@wrongstack/core 0.264.0 → 0.265.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (87) hide show
  1. package/dist/{agent-bridge-D8sa1vtv.d.ts → agent-bridge-DrkBxszZ.d.ts} +1 -1
  2. package/dist/{agent-subagent-runner-c9DLkaas.d.ts → agent-subagent-runner-DM2pP-B6.d.ts} +113 -11
  3. package/dist/{brain-O1IdKPaK.d.ts → brain-BXd_61kQ.d.ts} +31 -2
  4. package/dist/{compactor-BBy0rCtB.d.ts → compactor-B8pOf45Y.d.ts} +1 -1
  5. package/dist/{config-Dz2F3H2K.d.ts → config-BMCj_XDs.d.ts} +80 -12
  6. package/dist/{context-BGSpZNSE.d.ts → context-MRk5PhNv.d.ts} +26 -12
  7. package/dist/coordination/index.d.ts +77 -21
  8. package/dist/coordination/index.js +557 -159
  9. package/dist/coordination/index.js.map +1 -1
  10. package/dist/{default-config-CXsDvOmP.d.ts → default-config-B0cj-Hry.d.ts} +11 -1
  11. package/dist/defaults/index.d.ts +28 -28
  12. package/dist/defaults/index.js +609 -195
  13. package/dist/defaults/index.js.map +1 -1
  14. package/dist/execution/index.d.ts +16 -16
  15. package/dist/execution/index.js +394 -155
  16. package/dist/execution/index.js.map +1 -1
  17. package/dist/execution/prompt-enhancer.d.ts +2 -2
  18. package/dist/execution/prompt-enhancer.js +1 -1
  19. package/dist/execution/prompt-enhancer.js.map +1 -1
  20. package/dist/extension/index.d.ts +6 -6
  21. package/dist/{goal-preamble-DzjFuN3p.d.ts → goal-preamble-DvHDSKSe.d.ts} +14 -10
  22. package/dist/{goal-store-CxWmCGbH.d.ts → goal-store-DtLMySNb.d.ts} +1 -1
  23. package/dist/{index-CYIQrXVF.d.ts → index-B-ch8K9C.d.ts} +8 -8
  24. package/dist/{index-CbLSI66_.d.ts → index-CEDeNodM.d.ts} +5 -5
  25. package/dist/index.d.ts +183 -52
  26. package/dist/index.js +1779 -673
  27. package/dist/index.js.map +1 -1
  28. package/dist/infrastructure/index.d.ts +6 -6
  29. package/dist/infrastructure/index.js +12 -8
  30. package/dist/infrastructure/index.js.map +1 -1
  31. package/dist/kernel/index.d.ts +9 -9
  32. package/dist/kernel/index.js +1 -1
  33. package/dist/kernel/index.js.map +1 -1
  34. package/dist/{llm-selector-DzxuZnNz.d.ts → llm-selector-C0tfTCUe.d.ts} +14 -2
  35. package/dist/{mcp-servers-DC4QRPUI.d.ts → mcp-servers-2x4w6Jn9.d.ts} +3 -3
  36. package/dist/models/index.d.ts +5 -5
  37. package/dist/models/index.js +74 -30
  38. package/dist/models/index.js.map +1 -1
  39. package/dist/{models-registry-B_siPxqN.d.ts → models-registry-DmJlKuNp.d.ts} +1 -1
  40. package/dist/{multi-agent-coordinator-CK5Jdj9K.d.ts → multi-agent-coordinator-DyCkCZnU.d.ts} +1 -1
  41. package/dist/{null-fleet-bus-DgvD4SCO.d.ts → null-fleet-bus-CG9QY2aP.d.ts} +6 -6
  42. package/dist/observability/index.d.ts +2 -2
  43. package/dist/{parallel-eternal-engine-bK0JQBR_.d.ts → parallel-eternal-engine-Jw9uhEoT.d.ts} +9 -9
  44. package/dist/{path-resolver-BPEDlN38.d.ts → path-resolver-Dy2ej-gE.d.ts} +3 -3
  45. package/dist/{permission-4yvGmMRB.d.ts → permission-B9SB45lp.d.ts} +1 -1
  46. package/dist/{permission-policy-C6XpsBOy.d.ts → permission-policy-CkjSXabK.d.ts} +2 -2
  47. package/dist/{pipeline-CXCeMz8J.d.ts → pipeline-DPDxH_7m.d.ts} +3 -3
  48. package/dist/{plan-templates-BvzRBkJc.d.ts → plan-templates-CzD9GnAU.d.ts} +32 -8
  49. package/dist/{provider-runner-C5aQpDWE.d.ts → provider-runner-DMa70ODu.d.ts} +3 -3
  50. package/dist/{retry-policy-CFhdtRzz.d.ts → retry-policy-CN0khdlj.d.ts} +1 -1
  51. package/dist/sdd/index.d.ts +8 -8
  52. package/dist/sdd/index.js +274 -93
  53. package/dist/sdd/index.js.map +1 -1
  54. package/dist/{secret-vault-CxiVLbt1.d.ts → secret-vault-B2yw84VT.d.ts} +43 -4
  55. package/dist/secret-vault-BAKpgFw_.d.ts +57 -0
  56. package/dist/security/index.d.ts +5 -5
  57. package/dist/security/index.js +204 -23
  58. package/dist/security/index.js.map +1 -1
  59. package/dist/{selector-gIuhRTkN.d.ts → selector-CzHh_igB.d.ts} +1 -1
  60. package/dist/{session-event-bridge-DkvvrpDt.d.ts → session-event-bridge-BUI6Jf-4.d.ts} +1 -1
  61. package/dist/{session-reader-KdfVwkKP.d.ts → session-reader-CMgdMSRP.d.ts} +1 -1
  62. package/dist/storage/index.d.ts +112 -15
  63. package/dist/storage/index.js +419 -81
  64. package/dist/storage/index.js.map +1 -1
  65. package/dist/tools/index.d.ts +2 -2
  66. package/dist/types/index.d.ts +21 -21
  67. package/dist/types/index.js +261 -53
  68. package/dist/types/index.js.map +1 -1
  69. package/dist/utils/index.d.ts +3 -3
  70. package/dist/utils/index.js +3 -5
  71. package/dist/utils/index.js.map +1 -1
  72. package/dist/{wstack-paths-CJjEwPXn.d.ts → wstack-paths-hOpNLmvf.d.ts} +2 -0
  73. package/package.json +1 -1
  74. package/skills/api-design/SKILL.md +1 -1
  75. package/skills/audit-log/SKILL.md +6 -6
  76. package/skills/bug-hunter/SKILL.md +5 -5
  77. package/skills/chimera/SKILL.md +4 -4
  78. package/skills/docker-deploy/SKILL.md +1 -1
  79. package/skills/git-flow/SKILL.md +3 -3
  80. package/skills/multi-agent/SKILL.md +3 -3
  81. package/skills/node-modern/SKILL.md +1 -0
  82. package/skills/observability/SKILL.md +2 -2
  83. package/skills/output-standards/SKILL.md +51 -28
  84. package/skills/refactor-planner/SKILL.md +3 -3
  85. package/skills/security-scanner/SKILL.md +4 -3
  86. package/skills/tech-stack/SKILL.md +1 -2
  87. package/dist/secret-vault-BJDY28ev.d.ts +0 -25
@@ -1,5 +1,5 @@
1
- import { T as Tool } from '../context-BGSpZNSE.js';
2
- import { c as MCPServerConfig, h as Config } from '../config-Dz2F3H2K.js';
1
+ import { T as Tool } from '../context-MRk5PhNv.js';
2
+ import { c as MCPServerConfig, h as Config } from '../config-BMCj_XDs.js';
3
3
  import '../dispatcher-types.d-BBeXBQgS.js';
4
4
  import 'node:https';
5
5
  import 'undici';
@@ -1,34 +1,34 @@
1
- export { A as AgentError, k as Capabilities, u as ConfigError, g as ContentBlock, C as Context, v as ContextInit, E as ERROR_CODES, w as ErrorCode, x as ErrorSeverity, y as ErrorSubsystem, F as FileSnapshot, z as FsError, I as ImageBlock, J as JSONSchema, M as Message, B as MessageRole, f as Permission, D as PluginError, P as Provider, e as ProviderError, G as ProviderErrorBody, R as Request, b as Response, p as ResumedSession, K as RiskTier, o as RunOptions, N as SddError, q as SessionData, O as SessionError, S as SessionEvent, h as SessionMetadata, i as SessionStore, r as SessionSummary, a as SessionWriter, W as StopReason, X as StreamEvent, Y as StreamHangError, n as TextBlock, Z as ThinkingBlock, s as TodoItem, T as Tool, _ as ToolCallContext, $ as ToolError, a0 as ToolFinalEvent, j as ToolProgressEvent, m as ToolResultBlock, a1 as ToolStreamEvent, l as ToolUseBlock, U as Usage, a2 as WrongStackError, a3 as asBlocks, a4 as asText, a6 as isAgentError, a7 as isConfigError, a8 as isFsError, a9 as isImageBlock, aa as isPluginError, ab as isSddError, ac as isSessionError, ad as isTextBlock, ae as isThinkingBlock, af as isToolError, ag as isToolResultBlock, ah as isToolUseBlock, ai as isWrongStackError, aj as toWrongStackError } from '../context-BGSpZNSE.js';
2
- export { P as ProviderRunner, R as RunProviderOptions } from '../provider-runner-C5aQpDWE.js';
3
- export { A as AutonomyConfig, n as CONTEXT_WINDOW_MODES, h as Config, j as ConfigLoader, i as ConfigStore, o as ContextConfig, C as ContextWindowAggressiveOn, p as ContextWindowConfigLike, q as ContextWindowMode, r as ContextWindowModeId, g as ContextWindowPolicy, s as ContextWindowThresholds, t as CustomModelDefinition, D as DEFAULT_CONTEXT_WINDOW_MODE_ID, F as FeaturesConfig, f as HookEntry, H as HookEvent, l as HookInput, e as HookMatcher, m as HookOutcome, I as InProcessHook, u as IndexingConfig, L as LaunchConfig, v as LogConfig, c as MCPServerConfig, d as ModelMatrixEntry, w as ModelsDevModel, a as ModelsDevPayload, x as ModelsDevProvider, M as ModelsRegistry, y as PluginConfig, z as ProviderApiKey, P as ProviderConfig, b as ResolvedModel, R as ResolvedProvider, B as SessionLoggingConfig, S as ShellHook, E as SyncCategory, k as SyncConfig, T as ToolsConfig, W as WireFamily, G as formatContextWindowModeList, J as getContextWindowMode, K as isContextWindowModeId, N as listContextWindowModes, O as resolveContextWindowPolicy } from '../config-Dz2F3H2K.js';
4
- export { a as CompactReport, C as Compactor } from '../compactor-BBy0rCtB.js';
5
- export { a as PermissionDecision, P as PermissionPolicy, T as TrustPolicy } from '../permission-4yvGmMRB.js';
1
+ export { A as AgentError, k as Capabilities, u as ConfigError, g as ContentBlock, C as Context, v as ContextInit, E as ERROR_CODES, w as ErrorCode, x as ErrorSeverity, y as ErrorSubsystem, F as FileSnapshot, z as FsError, I as ImageBlock, J as JSONSchema, M as Message, B as MessageRole, f as Permission, D as PluginError, P as Provider, e as ProviderError, G as ProviderErrorBody, R as Request, b as Response, p as ResumedSession, K as RiskTier, o as RunOptions, N as SddError, q as SessionData, O as SessionError, S as SessionEvent, h as SessionMetadata, i as SessionStore, r as SessionSummary, a as SessionWriter, W as StopReason, X as StreamEvent, Y as StreamHangError, n as TextBlock, Z as ThinkingBlock, s as TodoItem, T as Tool, _ as ToolCallContext, $ as ToolError, a0 as ToolFinalEvent, a1 as ToolIconId, j as ToolProgressEvent, m as ToolResultBlock, a2 as ToolStreamEvent, l as ToolUseBlock, U as Usage, a3 as WrongStackError, a4 as asBlocks, a5 as asText, a7 as isAgentError, a8 as isConfigError, a9 as isFsError, aa as isImageBlock, ab as isPluginError, ac as isSddError, ad as isSessionError, ae as isTextBlock, af as isThinkingBlock, ag as isToolError, ah as isToolResultBlock, ai as isToolUseBlock, aj as isWrongStackError, ak as toWrongStackError } from '../context-MRk5PhNv.js';
2
+ export { P as ProviderRunner, R as RunProviderOptions } from '../provider-runner-DMa70ODu.js';
3
+ export { A as AutonomyConfig, n as CONTEXT_WINDOW_MODES, o as CircuitBreakerRuntimeConfig, h as Config, j as ConfigLoader, i as ConfigStore, p as ContextConfig, C as ContextWindowAggressiveOn, q as ContextWindowConfigLike, r as ContextWindowMode, s as ContextWindowModeId, g as ContextWindowPolicy, t as ContextWindowThresholds, u as CustomModelDefinition, D as DEFAULT_CONTEXT_WINDOW_MODE_ID, F as FeaturesConfig, f as HookEntry, H as HookEvent, l as HookInput, e as HookMatcher, m as HookOutcome, I as InProcessHook, v as IndexingConfig, L as LaunchConfig, w as LogConfig, c as MCPServerConfig, d as ModelMatrixEntry, x as ModelsDevModel, a as ModelsDevPayload, y as ModelsDevProvider, M as ModelsRegistry, z as PluginConfig, B as ProviderApiKey, P as ProviderConfig, b as ResolvedModel, R as ResolvedProvider, E as SessionLoggingConfig, S as ShellHook, G as SyncCategory, k as SyncConfig, T as TokenSavingTier, J as ToolsConfig, W as WireFamily, K as formatContextWindowModeList, N as getContextWindowMode, O as isContextWindowModeId, Q as listContextWindowModes, U as normalizeTokenSavingTier, V as resolveContextWindowPolicy } from '../config-BMCj_XDs.js';
4
+ export { a as CompactReport, C as Compactor } from '../compactor-B8pOf45Y.js';
5
+ export { a as PermissionDecision, P as PermissionPolicy, T as TrustPolicy } from '../permission-B9SB45lp.js';
6
6
  export { C as CheckpointInfo, R as RewindResult, a as RewindResultExtended, S as SessionRewinder } from '../session-rewinder-C9HnMkhP.js';
7
- export { a as AddAttachmentInput, c as Attachment, d as AttachmentKind, e as AttachmentMeta, b as AttachmentRef, A as AttachmentStore, D as DefaultSessionReader } from '../session-reader-KdfVwkKP.js';
8
- export { D as DEFAULT_AUTONOMY_CONFIG, a as DEFAULT_CONTEXT_CONFIG, b as DEFAULT_SESSION_LOGGING_CONFIG, c as DEFAULT_SESSION_PRUNE_DAYS, d as DEFAULT_TOOLS_CONFIG } from '../default-config-CXsDvOmP.js';
9
- export { D as DefaultSecretScrubber, a as DefaultSecretVault, S as SecretVaultOptions, d as decryptConfigSecrets, e as encryptConfigSecrets, i as isSecretField, m as migratePlaintextSecrets, r as rewriteConfigEncrypted } from '../secret-vault-CxiVLbt1.js';
7
+ export { a as AddAttachmentInput, c as Attachment, d as AttachmentKind, e as AttachmentMeta, b as AttachmentRef, A as AttachmentStore, D as DefaultSessionReader } from '../session-reader-CMgdMSRP.js';
8
+ export { D as DEFAULT_AUTONOMY_CONFIG, a as DEFAULT_CIRCUIT_BREAKER_CONFIG, b as DEFAULT_CONTEXT_CONFIG, c as DEFAULT_SESSION_LOGGING_CONFIG, d as DEFAULT_SESSION_PRUNE_DAYS, e as DEFAULT_TOOLS_CONFIG } from '../default-config-B0cj-Hry.js';
9
+ export { D as DefaultSecretScrubber, a as DefaultSecretVault, S as SecretVaultOptions, d as decryptConfigSecrets, e as encryptConfigSecrets, i as isSecretField, m as migratePlaintextSecrets, r as rewriteConfigEncrypted, b as rotateConfigKeys } from '../secret-vault-B2yw84VT.js';
10
10
  export { D as DefaultLogger, a as DefaultLoggerOptions, L as LogFormat, n as noOpLogger } from '../logger-DmmQhf4P.js';
11
- export { D as DefaultPathResolver, a as DefaultTokenCounter } from '../path-resolver-BPEDlN38.js';
12
- export { o as MEMORY_TYPE_LABELS, p as MemoryClearedPayload, q as MemoryConsolidatedPayload, b as MemoryEntry, r as MemoryForgottenPayload, s as MemoryPriority, d as MemoryRelevanceContext, t as MemoryRememberedPayload, M as MemoryScope, c as MemoryStore, u as MemoryType, S as ScoredEntry } from '../brain-O1IdKPaK.js';
13
- import { I as IterationStage, g as ParallelIterationStage } from '../parallel-eternal-engine-bK0JQBR_.js';
14
- export { C as CompactorOptions, D as DEFAULT_RECOVERY_STRATEGIES, a as DefaultErrorHandler, b as DefaultRetryPolicy, H as HybridCompactor, R as RecoveryStrategy, T as ToolExecutor, h as buildRecoveryStrategies } from '../parallel-eternal-engine-bK0JQBR_.js';
11
+ export { D as DefaultPathResolver, a as DefaultTokenCounter } from '../path-resolver-Dy2ej-gE.js';
12
+ export { o as MEMORY_TYPE_LABELS, p as MemoryClearedPayload, q as MemoryConsolidatedPayload, b as MemoryEntry, r as MemoryForgottenPayload, s as MemoryPriority, d as MemoryRelevanceContext, t as MemoryRememberedPayload, M as MemoryScope, c as MemoryStore, u as MemoryType, S as ScoredEntry } from '../brain-BXd_61kQ.js';
13
+ import { I as IterationStage, g as ParallelIterationStage } from '../parallel-eternal-engine-Jw9uhEoT.js';
14
+ export { C as CompactorOptions, D as DEFAULT_RECOVERY_STRATEGIES, a as DefaultErrorHandler, b as DefaultRetryPolicy, H as HybridCompactor, R as RecoveryStrategy, T as ToolExecutor, h as buildRecoveryStrategies } from '../parallel-eternal-engine-Jw9uhEoT.js';
15
15
  export { b as SkillEntry, S as SkillLoader, a as SkillManifest } from '../skill-DGIXCtdv.js';
16
- export { B as BuildContext, b as ModelCapabilities, a as Renderer, S as SystemPromptBuilder } from '../pipeline-CXCeMz8J.js';
16
+ export { B as BuildContext, b as ModelCapabilities, a as Renderer, S as SystemPromptBuilder } from '../pipeline-DPDxH_7m.js';
17
17
  export { I as InputReader, P as PromptOption } from '../input-reader-E-ffP2ee.js';
18
- export { J as CoordinatorEvents, C as CoordinatorStatus, D as DoneCondition, o as MCPRegistryView, r as MetricsSinkView, c as MultiAgentConfig, M as MultiAgentCoordinator, t as Plugin, P as PluginAPI, s as PluginCapabilities, N as PluginDependency, l as PluginPipelines, $ as ProviderFactory, n as ProviderRegistryView, q as SessionWriterView, k as SlashCommand, p as SlashCommandRegistryView, e as SpawnResult, S as SubagentConfig, Q as SubagentContext, R as SubagentError, U as SubagentErrorKind, V as SubagentRunContext, W as SubagentRunOutcome, d as SubagentRunner, Y as TaskDelegation, f as TaskResult, T as TaskSpec, m as ToolRegistryView } from '../agent-subagent-runner-c9DLkaas.js';
19
- export { D as DefaultModelsRegistry, a as DefaultModelsRegistryOptions, c as classifyFamily } from '../models-registry-B_siPxqN.js';
18
+ export { K as CoordinatorEvents, C as CoordinatorStatus, D as DoneCondition, o as MCPRegistryView, r as MetricsSinkView, c as MultiAgentConfig, M as MultiAgentCoordinator, u as Plugin, P as PluginAPI, s as PluginCapabilities, t as PluginDependency, l as PluginPipelines, a1 as ProviderFactory, n as ProviderRegistryView, q as SessionWriterView, k as SlashCommand, p as SlashCommandRegistryView, e as SpawnResult, S as SubagentConfig, R as SubagentContext, U as SubagentError, V as SubagentErrorKind, W as SubagentRunContext, X as SubagentRunOutcome, d as SubagentRunner, _ as TaskDelegation, f as TaskResult, T as TaskSpec, m as ToolRegistryView } from '../agent-subagent-runner-DM2pP-B6.js';
19
+ export { D as DefaultModelsRegistry, a as DefaultModelsRegistryOptions, c as classifyFamily } from '../models-registry-DmJlKuNp.js';
20
20
  export { D as DEFAULT_MODES, b as Mode, a as ModeConfig, c as ModeManifest, M as ModeStore } from '../mode-CZlO9iU1.js';
21
- export { I as InMemoryAgentBridge, a as InMemoryBridgeTransport, c as createMessage } from '../agent-bridge-D8sa1vtv.js';
21
+ export { I as InMemoryAgentBridge, a as InMemoryBridgeTransport, c as createMessage } from '../agent-bridge-DrkBxszZ.js';
22
22
  export { D as DEFAULT_SPEC_TEMPLATE, S as SpecAnalysis, a as SpecApiEndpoint, b as SpecRequirement, c as SpecSection, d as SpecSectionType, e as SpecStatus, f as SpecTemplate, g as SpecValidationResult, h as Specification } from '../spec-TBi3Jr6T.js';
23
23
  export { C as CriticalPathResult, f as TaskAssignment, g as TaskDependency, h as TaskEdge, i as TaskFilter, d as TaskGraph, e as TaskNode, a as TaskPriority, c as TaskProgress, j as TaskSort, b as TaskStatus, T as TaskType, k as computeTaskProgress, l as findCriticalPath, t as topologicalSort } from '../task-graph-u1q9Jkyk.js';
24
24
  export { A as AggregateHealth, a as HealthCheck, b as HealthCheckResult, H as HealthRegistry, c as HealthStatus, d as MetricLabels, e as MetricSeries, M as MetricsSink, f as MetricsSnapshot, S as Span, T as Tracer } from '../observability-D-HZN_mF.js';
25
- export { S as SystemPromptContributor } from '../index-CbLSI66_.js';
25
+ export { S as SystemPromptContributor } from '../index-CEDeNodM.js';
26
26
  import '../logger-B63L5bTg.js';
27
- import '../retry-policy-CFhdtRzz.js';
28
- import '../secret-vault-BJDY28ev.js';
27
+ import '../retry-policy-CN0khdlj.js';
28
+ import '../secret-vault-BAKpgFw_.js';
29
29
  import '../path-resolver-CPRj4bFY.js';
30
- import '../goal-store-CxWmCGbH.js';
31
- import '../multi-agent-coordinator-CK5Jdj9K.js';
30
+ import '../goal-store-DtLMySNb.js';
31
+ import '../multi-agent-coordinator-DyCkCZnU.js';
32
32
  import 'node:events';
33
33
 
34
34
  /** Union of serial and parallel autonomy engine stage types (from EternalAutonomyEngine / ParallelEternalEngine). */
@@ -280,12 +280,9 @@ function getCachedEstimate(key, compute) {
280
280
  const existing = ESTIMATE_CACHE.get(key);
281
281
  if (existing !== void 0) return existing;
282
282
  if (ESTIMATE_CACHE.size >= ESTIMATE_CACHE_MAX_SIZE) {
283
- let evicted = 0;
284
- const maxEvict = Math.floor(ESTIMATE_CACHE_MAX_SIZE / 4);
285
283
  for (const k of ESTIMATE_CACHE.keys()) {
286
- if (evicted >= maxEvict) break;
284
+ if (ESTIMATE_CACHE.size <= Math.floor(ESTIMATE_CACHE_MAX_SIZE / 2)) break;
287
285
  ESTIMATE_CACHE.delete(k);
288
- evicted++;
289
286
  }
290
287
  }
291
288
  const estimate = compute(key);
@@ -998,6 +995,20 @@ function providerStatusToCode(status, type) {
998
995
  return ERROR_CODES.PROVIDER_INVALID_REQUEST;
999
996
  }
1000
997
 
998
+ // src/types/config.ts
999
+ function normalizeTokenSavingTier(val) {
1000
+ if (val === void 0) return "off";
1001
+ if (typeof val === "boolean") return val ? "medium" : "off";
1002
+ const validTiers = /* @__PURE__ */ new Set([
1003
+ "off",
1004
+ "minimal",
1005
+ "light",
1006
+ "medium",
1007
+ "aggressive"
1008
+ ]);
1009
+ return validTiers.has(val) ? val : "off";
1010
+ }
1011
+
1001
1012
  // src/types/default-config.ts
1002
1013
  var DEFAULT_TOOLS_CONFIG = Object.freeze({
1003
1014
  defaultExecutionStrategy: "smart",
@@ -1005,7 +1016,8 @@ var DEFAULT_TOOLS_CONFIG = Object.freeze({
1005
1016
  iterationTimeoutMs: 3e5,
1006
1017
  sessionTimeoutMs: 18e5,
1007
1018
  perIterationOutputCapBytes: 1e5,
1008
- autoExtendLimit: true
1019
+ autoExtendLimit: true,
1020
+ restrictToProjectRoot: false
1009
1021
  });
1010
1022
  var DEFAULT_CONTEXT_CONFIG = Object.freeze({
1011
1023
  preserveK: 10,
@@ -1014,6 +1026,10 @@ var DEFAULT_CONTEXT_CONFIG = Object.freeze({
1014
1026
  var DEFAULT_AUTONOMY_CONFIG = Object.freeze({
1015
1027
  autoProceedDelayMs: 45e3
1016
1028
  });
1029
+ var DEFAULT_CIRCUIT_BREAKER_CONFIG = Object.freeze({
1030
+ enabled: false,
1031
+ autoKillResetMs: 6e4
1032
+ });
1017
1033
  var DEFAULT_SESSION_LOGGING_CONFIG = Object.freeze({
1018
1034
  auditLevel: "standard",
1019
1035
  sampling: {
@@ -1025,7 +1041,10 @@ var DEFAULT_SESSION_LOGGING_CONFIG = Object.freeze({
1025
1041
  var DEFAULT_SESSION_PRUNE_DAYS = 30;
1026
1042
 
1027
1043
  // src/types/secret-vault.ts
1028
- var ENCRYPTED_PREFIX = "enc:v1:";
1044
+ var ENCRYPTED_PREFIX_PATTERN = /^enc:v(\d+):/;
1045
+ function encryptedPrefixForVersion(version) {
1046
+ return `enc:v${version}:`;
1047
+ }
1029
1048
 
1030
1049
  // src/security/secret-vault.ts
1031
1050
  var KEY_BYTES = 32;
@@ -1033,6 +1052,8 @@ var IV_BYTES = 12;
1033
1052
  var TAG_BYTES = 16;
1034
1053
  var ALGO = "aes-256-gcm";
1035
1054
  var KEY_FILE_MODE = 384;
1055
+ var KEY_FILE_MAGIC = Buffer.from("WSKV", "ascii");
1056
+ var VERSIONED_KEY_FILE_SIZE = KEY_FILE_MAGIC.length + 1 + KEY_BYTES;
1036
1057
  function checkKeyFilePermissions(keyFile) {
1037
1058
  if (process.platform === "win32") return;
1038
1059
  try {
@@ -1055,11 +1076,17 @@ function checkKeyFilePermissions(keyFile) {
1055
1076
  var DefaultSecretVault = class {
1056
1077
  keyFile;
1057
1078
  key;
1079
+ _keyVersion = 1;
1058
1080
  constructor(opts) {
1059
1081
  this.keyFile = opts.keyFile;
1060
1082
  }
1083
+ /** Current key version. Starts at 1; incremented by rotateKey(). */
1084
+ get keyVersion() {
1085
+ if (!this.key) this.loadOrCreateKey();
1086
+ return this._keyVersion;
1087
+ }
1061
1088
  isEncrypted(value) {
1062
- return typeof value === "string" && value.startsWith(ENCRYPTED_PREFIX);
1089
+ return typeof value === "string" && ENCRYPTED_PREFIX_PATTERN.test(value);
1063
1090
  }
1064
1091
  encrypt(plaintext) {
1065
1092
  if (this.isEncrypted(plaintext)) return plaintext;
@@ -1068,11 +1095,20 @@ var DefaultSecretVault = class {
1068
1095
  const cipher = createCipheriv(ALGO, key, iv);
1069
1096
  const ct = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
1070
1097
  const tag = cipher.getAuthTag();
1071
- return `${ENCRYPTED_PREFIX}${iv.toString("base64")}:${tag.toString("base64")}:${ct.toString("base64")}`;
1098
+ const prefix = encryptedPrefixForVersion(this._keyVersion);
1099
+ return `${prefix}${iv.toString("base64")}:${tag.toString("base64")}:${ct.toString("base64")}`;
1072
1100
  }
1073
1101
  decrypt(value) {
1074
1102
  if (!this.isEncrypted(value)) return value;
1075
- const rest = value.slice(ENCRYPTED_PREFIX.length);
1103
+ const prefixMatch = value.match(ENCRYPTED_PREFIX_PATTERN);
1104
+ if (!prefixMatch) {
1105
+ throw new ConfigError({
1106
+ message: "SecretVault: malformed encrypted value",
1107
+ code: ERROR_CODES.CONFIG_PARSE_FAILED,
1108
+ context: { field: "encrypted_value" }
1109
+ });
1110
+ }
1111
+ const rest = value.slice(prefixMatch[0].length);
1076
1112
  const parts = rest.split(":");
1077
1113
  if (parts.length !== 3) {
1078
1114
  throw new ConfigError({
@@ -1101,20 +1137,64 @@ var DefaultSecretVault = class {
1101
1137
  const pt = Buffer.concat([decipher.update(ct), decipher.final()]);
1102
1138
  return pt.toString("utf8");
1103
1139
  }
1140
+ /**
1141
+ * Generate a new encryption key, write it to disk, and increment the key version.
1142
+ * After rotation, encrypt() emits the new version prefix (e.g. enc:v2:).
1143
+ * The caller must re-encrypt existing config values (see rotateConfigKeys()).
1144
+ */
1145
+ rotateKey() {
1146
+ const oldVersion = this._keyVersion;
1147
+ const newKey = randomBytes(KEY_BYTES);
1148
+ const newVersion = oldVersion + 1;
1149
+ const keyFileBuf = Buffer.alloc(VERSIONED_KEY_FILE_SIZE);
1150
+ KEY_FILE_MAGIC.copy(keyFileBuf, 0);
1151
+ keyFileBuf[KEY_FILE_MAGIC.length] = newVersion;
1152
+ newKey.copy(keyFileBuf, KEY_FILE_MAGIC.length + 1);
1153
+ fs2.mkdirSync(path4.dirname(this.keyFile), { recursive: true });
1154
+ fs2.writeFileSync(this.keyFile, keyFileBuf, { mode: 384 });
1155
+ checkKeyFilePermissions(this.keyFile);
1156
+ this.key = newKey;
1157
+ this._keyVersion = newVersion;
1158
+ return { oldVersion, newVersion };
1159
+ }
1104
1160
  loadOrCreateKey() {
1105
1161
  if (this.key) return this.key;
1106
1162
  try {
1107
1163
  const buf = fs2.readFileSync(this.keyFile);
1108
- if (buf.length !== KEY_BYTES) {
1109
- throw new ConfigError({
1110
- message: `SecretVault: key file ${this.keyFile} is ${buf.length} bytes (expected ${KEY_BYTES}). Remove it manually to generate a new key.`,
1111
- code: ERROR_CODES.CONFIG_INVALID,
1112
- context: { keyFile: this.keyFile, expectedBytes: KEY_BYTES, actualBytes: buf.length }
1113
- });
1164
+ if (buf.length === KEY_BYTES) {
1165
+ this.key = buf;
1166
+ this._keyVersion = 1;
1167
+ checkKeyFilePermissions(this.keyFile);
1168
+ return this.key;
1169
+ }
1170
+ if (buf.length === VERSIONED_KEY_FILE_SIZE) {
1171
+ const magic = buf.subarray(0, KEY_FILE_MAGIC.length);
1172
+ if (!magic.equals(KEY_FILE_MAGIC)) {
1173
+ throw new ConfigError({
1174
+ message: `SecretVault: key file ${this.keyFile} has invalid magic header`,
1175
+ code: ERROR_CODES.CONFIG_INVALID,
1176
+ context: { keyFile: this.keyFile }
1177
+ });
1178
+ }
1179
+ const version = buf[KEY_FILE_MAGIC.length];
1180
+ const key2 = buf.subarray(KEY_FILE_MAGIC.length + 1);
1181
+ if (key2.length !== KEY_BYTES) {
1182
+ throw new ConfigError({
1183
+ message: `SecretVault: key file ${this.keyFile} has wrong key size (${key2.length} bytes, expected ${KEY_BYTES})`,
1184
+ code: ERROR_CODES.CONFIG_INVALID,
1185
+ context: { keyFile: this.keyFile, expectedBytes: KEY_BYTES, actualBytes: key2.length }
1186
+ });
1187
+ }
1188
+ this.key = Buffer.from(key2);
1189
+ this._keyVersion = version;
1190
+ checkKeyFilePermissions(this.keyFile);
1191
+ return this.key;
1114
1192
  }
1115
- this.key = buf;
1116
- checkKeyFilePermissions(this.keyFile);
1117
- return this.key;
1193
+ throw new ConfigError({
1194
+ message: `SecretVault: key file ${this.keyFile} is ${buf.length} bytes (expected ${KEY_BYTES} for v1 or ${VERSIONED_KEY_FILE_SIZE} for v2+). Remove it manually to generate a new key.`,
1195
+ code: ERROR_CODES.CONFIG_INVALID,
1196
+ context: { keyFile: this.keyFile, expectedBytes: KEY_BYTES, actualBytes: buf.length }
1197
+ });
1118
1198
  } catch (err) {
1119
1199
  if (err.code !== "ENOENT") throw err;
1120
1200
  }
@@ -1125,18 +1205,36 @@ var DefaultSecretVault = class {
1125
1205
  } catch (err) {
1126
1206
  if (err.code !== "EEXIST") throw err;
1127
1207
  const buf = fs2.readFileSync(this.keyFile);
1128
- if (buf.length !== KEY_BYTES) {
1129
- throw new ConfigError({
1130
- message: `SecretVault: key file ${this.keyFile} is ${buf.length} bytes (expected ${KEY_BYTES}). Remove it manually to generate a new key.`,
1131
- code: ERROR_CODES.CONFIG_INVALID,
1132
- context: { keyFile: this.keyFile, expectedBytes: KEY_BYTES, actualBytes: buf.length }
1133
- });
1208
+ if (buf.length === KEY_BYTES) {
1209
+ this.key = buf;
1210
+ this._keyVersion = 1;
1211
+ checkKeyFilePermissions(this.keyFile);
1212
+ return this.key;
1213
+ }
1214
+ if (buf.length === VERSIONED_KEY_FILE_SIZE) {
1215
+ const magic = buf.subarray(0, KEY_FILE_MAGIC.length);
1216
+ if (!magic.equals(KEY_FILE_MAGIC)) {
1217
+ throw new ConfigError({
1218
+ message: `SecretVault: key file ${this.keyFile} has invalid magic header`,
1219
+ code: ERROR_CODES.CONFIG_INVALID,
1220
+ context: { keyFile: this.keyFile }
1221
+ });
1222
+ }
1223
+ const version = buf[KEY_FILE_MAGIC.length];
1224
+ const winnerKey = buf.subarray(KEY_FILE_MAGIC.length + 1);
1225
+ this.key = Buffer.from(winnerKey);
1226
+ this._keyVersion = version;
1227
+ checkKeyFilePermissions(this.keyFile);
1228
+ return this.key;
1134
1229
  }
1135
- this.key = buf;
1136
- checkKeyFilePermissions(this.keyFile);
1137
- return this.key;
1230
+ throw new ConfigError({
1231
+ message: `SecretVault: key file ${this.keyFile} is ${buf.length} bytes (expected ${KEY_BYTES} for v1 or ${VERSIONED_KEY_FILE_SIZE} for v2+). Remove it manually to generate a new key.`,
1232
+ code: ERROR_CODES.CONFIG_INVALID,
1233
+ context: { keyFile: this.keyFile, expectedBytes: KEY_BYTES, actualBytes: buf.length }
1234
+ });
1138
1235
  }
1139
1236
  this.key = key;
1237
+ this._keyVersion = 1;
1140
1238
  return key;
1141
1239
  }
1142
1240
  };
@@ -1217,6 +1315,80 @@ async function migratePlaintextSecrets(configPath, vault, logger) {
1217
1315
  );
1218
1316
  return { migrated: counter.n, file: configPath };
1219
1317
  }
1318
+ async function rotateConfigKeys(configPath, vault, logger) {
1319
+ const log = logger?.info ?? (() => {
1320
+ });
1321
+ const warn = logger?.warn ?? ((msg) => console.warn(msg));
1322
+ let raw;
1323
+ try {
1324
+ raw = await fs.readFile(configPath, "utf8");
1325
+ } catch {
1326
+ const { oldVersion: oldVersion2, newVersion: newVersion2 } = vault.rotateKey();
1327
+ log(`[secret-vault] Key rotated (v${oldVersion2} \u2192 v${newVersion2}) \u2014 no config file to re-encrypt`);
1328
+ return { rotated: 0, oldVersion: oldVersion2, newVersion: newVersion2, file: configPath };
1329
+ }
1330
+ let parsed;
1331
+ try {
1332
+ parsed = JSON.parse(raw);
1333
+ } catch {
1334
+ warn(`[secret-vault] Config file ${configPath} is not valid JSON \u2014 skipping rotation`);
1335
+ return { rotated: 0, oldVersion: vault.keyVersion, newVersion: vault.keyVersion, file: configPath };
1336
+ }
1337
+ const counter = { n: 0 };
1338
+ const decrypted = walkDecryptCount(parsed, vault, counter);
1339
+ if (counter.n === 0) {
1340
+ const { oldVersion: oldVersion2, newVersion: newVersion2 } = vault.rotateKey();
1341
+ log(`[secret-vault] Key rotated (v${oldVersion2} \u2192 v${newVersion2}) \u2014 no encrypted fields to re-encrypt`);
1342
+ return { rotated: 0, oldVersion: oldVersion2, newVersion: newVersion2, file: configPath };
1343
+ }
1344
+ const { oldVersion, newVersion } = vault.rotateKey();
1345
+ const reencrypted = walkReencrypt(decrypted, vault);
1346
+ await atomicWrite(configPath, JSON.stringify(reencrypted, null, 2), { mode: 384 });
1347
+ await restrictFilePermissions(configPath, { warn });
1348
+ log(`[secret-vault] Key rotated (v${oldVersion} \u2192 v${newVersion}) \u2014 re-encrypted ${counter.n} field(s)`);
1349
+ return { rotated: counter.n, oldVersion, newVersion, file: configPath };
1350
+ }
1351
+ function walkDecryptCount(node, vault, counter) {
1352
+ if (node === null || node === void 0) return node;
1353
+ if (typeof node !== "object") return node;
1354
+ if (Array.isArray(node)) {
1355
+ return node.map((item) => walkDecryptCount(item, vault, counter));
1356
+ }
1357
+ const out = /* @__PURE__ */ Object.create(null);
1358
+ for (const [k, v] of Object.entries(node)) {
1359
+ if (typeof v === "string" && vault.isEncrypted(v)) {
1360
+ try {
1361
+ out[k] = vault.decrypt(v);
1362
+ counter.n++;
1363
+ } catch {
1364
+ out[k] = v;
1365
+ }
1366
+ } else if (typeof v === "object" && v !== null) {
1367
+ out[k] = walkDecryptCount(v, vault, counter);
1368
+ } else {
1369
+ out[k] = v;
1370
+ }
1371
+ }
1372
+ return out;
1373
+ }
1374
+ function walkReencrypt(node, vault) {
1375
+ if (node === null || node === void 0) return node;
1376
+ if (typeof node !== "object") return node;
1377
+ if (Array.isArray(node)) {
1378
+ return node.map((item) => walkReencrypt(item, vault));
1379
+ }
1380
+ const out = /* @__PURE__ */ Object.create(null);
1381
+ for (const [k, v] of Object.entries(node)) {
1382
+ if (typeof v === "string" && isSecretField(k) && v.length > 0 && !vault.isEncrypted(v)) {
1383
+ out[k] = vault.encrypt(v);
1384
+ } else if (typeof v === "object" && v !== null) {
1385
+ out[k] = walkReencrypt(v, vault);
1386
+ } else {
1387
+ out[k] = v;
1388
+ }
1389
+ }
1390
+ return out;
1391
+ }
1220
1392
  async function restrictFilePermissions(filePath, opts) {
1221
1393
  const warn = opts?.warn ?? ((msg) => console.warn(msg));
1222
1394
  if (process.platform === "win32") {
@@ -1567,7 +1739,11 @@ var MEMORY_TYPE_LABELS = {
1567
1739
  };
1568
1740
 
1569
1741
  // src/execution/compaction-core.ts
1742
+ function compactionDebugEnabled() {
1743
+ return process.env["NODE_ENV"] === "development" || process.env["WRONGSTACK_DEBUG"] === "1";
1744
+ }
1570
1745
  function emitCompactionMetrics(event, metrics) {
1746
+ if (!compactionDebugEnabled()) return;
1571
1747
  console.log(
1572
1748
  JSON.stringify({
1573
1749
  level: "debug",
@@ -1622,18 +1798,20 @@ function findPreserveStart(messages, preserveK) {
1622
1798
  }
1623
1799
  }
1624
1800
  }
1625
- console.log(
1626
- JSON.stringify({
1627
- level: "debug",
1628
- event: "compaction.find_preserve_start.ended",
1629
- messageCount: messages.length,
1630
- preserveK,
1631
- preserveStart,
1632
- forwardWalkIterations,
1633
- forwardWalkInnerIterations,
1634
- forwardWalkInnerPerOuter: forwardWalkIterations > 0 ? forwardWalkInnerIterations / forwardWalkIterations : 0
1635
- })
1636
- );
1801
+ if (compactionDebugEnabled()) {
1802
+ console.log(
1803
+ JSON.stringify({
1804
+ level: "debug",
1805
+ event: "compaction.find_preserve_start.ended",
1806
+ messageCount: messages.length,
1807
+ preserveK,
1808
+ preserveStart,
1809
+ forwardWalkIterations,
1810
+ forwardWalkInnerIterations,
1811
+ forwardWalkInnerPerOuter: forwardWalkIterations > 0 ? forwardWalkInnerIterations / forwardWalkIterations : 0
1812
+ })
1813
+ );
1814
+ }
1637
1815
  return preserveStart;
1638
1816
  }
1639
1817
  function eliseOldToolResults(messages, opts) {
@@ -1700,7 +1878,7 @@ function eliseOldToolResults(messages, opts) {
1700
1878
  changed = true;
1701
1879
  }
1702
1880
  fullPassInnerIterations += original.length;
1703
- if (process.env["NODE_ENV"] === "development" || process.env["WRONGSTACK_DEBUG"] === "1") {
1881
+ if (compactionDebugEnabled()) {
1704
1882
  const ratio = fullPassInnerIterations / fullPassIterations;
1705
1883
  if (ratio > 10) {
1706
1884
  console.error(
@@ -2234,6 +2412,27 @@ var PATTERNS = [
2234
2412
  { type: "postgres_uri", regex: /postgres(?:ql)?:\/\/[^\s"'`]+/g },
2235
2413
  { type: "mysql_uri", regex: /mysql:\/\/[^\s"'`]+/g },
2236
2414
  { type: "redis_uri", regex: /redis:\/\/[^\s"'`]+/g },
2415
+ // AI/ML provider keys — modern LLM services with well-known prefixes
2416
+ {
2417
+ type: "huggingface_token",
2418
+ // HuggingFace tokens: hf_ followed by 34 alphanumeric chars
2419
+ regex: /(?<![A-Za-z0-9])hf_[A-Za-z0-9]{34}(?![A-Za-z0-9])/g
2420
+ },
2421
+ {
2422
+ type: "replicate_token",
2423
+ // Replicate tokens: r8_ followed by 40+ alphanumeric chars
2424
+ regex: /(?<![A-Za-z0-9])r8_[A-Za-z0-9]{40,}(?![A-Za-z0-9])/g
2425
+ },
2426
+ {
2427
+ type: "perplexity_key",
2428
+ // Perplexity API keys: pplx- followed by 40+ alphanumeric chars
2429
+ regex: /(?<![A-Za-z0-9])pplx-[A-Za-z0-9]{40,}(?![A-Za-z0-9])/g
2430
+ },
2431
+ {
2432
+ type: "groq_key",
2433
+ // Groq API keys: gsk_ followed by 40+ alphanumeric chars
2434
+ regex: /(?<![A-Za-z0-9])gsk_[A-Za-z0-9]{40,}(?![A-Za-z0-9])/g
2435
+ },
2237
2436
  {
2238
2437
  type: "bearer_token",
2239
2438
  // Anchored with alternation instead of negative lookahead — avoids V8
@@ -2267,6 +2466,10 @@ function hasCredentialAnchors(text) {
2267
2466
  text.includes("xox") || // Slack token (xoxa/xoxb/xoxp/xoxo/xoxs)
2268
2467
  text.includes("Bearer ") || // Bearer token (space suffix reduces false positives)
2269
2468
  text.includes("/bot") || // Telegram bot token (URL path pattern)
2469
+ text.includes("hf_") || // HuggingFace token
2470
+ text.includes("r8_") || // Replicate token
2471
+ text.includes("pplx-") || // Perplexity API key
2472
+ text.includes("gsk_") || // Groq API key
2270
2473
  text.includes("_KEY=") || // High-entropy env vars: API_KEY=, SECRET_KEY=, ...
2271
2474
  text.includes("_TOKEN=") || // ACCESS_TOKEN=, AUTH_TOKEN=, ...
2272
2475
  text.includes("_SECRET=") || // API_SECRET=, CLIENT_SECRET=, ...
@@ -3905,6 +4108,13 @@ var Context = class {
3905
4108
  projectRoot;
3906
4109
  /** Mutable working directory — starts as `cwd`. Change via `setWorkingDir()`. */
3907
4110
  workingDir;
4111
+ /**
4112
+ * When true, file tools (via `_util.ts`) and `setWorkingDir()` reject paths
4113
+ * outside `projectRoot`. When false, those boundary checks are bypassed so
4114
+ * tools may reach paths outside the project (still gated by permission
4115
+ * tiers). Mutable so `/settings` can toggle it live on the running session.
4116
+ */
4117
+ allowOutsideProjectRoot;
3908
4118
  model;
3909
4119
  tools = [];
3910
4120
  meta = {};
@@ -3918,11 +4128,6 @@ var Context = class {
3918
4128
  * so storage operations can include it in `storage.*` events.
3919
4129
  */
3920
4130
  traceId;
3921
- /**
3922
- * When true, tools can access any path on the filesystem.
3923
- * When false or undefined, tools are restricted to the project root.
3924
- */
3925
- allowOutsideProjectRoot;
3926
4131
  /** Callbacks fired when `setWorkingDir()` changes the working directory. */
3927
4132
  _onWorkingDirChanged = [];
3928
4133
  /**
@@ -3954,12 +4159,13 @@ var Context = class {
3954
4159
  this.cwd = init.cwd;
3955
4160
  this.projectRoot = init.projectRoot;
3956
4161
  this.workingDir = init.workingDir ?? init.cwd;
4162
+ this.allowOutsideProjectRoot = init.allowOutsideProjectRoot ?? false;
3957
4163
  this.model = init.model;
3958
4164
  this.tools = init.tools ?? [];
3959
4165
  this.agentId = init.agentId ?? "unknown";
3960
4166
  this.agentName = init.agentName ?? "Unknown Agent";
3961
4167
  this.traceId = init.traceId;
3962
- this.allowOutsideProjectRoot = init.allowOutsideProjectRoot ?? true;
4168
+ this.allowOutsideProjectRoot = init.allowOutsideProjectRoot ?? false;
3963
4169
  this.session.traceId = init.traceId;
3964
4170
  }
3965
4171
  /**
@@ -4025,12 +4231,14 @@ var Context = class {
4025
4231
  */
4026
4232
  setWorkingDir(dir) {
4027
4233
  const resolved = path4.isAbsolute(dir) ? path4.resolve(dir) : path4.resolve(this.projectRoot, dir);
4028
- const root = path4.resolve(this.projectRoot);
4029
- const rel = path4.relative(root, resolved);
4030
- if (rel.startsWith("..") || path4.isAbsolute(rel)) {
4031
- throw new Error(
4032
- `Working directory "${resolved}" is outside project root "${root}"`
4033
- );
4234
+ if (!this.allowOutsideProjectRoot) {
4235
+ const root = path4.resolve(this.projectRoot);
4236
+ const rel = path4.relative(root, resolved);
4237
+ if (rel.startsWith("..") || path4.isAbsolute(rel)) {
4238
+ throw new Error(
4239
+ `Working directory "${resolved}" is outside project root "${root}"`
4240
+ );
4241
+ }
4034
4242
  }
4035
4243
  const old = this.workingDir;
4036
4244
  this.workingDir = resolved;
@@ -4336,6 +4544,6 @@ function renderPlainText(meta, events) {
4336
4544
  return lines.join("\n");
4337
4545
  }
4338
4546
 
4339
- export { AgentError, CONTEXT_WINDOW_MODES, ConfigError, Context, DEFAULT_AUTONOMY_CONFIG, DEFAULT_CONTEXT_CONFIG, DEFAULT_CONTEXT_WINDOW_MODE_ID, DEFAULT_MODES, DEFAULT_RECOVERY_STRATEGIES, DEFAULT_SESSION_LOGGING_CONFIG, DEFAULT_SESSION_PRUNE_DAYS, DEFAULT_SPEC_TEMPLATE, DEFAULT_TOOLS_CONFIG, DefaultErrorHandler, DefaultLogger, DefaultModelsRegistry, DefaultPathResolver, DefaultRetryPolicy, DefaultSecretScrubber, DefaultSecretVault, DefaultSessionReader, DefaultTokenCounter, ERROR_CODES, FsError, HybridCompactor, InMemoryAgentBridge, InMemoryBridgeTransport, MEMORY_TYPE_LABELS, PluginError, ProviderError, SddError, SessionError, StreamHangError, ToolError, ToolExecutor, WrongStackError, asBlocks, asText, buildRecoveryStrategies, classifyFamily, computeTaskProgress, createMessage, decryptConfigSecrets, encryptConfigSecrets, findCriticalPath, formatContextWindowModeList, getContextWindowMode, isAgentError, isConfigError, isContextWindowModeId, isFsError, isImageBlock, isPluginError, isSddError, isSecretField, isSessionError, isTextBlock, isThinkingBlock, isToolError, isToolResultBlock, isToolUseBlock, isWrongStackError, listContextWindowModes, migratePlaintextSecrets, noOpLogger, resolveContextWindowPolicy, rewriteConfigEncrypted, toWrongStackError, topologicalSort };
4547
+ export { AgentError, CONTEXT_WINDOW_MODES, ConfigError, Context, DEFAULT_AUTONOMY_CONFIG, DEFAULT_CIRCUIT_BREAKER_CONFIG, DEFAULT_CONTEXT_CONFIG, DEFAULT_CONTEXT_WINDOW_MODE_ID, DEFAULT_MODES, DEFAULT_RECOVERY_STRATEGIES, DEFAULT_SESSION_LOGGING_CONFIG, DEFAULT_SESSION_PRUNE_DAYS, DEFAULT_SPEC_TEMPLATE, DEFAULT_TOOLS_CONFIG, DefaultErrorHandler, DefaultLogger, DefaultModelsRegistry, DefaultPathResolver, DefaultRetryPolicy, DefaultSecretScrubber, DefaultSecretVault, DefaultSessionReader, DefaultTokenCounter, ERROR_CODES, FsError, HybridCompactor, InMemoryAgentBridge, InMemoryBridgeTransport, MEMORY_TYPE_LABELS, PluginError, ProviderError, SddError, SessionError, StreamHangError, ToolError, ToolExecutor, WrongStackError, asBlocks, asText, buildRecoveryStrategies, classifyFamily, computeTaskProgress, createMessage, decryptConfigSecrets, encryptConfigSecrets, findCriticalPath, formatContextWindowModeList, getContextWindowMode, isAgentError, isConfigError, isContextWindowModeId, isFsError, isImageBlock, isPluginError, isSddError, isSecretField, isSessionError, isTextBlock, isThinkingBlock, isToolError, isToolResultBlock, isToolUseBlock, isWrongStackError, listContextWindowModes, migratePlaintextSecrets, noOpLogger, normalizeTokenSavingTier, resolveContextWindowPolicy, rewriteConfigEncrypted, rotateConfigKeys, toWrongStackError, topologicalSort };
4340
4548
  //# sourceMappingURL=index.js.map
4341
4549
  //# sourceMappingURL=index.js.map