chainlesschain 0.162.148 → 0.162.149
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/package.json +1 -1
- package/src/assets/web-panel/.build-hash +1 -1
- package/src/assets/web-panel/assets/{AIOps-DwpCCp64.js → AIOps-BJif14yR.js} +1 -1
- package/src/assets/web-panel/assets/{ActionButton-C9pBYocA.js → ActionButton-CXek6gJY.js} +1 -1
- package/src/assets/web-panel/assets/{Analytics-BWAkeXxK.js → Analytics-BgQhdAJi.js} +2 -2
- package/src/assets/web-panel/assets/{AppLayout-CivFGH6B.js → AppLayout-DTYl5NtR.js} +3 -3
- package/src/assets/web-panel/assets/{Audit-Cm8hRpZm.js → Audit-BzATQAeR.js} +1 -1
- package/src/assets/web-panel/assets/{Backup-DXdFMsE8.js → Backup-BzdPEQhL.js} +1 -1
- package/src/assets/web-panel/assets/{BaseInput-uAwSTeql.js → BaseInput-BM0KVh8E.js} +1 -1
- package/src/assets/web-panel/assets/{Chat-KU8eeJJE.js → Chat-D7fHXHkz.js} +4 -4
- package/src/assets/web-panel/assets/ChatBubbleRenderer-Wm34RR-b.js +1 -0
- package/src/assets/web-panel/assets/{Checkbox-C6AMDkjd.js → Checkbox-CAiSQ9vO.js} +1 -1
- package/src/assets/web-panel/assets/{Codegen-t2moDxcO.js → Codegen-Df40CrEe.js} +1 -1
- package/src/assets/web-panel/assets/{Col-DCcsRRhN.js → Col-DIT2fNFU.js} +1 -1
- package/src/assets/web-panel/assets/{Community-DtB-8SAC.js → Community-CSTIbW2k.js} +1 -1
- package/src/assets/web-panel/assets/{Compact-CZm8THYA.js → Compact-DtqXZZUi.js} +1 -1
- package/src/assets/web-panel/assets/{Compliance-LiQgC7g1.js → Compliance-CUtzw6o7.js} +1 -1
- package/src/assets/web-panel/assets/{Cowork-CA8SAxht.js → Cowork-CezmlnmU.js} +2 -2
- package/src/assets/web-panel/assets/{Cron-CtRaF1wD.js → Cron-P4BITarg.js} +2 -2
- package/src/assets/web-panel/assets/{Crosschain-6-br6Hub.js → Crosschain-BRRiYwvq.js} +1 -1
- package/src/assets/web-panel/assets/{DID-Do2EccrL.js → DID-L5ijB9i4.js} +2 -2
- package/src/assets/web-panel/assets/{Dashboard-wrXcbzGe.js → Dashboard-CFxro4ob.js} +2 -2
- package/src/assets/web-panel/assets/{Dropdown-p3FsT245.js → Dropdown-BmAFCQ71.js} +1 -1
- package/src/assets/web-panel/assets/{EmailListRenderer-D95A2L8q.js → EmailListRenderer-DJBCEuon.js} +1 -1
- package/src/assets/web-panel/assets/{FamilyGuardDashboard-cLuJW2zo.js → FamilyGuardDashboard-z4oLq6eT.js} +1 -1
- package/src/assets/web-panel/assets/{Federation-Brgq_cbN.js → Federation-DsVCpHMF.js} +1 -1
- package/src/assets/web-panel/assets/{FormItemContext-DWLCkNgh.js → FormItemContext-DP3bP5th.js} +1 -1
- package/src/assets/web-panel/assets/{GenericCardRenderer-BBqUfQd6.js → GenericCardRenderer-BAXP2Gc6.js} +1 -1
- package/src/assets/web-panel/assets/{Git-8F090w4I.js → Git-I3g_bAw9.js} +2 -2
- package/src/assets/web-panel/assets/{Governance-CCogEbxb.js → Governance-jHS5-ioS.js} +1 -1
- package/src/assets/web-panel/assets/{Inference-CfLD7v7C.js → Inference-CPL7sfx9.js} +1 -1
- package/src/assets/web-panel/assets/{KnowledgeGraph-DDuHJewd.js → KnowledgeGraph-Jf236h4C.js} +1 -1
- package/src/assets/web-panel/assets/{Logs-CE8KSEVC.js → Logs-Cm2tcSKg.js} +2 -2
- package/src/assets/web-panel/assets/{Marketplace-DmwpZmhT.js → Marketplace-CZK82rhi.js} +1 -1
- package/src/assets/web-panel/assets/{McpTools-Bf7AazU8.js → McpTools-CZCeji7a.js} +4 -4
- package/src/assets/web-panel/assets/{Memory-D0QU_00S.js → Memory-3l2KVS9k.js} +2 -2
- package/src/assets/web-panel/assets/{MobileBridge-yXS9xdhx.js → MobileBridge-VYdpoLh6.js} +1 -1
- package/src/assets/web-panel/assets/{MobileProjects-BuDUoGUP.js → MobileProjects-CiB9cmm1.js} +1 -1
- package/src/assets/web-panel/assets/{Mtc-BYyHy28p.js → Mtc-wCFZbBuL.js} +2 -2
- package/src/assets/web-panel/assets/{MtcAudit-CK0aqpiZ.js → MtcAudit-1a3THIyG.js} +4 -4
- package/src/assets/web-panel/assets/{Multisig-mNimKYeb.js → Multisig-DMzLB2hG.js} +3 -3
- package/src/assets/web-panel/assets/{NLProgramming-AioAJ0YA.js → NLProgramming-D9wZbf6l.js} +1 -1
- package/src/assets/web-panel/assets/{Notes-CVVNCLHE.js → Notes-hrFe2ZM-.js} +3 -3
- package/src/assets/web-panel/assets/{NotificationSettings-C4ABj-TK.js → NotificationSettings-CHGX5Jwm.js} +1 -1
- package/src/assets/web-panel/assets/OrderTableRenderer-CRIFE2Tj.js +1 -0
- package/src/assets/web-panel/assets/{Organization-uozl_gWK.js → Organization-By7FkhtY.js} +4 -4
- package/src/assets/web-panel/assets/{Overflow-BCZOM2hK.js → Overflow--khGSzJn.js} +1 -1
- package/src/assets/web-panel/assets/{P2P-CArcaiaj.js → P2P-CAG9dH35.js} +2 -2
- package/src/assets/web-panel/assets/{PdhVaultBrowser-Sgq2Srr8.js → PdhVaultBrowser-B3SQZmK9.js} +3 -3
- package/src/assets/web-panel/assets/{Permissions-BYrQrXnH.js → Permissions-D35ec6JA.js} +4 -4
- package/src/assets/web-panel/assets/{PersonalDataHub-BzHStAbz.js → PersonalDataHub-CxBF7hW_.js} +2 -2
- package/src/assets/web-panel/assets/{Pipeline-k7KqxX1M.js → Pipeline-s6EtOO1s.js} +1 -1
- package/src/assets/web-panel/assets/{Privacy-IumTUWqx.js → Privacy-BbJYmWmO.js} +1 -1
- package/src/assets/web-panel/assets/{ProjectInit-BRyImYTf.js → ProjectInit-VGQq1jMT.js} +2 -2
- package/src/assets/web-panel/assets/{ProjectSettings-BFIqTBFk.js → ProjectSettings-B1ew3Teh.js} +2 -2
- package/src/assets/web-panel/assets/Projects-CGcNIs_g.js +1 -0
- package/src/assets/web-panel/assets/{Providers-CyyFnUPs.js → Providers-mrO47FIK.js} +1 -1
- package/src/assets/web-panel/assets/{QrScannerModal-C82cRx-X.js → QrScannerModal-IJF2mHyw.js} +1 -1
- package/src/assets/web-panel/assets/{QuickAsk-DGxDF521.js → QuickAsk-CU0wN_Z0.js} +1 -1
- package/src/assets/web-panel/assets/{Recommend-Cns-Am1y.js → Recommend-DhN37R6G.js} +1 -1
- package/src/assets/web-panel/assets/{RemoteSession-R7OqAIlg.js → RemoteSession-D_xOX_hu.js} +2 -2
- package/src/assets/web-panel/assets/{Reputation-D7mgPIYV.js → Reputation-D_Ssv7uH.js} +1 -1
- package/src/assets/web-panel/assets/{Row-B3lEURyd.js → Row-Kx5dKxX7.js} +1 -1
- package/src/assets/web-panel/assets/{RssFeed-9_UVrpBt.js → RssFeed-BlGwqZkY.js} +2 -2
- package/src/assets/web-panel/assets/{Search-ClZeO80q.js → Search-hLFQzxpb.js} +1 -1
- package/src/assets/web-panel/assets/{Security-BNNJczEp.js → Security-DMlvsVt4.js} +3 -3
- package/src/assets/web-panel/assets/{Services-C5SjrWUj.js → Services-Bd0Qsj2m.js} +2 -2
- package/src/assets/web-panel/assets/{Skeleton-Ci_obQ-g.js → Skeleton-DFclq9X3.js} +1 -1
- package/src/assets/web-panel/assets/{Skills-DdebN15P.js → Skills-BNtln2qY.js} +1 -1
- package/src/assets/web-panel/assets/{Sla-OinZP2vi.js → Sla-Dch5H19G.js} +1 -1
- package/src/assets/web-panel/assets/{SpeechSettings-CxzbNF51.js → SpeechSettings-2UfQcU1g.js} +1 -1
- package/src/assets/web-panel/assets/{SyncSettings-D06N_66b.js → SyncSettings-CD9YQr4i.js} +2 -2
- package/src/assets/web-panel/assets/{Tasks-BdEdW0AZ.js → Tasks-BNu-7MzI.js} +1 -1
- package/src/assets/web-panel/assets/{Templates-F1ctKmPa.js → Templates-D1n9CaIR.js} +1 -1
- package/src/assets/web-panel/assets/{Tenant-CVz1Urot.js → Tenant-DenL3iBW.js} +1 -1
- package/src/assets/web-panel/assets/Terminal-ZzU0Io1Y.js +3 -0
- package/src/assets/web-panel/assets/{TimelineRenderer-Doitzjmf.js → TimelineRenderer-D87IfukO.js} +1 -1
- package/src/assets/web-panel/assets/{Tokens-BpyVRpVA.js → Tokens-BkiZc8E3.js} +1 -1
- package/src/assets/web-panel/assets/{Trigger-nWhWYTbU.js → Trigger-BNRSytGN.js} +1 -1
- package/src/assets/web-panel/assets/{Trust-DK_G-wLx.js → Trust-Bwbd4X2m.js} +1 -1
- package/src/assets/web-panel/assets/{UkeySign-B5yBUojO.js → UkeySign-B8O2bs0o.js} +1 -1
- package/src/assets/web-panel/assets/{VideoEditing-C5D51qAe.js → VideoEditing-C2fL8zmH.js} +1 -1
- package/src/assets/web-panel/assets/{Wallet-CLbL9K7v.js → Wallet-BORYDdE1.js} +4 -4
- package/src/assets/web-panel/assets/{WebAuthn-DZUelI3V.js → WebAuthn-C0V5S2FM.js} +4 -4
- package/src/assets/web-panel/assets/{WorkflowEditor-8RPxt4KW.js → WorkflowEditor-2dR0fcHL.js} +1 -1
- package/src/assets/web-panel/assets/{chat-4N4tOA3d.js → chat-BmuAFAn8.js} +1 -1
- package/src/assets/web-panel/assets/{colors-zbbGVrua.js → colors-CN3smMcK.js} +1 -1
- package/src/assets/web-panel/assets/{compact-item-D7iMkbnE.js → compact-item-DCnxb4kW.js} +1 -1
- package/src/assets/web-panel/assets/{createContext-CBzPJv-w.js → createContext-vlR43pHn.js} +1 -1
- package/src/assets/web-panel/assets/devWarning-DxwmsL4j.js +1 -0
- package/src/assets/web-panel/assets/{hasIn-bHdrQSqZ.js → hasIn-D04tHYFd.js} +1 -1
- package/src/assets/web-panel/assets/{index-DbE5D0WL.js → index-0DnaZGkC.js} +1 -1
- package/src/assets/web-panel/assets/{index-308gCGh7.js → index-430S68MN.js} +1 -1
- package/src/assets/web-panel/assets/{index-kmh1TxRa.js → index-B78xL3s2.js} +1 -1
- package/src/assets/web-panel/assets/{index-QFObYeo1.js → index-BTPEZTk1.js} +1 -1
- package/src/assets/web-panel/assets/{index-BZb8F8YG.js → index-BXRg8GFQ.js} +1 -1
- package/src/assets/web-panel/assets/{index-DE9j5YgT.js → index-BasvsWDM.js} +1 -1
- package/src/assets/web-panel/assets/{index-CiG1IZao.js → index-BeGDEXFs.js} +1 -1
- package/src/assets/web-panel/assets/{index-Bqmx24kh.js → index-BqhASEL4.js} +1 -1
- package/src/assets/web-panel/assets/{index-BCr0geV9.js → index-BudvKQfG.js} +1 -1
- package/src/assets/web-panel/assets/{index-S74FpAIn.js → index-C-6NO5il.js} +1 -1
- package/src/assets/web-panel/assets/{index-DyoNgbXl.js → index-C5Sxb1sE.js} +1 -1
- package/src/assets/web-panel/assets/{index-BtbbdLnf.js → index-CP9m9Ggr.js} +3 -3
- package/src/assets/web-panel/assets/{index-CkxK86vf.js → index-CTOCnIQ7.js} +1 -1
- package/src/assets/web-panel/assets/index-Cg2ldRfU.js +1 -0
- package/src/assets/web-panel/assets/{index-BTIjjXry.js → index-ClhAHDK3.js} +1 -1
- package/src/assets/web-panel/assets/{index-B7b1hGry.js → index-CnXebZLL.js} +1 -1
- package/src/assets/web-panel/assets/{index-CPxkoKgA.js → index-CngCC8hC.js} +1 -1
- package/src/assets/web-panel/assets/{index-Ci009ijp.js → index-Cr-A0FYJ.js} +1 -1
- package/src/assets/web-panel/assets/{index-CdmMoYN1.js → index-CsAsCPJ6.js} +1 -1
- package/src/assets/web-panel/assets/{index-BBNr77E1.js → index-D28DeAAB.js} +1 -1
- package/src/assets/web-panel/assets/{index-B1s0Bz9O.js → index-D5LZVZ0L.js} +1 -1
- package/src/assets/web-panel/assets/{index-oDKNgCsP.js → index-D65_XseV.js} +1 -1
- package/src/assets/web-panel/assets/{index-QNAG4JtR.js → index-D8vwp4qp.js} +1 -1
- package/src/assets/web-panel/assets/{index-CQfu1U78.js → index-DDwLgQY9.js} +1 -1
- package/src/assets/web-panel/assets/{index-BnBOpqv3.js → index-DIpY0qM5.js} +1 -1
- package/src/assets/web-panel/assets/{index-CQ6NcfWz.js → index-DTWg-18U.js} +1 -1
- package/src/assets/web-panel/assets/{index-D4XKpj6c.js → index-DTtRscUa.js} +1 -1
- package/src/assets/web-panel/assets/{index-D1YDh7Wr.js → index-DYAtmqiv.js} +1 -1
- package/src/assets/web-panel/assets/{index-CvRMA9uT.js → index-D_n8_vfI.js} +1 -1
- package/src/assets/web-panel/assets/{index-CahryTX0.js → index-DbADHwhr.js} +1 -1
- package/src/assets/web-panel/assets/{index-BJ4ZGyW0.js → index-DbVsQBOH.js} +1 -1
- package/src/assets/web-panel/assets/index-Dwzo-dtJ.js +1 -0
- package/src/assets/web-panel/assets/{index-xYCm6W2h.js → index-HhNjnCfe.js} +1 -1
- package/src/assets/web-panel/assets/{index-BS4_Mwk6.js → index-ToUh2b1-.js} +1 -1
- package/src/assets/web-panel/assets/{index-DISWAYce.js → index-TslMTwNy.js} +1 -1
- package/src/assets/web-panel/assets/{index-DmqlJed-.js → index-_FIkN3jd.js} +1 -1
- package/src/assets/web-panel/assets/{index-CqdPyWm5.js → index-hpvvtAZ3.js} +1 -1
- package/src/assets/web-panel/assets/{index-BsKehmmS.js → index-jzR7Ujuw.js} +1 -1
- package/src/assets/web-panel/assets/{index-DUyjUkY7.js → index-ljuBiQW9.js} +1 -1
- package/src/assets/web-panel/assets/{initDefaultProps-BD55yNBt.js → initDefaultProps-C3wUb4je.js} +1 -1
- package/src/assets/web-panel/assets/{motion-B5Bbe77U.js → motion-D-jYFUNA.js} +1 -1
- package/src/assets/web-panel/assets/{move-CTvIqHEH.js → move-tqb8nwJ2.js} +1 -1
- package/src/assets/web-panel/assets/{mtc-parser-BkNyPQKB.js → mtc-parser-DSOjMJMz.js} +1 -1
- package/src/assets/web-panel/assets/{omit-BaXJXgHA.js → omit-CJ7VimIW.js} +1 -1
- package/src/assets/web-panel/assets/{pickAttrs-Bw6-YTxH.js → pickAttrs-qXiG1iT3.js} +1 -1
- package/src/assets/web-panel/assets/{placementArrow-BLdbkLqJ.js → placementArrow-CkGBcy1Z.js} +1 -1
- package/src/assets/web-panel/assets/{responsiveObserve-IVYkzntU.js → responsiveObserve-D3WvTlLO.js} +1 -1
- package/src/assets/web-panel/assets/{slide-DFMFwwtY.js → slide-BEE2ftge.js} +1 -1
- package/src/assets/web-panel/assets/{statusUtils-CURYRtZ1.js → statusUtils-CsfBpxiG.js} +1 -1
- package/src/assets/web-panel/assets/{styleChecker-Cfz63s1r.js → styleChecker-xPrIiJPI.js} +1 -1
- package/src/assets/web-panel/assets/{useFlexGapSupport-COJL0KE3.js → useFlexGapSupport-C5Yd-SCR.js} +1 -1
- package/src/assets/web-panel/assets/{useFs-YLLojQQf.js → useFs-D_MDS8HI.js} +1 -1
- package/src/assets/web-panel/assets/{usePersonalDataHub-BF_21qUC.js → usePersonalDataHub-BqJh-usA.js} +1 -1
- package/src/assets/web-panel/assets/{vnode-9ZpkA7bb.js → vnode-chm_p-gz.js} +1 -1
- package/src/assets/web-panel/assets/{zoom-DhtAfhl8.js → zoom-3-YDNz0Z.js} +1 -1
- package/src/assets/web-panel/index.html +1 -1
- package/src/assets/web-panel/remote-session-sw.js +43 -0
- package/src/command-manifest.json +22 -1
- package/src/commands/agent.js +44 -5
- package/src/commands/codeintel.js +252 -0
- package/src/commands/eval.js +248 -0
- package/src/commands/plugin.js +354 -0
- package/src/commands/team.js +456 -0
- package/src/gateways/ws/message-dispatcher.js +45 -2
- package/src/gateways/ws/remote-session-protocol.js +37 -0
- package/src/gateways/ws/ws-server.js +1 -1
- package/src/harness/prompt-compressor.js +27 -1
- package/src/harness/remote-command-ledger.js +158 -0
- package/src/harness/remote-session-push-apns.js +246 -0
- package/src/harness/remote-session-push-errors.js +15 -0
- package/src/harness/remote-session-push-fcm.js +9 -25
- package/src/harness/remote-session-push-huawei.js +174 -0
- package/src/harness/remote-session-push-oppo.js +171 -0
- package/src/harness/remote-session-push-senders.js +42 -0
- package/src/harness/remote-session-push-vivo.js +179 -0
- package/src/harness/remote-session-push-web.js +299 -0
- package/src/harness/remote-session-push-xiaomi.js +99 -0
- package/src/index.js +6 -0
- package/src/lib/agent-core.js +2 -0
- package/src/lib/agent-sandbox.js +161 -5
- package/src/lib/agent-team/task-lease.js +434 -0
- package/src/lib/agent-team/team-budget.js +165 -0
- package/src/lib/agent-team/team-mailbox.js +106 -0
- package/src/lib/agent-team/team-runner.js +266 -0
- package/src/lib/agent-team/team-worktree.js +204 -0
- package/src/lib/agents.js +18 -0
- package/src/lib/async-hook-supervisor.cjs +305 -0
- package/src/lib/eval/runner.js +163 -0
- package/src/lib/eval/tasks.js +456 -0
- package/src/lib/eval/trend.js +185 -0
- package/src/lib/lsp/__tests__/code-intelligence.integration.test.js +129 -0
- package/src/lib/lsp/__tests__/code-intelligence.test.js +228 -0
- package/src/lib/lsp/__tests__/jsonrpc-stream.test.js +104 -0
- package/src/lib/lsp/__tests__/lsp-client.test.js +258 -0
- package/src/lib/lsp/__tests__/lsp-manager.test.js +264 -0
- package/src/lib/lsp/__tests__/lsp-server-registry.test.js +128 -0
- package/src/lib/lsp/code-intelligence.js +356 -0
- package/src/lib/lsp/jsonrpc-stream.js +139 -0
- package/src/lib/lsp/lsp-client.js +318 -0
- package/src/lib/lsp/lsp-manager.js +323 -0
- package/src/lib/lsp/lsp-server-registry.js +196 -0
- package/src/lib/plugin-monitor-supervisor.js +238 -0
- package/src/lib/plugin-runtime/agents.js +51 -0
- package/src/lib/plugin-runtime/bin.js +100 -0
- package/src/lib/plugin-runtime/hooks.js +100 -0
- package/src/lib/plugin-runtime/install.js +388 -0
- package/src/lib/plugin-runtime/lsp.js +75 -0
- package/src/lib/plugin-runtime/manifest.js +458 -0
- package/src/lib/plugin-runtime/mcp.js +89 -0
- package/src/lib/plugin-runtime/monitors.js +100 -0
- package/src/lib/plugin-runtime/policy.js +144 -0
- package/src/lib/plugin-runtime/reload.js +79 -0
- package/src/lib/plugin-runtime/scopes.js +197 -0
- package/src/lib/plugin-runtime/settings.js +119 -0
- package/src/lib/plugin-runtime/signature.js +107 -0
- package/src/lib/plugin-runtime/skills.js +43 -0
- package/src/lib/plugin-runtime/trust.js +140 -0
- package/src/lib/sandbox-egress-proxy.js +162 -0
- package/src/lib/sandbox-network-policy.js +134 -0
- package/src/lib/sandbox-v2.js +10 -4
- package/src/lib/settings-hook-events.cjs +78 -6
- package/src/lib/settings-hooks.cjs +29 -3
- package/src/lib/settings-loader.cjs +35 -1
- package/src/lib/skill-loader.js +18 -0
- package/src/lib/telemetry/span-recorder.js +237 -0
- package/src/repl/agent-repl.js +400 -4
- package/src/runtime/agent-core.js +546 -52
- package/src/runtime/coding-agent-contract-shared.cjs +82 -8
- package/src/runtime/coding-agent-policy.cjs +32 -7
- package/src/runtime/fallback-model.js +134 -7
- package/src/runtime/headless-runner.js +353 -108
- package/src/runtime/mcp-config.js +46 -0
- package/src/assets/web-panel/assets/ChatBubbleRenderer-DCNfbdlx.js +0 -1
- package/src/assets/web-panel/assets/OrderTableRenderer-DIp8Xcbd.js +0 -1
- package/src/assets/web-panel/assets/Projects-Dpid9CDg.js +0 -1
- package/src/assets/web-panel/assets/Terminal-BvAK_Zel.js +0 -3
- package/src/assets/web-panel/assets/devWarning-C2Z5LRgq.js +0 -1
- package/src/assets/web-panel/assets/index-BGp6Yr-Y.js +0 -1
- package/src/assets/web-panel/assets/index-BXiw9dQf.js +0 -1
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
// Remote Session vendor push — Xiaomi (小米) push sender.
|
|
2
|
+
//
|
|
3
|
+
// A concrete implementation of the RemoteSessionPushDispatcher `sender` contract
|
|
4
|
+
// for MIUI devices, using the Xiaomi Push server API. Unlike FCM/APNs there is
|
|
5
|
+
// no JWT — auth is a static app AppSecret in the `Authorization: key=` header —
|
|
6
|
+
// so this sender is a straight form-encoded POST over plain HTTPS with an
|
|
7
|
+
// injectable `fetch` (default global), fully unit-testable with a fake
|
|
8
|
+
// transport. The payload carries only routing ids (no session content).
|
|
9
|
+
|
|
10
|
+
import { PushTokenUnregisteredError } from "./remote-session-push-errors.js";
|
|
11
|
+
|
|
12
|
+
const DEFAULT_HOST = "https://api.xmpush.xiaomi.com";
|
|
13
|
+
const SEND_PATH = "/v3/message/regid";
|
|
14
|
+
|
|
15
|
+
// Xiaomi does not use a single canonical "unregistered" code; match the reason
|
|
16
|
+
// text it returns for a stale/invalid registration id.
|
|
17
|
+
const INVALID_TOKEN_RE = /invalid|not valid|unregist|not ?exist|无效|不存在/i;
|
|
18
|
+
|
|
19
|
+
/** Sends one notification to a Xiaomi registration id. */
|
|
20
|
+
export class XiaomiPushSender {
|
|
21
|
+
constructor(options = {}) {
|
|
22
|
+
if (!options.appSecret) {
|
|
23
|
+
throw new Error("XiaomiPushSender requires an appSecret");
|
|
24
|
+
}
|
|
25
|
+
if (!options.packageName) {
|
|
26
|
+
throw new Error("XiaomiPushSender requires a packageName");
|
|
27
|
+
}
|
|
28
|
+
this.appSecret = options.appSecret;
|
|
29
|
+
this.packageName = options.packageName;
|
|
30
|
+
this.host = options.host || DEFAULT_HOST;
|
|
31
|
+
this.fetch = options.fetch || globalThis.fetch;
|
|
32
|
+
}
|
|
33
|
+
|
|
34
|
+
/** Bound function matching the dispatcher's `sender` contract. */
|
|
35
|
+
get handler() {
|
|
36
|
+
return (payload) => this.send(payload);
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
async send({ token, notification, sessionId, clientId } = {}) {
|
|
40
|
+
if (!token) throw new Error("Xiaomi send requires a registration id");
|
|
41
|
+
const params = new URLSearchParams({
|
|
42
|
+
registration_id: token,
|
|
43
|
+
restricted_package_name: this.packageName,
|
|
44
|
+
pass_through: "0", // 0 = show a notification, 1 = data-only
|
|
45
|
+
notify_type: "-1", // default sound/vibrate
|
|
46
|
+
title: notification?.title || "Approval requested",
|
|
47
|
+
description: notification?.body || "A coding session needs your approval",
|
|
48
|
+
});
|
|
49
|
+
// Routing ids only — no session content.
|
|
50
|
+
const payload = { type: "remote-session.approval-request" };
|
|
51
|
+
if (sessionId != null) payload.sessionId = String(sessionId);
|
|
52
|
+
if (clientId != null) payload.clientId = String(clientId);
|
|
53
|
+
params.set("payload", JSON.stringify(payload));
|
|
54
|
+
|
|
55
|
+
const res = await this.fetch(`${this.host}${SEND_PATH}`, {
|
|
56
|
+
method: "POST",
|
|
57
|
+
headers: {
|
|
58
|
+
Authorization: `key=${this.appSecret}`,
|
|
59
|
+
"Content-Type": "application/x-www-form-urlencoded",
|
|
60
|
+
},
|
|
61
|
+
body: params.toString(),
|
|
62
|
+
});
|
|
63
|
+
const json = await res.json().catch(() => ({}));
|
|
64
|
+
if (res.ok && json.result === "ok" && Number(json.code) === 0) {
|
|
65
|
+
return { id: json.data?.id || null };
|
|
66
|
+
}
|
|
67
|
+
const reason = json.reason || json.description || `HTTP ${res.status}`;
|
|
68
|
+
if (INVALID_TOKEN_RE.test(String(reason))) {
|
|
69
|
+
throw new PushTokenUnregisteredError(
|
|
70
|
+
`Xiaomi registration id invalid: ${reason}`,
|
|
71
|
+
);
|
|
72
|
+
}
|
|
73
|
+
throw new Error(`Xiaomi push failed: ${reason}`);
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
/**
|
|
78
|
+
* Build a bound Xiaomi `sender` from env, or null when unconfigured.
|
|
79
|
+
*
|
|
80
|
+
* Xiaomi env:
|
|
81
|
+
* CHAINLESSCHAIN_REMOTE_SESSION_XIAOMI_APP_SECRET
|
|
82
|
+
* CHAINLESSCHAIN_REMOTE_SESSION_XIAOMI_PACKAGE_NAME
|
|
83
|
+
* CHAINLESSCHAIN_REMOTE_SESSION_XIAOMI_HOST (optional; e.g. the global host)
|
|
84
|
+
*/
|
|
85
|
+
export function createXiaomiPushSender(env = {}, options = {}) {
|
|
86
|
+
const appSecret =
|
|
87
|
+
options.appSecret || env.CHAINLESSCHAIN_REMOTE_SESSION_XIAOMI_APP_SECRET;
|
|
88
|
+
const packageName =
|
|
89
|
+
options.packageName ||
|
|
90
|
+
env.CHAINLESSCHAIN_REMOTE_SESSION_XIAOMI_PACKAGE_NAME;
|
|
91
|
+
if (!appSecret || !packageName) return null;
|
|
92
|
+
const host = options.host || env.CHAINLESSCHAIN_REMOTE_SESSION_XIAOMI_HOST;
|
|
93
|
+
return new XiaomiPushSender({
|
|
94
|
+
appSecret,
|
|
95
|
+
packageName,
|
|
96
|
+
host,
|
|
97
|
+
...options,
|
|
98
|
+
}).handler;
|
|
99
|
+
}
|
package/src/index.js
CHANGED
|
@@ -17,6 +17,8 @@ import { registerAskCommand } from "./commands/ask.js";
|
|
|
17
17
|
import { registerLlmCommand } from "./commands/llm.js";
|
|
18
18
|
import { registerHubCommand } from "./commands/hub.js";
|
|
19
19
|
import { registerAndroidCommand } from "./commands/android.js";
|
|
20
|
+
import { registerEvalCommand } from "./commands/eval.js";
|
|
21
|
+
import { registerTeamCommand } from "./commands/team.js";
|
|
20
22
|
import {
|
|
21
23
|
registerAgentCommand,
|
|
22
24
|
registerSubAgentV2Command,
|
|
@@ -58,6 +60,7 @@ import { registerRCacheCommand } from "./commands/rcache.js";
|
|
|
58
60
|
import { registerSessionCommand } from "./commands/session.js";
|
|
59
61
|
import { registerCostCommand } from "./commands/cost.js";
|
|
60
62
|
import { registerContextCommand } from "./commands/context.js";
|
|
63
|
+
import { registerCodeIntelCommand } from "./commands/codeintel.js";
|
|
61
64
|
import { registerCheckpointCommand } from "./commands/checkpoint.js";
|
|
62
65
|
import { registerGoalCommand } from "./commands/goal.js";
|
|
63
66
|
import { registerCommandCommand } from "./commands/command.js";
|
|
@@ -428,6 +431,8 @@ export function createProgram(opts = {}) {
|
|
|
428
431
|
registerHubCommand(program);
|
|
429
432
|
registerAndroidCommand(program);
|
|
430
433
|
registerAgentCommand(program);
|
|
434
|
+
registerEvalCommand(program);
|
|
435
|
+
registerTeamCommand(program);
|
|
431
436
|
registerSubAgentV2Command(program);
|
|
432
437
|
registerExecBackendV2Command(program);
|
|
433
438
|
registerTodoV2Command(program);
|
|
@@ -468,6 +473,7 @@ export function createProgram(opts = {}) {
|
|
|
468
473
|
registerSessionCommand(program);
|
|
469
474
|
registerCostCommand(program);
|
|
470
475
|
registerContextCommand(program);
|
|
476
|
+
registerCodeIntelCommand(program);
|
|
471
477
|
registerCheckpointCommand(program);
|
|
472
478
|
registerGoalCommand(program);
|
|
473
479
|
registerCommandCommand(program);
|
package/src/lib/agent-core.js
CHANGED
package/src/lib/agent-sandbox.js
CHANGED
|
@@ -1,29 +1,107 @@
|
|
|
1
1
|
/** OS-isolated shell execution for the coding agent. */
|
|
2
2
|
import { spawnSync } from "node:child_process";
|
|
3
3
|
import path from "node:path";
|
|
4
|
+
import { proxyEnv } from "./sandbox-egress-proxy.js";
|
|
4
5
|
|
|
5
6
|
export const DEFAULT_SANDBOX_IMAGE = "node:22-bookworm-slim";
|
|
6
7
|
export const _deps = { spawnSync };
|
|
7
8
|
|
|
9
|
+
function stringList(value) {
|
|
10
|
+
if (!Array.isArray(value)) return [];
|
|
11
|
+
return [
|
|
12
|
+
...new Set(
|
|
13
|
+
value.map((entry) => String(entry || "").trim()).filter(Boolean),
|
|
14
|
+
),
|
|
15
|
+
];
|
|
16
|
+
}
|
|
17
|
+
|
|
18
|
+
function resolvePolicyPaths(entries, cwd) {
|
|
19
|
+
return stringList(entries).map((entry) => {
|
|
20
|
+
if (entry.startsWith("~/")) {
|
|
21
|
+
return path.resolve(
|
|
22
|
+
process.env.HOME || process.env.USERPROFILE || "",
|
|
23
|
+
entry.slice(2),
|
|
24
|
+
);
|
|
25
|
+
}
|
|
26
|
+
return path.resolve(cwd, entry);
|
|
27
|
+
});
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
export function normalizeSandboxPolicy(settings = {}, cwd = process.cwd()) {
|
|
31
|
+
const filesystem = settings.filesystem || {};
|
|
32
|
+
const network = settings.network || {};
|
|
33
|
+
return {
|
|
34
|
+
allowRead: resolvePolicyPaths(filesystem.allowRead, cwd),
|
|
35
|
+
denyRead: resolvePolicyPaths(filesystem.denyRead, cwd),
|
|
36
|
+
allowWrite: resolvePolicyPaths(filesystem.allowWrite, cwd),
|
|
37
|
+
denyWrite: resolvePolicyPaths(filesystem.denyWrite, cwd),
|
|
38
|
+
allowedDomains: stringList(network.allowedDomains),
|
|
39
|
+
deniedDomains: stringList(network.deniedDomains),
|
|
40
|
+
excludedCommands: stringList(settings.excludedCommands),
|
|
41
|
+
allowUnsandboxedCommands: settings.allowUnsandboxedCommands !== false,
|
|
42
|
+
failIfUnavailable: settings.failIfUnavailable === true,
|
|
43
|
+
};
|
|
44
|
+
}
|
|
45
|
+
|
|
8
46
|
export function normalizeAgentSandbox(value, options = {}) {
|
|
9
|
-
|
|
47
|
+
const settings = options.settings || {};
|
|
48
|
+
if (!value && settings.enabled !== true) return null;
|
|
49
|
+
if (value === false || settings.enabled === false) return null;
|
|
10
50
|
const image =
|
|
11
51
|
typeof value === "string" && value.trim() && value !== "true"
|
|
12
52
|
? value.trim()
|
|
13
53
|
: DEFAULT_SANDBOX_IMAGE;
|
|
14
54
|
return {
|
|
15
|
-
engine: "docker",
|
|
16
|
-
image,
|
|
55
|
+
engine: settings.engine || "docker",
|
|
56
|
+
image: settings.image || image,
|
|
17
57
|
cwd: path.resolve(options.cwd || process.cwd()),
|
|
18
|
-
network: options.network === true,
|
|
58
|
+
network: options.network === true || settings.network === true,
|
|
59
|
+
policy: normalizeSandboxPolicy(settings, options.cwd || process.cwd()),
|
|
19
60
|
};
|
|
20
61
|
}
|
|
21
62
|
|
|
22
63
|
export function executeSandboxedShell(command, sandbox, options = {}) {
|
|
23
|
-
if (!sandbox || sandbox.engine
|
|
64
|
+
if (!sandbox || !["docker", "bubblewrap"].includes(sandbox.engine)) {
|
|
24
65
|
throw new Error("A supported agent sandbox configuration is required");
|
|
25
66
|
}
|
|
26
67
|
const hostCwd = path.resolve(options.cwd || sandbox.cwd);
|
|
68
|
+
const policy = sandbox.policy || normalizeSandboxPolicy({}, hostCwd);
|
|
69
|
+
// An egress proxy (see sandbox-egress-proxy.js) ENFORCES the domain allow/deny
|
|
70
|
+
// policy: the caller starts it and passes `{ env }` here, and the sandboxed
|
|
71
|
+
// process routes its HTTP(S) traffic through it. Without a proxy, a
|
|
72
|
+
// domain-restricted network request has no enforcement point, so we refuse
|
|
73
|
+
// rather than grant unrestricted access.
|
|
74
|
+
const egress = options.egressProxy || null;
|
|
75
|
+
if (
|
|
76
|
+
(policy.allowedDomains.length || policy.deniedDomains.length) &&
|
|
77
|
+
sandbox.network &&
|
|
78
|
+
!egress
|
|
79
|
+
) {
|
|
80
|
+
return {
|
|
81
|
+
stdout: "",
|
|
82
|
+
stderr:
|
|
83
|
+
"Domain-restricted sandbox networking requires a configured sandbox proxy; refusing unrestricted network access",
|
|
84
|
+
exitCode: 1,
|
|
85
|
+
failedToStart: true,
|
|
86
|
+
};
|
|
87
|
+
}
|
|
88
|
+
if (sandbox.engine === "bubblewrap") {
|
|
89
|
+
return executeBubblewrapShell(command, sandbox, options, hostCwd, policy);
|
|
90
|
+
}
|
|
91
|
+
if (
|
|
92
|
+
policy.allowRead.length ||
|
|
93
|
+
policy.denyRead.length ||
|
|
94
|
+
policy.allowWrite.length ||
|
|
95
|
+
policy.denyWrite.length
|
|
96
|
+
) {
|
|
97
|
+
return {
|
|
98
|
+
stdout: "",
|
|
99
|
+
stderr:
|
|
100
|
+
"The Docker sandbox backend cannot enforce fine-grained filesystem policy; use engine=bubblewrap",
|
|
101
|
+
exitCode: 1,
|
|
102
|
+
failedToStart: true,
|
|
103
|
+
};
|
|
104
|
+
}
|
|
27
105
|
const args = ["run", "--rm", "--init"];
|
|
28
106
|
if (!sandbox.network) args.push("--network", "none");
|
|
29
107
|
args.push("--mount", `type=bind,source=${hostCwd},target=/workspace`);
|
|
@@ -31,6 +109,17 @@ export function executeSandboxedShell(command, sandbox, options = {}) {
|
|
|
31
109
|
if (process.platform !== "win32" && process.getuid && process.getgid) {
|
|
32
110
|
args.push("--user", `${process.getuid()}:${process.getgid()}`);
|
|
33
111
|
}
|
|
112
|
+
// Route egress through the host proxy so the domain policy is enforced. The
|
|
113
|
+
// container reaches the host proxy via host.docker.internal (mapped to the
|
|
114
|
+
// gateway on Linux via host-gateway); the caller builds `egress.env` with that
|
|
115
|
+
// hostname (proxyEnv(port, "host.docker.internal")).
|
|
116
|
+
if (egress && egress.port && sandbox.network) {
|
|
117
|
+
args.push("--add-host", "host.docker.internal:host-gateway");
|
|
118
|
+
const penv = proxyEnv(egress.port, "host.docker.internal");
|
|
119
|
+
for (const [k, v] of Object.entries(penv)) {
|
|
120
|
+
args.push("--env", `${k}=${v}`);
|
|
121
|
+
}
|
|
122
|
+
}
|
|
34
123
|
const env = options.env || {};
|
|
35
124
|
for (const key of ["CLAUDECODE", "CC_SESSION_ID", "CLAUDE_CODE_SESSION_ID"]) {
|
|
36
125
|
if (env[key] != null) args.push("--env", `${key}=${env[key]}`);
|
|
@@ -61,6 +150,65 @@ export function executeSandboxedShell(command, sandbox, options = {}) {
|
|
|
61
150
|
};
|
|
62
151
|
}
|
|
63
152
|
|
|
153
|
+
function executeBubblewrapShell(command, sandbox, options, hostCwd, policy) {
|
|
154
|
+
const args = [
|
|
155
|
+
"--die-with-parent",
|
|
156
|
+
"--new-session",
|
|
157
|
+
"--unshare-all",
|
|
158
|
+
"--ro-bind",
|
|
159
|
+
"/",
|
|
160
|
+
"/",
|
|
161
|
+
"--bind",
|
|
162
|
+
hostCwd,
|
|
163
|
+
hostCwd,
|
|
164
|
+
"--chdir",
|
|
165
|
+
hostCwd,
|
|
166
|
+
"--proc",
|
|
167
|
+
"/proc",
|
|
168
|
+
"--dev",
|
|
169
|
+
"/dev",
|
|
170
|
+
"--tmpfs",
|
|
171
|
+
"/tmp",
|
|
172
|
+
];
|
|
173
|
+
if (sandbox.network) args.push("--share-net");
|
|
174
|
+
for (const target of policy.allowWrite) args.push("--bind", target, target);
|
|
175
|
+
for (const target of policy.denyWrite) args.push("--ro-bind", target, target);
|
|
176
|
+
for (const target of policy.denyRead) args.push("--tmpfs", target);
|
|
177
|
+
args.push("--", "sh", "-lc", String(command || ""));
|
|
178
|
+
// bwrap `--share-net` shares the host network namespace, so the egress proxy
|
|
179
|
+
// is reachable at 127.0.0.1 directly — merge its env into the child's.
|
|
180
|
+
const egress = options.egressProxy || null;
|
|
181
|
+
const bwrapEnv =
|
|
182
|
+
egress && egress.port && sandbox.network
|
|
183
|
+
? { ...(options.env || {}), ...proxyEnv(egress.port, "127.0.0.1") }
|
|
184
|
+
: options.env;
|
|
185
|
+
const result = _deps.spawnSync("bwrap", args, {
|
|
186
|
+
cwd: hostCwd,
|
|
187
|
+
env: bwrapEnv,
|
|
188
|
+
encoding: "utf8",
|
|
189
|
+
timeout: options.timeout,
|
|
190
|
+
maxBuffer: options.maxBuffer,
|
|
191
|
+
windowsHide: true,
|
|
192
|
+
});
|
|
193
|
+
if (result.error) {
|
|
194
|
+
return {
|
|
195
|
+
stdout: result.stdout || "",
|
|
196
|
+
stderr:
|
|
197
|
+
result.error.code === "ENOENT"
|
|
198
|
+
? "bubblewrap is not installed"
|
|
199
|
+
: result.error.message,
|
|
200
|
+
exitCode: typeof result.status === "number" ? result.status : 1,
|
|
201
|
+
failedToStart: true,
|
|
202
|
+
};
|
|
203
|
+
}
|
|
204
|
+
return {
|
|
205
|
+
stdout: result.stdout || "",
|
|
206
|
+
stderr: result.stderr || "",
|
|
207
|
+
exitCode: typeof result.status === "number" ? result.status : 1,
|
|
208
|
+
signal: result.signal || null,
|
|
209
|
+
};
|
|
210
|
+
}
|
|
211
|
+
|
|
64
212
|
export function sandboxSummary(sandbox) {
|
|
65
213
|
if (!sandbox) return null;
|
|
66
214
|
return {
|
|
@@ -68,5 +216,13 @@ export function sandboxSummary(sandbox) {
|
|
|
68
216
|
image: sandbox.image,
|
|
69
217
|
network: sandbox.network ? "enabled" : "disabled",
|
|
70
218
|
workspace: "read-write",
|
|
219
|
+
policy: {
|
|
220
|
+
additionalReadPaths: sandbox.policy?.allowRead?.length || 0,
|
|
221
|
+
additionalWritePaths: sandbox.policy?.allowWrite?.length || 0,
|
|
222
|
+
networkRestricted:
|
|
223
|
+
Boolean(sandbox.policy?.allowedDomains?.length) ||
|
|
224
|
+
Boolean(sandbox.policy?.deniedDomains?.length),
|
|
225
|
+
failIfUnavailable: sandbox.policy?.failIfUnavailable === true,
|
|
226
|
+
},
|
|
71
227
|
};
|
|
72
228
|
}
|