comisai 1.0.33 → 1.0.36
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/node_modules/@comis/agent/dist/background/auto-background-middleware.d.ts +11 -1
- package/node_modules/@comis/agent/dist/background/auto-background-middleware.js +21 -4
- package/node_modules/@comis/agent/dist/background/background-task-manager.d.ts +2 -2
- package/node_modules/@comis/agent/dist/background/background-task-manager.js +61 -20
- package/node_modules/@comis/agent/dist/background/background-task-persistence.js +10 -3
- package/node_modules/@comis/agent/dist/background/background-task-types.d.ts +10 -3
- package/node_modules/@comis/agent/dist/background/background-task-types.js +1 -1
- package/node_modules/@comis/agent/dist/background/completion-formatter.d.ts +39 -0
- package/node_modules/@comis/agent/dist/background/completion-formatter.js +77 -0
- package/node_modules/@comis/agent/dist/background/completion-runner.d.ts +53 -0
- package/node_modules/@comis/agent/dist/background/completion-runner.js +151 -0
- package/node_modules/@comis/agent/dist/background/index.d.ts +4 -0
- package/node_modules/@comis/agent/dist/background/index.js +2 -0
- package/node_modules/@comis/agent/dist/bridge/bridge-metrics.d.ts +17 -2
- package/node_modules/@comis/agent/dist/bridge/bridge-metrics.js +14 -2
- package/node_modules/@comis/agent/dist/bridge/pi-event-bridge.d.ts +23 -23
- package/node_modules/@comis/agent/dist/bridge/pi-event-bridge.js +72 -60
- package/node_modules/@comis/agent/dist/bridge/thinking-block-hash-invariant.d.ts +6 -7
- package/node_modules/@comis/agent/dist/bridge/thinking-block-hash-invariant.js +24 -25
- package/node_modules/@comis/agent/dist/budget/cost-tracker.d.ts +1 -1
- package/node_modules/@comis/agent/dist/context-engine/constants.d.ts +5 -5
- package/node_modules/@comis/agent/dist/context-engine/constants.js +12 -12
- package/node_modules/@comis/agent/dist/context-engine/context-engine.js +13 -4
- package/node_modules/@comis/agent/dist/context-engine/dag-annotator.d.ts +1 -2
- package/node_modules/@comis/agent/dist/context-engine/dag-annotator.js +1 -2
- package/node_modules/@comis/agent/dist/context-engine/llm-compaction.js +20 -16
- package/node_modules/@comis/agent/dist/context-engine/rehydration.js +6 -6
- package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.d.ts +12 -12
- package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.js +36 -22
- package/node_modules/@comis/agent/dist/context-engine/types-core.d.ts +15 -0
- package/node_modules/@comis/agent/dist/executor/cache-break-detection.d.ts +6 -6
- package/node_modules/@comis/agent/dist/executor/cache-break-detection.js +8 -8
- package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.d.ts +16 -0
- package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.js +46 -5
- package/node_modules/@comis/agent/dist/executor/executor-post-execution.d.ts +30 -0
- package/node_modules/@comis/agent/dist/executor/executor-post-execution.js +17 -1
- package/node_modules/@comis/agent/dist/executor/executor-prompt-runner.js +1 -1
- package/node_modules/@comis/agent/dist/executor/executor-response-filter.d.ts +7 -6
- package/node_modules/@comis/agent/dist/executor/executor-response-filter.js +9 -42
- package/node_modules/@comis/agent/dist/executor/executor-tool-assembly.js +2 -3
- package/node_modules/@comis/agent/dist/executor/gemini-cache-injector.d.ts +2 -2
- package/node_modules/@comis/agent/dist/executor/gemini-cache-injector.js +4 -4
- package/node_modules/@comis/agent/dist/executor/phase-filter.d.ts +2 -2
- package/node_modules/@comis/agent/dist/executor/phase-filter.js +5 -7
- package/node_modules/@comis/agent/dist/executor/pi-executor.d.ts +13 -0
- package/node_modules/@comis/agent/dist/executor/pi-executor.js +71 -6
- package/node_modules/@comis/agent/dist/executor/post-batch-continuation.js +7 -7
- package/node_modules/@comis/agent/dist/executor/stream-wrappers/request-body-injector.d.ts +1 -1
- package/node_modules/@comis/agent/dist/executor/stream-wrappers/request-body-injector.js +1 -1
- package/node_modules/@comis/agent/dist/executor/tool-deferral.d.ts +2 -2
- package/node_modules/@comis/agent/dist/executor/tool-deferral.js +7 -7
- package/node_modules/@comis/agent/dist/index.d.ts +17 -0
- package/node_modules/@comis/agent/dist/index.js +32 -11
- package/node_modules/@comis/agent/dist/model/auth-provider.d.ts +25 -2
- package/node_modules/@comis/agent/dist/model/auth-provider.js +6 -0
- package/node_modules/@comis/agent/dist/model/compaction-model-resolver.d.ts +3 -3
- package/node_modules/@comis/agent/dist/model/compaction-model-resolver.js +3 -3
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-file.d.ts +37 -0
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-file.js +279 -0
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-selector.d.ts +49 -0
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-selector.js +50 -0
- package/node_modules/@comis/agent/dist/model/oauth-device-code.d.ts +57 -0
- package/node_modules/@comis/agent/dist/model/oauth-device-code.js +302 -0
- package/node_modules/@comis/agent/dist/model/oauth-env.d.ts +33 -0
- package/node_modules/@comis/agent/dist/model/oauth-env.js +38 -0
- package/node_modules/@comis/agent/dist/model/oauth-errors.d.ts +41 -0
- package/node_modules/@comis/agent/dist/model/oauth-errors.js +88 -0
- package/node_modules/@comis/agent/dist/model/oauth-identity.d.ts +53 -0
- package/node_modules/@comis/agent/dist/model/oauth-identity.js +141 -0
- package/node_modules/@comis/agent/dist/model/oauth-login-runner.d.ts +99 -0
- package/node_modules/@comis/agent/dist/model/oauth-login-runner.js +374 -0
- package/node_modules/@comis/agent/dist/model/oauth-tls-preflight.d.ts +58 -0
- package/node_modules/@comis/agent/dist/model/oauth-tls-preflight.js +82 -0
- package/node_modules/@comis/agent/dist/model/oauth-token-manager.d.ts +86 -16
- package/node_modules/@comis/agent/dist/model/oauth-token-manager.js +961 -66
- package/node_modules/@comis/agent/dist/model/operation-model-defaults.d.ts +9 -4
- package/node_modules/@comis/agent/dist/model/operation-model-defaults.js +36 -9
- package/node_modules/@comis/agent/dist/model/resolve-provider-api-key.d.ts +48 -0
- package/node_modules/@comis/agent/dist/model/resolve-provider-api-key.js +66 -0
- package/node_modules/@comis/agent/dist/provider/capabilities.d.ts +5 -5
- package/node_modules/@comis/agent/dist/provider/capabilities.js +10 -23
- package/node_modules/@comis/agent/dist/safety/tool-output-safety.js +3 -3
- package/node_modules/@comis/agent/dist/session/comis-session-manager.d.ts +1 -1
- package/node_modules/@comis/agent/dist/session/comis-session-manager.js +1 -1
- package/node_modules/@comis/agent/dist/spawn/narrative-caster.d.ts +10 -0
- package/node_modules/@comis/agent/dist/spawn/narrative-caster.js +5 -1
- package/node_modules/@comis/agent/package.json +1 -1
- package/node_modules/@comis/channels/dist/email/email-adapter.js +6 -6
- package/node_modules/@comis/channels/dist/email/imap-lifecycle.js +7 -7
- package/node_modules/@comis/channels/dist/shared/deliver-to-channel.js +12 -10
- package/node_modules/@comis/channels/dist/telegram/telegram-adapter.js +1 -1
- package/node_modules/@comis/channels/package.json +1 -1
- package/node_modules/@comis/cli/dist/cli.js +2 -0
- package/node_modules/@comis/cli/dist/commands/agent.d.ts +3 -3
- package/node_modules/@comis/cli/dist/commands/agent.js +46 -3
- package/node_modules/@comis/cli/dist/commands/auth.d.ts +37 -0
- package/node_modules/@comis/cli/dist/commands/auth.js +433 -0
- package/node_modules/@comis/cli/dist/commands/doctor.d.ts +4 -1
- package/node_modules/@comis/cli/dist/commands/doctor.js +20 -5
- package/node_modules/@comis/cli/dist/doctor/checks/oauth-health.d.ts +39 -0
- package/node_modules/@comis/cli/dist/doctor/checks/oauth-health.js +399 -0
- package/node_modules/@comis/cli/dist/doctor/types.d.ts +19 -0
- package/node_modules/@comis/cli/dist/index.d.ts +1 -0
- package/node_modules/@comis/cli/dist/index.js +10 -4
- package/node_modules/@comis/cli/dist/output/relative-time.d.ts +23 -0
- package/node_modules/@comis/cli/dist/output/relative-time.js +36 -0
- package/node_modules/@comis/cli/dist/wizard/non-interactive.js +17 -8
- package/node_modules/@comis/cli/dist/wizard/steps/03-provider.js +2 -1
- package/node_modules/@comis/cli/dist/wizard/steps/04-credentials.js +223 -34
- package/node_modules/@comis/cli/dist/wizard/steps/10-write-config.js +14 -0
- package/node_modules/@comis/cli/dist/wizard/steps/11-daemon-start.js +3 -3
- package/node_modules/@comis/cli/dist/wizard/types.d.ts +7 -0
- package/node_modules/@comis/cli/package.json +1 -1
- package/node_modules/@comis/core/dist/bootstrap.d.ts +1 -1
- package/node_modules/@comis/core/dist/config/env-substitution.d.ts +66 -0
- package/node_modules/@comis/core/dist/config/env-substitution.js +115 -0
- package/node_modules/@comis/core/dist/config/index.d.ts +3 -1
- package/node_modules/@comis/core/dist/config/index.js +2 -1
- package/node_modules/@comis/core/dist/config/loader.js +61 -0
- package/node_modules/@comis/core/dist/config/managed-sections.d.ts +3 -3
- package/node_modules/@comis/core/dist/config/managed-sections.js +10 -5
- package/node_modules/@comis/core/dist/config/schema-agent.d.ts +4 -0
- package/node_modules/@comis/core/dist/config/schema-agent.js +16 -1
- package/node_modules/@comis/core/dist/config/schema-background-tasks.d.ts +7 -0
- package/node_modules/@comis/core/dist/config/schema-background-tasks.js +7 -0
- package/node_modules/@comis/core/dist/config/schema-delivery.d.ts +2 -0
- package/node_modules/@comis/core/dist/config/schema-delivery.js +2 -0
- package/node_modules/@comis/core/dist/config/schema-gemini-cache.d.ts +0 -2
- package/node_modules/@comis/core/dist/config/schema-gemini-cache.js +0 -2
- package/node_modules/@comis/core/dist/config/schema-oauth.d.ts +23 -0
- package/node_modules/@comis/core/dist/config/schema-oauth.js +19 -0
- package/node_modules/@comis/core/dist/config/schema-skills.d.ts +6 -8
- package/node_modules/@comis/core/dist/config/schema-skills.js +3 -4
- package/node_modules/@comis/core/dist/config/schema.d.ts +10 -0
- package/node_modules/@comis/core/dist/config/schema.js +3 -0
- package/node_modules/@comis/core/dist/domain/background-task-origin.d.ts +39 -0
- package/node_modules/@comis/core/dist/domain/background-task-origin.js +39 -0
- package/node_modules/@comis/core/dist/event-bus/events-infra.d.ts +71 -2
- package/node_modules/@comis/core/dist/exports/config.d.ts +2 -2
- package/node_modules/@comis/core/dist/exports/config.js +1 -1
- package/node_modules/@comis/core/dist/exports/domain.d.ts +2 -0
- package/node_modules/@comis/core/dist/exports/domain.js +1 -0
- package/node_modules/@comis/core/dist/exports/ports.d.ts +2 -2
- package/node_modules/@comis/core/dist/exports/ports.js +1 -1
- package/node_modules/@comis/core/dist/ports/delivery-queue.d.ts +23 -0
- package/node_modules/@comis/core/dist/ports/delivery-queue.js +2 -0
- package/node_modules/@comis/core/dist/ports/index.d.ts +2 -0
- package/node_modules/@comis/core/dist/ports/index.js +1 -0
- package/node_modules/@comis/core/dist/ports/oauth-credential-store.d.ts +64 -0
- package/node_modules/@comis/core/dist/ports/oauth-credential-store.js +37 -0
- package/node_modules/@comis/core/dist/tool-metadata.d.ts +20 -0
- package/node_modules/@comis/core/package.json +1 -1
- package/node_modules/@comis/daemon/dist/daemon-types.d.ts +23 -3
- package/node_modules/@comis/daemon/dist/daemon.js +82 -19
- package/node_modules/@comis/daemon/dist/health/watchdog.js +18 -3
- package/node_modules/@comis/daemon/dist/index.d.ts +2 -0
- package/node_modules/@comis/daemon/dist/index.js +5 -0
- package/node_modules/@comis/daemon/dist/observability/channel-health-logger.js +3 -3
- package/node_modules/@comis/daemon/dist/observability/delivery-queue-logger.js +1 -1
- package/node_modules/@comis/daemon/dist/rpc/agent-handlers.d.ts +22 -1
- package/node_modules/@comis/daemon/dist/rpc/agent-handlers.js +84 -21
- package/node_modules/@comis/daemon/dist/rpc/agent-inline-workspace.js +2 -2
- package/node_modules/@comis/daemon/dist/rpc/config-handlers.d.ts +9 -1
- package/node_modules/@comis/daemon/dist/rpc/config-handlers.js +104 -23
- package/node_modules/@comis/daemon/dist/rpc/credential-resolver.d.ts +30 -1
- package/node_modules/@comis/daemon/dist/rpc/credential-resolver.js +74 -11
- package/node_modules/@comis/daemon/dist/rpc/mcp-handlers.d.ts +8 -0
- package/node_modules/@comis/daemon/dist/rpc/mcp-handlers.js +22 -8
- package/node_modules/@comis/daemon/dist/rpc/provider-handlers.js +9 -12
- package/node_modules/@comis/daemon/dist/rpc/rpc-dispatch.d.ts +1 -0
- package/node_modules/@comis/daemon/dist/rpc/rpc-dispatch.js +27 -2
- package/node_modules/@comis/daemon/dist/setup-docker-restart-warn.js +0 -1
- package/node_modules/@comis/daemon/dist/wiring/index.d.ts +2 -0
- package/node_modules/@comis/daemon/dist/wiring/index.js +1 -0
- package/node_modules/@comis/daemon/dist/wiring/oauth-preflight.d.ts +21 -0
- package/node_modules/@comis/daemon/dist/wiring/oauth-preflight.js +134 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-agents.d.ts +46 -1
- package/node_modules/@comis/daemon/dist/wiring/setup-agents.js +127 -3
- package/node_modules/@comis/daemon/dist/wiring/setup-background-completion-runner.d.ts +39 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-background-completion-runner.js +32 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-background-tasks.d.ts +10 -3
- package/node_modules/@comis/daemon/dist/wiring/setup-background-tasks.js +11 -5
- package/node_modules/@comis/daemon/dist/wiring/setup-channels.js +20 -1
- package/node_modules/@comis/daemon/dist/wiring/setup-cross-session.js +1 -1
- package/node_modules/@comis/daemon/dist/wiring/setup-delivery.d.ts +14 -5
- package/node_modules/@comis/daemon/dist/wiring/setup-delivery.js +52 -19
- package/node_modules/@comis/daemon/dist/wiring/setup-schedulers.js +4 -0
- package/node_modules/@comis/daemon/package.json +1 -1
- package/node_modules/@comis/gateway/dist/index.d.ts +2 -0
- package/node_modules/@comis/gateway/dist/index.js +2 -0
- package/node_modules/@comis/gateway/dist/oauth/oauth-callback-route.d.ts +66 -0
- package/node_modules/@comis/gateway/dist/oauth/oauth-callback-route.js +212 -0
- package/node_modules/@comis/gateway/dist/server/hono-server.d.ts +14 -0
- package/node_modules/@comis/gateway/dist/server/hono-server.js +10 -0
- package/node_modules/@comis/gateway/package.json +1 -1
- package/node_modules/@comis/infra/dist/logging/log-fields.d.ts +23 -0
- package/node_modules/@comis/infra/package.json +1 -1
- package/node_modules/@comis/memory/dist/compaction.d.ts +3 -5
- package/node_modules/@comis/memory/dist/compaction.js +2 -3
- package/node_modules/@comis/memory/dist/delivery-queue-adapter.d.ts +2 -2
- package/node_modules/@comis/memory/dist/delivery-queue-adapter.js +49 -1
- package/node_modules/@comis/memory/dist/index.d.ts +2 -0
- package/node_modules/@comis/memory/dist/index.js +3 -0
- package/node_modules/@comis/memory/dist/memory-api.d.ts +1 -1
- package/node_modules/@comis/memory/dist/memory-api.js +1 -1
- package/node_modules/@comis/memory/dist/oauth-profile-schema.d.ts +17 -0
- package/node_modules/@comis/memory/dist/oauth-profile-schema.js +33 -0
- package/node_modules/@comis/memory/dist/oauth-profile-store-encrypted.d.ts +27 -0
- package/node_modules/@comis/memory/dist/oauth-profile-store-encrypted.js +144 -0
- package/node_modules/@comis/memory/dist/session-store.d.ts +1 -1
- package/node_modules/@comis/memory/dist/session-store.js +1 -1
- package/node_modules/@comis/memory/dist/sqlite-secret-store.d.ts +29 -3
- package/node_modules/@comis/memory/dist/sqlite-secret-store.js +11 -3
- package/node_modules/@comis/memory/package.json +1 -1
- package/node_modules/@comis/scheduler/dist/execution/execution-lock.d.ts +13 -0
- package/node_modules/@comis/scheduler/dist/execution/execution-lock.js +1 -1
- package/node_modules/@comis/scheduler/dist/execution/index.d.ts +2 -0
- package/node_modules/@comis/scheduler/dist/execution/index.js +2 -0
- package/node_modules/@comis/scheduler/dist/heartbeat/agent-heartbeat-source.js +1 -1
- package/node_modules/@comis/scheduler/dist/index.d.ts +2 -0
- package/node_modules/@comis/scheduler/dist/index.js +2 -0
- package/node_modules/@comis/scheduler/package.json +1 -1
- package/node_modules/@comis/shared/package.json +1 -1
- package/node_modules/@comis/skills/dist/bridge/schema-validator.d.ts +38 -0
- package/node_modules/@comis/skills/dist/bridge/schema-validator.js +169 -0
- package/node_modules/@comis/skills/dist/bridge/tool-metadata-enforcement.js +12 -0
- package/node_modules/@comis/skills/dist/bridge/tool-metadata-registry.js +130 -0
- package/node_modules/@comis/skills/dist/builtin/exec-diagnostics.d.ts +32 -0
- package/node_modules/@comis/skills/dist/builtin/exec-diagnostics.js +127 -0
- package/node_modules/@comis/skills/dist/builtin/exec-security.js +38 -0
- package/node_modules/@comis/skills/dist/builtin/exec-tool.js +9 -0
- package/node_modules/@comis/skills/dist/builtin/file-tools/grep-tool.js +6 -6
- package/node_modules/@comis/skills/dist/builtin/platform/agents-manage-tool.d.ts +5 -4
- package/node_modules/@comis/skills/dist/builtin/platform/agents-manage-tool.js +38 -27
- package/node_modules/@comis/skills/dist/builtin/platform/background-tasks-tool.d.ts +4 -1
- package/node_modules/@comis/skills/dist/builtin/platform/background-tasks-tool.js +3 -3
- package/node_modules/@comis/skills/dist/builtin/platform/cron-tool.js +1 -1
- package/node_modules/@comis/skills/dist/builtin/platform/gateway-tool.js +6 -6
- package/node_modules/@comis/skills/dist/builtin/platform/mcp-manage-tool.d.ts +1 -1
- package/node_modules/@comis/skills/dist/builtin/platform/mcp-manage-tool.js +9 -9
- package/node_modules/@comis/skills/dist/builtin/sandbox/bwrap-provider.d.ts +11 -0
- package/node_modules/@comis/skills/dist/builtin/sandbox/bwrap-provider.js +114 -1
- package/node_modules/@comis/skills/dist/builtin/sandbox/detect-provider.js +40 -15
- package/node_modules/@comis/skills/dist/media/ssrf-fetcher.d.ts +7 -0
- package/node_modules/@comis/skills/dist/media/ssrf-fetcher.js +9 -2
- package/node_modules/@comis/skills/package.json +1 -1
- package/node_modules/@comis/web/dist/assets/{agent-detail-71BSbSfD.js → agent-detail-q8t1NB7w.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{agent-editor-CTSDZhwT.js → agent-editor-B46io5gv.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{agent-list-BEhni2ea.js → agent-list-DQ6g2Rcx.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{billing-view-DVP1IvVs.js → billing-view-IWPR8LgF.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{channel-detail-N_YK74xC.js → channel-detail-DlNNZuuC.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{channel-list-DRk6ZJaF.js → channel-list-DhGwxiMc.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{chat-console-Dm-GtSf9.js → chat-console-Nv6fM3Rc.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{config-editor-CIferYX6.js → config-editor-BYKuJF76.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{context-dag-browser-CL84rXXM.js → context-dag-browser-ClNEtzYE.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{context-engine-B1HOTEZv.js → context-engine-BZJ6HChd.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{delivery-view-Y6JKYVFw.js → delivery-view-Cb7I3vGu.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{diagnostics-view-DWV1UQjz.js → diagnostics-view-9u9Lyu5a.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{ic-chat-message-DfSERzzg.js → ic-chat-message-BFt3cVpx.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{ic-connection-dot-CXyhlJup.js → ic-connection-dot-y77LZ3Gu.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{ic-tool-call-DNmwTjek.js → ic-tool-call-qt6w1NQl.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{index-CBr0Tm9_.js → index-8Tg9oc-C.js} +2 -2
- package/node_modules/@comis/web/dist/assets/{mcp-management-BaH2-vox.js → mcp-management-69dtH_kY.js} +2 -2
- package/node_modules/@comis/web/dist/assets/{media-config-CZLshJoN.js → media-config-BdjLj5c1.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{media-test-C9NUWgo_.js → media-test-DuPqrixi.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{memory-inspector-D_fmTcRN.js → memory-inspector-B-Pepbq-.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{message-center-BBFlNCZn.js → message-center-B7l0yNYY.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{models-BytGLm99.js → models-JHFHuv5S.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{observe-view-VXtHqaqq.js → observe-view-r8mqhy4O.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-builder-CfXczlfJ.js → pipeline-builder-XjkiZRcR.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-history-CPmXFnbe.js → pipeline-history-CZqJv_Hj.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-history-detail-DcueTMs9.js → pipeline-history-detail-BEFGMoDy.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-list-B-xG5WZh.js → pipeline-list-B6q5LvO1.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-monitor-pnIOYaSY.js → pipeline-monitor-BNomXjVL.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{scheduler-BtUIFHhA.js → scheduler-BJEjcGKA.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{security-C8mWRq2y.js → security-2G1jhBfV.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{session-detail-DgdkO5ka.js → session-detail-DmVPzFBR.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{session-list-DcylcfTn.js → session-list-CsqMQoHs.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{setup-wizard-BP5yjsuL.js → setup-wizard-CAdM-gSP.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{skills-DXt1bX8Z.js → skills-2ODqKaWr.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{subagents-C7YbUHXY.js → subagents-BFlwfTbD.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{workspace-manager-DP6pW4wa.js → workspace-manager--CbOx_dI.js} +1 -1
- package/node_modules/@comis/web/dist/index.html +1 -1
- package/node_modules/@comis/web/package.json +1 -1
- package/package.json +17 -16
|
@@ -188,6 +188,136 @@ export function registerAllToolMetadata() {
|
|
|
188
188
|
},
|
|
189
189
|
});
|
|
190
190
|
// =========================================================================
|
|
191
|
+
// Tool-Entry Schema (260504-cac)
|
|
192
|
+
//
|
|
193
|
+
// Generic action enum + valid keys + per-action required fields. Consumed
|
|
194
|
+
// by validateToolEntry() in ./schema-validator.ts via
|
|
195
|
+
// wrapWithMetadataEnforcement BEFORE per-tool validateInput runs.
|
|
196
|
+
//
|
|
197
|
+
// Each tool's shape is sourced from its TypeBox Type.Union([Type.Literal(...)])
|
|
198
|
+
// action enum + each action handler's readStringParam(p, X) /
|
|
199
|
+
// throwToolError("missing_param", ...) calls in its actionOverrides.
|
|
200
|
+
//
|
|
201
|
+
// Cross-consistency: managed-section entries in
|
|
202
|
+
// @comis/core/src/config/managed-sections.ts also declare
|
|
203
|
+
// requiredByAction for the redirect-hint payload. The registrations
|
|
204
|
+
// here are the runtime gate; the managed-section entries are the
|
|
205
|
+
// user-facing redirect hint.
|
|
206
|
+
// =========================================================================
|
|
207
|
+
registerToolMetadata("mcp_manage", {
|
|
208
|
+
validActions: ["list", "status", "connect", "disconnect", "reconnect"],
|
|
209
|
+
validKeys: ["action", "server_name", "transport", "command", "args", "url", "headers"],
|
|
210
|
+
// connect requires [server_name, transport]; command (stdio) / url (sse|http) are
|
|
211
|
+
// transport-conditional and validated downstream by the handler.
|
|
212
|
+
requiredByAction: {
|
|
213
|
+
status: ["server_name"],
|
|
214
|
+
connect: ["server_name", "transport"],
|
|
215
|
+
disconnect: ["server_name"],
|
|
216
|
+
reconnect: ["server_name"],
|
|
217
|
+
},
|
|
218
|
+
});
|
|
219
|
+
registerToolMetadata("agents_manage", {
|
|
220
|
+
validActions: ["create", "get", "update", "delete", "suspend", "resume", "list"],
|
|
221
|
+
validKeys: ["action", "agent_id", "config"],
|
|
222
|
+
// agent_id is required for every action except list.
|
|
223
|
+
requiredByAction: {
|
|
224
|
+
create: ["agent_id", "config"],
|
|
225
|
+
get: ["agent_id"],
|
|
226
|
+
update: ["agent_id", "config"],
|
|
227
|
+
delete: ["agent_id"],
|
|
228
|
+
suspend: ["agent_id"],
|
|
229
|
+
resume: ["agent_id"],
|
|
230
|
+
},
|
|
231
|
+
});
|
|
232
|
+
registerToolMetadata("tokens_manage", {
|
|
233
|
+
validActions: ["list", "create", "revoke", "rotate"],
|
|
234
|
+
validKeys: ["action", "token_id", "scopes"],
|
|
235
|
+
// create: token_id is auto-generated when omitted (per the schema +
|
|
236
|
+
// handler's non-required readStringParam call); only scopes is strictly
|
|
237
|
+
// required.
|
|
238
|
+
requiredByAction: {
|
|
239
|
+
create: ["scopes"],
|
|
240
|
+
revoke: ["token_id"],
|
|
241
|
+
rotate: ["token_id"],
|
|
242
|
+
},
|
|
243
|
+
});
|
|
244
|
+
registerToolMetadata("providers_manage", {
|
|
245
|
+
validActions: ["list", "get", "create", "update", "delete", "enable", "disable"],
|
|
246
|
+
validKeys: ["action", "provider_id", "config"],
|
|
247
|
+
requiredByAction: {
|
|
248
|
+
get: ["provider_id"],
|
|
249
|
+
create: ["provider_id", "config"],
|
|
250
|
+
update: ["provider_id", "config"],
|
|
251
|
+
delete: ["provider_id"],
|
|
252
|
+
enable: ["provider_id"],
|
|
253
|
+
disable: ["provider_id"],
|
|
254
|
+
},
|
|
255
|
+
});
|
|
256
|
+
registerToolMetadata("channels_manage", {
|
|
257
|
+
validActions: ["list", "get", "enable", "disable", "restart", "configure"],
|
|
258
|
+
validKeys: ["action", "channel_type", "setting", "enabled"],
|
|
259
|
+
requiredByAction: {
|
|
260
|
+
get: ["channel_type"],
|
|
261
|
+
enable: ["channel_type"],
|
|
262
|
+
disable: ["channel_type"],
|
|
263
|
+
restart: ["channel_type"],
|
|
264
|
+
configure: ["channel_type", "setting", "enabled"],
|
|
265
|
+
},
|
|
266
|
+
});
|
|
267
|
+
registerToolMetadata("sessions_manage", {
|
|
268
|
+
validActions: ["delete", "reset", "export", "compact"],
|
|
269
|
+
validKeys: ["action", "session_key", "instructions"],
|
|
270
|
+
requiredByAction: {
|
|
271
|
+
delete: ["session_key"],
|
|
272
|
+
reset: ["session_key"],
|
|
273
|
+
export: ["session_key"],
|
|
274
|
+
compact: ["session_key"],
|
|
275
|
+
},
|
|
276
|
+
});
|
|
277
|
+
registerToolMetadata("skills_manage", {
|
|
278
|
+
validActions: ["list", "import", "delete", "create", "update"],
|
|
279
|
+
validKeys: ["action", "url", "name", "content", "description", "scope"],
|
|
280
|
+
requiredByAction: {
|
|
281
|
+
import: ["url"],
|
|
282
|
+
delete: ["name"],
|
|
283
|
+
create: ["name", "content"],
|
|
284
|
+
update: ["name", "content"],
|
|
285
|
+
},
|
|
286
|
+
});
|
|
287
|
+
registerToolMetadata("memory_manage", {
|
|
288
|
+
validActions: ["stats", "browse", "delete", "flush", "export"],
|
|
289
|
+
validKeys: [
|
|
290
|
+
"action", "tenant_id", "agent_id", "ids", "offset", "limit", "sort",
|
|
291
|
+
"memory_type", "trust_level", "tags",
|
|
292
|
+
],
|
|
293
|
+
// tenant_id / agent_id are scope filters with defaults; only ids is
|
|
294
|
+
// strictly required (for delete).
|
|
295
|
+
requiredByAction: {
|
|
296
|
+
delete: ["ids"],
|
|
297
|
+
},
|
|
298
|
+
});
|
|
299
|
+
registerToolMetadata("models_manage", {
|
|
300
|
+
validActions: ["list", "test", "list_providers"],
|
|
301
|
+
validKeys: ["action", "provider", "model"],
|
|
302
|
+
requiredByAction: {
|
|
303
|
+
test: ["provider", "model"],
|
|
304
|
+
},
|
|
305
|
+
});
|
|
306
|
+
registerToolMetadata("heartbeat_manage", {
|
|
307
|
+
validActions: ["get", "update", "status", "trigger"],
|
|
308
|
+
validKeys: [
|
|
309
|
+
"action", "agent_id", "enabled", "interval_ms", "prompt", "model",
|
|
310
|
+
"target_channel_type", "target_channel_id", "target_chat_id", "target_is_dm",
|
|
311
|
+
"light_context", "show_ok", "show_alerts", "allow_dm",
|
|
312
|
+
"skip_heartbeat_only_delivery", "ack_max_chars", "response_prefix", "session",
|
|
313
|
+
"alert_threshold", "alert_cooldown_ms", "stale_ms",
|
|
314
|
+
],
|
|
315
|
+
// Every action's params beyond `action` are Type.Optional. Empty
|
|
316
|
+
// requiredByAction still gates unknown action values + unknown keys via
|
|
317
|
+
// validActions / validKeys.
|
|
318
|
+
requiredByAction: {},
|
|
319
|
+
});
|
|
320
|
+
// =========================================================================
|
|
191
321
|
// Output Schemas
|
|
192
322
|
// =========================================================================
|
|
193
323
|
registerToolMetadata("read", {
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Exec failure diagnostics: pattern-based recovery hints for known-recoverable
|
|
3
|
+
* subprocess failures. Pure functions — no throws, no I/O beyond synchronous
|
|
4
|
+
* filesystem existence checks scoped to `cwd` via safePath.
|
|
5
|
+
*
|
|
6
|
+
* Wired into executeForeground's stderr finalization in exec-tool.ts. When a
|
|
7
|
+
* matcher returns non-null, its hint is prepended to finalStderr with a
|
|
8
|
+
* `RECOVERY HINT:` prefix so the LLM sees actionable recovery info at the head
|
|
9
|
+
* of the error stream — same surfacing pattern as the existing
|
|
10
|
+
* breakSystemWarning on stdout.
|
|
11
|
+
*
|
|
12
|
+
* Day 1 ships ONE matcher (Python ModuleNotFoundError + missing pyproject.toml).
|
|
13
|
+
* Future matchers register as additional entries in the matchers array — no
|
|
14
|
+
* edits to exec-tool.ts required.
|
|
15
|
+
*
|
|
16
|
+
* @module
|
|
17
|
+
*/
|
|
18
|
+
export interface ExecRecoveryInput {
|
|
19
|
+
/** Final stderr text (post-truncation, post-timeout/abort suffix). */
|
|
20
|
+
stderr: string;
|
|
21
|
+
/** Process exit code. Matchers may early-return on 0. */
|
|
22
|
+
exitCode: number;
|
|
23
|
+
/** Absolute working directory the command ran in. Already workspace-bounded by exec-tool's resolveCwd. */
|
|
24
|
+
cwd: string;
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Run all registered matchers against the failed exec result. Returns the
|
|
28
|
+
* first non-null hint, or `null` if no matcher applies. Multiple-hint
|
|
29
|
+
* concatenation is intentionally not supported on Day 1 — keep the surface
|
|
30
|
+
* narrow until we have a second matcher to motivate the shape.
|
|
31
|
+
*/
|
|
32
|
+
export declare function matchExecRecoveryHint(input: ExecRecoveryInput): string | null;
|
|
@@ -0,0 +1,127 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
/**
|
|
3
|
+
* Exec failure diagnostics: pattern-based recovery hints for known-recoverable
|
|
4
|
+
* subprocess failures. Pure functions — no throws, no I/O beyond synchronous
|
|
5
|
+
* filesystem existence checks scoped to `cwd` via safePath.
|
|
6
|
+
*
|
|
7
|
+
* Wired into executeForeground's stderr finalization in exec-tool.ts. When a
|
|
8
|
+
* matcher returns non-null, its hint is prepended to finalStderr with a
|
|
9
|
+
* `RECOVERY HINT:` prefix so the LLM sees actionable recovery info at the head
|
|
10
|
+
* of the error stream — same surfacing pattern as the existing
|
|
11
|
+
* breakSystemWarning on stdout.
|
|
12
|
+
*
|
|
13
|
+
* Day 1 ships ONE matcher (Python ModuleNotFoundError + missing pyproject.toml).
|
|
14
|
+
* Future matchers register as additional entries in the matchers array — no
|
|
15
|
+
* edits to exec-tool.ts required.
|
|
16
|
+
*
|
|
17
|
+
* @module
|
|
18
|
+
*/
|
|
19
|
+
import { existsSync, statSync } from "node:fs";
|
|
20
|
+
import { safePath } from "@comis/core";
|
|
21
|
+
// ---------------------------------------------------------------------------
|
|
22
|
+
// Matcher: Python ModuleNotFoundError + missing pyproject.toml
|
|
23
|
+
// ---------------------------------------------------------------------------
|
|
24
|
+
/**
|
|
25
|
+
* Match `python -m foo` failures where stderr is one of:
|
|
26
|
+
* 1. `ModuleNotFoundError: No module named 'foo'` (Python traceback form,
|
|
27
|
+
* raised when the import fires inside Python code — e.g. `python -m a.b`
|
|
28
|
+
* where `a` imports a missing dep, or `python -m a.b.c` where `a` itself
|
|
29
|
+
* can't be found and Python re-raises through runpy).
|
|
30
|
+
* 2. `<python-binary>: No module named foo` (runpy CLI form, no quotes,
|
|
31
|
+
* end-of-line — what `python3 -m <pkg>` emits when `<pkg>` is not findable
|
|
32
|
+
* in sys.path. This is the most common real-world trigger.)
|
|
33
|
+
*
|
|
34
|
+
* Combined with `cwd/foo/` or `cwd/src/foo/` existing AND `cwd/pyproject.toml`
|
|
35
|
+
* missing, this means the user has a Python project but no installable package
|
|
36
|
+
* metadata. Suggest writing pyproject.toml + `pip install -e .`.
|
|
37
|
+
*/
|
|
38
|
+
// First alternation captures from the quoted ModuleNotFoundError form;
|
|
39
|
+
// second alternation captures from the bare `: No module named foo` runpy form.
|
|
40
|
+
// Anchored to end-of-line (m flag) so we don't accidentally swallow trailing
|
|
41
|
+
// content on the runpy form.
|
|
42
|
+
const PY_MODULE_NOT_FOUND_RE = /(?:ModuleNotFoundError:\s*No module named ['"]([^'"]+)['"]|: No module named ([A-Za-z_][A-Za-z0-9_.]*)\s*$)/m;
|
|
43
|
+
const SAFE_PKG_NAME_RE = /^[a-zA-Z_][a-zA-Z0-9_]*$/;
|
|
44
|
+
function isDirectorySafe(p) {
|
|
45
|
+
try {
|
|
46
|
+
if (!existsSync(p))
|
|
47
|
+
return false;
|
|
48
|
+
return statSync(p).isDirectory();
|
|
49
|
+
}
|
|
50
|
+
catch {
|
|
51
|
+
return false;
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
const matchPythonModuleNotFound = ({ stderr, exitCode, cwd }) => {
|
|
55
|
+
if (exitCode === 0)
|
|
56
|
+
return null;
|
|
57
|
+
const m = PY_MODULE_NOT_FOUND_RE.exec(stderr);
|
|
58
|
+
if (!m)
|
|
59
|
+
return null;
|
|
60
|
+
// Group 1 = quoted ModuleNotFoundError form; Group 2 = bare runpy form.
|
|
61
|
+
// For `python -m a.b.c` ModuleNotFoundError reports the LEADING segment
|
|
62
|
+
// ('a') when 'a' itself can't be found. Take the first dotted segment;
|
|
63
|
+
// anything else (hyphens, empty, leading digit) abstains via SAFE_PKG_NAME_RE.
|
|
64
|
+
const fullName = m[1] ?? m[2];
|
|
65
|
+
if (!fullName)
|
|
66
|
+
return null;
|
|
67
|
+
const pkg = fullName.split(".")[0];
|
|
68
|
+
if (!SAFE_PKG_NAME_RE.test(pkg))
|
|
69
|
+
return null;
|
|
70
|
+
try {
|
|
71
|
+
// Already-installable project — different bug, abstain.
|
|
72
|
+
const pyproject = safePath(cwd, "pyproject.toml");
|
|
73
|
+
if (existsSync(pyproject))
|
|
74
|
+
return null;
|
|
75
|
+
// Look for cwd/<pkg>/ or cwd/src/<pkg>/. Both must be directories.
|
|
76
|
+
const directDir = safePath(cwd, pkg);
|
|
77
|
+
let foundLayout = null;
|
|
78
|
+
if (isDirectorySafe(directDir)) {
|
|
79
|
+
foundLayout = "flat";
|
|
80
|
+
}
|
|
81
|
+
else {
|
|
82
|
+
const srcDir = safePath(cwd, "src");
|
|
83
|
+
if (isDirectorySafe(srcDir)) {
|
|
84
|
+
const srcPkgDir = safePath(srcDir, pkg);
|
|
85
|
+
if (isDirectorySafe(srcPkgDir)) {
|
|
86
|
+
foundLayout = "src";
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
if (!foundLayout)
|
|
91
|
+
return null;
|
|
92
|
+
const pkgPathHint = foundLayout === "src" ? `src/${pkg}/` : `${pkg}/`;
|
|
93
|
+
const layoutTable = foundLayout === "src"
|
|
94
|
+
? `[tool.setuptools.packages.find] where=["src"]`
|
|
95
|
+
: `[tool.setuptools] packages=["${pkg}"]`;
|
|
96
|
+
return (`RECOVERY HINT: This Python project is missing pyproject.toml. ` +
|
|
97
|
+
`Found ${pkgPathHint} but no installable package metadata, so \`python -m ${pkg}\` cannot resolve it. ` +
|
|
98
|
+
`Fix: write a minimal pyproject.toml at the project root, then \`pip install -e .\`. ` +
|
|
99
|
+
`Example: [build-system] requires=["setuptools>=61"] [project] name="${pkg}" version="0.1.0" ` +
|
|
100
|
+
layoutTable);
|
|
101
|
+
}
|
|
102
|
+
catch {
|
|
103
|
+
// safePath/statSync surprise — abstain rather than break exec.
|
|
104
|
+
return null;
|
|
105
|
+
}
|
|
106
|
+
};
|
|
107
|
+
// ---------------------------------------------------------------------------
|
|
108
|
+
// Registry + entry point
|
|
109
|
+
// ---------------------------------------------------------------------------
|
|
110
|
+
const matchers = [
|
|
111
|
+
matchPythonModuleNotFound,
|
|
112
|
+
// Future: matchNodeModuleNotFound, matchCommandNotFound, matchEnvVarMissing, ...
|
|
113
|
+
];
|
|
114
|
+
/**
|
|
115
|
+
* Run all registered matchers against the failed exec result. Returns the
|
|
116
|
+
* first non-null hint, or `null` if no matcher applies. Multiple-hint
|
|
117
|
+
* concatenation is intentionally not supported on Day 1 — keep the surface
|
|
118
|
+
* narrow until we have a second matcher to motivate the shape.
|
|
119
|
+
*/
|
|
120
|
+
export function matchExecRecoveryHint(input) {
|
|
121
|
+
for (const m of matchers) {
|
|
122
|
+
const hit = m(input);
|
|
123
|
+
if (hit)
|
|
124
|
+
return hit;
|
|
125
|
+
}
|
|
126
|
+
return null;
|
|
127
|
+
}
|
|
@@ -263,6 +263,12 @@ export const DANGEROUS_COMMAND_PATTERNS = [
|
|
|
263
263
|
"to see which secret names are configured (names only, no values). " +
|
|
264
264
|
"Secret values are never returned to the agent.",
|
|
265
265
|
},
|
|
266
|
+
{
|
|
267
|
+
pattern: /\.comis\/auth-profiles\.json/,
|
|
268
|
+
reason: "Access to the OAuth credential store (auth-profiles.json) is blocked. " +
|
|
269
|
+
"It contains refresh and access tokens for every connected provider. " +
|
|
270
|
+
"Use the gateway tool to manage OAuth profiles -- token values are never returned to the agent.",
|
|
271
|
+
},
|
|
266
272
|
// Category E -- Config file modification bypass
|
|
267
273
|
// Defense-in-depth: the agent system prompt is the primary guard.
|
|
268
274
|
// These regexes can be bypassed via quoting, variable expansion, etc.
|
|
@@ -334,6 +340,38 @@ export const DANGEROUS_COMMAND_PATTERNS = [
|
|
|
334
340
|
pattern: /\.comis\/\.env.*(?:sed|awk|tee|cat\s*>|echo\s*>)/,
|
|
335
341
|
reason: "Direct .env file modification bypasses SecretManager and audit. Credentials must be managed through secure channels.",
|
|
336
342
|
},
|
|
343
|
+
{
|
|
344
|
+
pattern: /(?:sed|awk|tee|cp|mv|perl|ruby)\b.*\.comis\/auth-profiles\.json/,
|
|
345
|
+
reason: "Direct OAuth credential store (auth-profiles.json) modification bypasses atomic-write, per-profile-lock, and schema-version validation in oauth-credential-store-file.ts. Use the gateway tool to manage OAuth profiles.",
|
|
346
|
+
},
|
|
347
|
+
{
|
|
348
|
+
pattern: /(?:echo|cat)\b.*>.*\.comis\/auth-profiles\.json/,
|
|
349
|
+
reason: "Direct OAuth credential store (auth-profiles.json) modification bypasses atomic-write, per-profile-lock, and schema-version validation in oauth-credential-store-file.ts. Use the gateway tool to manage OAuth profiles.",
|
|
350
|
+
},
|
|
351
|
+
{
|
|
352
|
+
pattern: /\.comis\/auth-profiles\.json.*(?:sed|awk|tee|cat\s*>|echo\s*>)/,
|
|
353
|
+
reason: "Direct OAuth credential store (auth-profiles.json) modification bypasses atomic-write, per-profile-lock, and schema-version validation in oauth-credential-store-file.ts. Use the gateway tool to manage OAuth profiles.",
|
|
354
|
+
},
|
|
355
|
+
// Category L -- Network reverse-shell primitives
|
|
356
|
+
// Direct attack primitives that establish a remote shell without going
|
|
357
|
+
// through a pipe (so the existing Gate 2 "pipe to bash/sh/curl/wget/nc"
|
|
358
|
+
// wouldn't catch them). Defense-in-depth: the agent has no legitimate
|
|
359
|
+
// reason to use any of these — the surrounding skills wrap network access
|
|
360
|
+
// through the daemon's HTTP client. A network egress allowlist (iptables
|
|
361
|
+
// --uid-owner) is the actual security boundary; these patterns just
|
|
362
|
+
// surface intent earlier in the chain.
|
|
363
|
+
{
|
|
364
|
+
pattern: /\/dev\/tcp\//,
|
|
365
|
+
reason: "Bash /dev/tcp/<host>/<port> opens a raw TCP socket — reverse-shell primitive.",
|
|
366
|
+
},
|
|
367
|
+
{
|
|
368
|
+
pattern: /\bnc(?:at)?\b[^|;&]*\s-e\b/,
|
|
369
|
+
reason: "netcat -e (--exec) attaches a process to the socket — reverse-shell primitive.",
|
|
370
|
+
},
|
|
371
|
+
{
|
|
372
|
+
pattern: /\bsocat\b[^|;&]*\bexec\s*:/,
|
|
373
|
+
reason: "socat exec: target attaches a process to the socket — reverse-shell primitive.",
|
|
374
|
+
},
|
|
337
375
|
];
|
|
338
376
|
// --------------------------------------------------------------------------
|
|
339
377
|
// Dangerous path protection constants
|
|
@@ -33,6 +33,7 @@ import { generateSessionId, appendOutput } from "./process-registry.js";
|
|
|
33
33
|
import { truncateTail, formatSize, DEFAULT_MAX_BYTES } from "./truncate.js";
|
|
34
34
|
import { createOutputCleaner } from "./output-cleaner.js";
|
|
35
35
|
import { extractHeredoc, validateExecCommand, interpretExitCode } from "./exec-security.js";
|
|
36
|
+
import { matchExecRecoveryHint } from "./exec-diagnostics.js";
|
|
36
37
|
import { tryGetContext } from "@comis/core";
|
|
37
38
|
// ---------------------------------------------------------------------------
|
|
38
39
|
// Constants
|
|
@@ -722,6 +723,14 @@ function executeForeground(command, cwd, env, timeoutMs, input, signal, onUpdate
|
|
|
722
723
|
if (aborted) {
|
|
723
724
|
finalStderr += (finalStderr ? "\n" : "") + "Process aborted by signal";
|
|
724
725
|
}
|
|
726
|
+
// Recovery diagnostics: prepend a `RECOVERY HINT:` line for known-recoverable
|
|
727
|
+
// failures (e.g. Python ModuleNotFoundError + missing pyproject.toml). Same
|
|
728
|
+
// surfacing pattern as breakSystemWarning on stdout — gives the LLM an
|
|
729
|
+
// actionable next step at the HEAD of stderr instead of buried in JSON.
|
|
730
|
+
const recoveryHint = matchExecRecoveryHint({ stderr: finalStderr, exitCode, cwd });
|
|
731
|
+
if (recoveryHint) {
|
|
732
|
+
finalStderr = recoveryHint + (finalStderr ? "\n" + finalStderr : "");
|
|
733
|
+
}
|
|
725
734
|
const durationMs = Math.round(performance.now() - startTime);
|
|
726
735
|
logger?.debug({ toolName: "exec", durationMs, exitCode, ...(description && { description }) }, "Exec command complete");
|
|
727
736
|
const result = {
|
|
@@ -148,22 +148,22 @@ function buildRipgrepArgs(pattern, outputMode, options = {}) {
|
|
|
148
148
|
}
|
|
149
149
|
// Pattern (use -e to avoid pattern being confused with flags)
|
|
150
150
|
args.push("-e", pattern);
|
|
151
|
-
//
|
|
151
|
+
// Filtering
|
|
152
152
|
if (options.glob)
|
|
153
153
|
args.push("--glob", options.glob);
|
|
154
154
|
if (options.type)
|
|
155
155
|
args.push("--type", options.type);
|
|
156
|
-
//
|
|
156
|
+
// Case-insensitive
|
|
157
157
|
if (options.caseInsensitive)
|
|
158
158
|
args.push("-i");
|
|
159
159
|
// Literal mode (fixed-strings)
|
|
160
160
|
if (options.literal) {
|
|
161
161
|
args.push("--fixed-strings");
|
|
162
162
|
}
|
|
163
|
-
//
|
|
163
|
+
// Multiline
|
|
164
164
|
if (options.multiline)
|
|
165
165
|
args.push("-U", "--multiline-dotall");
|
|
166
|
-
//
|
|
166
|
+
// Context lines (content mode only -- ignored for other modes)
|
|
167
167
|
if (outputMode === "content") {
|
|
168
168
|
if (options.afterContext !== undefined)
|
|
169
169
|
args.push("-A", String(options.afterContext));
|
|
@@ -172,7 +172,7 @@ function buildRipgrepArgs(pattern, outputMode, options = {}) {
|
|
|
172
172
|
if (options.context !== undefined)
|
|
173
173
|
args.push("-C", String(options.context));
|
|
174
174
|
}
|
|
175
|
-
//
|
|
175
|
+
// Per-file match limit for pagination efficiency (content mode only)
|
|
176
176
|
if (outputMode === "content") {
|
|
177
177
|
const headLimit = options.headLimit ?? 250;
|
|
178
178
|
const offset = options.offset ?? 0;
|
|
@@ -327,7 +327,7 @@ export function createComisGrepTool(workspacePath, logger, readOnlyPaths, shared
|
|
|
327
327
|
const outputMode = outputModeRaw && OUTPUT_MODES.includes(outputModeRaw)
|
|
328
328
|
? outputModeRaw
|
|
329
329
|
: "content";
|
|
330
|
-
//
|
|
330
|
+
// Optional filter / formatting parameters
|
|
331
331
|
const glob = readStringParam(params, "glob", false);
|
|
332
332
|
const type = readStringParam(params, "type", false);
|
|
333
333
|
const caseInsensitive = readBooleanParam(params, "-i", false) ?? false;
|
|
@@ -42,6 +42,7 @@ export declare const AgentsManageToolParams: Type.TObject<{
|
|
|
42
42
|
browser: Type.TOptional<Type.TBoolean>;
|
|
43
43
|
}>>;
|
|
44
44
|
}>>;
|
|
45
|
+
oauthProfiles: Type.TOptional<Type.TRecord<"^.*$", Type.TString>>;
|
|
45
46
|
}>, Type.TString]>>;
|
|
46
47
|
}>;
|
|
47
48
|
export interface AgentInlineWritesValue {
|
|
@@ -68,13 +69,13 @@ export interface AgentInlineWritesError {
|
|
|
68
69
|
* Pure string composition. No I/O, no Result<T,E> needed (per AGENTS.md
|
|
69
70
|
* §2.1: Result is for fallible paths only; this is infallible).
|
|
70
71
|
*
|
|
71
|
-
* Three branches keyed on `inlineWritesResult
|
|
72
|
+
* Three branches keyed on `inlineWritesResult`:
|
|
72
73
|
* - BOTH written → SHORT contract: "No further setup needed — agent is
|
|
73
74
|
* operationally ready". Skips the post-create write() roundtrip.
|
|
74
75
|
* - PARTIAL (only one of role/identity written) → mixed contract pointing
|
|
75
76
|
* only at the still-template file with a single "Next required action".
|
|
76
|
-
* - NEITHER (or write failure / undefined) → existing
|
|
77
|
-
*
|
|
77
|
+
* - NEITHER (or write failure / undefined) → existing 2-step contract
|
|
78
|
+
* verbatim, telling the LLM to call write() for ROLE.md.
|
|
78
79
|
*
|
|
79
80
|
* Case B (workspaceDir absent — defensive fallback): shorter form pinning
|
|
80
81
|
* "Customize {agentId}'s workspace ROLE.md and IDENTITY.md before using."
|
|
@@ -94,7 +95,7 @@ export declare function buildCreateContract(agentId: string, workspaceDir: strin
|
|
|
94
95
|
*
|
|
95
96
|
* @param rpcCall - RPC call function for delegating to the daemon backend
|
|
96
97
|
* @param logger - Required structured logger. Used to emit a per-create
|
|
97
|
-
* INFO log pinning the next-step contract emission
|
|
98
|
+
* INFO log pinning the next-step contract emission.
|
|
98
99
|
* Mirrors the gateway-tool required-logger position; no overload-with-
|
|
99
100
|
* default-logger compat shim (per `feedback_no_backward_compat.md`).
|
|
100
101
|
* @param approvalGate - Optional approval gate for create/delete actions
|
|
@@ -48,19 +48,19 @@ export const AgentsManageToolParams = Type.Object({
|
|
|
48
48
|
"Default: full. Can be changed later via update action. " +
|
|
49
49
|
"Alternative shape: nested workspace.profile (see `workspace` field).",
|
|
50
50
|
})),
|
|
51
|
-
//
|
|
52
|
-
//
|
|
53
|
-
//
|
|
54
|
-
//
|
|
55
|
-
//
|
|
56
|
-
//
|
|
51
|
+
// Declare nested workspace shape explicitly. The LLM sometimes
|
|
52
|
+
// emits `workspace: {profile: "specialist"}` directly (mirroring
|
|
53
|
+
// the downstream Zod schema-agent.ts:733-738 shape). Without this
|
|
54
|
+
// declaration, the unknown nested object slipped past TypeBox
|
|
55
|
+
// structurally but the enum was never validated -- invalid values
|
|
56
|
+
// would only be caught later at the Zod layer with a less
|
|
57
57
|
// actionable error path. Declaring it here makes both shapes
|
|
58
58
|
// first-class and gates the enum at the tool-validation boundary.
|
|
59
59
|
workspace: Type.Optional(Type.Object({
|
|
60
60
|
profile: Type.Union([Type.Literal("full"), Type.Literal("specialist")], {
|
|
61
61
|
description: "Workspace profile (alternative to flat workspace_profile). Valid: full | specialist ONLY. NO other values accepted.",
|
|
62
62
|
}),
|
|
63
|
-
//
|
|
63
|
+
// Inline ROLE.md / IDENTITY.md content. The tool
|
|
64
64
|
// handler strips these from the config payload BEFORE the RPC
|
|
65
65
|
// and forwards them as a separate top-level `inlineContent`
|
|
66
66
|
// param. The daemon writes them as files (write-once side-
|
|
@@ -95,6 +95,17 @@ export const AgentsManageToolParams = Type.Object({
|
|
|
95
95
|
browser: Type.Optional(Type.Boolean({ description: "Enable headless browser control" })),
|
|
96
96
|
}, { description: "Built-in tool toggles (true=enabled, false=disabled)" })),
|
|
97
97
|
}, { description: "Skills and tool configuration" })),
|
|
98
|
+
// Per-agent OAuth profile preference. Map of provider → profile-id
|
|
99
|
+
// (e.g. { "openai-codex": "openai-codex:user@example.com" }).
|
|
100
|
+
// The downstream Zod schema (PerAgentConfigSchema) is the
|
|
101
|
+
// canonical format gate via `validateProfileId`; the daemon-side
|
|
102
|
+
// `agents.update` handler additionally rejects unknown profile IDs
|
|
103
|
+
// via `OAuthCredentialStore.has()`.
|
|
104
|
+
oauthProfiles: Type.Optional(Type.Record(Type.String(), Type.String({
|
|
105
|
+
description: "<provider>:<identity> profile ID. Run `comis auth list` first to discover stored profiles.",
|
|
106
|
+
}), {
|
|
107
|
+
description: "OAuth profile preferences per provider (e.g., openai-codex). Each value must match an existing stored profile ID — the daemon rejects nonexistent IDs with a 'not found in store' error.",
|
|
108
|
+
})),
|
|
98
109
|
}, { description: "Agent configuration for create/update actions" }),
|
|
99
110
|
Type.String({
|
|
100
111
|
description: "Agent configuration as a JSON string (fallback when the LLM stringifies the object). " +
|
|
@@ -110,9 +121,9 @@ const VALID_ACTIONS = ["create", "get", "update", "delete", "suspend", "resume",
|
|
|
110
121
|
* Map flat workspace_profile param to nested workspace.profile config.
|
|
111
122
|
* Mutates config in place.
|
|
112
123
|
*
|
|
113
|
-
*
|
|
114
|
-
*
|
|
115
|
-
*
|
|
124
|
+
* Precedence is "flat wins" -- when both flat workspace_profile and nested
|
|
125
|
+
* workspace.profile are present, the flat field overwrites the nested one.
|
|
126
|
+
* This matches the existing spread semantics
|
|
116
127
|
* (`{...existing, profile}`) and keeps a single deterministic rule. When only
|
|
117
128
|
* nested is present (no `workspace_profile` key), this is a no-op and the
|
|
118
129
|
* nested shape flows through unchanged to the downstream Zod validator.
|
|
@@ -145,13 +156,13 @@ function mapWorkspaceProfile(config) {
|
|
|
145
156
|
* Pure string composition. No I/O, no Result<T,E> needed (per AGENTS.md
|
|
146
157
|
* §2.1: Result is for fallible paths only; this is infallible).
|
|
147
158
|
*
|
|
148
|
-
* Three branches keyed on `inlineWritesResult
|
|
159
|
+
* Three branches keyed on `inlineWritesResult`:
|
|
149
160
|
* - BOTH written → SHORT contract: "No further setup needed — agent is
|
|
150
161
|
* operationally ready". Skips the post-create write() roundtrip.
|
|
151
162
|
* - PARTIAL (only one of role/identity written) → mixed contract pointing
|
|
152
163
|
* only at the still-template file with a single "Next required action".
|
|
153
|
-
* - NEITHER (or write failure / undefined) → existing
|
|
154
|
-
*
|
|
164
|
+
* - NEITHER (or write failure / undefined) → existing 2-step contract
|
|
165
|
+
* verbatim, telling the LLM to call write() for ROLE.md.
|
|
155
166
|
*
|
|
156
167
|
* Case B (workspaceDir absent — defensive fallback): shorter form pinning
|
|
157
168
|
* "Customize {agentId}'s workspace ROLE.md and IDENTITY.md before using."
|
|
@@ -179,7 +190,7 @@ export function buildCreateContract(agentId, workspaceDir, inlineWritesResult) {
|
|
|
179
190
|
].join("\n");
|
|
180
191
|
}
|
|
181
192
|
// NEITHER (no inlineContent supplied, write failure, or undefined): fall
|
|
182
|
-
// through to the existing
|
|
193
|
+
// through to the existing 2-step contract verbatim.
|
|
183
194
|
if (workspaceDir !== undefined) {
|
|
184
195
|
return [
|
|
185
196
|
`✓ Agent ${agentId} created at ${workspaceDir}.`,
|
|
@@ -222,7 +233,7 @@ function coerceConfig(p) {
|
|
|
222
233
|
*
|
|
223
234
|
* @param rpcCall - RPC call function for delegating to the daemon backend
|
|
224
235
|
* @param logger - Required structured logger. Used to emit a per-create
|
|
225
|
-
* INFO log pinning the next-step contract emission
|
|
236
|
+
* INFO log pinning the next-step contract emission.
|
|
226
237
|
* Mirrors the gateway-tool required-logger position; no overload-with-
|
|
227
238
|
* default-logger compat shim (per `feedback_no_backward_compat.md`).
|
|
228
239
|
* @param approvalGate - Optional approval gate for create/delete actions
|
|
@@ -260,16 +271,16 @@ export function createAgentsManageTool(rpcCall, logger, approvalGate, callbacks)
|
|
|
260
271
|
}
|
|
261
272
|
}
|
|
262
273
|
}
|
|
263
|
-
//
|
|
264
|
-
//
|
|
265
|
-
//
|
|
266
|
-
//
|
|
274
|
+
// Strip workspace.role / workspace.identity from the config
|
|
275
|
+
// payload BEFORE the RPC and forward them as a separate top-level
|
|
276
|
+
// `inlineContent` parameter. Rationale: the downstream Zod schema
|
|
277
|
+
// (PerAgentConfigSchema.workspace at
|
|
267
278
|
// packages/core/src/config/schema-agent.ts) is z.strictObject —
|
|
268
279
|
// unknown keys would trigger Zod `unrecognized_keys` rejection.
|
|
269
280
|
// role/identity are write-once side-effects (ROLE.md / IDENTITY.md
|
|
270
281
|
// file writes), NOT durable state — they MUST NOT leak into
|
|
271
|
-
// config.yaml.
|
|
272
|
-
//
|
|
282
|
+
// config.yaml. Extending the Zod schema instead would persist
|
|
283
|
+
// them and was rejected.
|
|
273
284
|
let inlineContent;
|
|
274
285
|
if (config && typeof config === "object") {
|
|
275
286
|
const ws = config.workspace;
|
|
@@ -295,11 +306,11 @@ export function createAgentsManageTool(rpcCall, logger, approvalGate, callbacks)
|
|
|
295
306
|
const aid = agentId;
|
|
296
307
|
const workspaceDir = result?.workspaceDir;
|
|
297
308
|
const inlineWritesResult = result?.inlineWritesResult;
|
|
298
|
-
//
|
|
299
|
-
//
|
|
300
|
-
//
|
|
301
|
-
//
|
|
302
|
-
//
|
|
309
|
+
// Emit the next-step contract on the freshest, uncached surface
|
|
310
|
+
// the LLM reads each turn (the tool_result text). The contract
|
|
311
|
+
// has 3 branches keyed on inlineWritesResult (see
|
|
312
|
+
// buildCreateContract). One structured INFO log pins this
|
|
313
|
+
// happened.
|
|
303
314
|
const contractText = buildCreateContract(aid, workspaceDir, inlineWritesResult);
|
|
304
315
|
// Distinguish the 3 inline-write outcomes for observability.
|
|
305
316
|
// "none" — caller did not supply inlineContent
|
|
@@ -311,7 +322,7 @@ export function createAgentsManageTool(rpcCall, logger, approvalGate, callbacks)
|
|
|
311
322
|
? "written"
|
|
312
323
|
: "failed";
|
|
313
324
|
logger.info({
|
|
314
|
-
|
|
325
|
+
submodule: "skill.agents-manage",
|
|
315
326
|
action: "create",
|
|
316
327
|
agentId: aid,
|
|
317
328
|
workspaceDir: workspaceDir ?? null,
|
|
@@ -14,13 +14,16 @@ type TaskStatus = "running" | "completed" | "failed" | "cancelled";
|
|
|
14
14
|
/** Minimal task shape used by this tool. */
|
|
15
15
|
interface TaskInfo {
|
|
16
16
|
id: string;
|
|
17
|
-
agentId: string;
|
|
18
17
|
toolName: string;
|
|
19
18
|
status: TaskStatus;
|
|
20
19
|
startedAt: number;
|
|
21
20
|
completedAt?: number;
|
|
22
21
|
result?: string;
|
|
23
22
|
error?: string;
|
|
23
|
+
/** agentId is nested under origin.agentId */
|
|
24
|
+
origin: {
|
|
25
|
+
agentId: string;
|
|
26
|
+
};
|
|
24
27
|
}
|
|
25
28
|
/** Subset of BackgroundTaskManager consumed by this tool. */
|
|
26
29
|
export interface BackgroundTaskManagerLike {
|
|
@@ -72,7 +72,7 @@ export function createBackgroundTasksTool(deps) {
|
|
|
72
72
|
case "get": {
|
|
73
73
|
const taskId = readStringParam(p, "taskId");
|
|
74
74
|
const task = deps.manager.getTask(taskId);
|
|
75
|
-
if (!task || task.agentId !== deps.agentId) {
|
|
75
|
+
if (!task || task.origin.agentId !== deps.agentId) {
|
|
76
76
|
return {
|
|
77
77
|
content: [{ type: "text", text: `Error: Task not found: ${taskId}` }],
|
|
78
78
|
details: null,
|
|
@@ -96,7 +96,7 @@ export function createBackgroundTasksTool(deps) {
|
|
|
96
96
|
case "cancel": {
|
|
97
97
|
const taskId = readStringParam(p, "taskId");
|
|
98
98
|
const task = deps.manager.getTask(taskId);
|
|
99
|
-
if (!task || task.agentId !== deps.agentId) {
|
|
99
|
+
if (!task || task.origin.agentId !== deps.agentId) {
|
|
100
100
|
return {
|
|
101
101
|
content: [{ type: "text", text: `Error: Task not found: ${taskId}` }],
|
|
102
102
|
details: null,
|
|
@@ -117,7 +117,7 @@ export function createBackgroundTasksTool(deps) {
|
|
|
117
117
|
case "read_output": {
|
|
118
118
|
const taskId = readStringParam(p, "taskId");
|
|
119
119
|
const task = deps.manager.getTask(taskId);
|
|
120
|
-
if (!task || task.agentId !== deps.agentId) {
|
|
120
|
+
if (!task || task.origin.agentId !== deps.agentId) {
|
|
121
121
|
return {
|
|
122
122
|
content: [{ type: "text", text: `Error: Task not found: ${taskId}` }],
|
|
123
123
|
details: null,
|