@xemahq/biome-sdk 0.1.1

package/src/agent-workspace/lib/resolvers/scm-repo.resolver.ts

@@ -0,0 +1,43 @@
+import type { MountResolver } from '../mount-resolver';
+import type { MountSource } from '../mount-source';
+import type { ResolveContext, ResolveSlotContext, ResolvedMountEntries } from './types';
+import type { ScmClient } from './clients';
+import { assertAuthHeaders } from './utils/auth';
+
+/**
+ * `scm-repo` mount kind — returns clone instructions only; the writer
+ * phase invokes `git clone` as a subprocess that streams directly into
+ * the staging directory. This avoids piping multi-hundred-MB clones
+ * through workspace-proxy's request body.
+ *
+ * Default flags: `--depth=1 --filter=blob:none` for fast checkouts.
+ * Workflow YAML can override depth/filter when full history is needed.
+ */
+export class ScmRepoResolver implements MountResolver<'scm-repo'> {
+  readonly kind = 'scm-repo' as const;
+
+  constructor(private readonly client: ScmClient) {}
+
+  async *resolve(
+    source: Extract<MountSource, { kind: 'scm-repo' }>,
+    slotCtx: ResolveSlotContext,
+    ctx: ResolveContext,
+  ): ResolvedMountEntries {
+    const headers = assertAuthHeaders(ctx);
+    const instruction = await this.client.resolveCheckout(source.repoRef, source.ref, headers);
+    yield {
+      // empty relPath — the slot's entryRelPath already targets the
+      // repo's directory (e.g. `<repoName>/`); the writer drops the
+      // checkout into that directory.
+      relPath: '',
+      mode: slotCtx.mode,
+      body: {
+        kind: 'gitClone',
+        cloneUrl: instruction.cloneUrl,
+        ref: instruction.ref,
+        depth: instruction.depth,
+        filter: instruction.filter,
+      },
+    };
+  }
+}

package/src/agent-workspace/lib/resolvers/session-attachment.resolver.ts

@@ -0,0 +1,37 @@
+import type { MountResolver } from '../mount-resolver';
+import type { MountSource } from '../mount-source';
+import type { ResolveContext, ResolveSlotContext, ResolvedMountEntries } from './types';
+import type { SessionAttachmentClient } from './clients';
+import { assertAuthHeaders } from './utils/auth';
+
+/**
+ * `session-attachment` mount kind — streams every attachment that the
+ * user uploaded for the session into the slot. Each attachment lands
+ * at the relPath the upstream service returns (typically the original
+ * filename, sanitized).
+ */
+export class SessionAttachmentResolver implements MountResolver<'session-attachment'> {
+  readonly kind = 'session-attachment' as const;
+
+  constructor(private readonly client: SessionAttachmentClient) {}
+
+  async *resolve(
+    source: Extract<MountSource, { kind: 'session-attachment' }>,
+    slotCtx: ResolveSlotContext,
+    ctx: ResolveContext,
+  ): ResolvedMountEntries {
+    const headers = assertAuthHeaders(ctx);
+    const items = await this.client.streamSessionAttachments(source.sessionId, headers);
+    for await (const item of items) {
+      yield {
+        relPath: item.relPath,
+        mode: slotCtx.mode,
+        body: {
+          kind: 'stream',
+          readable: item.readable,
+          sizeHint: item.sizeBytes,
+        },
+      };
+    }
+  }
+}

package/src/agent-workspace/lib/resolvers/skill-bundle.resolver.ts

@@ -0,0 +1,42 @@
+import type { MountResolver } from '../mount-resolver';
+import type { MountSource } from '../mount-source';
+import type { SkillRegistryClient } from './clients';
+import type { ResolveContext, ResolveSlotContext, ResolvedMountEntries } from './types';
+import { assertAuthHeaders } from './utils/auth';
+
+/**
+ * `skill-bundle` mount kind — fetches a complete multi-file skill bundle
+ * from skill-registry-api and emits `SKILL.md` plus one file per bundled
+ * resource (reference docs, scripts, assets, templates) under the
+ * `skill-bundles` slot (`/workspace/.opencode/skills/<skillKey>/`).
+ *
+ * Per OpenCode convention each skill lives in its own folder named after
+ * the skill key; the mount entry's `relPath` is that folder and the
+ * per-file `relPath`s yielded here land the bundle members inside it.
+ */
+export class SkillBundleResolver implements MountResolver<'skill-bundle'> {
+  readonly kind = 'skill-bundle' as const;
+
+  constructor(private readonly client: SkillRegistryClient) {}
+
+  async *resolve(
+    source: Extract<MountSource, { kind: 'skill-bundle' }>,
+    slotCtx: ResolveSlotContext,
+    ctx: ResolveContext,
+  ): ResolvedMountEntries {
+    const headers = assertAuthHeaders(ctx);
+    const bundle = await this.client.fetchSkillBundle(source.skillKey, headers);
+    yield {
+      relPath: 'SKILL.md',
+      mode: slotCtx.mode,
+      body: { kind: 'literal', bytes: Buffer.from(bundle.skillMarkdown, 'utf8') },
+    };
+    for (const resource of bundle.resources) {
+      yield {
+        relPath: resource.relPath,
+        mode: slotCtx.mode,
+        body: { kind: 'literal', bytes: Buffer.from(resource.contentBase64, 'base64') },
+      };
+    }
+  }
+}

package/src/agent-workspace/lib/resolvers/static-literal.resolver.ts

@@ -0,0 +1,69 @@
+import type { MountResolver } from '../mount-resolver';
+import type { MountSource } from '../mount-source';
+import type { ResolveContext, ResolveSlotContext, ResolvedMountEntries, MountEntry } from './types';
+import { MountPlanInvalidError } from '../errors';
+
+/**
+ * `static-literal` mount kind — emits the inline base64 bytes at the
+ * entry's own location within the slot.
+ *
+ * Path semantics: the file's location is determined by the PLAN entry's
+ * `relPath` (composed by the writer as `<slot>/<entry.relPath>`).
+ * `source.pathWithinWorkspace` is identity metadata only — it must be
+ * a syntactically-valid relative path (we still fail-fast on absolute /
+ * traversal / NUL) but the resolver does NOT use it to nest the file.
+ * Doing so would produce `<slot>/<entry.relPath>/<pathWithinWorkspace>`,
+ * doubly-nesting when (as is the convention in every caller) both
+ * fields carry the same path string.
+ *
+ * The yielded sub-entry's `relPath` is therefore `''`, meaning "land at
+ * the entry root". The plan validator's `(slot, entry.relPath)` dedup
+ * remains the single source of truth for "two seedFiles must not target
+ * the same path".
+ */
+export class StaticLiteralResolver implements MountResolver<'static-literal'> {
+  readonly kind = 'static-literal' as const;
+
+  // eslint-disable-next-line require-yield
+  async *resolve(
+    source: Extract<MountSource, { kind: 'static-literal' }>,
+    slotCtx: ResolveSlotContext,
+    _ctx: ResolveContext,
+  ): ResolvedMountEntries {
+    yield this.toEntry(source, slotCtx);
+  }
+
+  private toEntry(
+    source: Extract<MountSource, { kind: 'static-literal' }>,
+    slotCtx: ResolveSlotContext,
+  ): MountEntry {
+    const { pathWithinWorkspace, bytes } = source;
+    if (
+      pathWithinWorkspace.length === 0 ||
+      pathWithinWorkspace.startsWith('/') ||
+      pathWithinWorkspace.includes('..') ||
+      pathWithinWorkspace.includes('\0')
+    ) {
+      throw new MountPlanInvalidError(
+        `static-literal: invalid relative path '${pathWithinWorkspace}'`,
+        { pathWithinWorkspace },
+      );
+    }
+    let decoded: Uint8Array;
+    try {
+      decoded = Buffer.from(bytes, 'base64');
+    } catch (error) {
+      throw new MountPlanInvalidError(
+        `static-literal: bytes are not valid base64 — ${(error as Error).message}`,
+      );
+    }
+    return {
+      // Sub-entry sits at the entry root. The plan entry's `relPath`
+      // (echoed back to us as `slotCtx.entryRelPath`) is the file's
+      // location within the slot.
+      relPath: '',
+      mode: slotCtx.mode,
+      body: { kind: 'literal', bytes: decoded },
+    };
+  }
+}

package/src/agent-workspace/lib/resolvers/types.ts

@@ -0,0 +1,94 @@
+import type { Readable } from 'node:stream';
+import type {
+  WorkspaceMount,
+  WorkspaceMountMode,
+} from '@xemahq/kernel-contracts/agent-workspace';
+
+/**
+ * Authenticated context passed to every `MountResolver.resolve()` call.
+ * `authHeaders` is the verbatim header bag the resolver MUST forward to
+ * its upstream Orval client — that is how cross-tenant access is
+ * prevented at the upstream service.
+ *
+ * `authHeaders` always contains `Authorization` + `X-Org-Id` +
+ * `X-Project-Id`; resolvers assert their presence and refuse to call
+ * upstream without them (defense-in-depth even though the proxy already
+ * built them).
+ */
+export interface ResolveContext {
+  readonly orgId: string;
+  readonly projectId: string;
+  readonly userId: string;
+  readonly correlationId: string;
+  /**
+   * Header bag — `Authorization`, `X-Org-Id`, `X-Project-Id`, plus any
+   * downstream headers the proxy decided to thread (e.g. correlation
+   * id). Keys preserve casing as upstream services expect.
+   */
+  readonly authHeaders: Readonly<Record<string, string>>;
+}
+
+/**
+ * One byte-payload variant per resolver shape. Streamed for any
+ * not-trivially-small payload to keep workspace-proxy memory bounded
+ * even when mounts are hundreds of MB.
+ */
+export type ResolverBody =
+  | {
+      readonly kind: 'stream';
+      readonly readable: Readable;
+      readonly sizeHint: number | undefined;
+    }
+  | { readonly kind: 'literal'; readonly bytes: Uint8Array }
+  | {
+      readonly kind: 'gitClone';
+      readonly cloneUrl: string;
+      readonly ref: string;
+      readonly depth: number;
+      /** Optional partial-clone filter — defaults to `'blob:none'`. */
+      readonly filter: string | undefined;
+    };
+
+/**
+ * One file (or git checkout) the resolver wants the writer phase to
+ * materialize. The writer composes `${slot}/${entryRelPath}/${relPath}`
+ * to get the absolute path; both segments are validated against the
+ * slot allowlist + path-traversal sanitizer.
+ *
+ * `mode` is per-entry (NOT per-slot) so a single read-only `references/`
+ * mount can coexist with a read-write `repos/<repo>/` mount in the same
+ * apply.
+ */
+export interface MountEntry {
+  /** Path within the entry's slot — no leading `/`, no `..`, no NUL. */
+  readonly relPath: string;
+  readonly mode: WorkspaceMountMode;
+  readonly body: ResolverBody;
+}
+
+/**
+ * Resolver output. Returning an `AsyncIterable` lets each entry be
+ * fetched + streamed to disk independently, without buffering the whole
+ * mount in memory.
+ */
+export type ResolvedMountEntries = AsyncIterable<MountEntry>;
+
+/**
+ * Echo of the slot the resolver was invoked for, so the writer phase
+ * knows where to root the entries. Set by the workspace-proxy
+ * orchestrator before invoking the resolver.
+ *
+ * `mode` is the plan-entry's mount mode — the SINGLE source of truth.
+ * Resolvers yield `mode: ctx.mode` so they cannot silently disagree
+ * with the composer's per-slot decision (e.g. yielding `ReadOnly` for
+ * a `repos/` plan entry the composer marked `ReadWrite` would deny
+ * the agent its writes without a code path that says so). The writer
+ * applies `entry.mode` directly; the resolver's echo is for symmetry
+ * and tests.
+ */
+export interface ResolveSlotContext {
+  readonly slot: WorkspaceMount;
+  /** Sub-path inside `slot` rooted at the entry's `WorkspaceMountPlanEntry.relPath`. */
+  readonly entryRelPath: string;
+  readonly mode: WorkspaceMountMode;
+}

package/src/agent-workspace/lib/resolvers/utils/agent-run-context-cache.ts

@@ -0,0 +1,206 @@
+import { createHash } from 'node:crypto';
+
+import type {
+  AgentRunContextRender,
+  LlmRegistryClient,
+} from '../clients';
+import type { AuthHeaders } from './auth';
+
+/**
+ * Coalesces the three rendered-* resolvers (agents-md, context-json,
+ * system-overlay) onto a single `agent-run-context/render` HTTP call
+ * per mount-apply.
+ *
+ * Cache key: stable hash of the render params. The keys include
+ * `runId`/`jobRunId`/`sessionId` and `agentSlug`/`role`, so a single
+ * apply's three calls collide deterministically while cross-apply
+ * collision is impossible (different scope ids → different key).
+ *
+ * TTL is short (90s) and the cache is process-local — long enough to
+ * cover the same apply's three resolver invocations even under a slow
+ * mount, short enough that a reused process can't serve stale renders
+ * after a deliverable-spec edit. The render itself is deterministic;
+ * accidental hit on a redispatch with identical inputs returns the
+ * same bytes anyway.
+ */
+const CACHE_TTL_MS = 90_000;
+
+interface CacheEntry {
+  readonly storedAt: number;
+  readonly value: Promise<AgentRunContextRender>;
+}
+
+export interface RenderAgentRunContextParams {
+  readonly agentSlug: string;
+  readonly projectId: string;
+  readonly role: string;
+  readonly deliverableSpecRef?: string;
+  readonly workflowRunId?: string;
+  readonly jobRunId?: string;
+  readonly sessionId?: string;
+  readonly workflowInputs?: Readonly<Record<string, unknown>>;
+  readonly mounts?: ReadonlyArray<{
+    readonly mount: string;
+    readonly mode: 'read-only' | 'read-write';
+  }>;
+  readonly inputArtifacts?: ReadonlyArray<{
+    readonly path: string;
+    readonly contentType?: string;
+    readonly sourceArtifactId: string;
+    readonly sourceVersion: number;
+  }>;
+  readonly workingFiles?: ReadonlyArray<{
+    readonly slug: string;
+    readonly path: string;
+    readonly format: 'markdown' | 'html' | 'json' | 'yaml' | 'text';
+    readonly syncDirection: 'down-only' | 'up-only' | 'bidirectional';
+    readonly sourceKind: string;
+    readonly sourceRef: Readonly<Record<string, string>>;
+  }>;
+  readonly hasRetryContext?: boolean;
+}
+
+/**
+ * Shape the three rendered-* MountSource variants share at the wire
+ * level. Promoted to the SDK so the resolver-shared helper
+ * `renderParamsFromSource` can build a normalized `RenderAgentRunContextParams`
+ * without each resolver re-implementing the same field map (and
+ * silently diverging again — the divergence was the original cache
+ * bug).
+ */
+export interface RenderedAgentRunContextSourceShape {
+  readonly orgId: string;
+  readonly projectId: string;
+  readonly agentSlug: string;
+  readonly role: string;
+  readonly sessionId?: string;
+  readonly runId?: string;
+  readonly jobRunId?: string;
+  readonly deliverableSpecRef?: string;
+  readonly workflowInputs?: Readonly<Record<string, unknown>>;
+  readonly mounts?: ReadonlyArray<{
+    readonly mount: string;
+    readonly mode: 'read-only' | 'read-write';
+  }>;
+  readonly inputArtifacts?: ReadonlyArray<{
+    readonly path: string;
+    readonly contentType?: string;
+    readonly sourceArtifactId: string;
+    readonly sourceVersion: number;
+  }>;
+  readonly workingFiles?: ReadonlyArray<{
+    readonly slug: string;
+    readonly path: string;
+    readonly format: 'markdown' | 'html' | 'json' | 'yaml' | 'text';
+    readonly syncDirection: 'down-only' | 'up-only' | 'bidirectional';
+    readonly sourceKind: string;
+    readonly sourceRef: Readonly<Record<string, string>>;
+  }>;
+  readonly hasRetryContext?: boolean;
+}
+
+/**
+ * Single source of truth for `MountSource → RenderAgentRunContextParams`.
+ * Every rendered-* resolver MUST go through this helper so the cache
+ * key is computed from the same shape — diverging field sets across
+ * resolvers (the historical bug) hash to different keys and defeat
+ * coalescing.
+ */
+export function renderParamsFromSource(
+  source: RenderedAgentRunContextSourceShape,
+): RenderAgentRunContextParams {
+  return {
+    agentSlug: source.agentSlug,
+    projectId: source.projectId,
+    role: source.role,
+    ...(source.deliverableSpecRef === undefined
+      ? {}
+      : { deliverableSpecRef: source.deliverableSpecRef }),
+    ...(source.runId === undefined ? {} : { workflowRunId: source.runId }),
+    ...(source.jobRunId === undefined ? {} : { jobRunId: source.jobRunId }),
+    ...(source.sessionId === undefined ? {} : { sessionId: source.sessionId }),
+    ...(source.workflowInputs === undefined
+      ? {}
+      : { workflowInputs: source.workflowInputs }),
+    ...(source.mounts === undefined ? {} : { mounts: source.mounts }),
+    ...(source.inputArtifacts === undefined
+      ? {}
+      : { inputArtifacts: source.inputArtifacts }),
+    ...(source.workingFiles === undefined
+      ? {}
+      : { workingFiles: source.workingFiles }),
+    ...(source.hasRetryContext === undefined
+      ? {}
+      : { hasRetryContext: source.hasRetryContext }),
+  };
+}
+
+export class RenderedAgentRunContextCache {
+  private readonly entries = new Map<string, CacheEntry>();
+
+  constructor(private readonly client: LlmRegistryClient) {}
+
+  async render(
+    params: RenderAgentRunContextParams,
+    headers: AuthHeaders,
+  ): Promise<AgentRunContextRender> {
+    const key = this.cacheKey(params, headers);
+    const now = Date.now();
+    const existing = this.entries.get(key);
+    if (existing && now - existing.storedAt < CACHE_TTL_MS) {
+      return existing.value;
+    }
+    const value = this.client.renderAgentRunContext(params, headers);
+    this.entries.set(key, { storedAt: now, value });
+    // Clean up stale entries opportunistically — bounded scan.
+    if (this.entries.size > 64) {
+      for (const [k, e] of this.entries) {
+        if (now - e.storedAt >= CACHE_TTL_MS) {
+          this.entries.delete(k);
+        }
+      }
+    }
+    try {
+      return await value;
+    } catch (err) {
+      // Drop failed renders so the next call retries upstream.
+      this.entries.delete(key);
+      throw err;
+    }
+  }
+
+  private cacheKey(
+    params: RenderAgentRunContextParams,
+    headers: AuthHeaders,
+  ): string {
+    // Defense-in-depth: hash a stable principal fingerprint into the key
+    // so two callers in the same org with different identity-side
+    // claims cannot share a cached promise. Today the upstream render is
+    // project/role-deterministic and orgId+param fields uniquely
+    // identify the render — but the moment the upstream adds per-actor
+    // capability filtering (KB scoping, role-based mount narrowing,
+    // …) a key without an actor binding becomes a cross-actor leak.
+    // We hash the bearer token (never store / log it raw) to fold in the
+    // full claim set without coupling this kernel package to JWT parsing.
+    const principalFingerprint = headers.Authorization
+      ? createHash('sha256').update(headers.Authorization).digest('hex')
+      : '<anon>';
+    const canonical = JSON.stringify({
+      params: stableSort(params as unknown as Record<string, unknown>),
+      orgId: headers['X-Org-Id'] ?? null,
+      principal: principalFingerprint,
+    });
+    return createHash('sha256').update(canonical).digest('hex');
+  }
+}
+
+function stableSort(value: unknown): unknown {
+  if (value === null || typeof value !== 'object') {return value;}
+  if (Array.isArray(value)) {return value.map(stableSort);}
+  const obj = value as Record<string, unknown>;
+  const sorted: Record<string, unknown> = {};
+  for (const key of Object.keys(obj).sort()) {
+    sorted[key] = stableSort(obj[key]);
+  }
+  return sorted;
+}

package/src/agent-workspace/lib/resolvers/utils/auth.ts

@@ -0,0 +1,39 @@
+import type { ResolveContext } from '../types';
+import { MountActorForbiddenError } from '../../errors';
+
+/**
+ * Required header keys that every resolver MUST forward to its upstream
+ * Orval client. Workspace-proxy builds these from the validated actor JWT
+ * before invoking the resolver.
+ *
+ * Defense-in-depth: even though the proxy already populated them, a
+ * resolver bug that strips/overwrites any of these is a tenancy bug, so
+ * the assertion is a first-class guard rather than an `if`-skip.
+ */
+export const REQUIRED_AUTH_HEADERS = ['Authorization', 'X-Org-Id', 'X-Project-Id'] as const;
+
+export type AuthHeaders = Readonly<Record<string, string>>;
+
+/**
+ * Asserts the resolver's `ResolveContext` carries every required header
+ * with non-empty value. Throws fail-fast (mapped to 403 by the proxy)
+ * when any is missing.
+ */
+export function assertAuthHeaders(ctx: ResolveContext): AuthHeaders {
+  if (!ctx.orgId || !ctx.projectId) {
+    throw new MountActorForbiddenError(
+      'resolver invoked without orgId/projectId — refusing upstream call',
+      { orgId: ctx.orgId, projectId: ctx.projectId },
+    );
+  }
+  for (const key of REQUIRED_AUTH_HEADERS) {
+    const value = ctx.authHeaders[key];
+    if (typeof value !== 'string' || value.length === 0) {
+      throw new MountActorForbiddenError(
+        `resolver invoked with missing or empty '${key}' header — refusing upstream call`,
+        { missingHeader: key },
+      );
+    }
+  }
+  return ctx.authHeaders;
+}

package/src/agent-workspace/lib/resolvers/utils/size-cap.ts

@@ -0,0 +1,38 @@
+import { Transform, TransformCallback } from 'node:stream';
+import { MountSourcePayloadTooLargeError } from '../../errors';
+
+/**
+ * `Transform` stream that aborts mid-stream once the cumulative byte
+ * count exceeds `maxBytes`. The error is a `MountSourcePayloadTooLarge
+ * Error`; the writer phase catches it and rolls back staging.
+ *
+ * Use this in the streaming chain — never accumulate bytes in a Buffer
+ * "just to check the size." That would defeat the streaming guarantee.
+ */
+export function createSizeCapTransform(
+  maxBytes: number,
+  identity: string,
+): Transform {
+  if (!Number.isFinite(maxBytes) || maxBytes <= 0) {
+    throw new RangeError(
+      `createSizeCapTransform: maxBytes must be a positive finite number (got ${maxBytes})`,
+    );
+  }
+  let observed = 0;
+  return new Transform({
+    transform(chunk: Buffer | string, _enc, cb: TransformCallback) {
+      const buf = typeof chunk === 'string' ? Buffer.from(chunk) : chunk;
+      observed += buf.length;
+      if (observed > maxBytes) {
+        cb(
+          new MountSourcePayloadTooLargeError(
+            `mount '${identity}' exceeded ${maxBytes} byte cap`,
+            { identity, maxBytes, observedAtAbort: observed },
+          ),
+        );
+        return;
+      }
+      cb(null, buf);
+    },
+  });
+}

package/src/agent-workspace/lib/resolvers/utils/streaming.ts

@@ -0,0 +1,22 @@
+import { Readable } from 'node:stream';
+
+/**
+ * Convert a Web `ReadableStream<Uint8Array>` (the body of a `Response`
+ * returned by the SDK's narrow `*BlobFetcher` interface) into a Node
+ * `Readable`. The conversion is allocation-free per chunk — Node's
+ * built-in adapter is used directly.
+ *
+ * Throws if the body is `null` (the upstream returned an empty body
+ * where one was expected).
+ */
+export function webBodyToNodeReadable(
+  body: ReadableStream<Uint8Array> | null,
+  context: string,
+): Readable {
+  if (body === null) {
+    throw new Error(
+      `webBodyToNodeReadable(${context}): upstream response had no body`,
+    );
+  }
+  return Readable.fromWeb(body as unknown as import('node:stream/web').ReadableStream);
+}

package/src/agent-workspace/lib/workspace-renderer.ts

@@ -0,0 +1,25 @@
+import type { WorkspaceMountPlan } from '@xemahq/kernel-contracts/agent-workspace';
+import type { ResolveContext } from './mount-resolver';
+
+export interface RenderedWorkspaceMount {
+  readonly mount: string;
+  readonly bytesWritten: number;
+}
+
+export interface RenderedWorkspace {
+  readonly mounts: readonly RenderedWorkspaceMount[];
+}
+
+/**
+ * Composes a workspace tree on disk by dispatching each mount-plan entry
+ * to the matching `MountResolver` and writing the result through
+ * `workspace-proxy`.
+ *
+ * Concrete implementation lives in this package; orchestrator-specific
+ * post-processing (e.g. `.opencode/` generation) is added by the
+ * orchestrator adapter (`@xemahq/agent-workspace-opencode`,
+ * `@xemahq/agent-workspace-claude-code`, …).
+ */
+export interface WorkspaceRenderer {
+  render(plan: WorkspaceMountPlan, ctx: ResolveContext): Promise<RenderedWorkspace>;
+}

package/src/api/index.ts

@@ -0,0 +1,10 @@
+export * from './lib/api-manifest';
+export * from './lib/code-tool-context';
+export * from './lib/code-tool-descriptor';
+export * from './lib/code-tool.decorator';
+export * from './lib/mutation-context';
+export * from './lib/pagination';
+export * from './lib/biome-db';
+export * from './lib/provider-kind-mirror';
+export * from './lib/request-context';
+export * from './lib/route-registry-entry';