npm - clawmini - Versions diffs - 0.0.8 → 0.0.9 - Mend

clawmini 0.0.8 → 0.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (367) hide show

package/.changeset/README.md +8 -0
package/.changeset/config.json +14 -0
package/.github/workflows/release.yml +49 -0
package/CHANGELOG.md +36 -0
package/README.md +5 -4
package/dist/adapter-discord/index.d.mts.map +1 -1
package/dist/adapter-discord/index.mjs +465 -282
package/dist/adapter-discord/index.mjs.map +1 -1
package/dist/adapter-google-chat/index.mjs +367 -243
package/dist/adapter-google-chat/index.mjs.map +1 -1
package/dist/cli/index.mjs +684 -24
package/dist/cli/index.mjs.map +1 -1
package/dist/cli/lite.mjs +43 -13
package/dist/cli/lite.mjs.map +1 -1
package/dist/cli/{propose-policy.mjs → manage-policies.mjs} +270 -47
package/dist/cli/manage-policies.mjs.map +1 -0
package/dist/cli/run-host.d.mts +1 -0
package/dist/cli/run-host.mjs +3090 -0
package/dist/cli/run-host.mjs.map +1 -0
package/dist/config-CPFQIGdG.mjs +57 -0
package/dist/config-CPFQIGdG.mjs.map +1 -0
package/dist/config-Dvl-Pov4.mjs +76 -0
package/dist/config-Dvl-Pov4.mjs.map +1 -0
package/dist/daemon/index.d.mts.map +1 -1
package/dist/daemon/index.mjs +970 -332
package/dist/daemon/index.mjs.map +1 -1
package/dist/supervisor-actions-CiW56eLi.mjs +843 -0
package/dist/supervisor-actions-CiW56eLi.mjs.map +1 -0
package/dist/turn-log-buffer-DRgW53gl.mjs +767 -0
package/dist/turn-log-buffer-DRgW53gl.mjs.map +1 -0
package/dist/web/_app/immutable/chunks/{Drm9vgeP.js → 3AZlWB6U.js} +1 -1
package/dist/web/_app/immutable/chunks/BhRSsUCh.js +2 -0
package/dist/web/_app/immutable/chunks/BiLeM2i1.js +1 -0
package/{web/.svelte-kit/output/client/_app/immutable/chunks/CME08kGM.js → dist/web/_app/immutable/chunks/BmBj85Ll.js} +1 -1
package/dist/web/_app/immutable/chunks/BrERcKAH.js +1 -0
package/dist/web/_app/immutable/chunks/Bv9252RM.js +1 -0
package/dist/web/_app/immutable/chunks/CIXNBPKi.js +1 -0
package/dist/web/_app/immutable/chunks/DISKL3GN.js +2 -0
package/dist/web/_app/immutable/chunks/{Zeh-C-mx.js → DcpaLzmX.js} +1 -1
package/dist/web/_app/immutable/chunks/DnQ3vS13.js +1 -0
package/dist/web/_app/immutable/chunks/KsloHTKS.js +1 -0
package/{web/.svelte-kit/output/client/_app/immutable/chunks/Ck-be5J2.js → dist/web/_app/immutable/chunks/RsHsUj-8.js} +2 -2
package/dist/web/_app/immutable/chunks/{vDehDcuJ.js → wpfV79dV.js} +1 -1
package/dist/web/_app/immutable/entry/app.CIw1Qj0n.js +2 -0
package/dist/web/_app/immutable/entry/start.Di0-Jhte.js +1 -0
package/dist/web/_app/immutable/nodes/{0.CUGC2p-K.js → 0.DYyUA1au.js} +1 -1
package/dist/web/_app/immutable/nodes/1.D-3QEMMZ.js +1 -0
package/dist/web/_app/immutable/nodes/{2.BnwnD1Ki.js → 2.4olHnH7U.js} +1 -1
package/{web/.svelte-kit/output/client/_app/immutable/nodes/3.0arZe_Uf.js → dist/web/_app/immutable/nodes/3.4w0bE-m2.js} +3 -3
package/dist/web/_app/immutable/nodes/4.CZvjhVHt.js +60 -0
package/dist/web/_app/immutable/nodes/{5.Bq2JzCEj.js → 5.DLbPVJY2.js} +1 -1
package/dist/web/_app/version.json +1 -1
package/dist/web/index.html +12 -12
package/dist/workspace-oWmVh5mi.mjs +1001 -0
package/dist/workspace-oWmVh5mi.mjs.map +1 -0
package/docs/23_adapter_slash_autocomplete/development_log.md +19 -0
package/docs/23_adapter_slash_autocomplete/notes.md +18 -0
package/docs/23_adapter_slash_autocomplete/prd.md +46 -0
package/docs/23_adapter_slash_autocomplete/questions.md +6 -0
package/docs/23_adapter_slash_autocomplete/tickets.md +21 -0
package/docs/24_subagent_job_policy_fixes/development_log.md +22 -0
package/docs/24_subagent_job_policy_fixes/notes.md +28 -0
package/docs/24_subagent_job_policy_fixes/prd.md +59 -0
package/docs/24_subagent_job_policy_fixes/questions.md +3 -0
package/docs/24_subagent_job_policy_fixes/tickets.md +49 -0
package/docs/25_e2e_test_improvements/development_log.md +30 -0
package/docs/25_e2e_test_improvements/notes.md +29 -0
package/docs/25_e2e_test_improvements/prd.md +43 -0
package/docs/25_e2e_test_improvements/questions.md +12 -0
package/docs/25_e2e_test_improvements/tickets-2.md +22 -0
package/docs/25_e2e_test_improvements/tickets.md +22 -0
package/docs/25_policy_cwd/development_log.md +30 -0
package/docs/25_policy_cwd/notes.md +28 -0
package/docs/25_policy_cwd/prd.md +77 -0
package/docs/25_policy_cwd/questions.md +6 -0
package/docs/25_policy_cwd/tickets.md +77 -0
package/docs/CLI_REFERENCE.md +3 -1
package/docs/PHILOSOPHY.md +35 -0
package/docs/adapter-visibility/SPEC.md +461 -0
package/docs/adapter-visibility/SPEC_v2.md +202 -0
package/docs/auto-update/SPEC.md +344 -0
package/docs/backups/SPEC.md +296 -0
package/docs/backups/clawmini.gitignore +69 -0
package/docs/guides/assets/clawmini-avatar.png +0 -0
package/docs/guides/backups.md +332 -0
package/docs/guides/discord_adapter_setup.md +1 -1
package/docs/guides/google_chat_adapter_setup.md +81 -0
package/docs/unified-startup/SPEC.md +203 -0
package/e2e/_helpers/test-environment.test.ts +49 -0
package/e2e/_helpers/test-environment.ts +548 -0
package/e2e/adapters/_google-chat-fixtures.ts +340 -0
package/{src/cli/e2e → e2e/adapters}/adapter-discord.test.ts +22 -23
package/e2e/adapters/adapter-google-chat-downtime.test.ts +157 -0
package/e2e/adapters/adapter-google-chat-inbound.test.ts +697 -0
package/e2e/adapters/adapter-google-chat-outbound.test.ts +297 -0
package/e2e/adapters/adapter-google-chat-roundtrip.test.ts +56 -0
package/e2e/adapters/adapter-google-chat-threads.test.ts +1078 -0
package/e2e/agents/custom-api-env.test.ts +80 -0
package/e2e/agents/export-lite-func.test.ts +104 -0
package/e2e/agents/fallbacks.test.ts +124 -0
package/e2e/agents/interrupt.test.ts +50 -0
package/e2e/agents/no-reply-necessary.test.ts +57 -0
package/e2e/agents/session-timeout-subagents.test.ts +76 -0
package/e2e/agents/subagent-authorization.test.ts +246 -0
package/e2e/agents/subagent-env.test.ts +49 -0
package/e2e/agents/subagent-lifecycle.test.ts +782 -0
package/e2e/agents/subagents-depth.test.ts +47 -0
package/e2e/cli/agents.test.ts +176 -0
package/e2e/cli/auto-update.test.ts +741 -0
package/e2e/cli/basic.test.ts +44 -0
package/{src/cli/e2e → e2e/cli}/export-lite.test.ts +16 -12
package/e2e/cli/init-gitignore.test.ts +86 -0
package/e2e/cli/init.test.ts +76 -0
package/e2e/cli/messages.test.ts +363 -0
package/e2e/cli/serve.test.ts +76 -0
package/{src/cli/e2e → e2e/cli}/skills.test.ts +11 -10
package/{src/cli/e2e → e2e/daemon}/daemon.test.ts +57 -195
package/e2e/jobs/agent-jobs.test.ts +216 -0
package/e2e/jobs/cron.test.ts +64 -0
package/e2e/jobs/restart.test.ts +108 -0
package/e2e/policies/approval-session.test.ts +69 -0
package/e2e/policies/auto-create-policies-file.test.ts +35 -0
package/e2e/policies/builtin-manage-policies.test.ts +184 -0
package/e2e/policies/builtin-run-host.test.ts +180 -0
package/e2e/policies/environment-policies.test.ts +177 -0
package/e2e/policies/manage-policies.test.ts +566 -0
package/e2e/policies/output-size.test.ts +98 -0
package/e2e/policies/policies-context-cwd.test.ts +160 -0
package/e2e/policies/relative-script-path.test.ts +60 -0
package/e2e/policies/requests-show.test.ts +135 -0
package/e2e/policies/requests.test.ts +208 -0
package/e2e/policies/slash-policies.test.ts +308 -0
package/e2e/policies/startup-cleanup.test.ts +48 -0
package/e2e/routers/session-timeout.test.ts +106 -0
package/e2e/routers/slash-model.test.ts +152 -0
package/e2e/routers/slash-new.test.ts +50 -0
package/e2e/routers/slash-restart-adapter.test.ts +96 -0
package/e2e/routers/slash-restart.test.ts +114 -0
package/e2e/routers/slash-shutdown.test.ts +55 -0
package/e2e/routers/slash-stop.test.ts +232 -0
package/e2e/routers/slash-upgrade.test.ts +88 -0
package/{src/cli/e2e → e2e/sandbox}/environments.test.ts +14 -13
package/eslint.config.js +6 -0
package/napkin.md +1 -1
package/package.json +8 -3
package/src/adapter-discord/commands.test.ts +42 -0
package/src/adapter-discord/commands.ts +33 -0
package/src/adapter-discord/config.ts +12 -0
package/src/adapter-discord/forwarder.test.ts +499 -21
package/src/adapter-discord/forwarder.ts +343 -124
package/src/adapter-discord/inbound-cache.test.ts +47 -0
package/src/adapter-discord/inbound-cache.ts +37 -0
package/src/adapter-discord/index.test.ts +67 -2
package/src/adapter-discord/index.ts +84 -216
package/src/adapter-discord/interactions.test.ts +54 -3
package/src/adapter-discord/interactions.ts +97 -53
package/src/adapter-discord/processMessage.ts +239 -0
package/src/adapter-discord/state.ts +1 -0
package/src/adapter-google-chat/auth.test.ts +9 -5
package/src/adapter-google-chat/auth.ts +29 -23
package/src/adapter-google-chat/cards.ts +7 -2
package/src/adapter-google-chat/client.test.ts +37 -2
package/src/adapter-google-chat/client.ts +138 -38
package/src/adapter-google-chat/config.ts +19 -0
package/src/adapter-google-chat/forwarder.test.ts +81 -56
package/src/adapter-google-chat/forwarder.ts +394 -185
package/src/adapter-google-chat/inbound-cache.test.ts +61 -0
package/src/adapter-google-chat/inbound-cache.ts +36 -0
package/src/adapter-google-chat/state.test.ts +1 -0
package/src/adapter-google-chat/state.ts +9 -1
package/src/adapter-google-chat/subscriptions.ts +8 -6
package/src/cli/builtin-policies.ts +44 -0
package/src/cli/commands/agents.ts +59 -5
package/src/cli/commands/down.ts +54 -2
package/src/cli/commands/environments.ts +8 -2
package/src/cli/commands/init.ts +31 -0
package/src/cli/commands/logs.ts +116 -0
package/src/cli/commands/policies.ts +6 -4
package/src/cli/commands/serve.test.ts +67 -0
package/src/cli/commands/serve.ts +284 -0
package/src/cli/commands/up.ts +122 -2
package/src/cli/commands/web-api/agents.ts +3 -2
package/src/cli/index.ts +4 -0
package/src/cli/install-detection.test.ts +72 -0
package/src/cli/install-detection.ts +48 -0
package/src/cli/lite.ts +54 -22
package/src/cli/manage-policies-utils.ts +104 -0
package/src/cli/manage-policies.ts +291 -0
package/src/cli/run-host.ts +45 -0
package/src/cli/supervisor-actions.ts +267 -0
package/src/cli/supervisor-control.test.ts +129 -0
package/src/cli/supervisor-control.ts +155 -0
package/src/cli/supervisor-pid.ts +68 -0
package/src/cli/supervisor.ts +277 -0
package/src/daemon/agent/agent-context.ts +11 -11
package/src/daemon/agent/agent-session.ts +8 -1
package/src/daemon/agent/chat-logger.test.ts +78 -9
package/src/daemon/agent/chat-logger.ts +25 -5
package/src/daemon/agent/turn-registry.test.ts +89 -0
package/src/daemon/agent/turn-registry.ts +94 -0
package/src/daemon/agent/types.ts +2 -0
package/src/daemon/api/agent-policy-endpoints.ts +263 -0
package/src/daemon/api/agent-router.ts +47 -126
package/src/daemon/api/index.test.ts +1 -0
package/src/daemon/api/policy-request.test.ts +7 -5
package/src/daemon/api/router-utils.ts +6 -5
package/src/daemon/api/subagent-router.ts +110 -74
package/src/daemon/api/subagent-utils.test.ts +60 -0
package/src/daemon/api/subagent-utils.ts +113 -87
package/src/daemon/api/user-router.ts +34 -8
package/src/daemon/auth.ts +1 -0
package/src/daemon/cron.test.ts +62 -4
package/src/daemon/cron.ts +42 -16
package/src/daemon/events.ts +65 -0
package/src/daemon/index.ts +24 -1
package/src/daemon/message-interruption.test.ts +1 -0
package/src/daemon/message-jobs.test.ts +1 -0
package/src/daemon/message.ts +78 -14
package/src/daemon/observation.test.ts +26 -18
package/src/daemon/pending-replies.test.ts +112 -0
package/src/daemon/pending-replies.ts +162 -0
package/src/daemon/policy-request-service.ts +3 -1
package/src/daemon/policy-utils.test.ts +66 -1
package/src/daemon/policy-utils.ts +126 -1
package/src/daemon/request-store.ts +31 -0
package/src/daemon/routers/session-timeout.ts +4 -0
package/src/daemon/routers/slash-model.test.ts +344 -0
package/src/daemon/routers/slash-model.ts +207 -0
package/src/daemon/routers/slash-policies.test.ts +38 -32
package/src/daemon/routers/slash-policies.ts +84 -33
package/src/daemon/routers/slash-restart.test.ts +69 -0
package/src/daemon/routers/slash-restart.ts +36 -0
package/src/daemon/routers/slash-shutdown.test.ts +50 -0
package/src/daemon/routers/slash-shutdown.ts +28 -0
package/src/daemon/routers/slash-upgrade.test.ts +116 -0
package/src/daemon/routers/slash-upgrade.ts +76 -0
package/src/daemon/routers/types.ts +7 -0
package/src/daemon/routers.ts +16 -0
package/src/shared/adapters/blockquote.test.ts +28 -0
package/src/shared/adapters/blockquote.ts +20 -0
package/src/shared/adapters/filtering.test.ts +224 -10
package/src/shared/adapters/filtering.ts +95 -7
package/src/shared/adapters/inbound-cache.test.ts +48 -0
package/src/shared/adapters/inbound-cache.ts +54 -0
package/src/shared/adapters/turn-log-buffer.ts +266 -0
package/src/shared/adapters/turn-log.test.ts +389 -0
package/src/shared/adapters/turn-log.ts +357 -0
package/src/shared/agent-utils.ts +12 -5
package/src/shared/chats.test.ts +4 -0
package/src/shared/chats.ts +9 -0
package/src/shared/config.ts +16 -1
package/src/shared/lite.ts +76 -2
package/src/shared/policies.ts +26 -0
package/src/shared/template-manifest.ts +267 -0
package/src/shared/utils/shell.ts +61 -0
package/src/shared/version.ts +34 -0
package/src/shared/workspace.test.ts +217 -0
package/src/shared/workspace.ts +626 -48
package/templates/environments/cladding/allowlist-domain.mjs +125 -0
package/templates/environments/cladding/env.json +21 -1
package/templates/environments/cladding/run-with-network.mjs +54 -0
package/templates/environments/macos-proxy/allowlist-domain.mjs +95 -0
package/templates/environments/macos-proxy/env.json +8 -1
package/templates/environments/macos-proxy/proxy.mjs +0 -1
package/templates/gemini/template.json +5 -0
package/templates/gemini-claw/template.json +13 -0
package/templates/skills/clawmini-requests/SKILL.md +69 -10
package/templates/skills/run-host/SKILL.md +51 -0
package/templates/skills/skill-creator/SKILL.md +4 -3
package/templates/skills/skill-creator/scripts/validate.sh +52 -0
package/tsdown.config.ts +10 -1
package/vitest.config.ts +2 -2
package/web/.svelte-kit/ambient.d.ts +292 -118
package/web/.svelte-kit/generated/server/internal.js +1 -1
package/web/.svelte-kit/output/client/.vite/manifest.json +126 -136
package/web/.svelte-kit/output/client/_app/immutable/chunks/{Drm9vgeP.js → 3AZlWB6U.js} +1 -1
package/web/.svelte-kit/output/client/_app/immutable/chunks/BhRSsUCh.js +2 -0
package/web/.svelte-kit/output/client/_app/immutable/chunks/BiLeM2i1.js +1 -0
package/{dist/web/_app/immutable/chunks/CME08kGM.js → web/.svelte-kit/output/client/_app/immutable/chunks/BmBj85Ll.js} +1 -1
package/web/.svelte-kit/output/client/_app/immutable/chunks/BrERcKAH.js +1 -0
package/web/.svelte-kit/output/client/_app/immutable/chunks/Bv9252RM.js +1 -0
package/web/.svelte-kit/output/client/_app/immutable/chunks/CIXNBPKi.js +1 -0
package/web/.svelte-kit/output/client/_app/immutable/chunks/DISKL3GN.js +2 -0
package/web/.svelte-kit/output/client/_app/immutable/chunks/{Zeh-C-mx.js → DcpaLzmX.js} +1 -1
package/web/.svelte-kit/output/client/_app/immutable/chunks/DnQ3vS13.js +1 -0
package/web/.svelte-kit/output/client/_app/immutable/chunks/KsloHTKS.js +1 -0
package/{dist/web/_app/immutable/chunks/Ck-be5J2.js → web/.svelte-kit/output/client/_app/immutable/chunks/RsHsUj-8.js} +2 -2
package/web/.svelte-kit/output/client/_app/immutable/chunks/{vDehDcuJ.js → wpfV79dV.js} +1 -1
package/web/.svelte-kit/output/client/_app/immutable/entry/app.CIw1Qj0n.js +2 -0
package/web/.svelte-kit/output/client/_app/immutable/entry/start.Di0-Jhte.js +1 -0
package/web/.svelte-kit/output/client/_app/immutable/nodes/{0.CUGC2p-K.js → 0.DYyUA1au.js} +1 -1
package/web/.svelte-kit/output/client/_app/immutable/nodes/1.D-3QEMMZ.js +1 -0
package/web/.svelte-kit/output/client/_app/immutable/nodes/{2.BnwnD1Ki.js → 2.4olHnH7U.js} +1 -1
package/{dist/web/_app/immutable/nodes/3.0arZe_Uf.js → web/.svelte-kit/output/client/_app/immutable/nodes/3.4w0bE-m2.js} +3 -3
package/web/.svelte-kit/output/client/_app/immutable/nodes/4.CZvjhVHt.js +60 -0
package/web/.svelte-kit/output/client/_app/immutable/nodes/{5.Bq2JzCEj.js → 5.DLbPVJY2.js} +1 -1
package/web/.svelte-kit/output/client/_app/version.json +1 -1
package/web/.svelte-kit/output/server/.vite/manifest.json +12 -10
package/web/.svelte-kit/output/server/chunks/Icon.js +1 -1
package/web/.svelte-kit/output/server/chunks/client.js +1 -1
package/web/.svelte-kit/output/server/chunks/exports.js +1 -1
package/web/.svelte-kit/output/server/chunks/index-server.js +2 -1
package/web/.svelte-kit/output/server/chunks/internal.js +1 -1
package/web/.svelte-kit/output/server/chunks/render-context.js +77 -0
package/web/.svelte-kit/output/server/chunks/root.js +739 -788
package/web/.svelte-kit/output/server/chunks/shared.js +234 -21
package/web/.svelte-kit/output/server/index.js +126 -90
package/web/.svelte-kit/output/server/manifest-full.js +1 -1
package/web/.svelte-kit/output/server/manifest.js +1 -1
package/web/.svelte-kit/output/server/nodes/0.js +1 -1
package/web/.svelte-kit/output/server/nodes/1.js +1 -1
package/web/.svelte-kit/output/server/nodes/2.js +1 -1
package/web/.svelte-kit/output/server/nodes/3.js +1 -1
package/web/.svelte-kit/output/server/nodes/4.js +1 -1
package/web/.svelte-kit/output/server/nodes/5.js +1 -1
package/web/.svelte-kit/output/server/remote-entry.js +245 -81
package/web/.svelte-kit/tsconfig.json +4 -1
package/dist/cli/propose-policy.mjs.map +0 -1
package/dist/lite-CBxOT1y5.mjs +0 -241
package/dist/lite-CBxOT1y5.mjs.map +0 -1
package/dist/routing-D8rTxtaV.mjs +0 -245
package/dist/routing-D8rTxtaV.mjs.map +0 -1
package/dist/web/_app/immutable/chunks/B6YN0Nuq.js +0 -1
package/dist/web/_app/immutable/chunks/BmRlVmv6.js +0 -1
package/dist/web/_app/immutable/chunks/CK9JZLaG.js +0 -2
package/dist/web/_app/immutable/chunks/Ck3rYNON.js +0 -1
package/dist/web/_app/immutable/chunks/D5iV40bG.js +0 -1
package/dist/web/_app/immutable/chunks/DMtIqaiV.js +0 -2
package/dist/web/_app/immutable/chunks/DhD271EB.js +0 -1
package/dist/web/_app/immutable/chunks/DpuLqk8d.js +0 -1
package/dist/web/_app/immutable/chunks/DsIToJCP.js +0 -1
package/dist/web/_app/immutable/entry/app.BCSV3nrG.js +0 -2
package/dist/web/_app/immutable/entry/start.D4eLEZUM.js +0 -1
package/dist/web/_app/immutable/nodes/1.CGC_42IQ.js +0 -1
package/dist/web/_app/immutable/nodes/4.ClM1bXLE.js +0 -60
package/dist/workspace-BJmJBfKi.mjs +0 -456
package/dist/workspace-BJmJBfKi.mjs.map +0 -1
package/src/cli/e2e/agents.test.ts +0 -140
package/src/cli/e2e/basic.test.ts +0 -43
package/src/cli/e2e/cron.test.ts +0 -132
package/src/cli/e2e/export-lite-func.test.ts +0 -206
package/src/cli/e2e/fallbacks.test.ts +0 -175
package/src/cli/e2e/init.test.ts +0 -77
package/src/cli/e2e/messages.test.ts +0 -332
package/src/cli/e2e/propose-policy.test.ts +0 -203
package/src/cli/e2e/requests.test.ts +0 -180
package/src/cli/e2e/session-timeout.test.ts +0 -192
package/src/cli/e2e/slash-new.test.ts +0 -93
package/src/cli/e2e/subagents.test.ts +0 -106
package/src/cli/e2e/utils.ts +0 -66
package/src/cli/propose-policy.ts +0 -91
package/web/.svelte-kit/output/client/_app/immutable/chunks/B6YN0Nuq.js +0 -1
package/web/.svelte-kit/output/client/_app/immutable/chunks/BmRlVmv6.js +0 -1
package/web/.svelte-kit/output/client/_app/immutable/chunks/CK9JZLaG.js +0 -2
package/web/.svelte-kit/output/client/_app/immutable/chunks/Ck3rYNON.js +0 -1
package/web/.svelte-kit/output/client/_app/immutable/chunks/D5iV40bG.js +0 -1
package/web/.svelte-kit/output/client/_app/immutable/chunks/DMtIqaiV.js +0 -2
package/web/.svelte-kit/output/client/_app/immutable/chunks/DhD271EB.js +0 -1
package/web/.svelte-kit/output/client/_app/immutable/chunks/DpuLqk8d.js +0 -1
package/web/.svelte-kit/output/client/_app/immutable/chunks/DsIToJCP.js +0 -1
package/web/.svelte-kit/output/client/_app/immutable/entry/app.BCSV3nrG.js +0 -2
package/web/.svelte-kit/output/client/_app/immutable/entry/start.D4eLEZUM.js +0 -1
package/web/.svelte-kit/output/client/_app/immutable/nodes/1.CGC_42IQ.js +0 -1
package/web/.svelte-kit/output/client/_app/immutable/nodes/4.ClM1bXLE.js +0 -60
package/web/.svelte-kit/output/server/chunks/false.js +0 -4
/package/dist/cli/{propose-policy.d.mts → manage-policies.d.mts} +0 -0
/package/{src/cli/e2e → e2e/_helpers}/global-setup.ts +0 -0

package/e2e/agents/subagent-authorization.test.ts ADDED Viewed

@@ -0,0 +1,246 @@
+import { describe, it, expect, beforeAll, afterAll, afterEach } from 'vitest';
+import {
+  TestEnvironment,
+  type ChatSubscription,
+  commandMatching,
+} from '../_helpers/test-environment.js';
+// Verifies the subagent router only lets a caller act on its own direct
+// children — peers, grandchildren, and parents are off-limits. The router
+// enforces `sub.parentId === ctx.tokenPayload.subagentId` on every mutation
+// and query; these tests probe each endpoint via the lite CLI.
+const FORBIDDEN_PATTERN = /not a child of the caller|Subagent not found/i;
+describe('E2E Subagent Authorization', () => {
+  let env: TestEnvironment;
+  beforeAll(async () => {
+    env = new TestEnvironment('e2e-subagent-authz');
+    await env.setup();
+    await env.setupSubagentEnv();
+  }, 30000);
+  afterAll(() => env.teardown(), 30000);
+  afterEach(() => env.disconnectAll());
+  async function spawnSibling(
+    chatId: string,
+    chat: ChatSubscription,
+    id: string,
+    body: string
+  ): Promise<void> {
+    await env.sendMessage(`clawmini-lite.js subagents spawn --id ${id} --async "${body}"`, {
+      chat: chatId,
+      agent: 'debug-agent',
+    });
+    await chat.waitForMessage(
+      commandMatching((m) => m.subagentId === id && m.stdout.length > 0)
+    );
+  }
+  // Runs `body` inside a newly-spawned subagent `attackerId` whose parent is
+  // the root agent, and waits for `body`'s output to land in that subagent's
+  // command log. Used to exercise "sibling attacks peer" scenarios — the
+  // attacker's CLI call runs with its own token, so the router sees it as a
+  // peer of any other top-level subagent.
+  async function runAttack(
+    chatId: string,
+    chat: ChatSubscription,
+    attackerId: string,
+    body: string
+  ): Promise<string> {
+    await env.sendMessage(
+      `clawmini-lite.js subagents spawn --id ${attackerId} --async "${body}"`,
+      { chat: chatId, agent: 'debug-agent' }
+    );
+    // Wait for ANY command log from the attacker — we inspect it after.
+    const log = await chat.waitForMessage(
+      commandMatching(
+        (m) => m.subagentId === attackerId && (m.stdout.length > 0 || !!m.stderr)
+      ),
+      15000
+    );
+    return JSON.stringify(log);
+  }
+  it('peer subagent cannot tail a sibling', async () => {
+    const chatId = 'authz-tail';
+    await env.addChat(chatId, 'debug-agent');
+    const chat = await env.connect(chatId);
+    await spawnSibling(chatId, chat, 'authz-tail-victim', 'echo victim-secret');
+    const serialized = await runAttack(
+      chatId,
+      chat,
+      'authz-tail-attacker',
+      'clawmini-lite.js subagents tail authz-tail-victim --json'
+    );
+    expect(serialized).toMatch(FORBIDDEN_PATTERN);
+    expect(serialized).not.toContain('victim-secret');
+  }, 30000);
+  it('peer subagent cannot wait on a sibling', async () => {
+    const chatId = 'authz-wait';
+    await env.addChat(chatId, 'debug-agent');
+    const chat = await env.connect(chatId);
+    await spawnSibling(chatId, chat, 'authz-wait-victim', 'echo wait-victim');
+    const serialized = await runAttack(
+      chatId,
+      chat,
+      'authz-wait-attacker',
+      'clawmini-lite.js subagents wait authz-wait-victim'
+    );
+    expect(serialized).toMatch(FORBIDDEN_PATTERN);
+  }, 30000);
+  it('peer subagent cannot send to a sibling', async () => {
+    const chatId = 'authz-send';
+    await env.addChat(chatId, 'debug-agent');
+    const chat = await env.connect(chatId);
+    await spawnSibling(chatId, chat, 'authz-send-victim', 'echo send-victim');
+    const serialized = await runAttack(
+      chatId,
+      chat,
+      'authz-send-attacker',
+      "clawmini-lite.js subagents send authz-send-victim --async -p 'echo injected'"
+    );
+    expect(serialized).toMatch(FORBIDDEN_PATTERN);
+    // Victim must not have received the injected prompt.
+    const victimLogs = chat.messageBuffer.filter(
+      (m) => (m as { subagentId?: string }).subagentId === 'authz-send-victim'
+    );
+    expect(JSON.stringify(victimLogs)).not.toContain('injected');
+  }, 30000);
+  it('peer subagent cannot stop a sibling', async () => {
+    const chatId = 'authz-stop';
+    await env.addChat(chatId, 'debug-agent');
+    const chat = await env.connect(chatId);
+    // Long-running victim so an unauthorized stop would be observable via
+    // tracker state.
+    await env.sendMessage(
+      'clawmini-lite.js subagents spawn --id authz-stop-victim --async "sleep 5 && echo victim-survived"',
+      { chat: chatId, agent: 'debug-agent' }
+    );
+    for (let i = 0; i < 50; i++) {
+      const settings = env.getChatSettings(chatId) as {
+        subagents?: Record<string, { status: string }>;
+      };
+      if (settings.subagents?.['authz-stop-victim']?.status === 'active') break;
+      await new Promise((r) => setTimeout(r, 100));
+    }
+    const serialized = await runAttack(
+      chatId,
+      chat,
+      'authz-stop-attacker',
+      'clawmini-lite.js subagents stop authz-stop-victim'
+    );
+    expect(serialized).toMatch(FORBIDDEN_PATTERN);
+    // Victim's status must not have flipped to 'failed' from the stop attempt.
+    const settings = env.getChatSettings(chatId) as {
+      subagents?: Record<string, { status: string }>;
+    };
+    expect(settings.subagents?.['authz-stop-victim']?.status).toBe('active');
+  }, 30000);
+  it('peer subagent cannot delete a sibling', async () => {
+    const chatId = 'authz-delete';
+    await env.addChat(chatId, 'debug-agent');
+    const chat = await env.connect(chatId);
+    await spawnSibling(chatId, chat, 'authz-delete-victim', 'echo delete-victim');
+    const serialized = await runAttack(
+      chatId,
+      chat,
+      'authz-delete-attacker',
+      'clawmini-lite.js subagents delete authz-delete-victim'
+    );
+    expect(serialized).toMatch(FORBIDDEN_PATTERN);
+    // Victim tracker must still exist.
+    const settings = env.getChatSettings(chatId) as {
+      subagents?: Record<string, unknown>;
+    };
+    expect(settings.subagents?.['authz-delete-victim']).toBeTruthy();
+  }, 30000);
+  it('parent cannot reach a grandchild via tail/wait/send/stop/delete', async () => {
+    // Grandchildren belong to a subagent, not the root, so the root's token
+    // (subagentId=undefined) should not satisfy parentId === undefined for
+    // those records (their parentId is the intermediate subagent).
+    const chatId = 'authz-gchild';
+    await env.addChat(chatId, 'debug-agent');
+    const chat = await env.connect(chatId);
+    // Outer spawns inner and stays alive long enough for us to observe state.
+    await env.sendMessage(
+      'clawmini-lite.js subagents spawn --id authz-outer --async "clawmini-lite.js subagents spawn --id authz-inner --async \\"echo inner-done\\" && sleep 2"',
+      { chat: chatId, agent: 'debug-agent' }
+    );
+    // Wait for inner to land in settings.
+    for (let i = 0; i < 80; i++) {
+      const s = env.getChatSettings(chatId) as {
+        subagents?: Record<string, { parentId?: string }>;
+      };
+      if (s.subagents?.['authz-inner']?.parentId === 'authz-outer') break;
+      await new Promise((r) => setTimeout(r, 100));
+    }
+    // From the root agent's chat, each op on authz-inner must fail.
+    const attacks = [
+      'clawmini-lite.js subagents tail authz-inner --json',
+      'clawmini-lite.js subagents wait authz-inner',
+      "clawmini-lite.js subagents send authz-inner --async -p 'echo x'",
+      'clawmini-lite.js subagents stop authz-inner',
+      'clawmini-lite.js subagents delete authz-inner',
+    ];
+    for (const attack of attacks) {
+      await env.sendMessage(attack, { chat: chatId, agent: 'debug-agent' });
+      const log = await chat.waitForMessage(
+        commandMatching(
+          (m) => !m.subagentId && m.stdout.includes(`${attack}:`) && !!m.stderr
+        ),
+        15000
+      );
+      expect(JSON.stringify(log)).toMatch(FORBIDDEN_PATTERN);
+    }
+  }, 45000);
+  it('subagent CAN access its own child (positive control)', async () => {
+    // Make sure the authz enforcement isn't over-broad: a subagent that
+    // spawns its own child must still be able to tail/wait/stop/delete it.
+    const chatId = 'authz-positive';
+    await env.addChat(chatId, 'debug-agent');
+    const chat = await env.connect(chatId);
+    // Outer spawns inner, then tails inner's log — inner.parentId === outer,
+    // caller token.subagentId === outer, so access is allowed.
+    await env.sendMessage(
+      'clawmini-lite.js subagents spawn --id pos-outer --async "clawmini-lite.js subagents spawn --id pos-inner --async \\"echo inner-visible\\" && sleep 1 && clawmini-lite.js subagents tail pos-inner --json"',
+      { chat: chatId, agent: 'debug-agent' }
+    );
+    const outerLog = await chat.waitForMessage(
+      commandMatching(
+        (m) => m.subagentId === 'pos-outer' && m.stdout.includes('inner-visible')
+      ),
+      20000
+    );
+    // Must NOT contain the forbidden error — the happy path has content, not
+    // an error message.
+    expect(outerLog.stdout).not.toMatch(/not a child of the caller/i);
+  }, 30000);
+});

package/e2e/agents/subagent-env.test.ts ADDED Viewed

@@ -0,0 +1,49 @@
+import { describe, it, expect, beforeAll, afterAll, afterEach } from 'vitest';
+import { TestEnvironment, type ChatSubscription, commandMatching } from '../_helpers/test-environment.js';
+describe('E2E Agent subagentEnv Merge', () => {
+  let env: TestEnvironment;
+  let chat: ChatSubscription | undefined;
+  beforeAll(async () => {
+    env = new TestEnvironment('e2e-subagent-env');
+    await env.setup();
+    await env.setupSubagentEnv();
+    env.updateAgentSettings('debug-agent', {
+      env: { PARENT_VAR: 'parent' },
+      subagentEnv: { SUBAGENT_VAR: 'sub', PARENT_VAR: 'overridden' },
+    });
+  }, 30000);
+  afterAll(() => env.teardown(), 30000);
+  afterEach(() => env.disconnectAll());
+  it('applies subagentEnv only to subagent invocations, not the parent', async () => {
+    await env.addChat('subenv-chat', 'debug-agent');
+    chat = await env.connect('subenv-chat');
+    // 1) Parent: plain env dump should include PARENT_VAR and omit SUBAGENT_VAR.
+    await env.sendMessage('env', { chat: 'subenv-chat', agent: 'debug-agent' });
+    const parentLog = await chat.waitForMessage(
+      commandMatching(
+        (m) => !m.subagentId && m.stdout.includes('[DEBUG] env:') && m.stdout.includes('PARENT_VAR=')
+      )
+    );
+    expect(parentLog.stdout).toMatch(/^PARENT_VAR=parent$/m);
+    expect(parentLog.stdout).not.toMatch(/^SUBAGENT_VAR=/m);
+    // 2) Subagent: spawn one that runs env; its log should show overridden
+    //    PARENT_VAR and the subagent-only SUBAGENT_VAR.
+    await env.sendMessage('clawmini-lite.js subagents spawn --async "env"', {
+      chat: 'subenv-chat',
+      agent: 'debug-agent',
+    });
+    const subLog = await chat.waitForMessage(
+      commandMatching((m) => typeof m.subagentId === 'string' && m.stdout.includes('SUBAGENT_VAR='))
+    );
+    expect(subLog.stdout).toMatch(/^SUBAGENT_VAR=sub$/m);
+    expect(subLog.stdout).toMatch(/^PARENT_VAR=overridden$/m);
+  }, 20000);
+});