bulkhead-runtime 0.1.0 → 2026.4.5-beta.2

package/dist/skills/enablement.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"enablement.d.ts","sourceRoot":"","sources":["../../src/skills/enablement.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAEvE,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;IACjC,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;IAClC,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;IACpC,WAAW,IAAI,kBAAkB,EAAE,CAAC;IACpC,cAAc,IAAI,MAAM,EAAE,CAAC;CAC5B;AAMD,wBAAgB,qBAAqB,CACnC,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,aAAa,GACtB,eAAe,CAmDjB"}
+{"version":3,"file":"enablement.d.ts","sourceRoot":"","sources":["../../src/skills/enablement.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAGvE,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;IACjC,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;IAClC,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;IACpC,WAAW,IAAI,kBAAkB,EAAE,CAAC;IACpC,cAAc,IAAI,MAAM,EAAE,CAAC;CAC5B;AAMD,wBAAgB,qBAAqB,CACnC,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,aAAa,GACtB,eAAe,CAkDjB"}

package/dist/skills/enablement.js

@@ -1,5 +1,6 @@
 import * as fs from "node:fs";
 import * as path from "node:path";
+import { atomicWriteFileSync } from "../shared/index.js";
 export function createSkillEnablement(workspaceDir, registry) {
     const filePath = path.join(workspaceDir, "enabled-skills.json");
     function loadState() {
@@ -12,8 +13,7 @@ export function createSkillEnablement(workspaceDir, registry) {
         }
     }
     function saveState(state) {
-        fs.mkdirSync(path.dirname(filePath), { recursive: true });
-        fs.writeFileSync(filePath, JSON.stringify(state, null, 2));
+        atomicWriteFileSync(filePath, JSON.stringify(state, null, 2));
     }
     return {
         enable(skillId) {

package/dist/skills/enablement.js.map

@@ -1 +1 @@
-{"version":3,"file":"enablement.js","sourceRoot":"","sources":["../../src/skills/enablement.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAelC,MAAM,UAAU,qBAAqB,CACnC,YAAoB,EACpB,QAAuB;IAEvB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,qBAAqB,CAAC,CAAC;IAEhE,SAAS,SAAS;QAChB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAC/C,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAoB,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,aAAa,EAAE,EAAE,EAAE,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,SAAS,SAAS,CAAC,KAAsB;QACvC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1D,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC7D,CAAC;IAED,OAAO;QACL,MAAM,CAAC,OAAO;YACZ,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC;gBAAE,OAAO,KAAK,CAAC;YACzC,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;YAC1B,IAAI,KAAK,CAAC,aAAa,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAAE,OAAO,IAAI,CAAC;YACvD,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAClC,SAAS,CAAC,KAAK,CAAC,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,CAAC,OAAO;YACb,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;YAC1B,MAAM,GAAG,GAAG,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACjD,IAAI,GAAG,KAAK,CAAC,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC7B,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;YACnC,SAAS,CAAC,KAAK,CAAC,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,SAAS,CAAC,OAAO;YACf,OAAO,SAAS,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACrD,CAAC;QAED,WAAW;YACT,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;YAC1B,OAAO,KAAK,CAAC,aAAa;iBACvB,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;iBAC7B,MAAM,CAAC,CAAC,CAAC,EAA2B,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC;QAC7D,CAAC;QAED,cAAc;YACZ,OAAO,SAAS,EAAE,CAAC,aAAa,CAAC;QACnC,CAAC;KACF,CAAC;AACJ,CAAC"}
+{"version":3,"file":"enablement.js","sourceRoot":"","sources":["../../src/skills/enablement.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAczD,MAAM,UAAU,qBAAqB,CACnC,YAAoB,EACpB,QAAuB;IAEvB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,qBAAqB,CAAC,CAAC;IAEhE,SAAS,SAAS;QAChB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAC/C,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAoB,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,aAAa,EAAE,EAAE,EAAE,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,SAAS,SAAS,CAAC,KAAsB;QACvC,mBAAmB,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAChE,CAAC;IAED,OAAO;QACL,MAAM,CAAC,OAAO;YACZ,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC;gBAAE,OAAO,KAAK,CAAC;YACzC,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;YAC1B,IAAI,KAAK,CAAC,aAAa,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAAE,OAAO,IAAI,CAAC;YACvD,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAClC,SAAS,CAAC,KAAK,CAAC,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,CAAC,OAAO;YACb,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;YAC1B,MAAM,GAAG,GAAG,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACjD,IAAI,GAAG,KAAK,CAAC,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC7B,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;YACnC,SAAS,CAAC,KAAK,CAAC,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,SAAS,CAAC,OAAO;YACf,OAAO,SAAS,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACrD,CAAC;QAED,WAAW;YACT,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;YAC1B,OAAO,KAAK,CAAC,aAAa;iBACvB,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;iBAC7B,MAAM,CAAC,CAAC,CAAC,EAA2B,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC;QAC7D,CAAC;QAED,cAAc;YACZ,OAAO,SAAS,EAAE,CAAC,aAAa,CAAC;QACnC,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/workspace/runner.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"runner.d.ts","sourceRoot":"","sources":["../../src/workspace/runner.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,KAAK,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AACvE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAU1D,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,eAAe,CAAC;IACxB,KAAK,EAAE,UAAU,CAAC;IAClB,MAAM,EAAE,mBAAmB,CAAC;IAC5B,MAAM,EAAE,eAAe,CAAC;IACxB,aAAa,EAAE,aAAa,CAAC;IAC7B,WAAW,EAAE,eAAe,CAAC;CAC9B;AAED,wBAAgB,qBAAqB,CACnC,GAAG,EAAE,sBAAsB,GAC1B,CAAC,OAAO,EAAE,mBAAmB,KAAK,OAAO,CAAC,cAAc,CAAC,CA+L3D"}
+{"version":3,"file":"runner.d.ts","sourceRoot":"","sources":["../../src/workspace/runner.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,KAAK,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AACvE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAsB1D,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,eAAe,CAAC;IACxB,KAAK,EAAE,UAAU,CAAC;IAClB,MAAM,EAAE,mBAAmB,CAAC;IAC5B,MAAM,EAAE,eAAe,CAAC;IACxB,aAAa,EAAE,aAAa,CAAC;IAC7B,WAAW,EAAE,eAAe,CAAC;CAC9B;AAED,wBAAgB,qBAAqB,CACnC,GAAG,EAAE,sBAAsB,GAC1B,CAAC,OAAO,EAAE,mBAAmB,KAAK,OAAO,CAAC,cAAc,CAAC,CAgX3D"}

package/dist/workspace/runner.js

@@ -1,25 +1,31 @@
 import * as path from "node:path";
 import * as fs from "node:fs";
 import * as url from "node:url";
+import { spawn } from "node:child_process";
 import { getOrCreateSession, updateSession, } from "../sessions/index.js";
 import { createSandboxManager } from "../sandbox/manager.js";
 import { createIpcPeer } from "../sandbox/ipc.js";
+import { DEFAULT_MODEL, DEFAULT_PROVIDER, PROTECTED_SYSTEM_ENV_KEYS, buildProviderEnvKey, } from "../shared/index.js";
+import { runWithModelFallback, createCooldownStore } from "../runtime/model-fallback.js";
+import { resolveContextWindowInfo, evaluateContextWindowGuard, CONTEXT_WINDOW_HARD_MIN_TOKENS } from "../runtime/context-guard.js";
+import { collectProviderApiKeys, executeWithApiKeyRotation } from "../runtime/api-key-rotation.js";
+import { createSubsystemLogger } from "../logging/subsystem.js";
+const log = createSubsystemLogger("workspace-runner");
 export function createWorkspaceRunner(ctx) {
     const sandboxManager = createSandboxManager();
+    const cooldownStore = createCooldownStore();
     return async function run(options) {
         const sessionId = options.sessionId ?? `session_${Date.now()}`;
-        const modelId = options.model ?? ctx.config.model ?? "claude-sonnet-4-20250514";
-        const provider = options.provider ?? ctx.config.provider ?? "anthropic";
-        const providerEnvKey = `${provider.toUpperCase().replace(/-/g, "_")}_API_KEY`;
-        const apiKey = options.apiKey ?? ctx.config.apiKey ?? process.env[providerEnvKey] ?? "";
-        const sessionsDir = path.join(ctx.workspaceDir, "sessions");
+        const requestedModelId = options.model ?? ctx.config.model ?? DEFAULT_MODEL;
+        const requestedProvider = options.provider ?? ctx.config.provider ?? DEFAULT_PROVIDER;
+        const sessionsDir = path.join(ctx.workspaceDir, "sessions", sessionId);
         fs.mkdirSync(sessionsDir, { recursive: true });
-        getOrCreateSession(ctx.workspaceDir, sessionId, { model: modelId });
+        await getOrCreateSession(ctx.workspaceDir, sessionId, { model: requestedModelId });
         await ctx.hooks.run("session_start", { sessionId });
         await ctx.hooks.run("before_agent_start", {
             sessionId,
             message: options.message,
-            model: modelId,
+            model: requestedModelId,
         });
         let skillsPrompt = "";
         if (ctx.config.skills?.enabled !== false) {
@@ -40,119 +46,444 @@ export function createWorkspaceRunner(ctx) {
         ]
             .filter(Boolean)
             .join("\n\n");
-        const caps = await sandboxManager.capabilities();
-        const hasOsIsolation = caps.platform === "linux" && caps.hasUnshare && caps.hasMountNamespace;
-        const workerConfig = {
-            workspaceDir: ctx.workspaceDir,
-            sessionsDir,
-            sessionId,
-            message: options.message,
-            model: modelId,
-            provider,
-            systemPrompt: systemPrompt || undefined,
-            enableCodingTools: hasOsIsolation,
-        };
-        const workerPath = resolveWorkerPath();
-        const workerEnv = {
-            SANDBOX_WORKER_CONFIG: JSON.stringify(workerConfig),
-        };
-        if (apiKey) {
-            workerEnv[providerEnvKey] = apiKey;
-        }
-        const sandboxConfig = {
-            memoryLimitMb: 512,
-            pidsLimit: 100,
-            timeoutMs: 5 * 60 * 1000,
-            networkIsolation: false,
-        };
-        const sandboxProcess = await sandboxManager.spawn({
-            command: process.execPath,
-            args: [
-                "--experimental-vm-modules",
-                "--no-warnings",
-                workerPath,
-            ],
-            env: workerEnv,
-            cwd: ctx.workspaceDir,
-            config: sandboxConfig,
-            protectedKeys: apiKey ? [providerEnvKey] : [],
-            onStderr: (data) => {
-                process.stderr.write(`[sandbox:${ctx.userId}] ${data}`);
-            },
-        });
-        const hostPeer = createIpcPeer(sandboxProcess.stdout, sandboxProcess.stdin);
-        hostPeer.handle("memory.search", async (params) => {
-            const { query, maxResults } = params;
-            return ctx.memory.search(query, { maxResults });
-        });
-        hostPeer.handle("memory.store", async (params) => {
-            const { content, metadata } = params;
-            const id = await ctx.memory.store(content, metadata);
-            return { id };
-        });
-        hostPeer.handle("credentials.resolve", async (params) => {
-            const { skillId } = params;
-            return ctx.credentials.resolve(skillId);
-        });
-        hostPeer.handle("skill.execute", async (params) => {
-            const { skillId, params: skillParams } = params;
-            if (!ctx.skills.isEnabled(skillId)) {
-                throw new Error(`Skill "${skillId}" is not enabled for this workspace`);
+        async function executeWithModel(provider, modelId) {
+            let modelContextWindow;
+            try {
+                const { getModel } = await import("@mariozechner/pi-ai");
+                const resolvedModel = getModel(provider, modelId);
+                modelContextWindow = resolvedModel.contextWindow;
             }
-            const creds = await ctx.credentials.resolve(skillId);
-            return {
-                skillId,
-                credentials: creds ? "available" : "none",
-                params: skillParams,
-                injectedEnv: creds ? Object.keys(creds) : [],
-            };
-        });
-        hostPeer.start();
-        // If the child process dies, stop the IPC peer so pending calls reject
-        // instead of hanging forever. This prevents a deadlock where
-        // hostPeer.call() awaits a response that will never come.
-        sandboxProcess.waitForExit().then(() => hostPeer.stop(), () => hostPeer.stop());
-        let result;
-        try {
-            const response = await hostPeer.call("agent.run", {
-                message: options.message,
-                sessionId,
-                model: modelId,
-                provider,
-                systemPrompt: systemPrompt || undefined,
+            catch {
+                // model resolution may fail — proceed with config/default tokens
+            }
+            const ctxInfo = resolveContextWindowInfo({
+                modelContextWindow,
+                configContextTokens: options.contextTokens,
             });
-            if (response.error) {
-                throw new Error(`Agent execution failed: ${response.error}`);
+            const ctxGuard = evaluateContextWindowGuard({ info: ctxInfo });
+            if (ctxGuard.shouldBlock) {
+                throw new Error(`Context window too small (${ctxGuard.tokens} tokens). Minimum: ${CONTEXT_WINDOW_HARD_MIN_TOKENS}.`);
             }
-            result = {
-                response: response.response ?? "",
-                sessionId: response.sessionId ?? sessionId,
-            };
-        }
-        catch (err) {
-            hostPeer.stop();
-            sandboxProcess.kill();
-            await sandboxProcess.waitForExit();
-            throw err;
+            const providerEnvKey = buildProviderEnvKey(provider);
+            const apiKeys = [];
+            if (options.apiKey)
+                apiKeys.push(options.apiKey);
+            if (options.apiKeys) {
+                apiKeys.push(...options.apiKeys);
+            }
+            if (ctx.config.apiKey)
+                apiKeys.push(ctx.config.apiKey);
+            apiKeys.push(...collectProviderApiKeys(provider));
+            const uniqueKeys = [...new Set(apiKeys.filter((k) => k.length > 0))];
+            if (uniqueKeys.length === 0) {
+                const envVal = process.env[providerEnvKey];
+                if (envVal)
+                    uniqueKeys.push(envVal);
+            }
+            async function runWithKey(apiKey) {
+                const workerConfig = {
+                    workspaceDir: ctx.workspaceDir,
+                    sessionsDir,
+                    sessionId,
+                    message: options.message,
+                    model: modelId,
+                    provider,
+                    systemPrompt: systemPrompt || undefined,
+                    enableCodingTools: true,
+                    contextTokens: options.contextTokens,
+                    maxRetries: options.maxRetries,
+                    enableSubagents: options.enableSubagents,
+                };
+                const workerPath = resolveWorkerPath();
+                const projectDir = path.dirname(path.dirname(workerPath));
+                const workerConfigJson = JSON.stringify(workerConfig);
+                const MAX_ENV_SIZE = 128 * 1024;
+                if (workerConfigJson.length > MAX_ENV_SIZE) {
+                    throw new Error(`SANDBOX_WORKER_CONFIG exceeds ${MAX_ENV_SIZE} bytes (${workerConfigJson.length} bytes). ` +
+                        `Reduce the message or systemPrompt size.`);
+                }
+                const workerEnv = {
+                    SANDBOX_WORKER_CONFIG: workerConfigJson,
+                };
+                if (apiKey) {
+                    workerEnv[providerEnvKey] = apiKey;
+                }
+                const sandboxConfig = {
+                    memoryLimitMb: 512,
+                    pidsLimit: 100,
+                    timeoutMs: 5 * 60 * 1000,
+                    networkIsolation: true,
+                    mountBinds: [
+                        { source: projectDir, target: projectDir, readonly: true },
+                    ],
+                };
+                const workerArgs = [
+                    "--experimental-vm-modules",
+                    "--no-warnings",
+                ];
+                if (workerPath.endsWith(".ts")) {
+                    workerArgs.push("--import", "tsx");
+                }
+                workerArgs.push(workerPath);
+                const sandboxProcess = await sandboxManager.spawn({
+                    command: process.execPath,
+                    args: workerArgs,
+                    env: workerEnv,
+                    cwd: ctx.workspaceDir,
+                    config: sandboxConfig,
+                    protectedKeys: apiKey ? [providerEnvKey] : [],
+                    onStderr: (data) => {
+                        process.stderr.write(`[sandbox:${ctx.userId}] ${data}`);
+                    },
+                });
+                const agentTimeoutMs = (sandboxConfig.timeoutMs ?? 5 * 60 * 1000) + 60_000;
+                const hostPeer = createIpcPeer(sandboxProcess.stdout, sandboxProcess.stdin, { callTimeoutMs: agentTimeoutMs });
+                const ipcRateLimiter = createIpcRateLimiter();
+                hostPeer.handle("memory.search", async (params) => {
+                    ipcRateLimiter.check("memory.search");
+                    const p = params;
+                    const query = p?.query;
+                    if (typeof query !== "string" || query.length === 0) {
+                        throw new Error("memory.search: 'query' must be a non-empty string");
+                    }
+                    if (query.length > 10_000) {
+                        throw new Error("memory.search: 'query' exceeds maximum length (10000)");
+                    }
+                    const maxResults = typeof p?.maxResults === "number"
+                        ? Math.min(Math.max(1, Math.floor(p.maxResults)), 100)
+                        : undefined;
+                    return ctx.memory.search(query, { maxResults });
+                });
+                hostPeer.handle("memory.store", async (params) => {
+                    ipcRateLimiter.check("memory.store");
+                    const p = params;
+                    const content = p?.content;
+                    if (typeof content !== "string" || content.length === 0) {
+                        throw new Error("memory.store: 'content' must be a non-empty string");
+                    }
+                    if (content.length > 1_000_000) {
+                        throw new Error("memory.store: 'content' exceeds maximum length (1000000)");
+                    }
+                    const metadata = p?.metadata;
+                    if (metadata !== undefined) {
+                        const metaStr = JSON.stringify(metadata);
+                        if (metaStr.length > 10_000) {
+                            throw new Error("memory.store: 'metadata' exceeds maximum serialized size (10000 bytes)");
+                        }
+                    }
+                    const id = await ctx.memory.store(content, metadata);
+                    return { id };
+                });
+                hostPeer.handle("skill.execute", async (params) => {
+                    ipcRateLimiter.check("skill.execute");
+                    const p = params;
+                    const skillId = p?.skillId;
+                    if (typeof skillId !== "string" || skillId.length === 0) {
+                        throw new Error("skill.execute: 'skillId' must be a non-empty string");
+                    }
+                    if (!ctx.skills.isEnabled(skillId)) {
+                        throw new Error(`Skill "${skillId}" is not enabled for this workspace`);
+                    }
+                    const skillEntry = ctx.skillRegistry.get(skillId);
+                    if (!skillEntry) {
+                        throw new Error(`Skill "${skillId}" not found in registry`);
+                    }
+                    const execScript = findSkillExecutable(skillEntry.path);
+                    if (!execScript) {
+                        throw new Error(`Skill "${skillId}" has no executable script. ` +
+                            `Add execute.js, execute.mjs, or execute.sh to the skill directory.`);
+                    }
+                    let resolvedScript;
+                    try {
+                        resolvedScript = fs.realpathSync(execScript);
+                    }
+                    catch {
+                        throw new Error(`Skill script "${execScript}" does not exist or is a broken symlink`);
+                    }
+                    const resolvedSkillDir = fs.realpathSync(skillEntry.path);
+                    if (!resolvedScript.startsWith(resolvedSkillDir + path.sep)) {
+                        throw new Error(`Skill script "${execScript}" resolves outside skill directory`);
+                    }
+                    const credentials = await ctx.credentials.resolve(skillId) ?? {};
+                    const execParams = (p?.params ?? {});
+                    const result = await executeSkillScript(execScript, execParams, credentials, resolvedSkillDir);
+                    return { result };
+                });
+                hostPeer.handle("hooks.before_tool_call", async (params) => {
+                    ipcRateLimiter.check("hooks.before_tool_call");
+                    const p = params;
+                    const toolName = typeof p?.toolName === "string" ? p.toolName : "unknown";
+                    const input = (p?.input && typeof p.input === "object") ? p.input : {};
+                    await ctx.hooks.run("before_tool_call", { toolName, input });
+                    return {};
+                });
+                hostPeer.handle("hooks.after_tool_call", async (params) => {
+                    ipcRateLimiter.check("hooks.after_tool_call");
+                    const p = params;
+                    const toolName = typeof p?.toolName === "string" ? p.toolName : "unknown";
+                    const input = (p?.input && typeof p.input === "object") ? p.input : {};
+                    await ctx.hooks.run("after_tool_call", { toolName, input, result: p?.result });
+                    return {};
+                });
+                hostPeer.handle("agent.run.subagent", async (params) => {
+                    ipcRateLimiter.check("agent.run.subagent");
+                    const p = (params ?? {});
+                    const subMessage = typeof p.message === "string" ? p.message : "";
+                    if (!subMessage) {
+                        return { error: "agent.run.subagent: 'message' is required" };
+                    }
+                    try {
+                        const subResult = await run({
+                            message: subMessage,
+                            sessionId: typeof p.sessionId === "string" ? p.sessionId : undefined,
+                            model: typeof p.model === "string" ? p.model : undefined,
+                            provider: typeof p.provider === "string" ? p.provider : undefined,
+                            systemPrompt: typeof p.systemPrompt === "string" ? p.systemPrompt : undefined,
+                        });
+                        return { response: subResult.response, sessionId: subResult.sessionId };
+                    }
+                    catch (err) {
+                        return { error: err instanceof Error ? err.message : String(err) };
+                    }
+                });
+                const onEvent = options.onEvent;
+                if (onEvent) {
+                    hostPeer.handle("agent.event", async (params) => {
+                        const event = (params ?? {});
+                        try {
+                            onEvent(event);
+                        }
+                        catch { /* caller error */ }
+                        return {};
+                    });
+                }
+                hostPeer.start();
+                // If the child process dies, stop the IPC peer so pending calls reject
+                // instead of hanging forever. This prevents a deadlock where
+                // hostPeer.call() awaits a response that will never come.
+                sandboxProcess.waitForExit().then(() => hostPeer.stop(), () => hostPeer.stop());
+                let result;
+                try {
+                    const response = await hostPeer.call("agent.run", {
+                        message: options.message,
+                        sessionId,
+                        model: modelId,
+                        provider,
+                        systemPrompt: systemPrompt || undefined,
+                    });
+                    if (response.error) {
+                        throw new Error(`Agent execution failed: ${response.error}`);
+                    }
+                    result = {
+                        response: response.response ?? "",
+                        sessionId: response.sessionId ?? sessionId,
+                    };
+                }
+                catch (err) {
+                    hostPeer.stop();
+                    sandboxProcess.kill();
+                    await sandboxProcess.waitForExit();
+                    throw err;
+                }
+                hostPeer.stop();
+                sandboxProcess.kill();
+                await sandboxProcess.waitForExit();
+                return {
+                    ...result,
+                    provider,
+                    model: modelId,
+                };
+            }
+            if (uniqueKeys.length > 1) {
+                return executeWithApiKeyRotation({
+                    provider,
+                    apiKeys: uniqueKeys,
+                    execute: runWithKey,
+                });
+            }
+            return runWithKey(uniqueKeys[0] ?? "");
         }
-        hostPeer.stop();
-        sandboxProcess.kill();
-        await sandboxProcess.waitForExit();
+        const fallbackResult = await runWithModelFallback({
+            provider: requestedProvider,
+            model: requestedModelId,
+            fallbacks: options.fallbacks,
+            run: executeWithModel,
+            cooldownStore,
+        });
         await ctx.hooks.run("after_agent_end", {
             sessionId,
-            result: result.response,
+            result: fallbackResult.result.response,
         });
         await ctx.hooks.run("session_end", { sessionId });
-        updateSession(ctx.workspaceDir, sessionId, { model: modelId });
-        return result;
+        await updateSession(ctx.workspaceDir, sessionId, { model: fallbackResult.model });
+        return {
+            ...fallbackResult.result,
+            fallbackUsed: fallbackResult.attempts.length > 0,
+        };
     };
 }
 function resolveWorkerPath() {
     const thisFile = url.fileURLToPath(import.meta.url);
     const srcDir = path.dirname(path.dirname(thisFile));
+    const jsPath = path.join(srcDir, "sandbox", "worker.js");
+    if (fs.existsSync(jsPath))
+        return jsPath;
     const tsPath = path.join(srcDir, "sandbox", "worker.ts");
     if (fs.existsSync(tsPath))
         return tsPath;
-    return path.join(srcDir, "sandbox", "worker.js");
+    return jsPath;
+}
+function findSkillExecutable(skillDir) {
+    for (const name of ["execute.js", "execute.mjs", "execute.sh"]) {
+        const full = path.join(skillDir, name);
+        if (fs.existsSync(full))
+            return full;
+    }
+    return undefined;
+}
+const BLOCKED_CREDENTIAL_ENV_KEYS = new Set([
+    "NODE_OPTIONS",
+    "NODE_EXTRA_CA_CERTS",
+    "NODE_TLS_REJECT_UNAUTHORIZED",
+    "NODE_DEBUG",
+    "NODE_REDIRECT_WARNINGS",
+    "LD_PRELOAD",
+    "LD_LIBRARY_PATH",
+    "DYLD_INSERT_LIBRARIES",
+    "DYLD_LIBRARY_PATH",
+    "BASH_ENV",
+    "ENV",
+    "CDPATH",
+    "PYTHONSTARTUP",
+    "PYTHONPATH",
+    "RUBYOPT",
+    "PERL5OPT",
+    "PERL5LIB",
+    "JAVA_TOOL_OPTIONS",
+    "_JAVA_OPTIONS",
+    "CLASSPATH",
+    "IFS",
+    "MAIL",
+    "MAILPATH",
+    "PROMPT_COMMAND",
+    "PS4",
+    "SHELLOPTS",
+    "BASHOPTS",
+    "GLOBIGNORE",
+    "HISTFILE",
+    "HISTCONTROL",
+    "SSH_AUTH_SOCK",
+    "GPG_AGENT_INFO",
+    "TMPDIR",
+    "TEMP",
+    "TMP",
+    "http_proxy",
+    "HTTP_PROXY",
+    "https_proxy",
+    "HTTPS_PROXY",
+    "no_proxy",
+    "NO_PROXY",
+    "ALL_PROXY",
+]);
+const MAX_SKILL_OUTPUT_BYTES = 10 * 1024 * 1024; // 10 MB
+async function executeSkillScript(scriptPath, params, credentials, cwd, timeoutMs = 30_000) {
+    const ext = path.extname(scriptPath);
+    let command;
+    let args;
+    switch (ext) {
+        case ".js":
+        case ".mjs":
+            command = process.execPath;
+            args = ["--no-warnings", scriptPath];
+            break;
+        case ".sh":
+            command = "/bin/bash";
+            args = [scriptPath];
+            break;
+        default:
+            throw new Error(`Unsupported skill script type: ${ext}`);
+    }
+    const env = {};
+    for (const key of PROTECTED_SYSTEM_ENV_KEYS) {
+        if (process.env[key])
+            env[key] = process.env[key];
+    }
+    for (const [key, value] of Object.entries(credentials)) {
+        if (PROTECTED_SYSTEM_ENV_KEYS.has(key))
+            continue;
+        if (BLOCKED_CREDENTIAL_ENV_KEYS.has(key.toUpperCase())) {
+            log.warn(`blocked dangerous credential key "${key}" for skill execution`);
+            continue;
+        }
+        env[key] = value;
+    }
+    return new Promise((resolve, reject) => {
+        const child = spawn(command, args, {
+            cwd,
+            env,
+            stdio: ["pipe", "pipe", "pipe"],
+            timeout: timeoutMs,
+        });
+        let stdout = "";
+        let stderr = "";
+        let outputLimitExceeded = false;
+        child.stdout.on("data", (data) => {
+            if (outputLimitExceeded)
+                return;
+            stdout += data.toString();
+            if (stdout.length > MAX_SKILL_OUTPUT_BYTES) {
+                outputLimitExceeded = true;
+                try {
+                    child.kill("SIGKILL");
+                }
+                catch { /* already dead */ }
+            }
+        });
+        child.stderr.on("data", (data) => {
+            if (outputLimitExceeded)
+                return;
+            stderr += data.toString();
+            if (stderr.length > MAX_SKILL_OUTPUT_BYTES) {
+                outputLimitExceeded = true;
+                try {
+                    child.kill("SIGKILL");
+                }
+                catch { /* already dead */ }
+            }
+        });
+        child.on("close", (code) => {
+            if (outputLimitExceeded) {
+                reject(new Error(`Skill script output exceeded ${MAX_SKILL_OUTPUT_BYTES} bytes limit`));
+            }
+            else if (code !== 0) {
+                reject(new Error(`Skill script exited with code ${code}: ${stderr.slice(0, 1000)}`));
+            }
+            else {
+                resolve(stdout);
+            }
+        });
+        child.on("error", reject);
+        child.stdin.write(JSON.stringify(params));
+        child.stdin.end();
+    });
+}
+const IPC_RATE_LIMIT = 200;
+const IPC_RATE_WINDOW_MS = 1000;
+function createIpcRateLimiter() {
+    const counters = new Map();
+    return {
+        check(method) {
+            const now = Date.now();
+            let entry = counters.get(method);
+            if (!entry || now >= entry.resetAt) {
+                entry = { count: 0, resetAt: now + IPC_RATE_WINDOW_MS };
+                counters.set(method, entry);
+            }
+            entry.count++;
+            if (entry.count > IPC_RATE_LIMIT) {
+                throw new Error(`IPC rate limit exceeded for "${method}": max ${IPC_RATE_LIMIT} calls per ${IPC_RATE_WINDOW_MS}ms`);
+            }
+        },
+    };
 }
 //# sourceMappingURL=runner.js.map