chainlesschain 0.162.148 → 0.162.149

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (231) hide show
  1. package/README.md +1 -1
  2. package/package.json +1 -1
  3. package/src/assets/web-panel/.build-hash +1 -1
  4. package/src/assets/web-panel/assets/{AIOps-DwpCCp64.js → AIOps-BJif14yR.js} +1 -1
  5. package/src/assets/web-panel/assets/{ActionButton-C9pBYocA.js → ActionButton-CXek6gJY.js} +1 -1
  6. package/src/assets/web-panel/assets/{Analytics-BWAkeXxK.js → Analytics-BgQhdAJi.js} +2 -2
  7. package/src/assets/web-panel/assets/{AppLayout-CivFGH6B.js → AppLayout-DTYl5NtR.js} +3 -3
  8. package/src/assets/web-panel/assets/{Audit-Cm8hRpZm.js → Audit-BzATQAeR.js} +1 -1
  9. package/src/assets/web-panel/assets/{Backup-DXdFMsE8.js → Backup-BzdPEQhL.js} +1 -1
  10. package/src/assets/web-panel/assets/{BaseInput-uAwSTeql.js → BaseInput-BM0KVh8E.js} +1 -1
  11. package/src/assets/web-panel/assets/{Chat-KU8eeJJE.js → Chat-D7fHXHkz.js} +4 -4
  12. package/src/assets/web-panel/assets/ChatBubbleRenderer-Wm34RR-b.js +1 -0
  13. package/src/assets/web-panel/assets/{Checkbox-C6AMDkjd.js → Checkbox-CAiSQ9vO.js} +1 -1
  14. package/src/assets/web-panel/assets/{Codegen-t2moDxcO.js → Codegen-Df40CrEe.js} +1 -1
  15. package/src/assets/web-panel/assets/{Col-DCcsRRhN.js → Col-DIT2fNFU.js} +1 -1
  16. package/src/assets/web-panel/assets/{Community-DtB-8SAC.js → Community-CSTIbW2k.js} +1 -1
  17. package/src/assets/web-panel/assets/{Compact-CZm8THYA.js → Compact-DtqXZZUi.js} +1 -1
  18. package/src/assets/web-panel/assets/{Compliance-LiQgC7g1.js → Compliance-CUtzw6o7.js} +1 -1
  19. package/src/assets/web-panel/assets/{Cowork-CA8SAxht.js → Cowork-CezmlnmU.js} +2 -2
  20. package/src/assets/web-panel/assets/{Cron-CtRaF1wD.js → Cron-P4BITarg.js} +2 -2
  21. package/src/assets/web-panel/assets/{Crosschain-6-br6Hub.js → Crosschain-BRRiYwvq.js} +1 -1
  22. package/src/assets/web-panel/assets/{DID-Do2EccrL.js → DID-L5ijB9i4.js} +2 -2
  23. package/src/assets/web-panel/assets/{Dashboard-wrXcbzGe.js → Dashboard-CFxro4ob.js} +2 -2
  24. package/src/assets/web-panel/assets/{Dropdown-p3FsT245.js → Dropdown-BmAFCQ71.js} +1 -1
  25. package/src/assets/web-panel/assets/{EmailListRenderer-D95A2L8q.js → EmailListRenderer-DJBCEuon.js} +1 -1
  26. package/src/assets/web-panel/assets/{FamilyGuardDashboard-cLuJW2zo.js → FamilyGuardDashboard-z4oLq6eT.js} +1 -1
  27. package/src/assets/web-panel/assets/{Federation-Brgq_cbN.js → Federation-DsVCpHMF.js} +1 -1
  28. package/src/assets/web-panel/assets/{FormItemContext-DWLCkNgh.js → FormItemContext-DP3bP5th.js} +1 -1
  29. package/src/assets/web-panel/assets/{GenericCardRenderer-BBqUfQd6.js → GenericCardRenderer-BAXP2Gc6.js} +1 -1
  30. package/src/assets/web-panel/assets/{Git-8F090w4I.js → Git-I3g_bAw9.js} +2 -2
  31. package/src/assets/web-panel/assets/{Governance-CCogEbxb.js → Governance-jHS5-ioS.js} +1 -1
  32. package/src/assets/web-panel/assets/{Inference-CfLD7v7C.js → Inference-CPL7sfx9.js} +1 -1
  33. package/src/assets/web-panel/assets/{KnowledgeGraph-DDuHJewd.js → KnowledgeGraph-Jf236h4C.js} +1 -1
  34. package/src/assets/web-panel/assets/{Logs-CE8KSEVC.js → Logs-Cm2tcSKg.js} +2 -2
  35. package/src/assets/web-panel/assets/{Marketplace-DmwpZmhT.js → Marketplace-CZK82rhi.js} +1 -1
  36. package/src/assets/web-panel/assets/{McpTools-Bf7AazU8.js → McpTools-CZCeji7a.js} +4 -4
  37. package/src/assets/web-panel/assets/{Memory-D0QU_00S.js → Memory-3l2KVS9k.js} +2 -2
  38. package/src/assets/web-panel/assets/{MobileBridge-yXS9xdhx.js → MobileBridge-VYdpoLh6.js} +1 -1
  39. package/src/assets/web-panel/assets/{MobileProjects-BuDUoGUP.js → MobileProjects-CiB9cmm1.js} +1 -1
  40. package/src/assets/web-panel/assets/{Mtc-BYyHy28p.js → Mtc-wCFZbBuL.js} +2 -2
  41. package/src/assets/web-panel/assets/{MtcAudit-CK0aqpiZ.js → MtcAudit-1a3THIyG.js} +4 -4
  42. package/src/assets/web-panel/assets/{Multisig-mNimKYeb.js → Multisig-DMzLB2hG.js} +3 -3
  43. package/src/assets/web-panel/assets/{NLProgramming-AioAJ0YA.js → NLProgramming-D9wZbf6l.js} +1 -1
  44. package/src/assets/web-panel/assets/{Notes-CVVNCLHE.js → Notes-hrFe2ZM-.js} +3 -3
  45. package/src/assets/web-panel/assets/{NotificationSettings-C4ABj-TK.js → NotificationSettings-CHGX5Jwm.js} +1 -1
  46. package/src/assets/web-panel/assets/OrderTableRenderer-CRIFE2Tj.js +1 -0
  47. package/src/assets/web-panel/assets/{Organization-uozl_gWK.js → Organization-By7FkhtY.js} +4 -4
  48. package/src/assets/web-panel/assets/{Overflow-BCZOM2hK.js → Overflow--khGSzJn.js} +1 -1
  49. package/src/assets/web-panel/assets/{P2P-CArcaiaj.js → P2P-CAG9dH35.js} +2 -2
  50. package/src/assets/web-panel/assets/{PdhVaultBrowser-Sgq2Srr8.js → PdhVaultBrowser-B3SQZmK9.js} +3 -3
  51. package/src/assets/web-panel/assets/{Permissions-BYrQrXnH.js → Permissions-D35ec6JA.js} +4 -4
  52. package/src/assets/web-panel/assets/{PersonalDataHub-BzHStAbz.js → PersonalDataHub-CxBF7hW_.js} +2 -2
  53. package/src/assets/web-panel/assets/{Pipeline-k7KqxX1M.js → Pipeline-s6EtOO1s.js} +1 -1
  54. package/src/assets/web-panel/assets/{Privacy-IumTUWqx.js → Privacy-BbJYmWmO.js} +1 -1
  55. package/src/assets/web-panel/assets/{ProjectInit-BRyImYTf.js → ProjectInit-VGQq1jMT.js} +2 -2
  56. package/src/assets/web-panel/assets/{ProjectSettings-BFIqTBFk.js → ProjectSettings-B1ew3Teh.js} +2 -2
  57. package/src/assets/web-panel/assets/Projects-CGcNIs_g.js +1 -0
  58. package/src/assets/web-panel/assets/{Providers-CyyFnUPs.js → Providers-mrO47FIK.js} +1 -1
  59. package/src/assets/web-panel/assets/{QrScannerModal-C82cRx-X.js → QrScannerModal-IJF2mHyw.js} +1 -1
  60. package/src/assets/web-panel/assets/{QuickAsk-DGxDF521.js → QuickAsk-CU0wN_Z0.js} +1 -1
  61. package/src/assets/web-panel/assets/{Recommend-Cns-Am1y.js → Recommend-DhN37R6G.js} +1 -1
  62. package/src/assets/web-panel/assets/{RemoteSession-R7OqAIlg.js → RemoteSession-D_xOX_hu.js} +2 -2
  63. package/src/assets/web-panel/assets/{Reputation-D7mgPIYV.js → Reputation-D_Ssv7uH.js} +1 -1
  64. package/src/assets/web-panel/assets/{Row-B3lEURyd.js → Row-Kx5dKxX7.js} +1 -1
  65. package/src/assets/web-panel/assets/{RssFeed-9_UVrpBt.js → RssFeed-BlGwqZkY.js} +2 -2
  66. package/src/assets/web-panel/assets/{Search-ClZeO80q.js → Search-hLFQzxpb.js} +1 -1
  67. package/src/assets/web-panel/assets/{Security-BNNJczEp.js → Security-DMlvsVt4.js} +3 -3
  68. package/src/assets/web-panel/assets/{Services-C5SjrWUj.js → Services-Bd0Qsj2m.js} +2 -2
  69. package/src/assets/web-panel/assets/{Skeleton-Ci_obQ-g.js → Skeleton-DFclq9X3.js} +1 -1
  70. package/src/assets/web-panel/assets/{Skills-DdebN15P.js → Skills-BNtln2qY.js} +1 -1
  71. package/src/assets/web-panel/assets/{Sla-OinZP2vi.js → Sla-Dch5H19G.js} +1 -1
  72. package/src/assets/web-panel/assets/{SpeechSettings-CxzbNF51.js → SpeechSettings-2UfQcU1g.js} +1 -1
  73. package/src/assets/web-panel/assets/{SyncSettings-D06N_66b.js → SyncSettings-CD9YQr4i.js} +2 -2
  74. package/src/assets/web-panel/assets/{Tasks-BdEdW0AZ.js → Tasks-BNu-7MzI.js} +1 -1
  75. package/src/assets/web-panel/assets/{Templates-F1ctKmPa.js → Templates-D1n9CaIR.js} +1 -1
  76. package/src/assets/web-panel/assets/{Tenant-CVz1Urot.js → Tenant-DenL3iBW.js} +1 -1
  77. package/src/assets/web-panel/assets/Terminal-ZzU0Io1Y.js +3 -0
  78. package/src/assets/web-panel/assets/{TimelineRenderer-Doitzjmf.js → TimelineRenderer-D87IfukO.js} +1 -1
  79. package/src/assets/web-panel/assets/{Tokens-BpyVRpVA.js → Tokens-BkiZc8E3.js} +1 -1
  80. package/src/assets/web-panel/assets/{Trigger-nWhWYTbU.js → Trigger-BNRSytGN.js} +1 -1
  81. package/src/assets/web-panel/assets/{Trust-DK_G-wLx.js → Trust-Bwbd4X2m.js} +1 -1
  82. package/src/assets/web-panel/assets/{UkeySign-B5yBUojO.js → UkeySign-B8O2bs0o.js} +1 -1
  83. package/src/assets/web-panel/assets/{VideoEditing-C5D51qAe.js → VideoEditing-C2fL8zmH.js} +1 -1
  84. package/src/assets/web-panel/assets/{Wallet-CLbL9K7v.js → Wallet-BORYDdE1.js} +4 -4
  85. package/src/assets/web-panel/assets/{WebAuthn-DZUelI3V.js → WebAuthn-C0V5S2FM.js} +4 -4
  86. package/src/assets/web-panel/assets/{WorkflowEditor-8RPxt4KW.js → WorkflowEditor-2dR0fcHL.js} +1 -1
  87. package/src/assets/web-panel/assets/{chat-4N4tOA3d.js → chat-BmuAFAn8.js} +1 -1
  88. package/src/assets/web-panel/assets/{colors-zbbGVrua.js → colors-CN3smMcK.js} +1 -1
  89. package/src/assets/web-panel/assets/{compact-item-D7iMkbnE.js → compact-item-DCnxb4kW.js} +1 -1
  90. package/src/assets/web-panel/assets/{createContext-CBzPJv-w.js → createContext-vlR43pHn.js} +1 -1
  91. package/src/assets/web-panel/assets/devWarning-DxwmsL4j.js +1 -0
  92. package/src/assets/web-panel/assets/{hasIn-bHdrQSqZ.js → hasIn-D04tHYFd.js} +1 -1
  93. package/src/assets/web-panel/assets/{index-DbE5D0WL.js → index-0DnaZGkC.js} +1 -1
  94. package/src/assets/web-panel/assets/{index-308gCGh7.js → index-430S68MN.js} +1 -1
  95. package/src/assets/web-panel/assets/{index-kmh1TxRa.js → index-B78xL3s2.js} +1 -1
  96. package/src/assets/web-panel/assets/{index-QFObYeo1.js → index-BTPEZTk1.js} +1 -1
  97. package/src/assets/web-panel/assets/{index-BZb8F8YG.js → index-BXRg8GFQ.js} +1 -1
  98. package/src/assets/web-panel/assets/{index-DE9j5YgT.js → index-BasvsWDM.js} +1 -1
  99. package/src/assets/web-panel/assets/{index-CiG1IZao.js → index-BeGDEXFs.js} +1 -1
  100. package/src/assets/web-panel/assets/{index-Bqmx24kh.js → index-BqhASEL4.js} +1 -1
  101. package/src/assets/web-panel/assets/{index-BCr0geV9.js → index-BudvKQfG.js} +1 -1
  102. package/src/assets/web-panel/assets/{index-S74FpAIn.js → index-C-6NO5il.js} +1 -1
  103. package/src/assets/web-panel/assets/{index-DyoNgbXl.js → index-C5Sxb1sE.js} +1 -1
  104. package/src/assets/web-panel/assets/{index-BtbbdLnf.js → index-CP9m9Ggr.js} +3 -3
  105. package/src/assets/web-panel/assets/{index-CkxK86vf.js → index-CTOCnIQ7.js} +1 -1
  106. package/src/assets/web-panel/assets/index-Cg2ldRfU.js +1 -0
  107. package/src/assets/web-panel/assets/{index-BTIjjXry.js → index-ClhAHDK3.js} +1 -1
  108. package/src/assets/web-panel/assets/{index-B7b1hGry.js → index-CnXebZLL.js} +1 -1
  109. package/src/assets/web-panel/assets/{index-CPxkoKgA.js → index-CngCC8hC.js} +1 -1
  110. package/src/assets/web-panel/assets/{index-Ci009ijp.js → index-Cr-A0FYJ.js} +1 -1
  111. package/src/assets/web-panel/assets/{index-CdmMoYN1.js → index-CsAsCPJ6.js} +1 -1
  112. package/src/assets/web-panel/assets/{index-BBNr77E1.js → index-D28DeAAB.js} +1 -1
  113. package/src/assets/web-panel/assets/{index-B1s0Bz9O.js → index-D5LZVZ0L.js} +1 -1
  114. package/src/assets/web-panel/assets/{index-oDKNgCsP.js → index-D65_XseV.js} +1 -1
  115. package/src/assets/web-panel/assets/{index-QNAG4JtR.js → index-D8vwp4qp.js} +1 -1
  116. package/src/assets/web-panel/assets/{index-CQfu1U78.js → index-DDwLgQY9.js} +1 -1
  117. package/src/assets/web-panel/assets/{index-BnBOpqv3.js → index-DIpY0qM5.js} +1 -1
  118. package/src/assets/web-panel/assets/{index-CQ6NcfWz.js → index-DTWg-18U.js} +1 -1
  119. package/src/assets/web-panel/assets/{index-D4XKpj6c.js → index-DTtRscUa.js} +1 -1
  120. package/src/assets/web-panel/assets/{index-D1YDh7Wr.js → index-DYAtmqiv.js} +1 -1
  121. package/src/assets/web-panel/assets/{index-CvRMA9uT.js → index-D_n8_vfI.js} +1 -1
  122. package/src/assets/web-panel/assets/{index-CahryTX0.js → index-DbADHwhr.js} +1 -1
  123. package/src/assets/web-panel/assets/{index-BJ4ZGyW0.js → index-DbVsQBOH.js} +1 -1
  124. package/src/assets/web-panel/assets/index-Dwzo-dtJ.js +1 -0
  125. package/src/assets/web-panel/assets/{index-xYCm6W2h.js → index-HhNjnCfe.js} +1 -1
  126. package/src/assets/web-panel/assets/{index-BS4_Mwk6.js → index-ToUh2b1-.js} +1 -1
  127. package/src/assets/web-panel/assets/{index-DISWAYce.js → index-TslMTwNy.js} +1 -1
  128. package/src/assets/web-panel/assets/{index-DmqlJed-.js → index-_FIkN3jd.js} +1 -1
  129. package/src/assets/web-panel/assets/{index-CqdPyWm5.js → index-hpvvtAZ3.js} +1 -1
  130. package/src/assets/web-panel/assets/{index-BsKehmmS.js → index-jzR7Ujuw.js} +1 -1
  131. package/src/assets/web-panel/assets/{index-DUyjUkY7.js → index-ljuBiQW9.js} +1 -1
  132. package/src/assets/web-panel/assets/{initDefaultProps-BD55yNBt.js → initDefaultProps-C3wUb4je.js} +1 -1
  133. package/src/assets/web-panel/assets/{motion-B5Bbe77U.js → motion-D-jYFUNA.js} +1 -1
  134. package/src/assets/web-panel/assets/{move-CTvIqHEH.js → move-tqb8nwJ2.js} +1 -1
  135. package/src/assets/web-panel/assets/{mtc-parser-BkNyPQKB.js → mtc-parser-DSOjMJMz.js} +1 -1
  136. package/src/assets/web-panel/assets/{omit-BaXJXgHA.js → omit-CJ7VimIW.js} +1 -1
  137. package/src/assets/web-panel/assets/{pickAttrs-Bw6-YTxH.js → pickAttrs-qXiG1iT3.js} +1 -1
  138. package/src/assets/web-panel/assets/{placementArrow-BLdbkLqJ.js → placementArrow-CkGBcy1Z.js} +1 -1
  139. package/src/assets/web-panel/assets/{responsiveObserve-IVYkzntU.js → responsiveObserve-D3WvTlLO.js} +1 -1
  140. package/src/assets/web-panel/assets/{slide-DFMFwwtY.js → slide-BEE2ftge.js} +1 -1
  141. package/src/assets/web-panel/assets/{statusUtils-CURYRtZ1.js → statusUtils-CsfBpxiG.js} +1 -1
  142. package/src/assets/web-panel/assets/{styleChecker-Cfz63s1r.js → styleChecker-xPrIiJPI.js} +1 -1
  143. package/src/assets/web-panel/assets/{useFlexGapSupport-COJL0KE3.js → useFlexGapSupport-C5Yd-SCR.js} +1 -1
  144. package/src/assets/web-panel/assets/{useFs-YLLojQQf.js → useFs-D_MDS8HI.js} +1 -1
  145. package/src/assets/web-panel/assets/{usePersonalDataHub-BF_21qUC.js → usePersonalDataHub-BqJh-usA.js} +1 -1
  146. package/src/assets/web-panel/assets/{vnode-9ZpkA7bb.js → vnode-chm_p-gz.js} +1 -1
  147. package/src/assets/web-panel/assets/{zoom-DhtAfhl8.js → zoom-3-YDNz0Z.js} +1 -1
  148. package/src/assets/web-panel/index.html +1 -1
  149. package/src/assets/web-panel/remote-session-sw.js +43 -0
  150. package/src/command-manifest.json +22 -1
  151. package/src/commands/agent.js +44 -5
  152. package/src/commands/codeintel.js +252 -0
  153. package/src/commands/eval.js +248 -0
  154. package/src/commands/plugin.js +354 -0
  155. package/src/commands/team.js +456 -0
  156. package/src/gateways/ws/message-dispatcher.js +45 -2
  157. package/src/gateways/ws/remote-session-protocol.js +37 -0
  158. package/src/gateways/ws/ws-server.js +1 -1
  159. package/src/harness/prompt-compressor.js +27 -1
  160. package/src/harness/remote-command-ledger.js +158 -0
  161. package/src/harness/remote-session-push-apns.js +246 -0
  162. package/src/harness/remote-session-push-errors.js +15 -0
  163. package/src/harness/remote-session-push-fcm.js +9 -25
  164. package/src/harness/remote-session-push-huawei.js +174 -0
  165. package/src/harness/remote-session-push-oppo.js +171 -0
  166. package/src/harness/remote-session-push-senders.js +42 -0
  167. package/src/harness/remote-session-push-vivo.js +179 -0
  168. package/src/harness/remote-session-push-web.js +299 -0
  169. package/src/harness/remote-session-push-xiaomi.js +99 -0
  170. package/src/index.js +6 -0
  171. package/src/lib/agent-core.js +2 -0
  172. package/src/lib/agent-sandbox.js +161 -5
  173. package/src/lib/agent-team/task-lease.js +434 -0
  174. package/src/lib/agent-team/team-budget.js +165 -0
  175. package/src/lib/agent-team/team-mailbox.js +106 -0
  176. package/src/lib/agent-team/team-runner.js +266 -0
  177. package/src/lib/agent-team/team-worktree.js +204 -0
  178. package/src/lib/agents.js +18 -0
  179. package/src/lib/async-hook-supervisor.cjs +305 -0
  180. package/src/lib/eval/runner.js +163 -0
  181. package/src/lib/eval/tasks.js +456 -0
  182. package/src/lib/eval/trend.js +185 -0
  183. package/src/lib/lsp/__tests__/code-intelligence.integration.test.js +129 -0
  184. package/src/lib/lsp/__tests__/code-intelligence.test.js +228 -0
  185. package/src/lib/lsp/__tests__/jsonrpc-stream.test.js +104 -0
  186. package/src/lib/lsp/__tests__/lsp-client.test.js +258 -0
  187. package/src/lib/lsp/__tests__/lsp-manager.test.js +264 -0
  188. package/src/lib/lsp/__tests__/lsp-server-registry.test.js +128 -0
  189. package/src/lib/lsp/code-intelligence.js +356 -0
  190. package/src/lib/lsp/jsonrpc-stream.js +139 -0
  191. package/src/lib/lsp/lsp-client.js +318 -0
  192. package/src/lib/lsp/lsp-manager.js +323 -0
  193. package/src/lib/lsp/lsp-server-registry.js +196 -0
  194. package/src/lib/plugin-monitor-supervisor.js +238 -0
  195. package/src/lib/plugin-runtime/agents.js +51 -0
  196. package/src/lib/plugin-runtime/bin.js +100 -0
  197. package/src/lib/plugin-runtime/hooks.js +100 -0
  198. package/src/lib/plugin-runtime/install.js +388 -0
  199. package/src/lib/plugin-runtime/lsp.js +75 -0
  200. package/src/lib/plugin-runtime/manifest.js +458 -0
  201. package/src/lib/plugin-runtime/mcp.js +89 -0
  202. package/src/lib/plugin-runtime/monitors.js +100 -0
  203. package/src/lib/plugin-runtime/policy.js +144 -0
  204. package/src/lib/plugin-runtime/reload.js +79 -0
  205. package/src/lib/plugin-runtime/scopes.js +197 -0
  206. package/src/lib/plugin-runtime/settings.js +119 -0
  207. package/src/lib/plugin-runtime/signature.js +107 -0
  208. package/src/lib/plugin-runtime/skills.js +43 -0
  209. package/src/lib/plugin-runtime/trust.js +140 -0
  210. package/src/lib/sandbox-egress-proxy.js +162 -0
  211. package/src/lib/sandbox-network-policy.js +134 -0
  212. package/src/lib/sandbox-v2.js +10 -4
  213. package/src/lib/settings-hook-events.cjs +78 -6
  214. package/src/lib/settings-hooks.cjs +29 -3
  215. package/src/lib/settings-loader.cjs +35 -1
  216. package/src/lib/skill-loader.js +18 -0
  217. package/src/lib/telemetry/span-recorder.js +237 -0
  218. package/src/repl/agent-repl.js +400 -4
  219. package/src/runtime/agent-core.js +546 -52
  220. package/src/runtime/coding-agent-contract-shared.cjs +82 -8
  221. package/src/runtime/coding-agent-policy.cjs +32 -7
  222. package/src/runtime/fallback-model.js +134 -7
  223. package/src/runtime/headless-runner.js +353 -108
  224. package/src/runtime/mcp-config.js +46 -0
  225. package/src/assets/web-panel/assets/ChatBubbleRenderer-DCNfbdlx.js +0 -1
  226. package/src/assets/web-panel/assets/OrderTableRenderer-DIp8Xcbd.js +0 -1
  227. package/src/assets/web-panel/assets/Projects-Dpid9CDg.js +0 -1
  228. package/src/assets/web-panel/assets/Terminal-BvAK_Zel.js +0 -3
  229. package/src/assets/web-panel/assets/devWarning-C2Z5LRgq.js +0 -1
  230. package/src/assets/web-panel/assets/index-BGp6Yr-Y.js +0 -1
  231. package/src/assets/web-panel/assets/index-BXiw9dQf.js +0 -1
@@ -0,0 +1,99 @@
1
+ // Remote Session vendor push — Xiaomi (小米) push sender.
2
+ //
3
+ // A concrete implementation of the RemoteSessionPushDispatcher `sender` contract
4
+ // for MIUI devices, using the Xiaomi Push server API. Unlike FCM/APNs there is
5
+ // no JWT — auth is a static app AppSecret in the `Authorization: key=` header —
6
+ // so this sender is a straight form-encoded POST over plain HTTPS with an
7
+ // injectable `fetch` (default global), fully unit-testable with a fake
8
+ // transport. The payload carries only routing ids (no session content).
9
+
10
+ import { PushTokenUnregisteredError } from "./remote-session-push-errors.js";
11
+
12
+ const DEFAULT_HOST = "https://api.xmpush.xiaomi.com";
13
+ const SEND_PATH = "/v3/message/regid";
14
+
15
+ // Xiaomi does not use a single canonical "unregistered" code; match the reason
16
+ // text it returns for a stale/invalid registration id.
17
+ const INVALID_TOKEN_RE = /invalid|not valid|unregist|not ?exist|无效|不存在/i;
18
+
19
+ /** Sends one notification to a Xiaomi registration id. */
20
+ export class XiaomiPushSender {
21
+ constructor(options = {}) {
22
+ if (!options.appSecret) {
23
+ throw new Error("XiaomiPushSender requires an appSecret");
24
+ }
25
+ if (!options.packageName) {
26
+ throw new Error("XiaomiPushSender requires a packageName");
27
+ }
28
+ this.appSecret = options.appSecret;
29
+ this.packageName = options.packageName;
30
+ this.host = options.host || DEFAULT_HOST;
31
+ this.fetch = options.fetch || globalThis.fetch;
32
+ }
33
+
34
+ /** Bound function matching the dispatcher's `sender` contract. */
35
+ get handler() {
36
+ return (payload) => this.send(payload);
37
+ }
38
+
39
+ async send({ token, notification, sessionId, clientId } = {}) {
40
+ if (!token) throw new Error("Xiaomi send requires a registration id");
41
+ const params = new URLSearchParams({
42
+ registration_id: token,
43
+ restricted_package_name: this.packageName,
44
+ pass_through: "0", // 0 = show a notification, 1 = data-only
45
+ notify_type: "-1", // default sound/vibrate
46
+ title: notification?.title || "Approval requested",
47
+ description: notification?.body || "A coding session needs your approval",
48
+ });
49
+ // Routing ids only — no session content.
50
+ const payload = { type: "remote-session.approval-request" };
51
+ if (sessionId != null) payload.sessionId = String(sessionId);
52
+ if (clientId != null) payload.clientId = String(clientId);
53
+ params.set("payload", JSON.stringify(payload));
54
+
55
+ const res = await this.fetch(`${this.host}${SEND_PATH}`, {
56
+ method: "POST",
57
+ headers: {
58
+ Authorization: `key=${this.appSecret}`,
59
+ "Content-Type": "application/x-www-form-urlencoded",
60
+ },
61
+ body: params.toString(),
62
+ });
63
+ const json = await res.json().catch(() => ({}));
64
+ if (res.ok && json.result === "ok" && Number(json.code) === 0) {
65
+ return { id: json.data?.id || null };
66
+ }
67
+ const reason = json.reason || json.description || `HTTP ${res.status}`;
68
+ if (INVALID_TOKEN_RE.test(String(reason))) {
69
+ throw new PushTokenUnregisteredError(
70
+ `Xiaomi registration id invalid: ${reason}`,
71
+ );
72
+ }
73
+ throw new Error(`Xiaomi push failed: ${reason}`);
74
+ }
75
+ }
76
+
77
+ /**
78
+ * Build a bound Xiaomi `sender` from env, or null when unconfigured.
79
+ *
80
+ * Xiaomi env:
81
+ * CHAINLESSCHAIN_REMOTE_SESSION_XIAOMI_APP_SECRET
82
+ * CHAINLESSCHAIN_REMOTE_SESSION_XIAOMI_PACKAGE_NAME
83
+ * CHAINLESSCHAIN_REMOTE_SESSION_XIAOMI_HOST (optional; e.g. the global host)
84
+ */
85
+ export function createXiaomiPushSender(env = {}, options = {}) {
86
+ const appSecret =
87
+ options.appSecret || env.CHAINLESSCHAIN_REMOTE_SESSION_XIAOMI_APP_SECRET;
88
+ const packageName =
89
+ options.packageName ||
90
+ env.CHAINLESSCHAIN_REMOTE_SESSION_XIAOMI_PACKAGE_NAME;
91
+ if (!appSecret || !packageName) return null;
92
+ const host = options.host || env.CHAINLESSCHAIN_REMOTE_SESSION_XIAOMI_HOST;
93
+ return new XiaomiPushSender({
94
+ appSecret,
95
+ packageName,
96
+ host,
97
+ ...options,
98
+ }).handler;
99
+ }
package/src/index.js CHANGED
@@ -17,6 +17,8 @@ import { registerAskCommand } from "./commands/ask.js";
17
17
  import { registerLlmCommand } from "./commands/llm.js";
18
18
  import { registerHubCommand } from "./commands/hub.js";
19
19
  import { registerAndroidCommand } from "./commands/android.js";
20
+ import { registerEvalCommand } from "./commands/eval.js";
21
+ import { registerTeamCommand } from "./commands/team.js";
20
22
  import {
21
23
  registerAgentCommand,
22
24
  registerSubAgentV2Command,
@@ -58,6 +60,7 @@ import { registerRCacheCommand } from "./commands/rcache.js";
58
60
  import { registerSessionCommand } from "./commands/session.js";
59
61
  import { registerCostCommand } from "./commands/cost.js";
60
62
  import { registerContextCommand } from "./commands/context.js";
63
+ import { registerCodeIntelCommand } from "./commands/codeintel.js";
61
64
  import { registerCheckpointCommand } from "./commands/checkpoint.js";
62
65
  import { registerGoalCommand } from "./commands/goal.js";
63
66
  import { registerCommandCommand } from "./commands/command.js";
@@ -428,6 +431,8 @@ export function createProgram(opts = {}) {
428
431
  registerHubCommand(program);
429
432
  registerAndroidCommand(program);
430
433
  registerAgentCommand(program);
434
+ registerEvalCommand(program);
435
+ registerTeamCommand(program);
431
436
  registerSubAgentV2Command(program);
432
437
  registerExecBackendV2Command(program);
433
438
  registerTodoV2Command(program);
@@ -468,6 +473,7 @@ export function createProgram(opts = {}) {
468
473
  registerSessionCommand(program);
469
474
  registerCostCommand(program);
470
475
  registerContextCommand(program);
476
+ registerCodeIntelCommand(program);
471
477
  registerCheckpointCommand(program);
472
478
  registerGoalCommand(program);
473
479
  registerCommandCommand(program);
@@ -42,4 +42,6 @@ export {
42
42
  _toAnthropicMessages,
43
43
  _anthropicThinkingParams,
44
44
  _normalizeAnthropicResponse,
45
+ _resetFileFreshness,
46
+ disposeSharedCodeIntel,
45
47
  } from "../runtime/agent-core.js";
@@ -1,29 +1,107 @@
1
1
  /** OS-isolated shell execution for the coding agent. */
2
2
  import { spawnSync } from "node:child_process";
3
3
  import path from "node:path";
4
+ import { proxyEnv } from "./sandbox-egress-proxy.js";
4
5
 
5
6
  export const DEFAULT_SANDBOX_IMAGE = "node:22-bookworm-slim";
6
7
  export const _deps = { spawnSync };
7
8
 
9
+ function stringList(value) {
10
+ if (!Array.isArray(value)) return [];
11
+ return [
12
+ ...new Set(
13
+ value.map((entry) => String(entry || "").trim()).filter(Boolean),
14
+ ),
15
+ ];
16
+ }
17
+
18
+ function resolvePolicyPaths(entries, cwd) {
19
+ return stringList(entries).map((entry) => {
20
+ if (entry.startsWith("~/")) {
21
+ return path.resolve(
22
+ process.env.HOME || process.env.USERPROFILE || "",
23
+ entry.slice(2),
24
+ );
25
+ }
26
+ return path.resolve(cwd, entry);
27
+ });
28
+ }
29
+
30
+ export function normalizeSandboxPolicy(settings = {}, cwd = process.cwd()) {
31
+ const filesystem = settings.filesystem || {};
32
+ const network = settings.network || {};
33
+ return {
34
+ allowRead: resolvePolicyPaths(filesystem.allowRead, cwd),
35
+ denyRead: resolvePolicyPaths(filesystem.denyRead, cwd),
36
+ allowWrite: resolvePolicyPaths(filesystem.allowWrite, cwd),
37
+ denyWrite: resolvePolicyPaths(filesystem.denyWrite, cwd),
38
+ allowedDomains: stringList(network.allowedDomains),
39
+ deniedDomains: stringList(network.deniedDomains),
40
+ excludedCommands: stringList(settings.excludedCommands),
41
+ allowUnsandboxedCommands: settings.allowUnsandboxedCommands !== false,
42
+ failIfUnavailable: settings.failIfUnavailable === true,
43
+ };
44
+ }
45
+
8
46
  export function normalizeAgentSandbox(value, options = {}) {
9
- if (!value) return null;
47
+ const settings = options.settings || {};
48
+ if (!value && settings.enabled !== true) return null;
49
+ if (value === false || settings.enabled === false) return null;
10
50
  const image =
11
51
  typeof value === "string" && value.trim() && value !== "true"
12
52
  ? value.trim()
13
53
  : DEFAULT_SANDBOX_IMAGE;
14
54
  return {
15
- engine: "docker",
16
- image,
55
+ engine: settings.engine || "docker",
56
+ image: settings.image || image,
17
57
  cwd: path.resolve(options.cwd || process.cwd()),
18
- network: options.network === true,
58
+ network: options.network === true || settings.network === true,
59
+ policy: normalizeSandboxPolicy(settings, options.cwd || process.cwd()),
19
60
  };
20
61
  }
21
62
 
22
63
  export function executeSandboxedShell(command, sandbox, options = {}) {
23
- if (!sandbox || sandbox.engine !== "docker") {
64
+ if (!sandbox || !["docker", "bubblewrap"].includes(sandbox.engine)) {
24
65
  throw new Error("A supported agent sandbox configuration is required");
25
66
  }
26
67
  const hostCwd = path.resolve(options.cwd || sandbox.cwd);
68
+ const policy = sandbox.policy || normalizeSandboxPolicy({}, hostCwd);
69
+ // An egress proxy (see sandbox-egress-proxy.js) ENFORCES the domain allow/deny
70
+ // policy: the caller starts it and passes `{ env }` here, and the sandboxed
71
+ // process routes its HTTP(S) traffic through it. Without a proxy, a
72
+ // domain-restricted network request has no enforcement point, so we refuse
73
+ // rather than grant unrestricted access.
74
+ const egress = options.egressProxy || null;
75
+ if (
76
+ (policy.allowedDomains.length || policy.deniedDomains.length) &&
77
+ sandbox.network &&
78
+ !egress
79
+ ) {
80
+ return {
81
+ stdout: "",
82
+ stderr:
83
+ "Domain-restricted sandbox networking requires a configured sandbox proxy; refusing unrestricted network access",
84
+ exitCode: 1,
85
+ failedToStart: true,
86
+ };
87
+ }
88
+ if (sandbox.engine === "bubblewrap") {
89
+ return executeBubblewrapShell(command, sandbox, options, hostCwd, policy);
90
+ }
91
+ if (
92
+ policy.allowRead.length ||
93
+ policy.denyRead.length ||
94
+ policy.allowWrite.length ||
95
+ policy.denyWrite.length
96
+ ) {
97
+ return {
98
+ stdout: "",
99
+ stderr:
100
+ "The Docker sandbox backend cannot enforce fine-grained filesystem policy; use engine=bubblewrap",
101
+ exitCode: 1,
102
+ failedToStart: true,
103
+ };
104
+ }
27
105
  const args = ["run", "--rm", "--init"];
28
106
  if (!sandbox.network) args.push("--network", "none");
29
107
  args.push("--mount", `type=bind,source=${hostCwd},target=/workspace`);
@@ -31,6 +109,17 @@ export function executeSandboxedShell(command, sandbox, options = {}) {
31
109
  if (process.platform !== "win32" && process.getuid && process.getgid) {
32
110
  args.push("--user", `${process.getuid()}:${process.getgid()}`);
33
111
  }
112
+ // Route egress through the host proxy so the domain policy is enforced. The
113
+ // container reaches the host proxy via host.docker.internal (mapped to the
114
+ // gateway on Linux via host-gateway); the caller builds `egress.env` with that
115
+ // hostname (proxyEnv(port, "host.docker.internal")).
116
+ if (egress && egress.port && sandbox.network) {
117
+ args.push("--add-host", "host.docker.internal:host-gateway");
118
+ const penv = proxyEnv(egress.port, "host.docker.internal");
119
+ for (const [k, v] of Object.entries(penv)) {
120
+ args.push("--env", `${k}=${v}`);
121
+ }
122
+ }
34
123
  const env = options.env || {};
35
124
  for (const key of ["CLAUDECODE", "CC_SESSION_ID", "CLAUDE_CODE_SESSION_ID"]) {
36
125
  if (env[key] != null) args.push("--env", `${key}=${env[key]}`);
@@ -61,6 +150,65 @@ export function executeSandboxedShell(command, sandbox, options = {}) {
61
150
  };
62
151
  }
63
152
 
153
+ function executeBubblewrapShell(command, sandbox, options, hostCwd, policy) {
154
+ const args = [
155
+ "--die-with-parent",
156
+ "--new-session",
157
+ "--unshare-all",
158
+ "--ro-bind",
159
+ "/",
160
+ "/",
161
+ "--bind",
162
+ hostCwd,
163
+ hostCwd,
164
+ "--chdir",
165
+ hostCwd,
166
+ "--proc",
167
+ "/proc",
168
+ "--dev",
169
+ "/dev",
170
+ "--tmpfs",
171
+ "/tmp",
172
+ ];
173
+ if (sandbox.network) args.push("--share-net");
174
+ for (const target of policy.allowWrite) args.push("--bind", target, target);
175
+ for (const target of policy.denyWrite) args.push("--ro-bind", target, target);
176
+ for (const target of policy.denyRead) args.push("--tmpfs", target);
177
+ args.push("--", "sh", "-lc", String(command || ""));
178
+ // bwrap `--share-net` shares the host network namespace, so the egress proxy
179
+ // is reachable at 127.0.0.1 directly — merge its env into the child's.
180
+ const egress = options.egressProxy || null;
181
+ const bwrapEnv =
182
+ egress && egress.port && sandbox.network
183
+ ? { ...(options.env || {}), ...proxyEnv(egress.port, "127.0.0.1") }
184
+ : options.env;
185
+ const result = _deps.spawnSync("bwrap", args, {
186
+ cwd: hostCwd,
187
+ env: bwrapEnv,
188
+ encoding: "utf8",
189
+ timeout: options.timeout,
190
+ maxBuffer: options.maxBuffer,
191
+ windowsHide: true,
192
+ });
193
+ if (result.error) {
194
+ return {
195
+ stdout: result.stdout || "",
196
+ stderr:
197
+ result.error.code === "ENOENT"
198
+ ? "bubblewrap is not installed"
199
+ : result.error.message,
200
+ exitCode: typeof result.status === "number" ? result.status : 1,
201
+ failedToStart: true,
202
+ };
203
+ }
204
+ return {
205
+ stdout: result.stdout || "",
206
+ stderr: result.stderr || "",
207
+ exitCode: typeof result.status === "number" ? result.status : 1,
208
+ signal: result.signal || null,
209
+ };
210
+ }
211
+
64
212
  export function sandboxSummary(sandbox) {
65
213
  if (!sandbox) return null;
66
214
  return {
@@ -68,5 +216,13 @@ export function sandboxSummary(sandbox) {
68
216
  image: sandbox.image,
69
217
  network: sandbox.network ? "enabled" : "disabled",
70
218
  workspace: "read-write",
219
+ policy: {
220
+ additionalReadPaths: sandbox.policy?.allowRead?.length || 0,
221
+ additionalWritePaths: sandbox.policy?.allowWrite?.length || 0,
222
+ networkRestricted:
223
+ Boolean(sandbox.policy?.allowedDomains?.length) ||
224
+ Boolean(sandbox.policy?.deniedDomains?.length),
225
+ failIfUnavailable: sandbox.policy?.failIfUnavailable === true,
226
+ },
71
227
  };
72
228
  }