adaptoclaw 1.0.0

package/dist/config.js

@@ -0,0 +1,71 @@
+import path from 'path';
+import { readEnvFile } from './env.js';
+// Read config values from .env (falls back to process.env).
+// Secrets are NOT read here — they stay on disk and are loaded only
+// where needed (container-runner.ts) to avoid leaking to child processes.
+const envConfig = readEnvFile([
+    'ASSISTANT_NAME',
+    'ASSISTANT_HAS_OWN_NUMBER',
+    'TELEGRAM_BOT_TOKEN',
+    'TELEGRAM_ONLY',
+    'WA_PHONE_NUMBER',
+    'WA_AUTO_REGISTER',
+    'WA_LISTEN_ONLY',
+    'RQLITE_URL',
+    'DRY_RUN',
+    'AMOCRM_ENABLED',
+    'AMOCRM_BASE_URL',
+    'AMOCRM_WEBHOOK_PORT',
+    'AMOCRM_SALESBOT_ID',
+    'AMOCRM_RESPONSE_FIELD_ID',
+    'AMOCRM_GROUP_FOLDER',
+    'AMOCRM_LIVE_LEADS',
+]);
+export const ASSISTANT_NAME = process.env.ASSISTANT_NAME || envConfig.ASSISTANT_NAME || 'Andy';
+export const ASSISTANT_HAS_OWN_NUMBER = (process.env.ASSISTANT_HAS_OWN_NUMBER || envConfig.ASSISTANT_HAS_OWN_NUMBER) === 'true';
+export const POLL_INTERVAL = 2000;
+export const SCHEDULER_POLL_INTERVAL = 60000;
+// Absolute paths needed for container mounts
+const PROJECT_ROOT = process.cwd();
+const HOME_DIR = process.env.HOME || '/Users/user';
+// Mount security: allowlist stored OUTSIDE project root, never mounted into containers
+export const MOUNT_ALLOWLIST_PATH = path.join(HOME_DIR, '.config', 'nanoclaw', 'mount-allowlist.json');
+export const STORE_DIR = path.resolve(PROJECT_ROOT, 'store');
+export const GROUPS_DIR = path.resolve(PROJECT_ROOT, 'groups');
+export const DATA_DIR = path.resolve(PROJECT_ROOT, 'data');
+export const MAIN_GROUP_FOLDER = 'main';
+export const CONTAINER_IMAGE = process.env.CONTAINER_IMAGE || 'nanoclaw-agent:latest';
+export const CONTAINER_TIMEOUT = parseInt(process.env.CONTAINER_TIMEOUT || '1800000', 10);
+export const CONTAINER_MAX_OUTPUT_SIZE = parseInt(process.env.CONTAINER_MAX_OUTPUT_SIZE || '10485760', 10); // 10MB default
+export const IPC_POLL_INTERVAL = 1000;
+export const IDLE_TIMEOUT = parseInt(process.env.IDLE_TIMEOUT || '1800000', 10); // 30min default — how long to keep container alive after last result
+export const MAX_CONCURRENT_CONTAINERS = Math.max(1, parseInt(process.env.MAX_CONCURRENT_CONTAINERS || '5', 10) || 5);
+function escapeRegex(str) {
+    return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+export const TRIGGER_PATTERN = new RegExp(`^@${escapeRegex(ASSISTANT_NAME)}\\b`, 'i');
+// Timezone for scheduled tasks (cron expressions, etc.)
+// Uses system timezone by default
+export const TIMEZONE = process.env.TZ || Intl.DateTimeFormat().resolvedOptions().timeZone;
+// Telegram configuration
+export const MEDIA_DIR = path.join(DATA_DIR, 'media');
+export const TELEGRAM_BOT_TOKEN = process.env.TELEGRAM_BOT_TOKEN || envConfig.TELEGRAM_BOT_TOKEN || '';
+export const TELEGRAM_ONLY = (process.env.TELEGRAM_ONLY || envConfig.TELEGRAM_ONLY) === 'true';
+export const WA_PHONE_NUMBER = process.env.WA_PHONE_NUMBER || envConfig.WA_PHONE_NUMBER || '';
+export const WA_AUTO_REGISTER = (process.env.WA_AUTO_REGISTER || envConfig.WA_AUTO_REGISTER) === 'true';
+export const WA_LISTEN_ONLY = (process.env.WA_LISTEN_ONLY || envConfig.WA_LISTEN_ONLY) === 'true';
+export const DRY_RUN = (process.env.DRY_RUN || envConfig.DRY_RUN) === 'true';
+// AmoCRM configuration
+// Set AMOCRM_ENABLED=false to temporarily disable AmoCRM channel (webhook won't start, no messages processed)
+export const AMOCRM_ENABLED = (process.env.AMOCRM_ENABLED || envConfig.AMOCRM_ENABLED || 'true') !== 'false';
+export const AMOCRM_BASE_URL = process.env.AMOCRM_BASE_URL || envConfig.AMOCRM_BASE_URL || '';
+export const AMOCRM_WEBHOOK_PORT = parseInt(process.env.AMOCRM_WEBHOOK_PORT || envConfig.AMOCRM_WEBHOOK_PORT || '3200', 10);
+export const AMOCRM_SALESBOT_ID = parseInt(process.env.AMOCRM_SALESBOT_ID || envConfig.AMOCRM_SALESBOT_ID || '0', 10);
+export const AMOCRM_RESPONSE_FIELD_ID = parseInt(process.env.AMOCRM_RESPONSE_FIELD_ID || envConfig.AMOCRM_RESPONSE_FIELD_ID || '0', 10);
+export const AMOCRM_GROUP_FOLDER = process.env.AMOCRM_GROUP_FOLDER || envConfig.AMOCRM_GROUP_FOLDER || 'pvefilm';
+// Comma-separated lead IDs that receive real responses. Empty = all DRY_RUN.
+export const AMOCRM_LIVE_LEADS = new Set((process.env.AMOCRM_LIVE_LEADS || envConfig.AMOCRM_LIVE_LEADS || '')
+    .split(',')
+    .map((s) => s.trim())
+    .filter(Boolean));
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAEvC,4DAA4D;AAC5D,oEAAoE;AACpE,0EAA0E;AAC1E,MAAM,SAAS,GAAG,WAAW,CAAC;IAC5B,gBAAgB;IAChB,0BAA0B;IAC1B,oBAAoB;IACpB,eAAe;IACf,iBAAiB;IACjB,kBAAkB;IAClB,gBAAgB;IAChB,YAAY;IACZ,SAAS;IACT,gBAAgB;IAChB,iBAAiB;IACjB,qBAAqB;IACrB,oBAAoB;IACpB,0BAA0B;IAC1B,qBAAqB;IACrB,mBAAmB;CACpB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,cAAc,GACzB,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,SAAS,CAAC,cAAc,IAAI,MAAM,CAAC;AACnE,MAAM,CAAC,MAAM,wBAAwB,GACnC,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,SAAS,CAAC,wBAAwB,CAAC,KAAK,MAAM,CAAC;AAC1F,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,CAAC;AAClC,MAAM,CAAC,MAAM,uBAAuB,GAAG,KAAK,CAAC;AAE7C,6CAA6C;AAC7C,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;AACnC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,aAAa,CAAC;AAEnD,uFAAuF;AACvF,MAAM,CAAC,MAAM,oBAAoB,GAAG,IAAI,CAAC,IAAI,CAC3C,QAAQ,EACR,SAAS,EACT,UAAU,EACV,sBAAsB,CACvB,CAAC;AACF,MAAM,CAAC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;AAC7D,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;AAC/D,MAAM,CAAC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;AAC3D,MAAM,CAAC,MAAM,iBAAiB,GAAG,MAAM,CAAC;AAExC,MAAM,CAAC,MAAM,eAAe,GAC1B,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,uBAAuB,CAAC;AACzD,MAAM,CAAC,MAAM,iBAAiB,GAAG,QAAQ,CACvC,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,SAAS,EAC1C,EAAE,CACH,CAAC;AACF,MAAM,CAAC,MAAM,yBAAyB,GAAG,QAAQ,CAC/C,OAAO,CAAC,GAAG,CAAC,yBAAyB,IAAI,UAAU,EACnD,EAAE,CACH,CAAC,CAAC,eAAe;AAClB,MAAM,CAAC,MAAM,iBAAiB,GAAG,IAAI,CAAC;AACtC,MAAM,CAAC,MAAM,YAAY,GAAG,QAAQ,CAClC,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,SAAS,EACrC,EAAE,CACH,CAAC,CAAC,qEAAqE;AACxE,MAAM,CAAC,MAAM,yBAAyB,GAAG,IAAI,CAAC,GAAG,CAC/C,CAAC,EACD,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,IAAI,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,CAChE,CAAC;AAEF,SAAS,WAAW,CAAC,GAAW;IAC9B,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC;AAED,MAAM,CAAC,MAAM,eAAe,GAAG,IAAI,MAAM,CACvC,KAAK,WAAW,CAAC,cAAc,CAAC,KAAK,EACrC,GAAG,CACJ,CAAC;AAEF,wDAAwD;AACxD,kCAAkC;AAClC,MAAM,CAAC,MAAM,QAAQ,GACnB,OAAO,CAAC,GAAG,CAAC,EAAE,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC,eAAe,EAAE,CAAC,QAAQ,CAAC;AAErE,yBAAyB;AACzB,MAAM,CAAC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;AAEtD,MAAM,CAAC,MAAM,kBAAkB,GAC7B,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,SAAS,CAAC,kBAAkB,IAAI,EAAE,CAAC;AACvE,MAAM,CAAC,MAAM,aAAa,GACxB,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,SAAS,CAAC,aAAa,CAAC,KAAK,MAAM,CAAC;AACpE,MAAM,CAAC,MAAM,eAAe,GAC1B,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,SAAS,CAAC,eAAe,IAAI,EAAE,CAAC;AACjE,MAAM,CAAC,MAAM,gBAAgB,GAC3B,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,SAAS,CAAC,gBAAgB,CAAC,KAAK,MAAM,CAAC;AAC1E,MAAM,CAAC,MAAM,cAAc,GACzB,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,SAAS,CAAC,cAAc,CAAC,KAAK,MAAM,CAAC;AACtE,MAAM,CAAC,MAAM,OAAO,GAClB,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,SAAS,CAAC,OAAO,CAAC,KAAK,MAAM,CAAC;AAExD,uBAAuB;AACvB,8GAA8G;AAC9G,MAAM,CAAC,MAAM,cAAc,GACzB,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,SAAS,CAAC,cAAc,IAAI,MAAM,CAAC,KAAK,OAAO,CAAC;AACjF,MAAM,CAAC,MAAM,eAAe,GAC1B,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,SAAS,CAAC,eAAe,IAAI,EAAE,CAAC;AACjE,MAAM,CAAC,MAAM,mBAAmB,GAAG,QAAQ,CACzC,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,SAAS,CAAC,mBAAmB,IAAI,MAAM,EAC1E,EAAE,CACH,CAAC;AACF,MAAM,CAAC,MAAM,kBAAkB,GAAG,QAAQ,CACxC,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,SAAS,CAAC,kBAAkB,IAAI,GAAG,EACrE,EAAE,CACH,CAAC;AACF,MAAM,CAAC,MAAM,wBAAwB,GAAG,QAAQ,CAC9C,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,SAAS,CAAC,wBAAwB,IAAI,GAAG,EACjF,EAAE,CACH,CAAC;AACF,MAAM,CAAC,MAAM,mBAAmB,GAC9B,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,SAAS,CAAC,mBAAmB,IAAI,SAAS,CAAC;AAChF,6EAA6E;AAC7E,MAAM,CAAC,MAAM,iBAAiB,GAAG,IAAI,GAAG,CACtC,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,SAAS,CAAC,iBAAiB,IAAI,EAAE,CAAC;KACjE,KAAK,CAAC,GAAG,CAAC;KACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;KACpB,MAAM,CAAC,OAAO,CAAC,CACnB,CAAC"}

package/dist/container-runner.d.ts

@@ -0,0 +1,47 @@
+/**
+ * Container Runner for NanoClaw
+ * Spawns agent execution in containers and handles IPC
+ */
+import { ChildProcess } from 'child_process';
+import { RegisteredGroup } from './types.js';
+export interface ContainerInput {
+    prompt: string;
+    sessionId?: string;
+    groupFolder: string;
+    chatJid: string;
+    isMain: boolean;
+    isScheduledTask?: boolean;
+    isBackgroundTask?: boolean;
+    backgroundTaskId?: string;
+    secrets?: Record<string, string>;
+    model?: string;
+}
+export interface ContainerOutput {
+    status: 'success' | 'error';
+    result: string | null;
+    newSessionId?: string;
+    error?: string;
+}
+export declare function runContainerAgent(group: RegisteredGroup, input: ContainerInput, onProcess: (proc: ChildProcess, containerName: string) => void, onOutput?: (output: ContainerOutput) => Promise<void>): Promise<ContainerOutput>;
+export declare function writeTasksSnapshot(groupFolder: string, isMain: boolean, tasks: Array<{
+    id: string;
+    groupFolder: string;
+    prompt: string;
+    schedule_type: string;
+    schedule_value: string;
+    status: string;
+    next_run: string | null;
+}>): void;
+export interface AvailableGroup {
+    jid: string;
+    name: string;
+    lastActivity: string;
+    isRegistered: boolean;
+}
+/**
+ * Write available groups snapshot for the container to read.
+ * Only main group can see all available groups (for activation).
+ * Non-main groups only see their own registration status.
+ */
+export declare function writeGroupsSnapshot(groupFolder: string, isMain: boolean, groups: AvailableGroup[], registeredJids: Set<string>): void;
+//# sourceMappingURL=container-runner.d.ts.map

package/dist/container-runner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"container-runner.d.ts","sourceRoot":"","sources":["../src/container-runner.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,YAAY,EAAe,MAAM,eAAe,CAAC;AAkB1D,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAM7C,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,OAAO,CAAC;IAChB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,SAAS,GAAG,OAAO,CAAC;IAC5B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAqOD,wBAAsB,iBAAiB,CACrC,KAAK,EAAE,eAAe,EACtB,KAAK,EAAE,cAAc,EACrB,SAAS,EAAE,CAAC,IAAI,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,KAAK,IAAI,EAC9D,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,eAAe,KAAK,OAAO,CAAC,IAAI,CAAC,GACpD,OAAO,CAAC,eAAe,CAAC,CAmU1B;AAED,wBAAgB,kBAAkB,CAChC,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,OAAO,EACf,KAAK,EAAE,KAAK,CAAC;IACX,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,CAAC,GACD,IAAI,CAYN;AAED,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,OAAO,CAAC;CACvB;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CACjC,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,OAAO,EACf,MAAM,EAAE,cAAc,EAAE,EACxB,cAAc,EAAE,GAAG,CAAC,MAAM,CAAC,GAC1B,IAAI,CAmBN"}

package/dist/container-runner.js

@@ -0,0 +1,494 @@
+/**
+ * Container Runner for NanoClaw
+ * Spawns agent execution in containers and handles IPC
+ */
+import { exec, spawn } from 'child_process';
+import fs from 'fs';
+import path from 'path';
+import { CONTAINER_IMAGE, CONTAINER_MAX_OUTPUT_SIZE, CONTAINER_TIMEOUT, DATA_DIR, GROUPS_DIR, IDLE_TIMEOUT, } from './config.js';
+import { logContainerRun } from './db.js';
+import { readEnvFile } from './env.js';
+import { resolveGroupFolderPath, resolveGroupIpcPath } from './group-folder.js';
+import { logger } from './logger.js';
+import { CONTAINER_RUNTIME_BIN, readonlyMountArgs, stopContainer } from './container-runtime.js';
+import { validateAdditionalMounts } from './mount-security.js';
+// Sentinel markers for robust output parsing (must match agent-runner)
+const OUTPUT_START_MARKER = '---NANOCLAW_OUTPUT_START---';
+const OUTPUT_END_MARKER = '---NANOCLAW_OUTPUT_END---';
+function buildVolumeMounts(group, isMain) {
+    const mounts = [];
+    const projectRoot = process.cwd();
+    const groupDir = resolveGroupFolderPath(group.folder);
+    if (isMain) {
+        // Main gets the project root read-only. Writable paths the agent needs
+        // (group folder, IPC, .claude/) are mounted separately below.
+        // Read-only prevents the agent from modifying host application code
+        // (src/, dist/, package.json, etc.) which would bypass the sandbox
+        // entirely on next restart.
+        mounts.push({
+            hostPath: projectRoot,
+            containerPath: '/workspace/project',
+            readonly: true,
+        });
+        // Main also gets its group folder as the working directory
+        mounts.push({
+            hostPath: groupDir,
+            containerPath: '/workspace/group',
+            readonly: false,
+        });
+    }
+    else {
+        // Other groups only get their own folder
+        mounts.push({
+            hostPath: groupDir,
+            containerPath: '/workspace/group',
+            readonly: false,
+        });
+        // Global memory directory (read-only for non-main)
+        // Only directory mounts are supported, not file mounts
+        const globalDir = path.join(GROUPS_DIR, 'global');
+        if (fs.existsSync(globalDir)) {
+            mounts.push({
+                hostPath: globalDir,
+                containerPath: '/workspace/global',
+                readonly: true,
+            });
+        }
+    }
+    // Per-group Claude sessions directory (isolated from other groups)
+    // Each group gets their own .claude/ to prevent cross-group session access
+    const groupSessionsDir = path.join(DATA_DIR, 'sessions', group.folder, '.claude');
+    fs.mkdirSync(groupSessionsDir, { recursive: true });
+    const settingsFile = path.join(groupSessionsDir, 'settings.json');
+    if (!fs.existsSync(settingsFile)) {
+        fs.writeFileSync(settingsFile, JSON.stringify({
+            env: {
+                // Enable agent swarms (subagent orchestration)
+                // https://code.claude.com/docs/en/agent-teams#orchestrate-teams-of-claude-code-sessions
+                CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS: '1',
+                // Load CLAUDE.md from additional mounted directories
+                // https://code.claude.com/docs/en/memory#load-memory-from-additional-directories
+                CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD: '1',
+                // Enable Claude's memory feature (persists user preferences between sessions)
+                // https://code.claude.com/docs/en/memory#manage-auto-memory
+                CLAUDE_CODE_DISABLE_AUTO_MEMORY: '0',
+            },
+        }, null, 2) + '\n');
+    }
+    // Sync skills from container/skills/ into each group's .claude/skills/
+    const skillsSrc = path.join(process.cwd(), 'container', 'skills');
+    const skillsDst = path.join(groupSessionsDir, 'skills');
+    if (fs.existsSync(skillsSrc)) {
+        for (const skillDir of fs.readdirSync(skillsSrc)) {
+            const srcDir = path.join(skillsSrc, skillDir);
+            if (!fs.statSync(srcDir).isDirectory())
+                continue;
+            const dstDir = path.join(skillsDst, skillDir);
+            fs.cpSync(srcDir, dstDir, { recursive: true });
+        }
+    }
+    mounts.push({
+        hostPath: groupSessionsDir,
+        containerPath: '/home/node/.claude',
+        readonly: false,
+    });
+    // Per-group IPC namespace: each group gets its own IPC directory
+    // This prevents cross-group privilege escalation via IPC
+    const groupIpcDir = resolveGroupIpcPath(group.folder);
+    fs.mkdirSync(path.join(groupIpcDir, 'messages'), { recursive: true });
+    fs.mkdirSync(path.join(groupIpcDir, 'tasks'), { recursive: true });
+    fs.mkdirSync(path.join(groupIpcDir, 'input'), { recursive: true });
+    fs.mkdirSync(path.join(groupIpcDir, 'wa_requests'), { recursive: true });
+    fs.mkdirSync(path.join(groupIpcDir, 'wa_responses'), { recursive: true });
+    mounts.push({
+        hostPath: groupIpcDir,
+        containerPath: '/workspace/ipc',
+        readonly: false,
+    });
+    // Copy agent-runner source into a per-group writable location so agents
+    // can customize it (add tools, change behavior) without affecting other
+    // groups. Recompiled on container startup via entrypoint.sh.
+    const agentRunnerSrc = path.join(projectRoot, 'container', 'agent-runner', 'src');
+    const groupAgentRunnerDir = path.join(DATA_DIR, 'sessions', group.folder, 'agent-runner-src');
+    if (!fs.existsSync(groupAgentRunnerDir) && fs.existsSync(agentRunnerSrc)) {
+        fs.cpSync(agentRunnerSrc, groupAgentRunnerDir, { recursive: true });
+    }
+    mounts.push({
+        hostPath: groupAgentRunnerDir,
+        containerPath: '/app/src',
+        readonly: false,
+    });
+    // Persistent browser profile (cookies, localStorage, sessions)
+    const browserProfileDir = path.join(DATA_DIR, 'sessions', group.folder, 'browser-profile');
+    fs.mkdirSync(browserProfileDir, { recursive: true });
+    mounts.push({
+        hostPath: browserProfileDir,
+        containerPath: '/home/node/.browser-profile',
+        readonly: false,
+    });
+    // Media directory — shared between host and container for media files
+    const mediaDir = path.join(DATA_DIR, 'media');
+    fs.mkdirSync(mediaDir, { recursive: true });
+    mounts.push({
+        hostPath: mediaDir,
+        containerPath: '/workspace/media',
+        readonly: false, // writable so agent can save screenshots/files for sending
+    });
+    // NCALayer adapter + .p12 key for digital signing
+    const adapterDir = path.join(projectRoot, 'container', 'ncalayer-adapter');
+    if (fs.existsSync(adapterDir)) {
+        mounts.push({
+            hostPath: adapterDir,
+            containerPath: '/workspace/ncalayer-adapter',
+            readonly: true,
+        });
+    }
+    const p12Env = readEnvFile(['P12_PATH']);
+    const p12Path = p12Env.P12_PATH || '';
+    if (p12Path && fs.existsSync(p12Path)) {
+        const keysDir = path.dirname(p12Path);
+        mounts.push({
+            hostPath: keysDir,
+            containerPath: '/workspace/keys',
+            readonly: true,
+        });
+    }
+    // Additional mounts validated against external allowlist (tamper-proof from containers)
+    if (group.containerConfig?.additionalMounts) {
+        const validatedMounts = validateAdditionalMounts(group.containerConfig.additionalMounts, group.name, isMain);
+        mounts.push(...validatedMounts);
+    }
+    return mounts;
+}
+/**
+ * Read allowed secrets from .env for passing to the container via stdin.
+ * Secrets are never written to disk or mounted as files.
+ */
+function readSecrets() {
+    return readEnvFile(['CLAUDE_CODE_OAUTH_TOKEN', 'ANTHROPIC_API_KEY']);
+}
+function buildContainerArgs(mounts, containerName, model, chatJid) {
+    const args = ['run', '-i', '--rm', '--name', containerName];
+    // Run as host user so bind-mounted files are accessible.
+    // Skip when running as root (uid 0), as the container's node user (uid 1000),
+    // or when getuid is unavailable (native Windows without WSL).
+    const hostUid = process.getuid?.();
+    const hostGid = process.getgid?.();
+    if (hostUid != null && hostUid !== 0 && hostUid !== 1000) {
+        args.push('--user', `${hostUid}:${hostGid}`);
+        args.push('-e', 'HOME=/home/node');
+    }
+    // Pass CLAUDE_MODEL to container — input.model overrides env default
+    const effectiveModel = model || process.env.CLAUDE_MODEL || 'claude-sonnet-4-6';
+    args.push('-e', `CLAUDE_MODEL=${effectiveModel}`);
+    // Persistent browser profile — cookies and sessions survive container restarts
+    args.push('-e', 'AGENT_BROWSER_PROFILE=/home/node/.browser-profile');
+    // Mobile device emulation — lighter pages, saves tokens
+    args.push('-e', 'AGENT_BROWSER_USER_AGENT=Mozilla/5.0 (Linux; Android 14; SM-A546B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36');
+    // NCALayer adapter: connect to nanoclaw-net so agent can reach NCANode
+    const ncaEnv = readEnvFile(['P12_PASSWORD']);
+    args.push('--network', 'nanoclaw-net');
+    if (ncaEnv.P12_PASSWORD) {
+        args.push('-e', `P12_PASSWORD=${ncaEnv.P12_PASSWORD}`);
+        args.push('-e', 'NCANODE_URL=http://ncanode:14579');
+        if (chatJid)
+            args.push('-e', `CHAT_JID=${chatJid}`);
+    }
+    for (const mount of mounts) {
+        if (mount.readonly) {
+            args.push(...readonlyMountArgs(mount.hostPath, mount.containerPath));
+        }
+        else {
+            args.push('-v', `${mount.hostPath}:${mount.containerPath}`);
+        }
+    }
+    args.push(CONTAINER_IMAGE);
+    return args;
+}
+export async function runContainerAgent(group, input, onProcess, onOutput) {
+    const startTime = Date.now();
+    const groupDir = resolveGroupFolderPath(group.folder);
+    fs.mkdirSync(groupDir, { recursive: true });
+    const mounts = buildVolumeMounts(group, input.isMain);
+    const safeName = group.folder.replace(/[^a-zA-Z0-9-]/g, '-');
+    const containerName = `nanoclaw-${safeName}-${Date.now()}`;
+    const containerArgs = buildContainerArgs(mounts, containerName, input.model, input.chatJid);
+    logger.debug({
+        group: group.name,
+        containerName,
+        mounts: mounts.map((m) => `${m.hostPath} -> ${m.containerPath}${m.readonly ? ' (ro)' : ''}`),
+        containerArgs: containerArgs.join(' '),
+    }, 'Container mount configuration');
+    logger.info({
+        group: group.name,
+        containerName,
+        mountCount: mounts.length,
+        isMain: input.isMain,
+    }, 'Spawning container agent');
+    return new Promise((resolve) => {
+        const container = spawn(CONTAINER_RUNTIME_BIN, containerArgs, {
+            stdio: ['pipe', 'pipe', 'pipe'],
+        });
+        onProcess(container, containerName);
+        let stdout = '';
+        let stderr = '';
+        let stdoutTruncated = false;
+        let stderrTruncated = false;
+        // Pass secrets via stdin (never written to disk or mounted as files)
+        input.secrets = readSecrets();
+        container.stdin.write(JSON.stringify(input));
+        container.stdin.end();
+        // Remove secrets from input so they don't appear in logs
+        delete input.secrets;
+        // Streaming output: parse OUTPUT_START/END marker pairs as they arrive
+        let parseBuffer = '';
+        let newSessionId;
+        let outputChain = Promise.resolve();
+        container.stdout.on('data', (data) => {
+            const chunk = data.toString();
+            // Always accumulate for logging
+            if (!stdoutTruncated) {
+                const remaining = CONTAINER_MAX_OUTPUT_SIZE - stdout.length;
+                if (chunk.length > remaining) {
+                    stdout += chunk.slice(0, remaining);
+                    stdoutTruncated = true;
+                    logger.warn({ group: group.name, size: stdout.length }, 'Container stdout truncated due to size limit');
+                }
+                else {
+                    stdout += chunk;
+                }
+            }
+            // Stream-parse for output markers
+            if (onOutput) {
+                parseBuffer += chunk;
+                let startIdx;
+                while ((startIdx = parseBuffer.indexOf(OUTPUT_START_MARKER)) !== -1) {
+                    const endIdx = parseBuffer.indexOf(OUTPUT_END_MARKER, startIdx);
+                    if (endIdx === -1)
+                        break; // Incomplete pair, wait for more data
+                    const jsonStr = parseBuffer
+                        .slice(startIdx + OUTPUT_START_MARKER.length, endIdx)
+                        .trim();
+                    parseBuffer = parseBuffer.slice(endIdx + OUTPUT_END_MARKER.length);
+                    try {
+                        const parsed = JSON.parse(jsonStr);
+                        if (parsed.newSessionId) {
+                            newSessionId = parsed.newSessionId;
+                        }
+                        hadStreamingOutput = true;
+                        // Activity detected — reset the hard timeout
+                        resetTimeout();
+                        // Call onOutput for all markers (including null results)
+                        // so idle timers start even for "silent" query completions.
+                        outputChain = outputChain.then(() => onOutput(parsed));
+                    }
+                    catch (err) {
+                        logger.warn({ group: group.name, error: err }, 'Failed to parse streamed output chunk');
+                    }
+                }
+            }
+        });
+        container.stderr.on('data', (data) => {
+            const chunk = data.toString();
+            const lines = chunk.trim().split('\n');
+            for (const line of lines) {
+                if (line)
+                    logger.debug({ container: group.folder }, line);
+            }
+            // Don't reset timeout on stderr — SDK writes debug logs continuously.
+            // Timeout only resets on actual output (OUTPUT_MARKER in stdout).
+            if (stderrTruncated)
+                return;
+            const remaining = CONTAINER_MAX_OUTPUT_SIZE - stderr.length;
+            if (chunk.length > remaining) {
+                stderr += chunk.slice(0, remaining);
+                stderrTruncated = true;
+                logger.warn({ group: group.name, size: stderr.length }, 'Container stderr truncated due to size limit');
+            }
+            else {
+                stderr += chunk;
+            }
+        });
+        let timedOut = false;
+        let hadStreamingOutput = false;
+        const configTimeout = group.containerConfig?.timeout || CONTAINER_TIMEOUT;
+        // Grace period: hard timeout must be at least IDLE_TIMEOUT + 30s so the
+        // graceful _close sentinel has time to trigger before the hard kill fires.
+        const timeoutMs = Math.max(configTimeout, IDLE_TIMEOUT + 30_000);
+        const killOnTimeout = () => {
+            timedOut = true;
+            logger.error({ group: group.name, containerName }, 'Container timeout, stopping gracefully');
+            exec(stopContainer(containerName), { timeout: 15000 }, (err) => {
+                if (err) {
+                    logger.warn({ group: group.name, containerName, err }, 'Graceful stop failed, force killing');
+                    container.kill('SIGKILL');
+                }
+            });
+        };
+        let timeout = setTimeout(killOnTimeout, timeoutMs);
+        // Reset the timeout whenever there's activity (streaming output)
+        const resetTimeout = () => {
+            clearTimeout(timeout);
+            timeout = setTimeout(killOnTimeout, timeoutMs);
+        };
+        container.on('close', (code) => {
+            clearTimeout(timeout);
+            const duration = Date.now() - startTime;
+            if (timedOut) {
+                logContainerRun({
+                    group_folder: group.folder,
+                    container_name: containerName,
+                    duration_ms: duration,
+                    exit_code: code,
+                    is_timeout: true,
+                    log_text: `TIMEOUT | Had Streaming Output: ${hadStreamingOutput}`,
+                    metadata: { hadStreamingOutput },
+                });
+                // Timeout after output = idle cleanup, not failure.
+                // The agent already sent its response; this is just the
+                // container being reaped after the idle period expired.
+                if (hadStreamingOutput) {
+                    logger.info({ group: group.name, containerName, duration, code }, 'Container timed out after output (idle cleanup)');
+                    outputChain.then(() => {
+                        resolve({
+                            status: 'success',
+                            result: null,
+                            newSessionId,
+                        });
+                    });
+                    return;
+                }
+                logger.error({ group: group.name, containerName, duration, code }, 'Container timed out with no output');
+                resolve({
+                    status: 'error',
+                    result: null,
+                    error: `Container timed out after ${configTimeout}ms`,
+                });
+                return;
+            }
+            const isVerbose = process.env.LOG_LEVEL === 'debug' || process.env.LOG_LEVEL === 'trace';
+            const isError = code !== 0;
+            const logText = isVerbose || isError
+                ? [
+                    `Exit Code: ${code}`,
+                    `Duration: ${duration}ms`,
+                    `Stderr${stderrTruncated ? ' (TRUNCATED)' : ''}: ${stderr.slice(-2000)}`,
+                    `Stdout${stdoutTruncated ? ' (TRUNCATED)' : ''}: ${stdout.slice(-2000)}`,
+                ].join('\n')
+                : `Exit Code: ${code} | Duration: ${duration}ms | Prompt: ${input.prompt.length} chars`;
+            logContainerRun({
+                group_folder: group.folder,
+                container_name: containerName,
+                duration_ms: duration,
+                exit_code: code,
+                is_timeout: false,
+                log_text: logText,
+                metadata: { isMain: input.isMain, stdoutTruncated, stderrTruncated },
+            });
+            logger.debug({ containerName, isVerbose }, 'Container log written');
+            if (code !== 0) {
+                logger.error({
+                    group: group.name,
+                    code,
+                    duration,
+                    stderr,
+                    stdout,
+                    containerName,
+                }, 'Container exited with error');
+                resolve({
+                    status: 'error',
+                    result: null,
+                    error: `Container exited with code ${code}: ${stderr.slice(-200)}`,
+                });
+                return;
+            }
+            // Streaming mode: wait for output chain to settle, return completion marker
+            if (onOutput) {
+                outputChain.then(() => {
+                    logger.info({ group: group.name, duration, newSessionId }, 'Container completed (streaming mode)');
+                    resolve({
+                        status: 'success',
+                        result: null,
+                        newSessionId,
+                    });
+                });
+                return;
+            }
+            // Legacy mode: parse the last output marker pair from accumulated stdout
+            try {
+                // Extract JSON between sentinel markers for robust parsing
+                const startIdx = stdout.indexOf(OUTPUT_START_MARKER);
+                const endIdx = stdout.indexOf(OUTPUT_END_MARKER);
+                let jsonLine;
+                if (startIdx !== -1 && endIdx !== -1 && endIdx > startIdx) {
+                    jsonLine = stdout
+                        .slice(startIdx + OUTPUT_START_MARKER.length, endIdx)
+                        .trim();
+                }
+                else {
+                    // Fallback: last non-empty line (backwards compatibility)
+                    const lines = stdout.trim().split('\n');
+                    jsonLine = lines[lines.length - 1];
+                }
+                const output = JSON.parse(jsonLine);
+                logger.info({
+                    group: group.name,
+                    duration,
+                    status: output.status,
+                    hasResult: !!output.result,
+                }, 'Container completed');
+                resolve(output);
+            }
+            catch (err) {
+                logger.error({
+                    group: group.name,
+                    stdout,
+                    stderr,
+                    error: err,
+                }, 'Failed to parse container output');
+                resolve({
+                    status: 'error',
+                    result: null,
+                    error: `Failed to parse container output: ${err instanceof Error ? err.message : String(err)}`,
+                });
+            }
+        });
+        container.on('error', (err) => {
+            clearTimeout(timeout);
+            logger.error({ group: group.name, containerName, error: err }, 'Container spawn error');
+            resolve({
+                status: 'error',
+                result: null,
+                error: `Container spawn error: ${err.message}`,
+            });
+        });
+    });
+}
+export function writeTasksSnapshot(groupFolder, isMain, tasks) {
+    // Write filtered tasks to the group's IPC directory
+    const groupIpcDir = resolveGroupIpcPath(groupFolder);
+    fs.mkdirSync(groupIpcDir, { recursive: true });
+    // Main sees all tasks, others only see their own
+    const filteredTasks = isMain
+        ? tasks
+        : tasks.filter((t) => t.groupFolder === groupFolder);
+    const tasksFile = path.join(groupIpcDir, 'current_tasks.json');
+    fs.writeFileSync(tasksFile, JSON.stringify(filteredTasks, null, 2));
+}
+/**
+ * Write available groups snapshot for the container to read.
+ * Only main group can see all available groups (for activation).
+ * Non-main groups only see their own registration status.
+ */
+export function writeGroupsSnapshot(groupFolder, isMain, groups, registeredJids) {
+    const groupIpcDir = resolveGroupIpcPath(groupFolder);
+    fs.mkdirSync(groupIpcDir, { recursive: true });
+    // Main sees all groups; others see nothing (they can't activate groups)
+    const visibleGroups = isMain ? groups : [];
+    const groupsFile = path.join(groupIpcDir, 'available_groups.json');
+    fs.writeFileSync(groupsFile, JSON.stringify({
+        groups: visibleGroups,
+        lastSync: new Date().toISOString(),
+    }, null, 2));
+}
+//# sourceMappingURL=container-runner.js.map