cloison-runtime 0.1.0

package/dist/workspace/workspace.js

@@ -0,0 +1,85 @@
+import * as fs from "node:fs";
+import * as path from "node:path";
+import { createHookRunner } from "../hooks/index.js";
+import { createSimpleMemoryManager } from "../memory/index.js";
+import { createEmbeddingProvider } from "../memory/embeddings.js";
+import { createSkillEnablement } from "../skills/enablement.js";
+import { createCredentialStore } from "../credentials/store.js";
+import { createWorkspaceRunner } from "./runner.js";
+import { atomicWriteFileSync } from "../shared/index.js";
+export function validateWorkspaceId(userId) {
+    if (!userId || typeof userId !== "string") {
+        throw new Error("Workspace userId must be a non-empty string");
+    }
+    if (userId.includes("..") || userId.includes("/") || userId.includes("\\")) {
+        throw new Error(`Invalid workspace userId "${userId}": must not contain path traversal characters`);
+    }
+    if (!/^[a-zA-Z0-9_-]+$/.test(userId)) {
+        throw new Error(`Invalid workspace userId "${userId}": must contain only alphanumeric characters, hyphens, and underscores`);
+    }
+    if (userId.length > 128) {
+        throw new Error(`Invalid workspace userId "${userId}": must be 128 characters or less`);
+    }
+}
+export async function createWorkspace(options) {
+    const { userId, stateDir, config, skillRegistry } = options;
+    validateWorkspaceId(userId);
+    const workspaceDir = path.join(stateDir, "workspaces", userId);
+    fs.mkdirSync(workspaceDir, { recursive: true, mode: 0o700 });
+    const configPath = path.join(workspaceDir, "config.json");
+    if (!fs.existsSync(configPath)) {
+        const { credentialPassphrase: _cp, apiKey: _ak, ...persistableConfig } = config;
+        if (persistableConfig.memory?.embeddingProvider?.apiKey) {
+            const { apiKey: _epk, ...safeEp } = persistableConfig.memory.embeddingProvider;
+            persistableConfig.memory = { ...persistableConfig.memory, embeddingProvider: safeEp };
+        }
+        atomicWriteFileSync(configPath, JSON.stringify(persistableConfig, null, 2));
+    }
+    const hooks = createHookRunner();
+    const memoryDir = path.join(workspaceDir, "memory");
+    const embeddingProvider = config.memory?.embeddingProvider
+        ? createEmbeddingProvider(config.memory.embeddingProvider)
+        : undefined;
+    const memory = createSimpleMemoryManager({
+        dbDir: memoryDir,
+        embeddingProvider,
+    });
+    const skills = createSkillEnablement(workspaceDir, skillRegistry);
+    const credentials = createCredentialStore({
+        workspaceDir,
+        passphrase: config.credentialPassphrase,
+    });
+    const run = createWorkspaceRunner({
+        userId,
+        workspaceDir,
+        config,
+        hooks,
+        memory,
+        skills,
+        skillRegistry,
+        credentials,
+    });
+    return {
+        userId,
+        stateDir: workspaceDir,
+        memory,
+        hooks,
+        skills,
+        credentials,
+        run: (opts) => run(opts),
+        async destroy() {
+            await memory.close();
+        },
+    };
+}
+export function loadWorkspaceConfig(workspaceDir) {
+    const configPath = path.join(workspaceDir, "config.json");
+    try {
+        const raw = fs.readFileSync(configPath, "utf-8");
+        return JSON.parse(raw);
+    }
+    catch {
+        return {};
+    }
+}
+//# sourceMappingURL=workspace.js.map

package/dist/workspace/workspace.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"workspace.js","sourceRoot":"","sources":["../../src/workspace/workspace.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAQlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,yBAAyB,EAAE,MAAM,oBAAoB,CAAC;AAC/D,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAClE,OAAO,EAAE,qBAAqB,EAAwB,MAAM,yBAAyB,CAAC;AAEtF,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAEhE,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AASzD,MAAM,UAAU,mBAAmB,CAAC,MAAc;IAChD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3E,MAAM,IAAI,KAAK,CACb,6BAA6B,MAAM,+CAA+C,CACnF,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,6BAA6B,MAAM,wEAAwE,CAC5G,CAAC;IACJ,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CACb,6BAA6B,MAAM,mCAAmC,CACvE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAA+B;IAE/B,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC;IAC5D,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAE5B,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;IAC/D,EAAE,CAAC,SAAS,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAE7D,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC;IAC1D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,MAAM,EAAE,oBAAoB,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,iBAAiB,EAAE,GAAG,MAAM,CAAC;QAChF,IAAI,iBAAiB,CAAC,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,CAAC;YACxD,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,EAAE,GAAG,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC;YAC/E,iBAAiB,CAAC,MAAM,GAAG,EAAE,GAAG,iBAAiB,CAAC,MAAM,EAAE,iBAAiB,EAAE,MAA2D,EAAE,CAAC;QAC7I,CAAC;QACD,mBAAmB,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,iBAAiB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IAEjC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IACpD,MAAM,iBAAiB,GAAG,MAAM,CAAC,MAAM,EAAE,iBAAiB;QACxD,CAAC,CAAC,uBAAuB,CAAC,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC;QAC1D,CAAC,CAAC,SAAS,CAAC;IACd,MAAM,MAAM,GAAG,yBAAyB,CAAC;QACvC,KAAK,EAAE,SAAS;QAChB,iBAAiB;KAClB,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,qBAAqB,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC;IAElE,MAAM,WAAW,GAAG,qBAAqB,CAAC;QACxC,YAAY;QACZ,UAAU,EAAE,MAAM,CAAC,oBAAoB;KACxC,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,qBAAqB,CAAC;QAChC,MAAM;QACN,YAAY;QACZ,MAAM;QACN,KAAK;QACL,MAAM;QACN,MAAM;QACN,aAAa;QACb,WAAW;KACZ,CAAC,CAAC;IAEH,OAAO;QACL,MAAM;QACN,QAAQ,EAAE,YAAY;QACtB,MAAM;QACN,KAAK;QACL,MAAM;QACN,WAAW;QACX,GAAG,EAAE,CAAC,IAAyB,EAA2B,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC;QACtE,KAAK,CAAC,OAAO;YACX,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;QACvB,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,YAAoB;IACtD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC;IAC1D,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACjD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAoB,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC"}

package/package.json

@@ -0,0 +1,82 @@
+{
+  "name": "cloison-runtime",
+  "version": "0.1.0",
+  "description": "Multi-tenant AI agent runtime with OS-level isolation. Sandboxed execution, encrypted credentials, private memory per tenant — one server, no Docker.",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/tonga54/cloison-runtime.git"
+  },
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "bin": {
+    "cloison-runtime": "dist/cli.js"
+  },
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist/",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "node scripts/build.mjs",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "dev": "tsx src/cli.ts",
+    "docker:build": "docker compose build",
+    "docker:test": "docker compose run --rm dev pnpm test",
+    "docker:shell": "docker compose run --rm dev bash"
+  },
+  "dependencies": {
+    "@mariozechner/pi-agent-core": "0.55.3",
+    "@mariozechner/pi-ai": "0.55.3",
+    "@mariozechner/pi-coding-agent": "0.55.3"
+  },
+  "devDependencies": {
+    "@types/node": "^25.3.3",
+    "tsx": "^4.21.0",
+    "typescript": "^5.9.3",
+    "vitest": "^4.1.2"
+  },
+  "keywords": [
+    "ai-agent",
+    "ai-agents",
+    "agent",
+    "agent-runtime",
+    "autonomous-agent",
+    "multi-agent",
+    "ai",
+    "llm",
+    "ai-infrastructure",
+    "ai-security",
+    "agent-security",
+    "mcp",
+    "model-context-protocol",
+    "tool-use",
+    "sandbox",
+    "secure-sandbox",
+    "sandboxing",
+    "runtime",
+    "isolation",
+    "process-isolation",
+    "tenant-isolation",
+    "multi-tenant",
+    "multitenant",
+    "security",
+    "credentials",
+    "encrypted-credentials",
+    "containerless"
+  ],
+  "engines": {
+    "node": ">=22.12.0"
+  },
+  "os": ["linux"],
+  "packageManager": "pnpm@10.23.0"
+}