clawpowers 1.1.4 → 2.2.0

package/dist/index.js

@@ -0,0 +1,3464 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/skills/catalog.ts
+var catalog_exports = {};
+__export(catalog_exports, {
+  SKILLS_CATALOG: () => SKILLS_CATALOG,
+  SKILLS_COUNT: () => SKILLS_COUNT
+});
+var SKILLS_CATALOG, SKILLS_COUNT;
+var init_catalog = __esm({
+  "src/skills/catalog.ts"() {
+    "use strict";
+    SKILLS_CATALOG = [
+      // ── productivity ──────────────────────────────────────────────────────────
+      {
+        name: "1password",
+        description: "Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.",
+        source: "openclaw-bundled",
+        category: "productivity"
+      },
+      {
+        name: "apple-notes",
+        description: "Manage Apple Notes via the `memo` CLI on macOS (create, view, edit, delete, search, move, and export notes). Use when a user asks OpenClaw to add a note, list notes, search notes, or manage note folders.",
+        source: "openclaw-bundled",
+        category: "productivity"
+      },
+      {
+        name: "apple-reminders",
+        description: "Manage Apple Reminders via remindctl CLI (list, add, edit, complete, delete). Supports lists, date filters, and JSON/plain output.",
+        source: "openclaw-bundled",
+        category: "productivity"
+      },
+      {
+        name: "bear-notes",
+        description: "Create, search, and manage Bear notes via grizzly CLI.",
+        source: "openclaw-bundled",
+        category: "productivity"
+      },
+      {
+        name: "notion",
+        description: "Notion API for creating and managing pages, databases, and blocks.",
+        source: "openclaw-bundled",
+        category: "productivity"
+      },
+      {
+        name: "obsidian",
+        description: "Work with Obsidian vaults (plain Markdown notes) and automate via obsidian-cli.",
+        source: "openclaw-bundled",
+        category: "productivity"
+      },
+      {
+        name: "things-mac",
+        description: "Manage Things 3 via the `things` CLI on macOS (add/update projects+todos via URL scheme; read/search/list from the local Things database). Use when a user asks OpenClaw to add a task to Things, list items, or search tasks.",
+        source: "openclaw-bundled",
+        category: "productivity"
+      },
+      {
+        name: "trello",
+        description: "Manage Trello boards, lists, and cards via the Trello REST API.",
+        source: "openclaw-bundled",
+        category: "productivity"
+      },
+      {
+        name: "summarize",
+        description: 'Summarize or extract text/transcripts from URLs, podcasts, and local files (great fallback for "transcribe this YouTube/video").',
+        source: "openclaw-bundled",
+        category: "productivity"
+      },
+      {
+        name: "tmux",
+        description: "Remote-control tmux sessions for interactive CLIs by sending keystrokes and scraping pane output.",
+        source: "openclaw-bundled",
+        category: "productivity"
+      },
+      // ── development ───────────────────────────────────────────────────────────
+      {
+        name: "coding-agent",
+        description: "Delegate coding tasks to Codex, Claude Code, or Pi agents via background process. Use when: (1) building/creating new features or apps, (2) reviewing PRs (spawn in temp dir), (3) refactoring large codebases.",
+        source: "openclaw-bundled",
+        category: "development"
+      },
+      {
+        name: "github",
+        description: "GitHub operations via `gh` CLI: issues, PRs, CI runs, code review, API queries. Use when: (1) checking PR status or CI, (2) creating/commenting on issues, (3) listing/filtering PRs or issues, (4) viewing diffs.",
+        source: "openclaw-bundled",
+        category: "development"
+      },
+      {
+        name: "gh-issues",
+        description: "Fetch GitHub issues, spawn sub-agents to implement fixes and open PRs, then monitor and address PR review comments.",
+        source: "openclaw-bundled",
+        category: "development"
+      },
+      {
+        name: "skill-creator",
+        description: "Create, edit, improve, or audit AgentSkills. Use when creating a new skill from scratch or when asked to improve, review, audit, tidy up, or clean up an existing skill or SKILL.md file.",
+        source: "openclaw-bundled",
+        category: "development"
+      },
+      {
+        name: "clawhub",
+        description: "Use the ClawHub CLI to search, install, update, and publish agent skills from clawhub.com. Use when you need to fetch new skills on the fly, sync installed skills to latest or a specific version, or publish your own skills.",
+        source: "openclaw-bundled",
+        category: "development"
+      },
+      {
+        name: "oracle",
+        description: "Best practices for using the oracle CLI (prompt + file bundling, engines, sessions, and file attachment patterns).",
+        source: "openclaw-bundled",
+        category: "development"
+      },
+      {
+        name: "mcporter",
+        description: "Use the mcporter CLI to list, configure, auth, and call MCP servers/tools directly (HTTP or stdio), including ad-hoc servers, config edits, and CLI/type generation.",
+        source: "openclaw-bundled",
+        category: "development"
+      },
+      {
+        name: "nano-pdf",
+        description: "Edit PDFs with natural-language instructions using the nano-pdf CLI.",
+        source: "openclaw-bundled",
+        category: "development"
+      },
+      {
+        name: "node-connect",
+        description: "Diagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps. Use when QR/setup code/manual connect fails, local Wi-Fi works but VPS/tailnet does not, or errors mention pairing.",
+        source: "openclaw-bundled",
+        category: "development"
+      },
+      // ── communication ─────────────────────────────────────────────────────────
+      {
+        name: "discord",
+        description: "Discord ops via the message tool (channel=discord).",
+        source: "openclaw-bundled",
+        category: "communication"
+      },
+      {
+        name: "slack",
+        description: "Use when you need to control Slack from OpenClaw via the slack tool, including reacting to messages or pinning/unpinning items in Slack channels or DMs.",
+        source: "openclaw-bundled",
+        category: "communication"
+      },
+      {
+        name: "bluebubbles",
+        description: "Use when you need to send or manage iMessages via BlueBubbles (recommended iMessage integration). Calls go through the generic message tool with channel=bluebubbles.",
+        source: "openclaw-bundled",
+        category: "communication"
+      },
+      {
+        name: "imsg",
+        description: "iMessage/SMS CLI for listing chats, history, and sending messages via Messages.app.",
+        source: "openclaw-bundled",
+        category: "communication"
+      },
+      {
+        name: "wacli",
+        description: "Send WhatsApp messages to other people or search/sync WhatsApp history via the wacli CLI (not for normal user chats).",
+        source: "openclaw-bundled",
+        category: "communication"
+      },
+      {
+        name: "himalaya",
+        description: "CLI to manage emails via IMAP/SMTP. Use `himalaya` to list, read, write, reply, forward, search, and organize emails from the terminal. Supports multiple accounts and message composition with MML.",
+        source: "openclaw-bundled",
+        category: "communication"
+      },
+      {
+        name: "gog",
+        description: "Google Workspace CLI for Gmail, Calendar, Drive, Contacts, Sheets, and Docs.",
+        source: "openclaw-bundled",
+        category: "communication"
+      },
+      // ── media ─────────────────────────────────────────────────────────────────
+      {
+        name: "camsnap",
+        description: "Capture frames or clips from RTSP/ONVIF cameras.",
+        source: "openclaw-bundled",
+        category: "media"
+      },
+      {
+        name: "gifgrep",
+        description: "Search GIF providers with CLI/TUI, download results, and extract stills/sheets.",
+        source: "openclaw-bundled",
+        category: "media"
+      },
+      {
+        name: "video-frames",
+        description: "Extract frames or short clips from videos using ffmpeg.",
+        source: "openclaw-bundled",
+        category: "media"
+      },
+      {
+        name: "openai-whisper",
+        description: "Local speech-to-text with the Whisper CLI (no API key).",
+        source: "openclaw-bundled",
+        category: "media"
+      },
+      {
+        name: "openai-whisper-api",
+        description: "Transcribe audio via OpenAI Audio Transcriptions API (Whisper).",
+        source: "openclaw-bundled",
+        category: "media"
+      },
+      {
+        name: "sag",
+        description: "ElevenLabs text-to-speech with mac-style say UX.",
+        source: "openclaw-bundled",
+        category: "media"
+      },
+      {
+        name: "sherpa-onnx-tts",
+        description: "Local text-to-speech via sherpa-onnx (offline, no cloud).",
+        source: "openclaw-bundled",
+        category: "media"
+      },
+      {
+        name: "songsee",
+        description: "Generate spectrograms and feature-panel visualizations from audio with the songsee CLI.",
+        source: "openclaw-bundled",
+        category: "media"
+      },
+      {
+        name: "voice-call",
+        description: "Start voice calls via the OpenClaw voice-call plugin.",
+        source: "openclaw-bundled",
+        category: "media"
+      },
+      {
+        name: "peekaboo",
+        description: "Capture and automate macOS UI with the Peekaboo CLI.",
+        source: "openclaw-bundled",
+        category: "media"
+      },
+      // ── music ─────────────────────────────────────────────────────────────────
+      {
+        name: "spotify-player",
+        description: "Terminal Spotify playback/search via spogo (preferred) or spotify_player.",
+        source: "openclaw-bundled",
+        category: "music"
+      },
+      {
+        name: "sonoscli",
+        description: "Control Sonos speakers (discover/status/play/volume/group).",
+        source: "openclaw-bundled",
+        category: "music"
+      },
+      {
+        name: "blucli",
+        description: "BluOS CLI (blu) for discovery, playback, grouping, and volume.",
+        source: "openclaw-bundled",
+        category: "music"
+      },
+      // ── smart-home ────────────────────────────────────────────────────────────
+      {
+        name: "openhue",
+        description: "Control Philips Hue lights and scenes via the OpenHue CLI.",
+        source: "openclaw-bundled",
+        category: "smart-home"
+      },
+      {
+        name: "eightctl",
+        description: "Control Eight Sleep pods (status, temperature, alarms, schedules).",
+        source: "openclaw-bundled",
+        category: "smart-home"
+      },
+      // ── ai ────────────────────────────────────────────────────────────────────
+      {
+        name: "gemini",
+        description: "Gemini CLI for one-shot Q&A, summaries, and generation.",
+        source: "openclaw-bundled",
+        category: "ai"
+      },
+      {
+        name: "canvas",
+        description: "Display HTML content on connected OpenClaw nodes (Mac app, iOS, Android). Great for displaying games, visualizations, and dashboards.",
+        source: "openclaw-bundled",
+        category: "ai"
+      },
+      // ── utilities ─────────────────────────────────────────────────────────────
+      {
+        name: "blogwatcher",
+        description: "Monitor blogs and RSS/Atom feeds for updates using the blogwatcher CLI.",
+        source: "openclaw-bundled",
+        category: "utilities"
+      },
+      {
+        name: "goplaces",
+        description: "Query Google Places API (New) via the goplaces CLI for text search, place details, resolve, and reviews. Use for human-friendly place lookup or JSON output for scripts.",
+        source: "openclaw-bundled",
+        category: "utilities"
+      },
+      {
+        name: "healthcheck",
+        description: "Host security hardening and risk-tolerance configuration for OpenClaw deployments. Use when a user asks for security audits, firewall/SSH/update hardening, risk posture, exposure review, or OpenClaw cron health.",
+        source: "openclaw-bundled",
+        category: "utilities"
+      },
+      {
+        name: "model-usage",
+        description: "Use CodexBar CLI local cost usage to summarize per-model usage for Codex or Claude, including the current (most recent) model or a full model breakdown. Trigger when asked for model-level usage/cost details.",
+        source: "openclaw-bundled",
+        category: "utilities"
+      },
+      {
+        name: "ordercli",
+        description: "Foodora-only CLI for checking past orders and active order status (Deliveroo WIP).",
+        source: "openclaw-bundled",
+        category: "utilities"
+      },
+      {
+        name: "session-logs",
+        description: "Search and analyze your own session logs (older/parent conversations) using jq.",
+        source: "openclaw-bundled",
+        category: "utilities"
+      },
+      {
+        name: "weather",
+        description: "Get current weather and forecasts via wttr.in or Open-Meteo. Use when: user asks about weather, temperature, or forecasts for any location. NOT for: historical weather data, severe weather alerts, or other weather APIs.",
+        source: "openclaw-bundled",
+        category: "utilities"
+      },
+      {
+        name: "xurl",
+        description: "A CLI tool for making authenticated requests to the X (Twitter) API. Use this skill when you need to post tweets, reply, quote, search, read posts, manage followers, send DMs, upload media, or interact with X/Twitter programmatically.",
+        source: "openclaw-bundled",
+        category: "utilities"
+      },
+      // ─── Managed Skills (~/.openclaw/skills/) ──────────────────────────────────
+      {
+        name: "agent-nexus-2",
+        description: "Multi-agent coordination and task delegation for complex workflows requiring parallel agent execution.",
+        source: "managed",
+        category: "development"
+      },
+      {
+        name: "autoresearch",
+        description: "Autonomous code quality improvement loop using keep-or-revert cycles. Optimizes a composite quality score derived from tests, lint, and type coverage.",
+        source: "managed",
+        category: "development"
+      },
+      {
+        name: "business-strategy",
+        description: "PMF validation, beachhead identification, activity ROI analysis, kill/invest decisions, and strategic metrics for the AI Agent Economy.",
+        source: "managed",
+        category: "productivity"
+      },
+      {
+        name: "coding-discipline.skill",
+        description: "Enforces strict TypeScript coding standards, test-first development, and zero-stub policies for production-grade agent code.",
+        source: "managed",
+        category: "development"
+      },
+      {
+        name: "content-writer",
+        description: "Use this skill everytime you are writing an article, social media post, email, etc.",
+        source: "managed",
+        category: "communication"
+      },
+      {
+        name: "execution-validation.skill",
+        description: "Multi-round automated validation pipeline for TypeScript/Solidity projects before publish or deploy.",
+        source: "managed",
+        category: "development"
+      },
+      {
+        name: "humanize",
+        description: "Transforms AI-generated writing into content that reads authentically human \u2014 passing AI detectors and resonating with real readers.",
+        source: "managed",
+        category: "communication"
+      },
+      {
+        name: "polyclaw",
+        description: "Trade on Polymarket via split + CLOB execution. Browse markets, track positions with P&L, discover hedges via LLM. Polygon/Web3.",
+        source: "managed",
+        category: "finance"
+      },
+      {
+        name: "prospector",
+        description: "Find leads, prospects, and contacts matching an Ideal Customer Profile. Searches companies via Exa and enriches contacts via Apollo, outputting to CSV and optionally syncing to Attio CRM.",
+        source: "managed",
+        category: "productivity"
+      },
+      {
+        name: "rsi.skill",
+        description: "RSI self-improvement cycles implementing measure \u2192 hypothesize \u2192 mutate \u2192 test \u2192 apply/discard \u2192 repeat for agent capability enhancement.",
+        source: "managed",
+        category: "development"
+      },
+      {
+        name: "security",
+        description: "Infrastructure threat detection, vulnerability management, and security audit workflows for the OpenClaw workspace.",
+        source: "managed",
+        category: "utilities"
+      },
+      {
+        name: "strykr-prism",
+        description: "Real-time financial data API for AI agents. Stocks, crypto, forex, ETFs. 120+ endpoints. Alternative to Alpha Vantage, CoinGecko. Works with Claude, Cursor.",
+        source: "managed",
+        category: "finance"
+      },
+      {
+        name: "taskbridge",
+        description: "Bridge tasks between agent sessions, preserving context and handoff state for long-running multi-session workflows.",
+        source: "managed",
+        category: "productivity"
+      },
+      {
+        name: "validator-agent",
+        description: "Multi-round automated validation pipeline for TypeScript/Solidity projects. Runs 8 rounds of checks before any publish or deploy: compile gate, lint, test suite, security audit, type coverage, docs, changelog, and final review.",
+        source: "managed",
+        category: "development"
+      },
+      {
+        name: "webmcp-payments",
+        description: "Handle HTTP 402 Payment Required responses via agentpay-mcp, enabling autonomous micropayment execution within configured spending limits.",
+        source: "managed",
+        category: "finance"
+      }
+    ];
+    SKILLS_COUNT = SKILLS_CATALOG.length;
+  }
+});
+
+// src/config.ts
+import { readFileSync, writeFileSync, mkdirSync, existsSync } from "fs";
+import { dirname } from "path";
+import { z } from "zod";
+
+// src/constants.ts
+import { join } from "path";
+import { homedir } from "os";
+var VERSION = "2.2.0";
+var PACKAGE_NAME = "clawpowers";
+var CLAWPOWERS_HOME = join(homedir(), ".clawpowers");
+var CONFIG_PATH = join(CLAWPOWERS_HOME, "config.json");
+var SKILLS_DIR = join(CLAWPOWERS_HOME, "skills");
+var DATA_DIR = join(CLAWPOWERS_HOME, "data");
+var LOGS_DIR = join(CLAWPOWERS_HOME, "logs");
+var MEMORY_DIR = join(CLAWPOWERS_HOME, "memory");
+var METRICS_DIR = join(CLAWPOWERS_HOME, "metrics");
+var PROFILES_DIR = join(CLAWPOWERS_HOME, "profiles");
+var WALLET_DIR = join(CLAWPOWERS_HOME, "wallet");
+var CHECKPOINTS_DIR = join(CLAWPOWERS_HOME, "state", "checkpoints");
+var DEFAULT_CONFIG = {
+  version: VERSION,
+  profile: "dev",
+  rsi: {
+    enabled: true,
+    tiers: {
+      t1: "auto",
+      t2: "auto",
+      t3: "ask",
+      t4: "ask"
+    }
+  },
+  payments: {
+    mode: "human-first",
+    dailyLimitUsd: 25,
+    weeklyLimitUsd: 100,
+    allowedDomains: []
+  },
+  logging: {
+    level: "info",
+    retentionDays: 30
+  },
+  skillsDir: SKILLS_DIR,
+  dataDir: DATA_DIR
+};
+var RSI_TIER_ALLOWED_MODES = {
+  t1: ["auto", "ask", "off"],
+  t2: ["auto", "ask", "off"],
+  t3: ["auto", "ask", "off"],
+  t4: ["ask", "off"]
+};
+var SAFETY_INVARIANTS = [
+  "Spending limits and SpendingPolicy",
+  "Core identity and directives",
+  "RSI safety tier definitions",
+  "Sandbox boundaries",
+  "Authentication credentials"
+];
+var PERFORMANCE = {
+  coldStartupMs: 2e3,
+  maxMemoryRssMb: 150,
+  maxContextTokens: 2e3,
+  checkpointWriteMs: 100,
+  episodicSearchMs: 50,
+  profileSwitchMs: 500,
+  healthCheckIntervalMs: 3e4,
+  maxRetries: 3
+};
+
+// src/config.ts
+var RSITierSchema = z.object({
+  t1: z.enum(["auto", "ask", "off"]),
+  t2: z.enum(["auto", "ask", "off"]),
+  t3: z.enum(["auto", "ask", "off"]),
+  t4: z.enum(["ask", "off"])
+  // NO "auto" — safety invariant
+});
+var RSIConfigSchema = z.object({
+  enabled: z.boolean(),
+  tiers: RSITierSchema
+});
+var PaymentConfigSchema = z.object({
+  mode: z.enum(["human-first", "auto", "disabled"]),
+  dailyLimitUsd: z.number().min(0),
+  weeklyLimitUsd: z.number().min(0),
+  allowedDomains: z.array(z.string())
+});
+var LoggingConfigSchema = z.object({
+  level: z.enum(["debug", "info", "warn", "error"]),
+  retentionDays: z.number().min(1).max(365)
+});
+var ConfigFileSchema = z.object({
+  version: z.string(),
+  profile: z.enum(["dev", "lead", "secure", "growth", "full"]),
+  rsi: RSIConfigSchema,
+  payments: PaymentConfigSchema,
+  logging: LoggingConfigSchema,
+  skillsDir: z.string(),
+  dataDir: z.string()
+});
+function loadConfig(configPath = CONFIG_PATH) {
+  if (!existsSync(configPath)) {
+    return DEFAULT_CONFIG;
+  }
+  const raw = readFileSync(configPath, "utf-8");
+  const parsed = JSON.parse(raw);
+  return ConfigFileSchema.parse(parsed);
+}
+function loadConfigSafe(configPath = CONFIG_PATH) {
+  try {
+    return loadConfig(configPath);
+  } catch {
+    return DEFAULT_CONFIG;
+  }
+}
+function saveConfig(config, configPath = CONFIG_PATH) {
+  const validated = ConfigFileSchema.parse(config);
+  const dir = dirname(configPath);
+  if (!existsSync(dir)) {
+    mkdirSync(dir, { recursive: true });
+  }
+  writeFileSync(configPath, JSON.stringify(validated, null, 2) + "\n", "utf-8");
+}
+function initConfig(configPath = CONFIG_PATH) {
+  const config = DEFAULT_CONFIG;
+  saveConfig(config, configPath);
+  return config;
+}
+function getConfigValue(config, key) {
+  const parts = key.split(".");
+  let current = config;
+  for (const part of parts) {
+    if (current === null || current === void 0 || typeof current !== "object") {
+      return void 0;
+    }
+    current = current[part];
+  }
+  return current;
+}
+function setConfigValue(config, key, value) {
+  validateTierSetting(key, value);
+  const parts = key.split(".");
+  const mutable = JSON.parse(JSON.stringify(config));
+  let current = mutable;
+  for (let i = 0; i < parts.length - 1; i++) {
+    const part = parts[i];
+    if (current[part] === void 0 || typeof current[part] !== "object") {
+      throw new Error(`Invalid config path: ${key}`);
+    }
+    current = current[part];
+  }
+  const lastKey = parts[parts.length - 1];
+  if (!(lastKey in current)) {
+    throw new Error(`Invalid config key: ${key}`);
+  }
+  const coerced = coerceValue(current[lastKey], value);
+  current[lastKey] = coerced;
+  return ConfigFileSchema.parse(mutable);
+}
+function validateTierSetting(key, value) {
+  const tierMatch = key.match(/^rsi\.tiers\.(t[1-4])$/);
+  if (tierMatch) {
+    const tier = tierMatch[1];
+    const allowed = RSI_TIER_ALLOWED_MODES[tier];
+    if (!allowed.includes(value)) {
+      if (tier === "t4" && value === "auto") {
+        throw new Error(
+          'T4 (Architecture Proposals) cannot be set to "auto". This is a safety invariant \u2014 T4 changes always require human approval. Allowed modes: ask, off'
+        );
+      }
+      throw new Error(
+        `Invalid mode "${value}" for tier ${tier}. Allowed: ${allowed.join(", ")}`
+      );
+    }
+  }
+}
+function coerceValue(existing, value) {
+  if (typeof existing === "boolean") {
+    if (value === "true") return true;
+    if (value === "false") return false;
+    throw new Error(`Expected boolean value (true/false), got "${value}"`);
+  }
+  if (typeof existing === "number") {
+    const num = Number(value);
+    if (Number.isNaN(num)) {
+      throw new Error(`Expected number value, got "${value}"`);
+    }
+    return num;
+  }
+  return value;
+}
+
+// src/native/index.ts
+import { createRequire } from "module";
+import { fileURLToPath } from "url";
+import { dirname as dirname2, join as join2 } from "path";
+var __dirname = dirname2(fileURLToPath(import.meta.url));
+var require2 = createRequire(import.meta.url);
+var _native = null;
+var _wasm = null;
+var _activeTier = "typescript";
+var _attempted = false;
+function tryLoadNative() {
+  const candidates = [
+    join2(__dirname, "../../native/ffi/index.node"),
+    join2(__dirname, "../../native/ffi/clawpowers_ffi.node"),
+    join2(__dirname, "../../../native/ffi/index.node"),
+    join2(__dirname, "../../../native/ffi/clawpowers_ffi.node"),
+    join2(__dirname, "../native/ffi/index.node"),
+    join2(__dirname, "../native/ffi/clawpowers_ffi.node")
+  ];
+  for (const p of candidates) {
+    try {
+      const mod = require2(p);
+      console.log(`[clawpowers] Tier 1: Native acceleration enabled (${p})`);
+      return mod;
+    } catch {
+    }
+  }
+  return null;
+}
+function tryLoadWasm() {
+  const wasmCandidates = [
+    join2(__dirname, "../native/wasm/pkg-node/clawpowers_wasm.js"),
+    join2(__dirname, "../native/wasm/pkg/clawpowers_wasm.js"),
+    join2(__dirname, "../../native/wasm/pkg-node/clawpowers_wasm.js"),
+    join2(__dirname, "../../native/wasm/pkg/clawpowers_wasm.js")
+  ];
+  for (const p of wasmCandidates) {
+    try {
+      const mod = require2(p);
+      console.log(`[clawpowers] Tier 2: WASM module loaded (${p})`);
+      return mod;
+    } catch {
+    }
+  }
+  return null;
+}
+function loadAll() {
+  if (_attempted) return;
+  _attempted = true;
+  _native = tryLoadNative();
+  if (_native) {
+    _activeTier = "native";
+    _wasm = tryLoadWasm();
+    return;
+  }
+  _wasm = tryLoadWasm();
+  if (_wasm) {
+    _activeTier = "wasm";
+    return;
+  }
+  _activeTier = "typescript";
+  console.log("[clawpowers] Tier 3: TypeScript fallback active (no native or WASM)");
+}
+function getNative() {
+  loadAll();
+  return _native;
+}
+function getWasm() {
+  loadAll();
+  return _wasm;
+}
+function isNativeAvailable() {
+  loadAll();
+  return _native !== null;
+}
+function isWasmAvailable() {
+  loadAll();
+  return _wasm !== null;
+}
+function getActiveTier() {
+  loadAll();
+  return _activeTier;
+}
+function getCapabilitySummary() {
+  loadAll();
+  const nativeModules = _native ? ["wallet", "fee", "x402", "canonical", "compression", "verification", "security"] : [];
+  let wasmModules = [];
+  if (_wasm) {
+    try {
+      wasmModules = JSON.parse(_wasm.getAvailableModules());
+    } catch {
+      wasmModules = ["tokens", "fee", "compression", "canonical", "verification", "security", "index"];
+    }
+  }
+  const typescriptFallback = [
+    "wallet",
+    // ethers.js / viem
+    "x402",
+    // fetch()-based HTTP client
+    "tokens",
+    // Pure TS decimal math
+    "fee",
+    // Pure TS fee calculation
+    "policy"
+    // Pure TS policy engine
+  ];
+  return {
+    tier: _activeTier,
+    nativeModules,
+    wasmModules,
+    typescriptFallback
+  };
+}
+function computeSha256(content) {
+  loadAll();
+  if (_wasm) {
+    return _wasm.computeSha256(content);
+  }
+  const { createHash } = require2("node:crypto");
+  return createHash("sha256").update(content).digest("hex");
+}
+function digestForWalletAddress(keyMaterial) {
+  loadAll();
+  if (_native && typeof _native.keccak256Bytes === "function") {
+    try {
+      return _native.keccak256Bytes(keyMaterial);
+    } catch {
+    }
+  }
+  if (_wasm && typeof _wasm.computeKeccak256 === "function") {
+    try {
+      return _wasm.computeKeccak256(new Uint8Array(keyMaterial));
+    } catch {
+    }
+  }
+  const { createHash } = require2("node:crypto");
+  return "0x" + createHash("sha256").update(keyMaterial).digest("hex");
+}
+function keccak256Digest(data) {
+  loadAll();
+  if (_native && typeof _native.keccak256Bytes === "function") {
+    try {
+      const hex = _native.keccak256Bytes(data);
+      return Buffer.from(hex.replace(/^0x/i, ""), "hex");
+    } catch {
+    }
+  }
+  if (_wasm && typeof _wasm.computeKeccak256 === "function") {
+    try {
+      const hex = _wasm.computeKeccak256(new Uint8Array(data));
+      return Buffer.from(hex.replace(/^0x/i, ""), "hex");
+    } catch {
+    }
+  }
+  return null;
+}
+function deriveEthereumAddress(privateKey) {
+  loadAll();
+  if (_native && typeof _native.deriveEthereumAddress === "function") {
+    try {
+      return _native.deriveEthereumAddress(privateKey);
+    } catch {
+    }
+  }
+  if (_wasm && typeof _wasm.deriveEthereumAddress === "function") {
+    try {
+      return _wasm.deriveEthereumAddress(new Uint8Array(privateKey));
+    } catch {
+    }
+  }
+  return null;
+}
+function derivePublicKey(privateKey) {
+  loadAll();
+  if (_native && typeof _native.derivePublicKey === "function") {
+    try {
+      return Buffer.from(_native.derivePublicKey(privateKey));
+    } catch {
+    }
+  }
+  if (_wasm && typeof _wasm.derivePublicKey === "function") {
+    try {
+      return Buffer.from(_wasm.derivePublicKey(new Uint8Array(privateKey)));
+    } catch {
+    }
+  }
+  return null;
+}
+function signEcdsa(privateKey, messageHash) {
+  loadAll();
+  if (_native && typeof _native.signEcdsa === "function") {
+    try {
+      return Buffer.from(_native.signEcdsa(privateKey, messageHash));
+    } catch {
+    }
+  }
+  if (_wasm && typeof _wasm.signEcdsa === "function") {
+    try {
+      return Buffer.from(_wasm.signEcdsa(new Uint8Array(privateKey), new Uint8Array(messageHash)));
+    } catch {
+    }
+  }
+  return null;
+}
+function verifyEcdsa(publicKey, messageHash, signature) {
+  loadAll();
+  try {
+    if (_native && typeof _native.verifyEcdsa === "function") {
+      return _native.verifyEcdsa(publicKey, messageHash, signature);
+    }
+    if (_wasm && typeof _wasm.verifyEcdsa === "function") {
+      return _wasm.verifyEcdsa(
+        new Uint8Array(publicKey),
+        new Uint8Array(messageHash),
+        new Uint8Array(signature)
+      );
+    }
+  } catch {
+    return false;
+  }
+  return false;
+}
+function tokenAmountFromHuman(human, decimals) {
+  loadAll();
+  if (_wasm) {
+    return JSON.parse(_wasm.tokenAmountFromHuman(human, decimals));
+  }
+  const multiplier = Math.pow(10, decimals);
+  const raw = Math.floor(human * multiplier);
+  return { raw: raw.toString(), decimals };
+}
+function calculateFee(amountHuman, decimals, feeType, txFeeBps, swapFeeBps) {
+  loadAll();
+  if (_wasm) {
+    const amountJson = _wasm.tokenAmountFromHuman(amountHuman, decimals);
+    const result = _wasm.calculateFee(
+      amountJson,
+      feeType,
+      txFeeBps !== void 0 ? BigInt(txFeeBps) : void 0,
+      swapFeeBps !== void 0 ? BigInt(swapFeeBps) : void 0
+    );
+    return JSON.parse(result);
+  }
+  const bps = feeType === "transaction" ? txFeeBps ?? 77 : feeType === "swap" ? swapFeeBps ?? 30 : parseInt(feeType.replace("custom:", ""), 10) || 0;
+  const feeAmount = amountHuman * bps / 1e4;
+  return {
+    gross_amount: amountHuman,
+    fee_amount: feeAmount,
+    net_amount: amountHuman - feeAmount
+  };
+}
+function evaluateWriteFirewall(request) {
+  loadAll();
+  if (_wasm) {
+    return JSON.parse(_wasm.evaluateWriteFirewall(JSON.stringify(request)));
+  }
+  if (request.allowed_namespaces && request.allowed_namespaces.length > 0 && !request.allowed_namespaces.includes(request.namespace)) {
+    return {
+      decision: "deny",
+      reason: `namespace '${request.namespace}' is not in the allow-list`
+    };
+  }
+  const maxLen = request.max_content_length ?? 1024 * 1024;
+  if (request.content.length > maxLen) {
+    return {
+      decision: "deny",
+      reason: `content length ${request.content.length} exceeds maximum ${maxLen}`
+    };
+  }
+  if (request.blocked_patterns) {
+    for (const pattern of request.blocked_patterns) {
+      if (request.content.includes(pattern)) {
+        if (request.trust_level === "system" || request.trust_level === "agent") {
+          return {
+            decision: "deny",
+            reason: `content contains blocked pattern '${pattern}'`
+          };
+        }
+        return {
+          decision: "sanitize",
+          sanitized: request.content.replaceAll(pattern, "")
+        };
+      }
+    }
+  }
+  return { decision: "allow" };
+}
+
+// src/payments/discovery.ts
+var REQUIRED_HEADERS = [
+  "x-payment-amount",
+  "x-payment-currency",
+  "x-payment-recipient",
+  "x-payment-network"
+];
+function detect402(response) {
+  if (response.status !== 402) {
+    return null;
+  }
+  const normalizedHeaders = {};
+  for (const [key, value] of Object.entries(response.headers)) {
+    normalizedHeaders[key.toLowerCase()] = value;
+  }
+  for (const header of REQUIRED_HEADERS) {
+    if (!normalizedHeaders[header] || normalizedHeaders[header].trim() === "") {
+      return null;
+    }
+  }
+  const amountStr = normalizedHeaders["x-payment-amount"];
+  const amount = Number(amountStr);
+  if (Number.isNaN(amount) || amount <= 0) {
+    return null;
+  }
+  const x402Headers = {};
+  for (const [key, value] of Object.entries(normalizedHeaders)) {
+    if (key.startsWith("x-payment-")) {
+      x402Headers[key] = value;
+    }
+  }
+  return {
+    amount,
+    currency: normalizedHeaders["x-payment-currency"],
+    recipient: normalizedHeaders["x-payment-recipient"],
+    network: normalizedHeaders["x-payment-network"],
+    x402Headers
+  };
+}
+function isPaymentRequired(error) {
+  if (error === null || error === void 0) return false;
+  if (typeof error === "object") {
+    const obj = error;
+    if ("status" in obj && obj["status"] === 402) return true;
+    if ("statusCode" in obj && obj["statusCode"] === 402) return true;
+    if ("response" in obj && typeof obj["response"] === "object" && obj["response"] !== null) {
+      const response = obj["response"];
+      if ("status" in response && response["status"] === 402) return true;
+    }
+    if ("message" in obj && typeof obj["message"] === "string" && obj["message"].includes("402")) {
+      return true;
+    }
+  }
+  return false;
+}
+
+// src/payments/spending.ts
+function getUtcDayStart() {
+  const now = /* @__PURE__ */ new Date();
+  const utcStart = new Date(Date.UTC(
+    now.getUTCFullYear(),
+    now.getUTCMonth(),
+    now.getUTCDate(),
+    0,
+    0,
+    0,
+    0
+  ));
+  return utcStart.getTime();
+}
+var SpendingPolicy = class {
+  dailyLimit;
+  transactionLimit;
+  allowedDomains;
+  spendingLog = [];
+  constructor(options) {
+    this.dailyLimit = options.dailyLimit;
+    this.transactionLimit = options.transactionLimit;
+    this.allowedDomains = options.allowedDomains;
+  }
+  /**
+   * Get total spending for the current UTC day.
+   */
+  getDailySpent() {
+    const dayStart = getUtcDayStart();
+    return this.spendingLog.filter((r) => r.timestamp >= dayStart).reduce((sum, r) => sum + r.amount, 0);
+  }
+  /**
+   * Check whether a transaction is allowed under the current policy.
+   * Fail-closed: any validation error results in rejection.
+   */
+  checkTransaction(amount, domain) {
+    try {
+      if (amount <= 0 || !Number.isFinite(amount)) {
+        return {
+          allowed: false,
+          reason: `Invalid amount: ${amount}`,
+          remainingDaily: this.dailyLimit - this.getDailySpent()
+        };
+      }
+      if (amount > this.transactionLimit) {
+        return {
+          allowed: false,
+          reason: `Amount $${amount} exceeds per-transaction limit of $${this.transactionLimit}`,
+          remainingDaily: this.dailyLimit - this.getDailySpent()
+        };
+      }
+      if (this.allowedDomains.length > 0) {
+        const normalizedDomain = domain.toLowerCase();
+        const isAllowed = this.allowedDomains.some(
+          (d) => d.toLowerCase() === normalizedDomain
+        );
+        if (!isAllowed) {
+          return {
+            allowed: false,
+            reason: `Domain "${domain}" is not in the allowed domains list`,
+            remainingDaily: this.dailyLimit - this.getDailySpent()
+          };
+        }
+      }
+      const dailySpent = this.getDailySpent();
+      if (dailySpent + amount > this.dailyLimit) {
+        return {
+          allowed: false,
+          reason: `Transaction of $${amount} would exceed daily limit of $${this.dailyLimit} (already spent: $${dailySpent})`,
+          remainingDaily: this.dailyLimit - dailySpent
+        };
+      }
+      return {
+        allowed: true,
+        reason: "Transaction approved",
+        remainingDaily: this.dailyLimit - dailySpent - amount
+      };
+    } catch {
+      return {
+        allowed: false,
+        reason: "Policy check failed due to internal error \u2014 rejecting for safety",
+        remainingDaily: 0
+      };
+    }
+  }
+  /**
+   * Record a completed spending transaction.
+   */
+  recordSpend(amount, domain) {
+    this.spendingLog.push({
+      amount,
+      timestamp: Date.now(),
+      domain
+    });
+  }
+  /**
+   * Reset all spending records (used for testing).
+   */
+  reset() {
+    this.spendingLog = [];
+  }
+  /**
+   * Get the full spending log (for audit purposes).
+   */
+  getSpendingLog() {
+    return [...this.spendingLog];
+  }
+};
+
+// src/payments/executor.ts
+var PaymentExecutor = class {
+  policy;
+  client;
+  auditLog = [];
+  constructor(policy, client) {
+    this.policy = policy;
+    this.client = client;
+  }
+  /**
+   * Execute a payment request.
+   * 1. Check spending policy
+   * 2. If allowed, execute via MCP client
+   * 3. Log the result (success or failure)
+   * 4. Never auto-retry on failure
+   */
+  async executePayment(request) {
+    const decision = this.policy.checkTransaction(request.amount, request.domain);
+    if (!decision.allowed) {
+      const result = {
+        success: false,
+        error: `Spending policy rejected: ${decision.reason}`
+      };
+      this.logAudit(request, result);
+      return result;
+    }
+    try {
+      const mcpResult = await this.client.executePayment({
+        amount: request.amount,
+        currency: request.currency,
+        recipient: request.recipient,
+        x402Headers: request.x402Headers
+      });
+      if (mcpResult.status === "success") {
+        this.policy.recordSpend(request.amount, request.domain);
+        const result2 = {
+          success: true,
+          txHash: mcpResult.txHash
+        };
+        this.logAudit(request, result2);
+        return result2;
+      }
+      const result = {
+        success: false,
+        error: "Payment execution failed at MCP layer"
+      };
+      this.logAudit(request, result);
+      return result;
+    } catch (err) {
+      const errorMessage = err instanceof Error ? err.message : String(err);
+      const result = {
+        success: false,
+        error: `Payment execution error: ${errorMessage}`
+      };
+      this.logAudit(request, result);
+      return result;
+    }
+  }
+  /**
+   * Get the full payment audit log.
+   */
+  getAuditLog() {
+    return [...this.auditLog];
+  }
+  /**
+   * Log a payment attempt to the audit trail.
+   */
+  logAudit(request, result) {
+    this.auditLog.push({
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      request,
+      result,
+      spendingSnapshot: {
+        dailySpent: this.policy.getDailySpent(),
+        dailyLimit: this.policy.dailyLimit
+      }
+    });
+  }
+};
+
+// src/payments/native-bridge.ts
+import { randomBytes } from "crypto";
+function calculateTransactionFee(amount, decimals = 6) {
+  const native = getNative();
+  if (native) {
+    try {
+      const schedule = native.JsFeeSchedule.withDefaults();
+      const raw = JSON.parse(schedule.calculate(amount, decimals, "transaction"));
+      return {
+        gross: raw.gross,
+        fee: raw.fee,
+        net: raw.net,
+        feeRecipient: raw.feeRecipient ?? raw.fee_recipient ?? "0x0000000000000000000000000000000000000000"
+      };
+    } catch {
+    }
+  }
+  const wasm = getWasm();
+  if (wasm) {
+    try {
+      const result = calculateFee(amount, decimals, "transaction");
+      return {
+        gross: result.gross_amount,
+        fee: result.fee_amount,
+        net: result.net_amount,
+        feeRecipient: "0x0000000000000000000000000000000000000000"
+      };
+    } catch {
+    }
+  }
+  const fee = amount * 77e-4;
+  return {
+    gross: amount,
+    fee,
+    net: amount - fee,
+    feeRecipient: "0x0000000000000000000000000000000000000000"
+  };
+}
+function createPaymentHeader(paymentJson, signature) {
+  const native = getNative();
+  if (native) {
+    try {
+      const client = new native.JsX402Client();
+      return client.createPaymentHeader(paymentJson, signature);
+    } catch {
+    }
+  }
+  return Buffer.from(JSON.stringify({ payment: JSON.parse(paymentJson), signature })).toString("base64");
+}
+function generateWalletAddress() {
+  const native = getNative();
+  if (native) {
+    try {
+      return native.JsAgentWallet.generate().address();
+    } catch {
+    }
+  }
+  const address = deriveEthereumAddress(randomBytes(32));
+  if (address) {
+    return address;
+  }
+  throw new Error(
+    "Unable to derive a real Ethereum address. Native or WASM wallet support is required for generateWalletAddress()."
+  );
+}
+
+// src/memory/working.ts
+function estimateTokens(text) {
+  return Math.ceil(text.length / 4);
+}
+var WorkingMemoryManager = class {
+  memory = null;
+  create(taskId, goal) {
+    const emptyPlan = {
+      taskId,
+      steps: [],
+      status: "draft",
+      createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+      approvedAt: null,
+      parallelizable: false
+    };
+    this.memory = {
+      taskId,
+      goal,
+      plan: emptyPlan,
+      currentStepId: null,
+      intermediateOutputs: {},
+      contextWindow: []
+    };
+    return this.memory;
+  }
+  updateCurrentStep(stepId) {
+    if (!this.memory) {
+      throw new Error("Working memory not initialized. Call create() first.");
+    }
+    this.memory = {
+      ...this.memory,
+      currentStepId: stepId
+    };
+  }
+  addIntermediateOutput(stepId, output) {
+    if (!this.memory) {
+      throw new Error("Working memory not initialized. Call create() first.");
+    }
+    this.memory = {
+      ...this.memory,
+      intermediateOutputs: {
+        ...this.memory.intermediateOutputs,
+        [stepId]: output
+      }
+    };
+  }
+  /**
+   * Inject context entries into working memory, enforcing token budget.
+   * Entries are added until the budget is exhausted, then truncated.
+   */
+  injectContext(entries) {
+    if (!this.memory) {
+      throw new Error("Working memory not initialized. Call create() first.");
+    }
+    const maxTokens = PERFORMANCE.maxContextTokens;
+    const injected = [];
+    let totalTokens = 0;
+    for (const entry of entries) {
+      const entryTokens = estimateTokens(entry);
+      if (totalTokens + entryTokens > maxTokens) {
+        const remainingTokens = maxTokens - totalTokens;
+        if (remainingTokens > 10) {
+          const truncatedLength = remainingTokens * 4;
+          injected.push(entry.slice(0, truncatedLength) + "...");
+        }
+        break;
+      }
+      totalTokens += entryTokens;
+      injected.push(entry);
+    }
+    this.memory = {
+      ...this.memory,
+      contextWindow: injected
+    };
+  }
+  getSnapshot() {
+    if (!this.memory) {
+      throw new Error("Working memory not initialized. Call create() first.");
+    }
+    return this.memory;
+  }
+  clear() {
+    this.memory = null;
+  }
+};
+
+// src/memory/episodic.ts
+import { readFile, appendFile, writeFile, mkdir } from "fs/promises";
+import { existsSync as existsSync2 } from "fs";
+import { dirname as dirname3 } from "path";
+var EpisodicMemory = class {
+  filePath;
+  constructor(filePath) {
+    this.filePath = filePath;
+  }
+  async ensureDir() {
+    const dir = dirname3(this.filePath);
+    if (!existsSync2(dir)) {
+      await mkdir(dir, { recursive: true });
+    }
+  }
+  async append(entry) {
+    await this.ensureDir();
+    const line = JSON.stringify(entry) + "\n";
+    await appendFile(this.filePath, line, "utf-8");
+  }
+  async readAll() {
+    if (!existsSync2(this.filePath)) {
+      return [];
+    }
+    const content = await readFile(this.filePath, "utf-8");
+    return this.parseLines(content);
+  }
+  async search(query, limit = 10) {
+    const entries = await this.readAll();
+    const queryLower = query.toLowerCase();
+    const queryWords = queryLower.split(/\s+/).filter(Boolean);
+    const scored = [];
+    for (const entry of entries) {
+      const searchText = [
+        entry.description,
+        ...entry.lessonsLearned,
+        ...entry.tags
+      ].join(" ").toLowerCase();
+      let score = 0;
+      for (const word of queryWords) {
+        if (searchText.includes(word)) {
+          score += 1;
+        }
+      }
+      if (searchText.includes(queryLower)) {
+        score += queryWords.length;
+      }
+      if (score > 0) {
+        scored.push({ entry, score });
+      }
+    }
+    scored.sort((a, b) => b.score - a.score);
+    return scored.slice(0, limit).map((s) => s.entry);
+  }
+  async readRecent(count) {
+    const entries = await this.readAll();
+    return entries.slice(-count);
+  }
+  async recoverFromCorruption() {
+    if (!existsSync2(this.filePath)) {
+      return { recovered: 0, lost: 0 };
+    }
+    const content = await readFile(this.filePath, "utf-8");
+    const lines = content.split("\n").filter((line) => line.trim().length > 0);
+    const validLines = [];
+    let lost = 0;
+    for (const line of lines) {
+      try {
+        JSON.parse(line);
+        validLines.push(line);
+      } catch {
+        lost++;
+      }
+    }
+    if (lost > 0) {
+      await writeFile(this.filePath, validLines.map((l) => l + "\n").join(""), "utf-8");
+    }
+    return { recovered: validLines.length, lost };
+  }
+  parseLines(content) {
+    const lines = content.split("\n").filter((line) => line.trim().length > 0);
+    const entries = [];
+    for (const line of lines) {
+      try {
+        entries.push(JSON.parse(line));
+      } catch {
+      }
+    }
+    return entries;
+  }
+};
+
+// src/memory/procedural.ts
+import { readFile as readFile2, writeFile as writeFile2, rename, mkdir as mkdir2, copyFile } from "fs/promises";
+import { existsSync as existsSync3 } from "fs";
+import { dirname as dirname4 } from "path";
+var ProceduralMemory = class {
+  filePath;
+  cache = null;
+  constructor(filePath) {
+    this.filePath = filePath;
+  }
+  async ensureDir() {
+    const dir = dirname4(this.filePath);
+    if (!existsSync3(dir)) {
+      await mkdir2(dir, { recursive: true });
+    }
+  }
+  async load() {
+    if (!existsSync3(this.filePath)) {
+      this.cache = [];
+      return [];
+    }
+    const content = await readFile2(this.filePath, "utf-8");
+    const entries = JSON.parse(content);
+    this.cache = entries;
+    return entries;
+  }
+  async update(skillName, result) {
+    const entries = await this.load();
+    const existing = entries.find((e) => e.skillName === skillName);
+    if (existing) {
+      const newCount = existing.invocationCount + 1;
+      const successCount = Math.round(existing.successRate * existing.invocationCount) + (result.succeeded ? 1 : 0);
+      const newSuccessRate = successCount / newCount;
+      const newAvgContribution = (existing.avgContribution * existing.invocationCount + result.durationMs) / newCount;
+      const updated = {
+        ...existing,
+        invocationCount: newCount,
+        successRate: newSuccessRate,
+        avgContribution: newAvgContribution,
+        lastUsed: (/* @__PURE__ */ new Date()).toISOString()
+      };
+      const index = entries.indexOf(existing);
+      entries[index] = updated;
+    } else {
+      const newEntry = {
+        skillName,
+        invocationCount: 1,
+        successRate: result.succeeded ? 1 : 0,
+        avgContribution: result.durationMs,
+        preferredContexts: [],
+        lastUsed: (/* @__PURE__ */ new Date()).toISOString(),
+        mutations: []
+      };
+      entries.push(newEntry);
+    }
+    await this.atomicWrite(entries);
+    this.cache = entries;
+  }
+  getSkillScore(skillName) {
+    if (!this.cache) {
+      return null;
+    }
+    return this.cache.find((e) => e.skillName === skillName) ?? null;
+  }
+  getTopSkills(context, limit) {
+    if (!this.cache) {
+      return [];
+    }
+    const contextLower = context.toLowerCase();
+    const contextWords = contextLower.split(/\s+/).filter(Boolean);
+    const scored = [];
+    for (const entry of this.cache) {
+      let score = entry.successRate * entry.invocationCount;
+      for (const preferred of entry.preferredContexts) {
+        const prefLower = preferred.toLowerCase();
+        for (const word of contextWords) {
+          if (prefLower.includes(word)) {
+            score += 2;
+          }
+        }
+      }
+      if (contextLower.includes(entry.skillName.toLowerCase())) {
+        score += 5;
+      }
+      scored.push({ entry, score });
+    }
+    scored.sort((a, b) => b.score - a.score);
+    return scored.slice(0, limit).map((s) => s.entry);
+  }
+  async recordMutation(skillName, mutation) {
+    const entries = await this.load();
+    const existing = entries.find((e) => e.skillName === skillName);
+    if (!existing) {
+      throw new Error(`Skill "${skillName}" not found in procedural memory`);
+    }
+    const updated = {
+      ...existing,
+      mutations: [...existing.mutations, mutation]
+    };
+    const index = entries.indexOf(existing);
+    entries[index] = updated;
+    await this.atomicWrite(entries);
+    this.cache = entries;
+  }
+  async rollbackMutation(skillName, mutationId) {
+    const entries = await this.load();
+    const existing = entries.find((e) => e.skillName === skillName);
+    if (!existing) {
+      throw new Error(`Skill "${skillName}" not found in procedural memory`);
+    }
+    const mutation = existing.mutations.find((m) => m.mutationId === mutationId);
+    if (!mutation) {
+      throw new Error(`Mutation "${mutationId}" not found for skill "${skillName}"`);
+    }
+    const updatedMutations = existing.mutations.map((m) => {
+      if (m.mutationId === mutationId) {
+        return {
+          ...m,
+          status: "reverted",
+          revertedAt: (/* @__PURE__ */ new Date()).toISOString()
+        };
+      }
+      return m;
+    });
+    const updated = {
+      ...existing,
+      mutations: updatedMutations
+    };
+    const index = entries.indexOf(existing);
+    entries[index] = updated;
+    await this.atomicWrite(entries);
+    this.cache = entries;
+  }
+  async atomicWrite(entries) {
+    await this.ensureDir();
+    if (existsSync3(this.filePath)) {
+      await copyFile(this.filePath, this.filePath + ".bak");
+    }
+    const tmpPath = this.filePath + ".tmp";
+    await writeFile2(tmpPath, JSON.stringify(entries, null, 2) + "\n", "utf-8");
+    await rename(tmpPath, this.filePath);
+  }
+};
+
+// src/memory/checkpoint.ts
+import { readFile as readFile3, writeFile as writeFile3, rename as rename2, unlink, readdir, mkdir as mkdir3 } from "fs/promises";
+import { existsSync as existsSync4 } from "fs";
+import { join as join3 } from "path";
+var DEFAULT_MAX_AGE_MS = 24 * 60 * 60 * 1e3;
+var CheckpointManager = class {
+  dir;
+  constructor(dir) {
+    this.dir = dir;
+  }
+  async ensureDir() {
+    if (!existsSync4(this.dir)) {
+      await mkdir3(this.dir, { recursive: true });
+    }
+  }
+  filePath(taskId) {
+    return join3(this.dir, `${taskId}.json`);
+  }
+  async save(taskId, state) {
+    await this.ensureDir();
+    const path = this.filePath(taskId);
+    const tmpPath = path + ".tmp";
+    await writeFile3(tmpPath, JSON.stringify(state, null, 2) + "\n", "utf-8");
+    await rename2(tmpPath, path);
+  }
+  async load(taskId) {
+    const path = this.filePath(taskId);
+    if (!existsSync4(path)) {
+      return null;
+    }
+    const content = await readFile3(path, "utf-8");
+    return JSON.parse(content);
+  }
+  async remove(taskId) {
+    const path = this.filePath(taskId);
+    if (existsSync4(path)) {
+      await unlink(path);
+    }
+  }
+  async listIncomplete() {
+    await this.ensureDir();
+    const files = await readdir(this.dir);
+    const results = [];
+    for (const file of files) {
+      if (!file.endsWith(".json")) continue;
+      const path = join3(this.dir, file);
+      try {
+        const content = await readFile3(path, "utf-8");
+        const state = JSON.parse(content);
+        if (state.agentStatus !== "complete" && state.agentStatus !== "failed") {
+          results.push({
+            taskId: state.taskId,
+            description: state.goal.description,
+            savedAt: state.savedAt,
+            isStale: this.isStale(state)
+          });
+        }
+      } catch {
+      }
+    }
+    return results;
+  }
+  isStale(checkpoint, maxAgeMs = DEFAULT_MAX_AGE_MS) {
+    const savedTime = new Date(checkpoint.savedAt).getTime();
+    const now = Date.now();
+    return now - savedTime > maxAgeMs;
+  }
+};
+
+// src/memory/context-injector.ts
+var DEFAULT_MAX_TOKENS = 2e3;
+function estimateTokens2(text) {
+  return Math.ceil(text.length / 4);
+}
+function compressEpisodicEntry(entry) {
+  const date = entry.timestamp.slice(0, 10);
+  const skills = entry.skillsUsed.length > 0 ? ` (${entry.skillsUsed.join(", ")})` : "";
+  const lesson = entry.lessonsLearned.length > 0 ? ` Lesson: ${entry.lessonsLearned[0]}` : "";
+  return `[${date}] '${entry.description.slice(0, 80)}' \u2192 ${entry.outcome}${skills}${lesson}`;
+}
+function compressProceduralEntry(entry) {
+  const rate = Math.round(entry.successRate * 100);
+  return `[skill] ${entry.skillName}: ${rate}% success over ${entry.invocationCount} invocations`;
+}
+function scoreEpisodicEntry(entry, goalWords) {
+  const text = [entry.description, ...entry.lessonsLearned, ...entry.tags].join(" ").toLowerCase();
+  let score = 0;
+  for (const word of goalWords) {
+    if (text.includes(word)) {
+      score += 1;
+    }
+  }
+  const ageMs = Date.now() - new Date(entry.timestamp).getTime();
+  const ageDays = ageMs / (24 * 60 * 60 * 1e3);
+  score += Math.max(0, 10 - ageDays) / 10;
+  return score;
+}
+var ContextInjector = class {
+  episodic;
+  procedural;
+  constructor(episodic, procedural) {
+    this.episodic = episodic;
+    this.procedural = procedural;
+  }
+  async inject(goal, maxTokens = DEFAULT_MAX_TOKENS) {
+    const goalWords = goal.description.toLowerCase().split(/\s+/).filter((w) => w.length > 2);
+    const allEpisodic = await this.episodic.readAll();
+    const scoredEpisodic = allEpisodic.map((entry) => ({ entry, score: scoreEpisodicEntry(entry, goalWords) })).filter((s) => s.score > 0).sort((a, b) => b.score - a.score);
+    const allProcedural = await this.procedural.load();
+    const relevantProcedural = allProcedural.filter((entry) => {
+      const nameLower = entry.skillName.toLowerCase();
+      return goalWords.some((w) => nameLower.includes(w) || w.includes(nameLower));
+    }).sort((a, b) => b.successRate * b.invocationCount - a.successRate * a.invocationCount);
+    const results = [];
+    let totalTokens = 0;
+    let eIdx = 0;
+    let pIdx = 0;
+    while (totalTokens < maxTokens && (eIdx < scoredEpisodic.length || pIdx < relevantProcedural.length)) {
+      for (let i = 0; i < 2 && eIdx < scoredEpisodic.length; i++, eIdx++) {
+        const compressed = compressEpisodicEntry(scoredEpisodic[eIdx].entry);
+        const tokens = estimateTokens2(compressed);
+        if (totalTokens + tokens > maxTokens) {
+          return results;
+        }
+        results.push(compressed);
+        totalTokens += tokens;
+      }
+      if (pIdx < relevantProcedural.length) {
+        const compressed = compressProceduralEntry(relevantProcedural[pIdx]);
+        const tokens = estimateTokens2(compressed);
+        if (totalTokens + tokens > maxTokens) {
+          return results;
+        }
+        results.push(compressed);
+        totalTokens += tokens;
+        pIdx++;
+      }
+    }
+    return results;
+  }
+};
+
+// src/memory/native-store.ts
+function getNativeCanonicalStore(dbPath) {
+  const native = getNative();
+  if (!native) return null;
+  try {
+    return native.JsCanonicalStore.open(dbPath);
+  } catch {
+    return null;
+  }
+}
+function getNativeCanonicalStoreInMemory() {
+  const native = getNative();
+  if (!native) return null;
+  try {
+    return native.JsCanonicalStore.inMemory();
+  } catch {
+    return null;
+  }
+}
+function getWasmCanonicalStore() {
+  const wasm = getWasm();
+  if (!wasm) return null;
+  try {
+    return new wasm.WasmCanonicalStore();
+  } catch {
+    return null;
+  }
+}
+function getBestCanonicalStore() {
+  return getNativeCanonicalStoreInMemory() ?? getWasmCanonicalStore();
+}
+function compressVector(vector, bits = 8) {
+  const native = getNative();
+  if (native) {
+    try {
+      const compressor = new native.JsTurboCompressor(vector.length, bits);
+      const compressed = compressor.compress(vector);
+      return {
+        compressed,
+        originalSize: vector.length * 4,
+        compressedSize: compressed.length
+      };
+    } catch {
+    }
+  }
+  const wasm = getWasm();
+  if (wasm) {
+    try {
+      const vectorJson = JSON.stringify(Array.from(vector));
+      const compressed = wasm.compressVector(vectorJson, vector.length);
+      return {
+        compressed,
+        originalSize: vector.length * 4,
+        compressedSize: compressed.length
+      };
+    } catch {
+    }
+  }
+  return null;
+}
+function decompressVector(compressedJson, dimensions, bits = 8) {
+  const native = getNative();
+  if (native) {
+    try {
+      const compressor = new native.JsTurboCompressor(dimensions, bits);
+      return compressor.decompress(compressedJson);
+    } catch {
+    }
+  }
+  const wasm = getWasm();
+  if (wasm) {
+    try {
+      const arrayJson = wasm.decompressVector(compressedJson, dimensions);
+      const arr = JSON.parse(arrayJson);
+      return new Float32Array(arr);
+    } catch {
+    }
+  }
+  return null;
+}
+function approximateDistance(aJson, bJson, dimensions) {
+  const wasm = getWasm();
+  if (wasm) {
+    try {
+      return wasm.approximateDistance(aJson, bJson, dimensions);
+    } catch {
+    }
+  }
+  return null;
+}
+function evaluateWriteSecurity(namespace, content, allowedNamespaces, source = "agent", trustLevel = "agent") {
+  const native = getNative();
+  if (native) {
+    try {
+      const firewall = new native.JsWriteFirewall(
+        JSON.stringify({ allowed_namespaces: allowedNamespaces })
+      );
+      const result = JSON.parse(
+        firewall.evaluate(JSON.stringify({ namespace, content, trust_level: trustLevel }))
+      );
+      return result;
+    } catch {
+    }
+  }
+  try {
+    const result = evaluateWriteFirewall({
+      namespace,
+      content,
+      trust_level: trustLevel,
+      source,
+      allowed_namespaces: allowedNamespaces.length > 0 ? allowedNamespaces : void 0
+    });
+    return {
+      allowed: result.decision === "allow" || result.decision === "sanitize",
+      reason: result.reason
+    };
+  } catch {
+    return { allowed: true };
+  }
+}
+
+// src/rsi/metrics.ts
+import { readFile as readFile4, appendFile as appendFile2, mkdir as mkdir4 } from "fs/promises";
+import { existsSync as existsSync5 } from "fs";
+import { dirname as dirname5 } from "path";
+var MetricsCollector = class {
+  taskMetricsPath;
+  skillMetricsPath;
+  constructor(taskMetricsPath, skillMetricsPath) {
+    this.taskMetricsPath = taskMetricsPath;
+    this.skillMetricsPath = skillMetricsPath;
+  }
+  async ensureDir(filePath) {
+    const dir = dirname5(filePath);
+    if (!existsSync5(dir)) {
+      await mkdir4(dir, { recursive: true });
+    }
+  }
+  async recordTaskMetrics(task) {
+    await this.ensureDir(this.taskMetricsPath);
+    const line = JSON.stringify(task) + "\n";
+    await appendFile2(this.taskMetricsPath, line, "utf-8");
+  }
+  async recordSkillMetrics(skill) {
+    await this.ensureDir(this.skillMetricsPath);
+    const line = JSON.stringify(skill) + "\n";
+    await appendFile2(this.skillMetricsPath, line, "utf-8");
+  }
+  async getTaskHistory(limit) {
+    const entries = await this.readJsonl(this.taskMetricsPath);
+    if (limit !== void 0) {
+      return entries.slice(-limit);
+    }
+    return entries;
+  }
+  async getSkillHistory(skillName, limit) {
+    const all = await this.readJsonl(this.skillMetricsPath);
+    const filtered = all.filter((s) => s.skillName === skillName);
+    if (limit !== void 0) {
+      return filtered.slice(-limit);
+    }
+    return filtered;
+  }
+  async getAggregatedSkillStats(skillName) {
+    const history = await this.getSkillHistory(skillName);
+    if (history.length === 0) {
+      return {
+        skillName,
+        totalInvocations: 0,
+        successRate: 0,
+        avgDurationMs: 0,
+        trendDirection: "stable"
+      };
+    }
+    const invokedEntries = history.filter((h) => h.invoked);
+    const totalInvocations = invokedEntries.length;
+    const successCount = invokedEntries.filter((h) => h.succeeded).length;
+    const successRate = totalInvocations > 0 ? successCount / totalInvocations : 0;
+    const avgDurationMs = totalInvocations > 0 ? invokedEntries.reduce((sum, h) => sum + h.durationMs, 0) / totalInvocations : 0;
+    const trendDirection = this.calculateTrend(invokedEntries);
+    return {
+      skillName,
+      totalInvocations,
+      successRate,
+      avgDurationMs,
+      trendDirection
+    };
+  }
+  calculateTrend(entries) {
+    if (entries.length < 4) {
+      return "stable";
+    }
+    const mid = Math.floor(entries.length / 2);
+    const firstHalf = entries.slice(0, mid);
+    const secondHalf = entries.slice(mid);
+    const firstRate = firstHalf.filter((e) => e.succeeded).length / firstHalf.length;
+    const secondRate = secondHalf.filter((e) => e.succeeded).length / secondHalf.length;
+    const diff = secondRate - firstRate;
+    if (diff > 0.1) return "improving";
+    if (diff < -0.1) return "declining";
+    return "stable";
+  }
+  async readJsonl(filePath) {
+    if (!existsSync5(filePath)) {
+      return [];
+    }
+    const content = await readFile4(filePath, "utf-8");
+    const lines = content.split("\n").filter((line) => line.trim().length > 0);
+    const results = [];
+    for (const line of lines) {
+      try {
+        results.push(JSON.parse(line));
+      } catch {
+      }
+    }
+    return results;
+  }
+};
+
+// src/rsi/hypothesis.ts
+import { randomUUID } from "crypto";
+var MIN_DATA_POINTS = 10;
+var LOW_SUCCESS_THRESHOLD = 0.6;
+var SLOW_SKILL_PERCENTILE = 0.75;
+var HypothesisEngine = class {
+  analyze(skillStats, taskHistory) {
+    if (taskHistory.length < MIN_DATA_POINTS) {
+      return [];
+    }
+    const hypotheses = [];
+    hypotheses.push(...this.detectLowSuccessRate(skillStats));
+    hypotheses.push(...this.detectSlowSkills(skillStats));
+    hypotheses.push(...this.detectFrequentlyPairedSkills(taskHistory));
+    hypotheses.push(...this.detectUnusedInSuccessful(skillStats, taskHistory));
+    return hypotheses;
+  }
+  detectLowSuccessRate(stats) {
+    const hypotheses = [];
+    for (const skill of stats) {
+      if (skill.totalInvocations >= 5 && skill.successRate < LOW_SUCCESS_THRESHOLD) {
+        const expectedImprovement = Math.round((LOW_SUCCESS_THRESHOLD - skill.successRate) * 100);
+        hypotheses.push({
+          hypothesisId: randomUUID(),
+          skillName: skill.skillName,
+          description: `Adjusting retry count for ${skill.skillName} may improve success by ${expectedImprovement}%`,
+          expectedImprovement,
+          tier: "T1",
+          confidence: Math.min(0.9, skill.totalInvocations / 20),
+          evidence: [
+            `Current success rate: ${Math.round(skill.successRate * 100)}%`,
+            `Total invocations: ${skill.totalInvocations}`,
+            `Trend: ${skill.trendDirection}`
+          ]
+        });
+      }
+    }
+    return hypotheses;
+  }
+  detectSlowSkills(stats) {
+    const hypotheses = [];
+    const withInvocations = stats.filter((s) => s.totalInvocations >= 5);
+    if (withInvocations.length < 2) return hypotheses;
+    const durations = withInvocations.map((s) => s.avgDurationMs).sort((a, b) => a - b);
+    const percentileIdx = Math.max(0, Math.floor(durations.length * SLOW_SKILL_PERCENTILE) - 1);
+    const threshold = durations[percentileIdx] ?? Infinity;
+    for (const skill of withInvocations) {
+      if (skill.avgDurationMs > threshold) {
+        const expectedImprovement = Math.round(
+          (skill.avgDurationMs - threshold) / skill.avgDurationMs * 100
+        );
+        hypotheses.push({
+          hypothesisId: randomUUID(),
+          skillName: skill.skillName,
+          description: `Increasing timeout for ${skill.skillName} may reduce failures by ${expectedImprovement}%`,
+          expectedImprovement,
+          tier: "T1",
+          confidence: Math.min(0.8, skill.totalInvocations / 25),
+          evidence: [
+            `Avg duration: ${Math.round(skill.avgDurationMs)}ms`,
+            `75th percentile threshold: ${Math.round(threshold)}ms`
+          ]
+        });
+      }
+    }
+    return hypotheses;
+  }
+  detectFrequentlyPairedSkills(taskHistory) {
+    const hypotheses = [];
+    const pairCounts = /* @__PURE__ */ new Map();
+    for (const task of taskHistory) {
+      const skills = task.skillsUsed;
+      for (let i = 0; i < skills.length; i++) {
+        for (let j = i + 1; j < skills.length; j++) {
+          const pair = [skills[i], skills[j]].sort().join("+");
+          pairCounts.set(pair, (pairCounts.get(pair) ?? 0) + 1);
+        }
+      }
+    }
+    for (const [pair, count] of pairCounts) {
+      if (count >= 5) {
+        const [skillA, skillB] = pair.split("+");
+        hypotheses.push({
+          hypothesisId: randomUUID(),
+          skillName: `${skillA}+${skillB}`,
+          description: `Creating a chain of ${skillA}+${skillB} may improve efficiency`,
+          expectedImprovement: Math.round(count / taskHistory.length * 30),
+          tier: "T3",
+          confidence: Math.min(0.7, count / 15),
+          evidence: [
+            `Co-occurrence: ${count}/${taskHistory.length} tasks`
+          ]
+        });
+      }
+    }
+    return hypotheses;
+  }
+  detectUnusedInSuccessful(stats, taskHistory) {
+    const hypotheses = [];
+    const successfulTasks = taskHistory.filter((t) => t.outcome === "success");
+    if (successfulTasks.length < 5) return hypotheses;
+    const successfulSkills = /* @__PURE__ */ new Set();
+    for (const task of successfulTasks) {
+      for (const skill of task.skillsUsed) {
+        successfulSkills.add(skill);
+      }
+    }
+    for (const skill of stats) {
+      if (skill.totalInvocations >= 5 && !successfulSkills.has(skill.skillName) && skill.successRate < 0.5) {
+        hypotheses.push({
+          hypothesisId: randomUUID(),
+          skillName: skill.skillName,
+          description: `Deprioritizing ${skill.skillName} for current task types`,
+          expectedImprovement: 10,
+          tier: "T2",
+          confidence: 0.5,
+          evidence: [
+            `Not used in any of ${successfulTasks.length} successful tasks`,
+            `Success rate: ${Math.round(skill.successRate * 100)}%`
+          ]
+        });
+      }
+    }
+    return hypotheses;
+  }
+};
+
+// src/rsi/mutation.ts
+import { readFile as readFile5, appendFile as appendFile3, mkdir as mkdir5 } from "fs/promises";
+import { existsSync as existsSync6 } from "fs";
+import { dirname as dirname6 } from "path";
+import { randomUUID as randomUUID2 } from "crypto";
+var MutationEngine = class {
+  historyPath;
+  constructor(historyPath) {
+    this.historyPath = historyPath;
+  }
+  async ensureDir() {
+    const dir = dirname6(this.historyPath);
+    if (!existsSync6(dir)) {
+      await mkdir5(dir, { recursive: true });
+    }
+  }
+  createMutation(hypothesis) {
+    this.validateSafety(hypothesis);
+    const initialStatus = hypothesis.tier === "T4" ? "proposed" : "proposed";
+    return {
+      mutationId: randomUUID2(),
+      hypothesisId: hypothesis.hypothesisId,
+      skillName: hypothesis.skillName,
+      tier: hypothesis.tier,
+      description: hypothesis.description,
+      originalValue: "",
+      mutatedValue: hypothesis.description,
+      status: initialStatus,
+      appliedAt: null,
+      revertedAt: null
+    };
+  }
+  async applyMutation(mutation) {
+    if (this.isSafetyInvariant(mutation.skillName)) {
+      throw new Error(
+        `Cannot mutate safety invariant: ${mutation.skillName}. Safety invariants are: ${SAFETY_INVARIANTS.join(", ")}`
+      );
+    }
+    if (mutation.tier === "T4") {
+      throw new Error(
+        "T4 mutations (Architecture) cannot be auto-applied. They must be proposed and reviewed by a human."
+      );
+    }
+    const applied = {
+      ...mutation,
+      status: "applied",
+      appliedAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    await this.appendHistory(applied);
+  }
+  async revertMutation(mutation) {
+    const reverted = {
+      ...mutation,
+      status: "reverted",
+      revertedAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    await this.appendHistory(reverted);
+  }
+  async getMutationHistory() {
+    if (!existsSync6(this.historyPath)) {
+      return [];
+    }
+    const content = await readFile5(this.historyPath, "utf-8");
+    const lines = content.split("\n").filter((l) => l.trim().length > 0);
+    const results = [];
+    for (const line of lines) {
+      try {
+        results.push(JSON.parse(line));
+      } catch {
+      }
+    }
+    return results;
+  }
+  async appendHistory(mutation) {
+    await this.ensureDir();
+    const line = JSON.stringify(mutation) + "\n";
+    await appendFile3(this.historyPath, line, "utf-8");
+  }
+  validateSafety(hypothesis) {
+    if (this.isSafetyInvariant(hypothesis.skillName)) {
+      throw new Error(
+        `Cannot create mutation targeting safety invariant: ${hypothesis.skillName}`
+      );
+    }
+  }
+  isSafetyInvariant(name) {
+    const nameLower = name.toLowerCase();
+    return SAFETY_INVARIANTS.some(
+      (invariant) => nameLower.includes(invariant.toLowerCase()) || invariant.toLowerCase().includes(nameLower)
+    );
+  }
+};
+
+// src/rsi/ab-test.ts
+import { randomUUID as randomUUID3 } from "crypto";
+var DEFAULT_MIN_SAMPLE_SIZE = 5;
+var PROMOTION_THRESHOLD = 0.1;
+var ROLLBACK_THRESHOLD = -0.1;
+var ABTestManager = class {
+  tests = /* @__PURE__ */ new Map();
+  results = /* @__PURE__ */ new Map();
+  startTest(mutation, baselineMetrics) {
+    const testId = randomUUID3();
+    const test = {
+      testId,
+      mutationId: mutation.mutationId,
+      skillName: mutation.skillName,
+      baselineStats: baselineMetrics,
+      variantStats: {
+        skillName: mutation.skillName,
+        totalInvocations: 0,
+        successRate: 0,
+        avgDurationMs: 0,
+        trendDirection: "stable"
+      },
+      sampleSize: 0,
+      minSampleSize: DEFAULT_MIN_SAMPLE_SIZE,
+      startedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      status: "running"
+    };
+    this.tests.set(testId, test);
+    this.results.set(testId, []);
+    return test;
+  }
+  recordResult(testId, taskMetrics) {
+    const test = this.tests.get(testId);
+    if (!test) {
+      throw new Error(`A/B test "${testId}" not found`);
+    }
+    if (test.status !== "running") {
+      throw new Error(`A/B test "${testId}" is not running (status: ${test.status})`);
+    }
+    const taskResults = this.results.get(testId) ?? [];
+    taskResults.push(taskMetrics);
+    this.results.set(testId, taskResults);
+    const successCount = taskResults.filter((t) => t.outcome === "success").length;
+    const totalDuration = taskResults.reduce((sum, t) => sum + t.durationMs, 0);
+    const updatedTest = {
+      ...test,
+      sampleSize: taskResults.length,
+      variantStats: {
+        skillName: test.skillName,
+        totalInvocations: taskResults.length,
+        successRate: taskResults.length > 0 ? successCount / taskResults.length : 0,
+        avgDurationMs: taskResults.length > 0 ? totalDuration / taskResults.length : 0,
+        trendDirection: "stable"
+      }
+    };
+    this.tests.set(testId, updatedTest);
+  }
+  evaluateTest(testId) {
+    const test = this.tests.get(testId);
+    if (!test) {
+      throw new Error(`A/B test "${testId}" not found`);
+    }
+    if (test.sampleSize < test.minSampleSize) {
+      return {
+        testId,
+        decision: "continue",
+        improvement: 0,
+        confidence: test.sampleSize / test.minSampleSize
+      };
+    }
+    const baselineRate = test.baselineStats.successRate;
+    const variantRate = test.variantStats.successRate;
+    const improvement = baselineRate > 0 ? (variantRate - baselineRate) / baselineRate : variantRate > 0 ? 1 : 0;
+    const confidence = Math.min(1, test.sampleSize / (test.minSampleSize * 2));
+    let decision;
+    if (improvement > PROMOTION_THRESHOLD) {
+      decision = "promote";
+    } else if (improvement < ROLLBACK_THRESHOLD) {
+      decision = "rollback";
+    } else {
+      decision = "continue";
+    }
+    if (decision === "promote" || decision === "rollback") {
+      const updated = {
+        ...test,
+        status: "completed"
+      };
+      this.tests.set(testId, updated);
+    }
+    return {
+      testId,
+      decision,
+      improvement,
+      confidence
+    };
+  }
+  getActiveTests() {
+    const active = [];
+    for (const test of this.tests.values()) {
+      if (test.status === "running") {
+        active.push(test);
+      }
+    }
+    return active;
+  }
+};
+
+// src/rsi/audit.ts
+import { readFile as readFile6, appendFile as appendFile4, mkdir as mkdir6 } from "fs/promises";
+import { existsSync as existsSync7 } from "fs";
+import { dirname as dirname7 } from "path";
+var RSIAuditLog = class {
+  filePath;
+  constructor(filePath) {
+    this.filePath = filePath;
+  }
+  async ensureDir() {
+    const dir = dirname7(this.filePath);
+    if (!existsSync7(dir)) {
+      await mkdir6(dir, { recursive: true });
+    }
+  }
+  async log(entry) {
+    await this.ensureDir();
+    const line = JSON.stringify(entry) + "\n";
+    await appendFile4(this.filePath, line, "utf-8");
+  }
+  async getHistory(limit) {
+    if (!existsSync7(this.filePath)) {
+      return [];
+    }
+    const content = await readFile6(this.filePath, "utf-8");
+    const lines = content.split("\n").filter((l) => l.trim().length > 0);
+    const entries = [];
+    for (const line of lines) {
+      try {
+        entries.push(JSON.parse(line));
+      } catch {
+      }
+    }
+    if (limit !== void 0) {
+      return entries.slice(-limit);
+    }
+    return entries;
+  }
+  async getByMutation(mutationId) {
+    const all = await this.getHistory();
+    return all.filter((e) => e.mutationId === mutationId);
+  }
+};
+
+// src/rsi/auto-research.ts
+import { randomUUID as randomUUID4 } from "crypto";
+import { execSync } from "child_process";
+import { mkdirSync as mkdirSync2, existsSync as existsSync8, writeFileSync as writeFileSync2 } from "fs";
+import { join as join4 } from "path";
+import { tmpdir } from "os";
+var MIN_CONFIDENCE = 0.3;
+var REQUIRED_PASSING_RUNS = 3;
+function buildSearchQuery(failure) {
+  const clean = failure.error.replace(/\x1b\[[0-9;]*m/g, "");
+  const firstLine = clean.split("\n")[0]?.trim() ?? clean.trim();
+  const noPath = firstLine.replace(/\/[^\s:]+:\d+:\d+/g, "").trim();
+  const taskSummary = failure.taskDescription.slice(0, 60).trim();
+  const errorSummary = noPath.slice(0, 100).trim();
+  if (!errorSummary) {
+    return `${taskSummary} fix solution`;
+  }
+  return `${taskSummary} ${errorSummary}`.trim();
+}
+function scoreConfidence(candidate, failure) {
+  let base = 0;
+  switch (candidate.source) {
+    case "skill-catalog":
+      base = 0.7;
+      break;
+    case "npm-registry":
+      base = 0.5;
+      break;
+    case "web-search":
+      base = 0.4;
+      break;
+  }
+  const failureWords = new Set(
+    failure.taskDescription.toLowerCase().split(/\W+/).filter((w) => w.length > 3)
+  );
+  const approachWords = candidate.approach.toLowerCase().split(/\W+/);
+  const matches = approachWords.filter((w) => failureWords.has(w)).length;
+  const overlap = Math.min(matches / Math.max(failureWords.size, 1), 0.25);
+  base += overlap;
+  if (candidate.description.length < 20) {
+    base -= 0.1;
+  }
+  return Math.max(0, Math.min(1, base));
+}
+var AutoResearcher = class {
+  skillsDir;
+  constructor(skillsDir) {
+    this.skillsDir = skillsDir ?? join4(tmpdir(), "clawpowers-promoted-skills");
+  }
+  /**
+   * Search for candidate solutions to a failure.
+   *
+   * Sources queried (in order of reliability):
+   *   1. skill-catalog  — skills already available that match the error domain
+   *   2. npm-registry   — packages that match the error keywords
+   *   3. web-search     — constructs a query from the failure trace
+   *
+   * Returns candidates sorted by confidence (highest first).
+   */
+  async research(failure) {
+    const candidates = [];
+    const skillCatalogCandidates = this.searchSkillCatalog(failure);
+    candidates.push(...skillCatalogCandidates);
+    const npmCandidates = await this.searchNpmRegistry(failure);
+    candidates.push(...npmCandidates);
+    const webCandidates = this.buildWebSearchCandidates(failure);
+    candidates.push(...webCandidates);
+    return candidates.filter((c) => c.confidence >= MIN_CONFIDENCE).sort((a, b) => b.confidence - a.confidence);
+  }
+  /**
+   * Test a candidate solution in an isolated sandbox.
+   * Runs the candidate's approach as a shell command in a temp directory.
+   * Returns a TestResult with pass/fail, output, and duration.
+   */
+  async testCandidate(candidate, task) {
+    const startMs = Date.now();
+    const sandboxDir = join4(tmpdir(), `clawpowers-sandbox-${randomUUID4()}`);
+    try {
+      mkdirSync2(sandboxDir, { recursive: true });
+      const testScript = this.buildTestScript(candidate, task, sandboxDir);
+      const scriptPath = join4(sandboxDir, "test.sh");
+      writeFileSync2(scriptPath, testScript, { mode: 493 });
+      const output = execSync(`bash "${scriptPath}"`, {
+        cwd: sandboxDir,
+        timeout: 3e4,
+        encoding: "utf-8",
+        stdio: ["ignore", "pipe", "pipe"]
+      });
+      return {
+        passed: true,
+        output: output.toString().slice(0, 2e3),
+        durationMs: Date.now() - startMs,
+        attempt: 1
+      };
+    } catch (err) {
+      const output = err instanceof Error ? err.message : String(err);
+      return {
+        passed: false,
+        output: output.slice(0, 2e3),
+        durationMs: Date.now() - startMs,
+        attempt: 1
+      };
+    } finally {
+      try {
+        execSync(`rm -rf "${sandboxDir}"`, { timeout: 5e3, stdio: "ignore" });
+      } catch {
+      }
+    }
+  }
+  /**
+   * Run a candidate through REQUIRED_PASSING_RUNS sandbox tests.
+   * Returns all TestResult objects. If fewer than REQUIRED_PASSING_RUNS pass,
+   * the candidate is NOT promoted (caller must check).
+   */
+  async runSandboxTests(candidate, task) {
+    const results = [];
+    for (let i = 1; i <= REQUIRED_PASSING_RUNS; i++) {
+      const result = await this.testCandidate(candidate, task);
+      results.push({ ...result, attempt: i });
+      if (!result.passed) {
+        break;
+      }
+    }
+    return results;
+  }
+  /**
+   * Promote a candidate solution to a new skill definition.
+   * Writes a minimal SKILL.md to the skills directory and returns
+   * the SkillDefinition.
+   */
+  async promoteToSkill(candidate, testResults) {
+    const passingRuns = testResults.filter((r) => r.passed).length;
+    if (passingRuns < REQUIRED_PASSING_RUNS) {
+      throw new Error(
+        `Cannot promote candidate: only ${passingRuns}/${REQUIRED_PASSING_RUNS} test runs passed.`
+      );
+    }
+    const skillId = `auto-${randomUUID4().slice(0, 8)}`;
+    const skillName = this.deriveSkillName(candidate);
+    const definition = {
+      skillId,
+      name: skillName,
+      description: candidate.description,
+      approach: candidate.approach,
+      source: candidate.source,
+      promotedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      testResults
+    };
+    const skillDir = join4(this.skillsDir, skillName);
+    if (!existsSync8(skillDir)) {
+      mkdirSync2(skillDir, { recursive: true });
+    }
+    const skillMd = this.renderSkillMd(definition);
+    writeFileSync2(join4(skillDir, "SKILL.md"), skillMd, "utf-8");
+    return definition;
+  }
+  // ─── Private Methods ───────────────────────────────────────────────────────
+  searchSkillCatalog(failure) {
+    try {
+      const { SKILLS_CATALOG: SKILLS_CATALOG2 } = (init_catalog(), __toCommonJS(catalog_exports));
+      const errorTokens = failure.error.toLowerCase().split(/\W+/).filter((t) => t.length > 3);
+      const taskTokens = failure.taskDescription.toLowerCase().split(/\W+/).filter((t) => t.length > 3);
+      const relevantTokens = /* @__PURE__ */ new Set([...errorTokens, ...taskTokens]);
+      return SKILLS_CATALOG2.filter((skill) => {
+        const haystack = `${skill.name} ${skill.description}`.toLowerCase();
+        return [...relevantTokens].some((token) => haystack.includes(token));
+      }).slice(0, 3).map((skill) => {
+        const base = {
+          source: "skill-catalog",
+          description: skill.description,
+          approach: `Use the '${skill.name}' skill (category: ${skill.category}) to address this failure.`
+        };
+        return {
+          ...base,
+          confidence: scoreConfidence(base, failure)
+        };
+      });
+    } catch {
+      return [];
+    }
+  }
+  async searchNpmRegistry(failure) {
+    const query = buildSearchQuery(failure);
+    const keywords = query.split(/\s+/).filter((w) => w.length > 3).slice(0, 5).join("+");
+    try {
+      const raw = execSync(
+        `npm search ${keywords} --json --no-description 2>/dev/null`,
+        {
+          timeout: 15e3,
+          encoding: "utf-8",
+          stdio: ["ignore", "pipe", "ignore"]
+        }
+      );
+      const results = JSON.parse(raw);
+      return results.slice(0, 3).map((pkg) => {
+        const base = {
+          source: "npm-registry",
+          description: pkg.description ?? pkg.name,
+          approach: `Install and use npm package '${pkg.name}' to resolve this failure.`
+        };
+        return {
+          ...base,
+          confidence: scoreConfidence(base, failure)
+        };
+      });
+    } catch {
+      return [];
+    }
+  }
+  buildWebSearchCandidates(failure) {
+    const query = buildSearchQuery(failure);
+    const base = {
+      source: "web-search",
+      description: `Web search for: "${query}"`,
+      approach: `Search the web for "${query}" and apply the top-ranked solution approach.`
+    };
+    return [
+      {
+        ...base,
+        confidence: scoreConfidence(base, failure)
+      }
+    ];
+  }
+  /**
+   * Build a sandboxed test script for a candidate solution.
+   * Validates the candidate's approach by checking its core prerequisites
+   * (e.g. that a package is installed, or a command is available).
+   */
+  buildTestScript(candidate, task, _sandboxDir) {
+    const lines = [
+      "#!/usr/bin/env bash",
+      "set -euo pipefail",
+      "",
+      "# AutoResearch sandbox test",
+      `# Task: ${task.description.replace(/'/g, "'\\''").slice(0, 200)}`,
+      `# Candidate source: ${candidate.source}`,
+      `# Candidate: ${candidate.description.replace(/'/g, "'\\''").slice(0, 200)}`,
+      ""
+    ];
+    if (candidate.source === "npm-registry") {
+      const match = /npm package '([^']+)'/.exec(candidate.approach);
+      if (match) {
+        const pkgName = match[1];
+        lines.push(`# Check if the npm package exists in the registry`);
+        lines.push(`npm view "${pkgName}" name > /dev/null 2>&1`);
+        lines.push(`echo "Package '${pkgName}' exists in npm registry"`);
+      } else {
+        lines.push('echo "npm-registry candidate: no package name extractable"');
+        lines.push("exit 0");
+      }
+    } else if (candidate.source === "skill-catalog") {
+      const match = /skill '([^']+)'/.exec(candidate.approach);
+      if (match) {
+        lines.push(`# Validate skill '${match[1]}' reference`);
+        lines.push(`echo "Skill catalog candidate: ${match[1]}"`);
+        lines.push("exit 0");
+      } else {
+        lines.push('echo "skill-catalog candidate validated"');
+        lines.push("exit 0");
+      }
+    } else {
+      const q = buildSearchQuery({ error: candidate.description, taskDescription: task.description, executionSteps: [], skillsUsed: [], attemptCount: 1 });
+      if (q.trim().length > 0) {
+        lines.push(`echo "web-search candidate: query is '${q.replace(/'/g, "").slice(0, 100)}'"`);
+        lines.push("exit 0");
+      } else {
+        lines.push('echo "web-search candidate: empty query" >&2');
+        lines.push("exit 1");
+      }
+    }
+    lines.push("");
+    lines.push("# Success criteria check");
+    for (const criterion of task.successCriteria.slice(0, 2)) {
+      lines.push(`echo "Criterion: ${criterion.replace(/'/g, "").slice(0, 100)}"`);
+    }
+    lines.push('echo "Test passed"');
+    return lines.join("\n") + "\n";
+  }
+  deriveSkillName(candidate) {
+    const slug = candidate.description.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "").slice(0, 40);
+    return `auto-${slug}`;
+  }
+  renderSkillMd(def) {
+    return [
+      "---",
+      `name: ${def.name}`,
+      `description: "${def.description.replace(/"/g, "'")}"`,
+      `source: ${def.source}`,
+      `skillId: ${def.skillId}`,
+      `promotedAt: "${def.promotedAt}"`,
+      "---",
+      "",
+      `# ${def.name}`,
+      "",
+      `**Auto-promoted by AutoResearcher on ${def.promotedAt}**`,
+      "",
+      `## Description`,
+      "",
+      def.description,
+      "",
+      `## Approach`,
+      "",
+      def.approach,
+      "",
+      `## Test Results`,
+      "",
+      `Passed ${def.testResults.filter((r) => r.passed).length}/${def.testResults.length} sandbox runs.`,
+      ""
+    ].join("\n");
+  }
+};
+async function runAutoResearch(failure, task, skillsDir) {
+  const researcher = new AutoResearcher(skillsDir);
+  const candidates = await researcher.research(failure);
+  if (candidates.length === 0) {
+    return null;
+  }
+  for (const candidate of candidates) {
+    const results = await researcher.runSandboxTests(candidate, task);
+    const passingRuns = results.filter((r) => r.passed).length;
+    if (passingRuns >= REQUIRED_PASSING_RUNS) {
+      const skill = await researcher.promoteToSkill(candidate, results);
+      return skill;
+    }
+  }
+  return null;
+}
+
+// src/skills/loader.ts
+import { readdirSync, readFileSync as readFileSync2, existsSync as existsSync9, statSync } from "fs";
+import { join as join5 } from "path";
+function parseFrontmatter(content) {
+  const match = content.match(/^---\n([\s\S]*?)\n---/);
+  if (!match?.[1]) {
+    return {};
+  }
+  const yamlText = match[1];
+  const result = {};
+  const lines = yamlText.split("\n");
+  let currentKey = "";
+  let inRequires = false;
+  let requiresKey = "";
+  const requires = {};
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (trimmed === "" || trimmed.startsWith("#")) continue;
+    const topLevel = line.match(/^(\w+):\s*(.*)$/);
+    if (topLevel?.[1]) {
+      currentKey = topLevel[1];
+      const val = topLevel[2]?.trim().replace(/^["']|["']$/g, "") ?? "";
+      if (currentKey === "name" && val) result.name = val;
+      if (currentKey === "description" && val) result.description = val;
+      inRequires = false;
+      continue;
+    }
+    if (trimmed === "openclaw:") continue;
+    if (trimmed === "requires:") {
+      inRequires = true;
+      continue;
+    }
+    if (inRequires) {
+      const reqKey = trimmed.match(/^(\w+):\s*(.*)$/);
+      if (reqKey?.[1]) {
+        requiresKey = reqKey[1];
+        const inlineArr = reqKey[2]?.match(/\[(.*)\]/);
+        if (inlineArr?.[1]) {
+          const items = inlineArr[1].split(",").map((s) => s.trim().replace(/^["']|["']$/g, ""));
+          if (requiresKey === "bins") requires.bins = items;
+          if (requiresKey === "env") requires.env = items;
+          if (requiresKey === "config") requires.config = items;
+        }
+        continue;
+      }
+      const listItem = trimmed.match(/^-\s*["']?(.+?)["']?$/);
+      if (listItem?.[1] && requiresKey) {
+        if (requiresKey === "bins") {
+          requires.bins = requires.bins ?? [];
+          requires.bins.push(listItem[1]);
+        }
+        if (requiresKey === "env") {
+          requires.env = requires.env ?? [];
+          requires.env.push(listItem[1]);
+        }
+        if (requiresKey === "config") {
+          requires.config = requires.config ?? [];
+          requires.config.push(listItem[1]);
+        }
+      }
+    }
+  }
+  if (Object.keys(requires).length > 0) {
+    result.metadata = { openclaw: { requires } };
+  }
+  return result;
+}
+function loadSkillManifest(skillDir) {
+  const skillMdPath = join5(skillDir, "SKILL.md");
+  if (!existsSync9(skillMdPath)) {
+    return null;
+  }
+  const content = readFileSync2(skillMdPath, "utf-8");
+  const frontmatter = parseFrontmatter(content);
+  if (!frontmatter.name || !frontmatter.description) {
+    return null;
+  }
+  let requirements = null;
+  const req = frontmatter.metadata?.openclaw?.requires;
+  if (req) {
+    requirements = {
+      bins: req.bins ?? [],
+      env: req.env ?? [],
+      config: req.config ?? []
+    };
+  }
+  return {
+    name: frontmatter.name,
+    description: frontmatter.description,
+    path: skillDir,
+    requirements
+  };
+}
+function discoverSkills(skillsDir) {
+  if (!existsSync9(skillsDir)) {
+    return [];
+  }
+  const entries = readdirSync(skillsDir);
+  const manifests = [];
+  for (const entry of entries) {
+    const fullPath = join5(skillsDir, entry);
+    if (!statSync(fullPath).isDirectory()) continue;
+    const manifest = loadSkillManifest(fullPath);
+    if (manifest) {
+      manifests.push(manifest);
+    }
+  }
+  return manifests.sort((a, b) => a.name.localeCompare(b.name));
+}
+function getActiveSkills(allSkills, profile) {
+  const profileSkillSet = new Set(profile.skills);
+  return allSkills.filter((skill) => profileSkillSet.has(skill.name));
+}
+function listSkillsWithStatus(allSkills, profile) {
+  const profileSkillSet = new Set(profile.skills);
+  return allSkills.map((skill) => ({
+    skill,
+    active: profileSkillSet.has(skill.name)
+  }));
+}
+
+// src/skills/executor.ts
+var SkillExecutor = class {
+  constructor(skillsDir, memory) {
+    this.skillsDir = skillsDir;
+    this.memory = memory;
+  }
+  skillsDir;
+  memory;
+  async execute(skillName, context) {
+    const start = Date.now();
+    try {
+      const result = {
+        success: true,
+        output: `Skill ${skillName} loaded from ${this.skillsDir}`,
+        durationMs: Date.now() - start
+      };
+      await this.memory.update(skillName, {
+        succeeded: true,
+        durationMs: result.durationMs,
+        taskId: context.taskId
+      });
+      return result;
+    } catch (err) {
+      const errorMessage = err instanceof Error ? err.message : String(err);
+      await this.memory.update(skillName, {
+        succeeded: false,
+        durationMs: Date.now() - start,
+        taskId: context.taskId
+      });
+      return {
+        success: false,
+        output: "",
+        durationMs: Date.now() - start,
+        error: errorMessage
+      };
+    }
+  }
+};
+
+// src/wallet/manager.ts
+import { readdir as readdir2, readFile as readFile8 } from "fs/promises";
+import { existsSync as existsSync11 } from "fs";
+import { join as join7 } from "path";
+
+// src/wallet/crypto.ts
+import { randomBytes as randomBytes2, createCipheriv, createDecipheriv, scryptSync } from "crypto";
+import { debuglog } from "util";
+import { writeFile as writeFile4, readFile as readFile7, mkdir as mkdir7 } from "fs/promises";
+import { existsSync as existsSync10 } from "fs";
+import { join as join6 } from "path";
+var dlog = debuglog("clawpowers:wallet");
+var SCRYPT_N = 16384;
+var SCRYPT_R = 8;
+var SCRYPT_P = 1;
+var KEY_LENGTH = 32;
+var IV_LENGTH = 12;
+var AUTH_TAG_LENGTH = 16;
+function addressFromKeyMaterial(keyMaterial) {
+  const digestHex = digestForWalletAddress(keyMaterial);
+  const hash = Buffer.from(digestHex.replace(/^0x/, ""), "hex");
+  return "0x" + hash.subarray(hash.length - 20).toString("hex");
+}
+function deriveKey(passphrase, salt) {
+  return scryptSync(passphrase, salt, KEY_LENGTH, {
+    N: SCRYPT_N,
+    r: SCRYPT_R,
+    p: SCRYPT_P
+  });
+}
+function encryptPrivateKey(privateKey, passphrase) {
+  const salt = randomBytes2(32);
+  const key = deriveKey(passphrase, salt);
+  const iv = randomBytes2(IV_LENGTH);
+  const cipher = createCipheriv("aes-256-gcm", key, iv, { authTagLength: AUTH_TAG_LENGTH });
+  const encrypted = Buffer.concat([cipher.update(privateKey), cipher.final()]);
+  const authTag = cipher.getAuthTag();
+  return {
+    ciphertext: encrypted.toString("hex"),
+    iv: iv.toString("hex"),
+    authTag: authTag.toString("hex"),
+    salt: salt.toString("hex")
+  };
+}
+function decryptPrivateKey(ciphertext, iv, authTag, salt, passphrase) {
+  const key = deriveKey(passphrase, Buffer.from(salt, "hex"));
+  const decipher = createDecipheriv("aes-256-gcm", key, Buffer.from(iv, "hex"), {
+    authTagLength: AUTH_TAG_LENGTH
+  });
+  decipher.setAuthTag(Buffer.from(authTag, "hex"));
+  const decrypted = Buffer.concat([
+    decipher.update(Buffer.from(ciphertext, "hex")),
+    decipher.final()
+  ]);
+  return decrypted;
+}
+function generateAddress(privateKeyHex) {
+  const cleaned = privateKeyHex.replace(/^0x/i, "");
+  const privBuf = Buffer.from(cleaned, "hex");
+  const eth = deriveEthereumAddress(privBuf);
+  if (eth) {
+    dlog("address derivation: secp256k1+keccak (tier %s)", getActiveTier());
+    return eth;
+  }
+  dlog("address derivation: tier3 legacy digest (tier %s)", getActiveTier());
+  return addressFromKeyMaterial(privBuf);
+}
+async function ensureDir(dir) {
+  if (!existsSync10(dir)) {
+    await mkdir7(dir, { recursive: true });
+  }
+}
+async function signMessageFromKeyFile(message, keyFile, passphrase) {
+  const content = await readFile7(keyFile, "utf-8");
+  const keyFileData = JSON.parse(content);
+  const privateKey = decryptPrivateKey(
+    keyFileData.crypto.ciphertext,
+    keyFileData.crypto.iv,
+    keyFileData.crypto.authTag,
+    keyFileData.crypto.salt,
+    passphrase
+  );
+  const msgBuf = Buffer.from(message, "utf8");
+  const hash = keccak256Digest(msgBuf);
+  const sigEcdsa = hash ? signEcdsa(privateKey, hash) : null;
+  if (sigEcdsa) {
+    dlog("signMessage (keyfile): secp256k1 ECDSA (tier %s)", getActiveTier());
+    return {
+      message,
+      signature: "0x" + sigEcdsa.toString("hex"),
+      address: keyFileData.address
+    };
+  }
+  const { createHmac } = await import("crypto");
+  dlog("signMessage (keyfile): HMAC-SHA256 legacy (no secp256k1/keccak tier)");
+  const signature = createHmac("sha256", privateKey).update(message).digest("hex");
+  return {
+    message,
+    signature: "0x" + signature,
+    address: keyFileData.address
+  };
+}
+async function signMessageFromPrivateKey(privateKeyHex, message) {
+  const cleaned = privateKeyHex.replace(/^0x/i, "");
+  if (cleaned.length !== 64 || !/^[0-9a-fA-F]+$/.test(cleaned)) {
+    throw new Error("Invalid private key: must be 32 bytes (64 hex characters)");
+  }
+  const priv = Buffer.from(cleaned, "hex");
+  const hash = keccak256Digest(Buffer.from(message, "utf8"));
+  if (!hash) {
+    throw new Error(
+      "Ethereum signing requires Keccak-256 (Tier 1 native or Tier 2 WASM). Pure TypeScript tier has no Keccak."
+    );
+  }
+  const sig = signEcdsa(priv, hash);
+  if (!sig) {
+    throw new Error("Ethereum signing requires secp256k1 (Tier 1 native or Tier 2 WASM).");
+  }
+  return "0x" + sig.toString("hex");
+}
+async function generateWallet(config) {
+  const privateKey = randomBytes2(32);
+  const privateKeyHex = privateKey.toString("hex");
+  const address = generateAddress(privateKeyHex);
+  const createdAt = (/* @__PURE__ */ new Date()).toISOString();
+  const passphrase = randomBytes2(16).toString("hex");
+  const encrypted = encryptPrivateKey(privateKey, passphrase);
+  const keyFileData = {
+    version: 1,
+    address,
+    chain: config.chain,
+    createdAt,
+    crypto: {
+      cipher: "aes-256-gcm",
+      ciphertext: encrypted.ciphertext,
+      iv: encrypted.iv,
+      authTag: encrypted.authTag,
+      salt: encrypted.salt,
+      scryptParams: { N: SCRYPT_N, r: SCRYPT_R, p: SCRYPT_P }
+    }
+  };
+  await ensureDir(config.dataDir);
+  const keyFileName = `${address.slice(2, 10)}-${Date.now()}.json`;
+  const keyFilePath = join6(config.dataDir, keyFileName);
+  await writeFile4(keyFilePath, JSON.stringify(keyFileData, null, 2) + "\n", "utf-8");
+  return {
+    address,
+    chain: config.chain,
+    createdAt,
+    keyFile: keyFilePath
+  };
+}
+async function importWallet(privateKeyHex, config) {
+  const cleaned = privateKeyHex.replace(/^0x/i, "");
+  if (cleaned.length !== 64 || !/^[0-9a-fA-F]+$/.test(cleaned)) {
+    throw new Error("Invalid private key: must be 32 bytes (64 hex characters)");
+  }
+  const privateKey = Buffer.from(cleaned, "hex");
+  const address = generateAddress(cleaned);
+  const createdAt = (/* @__PURE__ */ new Date()).toISOString();
+  const passphrase = randomBytes2(16).toString("hex");
+  const encrypted = encryptPrivateKey(privateKey, passphrase);
+  const keyFileData = {
+    version: 1,
+    address,
+    chain: config.chain,
+    createdAt,
+    crypto: {
+      cipher: "aes-256-gcm",
+      ciphertext: encrypted.ciphertext,
+      iv: encrypted.iv,
+      authTag: encrypted.authTag,
+      salt: encrypted.salt,
+      scryptParams: { N: SCRYPT_N, r: SCRYPT_R, p: SCRYPT_P }
+    }
+  };
+  await ensureDir(config.dataDir);
+  const keyFileName = `${address.slice(2, 10)}-${Date.now()}.json`;
+  const keyFilePath = join6(config.dataDir, keyFileName);
+  await writeFile4(keyFilePath, JSON.stringify(keyFileData, null, 2) + "\n", "utf-8");
+  return {
+    address,
+    chain: config.chain,
+    createdAt,
+    keyFile: keyFilePath
+  };
+}
+async function signMessage(a, b, c) {
+  if (c !== void 0) {
+    return signMessageFromKeyFile(a, b, c);
+  }
+  return signMessageFromPrivateKey(a, b);
+}
+
+// src/wallet/manager.ts
+var WalletManager = class {
+  constructor(config) {
+    this.config = config;
+  }
+  config;
+  async generate() {
+    return generateWallet(this.config);
+  }
+  async import(privateKey) {
+    return importWallet(privateKey, this.config);
+  }
+  async sign(message, walletInfo, passphrase) {
+    const result = await signMessage(message, walletInfo.keyFile, passphrase);
+    return result.signature;
+  }
+  async listWallets() {
+    if (!existsSync11(this.config.dataDir)) {
+      return [];
+    }
+    const files = await readdir2(this.config.dataDir);
+    const wallets = [];
+    for (const file of files) {
+      if (!file.endsWith(".json")) continue;
+      try {
+        const filePath = join7(this.config.dataDir, file);
+        const content = await readFile8(filePath, "utf-8");
+        const data = JSON.parse(content);
+        wallets.push({
+          address: data.address,
+          chain: data.chain,
+          createdAt: data.createdAt,
+          keyFile: filePath
+        });
+      } catch {
+      }
+    }
+    return wallets;
+  }
+};
+
+// src/itp/index.ts
+var ITP_BASE_URL = "http://localhost:8100";
+var TIMEOUT_MS = 3e3;
+async function encode(message, sourceAgent) {
+  try {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), TIMEOUT_MS);
+    const response = await fetch(`${ITP_BASE_URL}/tools/encode`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        message,
+        source_agent: sourceAgent ?? "unknown",
+        target_agent: "unknown"
+      }),
+      signal: controller.signal
+    });
+    clearTimeout(timeout);
+    if (!response.ok) {
+      return { encoded: message, wasCompressed: false, savingsPct: 0 };
+    }
+    const data = await response.json();
+    return {
+      encoded: data.encoded ?? message,
+      wasCompressed: Boolean(data.was_compressed),
+      savingsPct: typeof data.savings_pct === "number" ? data.savings_pct : 0
+    };
+  } catch {
+    return { encoded: message, wasCompressed: false, savingsPct: 0 };
+  }
+}
+async function decode(message) {
+  try {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), TIMEOUT_MS);
+    const response = await fetch(`${ITP_BASE_URL}/tools/decode`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ message }),
+      signal: controller.signal
+    });
+    clearTimeout(timeout);
+    if (!response.ok) {
+      return { decoded: message, wasItp: false };
+    }
+    const data = await response.json();
+    return {
+      decoded: data.decoded ?? message,
+      wasItp: Boolean(data.was_itp)
+    };
+  } catch {
+    return { decoded: message, wasItp: false };
+  }
+}
+async function healthCheck() {
+  try {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), TIMEOUT_MS);
+    const response = await fetch(`${ITP_BASE_URL}/health`, {
+      signal: controller.signal
+    });
+    clearTimeout(timeout);
+    return response.ok;
+  } catch {
+    return false;
+  }
+}
+
+// src/itp/swarm-bridge.ts
+async function encodeTaskDescription(task) {
+  try {
+    const [descResult, msgResult] = await Promise.all([
+      encode(task.description, "swarm-orchestrator"),
+      encode(task.message, "swarm-orchestrator")
+    ]);
+    return {
+      ...task,
+      description: descResult.encoded,
+      message: msgResult.encoded
+    };
+  } catch {
+    return task;
+  }
+}
+async function decodeSwarmResult(result) {
+  try {
+    if (result.result === null) {
+      return result;
+    }
+    const decoded = await decode(result.result);
+    return {
+      ...result,
+      result: decoded.decoded
+    };
+  } catch {
+    return result;
+  }
+}
+
+// src/swarm/concurrency.ts
+var ConcurrencyManager = class {
+  maxConcurrency;
+  backpressureThreshold;
+  activeCount = 0;
+  throttleDelayMs = 0;
+  lastErrorTime = 0;
+  // Semaphore queue — each entry is a resolver that grants a slot
+  queue = [];
+  constructor(maxConcurrency = 5, backpressureThreshold = 0.8) {
+    this.maxConcurrency = maxConcurrency;
+    this.backpressureThreshold = backpressureThreshold;
+  }
+  /**
+   * Acquire a concurrency slot. Resolves when a slot is available.
+   * Applies throttle delay if rate limits have been hit recently.
+   */
+  async acquire() {
+    if (this.activeCount < this.maxConcurrency) {
+      this.activeCount++;
+    } else {
+      await new Promise((resolve) => {
+        this.queue.push(resolve);
+      });
+      this.activeCount++;
+    }
+    if (this.throttleDelayMs > 0) {
+      await new Promise((resolve) => setTimeout(resolve, this.throttleDelayMs));
+    }
+  }
+  /**
+   * Release a concurrency slot. Unblocks next queued waiter if any.
+   */
+  release() {
+    this.activeCount = Math.max(0, this.activeCount - 1);
+    const next = this.queue.shift();
+    if (next) next();
+  }
+  /**
+   * Number of currently active tasks.
+   */
+  get active() {
+    return this.activeCount;
+  }
+  /**
+   * Number of tasks waiting for a slot.
+   */
+  get pending() {
+    return this.queue.length;
+  }
+  /**
+   * Whether system has capacity for another task.
+   */
+  hasCapacity() {
+    return this.activeCount < this.maxConcurrency;
+  }
+  /**
+   * Increase throttle delay on rate-limit / transient errors.
+   * Multiple errors in quick succession cause exponential backoff.
+   */
+  adaptiveThrottle(_errorType = "rate_limit") {
+    const now = Date.now();
+    if (now - this.lastErrorTime < 5e3) {
+      this.throttleDelayMs = Math.min(this.throttleDelayMs * 2 + 500, 3e4);
+    } else {
+      this.throttleDelayMs = 500;
+    }
+    this.lastErrorTime = now;
+  }
+  /**
+   * Gradually reduce throttle delay after a successful operation.
+   */
+  resetThrottle() {
+    this.throttleDelayMs = Math.max(0, this.throttleDelayMs - 100);
+  }
+  /**
+   * Check if system is above backpressure threshold.
+   */
+  isUnderPressure() {
+    return this.activeCount / this.maxConcurrency >= this.backpressureThreshold;
+  }
+};
+
+// src/swarm/token_pool.ts
+var TokenPool = class {
+  totalBudget;
+  perTaskDefault;
+  allocations = /* @__PURE__ */ new Map();
+  constructor(totalBudget = 1e5, perTaskDefault = 2e4) {
+    this.totalBudget = totalBudget;
+    this.perTaskDefault = perTaskDefault;
+  }
+  /**
+   * Reserve tokens for a task.
+   * Returns false if the pool doesn't have enough remaining budget.
+   */
+  allocate(taskId, budget) {
+    const requested = budget ?? this.perTaskDefault;
+    const currentAllocated = this.totalAllocated();
+    if (currentAllocated + requested > this.totalBudget) {
+      return false;
+    }
+    this.allocations.set(taskId, {
+      task_id: taskId,
+      budget: requested,
+      consumed: 0,
+      allocated_at: Date.now()
+    });
+    return true;
+  }
+  /**
+   * Record actual token usage for a task (cumulative).
+   */
+  consume(taskId, tokens) {
+    const alloc = this.allocations.get(taskId);
+    if (alloc) {
+      alloc.consumed += tokens;
+    }
+  }
+  /**
+   * Free the allocation when a task completes.
+   * Returns tokens consumed by that task.
+   */
+  release(taskId) {
+    const alloc = this.allocations.get(taskId);
+    this.allocations.delete(taskId);
+    return alloc?.consumed ?? 0;
+  }
+  /**
+   * Total remaining budget (total - allocated).
+   */
+  remaining() {
+    return this.totalBudget - this.totalAllocated();
+  }
+  /**
+   * Total tokens consumed across all active tasks.
+   */
+  consumed() {
+    let total = 0;
+    for (const alloc of this.allocations.values()) {
+      total += alloc.consumed;
+    }
+    return total;
+  }
+  /**
+   * Total tokens currently allocated (reserved but not necessarily consumed).
+   */
+  totalAllocated() {
+    let total = 0;
+    for (const alloc of this.allocations.values()) {
+      total += alloc.budget;
+    }
+    return total;
+  }
+  /**
+   * Check if a specific task has exceeded its allocation.
+   */
+  isTaskOverBudget(taskId) {
+    const alloc = this.allocations.get(taskId);
+    if (!alloc) return false;
+    return alloc.consumed >= alloc.budget;
+  }
+  /**
+   * Remaining budget for a specific task.
+   */
+  taskBudgetRemaining(taskId) {
+    const alloc = this.allocations.get(taskId);
+    if (!alloc) return 0;
+    return Math.max(0, alloc.budget - alloc.consumed);
+  }
+  /**
+   * Per-task token consumption summary for observability.
+   */
+  usageReport() {
+    const tasks = {};
+    let totalConsumed = 0;
+    let totalAllocated = 0;
+    for (const [taskId, alloc] of this.allocations.entries()) {
+      tasks[taskId] = {
+        budget: alloc.budget,
+        consumed: alloc.consumed,
+        remaining: Math.max(0, alloc.budget - alloc.consumed),
+        over_budget: alloc.consumed >= alloc.budget
+      };
+      totalConsumed += alloc.consumed;
+      totalAllocated += alloc.budget;
+    }
+    return {
+      total_budget: this.totalBudget,
+      total_allocated: totalAllocated,
+      total_consumed: totalConsumed,
+      total_remaining: this.totalBudget - totalAllocated,
+      tasks
+    };
+  }
+  /**
+   * Clear all allocations (reset between runs).
+   */
+  reset() {
+    this.allocations.clear();
+  }
+};
+
+// src/swarm/model_router.ts
+var DEFAULT_MODELS = {
+  simple: "claude-3-haiku-20240307",
+  moderate: "claude-3-5-sonnet-20241022",
+  complex: "claude-opus-4-5"
+};
+var COMPLEX_KEYWORDS = [
+  "architect",
+  "design",
+  "refactor",
+  "debug complex",
+  "optimize",
+  "cross-domain",
+  "integrate multiple",
+  "security audit",
+  "performance",
+  "distributed",
+  "concurrent requests",
+  "migration",
+  "system design",
+  "multi-step",
+  "synthesize",
+  "reasoning",
+  "trade-off"
+];
+var SIMPLE_KEYWORDS = [
+  "format",
+  "list",
+  "count",
+  "lookup",
+  "translate",
+  "summarize briefly",
+  "extract",
+  "convert",
+  "rename",
+  "simple",
+  "trivial",
+  "basic",
+  "fetch",
+  "get",
+  "retrieve",
+  "find the"
+];
+function classifyHeuristic(description) {
+  const lower = description.toLowerCase();
+  for (const kw of COMPLEX_KEYWORDS) {
+    if (lower.includes(kw)) return "complex";
+  }
+  for (const kw of SIMPLE_KEYWORDS) {
+    if (lower.includes(kw)) return "simple";
+  }
+  const len = description.length;
+  if (len < 100) return "simple";
+  if (len > 500) return "complex";
+  return "moderate";
+}
+function selectModel(complexity, config) {
+  const overrides = config?.models ?? {};
+  return overrides[complexity] ?? DEFAULT_MODELS[complexity];
+}
+function classifyTasks(tasks) {
+  const result = /* @__PURE__ */ new Map();
+  for (const task of tasks) {
+    result.set(task.id, task.complexity ?? classifyHeuristic(task.description));
+  }
+  return result;
+}
+export {
+  ABTestManager,
+  AutoResearcher,
+  CLAWPOWERS_HOME,
+  CheckpointManager,
+  ConcurrencyManager,
+  ContextInjector,
+  DEFAULT_CONFIG,
+  EpisodicMemory,
+  HypothesisEngine,
+  MetricsCollector,
+  MutationEngine,
+  PACKAGE_NAME,
+  PaymentExecutor,
+  ProceduralMemory,
+  RSIAuditLog,
+  SkillExecutor,
+  SpendingPolicy,
+  TokenPool,
+  VERSION,
+  WalletManager,
+  WorkingMemoryManager,
+  approximateDistance,
+  calculateFee,
+  calculateTransactionFee,
+  classifyHeuristic,
+  classifyTasks,
+  compressVector,
+  computeSha256,
+  createPaymentHeader,
+  decodeSwarmResult,
+  decompressVector,
+  deriveEthereumAddress,
+  derivePublicKey,
+  detect402,
+  digestForWalletAddress,
+  discoverSkills,
+  encodeTaskDescription,
+  evaluateWriteFirewall,
+  evaluateWriteSecurity,
+  generateWallet,
+  generateWalletAddress,
+  getActiveSkills,
+  getActiveTier,
+  getBestCanonicalStore,
+  getCapabilitySummary,
+  getConfigValue,
+  getNative,
+  getNativeCanonicalStore,
+  getNativeCanonicalStoreInMemory,
+  getWasm,
+  getWasmCanonicalStore,
+  importWallet,
+  initConfig,
+  isNativeAvailable,
+  isPaymentRequired,
+  isWasmAvailable,
+  decode as itpDecode,
+  encode as itpEncode,
+  healthCheck as itpHealthCheck,
+  keccak256Digest,
+  listSkillsWithStatus,
+  loadConfig,
+  loadConfigSafe,
+  loadSkillManifest,
+  parseFrontmatter,
+  runAutoResearch,
+  saveConfig,
+  selectModel,
+  setConfigValue,
+  signEcdsa,
+  signMessage,
+  tokenAmountFromHuman,
+  verifyEcdsa
+};
+/**
+ * ClawPowers — Skills Library for AI Agents
+ * Drop-in capability layer: payments, memory, RSI, wallet.
+ * No agent control loop — bring your own agent.
+ *
+ * @version 2.2.0
+ * @license BSL-1.1
+ * @patent-pending
+ */
+//# sourceMappingURL=index.js.map