@wrongstack/core 0.3.4 → 0.3.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{agent-bridge-C3DUGjSb.d.ts → agent-bridge-DaOnnHNW.d.ts} +1 -1
- package/dist/{compactor-DpJBI1YH.d.ts → compactor-CFky6JKM.d.ts} +1 -1
- package/dist/{config-DgE3JslD.d.ts → config-RlhKLjme.d.ts} +1 -1
- package/dist/{context-IovtuTf8.d.ts → context-B1kBj1lY.d.ts} +4 -3
- package/dist/coordination/index.d.ts +10 -10
- package/dist/coordination/index.js +12 -1
- package/dist/coordination/index.js.map +1 -1
- package/dist/defaults/index.d.ts +16 -16
- package/dist/defaults/index.js +119 -6
- package/dist/defaults/index.js.map +1 -1
- package/dist/{events-BHIQs4o1.d.ts → events-BBaKeMfb.d.ts} +11 -1
- package/dist/execution/index.d.ts +11 -11
- package/dist/execution/index.js +9 -0
- package/dist/execution/index.js.map +1 -1
- package/dist/extension/index.d.ts +6 -6
- package/dist/{index-DedY4Euf.d.ts → index-meJRuQtc.d.ts} +20 -5
- package/dist/index.d.ts +25 -25
- package/dist/index.js +211 -27
- package/dist/index.js.map +1 -1
- package/dist/infrastructure/index.d.ts +6 -6
- package/dist/kernel/index.d.ts +9 -9
- package/dist/kernel/index.js.map +1 -1
- package/dist/{mcp-servers-zGiC1lQc.d.ts → mcp-servers-Cf4-bJnd.d.ts} +3 -3
- package/dist/models/index.d.ts +2 -2
- package/dist/{multi-agent-B9a6sflH.d.ts → multi-agent-D5m66hzB.d.ts} +1 -1
- package/dist/observability/index.d.ts +2 -2
- package/dist/{path-resolver--59rCou3.d.ts → path-resolver-Bg4OP5fi.d.ts} +2 -2
- package/dist/{provider-runner-B39miKRw.d.ts → provider-runner-CU9gnU2E.d.ts} +3 -3
- package/dist/sdd/index.d.ts +3 -3
- package/dist/secret-scrubber-DyUAWS09.d.ts +54 -0
- package/dist/{secret-scrubber-Cuy5afaQ.d.ts → secret-scrubber-Dyh5LVYL.d.ts} +1 -1
- package/dist/security/index.d.ts +58 -5
- package/dist/security/index.js +90 -5
- package/dist/security/index.js.map +1 -1
- package/dist/{selector-wT2fv9Fg.d.ts → selector-DBEiwXBk.d.ts} +1 -1
- package/dist/{session-reader-CcPi4BQ8.d.ts → session-reader-D-z0AgHs.d.ts} +1 -1
- package/dist/{skill-C_7znCIC.d.ts → skill-DayhFUBb.d.ts} +1 -1
- package/dist/storage/index.d.ts +5 -5
- package/dist/storage/index.js +12 -0
- package/dist/storage/index.js.map +1 -1
- package/dist/{system-prompt-Dk1qm8ey.d.ts → system-prompt-DNetCecu.d.ts} +1 -1
- package/dist/{tool-executor-DY0iSXYf.d.ts → tool-executor-B5bgmEgE.d.ts} +12 -5
- package/dist/types/index.d.ts +15 -15
- package/dist/types/index.js +16 -0
- package/dist/types/index.js.map +1 -1
- package/dist/utils/index.d.ts +1 -1
- package/package.json +1 -1
- package/dist/secret-scrubber-CgG2tV2B.d.ts +0 -31
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
export { A as AfterIterationHook, p as AfterRunHook, q as AfterToolExecutionHook, s as AgentExtension, B as BeforeIterationHook, w as BeforeRunHook, x as BeforeToolExecutionHook, E as ExtensionRegistry, O as OnErrorHook, G as ProviderRunnerFn, z as ProviderRunnerWrapper } from '../index-
|
|
2
|
-
import '../context-
|
|
1
|
+
export { A as AfterIterationHook, p as AfterRunHook, q as AfterToolExecutionHook, s as AgentExtension, B as BeforeIterationHook, w as BeforeRunHook, x as BeforeToolExecutionHook, E as ExtensionRegistry, O as OnErrorHook, G as ProviderRunnerFn, z as ProviderRunnerWrapper } from '../index-meJRuQtc.js';
|
|
2
|
+
import '../context-B1kBj1lY.js';
|
|
3
3
|
import '../logger-BMQgxvdy.js';
|
|
4
|
-
import '../system-prompt-
|
|
4
|
+
import '../system-prompt-DNetCecu.js';
|
|
5
5
|
import '../observability-BhnVLBLS.js';
|
|
6
|
-
import '../events-
|
|
7
|
-
import '../secret-scrubber-
|
|
8
|
-
import '../config-
|
|
6
|
+
import '../events-BBaKeMfb.js';
|
|
7
|
+
import '../secret-scrubber-DyUAWS09.js';
|
|
8
|
+
import '../config-RlhKLjme.js';
|
|
9
9
|
import '../models-registry-Y2xbog0E.js';
|
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
import { u as Tool, z as ToolResultBlock, T as TextBlock, a0 as Context, R as Request, j as Response, D as ToolUseBlock, g as Provider, W as WrongStackError, b as ContentBlock, a7 as RunOptions, J as JSONSchema } from './context-
|
|
1
|
+
import { u as Tool, z as ToolResultBlock, T as TextBlock, a0 as Context, R as Request, j as Response, D as ToolUseBlock, g as Provider, W as WrongStackError, b as ContentBlock, a7 as RunOptions, J as JSONSchema } from './context-B1kBj1lY.js';
|
|
2
2
|
import { L as Logger } from './logger-BMQgxvdy.js';
|
|
3
|
-
import { R as Renderer, B as BuildContext, C as Container, P as Pipeline, e as ReadonlyPipeline } from './system-prompt-
|
|
3
|
+
import { R as Renderer, B as BuildContext, C as Container, P as Pipeline, e as ReadonlyPipeline } from './system-prompt-DNetCecu.js';
|
|
4
4
|
import { T as Tracer } from './observability-BhnVLBLS.js';
|
|
5
|
-
import { E as EventBus, a as EventName, L as Listener } from './events-
|
|
6
|
-
import { a as PermissionPolicy, S as SecretScrubber } from './secret-scrubber-
|
|
7
|
-
import { l as ProviderConfig, a as Config } from './config-
|
|
5
|
+
import { E as EventBus, a as EventName, L as Listener } from './events-BBaKeMfb.js';
|
|
6
|
+
import { a as PermissionPolicy, S as SecretScrubber } from './secret-scrubber-DyUAWS09.js';
|
|
7
|
+
import { l as ProviderConfig, a as Config } from './config-RlhKLjme.js';
|
|
8
8
|
import { W as WireFamily } from './models-registry-Y2xbog0E.js';
|
|
9
9
|
|
|
10
10
|
/**
|
|
@@ -516,8 +516,23 @@ declare class Agent {
|
|
|
516
516
|
private get permission();
|
|
517
517
|
private get scrubber();
|
|
518
518
|
private get renderer();
|
|
519
|
+
/**
|
|
520
|
+
* Switch from inline CLI prompts to event-driven confirmation.
|
|
521
|
+
* Clears both the ToolExecutor's confirmAwaiter (so it returns
|
|
522
|
+
* `ToolConfirmPendingResult`) and the permission policy's
|
|
523
|
+
* promptDelegate (so `evaluate()` returns `confirm`).
|
|
524
|
+
*
|
|
525
|
+
* Call this before entering TUI or any mode where stdin is owned
|
|
526
|
+
* by a UI framework (Ink, WebUI WS bridge). Without this, the
|
|
527
|
+
* inline prompt writes to stdout and blocks on stdin — both of
|
|
528
|
+
* which are owned by the framework — making the prompt invisible
|
|
529
|
+
* and the input deadlocked.
|
|
530
|
+
*/
|
|
531
|
+
disableInteractiveConfirmation(): void;
|
|
519
532
|
register(tool: Tool): void;
|
|
520
533
|
use(plugin: Plugin, api: PluginAPI): Promise<void>;
|
|
534
|
+
/** Tear down all plugins in reverse order, calling their teardown hooks. */
|
|
535
|
+
teardown(): Promise<void>;
|
|
521
536
|
run(userInput: AgentInput, opts?: RunOptions): Promise<RunResult>;
|
|
522
537
|
private runInner;
|
|
523
538
|
/**
|
package/dist/index.d.ts
CHANGED
|
@@ -1,33 +1,33 @@
|
|
|
1
|
-
import { S as SystemPromptBuilder, M as ModelCapabilities, B as BuildContext, C as Container } from './system-prompt-
|
|
2
|
-
export { a as BindOptions, D as Decorator, F as Factory, b as Middleware, c as MiddlewareHandler, N as NextFn, P as Pipeline, d as PipelineOptions, R as Renderer, T as Token } from './system-prompt-
|
|
3
|
-
import { E as EventBus, a as EventName, L as Listener } from './events-
|
|
4
|
-
export { b as EventLogger, c as EventMap } from './events-
|
|
1
|
+
import { S as SystemPromptBuilder, M as ModelCapabilities, B as BuildContext, C as Container } from './system-prompt-DNetCecu.js';
|
|
2
|
+
export { a as BindOptions, D as Decorator, F as Factory, b as Middleware, c as MiddlewareHandler, N as NextFn, P as Pipeline, d as PipelineOptions, R as Renderer, T as Token } from './system-prompt-DNetCecu.js';
|
|
3
|
+
import { E as EventBus, a as EventName, L as Listener } from './events-BBaKeMfb.js';
|
|
4
|
+
export { b as EventLogger, c as EventMap } from './events-BBaKeMfb.js';
|
|
5
5
|
export { RunController, RunControllerOptions, TOKENS } from './kernel/index.js';
|
|
6
|
-
import { b as ContentBlock, T as TextBlock, a0 as Context } from './context-
|
|
7
|
-
export { A as AgentError, C as Capabilities, a as ConfigError, a3 as ContextInit, a4 as ConversationState, E as ErrorCode, c as ErrorSeverity, d as ErrorSubsystem, I as ImageBlock, J as JSONSchema, M as Message, e as MessageRole, P as Permission, f as PluginError, g as Provider, h as ProviderError, i as ProviderErrorBody, a5 as ReadonlyConversationState, R as Request, j as Response, k as ResumedSession, a6 as RunEnv, a7 as RunOptions, S as SessionData, l as SessionError, m as SessionEvent, n as SessionMetadata, o as SessionStore, p as SessionSummary, q as SessionWriter, a8 as StateChange, a9 as StateChangeHandler, r as StopReason, s as StreamEvent, t as ThinkingBlock, aa as TodoItem, a1 as TokenCounter, u as Tool, v as ToolCallContext, w as ToolError, x as ToolFinalEvent, y as ToolProgressEvent, z as ToolResultBlock, B as ToolStreamEvent, D as ToolUseBlock, U as Usage, W as WrongStackError, F as asBlocks, G as asText, ab as extractRunEnv, H as isAgentError, K as isConfigError, L as isImageBlock, N as isPluginError, O as isSessionError, Q as isTextBlock, V as isThinkingBlock, X as isToolError, Y as isToolResultBlock, Z as isToolUseBlock, _ as isWrongStackError, $ as toWrongStackError, ac as wrapAsState } from './context-
|
|
8
|
-
export { P as ProviderRunner, R as RunProviderOptions } from './provider-runner-
|
|
9
|
-
import { a as Config } from './config-
|
|
10
|
-
export { C as CONTEXT_WINDOW_MODES, b as ConfigLoader, c as ConfigStore, d as ContextConfig, e as ContextWindowAggressiveOn, f as ContextWindowConfigLike, g as ContextWindowMode, h as ContextWindowModeId, i as ContextWindowPolicy, j as ContextWindowThresholds, D as DEFAULT_CONTEXT_WINDOW_MODE_ID, F as FeaturesConfig, L as LogConfig, M as MCPServerConfig, P as PluginConfig, k as ProviderApiKey, l as ProviderConfig, T as ToolsConfig, m as formatContextWindowModeList, n as getContextWindowMode, o as isContextWindowModeId, p as listContextWindowModes, r as resolveContextWindowPolicy } from './config-
|
|
11
|
-
export { C as CompactReport, a as Compactor } from './compactor-
|
|
12
|
-
export { P as PermissionDecision, a as PermissionPolicy, T as TrustPolicy } from './secret-scrubber-
|
|
13
|
-
import { e as AttachmentStore, d as AttachmentRef, A as AddAttachmentInput } from './session-reader-
|
|
14
|
-
export { a as Attachment, b as AttachmentKind, c as AttachmentMeta, D as DefaultSessionReader } from './session-reader-
|
|
15
|
-
export { D as DefaultSecretScrubber, a as DefaultSecretVault, S as SecretVaultOptions, d as decryptConfigSecrets, e as encryptConfigSecrets, m as migratePlaintextSecrets, r as rewriteConfigEncrypted } from './secret-scrubber-
|
|
6
|
+
import { b as ContentBlock, T as TextBlock, a0 as Context } from './context-B1kBj1lY.js';
|
|
7
|
+
export { A as AgentError, C as Capabilities, a as ConfigError, a3 as ContextInit, a4 as ConversationState, E as ErrorCode, c as ErrorSeverity, d as ErrorSubsystem, I as ImageBlock, J as JSONSchema, M as Message, e as MessageRole, P as Permission, f as PluginError, g as Provider, h as ProviderError, i as ProviderErrorBody, a5 as ReadonlyConversationState, R as Request, j as Response, k as ResumedSession, a6 as RunEnv, a7 as RunOptions, S as SessionData, l as SessionError, m as SessionEvent, n as SessionMetadata, o as SessionStore, p as SessionSummary, q as SessionWriter, a8 as StateChange, a9 as StateChangeHandler, r as StopReason, s as StreamEvent, t as ThinkingBlock, aa as TodoItem, a1 as TokenCounter, u as Tool, v as ToolCallContext, w as ToolError, x as ToolFinalEvent, y as ToolProgressEvent, z as ToolResultBlock, B as ToolStreamEvent, D as ToolUseBlock, U as Usage, W as WrongStackError, F as asBlocks, G as asText, ab as extractRunEnv, H as isAgentError, K as isConfigError, L as isImageBlock, N as isPluginError, O as isSessionError, Q as isTextBlock, V as isThinkingBlock, X as isToolError, Y as isToolResultBlock, Z as isToolUseBlock, _ as isWrongStackError, $ as toWrongStackError, ac as wrapAsState } from './context-B1kBj1lY.js';
|
|
8
|
+
export { P as ProviderRunner, R as RunProviderOptions } from './provider-runner-CU9gnU2E.js';
|
|
9
|
+
import { a as Config } from './config-RlhKLjme.js';
|
|
10
|
+
export { C as CONTEXT_WINDOW_MODES, b as ConfigLoader, c as ConfigStore, d as ContextConfig, e as ContextWindowAggressiveOn, f as ContextWindowConfigLike, g as ContextWindowMode, h as ContextWindowModeId, i as ContextWindowPolicy, j as ContextWindowThresholds, D as DEFAULT_CONTEXT_WINDOW_MODE_ID, F as FeaturesConfig, L as LogConfig, M as MCPServerConfig, P as PluginConfig, k as ProviderApiKey, l as ProviderConfig, T as ToolsConfig, m as formatContextWindowModeList, n as getContextWindowMode, o as isContextWindowModeId, p as listContextWindowModes, r as resolveContextWindowPolicy } from './config-RlhKLjme.js';
|
|
11
|
+
export { C as CompactReport, a as Compactor } from './compactor-CFky6JKM.js';
|
|
12
|
+
export { P as PermissionDecision, a as PermissionPolicy, T as TrustPolicy } from './secret-scrubber-DyUAWS09.js';
|
|
13
|
+
import { e as AttachmentStore, d as AttachmentRef, A as AddAttachmentInput } from './session-reader-D-z0AgHs.js';
|
|
14
|
+
export { a as Attachment, b as AttachmentKind, c as AttachmentMeta, D as DefaultSessionReader } from './session-reader-D-z0AgHs.js';
|
|
15
|
+
export { D as DefaultSecretScrubber, a as DefaultSecretVault, S as SecretVaultOptions, d as decryptConfigSecrets, e as encryptConfigSecrets, m as migratePlaintextSecrets, r as rewriteConfigEncrypted } from './secret-scrubber-Dyh5LVYL.js';
|
|
16
16
|
export { D as DefaultLogger, a as DefaultLoggerOptions } from './logger-BH6AE0W9.js';
|
|
17
|
-
export { D as DefaultPathResolver, a as DefaultTokenCounter } from './path-resolver
|
|
17
|
+
export { D as DefaultPathResolver, a as DefaultTokenCounter } from './path-resolver-Bg4OP5fi.js';
|
|
18
18
|
import { b as MemoryStore } from './memory-CEXuo7sz.js';
|
|
19
19
|
export { M as MemoryEntry, a as MemoryScope } from './memory-CEXuo7sz.js';
|
|
20
|
-
export { C as CompactorOptions, D as DEFAULT_RECOVERY_STRATEGIES, a as DefaultErrorHandler, b as DefaultRetryPolicy, H as HybridCompactor, R as RecoveryStrategy, T as ToolExecutor, c as buildRecoveryStrategies } from './tool-executor-
|
|
21
|
-
import { a as SkillLoader } from './skill-
|
|
22
|
-
export { S as SkillEntry, b as SkillManifest } from './skill-
|
|
20
|
+
export { C as CompactorOptions, D as DEFAULT_RECOVERY_STRATEGIES, a as DefaultErrorHandler, b as DefaultRetryPolicy, H as HybridCompactor, R as RecoveryStrategy, T as ToolExecutor, c as buildRecoveryStrategies } from './tool-executor-B5bgmEgE.js';
|
|
21
|
+
import { a as SkillLoader } from './skill-DayhFUBb.js';
|
|
22
|
+
export { S as SkillEntry, b as SkillManifest } from './skill-DayhFUBb.js';
|
|
23
23
|
export { I as InputReader, P as PromptOption } from './input-reader-E-ffP2ee.js';
|
|
24
|
-
import { j as SystemPromptContributor, h as SlashCommand, b as PluginAPI, e as PluginPipelines, T as ToolRegistryView, g as ProviderRegistryView, M as MCPRegistryView, i as SlashCommandRegistryView, E as ExtensionRegistry, S as SessionWriterView, a as MetricsSinkView, n as ToolRegistry, o as ProviderRegistry, P as Plugin } from './index-
|
|
25
|
-
export { A as AfterIterationHook, p as AfterRunHook, q as AfterToolExecutionHook, r as Agent, s as AgentExtension, t as AgentInit, u as AgentInput, v as AgentPipelines, B as BeforeIterationHook, w as BeforeRunHook, x as BeforeToolExecutionHook, D as DEFAULT_MAX_ITERATIONS, O as OnErrorHook, c as PluginCapabilities, d as PluginDependency, y as ProviderFactory, z as ProviderRunnerWrapper, R as RunResult, C as ToolWrapper, U as UserInputPayload, F as createDefaultPipelines } from './index-
|
|
24
|
+
import { j as SystemPromptContributor, h as SlashCommand, b as PluginAPI, e as PluginPipelines, T as ToolRegistryView, g as ProviderRegistryView, M as MCPRegistryView, i as SlashCommandRegistryView, E as ExtensionRegistry, S as SessionWriterView, a as MetricsSinkView, n as ToolRegistry, o as ProviderRegistry, P as Plugin } from './index-meJRuQtc.js';
|
|
25
|
+
export { A as AfterIterationHook, p as AfterRunHook, q as AfterToolExecutionHook, r as Agent, s as AgentExtension, t as AgentInit, u as AgentInput, v as AgentPipelines, B as BeforeIterationHook, w as BeforeRunHook, x as BeforeToolExecutionHook, D as DEFAULT_MAX_ITERATIONS, O as OnErrorHook, c as PluginCapabilities, d as PluginDependency, y as ProviderFactory, z as ProviderRunnerWrapper, R as RunResult, C as ToolWrapper, U as UserInputPayload, F as createDefaultPipelines } from './index-meJRuQtc.js';
|
|
26
26
|
export { D as DefaultModelsRegistry, a as DefaultModelsRegistryOptions, c as classifyFamily } from './models-registry-DqzwpBQy.js';
|
|
27
27
|
import { c as ModeStore } from './mode-CV077NjV.js';
|
|
28
28
|
export { D as DEFAULT_MODES, M as Mode, a as ModeConfig, b as ModeManifest } from './mode-CV077NjV.js';
|
|
29
|
-
export { I as InMemoryAgentBridge, a as InMemoryBridgeTransport, c as createMessage } from './agent-bridge-
|
|
30
|
-
export { n as BudgetExceededError, o as BudgetKind, p as BudgetLimits, q as BudgetUsage, C as CoordinatorEvents, a as CoordinatorStatus, D as DoneCondition, M as MultiAgentConfig, b as MultiAgentCoordinator, S as SpawnResult, r as SubagentBudget, c as SubagentConfig, d as SubagentContext, e as SubagentError, f as SubagentErrorKind, g as SubagentRunContext, h as SubagentRunOutcome, i as SubagentRunner, T as TaskDelegation, j as TaskResult, k as TaskSpec } from './multi-agent-
|
|
29
|
+
export { I as InMemoryAgentBridge, a as InMemoryBridgeTransport, c as createMessage } from './agent-bridge-DaOnnHNW.js';
|
|
30
|
+
export { n as BudgetExceededError, o as BudgetKind, p as BudgetLimits, q as BudgetUsage, C as CoordinatorEvents, a as CoordinatorStatus, D as DoneCondition, M as MultiAgentConfig, b as MultiAgentCoordinator, S as SpawnResult, r as SubagentBudget, c as SubagentConfig, d as SubagentContext, e as SubagentError, f as SubagentErrorKind, g as SubagentRunContext, h as SubagentRunOutcome, i as SubagentRunner, T as TaskDelegation, j as TaskResult, k as TaskSpec } from './multi-agent-D5m66hzB.js';
|
|
31
31
|
export { C as CriticalPathResult, D as DEFAULT_SPEC_TEMPLATE, S as SpecAnalysis, a as SpecApiEndpoint, b as SpecRequirement, c as SpecSection, d as SpecSectionType, e as SpecStatus, f as SpecTemplate, g as SpecValidationResult, h as Specification, T as TaskAssignment, i as TaskDependency, j as TaskEdge, k as TaskFilter, l as TaskGraph, m as TaskNode, n as TaskPriority, o as TaskProgress, p as TaskSort, q as TaskStatus, r as TaskType, s as computeTaskProgress, t as findCriticalPath, u as topologicalSort } from './task-graph-BITvWt4t.js';
|
|
32
32
|
export { A as AggregateHealth, H as HealthCheck, a as HealthCheckResult, b as HealthRegistry, c as HealthStatus, M as MetricLabels, d as MetricSeries, e as MetricsSink, f as MetricsSnapshot, S as Span, T as Tracer } from './observability-BhnVLBLS.js';
|
|
33
33
|
export { AtomicWriteOptions, BuildChildEnvOptions, CompileFail, CompileResult, MessageRepairReport, MessageRepairResult, NewlineStyle, SafeParseResult, ToolOutputSerializerOptions, UnifiedDiffOptions, ValidationError, ValidationResult, atomicWrite, buildChildEnv, color, compileGlob, compileUserRegex, createToolOutputSerializer, detectNewlineStyle, ensureDir, estimateTextTokens, estimateToolInputTokens, estimateToolResultTokens, formatTodosList, matchAny, matchGlob, normalizeToLf, repairToolUseAdjacency, safeParse, safeStringify, sanitizeJsonString, stripAnsi, toStyle, unifiedDiff, validateAgainstSchema } from './utils/index.js';
|
|
@@ -40,13 +40,13 @@ export { ALL_FLEET_AGENTS, AUDIT_LOG_AGENT, AgentFactory, AgentFactoryResult, Ag
|
|
|
40
40
|
export { DefaultModeStore, LLMSelector, LLMSelectorOptions, ModeLoaderOptions, loadProjectModes, loadUserModes } from './models/index.js';
|
|
41
41
|
export { DefaultTaskStore, GeneratedTask, SpecDrivenDev, SpecDrivenDevOptions, SpecParser, TaskFlow, TaskFlowEventMap, TaskFlowEventName, TaskFlowExecutionContext, TaskFlowOptions, TaskFlowPhase, TaskGenerator, TaskGeneratorOptions, TaskStore, TaskTracker, TaskTrackerOptions, TaskTransition } from './sdd/index.js';
|
|
42
42
|
export { DefaultHealthRegistry, InMemoryMetricsSink, MetricsServerHandle, MetricsServerOptions, NoopMetricsSink, NoopTracer, OTelTracer, OtlpMetricsExporterHandle, OtlpMetricsExporterOptions, OtlpTraceExporterHandle, OtlpTraceExporterOptions, PROMETHEUS_CONTENT_TYPE, buildOtlpMetricsRequest, buildOtlpTracesRequest, renderPrometheus, startMetricsServer, startOtlpMetricsExporter, startOtlpTraceExporter, wireMetricsToEvents } from './observability/index.js';
|
|
43
|
-
export { C as ContextManagerAction, a as ContextManagerInput, b as ContextManagerResult, c as ContextManagerToolOptions, d as allServers, e as awsServer, f as blockServer, g as braveSearchServer, h as context7Server, i as contextManagerTool, j as createContextManagerTool, k as everArtServer, l as filesystemServer, m as githubServer, n as googleMapsServer, o as miniMaxVisionServer, s as sentinelServer, p as slackServer, z as zaiVisionServer } from './mcp-servers-
|
|
43
|
+
export { C as ContextManagerAction, a as ContextManagerInput, b as ContextManagerResult, c as ContextManagerToolOptions, d as allServers, e as awsServer, f as blockServer, g as braveSearchServer, h as context7Server, i as contextManagerTool, j as createContextManagerTool, k as everArtServer, l as filesystemServer, m as githubServer, n as googleMapsServer, o as miniMaxVisionServer, s as sentinelServer, p as slackServer, z as zaiVisionServer } from './mcp-servers-Cf4-bJnd.js';
|
|
44
44
|
import { L as Logger } from './logger-BMQgxvdy.js';
|
|
45
45
|
export { a as LogLevel } from './logger-BMQgxvdy.js';
|
|
46
46
|
export { a as ModelsDevPayload, c as ModelsDevProvider, M as ModelsRegistry, b as ResolvedModel, R as ResolvedProvider, W as WireFamily } from './models-registry-Y2xbog0E.js';
|
|
47
47
|
export { S as SecretVault } from './secret-vault-DoISxaKO.js';
|
|
48
48
|
import './path-resolver-CPRj4bFY.js';
|
|
49
|
-
import './selector-
|
|
49
|
+
import './selector-DBEiwXBk.js';
|
|
50
50
|
import 'node:events';
|
|
51
51
|
|
|
52
52
|
interface InputBuilderOptions {
|
|
@@ -113,7 +113,7 @@ declare class InputBuilder {
|
|
|
113
113
|
private shouldCollapse;
|
|
114
114
|
}
|
|
115
115
|
|
|
116
|
-
declare const LAYER_1_IDENTITY = "You are WrongStack, a command-line AI coding agent.\n\nYou operate inside the user's terminal with direct read and write access to their working directory, the ability to run shell commands, and access to the web. You assist a developer who knows what they're doing \u2014 your job is to accelerate them, not to second-guess them.\n\n## Core principles\n\n1. **Read before you write.** Always inspect the relevant files before proposing changes. Assumptions about code you haven't read are bugs in waiting.\n2. **Prefer surgical edits over rewrites.** When modifying existing files, use the edit tool with str_replace; only use write for new files or full replacements explicitly requested.\n3. **Show your work.** Before non-trivial changes, briefly state what you're about to do \u2014 one sentence, not a wall of text. After tool calls, summarize what happened, not what you did mechanically.\n4. **Be honest about limits.** If you don't know, say so. If something failed, say what failed and what you'll try next. Never fabricate file contents, API responses, or test results.\n5. **Be concise.** The user is a developer in a terminal. No marketing language, no \"great question!\", no bullet-point lists when prose works. If a one-liner answers, a one-liner is the answer.\n6. **Ask when blocked, proceed when not.** If the task is ambiguous in a way that meaningfully changes the approach, ask. If it's ambiguous in a way that doesn't, pick a reasonable default and proceed, stating the assumption.\n7. **Trust the tools.** If a permission prompt is shown, the user will answer. Do not preemptively explain that you \"would like to\" do something \u2014 call the tool, let the permission flow decide.\n8. **Format for scanability.** Use code blocks for code, backticks for file paths, bold for key terms. One-liners stay one line. Paragraphs max 3 sentences.\n9. **Recover explicitly.** When a tool fails, state: (1) what failed, (2) what you tried, (3) what you'll attempt next. Never silently skip.\n\n## Decision heuristics\n\n- **Task is ambiguous** (unclear which file, conflicting requirements) \u2192 ask before proceeding\n- **Task is clear, approach is unknown** \u2192 try one approach, report what happened\n- **Tool fails** \u2192 retry once with adjusted params, then report failure\n- **Permission prompt shown** \u2192 wait for user, do not act unilaterally\n- **Context window filling up** \u2192 use context_manager proactively; don't wait to be told\n\n## How you work\n\n- **Stay focused.** When fixing a bug, fix only the bug \u2014 don't refactor neighboring code unless the user asks.\n- **Comment with purpose.** Add comments only when they explain why, not what. The code already says what.\n- **Own your output.** Never call work \"production-ready\" or \"fully tested\" \u2014 the user makes that call.\n- **Move on from mistakes.** When something fails, report what happened and what you'll do next. No apologies, no hand-wringing.\n- **Stay in your lane.** Don't lecture about software engineering principles unless explicitly asked \u2014 the user is the expert on their codebase.";
|
|
116
|
+
declare const LAYER_1_IDENTITY = "You are WrongStack, a command-line AI coding agent.\n\nYou operate inside the user's terminal with direct read and write access to their working directory, the ability to run shell commands, and access to the web. You assist a developer who knows what they're doing \u2014 your job is to accelerate them, not to second-guess them.\n\n## Core principles\n\n1. **Read before you write.** Always inspect the relevant files before proposing changes. Assumptions about code you haven't read are bugs in waiting.\n2. **Prefer surgical edits over rewrites.** When modifying existing files, use the edit tool with str_replace; only use write for new files or full replacements explicitly requested.\n3. **Show your work.** Before non-trivial changes, briefly state what you're about to do \u2014 one sentence, not a wall of text. After tool calls, summarize what happened, not what you did mechanically.\n4. **Be honest about limits.** If you don't know, say so. If something failed, say what failed and what you'll try next. Never fabricate file contents, API responses, or test results.\n5. **Be concise.** The user is a developer in a terminal. No marketing language, no \"great question!\", no bullet-point lists when prose works. If a one-liner answers, a one-liner is the answer.\n6. **Ask when blocked, proceed when not.** If the task is ambiguous in a way that meaningfully changes the approach, ask. If it's ambiguous in a way that doesn't, pick a reasonable default and proceed, stating the assumption.\n7. **Trust the tools.** If a permission prompt is shown, the user will answer. Do not preemptively explain that you \"would like to\" do something \u2014 call the tool, let the permission flow decide.\n8. **Format for scanability.** Use code blocks for code, backticks for file paths, bold for key terms. One-liners stay one line. Paragraphs max 3 sentences.\n9. **Recover explicitly.** When a tool fails, state: (1) what failed, (2) what you tried, (3) what you'll attempt next. Never silently skip.\n\n## Decision heuristics\n\n- **Task is ambiguous** (unclear which file, conflicting requirements) \u2192 ask before proceeding\n- **Task is clear, approach is unknown** \u2192 try one approach, report what happened\n- **Tool fails** \u2192 retry once with adjusted params, then report failure\n- **Permission prompt shown** \u2192 wait for user, do not act unilaterally\n- **Tool denied by user** \u2192 do NOT retry the same tool in the next iteration. If the user denies a write, bash, or any tool, respect that decision. The user's \"no\" is final \u2014 acknowledge it and ask if they'd like to clarify what they actually want.\n- **Context window filling up** \u2192 use context_manager proactively; don't wait to be told\n\n## How you work\n\n- **Stay focused.** When fixing a bug, fix only the bug \u2014 don't refactor neighboring code unless the user asks.\n- **Comment with purpose.** Add comments only when they explain why, not what. The code already says what.\n- **Own your output.** Never call work \"production-ready\" or \"fully tested\" \u2014 the user makes that call.\n- **Move on from mistakes.** When something fails, report what happened and what you'll do next. No apologies, no hand-wringing.\n- **Respect denied tools.** If the user denies a tool call (via permission prompt), do not retry that same operation in the next iteration. The user's \"no\" means \"find another way or ask\". Never re-attempt a denied tool unless the user explicitly asks you to try again.\n- **When denied, ask.** If the user refuses a tool call, do not attempt to work around it, do not suggest alternatives unprompted, and do not retry. Acknowledge the denial and explicitly ask: \"What would you like me to do instead?\"\n- **Stay in your lane.** Don't lecture about software engineering principles unless explicitly asked \u2014 the user is the expert on their codebase.";
|
|
117
117
|
interface DefaultSystemPromptBuilderOptions {
|
|
118
118
|
memoryStore?: MemoryStore;
|
|
119
119
|
skillLoader?: SkillLoader;
|
package/dist/index.js
CHANGED
|
@@ -2242,6 +2242,13 @@ var InMemoryAgentBridge = class {
|
|
|
2242
2242
|
this.pendingRequests.delete(correlationId);
|
|
2243
2243
|
reject(new Error(`Request ${correlationId} timed out after ${timeout}ms`));
|
|
2244
2244
|
}, timeout);
|
|
2245
|
+
if (this.stopped) {
|
|
2246
|
+
clearTimeout(timer);
|
|
2247
|
+
this.inflightGuards.delete(correlationId);
|
|
2248
|
+
this.pendingRequests.delete(correlationId);
|
|
2249
|
+
reject(new Error("Bridge stopped"));
|
|
2250
|
+
return;
|
|
2251
|
+
}
|
|
2245
2252
|
this.pendingRequests.set(correlationId, {
|
|
2246
2253
|
resolve: resolve4,
|
|
2247
2254
|
reject,
|
|
@@ -2445,6 +2452,15 @@ var ToolExecutor = class {
|
|
|
2445
2452
|
opts;
|
|
2446
2453
|
serializer;
|
|
2447
2454
|
iterationTimeoutMs;
|
|
2455
|
+
/**
|
|
2456
|
+
* Clear the interactive confirm awaiter so the executor returns
|
|
2457
|
+
* `ToolConfirmPendingResult` instead of blocking on stdin. Used by
|
|
2458
|
+
* the CLI to switch from inline prompts (REPL) to event-driven
|
|
2459
|
+
* confirmation (TUI) at runtime.
|
|
2460
|
+
*/
|
|
2461
|
+
clearConfirmAwaiter() {
|
|
2462
|
+
this.opts.confirmAwaiter = void 0;
|
|
2463
|
+
}
|
|
2448
2464
|
/**
|
|
2449
2465
|
* Execute a batch of tool uses using the configured strategy.
|
|
2450
2466
|
* Returns the execution results and the remaining output budget.
|
|
@@ -3887,6 +3903,7 @@ var QueueStore = class {
|
|
|
3887
3903
|
} catch (err) {
|
|
3888
3904
|
const code = err.code;
|
|
3889
3905
|
if (code === "ENOENT") return [];
|
|
3906
|
+
console.warn(`[QueueStore] failed to read queue file "${this.file}":`, err instanceof Error ? err.message : String(err));
|
|
3890
3907
|
return [];
|
|
3891
3908
|
}
|
|
3892
3909
|
let parsed;
|
|
@@ -3986,6 +4003,13 @@ var DefaultAttachmentStore = class {
|
|
|
3986
4003
|
return mergeAdjacentText(blocks);
|
|
3987
4004
|
}
|
|
3988
4005
|
async clear() {
|
|
4006
|
+
if (this.spoolDir) {
|
|
4007
|
+
const toDelete = [];
|
|
4008
|
+
for (const att of this.items.values()) {
|
|
4009
|
+
if (att.path) toDelete.push(att.path);
|
|
4010
|
+
}
|
|
4011
|
+
await Promise.all(toDelete.map((p) => fsp2.unlink(p).catch(() => void 0)));
|
|
4012
|
+
}
|
|
3989
4013
|
this.items.clear();
|
|
3990
4014
|
this.refs.length = 0;
|
|
3991
4015
|
this.nextSeq = { text: 0, image: 0, file: 0 };
|
|
@@ -5001,6 +5025,10 @@ var DirectorStateCheckpoint = class {
|
|
|
5001
5025
|
this.timer = null;
|
|
5002
5026
|
}
|
|
5003
5027
|
await this.persist();
|
|
5028
|
+
if (this.rewriteRequested) {
|
|
5029
|
+
this.rewriteRequested = false;
|
|
5030
|
+
await this.persist();
|
|
5031
|
+
}
|
|
5004
5032
|
}
|
|
5005
5033
|
bumpUpdatedAt() {
|
|
5006
5034
|
this.snapshot = { ...this.snapshot, updatedAt: (/* @__PURE__ */ new Date()).toISOString() };
|
|
@@ -5041,12 +5069,49 @@ var DefaultPermissionPolicy = class {
|
|
|
5041
5069
|
loaded = false;
|
|
5042
5070
|
trustFile;
|
|
5043
5071
|
yolo;
|
|
5072
|
+
/**
|
|
5073
|
+
* Session-scoped "soft deny" map. When the user presses 'n' (block once),
|
|
5074
|
+
* the tool+pattern is added here. If the LLM retries in the same session,
|
|
5075
|
+
* we return deny directly without asking again.
|
|
5076
|
+
*
|
|
5077
|
+
* Cleared on reload() since reload = fresh trust file snapshot.
|
|
5078
|
+
*/
|
|
5079
|
+
sessionDenied = /* @__PURE__ */ new Map();
|
|
5080
|
+
/**
|
|
5081
|
+
* Session-scoped "soft trust" map. When the user presses 'a' (allow once),
|
|
5082
|
+
* the tool+pattern is added here. If the LLM retries in the same session,
|
|
5083
|
+
* we return auto directly without asking again.
|
|
5084
|
+
*
|
|
5085
|
+
* Cleared on reload().
|
|
5086
|
+
*/
|
|
5087
|
+
sessionAllowed = /* @__PURE__ */ new Map();
|
|
5088
|
+
/**
|
|
5089
|
+
* Interactive prompt delegate. When set, `evaluate()` calls it to get a
|
|
5090
|
+
* user decision synchronously (CLI REPL path). When cleared (TUI / WebUI),
|
|
5091
|
+
* `evaluate()` returns `confirm` so the caller can emit
|
|
5092
|
+
* `tool.confirm_needed` for the UI layer to handle.
|
|
5093
|
+
*
|
|
5094
|
+
* Mutable so the host can switch from CLI-prompt to event-driven
|
|
5095
|
+
* confirmation at runtime (e.g. when `--goal` forces TUI mode after
|
|
5096
|
+
* the agent was already constructed).
|
|
5097
|
+
*/
|
|
5044
5098
|
promptDelegate;
|
|
5099
|
+
/** Pre-compiled wildcard patterns — rebuilt on reload for O(1) lookup. */
|
|
5100
|
+
wildcardEntries = [];
|
|
5045
5101
|
constructor(opts) {
|
|
5046
5102
|
this.trustFile = opts.trustFile;
|
|
5047
5103
|
this.yolo = opts.yolo ?? false;
|
|
5048
5104
|
this.promptDelegate = opts.promptDelegate;
|
|
5049
5105
|
}
|
|
5106
|
+
/**
|
|
5107
|
+
* Replace (or clear) the interactive prompt delegate at runtime.
|
|
5108
|
+
* Used by the CLI to switch from inline prompts (REPL) to event-driven
|
|
5109
|
+
* confirmation (TUI) when the run mode is determined after the policy
|
|
5110
|
+
* was constructed (e.g. `--goal` auto-flipping to TUI).
|
|
5111
|
+
*/
|
|
5112
|
+
setPromptDelegate(delegate) {
|
|
5113
|
+
this.promptDelegate = delegate;
|
|
5114
|
+
}
|
|
5050
5115
|
async reload() {
|
|
5051
5116
|
try {
|
|
5052
5117
|
const raw = await fsp2.readFile(this.trustFile, "utf8");
|
|
@@ -5055,13 +5120,26 @@ var DefaultPermissionPolicy = class {
|
|
|
5055
5120
|
} catch {
|
|
5056
5121
|
this.policy = {};
|
|
5057
5122
|
}
|
|
5123
|
+
this.wildcardEntries = [];
|
|
5124
|
+
for (const [key, val] of Object.entries(this.policy)) {
|
|
5125
|
+
if (key.includes("*")) this.wildcardEntries.push({ pattern: key, value: val });
|
|
5126
|
+
}
|
|
5127
|
+
this.sessionDenied.clear();
|
|
5128
|
+
this.sessionAllowed.clear();
|
|
5058
5129
|
this.loaded = true;
|
|
5059
5130
|
}
|
|
5060
|
-
async evaluate(tool, input,
|
|
5131
|
+
async evaluate(tool, input, ctx) {
|
|
5061
5132
|
if (!this.loaded) await this.reload();
|
|
5062
5133
|
const namespaceEntry = this.findNamespaceEntry(tool.name);
|
|
5063
5134
|
const entry = this.policy[tool.name] ?? namespaceEntry;
|
|
5064
5135
|
const subject = this.subjectFor(tool.name, input, tool.subjectKey);
|
|
5136
|
+
const subjectKey = `${tool.name}::${subject ?? tool.name}`;
|
|
5137
|
+
if (this.sessionDenied.has(subjectKey)) {
|
|
5138
|
+
return { permission: "deny", source: "deny", reason: "session soft deny (user pressed no)" };
|
|
5139
|
+
}
|
|
5140
|
+
if (this.sessionAllowed.has(subjectKey)) {
|
|
5141
|
+
return { permission: "auto", source: "trust", reason: "session soft allow (user pressed yes)" };
|
|
5142
|
+
}
|
|
5065
5143
|
if (entry?.deny && subject && matchAny(entry.deny, subject)) {
|
|
5066
5144
|
return { permission: "deny", source: "deny", reason: "matched deny pattern" };
|
|
5067
5145
|
}
|
|
@@ -5077,6 +5155,11 @@ var DefaultPermissionPolicy = class {
|
|
|
5077
5155
|
if (this.yolo) {
|
|
5078
5156
|
return { permission: "auto", source: "yolo" };
|
|
5079
5157
|
}
|
|
5158
|
+
if (tool.name === "write" && subject) {
|
|
5159
|
+
if (ctx.hasRead(subject)) {
|
|
5160
|
+
return { permission: "auto", source: "context", reason: "file already read in this session" };
|
|
5161
|
+
}
|
|
5162
|
+
}
|
|
5080
5163
|
if (tool.permission === "auto") {
|
|
5081
5164
|
return { permission: "auto", source: "default" };
|
|
5082
5165
|
}
|
|
@@ -5087,6 +5170,7 @@ var DefaultPermissionPolicy = class {
|
|
|
5087
5170
|
return { permission: "auto", source: "user", reason: "user always-allowed" };
|
|
5088
5171
|
}
|
|
5089
5172
|
if (decision === "deny") {
|
|
5173
|
+
await this.deny({ tool: tool.name, pattern: subject ?? tool.name });
|
|
5090
5174
|
return { permission: "deny", source: "user", reason: "user denied" };
|
|
5091
5175
|
}
|
|
5092
5176
|
return { permission: decision === "yes" ? "auto" : "deny", source: "user" };
|
|
@@ -5109,6 +5193,31 @@ var DefaultPermissionPolicy = class {
|
|
|
5109
5193
|
throw err;
|
|
5110
5194
|
}
|
|
5111
5195
|
}
|
|
5196
|
+
/** Persist a deny rule — this tool+pattern pair is permanently blocked. */
|
|
5197
|
+
async deny(rule) {
|
|
5198
|
+
if (!this.loaded) await this.reload();
|
|
5199
|
+
const entry = this.policy[rule.tool] ?? {};
|
|
5200
|
+
entry.deny = Array.from(/* @__PURE__ */ new Set([...entry.deny ?? [], rule.pattern]));
|
|
5201
|
+
this.policy[rule.tool] = entry;
|
|
5202
|
+
try {
|
|
5203
|
+
await atomicWrite(this.trustFile, JSON.stringify(this.policy, null, 2));
|
|
5204
|
+
} catch (err) {
|
|
5205
|
+
const existing = this.policy[rule.tool];
|
|
5206
|
+
if (existing?.deny) {
|
|
5207
|
+
const idx = existing.deny.indexOf(rule.pattern);
|
|
5208
|
+
if (idx !== -1) existing.deny.splice(idx, 1);
|
|
5209
|
+
}
|
|
5210
|
+
throw err;
|
|
5211
|
+
}
|
|
5212
|
+
}
|
|
5213
|
+
/** Block this tool+pattern for the rest of this session (no trust file). */
|
|
5214
|
+
denyOnce(rule) {
|
|
5215
|
+
this.sessionDenied.set(`${rule.tool}::${rule.pattern}`, true);
|
|
5216
|
+
}
|
|
5217
|
+
/** Auto-approve this tool+pattern for the rest of this session (no trust file). */
|
|
5218
|
+
allowOnce(rule) {
|
|
5219
|
+
this.sessionAllowed.set(`${rule.tool}::${rule.pattern}`, true);
|
|
5220
|
+
}
|
|
5112
5221
|
subjectFor(toolName, input, subjectKey) {
|
|
5113
5222
|
if (!input || typeof input !== "object") return void 0;
|
|
5114
5223
|
const obj = input;
|
|
@@ -5136,10 +5245,8 @@ var DefaultPermissionPolicy = class {
|
|
|
5136
5245
|
return void 0;
|
|
5137
5246
|
}
|
|
5138
5247
|
findNamespaceEntry(toolName) {
|
|
5139
|
-
for (const
|
|
5140
|
-
if (
|
|
5141
|
-
return this.policy[key];
|
|
5142
|
-
}
|
|
5248
|
+
for (const { pattern, value } of this.wildcardEntries) {
|
|
5249
|
+
if (matchGlob(pattern, toolName)) return value;
|
|
5143
5250
|
}
|
|
5144
5251
|
return void 0;
|
|
5145
5252
|
}
|
|
@@ -5153,6 +5260,12 @@ var AutoApprovePermissionPolicy = class {
|
|
|
5153
5260
|
}
|
|
5154
5261
|
async trust() {
|
|
5155
5262
|
}
|
|
5263
|
+
async deny() {
|
|
5264
|
+
}
|
|
5265
|
+
denyOnce() {
|
|
5266
|
+
}
|
|
5267
|
+
allowOnce() {
|
|
5268
|
+
}
|
|
5156
5269
|
async reload() {
|
|
5157
5270
|
}
|
|
5158
5271
|
};
|
|
@@ -7592,8 +7705,8 @@ var Director = class {
|
|
|
7592
7705
|
if (this.spawnCount >= this.maxSpawns) {
|
|
7593
7706
|
throw new DirectorBudgetError("max_spawns", this.maxSpawns, this.spawnCount + 1);
|
|
7594
7707
|
}
|
|
7595
|
-
this.spawnCount += 1;
|
|
7596
7708
|
const result = await this.coordinator.spawn(config);
|
|
7709
|
+
this.spawnCount += 1;
|
|
7597
7710
|
this.subagentMeta.set(result.subagentId, {
|
|
7598
7711
|
provider: config.provider,
|
|
7599
7712
|
model: config.model
|
|
@@ -10699,12 +10812,14 @@ function requestLimitExtension(opts) {
|
|
|
10699
10812
|
const { events, currentIterations, currentLimit, autoExtend, timeoutMs = 3e4 } = opts;
|
|
10700
10813
|
return new Promise((resolve4) => {
|
|
10701
10814
|
let resolved = false;
|
|
10702
|
-
const
|
|
10815
|
+
const timerFired = () => {
|
|
10703
10816
|
if (!resolved) {
|
|
10704
10817
|
resolved = true;
|
|
10705
10818
|
resolve4(0);
|
|
10706
10819
|
}
|
|
10707
|
-
}
|
|
10820
|
+
};
|
|
10821
|
+
const timer = setTimeout(timerFired, timeoutMs);
|
|
10822
|
+
timer.unref();
|
|
10708
10823
|
const deny = () => {
|
|
10709
10824
|
if (!resolved) {
|
|
10710
10825
|
resolved = true;
|
|
@@ -10816,6 +10931,25 @@ var Agent = class {
|
|
|
10816
10931
|
get renderer() {
|
|
10817
10932
|
return this.container.has(TOKENS.Renderer) ? this.container.resolve(TOKENS.Renderer) : void 0;
|
|
10818
10933
|
}
|
|
10934
|
+
/**
|
|
10935
|
+
* Switch from inline CLI prompts to event-driven confirmation.
|
|
10936
|
+
* Clears both the ToolExecutor's confirmAwaiter (so it returns
|
|
10937
|
+
* `ToolConfirmPendingResult`) and the permission policy's
|
|
10938
|
+
* promptDelegate (so `evaluate()` returns `confirm`).
|
|
10939
|
+
*
|
|
10940
|
+
* Call this before entering TUI or any mode where stdin is owned
|
|
10941
|
+
* by a UI framework (Ink, WebUI WS bridge). Without this, the
|
|
10942
|
+
* inline prompt writes to stdout and blocks on stdin — both of
|
|
10943
|
+
* which are owned by the framework — making the prompt invisible
|
|
10944
|
+
* and the input deadlocked.
|
|
10945
|
+
*/
|
|
10946
|
+
disableInteractiveConfirmation() {
|
|
10947
|
+
this.toolExecutor.clearConfirmAwaiter();
|
|
10948
|
+
const policy = this.permission;
|
|
10949
|
+
if (typeof policy.setPromptDelegate === "function") {
|
|
10950
|
+
policy.setPromptDelegate(void 0);
|
|
10951
|
+
}
|
|
10952
|
+
}
|
|
10819
10953
|
register(tool) {
|
|
10820
10954
|
this.tools.register(tool);
|
|
10821
10955
|
}
|
|
@@ -10823,6 +10957,22 @@ var Agent = class {
|
|
|
10823
10957
|
await plugin.setup(api);
|
|
10824
10958
|
this.plugins.push({ plugin, api });
|
|
10825
10959
|
}
|
|
10960
|
+
/** Tear down all plugins in reverse order, calling their teardown hooks. */
|
|
10961
|
+
async teardown() {
|
|
10962
|
+
const errors = [];
|
|
10963
|
+
for (const { plugin, api } of this.plugins.toReversed()) {
|
|
10964
|
+
if (typeof plugin.teardown !== "function") continue;
|
|
10965
|
+
try {
|
|
10966
|
+
await plugin.teardown(api);
|
|
10967
|
+
} catch (err) {
|
|
10968
|
+
errors.push(err);
|
|
10969
|
+
}
|
|
10970
|
+
}
|
|
10971
|
+
this.plugins.length = 0;
|
|
10972
|
+
if (errors.length > 0) {
|
|
10973
|
+
throw new Error(`Agent teardown failed: ${errors.map(String).join("; ")}`);
|
|
10974
|
+
}
|
|
10975
|
+
}
|
|
10826
10976
|
async run(userInput, opts = {}) {
|
|
10827
10977
|
const controller = new RunController({ parentSignal: opts.signal });
|
|
10828
10978
|
const signal = controller.signal;
|
|
@@ -11090,11 +11240,52 @@ var Agent = class {
|
|
|
11090
11240
|
toolUseId: result.toolUseId,
|
|
11091
11241
|
suggestedPattern: result.suggestedPattern
|
|
11092
11242
|
});
|
|
11093
|
-
|
|
11243
|
+
if (decision === "always") {
|
|
11244
|
+
try {
|
|
11245
|
+
await this.permission.trust({
|
|
11246
|
+
tool: tool.name,
|
|
11247
|
+
pattern: result.suggestedPattern
|
|
11248
|
+
});
|
|
11249
|
+
this.events.emit("trust.persisted", {
|
|
11250
|
+
tool: tool.name,
|
|
11251
|
+
pattern: result.suggestedPattern,
|
|
11252
|
+
decision
|
|
11253
|
+
});
|
|
11254
|
+
} catch {
|
|
11255
|
+
}
|
|
11256
|
+
} else if (decision === "deny") {
|
|
11257
|
+
try {
|
|
11258
|
+
await this.permission.deny({
|
|
11259
|
+
tool: tool.name,
|
|
11260
|
+
pattern: result.suggestedPattern
|
|
11261
|
+
});
|
|
11262
|
+
this.events.emit("trust.persisted", {
|
|
11263
|
+
tool: tool.name,
|
|
11264
|
+
pattern: result.suggestedPattern,
|
|
11265
|
+
decision
|
|
11266
|
+
});
|
|
11267
|
+
} catch {
|
|
11268
|
+
}
|
|
11269
|
+
}
|
|
11270
|
+
if (decision === "yes") {
|
|
11271
|
+
const p = this.permission;
|
|
11272
|
+
p.allowOnce?.({ tool: tool.name, pattern: result.suggestedPattern });
|
|
11273
|
+
} else if (decision === "no") {
|
|
11274
|
+
const p = this.permission;
|
|
11275
|
+
p.denyOnce?.({ tool: tool.name, pattern: result.suggestedPattern });
|
|
11276
|
+
}
|
|
11277
|
+
const reRunResult = decision === "yes" || decision === "always" ? await this.executeSingleWithDecision(
|
|
11094
11278
|
tool,
|
|
11095
|
-
{ id: result.toolUseId, name: tool.name, input: result.input }
|
|
11096
|
-
|
|
11097
|
-
|
|
11279
|
+
{ id: result.toolUseId, name: tool.name, input: result.input }
|
|
11280
|
+
) : {
|
|
11281
|
+
result: {
|
|
11282
|
+
type: "tool_result",
|
|
11283
|
+
tool_use_id: result.toolUseId,
|
|
11284
|
+
content: decision === "deny" ? `Tool "${tool.name}" denied and blocked for this pattern.` : `Tool "${tool.name}" denied by user.`,
|
|
11285
|
+
is_error: true
|
|
11286
|
+
},
|
|
11287
|
+
durationMs: 0
|
|
11288
|
+
};
|
|
11098
11289
|
const use2 = useById.get(reRunResult.result.tool_use_id);
|
|
11099
11290
|
if (use2) {
|
|
11100
11291
|
await this.pipelines.toolCall.run({
|
|
@@ -11174,19 +11365,8 @@ var Agent = class {
|
|
|
11174
11365
|
});
|
|
11175
11366
|
});
|
|
11176
11367
|
}
|
|
11177
|
-
async executeSingleWithDecision(tool, use
|
|
11368
|
+
async executeSingleWithDecision(tool, use) {
|
|
11178
11369
|
const start = Date.now();
|
|
11179
|
-
if (decision === "no" || decision === "deny") {
|
|
11180
|
-
return {
|
|
11181
|
-
result: {
|
|
11182
|
-
type: "tool_result",
|
|
11183
|
-
tool_use_id: use.id,
|
|
11184
|
-
content: `Tool "${tool.name}" denied by user.`,
|
|
11185
|
-
is_error: true
|
|
11186
|
-
},
|
|
11187
|
-
durationMs: Date.now() - start
|
|
11188
|
-
};
|
|
11189
|
-
}
|
|
11190
11370
|
try {
|
|
11191
11371
|
const result = await this.toolExecutor.executeTool(
|
|
11192
11372
|
tool,
|
|
@@ -11374,9 +11554,10 @@ var Context = class {
|
|
|
11374
11554
|
}
|
|
11375
11555
|
/**
|
|
11376
11556
|
* Register a teardown hook tied to the current run's abort signal. The
|
|
11377
|
-
* hook fires when the run aborts
|
|
11378
|
-
*
|
|
11379
|
-
*
|
|
11557
|
+
* hook fires when the run aborts or ends normally — Agent.run wires this
|
|
11558
|
+
* through a RunController. Hooks registered before a run starts are stored
|
|
11559
|
+
* and fired when the next run ends; there is no "immediate fire" when no
|
|
11560
|
+
* run is active.
|
|
11380
11561
|
*
|
|
11381
11562
|
* **Scope:** these hooks fire on the **whole agent run's** abort, not on
|
|
11382
11563
|
* an individual tool call. For per-tool teardown of resources owned by
|
|
@@ -11546,6 +11727,7 @@ You operate inside the user's terminal with direct read and write access to thei
|
|
|
11546
11727
|
- **Task is clear, approach is unknown** \u2192 try one approach, report what happened
|
|
11547
11728
|
- **Tool fails** \u2192 retry once with adjusted params, then report failure
|
|
11548
11729
|
- **Permission prompt shown** \u2192 wait for user, do not act unilaterally
|
|
11730
|
+
- **Tool denied by user** \u2192 do NOT retry the same tool in the next iteration. If the user denies a write, bash, or any tool, respect that decision. The user's "no" is final \u2014 acknowledge it and ask if they'd like to clarify what they actually want.
|
|
11549
11731
|
- **Context window filling up** \u2192 use context_manager proactively; don't wait to be told
|
|
11550
11732
|
|
|
11551
11733
|
## How you work
|
|
@@ -11554,6 +11736,8 @@ You operate inside the user's terminal with direct read and write access to thei
|
|
|
11554
11736
|
- **Comment with purpose.** Add comments only when they explain why, not what. The code already says what.
|
|
11555
11737
|
- **Own your output.** Never call work "production-ready" or "fully tested" \u2014 the user makes that call.
|
|
11556
11738
|
- **Move on from mistakes.** When something fails, report what happened and what you'll do next. No apologies, no hand-wringing.
|
|
11739
|
+
- **Respect denied tools.** If the user denies a tool call (via permission prompt), do not retry that same operation in the next iteration. The user's "no" means "find another way or ask". Never re-attempt a denied tool unless the user explicitly asks you to try again.
|
|
11740
|
+
- **When denied, ask.** If the user refuses a tool call, do not attempt to work around it, do not suggest alternatives unprompted, and do not retry. Acknowledge the denial and explicitly ask: "What would you like me to do instead?"
|
|
11557
11741
|
- **Stay in your lane.** Don't lecture about software engineering principles unless explicitly asked \u2014 the user is the expert on their codebase.`;
|
|
11558
11742
|
var DefaultSystemPromptBuilder = class {
|
|
11559
11743
|
constructor(opts = {}) {
|