comisai 1.0.34 → 1.0.37
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/node_modules/@comis/agent/dist/background/auto-background-middleware.d.ts +11 -1
- package/node_modules/@comis/agent/dist/background/auto-background-middleware.js +30 -4
- package/node_modules/@comis/agent/dist/background/background-task-manager.d.ts +22 -2
- package/node_modules/@comis/agent/dist/background/background-task-manager.js +88 -40
- package/node_modules/@comis/agent/dist/background/background-task-persistence.js +34 -4
- package/node_modules/@comis/agent/dist/background/background-task-types.d.ts +59 -3
- package/node_modules/@comis/agent/dist/background/background-task-types.js +1 -1
- package/node_modules/@comis/agent/dist/background/completion-dispatcher.d.ts +130 -0
- package/node_modules/@comis/agent/dist/background/completion-dispatcher.js +215 -0
- package/node_modules/@comis/agent/dist/background/completion-formatter.d.ts +39 -0
- package/node_modules/@comis/agent/dist/background/completion-formatter.js +77 -0
- package/node_modules/@comis/agent/dist/background/completion-runner.d.ts +62 -0
- package/node_modules/@comis/agent/dist/background/completion-runner.js +234 -0
- package/node_modules/@comis/agent/dist/background/index.d.ts +10 -1
- package/node_modules/@comis/agent/dist/background/index.js +4 -0
- package/node_modules/@comis/agent/dist/background/session-resolver.d.ts +85 -0
- package/node_modules/@comis/agent/dist/background/session-resolver.js +78 -0
- package/node_modules/@comis/agent/dist/bootstrap/sections/messaging-sections.js +1 -0
- package/node_modules/@comis/agent/dist/bootstrap/sections/tool-descriptions.js +3 -3
- package/node_modules/@comis/agent/dist/bootstrap/sections/tooling-sections.d.ts +30 -2
- package/node_modules/@comis/agent/dist/bootstrap/sections/tooling-sections.js +51 -2
- package/node_modules/@comis/agent/dist/bootstrap/system-prompt-assembler.d.ts +22 -0
- package/node_modules/@comis/agent/dist/bootstrap/system-prompt-assembler.js +2 -2
- package/node_modules/@comis/agent/dist/bridge/bridge-event-handlers.d.ts +1 -5
- package/node_modules/@comis/agent/dist/bridge/bridge-event-handlers.js +2 -14
- package/node_modules/@comis/agent/dist/bridge/bridge-metrics.d.ts +43 -2
- package/node_modules/@comis/agent/dist/bridge/bridge-metrics.js +17 -2
- package/node_modules/@comis/agent/dist/bridge/pi-event-bridge.d.ts +32 -23
- package/node_modules/@comis/agent/dist/bridge/pi-event-bridge.js +145 -62
- package/node_modules/@comis/agent/dist/bridge/thinking-block-hash-invariant.d.ts +6 -7
- package/node_modules/@comis/agent/dist/bridge/thinking-block-hash-invariant.js +24 -25
- package/node_modules/@comis/agent/dist/budget/cost-tracker.d.ts +1 -1
- package/node_modules/@comis/agent/dist/context-engine/constants.d.ts +5 -5
- package/node_modules/@comis/agent/dist/context-engine/constants.js +12 -12
- package/node_modules/@comis/agent/dist/context-engine/context-engine.js +13 -4
- package/node_modules/@comis/agent/dist/context-engine/dag-annotator.d.ts +1 -2
- package/node_modules/@comis/agent/dist/context-engine/dag-annotator.js +1 -2
- package/node_modules/@comis/agent/dist/context-engine/llm-compaction.js +20 -16
- package/node_modules/@comis/agent/dist/context-engine/rehydration.js +6 -6
- package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.d.ts +12 -12
- package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.js +36 -22
- package/node_modules/@comis/agent/dist/context-engine/signature-surrogate-guard.d.ts +10 -10
- package/node_modules/@comis/agent/dist/context-engine/signature-surrogate-guard.js +14 -14
- package/node_modules/@comis/agent/dist/context-engine/thinking-block-cleaner.d.ts +11 -13
- package/node_modules/@comis/agent/dist/context-engine/thinking-block-cleaner.js +14 -15
- package/node_modules/@comis/agent/dist/context-engine/types-core.d.ts +15 -0
- package/node_modules/@comis/agent/dist/executor/cache-break-detection.d.ts +6 -6
- package/node_modules/@comis/agent/dist/executor/cache-break-detection.js +8 -8
- package/node_modules/@comis/agent/dist/executor/capability-index-context.d.ts +72 -0
- package/node_modules/@comis/agent/dist/executor/capability-index-context.js +329 -0
- package/node_modules/@comis/agent/dist/executor/drain-helper.d.ts +122 -0
- package/node_modules/@comis/agent/dist/executor/drain-helper.js +173 -0
- package/node_modules/@comis/agent/dist/executor/error-classifier.js +2 -2
- package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.d.ts +16 -0
- package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.js +46 -5
- package/node_modules/@comis/agent/dist/executor/executor-post-execution.d.ts +78 -4
- package/node_modules/@comis/agent/dist/executor/executor-post-execution.js +150 -31
- package/node_modules/@comis/agent/dist/executor/executor-prompt-runner.d.ts +7 -0
- package/node_modules/@comis/agent/dist/executor/executor-prompt-runner.js +26 -5
- package/node_modules/@comis/agent/dist/executor/executor-response-filter.d.ts +7 -6
- package/node_modules/@comis/agent/dist/executor/executor-response-filter.js +9 -42
- package/node_modules/@comis/agent/dist/executor/executor-tool-assembly.d.ts +18 -1
- package/node_modules/@comis/agent/dist/executor/executor-tool-assembly.js +20 -18
- package/node_modules/@comis/agent/dist/executor/gemini-cache-injector.d.ts +2 -2
- package/node_modules/@comis/agent/dist/executor/gemini-cache-injector.js +4 -4
- package/node_modules/@comis/agent/dist/executor/jit-guide-injector.d.ts +11 -2
- package/node_modules/@comis/agent/dist/executor/jit-guide-injector.js +16 -2
- package/node_modules/@comis/agent/dist/executor/phase-filter.d.ts +2 -2
- package/node_modules/@comis/agent/dist/executor/phase-filter.js +5 -7
- package/node_modules/@comis/agent/dist/executor/pi-executor.d.ts +21 -2
- package/node_modules/@comis/agent/dist/executor/pi-executor.js +96 -18
- package/node_modules/@comis/agent/dist/executor/post-batch-continuation.js +7 -7
- package/node_modules/@comis/agent/dist/executor/prompt-assembly.d.ts +9 -1
- package/node_modules/@comis/agent/dist/executor/prompt-assembly.js +15 -1
- package/node_modules/@comis/agent/dist/executor/stream-wrappers/request-body-injector.d.ts +1 -1
- package/node_modules/@comis/agent/dist/executor/stream-wrappers/request-body-injector.js +1 -1
- package/node_modules/@comis/agent/dist/executor/tool-deferral.d.ts +18 -27
- package/node_modules/@comis/agent/dist/executor/tool-deferral.js +34 -43
- package/node_modules/@comis/agent/dist/index.d.ts +17 -0
- package/node_modules/@comis/agent/dist/index.js +32 -11
- package/node_modules/@comis/agent/dist/model/auth-provider.d.ts +25 -2
- package/node_modules/@comis/agent/dist/model/auth-provider.js +6 -0
- package/node_modules/@comis/agent/dist/model/compaction-model-resolver.d.ts +3 -3
- package/node_modules/@comis/agent/dist/model/compaction-model-resolver.js +3 -3
- package/node_modules/@comis/agent/dist/model/model-registry-adapter.js +1 -1
- package/node_modules/@comis/agent/dist/model/model-scanner.js +1 -1
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-file.d.ts +37 -0
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-file.js +279 -0
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-selector.d.ts +49 -0
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-selector.js +50 -0
- package/node_modules/@comis/agent/dist/model/oauth-device-code.d.ts +57 -0
- package/node_modules/@comis/agent/dist/model/oauth-device-code.js +302 -0
- package/node_modules/@comis/agent/dist/model/oauth-env.d.ts +33 -0
- package/node_modules/@comis/agent/dist/model/oauth-env.js +38 -0
- package/node_modules/@comis/agent/dist/model/oauth-errors.d.ts +41 -0
- package/node_modules/@comis/agent/dist/model/oauth-errors.js +88 -0
- package/node_modules/@comis/agent/dist/model/oauth-identity.d.ts +53 -0
- package/node_modules/@comis/agent/dist/model/oauth-identity.js +141 -0
- package/node_modules/@comis/agent/dist/model/oauth-login-runner.d.ts +99 -0
- package/node_modules/@comis/agent/dist/model/oauth-login-runner.js +374 -0
- package/node_modules/@comis/agent/dist/model/oauth-tls-preflight.d.ts +58 -0
- package/node_modules/@comis/agent/dist/model/oauth-tls-preflight.js +82 -0
- package/node_modules/@comis/agent/dist/model/oauth-token-manager.d.ts +86 -16
- package/node_modules/@comis/agent/dist/model/oauth-token-manager.js +961 -66
- package/node_modules/@comis/agent/dist/model/operation-model-defaults.d.ts +9 -4
- package/node_modules/@comis/agent/dist/model/operation-model-defaults.js +36 -9
- package/node_modules/@comis/agent/dist/model/resolve-provider-api-key.d.ts +48 -0
- package/node_modules/@comis/agent/dist/model/resolve-provider-api-key.js +66 -0
- package/node_modules/@comis/agent/dist/provider/capabilities.d.ts +5 -5
- package/node_modules/@comis/agent/dist/provider/capabilities.js +10 -23
- package/node_modules/@comis/agent/dist/safety/tool-output-safety.js +3 -3
- package/node_modules/@comis/agent/dist/safety/tool-retry-breaker.d.ts +11 -1
- package/node_modules/@comis/agent/dist/safety/tool-retry-breaker.js +19 -22
- package/node_modules/@comis/agent/dist/session/comis-session-manager.d.ts +17 -3
- package/node_modules/@comis/agent/dist/session/comis-session-manager.js +1 -1
- package/node_modules/@comis/agent/dist/spawn/narrative-caster.d.ts +10 -0
- package/node_modules/@comis/agent/dist/spawn/narrative-caster.js +5 -1
- package/node_modules/@comis/agent/dist/spawn/pi-mono-adapters.d.ts +1 -1
- package/node_modules/@comis/agent/dist/spawn/pi-mono-adapters.js +5 -5
- package/node_modules/@comis/agent/dist/workspace/data-env.d.ts +38 -0
- package/node_modules/@comis/agent/dist/workspace/data-env.js +56 -0
- package/node_modules/@comis/agent/dist/workspace/index.d.ts +1 -0
- package/node_modules/@comis/agent/dist/workspace/index.js +1 -0
- package/node_modules/@comis/agent/dist/workspace/templates.js +5 -1
- package/node_modules/@comis/agent/package.json +1 -1
- package/node_modules/@comis/channels/dist/email/email-adapter.js +6 -6
- package/node_modules/@comis/channels/dist/email/imap-lifecycle.js +7 -7
- package/node_modules/@comis/channels/dist/index.d.ts +1 -1
- package/node_modules/@comis/channels/dist/index.js +1 -1
- package/node_modules/@comis/channels/dist/shared/channel-manager.d.ts +9 -3
- package/node_modules/@comis/channels/dist/shared/deliver-to-channel.js +12 -10
- package/node_modules/@comis/channels/dist/shared/inbound-gate.d.ts +1 -1
- package/node_modules/@comis/channels/dist/shared/inbound-gate.js +22 -7
- package/node_modules/@comis/channels/dist/shared/inbound-pipeline.d.ts +10 -3
- package/node_modules/@comis/channels/dist/shared/inbound-route.d.ts +1 -1
- package/node_modules/@comis/channels/dist/shared/inbound-route.js +13 -2
- package/node_modules/@comis/channels/dist/shared/response-filter.d.ts +11 -24
- package/node_modules/@comis/channels/dist/shared/response-filter.js +25 -53
- package/node_modules/@comis/channels/dist/telegram/telegram-adapter.js +1 -1
- package/node_modules/@comis/channels/package.json +1 -1
- package/node_modules/@comis/cli/dist/cli.js +2 -0
- package/node_modules/@comis/cli/dist/commands/agent.d.ts +3 -3
- package/node_modules/@comis/cli/dist/commands/agent.js +46 -3
- package/node_modules/@comis/cli/dist/commands/auth.d.ts +37 -0
- package/node_modules/@comis/cli/dist/commands/auth.js +433 -0
- package/node_modules/@comis/cli/dist/commands/doctor.d.ts +4 -1
- package/node_modules/@comis/cli/dist/commands/doctor.js +20 -5
- package/node_modules/@comis/cli/dist/commands/providers.d.ts +1 -2
- package/node_modules/@comis/cli/dist/commands/providers.js +5 -6
- package/node_modules/@comis/cli/dist/doctor/checks/oauth-health.d.ts +39 -0
- package/node_modules/@comis/cli/dist/doctor/checks/oauth-health.js +399 -0
- package/node_modules/@comis/cli/dist/doctor/types.d.ts +19 -0
- package/node_modules/@comis/cli/dist/index.d.ts +1 -0
- package/node_modules/@comis/cli/dist/index.js +10 -4
- package/node_modules/@comis/cli/dist/output/relative-time.d.ts +23 -0
- package/node_modules/@comis/cli/dist/output/relative-time.js +36 -0
- package/node_modules/@comis/cli/dist/wizard/non-interactive.js +17 -8
- package/node_modules/@comis/cli/dist/wizard/steps/03-provider.js +2 -1
- package/node_modules/@comis/cli/dist/wizard/steps/04-credentials.js +223 -34
- package/node_modules/@comis/cli/dist/wizard/steps/10-write-config.js +14 -0
- package/node_modules/@comis/cli/dist/wizard/steps/11-daemon-start.js +3 -3
- package/node_modules/@comis/cli/dist/wizard/types.d.ts +7 -0
- package/node_modules/@comis/cli/package.json +1 -1
- package/node_modules/@comis/core/dist/bootstrap.d.ts +1 -1
- package/node_modules/@comis/core/dist/config/env-substitution.d.ts +66 -0
- package/node_modules/@comis/core/dist/config/env-substitution.js +115 -0
- package/node_modules/@comis/core/dist/config/field-metadata.js +2 -0
- package/node_modules/@comis/core/dist/config/immutable-keys.js +4 -1
- package/node_modules/@comis/core/dist/config/index.d.ts +7 -1
- package/node_modules/@comis/core/dist/config/index.js +4 -1
- package/node_modules/@comis/core/dist/config/loader.js +61 -0
- package/node_modules/@comis/core/dist/config/managed-sections.d.ts +3 -3
- package/node_modules/@comis/core/dist/config/managed-sections.js +10 -5
- package/node_modules/@comis/core/dist/config/schema-agent.d.ts +4 -792
- package/node_modules/@comis/core/dist/config/schema-agent.js +16 -1
- package/node_modules/@comis/core/dist/config/schema-approvals.d.ts +0 -14
- package/node_modules/@comis/core/dist/config/schema-auto-reply-engine.d.ts +0 -6
- package/node_modules/@comis/core/dist/config/schema-background-tasks.d.ts +1 -6
- package/node_modules/@comis/core/dist/config/schema-background-tasks.js +7 -0
- package/node_modules/@comis/core/dist/config/schema-browser.d.ts +0 -18
- package/node_modules/@comis/core/dist/config/schema-channel.d.ts +0 -158
- package/node_modules/@comis/core/dist/config/schema-coalescer.d.ts +0 -5
- package/node_modules/@comis/core/dist/config/schema-daemon.d.ts +0 -32
- package/node_modules/@comis/core/dist/config/schema-delivery.d.ts +1 -17
- package/node_modules/@comis/core/dist/config/schema-delivery.js +2 -0
- package/node_modules/@comis/core/dist/config/schema-documentation.d.ts +0 -12
- package/node_modules/@comis/core/dist/config/schema-embedding.d.ts +0 -20
- package/node_modules/@comis/core/dist/config/schema-envelope.d.ts +0 -15
- package/node_modules/@comis/core/dist/config/schema-gateway.d.ts +0 -37
- package/node_modules/@comis/core/dist/config/schema-gemini-cache.d.ts +0 -4
- package/node_modules/@comis/core/dist/config/schema-gemini-cache.js +0 -2
- package/node_modules/@comis/core/dist/config/schema-integrations.d.ts +0 -318
- package/node_modules/@comis/core/dist/config/schema-lifecycle-reactions.d.ts +0 -18
- package/node_modules/@comis/core/dist/config/schema-memory-review.d.ts +0 -7
- package/node_modules/@comis/core/dist/config/schema-memory.d.ts +0 -16
- package/node_modules/@comis/core/dist/config/schema-messages.d.ts +0 -8
- package/node_modules/@comis/core/dist/config/schema-models.d.ts +0 -15
- package/node_modules/@comis/core/dist/config/schema-notification.d.ts +0 -5
- package/node_modules/@comis/core/dist/config/schema-oauth.d.ts +18 -0
- package/node_modules/@comis/core/dist/config/schema-oauth.js +19 -0
- package/node_modules/@comis/core/dist/config/schema-observability.d.ts +0 -38
- package/node_modules/@comis/core/dist/config/schema-output-retention.d.ts +34 -0
- package/node_modules/@comis/core/dist/config/schema-output-retention.js +48 -0
- package/node_modules/@comis/core/dist/config/schema-plugins.d.ts +0 -8
- package/node_modules/@comis/core/dist/config/schema-providers.d.ts +0 -64
- package/node_modules/@comis/core/dist/config/schema-queue.d.ts +0 -58
- package/node_modules/@comis/core/dist/config/schema-response-prefix.d.ts +0 -2
- package/node_modules/@comis/core/dist/config/schema-retry.d.ts +0 -6
- package/node_modules/@comis/core/dist/config/schema-scheduler.d.ts +0 -39
- package/node_modules/@comis/core/dist/config/schema-secrets.d.ts +0 -3
- package/node_modules/@comis/core/dist/config/schema-security.d.ts +0 -18
- package/node_modules/@comis/core/dist/config/schema-send-policy.d.ts +0 -13
- package/node_modules/@comis/core/dist/config/schema-sender-trust-display.d.ts +0 -5
- package/node_modules/@comis/core/dist/config/schema-serializer.js +2 -0
- package/node_modules/@comis/core/dist/config/schema-skills.d.ts +0 -63
- package/node_modules/@comis/core/dist/config/schema-skills.js +3 -4
- package/node_modules/@comis/core/dist/config/schema-streaming.d.ts +0 -38
- package/node_modules/@comis/core/dist/config/schema-telegram-file-guard.d.ts +0 -3
- package/node_modules/@comis/core/dist/config/schema-tooling.d.ts +87 -0
- package/node_modules/@comis/core/dist/config/schema-tooling.js +152 -0
- package/node_modules/@comis/core/dist/config/schema-verbosity.d.ts +0 -12
- package/node_modules/@comis/core/dist/config/schema-webhooks.d.ts +0 -40
- package/node_modules/@comis/core/dist/config/schema.d.ts +50 -37
- package/node_modules/@comis/core/dist/config/schema.js +9 -0
- package/node_modules/@comis/core/dist/context/context.d.ts +0 -4
- package/node_modules/@comis/core/dist/domain/approval-request.d.ts +0 -17
- package/node_modules/@comis/core/dist/domain/background-task-origin.d.ts +29 -0
- package/node_modules/@comis/core/dist/domain/background-task-origin.js +39 -0
- package/node_modules/@comis/core/dist/domain/delivery-origin.d.ts +0 -5
- package/node_modules/@comis/core/dist/domain/execution-graph.d.ts +0 -48
- package/node_modules/@comis/core/dist/domain/memory-entry.d.ts +0 -3
- package/node_modules/@comis/core/dist/domain/model-compat.d.ts +0 -4
- package/node_modules/@comis/core/dist/domain/normalized-message.d.ts +0 -15
- package/node_modules/@comis/core/dist/domain/provider-capabilities.d.ts +0 -6
- package/node_modules/@comis/core/dist/domain/rich-message.d.ts +0 -14
- package/node_modules/@comis/core/dist/domain/subagent-context-config.d.ts +0 -22
- package/node_modules/@comis/core/dist/domain/subagent-context-types.d.ts +0 -8
- package/node_modules/@comis/core/dist/event-bus/events-agent.d.ts +31 -0
- package/node_modules/@comis/core/dist/event-bus/events-infra.d.ts +76 -2
- package/node_modules/@comis/core/dist/exports/config.d.ts +2 -2
- package/node_modules/@comis/core/dist/exports/config.js +3 -1
- package/node_modules/@comis/core/dist/exports/domain.d.ts +2 -0
- package/node_modules/@comis/core/dist/exports/domain.js +1 -0
- package/node_modules/@comis/core/dist/exports/hooks.d.ts +1 -1
- package/node_modules/@comis/core/dist/exports/ports.d.ts +2 -2
- package/node_modules/@comis/core/dist/exports/ports.js +1 -1
- package/node_modules/@comis/core/dist/ports/channel-plugin.d.ts +0 -13
- package/node_modules/@comis/core/dist/ports/delivery-queue.d.ts +23 -0
- package/node_modules/@comis/core/dist/ports/delivery-queue.js +2 -0
- package/node_modules/@comis/core/dist/ports/index.d.ts +4 -0
- package/node_modules/@comis/core/dist/ports/index.js +5 -0
- package/node_modules/@comis/core/dist/ports/no-op-tool-capability.d.ts +30 -0
- package/node_modules/@comis/core/dist/ports/no-op-tool-capability.js +47 -0
- package/node_modules/@comis/core/dist/ports/oauth-credential-store.d.ts +64 -0
- package/node_modules/@comis/core/dist/ports/oauth-credential-store.js +37 -0
- package/node_modules/@comis/core/dist/ports/tool-capability.d.ts +165 -0
- package/node_modules/@comis/core/dist/ports/tool-capability.js +15 -0
- package/node_modules/@comis/core/dist/security/audit.d.ts +0 -11
- package/node_modules/@comis/core/dist/tool-metadata.d.ts +41 -1
- package/node_modules/@comis/core/dist/tool-metadata.js +1 -1
- package/node_modules/@comis/core/package.json +1 -1
- package/node_modules/@comis/daemon/bundled-skills/skill-creator/scripts/validate-skill.py +1 -1
- package/node_modules/@comis/daemon/dist/daemon-types.d.ts +23 -3
- package/node_modules/@comis/daemon/dist/daemon.js +168 -30
- package/node_modules/@comis/daemon/dist/index.d.ts +2 -0
- package/node_modules/@comis/daemon/dist/index.js +5 -0
- package/node_modules/@comis/daemon/dist/observability/channel-health-logger.js +3 -3
- package/node_modules/@comis/daemon/dist/observability/delivery-queue-logger.js +1 -1
- package/node_modules/@comis/daemon/dist/rpc/agent-handlers.d.ts +22 -1
- package/node_modules/@comis/daemon/dist/rpc/agent-handlers.js +84 -21
- package/node_modules/@comis/daemon/dist/rpc/agent-inline-workspace.d.ts +1 -1
- package/node_modules/@comis/daemon/dist/rpc/agent-inline-workspace.js +3 -3
- package/node_modules/@comis/daemon/dist/rpc/builtin-provider-guard.js +2 -2
- package/node_modules/@comis/daemon/dist/rpc/config-handlers.d.ts +9 -1
- package/node_modules/@comis/daemon/dist/rpc/config-handlers.js +104 -23
- package/node_modules/@comis/daemon/dist/rpc/credential-resolver.d.ts +30 -1
- package/node_modules/@comis/daemon/dist/rpc/credential-resolver.js +74 -11
- package/node_modules/@comis/daemon/dist/rpc/mcp-handlers.d.ts +8 -0
- package/node_modules/@comis/daemon/dist/rpc/mcp-handlers.js +22 -8
- package/node_modules/@comis/daemon/dist/rpc/model-handlers.d.ts +1 -1
- package/node_modules/@comis/daemon/dist/rpc/model-handlers.js +2 -2
- package/node_modules/@comis/daemon/dist/rpc/provider-handlers.js +9 -12
- package/node_modules/@comis/daemon/dist/rpc/rpc-dispatch.d.ts +1 -0
- package/node_modules/@comis/daemon/dist/rpc/rpc-dispatch.js +27 -2
- package/node_modules/@comis/daemon/dist/setup-docker-restart-warn.js +0 -1
- package/node_modules/@comis/daemon/dist/sub-agent-runner.d.ts +18 -0
- package/node_modules/@comis/daemon/dist/sub-agent-runner.js +41 -9
- package/node_modules/@comis/daemon/dist/wiring/index.d.ts +4 -0
- package/node_modules/@comis/daemon/dist/wiring/index.js +2 -0
- package/node_modules/@comis/daemon/dist/wiring/oauth-preflight.d.ts +21 -0
- package/node_modules/@comis/daemon/dist/wiring/oauth-preflight.js +134 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-agents.d.ts +81 -2
- package/node_modules/@comis/daemon/dist/wiring/setup-agents.js +164 -3
- package/node_modules/@comis/daemon/dist/wiring/setup-background-completion-runner.d.ts +58 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-background-completion-runner.js +59 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-background-tasks.d.ts +10 -3
- package/node_modules/@comis/daemon/dist/wiring/setup-background-tasks.js +13 -7
- package/node_modules/@comis/daemon/dist/wiring/setup-channels.d.ts +9 -2
- package/node_modules/@comis/daemon/dist/wiring/setup-channels.js +35 -10
- package/node_modules/@comis/daemon/dist/wiring/setup-cross-session.d.ts +20 -5
- package/node_modules/@comis/daemon/dist/wiring/setup-cross-session.js +21 -16
- package/node_modules/@comis/daemon/dist/wiring/setup-delivery.d.ts +14 -5
- package/node_modules/@comis/daemon/dist/wiring/setup-delivery.js +65 -20
- package/node_modules/@comis/daemon/dist/wiring/setup-gateway.d.ts +4 -6
- package/node_modules/@comis/daemon/dist/wiring/setup-gateway.js +3 -5
- package/node_modules/@comis/daemon/dist/wiring/setup-heartbeat.d.ts +20 -5
- package/node_modules/@comis/daemon/dist/wiring/setup-heartbeat.js +11 -2
- package/node_modules/@comis/daemon/dist/wiring/setup-output-retention.d.ts +89 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-output-retention.js +212 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-schedulers.js +4 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-tools.d.ts +18 -4
- package/node_modules/@comis/daemon/dist/wiring/setup-tools.js +29 -10
- package/node_modules/@comis/daemon/dist/wiring/tool-capability-adapter.d.ts +75 -0
- package/node_modules/@comis/daemon/dist/wiring/tool-capability-adapter.js +253 -0
- package/node_modules/@comis/daemon/package.json +1 -1
- package/node_modules/@comis/gateway/dist/index.d.ts +2 -0
- package/node_modules/@comis/gateway/dist/index.js +2 -0
- package/node_modules/@comis/gateway/dist/oauth/oauth-callback-route.d.ts +66 -0
- package/node_modules/@comis/gateway/dist/oauth/oauth-callback-route.js +212 -0
- package/node_modules/@comis/gateway/dist/server/hono-server.d.ts +14 -0
- package/node_modules/@comis/gateway/dist/server/hono-server.js +10 -0
- package/node_modules/@comis/gateway/dist/webhook/webhook-endpoint.d.ts +0 -4
- package/node_modules/@comis/gateway/package.json +1 -1
- package/node_modules/@comis/infra/dist/logging/log-fields.d.ts +23 -0
- package/node_modules/@comis/infra/package.json +1 -1
- package/node_modules/@comis/memory/dist/compaction.d.ts +3 -5
- package/node_modules/@comis/memory/dist/compaction.js +2 -3
- package/node_modules/@comis/memory/dist/delivery-queue-adapter.d.ts +2 -2
- package/node_modules/@comis/memory/dist/delivery-queue-adapter.js +49 -1
- package/node_modules/@comis/memory/dist/index.d.ts +2 -0
- package/node_modules/@comis/memory/dist/index.js +3 -0
- package/node_modules/@comis/memory/dist/memory-api.d.ts +1 -1
- package/node_modules/@comis/memory/dist/memory-api.js +1 -1
- package/node_modules/@comis/memory/dist/oauth-profile-schema.d.ts +17 -0
- package/node_modules/@comis/memory/dist/oauth-profile-schema.js +33 -0
- package/node_modules/@comis/memory/dist/oauth-profile-store-encrypted.d.ts +27 -0
- package/node_modules/@comis/memory/dist/oauth-profile-store-encrypted.js +144 -0
- package/node_modules/@comis/memory/dist/session-store.d.ts +1 -1
- package/node_modules/@comis/memory/dist/session-store.js +1 -1
- package/node_modules/@comis/memory/dist/sqlite-secret-store.d.ts +29 -3
- package/node_modules/@comis/memory/dist/sqlite-secret-store.js +11 -3
- package/node_modules/@comis/memory/package.json +1 -1
- package/node_modules/@comis/scheduler/dist/cron/cron-types.d.ts +0 -42
- package/node_modules/@comis/scheduler/dist/execution/execution-lock.d.ts +13 -0
- package/node_modules/@comis/scheduler/dist/execution/execution-lock.js +1 -1
- package/node_modules/@comis/scheduler/dist/execution/index.d.ts +2 -0
- package/node_modules/@comis/scheduler/dist/execution/index.js +2 -0
- package/node_modules/@comis/scheduler/dist/heartbeat/agent-heartbeat-source.d.ts +29 -8
- package/node_modules/@comis/scheduler/dist/heartbeat/agent-heartbeat-source.js +20 -8
- package/node_modules/@comis/scheduler/dist/index.d.ts +2 -0
- package/node_modules/@comis/scheduler/dist/index.js +2 -0
- package/node_modules/@comis/scheduler/dist/system-events/system-event-types.d.ts +0 -3
- package/node_modules/@comis/scheduler/dist/tasks/task-types.d.ts +0 -17
- package/node_modules/@comis/scheduler/package.json +1 -1
- package/node_modules/@comis/shared/dist/index.d.ts +3 -0
- package/node_modules/@comis/shared/dist/index.js +4 -0
- package/node_modules/@comis/shared/dist/mcp-tool-name.d.ts +78 -0
- package/node_modules/@comis/shared/dist/mcp-tool-name.js +92 -0
- package/node_modules/@comis/shared/dist/silent-tokens.d.ts +38 -0
- package/node_modules/@comis/shared/dist/silent-tokens.js +51 -0
- package/node_modules/@comis/shared/dist/visible-delivery.d.ts +28 -0
- package/node_modules/@comis/shared/dist/visible-delivery.js +16 -0
- package/node_modules/@comis/shared/package.json +1 -1
- package/node_modules/@comis/skills/dist/bridge/mcp-tool-bridge.d.ts +2 -13
- package/node_modules/@comis/skills/dist/bridge/mcp-tool-bridge.js +3 -21
- package/node_modules/@comis/skills/dist/bridge/schema-validator.d.ts +38 -0
- package/node_modules/@comis/skills/dist/bridge/schema-validator.js +169 -0
- package/node_modules/@comis/skills/dist/bridge/tool-metadata-enforcement.js +12 -0
- package/node_modules/@comis/skills/dist/bridge/tool-metadata-registry.js +133 -3
- package/node_modules/@comis/skills/dist/builtin/exec-diagnostics.d.ts +32 -0
- package/node_modules/@comis/skills/dist/builtin/exec-diagnostics.js +127 -0
- package/node_modules/@comis/skills/dist/builtin/exec-security.js +38 -0
- package/node_modules/@comis/skills/dist/builtin/exec-tool.d.ts +55 -9
- package/node_modules/@comis/skills/dist/builtin/exec-tool.js +392 -19
- package/node_modules/@comis/skills/dist/builtin/file-tools/grep-tool.js +6 -6
- package/node_modules/@comis/skills/dist/builtin/install-detour.d.ts +67 -0
- package/node_modules/@comis/skills/dist/builtin/install-detour.js +342 -0
- package/node_modules/@comis/skills/dist/builtin/platform/admin-manage-factory.js +5 -5
- package/node_modules/@comis/skills/dist/builtin/platform/agents-manage-tool.d.ts +7 -6
- package/node_modules/@comis/skills/dist/builtin/platform/agents-manage-tool.js +40 -29
- package/node_modules/@comis/skills/dist/builtin/platform/background-tasks-tool.d.ts +4 -1
- package/node_modules/@comis/skills/dist/builtin/platform/background-tasks-tool.js +3 -3
- package/node_modules/@comis/skills/dist/builtin/platform/cron-tool.js +1 -1
- package/node_modules/@comis/skills/dist/builtin/platform/gateway-tool.js +6 -6
- package/node_modules/@comis/skills/dist/builtin/platform/mcp-manage-tool.d.ts +1 -1
- package/node_modules/@comis/skills/dist/builtin/platform/mcp-manage-tool.js +9 -9
- package/node_modules/@comis/skills/dist/builtin/platform/message-tool.js +18 -0
- package/node_modules/@comis/skills/dist/builtin/platform/messaging-factory.d.ts +18 -1
- package/node_modules/@comis/skills/dist/builtin/platform/messaging-factory.js +18 -2
- package/node_modules/@comis/skills/dist/builtin/platform/models-manage-tool.js +3 -3
- package/node_modules/@comis/skills/dist/builtin/process-registry.d.ts +14 -0
- package/node_modules/@comis/skills/dist/builtin/process-tool.d.ts +24 -4
- package/node_modules/@comis/skills/dist/builtin/process-tool.js +25 -7
- package/node_modules/@comis/skills/dist/builtin/sandbox/bwrap-provider.d.ts +11 -0
- package/node_modules/@comis/skills/dist/builtin/sandbox/bwrap-provider.js +123 -1
- package/node_modules/@comis/skills/dist/builtin/sandbox/detect-provider.js +40 -15
- package/node_modules/@comis/skills/dist/index.d.ts +4 -1
- package/node_modules/@comis/skills/dist/index.js +3 -1
- package/node_modules/@comis/skills/dist/manifest/capability-parser.d.ts +44 -0
- package/node_modules/@comis/skills/dist/manifest/capability-parser.js +68 -0
- package/node_modules/@comis/skills/dist/manifest/schema.d.ts +44 -37
- package/node_modules/@comis/skills/dist/manifest/schema.js +35 -0
- package/node_modules/@comis/skills/dist/media/ssrf-fetcher.d.ts +7 -0
- package/node_modules/@comis/skills/dist/media/ssrf-fetcher.js +9 -2
- package/node_modules/@comis/skills/dist/registry/discovery.d.ts +8 -0
- package/node_modules/@comis/skills/dist/registry/discovery.js +10 -3
- package/node_modules/@comis/skills/dist/registry/skill-registry.d.ts +45 -1
- package/node_modules/@comis/skills/dist/registry/skill-registry.js +70 -7
- package/node_modules/@comis/skills/package.json +1 -1
- package/node_modules/@comis/web/dist/assets/{agent-detail-71BSbSfD.js → agent-detail-q8t1NB7w.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{agent-editor-CTSDZhwT.js → agent-editor-B46io5gv.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{agent-list-BEhni2ea.js → agent-list-DQ6g2Rcx.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{billing-view-DVP1IvVs.js → billing-view-IWPR8LgF.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{channel-detail-N_YK74xC.js → channel-detail-DlNNZuuC.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{channel-list-DRk6ZJaF.js → channel-list-DhGwxiMc.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{chat-console-Dm-GtSf9.js → chat-console-Nv6fM3Rc.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{config-editor-CIferYX6.js → config-editor-BYKuJF76.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{context-dag-browser-CL84rXXM.js → context-dag-browser-ClNEtzYE.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{context-engine-B1HOTEZv.js → context-engine-BZJ6HChd.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{delivery-view-Y6JKYVFw.js → delivery-view-Cb7I3vGu.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{diagnostics-view-DWV1UQjz.js → diagnostics-view-9u9Lyu5a.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{ic-chat-message-DfSERzzg.js → ic-chat-message-BFt3cVpx.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{ic-connection-dot-CXyhlJup.js → ic-connection-dot-y77LZ3Gu.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{ic-tool-call-DNmwTjek.js → ic-tool-call-qt6w1NQl.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{index-CBr0Tm9_.js → index-8Tg9oc-C.js} +2 -2
- package/node_modules/@comis/web/dist/assets/{mcp-management-BaH2-vox.js → mcp-management-69dtH_kY.js} +2 -2
- package/node_modules/@comis/web/dist/assets/{media-config-CZLshJoN.js → media-config-BdjLj5c1.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{media-test-C9NUWgo_.js → media-test-DuPqrixi.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{memory-inspector-D_fmTcRN.js → memory-inspector-B-Pepbq-.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{message-center-BBFlNCZn.js → message-center-B7l0yNYY.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{models-BytGLm99.js → models-JHFHuv5S.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{observe-view-VXtHqaqq.js → observe-view-r8mqhy4O.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-builder-CfXczlfJ.js → pipeline-builder-XjkiZRcR.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-history-CPmXFnbe.js → pipeline-history-CZqJv_Hj.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-history-detail-DcueTMs9.js → pipeline-history-detail-BEFGMoDy.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-list-B-xG5WZh.js → pipeline-list-B6q5LvO1.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-monitor-pnIOYaSY.js → pipeline-monitor-BNomXjVL.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{scheduler-BtUIFHhA.js → scheduler-BJEjcGKA.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{security-C8mWRq2y.js → security-2G1jhBfV.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{session-detail-DgdkO5ka.js → session-detail-DmVPzFBR.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{session-list-DcylcfTn.js → session-list-CsqMQoHs.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{setup-wizard-BP5yjsuL.js → setup-wizard-CAdM-gSP.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{skills-DXt1bX8Z.js → skills-2ODqKaWr.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{subagents-C7YbUHXY.js → subagents-BFlwfTbD.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{workspace-manager-DP6pW4wa.js → workspace-manager--CbOx_dI.js} +1 -1
- package/node_modules/@comis/web/dist/index.html +1 -1
- package/node_modules/@comis/web/package.json +1 -1
- package/package.json +25 -24
|
@@ -72,7 +72,7 @@ export function createBackgroundTasksTool(deps) {
|
|
|
72
72
|
case "get": {
|
|
73
73
|
const taskId = readStringParam(p, "taskId");
|
|
74
74
|
const task = deps.manager.getTask(taskId);
|
|
75
|
-
if (!task || task.agentId !== deps.agentId) {
|
|
75
|
+
if (!task || task.origin.agentId !== deps.agentId) {
|
|
76
76
|
return {
|
|
77
77
|
content: [{ type: "text", text: `Error: Task not found: ${taskId}` }],
|
|
78
78
|
details: null,
|
|
@@ -96,7 +96,7 @@ export function createBackgroundTasksTool(deps) {
|
|
|
96
96
|
case "cancel": {
|
|
97
97
|
const taskId = readStringParam(p, "taskId");
|
|
98
98
|
const task = deps.manager.getTask(taskId);
|
|
99
|
-
if (!task || task.agentId !== deps.agentId) {
|
|
99
|
+
if (!task || task.origin.agentId !== deps.agentId) {
|
|
100
100
|
return {
|
|
101
101
|
content: [{ type: "text", text: `Error: Task not found: ${taskId}` }],
|
|
102
102
|
details: null,
|
|
@@ -117,7 +117,7 @@ export function createBackgroundTasksTool(deps) {
|
|
|
117
117
|
case "read_output": {
|
|
118
118
|
const taskId = readStringParam(p, "taskId");
|
|
119
119
|
const task = deps.manager.getTask(taskId);
|
|
120
|
-
if (!task || task.agentId !== deps.agentId) {
|
|
120
|
+
if (!task || task.origin.agentId !== deps.agentId) {
|
|
121
121
|
return {
|
|
122
122
|
content: [{ type: "text", text: `Error: Task not found: ${taskId}` }],
|
|
123
123
|
details: null,
|
|
@@ -39,7 +39,7 @@ const CronToolParams = Type.Object({
|
|
|
39
39
|
payload_text: Type.Optional(Type.String({ description: "Payload text or message content" })),
|
|
40
40
|
// session strategy params
|
|
41
41
|
session_strategy: Type.Optional(Type.Union([Type.Literal("fresh"), Type.Literal("rolling"), Type.Literal("accumulate")], {
|
|
42
|
-
description: "Session history strategy for recurring jobs. Valid values: fresh (new session each run), rolling (keep last N turns), accumulate (keep all history). Default: fresh",
|
|
42
|
+
description: "Session history strategy for recurring jobs. Valid values: fresh (new session each run; default and STRONGLY PREFERRED for cadences ≥ 10 minutes), rolling (keep last N turns; ONLY use when cadence < 5 minutes), accumulate (keep all history; rarely correct, leaks across runs). Rationale: cron uses a 5-minute prompt cache TTL, so any cadence longer than that wastes cache-write spend on rolling/accumulate — the cache is always cold by the next tick. Pick fresh unless cross-tick session memory is essential and cadence is < 5 minutes. Default: fresh",
|
|
43
43
|
})),
|
|
44
44
|
max_history_turns: Type.Optional(Type.Integer({ description: "Number of recent turns to keep for rolling strategy (default 3)" })),
|
|
45
45
|
model: Type.Optional(Type.String({
|
|
@@ -165,16 +165,16 @@ export function createGatewayTool(rpcCall, logger) {
|
|
|
165
165
|
hint: "Ask the user to confirm this restart, then call again with _confirmed: true.",
|
|
166
166
|
};
|
|
167
167
|
}
|
|
168
|
-
//
|
|
169
|
-
//
|
|
170
|
-
//
|
|
171
|
-
//
|
|
172
|
-
//
|
|
168
|
+
// Inside Docker the restart relies entirely on the container's
|
|
169
|
+
// restart policy to bring the daemon back. Surface a structured
|
|
170
|
+
// WARN so the operator gets a breadcrumb in `docker logs`
|
|
171
|
+
// pointing at `--restart unless-stopped`. Tool result schema
|
|
172
|
+
// unchanged (Pino-only -- no extra content blocks).
|
|
173
173
|
if (isDocker()) {
|
|
174
174
|
logger.warn({
|
|
175
175
|
hint: "Container must have --restart unless-stopped (or compose restart: unless-stopped) for the restart to bring it back. Otherwise run 'docker restart <name>' from your host after the daemon exits.",
|
|
176
176
|
errorKind: "config",
|
|
177
|
-
|
|
177
|
+
submodule: "skill.gateway",
|
|
178
178
|
}, "Daemon restart requested inside Docker container — relies on container restart policy");
|
|
179
179
|
}
|
|
180
180
|
return rpcCall("gateway.restart", { _trustLevel });
|
|
@@ -13,7 +13,7 @@ import type { ApprovalGate } from "@comis/core";
|
|
|
13
13
|
import type { RpcCall } from "./cron-tool.js";
|
|
14
14
|
declare const McpManageToolParams: Type.TObject<{
|
|
15
15
|
action: Type.TUnion<[Type.TLiteral<"list">, Type.TLiteral<"status">, Type.TLiteral<"connect">, Type.TLiteral<"disconnect">, Type.TLiteral<"reconnect">]>;
|
|
16
|
-
|
|
16
|
+
server_name: Type.TOptional<Type.TString>;
|
|
17
17
|
transport: Type.TOptional<Type.TString>;
|
|
18
18
|
command: Type.TOptional<Type.TString>;
|
|
19
19
|
args: Type.TOptional<Type.TArray<Type.TString>>;
|
|
@@ -22,7 +22,7 @@ const McpManageToolParams = Type.Object({
|
|
|
22
22
|
Type.Literal("disconnect"),
|
|
23
23
|
Type.Literal("reconnect"),
|
|
24
24
|
], { description: "MCP server management action. Valid values: list (all servers with status), status (detailed single server info), connect (add new server), disconnect (remove server), reconnect (restart server connection)" }),
|
|
25
|
-
|
|
25
|
+
server_name: Type.Optional(Type.String({
|
|
26
26
|
description: "MCP server name. Required for status/connect/disconnect/reconnect.",
|
|
27
27
|
})),
|
|
28
28
|
transport: Type.Optional(Type.String({
|
|
@@ -72,14 +72,14 @@ export function createMcpManageTool(rpcCall, approvalGate) {
|
|
|
72
72
|
return rpcCall("mcp.list", { _trustLevel: ctx.trustLevel });
|
|
73
73
|
},
|
|
74
74
|
async status(p, rpcCall, ctx) {
|
|
75
|
-
const name = readStringParam(p, "
|
|
76
|
-
return rpcCall("mcp.status", { name, _trustLevel: ctx.trustLevel });
|
|
75
|
+
const name = readStringParam(p, "server_name");
|
|
76
|
+
return rpcCall("mcp.status", { server_name: name, _trustLevel: ctx.trustLevel });
|
|
77
77
|
},
|
|
78
78
|
async connect(p, rpcCall, ctx) {
|
|
79
|
-
const name = readStringParam(p, "
|
|
79
|
+
const name = readStringParam(p, "server_name");
|
|
80
80
|
const transport = readStringParam(p, "transport");
|
|
81
81
|
return rpcCall("mcp.connect", {
|
|
82
|
-
name,
|
|
82
|
+
server_name: name,
|
|
83
83
|
transport,
|
|
84
84
|
command: p.command,
|
|
85
85
|
args: p.args,
|
|
@@ -89,13 +89,13 @@ export function createMcpManageTool(rpcCall, approvalGate) {
|
|
|
89
89
|
});
|
|
90
90
|
},
|
|
91
91
|
async disconnect(p, rpcCall, ctx) {
|
|
92
|
-
const name = readStringParam(p, "
|
|
93
|
-
return rpcCall("mcp.disconnect", { name, _trustLevel: ctx.trustLevel });
|
|
92
|
+
const name = readStringParam(p, "server_name");
|
|
93
|
+
return rpcCall("mcp.disconnect", { server_name: name, _trustLevel: ctx.trustLevel });
|
|
94
94
|
},
|
|
95
95
|
async reconnect(p, rpcCall, ctx) {
|
|
96
|
-
const name = readStringParam(p, "
|
|
96
|
+
const name = readStringParam(p, "server_name");
|
|
97
97
|
return rpcCall("mcp.reconnect", {
|
|
98
|
-
name,
|
|
98
|
+
server_name: name,
|
|
99
99
|
transport: p.transport,
|
|
100
100
|
command: p.command,
|
|
101
101
|
args: p.args,
|
|
@@ -186,5 +186,23 @@ export function createMessageTool(rpcCall) {
|
|
|
186
186
|
}
|
|
187
187
|
}
|
|
188
188
|
},
|
|
189
|
+
// Capture visibleDelivery on attach.
|
|
190
|
+
// The augmenter writes to JSONL `details` only — never to `content` —
|
|
191
|
+
// so the OpenAI Responses converter strips it before re-injection.
|
|
192
|
+
augmentDetails: {
|
|
193
|
+
attach: (params, _result) => {
|
|
194
|
+
const channelType = typeof params.channel_type === "string" ? params.channel_type : "";
|
|
195
|
+
const channelId = typeof params.channel_id === "string" ? params.channel_id : "";
|
|
196
|
+
const caption = typeof params.caption === "string" ? params.caption : undefined;
|
|
197
|
+
const record = {
|
|
198
|
+
kind: "attachment",
|
|
199
|
+
channelType,
|
|
200
|
+
channelId,
|
|
201
|
+
...(caption !== undefined && { caption }),
|
|
202
|
+
deliveredAt: Date.now(),
|
|
203
|
+
};
|
|
204
|
+
return { visibleDelivery: record };
|
|
205
|
+
},
|
|
206
|
+
},
|
|
189
207
|
}, rpcCall);
|
|
190
208
|
}
|
|
@@ -60,13 +60,30 @@ export interface MultiActionDispatchConfig<T extends TSchema> {
|
|
|
60
60
|
/** Per-action handler. Called with validated action, raw params, and rpcCall.
|
|
61
61
|
* Must return the result to be wrapped in jsonResult. */
|
|
62
62
|
actionHandler: (action: string, params: Record<string, unknown>, rpcCall: RpcCall) => Promise<unknown>;
|
|
63
|
+
/**
|
|
64
|
+
* Optional per-action callback to AUGMENT the `details` field of the returned
|
|
65
|
+
* AgentToolResult. Called AFTER the actionHandler resolves; receives the raw
|
|
66
|
+
* params, the actionHandler's result, and returns an object whose entries are
|
|
67
|
+
* merged into `jsonResult(result).details`.
|
|
68
|
+
*
|
|
69
|
+
* Used by `message(action='attach')` to capture `visibleDelivery` for JSONL
|
|
70
|
+
* persistence. Caller-driven — the factory itself does not assume any
|
|
71
|
+
* specific augmentation shape.
|
|
72
|
+
*
|
|
73
|
+
* The augmenter MUST NOT touch `wrapped.content` — the OpenAI Responses
|
|
74
|
+
* converter strips `msg.content` only, so anything in `details` is
|
|
75
|
+
* JSONL-only and never re-enters the prompt context.
|
|
76
|
+
*/
|
|
77
|
+
augmentDetails?: Partial<Record<string, (params: Record<string, unknown>, result: unknown) => Record<string, unknown>>>;
|
|
63
78
|
}
|
|
64
79
|
/**
|
|
65
80
|
* Create a multi-action tool that validates the action parameter then
|
|
66
81
|
* delegates to an action handler.
|
|
67
82
|
*
|
|
68
83
|
* Handles the common pattern: action validation via readEnumParam +
|
|
69
|
-
* action handler dispatch + jsonResult + error handling.
|
|
84
|
+
* action handler dispatch + jsonResult + error handling. Optionally
|
|
85
|
+
* augments the returned `details` field via `config.augmentDetails[action]`
|
|
86
|
+
* (see `MultiActionDispatchConfig.augmentDetails`).
|
|
70
87
|
*
|
|
71
88
|
* @param config - Tool configuration
|
|
72
89
|
* @param rpcCall - RPC call function
|
|
@@ -54,7 +54,9 @@ export function createRpcDispatchTool(config, rpcCall) {
|
|
|
54
54
|
* delegates to an action handler.
|
|
55
55
|
*
|
|
56
56
|
* Handles the common pattern: action validation via readEnumParam +
|
|
57
|
-
* action handler dispatch + jsonResult + error handling.
|
|
57
|
+
* action handler dispatch + jsonResult + error handling. Optionally
|
|
58
|
+
* augments the returned `details` field via `config.augmentDetails[action]`
|
|
59
|
+
* (see `MultiActionDispatchConfig.augmentDetails`).
|
|
58
60
|
*
|
|
59
61
|
* @param config - Tool configuration
|
|
60
62
|
* @param rpcCall - RPC call function
|
|
@@ -71,7 +73,21 @@ export function createMultiActionDispatchTool(config, rpcCall) {
|
|
|
71
73
|
const p = params;
|
|
72
74
|
const action = readEnumParam(p, "action", config.validActions);
|
|
73
75
|
const result = await config.actionHandler(action, p, rpcCall);
|
|
74
|
-
|
|
76
|
+
const wrapped = jsonResult(result);
|
|
77
|
+
// Opt-in details augmentation. Caller registers a per-action
|
|
78
|
+
// augmenter; the factory merges its output into details.
|
|
79
|
+
// The augmenter MUST NOT touch `wrapped.content` — the OpenAI Responses
|
|
80
|
+
// converter strips msg.content only, so anything in details is
|
|
81
|
+
// JSONL-only and never re-enters the prompt context.
|
|
82
|
+
const augmenter = config.augmentDetails?.[action];
|
|
83
|
+
if (augmenter) {
|
|
84
|
+
const augmented = augmenter(p, result);
|
|
85
|
+
return {
|
|
86
|
+
...wrapped,
|
|
87
|
+
details: { ...(wrapped.details ?? {}), ...augmented },
|
|
88
|
+
};
|
|
89
|
+
}
|
|
90
|
+
return wrapped;
|
|
75
91
|
}
|
|
76
92
|
catch (err) {
|
|
77
93
|
if (err instanceof Error && err.message.startsWith("["))
|
|
@@ -72,9 +72,9 @@ export function createModelsManageTool(rpcCall) {
|
|
|
72
72
|
const provider = readStringParam(p, "provider");
|
|
73
73
|
return rpcCall("models.test", { provider, _trustLevel: ctx.trustLevel });
|
|
74
74
|
},
|
|
75
|
-
//
|
|
76
|
-
//
|
|
77
|
-
//
|
|
75
|
+
// Live native-catalog provider list for agent self-discovery.
|
|
76
|
+
// Pairs with the tool-guide pointer so the agent can confirm which
|
|
77
|
+
// names auto-promote in providers.create.
|
|
78
78
|
async list_providers(_p, rpcCall, ctx) {
|
|
79
79
|
return rpcCall("models.list_providers", { _trustLevel: ctx.trustLevel });
|
|
80
80
|
},
|
|
@@ -7,6 +7,7 @@
|
|
|
7
7
|
* @module
|
|
8
8
|
*/
|
|
9
9
|
import type { ChildProcess } from "node:child_process";
|
|
10
|
+
import type { InstallDetourDecision } from "./install-detour.js";
|
|
10
11
|
export interface ProcessSession {
|
|
11
12
|
readonly id: string;
|
|
12
13
|
readonly command: string;
|
|
@@ -21,6 +22,19 @@ export interface ProcessSession {
|
|
|
21
22
|
readonly sandboxed: boolean;
|
|
22
23
|
readonly autoBackgrounded?: boolean;
|
|
23
24
|
readonly description?: string;
|
|
25
|
+
/**
|
|
26
|
+
* Install-detour decision captured at spawn time. Populated at the three
|
|
27
|
+
* exec-tool spawn sites (auto-bg, explicit-bg, foreground escalating to
|
|
28
|
+
* background) when the spawn-time parser detected overlap AND the mode was
|
|
29
|
+
* `advise`. Soft-stop refuses pre-spawn — no session exists for those
|
|
30
|
+
* calls; this field is never populated for soft-stop refusals.
|
|
31
|
+
*
|
|
32
|
+
* `process.status` reads this back on retroactive hint augmentation rather
|
|
33
|
+
* than re-deriving from current connected-server state — the connected
|
|
34
|
+
* server set may have drifted since spawn, which would produce an
|
|
35
|
+
* inconsistent hint vs the spawn-time event.
|
|
36
|
+
*/
|
|
37
|
+
readonly installDetourDecision?: InstallDetourDecision;
|
|
24
38
|
}
|
|
25
39
|
export interface ProcessRegistry {
|
|
26
40
|
add(session: ProcessSession): void;
|
|
@@ -14,6 +14,7 @@
|
|
|
14
14
|
import type { AgentTool } from "@mariozechner/pi-agent-core";
|
|
15
15
|
import { Type } from "typebox";
|
|
16
16
|
import type { ProcessRegistry } from "./process-registry.js";
|
|
17
|
+
import type { ToolCapabilityPort } from "@comis/core";
|
|
17
18
|
declare const ProcessParams: Type.TObject<{
|
|
18
19
|
action: Type.TUnion<[Type.TLiteral<"list">, Type.TLiteral<"kill">, Type.TLiteral<"status">, Type.TLiteral<"log">]>;
|
|
19
20
|
sessionId: Type.TOptional<Type.TString>;
|
|
@@ -25,12 +26,31 @@ interface ToolLogger {
|
|
|
25
26
|
debug(obj: Record<string, unknown>, msg: string): void;
|
|
26
27
|
info(obj: Record<string, unknown>, msg: string): void;
|
|
27
28
|
}
|
|
29
|
+
/**
|
|
30
|
+
* Dependencies for the process tool factory. Backward compatibility is NOT
|
|
31
|
+
* preserved (see CLAUDE.md user-memory `feedback_no_backward_compat`).
|
|
32
|
+
*
|
|
33
|
+
* `toolCapabilityPort` is REQUIRED — read inside the `case "status":` branch
|
|
34
|
+
* to decide whether to augment the result envelope with the retroactive
|
|
35
|
+
* install-detour hint (read the spawn-time `session.installDetourDecision`
|
|
36
|
+
* rather than re-deriving from current connected-server state, since the
|
|
37
|
+
* connected set may have drifted since spawn). Daemon wiring injects
|
|
38
|
+
* `createNoOpCapabilityPort()` until the real adapter is available.
|
|
39
|
+
*/
|
|
40
|
+
export interface ProcessToolDeps {
|
|
41
|
+
readonly registry: ProcessRegistry;
|
|
42
|
+
readonly logger?: ToolLogger;
|
|
43
|
+
/** REQUIRED for the v1.1 capability layer — used by `process.status` augmentation. */
|
|
44
|
+
readonly toolCapabilityPort: ToolCapabilityPort;
|
|
45
|
+
}
|
|
28
46
|
/**
|
|
29
47
|
* Create a process management tool that delegates to a ProcessRegistry.
|
|
30
48
|
*
|
|
31
|
-
*
|
|
32
|
-
*
|
|
33
|
-
*
|
|
49
|
+
* Uses a deps-object signature; backward compat with the prior positional
|
|
50
|
+
* `(registry, logger?)` shape is NOT preserved.
|
|
51
|
+
*
|
|
52
|
+
* @param deps - Dependencies bundle. See `ProcessToolDeps` for field semantics.
|
|
53
|
+
* @returns AgentTool implementing the process management interface.
|
|
34
54
|
*/
|
|
35
|
-
export declare function createProcessTool(
|
|
55
|
+
export declare function createProcessTool(deps: ProcessToolDeps): AgentTool<typeof ProcessParams>;
|
|
36
56
|
export {};
|
|
@@ -14,6 +14,10 @@
|
|
|
14
14
|
*/
|
|
15
15
|
import { Type } from "typebox";
|
|
16
16
|
import { jsonResult, throwToolError, readEnumParam, readStringParam, readNumberParam, } from "./platform/tool-helpers.js";
|
|
17
|
+
import { buildInstallDetourHint } from "./exec-tool.js";
|
|
18
|
+
// `InstallDetourDecision` is imported transitively via
|
|
19
|
+
// ProcessSession.installDetourDecision (process-registry.ts type-only import);
|
|
20
|
+
// no direct import here — never re-derive at status-query time.
|
|
17
21
|
// ---------------------------------------------------------------------------
|
|
18
22
|
// Parameter schema
|
|
19
23
|
// ---------------------------------------------------------------------------
|
|
@@ -30,17 +34,19 @@ const ProcessParams = Type.Object({
|
|
|
30
34
|
offset: Type.Optional(Type.Integer({ description: "Line offset for log pagination (0-indexed)" })),
|
|
31
35
|
limit: Type.Optional(Type.Integer({ description: "Max lines to return for log (default 200)" })),
|
|
32
36
|
});
|
|
33
|
-
// ---------------------------------------------------------------------------
|
|
34
|
-
// Factory
|
|
35
|
-
// ---------------------------------------------------------------------------
|
|
36
37
|
/**
|
|
37
38
|
* Create a process management tool that delegates to a ProcessRegistry.
|
|
38
39
|
*
|
|
39
|
-
*
|
|
40
|
-
*
|
|
41
|
-
*
|
|
40
|
+
* Uses a deps-object signature; backward compat with the prior positional
|
|
41
|
+
* `(registry, logger?)` shape is NOT preserved.
|
|
42
|
+
*
|
|
43
|
+
* @param deps - Dependencies bundle. See `ProcessToolDeps` for field semantics.
|
|
44
|
+
* @returns AgentTool implementing the process management interface.
|
|
42
45
|
*/
|
|
43
|
-
export function createProcessTool(
|
|
46
|
+
export function createProcessTool(deps) {
|
|
47
|
+
const { registry, logger,
|
|
48
|
+
// toolCapabilityPort is read inside execute(...) below
|
|
49
|
+
} = deps;
|
|
44
50
|
return {
|
|
45
51
|
name: "process",
|
|
46
52
|
label: "Process",
|
|
@@ -76,6 +82,18 @@ export function createProcessTool(registry, logger) {
|
|
|
76
82
|
if (!details) {
|
|
77
83
|
throwToolError("not_found", `Process session not found: ${sessionId}`);
|
|
78
84
|
}
|
|
85
|
+
// Retroactive advise-mode hint augmentation. Read the spawn-time
|
|
86
|
+
// decision back from the session rather than re-deriving from current
|
|
87
|
+
// connected-server state (the connected set may have drifted since
|
|
88
|
+
// spawn, producing an inconsistent hint vs the spawn-time event).
|
|
89
|
+
// No current-mode check — operators can switch modes mid-session via
|
|
90
|
+
// daemon restart; advise-spawned sessions keep their hint.
|
|
91
|
+
const session = registry.get(sessionId);
|
|
92
|
+
if (session?.installDetourDecision &&
|
|
93
|
+
session.installDetourDecision.overlaps.length > 0) {
|
|
94
|
+
const hint = buildInstallDetourHint(session.installDetourDecision);
|
|
95
|
+
return jsonResult({ ...details, installDetourHint: hint.installDetourHint });
|
|
96
|
+
}
|
|
79
97
|
return jsonResult(details);
|
|
80
98
|
}
|
|
81
99
|
case "log": {
|
|
@@ -7,6 +7,17 @@
|
|
|
7
7
|
* @module
|
|
8
8
|
*/
|
|
9
9
|
import type { SandboxOptions, SandboxProvider } from "./types.js";
|
|
10
|
+
/**
|
|
11
|
+
* System paths to bind read-only. Filtered by existsSync once at
|
|
12
|
+
* first buildArgs() call and cached for the provider's lifetime.
|
|
13
|
+
*
|
|
14
|
+
* Exported so the bwrap smoke test in detect-provider.ts consumes the
|
|
15
|
+
* same list — drift between smoke and production binds caused a real
|
|
16
|
+
* false-negative on usrmerge x86-64 hosts (smoke test missed /lib64
|
|
17
|
+
* → /bin/true's dynamic linker unreachable → smoke EPERMs while the
|
|
18
|
+
* production sandbox actually works fine).
|
|
19
|
+
*/
|
|
20
|
+
export declare const SYSTEM_RO_PATHS: readonly ["/usr", "/bin", "/sbin", "/lib", "/lib64", "/lib32", "/etc/resolv.conf", "/etc/hosts", "/etc/hostname", "/etc/ssl", "/etc/ca-certificates", "/etc/pki", "/etc/ld.so.cache", "/etc/ld.so.conf", "/etc/ld.so.conf.d", "/etc/alternatives", "/etc/localtime", "/etc/passwd", "/etc/group", "/etc/nsswitch.conf", "/etc/fonts"];
|
|
10
21
|
export declare class BwrapProvider implements SandboxProvider {
|
|
11
22
|
readonly name = "bwrap";
|
|
12
23
|
private bwrapPath;
|
|
@@ -14,8 +14,14 @@ import path from "node:path";
|
|
|
14
14
|
/**
|
|
15
15
|
* System paths to bind read-only. Filtered by existsSync once at
|
|
16
16
|
* first buildArgs() call and cached for the provider's lifetime.
|
|
17
|
+
*
|
|
18
|
+
* Exported so the bwrap smoke test in detect-provider.ts consumes the
|
|
19
|
+
* same list — drift between smoke and production binds caused a real
|
|
20
|
+
* false-negative on usrmerge x86-64 hosts (smoke test missed /lib64
|
|
21
|
+
* → /bin/true's dynamic linker unreachable → smoke EPERMs while the
|
|
22
|
+
* production sandbox actually works fine).
|
|
17
23
|
*/
|
|
18
|
-
const SYSTEM_RO_PATHS = [
|
|
24
|
+
export const SYSTEM_RO_PATHS = [
|
|
19
25
|
"/usr",
|
|
20
26
|
"/bin",
|
|
21
27
|
"/sbin",
|
|
@@ -36,6 +42,15 @@ const SYSTEM_RO_PATHS = [
|
|
|
36
42
|
"/etc/passwd",
|
|
37
43
|
"/etc/group",
|
|
38
44
|
"/etc/nsswitch.conf",
|
|
45
|
+
// fontconfig config (font.conf, conf.d/). Without this, libfontconfig prints
|
|
46
|
+
// "Cannot load default config file" to stderr on every text-rendering call
|
|
47
|
+
// (matplotlib, Pango, Pillow TTF, ImageMagick, headless Chromium, weasyprint,
|
|
48
|
+
// ffmpeg drawtext, LibreOffice headless) and falls back to a minimal compiled-in
|
|
49
|
+
// config — which silently breaks the substitution chain for non-Latin scripts
|
|
50
|
+
// (CJK/Arabic/devanagari render as Tofu boxes even when the fonts are present
|
|
51
|
+
// under /usr/share/fonts). Per-user cache lives in XDG_CACHE_HOME/fontconfig,
|
|
52
|
+
// which is already RW via the workspace .cache bind in wrapEnv().
|
|
53
|
+
"/etc/fonts",
|
|
39
54
|
];
|
|
40
55
|
/**
|
|
41
56
|
* Per-user config paths to bind read-only. Resolved against the daemon
|
|
@@ -73,6 +88,40 @@ function getClaudeCodeRwPaths(home) {
|
|
|
73
88
|
/* eslint-enable no-restricted-syntax */
|
|
74
89
|
].filter((p) => existsSync(p));
|
|
75
90
|
}
|
|
91
|
+
/**
|
|
92
|
+
* Per-user XDG paths that need read-write access for language package managers.
|
|
93
|
+
*
|
|
94
|
+
* These paths MUST match the systemd ReadWritePaths in
|
|
95
|
+
* packages/daemon/systemd/comis.service.template. Without RW access here,
|
|
96
|
+
* package managers writing to standard XDG paths (npm, uv, pipx, cargo, go,
|
|
97
|
+
* deno, bun) fail with EROFS at the bwrap mount layer even when the outer
|
|
98
|
+
* systemd sandbox permits the write.
|
|
99
|
+
*
|
|
100
|
+
* Why these specific paths:
|
|
101
|
+
* - ~/.npm -- npm/npx default cache + global modules root.
|
|
102
|
+
* - ~/.cache -- XDG_CACHE_HOME default; uv archives, deno cache, bun cache,
|
|
103
|
+
* pip wheel cache, cargo registry cache, go module cache.
|
|
104
|
+
* wrapEnv() also redirects most caches into the workspace, but
|
|
105
|
+
* some tools (e.g. uv's archive cache) still touch ~/.cache
|
|
106
|
+
* during early bootstrap before env vars take effect.
|
|
107
|
+
* - ~/.local/share -- XDG_DATA_HOME default; uvx tool installs, pipx venvs,
|
|
108
|
+
* rustup toolchains, generic XDG_DATA consumers.
|
|
109
|
+
*
|
|
110
|
+
* Note: this returns a subset of paths bound RO by getUserRoPaths
|
|
111
|
+
* (specifically ~/.local). The RW bind is emitted AFTER the RO bind in
|
|
112
|
+
* buildArgs, which causes bwrap to apply the more-permissive RW mount on
|
|
113
|
+
* top of the RO mount for the ~/.local/share subpath. ~/.local itself
|
|
114
|
+
* remains RO; only ~/.local/share becomes RW.
|
|
115
|
+
*/
|
|
116
|
+
function getDevToolRwPaths(home) {
|
|
117
|
+
/* eslint-disable no-restricted-syntax -- Trusted: constant subpaths of homedir, no user input */
|
|
118
|
+
return [
|
|
119
|
+
path.join(home, ".npm"),
|
|
120
|
+
path.join(home, ".cache"),
|
|
121
|
+
path.join(home, ".local", "share"),
|
|
122
|
+
/* eslint-enable no-restricted-syntax */
|
|
123
|
+
].filter((p) => existsSync(p));
|
|
124
|
+
}
|
|
76
125
|
export class BwrapProvider {
|
|
77
126
|
name = "bwrap";
|
|
78
127
|
bwrapPath = null;
|
|
@@ -124,6 +173,14 @@ export class BwrapProvider {
|
|
|
124
173
|
for (const cp of getClaudeCodeRwPaths(os.homedir())) {
|
|
125
174
|
args.push("--bind", cp, cp);
|
|
126
175
|
}
|
|
176
|
+
// -- Dev tool RW paths (read-write) --
|
|
177
|
+
// MUST come after getUserRoPaths above so the RW bind for ~/.local/share
|
|
178
|
+
// overrides the RO bind for ~/.local. MUST come before the discovery
|
|
179
|
+
// readOnlyPaths loop below so caller-supplied RO can't shadow these.
|
|
180
|
+
// Mirror of systemd ReadWritePaths in comis.service.template.
|
|
181
|
+
for (const dp of getDevToolRwPaths(os.homedir())) {
|
|
182
|
+
args.push("--bind", dp, dp);
|
|
183
|
+
}
|
|
127
184
|
// -- Read-only paths (discovery paths, custom) --
|
|
128
185
|
for (const ro of opts.readOnlyPaths) {
|
|
129
186
|
if (existsSync(ro)) {
|
|
@@ -139,6 +196,24 @@ export class BwrapProvider {
|
|
|
139
196
|
wrapEnv(env, workspacePath) {
|
|
140
197
|
// eslint-disable-next-line no-restricted-syntax -- Trusted: workspace path is daemon-controlled, constant subpaths
|
|
141
198
|
const cacheDir = path.join(workspacePath, ".cache");
|
|
199
|
+
// Workspace-rooted bin dirs that hold CLIs installed by sandboxed package
|
|
200
|
+
// managers. Prepended to PATH so a binary installed by `cargo install <crate>`
|
|
201
|
+
// (or pipx, go install, bun add -g, deno install, pnpm add -g) on one exec
|
|
202
|
+
// call is invocable on the NEXT exec call. Ordering: highest-frequency first.
|
|
203
|
+
const toolBinPaths = [
|
|
204
|
+
// eslint-disable-next-line no-restricted-syntax -- Trusted: workspace path is daemon-controlled, constant subpaths
|
|
205
|
+
path.join(workspacePath, ".local", "bin"), // PYTHONUSERBASE/bin + PIPX_BIN_DIR
|
|
206
|
+
// eslint-disable-next-line no-restricted-syntax -- Trusted: workspace path is daemon-controlled, constant subpaths
|
|
207
|
+
path.join(cacheDir, "cargo", "bin"), // cargo install
|
|
208
|
+
// eslint-disable-next-line no-restricted-syntax -- Trusted: workspace path is daemon-controlled, constant subpaths
|
|
209
|
+
path.join(cacheDir, "go", "bin"), // go install
|
|
210
|
+
// eslint-disable-next-line no-restricted-syntax -- Trusted: workspace path is daemon-controlled, constant subpaths
|
|
211
|
+
path.join(cacheDir, "bun", "bin"), // bun add -g
|
|
212
|
+
// eslint-disable-next-line no-restricted-syntax -- Trusted: workspace path is daemon-controlled, constant subpaths
|
|
213
|
+
path.join(cacheDir, "pnpm"), // pnpm global (PNPM_HOME itself is the bin dir)
|
|
214
|
+
// eslint-disable-next-line no-restricted-syntax -- Trusted: workspace path is daemon-controlled, constant subpaths
|
|
215
|
+
path.join(cacheDir, "deno", "bin"), // deno install
|
|
216
|
+
];
|
|
142
217
|
return {
|
|
143
218
|
...env,
|
|
144
219
|
// Temp files: heredocs, wheel builds, etc.
|
|
@@ -150,6 +225,15 @@ export class BwrapProvider {
|
|
|
150
225
|
// eslint-disable-next-line no-restricted-syntax -- Trusted: workspace path is daemon-controlled, constant subpaths
|
|
151
226
|
PIP_CACHE_DIR: path.join(cacheDir, "pip"),
|
|
152
227
|
XDG_CACHE_HOME: cacheDir,
|
|
228
|
+
// XDG_STATE_HOME (~/.local/state by default): pipx logs, some Python
|
|
229
|
+
// tools, runtime state. The ~/.local parent bind is RO (getUserRoPaths)
|
|
230
|
+
// and getDevToolRwPaths only carves out ~/.local/share, so anything
|
|
231
|
+
// defaulting to ~/.local/state would EROFS without this redirect.
|
|
232
|
+
// pipx happens to survive (PIPX_HOME captures all pipx state) but other
|
|
233
|
+
// XDG-state-using tools would not. Defensive belt-and-suspenders matching
|
|
234
|
+
// the existing XDG_CACHE_HOME pattern.
|
|
235
|
+
// eslint-disable-next-line no-restricted-syntax -- Trusted: workspace path is daemon-controlled, constant subpaths
|
|
236
|
+
XDG_STATE_HOME: path.join(workspacePath, ".local", "state"),
|
|
153
237
|
// Python: redirect user packages into workspace.
|
|
154
238
|
// PYTHONNOUSERSITE is NOT set — sandbox read paths cover dirs that
|
|
155
239
|
// pip needs to scan. Removing it lets Python find packages installed
|
|
@@ -176,6 +260,44 @@ export class BwrapProvider {
|
|
|
176
260
|
GEM_HOME: path.join(cacheDir, "gems"),
|
|
177
261
|
// eslint-disable-next-line no-restricted-syntax -- Trusted: workspace path is daemon-controlled, constant subpaths
|
|
178
262
|
BUNDLE_PATH: path.join(cacheDir, "bundle"),
|
|
263
|
+
// Rust: rustup multiplexer needs RUSTUP_HOME to locate the toolchain.
|
|
264
|
+
// Pointed at the system rustup install (written by install.sh's
|
|
265
|
+
// install_rust at /usr/local/rustup). A workspace-rooted RUSTUP_HOME
|
|
266
|
+
// would be empty on first call, breaking `cargo install <crate>` with
|
|
267
|
+
// "rustup could not choose a version of cargo to run, because no default
|
|
268
|
+
// is configured" — confirmed on a real VPS during the dev-sandbox matrix
|
|
269
|
+
// test. CARGO_HOME stays workspace-rooted (above) so `cargo install`
|
|
270
|
+
// outputs land in <workspace>/.cache/cargo/bin and survive.
|
|
271
|
+
// Tradeoff: agent loses the ability to `rustup install <toolchain>` from
|
|
272
|
+
// inside exec (would need RW to /usr/local/rustup). Acceptable — the
|
|
273
|
+
// canonical use case is `cargo install <crate>`, which works.
|
|
274
|
+
RUSTUP_HOME: "/usr/local/rustup",
|
|
275
|
+
// uv: tool install dir for `uvx` / `uv tool install` (paired with UV_PYTHON_INSTALL_DIR above).
|
|
276
|
+
// eslint-disable-next-line no-restricted-syntax -- Trusted: workspace path is daemon-controlled, constant subpaths
|
|
277
|
+
UV_TOOL_DIR: path.join(cacheDir, "uv", "tools"),
|
|
278
|
+
// pipx: venvs root + bin dir. PIPX_BIN_DIR aligns with PYTHONUSERBASE/bin
|
|
279
|
+
// (PYTHONUSERBASE = workspace/.local) so user-installed and pipx-installed
|
|
280
|
+
// CLIs share a single PATH entry: workspace/.local/bin.
|
|
281
|
+
// eslint-disable-next-line no-restricted-syntax -- Trusted: workspace path is daemon-controlled, constant subpaths
|
|
282
|
+
PIPX_HOME: path.join(cacheDir, "pipx"),
|
|
283
|
+
// eslint-disable-next-line no-restricted-syntax -- Trusted: workspace path is daemon-controlled, constant subpaths
|
|
284
|
+
PIPX_BIN_DIR: path.join(workspacePath, ".local", "bin"),
|
|
285
|
+
// pnpm global store + bin dir (PNPM_HOME is on PATH below).
|
|
286
|
+
// eslint-disable-next-line no-restricted-syntax -- Trusted: workspace path is daemon-controlled, constant subpaths
|
|
287
|
+
PNPM_HOME: path.join(cacheDir, "pnpm"),
|
|
288
|
+
// bun: install root; binaries land in $BUN_INSTALL/bin.
|
|
289
|
+
// eslint-disable-next-line no-restricted-syntax -- Trusted: workspace path is daemon-controlled, constant subpaths
|
|
290
|
+
BUN_INSTALL: path.join(cacheDir, "bun"),
|
|
291
|
+
// deno: cache + installed CLI dir ($DENO_DIR/bin via `deno install`).
|
|
292
|
+
// eslint-disable-next-line no-restricted-syntax -- Trusted: workspace path is daemon-controlled, constant subpaths
|
|
293
|
+
DENO_DIR: path.join(cacheDir, "deno"),
|
|
294
|
+
// yarn cache; mirrors the others for completeness even though yarn is rare in agent flows.
|
|
295
|
+
// eslint-disable-next-line no-restricted-syntax -- Trusted: workspace path is daemon-controlled, constant subpaths
|
|
296
|
+
YARN_CACHE_FOLDER: path.join(cacheDir, "yarn"),
|
|
297
|
+
// PATH augmentation MUST come after the spread above so it overrides
|
|
298
|
+
// any PATH carried in `env`. Empty entries are filtered to avoid
|
|
299
|
+
// trailing/duplicate colons when env.PATH is undefined.
|
|
300
|
+
PATH: [...toolBinPaths, env.PATH ?? ""].filter(Boolean).join(":"),
|
|
179
301
|
};
|
|
180
302
|
}
|
|
181
303
|
}
|