chainlesschain 0.162.148 → 0.162.149

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (231) hide show
  1. package/README.md +1 -1
  2. package/package.json +1 -1
  3. package/src/assets/web-panel/.build-hash +1 -1
  4. package/src/assets/web-panel/assets/{AIOps-DwpCCp64.js → AIOps-BJif14yR.js} +1 -1
  5. package/src/assets/web-panel/assets/{ActionButton-C9pBYocA.js → ActionButton-CXek6gJY.js} +1 -1
  6. package/src/assets/web-panel/assets/{Analytics-BWAkeXxK.js → Analytics-BgQhdAJi.js} +2 -2
  7. package/src/assets/web-panel/assets/{AppLayout-CivFGH6B.js → AppLayout-DTYl5NtR.js} +3 -3
  8. package/src/assets/web-panel/assets/{Audit-Cm8hRpZm.js → Audit-BzATQAeR.js} +1 -1
  9. package/src/assets/web-panel/assets/{Backup-DXdFMsE8.js → Backup-BzdPEQhL.js} +1 -1
  10. package/src/assets/web-panel/assets/{BaseInput-uAwSTeql.js → BaseInput-BM0KVh8E.js} +1 -1
  11. package/src/assets/web-panel/assets/{Chat-KU8eeJJE.js → Chat-D7fHXHkz.js} +4 -4
  12. package/src/assets/web-panel/assets/ChatBubbleRenderer-Wm34RR-b.js +1 -0
  13. package/src/assets/web-panel/assets/{Checkbox-C6AMDkjd.js → Checkbox-CAiSQ9vO.js} +1 -1
  14. package/src/assets/web-panel/assets/{Codegen-t2moDxcO.js → Codegen-Df40CrEe.js} +1 -1
  15. package/src/assets/web-panel/assets/{Col-DCcsRRhN.js → Col-DIT2fNFU.js} +1 -1
  16. package/src/assets/web-panel/assets/{Community-DtB-8SAC.js → Community-CSTIbW2k.js} +1 -1
  17. package/src/assets/web-panel/assets/{Compact-CZm8THYA.js → Compact-DtqXZZUi.js} +1 -1
  18. package/src/assets/web-panel/assets/{Compliance-LiQgC7g1.js → Compliance-CUtzw6o7.js} +1 -1
  19. package/src/assets/web-panel/assets/{Cowork-CA8SAxht.js → Cowork-CezmlnmU.js} +2 -2
  20. package/src/assets/web-panel/assets/{Cron-CtRaF1wD.js → Cron-P4BITarg.js} +2 -2
  21. package/src/assets/web-panel/assets/{Crosschain-6-br6Hub.js → Crosschain-BRRiYwvq.js} +1 -1
  22. package/src/assets/web-panel/assets/{DID-Do2EccrL.js → DID-L5ijB9i4.js} +2 -2
  23. package/src/assets/web-panel/assets/{Dashboard-wrXcbzGe.js → Dashboard-CFxro4ob.js} +2 -2
  24. package/src/assets/web-panel/assets/{Dropdown-p3FsT245.js → Dropdown-BmAFCQ71.js} +1 -1
  25. package/src/assets/web-panel/assets/{EmailListRenderer-D95A2L8q.js → EmailListRenderer-DJBCEuon.js} +1 -1
  26. package/src/assets/web-panel/assets/{FamilyGuardDashboard-cLuJW2zo.js → FamilyGuardDashboard-z4oLq6eT.js} +1 -1
  27. package/src/assets/web-panel/assets/{Federation-Brgq_cbN.js → Federation-DsVCpHMF.js} +1 -1
  28. package/src/assets/web-panel/assets/{FormItemContext-DWLCkNgh.js → FormItemContext-DP3bP5th.js} +1 -1
  29. package/src/assets/web-panel/assets/{GenericCardRenderer-BBqUfQd6.js → GenericCardRenderer-BAXP2Gc6.js} +1 -1
  30. package/src/assets/web-panel/assets/{Git-8F090w4I.js → Git-I3g_bAw9.js} +2 -2
  31. package/src/assets/web-panel/assets/{Governance-CCogEbxb.js → Governance-jHS5-ioS.js} +1 -1
  32. package/src/assets/web-panel/assets/{Inference-CfLD7v7C.js → Inference-CPL7sfx9.js} +1 -1
  33. package/src/assets/web-panel/assets/{KnowledgeGraph-DDuHJewd.js → KnowledgeGraph-Jf236h4C.js} +1 -1
  34. package/src/assets/web-panel/assets/{Logs-CE8KSEVC.js → Logs-Cm2tcSKg.js} +2 -2
  35. package/src/assets/web-panel/assets/{Marketplace-DmwpZmhT.js → Marketplace-CZK82rhi.js} +1 -1
  36. package/src/assets/web-panel/assets/{McpTools-Bf7AazU8.js → McpTools-CZCeji7a.js} +4 -4
  37. package/src/assets/web-panel/assets/{Memory-D0QU_00S.js → Memory-3l2KVS9k.js} +2 -2
  38. package/src/assets/web-panel/assets/{MobileBridge-yXS9xdhx.js → MobileBridge-VYdpoLh6.js} +1 -1
  39. package/src/assets/web-panel/assets/{MobileProjects-BuDUoGUP.js → MobileProjects-CiB9cmm1.js} +1 -1
  40. package/src/assets/web-panel/assets/{Mtc-BYyHy28p.js → Mtc-wCFZbBuL.js} +2 -2
  41. package/src/assets/web-panel/assets/{MtcAudit-CK0aqpiZ.js → MtcAudit-1a3THIyG.js} +4 -4
  42. package/src/assets/web-panel/assets/{Multisig-mNimKYeb.js → Multisig-DMzLB2hG.js} +3 -3
  43. package/src/assets/web-panel/assets/{NLProgramming-AioAJ0YA.js → NLProgramming-D9wZbf6l.js} +1 -1
  44. package/src/assets/web-panel/assets/{Notes-CVVNCLHE.js → Notes-hrFe2ZM-.js} +3 -3
  45. package/src/assets/web-panel/assets/{NotificationSettings-C4ABj-TK.js → NotificationSettings-CHGX5Jwm.js} +1 -1
  46. package/src/assets/web-panel/assets/OrderTableRenderer-CRIFE2Tj.js +1 -0
  47. package/src/assets/web-panel/assets/{Organization-uozl_gWK.js → Organization-By7FkhtY.js} +4 -4
  48. package/src/assets/web-panel/assets/{Overflow-BCZOM2hK.js → Overflow--khGSzJn.js} +1 -1
  49. package/src/assets/web-panel/assets/{P2P-CArcaiaj.js → P2P-CAG9dH35.js} +2 -2
  50. package/src/assets/web-panel/assets/{PdhVaultBrowser-Sgq2Srr8.js → PdhVaultBrowser-B3SQZmK9.js} +3 -3
  51. package/src/assets/web-panel/assets/{Permissions-BYrQrXnH.js → Permissions-D35ec6JA.js} +4 -4
  52. package/src/assets/web-panel/assets/{PersonalDataHub-BzHStAbz.js → PersonalDataHub-CxBF7hW_.js} +2 -2
  53. package/src/assets/web-panel/assets/{Pipeline-k7KqxX1M.js → Pipeline-s6EtOO1s.js} +1 -1
  54. package/src/assets/web-panel/assets/{Privacy-IumTUWqx.js → Privacy-BbJYmWmO.js} +1 -1
  55. package/src/assets/web-panel/assets/{ProjectInit-BRyImYTf.js → ProjectInit-VGQq1jMT.js} +2 -2
  56. package/src/assets/web-panel/assets/{ProjectSettings-BFIqTBFk.js → ProjectSettings-B1ew3Teh.js} +2 -2
  57. package/src/assets/web-panel/assets/Projects-CGcNIs_g.js +1 -0
  58. package/src/assets/web-panel/assets/{Providers-CyyFnUPs.js → Providers-mrO47FIK.js} +1 -1
  59. package/src/assets/web-panel/assets/{QrScannerModal-C82cRx-X.js → QrScannerModal-IJF2mHyw.js} +1 -1
  60. package/src/assets/web-panel/assets/{QuickAsk-DGxDF521.js → QuickAsk-CU0wN_Z0.js} +1 -1
  61. package/src/assets/web-panel/assets/{Recommend-Cns-Am1y.js → Recommend-DhN37R6G.js} +1 -1
  62. package/src/assets/web-panel/assets/{RemoteSession-R7OqAIlg.js → RemoteSession-D_xOX_hu.js} +2 -2
  63. package/src/assets/web-panel/assets/{Reputation-D7mgPIYV.js → Reputation-D_Ssv7uH.js} +1 -1
  64. package/src/assets/web-panel/assets/{Row-B3lEURyd.js → Row-Kx5dKxX7.js} +1 -1
  65. package/src/assets/web-panel/assets/{RssFeed-9_UVrpBt.js → RssFeed-BlGwqZkY.js} +2 -2
  66. package/src/assets/web-panel/assets/{Search-ClZeO80q.js → Search-hLFQzxpb.js} +1 -1
  67. package/src/assets/web-panel/assets/{Security-BNNJczEp.js → Security-DMlvsVt4.js} +3 -3
  68. package/src/assets/web-panel/assets/{Services-C5SjrWUj.js → Services-Bd0Qsj2m.js} +2 -2
  69. package/src/assets/web-panel/assets/{Skeleton-Ci_obQ-g.js → Skeleton-DFclq9X3.js} +1 -1
  70. package/src/assets/web-panel/assets/{Skills-DdebN15P.js → Skills-BNtln2qY.js} +1 -1
  71. package/src/assets/web-panel/assets/{Sla-OinZP2vi.js → Sla-Dch5H19G.js} +1 -1
  72. package/src/assets/web-panel/assets/{SpeechSettings-CxzbNF51.js → SpeechSettings-2UfQcU1g.js} +1 -1
  73. package/src/assets/web-panel/assets/{SyncSettings-D06N_66b.js → SyncSettings-CD9YQr4i.js} +2 -2
  74. package/src/assets/web-panel/assets/{Tasks-BdEdW0AZ.js → Tasks-BNu-7MzI.js} +1 -1
  75. package/src/assets/web-panel/assets/{Templates-F1ctKmPa.js → Templates-D1n9CaIR.js} +1 -1
  76. package/src/assets/web-panel/assets/{Tenant-CVz1Urot.js → Tenant-DenL3iBW.js} +1 -1
  77. package/src/assets/web-panel/assets/Terminal-ZzU0Io1Y.js +3 -0
  78. package/src/assets/web-panel/assets/{TimelineRenderer-Doitzjmf.js → TimelineRenderer-D87IfukO.js} +1 -1
  79. package/src/assets/web-panel/assets/{Tokens-BpyVRpVA.js → Tokens-BkiZc8E3.js} +1 -1
  80. package/src/assets/web-panel/assets/{Trigger-nWhWYTbU.js → Trigger-BNRSytGN.js} +1 -1
  81. package/src/assets/web-panel/assets/{Trust-DK_G-wLx.js → Trust-Bwbd4X2m.js} +1 -1
  82. package/src/assets/web-panel/assets/{UkeySign-B5yBUojO.js → UkeySign-B8O2bs0o.js} +1 -1
  83. package/src/assets/web-panel/assets/{VideoEditing-C5D51qAe.js → VideoEditing-C2fL8zmH.js} +1 -1
  84. package/src/assets/web-panel/assets/{Wallet-CLbL9K7v.js → Wallet-BORYDdE1.js} +4 -4
  85. package/src/assets/web-panel/assets/{WebAuthn-DZUelI3V.js → WebAuthn-C0V5S2FM.js} +4 -4
  86. package/src/assets/web-panel/assets/{WorkflowEditor-8RPxt4KW.js → WorkflowEditor-2dR0fcHL.js} +1 -1
  87. package/src/assets/web-panel/assets/{chat-4N4tOA3d.js → chat-BmuAFAn8.js} +1 -1
  88. package/src/assets/web-panel/assets/{colors-zbbGVrua.js → colors-CN3smMcK.js} +1 -1
  89. package/src/assets/web-panel/assets/{compact-item-D7iMkbnE.js → compact-item-DCnxb4kW.js} +1 -1
  90. package/src/assets/web-panel/assets/{createContext-CBzPJv-w.js → createContext-vlR43pHn.js} +1 -1
  91. package/src/assets/web-panel/assets/devWarning-DxwmsL4j.js +1 -0
  92. package/src/assets/web-panel/assets/{hasIn-bHdrQSqZ.js → hasIn-D04tHYFd.js} +1 -1
  93. package/src/assets/web-panel/assets/{index-DbE5D0WL.js → index-0DnaZGkC.js} +1 -1
  94. package/src/assets/web-panel/assets/{index-308gCGh7.js → index-430S68MN.js} +1 -1
  95. package/src/assets/web-panel/assets/{index-kmh1TxRa.js → index-B78xL3s2.js} +1 -1
  96. package/src/assets/web-panel/assets/{index-QFObYeo1.js → index-BTPEZTk1.js} +1 -1
  97. package/src/assets/web-panel/assets/{index-BZb8F8YG.js → index-BXRg8GFQ.js} +1 -1
  98. package/src/assets/web-panel/assets/{index-DE9j5YgT.js → index-BasvsWDM.js} +1 -1
  99. package/src/assets/web-panel/assets/{index-CiG1IZao.js → index-BeGDEXFs.js} +1 -1
  100. package/src/assets/web-panel/assets/{index-Bqmx24kh.js → index-BqhASEL4.js} +1 -1
  101. package/src/assets/web-panel/assets/{index-BCr0geV9.js → index-BudvKQfG.js} +1 -1
  102. package/src/assets/web-panel/assets/{index-S74FpAIn.js → index-C-6NO5il.js} +1 -1
  103. package/src/assets/web-panel/assets/{index-DyoNgbXl.js → index-C5Sxb1sE.js} +1 -1
  104. package/src/assets/web-panel/assets/{index-BtbbdLnf.js → index-CP9m9Ggr.js} +3 -3
  105. package/src/assets/web-panel/assets/{index-CkxK86vf.js → index-CTOCnIQ7.js} +1 -1
  106. package/src/assets/web-panel/assets/index-Cg2ldRfU.js +1 -0
  107. package/src/assets/web-panel/assets/{index-BTIjjXry.js → index-ClhAHDK3.js} +1 -1
  108. package/src/assets/web-panel/assets/{index-B7b1hGry.js → index-CnXebZLL.js} +1 -1
  109. package/src/assets/web-panel/assets/{index-CPxkoKgA.js → index-CngCC8hC.js} +1 -1
  110. package/src/assets/web-panel/assets/{index-Ci009ijp.js → index-Cr-A0FYJ.js} +1 -1
  111. package/src/assets/web-panel/assets/{index-CdmMoYN1.js → index-CsAsCPJ6.js} +1 -1
  112. package/src/assets/web-panel/assets/{index-BBNr77E1.js → index-D28DeAAB.js} +1 -1
  113. package/src/assets/web-panel/assets/{index-B1s0Bz9O.js → index-D5LZVZ0L.js} +1 -1
  114. package/src/assets/web-panel/assets/{index-oDKNgCsP.js → index-D65_XseV.js} +1 -1
  115. package/src/assets/web-panel/assets/{index-QNAG4JtR.js → index-D8vwp4qp.js} +1 -1
  116. package/src/assets/web-panel/assets/{index-CQfu1U78.js → index-DDwLgQY9.js} +1 -1
  117. package/src/assets/web-panel/assets/{index-BnBOpqv3.js → index-DIpY0qM5.js} +1 -1
  118. package/src/assets/web-panel/assets/{index-CQ6NcfWz.js → index-DTWg-18U.js} +1 -1
  119. package/src/assets/web-panel/assets/{index-D4XKpj6c.js → index-DTtRscUa.js} +1 -1
  120. package/src/assets/web-panel/assets/{index-D1YDh7Wr.js → index-DYAtmqiv.js} +1 -1
  121. package/src/assets/web-panel/assets/{index-CvRMA9uT.js → index-D_n8_vfI.js} +1 -1
  122. package/src/assets/web-panel/assets/{index-CahryTX0.js → index-DbADHwhr.js} +1 -1
  123. package/src/assets/web-panel/assets/{index-BJ4ZGyW0.js → index-DbVsQBOH.js} +1 -1
  124. package/src/assets/web-panel/assets/index-Dwzo-dtJ.js +1 -0
  125. package/src/assets/web-panel/assets/{index-xYCm6W2h.js → index-HhNjnCfe.js} +1 -1
  126. package/src/assets/web-panel/assets/{index-BS4_Mwk6.js → index-ToUh2b1-.js} +1 -1
  127. package/src/assets/web-panel/assets/{index-DISWAYce.js → index-TslMTwNy.js} +1 -1
  128. package/src/assets/web-panel/assets/{index-DmqlJed-.js → index-_FIkN3jd.js} +1 -1
  129. package/src/assets/web-panel/assets/{index-CqdPyWm5.js → index-hpvvtAZ3.js} +1 -1
  130. package/src/assets/web-panel/assets/{index-BsKehmmS.js → index-jzR7Ujuw.js} +1 -1
  131. package/src/assets/web-panel/assets/{index-DUyjUkY7.js → index-ljuBiQW9.js} +1 -1
  132. package/src/assets/web-panel/assets/{initDefaultProps-BD55yNBt.js → initDefaultProps-C3wUb4je.js} +1 -1
  133. package/src/assets/web-panel/assets/{motion-B5Bbe77U.js → motion-D-jYFUNA.js} +1 -1
  134. package/src/assets/web-panel/assets/{move-CTvIqHEH.js → move-tqb8nwJ2.js} +1 -1
  135. package/src/assets/web-panel/assets/{mtc-parser-BkNyPQKB.js → mtc-parser-DSOjMJMz.js} +1 -1
  136. package/src/assets/web-panel/assets/{omit-BaXJXgHA.js → omit-CJ7VimIW.js} +1 -1
  137. package/src/assets/web-panel/assets/{pickAttrs-Bw6-YTxH.js → pickAttrs-qXiG1iT3.js} +1 -1
  138. package/src/assets/web-panel/assets/{placementArrow-BLdbkLqJ.js → placementArrow-CkGBcy1Z.js} +1 -1
  139. package/src/assets/web-panel/assets/{responsiveObserve-IVYkzntU.js → responsiveObserve-D3WvTlLO.js} +1 -1
  140. package/src/assets/web-panel/assets/{slide-DFMFwwtY.js → slide-BEE2ftge.js} +1 -1
  141. package/src/assets/web-panel/assets/{statusUtils-CURYRtZ1.js → statusUtils-CsfBpxiG.js} +1 -1
  142. package/src/assets/web-panel/assets/{styleChecker-Cfz63s1r.js → styleChecker-xPrIiJPI.js} +1 -1
  143. package/src/assets/web-panel/assets/{useFlexGapSupport-COJL0KE3.js → useFlexGapSupport-C5Yd-SCR.js} +1 -1
  144. package/src/assets/web-panel/assets/{useFs-YLLojQQf.js → useFs-D_MDS8HI.js} +1 -1
  145. package/src/assets/web-panel/assets/{usePersonalDataHub-BF_21qUC.js → usePersonalDataHub-BqJh-usA.js} +1 -1
  146. package/src/assets/web-panel/assets/{vnode-9ZpkA7bb.js → vnode-chm_p-gz.js} +1 -1
  147. package/src/assets/web-panel/assets/{zoom-DhtAfhl8.js → zoom-3-YDNz0Z.js} +1 -1
  148. package/src/assets/web-panel/index.html +1 -1
  149. package/src/assets/web-panel/remote-session-sw.js +43 -0
  150. package/src/command-manifest.json +22 -1
  151. package/src/commands/agent.js +44 -5
  152. package/src/commands/codeintel.js +252 -0
  153. package/src/commands/eval.js +248 -0
  154. package/src/commands/plugin.js +354 -0
  155. package/src/commands/team.js +456 -0
  156. package/src/gateways/ws/message-dispatcher.js +45 -2
  157. package/src/gateways/ws/remote-session-protocol.js +37 -0
  158. package/src/gateways/ws/ws-server.js +1 -1
  159. package/src/harness/prompt-compressor.js +27 -1
  160. package/src/harness/remote-command-ledger.js +158 -0
  161. package/src/harness/remote-session-push-apns.js +246 -0
  162. package/src/harness/remote-session-push-errors.js +15 -0
  163. package/src/harness/remote-session-push-fcm.js +9 -25
  164. package/src/harness/remote-session-push-huawei.js +174 -0
  165. package/src/harness/remote-session-push-oppo.js +171 -0
  166. package/src/harness/remote-session-push-senders.js +42 -0
  167. package/src/harness/remote-session-push-vivo.js +179 -0
  168. package/src/harness/remote-session-push-web.js +299 -0
  169. package/src/harness/remote-session-push-xiaomi.js +99 -0
  170. package/src/index.js +6 -0
  171. package/src/lib/agent-core.js +2 -0
  172. package/src/lib/agent-sandbox.js +161 -5
  173. package/src/lib/agent-team/task-lease.js +434 -0
  174. package/src/lib/agent-team/team-budget.js +165 -0
  175. package/src/lib/agent-team/team-mailbox.js +106 -0
  176. package/src/lib/agent-team/team-runner.js +266 -0
  177. package/src/lib/agent-team/team-worktree.js +204 -0
  178. package/src/lib/agents.js +18 -0
  179. package/src/lib/async-hook-supervisor.cjs +305 -0
  180. package/src/lib/eval/runner.js +163 -0
  181. package/src/lib/eval/tasks.js +456 -0
  182. package/src/lib/eval/trend.js +185 -0
  183. package/src/lib/lsp/__tests__/code-intelligence.integration.test.js +129 -0
  184. package/src/lib/lsp/__tests__/code-intelligence.test.js +228 -0
  185. package/src/lib/lsp/__tests__/jsonrpc-stream.test.js +104 -0
  186. package/src/lib/lsp/__tests__/lsp-client.test.js +258 -0
  187. package/src/lib/lsp/__tests__/lsp-manager.test.js +264 -0
  188. package/src/lib/lsp/__tests__/lsp-server-registry.test.js +128 -0
  189. package/src/lib/lsp/code-intelligence.js +356 -0
  190. package/src/lib/lsp/jsonrpc-stream.js +139 -0
  191. package/src/lib/lsp/lsp-client.js +318 -0
  192. package/src/lib/lsp/lsp-manager.js +323 -0
  193. package/src/lib/lsp/lsp-server-registry.js +196 -0
  194. package/src/lib/plugin-monitor-supervisor.js +238 -0
  195. package/src/lib/plugin-runtime/agents.js +51 -0
  196. package/src/lib/plugin-runtime/bin.js +100 -0
  197. package/src/lib/plugin-runtime/hooks.js +100 -0
  198. package/src/lib/plugin-runtime/install.js +388 -0
  199. package/src/lib/plugin-runtime/lsp.js +75 -0
  200. package/src/lib/plugin-runtime/manifest.js +458 -0
  201. package/src/lib/plugin-runtime/mcp.js +89 -0
  202. package/src/lib/plugin-runtime/monitors.js +100 -0
  203. package/src/lib/plugin-runtime/policy.js +144 -0
  204. package/src/lib/plugin-runtime/reload.js +79 -0
  205. package/src/lib/plugin-runtime/scopes.js +197 -0
  206. package/src/lib/plugin-runtime/settings.js +119 -0
  207. package/src/lib/plugin-runtime/signature.js +107 -0
  208. package/src/lib/plugin-runtime/skills.js +43 -0
  209. package/src/lib/plugin-runtime/trust.js +140 -0
  210. package/src/lib/sandbox-egress-proxy.js +162 -0
  211. package/src/lib/sandbox-network-policy.js +134 -0
  212. package/src/lib/sandbox-v2.js +10 -4
  213. package/src/lib/settings-hook-events.cjs +78 -6
  214. package/src/lib/settings-hooks.cjs +29 -3
  215. package/src/lib/settings-loader.cjs +35 -1
  216. package/src/lib/skill-loader.js +18 -0
  217. package/src/lib/telemetry/span-recorder.js +237 -0
  218. package/src/repl/agent-repl.js +400 -4
  219. package/src/runtime/agent-core.js +546 -52
  220. package/src/runtime/coding-agent-contract-shared.cjs +82 -8
  221. package/src/runtime/coding-agent-policy.cjs +32 -7
  222. package/src/runtime/fallback-model.js +134 -7
  223. package/src/runtime/headless-runner.js +353 -108
  224. package/src/runtime/mcp-config.js +46 -0
  225. package/src/assets/web-panel/assets/ChatBubbleRenderer-DCNfbdlx.js +0 -1
  226. package/src/assets/web-panel/assets/OrderTableRenderer-DIp8Xcbd.js +0 -1
  227. package/src/assets/web-panel/assets/Projects-Dpid9CDg.js +0 -1
  228. package/src/assets/web-panel/assets/Terminal-BvAK_Zel.js +0 -3
  229. package/src/assets/web-panel/assets/devWarning-C2Z5LRgq.js +0 -1
  230. package/src/assets/web-panel/assets/index-BGp6Yr-Y.js +0 -1
  231. package/src/assets/web-panel/assets/index-BXiw9dQf.js +0 -1
@@ -495,6 +495,360 @@ export function registerPluginCommand(program) {
495
495
  process.exit(1);
496
496
  }
497
497
  });
498
+
499
+ // plugin validate — parse a plugin's unified manifest and report every
500
+ // component it contributes (skills/agents/hooks/mcp/lsp/monitors/bin/settings),
501
+ // plus path-traversal / schema problems. Optional signature/hash verification
502
+ // reuses the real crypto in plugin-security. No DB, no install — pure inspection.
503
+ plugin
504
+ .command("validate <dir>")
505
+ .description("Validate a plugin manifest and list its components")
506
+ .option("--sha256 <hex>", "Expected SHA-256 of the manifest file")
507
+ .option("--signature <path>", "Detached Ed25519 signature of the manifest")
508
+ .option("--public-key <path>", "Public key for signature verification")
509
+ .option("--json", "Output as JSON")
510
+ .action(async (dir, options) => {
511
+ const { parsePluginManifest, summarizeComponents } =
512
+ await import("../lib/plugin-runtime/manifest.js");
513
+ const manifest = parsePluginManifest(dir);
514
+
515
+ // Optional integrity/signature check on the manifest file itself.
516
+ // verifyPluginManifest THROWS on any mismatch/failure and returns a
517
+ // details object on success — so a caught error means verification failed.
518
+ let verification = null;
519
+ if (manifest.manifestPath && (options.sha256 || options.signature)) {
520
+ try {
521
+ const v = verifyPluginManifest({
522
+ manifestFile: manifest.manifestPath,
523
+ expectedSha256: options.sha256,
524
+ signatureFile: options.signature,
525
+ publicKeyFile: options.publicKey,
526
+ });
527
+ verification = {
528
+ ok: true,
529
+ sha256: v?.sha256 || null,
530
+ signatureVerified: v?.signatureVerified === true,
531
+ };
532
+ } catch (err) {
533
+ verification = { ok: false, reason: err.message };
534
+ manifest.ok = false;
535
+ manifest.errors.push(`manifest verification failed: ${err.message}`);
536
+ }
537
+ }
538
+
539
+ const counts = summarizeComponents(manifest);
540
+
541
+ if (options.json) {
542
+ console.log(
543
+ JSON.stringify(
544
+ { ...manifest, componentCounts: counts, verification },
545
+ null,
546
+ 2,
547
+ ),
548
+ );
549
+ if (!manifest.ok) process.exitCode = 1;
550
+ return;
551
+ }
552
+
553
+ const m = manifest.metadata || {};
554
+ logger.log(
555
+ chalk.bold(`Plugin: `) +
556
+ `${chalk.cyan(m.name || "(no name)")} ${chalk.gray("v" + (m.version || "?"))}`,
557
+ );
558
+ if (m.description) logger.log(chalk.gray(" " + m.description));
559
+ logger.log(
560
+ chalk.gray(` manifest: ${manifest.manifestPath || "(none)"}`),
561
+ );
562
+ logger.log(chalk.bold("\nComponents:"));
563
+ for (const [kind, n] of Object.entries(counts)) {
564
+ const mark = n > 0 ? chalk.green(String(n)) : chalk.gray("0");
565
+ logger.log(` ${kind.padEnd(10)} ${mark}`);
566
+ }
567
+ if (verification) {
568
+ logger.log(
569
+ chalk.bold("\nVerification: ") +
570
+ (verification.ok ? chalk.green("passed") : chalk.red("FAILED")),
571
+ );
572
+ }
573
+ for (const w of manifest.warnings) logger.log(chalk.yellow(` ⚠ ${w}`));
574
+ for (const e of manifest.errors) logger.log(chalk.red(` ✖ ${e}`));
575
+ if (manifest.ok) {
576
+ logger.success("\nManifest is valid.");
577
+ } else {
578
+ logger.error("\nManifest is INVALID.");
579
+ process.exitCode = 1;
580
+ }
581
+ });
582
+
583
+ // ── unified plugin runtime install lifecycle (Phase 3) ──
584
+ // These operate on the scope version dirs (user/project/local), independent
585
+ // of the legacy DB-backed `install/list/remove` above. A plugin installed
586
+ // here has its skills/hooks/lsp components picked up by the agent.
587
+
588
+ const SCOPES = "user|project|local";
589
+
590
+ // plugin add <source> — install from a local dir, git URL, or owner/repo
591
+ plugin
592
+ .command("add <source>")
593
+ .description(
594
+ `Install a plugin from a local dir, git URL, or owner/repo[#ref] (scope: ${SCOPES})`,
595
+ )
596
+ .option("--scope <scope>", "Install scope (user|project|local)", "user")
597
+ .option("--force", "Reinstall over an existing immutable version")
598
+ .option("--sha256 <hex>", "Expected SHA-256 of the manifest file")
599
+ .option("--signature <path>", "Detached Ed25519 signature of the manifest")
600
+ .option("--public-key <path>", "Public key for signature verification")
601
+ .option("--json", "Output as JSON")
602
+ .action(async (source, options) => {
603
+ const { installFromSource } =
604
+ await import("../lib/plugin-runtime/install.js");
605
+ const signature =
606
+ options.sha256 || options.signature || options.publicKey
607
+ ? {
608
+ sha256: options.sha256,
609
+ signatureFile: options.signature,
610
+ publicKeyFile: options.publicKey,
611
+ requireSignature: Boolean(options.signature),
612
+ }
613
+ : null;
614
+ try {
615
+ const res = installFromSource(source, {
616
+ scope: options.scope,
617
+ cwd: process.cwd(),
618
+ force: options.force === true,
619
+ signature,
620
+ });
621
+ if (options.json) {
622
+ console.log(JSON.stringify(res, null, 2));
623
+ } else {
624
+ logger.success(
625
+ `Installed ${res.name} v${res.version} (${res.scope} scope)` +
626
+ (res.signatureVerified ? chalk.green(" ✔ signed") : ""),
627
+ );
628
+ logger.log(chalk.gray(` → ${res.dir}`));
629
+ for (const w of res.warnings || [])
630
+ logger.log(chalk.yellow(` ⚠ ${w}`));
631
+ }
632
+ } catch (err) {
633
+ logger.error(`Install failed: ${err.message}`);
634
+ process.exitCode = 1;
635
+ }
636
+ });
637
+
638
+ // plugin installed — list runtime-installed plugins across scopes
639
+ plugin
640
+ .command("installed")
641
+ .description("List plugins installed in the unified runtime (scope dirs)")
642
+ .option("--json", "Output as JSON")
643
+ .action(async (options) => {
644
+ const { listInstalled } =
645
+ await import("../lib/plugin-runtime/install.js");
646
+ const rows = listInstalled({ cwd: process.cwd() });
647
+ if (options.json) {
648
+ console.log(JSON.stringify(rows, null, 2));
649
+ return;
650
+ }
651
+ if (rows.length === 0) {
652
+ logger.info("No plugins installed. Add one with: cc plugin add <dir>");
653
+ return;
654
+ }
655
+ const { isPluginTrusted } =
656
+ await import("../lib/plugin-runtime/trust.js");
657
+ logger.log(chalk.bold(`Installed plugins (${rows.length}):`));
658
+ for (const r of rows) {
659
+ const ok = r.ok ? chalk.green("✔") : chalk.red("✖");
660
+ const trust = isPluginTrusted(r)
661
+ ? chalk.green("trusted")
662
+ : chalk.yellow("untrusted");
663
+ logger.log(
664
+ ` ${ok} ${chalk.cyan(r.name)} v${r.version} ${chalk.gray(`[${r.scope}]`)} ${trust}`,
665
+ );
666
+ }
667
+ });
668
+
669
+ // plugin trust <name> — allow a plugin's code-bearing components to run
670
+ plugin
671
+ .command("trust <name>")
672
+ .description("Trust a plugin so its hooks / LSP servers may run")
673
+ .option("--scope <scope>", "Scope of the plugin", "project")
674
+ .option("--list", "List all trusted plugins instead")
675
+ .action(async (name, options) => {
676
+ const { trustPlugin, listTrust } =
677
+ await import("../lib/plugin-runtime/trust.js");
678
+ const { getActiveVersion } =
679
+ await import("../lib/plugin-runtime/install.js");
680
+ if (options.list) {
681
+ for (const t of listTrust()) {
682
+ logger.log(` ${chalk.cyan(t.name)} v${t.version} [${t.scope}]`);
683
+ }
684
+ return;
685
+ }
686
+ const version = getActiveVersion(name, {
687
+ scope: options.scope,
688
+ cwd: process.cwd(),
689
+ });
690
+ if (!version) {
691
+ logger.error(`${name} is not installed at ${options.scope} scope`);
692
+ process.exitCode = 1;
693
+ return;
694
+ }
695
+ trustPlugin(name, { scope: options.scope, version });
696
+ logger.success(`Trusted ${name} v${version} (${options.scope} scope)`);
697
+ });
698
+
699
+ // plugin untrust <name> — revoke trust
700
+ plugin
701
+ .command("untrust <name>")
702
+ .description(
703
+ "Revoke trust for a plugin (its hooks / LSP servers stop running)",
704
+ )
705
+ .option("--scope <scope>", "Scope of the plugin", "project")
706
+ .action(async (name, options) => {
707
+ const { untrustPlugin } = await import("../lib/plugin-runtime/trust.js");
708
+ const res = untrustPlugin(name, { scope: options.scope });
709
+ if (res.removed) {
710
+ logger.success(`Revoked trust for ${name} (${options.scope} scope)`);
711
+ } else {
712
+ logger.info(`${name} was not trusted at ${options.scope} scope`);
713
+ }
714
+ });
715
+
716
+ // plugin monitors — list (and optionally run) trusted plugins' background
717
+ // monitors. `--run --seconds N` actually starts the supervisor for N seconds,
718
+ // prints captured output, then reaps everything (verifies no leaked process).
719
+ plugin
720
+ .command("monitors")
721
+ .description("List installed plugins' background monitors (trusted only)")
722
+ .option("--json", "Output as JSON")
723
+ .option("--run", "Actually run the monitors for a few seconds, then reap")
724
+ .option("--seconds <n>", "With --run: how long to run", "3")
725
+ .action(async (options) => {
726
+ const { collectPluginMonitors } =
727
+ await import("../lib/plugin-runtime/monitors.js");
728
+ const monitors = collectPluginMonitors({ cwd: process.cwd() });
729
+ if (options.json && !options.run) {
730
+ console.log(JSON.stringify(monitors, null, 2));
731
+ return;
732
+ }
733
+ if (monitors.length === 0) {
734
+ logger.info(
735
+ "No monitors from trusted plugins. (Untrusted project plugins are skipped — `cc plugin trust <name>`.)",
736
+ );
737
+ return;
738
+ }
739
+ logger.log(chalk.bold(`Plugin monitors (${monitors.length}):`));
740
+ for (const m of monitors) {
741
+ const cadence =
742
+ m.mode === "interval"
743
+ ? `every ${m.intervalMs || 60000}ms`
744
+ : "long-running";
745
+ logger.log(
746
+ ` ${chalk.cyan(m.id)} ${chalk.gray(`[${m.scope}]`)} ${m.command} ${m.args.join(" ")} ${chalk.gray(`(${cadence})`)}`,
747
+ );
748
+ }
749
+ if (!options.run) return;
750
+
751
+ const { PluginMonitorSupervisor } =
752
+ await import("../lib/plugin-monitor-supervisor.js");
753
+ const secs = Math.max(1, parseInt(options.seconds, 10) || 3);
754
+ const sup = new PluginMonitorSupervisor();
755
+ const started = sup.start(monitors);
756
+ logger.log(
757
+ chalk.gray(`\nRunning ${started.length} monitor(s) for ${secs}s…`),
758
+ );
759
+ await new Promise((r) => setTimeout(r, secs * 1000));
760
+ const out = sup.drainOutputs();
761
+ sup.stopAll();
762
+ logger.log(chalk.bold(`Captured ${out.length} output line(s):`));
763
+ for (const rec of out.slice(0, 50)) {
764
+ logger.log(
765
+ ` ${chalk.gray(`[${rec.monitor}/${rec.stream}]`)} ${rec.line}`,
766
+ );
767
+ }
768
+ logger.success("Monitors reaped — no process left running.");
769
+ });
770
+
771
+ // plugin uninstall <name> — remove a plugin (or one version) from a scope
772
+ plugin
773
+ .command("uninstall <name>")
774
+ .description(`Uninstall a runtime plugin from a scope (${SCOPES})`)
775
+ .option("--scope <scope>", "Scope to remove from", "user")
776
+ .option("--version <version>", "Remove only this version (default: all)")
777
+ .action(async (name, options) => {
778
+ const { uninstall } = await import("../lib/plugin-runtime/install.js");
779
+ try {
780
+ const res = uninstall(name, {
781
+ scope: options.scope,
782
+ cwd: process.cwd(),
783
+ version: options.version,
784
+ });
785
+ logger.success(
786
+ `Uninstalled ${name} (${res.removed.join(", ") || "nothing"}) from ${options.scope} scope`,
787
+ );
788
+ } catch (err) {
789
+ logger.error(`Uninstall failed: ${err.message}`);
790
+ process.exitCode = 1;
791
+ }
792
+ });
793
+
794
+ // plugin upgrade <source> — re-fetch a source and install its newer version
795
+ plugin
796
+ .command("upgrade <source>")
797
+ .description(
798
+ "Update a runtime plugin from its source (local dir or git); repoints .active",
799
+ )
800
+ .option("--scope <scope>", `Scope to update in (${SCOPES})`, "user")
801
+ .option("--force", "Reinstall even if the version is unchanged")
802
+ .action(async (source, options) => {
803
+ const { updatePlugin } = await import("../lib/plugin-runtime/install.js");
804
+ try {
805
+ const res = updatePlugin(source, {
806
+ scope: options.scope,
807
+ cwd: process.cwd(),
808
+ force: options.force,
809
+ });
810
+ if (res.updated) {
811
+ logger.success(
812
+ `Updated ${res.name}: ${res.previousVersion ? `v${res.previousVersion} → ` : ""}v${res.version} (${options.scope} scope)`,
813
+ );
814
+ } else if (res.reinstalled) {
815
+ logger.success(
816
+ `Reinstalled ${res.name} v${res.version} (${options.scope} scope)`,
817
+ );
818
+ } else {
819
+ logger.info(
820
+ `${res.name} is already up to date at v${res.version} (use --force to reinstall)`,
821
+ );
822
+ }
823
+ } catch (err) {
824
+ logger.error(`Upgrade failed: ${err.message}`);
825
+ process.exitCode = 1;
826
+ }
827
+ });
828
+
829
+ // plugin use <name> <version> — pin the active version (rollback / switch)
830
+ plugin
831
+ .command("use <name> <version>")
832
+ .description("Pin a plugin's active version (rollback or switch)")
833
+ .option("--scope <scope>", "Scope", "user")
834
+ .action(async (name, version, options) => {
835
+ const { setActiveVersion } =
836
+ await import("../lib/plugin-runtime/install.js");
837
+ try {
838
+ setActiveVersion(name, version, {
839
+ scope: options.scope,
840
+ cwd: process.cwd(),
841
+ });
842
+ logger.success(
843
+ `${name} active version → v${version} (${options.scope} scope)`,
844
+ );
845
+ } catch (err) {
846
+ logger.error(`Failed: ${err.message}`);
847
+ process.exitCode = 1;
848
+ }
849
+ });
850
+
851
+ return plugin;
498
852
  }
499
853
 
500
854
  // === Iter26 V2 governance overlay ===