@tpsdev-ai/agent 0.2.0 → 0.4.1

package/README.md

@@ -0,0 +1,54 @@
+# @tpsdev-ai/agent
+
+> Native TPS Agent Runtime — headless, mail-driven, sandbox-ready.
+
+The runtime library for building AI agents that run inside [TPS](https://github.com/tpsdev-ai/cli) branch offices. Provides the core primitives: event loop, mail I/O, memory, LLM provider management, tool registry, and governance boundaries.
+
+## Install
+
+```bash
+npm install @tpsdev-ai/agent
+```
+
+## What's Inside
+
+| Module | Description |
+|--------|-------------|
+| `AgentRuntime` | Main lifecycle manager — boot, run, shutdown |
+| `EventLoop` | Mail-driven event processing with backpressure |
+| `MailClient` | Async Maildir-based messaging (send/receive/queue) |
+| `MemoryStore` | Append-only memory with tail-read and size caps |
+| `ContextManager` | Workspace context injection and brief generation |
+| `ProviderManager` | Multi-provider LLM access (Anthropic, OpenAI, Google, Ollama) |
+| `ToolRegistry` | Capability registration with boundary enforcement |
+| `BoundaryManager` | Sandbox permission checks — filesystem, network, exec |
+| `ReviewGate` | Human-in-the-loop approval for sensitive operations |
+
+## Quick Example
+
+```typescript
+import { AgentRuntime, MailClient, MemoryStore } from "@tpsdev-ai/agent";
+
+const runtime = new AgentRuntime({
+  agentId: "researcher",
+  workspace: "/home/researcher/.tps",
+  provider: { model: "claude-sonnet-4-20250514", provider: "anthropic" },
+});
+
+await runtime.boot();
+await runtime.run(); // starts the mail-driven event loop
+```
+
+## Design Principles
+
+- **Mail-driven, not chat-driven.** Agents communicate through persistent async mail, not ephemeral conversations.
+- **Sandbox-first.** Every operation checks boundaries before executing. Works with `nono` profiles and Docker isolation.
+- **No shared memory.** Agents are isolated by default. Coordination happens through mail and git, not shared state.
+
+## Used By
+
+- [`@tpsdev-ai/cli`](https://www.npmjs.com/package/@tpsdev-ai/cli) — the TPS command-line interface
+
+## License
+
+Apache-2.0

package/dist/bin.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=bin.d.ts.map

package/dist/bin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bin.d.ts","sourceRoot":"","sources":["../src/bin.ts"],"names":[],"mappings":""}

package/dist/bin.js

@@ -0,0 +1,32 @@
+#!/usr/bin/env node
+import { AgentRuntime } from "./runtime/agent.js";
+import { loadAgentConfig } from "./config.js";
+function usage() {
+    console.error("Usage: tps-agent run --config <agent.yaml> --message <text>");
+    process.exit(1);
+}
+async function main() {
+    const args = process.argv.slice(2);
+    const cmd = args[0];
+    if (cmd !== "run") {
+        usage();
+    }
+    const configIdx = args.indexOf("--config");
+    const msgIdx = args.indexOf("--message");
+    if (configIdx < 0 || msgIdx < 0) {
+        usage();
+    }
+    const configPath = args[configIdx + 1];
+    const message = args.slice(msgIdx + 1).join(" ");
+    if (!configPath || !message) {
+        usage();
+    }
+    const config = loadAgentConfig(configPath);
+    const runtime = new AgentRuntime(config);
+    await runtime.runOnce(message);
+}
+main().catch((err) => {
+    console.error(err?.message || err);
+    process.exit(1);
+});
+//# sourceMappingURL=bin.js.map

package/dist/bin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bin.js","sourceRoot":"","sources":["../src/bin.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE9C,SAAS,KAAK;IACZ,OAAO,CAAC,KAAK,CAAC,6DAA6D,CAAC,CAAC;IAC7E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IAEpB,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;QAClB,KAAK,EAAE,CAAC;IACV,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAEzC,IAAI,SAAS,GAAG,CAAC,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,KAAK,EAAE,CAAC;IACV,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC;IACvC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEjD,IAAI,CAAC,UAAU,IAAI,CAAC,OAAO,EAAE,CAAC;QAC5B,KAAK,EAAE,CAAC;IACV,CAAC;IAED,MAAM,MAAM,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;IACzC,MAAM,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AACjC,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,OAAO,IAAI,GAAG,CAAC,CAAC;IACnC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/config.d.ts

@@ -0,0 +1,23 @@
+import type { AgentConfig } from "./runtime/types.js";
+export interface AgentRuntimeConfig {
+    agentId: string;
+    name: string;
+    mailDir: string;
+    memoryPath?: string;
+    workspace: string;
+    systemPrompt?: string;
+    llm: {
+        provider: "anthropic" | "google" | "openai" | "ollama";
+        model: string;
+        apiKey?: string;
+        baseUrl?: string;
+    };
+    contextWindowTokens?: number;
+    maxTokens?: number;
+    tools?: Array<"read" | "write" | "edit" | "exec" | "mail">;
+    execAllowlist?: string[];
+}
+export declare function loadAgentConfig(path: string): AgentConfig;
+export declare function defaultMemoryPath(workspace: string): string;
+export declare function normalizeConfigObject(value: unknown): AgentRuntimeConfig;
+//# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEtD,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,GAAG,EAAE;QACH,QAAQ,EAAE,WAAW,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;QACvD,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC,CAAC;IAC3D,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,WAAW,CA2BzD;AAED,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAG3D;AAED,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,OAAO,GAAG,kBAAkB,CAKxE"}

package/dist/config.js

@@ -0,0 +1,39 @@
+import { readFileSync } from "node:fs";
+import yaml from "js-yaml";
+import { createHash } from "node:crypto";
+export function loadAgentConfig(path) {
+    const raw = readFileSync(path, "utf-8");
+    const parsed = (yaml.load(raw) ?? {});
+    const workspace = String(parsed.workspace || parsed.repo || process.cwd());
+    const memoryPath = parsed.memoryPath || `${workspace}/.openclaw/agent.memory.jsonl`;
+    const agent = {
+        agentId: String(parsed.agentId || parsed.id || "agent"),
+        name: String(parsed.name || parsed.agentId || "agent"),
+        workspace,
+        mailDir: String(parsed.mailDir || `${workspace}/mail`),
+        memoryPath: String(memoryPath),
+        systemPrompt: parsed.systemPrompt ? String(parsed.systemPrompt) : undefined,
+        contextWindowTokens: parsed.contextWindowTokens ? Number(parsed.contextWindowTokens) : 8192,
+        maxTokens: parsed.maxTokens ? Number(parsed.maxTokens) : 1024,
+        tools: parsed.tools ?? ["read", "write", "edit", "exec", "mail"],
+        execAllowlist: parsed.execAllowlist,
+        llm: {
+            provider: parsed.llm?.provider || parsed.provider || "openai",
+            model: parsed.llm?.model || parsed.model || "gpt-4o-mini",
+            apiKey: parsed.llm?.apiKey || parsed.apiKey,
+            baseUrl: parsed.llm?.baseUrl || parsed.baseUrl,
+        },
+    };
+    return agent;
+}
+export function defaultMemoryPath(workspace) {
+    const digest = createHash("sha1").update(workspace).digest("hex").slice(0, 8);
+    return `${workspace}/.openclaw/memory-${digest}.jsonl`;
+}
+export function normalizeConfigObject(value) {
+    if (typeof value !== "object" || !value) {
+        throw new Error("Invalid agent config");
+    }
+    return value;
+}
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,IAAI,MAAM,SAAS,CAAC;AAC3B,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAsBzC,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAwB,CAAC;IAE7D,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAC3E,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,GAAG,SAAS,+BAA+B,CAAC;IAEpF,MAAM,KAAK,GAAgB;QACzB,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,EAAE,IAAI,OAAO,CAAC;QACvD,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,OAAO,IAAI,OAAO,CAAC;QACtD,SAAS;QACT,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,GAAG,SAAS,OAAO,CAAC;QACtD,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC;QAC9B,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,SAAS;QAC3E,mBAAmB,EAAE,MAAM,CAAC,mBAAmB,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,IAAI;QAC3F,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI;QAC7D,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;QAChE,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,GAAG,EAAE;YACH,QAAQ,EAAE,MAAM,CAAC,GAAG,EAAE,QAAQ,IAAI,MAAM,CAAC,QAAQ,IAAI,QAAQ;YAC7D,KAAK,EAAE,MAAM,CAAC,GAAG,EAAE,KAAK,IAAI,MAAM,CAAC,KAAK,IAAI,aAAa;YACzD,MAAM,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,IAAI,MAAM,CAAC,MAAM;YAC3C,OAAO,EAAE,MAAM,CAAC,GAAG,EAAE,OAAO,IAAI,MAAM,CAAC,OAAO;SAC/C;KACF,CAAC;IAEF,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,SAAiB;IACjD,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC9E,OAAO,GAAG,SAAS,qBAAqB,MAAM,QAAQ,CAAC;AACzD,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,KAAc;IAClD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC1C,CAAC;IACD,OAAO,KAA2B,CAAC;AACrC,CAAC"}

package/dist/governance/boundary.d.ts

@@ -0,0 +1,30 @@
+/**
+ * BoundaryManager handles execution-time policy controls for security boundaries.
+ */
+export declare class BoundaryManager {
+    private readonly workspace;
+    private allowedNetworkHosts;
+    constructor(workspace: string);
+    addNetworkHost(host: string): void;
+    isNetworkAllowed(host: string): boolean;
+    /**
+     * Resolve a user requested filesystem path against workspace and ensure
+     * it cannot escape the workspace root.
+     */
+    resolveWorkspacePath(relativeOrAbsolutePath: string): string;
+    private isWithinWorkspace;
+    /**
+     * Verify that a command is safe before exec.
+     */
+    validateCommand(command: string, args: string[]): void;
+    /**
+     * Child processes must not inherit runtime secrets from the parent process.
+     */
+    scrubEnvironment(extraKeys?: string[]): NodeJS.ProcessEnv;
+    /** Returns human-readable boundaries for system prompts and audit logs. */
+    describeCapabilities(): string;
+    static isFileReadable(path: string): boolean;
+    static isFileWritable(path: string): boolean;
+    static canFollowSymlink(path: string): boolean;
+}
+//# sourceMappingURL=boundary.d.ts.map

package/dist/governance/boundary.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"boundary.d.ts","sourceRoot":"","sources":["../../src/governance/boundary.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,qBAAa,eAAe;IAGd,OAAO,CAAC,QAAQ,CAAC,SAAS;IAFtC,OAAO,CAAC,mBAAmB,CAAqB;gBAEnB,SAAS,EAAE,MAAM;IAE9C,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAIlC,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAIvC;;;OAGG;IACH,oBAAoB,CAAC,sBAAsB,EAAE,MAAM,GAAG,MAAM;IAsB5D,OAAO,CAAC,iBAAiB;IAOzB;;OAEG;IACH,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI;IAqBtD;;OAEG;IACH,gBAAgB,CAAC,SAAS,GAAE,MAAM,EAAO,GAAG,MAAM,CAAC,UAAU;IAmB7D,2EAA2E;IAC3E,oBAAoB,IAAI,MAAM;IAK9B,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAS5C,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAS5C,MAAM,CAAC,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;CAQ/C"}

package/dist/governance/boundary.js

@@ -0,0 +1,120 @@
+import { resolve, relative, isAbsolute, sep } from "node:path";
+import { accessSync, constants, existsSync, lstatSync, realpathSync } from "node:fs";
+/**
+ * BoundaryManager handles execution-time policy controls for security boundaries.
+ */
+export class BoundaryManager {
+    workspace;
+    allowedNetworkHosts = new Set();
+    constructor(workspace) {
+        this.workspace = workspace;
+    }
+    addNetworkHost(host) {
+        this.allowedNetworkHosts.add(host);
+    }
+    isNetworkAllowed(host) {
+        return this.allowedNetworkHosts.has(host) || this.allowedNetworkHosts.has("*");
+    }
+    /**
+     * Resolve a user requested filesystem path against workspace and ensure
+     * it cannot escape the workspace root.
+     */
+    resolveWorkspacePath(relativeOrAbsolutePath) {
+        const target = resolve(this.workspace, relativeOrAbsolutePath);
+        const workspaceReal = realpathSync(this.workspace);
+        let normalized = target;
+        if (existsSync(target)) {
+            normalized = realpathSync(target);
+        }
+        else {
+            // If target does not exist, resolve relative to existing parent.
+            const parent = resolve(target, "..");
+            if (existsSync(parent)) {
+                normalized = resolve(realpathSync(parent), target.slice(parent.length + 1));
+            }
+        }
+        if (!this.isWithinWorkspace(normalized, workspaceReal)) {
+            throw new Error(`Path traversal blocked: ${relativeOrAbsolutePath}`);
+        }
+        return target;
+    }
+    isWithinWorkspace(candidate, workspaceReal) {
+        const rel = relative(workspaceReal, candidate);
+        if (rel === "")
+            return true;
+        if (rel === ".." || rel.startsWith(`..${sep}`))
+            return false;
+        return !isAbsolute(rel);
+    }
+    /**
+     * Verify that a command is safe before exec.
+     */
+    validateCommand(command, args) {
+        if (!command) {
+            throw new Error("Exec requires a command");
+        }
+        const blockedFlags = ["--exec-path", "-e", "--eval", "-p", "-c", "/dev/fd", "--noprofile", "--norc", "node_options", "command="];
+        const tokens = [command, ...args].map((token) => String(token).toLowerCase());
+        for (const token of tokens) {
+            if (blockedFlags.includes(token) || token.includes("core.pager")) {
+                throw new Error(`Disallowed exec argument: ${token}`);
+            }
+        }
+        // Disallow attempts to execute compound expressions.
+        const full = tokens.join(" ");
+        if (full.includes("||") || full.includes("&&") || full.includes(";") || full.includes("|") || full.includes("$") || full.includes("`")) {
+            throw new Error(`Disallowed exec argument: ${full}`);
+        }
+    }
+    /**
+     * Child processes must not inherit runtime secrets from the parent process.
+     */
+    scrubEnvironment(extraKeys = []) {
+        const env = { ...process.env };
+        const denyPattern = /(API_KEY|APISECRET|SECRET|TOKEN|PASS|CREDENTIAL|AUTH)/i;
+        for (const key of Object.keys(env)) {
+            if (denyPattern.test(key)) {
+                delete env[key];
+            }
+        }
+        for (const key of extraKeys) {
+            if (key in env) {
+                delete env[key];
+            }
+        }
+        return env;
+    }
+    /** Returns human-readable boundaries for system prompts and audit logs. */
+    describeCapabilities() {
+        const nets = [...this.allowedNetworkHosts].join(", ") || "none";
+        return `Network access: ${nets}\nFilesystem access: ${this.workspace}`;
+    }
+    static isFileReadable(path) {
+        try {
+            accessSync(path, constants.R_OK);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    static isFileWritable(path) {
+        try {
+            accessSync(path, constants.W_OK);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    static canFollowSymlink(path) {
+        try {
+            const stat = lstatSync(path);
+            return !stat.isSymbolicLink();
+        }
+        catch {
+            return false;
+        }
+    }
+}
+//# sourceMappingURL=boundary.js.map

package/dist/governance/boundary.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"boundary.js","sourceRoot":"","sources":["../../src/governance/boundary.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,WAAW,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAErF;;GAEG;AACH,MAAM,OAAO,eAAe;IAGG;IAFrB,mBAAmB,GAAG,IAAI,GAAG,EAAU,CAAC;IAEhD,YAA6B,SAAiB;QAAjB,cAAS,GAAT,SAAS,CAAQ;IAAG,CAAC;IAElD,cAAc,CAAC,IAAY;QACzB,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC;IAED,gBAAgB,CAAC,IAAY;QAC3B,OAAO,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACjF,CAAC;IAED;;;OAGG;IACH,oBAAoB,CAAC,sBAA8B;QACjD,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,sBAAsB,CAAC,CAAC;QAC/D,MAAM,aAAa,GAAG,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAEnD,IAAI,UAAU,GAAG,MAAM,CAAC;QACxB,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACvB,UAAU,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;QACpC,CAAC;aAAM,CAAC;YACN,iEAAiE;YACjE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YACrC,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACvB,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;YAC9E,CAAC;QACH,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,CAAC;YACvD,MAAM,IAAI,KAAK,CAAC,2BAA2B,sBAAsB,EAAE,CAAC,CAAC;QACvE,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,iBAAiB,CAAC,SAAiB,EAAE,aAAqB;QAChE,MAAM,GAAG,GAAG,QAAQ,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;QAC/C,IAAI,GAAG,KAAK,EAAE;YAAE,OAAO,IAAI,CAAC;QAC5B,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,KAAK,GAAG,EAAE,CAAC;YAAE,OAAO,KAAK,CAAC;QAC7D,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,OAAe,EAAE,IAAc;QAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QAED,MAAM,YAAY,GAAG,CAAC,aAAa,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,aAAa,EAAE,QAAQ,EAAE,cAAc,EAAE,UAAU,CAAC,CAAC;QACjI,MAAM,MAAM,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAE9E,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,IAAI,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CAAC,6BAA6B,KAAK,EAAE,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;QAED,qDAAqD;QACrD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC9B,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAG,CAAC;YACxI,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,EAAE,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,YAAsB,EAAE;QACvC,MAAM,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,EAAuB,CAAC;QACpD,MAAM,WAAW,GAAG,wDAAwD,CAAC;QAE7E,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACnC,IAAI,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;QAED,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;YAC5B,IAAI,GAAG,IAAI,GAAG,EAAE,CAAC;gBACf,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED,2EAA2E;IAC3E,oBAAoB;QAClB,MAAM,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,mBAAmB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC;QAChE,OAAO,mBAAmB,IAAI,wBAAwB,IAAI,CAAC,SAAS,EAAE,CAAC;IACzE,CAAC;IAED,MAAM,CAAC,cAAc,CAAC,IAAY;QAChC,IAAI,CAAC;YACH,UAAU,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;YACjC,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,MAAM,CAAC,cAAc,CAAC,IAAY;QAChC,IAAI,CAAC;YACH,UAAU,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;YACjC,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,MAAM,CAAC,gBAAgB,CAAC,IAAY;QAClC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;YAC7B,OAAO,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}

package/dist/governance/review-gate.d.ts

@@ -0,0 +1,9 @@
+import type { MailClient } from "../io/mail.js";
+export declare class ReviewGate {
+    private readonly mail;
+    private readonly approverAddress;
+    constructor(mail: MailClient, approverAddress: string);
+    isHighRisk(toolName: string): boolean;
+    requestApproval(toolName: string, args: Record<string, unknown>): Promise<void>;
+}
+//# sourceMappingURL=review-gate.d.ts.map

package/dist/governance/review-gate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"review-gate.d.ts","sourceRoot":"","sources":["../../src/governance/review-gate.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAUhD,qBAAa,UAAU;IAEnB,OAAO,CAAC,QAAQ,CAAC,IAAI;IACrB,OAAO,CAAC,QAAQ,CAAC,eAAe;gBADf,IAAI,EAAE,UAAU,EAChB,eAAe,EAAE,MAAM;IAG1C,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAI/B,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;CAatF"}

package/dist/governance/review-gate.js

@@ -0,0 +1,28 @@
+/** Actions that must pause for human-in-the-loop approval. */
+const HIGH_RISK_ACTIONS = new Set([
+    "git_push",
+    "package_install",
+    "file_delete",
+    "exec_privileged",
+]);
+export class ReviewGate {
+    mail;
+    approverAddress;
+    constructor(mail, approverAddress) {
+        this.mail = mail;
+        this.approverAddress = approverAddress;
+    }
+    isHighRisk(toolName) {
+        return HIGH_RISK_ACTIONS.has(toolName);
+    }
+    async requestApproval(toolName, args) {
+        const body = JSON.stringify({
+            type: "approval_request",
+            tool: toolName,
+            args,
+            requestedAt: new Date().toISOString(),
+        }, null, 2);
+        await this.mail.sendMail(this.approverAddress, body);
+    }
+}
+//# sourceMappingURL=review-gate.js.map

package/dist/governance/review-gate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"review-gate.js","sourceRoot":"","sources":["../../src/governance/review-gate.ts"],"names":[],"mappings":"AAEA,8DAA8D;AAC9D,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,UAAU;IACV,iBAAiB;IACjB,aAAa;IACb,iBAAiB;CAClB,CAAC,CAAC;AAEH,MAAM,OAAO,UAAU;IAEF;IACA;IAFnB,YACmB,IAAgB,EAChB,eAAuB;QADvB,SAAI,GAAJ,IAAI,CAAY;QAChB,oBAAe,GAAf,eAAe,CAAQ;IACvC,CAAC;IAEJ,UAAU,CAAC,QAAgB;QACzB,OAAO,iBAAiB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,QAAgB,EAAE,IAA6B;QACnE,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CACzB;YACE,IAAI,EAAE,kBAAkB;YACxB,IAAI,EAAE,QAAQ;YACd,IAAI;YACJ,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACtC,EACD,IAAI,EACJ,CAAC,CACF,CAAC;QACF,MAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC;IACvD,CAAC;CACF"}

package/dist/index.d.ts

@@ -0,0 +1,16 @@
+export { AgentRuntime } from "./runtime/agent.js";
+export { EventLoop } from "./runtime/event-loop.js";
+export type { AgentConfig, LLMConfig, AgentState, CompletionRequest, CompletionResponse, ToolCall, ToolSpec, LLMMessage, ToolResult, } from "./runtime/types.js";
+export { MailClient } from "./io/mail.js";
+export type { MailMessage } from "./io/mail.js";
+export { MemoryStore } from "./io/memory.js";
+export type { MemoryEvent } from "./io/memory.js";
+export { ContextManager } from "./io/context.js";
+export { ProviderManager } from "./llm/provider.js";
+export { ToolRegistry } from "./tools/registry.js";
+export type { Tool } from "./tools/registry.js";
+export { createDefaultToolset } from "./tools/index.js";
+export { BoundaryManager } from "./governance/boundary.js";
+export { ReviewGate } from "./governance/review-gate.js";
+export { loadAgentConfig } from "./config.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACpD,YAAY,EACV,WAAW,EACX,SAAS,EACT,UAAU,EACV,iBAAiB,EACjB,kBAAkB,EAClB,QAAQ,EACR,QAAQ,EACR,UAAU,EACV,UAAU,GACX,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,YAAY,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,YAAY,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAGjD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAGpD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,YAAY,EAAE,IAAI,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAGxD,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAGzD,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC"}

package/dist/index.js

@@ -0,0 +1,19 @@
+// Public API for @tpsdev-ai/agent
+// Runtime
+export { AgentRuntime } from "./runtime/agent.js";
+export { EventLoop } from "./runtime/event-loop.js";
+// I/O
+export { MailClient } from "./io/mail.js";
+export { MemoryStore } from "./io/memory.js";
+export { ContextManager } from "./io/context.js";
+// LLM
+export { ProviderManager } from "./llm/provider.js";
+// Tools
+export { ToolRegistry } from "./tools/registry.js";
+export { createDefaultToolset } from "./tools/index.js";
+// Governance
+export { BoundaryManager } from "./governance/boundary.js";
+export { ReviewGate } from "./governance/review-gate.js";
+// Config
+export { loadAgentConfig } from "./config.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAElC,UAAU;AACV,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAapD,MAAM;AACN,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE1C,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAE7C,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEjD,MAAM;AACN,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEpD,QAAQ;AACR,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAEnD,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAExD,aAAa;AACb,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,SAAS;AACT,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC"}

package/dist/io/context.d.ts

@@ -0,0 +1,18 @@
+import type { MemoryStore, MemoryEvent } from "./memory.js";
+/**
+ * Sliding window context manager with token-based compaction.
+ */
+export declare class ContextManager {
+    private readonly memory;
+    private readonly windowTokens;
+    private encoder?;
+    constructor(memory: MemoryStore, windowTokens: number);
+    private getEncoder;
+    private countTokens;
+    /** Return recent events that fit within token window. */
+    getWindow(): Promise<MemoryEvent[]>;
+    /** Returns true if compaction is needed (>80% of window used). */
+    needsCompaction(): Promise<boolean>;
+    estimateTokenCount(): Promise<number>;
+}
+//# sourceMappingURL=context.d.ts.map

package/dist/io/context.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"context.d.ts","sourceRoot":"","sources":["../../src/io/context.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE5D;;GAEG;AACH,qBAAa,cAAc;IAIvB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,YAAY;IAJ/B,OAAO,CAAC,OAAO,CAAC,CAAiD;gBAG9C,MAAM,EAAE,WAAW,EACnB,YAAY,EAAE,MAAM;YAKzB,UAAU;YA4BV,WAAW;IAMzB,yDAAyD;IACnD,SAAS,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;IAmBzC,kEAAkE;IAC5D,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC;IAKnC,kBAAkB,IAAI,OAAO,CAAC,MAAM,CAAC;CAQ5C"}

package/dist/io/context.js

@@ -0,0 +1,76 @@
+/**
+ * Sliding window context manager with token-based compaction.
+ */
+export class ContextManager {
+    memory;
+    windowTokens;
+    encoder;
+    constructor(memory, windowTokens) {
+        this.memory = memory;
+        this.windowTokens = windowTokens;
+        this.encoder = undefined;
+    }
+    async getEncoder() {
+        if (this.encoder)
+            return this.encoder;
+        try {
+            const mod = await import("js-tiktoken");
+            const fn = mod.encodingForModel?.("gpt-4o") ||
+                mod.encoding_for_model?.("gpt-4o") ||
+                mod.getEncoding?.("cl100k_base");
+            if (fn) {
+                this.encoder = (text) => {
+                    const tokens = fn.encode(text);
+                    if (Array.isArray(tokens))
+                        return tokens;
+                    return [];
+                };
+                return this.encoder;
+            }
+        }
+        catch { }
+        // Fallback: approximate tokenization (4 chars ~= 1 token)
+        this.encoder = (text) => {
+            const count = Math.max(1, Math.ceil(text.length / 4));
+            return new Array(count);
+        };
+        return this.encoder;
+    }
+    async countTokens(text) {
+        const encode = await this.getEncoder();
+        const tokens = await encode(text);
+        return Array.isArray(tokens) ? tokens.length : 0;
+    }
+    /** Return recent events that fit within token window. */
+    async getWindow() {
+        const all = this.memory.readAll();
+        if (all.length === 0)
+            return [];
+        const budget = this.windowTokens;
+        let budgetRemaining = budget;
+        const window = [];
+        for (let i = all.length - 1; i >= 0; i--) {
+            const serialized = JSON.stringify(all[i]);
+            const tokenCount = await this.countTokens(serialized);
+            if (tokenCount > budgetRemaining)
+                break;
+            window.unshift(all[i]);
+            budgetRemaining -= tokenCount;
+        }
+        return window;
+    }
+    /** Returns true if compaction is needed (>80% of window used). */
+    async needsCompaction() {
+        const total = await this.estimateTokenCount();
+        return total > this.windowTokens * 0.8;
+    }
+    async estimateTokenCount() {
+        const events = this.memory.readAll();
+        let total = 0;
+        for (const event of events) {
+            total += await this.countTokens(JSON.stringify(event));
+        }
+        return total;
+    }
+}
+//# sourceMappingURL=context.js.map

package/dist/io/context.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"context.js","sourceRoot":"","sources":["../../src/io/context.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,OAAO,cAAc;IAIN;IACA;IAJX,OAAO,CAAkD;IAEjE,YACmB,MAAmB,EACnB,YAAoB;QADpB,WAAM,GAAN,MAAM,CAAa;QACnB,iBAAY,GAAZ,YAAY,CAAQ;QAErC,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC;IAC3B,CAAC;IAEO,KAAK,CAAC,UAAU;QACtB,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC,OAAO,CAAC;QAEtC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;YACxC,MAAM,EAAE,GACL,GAAW,CAAC,gBAAgB,EAAE,CAAC,QAAQ,CAAC;gBACxC,GAAW,CAAC,kBAAkB,EAAE,CAAC,QAAQ,CAAC;gBAC1C,GAAW,CAAC,WAAW,EAAE,CAAC,aAAa,CAAC,CAAC;YAE5C,IAAI,EAAE,EAAE,CAAC;gBACP,IAAI,CAAC,OAAO,GAAG,CAAC,IAAY,EAAE,EAAE;oBAC9B,MAAM,MAAM,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;oBAC/B,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;wBAAE,OAAO,MAAM,CAAC;oBACzC,OAAO,EAAE,CAAC;gBACZ,CAAC,CAAC;gBACF,OAAO,IAAI,CAAC,OAAO,CAAC;YACtB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;QAEV,0DAA0D;QAC1D,IAAI,CAAC,OAAO,GAAG,CAAC,IAAY,EAAE,EAAE;YAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;YACtD,OAAO,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC;QAC1B,CAAC,CAAC;QACF,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAEO,KAAK,CAAC,WAAW,CAAC,IAAY;QACpC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;QAClC,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IACnD,CAAC;IAED,yDAAyD;IACzD,KAAK,CAAC,SAAS;QACb,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QAClC,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAEhC,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC;QACjC,IAAI,eAAe,GAAG,MAAM,CAAC;QAC7B,MAAM,MAAM,GAAkB,EAAE,CAAC;QAEjC,KAAK,IAAI,CAAC,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1C,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;YACtD,IAAI,UAAU,GAAG,eAAe;gBAAE,MAAM;YACxC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAE,CAAC,CAAC;YACxB,eAAe,IAAI,UAAU,CAAC;QAChC,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,kEAAkE;IAClE,KAAK,CAAC,eAAe;QACnB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC9C,OAAO,KAAK,GAAG,IAAI,CAAC,YAAY,GAAG,GAAG,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,kBAAkB;QACtB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACrC,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,KAAK,IAAI,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;QACzD,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}

package/dist/io/mail.d.ts

@@ -0,0 +1,22 @@
+export interface MailMessage {
+    filename: string;
+    body: string;
+    receivedAt: Date;
+}
+/**
+ * Maildir-compatible mail client.
+ * Reads from mailDir/inbox/new and moves processed messages to mailDir/inbox/cur.
+ * Writes outgoing mail to mailDir/outbox/new.
+ */
+export declare class MailClient {
+    readonly mailDir: string;
+    private inboxNew;
+    private inboxCur;
+    private outboxNew;
+    constructor(mailDir: string);
+    /** Return all messages in inbox/new and move them to inbox/cur. */
+    checkNewMail(): Promise<MailMessage[]>;
+    /** Write a message to outbox/new for relay delivery. */
+    sendMail(to: string, body: string): Promise<void>;
+}
+//# sourceMappingURL=mail.d.ts.map

package/dist/io/mail.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mail.d.ts","sourceRoot":"","sources":["../../src/io/mail.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,IAAI,CAAC;CAClB;AAED;;;;GAIG;AACH,qBAAa,UAAU;aAKO,OAAO,EAAE,MAAM;IAJ3C,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,SAAS,CAAS;gBAEE,OAAO,EAAE,MAAM;IAU3C,mEAAmE;IAC7D,YAAY,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;IAiB5C,wDAAwD;IAClD,QAAQ,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CASxD"}

package/dist/io/mail.js

@@ -0,0 +1,45 @@
+import { existsSync, mkdirSync, readdirSync, renameSync, readFileSync } from "node:fs";
+import { join } from "node:path";
+/**
+ * Maildir-compatible mail client.
+ * Reads from mailDir/inbox/new and moves processed messages to mailDir/inbox/cur.
+ * Writes outgoing mail to mailDir/outbox/new.
+ */
+export class MailClient {
+    mailDir;
+    inboxNew;
+    inboxCur;
+    outboxNew;
+    constructor(mailDir) {
+        this.mailDir = mailDir;
+        this.inboxNew = join(mailDir, "inbox", "new");
+        this.inboxCur = join(mailDir, "inbox", "cur");
+        this.outboxNew = join(mailDir, "outbox", "new");
+        // Ensure directories exist
+        for (const dir of [this.inboxNew, this.inboxCur, this.outboxNew]) {
+            mkdirSync(dir, { recursive: true });
+        }
+    }
+    /** Return all messages in inbox/new and move them to inbox/cur. */
+    async checkNewMail() {
+        if (!existsSync(this.inboxNew))
+            return [];
+        const files = readdirSync(this.inboxNew).filter((f) => !f.startsWith(".") && !f.includes("/") && !f.includes("\\"));
+        const messages = [];
+        for (const file of files) {
+            const srcPath = join(this.inboxNew, file);
+            const dstPath = join(this.inboxCur, file);
+            const body = readFileSync(srcPath, "utf-8");
+            renameSync(srcPath, dstPath);
+            messages.push({ filename: file, body, receivedAt: new Date() });
+        }
+        return messages;
+    }
+    /** Write a message to outbox/new for relay delivery. */
+    async sendMail(to, body) {
+        const { writeFileSync } = await import("node:fs");
+        const filename = `${Date.now()}-${Math.random().toString(36).slice(2)}.json`;
+        writeFileSync(join(this.outboxNew, filename), JSON.stringify({ to, body, sentAt: new Date().toISOString() }, null, 2), "utf-8");
+    }
+}
+//# sourceMappingURL=mail.js.map

package/dist/io/mail.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mail.js","sourceRoot":"","sources":["../../src/io/mail.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvF,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAQjC;;;;GAIG;AACH,MAAM,OAAO,UAAU;IAKO;IAJpB,QAAQ,CAAS;IACjB,QAAQ,CAAS;IACjB,SAAS,CAAS;IAE1B,YAA4B,OAAe;QAAf,YAAO,GAAP,OAAO,CAAQ;QACzC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QAC9C,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QAC9C,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAChD,2BAA2B;QAC3B,KAAK,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YACjE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAED,mEAAmE;IACnE,KAAK,CAAC,YAAY;QAChB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,OAAO,EAAE,CAAC;QAE1C,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QACpH,MAAM,QAAQ,GAAkB,EAAE,CAAC;QAEnC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;YAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;YAC1C,MAAM,IAAI,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC5C,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC7B,QAAQ,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;QAClE,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,wDAAwD;IACxD,KAAK,CAAC,QAAQ,CAAC,EAAU,EAAE,IAAY;QACrC,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;QAClD,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC;QAC7E,aAAa,CACX,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,EAC9B,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EACvE,OAAO,CACR,CAAC;IACJ,CAAC;CACF"}

package/dist/io/memory.d.ts

@@ -0,0 +1,24 @@
+export interface MemoryEvent {
+    type: string;
+    ts: string;
+    data: unknown;
+}
+/**
+ * Append-only JSONL memory store. Each event is a line of JSON.
+ * Provides a full audit trail of agent actions and LLM interactions.
+ */
+export declare class MemoryStore {
+    readonly memoryPath: string;
+    constructor(memoryPath: string);
+    append(event: MemoryEvent): void;
+    readAll(maxBytes?: number): MemoryEvent[];
+    /**
+     * Scrub sensitive payloads so API keys never get persisted in memory.
+     */
+    private sanitize;
+    private sensitiveValues;
+    private mask;
+    /** Approximate token count kept for compat; use ContextManager for precise counts. */
+    estimatedTokenCount(): number;
+}
+//# sourceMappingURL=memory.d.ts.map