@wrongstack/core 0.155.0 → 0.250.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (81) hide show
  1. package/dist/{agent-bridge-BbZU5TPN.d.ts → agent-bridge-4gc0vfW2.d.ts} +1 -1
  2. package/dist/{agent-subagent-runner-Bsueu0J2.d.ts → agent-subagent-runner-Dz-9kiE6.d.ts} +9 -8
  3. package/dist/{brain-CS_B0vIE.d.ts → brain-sCZ3lCjq.d.ts} +26 -2
  4. package/dist/{compactor-BueGt7LG.d.ts → compactor-BRfg3QPd.d.ts} +1 -1
  5. package/dist/{config-BaVThgnT.d.ts → config-eSsrto5d.d.ts} +8 -2
  6. package/dist/{context-C7G_MtLV.d.ts → context-CLz3z_E8.d.ts} +126 -2
  7. package/dist/coordination/index.d.ts +70 -13
  8. package/dist/coordination/index.js +1986 -146
  9. package/dist/coordination/index.js.map +1 -1
  10. package/dist/defaults/index.d.ts +26 -26
  11. package/dist/defaults/index.js +1110 -296
  12. package/dist/defaults/index.js.map +1 -1
  13. package/dist/execution/index.d.ts +45 -16
  14. package/dist/execution/index.js +229 -56
  15. package/dist/execution/index.js.map +1 -1
  16. package/dist/execution/prompt-enhancer.d.ts +86 -0
  17. package/dist/execution/prompt-enhancer.js +125 -0
  18. package/dist/execution/prompt-enhancer.js.map +1 -0
  19. package/dist/extension/index.d.ts +6 -6
  20. package/dist/extension/index.js +3 -1
  21. package/dist/extension/index.js.map +1 -1
  22. package/dist/{goal-preamble-CbV8pXLD.d.ts → goal-preamble-BjJpnLW4.d.ts} +19 -10
  23. package/dist/{index-CI1hRfPt.d.ts → index-Dy8OwfBD.d.ts} +8 -8
  24. package/dist/{index-B5wz-GXm.d.ts → index-IehiNryU.d.ts} +7 -5
  25. package/dist/index.d.ts +438 -128
  26. package/dist/index.js +4989 -849
  27. package/dist/index.js.map +1 -1
  28. package/dist/infrastructure/index.d.ts +7 -7
  29. package/dist/infrastructure/index.js +61 -13
  30. package/dist/infrastructure/index.js.map +1 -1
  31. package/dist/kernel/index.d.ts +9 -9
  32. package/dist/kernel/index.js +7 -1
  33. package/dist/kernel/index.js.map +1 -1
  34. package/dist/{llm-selector-CP72f1lC.d.ts → llm-selector-D22R4AFz.d.ts} +2 -2
  35. package/dist/logger-DmmQhf4P.d.ts +65 -0
  36. package/dist/{mcp-servers-CPERR2De.d.ts → mcp-servers-DfXxCASH.d.ts} +3 -3
  37. package/dist/models/index.d.ts +5 -5
  38. package/dist/models/index.js +89 -9
  39. package/dist/models/index.js.map +1 -1
  40. package/dist/{models-registry-D90K9UnM.d.ts → models-registry-DpanBg8D.d.ts} +1 -1
  41. package/dist/{multi-agent-coordinator-BSKSFNhv.d.ts → multi-agent-coordinator-CnbEqpv0.d.ts} +8 -8
  42. package/dist/{null-fleet-bus-CGOez8Le.d.ts → null-fleet-bus-Do1OLYpj.d.ts} +7 -7
  43. package/dist/observability/index.d.ts +2 -2
  44. package/dist/package-outdated-watcher-CA5GGB4C.d.ts +560 -0
  45. package/dist/{parallel-eternal-engine-CYoTKjsz.d.ts → parallel-eternal-engine-UZg1xOzE.d.ts} +13 -9
  46. package/dist/{path-resolver-DuhlmPil.d.ts → path-resolver-BaP06Owy.d.ts} +3 -3
  47. package/dist/{permission-B7nKnEvQ.d.ts → permission-DbWPbuoA.d.ts} +1 -1
  48. package/dist/{permission-policy-8-6zBmfA.d.ts → permission-policy-AOk0LVsV.d.ts} +2 -2
  49. package/dist/pipeline-D1n-gQI-.d.ts +493 -0
  50. package/dist/{plan-templates-DbH7lg-t.d.ts → plan-templates-BUVRY0pU.d.ts} +18 -7
  51. package/dist/{provider-runner-Cocq0O9E.d.ts → provider-runner-D0HgUqwV.d.ts} +3 -3
  52. package/dist/{retry-policy-rutAfVeR.d.ts → retry-policy-BVnkbMET.d.ts} +1 -1
  53. package/dist/sdd/index.d.ts +8 -8
  54. package/dist/sdd/index.js +221 -87
  55. package/dist/sdd/index.js.map +1 -1
  56. package/dist/{secret-vault-w8MbUe2Q.d.ts → secret-vault-CeVNiy_f.d.ts} +3 -2
  57. package/dist/security/index.d.ts +5 -4
  58. package/dist/security/index.js +155 -13
  59. package/dist/security/index.js.map +1 -1
  60. package/dist/{selector-4vDFZKt3.d.ts → selector-Cb4_9-hf.d.ts} +1 -1
  61. package/dist/{session-event-bridge-DWlvglC2.d.ts → session-event-bridge-BhtkkFFy.d.ts} +4 -2
  62. package/dist/{session-reader-BAtCxdaw.d.ts → session-reader-CCOssnBS.d.ts} +1 -1
  63. package/dist/skills/index.js +171 -21
  64. package/dist/skills/index.js.map +1 -1
  65. package/dist/storage/index.d.ts +150 -12
  66. package/dist/storage/index.js +1041 -214
  67. package/dist/storage/index.js.map +1 -1
  68. package/dist/types/index.d.ts +67 -20
  69. package/dist/types/index.js +562 -55
  70. package/dist/types/index.js.map +1 -1
  71. package/dist/utils/expect-defined.js +3 -1
  72. package/dist/utils/expect-defined.js.map +1 -1
  73. package/dist/utils/index.d.ts +25 -4
  74. package/dist/utils/index.js +45 -14
  75. package/dist/utils/index.js.map +1 -1
  76. package/dist/{wstack-paths-DD50Omgn.d.ts → wstack-paths-CJjEwPXn.d.ts} +14 -1
  77. package/package.json +7 -3
  78. package/skills/chimera/SKILL.md +105 -0
  79. package/skills/research-web/SKILL.md +342 -0
  80. package/dist/logger-B9J5puGM.d.ts +0 -32
  81. package/dist/pipeline-BG7UgbDc.d.ts +0 -239
@@ -1,4 +1,5 @@
1
- import { S as SecretScrubber } from './permission-B7nKnEvQ.js';
1
+ import { S as SecretScrubber } from './permission-DbWPbuoA.js';
2
+ import { L as Logger } from './logger-B63L5bTg.js';
2
3
  import { S as SecretVault } from './secret-vault-BJDY28ev.js';
3
4
 
4
5
  declare class DefaultSecretScrubber implements SecretScrubber {
@@ -55,7 +56,7 @@ declare function rewriteConfigEncrypted(configPath: string, vault: SecretVault,
55
56
  * users who had plaintext keys before the vault landed are upgraded
56
57
  * transparently.
57
58
  */
58
- declare function migratePlaintextSecrets(configPath: string, vault: SecretVault): Promise<{
59
+ declare function migratePlaintextSecrets(configPath: string, vault: SecretVault, logger?: Pick<Logger, 'warn'>): Promise<{
59
60
  migrated: number;
60
61
  file: string;
61
62
  }>;
@@ -1,7 +1,8 @@
1
- export { D as DefaultSecretScrubber, a as DefaultSecretVault, S as SecretVaultOptions, d as decryptConfigSecrets, e as encryptConfigSecrets, i as isSecretField, m as migratePlaintextSecrets, r as rewriteConfigEncrypted } from '../secret-vault-w8MbUe2Q.js';
2
- export { A as AutoApprovePermissionPolicy, D as DefaultPermissionPolicy, P as PermissionPolicyOptions } from '../permission-policy-8-6zBmfA.js';
3
- import '../permission-B7nKnEvQ.js';
4
- import '../context-C7G_MtLV.js';
1
+ export { D as DefaultSecretScrubber, a as DefaultSecretVault, S as SecretVaultOptions, d as decryptConfigSecrets, e as encryptConfigSecrets, i as isSecretField, m as migratePlaintextSecrets, r as rewriteConfigEncrypted } from '../secret-vault-CeVNiy_f.js';
2
+ export { A as AutoApprovePermissionPolicy, D as DefaultPermissionPolicy, P as PermissionPolicyOptions } from '../permission-policy-AOk0LVsV.js';
3
+ import '../permission-DbWPbuoA.js';
4
+ import '../context-CLz3z_E8.js';
5
+ import '../logger-B63L5bTg.js';
5
6
  import '../secret-vault-BJDY28ev.js';
6
7
  import '../input-reader-E-ffP2ee.js';
7
8
 
@@ -110,6 +110,105 @@ var DefaultSecretScrubber = class {
110
110
  }
111
111
  };
112
112
 
113
+ // src/types/errors.ts
114
+ var ERROR_CODES = {
115
+ // Provider
116
+ PROVIDER_RATE_LIMITED: "PROVIDER_RATE_LIMITED",
117
+ PROVIDER_AUTH_FAILED: "PROVIDER_AUTH_FAILED",
118
+ PROVIDER_OVERLOADED: "PROVIDER_OVERLOADED",
119
+ PROVIDER_INVALID_REQUEST: "PROVIDER_INVALID_REQUEST",
120
+ PROVIDER_SERVER_ERROR: "PROVIDER_SERVER_ERROR",
121
+ PROVIDER_NETWORK_ERROR: "PROVIDER_NETWORK_ERROR",
122
+ PROVIDER_CONTEXT_OVERFLOW: "PROVIDER_CONTEXT_OVERFLOW",
123
+ // Tool
124
+ TOOL_NOT_FOUND: "TOOL_NOT_FOUND",
125
+ TOOL_PERMISSION_DENIED: "TOOL_PERMISSION_DENIED",
126
+ TOOL_EXECUTION_FAILED: "TOOL_EXECUTION_FAILED",
127
+ TOOL_TIMEOUT: "TOOL_TIMEOUT",
128
+ TOOL_INPUT_INVALID: "TOOL_INPUT_INVALID",
129
+ // Config
130
+ CONFIG_INVALID: "CONFIG_INVALID",
131
+ CONFIG_NOT_FOUND: "CONFIG_NOT_FOUND",
132
+ CONFIG_PARSE_FAILED: "CONFIG_PARSE_FAILED",
133
+ CONFIG_MIGRATION_NEEDED: "CONFIG_MIGRATION_NEEDED",
134
+ // Plugin
135
+ PLUGIN_LOAD_FAILED: "PLUGIN_LOAD_FAILED",
136
+ PLUGIN_API_MISMATCH: "PLUGIN_API_MISMATCH",
137
+ PLUGIN_MISSING_DEPENDENCY: "PLUGIN_MISSING_DEPENDENCY",
138
+ // Agent
139
+ AGENT_ITERATION_LIMIT: "AGENT_ITERATION_LIMIT",
140
+ AGENT_CONTEXT_OVERFLOW: "AGENT_CONTEXT_OVERFLOW",
141
+ AGENT_ABORTED: "AGENT_ABORTED",
142
+ AGENT_RUN_FAILED: "AGENT_RUN_FAILED",
143
+ // Session
144
+ SESSION_NOT_FOUND: "SESSION_NOT_FOUND",
145
+ SESSION_CORRUPTED: "SESSION_CORRUPTED",
146
+ SESSION_WRITE_FAILED: "SESSION_WRITE_FAILED",
147
+ // Container / Registry
148
+ CONTAINER_TOKEN_ALREADY_BOUND: "CONTAINER_TOKEN_ALREADY_BOUND",
149
+ CONTAINER_TOKEN_NOT_BOUND: "CONTAINER_TOKEN_NOT_BOUND",
150
+ CONTAINER_CIRCULAR_DEPENDENCY: "CONTAINER_CIRCULAR_DEPENDENCY",
151
+ REGISTRY_DUPLICATE: "REGISTRY_DUPLICATE",
152
+ REGISTRY_NOT_FOUND: "REGISTRY_NOT_FOUND",
153
+ REGISTRY_INVALID: "REGISTRY_INVALID",
154
+ // File system
155
+ FS_READ_FAILED: "FS_READ_FAILED",
156
+ FS_WRITE_FAILED: "FS_WRITE_FAILED",
157
+ FS_MKDIR_FAILED: "FS_MKDIR_FAILED",
158
+ FS_DELETE_FAILED: "FS_DELETE_FAILED",
159
+ FS_ATOMIC_WRITE_FAILED: "FS_ATOMIC_WRITE_FAILED",
160
+ // SDD (Spec-Driven Development)
161
+ SDD_VALIDATION_FAILED: "SDD_VALIDATION_FAILED",
162
+ SDD_PARSE_FAILED: "SDD_PARSE_FAILED",
163
+ SDD_INVALID_STATE: "SDD_INVALID_STATE",
164
+ SDD_NOT_READY: "SDD_NOT_READY",
165
+ // General
166
+ VALIDATION_ERROR: "VALIDATION_ERROR",
167
+ UNKNOWN: "UNKNOWN"
168
+ };
169
+ var WrongStackError = class extends Error {
170
+ code;
171
+ subsystem;
172
+ severity;
173
+ recoverable;
174
+ context;
175
+ constructor(opts) {
176
+ super(opts.message, { cause: opts.cause });
177
+ this.name = "WrongStackError";
178
+ this.code = opts.code;
179
+ this.subsystem = opts.subsystem;
180
+ this.severity = opts.severity ?? "error";
181
+ this.recoverable = opts.recoverable ?? false;
182
+ this.context = opts.context;
183
+ }
184
+ /**
185
+ * Render a one-line user-facing description.
186
+ * Subclasses should override for domain-specific formatting.
187
+ */
188
+ describe() {
189
+ const ctx = this.context ? ` ${formatContext(this.context)}` : "";
190
+ return `${this.code}: ${this.message}${ctx}`;
191
+ }
192
+ };
193
+ function formatContext(ctx) {
194
+ const parts = Object.entries(ctx).filter(([, v]) => v !== void 0).slice(0, 3).map(([k, v]) => `${k}=${String(v)}`);
195
+ return parts.length > 0 ? `[${parts.join(" ")}]` : "";
196
+ }
197
+ var ConfigError = class extends WrongStackError {
198
+ constructor(opts) {
199
+ super({
200
+ message: opts.message,
201
+ code: opts.code,
202
+ subsystem: "config",
203
+ severity: "fatal",
204
+ recoverable: false,
205
+ context: opts.context,
206
+ cause: opts.cause
207
+ });
208
+ this.name = "ConfigError";
209
+ }
210
+ };
211
+
113
212
  // src/types/secret-vault.ts
114
213
  var ENCRYPTED_PREFIX = "enc:v1:";
115
214
  async function atomicWrite(targetPath, content, opts = {}) {
@@ -238,6 +337,26 @@ var KEY_BYTES = 32;
238
337
  var IV_BYTES = 12;
239
338
  var TAG_BYTES = 16;
240
339
  var ALGO = "aes-256-gcm";
340
+ var KEY_FILE_MODE = 384;
341
+ function checkKeyFilePermissions(keyFile) {
342
+ if (process.platform === "win32") return;
343
+ try {
344
+ const stat2 = fs2.statSync(keyFile);
345
+ const actualMode = stat2.mode & 511;
346
+ if (actualMode !== KEY_FILE_MODE) {
347
+ console.warn(JSON.stringify({
348
+ level: "warn",
349
+ event: "vault.key_file_wrong_permissions",
350
+ message: `Key file ${keyFile} has mode ${actualMode.toString(8)} \u2014 expected ${KEY_FILE_MODE.toString(8)}. Run: chmod ${KEY_FILE_MODE.toString(8)} ${keyFile}`,
351
+ keyFile,
352
+ expectedMode: KEY_FILE_MODE,
353
+ actualMode,
354
+ timestamp: (/* @__PURE__ */ new Date()).toISOString()
355
+ }));
356
+ }
357
+ } catch {
358
+ }
359
+ }
241
360
  var DefaultSecretVault = class {
242
361
  keyFile;
243
362
  key;
@@ -261,14 +380,26 @@ var DefaultSecretVault = class {
261
380
  const rest = value.slice(ENCRYPTED_PREFIX.length);
262
381
  const parts = rest.split(":");
263
382
  if (parts.length !== 3) {
264
- throw new Error("SecretVault: malformed encrypted value");
383
+ throw new ConfigError({
384
+ message: "SecretVault: malformed encrypted value",
385
+ code: ERROR_CODES.CONFIG_PARSE_FAILED,
386
+ context: { field: "encrypted_value" }
387
+ });
265
388
  }
266
389
  const [ivB64, tagB64, ctB64] = parts;
267
390
  const iv = Buffer.from(ivB64, "base64");
268
391
  const tag = Buffer.from(tagB64, "base64");
269
392
  const ct = Buffer.from(ctB64, "base64");
270
- if (iv.length !== IV_BYTES) throw new Error("SecretVault: bad IV length");
271
- if (tag.length !== TAG_BYTES) throw new Error("SecretVault: bad tag length");
393
+ if (iv.length !== IV_BYTES) throw new ConfigError({
394
+ message: "SecretVault: bad IV length",
395
+ code: ERROR_CODES.CONFIG_PARSE_FAILED,
396
+ context: { expected: IV_BYTES, actual: iv.length }
397
+ });
398
+ if (tag.length !== TAG_BYTES) throw new ConfigError({
399
+ message: "SecretVault: bad tag length",
400
+ code: ERROR_CODES.CONFIG_PARSE_FAILED,
401
+ context: { expected: TAG_BYTES, actual: tag.length }
402
+ });
272
403
  const key = this.loadOrCreateKey();
273
404
  const decipher = createDecipheriv(ALGO, key, iv);
274
405
  decipher.setAuthTag(tag);
@@ -280,11 +411,14 @@ var DefaultSecretVault = class {
280
411
  try {
281
412
  const buf = fs2.readFileSync(this.keyFile);
282
413
  if (buf.length !== KEY_BYTES) {
283
- throw new Error(
284
- `SecretVault: key file ${this.keyFile} is ${buf.length} bytes (expected ${KEY_BYTES}). Remove it manually to generate a new key.`
285
- );
414
+ throw new ConfigError({
415
+ message: `SecretVault: key file ${this.keyFile} is ${buf.length} bytes (expected ${KEY_BYTES}). Remove it manually to generate a new key.`,
416
+ code: ERROR_CODES.CONFIG_INVALID,
417
+ context: { keyFile: this.keyFile, expectedBytes: KEY_BYTES, actualBytes: buf.length }
418
+ });
286
419
  }
287
420
  this.key = buf;
421
+ checkKeyFilePermissions(this.keyFile);
288
422
  return this.key;
289
423
  } catch (err) {
290
424
  if (err.code !== "ENOENT") throw err;
@@ -297,11 +431,14 @@ var DefaultSecretVault = class {
297
431
  if (err.code !== "EEXIST") throw err;
298
432
  const buf = fs2.readFileSync(this.keyFile);
299
433
  if (buf.length !== KEY_BYTES) {
300
- throw new Error(
301
- `SecretVault: key file ${this.keyFile} is ${buf.length} bytes (expected ${KEY_BYTES}). Remove it manually to generate a new key.`
302
- );
434
+ throw new ConfigError({
435
+ message: `SecretVault: key file ${this.keyFile} is ${buf.length} bytes (expected ${KEY_BYTES}). Remove it manually to generate a new key.`,
436
+ code: ERROR_CODES.CONFIG_INVALID,
437
+ context: { keyFile: this.keyFile, expectedBytes: KEY_BYTES, actualBytes: buf.length }
438
+ });
303
439
  }
304
440
  this.key = buf;
441
+ checkKeyFilePermissions(this.keyFile);
305
442
  return this.key;
306
443
  }
307
444
  this.key = key;
@@ -362,7 +499,7 @@ async function rewriteConfigEncrypted(configPath, vault, patch) {
362
499
  await atomicWrite(configPath, JSON.stringify(encrypted, null, 2), { mode: 384 });
363
500
  await restrictFilePermissions(configPath);
364
501
  }
365
- async function migratePlaintextSecrets(configPath, vault) {
502
+ async function migratePlaintextSecrets(configPath, vault, logger) {
366
503
  let raw;
367
504
  try {
368
505
  raw = await fs.readFile(configPath, "utf8");
@@ -379,11 +516,14 @@ async function migratePlaintextSecrets(configPath, vault) {
379
516
  const migrated = walkCount(parsed, vault, counter);
380
517
  if (counter.n === 0) return { migrated: 0, file: configPath };
381
518
  await atomicWrite(configPath, JSON.stringify(migrated, null, 2), { mode: 384 });
382
- await restrictFilePermissions(configPath);
519
+ await restrictFilePermissions(
520
+ configPath,
521
+ logger ? { warn: (msg) => logger.warn(msg) } : void 0
522
+ );
383
523
  return { migrated: counter.n, file: configPath };
384
524
  }
385
525
  async function restrictFilePermissions(filePath, opts) {
386
- const warn = ((msg) => console.warn(msg));
526
+ const warn = opts?.warn ?? ((msg) => console.warn(msg));
387
527
  if (process.platform === "win32") {
388
528
  try {
389
529
  const { execFile } = await import('child_process');
@@ -494,7 +634,9 @@ function getDangerousCapabilities(toolOrCaps) {
494
634
  // src/utils/expect-defined.ts
495
635
  function expectDefined(value, label) {
496
636
  if (value === null || value === void 0) {
497
- throw new Error("Expected value to be defined");
637
+ const err = new Error("Expected value to be defined");
638
+ err.name = "ExpectDefinedError";
639
+ throw err;
498
640
  }
499
641
  return value;
500
642
  }