@wrongstack/core 0.276.4 → 0.277.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (68) hide show
  1. package/dist/{agent-bridge-D7A-eu3C.d.ts → agent-bridge-BFJ2ODzI.d.ts} +1 -1
  2. package/dist/{agent-subagent-runner-CEuw4ATz.d.ts → agent-subagent-runner-BimKihiC.d.ts} +7 -7
  3. package/dist/{brain-BLOyN5ZP.d.ts → brain-CCfuEOdp.d.ts} +1 -1
  4. package/dist/{compactor-DcBpaJsI.d.ts → compactor-D3BGw26y.d.ts} +1 -1
  5. package/dist/{config-Bf5mj-ad.d.ts → config-DAOjriz9.d.ts} +1 -1
  6. package/dist/{context-CLnUMW5g.d.ts → context-DPlA6kid.d.ts} +5 -6
  7. package/dist/coordination/index.d.ts +17 -17
  8. package/dist/coordination/index.js +38 -14
  9. package/dist/coordination/index.js.map +1 -1
  10. package/dist/defaults/index.d.ts +27 -27
  11. package/dist/defaults/index.js +177 -93
  12. package/dist/defaults/index.js.map +1 -1
  13. package/dist/execution/index.d.ts +15 -15
  14. package/dist/execution/index.js +13 -1
  15. package/dist/execution/index.js.map +1 -1
  16. package/dist/execution/prompt-enhancer.d.ts +1 -1
  17. package/dist/extension/index.d.ts +6 -6
  18. package/dist/{global-mailbox-Iqfkgmwu.d.ts → global-mailbox-Dr4cTKqL.d.ts} +1 -1
  19. package/dist/{goal-store-DGb6b5Ed.d.ts → goal-store-C1uH4srH.d.ts} +1 -1
  20. package/dist/hq/index.d.ts +5 -5
  21. package/dist/{index-Cn0NOshr.d.ts → index-DJXj-dcr.d.ts} +5 -5
  22. package/dist/{index-L4RZN9jJ.d.ts → index-cMEmzCVN.d.ts} +23 -5
  23. package/dist/index.d.ts +41 -41
  24. package/dist/index.js +220 -111
  25. package/dist/index.js.map +1 -1
  26. package/dist/infrastructure/index.d.ts +6 -6
  27. package/dist/infrastructure/index.js +4 -1
  28. package/dist/infrastructure/index.js.map +1 -1
  29. package/dist/kernel/index.d.ts +11 -11
  30. package/dist/{mcp-servers-CuZGf9fI.d.ts → mcp-servers-CFb60-pH.d.ts} +3 -3
  31. package/dist/models/index.d.ts +5 -5
  32. package/dist/{models-registry-8XOdxWQu.d.ts → models-registry-5Ufn7f2m.d.ts} +1 -1
  33. package/dist/{multi-agent-coordinator-CiRtKVTk.d.ts → multi-agent-coordinator-CcrcncvG.d.ts} +1 -1
  34. package/dist/{null-fleet-bus-d9G-bVy9.d.ts → null-fleet-bus-C9KsYyrI.d.ts} +13 -6
  35. package/dist/observability/index.d.ts +2 -2
  36. package/dist/{path-resolver-BhIb6mtd.d.ts → path-resolver-CEeX9I7O.d.ts} +3 -3
  37. package/dist/{permission-BCbQDR2s.d.ts → permission-DbsGOA1C.d.ts} +7 -6
  38. package/dist/{permission-policy-C0ikndX_.d.ts → permission-policy-BpEea3r7.d.ts} +12 -14
  39. package/dist/{pipeline-Dl6XbfE7.d.ts → pipeline-CEjBjzVA.d.ts} +2 -2
  40. package/dist/{provider-model-resolve-B70epO19.d.ts → provider-model-resolve-BpfXp3Jj.d.ts} +3 -3
  41. package/dist/{provider-runner-DZ808MSM.d.ts → provider-runner-CnOSr5BN.d.ts} +3 -3
  42. package/dist/{retry-policy-Dt3_z8Aj.d.ts → retry-policy-Git9WF6d.d.ts} +1 -1
  43. package/dist/sdd/index.d.ts +9 -9
  44. package/dist/{secret-vault-BUJ2d1gB.d.ts → secret-vault-DDSMHqIm.d.ts} +1 -1
  45. package/dist/security/index.d.ts +5 -5
  46. package/dist/security/index.js +173 -94
  47. package/dist/security/index.js.map +1 -1
  48. package/dist/{selector-BCkWgdwy.d.ts → selector-Cq72C0Oy.d.ts} +1 -1
  49. package/dist/{session-event-bridge-CMvIO59_.d.ts → session-event-bridge-DG94B3Bk.d.ts} +1 -1
  50. package/dist/{session-reader-C8aiChUu.d.ts → session-reader-BzT-iMQT.d.ts} +1 -1
  51. package/dist/storage/index.d.ts +11 -11
  52. package/dist/{strategy-compactor-DI1OHVbB.d.ts → strategy-compactor-Bt_ZH6R0.d.ts} +10 -10
  53. package/dist/{todos-checkpoint-Ddd2CGr0.d.ts → todos-checkpoint-CH1pcua9.d.ts} +5 -5
  54. package/dist/{tool-executor-Bmd5Ygoo.d.ts → tool-executor-SVFq7IOR.d.ts} +9 -9
  55. package/dist/tools/index.d.ts +2 -2
  56. package/dist/tools/index.js +5 -6
  57. package/dist/tools/index.js.map +1 -1
  58. package/dist/types/index.d.ts +19 -19
  59. package/dist/types/index.js +13 -1
  60. package/dist/types/index.js.map +1 -1
  61. package/dist/utils/index.d.ts +17 -3
  62. package/dist/utils/index.js +5 -1
  63. package/dist/utils/index.js.map +1 -1
  64. package/dist/{worktree-manager-DBdl_5rs.d.ts → worktree-manager-C4YIf1Fa.d.ts} +1 -1
  65. package/instructions/leader-after-task.md +6 -0
  66. package/package.json +2 -2
  67. package/skills/output-standards/SKILL.md +1 -0
  68. package/skills/research-web/SKILL.md +1 -1
package/dist/index.js CHANGED
@@ -2199,6 +2199,10 @@ function formatTodosList(todos) {
2199
2199
  });
2200
2200
  return lines.join("\n");
2201
2201
  }
2202
+ function hasOpenTodos(todos) {
2203
+ if (!Array.isArray(todos) || todos.length === 0) return false;
2204
+ return todos.some((t2) => t2.status === "pending" || t2.status === "in_progress");
2205
+ }
2202
2206
  var init_todos_format = __esm({
2203
2207
  "src/utils/todos-format.ts"() {
2204
2208
  init_color();
@@ -7920,6 +7924,8 @@ var ToolCapabilities = {
7920
7924
  SHELL_ARBITRARY: "shell.arbitrary",
7921
7925
  /** Can execute a restricted set of commands (the `exec` tool). */
7922
7926
  SHELL_RESTRICTED: "shell.restricted",
7927
+ /** Can run a restricted project formatter/linter-style command. */
7928
+ SHELL_EXEC: "shell.exec",
7923
7929
  /** Can read files inside the project (and possibly outside via symlinks if not guarded). */
7924
7930
  FS_READ: "fs.read",
7925
7931
  /** Can write / modify / delete files inside the project. */
@@ -7928,6 +7934,20 @@ var ToolCapabilities = {
7928
7934
  FS_WRITE_OUTSIDE_PROJECT: "fs.write.outside-project",
7929
7935
  /** Can perform outbound network requests. */
7930
7936
  NET_OUTBOUND: "net.outbound",
7937
+ /** Can mutate in-memory session todos only. */
7938
+ SESSION_TODO: "session.todo",
7939
+ /** Can mutate in-memory session mode only. */
7940
+ SESSION_MODE: "session.mode",
7941
+ /** Can inspect registered tool metadata. */
7942
+ TOOL_META: "tool.meta",
7943
+ /** Can invoke arbitrary registered tools through a meta-tool. */
7944
+ TOOL_MUTATE_ANY: "tool.mutate.any",
7945
+ /** Can read persistent memory. */
7946
+ MEMORY_READ: "memory.read",
7947
+ /** Can write persistent memory. */
7948
+ MEMORY_WRITE: "memory.write",
7949
+ /** Can delete persistent memory. */
7950
+ MEMORY_DELETE: "memory.delete",
7931
7951
  /** Proxies tools from external MCP servers (unknown capability). */
7932
7952
  MCP_PROXY: "mcp.proxy",
7933
7953
  /** Can spawn or manage subagents / multi-agent tasks. */
@@ -7946,8 +7966,12 @@ var ToolCapabilities = {
7946
7966
  var DANGEROUS_FOR_SUBAGENTS = [
7947
7967
  ToolCapabilities.SHELL_ARBITRARY,
7948
7968
  ToolCapabilities.SHELL_RESTRICTED,
7969
+ ToolCapabilities.SHELL_EXEC,
7949
7970
  ToolCapabilities.FS_WRITE,
7950
7971
  ToolCapabilities.FS_WRITE_OUTSIDE_PROJECT,
7972
+ ToolCapabilities.TOOL_MUTATE_ANY,
7973
+ ToolCapabilities.MEMORY_WRITE,
7974
+ ToolCapabilities.MEMORY_DELETE,
7951
7975
  ToolCapabilities.MCP_PROXY,
7952
7976
  ToolCapabilities.SUBAGENT_SPAWN,
7953
7977
  ToolCapabilities.CONFIG_MUTATE,
@@ -7957,8 +7981,12 @@ var WIDE_SUBAGENT_CAPABILITIES = [
7957
7981
  ToolCapabilities.FS_READ,
7958
7982
  ToolCapabilities.FS_WRITE,
7959
7983
  ToolCapabilities.NET_OUTBOUND,
7984
+ ToolCapabilities.SESSION_TODO,
7985
+ ToolCapabilities.TOOL_META,
7986
+ ToolCapabilities.MEMORY_READ,
7960
7987
  ToolCapabilities.SHELL_ARBITRARY,
7961
7988
  ToolCapabilities.SHELL_RESTRICTED,
7989
+ ToolCapabilities.SHELL_EXEC,
7962
7990
  ToolCapabilities.PACKAGE_INSTALL
7963
7991
  ];
7964
7992
  function hasDangerousCapabilityForSubagents(toolOrCaps) {
@@ -8185,7 +8213,7 @@ ${errorDetails}`,
8185
8213
  const decision = await this.opts.permissionPolicy.evaluate(tool, use.input, ctx);
8186
8214
  let effectivePermission = decision.permission;
8187
8215
  const policy = this.opts.permissionPolicy;
8188
- const yolo = policy.getYolo?.() === true || policy.getYoloDestructive?.() === true;
8216
+ const yolo = policy.getYolo?.() === true;
8189
8217
  const authoritativeAuto = decision.source === "yolo";
8190
8218
  if (toolDangerousCaps.length > 0 && effectivePermission === "auto" && !yolo && !authoritativeAuto) {
8191
8219
  effectivePermission = "confirm";
@@ -15311,6 +15339,7 @@ var Director = class _Director {
15311
15339
  sessionIdSource;
15312
15340
  /** Debounce timer for periodic manifest writes. */
15313
15341
  manifestTimer = null;
15342
+ manifestWriteChain = Promise.resolve();
15314
15343
  manifestDebounceMs;
15315
15344
  /** Fleet-wide cost cap (entire fleet total, distinct from SubagentBudget limits). Infinity means no cap. */
15316
15345
  maxFleetCostUsd;
@@ -15487,7 +15516,7 @@ var Director = class _Director {
15487
15516
  }
15488
15517
  );
15489
15518
  if (this.fleetManager) {
15490
- this.fleetManager.flushManifest();
15519
+ void this.fleetManager.flushManifest();
15491
15520
  } else {
15492
15521
  this.scheduleManifest();
15493
15522
  }
@@ -15766,6 +15795,7 @@ var Director = class _Director {
15766
15795
  return;
15767
15796
  }
15768
15797
  if (this.manifestDebounceMs < 0) return;
15798
+ if (this.manifestTimer) return;
15769
15799
  this.manifestTimer = setTimeout(() => {
15770
15800
  this.manifestTimer = null;
15771
15801
  void this.writeManifest().catch(
@@ -15773,6 +15803,11 @@ var Director = class _Director {
15773
15803
  );
15774
15804
  }, this.manifestDebounceMs);
15775
15805
  }
15806
+ clearManifestTimer() {
15807
+ if (!this.manifestTimer) return;
15808
+ clearTimeout(this.manifestTimer);
15809
+ this.manifestTimer = null;
15810
+ }
15776
15811
  /**
15777
15812
  * Spawn a subagent. Identical to the coordinator's `spawn()` but
15778
15813
  * captures provider/model metadata for the usage aggregator and
@@ -15995,6 +16030,13 @@ var Director = class _Director {
15995
16030
  * replay an entire director run.
15996
16031
  */
15997
16032
  async writeManifest() {
16033
+ if (!this.manifestPath) return null;
16034
+ this.clearManifestTimer();
16035
+ const write = this.manifestWriteChain.catch(() => void 0).then(() => this.writeManifestNow());
16036
+ this.manifestWriteChain = write.catch(() => void 0);
16037
+ return write;
16038
+ }
16039
+ async writeManifestNow() {
15998
16040
  if (!this.manifestPath) return null;
15999
16041
  const manifest = {
16000
16042
  directorRunId: this.id,
@@ -16027,10 +16069,7 @@ var Director = class _Director {
16027
16069
  * — calling shutdown twice is a no-op on the second invocation.
16028
16070
  */
16029
16071
  async shutdown() {
16030
- if (this.manifestTimer) {
16031
- clearTimeout(this.manifestTimer);
16032
- this.manifestTimer = null;
16033
- }
16072
+ this.clearManifestTimer();
16034
16073
  if (this.taskCompletedListener) {
16035
16074
  this.coordinator.off("task.completed", this.taskCompletedListener);
16036
16075
  this.taskCompletedListener = null;
@@ -16049,8 +16088,11 @@ var Director = class _Director {
16049
16088
  }
16050
16089
  this.subagentBridges.clear();
16051
16090
  await this.bridge.stop().catch((err) => this.logShutdownError("director_bridge_stop", err));
16052
- if (this.manifestPath)
16091
+ if (this.fleetManager) {
16092
+ await this.fleetManager.flushManifest().catch((err) => this.logShutdownError("fleet_manifest_flush", err));
16093
+ } else if (this.manifestPath) {
16053
16094
  await this.writeManifest().catch((err) => this.logShutdownError("manifest_write", err));
16095
+ }
16054
16096
  if (this.stateCheckpoint) {
16055
16097
  this.stateCheckpoint.setUsage(this.usage.snapshot());
16056
16098
  await this.stateCheckpoint.flush().catch((err) => this.logShutdownError("state_checkpoint_flush", err));
@@ -22861,7 +22903,10 @@ function createContextManagerTool(opts = {}) {
22861
22903
  required: ["action"]
22862
22904
  },
22863
22905
  permission: "auto",
22864
- mutating: true,
22906
+ // Mutates only the in-memory conversation context, like the todo tool.
22907
+ // It must stay auto-runnable so the model can inspect/repair/compact its
22908
+ // own context without hitting a permission prompt loop.
22909
+ mutating: false,
22865
22910
  async execute(input, ctx) {
22866
22911
  const messages = ctx.messages;
22867
22912
  const beforeTokens = roughEstimate(messages);
@@ -29561,19 +29606,51 @@ var LruCache = class {
29561
29606
  // src/security/permission-policy.ts
29562
29607
  init_safe_json();
29563
29608
  init_tool_subject();
29564
- var DESTRUCTIVE_BASH_PATTERNS = [
29565
- /\bgit\s+(?:clean\s+-[^\s]*[xdf]|reset\s+--hard)\b/i,
29566
- /\b(?:drop|truncate)\s+(?:table|database|schema)\b/i,
29567
- /\bdelete\s+from\b/i,
29568
- /\b(?:mkfs|format|diskpart|shutdown|reboot)\b/i,
29569
- /\bchmod\s+-R\s+777\b/i,
29570
- /\bchown\s+-R\b/i,
29571
- /\b(?:curl|wget)\b.*\|\s*(?:sh|bash|zsh|pwsh|powershell)\b/i,
29572
- /\b(?:powershell|pwsh)\b.*(?:-encodedcommand|-enc)\b/i,
29573
- /:\(\)\s*\{\s*:\|:&\s*}\s*;/
29609
+ var CATASTROPHIC_PATTERNS = [
29610
+ /\b(?:mkfs(?:\.[a-z0-9]+)?|mke2fs|newfs)\b/i,
29611
+ // make a filesystem — wipes a partition
29612
+ /\bformat\s+[A-Za-z]:/i,
29613
+ // format C: — wipes a Windows volume
29614
+ /\bdiskpart\b/i,
29615
+ // Windows partition editor
29616
+ /\bdd\b[^|]*\bof=(?:\/dev\/|\\\\[.?]\\)/i,
29617
+ // dd writing straight to a raw device
29618
+ />\s*\/dev\/(?:sd|hd|nvme|disk|mapper|vd)/i,
29619
+ // redirect into a raw block device
29620
+ /:\(\)\s*\{\s*:\|:&\s*\}\s*;/
29621
+ // classic fork bomb
29574
29622
  ];
29575
- var PROJECT_ESCAPE_PATTERN = /(?:^|[\s"'])\.\.(?:[\\/]|$)/;
29576
- var ABSOLUTE_PATH_PATTERN = /(?:^|[\s"'])(?:~[\\/]|\/[A-Za-z0-9_.-]|[A-Za-z]:[\\/])/;
29623
+ var CATASTROPHIC_POSIX_ROOTS = /* @__PURE__ */ new Set([
29624
+ "/etc",
29625
+ "/usr",
29626
+ "/bin",
29627
+ "/sbin",
29628
+ "/lib",
29629
+ "/lib64",
29630
+ "/var",
29631
+ "/boot",
29632
+ "/dev",
29633
+ "/sys",
29634
+ "/proc",
29635
+ "/opt",
29636
+ "/root",
29637
+ "/home",
29638
+ "/srv",
29639
+ "/run",
29640
+ "/system",
29641
+ "/library",
29642
+ "/applications",
29643
+ "/users"
29644
+ ]);
29645
+ var CATASTROPHIC_WIN_SUBDIRS = /* @__PURE__ */ new Set([
29646
+ "windows",
29647
+ "system32",
29648
+ "winnt",
29649
+ "program files",
29650
+ "program files (x86)",
29651
+ "programdata",
29652
+ "users"
29653
+ ]);
29577
29654
  var SHELL_OPERATORS = /* @__PURE__ */ new Set(["&&", "||", "|", ";", ">", ">>", "<", "2>", "2>>"]);
29578
29655
  function getInputString(input, key) {
29579
29656
  if (!input || typeof input !== "object") return void 0;
@@ -29590,20 +29667,21 @@ function pathLooksInsideProject(rawPath, projectRoot) {
29590
29667
  function tokenizeShell(command) {
29591
29668
  return command.match(/"[^"]*"|'[^']*'|\S+/g)?.map((token) => token.replace(/^['"]|['"]$/g, "")) ?? [];
29592
29669
  }
29593
- function pathTokenIsOutsideProject(token, projectRoot) {
29594
- if (!token || SHELL_OPERATORS.has(token) || token.startsWith("-")) return false;
29595
- if (token === "/" || token === "~" || token === "." || token === "..") return token !== ".";
29596
- if (token.includes("*")) return true;
29597
- if (token.startsWith("..") || token.includes("../") || token.includes("..\\")) return true;
29598
- if (path4.isAbsolute(token) || token.startsWith("~/")) return !pathLooksInsideProject(token, projectRoot);
29670
+ function isCatastrophicDeleteTarget(rawTarget) {
29671
+ const t2 = rawTarget.replace(/^['"]|['"]$/g, "").trim();
29672
+ if (!t2) return false;
29673
+ if (t2 === "*" || t2 === "." || t2 === "./" || t2 === ".\\" || t2 === "./*" || t2 === ".\\*") return true;
29674
+ const s = t2.replace(/[\\/]\*+$/, "").replace(/[\\/]+$/, "");
29675
+ if (s === "") return true;
29676
+ if (s === "~" || /^\$HOME$/i.test(s) || /^%USERPROFILE%$/i.test(s)) return true;
29677
+ if (/^[A-Za-z]:$/.test(s)) return true;
29678
+ const norm = s.toLowerCase().replace(/\\/g, "/");
29679
+ if (CATASTROPHIC_POSIX_ROOTS.has(norm)) return true;
29680
+ const win = norm.match(/^[a-z]:\/([^/]+)$/);
29681
+ if (win?.[1] && CATASTROPHIC_WIN_SUBDIRS.has(win[1])) return true;
29599
29682
  return false;
29600
29683
  }
29601
- function hasDangerousDeleteTarget(tokens, start, projectRoot) {
29602
- const targets = tokens.slice(start).filter((token) => !token.startsWith("-") && !SHELL_OPERATORS.has(token));
29603
- if (targets.length === 0) return true;
29604
- return targets.some((target) => pathTokenIsOutsideProject(target, projectRoot));
29605
- }
29606
- function hasDestructiveDelete(command, projectRoot) {
29684
+ function hasCatastrophicDelete(command) {
29607
29685
  const tokens = tokenizeShell(command);
29608
29686
  for (let i = 0; i < tokens.length; i++) {
29609
29687
  const token = tokens[i]?.toLowerCase();
@@ -29611,35 +29689,43 @@ function hasDestructiveDelete(command, projectRoot) {
29611
29689
  if (token === "rm") {
29612
29690
  const args = tokens.slice(i + 1);
29613
29691
  const recursiveOrForce = args.some(
29614
- (arg) => /^-[^-]*[rf]/i.test(arg) || arg === "--recursive" || arg === "--force"
29692
+ (arg) => /^-[^-]*[rf]/i.test(arg) || arg === "--recursive" || arg === "--force" || arg === "--no-preserve-root"
29615
29693
  );
29616
- if (recursiveOrForce && hasDangerousDeleteTarget(tokens, i + 1, projectRoot)) return true;
29694
+ if (!recursiveOrForce) continue;
29695
+ const targets = args.filter((arg) => !arg.startsWith("-") && !SHELL_OPERATORS.has(arg));
29696
+ if (targets.length === 0) return true;
29697
+ if (targets.some(isCatastrophicDeleteTarget)) return true;
29698
+ }
29699
+ if (token === "remove-item" || token === "ri") {
29700
+ const args = tokens.slice(i + 1);
29701
+ const recursive = args.some((arg) => {
29702
+ const a = arg.toLowerCase();
29703
+ return a === "-recurse" || a === "-force";
29704
+ });
29705
+ if (!recursive) continue;
29706
+ const targets = args.filter((arg) => !arg.startsWith("-") && !SHELL_OPERATORS.has(arg));
29707
+ if (targets.some(isCatastrophicDeleteTarget)) return true;
29617
29708
  }
29618
29709
  if (token === "rmdir" || token === "rd") {
29619
29710
  const args = tokens.slice(i + 1);
29620
29711
  const recursive = args.some((arg) => arg.toLowerCase() === "/s");
29621
- if (recursive && hasDangerousDeleteTarget(tokens, i + 1, projectRoot)) return true;
29712
+ if (!recursive) continue;
29713
+ const targets = args.filter((arg) => !arg.startsWith("-") && !arg.startsWith("/") && !SHELL_OPERATORS.has(arg));
29714
+ if (targets.some(isCatastrophicDeleteTarget)) return true;
29622
29715
  }
29623
29716
  if (token === "del" || token === "erase") {
29624
- if (hasDangerousDeleteTarget(tokens, i + 1, projectRoot)) return true;
29625
- }
29626
- if (token === "remove-item") {
29627
- const args = tokens.slice(i + 1).map((arg) => arg.toLowerCase());
29628
- const recursiveOrForce = args.includes("-recurse") || args.includes("-force");
29629
- if (recursiveOrForce && hasDangerousDeleteTarget(tokens, i + 1, projectRoot)) return true;
29717
+ const args = tokens.slice(i + 1);
29718
+ const targets = args.filter((arg) => !arg.startsWith("-") && !arg.startsWith("/") && !SHELL_OPERATORS.has(arg));
29719
+ if (targets.some(isCatastrophicDeleteTarget)) return true;
29630
29720
  }
29631
29721
  }
29632
29722
  return false;
29633
29723
  }
29634
- function isClearlyDestructiveBashCommand(command, projectRoot) {
29724
+ function isClearlyDestructiveBashCommand(command, _projectRoot) {
29635
29725
  const trimmed = command.trim();
29636
29726
  if (!trimmed) return false;
29637
- if (hasDestructiveDelete(trimmed, projectRoot)) return true;
29638
- if (DESTRUCTIVE_BASH_PATTERNS.some((pattern) => pattern.test(trimmed))) return true;
29639
- if (/\bcd\s+(?:\.\.|~|\/|[A-Za-z]:[\\/])/i.test(trimmed)) return true;
29640
- if (PROJECT_ESCAPE_PATTERN.test(trimmed)) return true;
29641
- const absolute = trimmed.match(ABSOLUTE_PATH_PATTERN)?.[0]?.trim().replace(/^['"]|['"]$/g, "");
29642
- if (absolute && !pathLooksInsideProject(absolute, projectRoot)) return true;
29727
+ if (hasCatastrophicDelete(trimmed)) return true;
29728
+ if (CATASTROPHIC_PATTERNS.some((pattern) => pattern.test(trimmed))) return true;
29643
29729
  return false;
29644
29730
  }
29645
29731
 
@@ -29647,6 +29733,15 @@ function isClearlyDestructiveBashCommand(command, projectRoot) {
29647
29733
  function matchesTrust(patterns, subject) {
29648
29734
  return patterns.includes(subject) || matchAny(patterns, subject);
29649
29735
  }
29736
+ function shellCommandLineFromInput(input) {
29737
+ const command = getInputString(input, "command") ?? getInputString(input, "cmd") ?? getInputString(input, "script");
29738
+ if (!command) return void 0;
29739
+ if (!input || typeof input !== "object") return command;
29740
+ const args = input["args"];
29741
+ if (!Array.isArray(args) || args.length === 0) return command;
29742
+ const renderedArgs = args.filter((arg) => typeof arg === "string").map((arg) => /\s/.test(arg) ? `"${arg.replace(/"/g, '\\"')}"` : arg);
29743
+ return [command, ...renderedArgs].join(" ");
29744
+ }
29650
29745
  var DefaultPermissionPolicy = class {
29651
29746
  policy = {};
29652
29747
  loaded = false;
@@ -29664,9 +29759,10 @@ var DefaultPermissionPolicy = class {
29664
29759
  */
29665
29760
  sessionDenied = /* @__PURE__ */ new Map();
29666
29761
  /**
29667
- * Session-scoped "soft trust" map. When the user presses 'a' (allow once),
29668
- * the tool+pattern is added here. If the LLM retries in the same session,
29669
- * we return auto directly without asking again.
29762
+ * Session-scoped one-shot "soft trust" map. When the user presses 'y', the
29763
+ * tool+pattern is added here so the immediate confirm re-run can proceed.
29764
+ * The entry is consumed on first use; future calls must ask again unless the
29765
+ * user chose persistent trust.
29670
29766
  *
29671
29767
  * Cleared on reload().
29672
29768
  */
@@ -29705,7 +29801,7 @@ var DefaultPermissionPolicy = class {
29705
29801
  this.trustFile = opts.trustFile;
29706
29802
  this.yolo = opts.yolo ?? false;
29707
29803
  this.yoloDestructive = opts.yoloDestructive ?? opts.forceAllYolo ?? false;
29708
- this.confirmDestructive = opts.confirmDestructive ?? false;
29804
+ this.confirmDestructive = true;
29709
29805
  this.promptDelegate = opts.promptDelegate;
29710
29806
  }
29711
29807
  /**
@@ -29736,9 +29832,9 @@ var DefaultPermissionPolicy = class {
29736
29832
  return this.yoloDestructive;
29737
29833
  }
29738
29834
  /** Toggle destructive confirmation gate (only meaningful when yolo is active). */
29739
- setConfirmDestructive(enabled) {
29740
- if (this.confirmDestructive !== enabled) this._evalCache.clear();
29741
- this.confirmDestructive = enabled;
29835
+ setConfirmDestructive(_enabled) {
29836
+ if (!this.confirmDestructive) this._evalCache.clear();
29837
+ this.confirmDestructive = true;
29742
29838
  }
29743
29839
  /** Check whether destructive confirmation gate is active. */
29744
29840
  getConfirmDestructive() {
@@ -29777,12 +29873,12 @@ var DefaultPermissionPolicy = class {
29777
29873
  return decision;
29778
29874
  }
29779
29875
  if (this.sessionAllowed.has(cacheKey)) {
29876
+ this.sessionAllowed.delete(cacheKey);
29780
29877
  const decision = {
29781
29878
  permission: "auto",
29782
29879
  source: "trust",
29783
- reason: "session soft allow (user pressed yes)"
29880
+ reason: "session one-shot allow (user pressed yes)"
29784
29881
  };
29785
- this._evalCache.set(cacheKey, decision);
29786
29882
  return decision;
29787
29883
  }
29788
29884
  if (entry?.deny && subject && matchesTrust(entry.deny, subject)) {
@@ -29795,6 +29891,29 @@ var DefaultPermissionPolicy = class {
29795
29891
  this._evalCache.set(cacheKey, decision);
29796
29892
  return decision;
29797
29893
  }
29894
+ if (this.yolo) {
29895
+ const destructive = this.isDestructiveYoloCall(tool, input, ctx);
29896
+ if (destructive) {
29897
+ if (this.promptDelegate) {
29898
+ const decision = await this.promptDelegate(tool, input, subject ?? tool.name);
29899
+ if (decision === "deny") {
29900
+ await this.deny({ tool: tool.name, pattern: subject ?? tool.name });
29901
+ return { permission: "deny", source: "user", reason: "user denied destructive yolo" };
29902
+ }
29903
+ return {
29904
+ permission: decision === "yes" || decision === "always" ? "auto" : "deny",
29905
+ source: "user",
29906
+ reason: "destructive yolo approved for this call"
29907
+ };
29908
+ }
29909
+ return {
29910
+ permission: "confirm",
29911
+ source: "yolo_destructive",
29912
+ riskTier: "destructive",
29913
+ reason: "destructive tool needs explicit approval in YOLO mode"
29914
+ };
29915
+ }
29916
+ }
29798
29917
  if (entry?.allow && subject && matchesTrust(entry.allow, subject)) {
29799
29918
  const decision = { permission: "auto", source: "trust", reason: "matched allow pattern" };
29800
29919
  this._evalCache.set(cacheKey, decision);
@@ -29806,29 +29925,6 @@ var DefaultPermissionPolicy = class {
29806
29925
  return decision;
29807
29926
  }
29808
29927
  if (this.yolo) {
29809
- if (this.confirmDestructive) {
29810
- const destructive = this.isDestructiveYoloCall(tool, input, ctx);
29811
- if (destructive) {
29812
- if (this.promptDelegate) {
29813
- const decision2 = await this.promptDelegate(tool, input, subject ?? tool.name);
29814
- if (decision2 === "always") {
29815
- await this.trust({ tool: tool.name, pattern: subject ?? tool.name });
29816
- return { permission: "auto", source: "user", reason: "destructive yolo always-allowed" };
29817
- }
29818
- if (decision2 === "deny") {
29819
- await this.deny({ tool: tool.name, pattern: subject ?? tool.name });
29820
- return { permission: "deny", source: "user", reason: "user denied destructive yolo" };
29821
- }
29822
- return { permission: decision2 === "yes" ? "auto" : "deny", source: "user" };
29823
- }
29824
- return {
29825
- permission: "confirm",
29826
- source: "yolo_destructive",
29827
- riskTier: "destructive",
29828
- reason: "destructive tool needs explicit approval (confirmDestructive is on)"
29829
- };
29830
- }
29831
- }
29832
29928
  const decision = { permission: "auto", source: "yolo" };
29833
29929
  this._evalCache.set(cacheKey, decision);
29834
29930
  return decision;
@@ -29845,7 +29941,8 @@ var DefaultPermissionPolicy = class {
29845
29941
  const hasWriteCap = hasCapability(tool, ToolCapabilities.FS_WRITE);
29846
29942
  const hasShellCap = hasCapability(tool, [
29847
29943
  ToolCapabilities.SHELL_ARBITRARY,
29848
- ToolCapabilities.SHELL_RESTRICTED
29944
+ ToolCapabilities.SHELL_RESTRICTED,
29945
+ ToolCapabilities.SHELL_EXEC
29849
29946
  ]);
29850
29947
  const hasInstallCap = hasCapability(tool, ToolCapabilities.PACKAGE_INSTALL);
29851
29948
  const hasConfigCap = hasCapability(tool, ToolCapabilities.CONFIG_MUTATE);
@@ -29873,27 +29970,30 @@ var DefaultPermissionPolicy = class {
29873
29970
  // Capability-based destructive check (preferred over name-based)
29874
29971
  isDestructiveByCapability(tool) {
29875
29972
  const caps = tool.capabilities ?? [];
29876
- if (caps.includes("shell.arbitrary")) return true;
29877
- if (caps.includes("fs.write")) return true;
29878
- if (caps.includes("fs.write.outside-project")) return true;
29973
+ if (caps.includes(ToolCapabilities.SHELL_ARBITRARY)) return true;
29974
+ if (caps.includes(ToolCapabilities.SHELL_RESTRICTED)) return true;
29975
+ if (caps.includes(ToolCapabilities.SHELL_EXEC)) return true;
29976
+ if (caps.includes(ToolCapabilities.FS_WRITE)) return true;
29977
+ if (caps.includes(ToolCapabilities.FS_WRITE_OUTSIDE_PROJECT)) return true;
29879
29978
  return false;
29880
29979
  }
29881
29980
  isDestructiveYoloCall(tool, input, ctx) {
29882
29981
  if (this.isDestructiveByCapability(tool)) {
29883
- if (tool.name === "bash") {
29884
- const command = getInputString(input, "command");
29885
- return command ? isClearlyDestructiveBashCommand(command, ctx.projectRoot) : true;
29982
+ const caps = tool.capabilities ?? [];
29983
+ if (caps.includes(ToolCapabilities.SHELL_ARBITRARY) || caps.includes(ToolCapabilities.SHELL_RESTRICTED) || caps.includes(ToolCapabilities.SHELL_EXEC)) {
29984
+ const command = shellCommandLineFromInput(input);
29985
+ return command ? isClearlyDestructiveBashCommand(command, ctx.projectRoot) : tool.riskTier === "destructive";
29886
29986
  }
29887
- if (tool.name === "write" || tool.name === "edit" || tool.name === "replace" || tool.name === "patch") {
29987
+ if (caps.includes(ToolCapabilities.FS_WRITE_OUTSIDE_PROJECT)) return true;
29988
+ if (caps.includes(ToolCapabilities.FS_WRITE)) {
29888
29989
  const targetPath = getInputString(input, "path") ?? getInputString(input, "file");
29889
29990
  if (!targetPath || !ctx.projectRoot) return false;
29890
29991
  return !pathLooksInsideProject(targetPath, ctx.projectRoot);
29891
29992
  }
29892
- return true;
29893
29993
  }
29894
- if (tool.name === "bash") {
29895
- const command = getInputString(input, "command");
29896
- return command ? isClearlyDestructiveBashCommand(command, ctx.projectRoot) : true;
29994
+ if (tool.name === "bash" || tool.name === "shell" || tool.name === "exec") {
29995
+ const command = shellCommandLineFromInput(input);
29996
+ return command ? isClearlyDestructiveBashCommand(command, ctx.projectRoot) : tool.riskTier === "destructive";
29897
29997
  }
29898
29998
  if (tool.name === "write" || tool.name === "edit" || tool.name === "replace" || tool.name === "patch") {
29899
29999
  const targetPath = getInputString(input, "path") ?? getInputString(input, "file");
@@ -29942,7 +30042,7 @@ var DefaultPermissionPolicy = class {
29942
30042
  this.sessionDenied.set(`${rule.tool}::${rule.pattern}`, true);
29943
30043
  this._evalCache.clear();
29944
30044
  }
29945
- /** Auto-approve this tool+pattern for the rest of this session (no trust file). */
30045
+ /** Auto-approve this tool+pattern once (no trust file). */
29946
30046
  allowOnce(rule) {
29947
30047
  this.sessionAllowed.set(`${rule.tool}::${rule.pattern}`, true);
29948
30048
  this._evalCache.clear();
@@ -40437,6 +40537,8 @@ var FleetManager = class {
40437
40537
  stateCheckpoint;
40438
40538
  sessionWriter;
40439
40539
  manifestTimer = null;
40540
+ manifestWriteChain = Promise.resolve();
40541
+ disposed = false;
40440
40542
  manifestDebounceMs;
40441
40543
  /** Fleet-wide cost cap. Infinity = no cap. Distinct from SubagentBudget limits,
40442
40544
  * which track per-subagent spend — this field caps the entire fleet total. */
@@ -40625,6 +40727,13 @@ var FleetManager = class {
40625
40727
  this.scheduleManifest();
40626
40728
  }
40627
40729
  async writeManifest() {
40730
+ if (!this.manifestPath) return null;
40731
+ this.clearManifestTimer();
40732
+ const write = this.manifestWriteChain.catch(() => void 0).then(() => this.writeManifestNow());
40733
+ this.manifestWriteChain = write.catch(() => void 0);
40734
+ return write;
40735
+ }
40736
+ async writeManifestNow() {
40628
40737
  if (!this.manifestPath) return null;
40629
40738
  const manifest = {
40630
40739
  version: 1,
@@ -40658,6 +40767,7 @@ var FleetManager = class {
40658
40767
  * When `manifestDebounceMs` is 0, writes are synchronous (no debounce).
40659
40768
  */
40660
40769
  scheduleManifest() {
40770
+ if (this.disposed) return;
40661
40771
  if (!this.manifestPath) return;
40662
40772
  if (this.manifestDebounceMs === 0) {
40663
40773
  void this.writeManifest().catch((err) => {
@@ -40688,10 +40798,7 @@ var FleetManager = class {
40688
40798
  */
40689
40799
  async flushManifest() {
40690
40800
  if (!this.manifestPath) return;
40691
- if (this.manifestTimer) {
40692
- clearTimeout(this.manifestTimer);
40693
- this.manifestTimer = null;
40694
- }
40801
+ this.clearManifestTimer();
40695
40802
  await this.writeManifest().catch((err) => {
40696
40803
  const detail = toErrorMessage(err);
40697
40804
  process.emitWarning(
@@ -40700,6 +40807,11 @@ var FleetManager = class {
40700
40807
  );
40701
40808
  });
40702
40809
  }
40810
+ clearManifestTimer() {
40811
+ if (!this.manifestTimer) return;
40812
+ clearTimeout(this.manifestTimer);
40813
+ this.manifestTimer = null;
40814
+ }
40703
40815
  /** Best-effort session event writer. Swallows failures. */
40704
40816
  async appendSessionEvent(event) {
40705
40817
  if (!this.sessionWriter) return;
@@ -40769,10 +40881,8 @@ var FleetManager = class {
40769
40881
  }
40770
40882
  /** Release all resources: clear the manifest debounce timer and dispose the usage aggregator. */
40771
40883
  dispose() {
40772
- if (this.manifestTimer) {
40773
- clearTimeout(this.manifestTimer);
40774
- this.manifestTimer = null;
40775
- }
40884
+ this.disposed = true;
40885
+ this.clearManifestTimer();
40776
40886
  this.usage.dispose();
40777
40887
  }
40778
40888
  };
@@ -45626,15 +45736,14 @@ function createMcpControlTool(opts) {
45626
45736
  name: "mcp_control",
45627
45737
  description: "Manage MCP server lifecycle: list available servers, search by name or capability, enable or disable servers at runtime, restart running servers. Use activate/deactivate to ephemerally toggle tool registration without disconnecting \u2014 ideal for token-saving mode where MCP tools are lazy-loaded on demand. NOTE: `enable`/`restart` start a server process, which for the built-in stdio presets runs `npx -y <package>` \u2014 i.e. it fetches and executes an npm package from the network. Treat it as code execution.",
45628
45738
  category: "mcp",
45629
- permission: "auto",
45739
+ permission: "confirm",
45630
45740
  mutating: true,
45631
45741
  // `enable`/`restart` spawn a server process that, for the stdio presets,
45632
45742
  // fetches and runs an npm package (`npx -y <pkg>`) — effectively remote
45633
- // code execution. Marking the tool destructive means the YOLO
45634
- // `confirmDestructive` safety net still prompts before it runs (plain
45635
- // non-YOLO already confirms via the CONFIG_MUTATE dangerous-capability
45636
- // net in the executor). Read-only actions (list/search) ride the same
45637
- // tool but are cheap to confirm/trust once.
45743
+ // code execution. Marking the tool destructive means YOLO still prompts
45744
+ // before it runs (plain non-YOLO already confirms via the CONFIG_MUTATE
45745
+ // dangerous-capability net in the executor). Read-only actions
45746
+ // (list/search) ride the same tool but are cheap to confirm/trust once.
45638
45747
  riskTier: "destructive",
45639
45748
  capabilities: [ToolCapabilities.CONFIG_MUTATE],
45640
45749
  inputSchema,
@@ -45878,7 +45987,7 @@ function createMcpUseTool(opts) {
45878
45987
  name: "mcp_use",
45879
45988
  description: "Call an MCP tool on a lazy-loaded server. Activates the server temporarily, calls the tool, returns the result, and deactivates. Use this instead of the manual activate\u2192use\u2192deactivate cycle. First call mcp_control list/search to find the right server and tool name.",
45880
45989
  category: "mcp",
45881
- permission: "auto",
45990
+ permission: "confirm",
45882
45991
  mutating: true,
45883
45992
  riskTier: "standard",
45884
45993
  capabilities: [ToolCapabilities.MCP_PROXY],
@@ -47875,7 +47984,7 @@ var HookRunner = class {
47875
47984
  // src/hooks/shell-hooks-equal.ts
47876
47985
  function shellHooksEqual(a, b) {
47877
47986
  if (a === b) return true;
47878
- if (!a || !b) return !a && !b ? true : false;
47987
+ if (!a || !b) return !a && !b;
47879
47988
  const aKeys = Object.keys(a);
47880
47989
  const bKeys = Object.keys(b);
47881
47990
  if (aKeys.length !== bKeys.length) return false;
@@ -47889,7 +47998,7 @@ function shellHooksEqual(a, b) {
47889
47998
  for (let i = 0; i < aList.length; i++) {
47890
47999
  const x = aList[i];
47891
48000
  const y = bList[i];
47892
- if (!x || !y) return !x && !y ? true : false;
48001
+ if (!x || !y) return !x && !y;
47893
48002
  if (x.command !== y.command) return false;
47894
48003
  if ((x.matcher ?? "*") !== (y.matcher ?? "*")) return false;
47895
48004
  if ((x.timeoutMs ?? void 0) !== (y.timeoutMs ?? void 0)) return false;
@@ -54355,6 +54464,6 @@ function createChimeraPlugin() {
54355
54464
  };
54356
54465
  }
54357
54466
 
54358
- export { ACP_AGENTS, AGENTS_BY_PHASE, AGENT_CATALOG, TOOLS as AGENT_TOOL_PRESETS, AISpecBuilder, ALL_AGENT_DEFINITIONS, ALL_FLEET_AGENTS, ALL_SYNC_CATEGORIES, AUDIT_LOG_AGENT, AdaptiveConcurrencyController, Agent, AgentError, AgentMonitorService, AgentStatusTracker, AnnotationsStore, AutoApprovePermissionPolicy, AutoCompactionMiddleware, AutoExecutor, AutoPhasePlanner, AutoPhaseRunner, AutonomousBrain, AutonomousCoordinator, AutonomousRunner, BUG_HUNTER_AGENT, BUILD_AGENTS, BUILTIN_PROMPT_CATEGORIES, BrainDecisionQueue, BrainMonitor, BudgetExceededError, BudgetThresholdSignal, CHIMERA_REVIEW_PROMPT, CODEX_MODELS, CONTEXT_WINDOW_MODES, CORE_RECONSTRUCT_EVENTS, ChangeManager, CheckpointManager, CloudSync, CollabSession, CollaborationBus, ConfigError, ConfigMigrationError, ConsensusProtocol, Container, Context, ConversationState, DANGEROUS_FOR_SUBAGENTS, DECISION_TIMEOUT_MS, DEFAULT_AUTONOMY_CONFIG, DEFAULT_CIRCUIT_BREAKER_CONFIG, DEFAULT_CONFIG_MIGRATIONS, DEFAULT_CONTEXT_CONFIG, DEFAULT_CONTEXT_WINDOW_MODE_ID, DEFAULT_DIRECTOR_PREAMBLE, DEFAULT_DISPATCH_ROLE, DEFAULT_HQ_REDACTION_POLICY, DEFAULT_MAX_ITERATIONS, DEFAULT_MODES, DEFAULT_QUALITY_CHECKS, DEFAULT_RECOVERY_STRATEGIES, DEFAULT_SESSION_LOGGING_CONFIG, DEFAULT_SESSION_PRUNE_DAYS, DEFAULT_SPEC_TEMPLATE, DEFAULT_SUBAGENT_BASELINE, DEFAULT_TOOLS_CONFIG, DEFAULT_TOOL_DESCRIPTION_MODE, DEFAULT_TOOL_RESULT_RENDER_MODE, DEFAULT_TUI_THINKING_WORD, DELIVERY_AGENTS, DEPENDENCY_FILE_PATTERNS, DESIGN_STACKS, DISCOVERY_AGENTS, DOMAIN_AGENTS, DefaultAttachmentStore, DefaultBrainArbiter, DefaultConfigLoader, DefaultConfigStore, DefaultDesignKitLoader, DefaultErrorHandler, DefaultHealthRegistry, DefaultLogger, DefaultMailbox, DefaultMemoryStore, DefaultModeStore, DefaultModelsRegistry, DefaultMultiAgentCoordinator, DefaultPathResolver, DefaultPermissionPolicy, DefaultPluginAPI, DefaultPromptLoader, DefaultPromptStore, DefaultProviderRunner, DefaultRetryPolicy, DefaultSecretScrubber, DefaultSecretVault, DefaultSessionReader, DefaultSessionRewinder, DefaultSessionStore, DefaultSkillLoader, DefaultSystemPromptBuilder, DefaultTaskStore, DefaultTokenCounter, Director, DirectorAlertLevel, DirectorStateCheckpoint, DoneConditionChecker, ENHANCER_SYSTEM_PROMPT, ERROR_CODES, EternalAutonomyEngine, EventBus, ExtensionRegistry, FLEET_ROSTER, FLEET_ROSTER_BUDGETS, FLEET_ROSTER_WITHACP, FORBIDDEN_PROTO_KEYS, FetchError, FileMemoryBackend, FleetBus, FleetCostCapError, FleetManager, FleetNotifier, FleetSpawnBudgetError, FleetUsageAggregator, FsError, GitignoreUpdater, GlobalMailbox, GraphMemoryBackend, HEAVY_BUDGET, HQ_AUTH_FILE_VERSION, HQ_PROTOCOL_VERSION, HookRegistry, HookRunner, HqPublisher, HumanEscalatingBrainArbiter, HybridCompactor, InMemoryAgentBridge, InMemoryBridgeTransport, InMemoryMetricsSink, InputBuilder, IntelligentCompactor, KERNEL_API_VERSION, KNOWLEDGE_AGENTS, KnowledgeGraph, LAYER_1_IDENTITY, LIGHT_BUDGET, LLMSelector, LargeAnswerStore, MAILBOX_BRIDGE_LOCK_FILENAME, MAILBOX_BRIDGE_TOKEN_FILENAME, MAILBOX_HEALTH_DEFAULT_FAILURE_THRESHOLD, MAILBOX_HEALTH_DEFAULT_FROM, MAILBOX_HEALTH_DEFAULT_INTERVAL_MS, MAILBOX_HEALTH_DEFAULT_TIMEOUT_MS, MALFORMED_ARG_MARKERS, MATRIX_PHASE_KEYS, MAX_JOURNAL_ENTRIES, MAX_PROGRESS_HISTORY, MAX_TUI_THINKING_WORD_LENGTH, MEDIUM_BUDGET, MEMORY_TYPE_LABELS, META_AGENTS, MailboxHealthWatchdog, NULL_FLEET_BUS, NoopMetricsSink, NoopTracer, OTelTracer, ObservableBrainArbiter, PLANNING_AGENTS, PROMETHEUS_CONTENT_TYPE, PROMPT_CATEGORY_LABELS, ParallelEternalEngine, ParseError, PhaseGraphBuilder, PhaseOrchestrator, PhaseStore, Pipeline, PluginError, PromptInstaller, PromptManifestStore, PromptUsageStore, ProviderError, ProviderRegistry, QueueStore, REFACTOR_PLANNER_AGENT, REVIEW_AGENTS, RecoveryLock, ReplayLogStore, ReplayProviderRunner, ReportGenerator, RunController, SECURITY_SCANNER_AGENT, SPEC_TEMPLATES, STANDARD_AUDIT_EVENTS, ScopedEventBus, SddBoardProjector, SddBoardStore, SddError, SddInterviewDriver, SddParallelRun, SddRunRegistry, SddSupervisor, SddTaskDecomposer, SecurityScanner, SecurityScannerOrchestrator, SelectiveCompactor, SessionAnalyzer, SessionError, SessionMemoryConsolidator, SessionRecovery, SessionRegistry, SkillGenerator, SkillInstaller, SkillManifestStore, SlashCommandRegistry, SpecDrivenDev, SpecParser, SpecStore, SpecVersioning, StreamHangError, SubagentBudget, TIMEOUT_PREEMPT_FRACTION, TOKENS, TaskAuctioneer, TaskDAG, TaskFlow, TaskGenerator, TaskGraphStore, TaskTracker, TechStackDetector, ToolAuditLog, ToolCapabilities, ToolError, ToolErrorCategory, ToolExecutor, ToolRegistry, ToolValidationError, VERIFY_AGENTS, WIDE_SUBAGENT_CAPABILITIES, WorktreeManager, WrongStackError, _resetDesignKitLoaderMemo, _resetDesignRulesCache, acquireOrJoin, activateDesign, addPlanItem, allServers, analyzeCriticalPath, appendJournal, applyModelRuntime, applyRosterBudget, applySddLifecycle, applyTokenOverrides, applyToolDescriptionModeToTool, applyToolDescriptionModes, applyToolResultRenderModes, asBlocks, asText, assertNever, assertNotPrivateHost, assertSafePath, assessCommitSafety, assignNickname, atomicWrite, attachAutoExtend, attachDepWatcherBridge, attachMailboxChecker, attachPlanCheckpoint, attachTodosCheckpoint, awsServer, blockServer, bootConfig, braveSearchServer, buildBoardSnapshot, buildBoardTasks, buildBtwBlock, buildChildEnv, buildContextEvidenceDigest, buildDownAlert, buildGoalPreamble, buildLosslessDigest, buildMailboxBlock, buildOtlpMetricsRequest, buildOtlpTracesRequest, buildQueuedMessagesBlock, buildRecoveryAlert, buildRecoveryStrategies, buildSmartDigest, buildTranscriptFromEvents, classifyFamily, classifyToolError, cleanupSddWorktrees, cleanupStaleSddWorktrees, clearActiveKit, clearPersistedActiveKit, clearPlan, codexModelMeta, collabInjectMiddleware, collabPauseMiddleware, color, colorToHex, compactLog, compactSchemaDescriptions, compactToolDefinitionForWire, compileGlob, compileUserRegex, completePartialObject, composeDirectorPrompt, composeSubagentPrompt, computeMessageTokens, computeTaskItemProgress, computeTaskProgress, consumeBtwNotes, consumeQueuedMessagesUpdate, context7Server, contextManagerTool, countShellHooks, createAgentMonitorService, createAutoExecutor, createAutoPhaseFromTaskGraph, createAutonomyBrain, createChimeraPlugin, createContextEvidenceState, createContextManagerTool, createDefaultPipelines, createDelegateTool, createFallbackModelExtension, createGitPlugin, createGlobalMailbox, createHqEventEnvelope, createHqPublisherFromEnv, createMailboxChecker, createMailboxEventPayload, createMailboxHooks, createMailboxSnapshotPayload, createMailboxSnapshotPayloadFromMailbox, createMcpControlTool, createMcpUseTool, createMessage, createObservabilityPlugin, createPlanPlugin, createPromptsPlugin, createSecurityPlugin, createSecuritySlashCommand, createSessionEventBridge, createSkillsPlugin, createStrategyCompactor, createSyncPlugin, createTieredBrainArbiter, createToolOutputSerializer, decryptConfigSecrets, deepMerge, defaultGitignoreUpdater, defaultHqDataDir, defaultOrchestrator, defaultReportGenerator, defaultSecurityScanner, defaultSkillGenerator, defaultTechStackDetector, definePlugin, deriveTodosFromPlanItem, describeCatalogModel, designProjectDir, destroySddProject, detectEcosystem, detectFrontendFile, detectFrontendIntent, detectNewlineStyle, detectEcosystem as detectPackageEcosystem, diffRegistry, dispatchAgent, downloadGitHubTarball, effectiveFallbackChain, eliseOldToolResults, emptyGoal, emptyHqAuthFile, emptyPlan, emptyTaskFile, encryptConfigSecrets, encryptedPrefixForVersion, enhanceUserPrompt, ensureDir, ensureHqFirstRunAuthFile, escapeGlobSubject, estimateMessageTokens, estimateMessages, estimateRequestTokens, estimateRequestTokensCalibrated, estimateTextTokens, estimateToolDefTokens, estimateToolInputTokens, estimateToolResultTokens, everArtServer, expandGlob, expandIPv6, expectDefined, extractRunEnv, extractText, extractVerificationCommand, fallbackProfileChain, filesystemServer, finalize, findCriticalPath, findPreserveStart, flagsToConfigPatch, formatContextWindowModeList, formatDecisionSummary, formatGoal, formatHumanPrompt, formatModelRef, formatPlan, formatPlanTemplates, formatTaskList, formatTaskProgress, formatTodosList, gatedEnhancerReasoning, generateSessionId, getAgentDefinition, getCalibrationState, getContextWindowMode, getDangerousCapabilities, getDesignKitLoader, getDesignState, getFileHistory, getFilesByAgent, getFullLog, getFullPackageLog, getJsonPath, getLastAuthor, getManifestPackages, getPackageAuthor, getPackagesByAgent, getPlanTemplate, getSessionRegistry, getTemplate, getTermSize, getToolDescriptionMode, getToolResultRenderMode, githubServer, goalFilePath, googleMapsServer, hasCapability, hasConflictMarkers, hasDangerousCapabilityForSubagents, hasSessionRegistry, hasTextContent, hashRequest, hookMatcherMatches, hqAuthFilePath, hqRuntimeFilePath, injectPendingMailboxMessages, installDesignStudioMiddleware, isAgentError, isBuiltinCategory, isColorToken, isConfigError, isContextWindowModeId, isDesignStack, isExplanatoryText, isFetchError, isFsError, isImageBlock, isInteractive, isJsonObject, isParseError, isPathSubjectKey, isPluginError, isPrimitiveArray, isPrivateIPv4, isPrivateIPv6, isSddError, isSecretField, isSessionError, isStdinTTY, isStdoutTTY, isTextBlock, isThinkingBlock, isToolError, isToolResultBlock, isToolUseBlock, isToolValidationError, isUlid, isValidMatrixKey, isWrongStackError, jsonObjectFileExists, listContextWindowModes, listPlanTemplates, listTemplates, loadActiveKit, loadDirectorState, loadGoal, loadInstructionBundle, loadPlan, loadPlugins, loadProjectDesignRules, loadProjectModes, loadTasks, loadTodosCheckpoint, loadUserModes, mailboxSessionTag, makeAgentSubagentRunner, makeAskResultTool, makeAskTool, makeAssignTool, makeAutonomyPromptContributor, makeAwaitTasksTool, makeCollabDebugTool, makeCommandVerifier, makeContinueToNextIterationTool, makeDependencyWatcherConfig, makeDesignDetectToolCallMiddleware, makeDesignDetectUserInputMiddleware, makeDesignStudioRequestMiddleware, makeDesignVerifyToolCallMiddleware, makeDirectorSessionFactory, makeFleetEmitTool, makeFleetTool as makeFleetHealthTool, makeFleetTool as makeFleetSessionTool, makeFleetTool as makeFleetStatusTool, makeFleetTool, makeFleetTool as makeFleetUsageTool, makeLLMClassifier, makeLlmConflictResolver, makeLlmSubtaskGenerator, makeMailInboxTool, makeMailSendTool, makeMailboxTool, makePreferSideConflictResolver, makeRollUpTool, makeSpawnTool, makeTerminateAllTool, makeTerminateTool, makeWorkCompleteTool, mapMailboxAgentToHqSummary, mapMailboxMessageToHqSummary, mapSessionEventToEntries, markAssistantReferencedEvidence, matchAny, matchGlob, materializeTokens, matrixKeyKind, mergeCustomModelDefs, mergeInstructionBundle, mergeModelsPayload, mergeToolResults, migratePlaintextSecrets, migratePromptEntry, miniMaxVisionServer, mintHqBrowserToken, mintHqToken, mutateHqAuthFile, mutatePlan, mutateTasks, nicknameKeyFromDisplay, noOpLogger, noOpVault, normalizeModelRef, normalizePathSubject, normalizeRecipient, normalizeToLf, normalizeTokenSavingTier, normalizeToolDescriptionMode, normalizeToolResultRenderMode, normalizeTuiThinkingWord, normalizedEqual, oklchToHex, onResize, parseContinueDirective, parseEncryptedVersion, parseEntries, parseHqEventPayload, parseHqFrame, parseModelRef, parseOklch, parseProgressFromText, parseSkillRef, peekQueuedMessages, pendingBtwCount, phaseForRole, playwrightServer, projectHash, projectSlug, promptChecksum, readBundledInstructionText, readHqAuthFile, readHqRuntimeFileSync, readJsonObjectFile, readLiveLock, recentTextTurns, recordActualUsage, recordFileAction, recordKitChoice, recordOverrides, recordPackageAction, recordProgress, recordToolOutputEvidence, recordUserIntentEvidence, redactHqEvent, redactHqValue, release, removeJsonPath, removeJsonPathInFile, removePlanItem, renderInstructionTemplate, renderProgress, renderPrometheus, renderPrompt, renderSpecAnalysis, renderTaskGraph, renderTaskList, repairToolUseAdjacency, repeatedReadPressure, resetCalibration, resolveAuditLevel, resolveBundledDesignKitsDir, resolveCacheForRequest, resolveChimeraConfig, resolveConflictText, resolveContextWindowPolicy, resolveHqConfig, resolveHqConfigFromEnv, resolveHqDataDir, resolveMailboxIdentity, resolveModelMatrix, resolveModelRuntime, resolveModelTargetFromEntry, resolveProjectDir, resolveProviderModelList, resolveReasoningForRequest, resolveSessionLoggingConfig, resolveToolDescriptionMode, resolveToolResultRenderMode, resolveWstackPaths, rewriteConfigEncrypted, rollbackSddRunFromDisk, rosterSummaryFromConfigs, rotateConfigKeys, runConfigMigrations, runDesignVerify, runProviderWithRetry, runShellHook, safeParse, safeStringify, sanitizeJsonString, sanitizeModel, sanitizeNodeOptions, saveGoal, savePlan, saveTasks, saveTodosCheckpoint, scoreAgents, scoreMessage, scrubAndTruncateHqPreview, securitySlashCommand, sentinelServer, sessionScopedPath, setActiveKit, setBtwNote, setDesignOverrides, setJsonPath, setJsonPathInFile, setOutputLineGuard, setPlanItemStatus, setProgress, setQueuedMessagesSnapshot, setRawMode, setToolDescriptionMode, setToolResultRenderMode, shellHooksEqual, shortIdMap, shouldEnhance, simplifyToolDescription, slackServer, sleep, slugify, smartDefaultFallbackChain, sshManagerServer, stableStringify, startAgentMonitorEventBridge, startMetricsServer, startOtlpMetricsExporter, startOtlpTraceExporter, startPackageOutdatedWatcher, startSddRun, startSessionTelemetryBridge, startTechStackConsumer, stripAnsi, subjectForToolInput, summarizeHqToolArgs, summarizeUsage, templateToMarkdown, toErrorMessage, toStyle, toWrongStackError, topologicalSort, truncate, ulid, unifiedDiff, unloadPlugins, updateJsonObjectFile, updatePackageOutdatedStatus, validateAgainstSchema, validateRegistryManifest, validateWatchdogOptions, verifyFiles, watchHqAuthFile, watchProviderConfig, wireMetricsToEvents, withDisabledToolFiltering, withFileLock, wrapAsState, writeErr, writeHqAuthFile, writeHqRuntimeFile, writeJsonObjectFile, writeOut, wstackGlobalRoot, zaiVisionServer };
54467
+ export { ACP_AGENTS, AGENTS_BY_PHASE, AGENT_CATALOG, TOOLS as AGENT_TOOL_PRESETS, AISpecBuilder, ALL_AGENT_DEFINITIONS, ALL_FLEET_AGENTS, ALL_SYNC_CATEGORIES, AUDIT_LOG_AGENT, AdaptiveConcurrencyController, Agent, AgentError, AgentMonitorService, AgentStatusTracker, AnnotationsStore, AutoApprovePermissionPolicy, AutoCompactionMiddleware, AutoExecutor, AutoPhasePlanner, AutoPhaseRunner, AutonomousBrain, AutonomousCoordinator, AutonomousRunner, BUG_HUNTER_AGENT, BUILD_AGENTS, BUILTIN_PROMPT_CATEGORIES, BrainDecisionQueue, BrainMonitor, BudgetExceededError, BudgetThresholdSignal, CHIMERA_REVIEW_PROMPT, CODEX_MODELS, CONTEXT_WINDOW_MODES, CORE_RECONSTRUCT_EVENTS, ChangeManager, CheckpointManager, CloudSync, CollabSession, CollaborationBus, ConfigError, ConfigMigrationError, ConsensusProtocol, Container, Context, ConversationState, DANGEROUS_FOR_SUBAGENTS, DECISION_TIMEOUT_MS, DEFAULT_AUTONOMY_CONFIG, DEFAULT_CIRCUIT_BREAKER_CONFIG, DEFAULT_CONFIG_MIGRATIONS, DEFAULT_CONTEXT_CONFIG, DEFAULT_CONTEXT_WINDOW_MODE_ID, DEFAULT_DIRECTOR_PREAMBLE, DEFAULT_DISPATCH_ROLE, DEFAULT_HQ_REDACTION_POLICY, DEFAULT_MAX_ITERATIONS, DEFAULT_MODES, DEFAULT_QUALITY_CHECKS, DEFAULT_RECOVERY_STRATEGIES, DEFAULT_SESSION_LOGGING_CONFIG, DEFAULT_SESSION_PRUNE_DAYS, DEFAULT_SPEC_TEMPLATE, DEFAULT_SUBAGENT_BASELINE, DEFAULT_TOOLS_CONFIG, DEFAULT_TOOL_DESCRIPTION_MODE, DEFAULT_TOOL_RESULT_RENDER_MODE, DEFAULT_TUI_THINKING_WORD, DELIVERY_AGENTS, DEPENDENCY_FILE_PATTERNS, DESIGN_STACKS, DISCOVERY_AGENTS, DOMAIN_AGENTS, DefaultAttachmentStore, DefaultBrainArbiter, DefaultConfigLoader, DefaultConfigStore, DefaultDesignKitLoader, DefaultErrorHandler, DefaultHealthRegistry, DefaultLogger, DefaultMailbox, DefaultMemoryStore, DefaultModeStore, DefaultModelsRegistry, DefaultMultiAgentCoordinator, DefaultPathResolver, DefaultPermissionPolicy, DefaultPluginAPI, DefaultPromptLoader, DefaultPromptStore, DefaultProviderRunner, DefaultRetryPolicy, DefaultSecretScrubber, DefaultSecretVault, DefaultSessionReader, DefaultSessionRewinder, DefaultSessionStore, DefaultSkillLoader, DefaultSystemPromptBuilder, DefaultTaskStore, DefaultTokenCounter, Director, DirectorAlertLevel, DirectorStateCheckpoint, DoneConditionChecker, ENHANCER_SYSTEM_PROMPT, ERROR_CODES, EternalAutonomyEngine, EventBus, ExtensionRegistry, FLEET_ROSTER, FLEET_ROSTER_BUDGETS, FLEET_ROSTER_WITHACP, FORBIDDEN_PROTO_KEYS, FetchError, FileMemoryBackend, FleetBus, FleetCostCapError, FleetManager, FleetNotifier, FleetSpawnBudgetError, FleetUsageAggregator, FsError, GitignoreUpdater, GlobalMailbox, GraphMemoryBackend, HEAVY_BUDGET, HQ_AUTH_FILE_VERSION, HQ_PROTOCOL_VERSION, HookRegistry, HookRunner, HqPublisher, HumanEscalatingBrainArbiter, HybridCompactor, InMemoryAgentBridge, InMemoryBridgeTransport, InMemoryMetricsSink, InputBuilder, IntelligentCompactor, KERNEL_API_VERSION, KNOWLEDGE_AGENTS, KnowledgeGraph, LAYER_1_IDENTITY, LIGHT_BUDGET, LLMSelector, LargeAnswerStore, MAILBOX_BRIDGE_LOCK_FILENAME, MAILBOX_BRIDGE_TOKEN_FILENAME, MAILBOX_HEALTH_DEFAULT_FAILURE_THRESHOLD, MAILBOX_HEALTH_DEFAULT_FROM, MAILBOX_HEALTH_DEFAULT_INTERVAL_MS, MAILBOX_HEALTH_DEFAULT_TIMEOUT_MS, MALFORMED_ARG_MARKERS, MATRIX_PHASE_KEYS, MAX_JOURNAL_ENTRIES, MAX_PROGRESS_HISTORY, MAX_TUI_THINKING_WORD_LENGTH, MEDIUM_BUDGET, MEMORY_TYPE_LABELS, META_AGENTS, MailboxHealthWatchdog, NULL_FLEET_BUS, NoopMetricsSink, NoopTracer, OTelTracer, ObservableBrainArbiter, PLANNING_AGENTS, PROMETHEUS_CONTENT_TYPE, PROMPT_CATEGORY_LABELS, ParallelEternalEngine, ParseError, PhaseGraphBuilder, PhaseOrchestrator, PhaseStore, Pipeline, PluginError, PromptInstaller, PromptManifestStore, PromptUsageStore, ProviderError, ProviderRegistry, QueueStore, REFACTOR_PLANNER_AGENT, REVIEW_AGENTS, RecoveryLock, ReplayLogStore, ReplayProviderRunner, ReportGenerator, RunController, SECURITY_SCANNER_AGENT, SPEC_TEMPLATES, STANDARD_AUDIT_EVENTS, ScopedEventBus, SddBoardProjector, SddBoardStore, SddError, SddInterviewDriver, SddParallelRun, SddRunRegistry, SddSupervisor, SddTaskDecomposer, SecurityScanner, SecurityScannerOrchestrator, SelectiveCompactor, SessionAnalyzer, SessionError, SessionMemoryConsolidator, SessionRecovery, SessionRegistry, SkillGenerator, SkillInstaller, SkillManifestStore, SlashCommandRegistry, SpecDrivenDev, SpecParser, SpecStore, SpecVersioning, StreamHangError, SubagentBudget, TIMEOUT_PREEMPT_FRACTION, TOKENS, TaskAuctioneer, TaskDAG, TaskFlow, TaskGenerator, TaskGraphStore, TaskTracker, TechStackDetector, ToolAuditLog, ToolCapabilities, ToolError, ToolErrorCategory, ToolExecutor, ToolRegistry, ToolValidationError, VERIFY_AGENTS, WIDE_SUBAGENT_CAPABILITIES, WorktreeManager, WrongStackError, _resetDesignKitLoaderMemo, _resetDesignRulesCache, acquireOrJoin, activateDesign, addPlanItem, allServers, analyzeCriticalPath, appendJournal, applyModelRuntime, applyRosterBudget, applySddLifecycle, applyTokenOverrides, applyToolDescriptionModeToTool, applyToolDescriptionModes, applyToolResultRenderModes, asBlocks, asText, assertNever, assertNotPrivateHost, assertSafePath, assessCommitSafety, assignNickname, atomicWrite, attachAutoExtend, attachDepWatcherBridge, attachMailboxChecker, attachPlanCheckpoint, attachTodosCheckpoint, awsServer, blockServer, bootConfig, braveSearchServer, buildBoardSnapshot, buildBoardTasks, buildBtwBlock, buildChildEnv, buildContextEvidenceDigest, buildDownAlert, buildGoalPreamble, buildLosslessDigest, buildMailboxBlock, buildOtlpMetricsRequest, buildOtlpTracesRequest, buildQueuedMessagesBlock, buildRecoveryAlert, buildRecoveryStrategies, buildSmartDigest, buildTranscriptFromEvents, classifyFamily, classifyToolError, cleanupSddWorktrees, cleanupStaleSddWorktrees, clearActiveKit, clearPersistedActiveKit, clearPlan, codexModelMeta, collabInjectMiddleware, collabPauseMiddleware, color, colorToHex, compactLog, compactSchemaDescriptions, compactToolDefinitionForWire, compileGlob, compileUserRegex, completePartialObject, composeDirectorPrompt, composeSubagentPrompt, computeMessageTokens, computeTaskItemProgress, computeTaskProgress, consumeBtwNotes, consumeQueuedMessagesUpdate, context7Server, contextManagerTool, countShellHooks, createAgentMonitorService, createAutoExecutor, createAutoPhaseFromTaskGraph, createAutonomyBrain, createChimeraPlugin, createContextEvidenceState, createContextManagerTool, createDefaultPipelines, createDelegateTool, createFallbackModelExtension, createGitPlugin, createGlobalMailbox, createHqEventEnvelope, createHqPublisherFromEnv, createMailboxChecker, createMailboxEventPayload, createMailboxHooks, createMailboxSnapshotPayload, createMailboxSnapshotPayloadFromMailbox, createMcpControlTool, createMcpUseTool, createMessage, createObservabilityPlugin, createPlanPlugin, createPromptsPlugin, createSecurityPlugin, createSecuritySlashCommand, createSessionEventBridge, createSkillsPlugin, createStrategyCompactor, createSyncPlugin, createTieredBrainArbiter, createToolOutputSerializer, decryptConfigSecrets, deepMerge, defaultGitignoreUpdater, defaultHqDataDir, defaultOrchestrator, defaultReportGenerator, defaultSecurityScanner, defaultSkillGenerator, defaultTechStackDetector, definePlugin, deriveTodosFromPlanItem, describeCatalogModel, designProjectDir, destroySddProject, detectEcosystem, detectFrontendFile, detectFrontendIntent, detectNewlineStyle, detectEcosystem as detectPackageEcosystem, diffRegistry, dispatchAgent, downloadGitHubTarball, effectiveFallbackChain, eliseOldToolResults, emptyGoal, emptyHqAuthFile, emptyPlan, emptyTaskFile, encryptConfigSecrets, encryptedPrefixForVersion, enhanceUserPrompt, ensureDir, ensureHqFirstRunAuthFile, escapeGlobSubject, estimateMessageTokens, estimateMessages, estimateRequestTokens, estimateRequestTokensCalibrated, estimateTextTokens, estimateToolDefTokens, estimateToolInputTokens, estimateToolResultTokens, everArtServer, expandGlob, expandIPv6, expectDefined, extractRunEnv, extractText, extractVerificationCommand, fallbackProfileChain, filesystemServer, finalize, findCriticalPath, findPreserveStart, flagsToConfigPatch, formatContextWindowModeList, formatDecisionSummary, formatGoal, formatHumanPrompt, formatModelRef, formatPlan, formatPlanTemplates, formatTaskList, formatTaskProgress, formatTodosList, gatedEnhancerReasoning, generateSessionId, getAgentDefinition, getCalibrationState, getContextWindowMode, getDangerousCapabilities, getDesignKitLoader, getDesignState, getFileHistory, getFilesByAgent, getFullLog, getFullPackageLog, getJsonPath, getLastAuthor, getManifestPackages, getPackageAuthor, getPackagesByAgent, getPlanTemplate, getSessionRegistry, getTemplate, getTermSize, getToolDescriptionMode, getToolResultRenderMode, githubServer, goalFilePath, googleMapsServer, hasCapability, hasConflictMarkers, hasDangerousCapabilityForSubagents, hasOpenTodos, hasSessionRegistry, hasTextContent, hashRequest, hookMatcherMatches, hqAuthFilePath, hqRuntimeFilePath, injectPendingMailboxMessages, installDesignStudioMiddleware, isAgentError, isBuiltinCategory, isColorToken, isConfigError, isContextWindowModeId, isDesignStack, isExplanatoryText, isFetchError, isFsError, isImageBlock, isInteractive, isJsonObject, isParseError, isPathSubjectKey, isPluginError, isPrimitiveArray, isPrivateIPv4, isPrivateIPv6, isSddError, isSecretField, isSessionError, isStdinTTY, isStdoutTTY, isTextBlock, isThinkingBlock, isToolError, isToolResultBlock, isToolUseBlock, isToolValidationError, isUlid, isValidMatrixKey, isWrongStackError, jsonObjectFileExists, listContextWindowModes, listPlanTemplates, listTemplates, loadActiveKit, loadDirectorState, loadGoal, loadInstructionBundle, loadPlan, loadPlugins, loadProjectDesignRules, loadProjectModes, loadTasks, loadTodosCheckpoint, loadUserModes, mailboxSessionTag, makeAgentSubagentRunner, makeAskResultTool, makeAskTool, makeAssignTool, makeAutonomyPromptContributor, makeAwaitTasksTool, makeCollabDebugTool, makeCommandVerifier, makeContinueToNextIterationTool, makeDependencyWatcherConfig, makeDesignDetectToolCallMiddleware, makeDesignDetectUserInputMiddleware, makeDesignStudioRequestMiddleware, makeDesignVerifyToolCallMiddleware, makeDirectorSessionFactory, makeFleetEmitTool, makeFleetTool as makeFleetHealthTool, makeFleetTool as makeFleetSessionTool, makeFleetTool as makeFleetStatusTool, makeFleetTool, makeFleetTool as makeFleetUsageTool, makeLLMClassifier, makeLlmConflictResolver, makeLlmSubtaskGenerator, makeMailInboxTool, makeMailSendTool, makeMailboxTool, makePreferSideConflictResolver, makeRollUpTool, makeSpawnTool, makeTerminateAllTool, makeTerminateTool, makeWorkCompleteTool, mapMailboxAgentToHqSummary, mapMailboxMessageToHqSummary, mapSessionEventToEntries, markAssistantReferencedEvidence, matchAny, matchGlob, materializeTokens, matrixKeyKind, mergeCustomModelDefs, mergeInstructionBundle, mergeModelsPayload, mergeToolResults, migratePlaintextSecrets, migratePromptEntry, miniMaxVisionServer, mintHqBrowserToken, mintHqToken, mutateHqAuthFile, mutatePlan, mutateTasks, nicknameKeyFromDisplay, noOpLogger, noOpVault, normalizeModelRef, normalizePathSubject, normalizeRecipient, normalizeToLf, normalizeTokenSavingTier, normalizeToolDescriptionMode, normalizeToolResultRenderMode, normalizeTuiThinkingWord, normalizedEqual, oklchToHex, onResize, parseContinueDirective, parseEncryptedVersion, parseEntries, parseHqEventPayload, parseHqFrame, parseModelRef, parseOklch, parseProgressFromText, parseSkillRef, peekQueuedMessages, pendingBtwCount, phaseForRole, playwrightServer, projectHash, projectSlug, promptChecksum, readBundledInstructionText, readHqAuthFile, readHqRuntimeFileSync, readJsonObjectFile, readLiveLock, recentTextTurns, recordActualUsage, recordFileAction, recordKitChoice, recordOverrides, recordPackageAction, recordProgress, recordToolOutputEvidence, recordUserIntentEvidence, redactHqEvent, redactHqValue, release, removeJsonPath, removeJsonPathInFile, removePlanItem, renderInstructionTemplate, renderProgress, renderPrometheus, renderPrompt, renderSpecAnalysis, renderTaskGraph, renderTaskList, repairToolUseAdjacency, repeatedReadPressure, resetCalibration, resolveAuditLevel, resolveBundledDesignKitsDir, resolveCacheForRequest, resolveChimeraConfig, resolveConflictText, resolveContextWindowPolicy, resolveHqConfig, resolveHqConfigFromEnv, resolveHqDataDir, resolveMailboxIdentity, resolveModelMatrix, resolveModelRuntime, resolveModelTargetFromEntry, resolveProjectDir, resolveProviderModelList, resolveReasoningForRequest, resolveSessionLoggingConfig, resolveToolDescriptionMode, resolveToolResultRenderMode, resolveWstackPaths, rewriteConfigEncrypted, rollbackSddRunFromDisk, rosterSummaryFromConfigs, rotateConfigKeys, runConfigMigrations, runDesignVerify, runProviderWithRetry, runShellHook, safeParse, safeStringify, sanitizeJsonString, sanitizeModel, sanitizeNodeOptions, saveGoal, savePlan, saveTasks, saveTodosCheckpoint, scoreAgents, scoreMessage, scrubAndTruncateHqPreview, securitySlashCommand, sentinelServer, sessionScopedPath, setActiveKit, setBtwNote, setDesignOverrides, setJsonPath, setJsonPathInFile, setOutputLineGuard, setPlanItemStatus, setProgress, setQueuedMessagesSnapshot, setRawMode, setToolDescriptionMode, setToolResultRenderMode, shellHooksEqual, shortIdMap, shouldEnhance, simplifyToolDescription, slackServer, sleep, slugify, smartDefaultFallbackChain, sshManagerServer, stableStringify, startAgentMonitorEventBridge, startMetricsServer, startOtlpMetricsExporter, startOtlpTraceExporter, startPackageOutdatedWatcher, startSddRun, startSessionTelemetryBridge, startTechStackConsumer, stripAnsi, subjectForToolInput, summarizeHqToolArgs, summarizeUsage, templateToMarkdown, toErrorMessage, toStyle, toWrongStackError, topologicalSort, truncate, ulid, unifiedDiff, unloadPlugins, updateJsonObjectFile, updatePackageOutdatedStatus, validateAgainstSchema, validateRegistryManifest, validateWatchdogOptions, verifyFiles, watchHqAuthFile, watchProviderConfig, wireMetricsToEvents, withDisabledToolFiltering, withFileLock, wrapAsState, writeErr, writeHqAuthFile, writeHqRuntimeFile, writeJsonObjectFile, writeOut, wstackGlobalRoot, zaiVisionServer };
54359
54468
  //# sourceMappingURL=index.js.map
54360
54469
  //# sourceMappingURL=index.js.map