chainlesschain 0.162.143 → 0.162.148

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (212) hide show
  1. package/README.md +1 -1
  2. package/package.json +3 -3
  3. package/src/assets/web-panel/.build-hash +1 -1
  4. package/src/assets/web-panel/assets/{AIOps-Bq1t-B4V.js → AIOps-DwpCCp64.js} +1 -1
  5. package/src/assets/web-panel/assets/{ActionButton-BHb3KMc3.js → ActionButton-C9pBYocA.js} +1 -1
  6. package/src/assets/web-panel/assets/{Analytics-DtJrE99O.js → Analytics-BWAkeXxK.js} +2 -2
  7. package/src/assets/web-panel/assets/{AppLayout-HXt309zh.js → AppLayout-CivFGH6B.js} +3 -3
  8. package/src/assets/web-panel/assets/{Audit-B-0384hX.js → Audit-Cm8hRpZm.js} +1 -1
  9. package/src/assets/web-panel/assets/{Backup-BXNwUJ7y.js → Backup-DXdFMsE8.js} +1 -1
  10. package/src/assets/web-panel/assets/{BaseInput-CYdSBe24.js → BaseInput-uAwSTeql.js} +1 -1
  11. package/src/assets/web-panel/assets/{Chat-C5hSt-bf.js → Chat-KU8eeJJE.js} +5 -5
  12. package/src/assets/web-panel/assets/ChatBubbleRenderer-DCNfbdlx.js +1 -0
  13. package/src/assets/web-panel/assets/{Checkbox-DZSpGJs8.js → Checkbox-C6AMDkjd.js} +1 -1
  14. package/src/assets/web-panel/assets/{Codegen-BKfMmpq3.js → Codegen-t2moDxcO.js} +1 -1
  15. package/src/assets/web-panel/assets/{Col-DgsxR9Gb.js → Col-DCcsRRhN.js} +1 -1
  16. package/src/assets/web-panel/assets/{Community-B3GhKOp_.js → Community-DtB-8SAC.js} +1 -1
  17. package/src/assets/web-panel/assets/{Compact-Dtk1xHSY.js → Compact-CZm8THYA.js} +1 -1
  18. package/src/assets/web-panel/assets/{Compliance-DmkkUDze.js → Compliance-LiQgC7g1.js} +1 -1
  19. package/src/assets/web-panel/assets/{Cowork-CB_Tby_i.js → Cowork-CA8SAxht.js} +2 -2
  20. package/src/assets/web-panel/assets/{Cron-BLQFn3UU.js → Cron-CtRaF1wD.js} +2 -2
  21. package/src/assets/web-panel/assets/{Crosschain-LCVSqtiL.js → Crosschain-6-br6Hub.js} +1 -1
  22. package/src/assets/web-panel/assets/{DID-Cv3xor-m.js → DID-Do2EccrL.js} +2 -2
  23. package/src/assets/web-panel/assets/{Dashboard-DHAEYeUk.js → Dashboard-wrXcbzGe.js} +2 -2
  24. package/src/assets/web-panel/assets/{Dropdown-FAp99VHO.js → Dropdown-p3FsT245.js} +1 -1
  25. package/src/assets/web-panel/assets/{EmailListRenderer-Cl4enKIT.js → EmailListRenderer-D95A2L8q.js} +1 -1
  26. package/src/assets/web-panel/assets/{FamilyGuardDashboard-CgbuK_Rv.js → FamilyGuardDashboard-cLuJW2zo.js} +1 -1
  27. package/src/assets/web-panel/assets/{Federation-C2I5-34o.js → Federation-Brgq_cbN.js} +1 -1
  28. package/src/assets/web-panel/assets/{FormItemContext-4RNlhf3D.js → FormItemContext-DWLCkNgh.js} +1 -1
  29. package/src/assets/web-panel/assets/{GenericCardRenderer-DmaKYzyo.js → GenericCardRenderer-BBqUfQd6.js} +1 -1
  30. package/src/assets/web-panel/assets/{Git-BMrCOEGV.js → Git-8F090w4I.js} +2 -2
  31. package/src/assets/web-panel/assets/{Governance-BLwFR0Vd.js → Governance-CCogEbxb.js} +1 -1
  32. package/src/assets/web-panel/assets/{Inference-Cdlx3Y4t.js → Inference-CfLD7v7C.js} +1 -1
  33. package/src/assets/web-panel/assets/{KnowledgeGraph-CiwGb2h3.js → KnowledgeGraph-DDuHJewd.js} +1 -1
  34. package/src/assets/web-panel/assets/{Logs-C6A4r33C.js → Logs-CE8KSEVC.js} +2 -2
  35. package/src/assets/web-panel/assets/{Marketplace-DdybH2YZ.js → Marketplace-DmwpZmhT.js} +1 -1
  36. package/src/assets/web-panel/assets/{McpTools-pgwwEzwg.js → McpTools-Bf7AazU8.js} +4 -4
  37. package/src/assets/web-panel/assets/{Memory-BQ31MLPN.js → Memory-D0QU_00S.js} +2 -2
  38. package/src/assets/web-panel/assets/MobileBridge-D3Arxfeg.css +1 -0
  39. package/src/assets/web-panel/assets/MobileBridge-yXS9xdhx.js +1 -0
  40. package/src/assets/web-panel/assets/{MobileProjects-CmnCTggB.js → MobileProjects-BuDUoGUP.js} +1 -1
  41. package/src/assets/web-panel/assets/{Mtc-3K6RfaUB.js → Mtc-BYyHy28p.js} +2 -2
  42. package/src/assets/web-panel/assets/{MtcAudit-BN9hXvXq.js → MtcAudit-CK0aqpiZ.js} +4 -4
  43. package/src/assets/web-panel/assets/{Multisig-CRxIT2RV.js → Multisig-mNimKYeb.js} +3 -3
  44. package/src/assets/web-panel/assets/{NLProgramming-CdPvh_dA.js → NLProgramming-AioAJ0YA.js} +1 -1
  45. package/src/assets/web-panel/assets/{Notes-DzQSZ0ps.js → Notes-CVVNCLHE.js} +3 -3
  46. package/src/assets/web-panel/assets/{NotificationSettings-DkqRVvfb.js → NotificationSettings-C4ABj-TK.js} +1 -1
  47. package/src/assets/web-panel/assets/{OrderTableRenderer-ClTA64ji.js → OrderTableRenderer-DIp8Xcbd.js} +1 -1
  48. package/src/assets/web-panel/assets/{Organization-B-Pndhhn.js → Organization-uozl_gWK.js} +4 -4
  49. package/src/assets/web-panel/assets/{Overflow-Dt56UM9b.js → Overflow-BCZOM2hK.js} +1 -1
  50. package/src/assets/web-panel/assets/{OverrideContext-C2r4vyBb.js → OverrideContext-BlgL9440.js} +1 -1
  51. package/src/assets/web-panel/assets/{P2P-JDGQmED0.js → P2P-CArcaiaj.js} +2 -2
  52. package/src/assets/web-panel/assets/PdhVaultBrowser-Sgq2Srr8.js +7 -0
  53. package/src/assets/web-panel/assets/{Permissions-Dnqe1sny.js → Permissions-BYrQrXnH.js} +4 -4
  54. package/src/assets/web-panel/assets/{PersonalDataHub-mTkYbIR-.js → PersonalDataHub-BzHStAbz.js} +2 -2
  55. package/src/assets/web-panel/assets/{Pipeline-BG6J9UZO.js → Pipeline-k7KqxX1M.js} +1 -1
  56. package/src/assets/web-panel/assets/{Privacy-BdEydH6w.js → Privacy-IumTUWqx.js} +1 -1
  57. package/src/assets/web-panel/assets/{ProjectInit-QPxCoUzs.js → ProjectInit-BRyImYTf.js} +2 -2
  58. package/src/assets/web-panel/assets/{ProjectSettings-hU_phubM.js → ProjectSettings-BFIqTBFk.js} +2 -2
  59. package/src/assets/web-panel/assets/{Projects-BBzAEGk4.js → Projects-Dpid9CDg.js} +1 -1
  60. package/src/assets/web-panel/assets/{Providers-DJ_bIDRG.js → Providers-CyyFnUPs.js} +1 -1
  61. package/src/assets/web-panel/assets/QrScannerModal-C82cRx-X.js +1 -0
  62. package/src/assets/web-panel/assets/{MobileBridge-zJpPuf4E.css → QrScannerModal-NwAHNfiJ.css} +1 -1
  63. package/src/assets/web-panel/assets/{QuickAsk-BNmX7Jgh.js → QuickAsk-DGxDF521.js} +1 -1
  64. package/src/assets/web-panel/assets/{Recommend-Bo1I5nAG.js → Recommend-Cns-Am1y.js} +1 -1
  65. package/src/assets/web-panel/assets/RemoteSession-R7OqAIlg.js +4 -0
  66. package/src/assets/web-panel/assets/{Reputation-Bc9mfsh7.js → Reputation-D7mgPIYV.js} +1 -1
  67. package/src/assets/web-panel/assets/{Row-D12ZZx5m.js → Row-B3lEURyd.js} +1 -1
  68. package/src/assets/web-panel/assets/{RssFeed-CXSlmgHl.js → RssFeed-9_UVrpBt.js} +2 -2
  69. package/src/assets/web-panel/assets/{Search-bNXObahl.js → Search-ClZeO80q.js} +1 -1
  70. package/src/assets/web-panel/assets/{Security-Bt7yBkJc.js → Security-BNNJczEp.js} +3 -3
  71. package/src/assets/web-panel/assets/{Services-ECQDydWI.js → Services-C5SjrWUj.js} +2 -2
  72. package/src/assets/web-panel/assets/{Skeleton-BcgzLbTM.js → Skeleton-Ci_obQ-g.js} +1 -1
  73. package/src/assets/web-panel/assets/{Skills-py_xMG8b.js → Skills-DdebN15P.js} +1 -1
  74. package/src/assets/web-panel/assets/{Sla-CzNvjwaW.js → Sla-OinZP2vi.js} +1 -1
  75. package/src/assets/web-panel/assets/{SpeechSettings-S3zMMqbB.js → SpeechSettings-CxzbNF51.js} +1 -1
  76. package/src/assets/web-panel/assets/{SyncSettings-BpDfhFv6.js → SyncSettings-D06N_66b.js} +2 -2
  77. package/src/assets/web-panel/assets/{Tasks-CUn36tpM.js → Tasks-BdEdW0AZ.js} +1 -1
  78. package/src/assets/web-panel/assets/{Templates-yzCxc3lI.js → Templates-F1ctKmPa.js} +1 -1
  79. package/src/assets/web-panel/assets/{Tenant-BTMrYsHv.js → Tenant-CVz1Urot.js} +1 -1
  80. package/src/assets/web-panel/assets/Terminal-BvAK_Zel.js +3 -0
  81. package/src/assets/web-panel/assets/{TimelineRenderer-BwJ4nL9S.js → TimelineRenderer-Doitzjmf.js} +1 -1
  82. package/src/assets/web-panel/assets/{Tokens-B1OwTaT_.js → Tokens-BpyVRpVA.js} +1 -1
  83. package/src/assets/web-panel/assets/{Trigger-BDxi9fib.js → Trigger-nWhWYTbU.js} +1 -1
  84. package/src/assets/web-panel/assets/{Trust-B_5hXqzI.js → Trust-DK_G-wLx.js} +1 -1
  85. package/src/assets/web-panel/assets/{UkeySign-BpIMO611.js → UkeySign-B5yBUojO.js} +1 -1
  86. package/src/assets/web-panel/assets/{VideoEditing-Ds-9lxOW.js → VideoEditing-C5D51qAe.js} +1 -1
  87. package/src/assets/web-panel/assets/{Wallet-CNfFp8if.js → Wallet-CLbL9K7v.js} +4 -4
  88. package/src/assets/web-panel/assets/{WebAuthn-DbCj1-qn.js → WebAuthn-DZUelI3V.js} +4 -4
  89. package/src/assets/web-panel/assets/{WorkflowEditor-DjEeb957.js → WorkflowEditor-8RPxt4KW.js} +1 -1
  90. package/src/assets/web-panel/assets/{chat-BX-27gI4.js → chat-4N4tOA3d.js} +1 -1
  91. package/src/assets/web-panel/assets/{collapseMotion-mxzzcDsg.js → collapseMotion-DVfhbsdP.js} +1 -1
  92. package/src/assets/web-panel/assets/{colors-CfM5FmdA.js → colors-zbbGVrua.js} +1 -1
  93. package/src/assets/web-panel/assets/{compact-item-Cb0Fm64g.js → compact-item-D7iMkbnE.js} +1 -1
  94. package/src/assets/web-panel/assets/{createContext-D99MZ4gz.js → createContext-CBzPJv-w.js} +1 -1
  95. package/src/assets/web-panel/assets/devWarning-C2Z5LRgq.js +1 -0
  96. package/src/assets/web-panel/assets/{echarts-jxgIOFUZ.js → echarts-CL0F2SnX.js} +1 -1
  97. package/src/assets/web-panel/assets/{hasIn-CW7wPkfb.js → hasIn-bHdrQSqZ.js} +1 -1
  98. package/src/assets/web-panel/assets/{icons-DP3uiYxy.js → icons-BsDmGpcT.js} +1 -1
  99. package/src/assets/web-panel/assets/{index-BcCSEGzu.js → index-308gCGh7.js} +1 -1
  100. package/src/assets/web-panel/assets/{index-CXrNkD5j.js → index-B1s0Bz9O.js} +1 -1
  101. package/src/assets/web-panel/assets/{index-CxG5S21O.js → index-B7b1hGry.js} +1 -1
  102. package/src/assets/web-panel/assets/{index-BoCp5SY7.js → index-BBNr77E1.js} +1 -1
  103. package/src/assets/web-panel/assets/{index-Dt-h8idq.js → index-BCr0geV9.js} +1 -1
  104. package/src/assets/web-panel/assets/index-BGp6Yr-Y.js +1 -0
  105. package/src/assets/web-panel/assets/{index-Bf7G5mYl.js → index-BJ4ZGyW0.js} +1 -1
  106. package/src/assets/web-panel/assets/{index-rIKv98lY.js → index-BS4_Mwk6.js} +1 -1
  107. package/src/assets/web-panel/assets/{index-ClSExghA.js → index-BTIjjXry.js} +1 -1
  108. package/src/assets/web-panel/assets/index-BXiw9dQf.js +1 -0
  109. package/src/assets/web-panel/assets/{index-CzwoBX8m.js → index-BZb8F8YG.js} +1 -1
  110. package/src/assets/web-panel/assets/{index-CUENEaPU.js → index-BnBOpqv3.js} +1 -1
  111. package/src/assets/web-panel/assets/{index-DZjN-U7A.js → index-Bqmx24kh.js} +1 -1
  112. package/src/assets/web-panel/assets/{index-ab4T5cPr.js → index-BsKehmmS.js} +1 -1
  113. package/src/assets/web-panel/assets/{index-DDGBasj6.js → index-BtbbdLnf.js} +4 -4
  114. package/src/assets/web-panel/assets/{index-CvFAgMxx.js → index-CPxkoKgA.js} +1 -1
  115. package/src/assets/web-panel/assets/{index-BqOy4TS5.js → index-CQ6NcfWz.js} +1 -1
  116. package/src/assets/web-panel/assets/{index--Y8IzVi2.js → index-CQfu1U78.js} +1 -1
  117. package/src/assets/web-panel/assets/{index-DcRbrdqR.js → index-CahryTX0.js} +1 -1
  118. package/src/assets/web-panel/assets/{index-ChGWrUQv.js → index-CdmMoYN1.js} +1 -1
  119. package/src/assets/web-panel/assets/{index-BTlOIaQj.js → index-Ci009ijp.js} +1 -1
  120. package/src/assets/web-panel/assets/{index-CNhZanpM.js → index-CiG1IZao.js} +1 -1
  121. package/src/assets/web-panel/assets/{index-kRlIAKNw.js → index-CkxK86vf.js} +1 -1
  122. package/src/assets/web-panel/assets/{index-DAd31-6W.js → index-CqdPyWm5.js} +1 -1
  123. package/src/assets/web-panel/assets/{index-kt0S8nXp.js → index-CvRMA9uT.js} +1 -1
  124. package/src/assets/web-panel/assets/{index-CxFhtfoo.js → index-D1YDh7Wr.js} +1 -1
  125. package/src/assets/web-panel/assets/{index-7cahuPKG.js → index-D4XKpj6c.js} +1 -1
  126. package/src/assets/web-panel/assets/{index-Cavk4P2D.js → index-DE9j5YgT.js} +1 -1
  127. package/src/assets/web-panel/assets/{index-DUxnWbi6.js → index-DISWAYce.js} +1 -1
  128. package/src/assets/web-panel/assets/{index-CPmtR1Wr.js → index-DUyjUkY7.js} +1 -1
  129. package/src/assets/web-panel/assets/{index-DFRrP3LL.js → index-DbE5D0WL.js} +1 -1
  130. package/src/assets/web-panel/assets/{index-DAIk483F.js → index-DmqlJed-.js} +1 -1
  131. package/src/assets/web-panel/assets/{index-yBiqcb9Z.js → index-DyoNgbXl.js} +1 -1
  132. package/src/assets/web-panel/assets/{index-DwhDhfZ8.js → index-QFObYeo1.js} +1 -1
  133. package/src/assets/web-panel/assets/{index-B8tI4Hg_.js → index-QNAG4JtR.js} +1 -1
  134. package/src/assets/web-panel/assets/{index-BPXhpO02.js → index-S74FpAIn.js} +1 -1
  135. package/src/assets/web-panel/assets/{index-CaPluhcX.js → index-kmh1TxRa.js} +1 -1
  136. package/src/assets/web-panel/assets/{index-3TDpYBKK.js → index-oDKNgCsP.js} +1 -1
  137. package/src/assets/web-panel/assets/{index-D8U1HFcm.js → index-xYCm6W2h.js} +1 -1
  138. package/src/assets/web-panel/assets/{initDefaultProps-mzQV01we.js → initDefaultProps-BD55yNBt.js} +1 -1
  139. package/src/assets/web-panel/assets/{motion-DgWAtKps.js → motion-B5Bbe77U.js} +1 -1
  140. package/src/assets/web-panel/assets/{move-Dm9NMjIw.js → move-CTvIqHEH.js} +1 -1
  141. package/src/assets/web-panel/assets/{mtc-parser-BpuQIoKH.js → mtc-parser-BkNyPQKB.js} +1 -1
  142. package/src/assets/web-panel/assets/{omit-C507FdFH.js → omit-BaXJXgHA.js} +1 -1
  143. package/src/assets/web-panel/assets/{pickAttrs-BL5eykDR.js → pickAttrs-Bw6-YTxH.js} +1 -1
  144. package/src/assets/web-panel/assets/{placementArrow-uSE1U6yg.js → placementArrow-BLdbkLqJ.js} +1 -1
  145. package/src/assets/web-panel/assets/{responsiveObserve-BVhSz_U1.js → responsiveObserve-IVYkzntU.js} +1 -1
  146. package/src/assets/web-panel/assets/{slide-CWCp5XZc.js → slide-DFMFwwtY.js} +1 -1
  147. package/src/assets/web-panel/assets/{statusUtils-B_rS9tlX.js → statusUtils-CURYRtZ1.js} +1 -1
  148. package/src/assets/web-panel/assets/{styleChecker-DRo4TNq4.js → styleChecker-Cfz63s1r.js} +1 -1
  149. package/src/assets/web-panel/assets/useFlexGapSupport-COJL0KE3.js +1 -0
  150. package/src/assets/web-panel/assets/{useFs-DhsLsCr_.js → useFs-YLLojQQf.js} +1 -1
  151. package/src/assets/web-panel/assets/{useMergedState-Cl2q1fes.js → useMergedState-Dc9sO2d7.js} +1 -1
  152. package/src/assets/web-panel/assets/{usePersonalDataHub-BXI-FLwS.js → usePersonalDataHub-BF_21qUC.js} +1 -1
  153. package/src/assets/web-panel/assets/{useRefs-DD9q4mOT.js → useRefs-CAeFRzPf.js} +1 -1
  154. package/src/assets/web-panel/assets/{useState-BK4hy8Ma.js → useState-LwExUYDO.js} +1 -1
  155. package/src/assets/web-panel/assets/{vendor-BvqAck49.js → vendor-BMxUs6UX.js} +16 -16
  156. package/src/assets/web-panel/assets/{vnode-CYE0CVkI.js → vnode-9ZpkA7bb.js} +1 -1
  157. package/src/assets/web-panel/assets/{zoom-B2-MtXVF.js → zoom-DhtAfhl8.js} +1 -1
  158. package/src/assets/web-panel/index.html +3 -3
  159. package/src/auth/npm-auth.js +65 -0
  160. package/src/commands/agent.js +92 -0
  161. package/src/commands/agents.js +68 -0
  162. package/src/commands/permissions.js +66 -10
  163. package/src/commands/plugin.js +50 -3
  164. package/src/commands/serve.js +10 -0
  165. package/src/gateways/remote-session-relay.js +160 -0
  166. package/src/gateways/ws/message-dispatcher.js +32 -0
  167. package/src/gateways/ws/remote-session-protocol.js +429 -0
  168. package/src/gateways/ws/ws-server.js +299 -0
  169. package/src/harness/golden-transcript.js +65 -0
  170. package/src/harness/mcp-client.js +6 -2
  171. package/src/harness/remote-session-audit-sink.js +132 -0
  172. package/src/harness/remote-session-audit.js +110 -0
  173. package/src/harness/remote-session-crypto.js +217 -0
  174. package/src/harness/remote-session-push-fcm.js +254 -0
  175. package/src/harness/remote-session-push.js +104 -0
  176. package/src/harness/remote-session-registry.js +420 -0
  177. package/src/lib/agent-sandbox.js +72 -0
  178. package/src/lib/background-agent-supervisor.js +197 -0
  179. package/src/lib/code-review.js +72 -0
  180. package/src/lib/did-manager.js +6 -4
  181. package/src/lib/mcp-oauth.js +23 -6
  182. package/src/lib/plugin-security.js +128 -0
  183. package/src/lib/pr-create.js +108 -0
  184. package/src/lib/publish-workspace.js +107 -0
  185. package/src/lib/resume-session.js +111 -0
  186. package/src/lib/session-manager.js +7 -3
  187. package/src/lib/settings-hooks.cjs +68 -25
  188. package/src/lib/settings-loader.cjs +115 -2
  189. package/src/lib/task-list.js +53 -0
  190. package/src/repl/agent-repl.js +83 -2
  191. package/src/repl/agents-status.js +8 -2
  192. package/src/repl/btw-command.js +56 -0
  193. package/src/repl/chat-repl.js +52 -1
  194. package/src/repl/hooks-status.js +1 -2
  195. package/src/repl/slash-command-registry.js +197 -0
  196. package/src/runtime/agent-core.js +137 -1
  197. package/src/runtime/agent-runtime.js +8 -13
  198. package/src/runtime/coding-agent-contract-shared.cjs +37 -0
  199. package/src/runtime/coding-agent-policy.cjs +14 -0
  200. package/src/runtime/headless-runner.js +26 -6
  201. package/src/runtime/headless-stream.js +25 -6
  202. package/src/runtime/mcp-config.js +46 -2
  203. package/src/runtime/policies/agent-policy.js +3 -0
  204. package/src/workers/background-agent-worker.js +60 -0
  205. package/src/assets/web-panel/assets/ChatBubbleRenderer-BJQ6SG49.js +0 -1
  206. package/src/assets/web-panel/assets/MobileBridge-CnRXuSP5.js +0 -1
  207. package/src/assets/web-panel/assets/PdhVaultBrowser-C56Oi811.js +0 -7
  208. package/src/assets/web-panel/assets/Terminal-BjZry1Jj.js +0 -3
  209. package/src/assets/web-panel/assets/devWarning-CDh1y3xt.js +0 -1
  210. package/src/assets/web-panel/assets/index-ACeVMo7x.js +0 -1
  211. package/src/assets/web-panel/assets/index-gYKDzWA9.js +0 -1
  212. package/src/assets/web-panel/assets/useFlexGapSupport-QsPzwpvi.js +0 -1
@@ -1 +1 @@
1
- import{N as i,h as a,w as l}from"./index-DDGBasj6.js";import{a7 as o,k as g,C as d,F as f,A as p}from"./vendor-BvqAck49.js";function c(e){let r=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{},t=arguments.length>2&&arguments[2]!==void 0?arguments[2]:!0,s=arguments.length>3&&arguments[3]!==void 0?arguments[3]:!1,u=e;if(Array.isArray(e)&&(u=i(e)[0]),!u)return null;const n=o(u,r,s);return n.props=t?a(a({},n.props),r):n.props,l(typeof n.props.class!="object","class must be string"),n}function V(e){let r=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{},t=arguments.length>2&&arguments[2]!==void 0?arguments[2]:!0;return e.map(s=>c(s,r,t))}function v(e,r,t){p(o(e,a({},r)),t)}const m=e=>(e||[]).some(r=>g(r)?!(r.type===d||r.type===f&&!m(r.children)):!0)?e:null;function h(e,r,t,s){var u;const n=(u=e[r])===null||u===void 0?void 0:u.call(e,t);return m(n)?n:s?.()}export{h as a,V as b,c,v as t};
1
+ import{N as i,h as a,w as l}from"./index-BtbbdLnf.js";import{a8 as o,k as g,C as d,F as f,A as p}from"./vendor-BMxUs6UX.js";function c(e){let r=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{},t=arguments.length>2&&arguments[2]!==void 0?arguments[2]:!0,s=arguments.length>3&&arguments[3]!==void 0?arguments[3]:!1,u=e;if(Array.isArray(e)&&(u=i(e)[0]),!u)return null;const n=o(u,r,s);return n.props=t?a(a({},n.props),r):n.props,l(typeof n.props.class!="object","class must be string"),n}function V(e){let r=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{},t=arguments.length>2&&arguments[2]!==void 0?arguments[2]:!0;return e.map(s=>c(s,r,t))}function v(e,r,t){p(o(e,a({},r)),t)}const m=e=>(e||[]).some(r=>g(r)?!(r.type===d||r.type===f&&!m(r.children)):!0)?e:null;function h(e,r,t,s){var u;const n=(u=e[r])===null||u===void 0?void 0:u.call(e,t);return m(n)?n:s?.()}export{h as a,V as b,c,v as t};
@@ -1,4 +1,4 @@
1
- import{K as o}from"./index-DDGBasj6.js";import{i as f}from"./motion-DgWAtKps.js";const c=new o("antZoomIn",{"0%":{transform:"scale(0.2)",opacity:0},"100%":{transform:"scale(1)",opacity:1}}),y=new o("antZoomOut",{"0%":{transform:"scale(1)"},"100%":{transform:"scale(0.2)",opacity:0}}),a=new o("antZoomBigIn",{"0%":{transform:"scale(0.8)",opacity:0},"100%":{transform:"scale(1)",opacity:1}}),s=new o("antZoomBigOut",{"0%":{transform:"scale(1)"},"100%":{transform:"scale(0.8)",opacity:0}}),g=new o("antZoomUpIn",{"0%":{transform:"scale(0.8)",transformOrigin:"50% 0%",opacity:0},"100%":{transform:"scale(1)",transformOrigin:"50% 0%"}}),O=new o("antZoomUpOut",{"0%":{transform:"scale(1)",transformOrigin:"50% 0%"},"100%":{transform:"scale(0.8)",transformOrigin:"50% 0%",opacity:0}}),l=new o("antZoomLeftIn",{"0%":{transform:"scale(0.8)",transformOrigin:"0% 50%",opacity:0},"100%":{transform:"scale(1)",transformOrigin:"0% 50%"}}),u=new o("antZoomLeftOut",{"0%":{transform:"scale(1)",transformOrigin:"0% 50%"},"100%":{transform:"scale(0.8)",transformOrigin:"0% 50%",opacity:0}}),p=new o("antZoomRightIn",{"0%":{transform:"scale(0.8)",transformOrigin:"100% 50%",opacity:0},"100%":{transform:"scale(1)",transformOrigin:"100% 50%"}}),z=new o("antZoomRightOut",{"0%":{transform:"scale(1)",transformOrigin:"100% 50%"},"100%":{transform:"scale(0.8)",transformOrigin:"100% 50%",opacity:0}}),K=new o("antZoomDownIn",{"0%":{transform:"scale(0.8)",transformOrigin:"50% 100%",opacity:0},"100%":{transform:"scale(1)",transformOrigin:"50% 100%"}}),w=new o("antZoomDownOut",{"0%":{transform:"scale(1)",transformOrigin:"50% 100%"},"100%":{transform:"scale(0.8)",transformOrigin:"50% 100%",opacity:0}}),I={zoom:{inKeyframes:c,outKeyframes:y},"zoom-big":{inKeyframes:a,outKeyframes:s},"zoom-big-fast":{inKeyframes:a,outKeyframes:s},"zoom-left":{inKeyframes:l,outKeyframes:u},"zoom-right":{inKeyframes:p,outKeyframes:z},"zoom-up":{inKeyframes:g,outKeyframes:O},"zoom-down":{inKeyframes:K,outKeyframes:w}},h=(n,r)=>{const{antCls:m}=n,t=`${m}-${r}`,{inKeyframes:i,outKeyframes:e}=I[r];return[f(t,i,e,r==="zoom-big-fast"?n.motionDurationFast:n.motionDurationMid),{[`
1
+ import{K as o}from"./index-BtbbdLnf.js";import{i as f}from"./motion-B5Bbe77U.js";const c=new o("antZoomIn",{"0%":{transform:"scale(0.2)",opacity:0},"100%":{transform:"scale(1)",opacity:1}}),y=new o("antZoomOut",{"0%":{transform:"scale(1)"},"100%":{transform:"scale(0.2)",opacity:0}}),a=new o("antZoomBigIn",{"0%":{transform:"scale(0.8)",opacity:0},"100%":{transform:"scale(1)",opacity:1}}),s=new o("antZoomBigOut",{"0%":{transform:"scale(1)"},"100%":{transform:"scale(0.8)",opacity:0}}),g=new o("antZoomUpIn",{"0%":{transform:"scale(0.8)",transformOrigin:"50% 0%",opacity:0},"100%":{transform:"scale(1)",transformOrigin:"50% 0%"}}),O=new o("antZoomUpOut",{"0%":{transform:"scale(1)",transformOrigin:"50% 0%"},"100%":{transform:"scale(0.8)",transformOrigin:"50% 0%",opacity:0}}),l=new o("antZoomLeftIn",{"0%":{transform:"scale(0.8)",transformOrigin:"0% 50%",opacity:0},"100%":{transform:"scale(1)",transformOrigin:"0% 50%"}}),u=new o("antZoomLeftOut",{"0%":{transform:"scale(1)",transformOrigin:"0% 50%"},"100%":{transform:"scale(0.8)",transformOrigin:"0% 50%",opacity:0}}),p=new o("antZoomRightIn",{"0%":{transform:"scale(0.8)",transformOrigin:"100% 50%",opacity:0},"100%":{transform:"scale(1)",transformOrigin:"100% 50%"}}),z=new o("antZoomRightOut",{"0%":{transform:"scale(1)",transformOrigin:"100% 50%"},"100%":{transform:"scale(0.8)",transformOrigin:"100% 50%",opacity:0}}),K=new o("antZoomDownIn",{"0%":{transform:"scale(0.8)",transformOrigin:"50% 100%",opacity:0},"100%":{transform:"scale(1)",transformOrigin:"50% 100%"}}),w=new o("antZoomDownOut",{"0%":{transform:"scale(1)",transformOrigin:"50% 100%"},"100%":{transform:"scale(0.8)",transformOrigin:"50% 100%",opacity:0}}),I={zoom:{inKeyframes:c,outKeyframes:y},"zoom-big":{inKeyframes:a,outKeyframes:s},"zoom-big-fast":{inKeyframes:a,outKeyframes:s},"zoom-left":{inKeyframes:l,outKeyframes:u},"zoom-right":{inKeyframes:p,outKeyframes:z},"zoom-up":{inKeyframes:g,outKeyframes:O},"zoom-down":{inKeyframes:K,outKeyframes:w}},h=(n,r)=>{const{antCls:m}=n,t=`${m}-${r}`,{inKeyframes:i,outKeyframes:e}=I[r];return[f(t,i,e,r==="zoom-big-fast"?n.motionDurationFast:n.motionDurationMid),{[`
2
2
  ${t}-enter,
3
3
  ${t}-appear
4
4
  `]:{transform:"scale(0)",opacity:0,animationTimingFunction:n.motionEaseOutCirc,"&-prepare":{transform:"none"}},[`${t}-leave`]:{animationTimingFunction:n.motionEaseInOutCirc}}]};export{h as i,c as z};
@@ -8,9 +8,9 @@
8
8
  // Injected by web-ui-server.js at serve time
9
9
  window.__CC_CONFIG__ = __CC_CONFIG_PLACEHOLDER__;
10
10
  </script>
11
- <script type="module" crossorigin src="./assets/index-DDGBasj6.js"></script>
12
- <link rel="modulepreload" crossorigin href="./assets/vendor-BvqAck49.js">
13
- <link rel="modulepreload" crossorigin href="./assets/icons-DP3uiYxy.js">
11
+ <script type="module" crossorigin src="./assets/index-BtbbdLnf.js"></script>
12
+ <link rel="modulepreload" crossorigin href="./assets/vendor-BMxUs6UX.js">
13
+ <link rel="modulepreload" crossorigin href="./assets/icons-BsDmGpcT.js">
14
14
  <link rel="stylesheet" crossorigin href="./assets/index-Cq93VfoF.css">
15
15
  </head>
16
16
  <body>
@@ -0,0 +1,65 @@
1
+ /**
2
+ * npm authentication utilities (ESM)
3
+ * Mirrors Claude Code /login /logout behavior
4
+ * @module auth/npm-auth
5
+ */
6
+
7
+ import { execSync } from "child_process";
8
+ import { logger } from "../lib/logger.js";
9
+
10
+ /**
11
+ * Check if user is currently logged in to npm
12
+ * @returns {boolean}
13
+ */
14
+ export function isLoggedIn() {
15
+ try {
16
+ execSync("npm whoami", { stdio: "ignore" });
17
+ return true;
18
+ } catch {
19
+ return false;
20
+ }
21
+ }
22
+
23
+ /**
24
+ * Get current npm username
25
+ * @returns {string|null}
26
+ */
27
+ export function getCurrentUser() {
28
+ try {
29
+ return execSync("npm whoami", { encoding: "utf8" }).trim();
30
+ } catch {
31
+ return null;
32
+ }
33
+ }
34
+
35
+ /**
36
+ * Run npm login
37
+ * @returns {Promise<boolean>} success
38
+ */
39
+ export async function login() {
40
+ try {
41
+ logger.info("Running npm login...");
42
+ execSync("npm login", { stdio: "inherit" });
43
+ return isLoggedIn();
44
+ } catch (err) {
45
+ logger.error(`Login failed: ${err.message}`);
46
+ return false;
47
+ }
48
+ }
49
+
50
+ /**
51
+ * Run npm logout
52
+ * @returns {Promise<boolean>} success
53
+ */
54
+ export async function logout() {
55
+ try {
56
+ logger.info("Running npm logout...");
57
+ execSync("npm logout", { stdio: "inherit" });
58
+ return !isLoggedIn();
59
+ } catch (err) {
60
+ logger.error(`Logout failed: ${err.message}`);
61
+ return false;
62
+ }
63
+ }
64
+
65
+ export default { isLoggedIn, getCurrentUser, login, logout };
@@ -16,6 +16,7 @@ import {
16
16
  } from "../runtime/fallback-model.js";
17
17
  import { resolveImages, resolveVisionLlm } from "../lib/image-input.js";
18
18
  import { loadConfig } from "../lib/config-manager.js";
19
+ import { normalizeAgentSandbox } from "../lib/agent-sandbox.js";
19
20
 
20
21
  /**
21
22
  * Resolve + validate `--add-dir` values into absolute, existing, de-duped
@@ -171,6 +172,15 @@ export function registerAgentCommand(program) {
171
172
  "--worktree",
172
173
  "Run this session in a fresh git worktree (isolated branch; auto-removed when the session changes nothing)",
173
174
  )
175
+ .option(
176
+ "--sandbox [image]",
177
+ "Run shell commands in an ephemeral Docker sandbox (network disabled by default)",
178
+ )
179
+ .option("--sandbox-network", "Allow network access inside --sandbox")
180
+ .option(
181
+ "--bg, --background",
182
+ "Start as a detached background agent and return its id immediately",
183
+ )
174
184
  .option("--agent-id <id>", "Agent id for scoped memory recall")
175
185
  .option("--recall-limit <n>", "Top-K memories to inject into system prompt")
176
186
  .option("--recall-query <q>", "Query string for startup memory recall")
@@ -308,7 +318,29 @@ export function registerAgentCommand(program) {
308
318
  "--replay-user-messages",
309
319
  "Stream-input mode: echo each accepted stdin user message back as a `user` event (transcript/correlation)",
310
320
  )
321
+ .option(
322
+ "--allow-dangerous-bypass",
323
+ "Bypass all permission prompts in headless mode (DANGEROUS: auto-approves all tool calls)",
324
+ false,
325
+ )
326
+ .option("-y, --yolo", "Alias for --allow-dangerous-bypass", false)
327
+ .option(
328
+ "--dangerously-skip-permissions",
329
+ "Alias for --allow-dangerous-bypass",
330
+ false,
331
+ )
311
332
  .action(async (task, options, command) => {
333
+ const bypassPermissions = !!(
334
+ options.allowDangerousBypass ||
335
+ options.yolo ||
336
+ options.dangerouslySkipPermissions
337
+ );
338
+ if (bypassPermissions) {
339
+ process.env.CC_BYPASS_PERMISSIONS = "1";
340
+ process.stderr.write(
341
+ "⚠️ DANGER MODE: All permissions bypassed, no prompts will be shown.\n",
342
+ );
343
+ }
312
344
  // --safe-mode flag OR CC_SAFE_MODE / CLAUDE_CODE_SAFE_MODE env (Claude-Code
313
345
  // 2.1.169 parity): flip every customization kill-switch BEFORE anything
314
346
  // loads. Permission rules stay active.
@@ -735,7 +767,62 @@ export function registerAgentCommand(program) {
735
767
  if (piped) prompt = piped;
736
768
  }
737
769
 
770
+ if (options.bg && !prompt) {
771
+ process.stderr.write(
772
+ "--bg requires a task via positional text, -p, or piped stdin.\n",
773
+ );
774
+ process.exitCode = 1;
775
+ return;
776
+ }
777
+
738
778
  if (prompt) {
779
+ if (options.bg) {
780
+ if (options.worktree) {
781
+ process.stderr.write(
782
+ "--bg and --worktree cannot be combined yet; create the worktree first and launch the background agent from it.\n",
783
+ );
784
+ process.exitCode = 1;
785
+ return;
786
+ }
787
+ const { launchBackgroundAgent } =
788
+ await import("../lib/background-agent-supervisor.js");
789
+ const childArgv = process.argv
790
+ .slice(2)
791
+ .filter((arg) => arg !== "--bg" && arg !== "--background");
792
+ const hasSessionArg = childArgv.some(
793
+ (arg) =>
794
+ arg === "--session" ||
795
+ arg === "--resume" ||
796
+ arg === "--continue" ||
797
+ arg === "-c",
798
+ );
799
+ const sessionId =
800
+ options.session ||
801
+ `session-${Date.now()}-${Math.random().toString(16).slice(2, 8)}`;
802
+ if (!hasSessionArg) childArgv.push("--session", sessionId);
803
+ const promptWasPiped =
804
+ positional.length === 0 &&
805
+ !(typeof options.print === "string" && options.print.trim());
806
+ if (promptWasPiped) childArgv.push(prompt);
807
+ const state = launchBackgroundAgent({
808
+ argv: childArgv,
809
+ cwd: process.cwd(),
810
+ sessionId,
811
+ title: prompt.slice(0, 100),
812
+ });
813
+ if (options.outputFormat === "json") {
814
+ console.log(JSON.stringify(state));
815
+ } else {
816
+ console.log(`Background agent started: ${state.id}`);
817
+ console.log(` logs: cc agents logs ${state.id}`);
818
+ console.log(` stop: cc agents stop ${state.id}`);
819
+ }
820
+ return;
821
+ }
822
+ const agentSandbox = normalizeAgentSandbox(options.sandbox, {
823
+ cwd: process.cwd(),
824
+ network: options.sandboxNetwork === true,
825
+ });
739
826
  // Resume requested onto a session with no headless (JSONL) transcript?
740
827
  // Warn instead of silently starting empty 鈥?headless resume rebuilds
741
828
  // from the JSONL store only (DB-only sessions are not replayable here).
@@ -775,6 +862,7 @@ export function registerAgentCommand(program) {
775
862
  allowedTools: parseToolList(options.allowedTools),
776
863
  disallowedTools: parseToolList(options.disallowedTools),
777
864
  additionalDirectories,
865
+ sandbox: agentSandbox,
778
866
  autoCheckpoint,
779
867
  maxTurns,
780
868
  // commander maps --no-file-refs 鈫?options.fileRefs === false
@@ -884,6 +972,10 @@ export function registerAgentCommand(program) {
884
972
  parkOnExit: options.parkOnExit, // false when --no-park-on-exit
885
973
  bundlePath: options.bundle || null,
886
974
  additionalDirectories,
975
+ sandbox: normalizeAgentSandbox(options.sandbox, {
976
+ cwd: process.cwd(),
977
+ network: options.sandboxNetwork === true,
978
+ }),
887
979
  autoCheckpoint,
888
980
  // --vim: start the REPL in vim-mode editing (also CC_VIM=1 or /vim).
889
981
  vimMode: options.vim === true,
@@ -22,6 +22,74 @@ export function registerAgentsCommand(program) {
22
22
  .command("agents")
23
23
  .description("User-defined subagents (.claude/agents/*.md)");
24
24
 
25
+ cmd
26
+ .command("background")
27
+ .alias("bg")
28
+ .description("List background agent sessions")
29
+ .option("--all", "Include completed, failed, stopped and lost sessions")
30
+ .option("--json", "Output as JSON")
31
+ .action(async (options) => {
32
+ const { listBackgroundAgents } =
33
+ await import("../lib/background-agent-supervisor.js");
34
+ const sessions = listBackgroundAgents({ all: options.all === true });
35
+ if (options.json) {
36
+ console.log(JSON.stringify(sessions, null, 2));
37
+ return;
38
+ }
39
+ if (sessions.length === 0) {
40
+ logger.log(chalk.gray("No background agents."));
41
+ return;
42
+ }
43
+ for (const session of sessions) {
44
+ const elapsed = session.endedAt
45
+ ? session.endedAt - session.startedAt
46
+ : Date.now() - session.startedAt;
47
+ logger.log(
48
+ `${chalk.cyan(session.id)} ${session.status.padEnd(9)} ${Math.max(0, Math.round(elapsed / 1000))}s ${session.title || ""}`,
49
+ );
50
+ logger.log(chalk.gray(` pid ${session.pid} ${session.cwd}`));
51
+ }
52
+ });
53
+
54
+ cmd
55
+ .command("logs <id>")
56
+ .description("Print recent output from a background agent")
57
+ .option("-n, --lines <n>", "Number of lines", "100")
58
+ .action(async (id, options) => {
59
+ try {
60
+ const { readBackgroundAgentState, readBackgroundAgentLog } =
61
+ await import("../lib/background-agent-supervisor.js");
62
+ if (!readBackgroundAgentState(id)) {
63
+ throw new Error(`Background agent not found: ${id}`);
64
+ }
65
+ process.stdout.write(
66
+ readBackgroundAgentLog(id, { lines: Number(options.lines) }),
67
+ );
68
+ } catch (error) {
69
+ logger.error(chalk.red(error.message));
70
+ process.exitCode = 1;
71
+ }
72
+ });
73
+
74
+ cmd
75
+ .command("stop <id>")
76
+ .description("Stop a running background agent")
77
+ .option("--json", "Output as JSON")
78
+ .action(async (id, options) => {
79
+ try {
80
+ const { stopBackgroundAgent } =
81
+ await import("../lib/background-agent-supervisor.js");
82
+ const state = stopBackgroundAgent(id);
83
+ if (options.json) console.log(JSON.stringify(state, null, 2));
84
+ else if (state.stopped)
85
+ logger.log(chalk.green(`Stopped background agent ${id}`));
86
+ else logger.log(chalk.gray(`${id} is already ${state.status}`));
87
+ } catch (error) {
88
+ logger.error(chalk.red(error.message));
89
+ process.exitCode = 1;
90
+ }
91
+ });
92
+
25
93
  // ── list ──────────────────────────────────────────────────────────────
26
94
  cmd
27
95
  .command("list")
@@ -53,26 +53,33 @@ export function registerPermissionsCommand(program) {
53
53
  cmd
54
54
  .command("list")
55
55
  .alias("ls")
56
- .description("Show the merged permission ruleset and where each rule came from")
56
+ .description(
57
+ "Show the merged permission ruleset and where each rule came from",
58
+ )
57
59
  .option("--json", "Output as JSON")
58
60
  .option("--settings <file>", "Also merge an explicit settings file")
59
61
  .action(async (options) => {
60
62
  try {
61
63
  const { loadSettings } = await import("../lib/settings-loader.cjs");
62
- const { rules, sources, files } = loadSettings({
64
+ const { rules, sources, files, managed, managedFile } = loadSettings({
63
65
  cwd: process.cwd(),
64
66
  settingsFile: options.settings,
65
67
  });
66
68
  if (options.json) {
67
- console.log(JSON.stringify({ rules, sources, files }, null, 2));
69
+ console.log(
70
+ JSON.stringify(
71
+ { rules, sources, files, managed, managedFile },
72
+ null,
73
+ 2,
74
+ ),
75
+ );
68
76
  return;
69
77
  }
70
- const total =
71
- rules.allow.length + rules.ask.length + rules.deny.length;
78
+ const total = rules.allow.length + rules.ask.length + rules.deny.length;
72
79
  if (total === 0) {
73
80
  logger.log(
74
81
  chalk.gray(
75
- "No permission rules. Add one: cc permissions add deny \"Bash(rm:*)\"\n" +
82
+ 'No permission rules. Add one: cc permissions add deny "Bash(rm:*)"\n' +
76
83
  "(or create .claude/settings.json with a permissions block)",
77
84
  ),
78
85
  );
@@ -89,6 +96,40 @@ export function registerPermissionsCommand(program) {
89
96
  if (files.length) {
90
97
  logger.log(chalk.dim(`\nsources: ${files.join(", ")}`));
91
98
  }
99
+ if (managedFile) {
100
+ logger.log(chalk.yellow(`managed policy: ${managedFile}`));
101
+ if (managed?.allowManagedPermissionRulesOnly) {
102
+ logger.log(
103
+ chalk.yellow(" user/project permission rules disabled"),
104
+ );
105
+ }
106
+ if (
107
+ managed?.disableBypassPermissionsMode === true ||
108
+ managed?.disableBypassPermissionsMode === "disable"
109
+ ) {
110
+ logger.log(chalk.yellow(" bypassPermissions disabled"));
111
+ }
112
+ if (managed?.allowManagedHooksOnly) {
113
+ logger.log(chalk.yellow(" only managed hooks may run"));
114
+ }
115
+ if (managed?.allowManagedMcpServersOnly) {
116
+ logger.log(
117
+ chalk.yellow(" only managed-allowed MCP servers may connect"),
118
+ );
119
+ }
120
+ if (managed?.requireSignedPlugins) {
121
+ logger.log(chalk.yellow(" signed plugin manifests required"));
122
+ }
123
+ if (
124
+ Array.isArray(managed?.allowedPlugins) ||
125
+ Array.isArray(managed?.deniedPlugins) ||
126
+ Array.isArray(managed?.blockedMarketplaces)
127
+ ) {
128
+ logger.log(
129
+ chalk.yellow(" managed plugin supply-chain policy active"),
130
+ );
131
+ }
132
+ }
92
133
  } catch (err) {
93
134
  logger.error(chalk.red(`permissions list failed: ${err.message}`));
94
135
  process.exitCode = 1;
@@ -131,7 +172,13 @@ export function registerPermissionsCommand(program) {
131
172
  if (options.json) {
132
173
  console.log(
133
174
  JSON.stringify(
134
- { tool: concrete, args: toolArgs, decision, rule: result.rule, source },
175
+ {
176
+ tool: concrete,
177
+ args: toolArgs,
178
+ decision,
179
+ rule: result.rule,
180
+ source,
181
+ },
135
182
  null,
136
183
  2,
137
184
  ),
@@ -164,14 +211,19 @@ export function registerPermissionsCommand(program) {
164
211
  cmd
165
212
  .command("add <decision> <rule>")
166
213
  .description("Append a rule (allow|ask|deny) to a settings file")
167
- .option("--local", "Write to .claude/settings.local.json (personal, gitignored)")
214
+ .option(
215
+ "--local",
216
+ "Write to .claude/settings.local.json (personal, gitignored)",
217
+ )
168
218
  .option("--user", "Write to ~/.claude/settings.json (all projects)")
169
219
  .action(async (decision, rule, options) => {
170
220
  try {
171
221
  const kind = String(decision || "").toLowerCase();
172
222
  if (!["allow", "ask", "deny"].includes(kind)) {
173
223
  logger.error(
174
- chalk.red(`decision must be allow | ask | deny (got "${decision}")`),
224
+ chalk.red(
225
+ `decision must be allow | ask | deny (got "${decision}")`,
226
+ ),
175
227
  );
176
228
  process.exitCode = 1;
177
229
  return;
@@ -188,7 +240,11 @@ export function registerPermissionsCommand(program) {
188
240
  return;
189
241
  }
190
242
 
191
- const scope = options.user ? "user" : options.local ? "local" : "project";
243
+ const scope = options.user
244
+ ? "user"
245
+ : options.local
246
+ ? "local"
247
+ : "project";
192
248
  const { addRule } = await import("../lib/settings-loader.cjs");
193
249
  const { file, added } = addRule({
194
250
  cwd: process.cwd(),
@@ -5,6 +5,11 @@
5
5
 
6
6
  import chalk from "chalk";
7
7
  import { logger } from "../lib/logger.js";
8
+ import {
9
+ enforcePluginPolicy,
10
+ loadPluginManagedPolicy,
11
+ verifyPluginManifest,
12
+ } from "../lib/plugin-security.js";
8
13
  import { bootstrap, shutdown } from "../runtime/bootstrap.js";
9
14
  import {
10
15
  installPlugin,
@@ -90,9 +95,32 @@ export function registerPluginCommand(program) {
90
95
  .option("--description <desc>", "Plugin description")
91
96
  .option("--author <author>", "Plugin author")
92
97
  .option("--manifest <path>", "Plugin manifest file with skill declarations")
98
+ .option("--source <source>", "Plugin source or marketplace identifier")
99
+ .option("--sha256 <hex>", "Expected SHA-256 of the manifest")
100
+ .option("--signature <path>", "Detached Ed25519 signature of the manifest")
101
+ .option("--public-key <path>", "PEM public key used to verify --signature")
93
102
  .option("--json", "Output as JSON")
94
103
  .action(async (name, options) => {
95
104
  try {
105
+ const managed = loadPluginManagedPolicy();
106
+ enforcePluginPolicy(
107
+ { name, source: options.source, action: "install" },
108
+ managed,
109
+ );
110
+ let verifiedManifest = null;
111
+ let parsedManifest = null;
112
+ if (options.manifest || managed?.requireSignedPlugins) {
113
+ verifiedManifest = verifyPluginManifest({
114
+ manifestFile: options.manifest,
115
+ expectedSha256: options.sha256,
116
+ signatureFile: options.signature,
117
+ publicKeyFile: options.publicKey,
118
+ requireSignature: managed?.requireSignedPlugins === true,
119
+ trustedKeySha256: managed?.trustedPluginKeySha256,
120
+ requireTrustedKey: managed?.requireSignedPlugins === true,
121
+ });
122
+ parsedManifest = JSON.parse(verifiedManifest.bytes.toString("utf8"));
123
+ }
96
124
  const ctx = await bootstrap({ verbose: program.opts().verbose });
97
125
  if (!ctx.db) {
98
126
  logger.error("Database not available");
@@ -111,8 +139,9 @@ export function registerPluginCommand(program) {
111
139
  if (options.manifest) {
112
140
  try {
113
141
  const fs = await import("fs");
114
- const manifestContent = fs.readFileSync(options.manifest, "utf-8");
115
- const manifest = JSON.parse(manifestContent);
142
+ const manifest =
143
+ parsedManifest ||
144
+ JSON.parse(fs.readFileSync(options.manifest, "utf-8"));
116
145
  if (manifest.skills && manifest.skills.length > 0) {
117
146
  const path = await import("path");
118
147
  const pluginPath = path.dirname(path.resolve(options.manifest));
@@ -131,7 +160,17 @@ export function registerPluginCommand(program) {
131
160
  if (options.json) {
132
161
  console.log(
133
162
  JSON.stringify(
134
- { ...result, skills: skillResult.installed },
163
+ {
164
+ ...result,
165
+ skills: skillResult.installed,
166
+ integrity: verifiedManifest
167
+ ? {
168
+ sha256: verifiedManifest.sha256,
169
+ signatureVerified: verifiedManifest.signatureVerified,
170
+ publicKeySha256: verifiedManifest.publicKeySha256,
171
+ }
172
+ : null,
173
+ },
135
174
  null,
136
175
  2,
137
176
  ),
@@ -205,6 +244,10 @@ export function registerPluginCommand(program) {
205
244
  .argument("<name>", "Plugin name")
206
245
  .action(async (name) => {
207
246
  try {
247
+ enforcePluginPolicy(
248
+ { name, action: "enable" },
249
+ loadPluginManagedPolicy(),
250
+ );
208
251
  const ctx = await bootstrap({ verbose: program.opts().verbose });
209
252
  if (!ctx.db) {
210
253
  logger.error("Database not available");
@@ -262,6 +305,10 @@ export function registerPluginCommand(program) {
262
305
  .argument("<version>", "New version")
263
306
  .action(async (name, version) => {
264
307
  try {
308
+ enforcePluginPolicy(
309
+ { name, action: "update" },
310
+ loadPluginManagedPolicy(),
311
+ );
265
312
  const ctx = await bootstrap({ verbose: program.opts().verbose });
266
313
  if (!ctx.db) {
267
314
  logger.error("Database not available");
@@ -27,6 +27,14 @@ export function registerServeCommand(program) {
27
27
  "Allow non-localhost connections (requires --token)",
28
28
  )
29
29
  .option("--project <path>", "Default project root for sessions")
30
+ .option(
31
+ "--remote-session-relay-url <url>",
32
+ "Signaling relay URL for Remote Session pairing",
33
+ )
34
+ .option(
35
+ "--remote-session-peer-id <id>",
36
+ "Stable relay peer ID for this local runtime",
37
+ )
30
38
  .option(
31
39
  "--http-port <port>",
32
40
  "Hosted HTTP port for Phase 5 envelope SSE (disabled if unset)",
@@ -47,6 +55,8 @@ export function registerServeCommand(program) {
47
55
  project: opts.project,
48
56
  httpPort: opts.httpPort ? parseInt(opts.httpPort, 10) : null,
49
57
  bundlePath: opts.bundle || null,
58
+ remoteSessionRelayUrl: opts.remoteSessionRelayUrl || null,
59
+ remoteSessionPeerId: opts.remoteSessionPeerId || null,
50
60
  });
51
61
  await runtime.startServer();
52
62
  } catch (err) {