comisai 1.0.34 → 1.0.37
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/node_modules/@comis/agent/dist/background/auto-background-middleware.d.ts +11 -1
- package/node_modules/@comis/agent/dist/background/auto-background-middleware.js +30 -4
- package/node_modules/@comis/agent/dist/background/background-task-manager.d.ts +22 -2
- package/node_modules/@comis/agent/dist/background/background-task-manager.js +88 -40
- package/node_modules/@comis/agent/dist/background/background-task-persistence.js +34 -4
- package/node_modules/@comis/agent/dist/background/background-task-types.d.ts +59 -3
- package/node_modules/@comis/agent/dist/background/background-task-types.js +1 -1
- package/node_modules/@comis/agent/dist/background/completion-dispatcher.d.ts +130 -0
- package/node_modules/@comis/agent/dist/background/completion-dispatcher.js +215 -0
- package/node_modules/@comis/agent/dist/background/completion-formatter.d.ts +39 -0
- package/node_modules/@comis/agent/dist/background/completion-formatter.js +77 -0
- package/node_modules/@comis/agent/dist/background/completion-runner.d.ts +62 -0
- package/node_modules/@comis/agent/dist/background/completion-runner.js +234 -0
- package/node_modules/@comis/agent/dist/background/index.d.ts +10 -1
- package/node_modules/@comis/agent/dist/background/index.js +4 -0
- package/node_modules/@comis/agent/dist/background/session-resolver.d.ts +85 -0
- package/node_modules/@comis/agent/dist/background/session-resolver.js +78 -0
- package/node_modules/@comis/agent/dist/bootstrap/sections/messaging-sections.js +1 -0
- package/node_modules/@comis/agent/dist/bootstrap/sections/tool-descriptions.js +3 -3
- package/node_modules/@comis/agent/dist/bootstrap/sections/tooling-sections.d.ts +30 -2
- package/node_modules/@comis/agent/dist/bootstrap/sections/tooling-sections.js +51 -2
- package/node_modules/@comis/agent/dist/bootstrap/system-prompt-assembler.d.ts +22 -0
- package/node_modules/@comis/agent/dist/bootstrap/system-prompt-assembler.js +2 -2
- package/node_modules/@comis/agent/dist/bridge/bridge-event-handlers.d.ts +1 -5
- package/node_modules/@comis/agent/dist/bridge/bridge-event-handlers.js +2 -14
- package/node_modules/@comis/agent/dist/bridge/bridge-metrics.d.ts +43 -2
- package/node_modules/@comis/agent/dist/bridge/bridge-metrics.js +17 -2
- package/node_modules/@comis/agent/dist/bridge/pi-event-bridge.d.ts +32 -23
- package/node_modules/@comis/agent/dist/bridge/pi-event-bridge.js +145 -62
- package/node_modules/@comis/agent/dist/bridge/thinking-block-hash-invariant.d.ts +6 -7
- package/node_modules/@comis/agent/dist/bridge/thinking-block-hash-invariant.js +24 -25
- package/node_modules/@comis/agent/dist/budget/cost-tracker.d.ts +1 -1
- package/node_modules/@comis/agent/dist/context-engine/constants.d.ts +5 -5
- package/node_modules/@comis/agent/dist/context-engine/constants.js +12 -12
- package/node_modules/@comis/agent/dist/context-engine/context-engine.js +13 -4
- package/node_modules/@comis/agent/dist/context-engine/dag-annotator.d.ts +1 -2
- package/node_modules/@comis/agent/dist/context-engine/dag-annotator.js +1 -2
- package/node_modules/@comis/agent/dist/context-engine/llm-compaction.js +20 -16
- package/node_modules/@comis/agent/dist/context-engine/rehydration.js +6 -6
- package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.d.ts +12 -12
- package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.js +36 -22
- package/node_modules/@comis/agent/dist/context-engine/signature-surrogate-guard.d.ts +10 -10
- package/node_modules/@comis/agent/dist/context-engine/signature-surrogate-guard.js +14 -14
- package/node_modules/@comis/agent/dist/context-engine/thinking-block-cleaner.d.ts +11 -13
- package/node_modules/@comis/agent/dist/context-engine/thinking-block-cleaner.js +14 -15
- package/node_modules/@comis/agent/dist/context-engine/types-core.d.ts +15 -0
- package/node_modules/@comis/agent/dist/executor/cache-break-detection.d.ts +6 -6
- package/node_modules/@comis/agent/dist/executor/cache-break-detection.js +8 -8
- package/node_modules/@comis/agent/dist/executor/capability-index-context.d.ts +72 -0
- package/node_modules/@comis/agent/dist/executor/capability-index-context.js +329 -0
- package/node_modules/@comis/agent/dist/executor/drain-helper.d.ts +122 -0
- package/node_modules/@comis/agent/dist/executor/drain-helper.js +173 -0
- package/node_modules/@comis/agent/dist/executor/error-classifier.js +2 -2
- package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.d.ts +16 -0
- package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.js +46 -5
- package/node_modules/@comis/agent/dist/executor/executor-post-execution.d.ts +78 -4
- package/node_modules/@comis/agent/dist/executor/executor-post-execution.js +150 -31
- package/node_modules/@comis/agent/dist/executor/executor-prompt-runner.d.ts +7 -0
- package/node_modules/@comis/agent/dist/executor/executor-prompt-runner.js +26 -5
- package/node_modules/@comis/agent/dist/executor/executor-response-filter.d.ts +7 -6
- package/node_modules/@comis/agent/dist/executor/executor-response-filter.js +9 -42
- package/node_modules/@comis/agent/dist/executor/executor-tool-assembly.d.ts +18 -1
- package/node_modules/@comis/agent/dist/executor/executor-tool-assembly.js +20 -18
- package/node_modules/@comis/agent/dist/executor/gemini-cache-injector.d.ts +2 -2
- package/node_modules/@comis/agent/dist/executor/gemini-cache-injector.js +4 -4
- package/node_modules/@comis/agent/dist/executor/jit-guide-injector.d.ts +11 -2
- package/node_modules/@comis/agent/dist/executor/jit-guide-injector.js +16 -2
- package/node_modules/@comis/agent/dist/executor/phase-filter.d.ts +2 -2
- package/node_modules/@comis/agent/dist/executor/phase-filter.js +5 -7
- package/node_modules/@comis/agent/dist/executor/pi-executor.d.ts +21 -2
- package/node_modules/@comis/agent/dist/executor/pi-executor.js +96 -18
- package/node_modules/@comis/agent/dist/executor/post-batch-continuation.js +7 -7
- package/node_modules/@comis/agent/dist/executor/prompt-assembly.d.ts +9 -1
- package/node_modules/@comis/agent/dist/executor/prompt-assembly.js +15 -1
- package/node_modules/@comis/agent/dist/executor/stream-wrappers/request-body-injector.d.ts +1 -1
- package/node_modules/@comis/agent/dist/executor/stream-wrappers/request-body-injector.js +1 -1
- package/node_modules/@comis/agent/dist/executor/tool-deferral.d.ts +18 -27
- package/node_modules/@comis/agent/dist/executor/tool-deferral.js +34 -43
- package/node_modules/@comis/agent/dist/index.d.ts +17 -0
- package/node_modules/@comis/agent/dist/index.js +32 -11
- package/node_modules/@comis/agent/dist/model/auth-provider.d.ts +25 -2
- package/node_modules/@comis/agent/dist/model/auth-provider.js +6 -0
- package/node_modules/@comis/agent/dist/model/compaction-model-resolver.d.ts +3 -3
- package/node_modules/@comis/agent/dist/model/compaction-model-resolver.js +3 -3
- package/node_modules/@comis/agent/dist/model/model-registry-adapter.js +1 -1
- package/node_modules/@comis/agent/dist/model/model-scanner.js +1 -1
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-file.d.ts +37 -0
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-file.js +279 -0
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-selector.d.ts +49 -0
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-selector.js +50 -0
- package/node_modules/@comis/agent/dist/model/oauth-device-code.d.ts +57 -0
- package/node_modules/@comis/agent/dist/model/oauth-device-code.js +302 -0
- package/node_modules/@comis/agent/dist/model/oauth-env.d.ts +33 -0
- package/node_modules/@comis/agent/dist/model/oauth-env.js +38 -0
- package/node_modules/@comis/agent/dist/model/oauth-errors.d.ts +41 -0
- package/node_modules/@comis/agent/dist/model/oauth-errors.js +88 -0
- package/node_modules/@comis/agent/dist/model/oauth-identity.d.ts +53 -0
- package/node_modules/@comis/agent/dist/model/oauth-identity.js +141 -0
- package/node_modules/@comis/agent/dist/model/oauth-login-runner.d.ts +99 -0
- package/node_modules/@comis/agent/dist/model/oauth-login-runner.js +374 -0
- package/node_modules/@comis/agent/dist/model/oauth-tls-preflight.d.ts +58 -0
- package/node_modules/@comis/agent/dist/model/oauth-tls-preflight.js +82 -0
- package/node_modules/@comis/agent/dist/model/oauth-token-manager.d.ts +86 -16
- package/node_modules/@comis/agent/dist/model/oauth-token-manager.js +961 -66
- package/node_modules/@comis/agent/dist/model/operation-model-defaults.d.ts +9 -4
- package/node_modules/@comis/agent/dist/model/operation-model-defaults.js +36 -9
- package/node_modules/@comis/agent/dist/model/resolve-provider-api-key.d.ts +48 -0
- package/node_modules/@comis/agent/dist/model/resolve-provider-api-key.js +66 -0
- package/node_modules/@comis/agent/dist/provider/capabilities.d.ts +5 -5
- package/node_modules/@comis/agent/dist/provider/capabilities.js +10 -23
- package/node_modules/@comis/agent/dist/safety/tool-output-safety.js +3 -3
- package/node_modules/@comis/agent/dist/safety/tool-retry-breaker.d.ts +11 -1
- package/node_modules/@comis/agent/dist/safety/tool-retry-breaker.js +19 -22
- package/node_modules/@comis/agent/dist/session/comis-session-manager.d.ts +17 -3
- package/node_modules/@comis/agent/dist/session/comis-session-manager.js +1 -1
- package/node_modules/@comis/agent/dist/spawn/narrative-caster.d.ts +10 -0
- package/node_modules/@comis/agent/dist/spawn/narrative-caster.js +5 -1
- package/node_modules/@comis/agent/dist/spawn/pi-mono-adapters.d.ts +1 -1
- package/node_modules/@comis/agent/dist/spawn/pi-mono-adapters.js +5 -5
- package/node_modules/@comis/agent/dist/workspace/data-env.d.ts +38 -0
- package/node_modules/@comis/agent/dist/workspace/data-env.js +56 -0
- package/node_modules/@comis/agent/dist/workspace/index.d.ts +1 -0
- package/node_modules/@comis/agent/dist/workspace/index.js +1 -0
- package/node_modules/@comis/agent/dist/workspace/templates.js +5 -1
- package/node_modules/@comis/agent/package.json +1 -1
- package/node_modules/@comis/channels/dist/email/email-adapter.js +6 -6
- package/node_modules/@comis/channels/dist/email/imap-lifecycle.js +7 -7
- package/node_modules/@comis/channels/dist/index.d.ts +1 -1
- package/node_modules/@comis/channels/dist/index.js +1 -1
- package/node_modules/@comis/channels/dist/shared/channel-manager.d.ts +9 -3
- package/node_modules/@comis/channels/dist/shared/deliver-to-channel.js +12 -10
- package/node_modules/@comis/channels/dist/shared/inbound-gate.d.ts +1 -1
- package/node_modules/@comis/channels/dist/shared/inbound-gate.js +22 -7
- package/node_modules/@comis/channels/dist/shared/inbound-pipeline.d.ts +10 -3
- package/node_modules/@comis/channels/dist/shared/inbound-route.d.ts +1 -1
- package/node_modules/@comis/channels/dist/shared/inbound-route.js +13 -2
- package/node_modules/@comis/channels/dist/shared/response-filter.d.ts +11 -24
- package/node_modules/@comis/channels/dist/shared/response-filter.js +25 -53
- package/node_modules/@comis/channels/dist/telegram/telegram-adapter.js +1 -1
- package/node_modules/@comis/channels/package.json +1 -1
- package/node_modules/@comis/cli/dist/cli.js +2 -0
- package/node_modules/@comis/cli/dist/commands/agent.d.ts +3 -3
- package/node_modules/@comis/cli/dist/commands/agent.js +46 -3
- package/node_modules/@comis/cli/dist/commands/auth.d.ts +37 -0
- package/node_modules/@comis/cli/dist/commands/auth.js +433 -0
- package/node_modules/@comis/cli/dist/commands/doctor.d.ts +4 -1
- package/node_modules/@comis/cli/dist/commands/doctor.js +20 -5
- package/node_modules/@comis/cli/dist/commands/providers.d.ts +1 -2
- package/node_modules/@comis/cli/dist/commands/providers.js +5 -6
- package/node_modules/@comis/cli/dist/doctor/checks/oauth-health.d.ts +39 -0
- package/node_modules/@comis/cli/dist/doctor/checks/oauth-health.js +399 -0
- package/node_modules/@comis/cli/dist/doctor/types.d.ts +19 -0
- package/node_modules/@comis/cli/dist/index.d.ts +1 -0
- package/node_modules/@comis/cli/dist/index.js +10 -4
- package/node_modules/@comis/cli/dist/output/relative-time.d.ts +23 -0
- package/node_modules/@comis/cli/dist/output/relative-time.js +36 -0
- package/node_modules/@comis/cli/dist/wizard/non-interactive.js +17 -8
- package/node_modules/@comis/cli/dist/wizard/steps/03-provider.js +2 -1
- package/node_modules/@comis/cli/dist/wizard/steps/04-credentials.js +223 -34
- package/node_modules/@comis/cli/dist/wizard/steps/10-write-config.js +14 -0
- package/node_modules/@comis/cli/dist/wizard/steps/11-daemon-start.js +3 -3
- package/node_modules/@comis/cli/dist/wizard/types.d.ts +7 -0
- package/node_modules/@comis/cli/package.json +1 -1
- package/node_modules/@comis/core/dist/bootstrap.d.ts +1 -1
- package/node_modules/@comis/core/dist/config/env-substitution.d.ts +66 -0
- package/node_modules/@comis/core/dist/config/env-substitution.js +115 -0
- package/node_modules/@comis/core/dist/config/field-metadata.js +2 -0
- package/node_modules/@comis/core/dist/config/immutable-keys.js +4 -1
- package/node_modules/@comis/core/dist/config/index.d.ts +7 -1
- package/node_modules/@comis/core/dist/config/index.js +4 -1
- package/node_modules/@comis/core/dist/config/loader.js +61 -0
- package/node_modules/@comis/core/dist/config/managed-sections.d.ts +3 -3
- package/node_modules/@comis/core/dist/config/managed-sections.js +10 -5
- package/node_modules/@comis/core/dist/config/schema-agent.d.ts +4 -792
- package/node_modules/@comis/core/dist/config/schema-agent.js +16 -1
- package/node_modules/@comis/core/dist/config/schema-approvals.d.ts +0 -14
- package/node_modules/@comis/core/dist/config/schema-auto-reply-engine.d.ts +0 -6
- package/node_modules/@comis/core/dist/config/schema-background-tasks.d.ts +1 -6
- package/node_modules/@comis/core/dist/config/schema-background-tasks.js +7 -0
- package/node_modules/@comis/core/dist/config/schema-browser.d.ts +0 -18
- package/node_modules/@comis/core/dist/config/schema-channel.d.ts +0 -158
- package/node_modules/@comis/core/dist/config/schema-coalescer.d.ts +0 -5
- package/node_modules/@comis/core/dist/config/schema-daemon.d.ts +0 -32
- package/node_modules/@comis/core/dist/config/schema-delivery.d.ts +1 -17
- package/node_modules/@comis/core/dist/config/schema-delivery.js +2 -0
- package/node_modules/@comis/core/dist/config/schema-documentation.d.ts +0 -12
- package/node_modules/@comis/core/dist/config/schema-embedding.d.ts +0 -20
- package/node_modules/@comis/core/dist/config/schema-envelope.d.ts +0 -15
- package/node_modules/@comis/core/dist/config/schema-gateway.d.ts +0 -37
- package/node_modules/@comis/core/dist/config/schema-gemini-cache.d.ts +0 -4
- package/node_modules/@comis/core/dist/config/schema-gemini-cache.js +0 -2
- package/node_modules/@comis/core/dist/config/schema-integrations.d.ts +0 -318
- package/node_modules/@comis/core/dist/config/schema-lifecycle-reactions.d.ts +0 -18
- package/node_modules/@comis/core/dist/config/schema-memory-review.d.ts +0 -7
- package/node_modules/@comis/core/dist/config/schema-memory.d.ts +0 -16
- package/node_modules/@comis/core/dist/config/schema-messages.d.ts +0 -8
- package/node_modules/@comis/core/dist/config/schema-models.d.ts +0 -15
- package/node_modules/@comis/core/dist/config/schema-notification.d.ts +0 -5
- package/node_modules/@comis/core/dist/config/schema-oauth.d.ts +18 -0
- package/node_modules/@comis/core/dist/config/schema-oauth.js +19 -0
- package/node_modules/@comis/core/dist/config/schema-observability.d.ts +0 -38
- package/node_modules/@comis/core/dist/config/schema-output-retention.d.ts +34 -0
- package/node_modules/@comis/core/dist/config/schema-output-retention.js +48 -0
- package/node_modules/@comis/core/dist/config/schema-plugins.d.ts +0 -8
- package/node_modules/@comis/core/dist/config/schema-providers.d.ts +0 -64
- package/node_modules/@comis/core/dist/config/schema-queue.d.ts +0 -58
- package/node_modules/@comis/core/dist/config/schema-response-prefix.d.ts +0 -2
- package/node_modules/@comis/core/dist/config/schema-retry.d.ts +0 -6
- package/node_modules/@comis/core/dist/config/schema-scheduler.d.ts +0 -39
- package/node_modules/@comis/core/dist/config/schema-secrets.d.ts +0 -3
- package/node_modules/@comis/core/dist/config/schema-security.d.ts +0 -18
- package/node_modules/@comis/core/dist/config/schema-send-policy.d.ts +0 -13
- package/node_modules/@comis/core/dist/config/schema-sender-trust-display.d.ts +0 -5
- package/node_modules/@comis/core/dist/config/schema-serializer.js +2 -0
- package/node_modules/@comis/core/dist/config/schema-skills.d.ts +0 -63
- package/node_modules/@comis/core/dist/config/schema-skills.js +3 -4
- package/node_modules/@comis/core/dist/config/schema-streaming.d.ts +0 -38
- package/node_modules/@comis/core/dist/config/schema-telegram-file-guard.d.ts +0 -3
- package/node_modules/@comis/core/dist/config/schema-tooling.d.ts +87 -0
- package/node_modules/@comis/core/dist/config/schema-tooling.js +152 -0
- package/node_modules/@comis/core/dist/config/schema-verbosity.d.ts +0 -12
- package/node_modules/@comis/core/dist/config/schema-webhooks.d.ts +0 -40
- package/node_modules/@comis/core/dist/config/schema.d.ts +50 -37
- package/node_modules/@comis/core/dist/config/schema.js +9 -0
- package/node_modules/@comis/core/dist/context/context.d.ts +0 -4
- package/node_modules/@comis/core/dist/domain/approval-request.d.ts +0 -17
- package/node_modules/@comis/core/dist/domain/background-task-origin.d.ts +29 -0
- package/node_modules/@comis/core/dist/domain/background-task-origin.js +39 -0
- package/node_modules/@comis/core/dist/domain/delivery-origin.d.ts +0 -5
- package/node_modules/@comis/core/dist/domain/execution-graph.d.ts +0 -48
- package/node_modules/@comis/core/dist/domain/memory-entry.d.ts +0 -3
- package/node_modules/@comis/core/dist/domain/model-compat.d.ts +0 -4
- package/node_modules/@comis/core/dist/domain/normalized-message.d.ts +0 -15
- package/node_modules/@comis/core/dist/domain/provider-capabilities.d.ts +0 -6
- package/node_modules/@comis/core/dist/domain/rich-message.d.ts +0 -14
- package/node_modules/@comis/core/dist/domain/subagent-context-config.d.ts +0 -22
- package/node_modules/@comis/core/dist/domain/subagent-context-types.d.ts +0 -8
- package/node_modules/@comis/core/dist/event-bus/events-agent.d.ts +31 -0
- package/node_modules/@comis/core/dist/event-bus/events-infra.d.ts +76 -2
- package/node_modules/@comis/core/dist/exports/config.d.ts +2 -2
- package/node_modules/@comis/core/dist/exports/config.js +3 -1
- package/node_modules/@comis/core/dist/exports/domain.d.ts +2 -0
- package/node_modules/@comis/core/dist/exports/domain.js +1 -0
- package/node_modules/@comis/core/dist/exports/hooks.d.ts +1 -1
- package/node_modules/@comis/core/dist/exports/ports.d.ts +2 -2
- package/node_modules/@comis/core/dist/exports/ports.js +1 -1
- package/node_modules/@comis/core/dist/ports/channel-plugin.d.ts +0 -13
- package/node_modules/@comis/core/dist/ports/delivery-queue.d.ts +23 -0
- package/node_modules/@comis/core/dist/ports/delivery-queue.js +2 -0
- package/node_modules/@comis/core/dist/ports/index.d.ts +4 -0
- package/node_modules/@comis/core/dist/ports/index.js +5 -0
- package/node_modules/@comis/core/dist/ports/no-op-tool-capability.d.ts +30 -0
- package/node_modules/@comis/core/dist/ports/no-op-tool-capability.js +47 -0
- package/node_modules/@comis/core/dist/ports/oauth-credential-store.d.ts +64 -0
- package/node_modules/@comis/core/dist/ports/oauth-credential-store.js +37 -0
- package/node_modules/@comis/core/dist/ports/tool-capability.d.ts +165 -0
- package/node_modules/@comis/core/dist/ports/tool-capability.js +15 -0
- package/node_modules/@comis/core/dist/security/audit.d.ts +0 -11
- package/node_modules/@comis/core/dist/tool-metadata.d.ts +41 -1
- package/node_modules/@comis/core/dist/tool-metadata.js +1 -1
- package/node_modules/@comis/core/package.json +1 -1
- package/node_modules/@comis/daemon/bundled-skills/skill-creator/scripts/validate-skill.py +1 -1
- package/node_modules/@comis/daemon/dist/daemon-types.d.ts +23 -3
- package/node_modules/@comis/daemon/dist/daemon.js +168 -30
- package/node_modules/@comis/daemon/dist/index.d.ts +2 -0
- package/node_modules/@comis/daemon/dist/index.js +5 -0
- package/node_modules/@comis/daemon/dist/observability/channel-health-logger.js +3 -3
- package/node_modules/@comis/daemon/dist/observability/delivery-queue-logger.js +1 -1
- package/node_modules/@comis/daemon/dist/rpc/agent-handlers.d.ts +22 -1
- package/node_modules/@comis/daemon/dist/rpc/agent-handlers.js +84 -21
- package/node_modules/@comis/daemon/dist/rpc/agent-inline-workspace.d.ts +1 -1
- package/node_modules/@comis/daemon/dist/rpc/agent-inline-workspace.js +3 -3
- package/node_modules/@comis/daemon/dist/rpc/builtin-provider-guard.js +2 -2
- package/node_modules/@comis/daemon/dist/rpc/config-handlers.d.ts +9 -1
- package/node_modules/@comis/daemon/dist/rpc/config-handlers.js +104 -23
- package/node_modules/@comis/daemon/dist/rpc/credential-resolver.d.ts +30 -1
- package/node_modules/@comis/daemon/dist/rpc/credential-resolver.js +74 -11
- package/node_modules/@comis/daemon/dist/rpc/mcp-handlers.d.ts +8 -0
- package/node_modules/@comis/daemon/dist/rpc/mcp-handlers.js +22 -8
- package/node_modules/@comis/daemon/dist/rpc/model-handlers.d.ts +1 -1
- package/node_modules/@comis/daemon/dist/rpc/model-handlers.js +2 -2
- package/node_modules/@comis/daemon/dist/rpc/provider-handlers.js +9 -12
- package/node_modules/@comis/daemon/dist/rpc/rpc-dispatch.d.ts +1 -0
- package/node_modules/@comis/daemon/dist/rpc/rpc-dispatch.js +27 -2
- package/node_modules/@comis/daemon/dist/setup-docker-restart-warn.js +0 -1
- package/node_modules/@comis/daemon/dist/sub-agent-runner.d.ts +18 -0
- package/node_modules/@comis/daemon/dist/sub-agent-runner.js +41 -9
- package/node_modules/@comis/daemon/dist/wiring/index.d.ts +4 -0
- package/node_modules/@comis/daemon/dist/wiring/index.js +2 -0
- package/node_modules/@comis/daemon/dist/wiring/oauth-preflight.d.ts +21 -0
- package/node_modules/@comis/daemon/dist/wiring/oauth-preflight.js +134 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-agents.d.ts +81 -2
- package/node_modules/@comis/daemon/dist/wiring/setup-agents.js +164 -3
- package/node_modules/@comis/daemon/dist/wiring/setup-background-completion-runner.d.ts +58 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-background-completion-runner.js +59 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-background-tasks.d.ts +10 -3
- package/node_modules/@comis/daemon/dist/wiring/setup-background-tasks.js +13 -7
- package/node_modules/@comis/daemon/dist/wiring/setup-channels.d.ts +9 -2
- package/node_modules/@comis/daemon/dist/wiring/setup-channels.js +35 -10
- package/node_modules/@comis/daemon/dist/wiring/setup-cross-session.d.ts +20 -5
- package/node_modules/@comis/daemon/dist/wiring/setup-cross-session.js +21 -16
- package/node_modules/@comis/daemon/dist/wiring/setup-delivery.d.ts +14 -5
- package/node_modules/@comis/daemon/dist/wiring/setup-delivery.js +65 -20
- package/node_modules/@comis/daemon/dist/wiring/setup-gateway.d.ts +4 -6
- package/node_modules/@comis/daemon/dist/wiring/setup-gateway.js +3 -5
- package/node_modules/@comis/daemon/dist/wiring/setup-heartbeat.d.ts +20 -5
- package/node_modules/@comis/daemon/dist/wiring/setup-heartbeat.js +11 -2
- package/node_modules/@comis/daemon/dist/wiring/setup-output-retention.d.ts +89 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-output-retention.js +212 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-schedulers.js +4 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-tools.d.ts +18 -4
- package/node_modules/@comis/daemon/dist/wiring/setup-tools.js +29 -10
- package/node_modules/@comis/daemon/dist/wiring/tool-capability-adapter.d.ts +75 -0
- package/node_modules/@comis/daemon/dist/wiring/tool-capability-adapter.js +253 -0
- package/node_modules/@comis/daemon/package.json +1 -1
- package/node_modules/@comis/gateway/dist/index.d.ts +2 -0
- package/node_modules/@comis/gateway/dist/index.js +2 -0
- package/node_modules/@comis/gateway/dist/oauth/oauth-callback-route.d.ts +66 -0
- package/node_modules/@comis/gateway/dist/oauth/oauth-callback-route.js +212 -0
- package/node_modules/@comis/gateway/dist/server/hono-server.d.ts +14 -0
- package/node_modules/@comis/gateway/dist/server/hono-server.js +10 -0
- package/node_modules/@comis/gateway/dist/webhook/webhook-endpoint.d.ts +0 -4
- package/node_modules/@comis/gateway/package.json +1 -1
- package/node_modules/@comis/infra/dist/logging/log-fields.d.ts +23 -0
- package/node_modules/@comis/infra/package.json +1 -1
- package/node_modules/@comis/memory/dist/compaction.d.ts +3 -5
- package/node_modules/@comis/memory/dist/compaction.js +2 -3
- package/node_modules/@comis/memory/dist/delivery-queue-adapter.d.ts +2 -2
- package/node_modules/@comis/memory/dist/delivery-queue-adapter.js +49 -1
- package/node_modules/@comis/memory/dist/index.d.ts +2 -0
- package/node_modules/@comis/memory/dist/index.js +3 -0
- package/node_modules/@comis/memory/dist/memory-api.d.ts +1 -1
- package/node_modules/@comis/memory/dist/memory-api.js +1 -1
- package/node_modules/@comis/memory/dist/oauth-profile-schema.d.ts +17 -0
- package/node_modules/@comis/memory/dist/oauth-profile-schema.js +33 -0
- package/node_modules/@comis/memory/dist/oauth-profile-store-encrypted.d.ts +27 -0
- package/node_modules/@comis/memory/dist/oauth-profile-store-encrypted.js +144 -0
- package/node_modules/@comis/memory/dist/session-store.d.ts +1 -1
- package/node_modules/@comis/memory/dist/session-store.js +1 -1
- package/node_modules/@comis/memory/dist/sqlite-secret-store.d.ts +29 -3
- package/node_modules/@comis/memory/dist/sqlite-secret-store.js +11 -3
- package/node_modules/@comis/memory/package.json +1 -1
- package/node_modules/@comis/scheduler/dist/cron/cron-types.d.ts +0 -42
- package/node_modules/@comis/scheduler/dist/execution/execution-lock.d.ts +13 -0
- package/node_modules/@comis/scheduler/dist/execution/execution-lock.js +1 -1
- package/node_modules/@comis/scheduler/dist/execution/index.d.ts +2 -0
- package/node_modules/@comis/scheduler/dist/execution/index.js +2 -0
- package/node_modules/@comis/scheduler/dist/heartbeat/agent-heartbeat-source.d.ts +29 -8
- package/node_modules/@comis/scheduler/dist/heartbeat/agent-heartbeat-source.js +20 -8
- package/node_modules/@comis/scheduler/dist/index.d.ts +2 -0
- package/node_modules/@comis/scheduler/dist/index.js +2 -0
- package/node_modules/@comis/scheduler/dist/system-events/system-event-types.d.ts +0 -3
- package/node_modules/@comis/scheduler/dist/tasks/task-types.d.ts +0 -17
- package/node_modules/@comis/scheduler/package.json +1 -1
- package/node_modules/@comis/shared/dist/index.d.ts +3 -0
- package/node_modules/@comis/shared/dist/index.js +4 -0
- package/node_modules/@comis/shared/dist/mcp-tool-name.d.ts +78 -0
- package/node_modules/@comis/shared/dist/mcp-tool-name.js +92 -0
- package/node_modules/@comis/shared/dist/silent-tokens.d.ts +38 -0
- package/node_modules/@comis/shared/dist/silent-tokens.js +51 -0
- package/node_modules/@comis/shared/dist/visible-delivery.d.ts +28 -0
- package/node_modules/@comis/shared/dist/visible-delivery.js +16 -0
- package/node_modules/@comis/shared/package.json +1 -1
- package/node_modules/@comis/skills/dist/bridge/mcp-tool-bridge.d.ts +2 -13
- package/node_modules/@comis/skills/dist/bridge/mcp-tool-bridge.js +3 -21
- package/node_modules/@comis/skills/dist/bridge/schema-validator.d.ts +38 -0
- package/node_modules/@comis/skills/dist/bridge/schema-validator.js +169 -0
- package/node_modules/@comis/skills/dist/bridge/tool-metadata-enforcement.js +12 -0
- package/node_modules/@comis/skills/dist/bridge/tool-metadata-registry.js +133 -3
- package/node_modules/@comis/skills/dist/builtin/exec-diagnostics.d.ts +32 -0
- package/node_modules/@comis/skills/dist/builtin/exec-diagnostics.js +127 -0
- package/node_modules/@comis/skills/dist/builtin/exec-security.js +38 -0
- package/node_modules/@comis/skills/dist/builtin/exec-tool.d.ts +55 -9
- package/node_modules/@comis/skills/dist/builtin/exec-tool.js +392 -19
- package/node_modules/@comis/skills/dist/builtin/file-tools/grep-tool.js +6 -6
- package/node_modules/@comis/skills/dist/builtin/install-detour.d.ts +67 -0
- package/node_modules/@comis/skills/dist/builtin/install-detour.js +342 -0
- package/node_modules/@comis/skills/dist/builtin/platform/admin-manage-factory.js +5 -5
- package/node_modules/@comis/skills/dist/builtin/platform/agents-manage-tool.d.ts +7 -6
- package/node_modules/@comis/skills/dist/builtin/platform/agents-manage-tool.js +40 -29
- package/node_modules/@comis/skills/dist/builtin/platform/background-tasks-tool.d.ts +4 -1
- package/node_modules/@comis/skills/dist/builtin/platform/background-tasks-tool.js +3 -3
- package/node_modules/@comis/skills/dist/builtin/platform/cron-tool.js +1 -1
- package/node_modules/@comis/skills/dist/builtin/platform/gateway-tool.js +6 -6
- package/node_modules/@comis/skills/dist/builtin/platform/mcp-manage-tool.d.ts +1 -1
- package/node_modules/@comis/skills/dist/builtin/platform/mcp-manage-tool.js +9 -9
- package/node_modules/@comis/skills/dist/builtin/platform/message-tool.js +18 -0
- package/node_modules/@comis/skills/dist/builtin/platform/messaging-factory.d.ts +18 -1
- package/node_modules/@comis/skills/dist/builtin/platform/messaging-factory.js +18 -2
- package/node_modules/@comis/skills/dist/builtin/platform/models-manage-tool.js +3 -3
- package/node_modules/@comis/skills/dist/builtin/process-registry.d.ts +14 -0
- package/node_modules/@comis/skills/dist/builtin/process-tool.d.ts +24 -4
- package/node_modules/@comis/skills/dist/builtin/process-tool.js +25 -7
- package/node_modules/@comis/skills/dist/builtin/sandbox/bwrap-provider.d.ts +11 -0
- package/node_modules/@comis/skills/dist/builtin/sandbox/bwrap-provider.js +123 -1
- package/node_modules/@comis/skills/dist/builtin/sandbox/detect-provider.js +40 -15
- package/node_modules/@comis/skills/dist/index.d.ts +4 -1
- package/node_modules/@comis/skills/dist/index.js +3 -1
- package/node_modules/@comis/skills/dist/manifest/capability-parser.d.ts +44 -0
- package/node_modules/@comis/skills/dist/manifest/capability-parser.js +68 -0
- package/node_modules/@comis/skills/dist/manifest/schema.d.ts +44 -37
- package/node_modules/@comis/skills/dist/manifest/schema.js +35 -0
- package/node_modules/@comis/skills/dist/media/ssrf-fetcher.d.ts +7 -0
- package/node_modules/@comis/skills/dist/media/ssrf-fetcher.js +9 -2
- package/node_modules/@comis/skills/dist/registry/discovery.d.ts +8 -0
- package/node_modules/@comis/skills/dist/registry/discovery.js +10 -3
- package/node_modules/@comis/skills/dist/registry/skill-registry.d.ts +45 -1
- package/node_modules/@comis/skills/dist/registry/skill-registry.js +70 -7
- package/node_modules/@comis/skills/package.json +1 -1
- package/node_modules/@comis/web/dist/assets/{agent-detail-71BSbSfD.js → agent-detail-q8t1NB7w.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{agent-editor-CTSDZhwT.js → agent-editor-B46io5gv.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{agent-list-BEhni2ea.js → agent-list-DQ6g2Rcx.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{billing-view-DVP1IvVs.js → billing-view-IWPR8LgF.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{channel-detail-N_YK74xC.js → channel-detail-DlNNZuuC.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{channel-list-DRk6ZJaF.js → channel-list-DhGwxiMc.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{chat-console-Dm-GtSf9.js → chat-console-Nv6fM3Rc.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{config-editor-CIferYX6.js → config-editor-BYKuJF76.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{context-dag-browser-CL84rXXM.js → context-dag-browser-ClNEtzYE.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{context-engine-B1HOTEZv.js → context-engine-BZJ6HChd.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{delivery-view-Y6JKYVFw.js → delivery-view-Cb7I3vGu.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{diagnostics-view-DWV1UQjz.js → diagnostics-view-9u9Lyu5a.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{ic-chat-message-DfSERzzg.js → ic-chat-message-BFt3cVpx.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{ic-connection-dot-CXyhlJup.js → ic-connection-dot-y77LZ3Gu.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{ic-tool-call-DNmwTjek.js → ic-tool-call-qt6w1NQl.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{index-CBr0Tm9_.js → index-8Tg9oc-C.js} +2 -2
- package/node_modules/@comis/web/dist/assets/{mcp-management-BaH2-vox.js → mcp-management-69dtH_kY.js} +2 -2
- package/node_modules/@comis/web/dist/assets/{media-config-CZLshJoN.js → media-config-BdjLj5c1.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{media-test-C9NUWgo_.js → media-test-DuPqrixi.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{memory-inspector-D_fmTcRN.js → memory-inspector-B-Pepbq-.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{message-center-BBFlNCZn.js → message-center-B7l0yNYY.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{models-BytGLm99.js → models-JHFHuv5S.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{observe-view-VXtHqaqq.js → observe-view-r8mqhy4O.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-builder-CfXczlfJ.js → pipeline-builder-XjkiZRcR.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-history-CPmXFnbe.js → pipeline-history-CZqJv_Hj.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-history-detail-DcueTMs9.js → pipeline-history-detail-BEFGMoDy.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-list-B-xG5WZh.js → pipeline-list-B6q5LvO1.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-monitor-pnIOYaSY.js → pipeline-monitor-BNomXjVL.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{scheduler-BtUIFHhA.js → scheduler-BJEjcGKA.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{security-C8mWRq2y.js → security-2G1jhBfV.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{session-detail-DgdkO5ka.js → session-detail-DmVPzFBR.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{session-list-DcylcfTn.js → session-list-CsqMQoHs.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{setup-wizard-BP5yjsuL.js → setup-wizard-CAdM-gSP.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{skills-DXt1bX8Z.js → skills-2ODqKaWr.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{subagents-C7YbUHXY.js → subagents-BFlwfTbD.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{workspace-manager-DP6pW4wa.js → workspace-manager--CbOx_dI.js} +1 -1
- package/node_modules/@comis/web/dist/index.html +1 -1
- package/node_modules/@comis/web/package.json +1 -1
- package/package.json +25 -24
|
@@ -10,7 +10,7 @@
|
|
|
10
10
|
*/
|
|
11
11
|
import { existsSync } from "node:fs";
|
|
12
12
|
import { spawnSync } from "node:child_process";
|
|
13
|
-
import { BwrapProvider } from "./bwrap-provider.js";
|
|
13
|
+
import { BwrapProvider, SYSTEM_RO_PATHS } from "./bwrap-provider.js";
|
|
14
14
|
import { SandboxExecProvider } from "./sandbox-exec-provider.js";
|
|
15
15
|
/**
|
|
16
16
|
* True when the daemon is running inside a Linux container. Docker writes
|
|
@@ -21,26 +21,42 @@ function isContainer() {
|
|
|
21
21
|
return existsSync("/.dockerenv") || existsSync("/run/.containerenv");
|
|
22
22
|
}
|
|
23
23
|
/**
|
|
24
|
-
* Smoke-test
|
|
25
|
-
*
|
|
26
|
-
*
|
|
27
|
-
*
|
|
28
|
-
*
|
|
29
|
-
*
|
|
30
|
-
*
|
|
24
|
+
* Smoke-test bwrap against the same SYSTEM_RO_PATHS BwrapProvider.buildArgs()
|
|
25
|
+
* uses, plus --unshare-pid + --proc /proc — the kernel-feature combo we
|
|
26
|
+
* actually need to detect. Reusing the production bind list prevents drift
|
|
27
|
+
* (e.g. /lib64 must be present on usrmerge x86-64 hosts where /bin/true's
|
|
28
|
+
* dynamic linker lives there; without it the smoke spawn EPERMs at execvp
|
|
29
|
+
* even though the production sandbox itself runs fine).
|
|
30
|
+
*
|
|
31
|
+
* On Docker Desktop's linuxkit kernel and similar restricted environments
|
|
32
|
+
* --unshare-pid + --proc /proc EPERMs at the procfs mount step, even with
|
|
33
|
+
* apparmor/seccomp unconfined — every later exec call would silently fail.
|
|
34
|
+
* `available()` only checks if `bwrap` is on PATH, so without this probe the
|
|
35
|
+
* daemon would log "provider: bwrap" even when bwrap is non-functional.
|
|
36
|
+
* ~50ms one-shot at startup.
|
|
37
|
+
*
|
|
38
|
+
* Returns the raw `stderr` and `signal` from bwrap so the caller can include
|
|
39
|
+
* them in the warn payload — operators reading the log see the actual bwrap
|
|
40
|
+
* error message (e.g. "Creating new namespace failed: Operation not
|
|
41
|
+
* permitted") without having to enable DEBUG logging.
|
|
31
42
|
*/
|
|
32
43
|
function bwrapSmokeTest() {
|
|
44
|
+
const sysBinds = SYSTEM_RO_PATHS
|
|
45
|
+
.filter((p) => existsSync(p))
|
|
46
|
+
.flatMap((p) => ["--ro-bind", p, p]);
|
|
33
47
|
const r = spawnSync("bwrap", [
|
|
34
48
|
"--unshare-user",
|
|
35
49
|
"--unshare-pid",
|
|
36
50
|
"--proc", "/proc",
|
|
37
|
-
|
|
38
|
-
"--ro-bind", "/bin", "/bin",
|
|
39
|
-
"--ro-bind", "/lib", "/lib",
|
|
51
|
+
...sysBinds,
|
|
40
52
|
"--tmpfs", "/tmp",
|
|
41
53
|
"/bin/true",
|
|
42
54
|
], { encoding: "utf8", timeout: 5000 });
|
|
43
|
-
return
|
|
55
|
+
return {
|
|
56
|
+
ok: r.status === 0,
|
|
57
|
+
stderr: (r.stderr ?? "").trim(),
|
|
58
|
+
signal: r.signal ?? null,
|
|
59
|
+
};
|
|
44
60
|
}
|
|
45
61
|
/**
|
|
46
62
|
* Detect and return the best available sandbox provider for this platform.
|
|
@@ -51,7 +67,8 @@ export function detectSandboxProvider(logger) {
|
|
|
51
67
|
if (process.platform === "linux") {
|
|
52
68
|
const bwrap = new BwrapProvider();
|
|
53
69
|
if (bwrap.available()) {
|
|
54
|
-
|
|
70
|
+
const smoke = bwrapSmokeTest();
|
|
71
|
+
if (!smoke.ok) {
|
|
55
72
|
// bwrap is on PATH but the kernel rejects the isolation flags
|
|
56
73
|
// (typically Docker Desktop's linuxkit on macOS/Windows). Behaviour
|
|
57
74
|
// diverges by environment:
|
|
@@ -69,17 +86,25 @@ export function detectSandboxProvider(logger) {
|
|
|
69
86
|
// (rare on stock Linux). Surface it loudly and return the
|
|
70
87
|
// provider so exec fails via bwrap's stderr until the operator
|
|
71
88
|
// fixes the kernel/userns config — never silently degrade
|
|
72
|
-
// sandboxing on a bare-metal host.
|
|
89
|
+
// sandboxing on a bare-metal host. The warn payload now includes
|
|
90
|
+
// `stderr` (the actual bwrap error) and `signal` so operators
|
|
91
|
+
// don't have to enable DEBUG logging to diagnose; the hint
|
|
92
|
+
// points at stderr first and demotes kernel sysctls to a
|
|
93
|
+
// secondary fallback.
|
|
73
94
|
if (isContainer()) {
|
|
74
95
|
logger?.warn({
|
|
75
96
|
hint: "Kernel rejected --unshare-pid + --proc /proc (typically Docker Desktop linuxkit on macOS/Windows). Sandbox auto-disabled so agent exec is functional for development. PRODUCTION DEPLOYMENTS MUST USE A REAL LINUX HOST — see docs/operations/docker.mdx → Platform Support.",
|
|
76
97
|
errorKind: "config",
|
|
98
|
+
stderr: smoke.stderr,
|
|
99
|
+
signal: smoke.signal,
|
|
77
100
|
}, "Exec sandbox DISABLED (kernel limitation; container host) -- shell commands will run UNSANDBOXED. Dev/testing only.");
|
|
78
101
|
return undefined;
|
|
79
102
|
}
|
|
80
103
|
logger?.warn({
|
|
81
|
-
hint: "
|
|
104
|
+
hint: "Check the `stderr` field above for the actual bwrap error — that's the primary signal. If stderr mentions namespaces or 'Operation not permitted' on a bare-metal host, then as a secondary diagnostic verify `sysctl kernel.unprivileged_userns_clone=1` and AppArmor's `apparmor_restrict_unprivileged_userns=0` (Ubuntu 23.10+). Exec calls will fail until bwrap can run.",
|
|
82
105
|
errorKind: "config",
|
|
106
|
+
stderr: smoke.stderr,
|
|
107
|
+
signal: smoke.signal,
|
|
83
108
|
}, "bwrap installed but smoke test failed -- exec sandbox is non-functional on this kernel");
|
|
84
109
|
}
|
|
85
110
|
return bwrap;
|
|
@@ -17,6 +17,8 @@ export { createExecTool } from "./builtin/exec-tool.js";
|
|
|
17
17
|
export { createProcessTool } from "./builtin/process-tool.js";
|
|
18
18
|
export { createProcessRegistry } from "./builtin/process-registry.js";
|
|
19
19
|
export type { ProcessRegistry } from "./builtin/process-registry.js";
|
|
20
|
+
export type { InstallDetourDecision, DetourOverlap } from "./builtin/install-detour.js";
|
|
21
|
+
export { parseInstallDetour } from "./builtin/install-detour.js";
|
|
20
22
|
export type { SandboxProvider, SandboxOptions, ExecSandboxConfig } from "./builtin/sandbox/types.js";
|
|
21
23
|
export { detectSandboxProvider } from "./builtin/sandbox/detect-provider.js";
|
|
22
24
|
export type { DetectLogger } from "./builtin/sandbox/detect-provider.js";
|
|
@@ -44,7 +46,8 @@ export { createLinkRunner } from "./integrations/link/link-runner.js";
|
|
|
44
46
|
export type { LinkRunner } from "./integrations/link/link-runner.js";
|
|
45
47
|
export { createMcpClientManager, qualifyToolName, parseQualifiedName } from "./integrations/mcp-client.js";
|
|
46
48
|
export type { McpClientManager, McpClientManagerDeps, McpServerConfig, McpConnection, McpConnectionStatus, McpToolDefinition, McpToolCallResult, McpToolCallContent, } from "./integrations/mcp-client.js";
|
|
47
|
-
export { mcpToolsToAgentTools, jsonSchemaToTypeBox, sanitizeMcpToolName,
|
|
49
|
+
export { mcpToolsToAgentTools, jsonSchemaToTypeBox, sanitizeMcpToolName, classifyMcpErrorType } from "./bridge/mcp-tool-bridge.js";
|
|
50
|
+
export { extractMcpServerName } from "@comis/shared";
|
|
48
51
|
export { createVisionProviderRegistry, selectVisionProvider } from "./integrations/vision/vision-provider-registry.js";
|
|
49
52
|
export { resolveVisionScope } from "./integrations/vision/scope-resolver.js";
|
|
50
53
|
export { detectFfmpeg, createAudioConverter, createMediaTempManager, createMediaSemaphore, createSsrfGuardedFetcher, createCompositeResolver, createMediaPersistenceService, } from "./media/index.js";
|
|
@@ -22,6 +22,7 @@ export { createApplyPatchTool } from "./builtin/file/apply-patch-tool.js";
|
|
|
22
22
|
export { createExecTool } from "./builtin/exec-tool.js";
|
|
23
23
|
export { createProcessTool } from "./builtin/process-tool.js";
|
|
24
24
|
export { createProcessRegistry } from "./builtin/process-registry.js";
|
|
25
|
+
export { parseInstallDetour } from "./builtin/install-detour.js";
|
|
25
26
|
// Built-in tools -- Exec sandbox detection
|
|
26
27
|
export { detectSandboxProvider } from "./builtin/sandbox/detect-provider.js";
|
|
27
28
|
// Registry
|
|
@@ -89,7 +90,8 @@ export { createLinkRunner } from "./integrations/link/link-runner.js";
|
|
|
89
90
|
// Integrations -- MCP client manager
|
|
90
91
|
export { createMcpClientManager, qualifyToolName, parseQualifiedName } from "./integrations/mcp-client.js";
|
|
91
92
|
// Bridge -- MCP tool bridge
|
|
92
|
-
export { mcpToolsToAgentTools, jsonSchemaToTypeBox, sanitizeMcpToolName,
|
|
93
|
+
export { mcpToolsToAgentTools, jsonSchemaToTypeBox, sanitizeMcpToolName, classifyMcpErrorType } from "./bridge/mcp-tool-bridge.js";
|
|
94
|
+
export { extractMcpServerName } from "@comis/shared";
|
|
93
95
|
// Integrations -- Vision
|
|
94
96
|
export { createVisionProviderRegistry, selectVisionProvider } from "./integrations/vision/vision-provider-registry.js";
|
|
95
97
|
export { resolveVisionScope } from "./integrations/vision/scope-resolver.js";
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Defensive parser for `comis.capability` skill manifest blocks.
|
|
3
|
+
*
|
|
4
|
+
* The outer `ComisNamespaceSchema` is z.strictObject -- a typo'd nested
|
|
5
|
+
* capability key (`replacePackages` missing `s`) would normally cause the
|
|
6
|
+
* whole `comis:` block to fail parse and the skill to become invisible.
|
|
7
|
+
* This function parses the capability sub-block separately with try/recover
|
|
8
|
+
* semantics: on any validation failure (typo, type mismatch, empty string),
|
|
9
|
+
* log a Pino WARN with `errorKind: "config"` and return undefined. The skill
|
|
10
|
+
* renders under the fallback `prompt-skills` cluster.
|
|
11
|
+
*
|
|
12
|
+
* Capability metadata is enrichment, not a gate. The skill itself is NEVER
|
|
13
|
+
* hidden solely because optional capability metadata is invalid.
|
|
14
|
+
*
|
|
15
|
+
* Caller pattern:
|
|
16
|
+
* const ns = (typeof obj["comis"] === "object" && ...) ? ... : undefined;
|
|
17
|
+
* const capability = parseComisCapabilityDefensively(ns?.["capability"], skillName, logger);
|
|
18
|
+
* // ... include `capability` in SkillMetadata; downstream filters tolerate undefined.
|
|
19
|
+
*
|
|
20
|
+
* @module
|
|
21
|
+
*/
|
|
22
|
+
import type { ToolCapabilityMetadata } from "@comis/core";
|
|
23
|
+
export type { ToolCapabilityMetadata };
|
|
24
|
+
/** Pino-compatible logger interface. The skills package already uses this shape; reuse here. */
|
|
25
|
+
interface DiscoveryLogger {
|
|
26
|
+
warn(obj: Record<string, unknown>, msg: string): void;
|
|
27
|
+
}
|
|
28
|
+
/**
|
|
29
|
+
* Defensively parse a `comis.capability` block.
|
|
30
|
+
*
|
|
31
|
+
* On success: returns the parsed shape (with defaults applied).
|
|
32
|
+
* On failure: logs a Pino WARN with `errorKind: "config"`, the skillName,
|
|
33
|
+
* the Zod issue paths, and an operator-actionable hint, then returns
|
|
34
|
+
* undefined. NEVER throws.
|
|
35
|
+
*
|
|
36
|
+
* @param raw - The raw `capability` value from `manifest.comis.capability`
|
|
37
|
+
* (may be undefined or null).
|
|
38
|
+
* @param skillName - Used in the WARN log payload for operator context.
|
|
39
|
+
* @param logger - Optional Pino logger. When omitted, parse failures fall
|
|
40
|
+
* through silently (the function still returns undefined;
|
|
41
|
+
* the caller may emit its own log).
|
|
42
|
+
* @returns Parsed capability metadata, or undefined if absent / malformed.
|
|
43
|
+
*/
|
|
44
|
+
export declare function parseComisCapabilityDefensively(raw: unknown, skillName: string, logger: DiscoveryLogger | undefined): ToolCapabilityMetadata | undefined;
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
/**
|
|
3
|
+
* Defensive parser for `comis.capability` skill manifest blocks.
|
|
4
|
+
*
|
|
5
|
+
* The outer `ComisNamespaceSchema` is z.strictObject -- a typo'd nested
|
|
6
|
+
* capability key (`replacePackages` missing `s`) would normally cause the
|
|
7
|
+
* whole `comis:` block to fail parse and the skill to become invisible.
|
|
8
|
+
* This function parses the capability sub-block separately with try/recover
|
|
9
|
+
* semantics: on any validation failure (typo, type mismatch, empty string),
|
|
10
|
+
* log a Pino WARN with `errorKind: "config"` and return undefined. The skill
|
|
11
|
+
* renders under the fallback `prompt-skills` cluster.
|
|
12
|
+
*
|
|
13
|
+
* Capability metadata is enrichment, not a gate. The skill itself is NEVER
|
|
14
|
+
* hidden solely because optional capability metadata is invalid.
|
|
15
|
+
*
|
|
16
|
+
* Caller pattern:
|
|
17
|
+
* const ns = (typeof obj["comis"] === "object" && ...) ? ... : undefined;
|
|
18
|
+
* const capability = parseComisCapabilityDefensively(ns?.["capability"], skillName, logger);
|
|
19
|
+
* // ... include `capability` in SkillMetadata; downstream filters tolerate undefined.
|
|
20
|
+
*
|
|
21
|
+
* @module
|
|
22
|
+
*/
|
|
23
|
+
import { ComisCapabilityBlockSchema } from "./schema.js";
|
|
24
|
+
/**
|
|
25
|
+
* Defensively parse a `comis.capability` block.
|
|
26
|
+
*
|
|
27
|
+
* On success: returns the parsed shape (with defaults applied).
|
|
28
|
+
* On failure: logs a Pino WARN with `errorKind: "config"`, the skillName,
|
|
29
|
+
* the Zod issue paths, and an operator-actionable hint, then returns
|
|
30
|
+
* undefined. NEVER throws.
|
|
31
|
+
*
|
|
32
|
+
* @param raw - The raw `capability` value from `manifest.comis.capability`
|
|
33
|
+
* (may be undefined or null).
|
|
34
|
+
* @param skillName - Used in the WARN log payload for operator context.
|
|
35
|
+
* @param logger - Optional Pino logger. When omitted, parse failures fall
|
|
36
|
+
* through silently (the function still returns undefined;
|
|
37
|
+
* the caller may emit its own log).
|
|
38
|
+
* @returns Parsed capability metadata, or undefined if absent / malformed.
|
|
39
|
+
*/
|
|
40
|
+
export function parseComisCapabilityDefensively(raw, skillName, logger) {
|
|
41
|
+
// Fast path: no capability block declared -> no log, no work.
|
|
42
|
+
if (raw === undefined)
|
|
43
|
+
return undefined;
|
|
44
|
+
const result = ComisCapabilityBlockSchema.safeParse(raw);
|
|
45
|
+
if (result.success) {
|
|
46
|
+
// Coerce the Zod-inferred shape into ToolCapabilityMetadata
|
|
47
|
+
// (compatible by structure).
|
|
48
|
+
return {
|
|
49
|
+
cluster: result.data.cluster,
|
|
50
|
+
summary: result.data.summary,
|
|
51
|
+
replacesPackages: result.data.replacesPackages,
|
|
52
|
+
};
|
|
53
|
+
}
|
|
54
|
+
// Malformed -- log WARN and fall back. This path NEVER raises an exception.
|
|
55
|
+
const issues = result.error.issues.map((issue) => ({
|
|
56
|
+
path: issue.path.join("."),
|
|
57
|
+
code: issue.code,
|
|
58
|
+
message: issue.message,
|
|
59
|
+
}));
|
|
60
|
+
logger?.warn({
|
|
61
|
+
errorKind: "config",
|
|
62
|
+
skillName,
|
|
63
|
+
issues,
|
|
64
|
+
hint: "Fix the comis.capability block in the skill manifest, or remove it. " +
|
|
65
|
+
"The skill will render under the fallback 'prompt-skills' cluster until corrected.",
|
|
66
|
+
}, "Malformed comis.capability metadata; skill renders under fallback cluster.");
|
|
67
|
+
return undefined;
|
|
68
|
+
}
|
|
@@ -10,13 +10,9 @@ export declare const SkillNameSchema: z.ZodString;
|
|
|
10
10
|
* All fields default to empty arrays (no permissions).
|
|
11
11
|
*/
|
|
12
12
|
export declare const SkillPermissionsSchema: z.ZodObject<{
|
|
13
|
-
/** Filesystem read access paths (e.g. ["/tmp/skill-data"]) */
|
|
14
13
|
fsRead: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
15
|
-
/** Filesystem write access paths */
|
|
16
14
|
fsWrite: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
17
|
-
/** Network access domains (e.g. ["api.example.com"]) */
|
|
18
15
|
net: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
19
|
-
/** Environment variable access (read-only, specific keys) */
|
|
20
16
|
env: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
21
17
|
}, z.core.$strict>;
|
|
22
18
|
/**
|
|
@@ -24,7 +20,7 @@ export declare const SkillPermissionsSchema: z.ZodObject<{
|
|
|
24
20
|
* Accepts a single string (wraps in array, lowercases) or an array of strings (lowercases each).
|
|
25
21
|
* No enum restriction -- any OS string is valid (e.g., "playstation").
|
|
26
22
|
*/
|
|
27
|
-
export declare const OsFieldSchema: z.
|
|
23
|
+
export declare const OsFieldSchema: z.ZodPreprocess<z.ZodOptional<z.ZodArray<z.ZodString>>>;
|
|
28
24
|
/**
|
|
29
25
|
* Skill prerequisites schema (strict: only bins and env keys accepted).
|
|
30
26
|
* Undefined means no prerequisites; present means the skill declares external dependencies.
|
|
@@ -37,7 +33,35 @@ export declare const SkillRequiresSchema: z.ZodObject<{
|
|
|
37
33
|
* Skill key schema with preprocess coercion to slug format.
|
|
38
34
|
* Lowercases, replaces spaces with hyphens, strips non-alphanumeric-hyphen chars.
|
|
39
35
|
*/
|
|
40
|
-
export declare const SkillKeySchema: z.
|
|
36
|
+
export declare const SkillKeySchema: z.ZodPreprocess<z.ZodOptional<z.ZodString>>;
|
|
37
|
+
/**
|
|
38
|
+
* Capability metadata block for v1.1 capability layer.
|
|
39
|
+
*
|
|
40
|
+
* Optional sub-block of `comis:` namespace. All inner fields optional. The
|
|
41
|
+
* block is z.strictObject -- unknown nested keys (typos like
|
|
42
|
+
* `replacePackages` missing `s`) are rejected when used in a strict-parse
|
|
43
|
+
* context.
|
|
44
|
+
*
|
|
45
|
+
* IMPORTANT -- defensive parse at registry-side:
|
|
46
|
+
* The outer ComisNamespaceSchema is strict, so a malformed `capability` block
|
|
47
|
+
* would normally cause the whole `comis:` block to fail parse and the skill
|
|
48
|
+
* to become invisible. The registry's discovery enrichment extracts
|
|
49
|
+
* `comis.capability` SEPARATELY via `parseComisCapabilityDefensively`, which
|
|
50
|
+
* logs a WARN and returns undefined on failure -- letting the skill render
|
|
51
|
+
* under the fallback `prompt-skills` cluster. The strict schema here is the
|
|
52
|
+
* declaration of the contract; the defensive parser is the recovery
|
|
53
|
+
* mechanism.
|
|
54
|
+
*
|
|
55
|
+
* The skill itself is never hidden solely because optional capability
|
|
56
|
+
* metadata is invalid.
|
|
57
|
+
*/
|
|
58
|
+
export declare const ComisCapabilityBlockSchema: z.ZodObject<{
|
|
59
|
+
cluster: z.ZodOptional<z.ZodString>;
|
|
60
|
+
summary: z.ZodOptional<z.ZodString>;
|
|
61
|
+
replacesPackages: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
62
|
+
}, z.core.$strict>;
|
|
63
|
+
/** Parsed `comis.capability` block (Zod-inferred, defaults applied). */
|
|
64
|
+
export type ComisCapabilityBlockParsed = z.infer<typeof ComisCapabilityBlockSchema>;
|
|
41
65
|
/**
|
|
42
66
|
* Comis-specific namespace schema for fields that only apply within the
|
|
43
67
|
* Comis platform. Other pi-coding-agent hosts will simply ignore this block.
|
|
@@ -45,19 +69,19 @@ export declare const SkillKeySchema: z.ZodPipe<z.ZodTransform<unknown, unknown>,
|
|
|
45
69
|
* Skills place these fields under `comis:` in frontmatter.
|
|
46
70
|
*/
|
|
47
71
|
export declare const ComisNamespaceSchema: z.ZodOptional<z.ZodObject<{
|
|
48
|
-
|
|
49
|
-
os: z.ZodPipe<z.ZodTransform<unknown, unknown>, z.ZodOptional<z.ZodArray<z.ZodString>>>;
|
|
50
|
-
/** External prerequisites: binary executables and environment variables */
|
|
72
|
+
os: z.ZodPreprocess<z.ZodOptional<z.ZodArray<z.ZodString>>>;
|
|
51
73
|
requires: z.ZodOptional<z.ZodObject<{
|
|
52
74
|
bins: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
53
75
|
env: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
54
76
|
}, z.core.$strict>>;
|
|
55
|
-
|
|
56
|
-
"skill-key": z.ZodPipe<z.ZodTransform<unknown, unknown>, z.ZodOptional<z.ZodString>>;
|
|
57
|
-
/** Display/grouping hint for primary environment (e.g., "discord", "telegram") */
|
|
77
|
+
"skill-key": z.ZodPreprocess<z.ZodOptional<z.ZodString>>;
|
|
58
78
|
"primary-env": z.ZodOptional<z.ZodString>;
|
|
59
|
-
/** Metadata-only dispatch tag for command routing */
|
|
60
79
|
"command-dispatch": z.ZodOptional<z.ZodString>;
|
|
80
|
+
capability: z.ZodOptional<z.ZodObject<{
|
|
81
|
+
cluster: z.ZodOptional<z.ZodString>;
|
|
82
|
+
summary: z.ZodOptional<z.ZodString>;
|
|
83
|
+
replacesPackages: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
84
|
+
}, z.core.$strict>>;
|
|
61
85
|
}, z.core.$strict>>;
|
|
62
86
|
/** Parsed Comis namespace block type. */
|
|
63
87
|
export type ComisNamespaceParsed = z.infer<typeof ComisNamespaceSchema>;
|
|
@@ -69,54 +93,37 @@ export type ComisNamespaceParsed = z.infer<typeof ComisNamespaceSchema>;
|
|
|
69
93
|
* exclusively under the `comis:` namespace block.
|
|
70
94
|
*/
|
|
71
95
|
export declare const SkillManifestSchema: z.ZodObject<{
|
|
72
|
-
/** Unique skill name (lowercase alphanumeric with hyphens) */
|
|
73
96
|
name: z.ZodString;
|
|
74
|
-
/** Human-readable description (1-1024 chars) */
|
|
75
97
|
description: z.ZodString;
|
|
76
|
-
/** Skill type: always "prompt" for Markdown instruction skills. */
|
|
77
98
|
type: z.ZodDefault<z.ZodLiteral<"prompt">>;
|
|
78
|
-
/** Semver version string */
|
|
79
99
|
version: z.ZodOptional<z.ZodString>;
|
|
80
|
-
/** SPDX license identifier */
|
|
81
100
|
license: z.ZodOptional<z.ZodString>;
|
|
82
|
-
/** Whether users can invoke this skill via /skill:name (default true) */
|
|
83
101
|
userInvocable: z.ZodDefault<z.ZodBoolean>;
|
|
84
|
-
/** When true, skill is hidden from model's available skills listing (default false) */
|
|
85
102
|
disableModelInvocation: z.ZodDefault<z.ZodBoolean>;
|
|
86
|
-
/** Tool restrictions when skill is active; empty array means no restriction (default []) */
|
|
87
103
|
allowedTools: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
88
|
-
/** Optional hint text shown to users (e.g., "[name]") */
|
|
89
104
|
argumentHint: z.ZodOptional<z.ZodString>;
|
|
90
|
-
/** Required permissions */
|
|
91
105
|
permissions: z.ZodDefault<z.ZodObject<{
|
|
92
|
-
/** Filesystem read access paths (e.g. ["/tmp/skill-data"]) */
|
|
93
106
|
fsRead: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
94
|
-
/** Filesystem write access paths */
|
|
95
107
|
fsWrite: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
96
|
-
/** Network access domains (e.g. ["api.example.com"]) */
|
|
97
108
|
net: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
98
|
-
/** Environment variable access (read-only, specific keys) */
|
|
99
109
|
env: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
100
110
|
}, z.core.$strict>>;
|
|
101
|
-
/** JSON Schema describing the skill's input parameters */
|
|
102
111
|
inputSchema: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
103
|
-
/** Arbitrary key-value metadata */
|
|
104
112
|
metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
105
|
-
/** Comis-specific namespace block for platform-only fields */
|
|
106
113
|
comis: z.ZodOptional<z.ZodObject<{
|
|
107
|
-
|
|
108
|
-
os: z.ZodPipe<z.ZodTransform<unknown, unknown>, z.ZodOptional<z.ZodArray<z.ZodString>>>;
|
|
109
|
-
/** External prerequisites: binary executables and environment variables */
|
|
114
|
+
os: z.ZodPreprocess<z.ZodOptional<z.ZodArray<z.ZodString>>>;
|
|
110
115
|
requires: z.ZodOptional<z.ZodObject<{
|
|
111
116
|
bins: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
112
117
|
env: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
113
118
|
}, z.core.$strict>>;
|
|
114
|
-
|
|
115
|
-
"skill-key": z.ZodPipe<z.ZodTransform<unknown, unknown>, z.ZodOptional<z.ZodString>>;
|
|
116
|
-
/** Display/grouping hint for primary environment (e.g., "discord", "telegram") */
|
|
119
|
+
"skill-key": z.ZodPreprocess<z.ZodOptional<z.ZodString>>;
|
|
117
120
|
"primary-env": z.ZodOptional<z.ZodString>;
|
|
118
|
-
/** Metadata-only dispatch tag for command routing */
|
|
119
121
|
"command-dispatch": z.ZodOptional<z.ZodString>;
|
|
122
|
+
capability: z.ZodOptional<z.ZodObject<{
|
|
123
|
+
cluster: z.ZodOptional<z.ZodString>;
|
|
124
|
+
summary: z.ZodOptional<z.ZodString>;
|
|
125
|
+
replacesPackages: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
126
|
+
}, z.core.$strict>>;
|
|
120
127
|
}, z.core.$strict>>;
|
|
121
128
|
}, z.core.$strict>;
|
|
122
129
|
/** Parsed and validated skill manifest. */
|
|
@@ -58,6 +58,35 @@ export const SkillKeySchema = z.preprocess((val) => {
|
|
|
58
58
|
}
|
|
59
59
|
return val;
|
|
60
60
|
}, z.string().regex(/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/, "skill-key must be a valid slug").optional());
|
|
61
|
+
/**
|
|
62
|
+
* Capability metadata block for v1.1 capability layer.
|
|
63
|
+
*
|
|
64
|
+
* Optional sub-block of `comis:` namespace. All inner fields optional. The
|
|
65
|
+
* block is z.strictObject -- unknown nested keys (typos like
|
|
66
|
+
* `replacePackages` missing `s`) are rejected when used in a strict-parse
|
|
67
|
+
* context.
|
|
68
|
+
*
|
|
69
|
+
* IMPORTANT -- defensive parse at registry-side:
|
|
70
|
+
* The outer ComisNamespaceSchema is strict, so a malformed `capability` block
|
|
71
|
+
* would normally cause the whole `comis:` block to fail parse and the skill
|
|
72
|
+
* to become invisible. The registry's discovery enrichment extracts
|
|
73
|
+
* `comis.capability` SEPARATELY via `parseComisCapabilityDefensively`, which
|
|
74
|
+
* logs a WARN and returns undefined on failure -- letting the skill render
|
|
75
|
+
* under the fallback `prompt-skills` cluster. The strict schema here is the
|
|
76
|
+
* declaration of the contract; the defensive parser is the recovery
|
|
77
|
+
* mechanism.
|
|
78
|
+
*
|
|
79
|
+
* The skill itself is never hidden solely because optional capability
|
|
80
|
+
* metadata is invalid.
|
|
81
|
+
*/
|
|
82
|
+
export const ComisCapabilityBlockSchema = z.strictObject({
|
|
83
|
+
/** Cluster ID this skill belongs to (operator may override via tooling.skills.capabilityHints). */
|
|
84
|
+
cluster: z.string().min(1).optional(),
|
|
85
|
+
/** Operator-tunable display summary; falls back to skill description if absent. */
|
|
86
|
+
summary: z.string().min(1).optional(),
|
|
87
|
+
/** Package names this skill replaces (for install-detour overlap detection). */
|
|
88
|
+
replacesPackages: z.array(z.string().min(1)).default([]),
|
|
89
|
+
});
|
|
61
90
|
/**
|
|
62
91
|
* Comis-specific namespace schema for fields that only apply within the
|
|
63
92
|
* Comis platform. Other pi-coding-agent hosts will simply ignore this block.
|
|
@@ -75,6 +104,12 @@ export const ComisNamespaceSchema = z.strictObject({
|
|
|
75
104
|
"primary-env": z.string().optional(),
|
|
76
105
|
/** Metadata-only dispatch tag for command routing */
|
|
77
106
|
"command-dispatch": z.string().optional(),
|
|
107
|
+
/**
|
|
108
|
+
* v1.1 capability layer -- optional metadata for cluster, summary,
|
|
109
|
+
* package aliases. Defensively parsed at registry-side; a typo here will
|
|
110
|
+
* NOT hide the skill.
|
|
111
|
+
*/
|
|
112
|
+
capability: ComisCapabilityBlockSchema.optional(),
|
|
78
113
|
}).optional();
|
|
79
114
|
/**
|
|
80
115
|
* Full SKILL.md manifest schema.
|
|
@@ -9,6 +9,13 @@
|
|
|
9
9
|
* URL** (preserving TLS SNI). This maintains SSRF protection while keeping
|
|
10
10
|
* TLS certificate validation working correctly.
|
|
11
11
|
*
|
|
12
|
+
* Both `fetch` and `Agent` are imported from undici directly (NOT
|
|
13
|
+
* `globalThis.fetch`): Node's bundled fetch ships an older undici whose
|
|
14
|
+
* request-handler lifecycle is incompatible with the v8 `Agent` we use for
|
|
15
|
+
* DNS pinning. Mixing the two throws `InvalidArgumentError: invalid
|
|
16
|
+
* onRequestStart method` and breaks every channel's inbound media path. Do
|
|
17
|
+
* not swap this back to `globalThis.fetch`.
|
|
18
|
+
*
|
|
12
19
|
* Every outbound media fetch MUST go through this utility.
|
|
13
20
|
*
|
|
14
21
|
* @module
|
|
@@ -10,13 +10,20 @@
|
|
|
10
10
|
* URL** (preserving TLS SNI). This maintains SSRF protection while keeping
|
|
11
11
|
* TLS certificate validation working correctly.
|
|
12
12
|
*
|
|
13
|
+
* Both `fetch` and `Agent` are imported from undici directly (NOT
|
|
14
|
+
* `globalThis.fetch`): Node's bundled fetch ships an older undici whose
|
|
15
|
+
* request-handler lifecycle is incompatible with the v8 `Agent` we use for
|
|
16
|
+
* DNS pinning. Mixing the two throws `InvalidArgumentError: invalid
|
|
17
|
+
* onRequestStart method` and breaks every channel's inbound media path. Do
|
|
18
|
+
* not swap this back to `globalThis.fetch`.
|
|
19
|
+
*
|
|
13
20
|
* Every outbound media fetch MUST go through this utility.
|
|
14
21
|
*
|
|
15
22
|
* @module
|
|
16
23
|
*/
|
|
17
24
|
import { validateUrl } from "@comis/core";
|
|
18
25
|
import { fromPromise, suppressError } from "@comis/shared";
|
|
19
|
-
import { Agent } from "undici";
|
|
26
|
+
import { Agent, fetch } from "undici";
|
|
20
27
|
/**
|
|
21
28
|
* Classify a fetch error into an actionable errorKind + hint for structured logging.
|
|
22
29
|
*/
|
|
@@ -121,7 +128,7 @@ export function createSsrfGuardedFetcher(config, logger) {
|
|
|
121
128
|
// because the original hostname stays in the URL.
|
|
122
129
|
const agent = createPinnedAgent(ip);
|
|
123
130
|
try {
|
|
124
|
-
const response = await
|
|
131
|
+
const response = await fetch(url, {
|
|
125
132
|
signal: AbortSignal.timeout(30_000),
|
|
126
133
|
redirect: "error", // Do not follow redirects — they could point to internal IPs
|
|
127
134
|
dispatcher: agent,
|
|
@@ -17,6 +17,7 @@
|
|
|
17
17
|
*
|
|
18
18
|
* @module
|
|
19
19
|
*/
|
|
20
|
+
import type { ToolCapabilityMetadata } from "@comis/core";
|
|
20
21
|
import type { ResourceDiagnostic } from "./diagnostics.js";
|
|
21
22
|
/** Minimal pino-compatible logger for discovery warnings. */
|
|
22
23
|
export interface DiscoveryLogger {
|
|
@@ -63,6 +64,13 @@ export interface SkillMetadata {
|
|
|
63
64
|
readonly primaryEnv?: string;
|
|
64
65
|
/** Dispatch mode tag (metadata-only in this phase). */
|
|
65
66
|
readonly commandDispatch?: string;
|
|
67
|
+
/**
|
|
68
|
+
* Capability layer -- extracted from `comis.capability` via defensive
|
|
69
|
+
* parse. Malformed metadata -> undefined + WARN log. The skill still
|
|
70
|
+
* renders under the fallback `prompt-skills` cluster when this is
|
|
71
|
+
* undefined; metadata absence never hides the skill.
|
|
72
|
+
*/
|
|
73
|
+
readonly capability?: ToolCapabilityMetadata;
|
|
66
74
|
}
|
|
67
75
|
/** Result of skill discovery: skills found plus any diagnostics (collisions, warnings). */
|
|
68
76
|
export interface DiscoveryResult {
|
|
@@ -22,6 +22,7 @@ import * as fs from "node:fs";
|
|
|
22
22
|
import * as path from "node:path";
|
|
23
23
|
import ignore from "ignore";
|
|
24
24
|
import { parseFrontmatter } from "../manifest/parser.js";
|
|
25
|
+
import { parseComisCapabilityDefensively } from "../manifest/capability-parser.js";
|
|
25
26
|
// ---------------------------------------------------------------------------
|
|
26
27
|
// Ignore helpers
|
|
27
28
|
// ---------------------------------------------------------------------------
|
|
@@ -108,7 +109,7 @@ function resolveSource(pathIndex, totalPaths) {
|
|
|
108
109
|
* Only parses the frontmatter block -- does not validate the full manifest schema.
|
|
109
110
|
* This keeps discovery fast and lightweight (Level 1 progressive disclosure).
|
|
110
111
|
*/
|
|
111
|
-
function extractMetadataFromSkillMd(skillMdPath) {
|
|
112
|
+
function extractMetadataFromSkillMd(skillMdPath, logger) {
|
|
112
113
|
let content;
|
|
113
114
|
try {
|
|
114
115
|
content = fs.readFileSync(skillMdPath, "utf-8");
|
|
@@ -163,7 +164,12 @@ function extractMetadataFromSkillMd(skillMdPath) {
|
|
|
163
164
|
// command-dispatch field
|
|
164
165
|
const rawCommandDispatch = ns?.["command-dispatch"];
|
|
165
166
|
const commandDispatch = typeof rawCommandDispatch === "string" ? rawCommandDispatch : undefined;
|
|
166
|
-
|
|
167
|
+
// Capability layer -- defensive parse. A typo or type mismatch in
|
|
168
|
+
// `comis.capability` returns undefined + emits a WARN; the skill itself
|
|
169
|
+
// remains visible (renders under the fallback "prompt-skills" cluster
|
|
170
|
+
// downstream).
|
|
171
|
+
const capability = parseComisCapabilityDefensively(ns?.["capability"], obj["name"], logger);
|
|
172
|
+
return { name: obj["name"], description: obj["description"], type, userInvocable, disableModelInvocation, argumentHint, os, requires, skillKey, primaryEnv, commandDispatch, capability };
|
|
167
173
|
}
|
|
168
174
|
/**
|
|
169
175
|
* Recursive internal helper for discovering skills within a directory tree.
|
|
@@ -237,7 +243,7 @@ function discoverSkillsFromDir(dir, source, includeRootFiles, skillMap, diagnost
|
|
|
237
243
|
// Silent skip if same real file already loaded (same file via different symlink)
|
|
238
244
|
if (realPathSet.has(realPath))
|
|
239
245
|
continue;
|
|
240
|
-
const metadata = extractMetadataFromSkillMd(fullPath);
|
|
246
|
+
const metadata = extractMetadataFromSkillMd(fullPath, logger);
|
|
241
247
|
if (metadata === null) {
|
|
242
248
|
logger?.warn({ skillPath: fullPath, hint: "Check skill file has valid YAML frontmatter with name and description fields", errorKind: "validation" }, "Skipping malformed skill file");
|
|
243
249
|
continue;
|
|
@@ -278,6 +284,7 @@ function discoverSkillsFromDir(dir, source, includeRootFiles, skillMap, diagnost
|
|
|
278
284
|
skillKey: metadata.skillKey,
|
|
279
285
|
primaryEnv: metadata.primaryEnv,
|
|
280
286
|
commandDispatch: metadata.commandDispatch,
|
|
287
|
+
capability: metadata.capability,
|
|
281
288
|
};
|
|
282
289
|
skillMap.set(metadata.name, skillMeta);
|
|
283
290
|
realPathSet.add(realPath);
|
|
@@ -10,12 +10,25 @@
|
|
|
10
10
|
*
|
|
11
11
|
* @module
|
|
12
12
|
*/
|
|
13
|
-
import type { SkillsConfig, TypedEventBus } from "@comis/core";
|
|
13
|
+
import type { PromptSkillCapability, SkillsConfig, TypedEventBus } from "@comis/core";
|
|
14
14
|
import type { Result } from "@comis/shared";
|
|
15
15
|
import { type PromptSkillDescription } from "../prompt/processor.js";
|
|
16
16
|
import { type SkillMetadata, type SkillSource } from "./discovery.js";
|
|
17
17
|
import { type RuntimeEligibilityContext } from "./eligibility.js";
|
|
18
18
|
import { type SkillWatcherHandle } from "./skill-watcher.js";
|
|
19
|
+
/**
|
|
20
|
+
* Operator hint shape consumed by `getPromptSkillCapabilities`.
|
|
21
|
+
*
|
|
22
|
+
* Mirrors the return shape of `ToolCapabilityPort.getSkillHint` in
|
|
23
|
+
* `@comis/core/ports/tool-capability.ts`. The registry stays decoupled from
|
|
24
|
+
* the port itself -- daemon-side wiring passes the port's `getSkillHint`
|
|
25
|
+
* method as the callback.
|
|
26
|
+
*/
|
|
27
|
+
type OperatorSkillHint = {
|
|
28
|
+
readonly cluster: string;
|
|
29
|
+
readonly description?: string;
|
|
30
|
+
readonly replacesPackages: readonly string[];
|
|
31
|
+
};
|
|
19
32
|
/** Minimal pino-compatible logger interface for skills subsystem logging. */
|
|
20
33
|
interface SkillsLogger {
|
|
21
34
|
info(obj: Record<string, unknown>, msg: string): void;
|
|
@@ -101,6 +114,37 @@ export interface SkillRegistry {
|
|
|
101
114
|
* Acts as the Comis eligibility gate for SDK discovery.
|
|
102
115
|
*/
|
|
103
116
|
getEligibleSkillNames(): Set<string>;
|
|
117
|
+
/**
|
|
118
|
+
* Return all visible eligible prompt skills with merged capability metadata.
|
|
119
|
+
*
|
|
120
|
+
* Applies the same `allowedSkills`/`deniedSkills` and runtime-eligibility
|
|
121
|
+
* filters as `getPromptSkillDescriptions`, PLUS an extra
|
|
122
|
+
* `disableModelInvocation !== true` filter -- skills hidden from the model
|
|
123
|
+
* are not surfaced as capability index entries.
|
|
124
|
+
*
|
|
125
|
+
* Capability merge precedence:
|
|
126
|
+
* 1. operator hint by `skillKey` (when the skill declares one)
|
|
127
|
+
* 2. operator hint by skill name (always available as fallback)
|
|
128
|
+
* 3. `comis.capability` from the skill manifest (already in
|
|
129
|
+
* `metadata.capability`)
|
|
130
|
+
* 4. Fallback: `cluster` undefined (renderer falls back to the literal
|
|
131
|
+
* `"prompt-skills"` cluster); `summary` = `description`;
|
|
132
|
+
* `replacesPackages` = `[]`.
|
|
133
|
+
*
|
|
134
|
+
* The `getOperatorHint` callback keeps the registry decoupled from
|
|
135
|
+
* `ToolCapabilityPort` -- daemon-side adapters pass the port's
|
|
136
|
+
* `getSkillHint` method here.
|
|
137
|
+
*
|
|
138
|
+
* Fresh-per-call (no memoization). Returns a frozen array of frozen entries.
|
|
139
|
+
*
|
|
140
|
+
* IMPORTANT -- cache fence:
|
|
141
|
+
* This method MUST NOT be consumed by `assembleRichSystemPrompt`'s
|
|
142
|
+
* `assemblerParams` in `packages/agent/src/executor/prompt-assembly.ts`.
|
|
143
|
+
* If a skill discovery sweep runs between turns, the cached system-prompt
|
|
144
|
+
* prefix MUST stay byte-identical. An architecture-grep test enforces this
|
|
145
|
+
* invariant.
|
|
146
|
+
*/
|
|
147
|
+
getPromptSkillCapabilities(getOperatorHint: (skillName: string, skillKey?: string) => OperatorSkillHint | undefined): readonly PromptSkillCapability[];
|
|
104
148
|
/**
|
|
105
149
|
* Populate the registry from SDK-discovered skills instead of filesystem discovery.
|
|
106
150
|
* Clears existing metadata, maps SDK Skill fields to Comis SkillMetadata,
|