npm - cloison-runtime - Versions diffs - 0.1.0 - Mend

cloison-runtime 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (316) hide show

package/LICENSE +21 -0
package/README.md +313 -0
package/dist/cli.d.ts +3 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +47 -0
package/dist/cli.js.map +1 -0
package/dist/config/index.d.ts +57 -0
package/dist/config/index.d.ts.map +1 -0
package/dist/config/index.js +27 -0
package/dist/config/index.js.map +1 -0
package/dist/credentials/index.d.ts +4 -0
package/dist/credentials/index.d.ts.map +1 -0
package/dist/credentials/index.js +3 -0
package/dist/credentials/index.js.map +1 -0
package/dist/credentials/proxy.d.ts +3 -0
package/dist/credentials/proxy.d.ts.map +1 -0
package/dist/credentials/proxy.js +11 -0
package/dist/credentials/proxy.js.map +1 -0
package/dist/credentials/store.d.ts +7 -0
package/dist/credentials/store.d.ts.map +1 -0
package/dist/credentials/store.js +115 -0
package/dist/credentials/store.js.map +1 -0
package/dist/credentials/types.d.ts +14 -0
package/dist/credentials/types.d.ts.map +1 -0
package/dist/credentials/types.js +2 -0
package/dist/credentials/types.js.map +1 -0
package/dist/hooks/index.d.ts +3 -0
package/dist/hooks/index.d.ts.map +1 -0
package/dist/hooks/index.js +2 -0
package/dist/hooks/index.js.map +1 -0
package/dist/hooks/runner.d.ts +7 -0
package/dist/hooks/runner.d.ts.map +1 -0
package/dist/hooks/runner.js +20 -0
package/dist/hooks/runner.js.map +1 -0
package/dist/hooks/types.d.ts +39 -0
package/dist/hooks/types.d.ts.map +1 -0
package/dist/hooks/types.js +2 -0
package/dist/hooks/types.js.map +1 -0
package/dist/index.d.ts +32 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +58 -0
package/dist/index.js.map +1 -0
package/dist/infra/env.d.ts +2 -0
package/dist/infra/env.d.ts.map +1 -0
package/dist/infra/env.js +6 -0
package/dist/infra/env.js.map +1 -0
package/dist/infra/warning-filter.d.ts +8 -0
package/dist/infra/warning-filter.d.ts.map +1 -0
package/dist/infra/warning-filter.js +66 -0
package/dist/infra/warning-filter.js.map +1 -0
package/dist/logging/subsystem.d.ts +29 -0
package/dist/logging/subsystem.d.ts.map +1 -0
package/dist/logging/subsystem.js +322 -0
package/dist/logging/subsystem.js.map +1 -0
package/dist/memory/embedding-batch.d.ts +38 -0
package/dist/memory/embedding-batch.d.ts.map +1 -0
package/dist/memory/embedding-batch.js +253 -0
package/dist/memory/embedding-batch.js.map +1 -0
package/dist/memory/embedding-cache.d.ts +16 -0
package/dist/memory/embedding-cache.d.ts.map +1 -0
package/dist/memory/embedding-cache.js +113 -0
package/dist/memory/embedding-cache.js.map +1 -0
package/dist/memory/embeddings-debug.d.ts +2 -0
package/dist/memory/embeddings-debug.d.ts.map +1 -0
package/dist/memory/embeddings-debug.js +12 -0
package/dist/memory/embeddings-debug.js.map +1 -0
package/dist/memory/embeddings.d.ts +17 -0
package/dist/memory/embeddings.d.ts.map +1 -0
package/dist/memory/embeddings.js +203 -0
package/dist/memory/embeddings.js.map +1 -0
package/dist/memory/file-indexer.d.ts +26 -0
package/dist/memory/file-indexer.d.ts.map +1 -0
package/dist/memory/file-indexer.js +260 -0
package/dist/memory/file-indexer.js.map +1 -0
package/dist/memory/fs-utils.d.ts +12 -0
package/dist/memory/fs-utils.d.ts.map +1 -0
package/dist/memory/fs-utils.js +24 -0
package/dist/memory/fs-utils.js.map +1 -0
package/dist/memory/hybrid.d.ts +46 -0
package/dist/memory/hybrid.d.ts.map +1 -0
package/dist/memory/hybrid.js +85 -0
package/dist/memory/hybrid.js.map +1 -0
package/dist/memory/index.d.ts +17 -0
package/dist/memory/index.d.ts.map +1 -0
package/dist/memory/index.js +15 -0
package/dist/memory/index.js.map +1 -0
package/dist/memory/internal.d.ts +39 -0
package/dist/memory/internal.d.ts.map +1 -0
package/dist/memory/internal.js +292 -0
package/dist/memory/internal.js.map +1 -0
package/dist/memory/manager-search.d.ts +61 -0
package/dist/memory/manager-search.d.ts.map +1 -0
package/dist/memory/manager-search.js +102 -0
package/dist/memory/manager-search.js.map +1 -0
package/dist/memory/mmr.d.ts +63 -0
package/dist/memory/mmr.d.ts.map +1 -0
package/dist/memory/mmr.js +165 -0
package/dist/memory/mmr.js.map +1 -0
package/dist/memory/query-expansion.d.ts +42 -0
package/dist/memory/query-expansion.d.ts.map +1 -0
package/dist/memory/query-expansion.js +776 -0
package/dist/memory/query-expansion.js.map +1 -0
package/dist/memory/session-indexer.d.ts +41 -0
package/dist/memory/session-indexer.d.ts.map +1 -0
package/dist/memory/session-indexer.js +367 -0
package/dist/memory/session-indexer.js.map +1 -0
package/dist/memory/simple-manager.d.ts +29 -0
package/dist/memory/simple-manager.d.ts.map +1 -0
package/dist/memory/simple-manager.js +216 -0
package/dist/memory/simple-manager.js.map +1 -0
package/dist/memory/sqlite.d.ts +2 -0
package/dist/memory/sqlite.d.ts.map +1 -0
package/dist/memory/sqlite.js +16 -0
package/dist/memory/sqlite.js.map +1 -0
package/dist/memory/ssrf.d.ts +18 -0
package/dist/memory/ssrf.d.ts.map +1 -0
package/dist/memory/ssrf.js +396 -0
package/dist/memory/ssrf.js.map +1 -0
package/dist/memory/temporal-decay.d.ts +26 -0
package/dist/memory/temporal-decay.d.ts.map +1 -0
package/dist/memory/temporal-decay.js +120 -0
package/dist/memory/temporal-decay.js.map +1 -0
package/dist/memory/types.d.ts +95 -0
package/dist/memory/types.d.ts.map +1 -0
package/dist/memory/types.js +2 -0
package/dist/memory/types.js.map +1 -0
package/dist/package.json +68 -0
package/dist/platform/index.d.ts +3 -0
package/dist/platform/index.d.ts.map +1 -0
package/dist/platform/index.js +2 -0
package/dist/platform/index.js.map +1 -0
package/dist/platform/platform.d.ts +3 -0
package/dist/platform/platform.d.ts.map +1 -0
package/dist/platform/platform.js +91 -0
package/dist/platform/platform.js.map +1 -0
package/dist/platform/types.d.ts +18 -0
package/dist/platform/types.d.ts.map +1 -0
package/dist/platform/types.js +2 -0
package/dist/platform/types.js.map +1 -0
package/dist/runtime/agent.d.ts +36 -0
package/dist/runtime/agent.d.ts.map +1 -0
package/dist/runtime/agent.js +250 -0
package/dist/runtime/agent.js.map +1 -0
package/dist/runtime/api-key-rotation.d.ts +26 -0
package/dist/runtime/api-key-rotation.d.ts.map +1 -0
package/dist/runtime/api-key-rotation.js +174 -0
package/dist/runtime/api-key-rotation.js.map +1 -0
package/dist/runtime/context-guard.d.ts +32 -0
package/dist/runtime/context-guard.d.ts.map +1 -0
package/dist/runtime/context-guard.js +61 -0
package/dist/runtime/context-guard.js.map +1 -0
package/dist/runtime/failover-error.d.ts +62 -0
package/dist/runtime/failover-error.d.ts.map +1 -0
package/dist/runtime/failover-error.js +733 -0
package/dist/runtime/failover-error.js.map +1 -0
package/dist/runtime/failover-policy.d.ts +5 -0
package/dist/runtime/failover-policy.d.ts.map +1 -0
package/dist/runtime/failover-policy.js +18 -0
package/dist/runtime/failover-policy.js.map +1 -0
package/dist/runtime/index.d.ts +13 -0
package/dist/runtime/index.d.ts.map +1 -0
package/dist/runtime/index.js +13 -0
package/dist/runtime/index.js.map +1 -0
package/dist/runtime/memory-flush.d.ts +24 -0
package/dist/runtime/memory-flush.d.ts.map +1 -0
package/dist/runtime/memory-flush.js +64 -0
package/dist/runtime/memory-flush.js.map +1 -0
package/dist/runtime/memory-tools.d.ts +14 -0
package/dist/runtime/memory-tools.d.ts.map +1 -0
package/dist/runtime/memory-tools.js +58 -0
package/dist/runtime/memory-tools.js.map +1 -0
package/dist/runtime/model-fallback.d.ts +56 -0
package/dist/runtime/model-fallback.d.ts.map +1 -0
package/dist/runtime/model-fallback.js +301 -0
package/dist/runtime/model-fallback.js.map +1 -0
package/dist/runtime/model-fallback.types.d.ts +14 -0
package/dist/runtime/model-fallback.types.d.ts.map +1 -0
package/dist/runtime/model-fallback.types.js +3 -0
package/dist/runtime/model-fallback.types.js.map +1 -0
package/dist/runtime/retry.d.ts +24 -0
package/dist/runtime/retry.d.ts.map +1 -0
package/dist/runtime/retry.js +100 -0
package/dist/runtime/retry.js.map +1 -0
package/dist/runtime/session-pruning.d.ts +22 -0
package/dist/runtime/session-pruning.d.ts.map +1 -0
package/dist/runtime/session-pruning.js +118 -0
package/dist/runtime/session-pruning.js.map +1 -0
package/dist/runtime/stream-adapters.d.ts +11 -0
package/dist/runtime/stream-adapters.d.ts.map +1 -0
package/dist/runtime/stream-adapters.js +46 -0
package/dist/runtime/stream-adapters.js.map +1 -0
package/dist/runtime/subagent.d.ts +83 -0
package/dist/runtime/subagent.d.ts.map +1 -0
package/dist/runtime/subagent.js +190 -0
package/dist/runtime/subagent.js.map +1 -0
package/dist/runtime/tool-result-truncation.d.ts +25 -0
package/dist/runtime/tool-result-truncation.d.ts.map +1 -0
package/dist/runtime/tool-result-truncation.js +115 -0
package/dist/runtime/tool-result-truncation.js.map +1 -0
package/dist/sandbox/cgroup.d.ts +20 -0
package/dist/sandbox/cgroup.d.ts.map +1 -0
package/dist/sandbox/cgroup.js +82 -0
package/dist/sandbox/cgroup.js.map +1 -0
package/dist/sandbox/index.d.ts +12 -0
package/dist/sandbox/index.d.ts.map +1 -0
package/dist/sandbox/index.js +10 -0
package/dist/sandbox/index.js.map +1 -0
package/dist/sandbox/ipc.d.ts +26 -0
package/dist/sandbox/ipc.d.ts.map +1 -0
package/dist/sandbox/ipc.js +154 -0
package/dist/sandbox/ipc.js.map +1 -0
package/dist/sandbox/manager.d.ts +4 -0
package/dist/sandbox/manager.d.ts.map +1 -0
package/dist/sandbox/manager.js +251 -0
package/dist/sandbox/manager.js.map +1 -0
package/dist/sandbox/namespace.d.ts +12 -0
package/dist/sandbox/namespace.d.ts.map +1 -0
package/dist/sandbox/namespace.js +119 -0
package/dist/sandbox/namespace.js.map +1 -0
package/dist/sandbox/proxy-tools.d.ts +14 -0
package/dist/sandbox/proxy-tools.d.ts.map +1 -0
package/dist/sandbox/proxy-tools.js +63 -0
package/dist/sandbox/proxy-tools.js.map +1 -0
package/dist/sandbox/rootfs.d.ts +20 -0
package/dist/sandbox/rootfs.d.ts.map +1 -0
package/dist/sandbox/rootfs.js +247 -0
package/dist/sandbox/rootfs.js.map +1 -0
package/dist/sandbox/seccomp-apply.d.ts +9 -0
package/dist/sandbox/seccomp-apply.d.ts.map +1 -0
package/dist/sandbox/seccomp-apply.js +227 -0
package/dist/sandbox/seccomp-apply.js.map +1 -0
package/dist/sandbox/seccomp.d.ts +13 -0
package/dist/sandbox/seccomp.d.ts.map +1 -0
package/dist/sandbox/seccomp.js +120 -0
package/dist/sandbox/seccomp.js.map +1 -0
package/dist/sandbox/types.d.ts +66 -0
package/dist/sandbox/types.d.ts.map +1 -0
package/dist/sandbox/types.js +8 -0
package/dist/sandbox/types.js.map +1 -0
package/dist/sandbox/worker.d.ts +15 -0
package/dist/sandbox/worker.d.ts.map +1 -0
package/dist/sandbox/worker.js +151 -0
package/dist/sandbox/worker.js.map +1 -0
package/dist/sessions/index.d.ts +3 -0
package/dist/sessions/index.d.ts.map +1 -0
package/dist/sessions/index.js +3 -0
package/dist/sessions/index.js.map +1 -0
package/dist/sessions/store.d.ts +17 -0
package/dist/sessions/store.d.ts.map +1 -0
package/dist/sessions/store.js +70 -0
package/dist/sessions/store.js.map +1 -0
package/dist/sessions/transcript-events.d.ts +11 -0
package/dist/sessions/transcript-events.d.ts.map +1 -0
package/dist/sessions/transcript-events.js +40 -0
package/dist/sessions/transcript-events.js.map +1 -0
package/dist/shared/agent-session.d.ts +10 -0
package/dist/shared/agent-session.d.ts.map +1 -0
package/dist/shared/agent-session.js +33 -0
package/dist/shared/agent-session.js.map +1 -0
package/dist/shared/constants.d.ts +6 -0
package/dist/shared/constants.d.ts.map +1 -0
package/dist/shared/constants.js +17 -0
package/dist/shared/constants.js.map +1 -0
package/dist/shared/fs.d.ts +7 -0
package/dist/shared/fs.d.ts.map +1 -0
package/dist/shared/fs.js +14 -0
package/dist/shared/fs.js.map +1 -0
package/dist/shared/index.d.ts +4 -0
package/dist/shared/index.d.ts.map +1 -0
package/dist/shared/index.js +4 -0
package/dist/shared/index.js.map +1 -0
package/dist/skills/enablement.d.ts +10 -0
package/dist/skills/enablement.d.ts.map +1 -0
package/dist/skills/enablement.js +52 -0
package/dist/skills/enablement.js.map +1 -0
package/dist/skills/index.d.ts +4 -0
package/dist/skills/index.d.ts.map +1 -0
package/dist/skills/index.js +4 -0
package/dist/skills/index.js.map +1 -0
package/dist/skills/loader.d.ts +8 -0
package/dist/skills/loader.d.ts.map +1 -0
package/dist/skills/loader.js +8 -0
package/dist/skills/loader.js.map +1 -0
package/dist/skills/registry.d.ts +19 -0
package/dist/skills/registry.d.ts.map +1 -0
package/dist/skills/registry.js +106 -0
package/dist/skills/registry.js.map +1 -0
package/dist/utils/boolean.d.ts +6 -0
package/dist/utils/boolean.d.ts.map +1 -0
package/dist/utils/boolean.js +28 -0
package/dist/utils/boolean.js.map +1 -0
package/dist/utils/run-with-concurrency.d.ts +12 -0
package/dist/utils/run-with-concurrency.d.ts.map +1 -0
package/dist/utils/run-with-concurrency.js +40 -0
package/dist/utils/run-with-concurrency.js.map +1 -0
package/dist/utils.d.ts +3 -0
package/dist/utils.d.ts.map +1 -0
package/dist/utils.js +38 -0
package/dist/utils.js.map +1 -0
package/dist/workspace/index.d.ts +3 -0
package/dist/workspace/index.d.ts.map +1 -0
package/dist/workspace/index.js +2 -0
package/dist/workspace/index.js.map +1 -0
package/dist/workspace/runner.d.ts +19 -0
package/dist/workspace/runner.d.ts.map +1 -0
package/dist/workspace/runner.js +491 -0
package/dist/workspace/runner.js.map +1 -0
package/dist/workspace/types.d.ts +37 -0
package/dist/workspace/types.d.ts.map +1 -0
package/dist/workspace/types.js +2 -0
package/dist/workspace/types.js.map +1 -0
package/dist/workspace/workspace.d.ts +12 -0
package/dist/workspace/workspace.d.ts.map +1 -0
package/dist/workspace/workspace.js +85 -0
package/dist/workspace/workspace.js.map +1 -0
package/package.json +82 -0

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2025 Peter Steinberger
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,313 @@
+![Cloison Runtime](docs/assets/hero-banner.png)
+[![npm](https://img.shields.io/npm/v/cloison-runtime?style=flat-square&color=4F8CFF&labelColor=0A0F1C)](https://www.npmjs.com/package/cloison-runtime) ![MIT](https://img.shields.io/badge/license-MIT-4F8CFF?style=flat-square&labelColor=0A0F1C) ![node](https://img.shields.io/badge/node-%3E%3D22.12-18C6B3?style=flat-square&labelColor=0A0F1C&logo=node.js&logoColor=white) ![deps](https://img.shields.io/badge/runtime_deps-3-18C6B3?style=flat-square&labelColor=0A0F1C) ![tests](https://img.shields.io/badge/tests-279_passing-18C6B3?style=flat-square&labelColor=0A0F1C) ![isolation](https://img.shields.io/badge/sandbox-5_isolation_layers-7A5CFF?style=flat-square&labelColor=0A0F1C) ![crypto](https://img.shields.io/badge/crypto-AES--256--GCM-7A5CFF?style=flat-square&labelColor=0A0F1C)
+**Run 1,000 AI agents on a single Linux box.**
+Each in its own OS namespace. Each with private memory, encrypted credentials, and an isolated filesystem.
+**No Docker. No cloud. One `npm install`.**
+Built on battle-tested subsystems extracted from [OpenClaw](https://github.com/nicepkg/openclaw) — model fallback, error classification, API key rotation, SSRF protection, embedding pipeline, and more.
+---
+## Quick Start
+```bash
+npm install cloison-runtime
+```
+```typescript
+import { createPlatform } from "cloison-runtime";
+const platform = createPlatform({
+  stateDir: "/var/cloison-runtime",
+  credentialPassphrase: process.env.CLOISON_CREDENTIAL_KEY,
+});
+const workspace = await platform.createWorkspace("user-42", {
+  provider: "anthropic",
+  model: "claude-sonnet-4-20250514",
+});
+const result = await workspace.run({
+  message: "Refactor the auth module to use JWT",
+  sessionId: "project-alpha",
+});
+```
+> **Requires:** Linux + Node.js 22.12+
+>
+> **macOS / Windows dev:**
+>
+> ```bash
+> git clone https://github.com/tonga54/cloison-runtime.git && cd cloison-runtime
+> docker compose run dev bash
+> pnpm test  # 279 tests, all green
+> ```
+---
+## Use Cases
+![Use Cases](docs/assets/use-cases.png)
+### SaaS -- one agent per customer
+Customer A's agent can never see Customer B's tokens, data, or conversation history.
+```typescript
+app.post("/api/agent", async (req, res) => {
+  const ws = await platform.getWorkspace(req.org.id);
+  const result = await ws.run({
+    message: req.body.message,
+    sessionId: req.body.threadId,
+  });
+  res.json({ response: result.response });
+});
+```
+### Teams -- per-team agents, per-team secrets
+Different teams, different databases, different cloud accounts. No credential leaks.
+```typescript
+const eng = await platform.createWorkspace("engineering");
+const ops = await platform.createWorkspace("ops");
+eng.skills.enable("github-pr");
+ops.skills.enable("pagerduty");
+await eng.credentials.store("github", { token: "ghp_eng..." });
+await ops.credentials.store("pagerduty", { token: "pd_..." });
+```
+### CI/CD -- ephemeral agents, zero state leaks
+Spin up per job, per PR, per deploy. Destroyed after.
+```typescript
+const ws = await platform.createWorkspace(`deploy-${Date.now()}`);
+await ws.credentials.store("k8s", { kubeconfig: "..." });
+ws.skills.enable("kubectl");
+const result = await ws.run({ message: "Roll out v2.3.1 to staging, run smoke tests" });
+await platform.deleteWorkspace(ws.userId);
+```
+---
+## How It Works
+![Architecture](docs/assets/architecture.png)
+When `workspace.run()` executes, Cloison spawns a **child process** with 5 layers of kernel isolation: user namespace, PID namespace, mount namespace (pivot_root), optional network namespace, and cgroups v2 resource limits. The agent **never runs in your application's process** and **cannot see anything outside its sandbox**.
+> **[Read the full isolation architecture &rarr;](docs/isolation.md)**
+---
+## Single-User Mode
+For prototyping or single-agent use. No platform needed.
+```typescript
+import { createRuntime } from "cloison-runtime";
+const runtime = await createRuntime({
+  provider: "anthropic",
+  model: "claude-sonnet-4-20250514",
+});
+const result = await runtime.run({
+  message: "Find all TODO comments and create a summary",
+});
+```
+---
+## Features
+| Feature | What It Does | Docs |
+|---------|-------------|------|
+| **OS-level Isolation** | 5 layers: user, PID, mount, network namespaces + cgroups v2 | [docs/isolation.md](docs/isolation.md) |
+| **Encrypted Credentials** | AES-256-GCM at rest, PBKDF2 key derivation, never exposed to agent | [docs/credentials.md](docs/credentials.md) |
+| **Hybrid Memory** | Vector + FTS5 fusion, MMR diversity, temporal decay, 7-language query expansion | [docs/memory.md](docs/memory.md) |
+| **Per-Workspace Skills** | Global registry, per-tenant enablement, credentials injected server-side | [docs/skills.md](docs/skills.md) |
+| **Session Continuity** | Named sessions, JSONL transcripts, context pruning | [docs/sessions.md](docs/sessions.md) |
+| **Model Fallback** | Automatic multi-model chains, error classification, cooldown tracking | [docs/fallback.md](docs/fallback.md) |
+| **API Key Rotation** | Multi-key per provider, automatic rotation on rate limits | [docs/fallback.md](docs/fallback.md) |
+| **Subagent Orchestration** | Parallel execution, depth limiting, registry | [docs/subagents.md](docs/subagents.md) |
+| **Structured Logging** | JSON/pretty/compact, file output, subsystem tagging | [docs/logging.md](docs/logging.md) |
+| **SSRF Protection** | DNS pinning, private IP blocking, hostname allowlists, fail-closed | [docs/memory.md](docs/memory.md) |
+| **Embedding Pipeline** | Batch with retry, SQLite cache, 5 providers (including local Ollama) | [docs/memory.md](docs/memory.md) |
+---
+## Why Cloison Over Alternatives
+|                                  | Docker per user    | E2B / Cloud          | **Cloison Runtime**                          |
+| -------------------------------- | ------------------ | -------------------- | -------------------------------------------- |
+| **Isolation mechanism**          | Container per user | Cloud VM per session | **Linux namespaces**                         |
+| **Credential security**          | DIY                | Not built-in         | **AES-256-GCM, never exposed to agent**      |
+| **Persistent memory**            | DIY                | DIY                  | **SQLite + vector embeddings per tenant**    |
+| **SSRF protection**              | DIY                | DIY                  | **DNS-validated, private-IP blocking**       |
+| **Model fallback**               | DIY                | DIY                  | **Automatic multi-model fallback chains**    |
+| **API key rotation**             | DIY                | DIY                  | **Multi-key with rate-limit rotation**       |
+| **Skills with secret injection** | DIY                | DIY                  | **Credentials injected server-side**         |
+| **Infrastructure**               | Docker daemon      | Cloud API + billing  | **Single npm package**                       |
+| **Cold start**                   | ~2s                | ~5-10s               | **~50ms**                                    |
+| **Embeddable in your app**       | No                 | No                   | **Yes — it's a library**                     |
+| **License**                      | —                  | Proprietary          | **MIT**                                      |
+---
+## Provider Support
+### LLM Providers
+Any provider supported by [pi-ai](https://github.com/nicepkg/pi-ai):
+| Provider | Example Model |
+|----------|---------------|
+| **Anthropic** | `claude-sonnet-4-20250514` |
+| **Google** | `gemini-2.5-flash` |
+| **OpenAI** | `gpt-4o` |
+| **Groq** | `llama-3.3-70b-versatile` |
+| **Cerebras** | `llama-3.3-70b` |
+| **Mistral** | `mistral-large-latest` |
+| **xAI** | `grok-3` |
+### Embedding Providers
+| Provider | Default Model | Local |
+|----------|--------------|-------|
+| **OpenAI** | `text-embedding-3-small` | |
+| **Gemini** | `gemini-embedding-001` | |
+| **Voyage** | `voyage-3-lite` | |
+| **Mistral** | `mistral-embed` | |
+| **Ollama** | `nomic-embed-text` | **Yes** |
+---
+## Lifecycle Hooks
+6 hook points for audit logging, billing, and custom logic:
+```typescript
+workspace.hooks.register("before_tool_call", async ({ toolName, input }) => {
+  await auditLog.write({ tool: toolName, input, timestamp: Date.now() });
+});
+workspace.hooks.register("after_agent_end", async ({ sessionId, result }) => {
+  await billing.recordUsage(workspace.userId, sessionId);
+});
+```
+`session_start` · `session_end` · `before_agent_start` · `after_agent_end` · `before_tool_call` · `after_tool_call`
+---
+## Demos
+12 runnable demos covering every feature. 4 require an API key, 8 run fully local.
+> **[See all demos &rarr;](docs/demos.md)**
+Highlights:
+- **[demo-workspace-real](demos/demo-workspace-real.ts)** — Full multi-tenant DevOps platform with 2 teams, skills, memory, credentials, and live agent execution
+- **[demo-subagents](demos/demo-subagents.ts)** — Orchestrator delegates to specialist sub-agents
+- **[demo-fallback](demos/demo-fallback.ts)** — Model fallback chains with simulated failures
+---
+## Architecture
+```
+src/
+├── platform/          createPlatform() — workspace CRUD, skill registry
+├── workspace/         createWorkspace() — scoped memory, sessions, runner
+│   └── runner.ts      Out-of-process agent execution via sandbox + IPC
+├── sandbox/           Linux namespace sandbox — zero external deps
+│   ├── namespace.ts       unshare(2) + pivot_root
+│   ├── cgroup.ts          cgroups v2 resource limits (fail-closed)
+│   ├── rootfs.ts          Minimal rootfs with bind mounts
+│   ├── ipc.ts             Bidirectional JSON-RPC 2.0 over stdio
+│   ├── seccomp.ts         BPF syscall filter profiles
+│   ├── proxy-tools.ts     memory/skill tools proxied to host via IPC
+│   └── worker.ts          Agent entry point inside sandbox
+├── credentials/       AES-256-GCM encrypted store + credential proxy
+├── skills/            Global registry + per-workspace enablement
+├── runtime/           createRuntime() — single-user mode
+│   ├── failover-error.ts   Error classification (ported from OpenClaw)
+│   ├── model-fallback.ts   Fallback chains + cooldown tracking
+│   ├── api-key-rotation.ts Per-provider key rotation
+│   ├── subagent.ts         Parallel execution + lifecycle + registry
+│   └── ...                 context-guard, retry, session-pruning, memory-flush
+├── memory/            Hybrid search engine
+│   ├── hybrid.ts          Vector + FTS5 fusion scoring
+│   ├── mmr.ts             Maximal Marginal Relevance re-ranking
+│   ├── embeddings.ts      5-provider embedding support
+│   ├── ssrf.ts            SSRF protection for HTTP calls
+│   └── ...                temporal-decay, query-expansion, cache, indexers
+├── hooks/             6 lifecycle hook points
+├── logging/           Structured JSON logging with file output
+├── sessions/          File-based store with async locking
+└── config/            Configuration loading
+```
+**78 source files** · **3 runtime deps** · Sandbox, crypto, IPC, logging, and SSRF use **zero external deps** — all Node.js built-ins.
+---
+## State Directory
+```
+<stateDir>/
+├── skills/                          # Global skill catalog
+│   └── <skill-id>/
+│       ├── SKILL.md                 # LLM-readable skill description
+│       └── execute.js               # Runs with injected credentials
+└── workspaces/
+    └── <userId>/
+        ├── config.json              # Workspace config (no secrets)
+        ├── credentials.enc.json     # AES-256-GCM encrypted credentials
+        ├── enabled-skills.json      # Which skills this workspace can use
+        ├── sessions.json            # Session index
+        ├── sessions/                # JSONL transcripts
+        └── memory/
+            └── memory.db            # SQLite (vectors + FTS5)
+```
+Every file is workspace-scoped. No shared state between tenants.
+---
+## Built on OpenClaw
+Cloison Runtime stands on the shoulders of [OpenClaw](https://github.com/nicepkg/openclaw). Several production-critical subsystems were ported directly:
+| Subsystem | Origin |
+|-----------|--------|
+| **Model fallback & error classification** | `src/agents/model-fallback.ts`, `failover-error.ts` |
+| **API key rotation** | `src/agents/api-key-rotation.ts`, `live-auth-keys.ts` |
+| **Context window guards** | `src/agents/context-window-guard.ts` |
+| **Retry with backoff** | `src/infra/retry.ts` |
+| **SSRF protection** | `src/infra/net/ssrf.ts`, `fetch-guard.ts` |
+| **Embedding cache & batch** | `extensions/memory-core/` |
+| **File & session indexers** | `extensions/memory-core/` |
+| **Subagent orchestration** | `src/agents/subagent-*.ts` |
+| **Structured logging** | `src/logging/logger.ts`, `subsystem.ts` |
+OpenClaw solved these problems in production. We extracted, adapted, and integrated them into Cloison's multi-tenant architecture.
+---
+## Requirements
+- **Linux** — bare metal, VM, or container with `--privileged`
+- **Node.js 22.12+** — uses `node:sqlite` built-in
+- **macOS / Windows** — `docker compose run dev` for development
+## License
+[MIT](LICENSE)

package/dist/cli.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":""}

package/dist/cli.js ADDED Viewed

@@ -0,0 +1,47 @@
+#!/usr/bin/env node
+import { createRuntime } from "./runtime/index.js";
+async function main() {
+    const args = process.argv.slice(2);
+    function getFlag(flag) {
+        const i = args.indexOf(flag);
+        if (i === -1 || i + 1 >= args.length)
+            return undefined;
+        return args[i + 1];
+    }
+    const message = getFlag("--message") ?? getFlag("-m");
+    const sessionId = getFlag("--session");
+    const model = getFlag("--model");
+    const provider = getFlag("--provider");
+    const apiKey = getFlag("--api-key");
+    if (apiKey) {
+        process.stderr.write("Warning: --api-key is visible in process listings. " +
+            "Prefer setting the API key via environment variable (e.g. ANTHROPIC_API_KEY).\n");
+    }
+    const workspaceDir = getFlag("--workspace");
+    const systemPrompt = getFlag("--system-prompt");
+    if (!message) {
+        console.error("Usage: cloison-runtime --message <message> [--session <id>] [--model <model>] [--provider <provider>]");
+        process.exit(1);
+    }
+    const runtime = await createRuntime({
+        model,
+        provider,
+        apiKey,
+        workspaceDir,
+    });
+    const result = await runtime.run({
+        message,
+        sessionId,
+        model,
+        provider,
+        apiKey,
+        workspaceDir,
+        systemPrompt,
+    });
+    console.log(result.response);
+}
+main().catch((err) => {
+    console.error(err);
+    process.exit(1);
+});
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,KAAK,UAAU,IAAI;IACjB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEnC,SAAS,OAAO,CAAC,IAAY;QAC3B,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC7B,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO,SAAS,CAAC;QACvD,OAAO,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACrB,CAAC;IAED,MAAM,OAAO,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACtD,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IACvC,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IACjC,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACvC,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IACpC,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,qDAAqD;YACrD,iFAAiF,CAClF,CAAC;IACJ,CAAC;IACD,MAAM,YAAY,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IAC5C,MAAM,YAAY,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAEhD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CACX,uGAAuG,CACxG,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC;QAClC,KAAK;QACL,QAAQ;QACR,MAAM;QACN,YAAY;KACb,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAC/B,OAAO;QACP,SAAS;QACT,KAAK;QACL,QAAQ;QACR,MAAM;QACN,YAAY;QACZ,YAAY;KACb,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;AAC/B,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACnB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/config/index.d.ts ADDED Viewed

@@ -0,0 +1,57 @@
+export interface AgentRuntimeConfig {
+    model?: string;
+    provider?: string;
+    apiKey?: string;
+    apiKeys?: string[];
+    configPath?: string;
+    stateDir?: string;
+    workspaceDir?: string;
+    systemPrompt?: string;
+    skills?: {
+        enabled?: boolean;
+        dirs?: string[];
+    };
+    memory?: {
+        enabled?: boolean;
+        dir?: string;
+        embeddingProvider?: {
+            provider: "openai" | "gemini" | "voyage" | "mistral" | "ollama";
+            apiKey?: string;
+            model?: string;
+            baseUrl?: string;
+            enableSsrf?: boolean;
+        };
+        enableEmbeddingCache?: boolean;
+        maxCacheEntries?: number;
+        fileIndexing?: {
+            enabled?: boolean;
+            watchPaths?: string[];
+            debounceMs?: number;
+        };
+        sessionIndexing?: {
+            enabled?: boolean;
+            deltaBytes?: number;
+            deltaMessages?: number;
+        };
+    };
+    hooks?: {
+        dirs?: string[];
+    };
+    fallbacks?: string[];
+    contextTokens?: number;
+    maxRetries?: number;
+    logging?: {
+        level?: "trace" | "debug" | "info" | "warn" | "error" | "fatal" | "silent";
+        file?: string;
+        maxFileBytes?: number;
+        json?: boolean;
+    };
+    streamConfig?: Record<string, {
+        headers?: Record<string, string>;
+        baseUrl?: string;
+    }>;
+}
+export declare function getDefaultStateDir(): string;
+export declare function loadConfig(configPath?: string): AgentRuntimeConfig;
+export declare function resolveStateDir(config: AgentRuntimeConfig): string;
+//# sourceMappingURL=index.d.ts.map

package/dist/config/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/config/index.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,kBAAkB;IACjC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE;QAAE,OAAO,CAAC,EAAE,OAAO,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAChD,MAAM,CAAC,EAAE;QACP,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,iBAAiB,CAAC,EAAE;YAClB,QAAQ,EAAE,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,GAAG,QAAQ,CAAC;YAChE,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,UAAU,CAAC,EAAE,OAAO,CAAC;SACtB,CAAC;QACF,oBAAoB,CAAC,EAAE,OAAO,CAAC;QAC/B,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,YAAY,CAAC,EAAE;YACb,OAAO,CAAC,EAAE,OAAO,CAAC;YAClB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;YACtB,UAAU,CAAC,EAAE,MAAM,CAAC;SACrB,CAAC;QACF,eAAe,CAAC,EAAE;YAChB,OAAO,CAAC,EAAE,OAAO,CAAC;YAClB,UAAU,CAAC,EAAE,MAAM,CAAC;YACpB,aAAa,CAAC,EAAE,MAAM,CAAC;SACxB,CAAC;KACH,CAAC;IACF,KAAK,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAC5B,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE;QACR,KAAK,CAAC,EAAE,OAAO,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,QAAQ,CAAC;QAC3E,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,IAAI,CAAC,EAAE,OAAO,CAAC;KAChB,CAAC;IACF,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE;QAC5B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC,CAAC;CACJ;AAED,wBAAgB,kBAAkB,IAAI,MAAM,CAE3C;AAED,wBAAgB,UAAU,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,kBAAkB,CAclE;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE,kBAAkB,GAAG,MAAM,CAMlE"}

package/dist/config/index.js ADDED Viewed

@@ -0,0 +1,27 @@
+import * as fs from "node:fs";
+import * as path from "node:path";
+import * as os from "node:os";
+export function getDefaultStateDir() {
+    return path.join(os.homedir(), ".cloison-runtime");
+}
+export function loadConfig(configPath) {
+    const explicit = configPath ?? process.env["CLOISON_CONFIG_PATH"];
+    const resolved = explicit ?? path.join(getDefaultStateDir(), "cloison-runtime.json");
+    try {
+        const raw = fs.readFileSync(resolved, "utf-8");
+        return JSON.parse(raw);
+    }
+    catch (err) {
+        if (explicit) {
+            const msg = err instanceof Error ? err.message : String(err);
+            throw new Error(`Failed to load config from "${resolved}": ${msg}`);
+        }
+        return {};
+    }
+}
+export function resolveStateDir(config) {
+    return (config.stateDir ??
+        process.env["CLOISON_STATE_DIR"] ??
+        getDefaultStateDir());
+}
+//# sourceMappingURL=index.js.map

package/dist/config/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/config/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAmD9B,MAAM,UAAU,kBAAkB;IAChC,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,kBAAkB,CAAC,CAAC;AACrD,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,UAAmB;IAC5C,MAAM,QAAQ,GAAG,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAClE,MAAM,QAAQ,GAAG,QAAQ,IAAI,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,sBAAsB,CAAC,CAAC;IAErF,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC/C,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAuB,CAAC;IAC/C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,MAAM,IAAI,KAAK,CAAC,+BAA+B,QAAQ,MAAM,GAAG,EAAE,CAAC,CAAC;QACtE,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,MAA0B;IACxD,OAAO,CACL,MAAM,CAAC,QAAQ;QACf,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QAChC,kBAAkB,EAAE,CACrB,CAAC;AACJ,CAAC"}

package/dist/credentials/index.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export { createCredentialStore, type CreateCredentialStoreOptions } from "./store.js";
+export { createCredentialProxy } from "./proxy.js";
+export type { CredentialStore, CredentialProxy, CredentialEntry } from "./types.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/credentials/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/credentials/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,KAAK,4BAA4B,EAAE,MAAM,YAAY,CAAC;AACtF,OAAO,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACnD,YAAY,EAAE,eAAe,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC"}

package/dist/credentials/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+export { createCredentialStore } from "./store.js";
+export { createCredentialProxy } from "./proxy.js";
+//# sourceMappingURL=index.js.map

package/dist/credentials/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/credentials/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAqC,MAAM,YAAY,CAAC;AACtF,OAAO,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC"}

package/dist/credentials/proxy.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { CredentialStore, CredentialProxy } from "./types.js";
+export declare function createCredentialProxy(store: CredentialStore): CredentialProxy;
+//# sourceMappingURL=proxy.d.ts.map

package/dist/credentials/proxy.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"proxy.d.ts","sourceRoot":"","sources":["../../src/credentials/proxy.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAEnE,wBAAgB,qBAAqB,CACnC,KAAK,EAAE,eAAe,GACrB,eAAe,CAQjB"}

package/dist/credentials/proxy.js ADDED Viewed

@@ -0,0 +1,11 @@
+export function createCredentialProxy(store) {
+    return {
+        async injectCredentials(skillId, env) {
+            const creds = await store.resolve(skillId);
+            if (!creds)
+                return env;
+            return { ...env, ...creds };
+        },
+    };
+}
+//# sourceMappingURL=proxy.js.map

package/dist/credentials/proxy.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"proxy.js","sourceRoot":"","sources":["../../src/credentials/proxy.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,qBAAqB,CACnC,KAAsB;IAEtB,OAAO;QACL,KAAK,CAAC,iBAAiB,CAAC,OAAO,EAAE,GAAG;YAClC,MAAM,KAAK,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC3C,IAAI,CAAC,KAAK;gBAAE,OAAO,GAAG,CAAC;YACvB,OAAO,EAAE,GAAG,GAAG,EAAE,GAAG,KAAK,EAAE,CAAC;QAC9B,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/credentials/store.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { CredentialStore } from "./types.js";
+export interface CreateCredentialStoreOptions {
+    workspaceDir: string;
+    passphrase?: string;
+}
+export declare function createCredentialStore(options: CreateCredentialStoreOptions): CredentialStore;
+//# sourceMappingURL=store.d.ts.map

package/dist/credentials/store.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../../src/credentials/store.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAmElD,MAAM,WAAW,4BAA4B;IAC3C,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,4BAA4B,GACpC,eAAe,CA6EjB"}

package/dist/credentials/store.js ADDED Viewed

@@ -0,0 +1,115 @@
+import * as fs from "node:fs";
+import * as path from "node:path";
+import * as crypto from "node:crypto";
+import { atomicWriteFileSync } from "../shared/index.js";
+let credentialLock = Promise.resolve();
+function withCredentialLock(fn) {
+    const prev = credentialLock;
+    let release;
+    credentialLock = new Promise((r) => { release = r; });
+    return prev.then(fn).finally(() => release());
+}
+const ALGORITHM = "aes-256-gcm";
+const KEY_LENGTH = 32;
+const IV_LENGTH = 16;
+const SALT_LENGTH = 32;
+const TAG_LENGTH = 16;
+const PBKDF2_ITERATIONS = 100_000;
+function deriveKey(passphrase, salt) {
+    return crypto.pbkdf2Sync(passphrase, salt, PBKDF2_ITERATIONS, KEY_LENGTH, "sha512");
+}
+function encrypt(plaintext, passphrase) {
+    const salt = crypto.randomBytes(SALT_LENGTH);
+    const key = deriveKey(passphrase, salt);
+    const iv = crypto.randomBytes(IV_LENGTH);
+    const cipher = crypto.createCipheriv(ALGORITHM, key, iv);
+    let ciphertext = cipher.update(plaintext, "utf-8", "base64");
+    ciphertext += cipher.final("base64");
+    const tag = cipher.getAuthTag();
+    return {
+        salt: salt.toString("base64"),
+        iv: iv.toString("base64"),
+        tag: tag.toString("base64"),
+        ciphertext,
+    };
+}
+function decrypt(payload, passphrase) {
+    const salt = Buffer.from(payload.salt, "base64");
+    const key = deriveKey(passphrase, salt);
+    const iv = Buffer.from(payload.iv, "base64");
+    const tag = Buffer.from(payload.tag, "base64");
+    const decipher = crypto.createDecipheriv(ALGORITHM, key, iv);
+    decipher.setAuthTag(tag);
+    let plaintext = decipher.update(payload.ciphertext, "base64", "utf-8");
+    plaintext += decipher.final("utf-8");
+    return plaintext;
+}
+export function createCredentialStore(options) {
+    const filePath = path.join(options.workspaceDir, "credentials.enc.json");
+    const passphrase = options.passphrase ??
+        process.env["CLOISON_CREDENTIAL_KEY"];
+    if (!passphrase) {
+        throw new Error("Credential store requires a passphrase: pass it explicitly or set CLOISON_CREDENTIAL_KEY");
+    }
+    const DANGEROUS_KEYS = new Set(["__proto__", "constructor", "prototype"]);
+    function validateSkillId(skillId) {
+        if (DANGEROUS_KEYS.has(skillId)) {
+            throw new Error(`Invalid skillId "${skillId}": reserved property name`);
+        }
+    }
+    function loadFile() {
+        try {
+            const raw = fs.readFileSync(filePath, "utf-8");
+            return JSON.parse(raw);
+        }
+        catch {
+            return { version: 1, credentials: {} };
+        }
+    }
+    function saveFile(file) {
+        atomicWriteFileSync(filePath, JSON.stringify(file, null, 2));
+    }
+    return {
+        async store(skillId, credentials) {
+            validateSkillId(skillId);
+            return withCredentialLock(async () => {
+                const file = loadFile();
+                const plaintext = JSON.stringify(credentials);
+                file.credentials[skillId] = encrypt(plaintext, passphrase);
+                saveFile(file);
+            });
+        },
+        async resolve(skillId) {
+            validateSkillId(skillId);
+            const file = loadFile();
+            const payload = file.credentials[skillId];
+            if (!payload)
+                return undefined;
+            try {
+                const plaintext = decrypt(payload, passphrase);
+                return JSON.parse(plaintext);
+            }
+            catch (err) {
+                process.stderr.write(`[credential-store] Failed to decrypt credentials for skill "${skillId}": ${err instanceof Error ? err.message : String(err)}. ` +
+                    `This typically means the passphrase has changed since the credentials were stored.\n`);
+                return undefined;
+            }
+        },
+        async delete(skillId) {
+            validateSkillId(skillId);
+            return withCredentialLock(async () => {
+                const file = loadFile();
+                if (!(skillId in file.credentials))
+                    return false;
+                delete file.credentials[skillId];
+                saveFile(file);
+                return true;
+            });
+        },
+        async list() {
+            const file = loadFile();
+            return Object.keys(file.credentials);
+        },
+    };
+}
+//# sourceMappingURL=store.js.map