cloison-runtime 0.1.0

package/dist/sandbox/seccomp.js

@@ -0,0 +1,120 @@
+import * as fs from "node:fs";
+import * as path from "node:path";
+import * as os from "node:os";
+const NODE_REQUIRED_SYSCALLS = [
+    "read", "write", "open", "close", "stat", "fstat", "lstat",
+    "poll", "lseek", "mmap", "mprotect", "munmap", "brk",
+    "rt_sigaction", "rt_sigprocmask", "rt_sigreturn", "ioctl",
+    "pread64", "pwrite64", "readv", "writev", "access",
+    "pipe", "select", "sched_yield", "mremap", "msync",
+    "mincore", "madvise", "shmget", "shmat", "shmctl",
+    "dup", "dup2", "pause", "nanosleep", "getitimer",
+    "alarm", "setitimer", "getpid", "sendfile",
+    "socket", "connect", "accept", "sendto", "recvfrom",
+    "sendmsg", "recvmsg", "shutdown", "bind", "listen",
+    "getsockname", "getpeername", "socketpair",
+    "setsockopt", "getsockopt",
+    "clone", "fork", "vfork", "execve",
+    "exit", "wait4", "kill", "uname",
+    "fcntl", "flock", "fsync", "fdatasync", "truncate", "ftruncate",
+    "getdents", "getcwd", "chdir", "fchdir",
+    "rename", "mkdir", "rmdir", "creat", "link", "unlink",
+    "symlink", "readlink", "chmod", "fchmod", "chown", "fchown",
+    "lchown", "umask", "gettimeofday", "getrlimit",
+    "getrusage", "sysinfo", "times", "getuid", "syslog",
+    "getgid", "setuid", "setgid", "geteuid", "getegid",
+    "setpgid", "getppid", "getpgrp", "setsid",
+    "setreuid", "setregid", "getgroups", "setgroups",
+    "setresuid", "getresuid", "setresgid", "getresgid",
+    "sigpending", "sigaltstack", "statfs", "fstatfs",
+    "arch_prctl", "set_tid_address", "set_robust_list",
+    "get_robust_list",
+    "futex", "sched_getaffinity",
+    "epoll_create", "epoll_ctl", "epoll_wait",
+    "epoll_create1", "epoll_pwait",
+    "eventfd", "eventfd2", "timerfd_create", "timerfd_settime",
+    "signalfd", "signalfd4",
+    "clock_gettime", "clock_getres", "clock_nanosleep",
+    "exit_group", "tgkill", "openat", "mkdirat",
+    "fchownat", "newfstatat", "unlinkat", "renameat",
+    "linkat", "symlinkat", "readlinkat", "fchmodat",
+    "faccessat", "pselect6", "ppoll",
+    "splice", "tee", "sync_file_range", "utimensat",
+    "fallocate", "accept4", "pipe2", "inotify_init1",
+    "preadv", "pwritev", "recvmmsg", "sendmmsg",
+    "getrandom", "memfd_create", "copy_file_range",
+    "statx", "rseq",
+    "close_range", "openat2", "pidfd_open",
+    "clone3", "faccessat2",
+    "process_mrelease", "futex_waitv",
+    "preadv2", "pwritev2",
+    "io_uring_setup", "io_uring_enter", "io_uring_register",
+    "mlock", "munlock",
+    "prctl", "capget", "capset",
+    "getdents64", "dup3",
+    "sched_setaffinity", "sched_getaffinity",
+];
+const BLOCKED_SYSCALLS = [
+    "ptrace",
+    "mount", "umount2",
+    "pivot_root", "chroot",
+    "reboot", "kexec_load", "kexec_file_load",
+    "init_module", "finit_module", "delete_module",
+    "acct",
+    "swapon", "swapoff",
+    "nfsservctl",
+    "personality",
+    "keyctl", "request_key", "add_key",
+    "bpf",
+    "userfaultfd",
+    "perf_event_open",
+    "lookup_dcookie",
+    "kcmp",
+    "process_vm_readv", "process_vm_writev",
+    "move_pages", "migrate_pages",
+    "mbind", "set_mempolicy", "get_mempolicy",
+    "unshare", "setns",
+];
+export function buildDefaultProfile() {
+    return {
+        defaultAction: "SCMP_ACT_ERRNO",
+        syscalls: [
+            {
+                names: NODE_REQUIRED_SYSCALLS,
+                action: "SCMP_ACT_ALLOW",
+            },
+            {
+                names: BLOCKED_SYSCALLS,
+                action: "SCMP_ACT_ERRNO",
+            },
+        ],
+    };
+}
+export function buildRestrictedProfile(additionalAllowed) {
+    const allowed = [...NODE_REQUIRED_SYSCALLS, ...(additionalAllowed ?? [])];
+    return {
+        defaultAction: "SCMP_ACT_KILL",
+        syscalls: [
+            {
+                names: allowed,
+                action: "SCMP_ACT_ALLOW",
+            },
+        ],
+    };
+}
+export function writeSeccompProfile(profile, sandboxId) {
+    const tmpDir = path.join(os.tmpdir(), "cloison-runtime-seccomp");
+    fs.mkdirSync(tmpDir, { recursive: true, mode: 0o700 });
+    const profilePath = path.join(tmpDir, `${sandboxId}.json`);
+    fs.writeFileSync(profilePath, JSON.stringify(profile, null, 2), { mode: 0o600 });
+    return profilePath;
+}
+export function cleanupSeccompProfile(profilePath) {
+    try {
+        fs.unlinkSync(profilePath);
+    }
+    catch {
+        // best effort
+    }
+}
+//# sourceMappingURL=seccomp.js.map

package/dist/sandbox/seccomp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"seccomp.js","sourceRoot":"","sources":["../../src/sandbox/seccomp.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAY9B,MAAM,sBAAsB,GAAG;IAC7B,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO;IAC1D,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK;IACpD,cAAc,EAAE,gBAAgB,EAAE,cAAc,EAAE,OAAO;IACzD,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ;IAClD,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,QAAQ,EAAE,OAAO;IAClD,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ;IACjD,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,WAAW;IAChD,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,UAAU;IAC1C,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU;IACnD,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ;IAClD,aAAa,EAAE,aAAa,EAAE,YAAY;IAC1C,YAAY,EAAE,YAAY;IAC1B,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ;IAClC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO;IAChC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,WAAW;IAC/D,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ;IACvC,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ;IACrD,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ;IAC3D,QAAQ,EAAE,OAAO,EAAE,cAAc,EAAE,WAAW;IAC9C,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ;IACnD,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;IAClD,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ;IACzC,UAAU,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW;IAChD,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW;IAClD,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS;IAChD,YAAY,EAAE,iBAAiB,EAAE,iBAAiB;IAClD,iBAAiB;IACjB,OAAO,EAAE,mBAAmB;IAC5B,cAAc,EAAE,WAAW,EAAE,YAAY;IACzC,eAAe,EAAE,aAAa;IAC9B,SAAS,EAAE,UAAU,EAAE,gBAAgB,EAAE,iBAAiB;IAC1D,UAAU,EAAE,WAAW;IACvB,eAAe,EAAE,cAAc,EAAE,iBAAiB;IAClD,YAAY,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS;IAC3C,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU;IAChD,QAAQ,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU;IAC/C,WAAW,EAAE,UAAU,EAAE,OAAO;IAChC,QAAQ,EAAE,KAAK,EAAE,iBAAiB,EAAE,WAAW;IAC/C,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,eAAe;IAChD,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU;IAC3C,WAAW,EAAE,cAAc,EAAE,iBAAiB;IAC9C,OAAO,EAAE,MAAM;IACf,aAAa,EAAE,SAAS,EAAE,YAAY;IACtC,QAAQ,EAAE,YAAY;IACtB,kBAAkB,EAAE,aAAa;IACjC,SAAS,EAAE,UAAU;IACrB,gBAAgB,EAAE,gBAAgB,EAAE,mBAAmB;IACvD,OAAO,EAAE,SAAS;IAClB,OAAO,EAAE,QAAQ,EAAE,QAAQ;IAC3B,YAAY,EAAE,MAAM;IACpB,mBAAmB,EAAE,mBAAmB;CACzC,CAAC;AAEF,MAAM,gBAAgB,GAAG;IACvB,QAAQ;IACR,OAAO,EAAE,SAAS;IAClB,YAAY,EAAE,QAAQ;IACtB,QAAQ,EAAE,YAAY,EAAE,iBAAiB;IACzC,aAAa,EAAE,cAAc,EAAE,eAAe;IAC9C,MAAM;IACN,QAAQ,EAAE,SAAS;IACnB,YAAY;IACZ,aAAa;IACb,QAAQ,EAAE,aAAa,EAAE,SAAS;IAClC,KAAK;IACL,aAAa;IACb,iBAAiB;IACjB,gBAAgB;IAChB,MAAM;IACN,kBAAkB,EAAE,mBAAmB;IACvC,YAAY,EAAE,eAAe;IAC7B,OAAO,EAAE,eAAe,EAAE,eAAe;IACzC,SAAS,EAAE,OAAO;CACnB,CAAC;AAEF,MAAM,UAAU,mBAAmB;IACjC,OAAO;QACL,aAAa,EAAE,gBAAgB;QAC/B,QAAQ,EAAE;YACR;gBACE,KAAK,EAAE,sBAAsB;gBAC7B,MAAM,EAAE,gBAAgB;aACzB;YACD;gBACE,KAAK,EAAE,gBAAgB;gBACvB,MAAM,EAAE,gBAAgB;aACzB;SACF;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,iBAA4B;IAE5B,MAAM,OAAO,GAAG,CAAC,GAAG,sBAAsB,EAAE,GAAG,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC,CAAC;IAC1E,OAAO;QACL,aAAa,EAAE,eAAe;QAC9B,QAAQ,EAAE;YACR;gBACE,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,gBAAgB;aACzB;SACF;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,OAAuB,EACvB,SAAiB;IAEjB,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,yBAAyB,CAAC,CAAC;IACjE,EAAE,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACvD,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,SAAS,OAAO,CAAC,CAAC;IAC3D,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACjF,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,WAAmB;IACvD,IAAI,CAAC;QACH,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,cAAc;IAChB,CAAC;AACH,CAAC"}

package/dist/sandbox/types.d.ts

@@ -0,0 +1,66 @@
+export interface SandboxConfig {
+    memoryLimitMb?: number;
+    cpuWeight?: number;
+    pidsLimit?: number;
+    networkIsolation?: boolean;
+    timeoutMs?: number;
+    mountBinds?: MountBind[];
+}
+export interface MountBind {
+    source: string;
+    target: string;
+    readonly: boolean;
+}
+export interface SandboxCapabilities {
+    hasUserNamespace: boolean;
+    hasPidNamespace: boolean;
+    hasMountNamespace: boolean;
+    hasNetNamespace: boolean;
+    hasCgroupV2: boolean;
+    hasSeccomp: boolean;
+    hasUnshare: boolean;
+    platform: "linux";
+}
+export interface SandboxProcess {
+    pid: number;
+    stdin: NodeJS.WritableStream;
+    stdout: NodeJS.ReadableStream;
+    stderr: NodeJS.ReadableStream;
+    kill(): void;
+    waitForExit(): Promise<number>;
+}
+export interface SandboxManager {
+    capabilities(): Promise<SandboxCapabilities>;
+    spawn(options: SandboxSpawnOptions): Promise<SandboxProcess>;
+}
+export interface SandboxSpawnOptions {
+    command: string;
+    args: string[];
+    env: Record<string, string>;
+    cwd: string;
+    config: SandboxConfig;
+    /** Env keys to preserve after credential sanitization (e.g. the LLM provider API key) */
+    protectedKeys?: string[];
+    onStderr?: (data: string) => void;
+}
+export interface IpcMessage {
+    jsonrpc: "2.0";
+    id?: number | string;
+    method?: string;
+    params?: unknown;
+    result?: unknown;
+    error?: IpcError;
+}
+export interface IpcError {
+    code: number;
+    message: string;
+    data?: unknown;
+}
+export declare const IPC_ERROR_CODES: {
+    readonly PARSE_ERROR: -32700;
+    readonly INVALID_REQUEST: -32600;
+    readonly METHOD_NOT_FOUND: -32601;
+    readonly INVALID_PARAMS: -32602;
+    readonly INTERNAL_ERROR: -32603;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/sandbox/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/sandbox/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,aAAa;IAC5B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,SAAS,EAAE,CAAC;CAC1B;AAED,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,EAAE,OAAO,CAAC;IACzB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,eAAe,EAAE,OAAO,CAAC;IACzB,WAAW,EAAE,OAAO,CAAC;IACrB,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,EAAE,OAAO,CAAC;IACpB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC,cAAc,CAAC;IAC7B,MAAM,EAAE,MAAM,CAAC,cAAc,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC,cAAc,CAAC;IAC9B,IAAI,IAAI,IAAI,CAAC;IACb,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;CAChC;AAED,MAAM,WAAW,cAAc;IAC7B,YAAY,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAC7C,KAAK,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;CAC9D;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,aAAa,CAAC;IACtB,yFAAyF;IACzF,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;CACnC;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,KAAK,CAAC;IACf,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,QAAQ,CAAC;CAClB;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,eAAO,MAAM,eAAe;;;;;;CAMlB,CAAC"}

package/dist/sandbox/types.js

@@ -0,0 +1,8 @@
+export const IPC_ERROR_CODES = {
+    PARSE_ERROR: -32700,
+    INVALID_REQUEST: -32600,
+    METHOD_NOT_FOUND: -32601,
+    INVALID_PARAMS: -32602,
+    INTERNAL_ERROR: -32603,
+};
+//# sourceMappingURL=types.js.map

package/dist/sandbox/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/sandbox/types.ts"],"names":[],"mappings":"AAkEA,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,WAAW,EAAE,CAAC,KAAK;IACnB,eAAe,EAAE,CAAC,KAAK;IACvB,gBAAgB,EAAE,CAAC,KAAK;IACxB,cAAc,EAAE,CAAC,KAAK;IACtB,cAAc,EAAE,CAAC,KAAK;CACd,CAAC"}

package/dist/sandbox/worker.d.ts

@@ -0,0 +1,15 @@
+export interface WorkerConfig {
+    workspaceDir: string;
+    sessionsDir: string;
+    sessionId: string;
+    message: string;
+    model: string;
+    provider: string;
+    systemPrompt?: string;
+    enableCodingTools: boolean;
+    contextTokens?: number;
+    maxRetries?: number;
+    enableSubagents?: boolean;
+}
+export declare function startWorker(): Promise<void>;
+//# sourceMappingURL=worker.d.ts.map

package/dist/sandbox/worker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"worker.d.ts","sourceRoot":"","sources":["../../src/sandbox/worker.ts"],"names":[],"mappings":"AAWA,MAAM,WAAW,YAAY;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED,wBAAsB,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC,CAsJjD"}

package/dist/sandbox/worker.js

@@ -0,0 +1,151 @@
+import { Writable } from "node:stream";
+import * as path from "node:path";
+import { fileURLToPath } from "node:url";
+import * as fs from "node:fs";
+import { createIpcPeer } from "./ipc.js";
+import { createProxyTools } from "./proxy-tools.js";
+import { resolveSessionManager, extractAssistantResponse, } from "../shared/index.js";
+export async function startWorker() {
+    // Capture a direct reference to stdout.write BEFORE overriding, so the
+    // IPC peer can still write JSON-RPC messages to the real stdout fd.
+    const rawStdoutWrite = process.stdout.write.bind(process.stdout);
+    const ipcOutputStream = new Writable({
+        write(chunk, encoding, callback) {
+            rawStdoutWrite(chunk, encoding, callback);
+        },
+    });
+    // Redirect ALL stdout/console output to stderr so that libraries or SDK
+    // code using process.stdout.write() directly can't corrupt the IPC channel.
+    process.stdout.write = function (chunk, encodingOrCallback, callback) {
+        return process.stderr.write.call(process.stderr, chunk, encodingOrCallback, callback);
+    };
+    const stderrWrite = (msg) => { process.stderr.write(msg + "\n"); };
+    console.log = (...args) => stderrWrite(args.map(String).join(" "));
+    console.info = console.log;
+    console.warn = console.log;
+    console.error = console.log;
+    console.debug = console.log;
+    const config = readWorkerConfig();
+    if (!config) {
+        process.exit(1);
+    }
+    const peer = createIpcPeer(process.stdin, ipcOutputStream);
+    peer.handle("agent.run", async (params) => {
+        const runParams = (params ?? {});
+        const message = runParams.message ?? config.message;
+        const model = runParams.model ?? config.model;
+        const provider = runParams.provider ?? config.provider;
+        const systemPrompt = runParams.systemPrompt ?? config.systemPrompt;
+        const sessionId = runParams.sessionId ?? config.sessionId;
+        try {
+            const { createAgentSession, SessionManager, codingTools, } = await import("@mariozechner/pi-coding-agent");
+            const { getModel } = await import("@mariozechner/pi-ai");
+            const resolvedModel = getModel(provider, model);
+            fs.mkdirSync(config.sessionsDir, { recursive: true });
+            const sessionManager = resolveSessionManager(SessionManager, config.workspaceDir, config.sessionsDir);
+            const proxyTools = createProxyTools(peer);
+            const tools = config.enableCodingTools
+                ? [...codingTools]
+                : [];
+            const customTools = proxyTools;
+            if (config.enableSubagents !== false) {
+                try {
+                    const { createSubagentTool } = await import("../runtime/subagent.js");
+                    const subTool = createSubagentTool({
+                        runtime: {
+                            run: async (opts) => {
+                                const subResult = await peer.call("agent.run.subagent", opts);
+                                if (subResult.error)
+                                    throw new Error(subResult.error);
+                                return { response: subResult.response ?? "", sessionId: subResult.sessionId ?? "" };
+                            },
+                        },
+                    });
+                    customTools.push(subTool);
+                }
+                catch {
+                    // subagent support not available in this build
+                }
+            }
+            const { session } = await createAgentSession({
+                cwd: config.workspaceDir,
+                model: resolvedModel,
+                tools,
+                customTools,
+                sessionManager,
+            });
+            const pendingToolArgs = new Map();
+            const unsubscribe = session.subscribe((event) => {
+                peer.notify("agent.event", {
+                    type: event.type,
+                    ...event,
+                });
+                if (event.type === "tool_execution_start") {
+                    pendingToolArgs.set(event.toolCallId, event.args ?? {});
+                    peer.notify("hooks.before_tool_call", {
+                        toolName: event.toolName,
+                        input: event.args ?? {},
+                    });
+                }
+                if (event.type === "tool_execution_end") {
+                    const input = pendingToolArgs.get(event.toolCallId) ?? {};
+                    pendingToolArgs.delete(event.toolCallId);
+                    peer.notify("hooks.after_tool_call", {
+                        toolName: event.toolName,
+                        input,
+                        result: event.result,
+                    });
+                }
+            });
+            try {
+                await session.sendUserMessage(message);
+            }
+            finally {
+                unsubscribe();
+            }
+            const responseText = extractAssistantResponse(session.messages);
+            return { response: responseText, sessionId };
+        }
+        catch (err) {
+            return { error: String(err) };
+        }
+    });
+    peer.start();
+    process.on("SIGTERM", () => {
+        peer.stop();
+        process.exit(0);
+    });
+    process.on("SIGINT", () => {
+        peer.stop();
+        process.exit(0);
+    });
+}
+function readWorkerConfig() {
+    const configJson = process.env["SANDBOX_WORKER_CONFIG"];
+    if (!configJson) {
+        process.stderr.write("SANDBOX_WORKER_CONFIG env var not set\n");
+        return null;
+    }
+    try {
+        return JSON.parse(configJson);
+    }
+    catch {
+        process.stderr.write("Failed to parse SANDBOX_WORKER_CONFIG\n");
+        return null;
+    }
+}
+const isDirectRun = (() => {
+    if (!process.argv[1])
+        return false;
+    const normalize = (p) => p.replace(/\.ts$/, ".js");
+    const thisPath = normalize(fileURLToPath(import.meta.url));
+    const argResolved = normalize(path.resolve(process.argv[1]));
+    return thisPath === argResolved;
+})();
+if (isDirectRun) {
+    startWorker().catch((err) => {
+        process.stderr.write(`Worker failed: ${err}\n`);
+        process.exit(1);
+    });
+}
+//# sourceMappingURL=worker.js.map

package/dist/sandbox/worker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"worker.js","sourceRoot":"","sources":["../../src/sandbox/worker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EACL,qBAAqB,EACrB,wBAAwB,GACzB,MAAM,oBAAoB,CAAC;AAgB5B,MAAM,CAAC,KAAK,UAAU,WAAW;IAC/B,uEAAuE;IACvE,oEAAoE;IACpE,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjE,MAAM,eAAe,GAAG,IAAI,QAAQ,CAAC;QACnC,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE,QAAQ;YAC7B,cAAc,CAAC,KAAK,EAAE,QAA0B,EAAE,QAAQ,CAAC,CAAC;QAC9D,CAAC;KACF,CAAC,CAAC;IAEH,wEAAwE;IACxE,4EAA4E;IAC3E,OAAO,CAAC,MAAiD,CAAC,KAAK,GAAG,UACjE,KAAc,EACd,kBAAoE,EACpE,QAAuC;QAEvC,OAAQ,OAAO,CAAC,MAAM,CAAC,KAAkB,CAAC,IAAI,CAC5C,OAAO,CAAC,MAAM,EACd,KAAK,EACL,kBAAoC,EACpC,QAAQ,CACT,CAAC;IACJ,CAAgC,CAAC;IAEjC,MAAM,WAAW,GAAG,CAAC,GAAW,EAAE,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3E,OAAO,CAAC,GAAG,GAAG,CAAC,GAAG,IAAe,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9E,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC;IAC3B,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC;IAC3B,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC;IAC5B,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC;IAE5B,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;IAClC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,IAAI,GAAG,aAAa,CAAC,OAAO,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IAE3D,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE;QACxC,MAAM,SAAS,GAAG,CAAC,MAAM,IAAI,EAAE,CAA0B,CAAC;QAC1D,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC;QACpD,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,CAAC;QAC9C,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC;QACvD,MAAM,YAAY,GAAG,SAAS,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY,CAAC;QACnE,MAAM,SAAS,GAAG,SAAS,CAAC,SAAS,IAAI,MAAM,CAAC,SAAS,CAAC;QAE1D,IAAI,CAAC;YACH,MAAM,EACJ,kBAAkB,EAClB,cAAc,EACd,WAAW,GACZ,GAAG,MAAM,MAAM,CAAC,+BAA+B,CAAC,CAAC;YAClD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAC;YAEzD,MAAM,aAAa,GAAG,QAAQ,CAC5B,QAA0C,EAC1C,KAAc,CACf,CAAC;YAEF,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACtD,MAAM,cAAc,GAAG,qBAAqB,CAC1C,cAAc,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,WAAW,CACxD,CAAC;YAEF,MAAM,UAAU,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;YAE1C,MAAM,KAAK,GAAG,MAAM,CAAC,iBAAiB;gBACpC,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC;gBAClB,CAAC,CAAC,EAAE,CAAC;YAEP,MAAM,WAAW,GACf,UAAiF,CAAC;YAEpF,IAAI,MAAM,CAAC,eAAe,KAAK,KAAK,EAAE,CAAC;gBACrC,IAAI,CAAC;oBACH,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC;oBACtE,MAAM,OAAO,GAAG,kBAAkB,CAAC;wBACjC,OAAO,EAAE;4BACP,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;gCAClB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAC/B,oBAAoB,EAAE,IAAI,CAC3B,CAAC;gCACF,IAAI,SAAS,CAAC,KAAK;oCAAE,MAAM,IAAI,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gCACtD,OAAO,EAAE,QAAQ,EAAE,SAAS,CAAC,QAAQ,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS,CAAC,SAAS,IAAI,EAAE,EAAE,CAAC;4BACtF,CAAC;yBACF;qBACF,CAAC,CAAC;oBACH,WAAW,CAAC,IAAI,CAAC,OAA4E,CAAC,CAAC;gBACjG,CAAC;gBAAC,MAAM,CAAC;oBACP,+CAA+C;gBACjD,CAAC;YACH,CAAC;YAED,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,kBAAkB,CAAC;gBAC3C,GAAG,EAAE,MAAM,CAAC,YAAY;gBACxB,KAAK,EAAE,aAAa;gBACpB,KAAK;gBACL,WAAW;gBACX,cAAc;aACf,CAAC,CAAC;YAEH,MAAM,eAAe,GAAG,IAAI,GAAG,EAAmC,CAAC;YACnE,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE;gBAC9C,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE;oBACzB,IAAI,EAAE,KAAK,CAAC,IAAI;oBAChB,GAAI,KAAiC;iBACtC,CAAC,CAAC;gBACH,IAAI,KAAK,CAAC,IAAI,KAAK,sBAAsB,EAAE,CAAC;oBAC1C,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,EAAG,KAAK,CAAC,IAAgC,IAAI,EAAE,CAAC,CAAC;oBACrF,IAAI,CAAC,MAAM,CAAC,wBAAwB,EAAE;wBACpC,QAAQ,EAAE,KAAK,CAAC,QAAQ;wBACxB,KAAK,EAAG,KAAK,CAAC,IAAgC,IAAI,EAAE;qBACrD,CAAC,CAAC;gBACL,CAAC;gBACD,IAAI,KAAK,CAAC,IAAI,KAAK,oBAAoB,EAAE,CAAC;oBACxC,MAAM,KAAK,GAAG,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;oBAC1D,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;oBACzC,IAAI,CAAC,MAAM,CAAC,uBAAuB,EAAE;wBACnC,QAAQ,EAAE,KAAK,CAAC,QAAQ;wBACxB,KAAK;wBACL,MAAM,EAAE,KAAK,CAAC,MAAM;qBACrB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC;gBACH,MAAM,OAAO,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YACzC,CAAC;oBAAS,CAAC;gBACT,WAAW,EAAE,CAAC;YAChB,CAAC;YAED,MAAM,YAAY,GAAG,wBAAwB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAChE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,SAAS,EAAE,CAAC;QAC/C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QAChC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,KAAK,EAAE,CAAC;IAEb,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;QACzB,IAAI,CAAC,IAAI,EAAE,CAAC;QACZ,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;QACxB,IAAI,CAAC,IAAI,EAAE,CAAC;QACZ,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,gBAAgB;IACvB,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;IACxD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAChE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAiB,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAChE,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,WAAW,GAAG,CAAC,GAAG,EAAE;IACxB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IACnC,MAAM,SAAS,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC3D,MAAM,QAAQ,GAAG,SAAS,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3D,MAAM,WAAW,GAAG,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7D,OAAO,QAAQ,KAAK,WAAW,CAAC;AAClC,CAAC,CAAC,EAAE,CAAC;AAEL,IAAI,WAAW,EAAE,CAAC;IAChB,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC;QAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/sessions/index.d.ts

@@ -0,0 +1,3 @@
+export { type SessionEntry, type SessionStore, loadSessionStore, saveSessionStore, getOrCreateSession, updateSession, getSessionStorePath, } from "./store.js";
+export { onSessionTranscriptUpdate, emitSessionTranscriptUpdate, type SessionTranscriptUpdate, } from "./transcript-events.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/sessions/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sessions/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,YAAY,EACjB,KAAK,YAAY,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,kBAAkB,EAClB,aAAa,EACb,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,yBAAyB,EACzB,2BAA2B,EAC3B,KAAK,uBAAuB,GAC7B,MAAM,wBAAwB,CAAC"}

package/dist/sessions/index.js

@@ -0,0 +1,3 @@
+export { loadSessionStore, saveSessionStore, getOrCreateSession, updateSession, getSessionStorePath, } from "./store.js";
+export { onSessionTranscriptUpdate, emitSessionTranscriptUpdate, } from "./transcript-events.js";
+//# sourceMappingURL=index.js.map

package/dist/sessions/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sessions/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,gBAAgB,EAChB,gBAAgB,EAChB,kBAAkB,EAClB,aAAa,EACb,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,yBAAyB,EACzB,2BAA2B,GAE5B,MAAM,wBAAwB,CAAC"}

package/dist/sessions/store.d.ts

@@ -0,0 +1,17 @@
+export interface SessionEntry {
+    id: string;
+    agentId?: string;
+    model?: string;
+    createdAt: string;
+    updatedAt: string;
+    metadata?: Record<string, unknown>;
+}
+export interface SessionStore {
+    entries: Record<string, SessionEntry>;
+}
+export declare function getSessionStorePath(stateDir: string): string;
+export declare function loadSessionStore(stateDir: string): SessionStore;
+export declare function saveSessionStore(stateDir: string, store: SessionStore): void;
+export declare function getOrCreateSession(stateDir: string, sessionId: string, defaults?: Partial<SessionEntry>): Promise<SessionEntry>;
+export declare function updateSession(stateDir: string, sessionId: string, update: Partial<SessionEntry>): Promise<void>;
+//# sourceMappingURL=store.d.ts.map

package/dist/sessions/store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../../src/sessions/store.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;CACvC;AAED,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAE5D;AAED,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,YAAY,CAQ/D;AAsBD,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,YAAY,GAClB,IAAI,CAGN;AAED,wBAAsB,kBAAkB,CACtC,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,QAAQ,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,GAC/B,OAAO,CAAC,YAAY,CAAC,CAiBvB;AAED,wBAAsB,aAAa,CACjC,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,OAAO,CAAC,YAAY,CAAC,GAC5B,OAAO,CAAC,IAAI,CAAC,CAaf"}

package/dist/sessions/store.js

@@ -0,0 +1,70 @@
+import * as fs from "node:fs";
+import * as path from "node:path";
+import { atomicWriteFileSync } from "../shared/index.js";
+export function getSessionStorePath(stateDir) {
+    return path.join(stateDir, "sessions.json");
+}
+export function loadSessionStore(stateDir) {
+    const filePath = getSessionStorePath(stateDir);
+    try {
+        const raw = fs.readFileSync(filePath, "utf-8");
+        return JSON.parse(raw);
+    }
+    catch {
+        return { entries: {} };
+    }
+}
+const sessionStoreLocks = new Map();
+async function withSessionLock(stateDir, fn) {
+    const key = path.resolve(stateDir);
+    const previous = sessionStoreLocks.get(key) ?? Promise.resolve();
+    let release;
+    const currentPromise = new Promise((r) => { release = r; });
+    sessionStoreLocks.set(key, currentPromise);
+    try {
+        await previous;
+        return fn();
+    }
+    finally {
+        release();
+        if (sessionStoreLocks.get(key) === currentPromise) {
+            sessionStoreLocks.delete(key);
+        }
+    }
+}
+export function saveSessionStore(stateDir, store) {
+    const filePath = getSessionStorePath(stateDir);
+    atomicWriteFileSync(filePath, JSON.stringify(store, null, 2));
+}
+export async function getOrCreateSession(stateDir, sessionId, defaults) {
+    return withSessionLock(stateDir, () => {
+        const store = loadSessionStore(stateDir);
+        if (store.entries[sessionId]) {
+            return store.entries[sessionId];
+        }
+        const entry = {
+            id: sessionId,
+            createdAt: new Date().toISOString(),
+            updatedAt: new Date().toISOString(),
+            ...defaults,
+        };
+        store.entries[sessionId] = entry;
+        saveSessionStore(stateDir, store);
+        return entry;
+    });
+}
+export async function updateSession(stateDir, sessionId, update) {
+    await withSessionLock(stateDir, () => {
+        const store = loadSessionStore(stateDir);
+        const existing = store.entries[sessionId];
+        if (!existing)
+            return;
+        store.entries[sessionId] = {
+            ...existing,
+            ...update,
+            updatedAt: new Date().toISOString(),
+        };
+        saveSessionStore(stateDir, store);
+    });
+}
+//# sourceMappingURL=store.js.map

package/dist/sessions/store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"store.js","sourceRoot":"","sources":["../../src/sessions/store.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAezD,MAAM,UAAU,mBAAmB,CAAC,QAAgB;IAClD,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,QAAgB;IAC/C,MAAM,QAAQ,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IAC/C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC/C,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAiB,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IACzB,CAAC;AACH,CAAC;AAED,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAyB,CAAC;AAE3D,KAAK,UAAU,eAAe,CAAI,QAAgB,EAAE,EAAW;IAC7D,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;IACjE,IAAI,OAAmB,CAAC;IACxB,MAAM,cAAc,GAAG,IAAI,OAAO,CAAO,CAAC,CAAC,EAAE,EAAE,GAAG,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAClE,iBAAiB,CAAC,GAAG,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;IAE3C,IAAI,CAAC;QACH,MAAM,QAAQ,CAAC;QACf,OAAO,EAAE,EAAE,CAAC;IACd,CAAC;YAAS,CAAC;QACT,OAAQ,EAAE,CAAC;QACX,IAAI,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,cAAc,EAAE,CAAC;YAClD,iBAAiB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,QAAgB,EAChB,KAAmB;IAEnB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IAC/C,mBAAmB,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAChE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,QAAgB,EAChB,SAAiB,EACjB,QAAgC;IAEhC,OAAO,eAAe,CAAC,QAAQ,EAAE,GAAG,EAAE;QACpC,MAAM,KAAK,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACzC,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7B,OAAO,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAClC,CAAC;QAED,MAAM,KAAK,GAAiB;YAC1B,EAAE,EAAE,SAAS;YACb,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,GAAG,QAAQ;SACZ,CAAC;QACF,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC;QACjC,gBAAgB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QAClC,OAAO,KAAK,CAAC;IACf,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,QAAgB,EAChB,SAAiB,EACjB,MAA6B;IAE7B,MAAM,eAAe,CAAC,QAAQ,EAAE,GAAG,EAAE;QACnC,MAAM,KAAK,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC1C,IAAI,CAAC,QAAQ;YAAE,OAAO;QAEtB,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG;YACzB,GAAG,QAAQ;YACX,GAAG,MAAM;YACT,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QACF,gBAAgB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/sessions/transcript-events.d.ts

@@ -0,0 +1,11 @@
+export type SessionTranscriptUpdate = {
+    sessionFile: string;
+    sessionKey?: string;
+    message?: unknown;
+    messageId?: string;
+};
+type SessionTranscriptListener = (update: SessionTranscriptUpdate) => void;
+export declare function onSessionTranscriptUpdate(listener: SessionTranscriptListener): () => void;
+export declare function emitSessionTranscriptUpdate(update: string | SessionTranscriptUpdate): void;
+export {};
+//# sourceMappingURL=transcript-events.d.ts.map

package/dist/sessions/transcript-events.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"transcript-events.d.ts","sourceRoot":"","sources":["../../src/sessions/transcript-events.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,uBAAuB,GAAG;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,yBAAyB,GAAG,CAAC,MAAM,EAAE,uBAAuB,KAAK,IAAI,CAAC;AAI3E,wBAAgB,yBAAyB,CAAC,QAAQ,EAAE,yBAAyB,GAAG,MAAM,IAAI,CAKzF;AAED,wBAAgB,2BAA2B,CAAC,MAAM,EAAE,MAAM,GAAG,uBAAuB,GAAG,IAAI,CA6B1F"}

package/dist/sessions/transcript-events.js

@@ -0,0 +1,40 @@
+// Ported verbatim from OpenClaw src/sessions/transcript-events.ts
+const SESSION_TRANSCRIPT_LISTENERS = new Set();
+export function onSessionTranscriptUpdate(listener) {
+    SESSION_TRANSCRIPT_LISTENERS.add(listener);
+    return () => {
+        SESSION_TRANSCRIPT_LISTENERS.delete(listener);
+    };
+}
+export function emitSessionTranscriptUpdate(update) {
+    const normalized = typeof update === "string"
+        ? { sessionFile: update }
+        : {
+            sessionFile: update.sessionFile,
+            sessionKey: update.sessionKey,
+            message: update.message,
+            messageId: update.messageId,
+        };
+    const trimmed = normalized.sessionFile.trim();
+    if (!trimmed)
+        return;
+    const nextUpdate = {
+        sessionFile: trimmed,
+        ...(typeof normalized.sessionKey === "string" && normalized.sessionKey.trim()
+            ? { sessionKey: normalized.sessionKey.trim() }
+            : {}),
+        ...(normalized.message !== undefined ? { message: normalized.message } : {}),
+        ...(typeof normalized.messageId === "string" && normalized.messageId.trim()
+            ? { messageId: normalized.messageId.trim() }
+            : {}),
+    };
+    for (const listener of SESSION_TRANSCRIPT_LISTENERS) {
+        try {
+            listener(nextUpdate);
+        }
+        catch {
+            /* ignore */
+        }
+    }
+}
+//# sourceMappingURL=transcript-events.js.map

package/dist/sessions/transcript-events.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"transcript-events.js","sourceRoot":"","sources":["../../src/sessions/transcript-events.ts"],"names":[],"mappings":"AAAA,kEAAkE;AAWlE,MAAM,4BAA4B,GAAG,IAAI,GAAG,EAA6B,CAAC;AAE1E,MAAM,UAAU,yBAAyB,CAAC,QAAmC;IAC3E,4BAA4B,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC3C,OAAO,GAAG,EAAE;QACV,4BAA4B,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAChD,CAAC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,MAAwC;IAClF,MAAM,UAAU,GACd,OAAO,MAAM,KAAK,QAAQ;QACxB,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE;QACzB,CAAC,CAAC;YACE,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;IACR,MAAM,OAAO,GAAG,UAAU,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;IAC9C,IAAI,CAAC,OAAO;QAAE,OAAO;IACrB,MAAM,UAAU,GAA4B;QAC1C,WAAW,EAAE,OAAO;QACpB,GAAG,CAAC,OAAO,UAAU,CAAC,UAAU,KAAK,QAAQ,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,EAAE;YAC3E,CAAC,CAAC,EAAE,UAAU,EAAE,UAAU,CAAC,UAAU,CAAC,IAAI,EAAE,EAAE;YAC9C,CAAC,CAAC,EAAE,CAAC;QACP,GAAG,CAAC,UAAU,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5E,GAAG,CAAC,OAAO,UAAU,CAAC,SAAS,KAAK,QAAQ,IAAI,UAAU,CAAC,SAAS,CAAC,IAAI,EAAE;YACzE,CAAC,CAAC,EAAE,SAAS,EAAE,UAAU,CAAC,SAAS,CAAC,IAAI,EAAE,EAAE;YAC5C,CAAC,CAAC,EAAE,CAAC;KACR,CAAC;IACF,KAAK,MAAM,QAAQ,IAAI,4BAA4B,EAAE,CAAC;QACpD,IAAI,CAAC;YACH,QAAQ,CAAC,UAAU,CAAC,CAAC;QACvB,CAAC;QAAC,MAAM,CAAC;YACP,YAAY;QACd,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/shared/agent-session.d.ts

@@ -0,0 +1,10 @@
+interface SessionManagerFactory<T> {
+    continueRecent(workspaceDir: string, sessionsDir: string): T;
+    create(workspaceDir: string, sessionsDir: string): T;
+}
+export declare function resolveSessionManager<T>(SessionManager: SessionManagerFactory<T>, workspaceDir: string, sessionsDir: string): T;
+export declare function extractAssistantResponse(messages: readonly {
+    role: string;
+}[]): string;
+export {};
+//# sourceMappingURL=agent-session.d.ts.map

package/dist/shared/agent-session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-session.d.ts","sourceRoot":"","sources":["../../src/shared/agent-session.ts"],"names":[],"mappings":"AAEA,UAAU,qBAAqB,CAAC,CAAC;IAC/B,cAAc,CAAC,YAAY,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,CAAC,CAAC;IAC7D,MAAM,CAAC,YAAY,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,CAAC,CAAC;CACtD;AAED,wBAAgB,qBAAqB,CAAC,CAAC,EACrC,cAAc,EAAE,qBAAqB,CAAC,CAAC,CAAC,EACxC,YAAY,EAAE,MAAM,EACpB,WAAW,EAAE,MAAM,GAClB,CAAC,CAkBH;AAED,wBAAgB,wBAAwB,CACtC,QAAQ,EAAE,SAAS;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,EAAE,GACpC,MAAM,CAWR"}

package/dist/shared/agent-session.js

@@ -0,0 +1,33 @@
+import * as fs from "node:fs";
+export function resolveSessionManager(SessionManager, workspaceDir, sessionsDir) {
+    const hasExisting = (() => {
+        try {
+            return fs.readdirSync(sessionsDir).some((f) => f.endsWith(".jsonl"));
+        }
+        catch {
+            return false;
+        }
+    })();
+    if (hasExisting) {
+        try {
+            return SessionManager.continueRecent(workspaceDir, sessionsDir);
+        }
+        catch {
+            return SessionManager.create(workspaceDir, sessionsDir);
+        }
+    }
+    return SessionManager.create(workspaceDir, sessionsDir);
+}
+export function extractAssistantResponse(messages) {
+    for (let i = messages.length - 1; i >= 0; i--) {
+        const msg = messages[i];
+        if (msg.role === "assistant" && Array.isArray(msg.content)) {
+            return msg.content
+                .filter((block) => block.type === "text")
+                .map((block) => block.text ?? "")
+                .join("");
+        }
+    }
+    return "";
+}
+//# sourceMappingURL=agent-session.js.map

package/dist/shared/agent-session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-session.js","sourceRoot":"","sources":["../../src/shared/agent-session.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAO9B,MAAM,UAAU,qBAAqB,CACnC,cAAwC,EACxC,YAAoB,EACpB,WAAmB;IAEnB,MAAM,WAAW,GAAG,CAAC,GAAG,EAAE;QACxB,IAAI,CAAC;YACH,OAAO,EAAE,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QACvE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC,CAAC,EAAE,CAAC;IAEL,IAAI,WAAW,EAAE,CAAC;QAChB,IAAI,CAAC;YACH,OAAO,cAAc,CAAC,cAAc,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;QAClE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,cAAc,CAAC,MAAM,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,OAAO,cAAc,CAAC,MAAM,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;AAC1D,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,QAAqC;IAErC,KAAK,IAAI,CAAC,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9C,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAwC,CAAC;QAC/D,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3D,OAAQ,GAAG,CAAC,OAAkD;iBAC3D,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,MAAM,CAAC;iBACxC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC;iBAChC,IAAI,CAAC,EAAE,CAAC,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC"}

package/dist/shared/constants.d.ts

@@ -0,0 +1,6 @@
+export declare const DEFAULT_MODEL = "claude-sonnet-4-20250514";
+export declare const DEFAULT_PROVIDER = "anthropic";
+export declare const LINUX_REQUIRED_MESSAGE: string;
+export declare function buildProviderEnvKey(provider: string): string;
+export declare const PROTECTED_SYSTEM_ENV_KEYS: Set<string>;
+//# sourceMappingURL=constants.d.ts.map