z.ZodBoolean>;
2163
+ }, "strip", z.ZodTypeAny, {
2164
+ caFile?: string | undefined;
2165
+ certFile?: string | undefined;
2166
+ keyFile?: string | undefined;
2167
+ insecureSkipVerify?: boolean | undefined;
2168
+ }, {
2169
+ caFile?: string | undefined;
2170
+ certFile?: string | undefined;
2171
+ keyFile?: string | undefined;
2172
+ insecureSkipVerify?: boolean | undefined;
2173
+ }>>;
2174
+ }, "strip", z.ZodTypeAny, {
2175
+ auth?: {
2176
+ password?: string | undefined;
2177
+ auth?: string | undefined;
2178
+ username?: string | undefined;
2179
+ identityToken?: string | undefined;
2180
+ } | undefined;
2181
+ tls?: {
2182
+ caFile?: string | undefined;
2183
+ certFile?: string | undefined;
2184
+ keyFile?: string | undefined;
2185
+ insecureSkipVerify?: boolean | undefined;
2186
+ } | undefined;
2187
+ }, {
2188
+ auth?: {
2189
+ password?: string | undefined;
2190
+ auth?: string | undefined;
2191
+ username?: string | undefined;
2192
+ identityToken?: string | undefined;
2193
+ } | undefined;
2194
+ tls?: {
2195
+ caFile?: string | undefined;
2196
+ certFile?: string | undefined;
2197
+ keyFile?: string | undefined;
2198
+ insecureSkipVerify?: boolean | undefined;
2199
+ } | undefined;
2200
+ }>>>;
2201
+ }, "strip", z.ZodTypeAny, {
2202
+ mirrors?: Record<string, {
2203
+ endpoint: string[];
2204
+ }> | undefined;
2205
+ configs?: Record<string, {
2206
+ auth?: {
2207
+ password?: string | undefined;
2208
+ auth?: string | undefined;
2209
+ username?: string | undefined;
2210
+ identityToken?: string | undefined;
2211
+ } | undefined;
2212
+ tls?: {
2213
+ caFile?: string | undefined;
2214
+ certFile?: string | undefined;
2215
+ keyFile?: string | undefined;
2216
+ insecureSkipVerify?: boolean | undefined;
2217
+ } | undefined;
2218
+ }> | undefined;
2219
+ }, {
2220
+ mirrors?: Record<string, {
2221
+ endpoint: string[];
2222
+ }> | undefined;
2223
+ configs?: Record<string, {
2224
+ auth?: {
2225
+ password?: string | undefined;
2226
+ auth?: string | undefined;
2227
+ username?: string | undefined;
2228
+ identityToken?: string | undefined;
2229
+ } | undefined;
2230
+ tls?: {
2231
+ caFile?: string | undefined;
2232
+ certFile?: string | undefined;
2233
+ keyFile?: string | undefined;
2234
+ insecureSkipVerify?: boolean | undefined;
2235
+ } | undefined;
2236
+ }> | undefined;
2237
+ }>>;
2238
+ }, "strip", z.ZodTypeAny, {
2239
+ k3sVersion?: string | undefined;
2240
+ k3sChannel?: string | undefined;
2241
+ k3sChannelUrl?: string | undefined;
2242
+ k3sArtifactUrl?: string | undefined;
2243
+ k3sMirror?: string | undefined;
2244
+ systemDefaultRegistry?: string | undefined;
2245
+ pauseImage?: string | undefined;
2246
+ registries?: {
2247
+ mirrors?: Record<string, {
2248
+ endpoint: string[];
2249
+ }> | undefined;
2250
+ configs?: Record<string, {
2251
+ auth?: {
2252
+ password?: string | undefined;
2253
+ auth?: string | undefined;
2254
+ username?: string | undefined;
2255
+ identityToken?: string | undefined;
2256
+ } | undefined;
2257
+ tls?: {
2258
+ caFile?: string | undefined;
2259
+ certFile?: string | undefined;
2260
+ keyFile?: string | undefined;
2261
+ insecureSkipVerify?: boolean | undefined;
2262
+ } | undefined;
2263
+ }> | undefined;
2264
+ } | undefined;
2265
+ }, {
2266
+ k3sVersion?: string | undefined;
2267
+ k3sChannel?: string | undefined;
2268
+ k3sChannelUrl?: string | undefined;
2269
+ k3sArtifactUrl?: string | undefined;
2270
+ k3sMirror?: string | undefined;
2271
+ systemDefaultRegistry?: string | undefined;
2272
+ pauseImage?: string | undefined;
2273
+ registries?: {
2274
+ mirrors?: Record<string, {
2275
+ endpoint: string[];
2276
+ }> | undefined;
2277
+ configs?: Record<string, {
2278
+ auth?: {
2279
+ password?: string | undefined;
2280
+ auth?: string | undefined;
2281
+ username?: string | undefined;
2282
+ identityToken?: string | undefined;
2283
+ } | undefined;
2284
+ tls?: {
2285
+ caFile?: string | undefined;
2286
+ certFile?: string | undefined;
2287
+ keyFile?: string | undefined;
2288
+ insecureSkipVerify?: boolean | undefined;
2289
+ } | undefined;
2290
+ }> | undefined;
2291
+ } | undefined;
2292
+ }>>;
2293
+ /** Region label applied during cluster init/apply, e.g. cn or us. */
2294
+ region: z.ZodOptional<z.ZodString>;
2295
+ /** Extra Kubernetes node labels applied during cluster init/apply. */
2296
+ labels: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
2297
+ /** Per-node feature flags used for mixed-capability clusters. */
2298
+ features: z.ZodOptional<z.ZodObject<{
2299
+ sandbox: z.ZodOptional<z.ZodBoolean>;
2300
+ }, "strip", z.ZodTypeAny, {
2301
+ sandbox?: boolean | undefined;
2302
+ }, {
2303
+ sandbox?: boolean | undefined;
2304
+ }>>;
2017
2305
  }, "strip", z.ZodTypeAny, {
2018
2306
  host: string;
2019
2307
  port: number;
2020
2308
  user: string;
2021
2309
  role: "master" | "worker";
2022
2310
  password?: string | undefined;
2311
+ features?: {
2312
+ sandbox?: boolean | undefined;
2313
+ } | undefined;
2314
+ install?: {
2315
+ k3sVersion?: string | undefined;
2316
+ k3sChannel?: string | undefined;
2317
+ k3sChannelUrl?: string | undefined;
2318
+ k3sArtifactUrl?: string | undefined;
2319
+ k3sMirror?: string | undefined;
2320
+ systemDefaultRegistry?: string | undefined;
2321
+ pauseImage?: string | undefined;
2322
+ registries?: {
2323
+ mirrors?: Record<string, {
2324
+ endpoint: string[];
2325
+ }> | undefined;
2326
+ configs?: Record<string, {
2327
+ auth?: {
2328
+ password?: string | undefined;
2329
+ auth?: string | undefined;
2330
+ username?: string | undefined;
2331
+ identityToken?: string | undefined;
2332
+ } | undefined;
2333
+ tls?: {
2334
+ caFile?: string | undefined;
2335
+ certFile?: string | undefined;
2336
+ keyFile?: string | undefined;
2337
+ insecureSkipVerify?: boolean | undefined;
2338
+ } | undefined;
2339
+ }> | undefined;
2340
+ } | undefined;
2341
+ } | undefined;
2023
2342
  sshKeyPath?: string | undefined;
2343
+ sshKeyPassphrase?: string | undefined;
2344
+ sshAgent?: string | boolean | undefined;
2345
+ region?: string | undefined;
2346
+ labels?: Record<string, string> | undefined;
2024
2347
  }, {
2025
2348
  host: string;
2026
2349
  user: string;
2027
2350
  role: "master" | "worker";
2028
2351
  password?: string | undefined;
2029
2352
  port?: number | undefined;
2353
+ features?: {
2354
+ sandbox?: boolean | undefined;
2355
+ } | undefined;
2356
+ install?: {
2357
+ k3sVersion?: string | undefined;
2358
+ k3sChannel?: string | undefined;
2359
+ k3sChannelUrl?: string | undefined;
2360
+ k3sArtifactUrl?: string | undefined;
2361
+ k3sMirror?: string | undefined;
2362
+ systemDefaultRegistry?: string | undefined;
2363
+ pauseImage?: string | undefined;
2364
+ registries?: {
2365
+ mirrors?: Record<string, {
2366
+ endpoint: string[];
2367
+ }> | undefined;
2368
+ configs?: Record<string, {
2369
+ auth?: {
2370
+ password?: string | undefined;
2371
+ auth?: string | undefined;
2372
+ username?: string | undefined;
2373
+ identityToken?: string | undefined;
2374
+ } | undefined;
2375
+ tls?: {
2376
+ caFile?: string | undefined;
2377
+ certFile?: string | undefined;
2378
+ keyFile?: string | undefined;
2379
+ insecureSkipVerify?: boolean | undefined;
2380
+ } | undefined;
2381
+ }> | undefined;
2382
+ } | undefined;
2383
+ } | undefined;
2030
2384
  sshKeyPath?: string | undefined;
2385
+ sshKeyPassphrase?: string | undefined;
2386
+ sshAgent?: string | boolean | undefined;
2387
+ region?: string | undefined;
2388
+ labels?: Record<string, string> | undefined;
2031
2389
  }>, {
2032
2390
  host: string;
2033
2391
  port: number;
2034
2392
  user: string;
2035
2393
  role: "master" | "worker";
2036
2394
  password?: string | undefined;
2395
+ features?: {
2396
+ sandbox?: boolean | undefined;
2397
+ } | undefined;
2398
+ install?: {
2399
+ k3sVersion?: string | undefined;
2400
+ k3sChannel?: string | undefined;
2401
+ k3sChannelUrl?: string | undefined;
2402
+ k3sArtifactUrl?: string | undefined;
2403
+ k3sMirror?: string | undefined;
2404
+ systemDefaultRegistry?: string | undefined;
2405
+ pauseImage?: string | undefined;
2406
+ registries?: {
2407
+ mirrors?: Record<string, {
2408
+ endpoint: string[];
2409
+ }> | undefined;
2410
+ configs?: Record<string, {
2411
+ auth?: {
2412
+ password?: string | undefined;
2413
+ auth?: string | undefined;
2414
+ username?: string | undefined;
2415
+ identityToken?: string | undefined;
2416
+ } | undefined;
2417
+ tls?: {
2418
+ caFile?: string | undefined;
2419
+ certFile?: string | undefined;
2420
+ keyFile?: string | undefined;
2421
+ insecureSkipVerify?: boolean | undefined;
2422
+ } | undefined;
2423
+ }> | undefined;
2424
+ } | undefined;
2425
+ } | undefined;
2037
2426
  sshKeyPath?: string | undefined;
2427
+ sshKeyPassphrase?: string | undefined;
2428
+ sshAgent?: string | boolean | undefined;
2429
+ region?: string | undefined;
2430
+ labels?: Record<string, string> | undefined;
2038
2431
  }, {
2039
2432
  host: string;
2040
2433
  user: string;
2041
2434
  role: "master" | "worker";
2042
2435
  password?: string | undefined;
2043
2436
  port?: number | undefined;
2437
+ features?: {
2438
+ sandbox?: boolean | undefined;
2439
+ } | undefined;
2440
+ install?: {
2441
+ k3sVersion?: string | undefined;
2442
+ k3sChannel?: string | undefined;
2443
+ k3sChannelUrl?: string | undefined;
2444
+ k3sArtifactUrl?: string | undefined;
2445
+ k3sMirror?: string | undefined;
2446
+ systemDefaultRegistry?: string | undefined;
2447
+ pauseImage?: string | undefined;
2448
+ registries?: {
2449
+ mirrors?: Record<string, {
2450
+ endpoint: string[];
2451
+ }> | undefined;
2452
+ configs?: Record<string, {
2453
+ auth?: {
2454
+ password?: string | undefined;
2455
+ auth?: string | undefined;
2456
+ username?: string | undefined;
2457
+ identityToken?: string | undefined;
2458
+ } | undefined;
2459
+ tls?: {
2460
+ caFile?: string | undefined;
2461
+ certFile?: string | undefined;
2462
+ keyFile?: string | undefined;
2463
+ insecureSkipVerify?: boolean | undefined;
2464
+ } | undefined;
2465
+ }> | undefined;
2466
+ } | undefined;
2467
+ } | undefined;
2044
2468
  sshKeyPath?: string | undefined;
2469
+ sshKeyPassphrase?: string | undefined;
2470
+ sshAgent?: string | boolean | undefined;
2471
+ region?: string | undefined;
2472
+ labels?: Record<string, string> | undefined;
2045
2473
  }>;
2046
2474
  type NodeConfig = z.infer<typeof NodeConfigSchema>;
2047
2475
  declare const ClusterConfigSchema: z.ZodEffects<z.ZodObject<{
@@ -2062,36 +2490,376 @@ declare const ClusterConfigSchema: z.ZodEffects<z.ZodObject<{
2062
2490
  user: z.ZodString;
2063
2491
  /** Path to SSH private key (supports ~) — mutually inclusive with or exclusive of password */
2064
2492
  sshKeyPath: z.ZodOptional<z.ZodString>;
2493
+ /** SSH private key passphrase — use ${env:VAR} to avoid storing plaintext */
2494
+ sshKeyPassphrase: z.ZodOptional<z.ZodString>;
2495
+ /**
2496
+ * SSH agent socket. Use true for SSH_AUTH_SOCK, or a socket path/template.
2497
+ * Useful for encrypted private keys already loaded into an agent.
2498
+ */
2499
+ sshAgent: z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodString]>>;
2065
2500
  /** SSH password — use ${env:VAR} to avoid storing plaintext */
2066
2501
  password: z.ZodOptional<z.ZodString>;
2502
+ /** Optional per-node k3s installer overrides for mixed-region clusters. */
2503
+ install: z.ZodOptional<z.ZodObject<{
2504
+ /** k3s release version. Example: v1.35.4+k3s1 */
2505
+ k3sVersion: z.ZodOptional<z.ZodString>;
2506
+ /** k3s release channel used when k3sVersion is omitted. */
2507
+ k3sChannel: z.ZodOptional<z.ZodString>;
2508
+ /** k3s channel endpoint used by the official install script. */
2509
+ k3sChannelUrl: z.ZodOptional<z.ZodString>;
2510
+ /** k3s release artifact URL prefix. */
2511
+ k3sArtifactUrl: z.ZodOptional<z.ZodString>;
2512
+ /** Common mirror shortcut. "cn" maps to Rancher's China mirror. */
2513
+ k3sMirror: z.ZodOptional<z.ZodString>;
2514
+ /** Registry prefix used by k3s for bundled system images. */
2515
+ systemDefaultRegistry: z.ZodOptional<z.ZodString>;
2516
+ /** Sandbox pause image used by k3s/containerd. Useful when Docker Hub is unreachable. */
2517
+ pauseImage: z.ZodOptional<z.ZodString>;
2518
+ /** Optional k3s containerd registry mirrors/auth config for workload images. */
2519
+ registries: z.ZodOptional<z.ZodObject<{
2520
+ /**
2521
+ * k3s containerd mirrors. Written to /etc/rancher/k3s/registries.yaml as JSON/YAML.
2522
+ * Example: { "docker.io": { "endpoint": ["https://registry-1.docker.io"] } }
2523
+ */
2524
+ mirrors: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
2525
+ endpoint: z.ZodArray<z.ZodString, "many">;
2526
+ }, "strip", z.ZodTypeAny, {
2527
+ endpoint: string[];
2528
+ }, {
2529
+ endpoint: string[];
2530
+ }>>>;
2531
+ configs: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
2532
+ auth: z.ZodOptional<z.ZodObject<{
2533
+ username: z.ZodOptional<z.ZodString>;
2534
+ password: z.ZodOptional<z.ZodString>;
2535
+ auth: z.ZodOptional<z.ZodString>;
2536
+ identityToken: z.ZodOptional<z.ZodString>;
2537
+ }, "strip", z.ZodTypeAny, {
2538
+ password?: string | undefined;
2539
+ auth?: string | undefined;
2540
+ username?: string | undefined;
2541
+ identityToken?: string | undefined;
2542
+ }, {
2543
+ password?: string | undefined;
2544
+ auth?: string | undefined;
2545
+ username?: string | undefined;
2546
+ identityToken?: string | undefined;
2547
+ }>>;
2548
+ tls: z.ZodOptional<z.ZodObject<{
2549
+ caFile: z.ZodOptional<z.ZodString>;
2550
+ certFile: z.ZodOptional<z.ZodString>;
2551
+ keyFile: z.ZodOptional<z.ZodString>;
2552
+ insecureSkipVerify: z.ZodOptional<z.ZodBoolean>;
2553
+ }, "strip", z.ZodTypeAny, {
2554
+ caFile?: string | undefined;
2555
+ certFile?: string | undefined;
2556
+ keyFile?: string | undefined;
2557
+ insecureSkipVerify?: boolean | undefined;
2558
+ }, {
2559
+ caFile?: string | undefined;
2560
+ certFile?: string | undefined;
2561
+ keyFile?: string | undefined;
2562
+ insecureSkipVerify?: boolean | undefined;
2563
+ }>>;
2564
+ }, "strip", z.ZodTypeAny, {
2565
+ auth?: {
2566
+ password?: string | undefined;
2567
+ auth?: string | undefined;
2568
+ username?: string | undefined;
2569
+ identityToken?: string | undefined;
2570
+ } | undefined;
2571
+ tls?: {
2572
+ caFile?: string | undefined;
2573
+ certFile?: string | undefined;
2574
+ keyFile?: string | undefined;
2575
+ insecureSkipVerify?: boolean | undefined;
2576
+ } | undefined;
2577
+ }, {
2578
+ auth?: {
2579
+ password?: string | undefined;
2580
+ auth?: string | undefined;
2581
+ username?: string | undefined;
2582
+ identityToken?: string | undefined;
2583
+ } | undefined;
2584
+ tls?: {
2585
+ caFile?: string | undefined;
2586
+ certFile?: string | undefined;
2587
+ keyFile?: string | undefined;
2588
+ insecureSkipVerify?: boolean | undefined;
2589
+ } | undefined;
2590
+ }>>>;
2591
+ }, "strip", z.ZodTypeAny, {
2592
+ mirrors?: Record<string, {
2593
+ endpoint: string[];
2594
+ }> | undefined;
2595
+ configs?: Record<string, {
2596
+ auth?: {
2597
+ password?: string | undefined;
2598
+ auth?: string | undefined;
2599
+ username?: string | undefined;
2600
+ identityToken?: string | undefined;
2601
+ } | undefined;
2602
+ tls?: {
2603
+ caFile?: string | undefined;
2604
+ certFile?: string | undefined;
2605
+ keyFile?: string | undefined;
2606
+ insecureSkipVerify?: boolean | undefined;
2607
+ } | undefined;
2608
+ }> | undefined;
2609
+ }, {
2610
+ mirrors?: Record<string, {
2611
+ endpoint: string[];
2612
+ }> | undefined;
2613
+ configs?: Record<string, {
2614
+ auth?: {
2615
+ password?: string | undefined;
2616
+ auth?: string | undefined;
2617
+ username?: string | undefined;
2618
+ identityToken?: string | undefined;
2619
+ } | undefined;
2620
+ tls?: {
2621
+ caFile?: string | undefined;
2622
+ certFile?: string | undefined;
2623
+ keyFile?: string | undefined;
2624
+ insecureSkipVerify?: boolean | undefined;
2625
+ } | undefined;
2626
+ }> | undefined;
2627
+ }>>;
2628
+ }, "strip", z.ZodTypeAny, {
2629
+ k3sVersion?: string | undefined;
2630
+ k3sChannel?: string | undefined;
2631
+ k3sChannelUrl?: string | undefined;
2632
+ k3sArtifactUrl?: string | undefined;
2633
+ k3sMirror?: string | undefined;
2634
+ systemDefaultRegistry?: string | undefined;
2635
+ pauseImage?: string | undefined;
2636
+ registries?: {
2637
+ mirrors?: Record<string, {
2638
+ endpoint: string[];
2639
+ }> | undefined;
2640
+ configs?: Record<string, {
2641
+ auth?: {
2642
+ password?: string | undefined;
2643
+ auth?: string | undefined;
2644
+ username?: string | undefined;
2645
+ identityToken?: string | undefined;
2646
+ } | undefined;
2647
+ tls?: {
2648
+ caFile?: string | undefined;
2649
+ certFile?: string | undefined;
2650
+ keyFile?: string | undefined;
2651
+ insecureSkipVerify?: boolean | undefined;
2652
+ } | undefined;
2653
+ }> | undefined;
2654
+ } | undefined;
2655
+ }, {
2656
+ k3sVersion?: string | undefined;
2657
+ k3sChannel?: string | undefined;
2658
+ k3sChannelUrl?: string | undefined;
2659
+ k3sArtifactUrl?: string | undefined;
2660
+ k3sMirror?: string | undefined;
2661
+ systemDefaultRegistry?: string | undefined;
2662
+ pauseImage?: string | undefined;
2663
+ registries?: {
2664
+ mirrors?: Record<string, {
2665
+ endpoint: string[];
2666
+ }> | undefined;
2667
+ configs?: Record<string, {
2668
+ auth?: {
2669
+ password?: string | undefined;
2670
+ auth?: string | undefined;
2671
+ username?: string | undefined;
2672
+ identityToken?: string | undefined;
2673
+ } | undefined;
2674
+ tls?: {
2675
+ caFile?: string | undefined;
2676
+ certFile?: string | undefined;
2677
+ keyFile?: string | undefined;
2678
+ insecureSkipVerify?: boolean | undefined;
2679
+ } | undefined;
2680
+ }> | undefined;
2681
+ } | undefined;
2682
+ }>>;
2683
+ /** Region label applied during cluster init/apply, e.g. cn or us. */
2684
+ region: z.ZodOptional<z.ZodString>;
2685
+ /** Extra Kubernetes node labels applied during cluster init/apply. */
2686
+ labels: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
2687
+ /** Per-node feature flags used for mixed-capability clusters. */
2688
+ features: z.ZodOptional<z.ZodObject<{
2689
+ sandbox: z.ZodOptional<z.ZodBoolean>;
2690
+ }, "strip", z.ZodTypeAny, {
2691
+ sandbox?: boolean | undefined;
2692
+ }, {
2693
+ sandbox?: boolean | undefined;
2694
+ }>>;
2067
2695
  }, "strip", z.ZodTypeAny, {
2068
2696
  host: string;
2069
2697
  port: number;
2070
2698
  user: string;
2071
2699
  role: "master" | "worker";
2072
2700
  password?: string | undefined;
2701
+ features?: {
2702
+ sandbox?: boolean | undefined;
2703
+ } | undefined;
2704
+ install?: {
2705
+ k3sVersion?: string | undefined;
2706
+ k3sChannel?: string | undefined;
2707
+ k3sChannelUrl?: string | undefined;
2708
+ k3sArtifactUrl?: string | undefined;
2709
+ k3sMirror?: string | undefined;
2710
+ systemDefaultRegistry?: string | undefined;
2711
+ pauseImage?: string | undefined;
2712
+ registries?: {
2713
+ mirrors?: Record<string, {
2714
+ endpoint: string[];
2715
+ }> | undefined;
2716
+ configs?: Record<string, {
2717
+ auth?: {
2718
+ password?: string | undefined;
2719
+ auth?: string | undefined;
2720
+ username?: string | undefined;
2721
+ identityToken?: string | undefined;
2722
+ } | undefined;
2723
+ tls?: {
2724
+ caFile?: string | undefined;
2725
+ certFile?: string | undefined;
2726
+ keyFile?: string | undefined;
2727
+ insecureSkipVerify?: boolean | undefined;
2728
+ } | undefined;
2729
+ }> | undefined;
2730
+ } | undefined;
2731
+ } | undefined;
2073
2732
  sshKeyPath?: string | undefined;
2733
+ sshKeyPassphrase?: string | undefined;
2734
+ sshAgent?: string | boolean | undefined;
2735
+ region?: string | undefined;
2736
+ labels?: Record<string, string> | undefined;
2074
2737
  }, {
2075
2738
  host: string;
2076
2739
  user: string;
2077
2740
  role: "master" | "worker";
2078
2741
  password?: string | undefined;
2079
2742
  port?: number | undefined;
2743
+ features?: {
2744
+ sandbox?: boolean | undefined;
2745
+ } | undefined;
2746
+ install?: {
2747
+ k3sVersion?: string | undefined;
2748
+ k3sChannel?: string | undefined;
2749
+ k3sChannelUrl?: string | undefined;
2750
+ k3sArtifactUrl?: string | undefined;
2751
+ k3sMirror?: string | undefined;
2752
+ systemDefaultRegistry?: string | undefined;
2753
+ pauseImage?: string | undefined;
2754
+ registries?: {
2755
+ mirrors?: Record<string, {
2756
+ endpoint: string[];
2757
+ }> | undefined;
2758
+ configs?: Record<string, {
2759
+ auth?: {
2760
+ password?: string | undefined;
2761
+ auth?: string | undefined;
2762
+ username?: string | undefined;
2763
+ identityToken?: string | undefined;
2764
+ } | undefined;
2765
+ tls?: {
2766
+ caFile?: string | undefined;
2767
+ certFile?: string | undefined;
2768
+ keyFile?: string | undefined;
2769
+ insecureSkipVerify?: boolean | undefined;
2770
+ } | undefined;
2771
+ }> | undefined;
2772
+ } | undefined;
2773
+ } | undefined;
2080
2774
  sshKeyPath?: string | undefined;
2775
+ sshKeyPassphrase?: string | undefined;
2776
+ sshAgent?: string | boolean | undefined;
2777
+ region?: string | undefined;
2778
+ labels?: Record<string, string> | undefined;
2081
2779
  }>, {
2082
2780
  host: string;
2083
2781
  port: number;
2084
2782
  user: string;
2085
2783
  role: "master" | "worker";
2086
2784
  password?: string | undefined;
2785
+ features?: {
2786
+ sandbox?: boolean | undefined;
2787
+ } | undefined;
2788
+ install?: {
2789
+ k3sVersion?: string | undefined;
2790
+ k3sChannel?: string | undefined;
2791
+ k3sChannelUrl?: string | undefined;
2792
+ k3sArtifactUrl?: string | undefined;
2793
+ k3sMirror?: string | undefined;
2794
+ systemDefaultRegistry?: string | undefined;
2795
+ pauseImage?: string | undefined;
2796
+ registries?: {
2797
+ mirrors?: Record<string, {
2798
+ endpoint: string[];
2799
+ }> | undefined;
2800
+ configs?: Record<string, {
2801
+ auth?: {
2802
+ password?: string | undefined;
2803
+ auth?: string | undefined;
2804
+ username?: string | undefined;
2805
+ identityToken?: string | undefined;
2806
+ } | undefined;
2807
+ tls?: {
2808
+ caFile?: string | undefined;
2809
+ certFile?: string | undefined;
2810
+ keyFile?: string | undefined;
2811
+ insecureSkipVerify?: boolean | undefined;
2812
+ } | undefined;
2813
+ }> | undefined;
2814
+ } | undefined;
2815
+ } | undefined;
2087
2816
  sshKeyPath?: string | undefined;
2817
+ sshKeyPassphrase?: string | undefined;
2818
+ sshAgent?: string | boolean | undefined;
2819
+ region?: string | undefined;
2820
+ labels?: Record<string, string> | undefined;
2088
2821
  }, {
2089
2822
  host: string;
2090
2823
  user: string;
2091
2824
  role: "master" | "worker";
2092
2825
  password?: string | undefined;
2093
2826
  port?: number | undefined;
2827
+ features?: {
2828
+ sandbox?: boolean | undefined;
2829
+ } | undefined;
2830
+ install?: {
2831
+ k3sVersion?: string | undefined;
2832
+ k3sChannel?: string | undefined;
2833
+ k3sChannelUrl?: string | undefined;
2834
+ k3sArtifactUrl?: string | undefined;
2835
+ k3sMirror?: string | undefined;
2836
+ systemDefaultRegistry?: string | undefined;
2837
+ pauseImage?: string | undefined;
2838
+ registries?: {
2839
+ mirrors?: Record<string, {
2840
+ endpoint: string[];
2841
+ }> | undefined;
2842
+ configs?: Record<string, {
2843
+ auth?: {
2844
+ password?: string | undefined;
2845
+ auth?: string | undefined;
2846
+ username?: string | undefined;
2847
+ identityToken?: string | undefined;
2848
+ } | undefined;
2849
+ tls?: {
2850
+ caFile?: string | undefined;
2851
+ certFile?: string | undefined;
2852
+ keyFile?: string | undefined;
2853
+ insecureSkipVerify?: boolean | undefined;
2854
+ } | undefined;
2855
+ }> | undefined;
2856
+ } | undefined;
2857
+ } | undefined;
2094
2858
  sshKeyPath?: string | undefined;
2859
+ sshKeyPassphrase?: string | undefined;
2860
+ sshAgent?: string | boolean | undefined;
2861
+ region?: string | undefined;
2862
+ labels?: Record<string, string> | undefined;
2095
2863
  }>, "many">;
2096
2864
  /** Optional k3s installer settings for restricted networks or pinned versions. */
2097
2865
  install: z.ZodOptional<z.ZodObject<{
@@ -2109,6 +2877,116 @@ declare const ClusterConfigSchema: z.ZodEffects<z.ZodObject<{
2109
2877
  systemDefaultRegistry: z.ZodOptional<z.ZodString>;
2110
2878
  /** Sandbox pause image used by k3s/containerd. Useful when Docker Hub is unreachable. */
2111
2879
  pauseImage: z.ZodOptional<z.ZodString>;
2880
+ /** Optional k3s containerd registry mirrors/auth config for workload images. */
2881
+ registries: z.ZodOptional<z.ZodObject<{
2882
+ /**
2883
+ * k3s containerd mirrors. Written to /etc/rancher/k3s/registries.yaml as JSON/YAML.
2884
+ * Example: { "docker.io": { "endpoint": ["https://registry-1.docker.io"] } }
2885
+ */
2886
+ mirrors: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
2887
+ endpoint: z.ZodArray<z.ZodString, "many">;
2888
+ }, "strip", z.ZodTypeAny, {
2889
+ endpoint: string[];
2890
+ }, {
2891
+ endpoint: string[];
2892
+ }>>>;
2893
+ configs: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
2894
+ auth: z.ZodOptional<z.ZodObject<{
2895
+ username: z.ZodOptional<z.ZodString>;
2896
+ password: z.ZodOptional<z.ZodString>;
2897
+ auth: z.ZodOptional<z.ZodString>;
2898
+ identityToken: z.ZodOptional<z.ZodString>;
2899
+ }, "strip", z.ZodTypeAny, {
2900
+ password?: string | undefined;
2901
+ auth?: string | undefined;
2902
+ username?: string | undefined;
2903
+ identityToken?: string | undefined;
2904
+ }, {
2905
+ password?: string | undefined;
2906
+ auth?: string | undefined;
2907
+ username?: string | undefined;
2908
+ identityToken?: string | undefined;
2909
+ }>>;
2910
+ tls: z.ZodOptional<z.ZodObject<{
2911
+ caFile: z.ZodOptional<z.ZodString>;
2912
+ certFile: z.ZodOptional<z.ZodString>;
2913
+ keyFile: z.ZodOptional<z.ZodString>;
2914
+ insecureSkipVerify: z.ZodOptional<z.ZodBoolean>;
2915
+ }, "strip", z.ZodTypeAny, {
2916
+ caFile?: string | undefined;
2917
+ certFile?: string | undefined;
2918
+ keyFile?: string | undefined;
2919
+ insecureSkipVerify?: boolean | undefined;
2920
+ }, {
2921
+ caFile?: string | undefined;
2922
+ certFile?: string | undefined;
2923
+ keyFile?: string | undefined;
2924
+ insecureSkipVerify?: boolean | undefined;
2925
+ }>>;
2926
+ }, "strip", z.ZodTypeAny, {
2927
+ auth?: {
2928
+ password?: string | undefined;
2929
+ auth?: string | undefined;
2930
+ username?: string | undefined;
2931
+ identityToken?: string | undefined;
2932
+ } | undefined;
2933
+ tls?: {
2934
+ caFile?: string | undefined;
2935
+ certFile?: string | undefined;
2936
+ keyFile?: string | undefined;
2937
+ insecureSkipVerify?: boolean | undefined;
2938
+ } | undefined;
2939
+ }, {
2940
+ auth?: {
2941
+ password?: string | undefined;
2942
+ auth?: string | undefined;
2943
+ username?: string | undefined;
2944
+ identityToken?: string | undefined;
2945
+ } | undefined;
2946
+ tls?: {
2947
+ caFile?: string | undefined;
2948
+ certFile?: string | undefined;
2949
+ keyFile?: string | undefined;
2950
+ insecureSkipVerify?: boolean | undefined;
2951
+ } | undefined;
2952
+ }>>>;
2953
+ }, "strip", z.ZodTypeAny, {
2954
+ mirrors?: Record<string, {
2955
+ endpoint: string[];
2956
+ }> | undefined;
2957
+ configs?: Record<string, {
2958
+ auth?: {
2959
+ password?: string | undefined;
2960
+ auth?: string | undefined;
2961
+ username?: string | undefined;
2962
+ identityToken?: string | undefined;
2963
+ } | undefined;
2964
+ tls?: {
2965
+ caFile?: string | undefined;
2966
+ certFile?: string | undefined;
2967
+ keyFile?: string | undefined;
2968
+ insecureSkipVerify?: boolean | undefined;
2969
+ } | undefined;
2970
+ }> | undefined;
2971
+ }, {
2972
+ mirrors?: Record<string, {
2973
+ endpoint: string[];
2974
+ }> | undefined;
2975
+ configs?: Record<string, {
2976
+ auth?: {
2977
+ password?: string | undefined;
2978
+ auth?: string | undefined;
2979
+ username?: string | undefined;
2980
+ identityToken?: string | undefined;
2981
+ } | undefined;
2982
+ tls?: {
2983
+ caFile?: string | undefined;
2984
+ certFile?: string | undefined;
2985
+ keyFile?: string | undefined;
2986
+ insecureSkipVerify?: boolean | undefined;
2987
+ } | undefined;
2988
+ }> | undefined;
2989
+ }>>;
2112
2990
  }, "strip", z.ZodTypeAny, {
2113
2991
  k3sVersion?: string | undefined;
2114
2992
  k3sChannel?: string | undefined;
@@ -2117,6 +2995,25 @@ declare const ClusterConfigSchema: z.ZodEffects<z.ZodObject<{
2117
2995
  k3sMirror?: string | undefined;
2118
2996
  systemDefaultRegistry?: string | undefined;
2119
2997
  pauseImage?: string | undefined;
2998
+ registries?: {
2999
+ mirrors?: Record<string, {
3000
+ endpoint: string[];
3001
+ }> | undefined;
3002
+ configs?: Record<string, {
3003
+ auth?: {
3004
+ password?: string | undefined;
3005
+ auth?: string | undefined;
3006
+ username?: string | undefined;
3007
+ identityToken?: string | undefined;
3008
+ } | undefined;
3009
+ tls?: {
3010
+ caFile?: string | undefined;
3011
+ certFile?: string | undefined;
3012
+ keyFile?: string | undefined;
3013
+ insecureSkipVerify?: boolean | undefined;
3014
+ } | undefined;
3015
+ }> | undefined;
3016
+ } | undefined;
2120
3017
  }, {
2121
3018
  k3sVersion?: string | undefined;
2122
3019
  k3sChannel?: string | undefined;
@@ -2125,6 +3022,148 @@ declare const ClusterConfigSchema: z.ZodEffects<z.ZodObject<{
2125
3022
  k3sMirror?: string | undefined;
2126
3023
  systemDefaultRegistry?: string | undefined;
2127
3024
  pauseImage?: string | undefined;
3025
+ registries?: {
3026
+ mirrors?: Record<string, {
3027
+ endpoint: string[];
3028
+ }> | undefined;
3029
+ configs?: Record<string, {
3030
+ auth?: {
3031
+ password?: string | undefined;
3032
+ auth?: string | undefined;
3033
+ username?: string | undefined;
3034
+ identityToken?: string | undefined;
3035
+ } | undefined;
3036
+ tls?: {
3037
+ caFile?: string | undefined;
3038
+ certFile?: string | undefined;
3039
+ keyFile?: string | undefined;
3040
+ insecureSkipVerify?: boolean | undefined;
3041
+ } | undefined;
3042
+ }> | undefined;
3043
+ } | undefined;
3044
+ }>>;
3045
+ /** Optional cluster capabilities managed by cluster init/apply. */
3046
+ features: z.ZodOptional<z.ZodObject<{
3047
+ /** agent-sandbox CRDs/controller/runtime-class management. */
3048
+ sandbox: z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodEffects<z.ZodObject<{
3049
+ /** Enable agent-sandbox as a cluster capability. */
3050
+ enabled: z.ZodDefault<z.ZodBoolean>;
3051
+ /** Install/upgrade the upstream CRDs and controller during cluster init/apply. */
3052
+ install: z.ZodDefault<z.ZodBoolean>;
3053
+ /** Pinned upstream agent-sandbox release used to build default manifest URLs. */
3054
+ version: z.ZodDefault<z.ZodString>;
3055
+ /**
3056
+ * Optional manifest URLs. Defaults to the upstream release manifest.yaml and extensions.yaml.
3057
+ * Use mirrored URLs for restricted networks.
3058
+ */
3059
+ manifestUrls: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
3060
+ /** Optional controller image override, useful for domestic/private registries. */
3061
+ controllerImage: z.ZodOptional<z.ZodString>;
3062
+ /** RuntimeClass injected into generated Cloud SaaS sandbox configs. */
3063
+ runtimeClassName: z.ZodDefault<z.ZodString>;
3064
+ /** Create RuntimeClass automatically. Disable when the cluster already provides gvisor/runsc. */
3065
+ createRuntimeClass: z.ZodDefault<z.ZodBoolean>;
3066
+ /** RuntimeClass handler used when createRuntimeClass is true. */
3067
+ runtimeClassHandler: z.ZodDefault<z.ZodString>;
3068
+ /** Wait timeout for CRDs/controller readiness. */
3069
+ waitTimeoutSeconds: z.ZodDefault<z.ZodNumber>;
3070
+ /** Fail cluster init/apply when sandbox cannot be verified. */
3071
+ required: z.ZodDefault<z.ZodBoolean>;
3072
+ /** Label selector injected into sandbox workloads unless templates override it. */
3073
+ nodeSelector: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodString>>;
3074
+ /** Run a real SandboxTemplate/SandboxClaim smoke after install/verify. */
3075
+ smokeTest: z.ZodDefault<z.ZodBoolean>;
3076
+ /** Image used by the optional smoke test. Mirror this for restricted networks. */
3077
+ smokeImage: z.ZodDefault<z.ZodString>;
3078
+ }, "strip", z.ZodTypeAny, {
3079
+ version: string;
3080
+ enabled: boolean;
3081
+ required: boolean;
3082
+ install: boolean;
3083
+ runtimeClassName: string;
3084
+ createRuntimeClass: boolean;
3085
+ runtimeClassHandler: string;
3086
+ waitTimeoutSeconds: number;
3087
+ nodeSelector: Record<string, string>;
3088
+ smokeTest: boolean;
3089
+ smokeImage: string;
3090
+ manifestUrls?: string[] | undefined;
3091
+ controllerImage?: string | undefined;
3092
+ }, {
3093
+ version?: string | undefined;
3094
+ enabled?: boolean | undefined;
3095
+ required?: boolean | undefined;
3096
+ install?: boolean | undefined;
3097
+ manifestUrls?: string[] | undefined;
3098
+ controllerImage?: string | undefined;
3099
+ runtimeClassName?: string | undefined;
3100
+ createRuntimeClass?: boolean | undefined;
3101
+ runtimeClassHandler?: string | undefined;
3102
+ waitTimeoutSeconds?: number | undefined;
3103
+ nodeSelector?: Record<string, string> | undefined;
3104
+ smokeTest?: boolean | undefined;
3105
+ smokeImage?: string | undefined;
3106
+ }>, {
3107
+ version: string;
3108
+ enabled: boolean;
3109
+ required: boolean;
3110
+ install: boolean;
3111
+ runtimeClassName: string;
3112
+ createRuntimeClass: boolean;
3113
+ runtimeClassHandler: string;
3114
+ waitTimeoutSeconds: number;
3115
+ nodeSelector: Record<string, string>;
3116
+ smokeTest: boolean;
3117
+ smokeImage: string;
3118
+ manifestUrls?: string[] | undefined;
3119
+ controllerImage?: string | undefined;
3120
+ }, {
3121
+ version?: string | undefined;
3122
+ enabled?: boolean | undefined;
3123
+ required?: boolean | undefined;
3124
+ install?: boolean | undefined;
3125
+ manifestUrls?: string[] | undefined;
3126
+ controllerImage?: string | undefined;
3127
+ runtimeClassName?: string | undefined;
3128
+ createRuntimeClass?: boolean | undefined;
3129
+ runtimeClassHandler?: string | undefined;
3130
+ waitTimeoutSeconds?: number | undefined;
3131
+ nodeSelector?: Record<string, string> | undefined;
3132
+ smokeTest?: boolean | undefined;
3133
+ smokeImage?: string | undefined;
3134
+ }>]>>;
3135
+ }, "strip", z.ZodTypeAny, {
3136
+ sandbox?: boolean | {
3137
+ version: string;
3138
+ enabled: boolean;
3139
+ required: boolean;
3140
+ install: boolean;
3141
+ runtimeClassName: string;
3142
+ createRuntimeClass: boolean;
3143
+ runtimeClassHandler: string;
3144
+ waitTimeoutSeconds: number;
3145
+ nodeSelector: Record<string, string>;
3146
+ smokeTest: boolean;
3147
+ smokeImage: string;
3148
+ manifestUrls?: string[] | undefined;
3149
+ controllerImage?: string | undefined;
3150
+ } | undefined;
3151
+ }, {
3152
+ sandbox?: boolean | {
3153
+ version?: string | undefined;
3154
+ enabled?: boolean | undefined;
3155
+ required?: boolean | undefined;
3156
+ install?: boolean | undefined;
3157
+ manifestUrls?: string[] | undefined;
3158
+ controllerImage?: string | undefined;
3159
+ runtimeClassName?: string | undefined;
3160
+ createRuntimeClass?: boolean | undefined;
3161
+ runtimeClassHandler?: string | undefined;
3162
+ waitTimeoutSeconds?: number | undefined;
3163
+ nodeSelector?: Record<string, string> | undefined;
3164
+ smokeTest?: boolean | undefined;
3165
+ smokeImage?: string | undefined;
3166
+ } | undefined;
2128
3167
  }>>;
2129
3168
  }, "strip", z.ZodTypeAny, {
2130
3169
  name: string;
@@ -2135,8 +3174,60 @@ declare const ClusterConfigSchema: z.ZodEffects<z.ZodObject<{
2135
3174
  user: string;
2136
3175
  role: "master" | "worker";
2137
3176
  password?: string | undefined;
3177
+ features?: {
3178
+ sandbox?: boolean | undefined;
3179
+ } | undefined;
3180
+ install?: {
3181
+ k3sVersion?: string | undefined;
3182
+ k3sChannel?: string | undefined;
3183
+ k3sChannelUrl?: string | undefined;
3184
+ k3sArtifactUrl?: string | undefined;
3185
+ k3sMirror?: string | undefined;
3186
+ systemDefaultRegistry?: string | undefined;
3187
+ pauseImage?: string | undefined;
3188
+ registries?: {
3189
+ mirrors?: Record<string, {
3190
+ endpoint: string[];
3191
+ }> | undefined;
3192
+ configs?: Record<string, {
3193
+ auth?: {
3194
+ password?: string | undefined;
3195
+ auth?: string | undefined;
3196
+ username?: string | undefined;
3197
+ identityToken?: string | undefined;
3198
+ } | undefined;
3199
+ tls?: {
3200
+ caFile?: string | undefined;
3201
+ certFile?: string | undefined;
3202
+ keyFile?: string | undefined;
3203
+ insecureSkipVerify?: boolean | undefined;
3204
+ } | undefined;
3205
+ }> | undefined;
3206
+ } | undefined;
3207
+ } | undefined;
2138
3208
  sshKeyPath?: string | undefined;
3209
+ sshKeyPassphrase?: string | undefined;
3210
+ sshAgent?: string | boolean | undefined;
3211
+ region?: string | undefined;
3212
+ labels?: Record<string, string> | undefined;
2139
3213
  }[];
3214
+ features?: {
3215
+ sandbox?: boolean | {
3216
+ version: string;
3217
+ enabled: boolean;
3218
+ required: boolean;
3219
+ install: boolean;
3220
+ runtimeClassName: string;
3221
+ createRuntimeClass: boolean;
3222
+ runtimeClassHandler: string;
3223
+ waitTimeoutSeconds: number;
3224
+ nodeSelector: Record<string, string>;
3225
+ smokeTest: boolean;
3226
+ smokeImage: string;
3227
+ manifestUrls?: string[] | undefined;
3228
+ controllerImage?: string | undefined;
3229
+ } | undefined;
3230
+ } | undefined;
2140
3231
  install?: {
2141
3232
  k3sVersion?: string | undefined;
2142
3233
  k3sChannel?: string | undefined;
@@ -2145,6 +3236,25 @@ declare const ClusterConfigSchema: z.ZodEffects<z.ZodObject<{
2145
3236
  k3sMirror?: string | undefined;
2146
3237
  systemDefaultRegistry?: string | undefined;
2147
3238
  pauseImage?: string | undefined;
3239
+ registries?: {
3240
+ mirrors?: Record<string, {
3241
+ endpoint: string[];
3242
+ }> | undefined;
3243
+ configs?: Record<string, {
3244
+ auth?: {
3245
+ password?: string | undefined;
3246
+ auth?: string | undefined;
3247
+ username?: string | undefined;
3248
+ identityToken?: string | undefined;
3249
+ } | undefined;
3250
+ tls?: {
3251
+ caFile?: string | undefined;
3252
+ certFile?: string | undefined;
3253
+ keyFile?: string | undefined;
3254
+ insecureSkipVerify?: boolean | undefined;
3255
+ } | undefined;
3256
+ }> | undefined;
3257
+ } | undefined;
2148
3258
  } | undefined;
2149
3259
  $schema?: string | undefined;
2150
3260
  }, {
@@ -2155,9 +3265,61 @@ declare const ClusterConfigSchema: z.ZodEffects<z.ZodObject<{
2155
3265
  role: "master" | "worker";
2156
3266
  password?: string | undefined;
2157
3267
  port?: number | undefined;
3268
+ features?: {
3269
+ sandbox?: boolean | undefined;
3270
+ } | undefined;
3271
+ install?: {
3272
+ k3sVersion?: string | undefined;
3273
+ k3sChannel?: string | undefined;
3274
+ k3sChannelUrl?: string | undefined;
3275
+ k3sArtifactUrl?: string | undefined;
3276
+ k3sMirror?: string | undefined;
3277
+ systemDefaultRegistry?: string | undefined;
3278
+ pauseImage?: string | undefined;
3279
+ registries?: {
3280
+ mirrors?: Record<string, {
3281
+ endpoint: string[];
3282
+ }> | undefined;
3283
+ configs?: Record<string, {
3284
+ auth?: {
3285
+ password?: string | undefined;
3286
+ auth?: string | undefined;
3287
+ username?: string | undefined;
3288
+ identityToken?: string | undefined;
3289
+ } | undefined;
3290
+ tls?: {
3291
+ caFile?: string | undefined;
3292
+ certFile?: string | undefined;
3293
+ keyFile?: string | undefined;
3294
+ insecureSkipVerify?: boolean | undefined;
3295
+ } | undefined;
3296
+ }> | undefined;
3297
+ } | undefined;
3298
+ } | undefined;
2158
3299
  sshKeyPath?: string | undefined;
3300
+ sshKeyPassphrase?: string | undefined;
3301
+ sshAgent?: string | boolean | undefined;
3302
+ region?: string | undefined;
3303
+ labels?: Record<string, string> | undefined;
2159
3304
  }[];
2160
3305
  provider?: "ssh" | undefined;
3306
+ features?: {
3307
+ sandbox?: boolean | {
3308
+ version?: string | undefined;
3309
+ enabled?: boolean | undefined;
3310
+ required?: boolean | undefined;
3311
+ install?: boolean | undefined;
3312
+ manifestUrls?: string[] | undefined;
3313
+ controllerImage?: string | undefined;
3314
+ runtimeClassName?: string | undefined;
3315
+ createRuntimeClass?: boolean | undefined;
3316
+ runtimeClassHandler?: string | undefined;
3317
+ waitTimeoutSeconds?: number | undefined;
3318
+ nodeSelector?: Record<string, string> | undefined;
3319
+ smokeTest?: boolean | undefined;
3320
+ smokeImage?: string | undefined;
3321
+ } | undefined;
3322
+ } | undefined;
2161
3323
  install?: {
2162
3324
  k3sVersion?: string | undefined;
2163
3325
  k3sChannel?: string | undefined;
@@ -2166,6 +3328,25 @@ declare const ClusterConfigSchema: z.ZodEffects<z.ZodObject<{
2166
3328
  k3sMirror?: string | undefined;
2167
3329
  systemDefaultRegistry?: string | undefined;
2168
3330
  pauseImage?: string | undefined;
3331
+ registries?: {
3332
+ mirrors?: Record<string, {
3333
+ endpoint: string[];
3334
+ }> | undefined;
3335
+ configs?: Record<string, {
3336
+ auth?: {
3337
+ password?: string | undefined;
3338
+ auth?: string | undefined;
3339
+ username?: string | undefined;
3340
+ identityToken?: string | undefined;
3341
+ } | undefined;
3342
+ tls?: {
3343
+ caFile?: string | undefined;
3344
+ certFile?: string | undefined;
3345
+ keyFile?: string | undefined;
3346
+ insecureSkipVerify?: boolean | undefined;
3347
+ } | undefined;
3348
+ }> | undefined;
3349
+ } | undefined;
2169
3350
  } | undefined;
2170
3351
  $schema?: string | undefined;
2171
3352
  }>, {
@@ -2177,8 +3358,60 @@ declare const ClusterConfigSchema: z.ZodEffects<z.ZodObject<{
2177
3358
  user: string;
2178
3359
  role: "master" | "worker";
2179
3360
  password?: string | undefined;
3361
+ features?: {
3362
+ sandbox?: boolean | undefined;
3363
+ } | undefined;
3364
+ install?: {
3365
+ k3sVersion?: string | undefined;
3366
+ k3sChannel?: string | undefined;
3367
+ k3sChannelUrl?: string | undefined;
3368
+ k3sArtifactUrl?: string | undefined;
3369
+ k3sMirror?: string | undefined;
3370
+ systemDefaultRegistry?: string | undefined;
3371
+ pauseImage?: string | undefined;
3372
+ registries?: {
3373
+ mirrors?: Record<string, {
3374
+ endpoint: string[];
3375
+ }> | undefined;
3376
+ configs?: Record<string, {
3377
+ auth?: {
3378
+ password?: string | undefined;
3379
+ auth?: string | undefined;
3380
+ username?: string | undefined;
3381
+ identityToken?: string | undefined;
3382
+ } | undefined;
3383
+ tls?: {
3384
+ caFile?: string | undefined;
3385
+ certFile?: string | undefined;
3386
+ keyFile?: string | undefined;
3387
+ insecureSkipVerify?: boolean | undefined;
3388
+ } | undefined;
3389
+ }> | undefined;
3390
+ } | undefined;
3391
+ } | undefined;
2180
3392
  sshKeyPath?: string | undefined;
3393
+ sshKeyPassphrase?: string | undefined;
3394
+ sshAgent?: string | boolean | undefined;
3395
+ region?: string | undefined;
3396
+ labels?: Record<string, string> | undefined;
2181
3397
  }[];
3398
+ features?: {
3399
+ sandbox?: boolean | {
3400
+ version: string;
3401
+ enabled: boolean;
3402
+ required: boolean;
3403
+ install: boolean;
3404
+ runtimeClassName: string;
3405
+ createRuntimeClass: boolean;
3406
+ runtimeClassHandler: string;
3407
+ waitTimeoutSeconds: number;
3408
+ nodeSelector: Record<string, string>;
3409
+ smokeTest: boolean;
3410
+ smokeImage: string;
3411
+ manifestUrls?: string[] | undefined;
3412
+ controllerImage?: string | undefined;
3413
+ } | undefined;
3414
+ } | undefined;
2182
3415
  install?: {
2183
3416
  k3sVersion?: string | undefined;
2184
3417
  k3sChannel?: string | undefined;
@@ -2187,6 +3420,25 @@ declare const ClusterConfigSchema: z.ZodEffects<z.ZodObject<{
2187
3420
  k3sMirror?: string | undefined;
2188
3421
  systemDefaultRegistry?: string | undefined;
2189
3422
  pauseImage?: string | undefined;
3423
+ registries?: {
3424
+ mirrors?: Record<string, {
3425
+ endpoint: string[];
3426
+ }> | undefined;
3427
+ configs?: Record<string, {
3428
+ auth?: {
3429
+ password?: string | undefined;
3430
+ auth?: string | undefined;
3431
+ username?: string | undefined;
3432
+ identityToken?: string | undefined;
3433
+ } | undefined;
3434
+ tls?: {
3435
+ caFile?: string | undefined;
3436
+ certFile?: string | undefined;
3437
+ keyFile?: string | undefined;
3438
+ insecureSkipVerify?: boolean | undefined;
3439
+ } | undefined;
3440
+ }> | undefined;
3441
+ } | undefined;
2190
3442
  } | undefined;
2191
3443
  $schema?: string | undefined;
2192
3444
  }, {
@@ -2197,9 +3449,61 @@ declare const ClusterConfigSchema: z.ZodEffects<z.ZodObject<{
2197
3449
  role: "master" | "worker";
2198
3450
  password?: string | undefined;
2199
3451
  port?: number | undefined;
3452
+ features?: {
3453
+ sandbox?: boolean | undefined;
3454
+ } | undefined;
3455
+ install?: {
3456
+ k3sVersion?: string | undefined;
3457
+ k3sChannel?: string | undefined;
3458
+ k3sChannelUrl?: string | undefined;
3459
+ k3sArtifactUrl?: string | undefined;
3460
+ k3sMirror?: string | undefined;
3461
+ systemDefaultRegistry?: string | undefined;
3462
+ pauseImage?: string | undefined;
3463
+ registries?: {
3464
+ mirrors?: Record<string, {
3465
+ endpoint: string[];
3466
+ }> | undefined;
3467
+ configs?: Record<string, {
3468
+ auth?: {
3469
+ password?: string | undefined;
3470
+ auth?: string | undefined;
3471
+ username?: string | undefined;
3472
+ identityToken?: string | undefined;
3473
+ } | undefined;
3474
+ tls?: {
3475
+ caFile?: string | undefined;
3476
+ certFile?: string | undefined;
3477
+ keyFile?: string | undefined;
3478
+ insecureSkipVerify?: boolean | undefined;
3479
+ } | undefined;
3480
+ }> | undefined;
3481
+ } | undefined;
3482
+ } | undefined;
2200
3483
  sshKeyPath?: string | undefined;
3484
+ sshKeyPassphrase?: string | undefined;
3485
+ sshAgent?: string | boolean | undefined;
3486
+ region?: string | undefined;
3487
+ labels?: Record<string, string> | undefined;
2201
3488
  }[];
2202
3489
  provider?: "ssh" | undefined;
3490
+ features?: {
3491
+ sandbox?: boolean | {
3492
+ version?: string | undefined;
3493
+ enabled?: boolean | undefined;
3494
+ required?: boolean | undefined;
3495
+ install?: boolean | undefined;
3496
+ manifestUrls?: string[] | undefined;
3497
+ controllerImage?: string | undefined;
3498
+ runtimeClassName?: string | undefined;
3499
+ createRuntimeClass?: boolean | undefined;
3500
+ runtimeClassHandler?: string | undefined;
3501
+ waitTimeoutSeconds?: number | undefined;
3502
+ nodeSelector?: Record<string, string> | undefined;
3503
+ smokeTest?: boolean | undefined;
3504
+ smokeImage?: string | undefined;
3505
+ } | undefined;
3506
+ } | undefined;
2203
3507
  install?: {
2204
3508
  k3sVersion?: string | undefined;
2205
3509
  k3sChannel?: string | undefined;
@@ -2208,6 +3512,25 @@ declare const ClusterConfigSchema: z.ZodEffects<z.ZodObject<{
2208
3512
  k3sMirror?: string | undefined;
2209
3513
  systemDefaultRegistry?: string | undefined;
2210
3514
  pauseImage?: string | undefined;
3515
+ registries?: {
3516
+ mirrors?: Record<string, {
3517
+ endpoint: string[];
3518
+ }> | undefined;
3519
+ configs?: Record<string, {
3520
+ auth?: {
3521
+ password?: string | undefined;
3522
+ auth?: string | undefined;
3523
+ username?: string | undefined;
3524
+ identityToken?: string | undefined;
3525
+ } | undefined;
3526
+ tls?: {
3527
+ caFile?: string | undefined;
3528
+ certFile?: string | undefined;
3529
+ keyFile?: string | undefined;
3530
+ insecureSkipVerify?: boolean | undefined;
3531
+ } | undefined;
3532
+ }> | undefined;
3533
+ } | undefined;
2211
3534
  } | undefined;
2212
3535
  $schema?: string | undefined;
2213
3536
  }>;
@@ -2219,6 +3542,15 @@ interface ClusterMeta {
2219
3542
  nodeCount: number;
2220
3543
  createdAt: string;
2221
3544
  kubeconfigPath: string;
3545
+ configHash?: string;
3546
+ features?: {
3547
+ sandbox?: {
3548
+ enabled: boolean;
3549
+ version?: string;
3550
+ runtimeClassName?: string;
3551
+ nodeSelector?: Record<string, string>;
3552
+ };
3553
+ };
2222
3554
  }
2223
3555
 
2224
3556
  /**
@@ -2572,6 +3904,11 @@ declare class K8sService {
2572
3904
  timeoutMs?: number;
2573
3905
  intervalMs?: number;
2574
3906
  }): Promise<AgentSandboxStatus>;
3907
+ checkAgentSandboxPreflight(options?: {
3908
+ kubeconfig?: string;
3909
+ runtimeClassName?: string;
3910
+ runtimeClassNames?: string[];
3911
+ }): AgentSandboxPreflightResult;
2575
3912
  restorePvcFromVolumeSnapshot(options: {
2576
3913
  namespace: string;
2577
3914
  pvcName: string;