@tpsdev-ai/agent 0.2.0 → 0.4.1

package/dist/tools/write.js

@@ -0,0 +1,32 @@
+import { mkdirSync, writeFileSync, existsSync } from "node:fs";
+import { dirname } from "node:path";
+import { BoundaryManager } from "../governance/boundary.js";
+export function makeWriteTool(boundary) {
+    return {
+        name: "write",
+        description: "Create or overwrite a file.\nInput: {\"path\": string, \"content\": string}",
+        input_schema: {
+            path: { type: "string", description: "Path to write, relative to workspace" },
+            content: { type: "string", description: "File contents" },
+        },
+        async execute(args) {
+            const payload = args;
+            if (typeof payload.path !== "string" || typeof payload.content !== "string") {
+                return { content: "write tool requires path and content strings", isError: true };
+            }
+            const workspacePath = boundary.resolveWorkspacePath(payload.path);
+            if (existsSync(workspacePath) && !BoundaryManager.canFollowSymlink(workspacePath)) {
+                return { content: `Refusing to follow symlink: ${payload.path}`, isError: true };
+            }
+            try {
+                mkdirSync(dirname(workspacePath), { recursive: true });
+                writeFileSync(workspacePath, payload.content, "utf-8");
+                return { content: `Wrote ${payload.path}`, isError: false };
+            }
+            catch (err) {
+                return { content: `write failed: ${err?.message ?? String(err)}`, isError: true };
+            }
+        },
+    };
+}
+//# sourceMappingURL=write.js.map

package/dist/tools/write.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"write.js","sourceRoot":"","sources":["../../src/tools/write.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAS5D,MAAM,UAAU,aAAa,CAAC,QAAyB;IACrD,OAAO;QACL,IAAI,EAAE,OAAO;QACb,WAAW,EAAE,6EAA6E;QAC1F,YAAY,EAAE;YACZ,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sCAAsC,EAAE;YAC7E,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE;SAC1D;QACD,KAAK,CAAC,OAAO,CAAC,IAA6B;YACzC,MAAM,OAAO,GAAI,IAA6B,CAAC;YAC/C,IAAI,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,OAAO,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;gBAC5E,OAAO,EAAE,OAAO,EAAE,8CAA8C,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YACpF,CAAC;YAED,MAAM,aAAa,GAAG,QAAQ,CAAC,oBAAoB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAClE,IAAI,UAAU,CAAC,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,gBAAgB,CAAC,aAAa,CAAC,EAAE,CAAC;gBAClF,OAAO,EAAE,OAAO,EAAE,+BAA+B,OAAO,CAAC,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YACnF,CAAC;YAED,IAAI,CAAC;gBACH,SAAS,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;gBACvD,aAAa,CAAC,aAAa,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBACvD,OAAO,EAAE,OAAO,EAAE,SAAS,OAAO,CAAC,IAAI,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;YAC9D,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,OAAO,EAAE,OAAO,EAAE,iBAAiB,GAAG,EAAE,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YACpF,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@tpsdev-ai/agent",
-  "version": "0.2.0",
-  "description": "Native TPS Agent Runtime — headless, mail-driven, nono-sandboxed",
+  "version": "0.4.1",
+  "description": "Native TPS Agent Runtime \u2014 headless, mail-driven, nono-sandboxed",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -9,8 +9,15 @@
     ".": {
       "import": "./dist/index.js",
       "types": "./dist/index.d.ts"
+    },
+    "./bin": {
+      "import": "./dist/bin.js",
+      "types": "./dist/bin.d.ts"
     }
   },
+  "bin": {
+    "tps-agent": "./dist/bin.js"
+  },
   "scripts": {
     "build": "tsc",
     "dev": "tsc --watch",
@@ -18,10 +25,16 @@
     "lint": "biome lint ./src",
     "lint:ci": "biome lint ./src --max-diagnostics=200"
   },
-  "keywords": ["agents", "tps", "runtime", "mail-driven"],
+  "keywords": [
+    "agents",
+    "tps",
+    "runtime",
+    "mail-driven"
+  ],
   "license": "Apache-2.0",
   "dependencies": {
     "js-yaml": "^4.1.0",
+    "js-tiktoken": "^1.0.13",
     "zod": "^3.24.0"
   },
   "devDependencies": {
@@ -31,5 +44,7 @@
     "typescript": "^5.7.0"
   },
   "author": "tpsdev-ai",
-  "publishConfig": { "access": "public" }
+  "publishConfig": {
+    "access": "public"
+  }
 }

package/src/bin.ts

@@ -0,0 +1,40 @@
+#!/usr/bin/env node
+import { AgentRuntime } from "./runtime/agent.js";
+import { loadAgentConfig } from "./config.js";
+
+function usage(): never {
+  console.error("Usage: tps-agent run --config <agent.yaml> --message <text>");
+  process.exit(1);
+}
+
+async function main() {
+  const args = process.argv.slice(2);
+  const cmd = args[0];
+
+  if (cmd !== "run") {
+    usage();
+  }
+
+  const configIdx = args.indexOf("--config");
+  const msgIdx = args.indexOf("--message");
+
+  if (configIdx < 0 || msgIdx < 0) {
+    usage();
+  }
+
+  const configPath = args[configIdx + 1];
+  const message = args.slice(msgIdx + 1).join(" ");
+
+  if (!configPath || !message) {
+    usage();
+  }
+
+  const config = loadAgentConfig(configPath);
+  const runtime = new AgentRuntime(config);
+  await runtime.runOnce(message);
+}
+
+main().catch((err) => {
+  console.error(err?.message || err);
+  process.exit(1);
+});

package/src/config.ts

@@ -0,0 +1,64 @@
+import { readFileSync } from "node:fs";
+import yaml from "js-yaml";
+import { createHash } from "node:crypto";
+import type { AgentConfig } from "./runtime/types.js";
+
+export interface AgentRuntimeConfig {
+  agentId: string;
+  name: string;
+  mailDir: string;
+  memoryPath?: string;
+  workspace: string;
+  systemPrompt?: string;
+  llm: {
+    provider: "anthropic" | "google" | "openai" | "ollama";
+    model: string;
+    apiKey?: string;
+    baseUrl?: string;
+  };
+  contextWindowTokens?: number;
+  maxTokens?: number;
+  tools?: Array<"read" | "write" | "edit" | "exec" | "mail">;
+  execAllowlist?: string[];
+}
+
+export function loadAgentConfig(path: string): AgentConfig {
+  const raw = readFileSync(path, "utf-8");
+  const parsed = (yaml.load(raw) ?? {}) as Record<string, any>;
+
+  const workspace = String(parsed.workspace || parsed.repo || process.cwd());
+  const memoryPath = parsed.memoryPath || `${workspace}/.openclaw/agent.memory.jsonl`;
+
+  const agent: AgentConfig = {
+    agentId: String(parsed.agentId || parsed.id || "agent"),
+    name: String(parsed.name || parsed.agentId || "agent"),
+    workspace,
+    mailDir: String(parsed.mailDir || `${workspace}/mail`),
+    memoryPath: String(memoryPath),
+    systemPrompt: parsed.systemPrompt ? String(parsed.systemPrompt) : undefined,
+    contextWindowTokens: parsed.contextWindowTokens ? Number(parsed.contextWindowTokens) : 8192,
+    maxTokens: parsed.maxTokens ? Number(parsed.maxTokens) : 1024,
+    tools: parsed.tools ?? ["read", "write", "edit", "exec", "mail"],
+    execAllowlist: parsed.execAllowlist,
+    llm: {
+      provider: parsed.llm?.provider || parsed.provider || "openai",
+      model: parsed.llm?.model || parsed.model || "gpt-4o-mini",
+      apiKey: parsed.llm?.apiKey || parsed.apiKey,
+      baseUrl: parsed.llm?.baseUrl || parsed.baseUrl,
+    },
+  };
+
+  return agent;
+}
+
+export function defaultMemoryPath(workspace: string): string {
+  const digest = createHash("sha1").update(workspace).digest("hex").slice(0, 8);
+  return `${workspace}/.openclaw/memory-${digest}.jsonl`;
+}
+
+export function normalizeConfigObject(value: unknown): AgentRuntimeConfig {
+  if (typeof value !== "object" || !value) {
+    throw new Error("Invalid agent config");
+  }
+  return value as AgentRuntimeConfig;
+}

package/src/governance/boundary.ts

@@ -1,37 +1,131 @@
+import { resolve, relative, isAbsolute, sep } from "node:path";
+import { accessSync, constants, existsSync, lstatSync, realpathSync } from "node:fs";
+
 /**
- * BoundaryManager discovers nono profile constraints at boot and communicates
- * allowed capabilities to the ToolRegistry.
- *
- * NOTE: The system prompt is NOT a security boundary. Hard nono syscall/network
- * filters and pre-execution checks in ToolRegistry are the actual enforcement.
+ * BoundaryManager handles execution-time policy controls for security boundaries.
  */
 export class BoundaryManager {
-  private allowedNetworkHosts: Set<string> = new Set();
-  private allowedPaths: Set<string> = new Set();
+  private allowedNetworkHosts = new Set<string>();
+
+  constructor(private readonly workspace: string) {}
 
   addNetworkHost(host: string): void {
     this.allowedNetworkHosts.add(host);
   }
 
-  addPath(path: string): void {
-    this.allowedPaths.add(path);
-  }
-
   isNetworkAllowed(host: string): boolean {
     return this.allowedNetworkHosts.has(host) || this.allowedNetworkHosts.has("*");
   }
 
-  isPathAllowed(path: string): boolean {
-    for (const allowed of this.allowedPaths) {
-      if (path === allowed || path.startsWith(allowed + "/")) return true;
+  /**
+   * Resolve a user requested filesystem path against workspace and ensure
+   * it cannot escape the workspace root.
+   */
+  resolveWorkspacePath(relativeOrAbsolutePath: string): string {
+    const target = resolve(this.workspace, relativeOrAbsolutePath);
+    const workspaceReal = realpathSync(this.workspace);
+
+    let normalized = target;
+    if (existsSync(target)) {
+      normalized = realpathSync(target);
+    } else {
+      // If target does not exist, resolve relative to existing parent.
+      const parent = resolve(target, "..");
+      if (existsSync(parent)) {
+        normalized = resolve(realpathSync(parent), target.slice(parent.length + 1));
+      }
+    }
+
+    if (!this.isWithinWorkspace(normalized, workspaceReal)) {
+      throw new Error(`Path traversal blocked: ${relativeOrAbsolutePath}`);
+    }
+
+    return target;
+  }
+
+  private isWithinWorkspace(candidate: string, workspaceReal: string): boolean {
+    const rel = relative(workspaceReal, candidate);
+    if (rel === "") return true;
+    if (rel === ".." || rel.startsWith(`..${sep}`)) return false;
+    return !isAbsolute(rel);
+  }
+
+  /**
+   * Verify that a command is safe before exec.
+   */
+  validateCommand(command: string, args: string[]): void {
+    if (!command) {
+      throw new Error("Exec requires a command");
+    }
+
+    const blockedFlags = ["--exec-path", "-e", "--eval", "-p", "-c", "/dev/fd", "--noprofile", "--norc", "node_options", "command="];
+    const tokens = [command, ...args].map((token) => String(token).toLowerCase());
+
+    for (const token of tokens) {
+      if (blockedFlags.includes(token) || token.includes("core.pager")) {
+        throw new Error(`Disallowed exec argument: ${token}`);
+      }
+    }
+
+    // Disallow attempts to execute compound expressions.
+    const full = tokens.join(" ");
+    if (full.includes("||") || full.includes("&&") || full.includes(";") || full.includes("|") || full.includes("$") || full.includes("`") ) {
+      throw new Error(`Disallowed exec argument: ${full}`);
+    }
+  }
+
+  /**
+   * Child processes must not inherit runtime secrets from the parent process.
+   */
+  scrubEnvironment(extraKeys: string[] = []): NodeJS.ProcessEnv {
+    const env = { ...process.env } as NodeJS.ProcessEnv;
+    const denyPattern = /(API_KEY|APISECRET|SECRET|TOKEN|PASS|CREDENTIAL|AUTH)/i;
+
+    for (const key of Object.keys(env)) {
+      if (denyPattern.test(key)) {
+        delete env[key];
+      }
     }
-    return false;
+
+    for (const key of extraKeys) {
+      if (key in env) {
+        delete env[key];
+      }
+    }
+
+    return env;
   }
 
-  /** Returns a human-readable capabilities summary for the LLM system prompt. */
+  /** Returns human-readable boundaries for system prompts and audit logs. */
   describeCapabilities(): string {
     const nets = [...this.allowedNetworkHosts].join(", ") || "none";
-    const paths = [...this.allowedPaths].join(", ") || "none";
-    return `Network access: ${nets}\nFilesystem access: ${paths}`;
+    return `Network access: ${nets}\nFilesystem access: ${this.workspace}`;
+  }
+
+  static isFileReadable(path: string): boolean {
+    try {
+      accessSync(path, constants.R_OK);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+
+  static isFileWritable(path: string): boolean {
+    try {
+      accessSync(path, constants.W_OK);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+
+  static canFollowSymlink(path: string): boolean {
+    try {
+      const stat = lstatSync(path);
+      return !stat.isSymbolicLink();
+    } catch {
+      return false;
+    }
   }
 }

package/src/index.ts

@@ -3,7 +3,17 @@
 // Runtime
 export { AgentRuntime } from "./runtime/agent.js";
 export { EventLoop } from "./runtime/event-loop.js";
-export type { AgentConfig, LLMConfig, AgentState } from "./runtime/types.js";
+export type {
+  AgentConfig,
+  LLMConfig,
+  AgentState,
+  CompletionRequest,
+  CompletionResponse,
+  ToolCall,
+  ToolSpec,
+  LLMMessage,
+  ToolResult,
+} from "./runtime/types.js";
 
 // I/O
 export { MailClient } from "./io/mail.js";
@@ -14,12 +24,15 @@ export { ContextManager } from "./io/context.js";
 
 // LLM
 export { ProviderManager } from "./llm/provider.js";
-export type { CompletionRequest, CompletionResponse } from "./llm/provider.js";
 
 // Tools
 export { ToolRegistry } from "./tools/registry.js";
 export type { Tool } from "./tools/registry.js";
+export { createDefaultToolset } from "./tools/index.js";
 
 // Governance
 export { BoundaryManager } from "./governance/boundary.js";
 export { ReviewGate } from "./governance/review-gate.js";
+
+// Config
+export { loadAgentConfig } from "./config.js";

package/src/io/context.ts

@@ -1,40 +1,84 @@
 import type { MemoryStore, MemoryEvent } from "./memory.js";
 
 /**
- * Sliding window context manager with compaction.
- *
- * When token usage approaches the configured window, the oldest 50%
- * of events are summarised into a dense state blob to preserve headroom
- * without losing history.
+ * Sliding window context manager with token-based compaction.
  */
 export class ContextManager {
+  private encoder?: (text: string) => Promise<number[]> | number[];
+
   constructor(
     private readonly memory: MemoryStore,
     private readonly windowTokens: number
-  ) {}
+  ) {
+    this.encoder = undefined;
+  }
+
+  private async getEncoder(): Promise<(text: string) => Promise<number[]> | number[]> {
+    if (this.encoder) return this.encoder;
+
+    try {
+      const mod = await import("js-tiktoken");
+      const fn =
+        (mod as any).encodingForModel?.("gpt-4o") ||
+        (mod as any).encoding_for_model?.("gpt-4o") ||
+        (mod as any).getEncoding?.("cl100k_base");
+
+      if (fn) {
+        this.encoder = (text: string) => {
+          const tokens = fn.encode(text);
+          if (Array.isArray(tokens)) return tokens;
+          return [];
+        };
+        return this.encoder;
+      }
+    } catch {}
+
+    // Fallback: approximate tokenization (4 chars ~= 1 token)
+    this.encoder = (text: string) => {
+      const count = Math.max(1, Math.ceil(text.length / 4));
+      return new Array(count);
+    };
+    return this.encoder;
+  }
+
+  private async countTokens(text: string): Promise<number> {
+    const encode = await this.getEncoder();
+    const tokens = await encode(text);
+    return Array.isArray(tokens) ? tokens.length : 0;
+  }
 
-  /** Return recent events that fit within the token window. */
-  getWindow(): MemoryEvent[] {
+  /** Return recent events that fit within token window. */
+  async getWindow(): Promise<MemoryEvent[]> {
     const all = this.memory.readAll();
     if (all.length === 0) return [];
 
-    // Simple sliding-window: walk from newest, accumulate until budget
-    const budget = this.windowTokens * 4; // chars ≈ tokens * 4
-    let budget_remaining = budget;
+    const budget = this.windowTokens;
+    let budgetRemaining = budget;
     const window: MemoryEvent[] = [];
 
     for (let i = all.length - 1; i >= 0; i--) {
       const serialized = JSON.stringify(all[i]);
-      if (serialized.length > budget_remaining) break;
+      const tokenCount = await this.countTokens(serialized);
+      if (tokenCount > budgetRemaining) break;
       window.unshift(all[i]!);
-      budget_remaining -= serialized.length;
+      budgetRemaining -= tokenCount;
     }
 
     return window;
   }
 
   /** Returns true if compaction is needed (>80% of window used). */
-  needsCompaction(): boolean {
-    return this.memory.estimatedTokenCount() > this.windowTokens * 0.8;
+  async needsCompaction(): Promise<boolean> {
+    const total = await this.estimateTokenCount();
+    return total > this.windowTokens * 0.8;
+  }
+
+  async estimateTokenCount(): Promise<number> {
+    const events = this.memory.readAll();
+    let total = 0;
+    for (const event of events) {
+      total += await this.countTokens(JSON.stringify(event));
+    }
+    return total;
   }
 }

package/src/io/memory.ts

@@ -9,7 +9,7 @@ export interface MemoryEvent {
 
 /**
  * Append-only JSONL memory store. Each event is a line of JSON.
- * Provides full audit trail of agent actions and LLM interactions.
+ * Provides a full audit trail of agent actions and LLM interactions.
  */
 export class MemoryStore {
   constructor(public readonly memoryPath: string) {
@@ -17,27 +17,28 @@ export class MemoryStore {
   }
 
   append(event: MemoryEvent): void {
-    appendFileSync(this.memoryPath, JSON.stringify(event) + "\n", "utf-8");
+    const payload = this.sanitize(event);
+    appendFileSync(this.memoryPath, JSON.stringify(payload) + "\n", "utf-8");
   }
 
   readAll(maxBytes = 1024 * 1024): MemoryEvent[] {
     if (!existsSync(this.memoryPath)) return [];
-    
+
     const stat = statSync(this.memoryPath);
     if (stat.size === 0) return [];
-    
+
     const size = Math.min(stat.size, maxBytes);
     const pos = Math.max(0, stat.size - size);
-    
+
     const fd = openSync(this.memoryPath, "r");
     const buffer = Buffer.alloc(size);
     readSync(fd, buffer, 0, size, pos);
     closeSync(fd);
-    
+
     const content = buffer.toString("utf-8");
     const lines = content.split("\n");
-    if (pos > 0) lines.shift(); // drop partial first line
-    
+    if (pos > 0) lines.shift();
+
     return lines
       .filter(Boolean)
       .map((line) => {
@@ -50,7 +51,50 @@ export class MemoryStore {
       .filter(Boolean) as MemoryEvent[];
   }
 
-  /** Count approximate token length (4 chars ≈ 1 token) */
+  /**
+   * Scrub sensitive payloads so API keys never get persisted in memory.
+   */
+  private sanitize(event: MemoryEvent): MemoryEvent {
+    const keys = this.sensitiveValues();
+    const jsonString = JSON.stringify(event);
+    let scrubbed = jsonString;
+
+    for (const secret of keys) {
+      if (!secret) continue;
+      if (scrubbed.includes(secret)) {
+        const token = this.mask(secret);
+        scrubbed = scrubbed.split(secret).join(token);
+      }
+    }
+
+    try {
+      const parsed = JSON.parse(scrubbed);
+      return parsed as MemoryEvent;
+    } catch {
+      return event;
+    }
+  }
+
+  private sensitiveValues(): string[] {
+    const interesting = [
+      "ANTHROPIC_API_KEY",
+      "GOOGLE_API_KEY",
+      "OPENAI_API_KEY",
+      "OLLAMA_HOST",
+    ];
+
+    const values = interesting
+      .map((name) => process.env[name])
+      .filter((value): value is string => typeof value === "string" && value.length > 0);
+
+    return Array.from(new Set(values));
+  }
+
+  private mask(value: string): string {
+    return `${value.slice(0, 3)}...${value.slice(-3)}[redacted]`;
+  }
+
+  /** Approximate token count kept for compat; use ContextManager for precise counts. */
   estimatedTokenCount(): number {
     if (!existsSync(this.memoryPath)) return 0;
     const stat = statSync(this.memoryPath);