comisai 1.0.33 → 1.0.36
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/node_modules/@comis/agent/dist/background/auto-background-middleware.d.ts +11 -1
- package/node_modules/@comis/agent/dist/background/auto-background-middleware.js +21 -4
- package/node_modules/@comis/agent/dist/background/background-task-manager.d.ts +2 -2
- package/node_modules/@comis/agent/dist/background/background-task-manager.js +61 -20
- package/node_modules/@comis/agent/dist/background/background-task-persistence.js +10 -3
- package/node_modules/@comis/agent/dist/background/background-task-types.d.ts +10 -3
- package/node_modules/@comis/agent/dist/background/background-task-types.js +1 -1
- package/node_modules/@comis/agent/dist/background/completion-formatter.d.ts +39 -0
- package/node_modules/@comis/agent/dist/background/completion-formatter.js +77 -0
- package/node_modules/@comis/agent/dist/background/completion-runner.d.ts +53 -0
- package/node_modules/@comis/agent/dist/background/completion-runner.js +151 -0
- package/node_modules/@comis/agent/dist/background/index.d.ts +4 -0
- package/node_modules/@comis/agent/dist/background/index.js +2 -0
- package/node_modules/@comis/agent/dist/bridge/bridge-metrics.d.ts +17 -2
- package/node_modules/@comis/agent/dist/bridge/bridge-metrics.js +14 -2
- package/node_modules/@comis/agent/dist/bridge/pi-event-bridge.d.ts +23 -23
- package/node_modules/@comis/agent/dist/bridge/pi-event-bridge.js +72 -60
- package/node_modules/@comis/agent/dist/bridge/thinking-block-hash-invariant.d.ts +6 -7
- package/node_modules/@comis/agent/dist/bridge/thinking-block-hash-invariant.js +24 -25
- package/node_modules/@comis/agent/dist/budget/cost-tracker.d.ts +1 -1
- package/node_modules/@comis/agent/dist/context-engine/constants.d.ts +5 -5
- package/node_modules/@comis/agent/dist/context-engine/constants.js +12 -12
- package/node_modules/@comis/agent/dist/context-engine/context-engine.js +13 -4
- package/node_modules/@comis/agent/dist/context-engine/dag-annotator.d.ts +1 -2
- package/node_modules/@comis/agent/dist/context-engine/dag-annotator.js +1 -2
- package/node_modules/@comis/agent/dist/context-engine/llm-compaction.js +20 -16
- package/node_modules/@comis/agent/dist/context-engine/rehydration.js +6 -6
- package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.d.ts +12 -12
- package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.js +36 -22
- package/node_modules/@comis/agent/dist/context-engine/types-core.d.ts +15 -0
- package/node_modules/@comis/agent/dist/executor/cache-break-detection.d.ts +6 -6
- package/node_modules/@comis/agent/dist/executor/cache-break-detection.js +8 -8
- package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.d.ts +16 -0
- package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.js +46 -5
- package/node_modules/@comis/agent/dist/executor/executor-post-execution.d.ts +30 -0
- package/node_modules/@comis/agent/dist/executor/executor-post-execution.js +17 -1
- package/node_modules/@comis/agent/dist/executor/executor-prompt-runner.js +1 -1
- package/node_modules/@comis/agent/dist/executor/executor-response-filter.d.ts +7 -6
- package/node_modules/@comis/agent/dist/executor/executor-response-filter.js +9 -42
- package/node_modules/@comis/agent/dist/executor/executor-tool-assembly.js +2 -3
- package/node_modules/@comis/agent/dist/executor/gemini-cache-injector.d.ts +2 -2
- package/node_modules/@comis/agent/dist/executor/gemini-cache-injector.js +4 -4
- package/node_modules/@comis/agent/dist/executor/phase-filter.d.ts +2 -2
- package/node_modules/@comis/agent/dist/executor/phase-filter.js +5 -7
- package/node_modules/@comis/agent/dist/executor/pi-executor.d.ts +13 -0
- package/node_modules/@comis/agent/dist/executor/pi-executor.js +71 -6
- package/node_modules/@comis/agent/dist/executor/post-batch-continuation.js +7 -7
- package/node_modules/@comis/agent/dist/executor/stream-wrappers/request-body-injector.d.ts +1 -1
- package/node_modules/@comis/agent/dist/executor/stream-wrappers/request-body-injector.js +1 -1
- package/node_modules/@comis/agent/dist/executor/tool-deferral.d.ts +2 -2
- package/node_modules/@comis/agent/dist/executor/tool-deferral.js +7 -7
- package/node_modules/@comis/agent/dist/index.d.ts +17 -0
- package/node_modules/@comis/agent/dist/index.js +32 -11
- package/node_modules/@comis/agent/dist/model/auth-provider.d.ts +25 -2
- package/node_modules/@comis/agent/dist/model/auth-provider.js +6 -0
- package/node_modules/@comis/agent/dist/model/compaction-model-resolver.d.ts +3 -3
- package/node_modules/@comis/agent/dist/model/compaction-model-resolver.js +3 -3
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-file.d.ts +37 -0
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-file.js +279 -0
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-selector.d.ts +49 -0
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-selector.js +50 -0
- package/node_modules/@comis/agent/dist/model/oauth-device-code.d.ts +57 -0
- package/node_modules/@comis/agent/dist/model/oauth-device-code.js +302 -0
- package/node_modules/@comis/agent/dist/model/oauth-env.d.ts +33 -0
- package/node_modules/@comis/agent/dist/model/oauth-env.js +38 -0
- package/node_modules/@comis/agent/dist/model/oauth-errors.d.ts +41 -0
- package/node_modules/@comis/agent/dist/model/oauth-errors.js +88 -0
- package/node_modules/@comis/agent/dist/model/oauth-identity.d.ts +53 -0
- package/node_modules/@comis/agent/dist/model/oauth-identity.js +141 -0
- package/node_modules/@comis/agent/dist/model/oauth-login-runner.d.ts +99 -0
- package/node_modules/@comis/agent/dist/model/oauth-login-runner.js +374 -0
- package/node_modules/@comis/agent/dist/model/oauth-tls-preflight.d.ts +58 -0
- package/node_modules/@comis/agent/dist/model/oauth-tls-preflight.js +82 -0
- package/node_modules/@comis/agent/dist/model/oauth-token-manager.d.ts +86 -16
- package/node_modules/@comis/agent/dist/model/oauth-token-manager.js +961 -66
- package/node_modules/@comis/agent/dist/model/operation-model-defaults.d.ts +9 -4
- package/node_modules/@comis/agent/dist/model/operation-model-defaults.js +36 -9
- package/node_modules/@comis/agent/dist/model/resolve-provider-api-key.d.ts +48 -0
- package/node_modules/@comis/agent/dist/model/resolve-provider-api-key.js +66 -0
- package/node_modules/@comis/agent/dist/provider/capabilities.d.ts +5 -5
- package/node_modules/@comis/agent/dist/provider/capabilities.js +10 -23
- package/node_modules/@comis/agent/dist/safety/tool-output-safety.js +3 -3
- package/node_modules/@comis/agent/dist/session/comis-session-manager.d.ts +1 -1
- package/node_modules/@comis/agent/dist/session/comis-session-manager.js +1 -1
- package/node_modules/@comis/agent/dist/spawn/narrative-caster.d.ts +10 -0
- package/node_modules/@comis/agent/dist/spawn/narrative-caster.js +5 -1
- package/node_modules/@comis/agent/package.json +1 -1
- package/node_modules/@comis/channels/dist/email/email-adapter.js +6 -6
- package/node_modules/@comis/channels/dist/email/imap-lifecycle.js +7 -7
- package/node_modules/@comis/channels/dist/shared/deliver-to-channel.js +12 -10
- package/node_modules/@comis/channels/dist/telegram/telegram-adapter.js +1 -1
- package/node_modules/@comis/channels/package.json +1 -1
- package/node_modules/@comis/cli/dist/cli.js +2 -0
- package/node_modules/@comis/cli/dist/commands/agent.d.ts +3 -3
- package/node_modules/@comis/cli/dist/commands/agent.js +46 -3
- package/node_modules/@comis/cli/dist/commands/auth.d.ts +37 -0
- package/node_modules/@comis/cli/dist/commands/auth.js +433 -0
- package/node_modules/@comis/cli/dist/commands/doctor.d.ts +4 -1
- package/node_modules/@comis/cli/dist/commands/doctor.js +20 -5
- package/node_modules/@comis/cli/dist/doctor/checks/oauth-health.d.ts +39 -0
- package/node_modules/@comis/cli/dist/doctor/checks/oauth-health.js +399 -0
- package/node_modules/@comis/cli/dist/doctor/types.d.ts +19 -0
- package/node_modules/@comis/cli/dist/index.d.ts +1 -0
- package/node_modules/@comis/cli/dist/index.js +10 -4
- package/node_modules/@comis/cli/dist/output/relative-time.d.ts +23 -0
- package/node_modules/@comis/cli/dist/output/relative-time.js +36 -0
- package/node_modules/@comis/cli/dist/wizard/non-interactive.js +17 -8
- package/node_modules/@comis/cli/dist/wizard/steps/03-provider.js +2 -1
- package/node_modules/@comis/cli/dist/wizard/steps/04-credentials.js +223 -34
- package/node_modules/@comis/cli/dist/wizard/steps/10-write-config.js +14 -0
- package/node_modules/@comis/cli/dist/wizard/steps/11-daemon-start.js +3 -3
- package/node_modules/@comis/cli/dist/wizard/types.d.ts +7 -0
- package/node_modules/@comis/cli/package.json +1 -1
- package/node_modules/@comis/core/dist/bootstrap.d.ts +1 -1
- package/node_modules/@comis/core/dist/config/env-substitution.d.ts +66 -0
- package/node_modules/@comis/core/dist/config/env-substitution.js +115 -0
- package/node_modules/@comis/core/dist/config/index.d.ts +3 -1
- package/node_modules/@comis/core/dist/config/index.js +2 -1
- package/node_modules/@comis/core/dist/config/loader.js +61 -0
- package/node_modules/@comis/core/dist/config/managed-sections.d.ts +3 -3
- package/node_modules/@comis/core/dist/config/managed-sections.js +10 -5
- package/node_modules/@comis/core/dist/config/schema-agent.d.ts +4 -0
- package/node_modules/@comis/core/dist/config/schema-agent.js +16 -1
- package/node_modules/@comis/core/dist/config/schema-background-tasks.d.ts +7 -0
- package/node_modules/@comis/core/dist/config/schema-background-tasks.js +7 -0
- package/node_modules/@comis/core/dist/config/schema-delivery.d.ts +2 -0
- package/node_modules/@comis/core/dist/config/schema-delivery.js +2 -0
- package/node_modules/@comis/core/dist/config/schema-gemini-cache.d.ts +0 -2
- package/node_modules/@comis/core/dist/config/schema-gemini-cache.js +0 -2
- package/node_modules/@comis/core/dist/config/schema-oauth.d.ts +23 -0
- package/node_modules/@comis/core/dist/config/schema-oauth.js +19 -0
- package/node_modules/@comis/core/dist/config/schema-skills.d.ts +6 -8
- package/node_modules/@comis/core/dist/config/schema-skills.js +3 -4
- package/node_modules/@comis/core/dist/config/schema.d.ts +10 -0
- package/node_modules/@comis/core/dist/config/schema.js +3 -0
- package/node_modules/@comis/core/dist/domain/background-task-origin.d.ts +39 -0
- package/node_modules/@comis/core/dist/domain/background-task-origin.js +39 -0
- package/node_modules/@comis/core/dist/event-bus/events-infra.d.ts +71 -2
- package/node_modules/@comis/core/dist/exports/config.d.ts +2 -2
- package/node_modules/@comis/core/dist/exports/config.js +1 -1
- package/node_modules/@comis/core/dist/exports/domain.d.ts +2 -0
- package/node_modules/@comis/core/dist/exports/domain.js +1 -0
- package/node_modules/@comis/core/dist/exports/ports.d.ts +2 -2
- package/node_modules/@comis/core/dist/exports/ports.js +1 -1
- package/node_modules/@comis/core/dist/ports/delivery-queue.d.ts +23 -0
- package/node_modules/@comis/core/dist/ports/delivery-queue.js +2 -0
- package/node_modules/@comis/core/dist/ports/index.d.ts +2 -0
- package/node_modules/@comis/core/dist/ports/index.js +1 -0
- package/node_modules/@comis/core/dist/ports/oauth-credential-store.d.ts +64 -0
- package/node_modules/@comis/core/dist/ports/oauth-credential-store.js +37 -0
- package/node_modules/@comis/core/dist/tool-metadata.d.ts +20 -0
- package/node_modules/@comis/core/package.json +1 -1
- package/node_modules/@comis/daemon/dist/daemon-types.d.ts +23 -3
- package/node_modules/@comis/daemon/dist/daemon.js +82 -19
- package/node_modules/@comis/daemon/dist/health/watchdog.js +18 -3
- package/node_modules/@comis/daemon/dist/index.d.ts +2 -0
- package/node_modules/@comis/daemon/dist/index.js +5 -0
- package/node_modules/@comis/daemon/dist/observability/channel-health-logger.js +3 -3
- package/node_modules/@comis/daemon/dist/observability/delivery-queue-logger.js +1 -1
- package/node_modules/@comis/daemon/dist/rpc/agent-handlers.d.ts +22 -1
- package/node_modules/@comis/daemon/dist/rpc/agent-handlers.js +84 -21
- package/node_modules/@comis/daemon/dist/rpc/agent-inline-workspace.js +2 -2
- package/node_modules/@comis/daemon/dist/rpc/config-handlers.d.ts +9 -1
- package/node_modules/@comis/daemon/dist/rpc/config-handlers.js +104 -23
- package/node_modules/@comis/daemon/dist/rpc/credential-resolver.d.ts +30 -1
- package/node_modules/@comis/daemon/dist/rpc/credential-resolver.js +74 -11
- package/node_modules/@comis/daemon/dist/rpc/mcp-handlers.d.ts +8 -0
- package/node_modules/@comis/daemon/dist/rpc/mcp-handlers.js +22 -8
- package/node_modules/@comis/daemon/dist/rpc/provider-handlers.js +9 -12
- package/node_modules/@comis/daemon/dist/rpc/rpc-dispatch.d.ts +1 -0
- package/node_modules/@comis/daemon/dist/rpc/rpc-dispatch.js +27 -2
- package/node_modules/@comis/daemon/dist/setup-docker-restart-warn.js +0 -1
- package/node_modules/@comis/daemon/dist/wiring/index.d.ts +2 -0
- package/node_modules/@comis/daemon/dist/wiring/index.js +1 -0
- package/node_modules/@comis/daemon/dist/wiring/oauth-preflight.d.ts +21 -0
- package/node_modules/@comis/daemon/dist/wiring/oauth-preflight.js +134 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-agents.d.ts +46 -1
- package/node_modules/@comis/daemon/dist/wiring/setup-agents.js +127 -3
- package/node_modules/@comis/daemon/dist/wiring/setup-background-completion-runner.d.ts +39 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-background-completion-runner.js +32 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-background-tasks.d.ts +10 -3
- package/node_modules/@comis/daemon/dist/wiring/setup-background-tasks.js +11 -5
- package/node_modules/@comis/daemon/dist/wiring/setup-channels.js +20 -1
- package/node_modules/@comis/daemon/dist/wiring/setup-cross-session.js +1 -1
- package/node_modules/@comis/daemon/dist/wiring/setup-delivery.d.ts +14 -5
- package/node_modules/@comis/daemon/dist/wiring/setup-delivery.js +52 -19
- package/node_modules/@comis/daemon/dist/wiring/setup-schedulers.js +4 -0
- package/node_modules/@comis/daemon/package.json +1 -1
- package/node_modules/@comis/gateway/dist/index.d.ts +2 -0
- package/node_modules/@comis/gateway/dist/index.js +2 -0
- package/node_modules/@comis/gateway/dist/oauth/oauth-callback-route.d.ts +66 -0
- package/node_modules/@comis/gateway/dist/oauth/oauth-callback-route.js +212 -0
- package/node_modules/@comis/gateway/dist/server/hono-server.d.ts +14 -0
- package/node_modules/@comis/gateway/dist/server/hono-server.js +10 -0
- package/node_modules/@comis/gateway/package.json +1 -1
- package/node_modules/@comis/infra/dist/logging/log-fields.d.ts +23 -0
- package/node_modules/@comis/infra/package.json +1 -1
- package/node_modules/@comis/memory/dist/compaction.d.ts +3 -5
- package/node_modules/@comis/memory/dist/compaction.js +2 -3
- package/node_modules/@comis/memory/dist/delivery-queue-adapter.d.ts +2 -2
- package/node_modules/@comis/memory/dist/delivery-queue-adapter.js +49 -1
- package/node_modules/@comis/memory/dist/index.d.ts +2 -0
- package/node_modules/@comis/memory/dist/index.js +3 -0
- package/node_modules/@comis/memory/dist/memory-api.d.ts +1 -1
- package/node_modules/@comis/memory/dist/memory-api.js +1 -1
- package/node_modules/@comis/memory/dist/oauth-profile-schema.d.ts +17 -0
- package/node_modules/@comis/memory/dist/oauth-profile-schema.js +33 -0
- package/node_modules/@comis/memory/dist/oauth-profile-store-encrypted.d.ts +27 -0
- package/node_modules/@comis/memory/dist/oauth-profile-store-encrypted.js +144 -0
- package/node_modules/@comis/memory/dist/session-store.d.ts +1 -1
- package/node_modules/@comis/memory/dist/session-store.js +1 -1
- package/node_modules/@comis/memory/dist/sqlite-secret-store.d.ts +29 -3
- package/node_modules/@comis/memory/dist/sqlite-secret-store.js +11 -3
- package/node_modules/@comis/memory/package.json +1 -1
- package/node_modules/@comis/scheduler/dist/execution/execution-lock.d.ts +13 -0
- package/node_modules/@comis/scheduler/dist/execution/execution-lock.js +1 -1
- package/node_modules/@comis/scheduler/dist/execution/index.d.ts +2 -0
- package/node_modules/@comis/scheduler/dist/execution/index.js +2 -0
- package/node_modules/@comis/scheduler/dist/heartbeat/agent-heartbeat-source.js +1 -1
- package/node_modules/@comis/scheduler/dist/index.d.ts +2 -0
- package/node_modules/@comis/scheduler/dist/index.js +2 -0
- package/node_modules/@comis/scheduler/package.json +1 -1
- package/node_modules/@comis/shared/package.json +1 -1
- package/node_modules/@comis/skills/dist/bridge/schema-validator.d.ts +38 -0
- package/node_modules/@comis/skills/dist/bridge/schema-validator.js +169 -0
- package/node_modules/@comis/skills/dist/bridge/tool-metadata-enforcement.js +12 -0
- package/node_modules/@comis/skills/dist/bridge/tool-metadata-registry.js +130 -0
- package/node_modules/@comis/skills/dist/builtin/exec-diagnostics.d.ts +32 -0
- package/node_modules/@comis/skills/dist/builtin/exec-diagnostics.js +127 -0
- package/node_modules/@comis/skills/dist/builtin/exec-security.js +38 -0
- package/node_modules/@comis/skills/dist/builtin/exec-tool.js +9 -0
- package/node_modules/@comis/skills/dist/builtin/file-tools/grep-tool.js +6 -6
- package/node_modules/@comis/skills/dist/builtin/platform/agents-manage-tool.d.ts +5 -4
- package/node_modules/@comis/skills/dist/builtin/platform/agents-manage-tool.js +38 -27
- package/node_modules/@comis/skills/dist/builtin/platform/background-tasks-tool.d.ts +4 -1
- package/node_modules/@comis/skills/dist/builtin/platform/background-tasks-tool.js +3 -3
- package/node_modules/@comis/skills/dist/builtin/platform/cron-tool.js +1 -1
- package/node_modules/@comis/skills/dist/builtin/platform/gateway-tool.js +6 -6
- package/node_modules/@comis/skills/dist/builtin/platform/mcp-manage-tool.d.ts +1 -1
- package/node_modules/@comis/skills/dist/builtin/platform/mcp-manage-tool.js +9 -9
- package/node_modules/@comis/skills/dist/builtin/sandbox/bwrap-provider.d.ts +11 -0
- package/node_modules/@comis/skills/dist/builtin/sandbox/bwrap-provider.js +114 -1
- package/node_modules/@comis/skills/dist/builtin/sandbox/detect-provider.js +40 -15
- package/node_modules/@comis/skills/dist/media/ssrf-fetcher.d.ts +7 -0
- package/node_modules/@comis/skills/dist/media/ssrf-fetcher.js +9 -2
- package/node_modules/@comis/skills/package.json +1 -1
- package/node_modules/@comis/web/dist/assets/{agent-detail-71BSbSfD.js → agent-detail-q8t1NB7w.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{agent-editor-CTSDZhwT.js → agent-editor-B46io5gv.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{agent-list-BEhni2ea.js → agent-list-DQ6g2Rcx.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{billing-view-DVP1IvVs.js → billing-view-IWPR8LgF.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{channel-detail-N_YK74xC.js → channel-detail-DlNNZuuC.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{channel-list-DRk6ZJaF.js → channel-list-DhGwxiMc.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{chat-console-Dm-GtSf9.js → chat-console-Nv6fM3Rc.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{config-editor-CIferYX6.js → config-editor-BYKuJF76.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{context-dag-browser-CL84rXXM.js → context-dag-browser-ClNEtzYE.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{context-engine-B1HOTEZv.js → context-engine-BZJ6HChd.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{delivery-view-Y6JKYVFw.js → delivery-view-Cb7I3vGu.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{diagnostics-view-DWV1UQjz.js → diagnostics-view-9u9Lyu5a.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{ic-chat-message-DfSERzzg.js → ic-chat-message-BFt3cVpx.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{ic-connection-dot-CXyhlJup.js → ic-connection-dot-y77LZ3Gu.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{ic-tool-call-DNmwTjek.js → ic-tool-call-qt6w1NQl.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{index-CBr0Tm9_.js → index-8Tg9oc-C.js} +2 -2
- package/node_modules/@comis/web/dist/assets/{mcp-management-BaH2-vox.js → mcp-management-69dtH_kY.js} +2 -2
- package/node_modules/@comis/web/dist/assets/{media-config-CZLshJoN.js → media-config-BdjLj5c1.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{media-test-C9NUWgo_.js → media-test-DuPqrixi.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{memory-inspector-D_fmTcRN.js → memory-inspector-B-Pepbq-.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{message-center-BBFlNCZn.js → message-center-B7l0yNYY.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{models-BytGLm99.js → models-JHFHuv5S.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{observe-view-VXtHqaqq.js → observe-view-r8mqhy4O.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-builder-CfXczlfJ.js → pipeline-builder-XjkiZRcR.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-history-CPmXFnbe.js → pipeline-history-CZqJv_Hj.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-history-detail-DcueTMs9.js → pipeline-history-detail-BEFGMoDy.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-list-B-xG5WZh.js → pipeline-list-B6q5LvO1.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-monitor-pnIOYaSY.js → pipeline-monitor-BNomXjVL.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{scheduler-BtUIFHhA.js → scheduler-BJEjcGKA.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{security-C8mWRq2y.js → security-2G1jhBfV.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{session-detail-DgdkO5ka.js → session-detail-DmVPzFBR.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{session-list-DcylcfTn.js → session-list-CsqMQoHs.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{setup-wizard-BP5yjsuL.js → setup-wizard-CAdM-gSP.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{skills-DXt1bX8Z.js → skills-2ODqKaWr.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{subagents-C7YbUHXY.js → subagents-BFlwfTbD.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{workspace-manager-DP6pW4wa.js → workspace-manager--CbOx_dI.js} +1 -1
- package/node_modules/@comis/web/dist/index.html +1 -1
- package/node_modules/@comis/web/package.json +1 -1
- package/package.json +17 -16
|
@@ -27,6 +27,7 @@ tryGetContext, ContextEngineConfigSchema, } from "@comis/core";
|
|
|
27
27
|
import { suppressError } from "@comis/shared";
|
|
28
28
|
import { createToolRetryBreaker } from "../safety/tool-retry-breaker.js";
|
|
29
29
|
import { createMessageSendLimiter } from "../safety/message-send-limiter.js";
|
|
30
|
+
import { resolveProviderApiKey } from "../model/resolve-provider-api-key.js";
|
|
30
31
|
import { repairOrphanedMessages, scrubPoisonedThinkingBlocks } from "../session/orphaned-message-repair.js";
|
|
31
32
|
import { scrubRedactedToolCalls } from "../session/scrub-redacted-tool-calls.js";
|
|
32
33
|
import { createPiEventBridge } from "../bridge/pi-event-bridge.js";
|
|
@@ -51,7 +52,7 @@ import { validateInput } from "./executor-input-guard.js";
|
|
|
51
52
|
import { scanWithOutputGuard } from "./executor-response-filter.js";
|
|
52
53
|
import { normalizeModelCompat } from "../provider/model-compat.js";
|
|
53
54
|
import { normalizeModelId } from "../provider/model-id-normalize.js";
|
|
54
|
-
import { isAnthropicFamily, isGoogleFamily } from "../provider/capabilities.js";
|
|
55
|
+
import { isAnthropicFamily, isGoogleFamily, resolveProviderCapabilities } from "../provider/capabilities.js";
|
|
55
56
|
import { detectOnboardingState } from "../workspace/onboarding-detector.js";
|
|
56
57
|
import { PromptTimeoutError } from "./prompt-timeout.js";
|
|
57
58
|
import { classifyError, classifyPromptTimeout } from "./error-classifier.js";
|
|
@@ -197,6 +198,27 @@ export function createPiExecutor(config, deps) {
|
|
|
197
198
|
async execute(msg, sessionKey, tools, onDelta, agentId, _directives, _prevTimestamp, overrides) {
|
|
198
199
|
// a. Record execution start time
|
|
199
200
|
const executionStartMs = Date.now();
|
|
201
|
+
// a-bis. Pre-resolve OAuth token before any pi-coding-agent
|
|
202
|
+
// dispatch. The setRuntimeApiKey side-effect inside resolveProviderApiKey
|
|
203
|
+
// carries the token into pi-coding-agent's outbound LLM request via the
|
|
204
|
+
// runtime-override priority path. For OAuth-eligible
|
|
205
|
+
// providers (openai-codex, anthropic, github-copilot via pi-ai's
|
|
206
|
+
// built-in registry) the resolver chain (agent-config -> lastGood ->
|
|
207
|
+
// first available) runs and refreshes the token if expired. For
|
|
208
|
+
// non-OAuth providers the helper falls through to authStorage.getApiKey.
|
|
209
|
+
//
|
|
210
|
+
// Throw-propagation: on OAuthError the helper throws
|
|
211
|
+
// an Error containing the OAuthError.message. Outer async callers
|
|
212
|
+
// (gateway routes via Hono, channel handlers via try/catch) lift the
|
|
213
|
+
// throw into a user-facing error response. OAuthError
|
|
214
|
+
// is fatal — no env-var fallback, no retry, no silent rotation.
|
|
215
|
+
// CLAUDE.md "no empty catch" honored because we don't add a catch
|
|
216
|
+
// here at all; the resolver itself logs via the oauth-resolver module.
|
|
217
|
+
await resolveProviderApiKey(config.provider, {
|
|
218
|
+
authStorage: deps.authStorage,
|
|
219
|
+
oauthManager: deps.oauthManager,
|
|
220
|
+
agentConfig: config,
|
|
221
|
+
});
|
|
200
222
|
// b. Initialize result
|
|
201
223
|
const result = {
|
|
202
224
|
response: "",
|
|
@@ -775,7 +797,7 @@ export function createPiExecutor(config, deps) {
|
|
|
775
797
|
session.abortCompaction();
|
|
776
798
|
suppressError(session.abort(), "session abort on compaction cancel");
|
|
777
799
|
},
|
|
778
|
-
//
|
|
800
|
+
// Cancel the SDK's internal auto-retry loop when the
|
|
779
801
|
// bridge classifies the auto_retry_start error as `rate_limited`.
|
|
780
802
|
// Rate-limit windows (per-minute) outlast the SDK's retry budget
|
|
781
803
|
// (~30s), so retrying within the window cannot succeed.
|
|
@@ -820,7 +842,7 @@ export function createPiExecutor(config, deps) {
|
|
|
820
842
|
sepConfig: sepEnabled ? { maxSteps: config.sep?.maxSteps ?? 15, minSteps: config.sep?.minSteps ?? 3 } : undefined,
|
|
821
843
|
sepMessageText: sepEnabled ? (msg.text ?? "") : undefined,
|
|
822
844
|
sepExecutionStartMs: sepEnabled ? executionStartMs : undefined,
|
|
823
|
-
// Cache break detection
|
|
845
|
+
// Cache break detection post-call callback.
|
|
824
846
|
// Enrich with elapsed time for tiered server-side attribution.
|
|
825
847
|
checkCacheBreak: (input) => cacheBreakDetector.checkResponseForCacheBreak({
|
|
826
848
|
...input,
|
|
@@ -841,7 +863,7 @@ export function createPiExecutor(config, deps) {
|
|
|
841
863
|
timestamp: Date.now(),
|
|
842
864
|
};
|
|
843
865
|
},
|
|
844
|
-
//
|
|
866
|
+
// Pre-LLM-call hook -- runs once per `turn_start`,
|
|
845
867
|
// BEFORE pi-ai serializes the next request. Asserts the
|
|
846
868
|
// cross-turn hash invariant (logs ERROR per mutated block, with
|
|
847
869
|
// module:"agent.bridge.hash-invariant"), then heals any mutated
|
|
@@ -893,7 +915,7 @@ export function createPiExecutor(config, deps) {
|
|
|
893
915
|
}
|
|
894
916
|
return live;
|
|
895
917
|
},
|
|
896
|
-
//
|
|
918
|
+
// Wire-edge diagnostic: resolves the per-session JSONL
|
|
897
919
|
// path on demand. The bridge invokes this only after detecting the
|
|
898
920
|
// signed-replay rejection signature on a 400 — never on the happy
|
|
899
921
|
// path. Path comes from the same sessionAdapter that already
|
|
@@ -996,12 +1018,46 @@ export function createPiExecutor(config, deps) {
|
|
|
996
1018
|
// Applied AFTER sideEffects so the background placeholder is returned instead of
|
|
997
1019
|
// waiting for sideEffects processing. When the tool completes in background,
|
|
998
1020
|
// the sideEffects are still processed by the original wrapped execute.
|
|
1021
|
+
// Capture origin at wrap-time via explicit threading.
|
|
1022
|
+
// The closure reads runPrompt-scope variables synchronously each invocation
|
|
1023
|
+
// so the captured origin reflects the originating session, not the
|
|
1024
|
+
// background-continuation context (which lacks these locals).
|
|
999
1025
|
if (deps.backgroundTaskManager && config.backgroundTasks?.enabled !== false) {
|
|
1000
1026
|
const bgConfig = BackgroundTasksConfigSchema.parse(config.backgroundTasks ?? {});
|
|
1027
|
+
const resolvedAgentId = agentId ?? "default";
|
|
1028
|
+
const originResolver = () => {
|
|
1029
|
+
// Defensive: if any required field is unexpectedly missing, fall through
|
|
1030
|
+
// to foreground execution (no background promotion). Promotion requires
|
|
1031
|
+
// a complete origin.
|
|
1032
|
+
if (!formattedKey || formattedKey.length === 0)
|
|
1033
|
+
return undefined;
|
|
1034
|
+
if (!msg.channelType || msg.channelType.length === 0)
|
|
1035
|
+
return undefined;
|
|
1036
|
+
if (!msg.channelId || msg.channelId.length === 0)
|
|
1037
|
+
return undefined;
|
|
1038
|
+
// Read incoming hop count off msg.metadata so the runner can enforce
|
|
1039
|
+
// the recursion bound. Top-level user messages have no
|
|
1040
|
+
// metadata.backgroundHopCount -> default to 0.
|
|
1041
|
+
// Cast metadata defensively because NormalizedMessageSchema.metadata
|
|
1042
|
+
// is z.record(z.string(), z.unknown()).
|
|
1043
|
+
const meta = msg.metadata;
|
|
1044
|
+
const rawHopCount = meta?.backgroundHopCount;
|
|
1045
|
+
const incomingHopCount = typeof rawHopCount === "number" && Number.isFinite(rawHopCount) && rawHopCount >= 0
|
|
1046
|
+
? Math.floor(rawHopCount)
|
|
1047
|
+
: 0;
|
|
1048
|
+
return {
|
|
1049
|
+
agentId: resolvedAgentId,
|
|
1050
|
+
sessionKey: formattedKey,
|
|
1051
|
+
channelType: msg.channelType,
|
|
1052
|
+
channelId: msg.channelId,
|
|
1053
|
+
traceId: executionId ?? null,
|
|
1054
|
+
backgroundHopCount: incomingHopCount,
|
|
1055
|
+
};
|
|
1056
|
+
};
|
|
1001
1057
|
for (const tool of mergedCustomTools) {
|
|
1002
1058
|
const wrapped = wrapToolForAutoBackground(
|
|
1003
1059
|
// eslint-disable-next-line @typescript-eslint/no-explicit-any -- SDK interop boundary
|
|
1004
|
-
tool, deps.backgroundTaskManager, bgConfig, deps.backgroundNotifyFn ?? (async () => { }),
|
|
1060
|
+
tool, deps.backgroundTaskManager, bgConfig, deps.backgroundNotifyFn ?? (async () => { }), originResolver);
|
|
1005
1061
|
tool.execute = wrapped.execute;
|
|
1006
1062
|
}
|
|
1007
1063
|
}
|
|
@@ -1095,6 +1151,15 @@ export function createPiExecutor(config, deps) {
|
|
|
1095
1151
|
getTruncationSummary, getTurnBudgetSummary,
|
|
1096
1152
|
executionPlanRef, sepEnabled, isOnboarding,
|
|
1097
1153
|
geminiCacheHit, geminiCachedTokens, modelTier,
|
|
1154
|
+
// Provider attribution tag for the bookend log.
|
|
1155
|
+
// resolvedModel?.provider is the post-resolution / post-override
|
|
1156
|
+
// provider; falling back to config.provider records operator
|
|
1157
|
+
// INTENT on the silent-fallback misconfig path (resolvedModel
|
|
1158
|
+
// undefined). resolveProviderCapabilities is computed once here
|
|
1159
|
+
// to keep executor-post-execution.ts free of capability-cascade
|
|
1160
|
+
// imports.
|
|
1161
|
+
provider: resolvedModel?.provider ?? config.provider,
|
|
1162
|
+
providerFamily: resolveProviderCapabilities(resolvedModel?.provider ?? config.provider).providerFamily,
|
|
1098
1163
|
deferralResult, mergedCustomTools, deliveredGuides,
|
|
1099
1164
|
deps: {
|
|
1100
1165
|
eventBus: deps.eventBus,
|
|
@@ -15,7 +15,7 @@ import { fromPromise, ok, err } from "@comis/shared";
|
|
|
15
15
|
// ---------------------------------------------------------------------------
|
|
16
16
|
// Implementation
|
|
17
17
|
// ---------------------------------------------------------------------------
|
|
18
|
-
const
|
|
18
|
+
const SUBMODULE = "executor.post-batch-continuation";
|
|
19
19
|
/* eslint-disable @typescript-eslint/no-explicit-any */
|
|
20
20
|
function isToolCallBlock(block) {
|
|
21
21
|
return block?.type === "toolCall" || block?.type === "tool_use";
|
|
@@ -84,7 +84,7 @@ export async function runPostBatchContinuation(deps) {
|
|
|
84
84
|
const { session, messages, config, logger, agentId, getVisibleAssistantText } = deps;
|
|
85
85
|
// Step 1: disable check.
|
|
86
86
|
if (!config.enabled || config.maxRetries === 0) {
|
|
87
|
-
logger.info({
|
|
87
|
+
logger.info({ submodule: SUBMODULE, agentId, decision: "skip", reason: "disabled" }, "Post-batch continuation skipped");
|
|
88
88
|
return ok({
|
|
89
89
|
recovered: false,
|
|
90
90
|
attempts: 0,
|
|
@@ -97,7 +97,7 @@ export async function runPostBatchContinuation(deps) {
|
|
|
97
97
|
/* eslint-disable @typescript-eslint/no-explicit-any */
|
|
98
98
|
const msgs = messages;
|
|
99
99
|
if (!Array.isArray(msgs) || msgs.length === 0) {
|
|
100
|
-
logger.info({
|
|
100
|
+
logger.info({ submodule: SUBMODULE, agentId, decision: "skip", reason: "non_empty_final" }, "Post-batch continuation skipped");
|
|
101
101
|
return ok({
|
|
102
102
|
recovered: false,
|
|
103
103
|
attempts: 0,
|
|
@@ -113,7 +113,7 @@ export async function runPostBatchContinuation(deps) {
|
|
|
113
113
|
!hasThinkingBlock(last.content) &&
|
|
114
114
|
!hasToolCallBlock(last.content);
|
|
115
115
|
if (!lastIsEmpty) {
|
|
116
|
-
logger.info({
|
|
116
|
+
logger.info({ submodule: SUBMODULE, agentId, decision: "skip", reason: "non_empty_final" }, "Post-batch continuation skipped");
|
|
117
117
|
return ok({
|
|
118
118
|
recovered: false,
|
|
119
119
|
attempts: 0,
|
|
@@ -141,7 +141,7 @@ export async function runPostBatchContinuation(deps) {
|
|
|
141
141
|
/* eslint-enable @typescript-eslint/no-explicit-any */
|
|
142
142
|
const priorToolNames = [...priorToolNamesSet];
|
|
143
143
|
if (priorToolCallCount === 0) {
|
|
144
|
-
logger.info({
|
|
144
|
+
logger.info({ submodule: SUBMODULE, agentId, decision: "skip", reason: "no_tool_calls" }, "Post-batch continuation skipped");
|
|
145
145
|
return ok({
|
|
146
146
|
recovered: false,
|
|
147
147
|
attempts: 0,
|
|
@@ -152,7 +152,7 @@ export async function runPostBatchContinuation(deps) {
|
|
|
152
152
|
}
|
|
153
153
|
// Step 4: decision-log fire.
|
|
154
154
|
logger.info({
|
|
155
|
-
|
|
155
|
+
submodule: SUBMODULE,
|
|
156
156
|
agentId,
|
|
157
157
|
decision: "fire",
|
|
158
158
|
reason: "empty_after_tool_batch",
|
|
@@ -170,7 +170,7 @@ export async function runPostBatchContinuation(deps) {
|
|
|
170
170
|
const text = getVisibleAssistantText(session);
|
|
171
171
|
const outcomeForLog = text && text.length > 0 ? "recovered" : "still_empty";
|
|
172
172
|
logger.info({
|
|
173
|
-
|
|
173
|
+
submodule: SUBMODULE,
|
|
174
174
|
agentId,
|
|
175
175
|
attempt,
|
|
176
176
|
maxAttempts: config.maxRetries,
|
|
@@ -40,7 +40,7 @@ export interface RequestBodyInjectorConfig {
|
|
|
40
40
|
* but system prompt + tools are still worth caching. */
|
|
41
41
|
getMinTokensOverride?: () => number | undefined;
|
|
42
42
|
/** Callback invoked with the API-ready payload after cache breakpoint
|
|
43
|
-
* placement. Used by cache break detector
|
|
43
|
+
* placement. Used by the cache break detector to extract prompt state for
|
|
44
44
|
* change detection. Receives the mutated params, the model, and (for Anthropic) the HTTP headers. */
|
|
45
45
|
onPayloadForCacheDetection?: (params: Record<string, unknown>, model: {
|
|
46
46
|
id: string;
|
|
@@ -1484,7 +1484,7 @@ export function createRequestBodyInjector(config, logger) {
|
|
|
1484
1484
|
mergedHeaders["anthropic-beta"] = allBetas.join(", ");
|
|
1485
1485
|
}
|
|
1486
1486
|
}
|
|
1487
|
-
// Feed payload to cache break detector
|
|
1487
|
+
// Feed payload to cache break detector (after breakpoint placement)
|
|
1488
1488
|
if (config.onPayloadForCacheDetection) {
|
|
1489
1489
|
config.onPayloadForCacheDetection(result, model, mergedHeaders);
|
|
1490
1490
|
}
|
|
@@ -107,7 +107,7 @@ export declare function resolveToolCallingTemperature(modelTier: ModelTier): num
|
|
|
107
107
|
* When this returns true, request-body-injector strips client-side
|
|
108
108
|
* `discover_tools` from the API payload and appends `tool_search_tool_regex`
|
|
109
109
|
* instead -- so any model-facing teaching string about `discover_tools`
|
|
110
|
-
* contradicts the actual tool list and must be suppressed
|
|
110
|
+
* contradicts the actual tool list and must be suppressed.
|
|
111
111
|
*
|
|
112
112
|
* Lowercase-normalize so provider-prefixed model ids
|
|
113
113
|
* (`anthropic/claude-sonnet-4`, `bedrock/anthropic.claude-opus-4`) resolve
|
|
@@ -149,7 +149,7 @@ export declare function resolveToolDescription(tool: ToolDefinition): string;
|
|
|
149
149
|
* teaching string therefore points at direct invocation + tool-search by
|
|
150
150
|
* regex, never at `discover_tools`. Without this conditional, the model
|
|
151
151
|
* reads its own preamble ("call discover_tools") against a tool list that
|
|
152
|
-
* doesn't contain that tool and gives up (
|
|
152
|
+
* doesn't contain that tool and gives up (production repro).
|
|
153
153
|
*
|
|
154
154
|
* @param entries - Deferred tool entries (remaining after discovery re-inclusion)
|
|
155
155
|
* @param options - Optional flags. `useToolSearch=true` switches the third
|
|
@@ -102,7 +102,7 @@ export function resolveToolCallingTemperature(modelTier) {
|
|
|
102
102
|
* When this returns true, request-body-injector strips client-side
|
|
103
103
|
* `discover_tools` from the API payload and appends `tool_search_tool_regex`
|
|
104
104
|
* instead -- so any model-facing teaching string about `discover_tools`
|
|
105
|
-
* contradicts the actual tool list and must be suppressed
|
|
105
|
+
* contradicts the actual tool list and must be suppressed.
|
|
106
106
|
*
|
|
107
107
|
* Lowercase-normalize so provider-prefixed model ids
|
|
108
108
|
* (`anthropic/claude-sonnet-4`, `bedrock/anthropic.claude-opus-4`) resolve
|
|
@@ -183,7 +183,7 @@ export function resolveToolDescription(tool) {
|
|
|
183
183
|
* teaching string therefore points at direct invocation + tool-search by
|
|
184
184
|
* regex, never at `discover_tools`. Without this conditional, the model
|
|
185
185
|
* reads its own preamble ("call discover_tools") against a tool list that
|
|
186
|
-
* doesn't contain that tool and gives up (
|
|
186
|
+
* doesn't contain that tool and gives up (production repro).
|
|
187
187
|
*
|
|
188
188
|
* @param entries - Deferred tool entries (remaining after discovery re-inclusion)
|
|
189
189
|
* @param options - Optional flags. `useToolSearch=true` switches the third
|
|
@@ -257,7 +257,7 @@ export function applyToolDeferral(tools, _contextWindow, deferralContext, logger
|
|
|
257
257
|
for (const t of tools) {
|
|
258
258
|
originalToolMap.set(t.name, t);
|
|
259
259
|
}
|
|
260
|
-
//
|
|
260
|
+
// Rule-based deferral
|
|
261
261
|
for (const rule of DEFERRAL_RULES) {
|
|
262
262
|
if (!rule.activeWhen(deferralContext)) {
|
|
263
263
|
for (const toolName of rule.tools) {
|
|
@@ -267,7 +267,7 @@ export function applyToolDeferral(tools, _contextWindow, deferralContext, logger
|
|
|
267
267
|
}
|
|
268
268
|
}
|
|
269
269
|
}
|
|
270
|
-
//
|
|
270
|
+
// MCP tools deferred by default (only for providers with mid-turn injection)
|
|
271
271
|
// Providers without mid-turn injection (OpenAI, xAI, etc.) get MCP tools from the start,
|
|
272
272
|
// because sub-agents only call execute() once and there is no "next execution" for
|
|
273
273
|
// discovered tools to appear in.
|
|
@@ -282,7 +282,7 @@ export function applyToolDeferral(tools, _contextWindow, deferralContext, logger
|
|
|
282
282
|
}
|
|
283
283
|
}
|
|
284
284
|
}
|
|
285
|
-
//
|
|
285
|
+
// Small model aggressive deferral
|
|
286
286
|
if (deferralContext.modelTier === "small") {
|
|
287
287
|
for (const t of tools) {
|
|
288
288
|
if (!deferredSet.has(t.name) && !CORE_TOOLS.has(t.name) && !deferralContext.recentlyUsedToolNames.has(t.name)) {
|
|
@@ -290,7 +290,7 @@ export function applyToolDeferral(tools, _contextWindow, deferralContext, logger
|
|
|
290
290
|
}
|
|
291
291
|
}
|
|
292
292
|
}
|
|
293
|
-
//
|
|
293
|
+
// Merge lifecycle-demoted tools into deferral set for unified discover_tools
|
|
294
294
|
// Clear discovery state for lifecycle-demoted tools (prevents appearing
|
|
295
295
|
// in both discoveredTools and deferredEntries simultaneously)
|
|
296
296
|
if (deferralContext.lifecycleDemotedNames) {
|
|
@@ -301,7 +301,7 @@ export function applyToolDeferral(tools, _contextWindow, deferralContext, logger
|
|
|
301
301
|
}
|
|
302
302
|
}
|
|
303
303
|
}
|
|
304
|
-
//
|
|
304
|
+
// Operator overrides (neverDefer / alwaysDefer from DeferredToolsConfigSchema)
|
|
305
305
|
if (deferralContext.neverDefer) {
|
|
306
306
|
for (const name of deferralContext.neverDefer) {
|
|
307
307
|
deferredSet.delete(name);
|
|
@@ -50,6 +50,23 @@ export { createModelScanner } from "./model/model-scanner.js";
|
|
|
50
50
|
export type { ScanResult, ModelScanner, ModelScannerDeps } from "./model/model-scanner.js";
|
|
51
51
|
export { createOAuthTokenManager } from "./model/oauth-token-manager.js";
|
|
52
52
|
export type { OAuthTokenManager, OAuthTokenManagerDeps, OAuthError } from "./model/oauth-token-manager.js";
|
|
53
|
+
export { resolveProviderApiKey } from "./model/resolve-provider-api-key.js";
|
|
54
|
+
export type { ResolveProviderApiKeyDeps } from "./model/resolve-provider-api-key.js";
|
|
55
|
+
export { decodeCodexJwtPayload, resolveCodexAuthIdentity, resolveCodexStableSubject, resolveCodexAccessTokenExpiry, redactEmailForLog } from "./model/oauth-identity.js";
|
|
56
|
+
export { createOAuthCredentialStoreFile } from "./model/oauth-credential-store-file.js";
|
|
57
|
+
export type { OAuthCredentialStoreFileConfig } from "./model/oauth-credential-store-file.js";
|
|
58
|
+
export { selectOAuthCredentialStore } from "./model/oauth-credential-store-selector.js";
|
|
59
|
+
export type { SelectOAuthCredentialStoreInput, OAuthStorageMode, } from "./model/oauth-credential-store-selector.js";
|
|
60
|
+
export { isRemoteEnvironment } from "./model/oauth-env.js";
|
|
61
|
+
export type { IsRemoteEnvironmentInput } from "./model/oauth-env.js";
|
|
62
|
+
export { loginOpenAICodexOAuth } from "./model/oauth-login-runner.js";
|
|
63
|
+
export type { LoginError, LoginRunnerSuccess, LoginRunnerParams, RunnerPrompter, } from "./model/oauth-login-runner.js";
|
|
64
|
+
export { loginOpenAICodexDeviceCode } from "./model/oauth-device-code.js";
|
|
65
|
+
export type { DeviceCodeVerificationPrompt, LoginOpenAICodexDeviceCodeOptions, } from "./model/oauth-device-code.js";
|
|
66
|
+
export { runOAuthTlsPreflight } from "./model/oauth-tls-preflight.js";
|
|
67
|
+
export type { TlsPreflightResult, TlsPreflightFailureKind, RunOAuthTlsPreflightOptions, } from "./model/oauth-tls-preflight.js";
|
|
68
|
+
export { rewriteOAuthError } from "./model/oauth-errors.js";
|
|
69
|
+
export type { OAuthErrorCode, RewrittenOAuthError, } from "./model/oauth-errors.js";
|
|
53
70
|
export { createAuthUsageTracker } from "./model/auth-usage-tracker.js";
|
|
54
71
|
export type { AuthUsageTracker, ProfileStats, ProfileUsageInput } from "./model/auth-usage-tracker.js";
|
|
55
72
|
export { createLastKnownModelTracker } from "./model/last-known-model.js";
|
|
@@ -26,7 +26,7 @@ export { createAuthProvider } from "./model/auth-provider.js";
|
|
|
26
26
|
export { createAuthProfileManager } from "./model/auth-profile.js";
|
|
27
27
|
// Auth rotation adapter (key rotation with cooldown)
|
|
28
28
|
export { createAuthRotationAdapter } from "./model/auth-rotation-adapter.js";
|
|
29
|
-
// Image-aware model routing (existing + image fallback chain
|
|
29
|
+
// Image-aware model routing (existing + image fallback chain)
|
|
30
30
|
export { resolveModelForMessage, isVisionCapable, createImageFallbackChain } from "./model/image-router.js";
|
|
31
31
|
// Model allowlist
|
|
32
32
|
export { createModelAllowlist } from "./model/model-allowlist.js";
|
|
@@ -40,9 +40,30 @@ export { createModelCatalog, resolveModelPricing, ZERO_COST } from "./model/mode
|
|
|
40
40
|
export { getCacheProviderInfo } from "./executor/cache-usage-helpers.js";
|
|
41
41
|
// Model scanner
|
|
42
42
|
export { createModelScanner } from "./model/model-scanner.js";
|
|
43
|
-
// OAuth token manager
|
|
43
|
+
// OAuth token manager
|
|
44
44
|
export { createOAuthTokenManager } from "./model/oauth-token-manager.js";
|
|
45
|
-
//
|
|
45
|
+
// Per-LLM-call OAuth dispatch helper — shared helper used by PiExecutor.execute()
|
|
46
|
+
// pre-hook and the two compaction getApiKey callbacks. Re-exported so the
|
|
47
|
+
// integration test can drive the same resolver hook the executor uses.
|
|
48
|
+
export { resolveProviderApiKey } from "./model/resolve-provider-api-key.js";
|
|
49
|
+
// OAuth identity — pure-function JWT decoder + identity resolver + redaction helper
|
|
50
|
+
export { decodeCodexJwtPayload, resolveCodexAuthIdentity, resolveCodexStableSubject, resolveCodexAccessTokenExpiry, redactEmailForLog } from "./model/oauth-identity.js";
|
|
51
|
+
// OAuth credential store — file adapter (plaintext file-backed adapter with atomic write + per-profile lock + schema versioning)
|
|
52
|
+
export { createOAuthCredentialStoreFile } from "./model/oauth-credential-store-file.js";
|
|
53
|
+
// OAuth credential store selector — lives here so the CLI process can
|
|
54
|
+
// instantiate the same adapter the daemon uses
|
|
55
|
+
export { selectOAuthCredentialStore } from "./model/oauth-credential-store-selector.js";
|
|
56
|
+
// OAuth env detection — pure function for VPS/headless heuristic
|
|
57
|
+
export { isRemoteEnvironment } from "./model/oauth-env.js";
|
|
58
|
+
// OAuth login runner — interactive login orchestrator
|
|
59
|
+
export { loginOpenAICodexOAuth } from "./model/oauth-login-runner.js";
|
|
60
|
+
// Device-code OAuth flow
|
|
61
|
+
export { loginOpenAICodexDeviceCode } from "./model/oauth-device-code.js";
|
|
62
|
+
// OAuth TLS preflight
|
|
63
|
+
export { runOAuthTlsPreflight } from "./model/oauth-tls-preflight.js";
|
|
64
|
+
// OAuth error catalogue
|
|
65
|
+
export { rewriteOAuthError } from "./model/oauth-errors.js";
|
|
66
|
+
// Auth usage tracker
|
|
46
67
|
export { createAuthUsageTracker } from "./model/auth-usage-tracker.js";
|
|
47
68
|
// Last-known-working model tracker (auth-failure fallback)
|
|
48
69
|
export { createLastKnownModelTracker } from "./model/last-known-model.js";
|
|
@@ -107,15 +128,15 @@ export { withPromptTimeout, withResettablePromptTimeout, PromptTimeoutError } fr
|
|
|
107
128
|
// Error classification (user-safe error messages)
|
|
108
129
|
export { classifyError, classifyPromptTimeout } from "./executor/error-classifier.js";
|
|
109
130
|
export { composeStreamWrappers, createConfigResolver, createRequestBodyInjector, createCacheTraceWriter, createApiPayloadTraceWriter, createToolResultSizeBouncer, clearSessionRenderedToolCache } from "./executor/stream-wrappers/index.js";
|
|
110
|
-
// Active run registry (
|
|
131
|
+
// Active run registry (tracks running sessions for mid-stream steering)
|
|
111
132
|
export { createActiveRunRegistry } from "./executor/active-run-registry.js";
|
|
112
133
|
// Cache break detection
|
|
113
134
|
export { clearCacheBreakDetectorSession, extractGeminiPromptState } from "./executor/cache-break-detection.js";
|
|
114
|
-
// Cache break diff writer
|
|
135
|
+
// Cache break diff writer
|
|
115
136
|
export { createCacheBreakDiffWriter } from "./executor/cache-break-diff-writer.js";
|
|
116
137
|
// Gemini cache injector
|
|
117
138
|
export { createGeminiCacheInjector } from "./executor/gemini-cache-injector.js";
|
|
118
|
-
// Gemini cache manager
|
|
139
|
+
// Gemini cache manager
|
|
119
140
|
export { createGeminiCacheManager, computeCacheContentHash } from "./executor/gemini-cache-manager.js";
|
|
120
141
|
// Gemini cache lifecycle
|
|
121
142
|
export { wireGeminiCacheCleanup } from "./executor/gemini-cache-lifecycle.js";
|
|
@@ -166,24 +187,24 @@ export { createResultCondenser } from "./spawn/index.js";
|
|
|
166
187
|
export { createNarrativeCaster } from "./spawn/index.js";
|
|
167
188
|
export { createLifecycleHooks, deriveSubagentContextEngineConfig } from "./spawn/index.js";
|
|
168
189
|
export { createEphemeralComisSessionManager } from "./spawn/index.js";
|
|
169
|
-
// Context engine
|
|
190
|
+
// Context engine
|
|
170
191
|
export { createContextEngine } from "./context-engine/index.js";
|
|
171
192
|
export { createThinkingBlockCleaner } from "./context-engine/index.js";
|
|
172
193
|
export { computeTokenBudget } from "./context-engine/index.js";
|
|
173
|
-
// DAG reconciliation, compaction, integrity, and assembler
|
|
194
|
+
// DAG reconciliation, compaction, integrity, and assembler
|
|
174
195
|
export { reconcileJsonlToDag, installDagIngestionHook, createDagContextEngine, runLeafPass, runCondensedPass, resolveFreshTailBoundary, shouldCompact, markAncestorsDirty, recomputeDescendantCounts, runDagCompaction, checkIntegrity, CHARS_PER_TOKEN_RATIO, } from "./context-engine/index.js";
|
|
175
196
|
// Provider capabilities
|
|
176
197
|
export { DEFAULTS as PROVIDER_CAPABILITY_DEFAULTS, resolveProviderCapabilities, normalizeProviderId, isAnthropicFamily, isOpenAiFamily, shouldDropThinkingBlocks, resolveToolCallIdMode, validateProviderOverrides, } from "./provider/capabilities.js";
|
|
177
198
|
// Model compatibility auto-detection (xAI compat flags)
|
|
178
199
|
export { normalizeModelCompat } from "./provider/model-compat.js";
|
|
179
|
-
// Model ID normalization
|
|
200
|
+
// Model ID normalization
|
|
180
201
|
export { normalizeModelId } from "./provider/model-id-normalize.js";
|
|
181
202
|
// Response sanitization pipeline
|
|
182
203
|
export { sanitizeAssistantResponse, setSanitizeLogger, extractFinalTagContent } from "./provider/response/sanitize-pipeline.js";
|
|
183
|
-
// Response filter utilities (
|
|
204
|
+
// Response filter utilities (used by ThinkingTagFilter)
|
|
184
205
|
export { stripReasoningTagsFromText } from "./response-filter/reasoning-tags.js";
|
|
185
206
|
export { findCodeRegions, isInsideCode } from "./response-filter/code-regions.js";
|
|
186
|
-
// Thinking tag filter (
|
|
207
|
+
// Thinking tag filter (moved from @comis/channels)
|
|
187
208
|
export { createThinkingTagFilter } from "./response-filter/thinking-tag-filter.js";
|
|
188
209
|
// Operation model resolver
|
|
189
210
|
export { resolveOperationModel, resolveProviderFamily } from "./model/operation-model-resolver.js";
|
|
@@ -12,7 +12,8 @@
|
|
|
12
12
|
*/
|
|
13
13
|
import type { AuthStorage } from "@mariozechner/pi-coding-agent";
|
|
14
14
|
import type { SecretManager } from "@comis/core";
|
|
15
|
-
import type { TypedEventBus } from "@comis/core";
|
|
15
|
+
import type { TypedEventBus, OAuthCredentialStorePort } from "@comis/core";
|
|
16
|
+
import type { ComisLogger } from "@comis/infra";
|
|
16
17
|
import { type AuthProfileManager, type AuthProfile, type OrderingStrategy } from "./auth-profile.js";
|
|
17
18
|
import { type AuthRotationAdapter } from "./auth-rotation-adapter.js";
|
|
18
19
|
import { type AuthUsageTracker } from "./auth-usage-tracker.js";
|
|
@@ -35,10 +36,32 @@ export interface AuthProviderConfig {
|
|
|
35
36
|
cooldownCapMs?: number;
|
|
36
37
|
/** OAuth configuration. When provided, creates an OAuthTokenManager. */
|
|
37
38
|
oauth?: {
|
|
38
|
-
/** EventBus for emitting auth
|
|
39
|
+
/** EventBus for emitting auth events (token_rotated, profile_bootstrapped, refresh_failed). */
|
|
39
40
|
eventBus: TypedEventBus;
|
|
41
|
+
/** Credential store for persistent refresh — REQUIRED. */
|
|
42
|
+
credentialStore: OAuthCredentialStorePort;
|
|
43
|
+
/** Logger for OAuth log events — REQUIRED. */
|
|
44
|
+
logger: ComisLogger;
|
|
45
|
+
/** Data directory for lock-file path resolution — REQUIRED. */
|
|
46
|
+
dataDir: string;
|
|
40
47
|
/** Prefix for SecretManager key names (default: "OAUTH_"). */
|
|
41
48
|
keyPrefix?: string;
|
|
49
|
+
/**
|
|
50
|
+
* Absolute path to auth-profiles.json for the chokidar watcher. When set,
|
|
51
|
+
* OAuthTokenManager registers a file watcher that invalidates its in-memory
|
|
52
|
+
* cache on external rewrites (CLI auth login). Pass `undefined` for
|
|
53
|
+
* encrypted-store mode (documented limitation).
|
|
54
|
+
*/
|
|
55
|
+
watchPath?: string;
|
|
56
|
+
/**
|
|
57
|
+
* Getter for the agent's oauthProfiles map. Called fresh on every
|
|
58
|
+
* OAuthTokenManager.getApiKey() invocation. Optional — falls back to a
|
|
59
|
+
* no-agent-level-preference contract when absent. The closure implementation
|
|
60
|
+
* should dereference the daemon's stable
|
|
61
|
+
* `container.config.agents[agentId]?.oauthProfiles` so the value is observed
|
|
62
|
+
* across `agents.update` reference-replacements without a daemon restart.
|
|
63
|
+
*/
|
|
64
|
+
getAgentOauthProfiles?: () => Record<string, string> | undefined;
|
|
42
65
|
};
|
|
43
66
|
}
|
|
44
67
|
/** Unified auth provider exposing all composed auth modules. */
|
|
@@ -69,7 +69,13 @@ export function createAuthProvider(config) {
|
|
|
69
69
|
const oauthDeps = {
|
|
70
70
|
secretManager,
|
|
71
71
|
eventBus: oauth.eventBus,
|
|
72
|
+
credentialStore: oauth.credentialStore,
|
|
73
|
+
logger: oauth.logger,
|
|
74
|
+
dataDir: oauth.dataDir,
|
|
72
75
|
keyPrefix: oauth.keyPrefix,
|
|
76
|
+
watchPath: oauth.watchPath,
|
|
77
|
+
// Thread the agent oauthProfiles getter through.
|
|
78
|
+
getAgentOauthProfiles: oauth.getAgentOauthProfiles,
|
|
73
79
|
};
|
|
74
80
|
oauthManager = createOAuthTokenManager(oauthDeps);
|
|
75
81
|
}
|
|
@@ -10,9 +10,9 @@
|
|
|
10
10
|
* still routed to Claude Haiku, defeating the cost-tiering intent and
|
|
11
11
|
* causing cross-provider auth confusion (no Anthropic API key configured).
|
|
12
12
|
*
|
|
13
|
-
*
|
|
14
|
-
*
|
|
15
|
-
*
|
|
13
|
+
* The schema default is "" and the value is resolved at runtime: pick the
|
|
14
|
+
* fast-tier model from `resolveOperationDefaults(primaryProvider)`, with
|
|
15
|
+
* `getModels(primaryProvider)[0]` as the catalog-fallback.
|
|
16
16
|
*
|
|
17
17
|
* Note: explicit `compactionModel` values from existing YAML configs win
|
|
18
18
|
* unchanged (length > 0 short-circuits the resolver). No backward-compat
|
|
@@ -11,9 +11,9 @@
|
|
|
11
11
|
* still routed to Claude Haiku, defeating the cost-tiering intent and
|
|
12
12
|
* causing cross-provider auth confusion (no Anthropic API key configured).
|
|
13
13
|
*
|
|
14
|
-
*
|
|
15
|
-
*
|
|
16
|
-
*
|
|
14
|
+
* The schema default is "" and the value is resolved at runtime: pick the
|
|
15
|
+
* fast-tier model from `resolveOperationDefaults(primaryProvider)`, with
|
|
16
|
+
* `getModels(primaryProvider)[0]` as the catalog-fallback.
|
|
17
17
|
*
|
|
18
18
|
* Note: explicit `compactionModel` values from existing YAML configs win
|
|
19
19
|
* unchanged (length > 0 short-circuits the resolver). No backward-compat
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Plaintext file-backed OAuthCredentialStorePort adapter.
|
|
3
|
+
*
|
|
4
|
+
* Default storage backend for OAuth credentials (derives from existing
|
|
5
|
+
* dataDir, no separate config key). Stores all profiles in a single JSON
|
|
6
|
+
* file at ${dataDir}/auth-profiles.json with mode 0o600.
|
|
7
|
+
*
|
|
8
|
+
* Atomic write sequence (full POSIX crash safety on ext4):
|
|
9
|
+
* write tmp 0o600 → fsync(tmpFd) → close(tmpFd) → rename(tmp, canonical)
|
|
10
|
+
* → fsync(parentDirFd) → close(parentDirFd)
|
|
11
|
+
*
|
|
12
|
+
* cron-store.ts does NOT fsync the parent directory; this adapter MUST
|
|
13
|
+
* because OAuth credentials are security-critical (a lost rename due to
|
|
14
|
+
* power-loss-after-data-write would silently log the user out).
|
|
15
|
+
*
|
|
16
|
+
* Per-profile-ID locking via withExecutionLock: different providers and
|
|
17
|
+
* different identities for the same provider can refresh in parallel.
|
|
18
|
+
*
|
|
19
|
+
* Schema versioning: single integer version at top level. Hard-fail on
|
|
20
|
+
* mismatch — pre-1.0 software, no migration plumbing.
|
|
21
|
+
*
|
|
22
|
+
* @module
|
|
23
|
+
*/
|
|
24
|
+
import { type OAuthCredentialStorePort } from "@comis/core";
|
|
25
|
+
export interface OAuthCredentialStoreFileConfig {
|
|
26
|
+
/** Comis data directory (e.g. ~/.comis). The adapter writes to ${dataDir}/auth-profiles.json. */
|
|
27
|
+
dataDir: string;
|
|
28
|
+
}
|
|
29
|
+
/**
|
|
30
|
+
* Create a plaintext file-backed OAuthCredentialStorePort adapter.
|
|
31
|
+
*
|
|
32
|
+
* Atomic, lock-protected, version-validated. Lifecycle:
|
|
33
|
+
* - On factory call: ensures dataDir exists (mkdir 0o700 recursive); cleans up stale .tmp files.
|
|
34
|
+
* - On every set/delete: per-profile-ID file lock → load → mutate → atomic-write.
|
|
35
|
+
* - On every get/has/list: load (no lock — readers see snapshot per POSIX rename atomicity).
|
|
36
|
+
*/
|
|
37
|
+
export declare function createOAuthCredentialStoreFile(config: OAuthCredentialStoreFileConfig): OAuthCredentialStorePort;
|