airlock-bot 0.0.1 → 0.2.2

package/dist/pool/pool.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pool.js","sourceRoot":"","sources":["../../src/pool/pool.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAGjD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,MAAM,GAAG,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAKhC,MAAM,OAAO,UAAU;IAMX;IACA;IANF,OAAO,GAAG,IAAI,GAAG,EAAqB,CAAC;IACvC,WAAW,CAAkB;IAC7B,cAAc,CAAwB;IAE9C,YACU,IAAqC,EACrC,OAAyD;QADzD,SAAI,GAAJ,IAAI,CAAiC;QACrC,YAAO,GAAP,OAAO,CAAkD;IAChE,CAAC;IAEJ,aAAa,CAAC,EAAwB;QACpC,IAAI,CAAC,cAAc,GAAG,EAAE,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,UAAU;QACd,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1C,MAAM,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QAClF,IAAI,CAAC,gBAAgB,EAAE,CAAC;IAC1B,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,EAAU,EAAE,GAAoB;QAC1D,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QAC1C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,OAAO,EAAE,CAAC;YACvB,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,eAAe,CAAC,CAAC;YAClC,IAAI,CAAC,cAAc,EAAE,CAAC,EAAE,CAAC,CAAC;QAC5B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,kDAAkD,CAAC,CAAC;YAC3E,IAAI,CAAC,mBAAmB,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAEO,mBAAmB,CAAC,EAAU,EAAE,MAAiB;QACvD,MAAM;aACH,OAAO,EAAE;aACT,IAAI,CAAC,GAAG,EAAE;YACT,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,4BAA4B,CAAC,CAAC;YAC/C,IAAI,CAAC,cAAc,EAAE,CAAC,EAAE,CAAC,CAAC;QAC5B,CAAC,CAAC;aACD,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IACrB,CAAC;IAEO,YAAY,CAAC,EAAU,EAAE,GAAoB;QACnD,QAAQ,GAAG,CAAC,IAAI,EAAE,CAAC;YACjB,KAAK,OAAO;gBACV,OAAO,IAAI,cAAc,CAAC,EAAE,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YAC3F,KAAK,KAAK;gBACR,OAAO,IAAI,YAAY,CAAC,EAAE,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YACpD,KAAK,MAAM;gBACT,OAAO,IAAI,aAAa,CAAC,EAAE,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC;QAC3F,CAAC;IACH,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,KAAa;QAC3B,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,KAAK,EAAE,CAAC,CAAC;QACtD,OAAO,MAAM,CAAC,SAAS,EAAE,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,KAAa,EAAE,QAAgB,EAAE,IAA6B;QAC3E,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,KAAK,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,OAAO,KAAK,mBAAmB,CAAC,CAAC;QACxE,OAAO,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAwC;QACnD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QAE7C,mCAAmC;QACnC,KAAK,MAAM,EAAE,IAAI,MAAM,EAAE,CAAC;YACxB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;gBACpB,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,oCAAoC,CAAC,CAAC;gBACvD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAE,CAAC;gBACrC,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,4BAA4B,CAAC,CAAC,CAAC;gBACzF,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;QAED,eAAe;QACf,KAAK,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAChD,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;gBACpB,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,mCAAmC,CAAC,CAAC;gBACtD,KAAK,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;QAED,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC;IACtB,CAAC;IAED,WAAW;QACT,MAAM,MAAM,GAAiC,EAAE,CAAC;QAChD,KAAK,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACxC,MAAM,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC;QAChD,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,aAAa,CAAC,KAAa;QACzB,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,aAAa,EAAE,CAAC;IAClD,CAAC;IAED,SAAS;QACP,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC;IAEO,gBAAgB;QACtB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC,GAAG,EAAE;YAClC,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;YACpE,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpB,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,oBAAoB,CAAC,CAAC;YACnE,CAAC;QACH,CAAC,EAAE,MAAM,CAAC,CAAC;QACX,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,IAAI;QACR,aAAa,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAChC,MAAM,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACnF,CAAC;CACF"}

package/dist/pool/required-mcps.d.ts

@@ -0,0 +1,7 @@
+import type { AgentConfig } from '../config/schema.js';
+/**
+ * Return the MCP IDs from `availableMcpIds` that are actually referenced
+ * by the agent's allow or ask lists. Built-in namespaces (http, exec) are excluded.
+ */
+export declare function requiredMcpsForAgent(agentConfig: AgentConfig, availableMcpIds: string[]): string[];
+//# sourceMappingURL=required-mcps.d.ts.map

package/dist/pool/required-mcps.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"required-mcps.d.ts","sourceRoot":"","sources":["../../src/pool/required-mcps.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAIvD;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,WAAW,EAAE,WAAW,EACxB,eAAe,EAAE,MAAM,EAAE,GACxB,MAAM,EAAE,CAaV"}

package/dist/pool/required-mcps.js

@@ -0,0 +1,18 @@
+const BUILTIN_NAMESPACES = new Set(['http', 'exec']);
+/**
+ * Return the MCP IDs from `availableMcpIds` that are actually referenced
+ * by the agent's allow or ask lists. Built-in namespaces (http, exec) are excluded.
+ */
+export function requiredMcpsForAgent(agentConfig, availableMcpIds) {
+    const available = new Set(availableMcpIds);
+    const needed = new Set();
+    // Check both allow and ask — ask implies the tool will be used
+    for (const pattern of [...agentConfig.allow, ...agentConfig.ask]) {
+        const namespace = pattern.split('/')[0];
+        if (namespace && !BUILTIN_NAMESPACES.has(namespace) && available.has(namespace)) {
+            needed.add(namespace);
+        }
+    }
+    return Array.from(needed);
+}
+//# sourceMappingURL=required-mcps.js.map

package/dist/pool/required-mcps.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"required-mcps.js","sourceRoot":"","sources":["../../src/pool/required-mcps.ts"],"names":[],"mappings":"AAEA,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;AAErD;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,WAAwB,EACxB,eAAyB;IAEzB,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IAEjC,+DAA+D;IAC/D,KAAK,MAAM,OAAO,IAAI,CAAC,GAAG,WAAW,CAAC,KAAK,EAAE,GAAG,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;QACjE,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACxC,IAAI,SAAS,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YAChF,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC5B,CAAC"}

package/dist/pool/sse-client.d.ts

@@ -0,0 +1,22 @@
+import type { Tool } from '@modelcontextprotocol/sdk/types.js';
+export declare class SseMcpClient {
+    private id;
+    private url;
+    private headers?;
+    private client?;
+    private transport?;
+    private reconnectAttempt;
+    private stopped;
+    private ready;
+    constructor(id: string, url: string, headers?: Record<string, string> | undefined);
+    connect(): Promise<void>;
+    listTools(): Promise<Tool[]>;
+    callTool(name: string, args: Record<string, unknown>): Promise<unknown>;
+    getServerInfo(): {
+        name: string;
+        version: string;
+    } | undefined;
+    isReady(): boolean;
+    stop(): Promise<void>;
+}
+//# sourceMappingURL=sse-client.d.ts.map

package/dist/pool/sse-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sse-client.d.ts","sourceRoot":"","sources":["../../src/pool/sse-client.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAQ/D,qBAAa,YAAY;IAQrB,OAAO,CAAC,EAAE;IACV,OAAO,CAAC,GAAG;IACX,OAAO,CAAC,OAAO,CAAC;IATlB,OAAO,CAAC,MAAM,CAAC,CAAS;IACxB,OAAO,CAAC,SAAS,CAAC,CAAqB;IACvC,OAAO,CAAC,gBAAgB,CAAK;IAC7B,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,KAAK,CAAS;gBAGZ,EAAE,EAAE,MAAM,EACV,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,YAAA;IAGpC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAiCxB,SAAS,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;IAM5B,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;IAK7E,aAAa,IAAI;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,GAAG,SAAS;IAI9D,OAAO,IAAI,OAAO;IAIZ,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;CAI5B"}

package/dist/pool/sse-client.js

@@ -0,0 +1,70 @@
+import { Client } from '@modelcontextprotocol/sdk/client/index.js';
+import { SSEClientTransport } from '@modelcontextprotocol/sdk/client/sse.js';
+import { childLogger } from '../util/logger.js';
+import { VERSION } from '../version.js';
+const log = childLogger('sse-client');
+const BACKOFF_STEPS = [1000, 2000, 4000, 8000, 16000, 30000];
+export class SseMcpClient {
+    id;
+    url;
+    headers;
+    client;
+    transport;
+    reconnectAttempt = 0;
+    stopped = false;
+    ready = false;
+    constructor(id, url, headers) {
+        this.id = id;
+        this.url = url;
+        this.headers = headers;
+    }
+    async connect() {
+        this.transport = new SSEClientTransport(new URL(this.url), {
+            requestInit: this.headers ? { headers: this.headers } : undefined,
+        });
+        this.client = new Client({ name: 'airlock', version: VERSION });
+        this.transport.onclose = () => {
+            this.ready = false;
+            if (!this.stopped) {
+                const delay = BACKOFF_STEPS[Math.min(this.reconnectAttempt, BACKOFF_STEPS.length - 1)];
+                log.warn({ id: this.id, attempt: this.reconnectAttempt, delay }, 'SSE MCP disconnected, reconnecting');
+                this.reconnectAttempt++;
+                setTimeout(() => {
+                    void this.connect().catch((err) => log.error({ err, id: this.id }, 'Reconnect failed'));
+                }, delay);
+            }
+        };
+        try {
+            await this.client.connect(this.transport);
+            this.reconnectAttempt = 0;
+            this.ready = true;
+            log.info({ id: this.id, url: this.url }, 'MCP SSE client connected');
+        }
+        catch (err) {
+            log.error({ err, id: this.id }, 'MCP SSE connect failed');
+            throw err;
+        }
+    }
+    async listTools() {
+        if (!this.client || !this.ready)
+            throw new Error(`MCP ${this.id} not connected`);
+        const result = await this.client.listTools();
+        return result.tools;
+    }
+    async callTool(name, args) {
+        if (!this.client || !this.ready)
+            throw new Error(`MCP ${this.id} not connected`);
+        return this.client.callTool({ name, arguments: args });
+    }
+    getServerInfo() {
+        return this.client?.getServerVersion();
+    }
+    isReady() {
+        return this.ready;
+    }
+    async stop() {
+        this.stopped = true;
+        await this.transport?.close();
+    }
+}
+//# sourceMappingURL=sse-client.js.map

package/dist/pool/sse-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sse-client.js","sourceRoot":"","sources":["../../src/pool/sse-client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,yCAAyC,CAAC;AAE7E,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAExC,MAAM,GAAG,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;AAEtC,MAAM,aAAa,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;AAE7D,MAAM,OAAO,YAAY;IAQb;IACA;IACA;IATF,MAAM,CAAU;IAChB,SAAS,CAAsB;IAC/B,gBAAgB,GAAG,CAAC,CAAC;IACrB,OAAO,GAAG,KAAK,CAAC;IAChB,KAAK,GAAG,KAAK,CAAC;IAEtB,YACU,EAAU,EACV,GAAW,EACX,OAAgC;QAFhC,OAAE,GAAF,EAAE,CAAQ;QACV,QAAG,GAAH,GAAG,CAAQ;QACX,YAAO,GAAP,OAAO,CAAyB;IACvC,CAAC;IAEJ,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,SAAS,GAAG,IAAI,kBAAkB,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YACzD,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,SAAS;SAClE,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;QAEhE,IAAI,CAAC,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE;YAC5B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;YACnB,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBAClB,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;gBACvF,GAAG,CAAC,IAAI,CACN,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,gBAAgB,EAAE,KAAK,EAAE,EACtD,oCAAoC,CACrC,CAAC;gBACF,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACxB,UAAU,CAAC,GAAG,EAAE;oBACd,KAAK,IAAI,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,kBAAkB,CAAC,CAAC,CAAC;gBAC1F,CAAC,EAAE,KAAK,CAAC,CAAC;YACZ,CAAC;QACH,CAAC,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC1C,IAAI,CAAC,gBAAgB,GAAG,CAAC,CAAC;YAC1B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;YAClB,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,0BAA0B,CAAC,CAAC;QACvE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,wBAAwB,CAAC,CAAC;YAC1D,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,SAAS;QACb,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,OAAO,IAAI,CAAC,EAAE,gBAAgB,CAAC,CAAC;QACjF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QAC7C,OAAO,MAAM,CAAC,KAAK,CAAC;IACtB,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,IAAY,EAAE,IAA6B;QACxD,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,OAAO,IAAI,CAAC,EAAE,gBAAgB,CAAC,CAAC;QACjF,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,aAAa;QACX,OAAO,IAAI,CAAC,MAAM,EAAE,gBAAgB,EAAE,CAAC;IACzC,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACpB,MAAM,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC;IAChC,CAAC;CACF"}

package/dist/pool/stdio-client.d.ts

@@ -0,0 +1,24 @@
+import type { Tool } from '@modelcontextprotocol/sdk/types.js';
+export declare class StdioMcpClient {
+    private id;
+    private command;
+    private args;
+    private env?;
+    private stderr?;
+    private client?;
+    private transport?;
+    private reconnectAttempt;
+    private stopped;
+    private ready;
+    constructor(id: string, command: string, args: string[], env?: Record<string, string> | undefined, stderr?: "inherit" | "ignore" | "pipe" | undefined);
+    connect(): Promise<void>;
+    listTools(): Promise<Tool[]>;
+    callTool(name: string, args: Record<string, unknown>): Promise<unknown>;
+    getServerInfo(): {
+        name: string;
+        version: string;
+    } | undefined;
+    isReady(): boolean;
+    stop(): Promise<void>;
+}
+//# sourceMappingURL=stdio-client.d.ts.map

package/dist/pool/stdio-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stdio-client.d.ts","sourceRoot":"","sources":["../../src/pool/stdio-client.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAQ/D,qBAAa,cAAc;IAQvB,OAAO,CAAC,EAAE;IACV,OAAO,CAAC,OAAO;IACf,OAAO,CAAC,IAAI;IACZ,OAAO,CAAC,GAAG,CAAC;IACZ,OAAO,CAAC,MAAM,CAAC;IAXjB,OAAO,CAAC,MAAM,CAAC,CAAS;IACxB,OAAO,CAAC,SAAS,CAAC,CAAuB;IACzC,OAAO,CAAC,gBAAgB,CAAK;IAC7B,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,KAAK,CAAS;gBAGZ,EAAE,EAAE,MAAM,EACV,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EAAE,EACd,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,YAAA,EAC5B,MAAM,CAAC,EAAE,SAAS,GAAG,QAAQ,GAAG,MAAM,YAAA;IAG1C,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAoCxB,SAAS,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;IAM5B,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;IAK7E,aAAa,IAAI;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,GAAG,SAAS;IAI9D,OAAO,IAAI,OAAO;IAIZ,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;CAI5B"}

package/dist/pool/stdio-client.js

@@ -0,0 +1,77 @@
+import { Client } from '@modelcontextprotocol/sdk/client/index.js';
+import { StdioClientTransport } from '@modelcontextprotocol/sdk/client/stdio.js';
+import { childLogger } from '../util/logger.js';
+import { VERSION } from '../version.js';
+const log = childLogger('stdio-client');
+const BACKOFF_STEPS = [1000, 2000, 4000, 8000, 16000, 30000];
+export class StdioMcpClient {
+    id;
+    command;
+    args;
+    env;
+    stderr;
+    client;
+    transport;
+    reconnectAttempt = 0;
+    stopped = false;
+    ready = false;
+    constructor(id, command, args, env, stderr) {
+        this.id = id;
+        this.command = command;
+        this.args = args;
+        this.env = env;
+        this.stderr = stderr;
+    }
+    async connect() {
+        this.transport = new StdioClientTransport({
+            command: this.command,
+            args: this.args,
+            env: this.env,
+            stderr: this.stderr,
+        });
+        this.client = new Client({ name: 'airlock', version: VERSION });
+        this.transport.onclose = () => {
+            this.ready = false;
+            if (!this.stopped) {
+                const delay = BACKOFF_STEPS[Math.min(this.reconnectAttempt, BACKOFF_STEPS.length - 1)];
+                log.warn({ id: this.id, attempt: this.reconnectAttempt, delay }, 'MCP disconnected, reconnecting');
+                this.reconnectAttempt++;
+                setTimeout(() => {
+                    void this.connect().catch((err) => log.error({ err, id: this.id }, 'Reconnect failed'));
+                }, delay);
+            }
+        };
+        try {
+            await this.client.connect(this.transport);
+            this.reconnectAttempt = 0;
+            this.ready = true;
+            log.info({ id: this.id }, 'MCP stdio client connected');
+        }
+        catch (err) {
+            log.error({ err, id: this.id }, 'MCP stdio connect failed');
+            throw err;
+        }
+    }
+    async listTools() {
+        if (!this.client || !this.ready)
+            throw new Error(`MCP ${this.id} not connected`);
+        const result = await this.client.listTools();
+        return result.tools;
+    }
+    async callTool(name, args) {
+        if (!this.client || !this.ready)
+            throw new Error(`MCP ${this.id} not connected`);
+        return this.client.callTool({ name, arguments: args });
+    }
+    getServerInfo() {
+        return this.client?.getServerVersion();
+    }
+    isReady() {
+        return this.ready;
+    }
+    async stop() {
+        this.stopped = true;
+        await this.transport?.close();
+    }
+}
+//# sourceMappingURL=stdio-client.js.map

package/dist/pool/stdio-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stdio-client.js","sourceRoot":"","sources":["../../src/pool/stdio-client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AAEjF,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAExC,MAAM,GAAG,GAAG,WAAW,CAAC,cAAc,CAAC,CAAC;AAExC,MAAM,aAAa,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;AAE7D,MAAM,OAAO,cAAc;IAQf;IACA;IACA;IACA;IACA;IAXF,MAAM,CAAU;IAChB,SAAS,CAAwB;IACjC,gBAAgB,GAAG,CAAC,CAAC;IACrB,OAAO,GAAG,KAAK,CAAC;IAChB,KAAK,GAAG,KAAK,CAAC;IAEtB,YACU,EAAU,EACV,OAAe,EACf,IAAc,EACd,GAA4B,EAC5B,MAAsC;QAJtC,OAAE,GAAF,EAAE,CAAQ;QACV,YAAO,GAAP,OAAO,CAAQ;QACf,SAAI,GAAJ,IAAI,CAAU;QACd,QAAG,GAAH,GAAG,CAAyB;QAC5B,WAAM,GAAN,MAAM,CAAgC;IAC7C,CAAC;IAEJ,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,SAAS,GAAG,IAAI,oBAAoB,CAAC;YACxC,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;QAEhE,IAAI,CAAC,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE;YAC5B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;YACnB,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBAClB,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;gBACvF,GAAG,CAAC,IAAI,CACN,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,gBAAgB,EAAE,KAAK,EAAE,EACtD,gCAAgC,CACjC,CAAC;gBACF,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACxB,UAAU,CAAC,GAAG,EAAE;oBACd,KAAK,IAAI,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,kBAAkB,CAAC,CAAC,CAAC;gBAC1F,CAAC,EAAE,KAAK,CAAC,CAAC;YACZ,CAAC;QACH,CAAC,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC1C,IAAI,CAAC,gBAAgB,GAAG,CAAC,CAAC;YAC1B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;YAClB,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,4BAA4B,CAAC,CAAC;QAC1D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,0BAA0B,CAAC,CAAC;YAC5D,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,SAAS;QACb,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,OAAO,IAAI,CAAC,EAAE,gBAAgB,CAAC,CAAC;QACjF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QAC7C,OAAO,MAAM,CAAC,KAAK,CAAC;IACtB,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,IAAY,EAAE,IAA6B;QACxD,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,OAAO,IAAI,CAAC,EAAE,gBAAgB,CAAC,CAAC;QACjF,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,aAAa;QACX,OAAO,IAAI,CAAC,MAAM,EAAE,gBAAgB,EAAE,CAAC;IACzC,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACpB,MAAM,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC;IAChC,CAAC;CACF"}

package/dist/registry/registry.d.ts

@@ -0,0 +1,19 @@
+import type { Tool } from '@modelcontextprotocol/sdk/types.js';
+import type { BackendAdapter } from '../backend/types.js';
+import type { AllowlistEngine } from '../allowlist/engine.js';
+import type { AgentConfig } from '../config/schema.js';
+export declare class ToolRegistry {
+    private adapters;
+    private allowlist;
+    private agents;
+    private cachedTools;
+    constructor(adapters: BackendAdapter[], allowlist: AllowlistEngine, agents: Record<string, AgentConfig>);
+    reloadAgents(agents: Record<string, AgentConfig>): void;
+    setAdapters(adapters: BackendAdapter[]): void;
+    refresh(): Promise<void>;
+    getFiltered(agentId: string): Tool[];
+    call(namespacedName: string, args: Record<string, unknown>, agentId: string): Promise<unknown>;
+    getAllTools(): Tool[];
+    stopAll(): Promise<void>;
+}
+//# sourceMappingURL=registry.d.ts.map

package/dist/registry/registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../src/registry/registry.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAC/D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAMvD,qBAAa,YAAY;IAIrB,OAAO,CAAC,QAAQ;IAChB,OAAO,CAAC,SAAS;IACjB,OAAO,CAAC,MAAM;IALhB,OAAO,CAAC,WAAW,CAAc;gBAGvB,QAAQ,EAAE,cAAc,EAAE,EAC1B,SAAS,EAAE,eAAe,EAC1B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC;IAG7C,YAAY,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAAG,IAAI;IAIvD,WAAW,CAAC,QAAQ,EAAE,cAAc,EAAE,GAAG,IAAI;IAIvC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAqB9B,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,EAAE;IAY9B,IAAI,CACR,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,OAAO,CAAC;IAgBnB,WAAW,IAAI,IAAI,EAAE;IAIf,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAG/B"}

package/dist/registry/registry.js

@@ -0,0 +1,85 @@
+import { sanitizeToolDescription } from './sanitizer.js';
+import { childLogger } from '../util/logger.js';
+const log = childLogger('registry');
+export class ToolRegistry {
+    adapters;
+    allowlist;
+    agents;
+    cachedTools = [];
+    constructor(adapters, allowlist, agents) {
+        this.adapters = adapters;
+        this.allowlist = allowlist;
+        this.agents = agents;
+    }
+    reloadAgents(agents) {
+        this.agents = agents;
+    }
+    setAdapters(adapters) {
+        this.adapters = adapters;
+    }
+    async refresh() {
+        const tools = [];
+        for (const adapter of this.adapters) {
+            try {
+                const adapterTools = await adapter.listTools();
+                for (const tool of adapterTools) {
+                    tools.push({
+                        ...tool,
+                        description: sanitizeToolDescription(tool.name, tool.description),
+                    });
+                }
+            }
+            catch (err) {
+                log.warn({ err, adapterId: adapter.id }, 'Failed to list tools from adapter');
+            }
+        }
+        this.cachedTools = tools;
+        log.info({ count: tools.length }, 'Tool registry refreshed');
+    }
+    getFiltered(agentId) {
+        const agent = this.agents[agentId];
+        const overrides = agent?.tool_overrides ?? {};
+        return this.cachedTools
+            .filter((t) => this.allowlist.evaluate(agentId, t.name) !== 'deny')
+            .map((t) => ({
+            ...t,
+            description: sanitizeToolDescription(t.name, t.description, overrides[t.name]?.description),
+        }));
+    }
+    async call(namespacedName, args, agentId) {
+        // Find the adapter that owns this tool by matching its prefix
+        for (const adapter of this.adapters) {
+            const prefix = getAdapterPrefix(adapter);
+            if (prefix && namespacedName.startsWith(prefix)) {
+                const result = await adapter.call({ tool: namespacedName, args, agentId });
+                if (!result.success) {
+                    throw new Error(result.error ?? 'Tool call failed');
+                }
+                return result.data;
+            }
+        }
+        throw new Error(`Unknown tool: ${namespacedName}`);
+    }
+    getAllTools() {
+        return this.cachedTools;
+    }
+    async stopAll() {
+        await Promise.allSettled(this.adapters.map((a) => a.stop()));
+    }
+}
+/** Map adapter ID conventions to the tool name prefix they own. */
+function getAdapterPrefix(adapter) {
+    const id = adapter.id;
+    if (id.startsWith('mcp:'))
+        return id.slice(4) + '/';
+    if (id === 'builtin:exec')
+        return 'exec/';
+    if (id === 'builtin:http')
+        return 'http/';
+    if (id.startsWith('cli:'))
+        return id.slice(4) + '/';
+    if (id.startsWith('api:'))
+        return id.slice(4) + '/';
+    return null;
+}
+//# sourceMappingURL=registry.js.map

package/dist/registry/registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/registry/registry.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,MAAM,GAAG,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;AAEpC,MAAM,OAAO,YAAY;IAIb;IACA;IACA;IALF,WAAW,GAAW,EAAE,CAAC;IAEjC,YACU,QAA0B,EAC1B,SAA0B,EAC1B,MAAmC;QAFnC,aAAQ,GAAR,QAAQ,CAAkB;QAC1B,cAAS,GAAT,SAAS,CAAiB;QAC1B,WAAM,GAAN,MAAM,CAA6B;IAC1C,CAAC;IAEJ,YAAY,CAAC,MAAmC;QAC9C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,WAAW,CAAC,QAA0B;QACpC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,KAAK,GAAW,EAAE,CAAC;QAEzB,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,SAAS,EAAE,CAAC;gBAC/C,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;oBAChC,KAAK,CAAC,IAAI,CAAC;wBACT,GAAG,IAAI;wBACP,WAAW,EAAE,uBAAuB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC;qBAClE,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,EAAE,mCAAmC,CAAC,CAAC;YAChF,CAAC;QACH,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;QACzB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,MAAM,EAAE,EAAE,yBAAyB,CAAC,CAAC;IAC/D,CAAC;IAED,WAAW,CAAC,OAAe;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,SAAS,GAAG,KAAK,EAAE,cAAc,IAAI,EAAE,CAAC;QAE9C,OAAO,IAAI,CAAC,WAAW;aACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,MAAM,CAAC;aAClE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACX,GAAG,CAAC;YACJ,WAAW,EAAE,uBAAuB,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC;SAC5F,CAAC,CAAC,CAAC;IACR,CAAC;IAED,KAAK,CAAC,IAAI,CACR,cAAsB,EACtB,IAA6B,EAC7B,OAAe;QAEf,8DAA8D;QAC9D,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,MAAM,IAAI,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBAChD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;gBAC3E,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;oBACpB,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,IAAI,kBAAkB,CAAC,CAAC;gBACtD,CAAC;gBACD,OAAO,MAAM,CAAC,IAAI,CAAC;YACrB,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,iBAAiB,cAAc,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,WAAW;QACT,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC/D,CAAC;CACF;AAED,mEAAmE;AACnE,SAAS,gBAAgB,CAAC,OAAuB;IAC/C,MAAM,EAAE,GAAG,OAAO,CAAC,EAAE,CAAC;IACtB,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;IACpD,IAAI,EAAE,KAAK,cAAc;QAAE,OAAO,OAAO,CAAC;IAC1C,IAAI,EAAE,KAAK,cAAc;QAAE,OAAO,OAAO,CAAC;IAC1C,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;IACpD,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;IACpD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/registry/sanitizer.d.ts

@@ -0,0 +1,2 @@
+export declare function sanitizeToolDescription(toolName: string, description: string | undefined, override?: string): string;
+//# sourceMappingURL=sanitizer.d.ts.map

package/dist/registry/sanitizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitizer.d.ts","sourceRoot":"","sources":["../../src/registry/sanitizer.ts"],"names":[],"mappings":"AAeA,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,GAAG,SAAS,EAC/B,QAAQ,CAAC,EAAE,MAAM,GAChB,MAAM,CAsBR"}

package/dist/registry/sanitizer.js

@@ -0,0 +1,31 @@
+import { childLogger } from '../util/logger.js';
+const log = childLogger('sanitizer');
+const SUSPICIOUS_PATTERNS = [
+    /ignore\s+(previous|above|prior)/i,
+    /you\s+are\s+/i,
+    /new\s+instruction/i,
+    /override/i,
+    /\[SYSTEM\]/i,
+    /system:/i,
+];
+const MAX_DESCRIPTION_LENGTH = 500;
+export function sanitizeToolDescription(toolName, description, override) {
+    if (override !== undefined)
+        return override;
+    if (!description)
+        return '';
+    // Strip suspicious patterns (possible prompt injection from downstream MCPs)
+    let cleaned = description;
+    for (const pattern of SUSPICIOUS_PATTERNS) {
+        if (pattern.test(cleaned)) {
+            log.warn({ toolName, pattern: pattern.source }, 'Stripping suspicious pattern from tool description (possible prompt injection)');
+            cleaned = cleaned.replace(pattern, '[removed]');
+        }
+    }
+    // Truncate
+    if (cleaned.length > MAX_DESCRIPTION_LENGTH) {
+        return cleaned.slice(0, MAX_DESCRIPTION_LENGTH) + '…';
+    }
+    return cleaned;
+}
+//# sourceMappingURL=sanitizer.js.map

package/dist/registry/sanitizer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitizer.js","sourceRoot":"","sources":["../../src/registry/sanitizer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,MAAM,GAAG,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;AAErC,MAAM,mBAAmB,GAAG;IAC1B,kCAAkC;IAClC,eAAe;IACf,oBAAoB;IACpB,WAAW;IACX,aAAa;IACb,UAAU;CACX,CAAC;AAEF,MAAM,sBAAsB,GAAG,GAAG,CAAC;AAEnC,MAAM,UAAU,uBAAuB,CACrC,QAAgB,EAChB,WAA+B,EAC/B,QAAiB;IAEjB,IAAI,QAAQ,KAAK,SAAS;QAAE,OAAO,QAAQ,CAAC;IAC5C,IAAI,CAAC,WAAW;QAAE,OAAO,EAAE,CAAC;IAE5B,6EAA6E;IAC7E,IAAI,OAAO,GAAG,WAAW,CAAC;IAC1B,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;QAC1C,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,GAAG,CAAC,IAAI,CACN,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EACrC,gFAAgF,CACjF,CAAC;YACF,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,WAAW;IACX,IAAI,OAAO,CAAC,MAAM,GAAG,sBAAsB,EAAE,CAAC;QAC5C,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,sBAAsB,CAAC,GAAG,GAAG,CAAC;IACxD,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/security/blocked-hosts.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Check if a hostname is blocked.
+ * Supports: exact match, *.prefix (subdomains), 10.* / 192.168.* / 172.16.* CIDR-like patterns.
+ */
+export declare function isBlockedHost(hostname: string, blockedList: string[], allowedLocal: string[]): boolean;
+//# sourceMappingURL=blocked-hosts.d.ts.map

package/dist/security/blocked-hosts.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"blocked-hosts.d.ts","sourceRoot":"","sources":["../../src/security/blocked-hosts.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EAAE,EACrB,YAAY,EAAE,MAAM,EAAE,GACrB,OAAO,CAKT"}

package/dist/security/blocked-hosts.js

@@ -0,0 +1,26 @@
+/**
+ * Check if a hostname is blocked.
+ * Supports: exact match, *.prefix (subdomains), 10.* / 192.168.* / 172.16.* CIDR-like patterns.
+ */
+export function isBlockedHost(hostname, blockedList, allowedLocal) {
+    // If explicitly allowed, override block
+    if (allowedLocal.some((p) => hostPatternMatches(p, hostname)))
+        return false;
+    return blockedList.some((p) => hostPatternMatches(p, hostname));
+}
+function hostPatternMatches(pattern, hostname) {
+    if (pattern === hostname)
+        return true;
+    // *.local style — matches subdomains only, not the apex
+    if (pattern.startsWith('*.')) {
+        const suffix = pattern.slice(2);
+        return hostname.endsWith('.' + suffix);
+    }
+    // CIDR-like: 192.168.* , 10.* , 172.16.*
+    if (pattern.endsWith('*')) {
+        const prefix = pattern.slice(0, -1);
+        return hostname.startsWith(prefix);
+    }
+    return false;
+}
+//# sourceMappingURL=blocked-hosts.js.map

package/dist/security/blocked-hosts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"blocked-hosts.js","sourceRoot":"","sources":["../../src/security/blocked-hosts.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,UAAU,aAAa,CAC3B,QAAgB,EAChB,WAAqB,EACrB,YAAsB;IAEtB,wCAAwC;IACxC,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAE5E,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;AAClE,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAe,EAAE,QAAgB;IAC3D,IAAI,OAAO,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAEtC,wDAAwD;IACxD,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAChC,OAAO,QAAQ,CAAC,QAAQ,CAAC,GAAG,GAAG,MAAM,CAAC,CAAC;IACzC,CAAC;IAED,yCAAyC;IACzC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACpC,OAAO,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/security/domain-allowlist.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Check if a hostname is permitted by the agent's domain allowlist.
+ * Empty allowlist = allow all.
+ * Supports *.sentry.io style wildcards.
+ */
+export declare function isDomainAllowed(hostname: string, allowlist: string[]): boolean;
+//# sourceMappingURL=domain-allowlist.d.ts.map

package/dist/security/domain-allowlist.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"domain-allowlist.d.ts","sourceRoot":"","sources":["../../src/security/domain-allowlist.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,OAAO,CAW9E"}

package/dist/security/domain-allowlist.js

@@ -0,0 +1,19 @@
+/**
+ * Check if a hostname is permitted by the agent's domain allowlist.
+ * Empty allowlist = allow all.
+ * Supports *.sentry.io style wildcards.
+ */
+export function isDomainAllowed(hostname, allowlist) {
+    if (allowlist.length === 0)
+        return true;
+    return allowlist.some((pattern) => {
+        if (pattern === hostname)
+            return true;
+        if (pattern.startsWith('*.')) {
+            const suffix = pattern.slice(2);
+            return hostname === suffix || hostname.endsWith('.' + suffix);
+        }
+        return false;
+    });
+}
+//# sourceMappingURL=domain-allowlist.js.map

package/dist/security/domain-allowlist.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"domain-allowlist.js","sourceRoot":"","sources":["../../src/security/domain-allowlist.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,QAAgB,EAAE,SAAmB;IACnE,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAExC,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QAChC,IAAI,OAAO,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QACtC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAChC,OAAO,QAAQ,KAAK,MAAM,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,GAAG,MAAM,CAAC,CAAC;QAChE,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/stdio-mode.d.ts

@@ -0,0 +1,3 @@
+import type { Config } from './config/loader.js';
+export declare function runStdioMode(config: Config, agentId: string, configPath: string): Promise<void>;
+//# sourceMappingURL=stdio-mode.d.ts.map

package/dist/stdio-mode.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stdio-mode.d.ts","sourceRoot":"","sources":["../src/stdio-mode.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAQjD,wBAAsB,YAAY,CAChC,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,IAAI,CAAC,CAuIf"}