@zenalexa/unicli 0.216.3 → 0.217.3

package/dist/engine/browser/session-lock.js

@@ -0,0 +1,114 @@
+import { mkdirSync } from "node:fs";
+import { open, readFile, rm, stat } from "node:fs/promises";
+import { join } from "node:path";
+import { userHome } from "../user-home.js";
+export class BrowserSessionLeaseLockError extends Error {
+    lease;
+    code = "browser_lease_locked";
+    suggestion = "Another command is using the same browser workspace. Retry after it finishes, use --isolated, or choose a different --workspace.";
+    constructor(lease) {
+        super(`Browser workspace is locked: ${lease.browser_workspace_id}`);
+        this.lease = lease;
+        this.name = "BrowserSessionLeaseLockError";
+    }
+}
+export async function withBrowserSessionLeaseLock(lease, action, options = {}) {
+    const retryMs = Math.max(0, options.retryMs ?? 0);
+    const staleMs = options.staleMs ?? 120_000;
+    const now = options.now ?? Date.now;
+    const sleep = options.sleep ??
+        (async (ms) => {
+            await new Promise((resolve) => setTimeout(resolve, ms));
+        });
+    const startedAt = now();
+    const lockPath = browserSessionLeaseLockPath(lease, options.rootDir);
+    while (true) {
+        try {
+            const handle = await open(lockPath, "wx", 0o600);
+            try {
+                await handle.writeFile(JSON.stringify({
+                    ...lease,
+                    pid: process.pid,
+                    locked_at: new Date().toISOString(),
+                }, null, 2));
+                return await action();
+            }
+            finally {
+                await handle.close();
+                await rm(lockPath, { force: true });
+            }
+        }
+        catch (err) {
+            if (!isAlreadyExistsError(err))
+                throw err;
+            if (await removeStaleLock(lockPath, staleMs, now))
+                continue;
+            if (now() - startedAt >= retryMs) {
+                throw new BrowserSessionLeaseLockError(lease);
+            }
+            await sleep(Math.min(50, retryMs));
+        }
+    }
+}
+export function browserSessionLeaseLockPath(lease, rootDir = join(userHome(), ".unicli", "browser-locks")) {
+    mkdirSync(rootDir, { recursive: true, mode: 0o700 });
+    return join(rootDir, `${safeLockName(lease.browser_session_id)}.lock`);
+}
+async function removeStaleLock(lockPath, staleMs, now) {
+    try {
+        const info = await stat(lockPath);
+        if (staleMs >= 0 && now() - info.mtimeMs <= staleMs)
+            return false;
+        if (await lockHolderIsAlive(lockPath))
+            return false;
+        await rm(lockPath, { force: true });
+        return true;
+    }
+    catch (err) {
+        return isNotFoundError(err);
+    }
+}
+function isAlreadyExistsError(err) {
+    return (typeof err === "object" &&
+        err !== null &&
+        "code" in err &&
+        err.code === "EEXIST");
+}
+async function lockHolderIsAlive(lockPath) {
+    try {
+        const payload = JSON.parse(await readFile(lockPath, "utf-8"));
+        return typeof payload.pid === "number" && processIsAlive(payload.pid);
+    }
+    catch {
+        return false;
+    }
+}
+function processIsAlive(pid) {
+    if (!Number.isInteger(pid) || pid <= 0)
+        return false;
+    try {
+        process.kill(pid, 0);
+        return true;
+    }
+    catch (err) {
+        if (isNoSuchProcessError(err))
+            return false;
+        return true;
+    }
+}
+function isNoSuchProcessError(err) {
+    return (typeof err === "object" &&
+        err !== null &&
+        "code" in err &&
+        err.code === "ESRCH");
+}
+function isNotFoundError(err) {
+    return (typeof err === "object" &&
+        err !== null &&
+        "code" in err &&
+        err.code === "ENOENT");
+}
+function safeLockName(value) {
+    return value.replace(/[^A-Za-z0-9._-]+/g, "_");
+}
+//# sourceMappingURL=session-lock.js.map

package/dist/engine/browser/session-lock.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-lock.js","sourceRoot":"","sources":["../../../src/engine/browser/session-lock.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACpC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAW3C,MAAM,OAAO,4BAA6B,SAAQ,KAAK;IAKhC;IAJrB,IAAI,GAAG,sBAAsB,CAAC;IAC9B,UAAU,GACR,kIAAkI,CAAC;IAErI,YAAqB,KAA0B;QAC7C,KAAK,CAAC,gCAAgC,KAAK,CAAC,oBAAoB,EAAE,CAAC,CAAC;QADjD,UAAK,GAAL,KAAK,CAAqB;QAE7C,IAAI,CAAC,IAAI,GAAG,8BAA8B,CAAC;IAC7C,CAAC;CACF;AAED,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,KAA0B,EAC1B,MAAwB,EACxB,UAA0C,EAAE;IAE5C,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC;IAClD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC;IAC3C,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC;IACpC,MAAM,KAAK,GACT,OAAO,CAAC,KAAK;QACb,CAAC,KAAK,EAAE,EAAU,EAAE,EAAE;YACpB,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;IACL,MAAM,SAAS,GAAG,GAAG,EAAE,CAAC;IACxB,MAAM,QAAQ,GAAG,2BAA2B,CAAC,KAAK,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAErE,OAAO,IAAI,EAAE,CAAC;QACZ,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;YACjD,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,SAAS,CACpB,IAAI,CAAC,SAAS,CACZ;oBACE,GAAG,KAAK;oBACR,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBACpC,EACD,IAAI,EACJ,CAAC,CACF,CACF,CAAC;gBACF,OAAO,MAAM,MAAM,EAAE,CAAC;YACxB,CAAC;oBAAS,CAAC;gBACT,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;gBACrB,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC;gBAAE,MAAM,GAAG,CAAC;YAC1C,IAAI,MAAM,eAAe,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC;gBAAE,SAAS;YAC5D,IAAI,GAAG,EAAE,GAAG,SAAS,IAAI,OAAO,EAAE,CAAC;gBACjC,MAAM,IAAI,4BAA4B,CAAC,KAAK,CAAC,CAAC;YAChD,CAAC;YACD,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,UAAU,2BAA2B,CACzC,KAA0B,EAC1B,OAAO,GAAG,IAAI,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,eAAe,CAAC;IAEtD,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACrD,OAAO,IAAI,CAAC,OAAO,EAAE,GAAG,YAAY,CAAC,KAAK,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;AACzE,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,QAAgB,EAChB,OAAe,EACf,GAAiB;IAEjB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;QAClC,IAAI,OAAO,IAAI,CAAC,IAAI,GAAG,EAAE,GAAG,IAAI,CAAC,OAAO,IAAI,OAAO;YAAE,OAAO,KAAK,CAAC;QAClE,IAAI,MAAM,iBAAiB,CAAC,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAC;QACpD,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,eAAe,CAAC,GAAG,CAAC,CAAC;IAC9B,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,GAAY;IACxC,OAAO,CACL,OAAO,GAAG,KAAK,QAAQ;QACvB,GAAG,KAAK,IAAI;QACZ,MAAM,IAAI,GAAG;QACZ,GAAyB,CAAC,IAAI,KAAK,QAAQ,CAC7C,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,QAAgB;IAC/C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAE3D,CAAC;QACF,OAAO,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACxE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,GAAW;IACjC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACrD,IAAI,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,oBAAoB,CAAC,GAAG,CAAC;YAAE,OAAO,KAAK,CAAC;QAC5C,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,GAAY;IACxC,OAAO,CACL,OAAO,GAAG,KAAK,QAAQ;QACvB,GAAG,KAAK,IAAI;QACZ,MAAM,IAAI,GAAG;QACZ,GAAyB,CAAC,IAAI,KAAK,OAAO,CAC5C,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,GAAY;IACnC,OAAO,CACL,OAAO,GAAG,KAAK,QAAQ;QACvB,GAAG,KAAK,IAAI;QACZ,MAAM,IAAI,GAAG;QACZ,GAAyB,CAAC,IAAI,KAAK,QAAQ,CAC7C,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,OAAO,KAAK,CAAC,OAAO,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;AACjD,CAAC"}

package/dist/engine/browser/session-runtime.d.ts

@@ -0,0 +1,10 @@
+import type { IPage } from "../../types.js";
+import { type BrowserSessionLease, type BrowserSessionLeaseAuthPosture, type BrowserSessionLeaseTarget } from "./session-lease.js";
+export declare function enrichBrowserSessionLease(lease: BrowserSessionLease, page: IPage, options?: {
+    now?: () => Date;
+}): Promise<BrowserSessionLease>;
+export declare function assertBrowserSessionLeaseTargetCurrent(lease: BrowserSessionLease, page: IPage): Promise<void>;
+export declare function captureBrowserSessionTarget(page: IPage, now?: () => Date): Promise<BrowserSessionLeaseTarget | undefined>;
+export declare function captureBrowserSessionAuthPosture(page: IPage, now?: () => Date): Promise<BrowserSessionLeaseAuthPosture>;
+export declare function browserSessionTargetKey(target?: BrowserSessionLeaseTarget | null): string | undefined;
+//# sourceMappingURL=session-runtime.d.ts.map

package/dist/engine/browser/session-runtime.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-runtime.d.ts","sourceRoot":"","sources":["../../../src/engine/browser/session-runtime.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAEL,KAAK,mBAAmB,EACxB,KAAK,8BAA8B,EACnC,KAAK,yBAAyB,EAC/B,MAAM,oBAAoB,CAAC;AAe5B,wBAAsB,yBAAyB,CAC7C,KAAK,EAAE,mBAAmB,EAC1B,IAAI,EAAE,KAAK,EACX,OAAO,GAAE;IAAE,GAAG,CAAC,EAAE,MAAM,IAAI,CAAA;CAAO,GACjC,OAAO,CAAC,mBAAmB,CAAC,CAY9B;AAED,wBAAsB,sCAAsC,CAC1D,KAAK,EAAE,mBAAmB,EAC1B,IAAI,EAAE,KAAK,GACV,OAAO,CAAC,IAAI,CAAC,CAcf;AAED,wBAAsB,2BAA2B,CAC/C,IAAI,EAAE,KAAK,EACX,GAAG,GAAE,MAAM,IAAuB,GACjC,OAAO,CAAC,yBAAyB,GAAG,SAAS,CAAC,CAqBhD;AAED,wBAAsB,gCAAgC,CACpD,IAAI,EAAE,KAAK,EACX,GAAG,GAAE,MAAM,IAAuB,GACjC,OAAO,CAAC,8BAA8B,CAAC,CAezC;AAED,wBAAgB,uBAAuB,CACrC,MAAM,CAAC,EAAE,yBAAyB,GAAG,IAAI,GACxC,MAAM,GAAG,SAAS,CASpB"}

package/dist/engine/browser/session-runtime.js

@@ -0,0 +1,87 @@
+import { BrowserSessionLeaseGuardError, } from "./session-lease.js";
+export async function enrichBrowserSessionLease(lease, page, options = {}) {
+    const now = options.now ?? (() => new Date());
+    const [target, auth] = await Promise.all([
+        captureBrowserSessionTarget(page, now),
+        captureBrowserSessionAuthPosture(page, now),
+    ]);
+    return {
+        ...lease,
+        ...(target ? { target } : {}),
+        auth,
+    };
+}
+export async function assertBrowserSessionLeaseTargetCurrent(lease, page) {
+    const expected = browserSessionTargetKey(lease.target);
+    if (!expected)
+        return;
+    const current = await captureBrowserSessionTarget(page);
+    const actual = browserSessionTargetKey(current);
+    if (!actual || actual === expected)
+        return;
+    throw new BrowserSessionLeaseGuardError("browser_target_mismatch", lease, expected, actual);
+}
+export async function captureBrowserSessionTarget(page, now = () => new Date()) {
+    const provided = await captureProvidedBrowserTarget(page, now);
+    if (provided)
+        return provided;
+    try {
+        const raw = (await page.sendCDP("Target.getTargetInfo"));
+        const info = raw?.targetInfo;
+        if (!info)
+            return undefined;
+        return {
+            kind: "cdp-target",
+            captured_at: now().toISOString(),
+            ...(info.targetId ? { target_id: info.targetId } : {}),
+            ...(info.type ? { target_type: info.type } : {}),
+            ...(info.url ? { url: info.url } : {}),
+            ...(info.title ? { title: info.title } : {}),
+        };
+    }
+    catch {
+        return undefined;
+    }
+}
+export async function captureBrowserSessionAuthPosture(page, now = () => new Date()) {
+    try {
+        const cookies = await page.cookies();
+        const cookieCount = Object.keys(cookies).length;
+        return {
+            state: cookieCount > 0 ? "cookies_present" : "no_cookies",
+            cookie_count: cookieCount,
+            captured_at: now().toISOString(),
+        };
+    }
+    catch {
+        return {
+            state: "unavailable",
+            captured_at: now().toISOString(),
+        };
+    }
+}
+export function browserSessionTargetKey(target) {
+    if (!target)
+        return undefined;
+    if (typeof target.tab_id === "number") {
+        return typeof target.window_id === "number"
+            ? `window:${String(target.window_id)}:tab:${String(target.tab_id)}`
+            : `tab:${String(target.tab_id)}`;
+    }
+    if (target.target_id)
+        return `target:${target.target_id}`;
+    return undefined;
+}
+async function captureProvidedBrowserTarget(page, now) {
+    const provider = page;
+    if (typeof provider.browserTargetInfo !== "function")
+        return undefined;
+    const target = await provider.browserTargetInfo().catch(() => null);
+    if (!target)
+        return undefined;
+    return {
+        ...target,
+        captured_at: target.captured_at ?? now().toISOString(),
+    };
+}
+//# sourceMappingURL=session-runtime.js.map

package/dist/engine/browser/session-runtime.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-runtime.js","sourceRoot":"","sources":["../../../src/engine/browser/session-runtime.ts"],"names":[],"mappings":"AACA,OAAO,EACL,6BAA6B,GAI9B,MAAM,oBAAoB,CAAC;AAe5B,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,KAA0B,EAC1B,IAAW,EACX,UAAgC,EAAE;IAElC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IAC9C,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACvC,2BAA2B,CAAC,IAAI,EAAE,GAAG,CAAC;QACtC,gCAAgC,CAAC,IAAI,EAAE,GAAG,CAAC;KAC5C,CAAC,CAAC;IAEH,OAAO;QACL,GAAG,KAAK;QACR,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7B,IAAI;KACL,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sCAAsC,CAC1D,KAA0B,EAC1B,IAAW;IAEX,MAAM,QAAQ,GAAG,uBAAuB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACvD,IAAI,CAAC,QAAQ;QAAE,OAAO;IAEtB,MAAM,OAAO,GAAG,MAAM,2BAA2B,CAAC,IAAI,CAAC,CAAC;IACxD,MAAM,MAAM,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC;IAChD,IAAI,CAAC,MAAM,IAAI,MAAM,KAAK,QAAQ;QAAE,OAAO;IAE3C,MAAM,IAAI,6BAA6B,CACrC,yBAAyB,EACzB,KAAK,EACL,QAAQ,EACR,MAAM,CACP,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,IAAW,EACX,MAAkB,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE;IAElC,MAAM,QAAQ,GAAG,MAAM,4BAA4B,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC/D,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE9B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAE1C,CAAC;QACd,MAAM,IAAI,GAAG,GAAG,EAAE,UAAU,CAAC;QAC7B,IAAI,CAAC,IAAI;YAAE,OAAO,SAAS,CAAC;QAC5B,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,WAAW,EAAE,GAAG,EAAE,CAAC,WAAW,EAAE;YAChC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACtD,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChD,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACtC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC7C,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gCAAgC,CACpD,IAAW,EACX,MAAkB,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE;IAElC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;QACrC,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;QAChD,OAAO;YACL,KAAK,EAAE,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,YAAY;YACzD,YAAY,EAAE,WAAW;YACzB,WAAW,EAAE,GAAG,EAAE,CAAC,WAAW,EAAE;SACjC,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,KAAK,EAAE,aAAa;YACpB,WAAW,EAAE,GAAG,EAAE,CAAC,WAAW,EAAE;SACjC,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,MAAyC;IAEzC,IAAI,CAAC,MAAM;QAAE,OAAO,SAAS,CAAC;IAC9B,IAAI,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ;YACzC,CAAC,CAAC,UAAU,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,QAAQ,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE;YACnE,CAAC,CAAC,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;IACrC,CAAC;IACD,IAAI,MAAM,CAAC,SAAS;QAAE,OAAO,UAAU,MAAM,CAAC,SAAS,EAAE,CAAC;IAC1D,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,KAAK,UAAU,4BAA4B,CACzC,IAAW,EACX,GAAe;IAEf,MAAM,QAAQ,GAAG,IAAyC,CAAC;IAC3D,IAAI,OAAO,QAAQ,CAAC,iBAAiB,KAAK,UAAU;QAAE,OAAO,SAAS,CAAC;IAEvE,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,iBAAiB,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IACpE,IAAI,CAAC,MAAM;QAAE,OAAO,SAAS,CAAC;IAC9B,OAAO;QACL,GAAG,MAAM;QACT,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,GAAG,EAAE,CAAC,WAAW,EAAE;KACvD,CAAC;AACJ,CAAC"}

package/dist/engine/capability-policy.d.ts

@@ -0,0 +1,50 @@
+/**
+ * Capability-scoped permission classification.
+ *
+ * This is deliberately deterministic and metadata-only: it classifies the
+ * command contract, not user-provided runtime values.
+ */
+import type { OperationEffect, OperationPolicyInput, PermissionProfile } from "./operation-policy.js";
+export type CapabilityAccess = "none" | "read" | "write";
+export type CapabilityDimensionName = "network" | "browser" | "desktop" | "file" | "process" | "account";
+export interface CapabilityDimension {
+    access: CapabilityAccess;
+    reason?: string;
+}
+export type CapabilityDimensionMap = Record<CapabilityDimensionName, CapabilityDimension>;
+export interface CapabilityResourceScope {
+    domains: string[];
+    paths: string[];
+    executables: string[];
+    apps: string[];
+    accounts: string[];
+}
+export interface CapabilityScope {
+    schema_version: "1";
+    dimensions: CapabilityDimensionMap;
+    summary: string[];
+    resources: CapabilityResourceScope;
+    resource_summary: string[];
+}
+export interface CapabilityApprovalMemory {
+    schema_version: "1";
+    key: string;
+    persistence: "not_persisted" | "persisted";
+    profile: PermissionProfile;
+    decision: "not_approved" | "approved_for_invocation" | "approved_by_memory";
+    scope: {
+        dimensions: Record<CapabilityDimensionName, CapabilityAccess>;
+        resources: CapabilityResourceScope;
+    };
+}
+export declare function deriveCapabilityScope(input: OperationPolicyInput, effect: OperationEffect): CapabilityScope;
+export declare function buildCapabilityApprovalMemory(input: {
+    site: string;
+    command: string;
+    profile: PermissionProfile;
+    effect: OperationEffect;
+    approved: boolean;
+    approvalSource?: "none" | "invocation" | "env" | "memory";
+    scope: CapabilityScope;
+}): CapabilityApprovalMemory;
+//# sourceMappingURL=capability-policy.d.ts.map

package/dist/engine/capability-policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"capability-policy.d.ts","sourceRoot":"","sources":["../../src/engine/capability-policy.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,KAAK,EACV,eAAe,EACf,oBAAoB,EACpB,iBAAiB,EAClB,MAAM,uBAAuB,CAAC;AAE/B,MAAM,MAAM,gBAAgB,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;AACzD,MAAM,MAAM,uBAAuB,GAC/B,SAAS,GACT,SAAS,GACT,SAAS,GACT,MAAM,GACN,SAAS,GACT,SAAS,CAAC;AAEd,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,gBAAgB,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,MAAM,sBAAsB,GAAG,MAAM,CACzC,uBAAuB,EACvB,mBAAmB,CACpB,CAAC;AAEF,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,eAAe;IAC9B,cAAc,EAAE,GAAG,CAAC;IACpB,UAAU,EAAE,sBAAsB,CAAC;IACnC,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,EAAE,uBAAuB,CAAC;IACnC,gBAAgB,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED,MAAM,WAAW,wBAAwB;IACvC,cAAc,EAAE,GAAG,CAAC;IACpB,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,eAAe,GAAG,WAAW,CAAC;IAC3C,OAAO,EAAE,iBAAiB,CAAC;IAC3B,QAAQ,EAAE,cAAc,GAAG,yBAAyB,GAAG,oBAAoB,CAAC;IAC5E,KAAK,EAAE;QACL,UAAU,EAAE,MAAM,CAAC,uBAAuB,EAAE,gBAAgB,CAAC,CAAC;QAC9D,SAAS,EAAE,uBAAuB,CAAC;KACpC,CAAC;CACH;AAmPD,wBAAgB,qBAAqB,CACnC,KAAK,EAAE,oBAAoB,EAC3B,MAAM,EAAE,eAAe,GACtB,eAAe,CAoLjB;AAiBD,wBAAgB,6BAA6B,CAAC,KAAK,EAAE;IACnD,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,iBAAiB,CAAC;IAC3B,MAAM,EAAE,eAAe,CAAC;IACxB,QAAQ,EAAE,OAAO,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,GAAG,YAAY,GAAG,KAAK,GAAG,QAAQ,CAAC;IAC1D,KAAK,EAAE,eAAe,CAAC;CACxB,GAAG,wBAAwB,CAyB3B"}

package/dist/engine/capability-policy.js

@@ -0,0 +1,305 @@
+/**
+ * Capability-scoped permission classification.
+ *
+ * This is deliberately deterministic and metadata-only: it classifies the
+ * command contract, not user-provided runtime values.
+ */
+import { createHash } from "node:crypto";
+import { AdapterType } from "../types.js";
+const DIMENSION_ORDER = [
+    "network",
+    "browser",
+    "desktop",
+    "file",
+    "process",
+    "account",
+];
+const WEB_STRATEGIES = new Set([
+    "public",
+    "cookie",
+    "header",
+    "intercept",
+    "ui",
+]);
+const PATH_ARG_NAMES = new Set([
+    "dir",
+    "directory",
+    "file",
+    "filename",
+    "folder",
+    "input",
+    "out",
+    "output",
+    "path",
+    "source",
+    "destination",
+]);
+function emptyDimensions() {
+    return {
+        network: { access: "none" },
+        browser: { access: "none" },
+        desktop: { access: "none" },
+        file: { access: "none" },
+        process: { access: "none" },
+        account: { access: "none" },
+    };
+}
+function emptyResources() {
+    return {
+        domains: [],
+        paths: [],
+        executables: [],
+        apps: [],
+        accounts: [],
+    };
+}
+function accessRank(access) {
+    switch (access) {
+        case "write":
+            return 2;
+        case "read":
+            return 1;
+        case "none":
+            return 0;
+    }
+}
+function promoteAccess(dimensions, name, access, reason) {
+    const current = dimensions[name];
+    if (accessRank(access) >= accessRank(current.access)) {
+        dimensions[name] = { access, reason };
+    }
+}
+function normalizedUnique(values) {
+    return Array.from(new Set(values
+        .map((value) => value.trim().toLowerCase())
+        .filter((value) => value.length > 0))).sort();
+}
+function normalizeDomain(value) {
+    if (!value)
+        return undefined;
+    const raw = value.trim();
+    if (raw.length === 0)
+        return undefined;
+    try {
+        const url = new URL(raw.includes("://") ? raw : `https://${raw}`);
+        return url.host.toLowerCase();
+    }
+    catch {
+        return raw
+            .replace(/^https?:\/\//i, "")
+            .split("/")[0]
+            ?.trim()
+            .toLowerCase();
+    }
+}
+function pathArgSlots(input) {
+    return normalizedUnique((input.args ?? []).flatMap((arg) => {
+        const name = arg.name.trim().toLowerCase();
+        return PATH_ARG_NAMES.has(name) ? [`arg:${name}`] : [];
+    }));
+}
+function deriveResourceScope(input, dimensions) {
+    const resources = emptyResources();
+    if (dimensions.network.access !== "none" ||
+        dimensions.browser.access !== "none") {
+        const domain = normalizeDomain(input.domain ?? input.base);
+        resources.domains = domain ? [domain] : [];
+    }
+    if (dimensions.account.access !== "none") {
+        resources.accounts = [input.site];
+    }
+    if (dimensions.desktop.access !== "none") {
+        resources.apps = [input.site];
+    }
+    if (dimensions.process.access !== "none") {
+        resources.executables = [input.site];
+    }
+    if (dimensions.file.access !== "none") {
+        resources.paths = pathArgSlots(input);
+    }
+    return {
+        domains: normalizedUnique(resources.domains),
+        paths: normalizedUnique(resources.paths),
+        executables: normalizedUnique(resources.executables),
+        apps: normalizedUnique(resources.apps),
+        accounts: normalizedUnique(resources.accounts),
+    };
+}
+function effectAccess(effect) {
+    return effect === "read" ? "read" : "write";
+}
+function isExplicitLocalSurface(surface) {
+    return surface === "desktop" || surface === "system";
+}
+function isNetworkCapable(input) {
+    if (input.adapterType === AdapterType.SERVICE)
+        return true;
+    if (isExplicitLocalSurface(input.targetSurface))
+        return false;
+    return ((input.targetSurface === undefined && input.adapterType === undefined) ||
+        input.targetSurface === "web" ||
+        input.targetSurface === "mobile" ||
+        input.adapterType === AdapterType.WEB_API ||
+        input.adapterType === AdapterType.BROWSER ||
+        (input.strategy !== undefined && WEB_STRATEGIES.has(input.strategy)));
+}
+function isBrowserCapable(input) {
+    return (input.browser === true ||
+        input.adapterType === AdapterType.BROWSER ||
+        input.strategy === "intercept" ||
+        input.strategy === "ui");
+}
+function isDesktopCapable(input) {
+    return (input.targetSurface === "desktop" ||
+        input.adapterType === AdapterType.DESKTOP);
+}
+function isProcessCapable(input) {
+    if (input.adapterType === AdapterType.SERVICE)
+        return false;
+    return (input.adapterType === AdapterType.BRIDGE ||
+        input.adapterType === AdapterType.DESKTOP ||
+        input.targetSurface === "desktop" ||
+        input.targetSurface === "system");
+}
+function isRemoteAccountSurface(input) {
+    if (input.adapterType === AdapterType.BRIDGE ||
+        input.adapterType === AdapterType.DESKTOP ||
+        input.adapterType === AdapterType.SERVICE ||
+        isExplicitLocalSurface(input.targetSurface)) {
+        return false;
+    }
+    return isNetworkCapable(input) || isBrowserCapable(input);
+}
+function summaryFor(dimensions) {
+    return DIMENSION_ORDER.flatMap((name) => {
+        const access = dimensions[name].access;
+        return access === "none" ? [] : [`${name}:${access}`];
+    });
+}
+function resourceSummaryFor(resources) {
+    return [
+        ...resources.domains.map((value) => `domain:${value}`),
+        ...resources.accounts.map((value) => `account:${value}`),
+        ...resources.apps.map((value) => `app:${value}`),
+        ...resources.executables.map((value) => `process:${value}`),
+        ...resources.paths.map((value) => `path:${value}`),
+    ];
+}
+function accessMapFor(dimensions) {
+    return {
+        network: dimensions.network.access,
+        browser: dimensions.browser.access,
+        desktop: dimensions.desktop.access,
+        file: dimensions.file.access,
+        process: dimensions.process.access,
+        account: dimensions.account.access,
+    };
+}
+export function deriveCapabilityScope(input, effect) {
+    const dimensions = emptyDimensions();
+    const access = effectAccess(effect);
+    const networkCapable = isNetworkCapable(input);
+    const browserCapable = isBrowserCapable(input);
+    const desktopCapable = isDesktopCapable(input);
+    const processCapable = isProcessCapable(input);
+    if (networkCapable) {
+        promoteAccess(dimensions, "network", access, access === "read"
+            ? "reads remote web or API data"
+            : "may write through a remote web or API surface");
+    }
+    if (browserCapable) {
+        promoteAccess(dimensions, "browser", access, access === "read"
+            ? "reads through browser automation"
+            : "may interact with browser automation");
+    }
+    if (effect === "send_message" || effect === "publish_content") {
+        promoteAccess(dimensions, "account", "write", "may send or publish as user");
+        promoteAccess(dimensions, "network", "write", "may submit content to a remote account surface");
+    }
+    if (effect === "account_state" || effect === "remote_resource") {
+        promoteAccess(dimensions, "account", "write", effect === "account_state"
+            ? "may mutate user account state"
+            : "may mutate remote account resources");
+        promoteAccess(dimensions, "network", "write", effect === "account_state"
+            ? "may submit account-state changes remotely"
+            : "may submit remote resource changes");
+    }
+    if (effect === "service_state") {
+        promoteAccess(dimensions, "network", "write", "may mutate service state through an HTTP API");
+    }
+    if (effect === "destructive" && isRemoteAccountSurface(input)) {
+        promoteAccess(dimensions, "account", "write", "may delete or reset remote account state");
+        promoteAccess(dimensions, "network", "write", "may submit destructive changes remotely");
+    }
+    if (effect === "destructive" && isExplicitLocalSurface(input.targetSurface)) {
+        promoteAccess(dimensions, "file", "write", "may delete or reset local files");
+        promoteAccess(dimensions, "process", "write", "may run a destructive local process");
+    }
+    if (effect === "local_app") {
+        promoteAccess(dimensions, "desktop", "write", "may control local application state");
+        promoteAccess(dimensions, "process", "write", "may drive local automation process");
+    }
+    if (effect === "local_file") {
+        promoteAccess(dimensions, "file", "write", "may create or modify local files");
+        promoteAccess(dimensions, "process", "write", "may run a local process that touches files");
+    }
+    if (desktopCapable && effect === "read") {
+        promoteAccess(dimensions, "desktop", "read", "reads local desktop state");
+    }
+    else if (desktopCapable) {
+        promoteAccess(dimensions, "desktop", "write", "may interact with local desktop state");
+    }
+    if (processCapable && effect === "read") {
+        promoteAccess(dimensions, "process", "read", "reads through a local process");
+    }
+    else if (processCapable) {
+        promoteAccess(dimensions, "process", "write", "may run or control a process");
+    }
+    if (input.adapterType === AdapterType.BRIDGE) {
+        promoteAccess(dimensions, "process", access, access === "read"
+            ? "reads through an external CLI"
+            : "may write through an external CLI");
+    }
+    const resources = deriveResourceScope(input, dimensions);
+    return {
+        schema_version: "1",
+        dimensions,
+        summary: summaryFor(dimensions),
+        resources,
+        resource_summary: resourceSummaryFor(resources),
+    };
+}
+function resourceFingerprintFor(resources) {
+    return createHash("sha256")
+        .update(JSON.stringify({
+        accounts: normalizedUnique(resources.accounts),
+        apps: normalizedUnique(resources.apps),
+        domains: normalizedUnique(resources.domains),
+        executables: normalizedUnique(resources.executables),
+        paths: normalizedUnique(resources.paths),
+    }))
+        .digest("hex")
+        .slice(0, 16);
+}
+export function buildCapabilityApprovalMemory(input) {
+    const dimensionAccess = accessMapFor(input.scope.dimensions);
+    const dimensionKey = DIMENSION_ORDER.map((name) => `${name}:${dimensionAccess[name]}`).join(",");
+    const resourceKey = resourceFingerprintFor(input.scope.resources);
+    const approvalSource = input.approvalSource ?? (input.approved ? "invocation" : "none");
+    return {
+        schema_version: "1",
+        key: `cap:1:${input.site}.${input.command}:${input.profile}:${input.effect}:${dimensionKey}:res:${resourceKey}`,
+        persistence: approvalSource === "memory" ? "persisted" : "not_persisted",
+        profile: input.profile,
+        decision: approvalSource === "memory"
+            ? "approved_by_memory"
+            : input.approved
+                ? "approved_for_invocation"
+                : "not_approved",
+        scope: {
+            dimensions: dimensionAccess,
+            resources: input.scope.resources,
+        },
+    };
+}
+//# sourceMappingURL=capability-policy.js.map

package/dist/engine/capability-policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"capability-policy.js","sourceRoot":"","sources":["../../src/engine/capability-policy.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,WAAW,EAAsB,MAAM,aAAa,CAAC;AAsD9D,MAAM,eAAe,GAA8B;IACjD,SAAS;IACT,SAAS;IACT,SAAS;IACT,MAAM;IACN,SAAS;IACT,SAAS;CACV,CAAC;AAEF,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,WAAW;IACX,IAAI;CACL,CAAC,CAAC;AAEH,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,KAAK;IACL,WAAW;IACX,MAAM;IACN,UAAU;IACV,QAAQ;IACR,OAAO;IACP,KAAK;IACL,QAAQ;IACR,MAAM;IACN,QAAQ;IACR,aAAa;CACd,CAAC,CAAC;AAEH,SAAS,eAAe;IACtB,OAAO;QACL,OAAO,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;QAC3B,OAAO,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;QAC3B,OAAO,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;QAC3B,IAAI,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;QACxB,OAAO,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;QAC3B,OAAO,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;KAC5B,CAAC;AACJ,CAAC;AAED,SAAS,cAAc;IACrB,OAAO;QACL,OAAO,EAAE,EAAE;QACX,KAAK,EAAE,EAAE;QACT,WAAW,EAAE,EAAE;QACf,IAAI,EAAE,EAAE;QACR,QAAQ,EAAE,EAAE;KACb,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,MAAwB;IAC1C,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,OAAO;YACV,OAAO,CAAC,CAAC;QACX,KAAK,MAAM;YACT,OAAO,CAAC,CAAC;QACX,KAAK,MAAM;YACT,OAAO,CAAC,CAAC;IACb,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CACpB,UAAkC,EAClC,IAA6B,EAC7B,MAAyC,EACzC,MAAc;IAEd,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;IACjC,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACrD,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IACxC,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAgB;IACxC,OAAO,KAAK,CAAC,IAAI,CACf,IAAI,GAAG,CACL,MAAM;SACH,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;SAC1C,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CACvC,CACF,CAAC,IAAI,EAAE,CAAC;AACX,CAAC;AAED,SAAS,eAAe,CAAC,KAAc;IACrC,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IACzB,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAEvC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,GAAG,EAAE,CAAC,CAAC;QAClE,OAAO,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,GAAG;aACP,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC;aAC5B,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACd,EAAE,IAAI,EAAE;aACP,WAAW,EAAE,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,KAA2B;IAC/C,OAAO,gBAAgB,CACrB,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACjC,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC3C,OAAO,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACzD,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAC1B,KAA2B,EAC3B,UAAkC;IAElC,MAAM,SAAS,GAAG,cAAc,EAAE,CAAC;IAEnC,IACE,UAAU,CAAC,OAAO,CAAC,MAAM,KAAK,MAAM;QACpC,UAAU,CAAC,OAAO,CAAC,MAAM,KAAK,MAAM,EACpC,CAAC;QACD,MAAM,MAAM,GAAG,eAAe,CAAC,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3D,SAAS,CAAC,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC7C,CAAC;IAED,IAAI,UAAU,CAAC,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QACzC,SAAS,CAAC,QAAQ,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC;IAED,IAAI,UAAU,CAAC,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QACzC,SAAS,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAChC,CAAC;IAED,IAAI,UAAU,CAAC,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QACzC,SAAS,CAAC,WAAW,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QACtC,SAAS,CAAC,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IACxC,CAAC;IAED,OAAO;QACL,OAAO,EAAE,gBAAgB,CAAC,SAAS,CAAC,OAAO,CAAC;QAC5C,KAAK,EAAE,gBAAgB,CAAC,SAAS,CAAC,KAAK,CAAC;QACxC,WAAW,EAAE,gBAAgB,CAAC,SAAS,CAAC,WAAW,CAAC;QACpD,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAAC,IAAI,CAAC;QACtC,QAAQ,EAAE,gBAAgB,CAAC,SAAS,CAAC,QAAQ,CAAC;KAC/C,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CACnB,MAAuB;IAEvB,OAAO,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;AAC9C,CAAC;AAED,SAAS,sBAAsB,CAAC,OAAuB;IACrD,OAAO,OAAO,KAAK,SAAS,IAAI,OAAO,KAAK,QAAQ,CAAC;AACvD,CAAC;AAED,SAAS,gBAAgB,CAAC,KAA2B;IACnD,IAAI,KAAK,CAAC,WAAW,KAAK,WAAW,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC3D,IAAI,sBAAsB,CAAC,KAAK,CAAC,aAAa,CAAC;QAAE,OAAO,KAAK,CAAC;IAC9D,OAAO,CACL,CAAC,KAAK,CAAC,aAAa,KAAK,SAAS,IAAI,KAAK,CAAC,WAAW,KAAK,SAAS,CAAC;QACtE,KAAK,CAAC,aAAa,KAAK,KAAK;QAC7B,KAAK,CAAC,aAAa,KAAK,QAAQ;QAChC,KAAK,CAAC,WAAW,KAAK,WAAW,CAAC,OAAO;QACzC,KAAK,CAAC,WAAW,KAAK,WAAW,CAAC,OAAO;QACzC,CAAC,KAAK,CAAC,QAAQ,KAAK,SAAS,IAAI,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CACrE,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,KAA2B;IACnD,OAAO,CACL,KAAK,CAAC,OAAO,KAAK,IAAI;QACtB,KAAK,CAAC,WAAW,KAAK,WAAW,CAAC,OAAO;QACzC,KAAK,CAAC,QAAQ,KAAK,WAAW;QAC9B,KAAK,CAAC,QAAQ,KAAK,IAAI,CACxB,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,KAA2B;IACnD,OAAO,CACL,KAAK,CAAC,aAAa,KAAK,SAAS;QACjC,KAAK,CAAC,WAAW,KAAK,WAAW,CAAC,OAAO,CAC1C,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,KAA2B;IACnD,IAAI,KAAK,CAAC,WAAW,KAAK,WAAW,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAC5D,OAAO,CACL,KAAK,CAAC,WAAW,KAAK,WAAW,CAAC,MAAM;QACxC,KAAK,CAAC,WAAW,KAAK,WAAW,CAAC,OAAO;QACzC,KAAK,CAAC,aAAa,KAAK,SAAS;QACjC,KAAK,CAAC,aAAa,KAAK,QAAQ,CACjC,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB,CAAC,KAA2B;IACzD,IACE,KAAK,CAAC,WAAW,KAAK,WAAW,CAAC,MAAM;QACxC,KAAK,CAAC,WAAW,KAAK,WAAW,CAAC,OAAO;QACzC,KAAK,CAAC,WAAW,KAAK,WAAW,CAAC,OAAO;QACzC,sBAAsB,CAAC,KAAK,CAAC,aAAa,CAAC,EAC3C,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,gBAAgB,CAAC,KAAK,CAAC,IAAI,gBAAgB,CAAC,KAAK,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,UAAU,CAAC,UAAkC;IACpD,OAAO,eAAe,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;QACtC,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;QACvC,OAAO,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,MAAM,EAAE,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,kBAAkB,CAAC,SAAkC;IAC5D,OAAO;QACL,GAAG,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,UAAU,KAAK,EAAE,CAAC;QACtD,GAAG,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,WAAW,KAAK,EAAE,CAAC;QACxD,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,OAAO,KAAK,EAAE,CAAC;QAChD,GAAG,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,WAAW,KAAK,EAAE,CAAC;QAC3D,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,QAAQ,KAAK,EAAE,CAAC;KACnD,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CACnB,UAAkC;IAElC,OAAO;QACL,OAAO,EAAE,UAAU,CAAC,OAAO,CAAC,MAAM;QAClC,OAAO,EAAE,UAAU,CAAC,OAAO,CAAC,MAAM;QAClC,OAAO,EAAE,UAAU,CAAC,OAAO,CAAC,MAAM;QAClC,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC,MAAM;QAC5B,OAAO,EAAE,UAAU,CAAC,OAAO,CAAC,MAAM;QAClC,OAAO,EAAE,UAAU,CAAC,OAAO,CAAC,MAAM;KACnC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,KAA2B,EAC3B,MAAuB;IAEvB,MAAM,UAAU,GAAG,eAAe,EAAE,CAAC;IACrC,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACpC,MAAM,cAAc,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAC/C,MAAM,cAAc,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAC/C,MAAM,cAAc,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAC/C,MAAM,cAAc,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAE/C,IAAI,cAAc,EAAE,CAAC;QACnB,aAAa,CACX,UAAU,EACV,SAAS,EACT,MAAM,EACN,MAAM,KAAK,MAAM;YACf,CAAC,CAAC,8BAA8B;YAChC,CAAC,CAAC,+CAA+C,CACpD,CAAC;IACJ,CAAC;IAED,IAAI,cAAc,EAAE,CAAC;QACnB,aAAa,CACX,UAAU,EACV,SAAS,EACT,MAAM,EACN,MAAM,KAAK,MAAM;YACf,CAAC,CAAC,kCAAkC;YACpC,CAAC,CAAC,sCAAsC,CAC3C,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,KAAK,cAAc,IAAI,MAAM,KAAK,iBAAiB,EAAE,CAAC;QAC9D,aAAa,CACX,UAAU,EACV,SAAS,EACT,OAAO,EACP,6BAA6B,CAC9B,CAAC;QACF,aAAa,CACX,UAAU,EACV,SAAS,EACT,OAAO,EACP,gDAAgD,CACjD,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,KAAK,eAAe,IAAI,MAAM,KAAK,iBAAiB,EAAE,CAAC;QAC/D,aAAa,CACX,UAAU,EACV,SAAS,EACT,OAAO,EACP,MAAM,KAAK,eAAe;YACxB,CAAC,CAAC,+BAA+B;YACjC,CAAC,CAAC,qCAAqC,CAC1C,CAAC;QACF,aAAa,CACX,UAAU,EACV,SAAS,EACT,OAAO,EACP,MAAM,KAAK,eAAe;YACxB,CAAC,CAAC,2CAA2C;YAC7C,CAAC,CAAC,oCAAoC,CACzC,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,KAAK,eAAe,EAAE,CAAC;QAC/B,aAAa,CACX,UAAU,EACV,SAAS,EACT,OAAO,EACP,8CAA8C,CAC/C,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,KAAK,aAAa,IAAI,sBAAsB,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9D,aAAa,CACX,UAAU,EACV,SAAS,EACT,OAAO,EACP,0CAA0C,CAC3C,CAAC;QACF,aAAa,CACX,UAAU,EACV,SAAS,EACT,OAAO,EACP,yCAAyC,CAC1C,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,KAAK,aAAa,IAAI,sBAAsB,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC;QAC5E,aAAa,CACX,UAAU,EACV,MAAM,EACN,OAAO,EACP,iCAAiC,CAClC,CAAC;QACF,aAAa,CACX,UAAU,EACV,SAAS,EACT,OAAO,EACP,qCAAqC,CACtC,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,KAAK,WAAW,EAAE,CAAC;QAC3B,aAAa,CACX,UAAU,EACV,SAAS,EACT,OAAO,EACP,qCAAqC,CACtC,CAAC;QACF,aAAa,CACX,UAAU,EACV,SAAS,EACT,OAAO,EACP,oCAAoC,CACrC,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,KAAK,YAAY,EAAE,CAAC;QAC5B,aAAa,CACX,UAAU,EACV,MAAM,EACN,OAAO,EACP,kCAAkC,CACnC,CAAC;QACF,aAAa,CACX,UAAU,EACV,SAAS,EACT,OAAO,EACP,4CAA4C,CAC7C,CAAC;IACJ,CAAC;IAED,IAAI,cAAc,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACxC,aAAa,CAAC,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,2BAA2B,CAAC,CAAC;IAC5E,CAAC;SAAM,IAAI,cAAc,EAAE,CAAC;QAC1B,aAAa,CACX,UAAU,EACV,SAAS,EACT,OAAO,EACP,uCAAuC,CACxC,CAAC;IACJ,CAAC;IAED,IAAI,cAAc,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACxC,aAAa,CACX,UAAU,EACV,SAAS,EACT,MAAM,EACN,+BAA+B,CAChC,CAAC;IACJ,CAAC;SAAM,IAAI,cAAc,EAAE,CAAC;QAC1B,aAAa,CACX,UAAU,EACV,SAAS,EACT,OAAO,EACP,8BAA8B,CAC/B,CAAC;IACJ,CAAC;IAED,IAAI,KAAK,CAAC,WAAW,KAAK,WAAW,CAAC,MAAM,EAAE,CAAC;QAC7C,aAAa,CACX,UAAU,EACV,SAAS,EACT,MAAM,EACN,MAAM,KAAK,MAAM;YACf,CAAC,CAAC,+BAA+B;YACjC,CAAC,CAAC,mCAAmC,CACxC,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,mBAAmB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IAEzD,OAAO;QACL,cAAc,EAAE,GAAG;QACnB,UAAU;QACV,OAAO,EAAE,UAAU,CAAC,UAAU,CAAC;QAC/B,SAAS;QACT,gBAAgB,EAAE,kBAAkB,CAAC,SAAS,CAAC;KAChD,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB,CAAC,SAAkC;IAChE,OAAO,UAAU,CAAC,QAAQ,CAAC;SACxB,MAAM,CACL,IAAI,CAAC,SAAS,CAAC;QACb,QAAQ,EAAE,gBAAgB,CAAC,SAAS,CAAC,QAAQ,CAAC;QAC9C,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAAC,IAAI,CAAC;QACtC,OAAO,EAAE,gBAAgB,CAAC,SAAS,CAAC,OAAO,CAAC;QAC5C,WAAW,EAAE,gBAAgB,CAAC,SAAS,CAAC,WAAW,CAAC;QACpD,KAAK,EAAE,gBAAgB,CAAC,SAAS,CAAC,KAAK,CAAC;KACzC,CAAC,CACH;SACA,MAAM,CAAC,KAAK,CAAC;SACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,6BAA6B,CAAC,KAQ7C;IACC,MAAM,eAAe,GAAG,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC7D,MAAM,YAAY,GAAG,eAAe,CAAC,GAAG,CACtC,CAAC,IAAI,EAAE,EAAE,CAAC,GAAG,IAAI,IAAI,eAAe,CAAC,IAAI,CAAC,EAAE,CAC7C,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACZ,MAAM,WAAW,GAAG,sBAAsB,CAAC,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAClE,MAAM,cAAc,GAClB,KAAK,CAAC,cAAc,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;IAEnE,OAAO;QACL,cAAc,EAAE,GAAG;QACnB,GAAG,EAAE,SAAS,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,MAAM,IAAI,YAAY,QAAQ,WAAW,EAAE;QAC/G,WAAW,EAAE,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,eAAe;QACxE,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,QAAQ,EACN,cAAc,KAAK,QAAQ;YACzB,CAAC,CAAC,oBAAoB;YACtB,CAAC,CAAC,KAAK,CAAC,QAAQ;gBACd,CAAC,CAAC,yBAAyB;gBAC3B,CAAC,CAAC,cAAc;QACtB,KAAK,EAAE;YACL,UAAU,EAAE,eAAe;YAC3B,SAAS,EAAE,KAAK,CAAC,KAAK,CAAC,SAAS;SACjC;KACF,CAAC;AACJ,CAAC"}

package/dist/engine/executor.d.ts

@@ -19,6 +19,7 @@ export { assertSafeRequestUrl } from "./ssrf.js";
 export { getBus, buildTransportCtx, _resetTransportBusForTests };
 export interface PipelineOptions {
     site?: string;
+    command?: string;
     strategy?: string;
     /**
      * Kernel surface that dispatched the pipeline. When provided, becomes
@@ -48,6 +49,10 @@ export type PipelineContext = {
     surface?: "cli" | "mcp" | "acp" | "bench" | "hub";
     /** Kernel trace ID. Mirrors `PipelineOptions.trace_id`. */
     trace_id?: string;
+    /** Adapter site that owns this pipeline, when routed through the kernel. */
+    site?: string;
+    /** Adapter command that owns this pipeline, when routed through the kernel. */
+    command?: string;
 };
 /** Structured pipeline error — designed for AI agent consumption. */
 export declare class PipelineError extends Error {
@@ -55,7 +60,7 @@ export declare class PipelineError extends Error {
         step: number;
         action: string;
         config: unknown;
-        errorType: "http_error" | "selector_miss" | "empty_result" | "parse_error" | "timeout" | "expression_error" | "assertion_failed" | "stale_ref" | "ambiguous" | "ref_not_found";
+        errorType: "http_error" | "selector_miss" | "empty_result" | "parse_error" | "network_error" | "timeout" | "expression_error" | "assertion_failed" | "permission_denied" | "stale_ref" | "ambiguous" | "ref_not_found";
         url?: string;
         statusCode?: number;
         responsePreview?: string;
@@ -67,7 +72,7 @@ export declare class PipelineError extends Error {
         step: number;
         action: string;
         config: unknown;
-        errorType: "http_error" | "selector_miss" | "empty_result" | "parse_error" | "timeout" | "expression_error" | "assertion_failed" | "stale_ref" | "ambiguous" | "ref_not_found";
+        errorType: "http_error" | "selector_miss" | "empty_result" | "parse_error" | "network_error" | "timeout" | "expression_error" | "assertion_failed" | "permission_denied" | "stale_ref" | "ambiguous" | "ref_not_found";
         url?: string;
         statusCode?: number;
         responsePreview?: string;
@@ -81,7 +86,7 @@ export declare class PipelineError extends Error {
         step: number;
         action: string;
         config: unknown;
-        errorType: "http_error" | "selector_miss" | "empty_result" | "parse_error" | "timeout" | "expression_error" | "assertion_failed" | "stale_ref" | "ambiguous" | "ref_not_found";
+        errorType: "http_error" | "selector_miss" | "empty_result" | "parse_error" | "network_error" | "timeout" | "expression_error" | "assertion_failed" | "permission_denied" | "stale_ref" | "ambiguous" | "ref_not_found";
         url?: string;
         statusCode?: number;
         responsePreview?: string;