@sooneocean/agw 1.4.0

package/src/cli/commands/daemon.ts

@@ -0,0 +1,110 @@
+import type { Command } from 'commander';
+import { spawn } from 'node:child_process';
+import fs from 'node:fs';
+import path from 'node:path';
+import os from 'node:os';
+
+const AGW_DIR = path.join(os.homedir(), '.agw');
+const PID_FILE = path.join(AGW_DIR, 'daemon.pid');
+
+export function registerDaemonCommand(program: Command): void {
+  const cmd = program
+    .command('daemon')
+    .description('Manage the AGW daemon');
+
+  cmd
+    .command('start')
+    .description('Start the daemon')
+    .option('-d', 'Run as background daemon')
+    .option('--port <port>', 'Port to listen on')
+    .action(async (options: { d?: boolean; port?: string }) => {
+      if (isRunning()) {
+        console.log('Daemon is already running.');
+        return;
+      }
+
+      if (!fs.existsSync(AGW_DIR)) {
+        fs.mkdirSync(AGW_DIR, { recursive: true });
+      }
+
+      if (options.port) {
+        process.env.AGW_PORT = options.port;
+      }
+
+      if (options.d) {
+        // Daemonize
+        const serverPath = path.resolve(import.meta.dirname, '../../daemon/server.js');
+        const child = spawn('tsx', [serverPath], {
+          detached: true,
+          stdio: 'ignore',
+          env: { ...process.env },
+        });
+        child.unref();
+        if (child.pid) {
+          fs.writeFileSync(PID_FILE, String(child.pid));
+          console.log(`Daemon started (PID: ${child.pid})`);
+        }
+      } else {
+        // Foreground
+        console.log('Starting daemon in foreground...');
+        const { buildServer } = await import('../../daemon/server.js');
+        const { loadConfig } = await import('../../config.js');
+        const config = loadConfig(path.join(AGW_DIR, 'config.json'));
+        const port = options.port ? parseInt(options.port) : config.port;
+        const app = await buildServer();
+        await app.listen({ port, host: '127.0.0.1' });
+        console.log(`AGW daemon listening on http://127.0.0.1:${port}`);
+        fs.writeFileSync(PID_FILE, String(process.pid));
+
+        const cleanup = async () => {
+          await app.close();
+          if (fs.existsSync(PID_FILE)) fs.unlinkSync(PID_FILE);
+          process.exit(0);
+        };
+        process.on('SIGTERM', cleanup);
+        process.on('SIGINT', cleanup);
+      }
+    });
+
+  cmd
+    .command('stop')
+    .description('Stop the daemon')
+    .action(() => {
+      if (!fs.existsSync(PID_FILE)) {
+        console.log('No daemon running.');
+        return;
+      }
+      const pid = parseInt(fs.readFileSync(PID_FILE, 'utf-8'));
+      try {
+        process.kill(pid, 'SIGTERM');
+        fs.unlinkSync(PID_FILE);
+        console.log(`Daemon stopped (PID: ${pid})`);
+      } catch {
+        fs.unlinkSync(PID_FILE);
+        console.log('Daemon was not running (stale PID file removed).');
+      }
+    });
+
+  cmd
+    .command('status')
+    .description('Check daemon status')
+    .action(() => {
+      if (isRunning()) {
+        const pid = fs.readFileSync(PID_FILE, 'utf-8').trim();
+        console.log(`Daemon is running (PID: ${pid})`);
+      } else {
+        console.log('Daemon is not running.');
+      }
+    });
+}
+
+function isRunning(): boolean {
+  if (!fs.existsSync(PID_FILE)) return false;
+  const pid = parseInt(fs.readFileSync(PID_FILE, 'utf-8'));
+  try {
+    process.kill(pid, 0); // Check if process exists
+    return true;
+  } catch {
+    return false;
+  }
+}

package/src/cli/commands/history.ts

@@ -0,0 +1,29 @@
+import type { Command } from 'commander';
+import { HttpClient } from '../http-client.js';
+import type { TaskDescriptor } from '../../types.js';
+
+export function registerHistoryCommand(program: Command): void {
+  program
+    .command('history')
+    .description('List recent tasks')
+    .option('--limit <n>', 'Number of tasks', '20')
+    .action(async (options: { limit: string }) => {
+      const client = new HttpClient();
+      try {
+        const tasks = await client.get<TaskDescriptor[]>(`/tasks?limit=${options.limit}`);
+        if (tasks.length === 0) {
+          console.log('No tasks yet.');
+          return;
+        }
+        console.log('ID           Status     Agent     Prompt');
+        console.log('─'.repeat(60));
+        for (const t of tasks) {
+          const prompt = t.prompt.length > 30 ? t.prompt.slice(0, 30) + '...' : t.prompt;
+          console.log(`${t.taskId}  ${t.status.padEnd(10)} ${(t.assignedAgent ?? '-').padEnd(9)} ${prompt}`);
+        }
+      } catch (err) {
+        console.error(`Error: ${(err as Error).message}`);
+        process.exit(1);
+      }
+    });
+}

package/src/cli/commands/run.ts

@@ -0,0 +1,59 @@
+import type { Command } from 'commander';
+import { HttpClient } from '../http-client.js';
+import type { TaskDescriptor } from '../../types.js';
+
+export function registerRunCommand(program: Command): void {
+  program
+    .command('run <prompt...>')
+    .description('Submit a task to an agent')
+    .option('--agent <id>', 'Override agent selection')
+    .option('--background', 'Run in background, return taskId')
+    .option('--cwd <path>', 'Working directory for the agent')
+    .option('--priority <n>', 'Task priority 1-5 (default 3)', '3')
+    .action(async (promptParts: string[], options: { agent?: string; background?: boolean; cwd?: string; priority?: string }) => {
+      const client = new HttpClient();
+      let prompt = promptParts.join(' ');
+
+      // Read stdin if piped
+      if (!process.stdin.isTTY) {
+        const chunks: Buffer[] = [];
+        for await (const chunk of process.stdin) chunks.push(chunk as Buffer);
+        const stdin = Buffer.concat(chunks).toString();
+        if (stdin.trim()) prompt = `${prompt}\n\n${stdin}`;
+      }
+
+      try {
+        const task = await client.post<TaskDescriptor>('/tasks', {
+          prompt,
+          preferredAgent: options.agent,
+          workingDirectory: options.cwd,
+          priority: parseInt(options.priority ?? '3', 10),
+        });
+
+        if (options.background) {
+          console.log(`✓ Task submitted  taskId: ${task.taskId}`);
+          console.log(`  Check status: agw status ${task.taskId}`);
+        } else {
+          if (task.assignedAgent) {
+            console.log(`→ ${task.assignedAgent} (${task.routingReason ?? ''})`);
+          }
+          console.log('─'.repeat(40));
+          if (task.result) {
+            if (task.result.stdout) console.log(task.result.stdout);
+            if (task.result.stderr) console.error(task.result.stderr);
+            console.log('─'.repeat(40));
+            const tokens = task.result.tokenEstimate ? `  ~${task.result.tokenEstimate} tokens` : '';
+            const cost = task.result.costEstimate ? `  ~$${task.result.costEstimate.toFixed(3)}` : '';
+            const status = task.result.exitCode === 0 ? '✓ Done' : '✗ Failed';
+            console.log(`${status}  ${(task.result.durationMs / 1000).toFixed(0)}s${tokens}${cost}`);
+          }
+        }
+      } catch (err) {
+        console.error(`Error: ${(err as Error).message}`);
+        if ((err as Error).message.includes('fetch failed') || (err as Error).message.includes('ECONNREFUSED')) {
+          console.error('Daemon not started. Run: agw daemon start');
+        }
+        process.exit(1);
+      }
+    });
+}

package/src/cli/commands/status.ts

@@ -0,0 +1,29 @@
+import type { Command } from 'commander';
+import { HttpClient } from '../http-client.js';
+import type { TaskDescriptor } from '../../types.js';
+
+export function registerStatusCommand(program: Command): void {
+  program
+    .command('status <taskId>')
+    .description('Check task status')
+    .action(async (taskId: string) => {
+      const client = new HttpClient();
+      try {
+        const task = await client.get<TaskDescriptor>(`/tasks/${taskId}`);
+        console.log(`Task:   ${task.taskId}`);
+        console.log(`Status: ${task.status}`);
+        console.log(`Agent:  ${task.assignedAgent ?? 'not assigned'}`);
+        if (task.result) {
+          console.log(`Exit:   ${task.result.exitCode}`);
+          console.log(`Time:   ${(task.result.durationMs / 1000).toFixed(1)}s`);
+          if (task.result.stdout) {
+            console.log('─'.repeat(40));
+            console.log(task.result.stdout);
+          }
+        }
+      } catch (err) {
+        console.error(`Error: ${(err as Error).message}`);
+        process.exit(1);
+      }
+    });
+}

package/src/cli/commands/workflow.ts

@@ -0,0 +1,73 @@
+import type { Command } from 'commander';
+import { HttpClient } from '../http-client.js';
+import type { WorkflowDescriptor } from '../../types.js';
+
+export function registerWorkflowCommand(program: Command): void {
+  const wf = program
+    .command('workflow')
+    .description('Manage multi-step workflows');
+
+  wf.command('run')
+    .description('Create and run a workflow from JSON')
+    .argument('<json>', 'Workflow JSON: { name, steps: [{ prompt, preferredAgent? }], mode? }')
+    .option('--cwd <path>', 'Working directory')
+    .option('--priority <n>', 'Priority 1-5', '3')
+    .action(async (json: string, options: { cwd?: string; priority?: string }) => {
+      const client = new HttpClient();
+      try {
+        const body = JSON.parse(json);
+        body.workingDirectory = options.cwd;
+        body.priority = parseInt(options.priority ?? '3', 10);
+
+        const wf = await client.post<WorkflowDescriptor>('/workflows', body);
+        console.log(`Workflow: ${wf.workflowId}  ${wf.name}`);
+        console.log(`Status:   ${wf.status}`);
+        console.log(`Steps:    ${wf.steps.length} (${wf.mode})`);
+        console.log(`Tasks:    ${wf.taskIds.join(', ') || 'none'}`);
+      } catch (err) {
+        console.error(`Error: ${(err as Error).message}`);
+        process.exit(1);
+      }
+    });
+
+  wf.command('status')
+    .description('Get workflow status')
+    .argument('<id>', 'Workflow ID')
+    .action(async (id: string) => {
+      const client = new HttpClient();
+      try {
+        const wf = await client.get<WorkflowDescriptor>(`/workflows/${id}`);
+        console.log(`Workflow: ${wf.workflowId}`);
+        console.log(`Name:     ${wf.name}`);
+        console.log(`Mode:     ${wf.mode}`);
+        console.log(`Status:   ${wf.status}`);
+        console.log(`Progress: ${wf.currentStep + 1}/${wf.steps.length}`);
+        console.log(`Tasks:    ${wf.taskIds.join(', ') || 'none'}`);
+      } catch (err) {
+        console.error(`Error: ${(err as Error).message}`);
+        process.exit(1);
+      }
+    });
+
+  wf.command('list')
+    .description('List workflows')
+    .option('--limit <n>', 'Number of workflows', '20')
+    .action(async (options: { limit?: string }) => {
+      const client = new HttpClient();
+      try {
+        const wfs = await client.get<WorkflowDescriptor[]>(`/workflows?limit=${options.limit ?? '20'}`);
+        if (wfs.length === 0) {
+          console.log('No workflows found.');
+          return;
+        }
+        console.log('ID           Status     Mode        Name');
+        console.log('─'.repeat(60));
+        for (const w of wfs) {
+          console.log(`${w.workflowId}  ${w.status.padEnd(10)} ${w.mode.padEnd(11)} ${w.name}`);
+        }
+      } catch (err) {
+        console.error(`Error: ${(err as Error).message}`);
+        process.exit(1);
+      }
+    });
+}

package/src/cli/error-handler.ts

@@ -0,0 +1,8 @@
+export function handleCliError(err: unknown): never {
+  const message = (err as Error).message;
+  console.error(`Error: ${message}`);
+  if (message.includes('fetch failed') || message.includes('ECONNREFUSED')) {
+    console.error('Daemon not started. Run: agw daemon start');
+  }
+  process.exit(1);
+}

package/src/cli/http-client.ts

@@ -0,0 +1,68 @@
+const DEFAULT_BASE = 'http://127.0.0.1:4927';
+
+export class HttpClient {
+  private authToken?: string;
+
+  constructor(private baseUrl: string = DEFAULT_BASE) {
+    this.authToken = process.env.AGW_AUTH_TOKEN;
+  }
+
+  private headers(extra?: Record<string, string>): Record<string, string> {
+    const h: Record<string, string> = { ...extra };
+    if (this.authToken) h['Authorization'] = `Bearer ${this.authToken}`;
+    return h;
+  }
+
+  async post<T>(path: string, body: unknown): Promise<T> {
+    const res = await fetch(`${this.baseUrl}${path}`, {
+      method: 'POST',
+      headers: this.headers({ 'Content-Type': 'application/json' }),
+      body: JSON.stringify(body),
+    });
+    if (!res.ok) {
+      const err = await res.json().catch(() => ({ error: res.statusText }));
+      throw new Error((err as { error?: string }).error ?? `HTTP ${res.status}`);
+    }
+    return res.json() as Promise<T>;
+  }
+
+  async get<T>(path: string): Promise<T> {
+    const res = await fetch(`${this.baseUrl}${path}`, {
+      headers: this.headers(),
+    });
+    if (!res.ok) {
+      const err = await res.json().catch(() => ({ error: res.statusText }));
+      throw new Error((err as { error?: string }).error ?? `HTTP ${res.status}`);
+    }
+    return res.json() as Promise<T>;
+  }
+
+  async stream(path: string, onEvent: (event: string, data: string) => void): Promise<void> {
+    const res = await fetch(`${this.baseUrl}${path}`, {
+      headers: this.headers({ Accept: 'text/event-stream' }),
+    });
+    if (!res.ok || !res.body) {
+      throw new Error(`Stream failed: HTTP ${res.status}`);
+    }
+    const reader = res.body.getReader();
+    const decoder = new TextDecoder();
+    let buffer = '';
+
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) break;
+      buffer += decoder.decode(value, { stream: true });
+
+      const parts = buffer.split('\n\n');
+      buffer = parts.pop() ?? '';
+
+      for (const part of parts) {
+        const eventMatch = part.match(/^event: (.+)$/m);
+        const dataMatch = part.match(/^data: (.+)$/m);
+        if (eventMatch && dataMatch) {
+          onEvent(eventMatch[1], dataMatch[1]);
+        }
+      }
+    }
+  }
+}

package/src/cli/index.ts

@@ -0,0 +1,28 @@
+import { Command } from 'commander';
+import { registerRunCommand } from './commands/run.js';
+import { registerStatusCommand } from './commands/status.js';
+import { registerHistoryCommand } from './commands/history.js';
+import { registerAgentsCommand } from './commands/agents.js';
+import { registerDaemonCommand } from './commands/daemon.js';
+import { registerCostsCommand } from './commands/costs.js';
+import { registerWorkflowCommand } from './commands/workflow.js';
+import { registerComboCommand } from './commands/combo.js';
+
+export function createCli(): Command {
+  const program = new Command();
+  program
+    .name('agw')
+    .description('Agent Gateway — route tasks to the best AI agent')
+    .version('0.3.0');
+
+  registerRunCommand(program);
+  registerStatusCommand(program);
+  registerHistoryCommand(program);
+  registerAgentsCommand(program);
+  registerDaemonCommand(program);
+  registerCostsCommand(program);
+  registerWorkflowCommand(program);
+  registerComboCommand(program);
+
+  return program;
+}

package/src/config.ts

@@ -0,0 +1,68 @@
+import fs from 'node:fs';
+import type { AppConfig, AgentConfig } from './types.js';
+
+const DEFAULT_AGENTS: Record<string, AgentConfig> = {
+  claude: { enabled: true, command: 'claude', args: [] },
+  codex: { enabled: true, command: 'codex', args: [] },
+  gemini: { enabled: true, command: 'gemini', args: [] },
+};
+
+const DEFAULTS: AppConfig = {
+  port: 4927,
+  anthropicApiKey: '',
+  routerModel: 'claude-haiku-4-5-20251001',
+  defaultTimeout: 300_000,
+  maxConcurrencyPerAgent: 3,
+  maxPromptLength: 100_000,
+  maxWorkflowSteps: 20,
+  agents: DEFAULT_AGENTS,
+};
+
+export function loadConfig(configPath: string): AppConfig {
+  let fileConfig: Partial<AppConfig> = {};
+
+  if (fs.existsSync(configPath)) {
+    try {
+      const raw = fs.readFileSync(configPath, 'utf-8');
+      fileConfig = JSON.parse(raw);
+    } catch {
+      // Ignore malformed config, use defaults
+    }
+  }
+
+  const agents: Record<string, AgentConfig> = { ...DEFAULT_AGENTS };
+  if (fileConfig.agents) {
+    for (const [id, agentConf] of Object.entries(fileConfig.agents)) {
+      agents[id] = { ...DEFAULT_AGENTS[id], ...agentConf };
+    }
+  }
+
+  const port = process.env.AGW_PORT
+    ? parseInt(process.env.AGW_PORT, 10)
+    : fileConfig.port ?? DEFAULTS.port;
+
+  const anthropicApiKey =
+    process.env.ANTHROPIC_API_KEY ??
+    fileConfig.anthropicApiKey ??
+    DEFAULTS.anthropicApiKey;
+
+  const authToken =
+    process.env.AGW_AUTH_TOKEN ??
+    fileConfig.authToken ??
+    undefined;
+
+  return {
+    port,
+    anthropicApiKey,
+    authToken,
+    routerModel: fileConfig.routerModel ?? DEFAULTS.routerModel,
+    defaultTimeout: fileConfig.defaultTimeout ?? DEFAULTS.defaultTimeout,
+    maxConcurrencyPerAgent: fileConfig.maxConcurrencyPerAgent ?? DEFAULTS.maxConcurrencyPerAgent,
+    dailyCostLimit: fileConfig.dailyCostLimit,
+    monthlyCostLimit: fileConfig.monthlyCostLimit,
+    allowedWorkspaces: fileConfig.allowedWorkspaces,
+    maxPromptLength: fileConfig.maxPromptLength ?? DEFAULTS.maxPromptLength,
+    maxWorkflowSteps: fileConfig.maxWorkflowSteps ?? DEFAULTS.maxWorkflowSteps,
+    agents,
+  };
+}

package/src/daemon/middleware/auth.ts

@@ -0,0 +1,35 @@
+import type { FastifyInstance } from 'fastify';
+import { timingSafeEqual } from 'node:crypto';
+
+function safeCompare(a: string, b: string): boolean {
+  if (a.length !== b.length) return false;
+  return timingSafeEqual(Buffer.from(a), Buffer.from(b));
+}
+
+export function registerAuthMiddleware(app: FastifyInstance, authToken?: string): void {
+  if (!authToken) {
+    // No auth — restrict to loopback only
+    app.addHook('onRequest', async (request, reply) => {
+      const ip = request.ip;
+      const isLoopback = ip === '127.0.0.1' || ip === '::1' || ip === '::ffff:127.0.0.1';
+      if (!isLoopback) {
+        return reply.status(403).send({
+          error: 'Auth token required for non-loopback access. Set AGW_AUTH_TOKEN.',
+        });
+      }
+    });
+    return;
+  }
+
+  const expected = `Bearer ${authToken}`;
+
+  app.addHook('onRequest', async (request, reply) => {
+    // Skip auth for Web UI static page (auth handled client-side via header)
+    if (request.url === '/ui') return;
+
+    const header = request.headers.authorization ?? '';
+    if (!safeCompare(header, expected)) {
+      return reply.status(401).send({ error: 'Unauthorized — invalid or missing token' });
+    }
+  });
+}

package/src/daemon/middleware/rate-limiter.ts

@@ -0,0 +1,63 @@
+import type { FastifyInstance } from 'fastify';
+
+interface TokenBucket {
+  tokens: number;
+  lastRefill: number;
+}
+
+export interface RateLimitConfig {
+  maxRequests: number;   // tokens per window
+  windowMs: number;      // refill interval in ms
+}
+
+const DEFAULT_CONFIG: RateLimitConfig = { maxRequests: 60, windowMs: 60_000 };
+
+export class RateLimiter {
+  private buckets = new Map<string, TokenBucket>();
+  private config: RateLimitConfig;
+
+  constructor(config?: Partial<RateLimitConfig>) {
+    this.config = { ...DEFAULT_CONFIG, ...config };
+  }
+
+  check(clientId: string): { allowed: boolean; remaining: number; resetMs: number } {
+    const now = Date.now();
+    let bucket = this.buckets.get(clientId);
+
+    if (!bucket) {
+      bucket = { tokens: this.config.maxRequests, lastRefill: now };
+      this.buckets.set(clientId, bucket);
+    }
+
+    // Refill
+    const elapsed = now - bucket.lastRefill;
+    if (elapsed >= this.config.windowMs) {
+      bucket.tokens = this.config.maxRequests;
+      bucket.lastRefill = now;
+    }
+
+    if (bucket.tokens > 0) {
+      bucket.tokens--;
+      return { allowed: true, remaining: bucket.tokens, resetMs: this.config.windowMs - (now - bucket.lastRefill) };
+    }
+
+    return { allowed: false, remaining: 0, resetMs: this.config.windowMs - (now - bucket.lastRefill) };
+  }
+}
+
+export function registerRateLimiter(app: FastifyInstance, config?: Partial<RateLimitConfig>): RateLimiter {
+  const limiter = new RateLimiter(config);
+
+  app.addHook('onRequest', async (request, reply) => {
+    if (request.method === 'GET') return; // Don't rate-limit reads
+    const clientId = request.ip;
+    const { allowed, remaining, resetMs } = limiter.check(clientId);
+    reply.header('X-RateLimit-Remaining', remaining);
+    reply.header('X-RateLimit-Reset', Math.ceil(resetMs / 1000));
+    if (!allowed) {
+      return reply.status(429).send({ error: 'Rate limit exceeded', retryAfterMs: resetMs });
+    }
+  });
+
+  return limiter;
+}

package/src/daemon/middleware/tenant.ts

@@ -0,0 +1,64 @@
+import type { FastifyInstance, FastifyRequest } from 'fastify';
+import { createHash } from 'node:crypto';
+
+export interface Tenant {
+  id: string;
+  name: string;
+  apiKey: string;
+  quotaDailyLimit?: number;
+  quotaMonthlyLimit?: number;
+  allowedAgents?: string[];
+  maxConcurrency?: number;
+}
+
+declare module 'fastify' {
+  interface FastifyRequest {
+    tenant?: Tenant;
+  }
+}
+
+export class TenantManager {
+  private tenants = new Map<string, Tenant>();
+  private keyIndex = new Map<string, string>(); // hashedKey → tenantId
+
+  addTenant(tenant: Tenant): void {
+    this.tenants.set(tenant.id, tenant);
+    const hash = createHash('sha256').update(tenant.apiKey).digest('hex');
+    this.keyIndex.set(hash, tenant.id);
+  }
+
+  removeTenant(id: string): void {
+    const tenant = this.tenants.get(id);
+    if (tenant) {
+      const hash = createHash('sha256').update(tenant.apiKey).digest('hex');
+      this.keyIndex.delete(hash);
+      this.tenants.delete(id);
+    }
+  }
+
+  resolveByApiKey(apiKey: string): Tenant | undefined {
+    const hash = createHash('sha256').update(apiKey).digest('hex');
+    const tenantId = this.keyIndex.get(hash);
+    return tenantId ? this.tenants.get(tenantId) : undefined;
+  }
+
+  getTenant(id: string): Tenant | undefined {
+    return this.tenants.get(id);
+  }
+
+  listTenants(): Tenant[] {
+    return Array.from(this.tenants.values()).map(t => ({ ...t, apiKey: '***' }));
+  }
+}
+
+export function registerTenantMiddleware(app: FastifyInstance, tenantManager: TenantManager): void {
+  if (tenantManager.listTenants().length === 0) return;
+
+  app.addHook('onRequest', async (request: FastifyRequest) => {
+    const header = request.headers.authorization;
+    if (!header?.startsWith('Bearer ')) return;
+    const key = header.slice(7);
+    const tenant = tenantManager.resolveByApiKey(key);
+    if (tenant) request.tenant = tenant;
+  });
+}

package/src/daemon/middleware/workspace.ts

@@ -0,0 +1,40 @@
+import fs from 'node:fs';
+import path from 'node:path';
+
+export function validateWorkspace(workingDirectory: string | undefined, allowedWorkspaces?: string[]): string {
+  const resolved = workingDirectory ?? process.cwd();
+
+  // Resolve to real path (follows symlinks, canonicalizes)
+  let realDir: string;
+  try {
+    realDir = fs.realpathSync(resolved);
+  } catch {
+    throw new Error(`Working directory does not exist: ${resolved}`);
+  }
+
+  // Verify it's a directory
+  if (!fs.statSync(realDir).isDirectory()) {
+    throw new Error(`Not a directory: ${resolved}`);
+  }
+
+  // If no allowedWorkspaces configured, allow any local directory
+  if (!allowedWorkspaces || allowedWorkspaces.length === 0) return realDir;
+
+  // Check if realDir is under any allowed workspace
+  for (const allowed of allowedWorkspaces) {
+    let realAllowed: string;
+    try {
+      realAllowed = fs.realpathSync(allowed);
+    } catch {
+      continue;
+    }
+    if (realDir === realAllowed || realDir.startsWith(realAllowed + path.sep)) {
+      return realDir;
+    }
+  }
+
+  throw new Error(
+    `Working directory ${resolved} is outside allowed workspaces. ` +
+    `Allowed: ${allowedWorkspaces.join(', ')}`
+  );
+}