compact-agent 1.21.0 → 1.23.0

package/dist/key-rotation.js

@@ -0,0 +1,117 @@
+/**
+ * API key rotation pool — for users with multiple OpenRouter (or any
+ * compatible) accounts who want to round-robin / failover across them
+ * when one hits a rate limit or runs out of free credits.
+ *
+ * Pool composition: config.apiKey + config.apiKeys (deduplicated, order
+ * preserved). The single `apiKey` field always becomes pool[0] so users
+ * with only the legacy config see no change in behavior.
+ *
+ * Rotation strategy: on 401 / 429 / quota errors, the failing key is
+ * marked "cool" for `COOL_DOWN_MS`, the next healthy key takes over.
+ * If all keys are cool, the request fails normally — the user will see
+ * the last error message. Health state lives in module memory; restart
+ * = fresh start.
+ *
+ * Why module-level vs persisted: rate-limit windows are usually 60s-5m
+ * and reset naturally. Persisting cool-down across processes would
+ * make the agent worse at recovering from transient blips.
+ */
+const COOL_DOWN_MS = 60_000; // 1 min — typical free-tier RPM window
+const QUOTA_COOL_DOWN_MS = 60 * 60_000; // 1 hour — daily/monthly quota errors
+let pool = [];
+let cursor = 0; // round-robin pointer for which key to try first
+/**
+ * Build the pool from a config snapshot. Idempotent; if the same keys
+ * are passed in the same order, the existing state is preserved
+ * (so cool-downs persist across rebuilds in the same process).
+ */
+export function setPool(primary, extras = []) {
+    // Dedupe in order: primary first, then extras
+    const seen = new Set();
+    const all = [];
+    for (const k of [primary, ...extras]) {
+        if (k && !seen.has(k)) {
+            seen.add(k);
+            all.push(k);
+        }
+    }
+    // Preserve state for keys that are still in the pool
+    const existing = new Map(pool.map((s) => [s.key, s]));
+    pool = all.map((k) => existing.get(k) || {
+        key: k, coolUntil: 0, successes: 0, failures: 0,
+    });
+    if (cursor >= pool.length)
+        cursor = 0;
+}
+/**
+ * Pick the next healthy key to use. Round-robin from the current cursor.
+ * Returns null if the pool is empty or all keys are cool.
+ */
+export function pickKey() {
+    if (pool.length === 0)
+        return null;
+    const now = Date.now();
+    // Try each key once, starting from cursor
+    for (let i = 0; i < pool.length; i++) {
+        const idx = (cursor + i) % pool.length;
+        if (pool[idx].coolUntil <= now) {
+            cursor = (idx + 1) % pool.length; // next call rotates one further
+            return pool[idx].key;
+        }
+    }
+    return null;
+}
+/**
+ * Mark a key as failed. The classifier maps the error to either a
+ * short cooldown (rate-limit) or a long one (quota / auth). Used by
+ * api.ts's retry logic to skip dead keys without re-trying them.
+ */
+export function reportFailure(key, err) {
+    const state = pool.find((s) => s.key === key);
+    if (!state)
+        return;
+    const msg = err instanceof Error ? err.message : String(err);
+    const lower = msg.toLowerCase();
+    let cooldown = COOL_DOWN_MS;
+    let reason = msg.slice(0, 80);
+    if (/quota|insufficient|credit|payment|billing/.test(lower)) {
+        cooldown = QUOTA_COOL_DOWN_MS;
+        reason = 'quota/credit exhausted';
+    }
+    else if (/auth|invalid.*key|forbidden|401|403/.test(lower)) {
+        cooldown = QUOTA_COOL_DOWN_MS;
+        reason = 'auth rejected (bad/revoked key)';
+    }
+    else if (/rate.?limit|429|too.many/.test(lower)) {
+        cooldown = COOL_DOWN_MS;
+        reason = 'rate limited';
+    }
+    state.coolUntil = Date.now() + cooldown;
+    state.lastReason = reason;
+    state.failures++;
+}
+/** Mark a key as having succeeded — clears any cool-down + records stat. */
+export function reportSuccess(key) {
+    const state = pool.find((s) => s.key === key);
+    if (!state)
+        return;
+    state.coolUntil = 0;
+    state.lastReason = undefined;
+    state.successes++;
+}
+export function listStatus() {
+    const now = Date.now();
+    return pool.map((s, i) => ({
+        index: i,
+        tail: `…${s.key.slice(-4)}`,
+        healthy: s.coolUntil <= now,
+        coolDownRemainingSec: s.coolUntil > now ? Math.ceil((s.coolUntil - now) / 1000) : undefined,
+        successes: s.successes,
+        failures: s.failures,
+        lastReason: s.lastReason,
+    }));
+}
+/** Currently-active pool size (post-dedup). */
+export function poolSize() { return pool.length; }
+//# sourceMappingURL=key-rotation.js.map

package/dist/key-rotation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-rotation.js","sourceRoot":"","sources":["../src/key-rotation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,MAAM,YAAY,GAAG,MAAM,CAAC,CAAa,uCAAuC;AAChF,MAAM,kBAAkB,GAAG,EAAE,GAAG,MAAM,CAAC,CAAE,sCAAsC;AAa/E,IAAI,IAAI,GAAe,EAAE,CAAC;AAC1B,IAAI,MAAM,GAAG,CAAC,CAAC,CAAK,iDAAiD;AAErE;;;;GAIG;AACH,MAAM,UAAU,OAAO,CAAC,OAAe,EAAE,SAAmB,EAAE;IAC5D,8CAA8C;IAC9C,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,KAAK,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,MAAM,CAAC,EAAE,CAAC;QACrC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAAC,CAAC;IACtD,CAAC;IACD,qDAAqD;IACrD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IACtD,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI;QACvC,GAAG,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC;KAChD,CAAC,CAAC;IACH,IAAI,MAAM,IAAI,IAAI,CAAC,MAAM;QAAE,MAAM,GAAG,CAAC,CAAC;AACxC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,OAAO;IACrB,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,0CAA0C;IAC1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC;QACvC,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,SAAS,IAAI,GAAG,EAAE,CAAC;YAC/B,MAAM,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,CAAG,gCAAgC;YACpE,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC;QACvB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,GAAW,EAAE,GAAY;IACrD,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;IAC9C,IAAI,CAAC,KAAK;QAAE,OAAO;IACnB,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC7D,MAAM,KAAK,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAChC,IAAI,QAAQ,GAAG,YAAY,CAAC;IAC5B,IAAI,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC9B,IAAI,2CAA2C,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5D,QAAQ,GAAG,kBAAkB,CAAC;QAC9B,MAAM,GAAG,wBAAwB,CAAC;IACpC,CAAC;SAAM,IAAI,qCAAqC,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7D,QAAQ,GAAG,kBAAkB,CAAC;QAC9B,MAAM,GAAG,iCAAiC,CAAC;IAC7C,CAAC;SAAM,IAAI,0BAA0B,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAClD,QAAQ,GAAG,YAAY,CAAC;QACxB,MAAM,GAAG,cAAc,CAAC;IAC1B,CAAC;IACD,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC;IACxC,KAAK,CAAC,UAAU,GAAG,MAAM,CAAC;IAC1B,KAAK,CAAC,QAAQ,EAAE,CAAC;AACnB,CAAC;AAED,4EAA4E;AAC5E,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;IAC9C,IAAI,CAAC,KAAK;QAAE,OAAO;IACnB,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;IACpB,KAAK,CAAC,UAAU,GAAG,SAAS,CAAC;IAC7B,KAAK,CAAC,SAAS,EAAE,CAAC;AACpB,CAAC;AAgBD,MAAM,UAAU,UAAU;IACxB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACzB,KAAK,EAAE,CAAC;QACR,IAAI,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;QAC3B,OAAO,EAAE,CAAC,CAAC,SAAS,IAAI,GAAG;QAC3B,oBAAoB,EAAE,CAAC,CAAC,SAAS,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QAC3F,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC,CAAC,CAAC;AACN,CAAC;AAED,+CAA+C;AAC/C,MAAM,UAAU,QAAQ,KAAa,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC"}

package/dist/sandbox.d.ts

@@ -0,0 +1,37 @@
+export type SandboxBackend = 'seatbelt' | 'bwrap' | 'none';
+export type SandboxLevel = 'off' | 'standard' | 'strict';
+interface BackendDetect {
+    backend: SandboxBackend;
+    available: boolean;
+    reason?: string;
+}
+/**
+ * Detect which sandbox backend (if any) is available on this machine.
+ * Cached after the first call; pass force=true to re-probe.
+ */
+export declare function detectBackend(force?: boolean): BackendDetect;
+/**
+ * Wrap a shell command for the active backend at the requested level.
+ * Returns the wrapped command string and a label for logging. If the
+ * backend isn't available or level is 'off', returns the command
+ * unchanged (callers don't need to special-case).
+ */
+export declare function wrapCommand(cmd: string, opts: {
+    level: SandboxLevel;
+    cwd: string;
+}): {
+    cmd: string;
+    label: string;
+};
+/**
+ * Status snapshot for the /sandbox slash command. Tells the user what's
+ * supported on this machine + what's currently active.
+ */
+export interface SandboxStatus {
+    backend: SandboxBackend;
+    available: boolean;
+    reason?: string;
+    platform: NodeJS.Platform;
+}
+export declare function status(): SandboxStatus;
+export {};

package/dist/sandbox.js

@@ -0,0 +1,192 @@
+/**
+ * OS-native sandbox wrapper for the bash tool.
+ *
+ * Defense-in-depth on top of the execpolicy DSL from 1.19.0. Where
+ * execpolicy gates INTENT before the command runs (block "rm -rf /",
+ * prompt for "sudo"), this layer adds RUNTIME ISOLATION: the command
+ * runs under an OS-native sandbox that limits filesystem write access,
+ * network reach, and process privileges even if the intent gate
+ * approved or the model is trying to evade detection.
+ *
+ * Backends:
+ *   macOS   → sandbox-exec (Seatbelt). Shipped with macOS since 10.5.
+ *             Policy described in scheme-like .sb syntax.
+ *   Linux   → bubblewrap (bwrap). Usually preinstalled (Flatpak runtime)
+ *             or one apt/yum/dnf install away. Combines user
+ *             namespaces, mount namespaces, seccomp.
+ *   Windows → no-op for now. Job Objects + restricted tokens + AppContainer
+ *             are doable but a much larger project. Documented in /sandbox
+ *             output so the user knows.
+ *
+ * Policy levels (config: sandbox.level):
+ *   off       — wrap nothing; behave as before
+ *   standard  — read everywhere, write only to cwd + /tmp, no network
+ *               (still gives access to the project + scratch space)
+ *   strict    — read cwd only, write only to cwd, no network, no /tmp
+ *
+ * Default: 'off'. Users opt in via /sandbox standard (or strict) — we
+ * don't want to surprise anyone whose workflow needs network or writes
+ * outside cwd.
+ *
+ * Failure mode: if the sandbox tool isn't installed or the wrap fails
+ * to construct, we LOG and fall through to the un-sandboxed command.
+ * Better to run + work than fail closed silently for a missing tool.
+ */
+import { existsSync } from 'node:fs';
+import { execSync } from 'node:child_process';
+let cachedDetection = null;
+/**
+ * Detect which sandbox backend (if any) is available on this machine.
+ * Cached after the first call; pass force=true to re-probe.
+ */
+export function detectBackend(force = false) {
+    if (cachedDetection && !force)
+        return cachedDetection;
+    if (process.platform === 'darwin') {
+        // sandbox-exec is at /usr/bin/sandbox-exec on every macOS install
+        // since 10.5. Deprecated by Apple but still functional in 2026.
+        const path = '/usr/bin/sandbox-exec';
+        cachedDetection = existsSync(path)
+            ? { backend: 'seatbelt', available: true }
+            : { backend: 'seatbelt', available: false, reason: 'sandbox-exec not found at /usr/bin/' };
+    }
+    else if (process.platform === 'linux') {
+        // bwrap could be anywhere on PATH. Use `which` since it's fast.
+        try {
+            execSync('which bwrap', { stdio: 'ignore', timeout: 1000 });
+            cachedDetection = { backend: 'bwrap', available: true };
+        }
+        catch {
+            cachedDetection = { backend: 'bwrap', available: false, reason: 'bwrap (bubblewrap) not on PATH. Install with: apt install bubblewrap | dnf install bubblewrap | brew install bubblewrap' };
+        }
+    }
+    else {
+        cachedDetection = { backend: 'none', available: false, reason: `${process.platform} doesn't have a supported sandbox backend yet (Windows Job Objects planned)` };
+    }
+    return cachedDetection;
+}
+/**
+ * Construct a Seatbelt (.sb) policy for the given level and cwd.
+ *
+ * Seatbelt operates on a deny-by-default model: we declare allowed
+ * operations, anything else is denied. The base policy here is
+ * deliberately permissive for system reads (so node, git, etc. can
+ * find their libraries) while gating writes + network.
+ *
+ * Quirks:
+ *   - file-write* requires the absolute resolved path (no shell expansion)
+ *   - network-outbound to localhost is allowed regardless of level so
+ *     dev servers + IPC keep working
+ */
+function buildSeatbeltPolicy(level, cwd) {
+    // Common: deny all by default; allow process spawning + signal +
+    // sysctl reads + IPC (otherwise nothing runs).
+    const common = [
+        '(version 1)',
+        '(deny default)',
+        '(allow process-exec*)',
+        '(allow process-fork)',
+        '(allow signal (target self))',
+        '(allow sysctl-read)',
+        '(allow mach-lookup)',
+        '(allow ipc-posix-shm*)',
+        '(allow file-read*)', // permissive system-wide read for tool deps
+        '(allow file-read-metadata)',
+        '(allow file-issue-extension)',
+    ];
+    const networkLocal = ['(allow network-outbound (local ip "*:*"))'];
+    const networkAll = ['(allow network*)'];
+    const writeCwd = [`(allow file-write* (subpath "${cwd}"))`];
+    const writeTmp = ['(allow file-write* (subpath "/tmp"))', '(allow file-write* (subpath "/private/tmp"))'];
+    if (level === 'strict') {
+        return [...common, ...networkLocal, ...writeCwd].join('\n');
+    }
+    // standard: cwd + /tmp writable, full network. Network restriction
+    // breaks too many real workflows (npm install, pip, curl docs); we
+    // keep that on the execpolicy intent gate instead.
+    return [...common, ...networkAll, ...writeCwd, ...writeTmp].join('\n');
+}
+/**
+ * Construct a bwrap argument list. bwrap is invoked as
+ *   bwrap [args...] <command>
+ * so we return the prefix array; the caller concatenates the user
+ * command afterward (typically as `sh -c "..."`).
+ */
+function buildBwrapArgs(level, cwd) {
+    // Common: a fresh user namespace, /proc, /dev, /tmp, share host's
+    // /usr + /etc as read-only so binaries + configs work, share network
+    // namespace by default (we restrict via execpolicy / level).
+    const common = [
+        '--unshare-user-try', // fall back gracefully if not allowed
+        '--unshare-uts',
+        '--unshare-pid',
+        '--unshare-ipc',
+        '--die-with-parent',
+        '--proc', '/proc',
+        '--dev', '/dev',
+        '--ro-bind', '/usr', '/usr',
+        '--ro-bind', '/etc', '/etc',
+        '--ro-bind', '/lib', '/lib',
+        '--ro-bind-try', '/lib64', '/lib64',
+        '--ro-bind-try', '/bin', '/bin',
+        '--ro-bind-try', '/sbin', '/sbin',
+        // HOME read-only (config files, .ssh) — strict drops this
+        ...(level === 'strict' ? [] : ['--ro-bind-try', process.env.HOME || '/home', process.env.HOME || '/home']),
+        // cwd bind-mounted read-write — this is the project the agent edits
+        '--bind', cwd, cwd,
+        '--chdir', cwd,
+        // /tmp writable in standard, omitted in strict
+        ...(level === 'strict' ? [] : ['--tmpfs', '/tmp']),
+    ];
+    // Network: standard allows, strict disallows
+    const network = level === 'strict' ? ['--unshare-net'] : [];
+    return [...common, ...network];
+}
+/**
+ * Wrap a shell command for the active backend at the requested level.
+ * Returns the wrapped command string and a label for logging. If the
+ * backend isn't available or level is 'off', returns the command
+ * unchanged (callers don't need to special-case).
+ */
+export function wrapCommand(cmd, opts) {
+    if (opts.level === 'off')
+        return { cmd, label: 'no-sandbox' };
+    const det = detectBackend();
+    if (!det.available) {
+        // Caller logs the warning; we just pass through.
+        return { cmd, label: `unsandboxed (${det.reason || 'no backend'})` };
+    }
+    if (det.backend === 'seatbelt') {
+        const policy = buildSeatbeltPolicy(opts.level, opts.cwd);
+        // sandbox-exec -p '<policy>' /bin/sh -c '<command>'
+        // Single-quote the policy + escape internal quotes
+        const policyEscaped = policy.replace(/'/g, "'\"'\"'");
+        const cmdEscaped = cmd.replace(/'/g, "'\"'\"'");
+        return {
+            cmd: `/usr/bin/sandbox-exec -p '${policyEscaped}' /bin/sh -c '${cmdEscaped}'`,
+            label: `seatbelt (${opts.level})`,
+        };
+    }
+    if (det.backend === 'bwrap') {
+        const args = buildBwrapArgs(opts.level, opts.cwd);
+        // bwrap doesn't accept commands as a single string — use exec form
+        // wrapped through sh -c. Shell escaping handled by the outer exec.
+        const cmdEscaped = cmd.replace(/'/g, "'\"'\"'");
+        const argString = args.map((a) => `'${a.replace(/'/g, "'\"'\"'")}'`).join(' ');
+        return {
+            cmd: `bwrap ${argString} /bin/sh -c '${cmdEscaped}'`,
+            label: `bwrap (${opts.level})`,
+        };
+    }
+    return { cmd, label: 'unsandboxed (unknown backend)' };
+}
+export function status() {
+    const det = detectBackend();
+    return {
+        backend: det.backend,
+        available: det.available,
+        reason: det.reason,
+        platform: process.platform,
+    };
+}
+//# sourceMappingURL=sandbox.js.map

package/dist/sandbox.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../src/sandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAW9C,IAAI,eAAe,GAAyB,IAAI,CAAC;AAEjD;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,KAAK,GAAG,KAAK;IACzC,IAAI,eAAe,IAAI,CAAC,KAAK;QAAE,OAAO,eAAe,CAAC;IAEtD,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAClC,kEAAkE;QAClE,gEAAgE;QAChE,MAAM,IAAI,GAAG,uBAAuB,CAAC;QACrC,eAAe,GAAG,UAAU,CAAC,IAAI,CAAC;YAChC,CAAC,CAAC,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,IAAI,EAAE;YAC1C,CAAC,CAAC,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,qCAAqC,EAAE,CAAC;IAC/F,CAAC;SAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACxC,gEAAgE;QAChE,IAAI,CAAC;YACH,QAAQ,CAAC,aAAa,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;YAC5D,eAAe,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;QAC1D,CAAC;QAAC,MAAM,CAAC;YACP,eAAe,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,yHAAyH,EAAE,CAAC;QAC9L,CAAC;IACH,CAAC;SAAM,CAAC;QACN,eAAe,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,QAAQ,6EAA6E,EAAE,CAAC;IACpK,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,SAAS,mBAAmB,CAAC,KAAmB,EAAE,GAAW;IAC3D,iEAAiE;IACjE,+CAA+C;IAC/C,MAAM,MAAM,GAAG;QACb,aAAa;QACb,gBAAgB;QAChB,uBAAuB;QACvB,sBAAsB;QACtB,8BAA8B;QAC9B,qBAAqB;QACrB,qBAAqB;QACrB,wBAAwB;QACxB,oBAAoB,EAAG,4CAA4C;QACnE,4BAA4B;QAC5B,8BAA8B;KAC/B,CAAC;IACF,MAAM,YAAY,GAAG,CAAC,2CAA2C,CAAC,CAAC;IACnE,MAAM,UAAU,GAAG,CAAC,kBAAkB,CAAC,CAAC;IACxC,MAAM,QAAQ,GAAG,CAAC,gCAAgC,GAAG,KAAK,CAAC,CAAC;IAC5D,MAAM,QAAQ,GAAG,CAAC,sCAAsC,EAAE,8CAA8C,CAAC,CAAC;IAE1G,IAAI,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvB,OAAO,CAAC,GAAG,MAAM,EAAE,GAAG,YAAY,EAAE,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9D,CAAC;IACD,mEAAmE;IACnE,mEAAmE;IACnE,mDAAmD;IACnD,OAAO,CAAC,GAAG,MAAM,EAAE,GAAG,UAAU,EAAE,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACzE,CAAC;AAED;;;;;GAKG;AACH,SAAS,cAAc,CAAC,KAAmB,EAAE,GAAW;IACtD,kEAAkE;IAClE,qEAAqE;IACrE,6DAA6D;IAC7D,MAAM,MAAM,GAAG;QACb,oBAAoB,EAAM,sCAAsC;QAChE,eAAe;QACf,eAAe;QACf,eAAe;QACf,mBAAmB;QACnB,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,MAAM;QACf,WAAW,EAAE,MAAM,EAAE,MAAM;QAC3B,WAAW,EAAE,MAAM,EAAE,MAAM;QAC3B,WAAW,EAAE,MAAM,EAAE,MAAM;QAC3B,eAAe,EAAE,QAAQ,EAAE,QAAQ;QACnC,eAAe,EAAE,MAAM,EAAE,MAAM;QAC/B,eAAe,EAAE,OAAO,EAAE,OAAO;QACjC,0DAA0D;QAC1D,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,CAAC;QAC1G,oEAAoE;QACpE,QAAQ,EAAE,GAAG,EAAE,GAAG;QAClB,SAAS,EAAE,GAAG;QACd,+CAA+C;QAC/C,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;KACnD,CAAC;IACF,6CAA6C;IAC7C,MAAM,OAAO,GAAG,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAE5D,OAAO,CAAC,GAAG,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC;AACjC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW,EAAE,IAA0C;IACjF,IAAI,IAAI,CAAC,KAAK,KAAK,KAAK;QAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC;IAC9D,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC;QACnB,iDAAiD;QACjD,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,gBAAgB,GAAG,CAAC,MAAM,IAAI,YAAY,GAAG,EAAE,CAAC;IACvE,CAAC;IACD,IAAI,GAAG,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,mBAAmB,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QACzD,oDAAoD;QACpD,mDAAmD;QACnD,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QACtD,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAChD,OAAO;YACL,GAAG,EAAE,6BAA6B,aAAa,iBAAiB,UAAU,GAAG;YAC7E,KAAK,EAAE,aAAa,IAAI,CAAC,KAAK,GAAG;SAClC,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,OAAO,KAAK,OAAO,EAAE,CAAC;QAC5B,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QAClD,mEAAmE;QACnE,mEAAmE;QACnE,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAChD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/E,OAAO;YACL,GAAG,EAAE,SAAS,SAAS,gBAAgB,UAAU,GAAG;YACpD,KAAK,EAAE,UAAU,IAAI,CAAC,KAAK,GAAG;SAC/B,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC;AACzD,CAAC;AAaD,MAAM,UAAU,MAAM;IACpB,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,OAAO;QACL,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,QAAQ,EAAE,OAAO,CAAC,QAAQ;KAC3B,CAAC;AACJ,CAAC"}

package/dist/tools/bash.js

@@ -1,4 +1,6 @@
 import { exec } from 'node:child_process';
+import { loadConfig } from '../config.js';
+import { wrapCommand, detectBackend } from '../sandbox.js';
 /**
  * Shell tool. Kept named `bash` for tool-call API compatibility, but on
  * Windows we route through cmd.exe by default — the platform-native shell.
@@ -55,9 +57,33 @@ export const BashTool = {
     isReadOnly: false,
     isDestructive: true,
     async call(input, cwd) {
-        const command = input.command;
+        const rawCommand = input.command;
         const timeout = input.timeout || 120_000;
         const shell = pickShell();
+        // Sandbox wrap (no-op when level=off or backend unavailable).
+        // Loading config per-call keeps the bash tool stateless and means
+        // /sandbox level changes apply on the very next command.
+        const cfg = loadConfig();
+        const level = cfg.sandbox?.level || 'off';
+        let command = rawCommand;
+        let sandboxLabel = '';
+        if (level !== 'off') {
+            const det = detectBackend();
+            if (det.available) {
+                const wrapped = wrapCommand(rawCommand, { level, cwd });
+                command = wrapped.cmd;
+                sandboxLabel = wrapped.label;
+            }
+            else {
+                // Sandbox requested but unavailable on this platform — print
+                // once-per-call diagnostic. Doesn't block; falls through to
+                // unsandboxed exec because failing closed silently is worse.
+                process.stderr.write(`  [sandbox] requested ${level} but ${det.reason}\n`);
+            }
+        }
+        if (sandboxLabel) {
+            process.stderr.write(`  [sandbox] ${sandboxLabel}\n`);
+        }
         return new Promise((resolve) => {
             exec(command, {
                 cwd,

package/dist/tools/bash.js.map

@@ -1 +1 @@
-{"version":3,"file":"bash.js","sourceRoot":"","sources":["../../src/tools/bash.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAG1C;;;;;;;;;;;;;;;;GAgBG;AACH,SAAS,SAAS;IAChB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IACjD,IAAI,QAAQ,IAAI,QAAQ,CAAC,IAAI,EAAE;QAAE,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAC;IACxD,OAAO,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC;AAChE,CAAC;AAED,SAAS,UAAU;IACjB,MAAM,CAAC,GAAG,SAAS,EAAE,CAAC;IACtB,MAAM,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACzD,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,CAAC,MAAM,QAAQ,GAAS;IAC5B,IAAI,EAAE,MAAM;IACZ,WAAW,EACT,oDAAoD;QACpD,iCAAiC,UAAU,EAAE,GAAG;QAChD,sCAAsC;QACtC,iEAAiE;QACjE,yCAAyC;QACzC,qEAAqE;QACrE,kEAAkE;QAClE,+DAA+D;QAC/D,2CAA2C;IAC7C,UAAU,EAAE;QACV,IAAI,EAAE,QAAQ;QACd,UAAU,EAAE;YACV,OAAO,EAAE;gBACP,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,8BAA8B;aAC5C;YACD,OAAO,EAAE;gBACP,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,0CAA0C;aACxD;SACF;QACD,QAAQ,EAAE,CAAC,SAAS,CAAC;KACtB;IACD,UAAU,EAAE,KAAK;IACjB,aAAa,EAAE,IAAI;IAEnB,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG;QACnB,MAAM,OAAO,GAAG,KAAK,CAAC,OAAiB,CAAC;QACxC,MAAM,OAAO,GAAI,KAAK,CAAC,OAAkB,IAAI,OAAO,CAAC;QACrD,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;QAE1B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,IAAI,CACF,OAAO,EACP;gBACE,GAAG;gBACH,OAAO;gBACP,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,OAAO;gBACpC,KAAK;aACN,EACD,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;gBACxB,IAAI,KAAK,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;oBAChC,OAAO,CAAC,EAAE,MAAM,EAAE,UAAU,KAAK,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;oBAC9D,OAAO;gBACT,CAAC;gBACD,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACxD,MAAM,UAAU,GAAG,OAAO,CAAC;gBAC3B,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,GAAG,UAAU,CAAC;gBAC1C,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,IAAI,aAAa,CAAC;gBAE9D,OAAO,CAAC;oBACN,MAAM,EAAE,SAAS;wBACf,CAAC,CAAC,WAAW,GAAG,sCAAsC;wBACtD,CAAC,CAAC,WAAW;oBACf,OAAO,EAAE,CAAC,CAAC,KAAK;iBACjB,CAAC,CAAC;YACL,CAAC,CACF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;CACF,CAAC"}
+{"version":3,"file":"bash.js","sourceRoot":"","sources":["../../src/tools/bash.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAE1C,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAE3D;;;;;;;;;;;;;;;;GAgBG;AACH,SAAS,SAAS;IAChB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IACjD,IAAI,QAAQ,IAAI,QAAQ,CAAC,IAAI,EAAE;QAAE,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAC;IACxD,OAAO,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC;AAChE,CAAC;AAED,SAAS,UAAU;IACjB,MAAM,CAAC,GAAG,SAAS,EAAE,CAAC;IACtB,MAAM,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACzD,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,CAAC,MAAM,QAAQ,GAAS;IAC5B,IAAI,EAAE,MAAM;IACZ,WAAW,EACT,oDAAoD;QACpD,iCAAiC,UAAU,EAAE,GAAG;QAChD,sCAAsC;QACtC,iEAAiE;QACjE,yCAAyC;QACzC,qEAAqE;QACrE,kEAAkE;QAClE,+DAA+D;QAC/D,2CAA2C;IAC7C,UAAU,EAAE;QACV,IAAI,EAAE,QAAQ;QACd,UAAU,EAAE;YACV,OAAO,EAAE;gBACP,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,8BAA8B;aAC5C;YACD,OAAO,EAAE;gBACP,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,0CAA0C;aACxD;SACF;QACD,QAAQ,EAAE,CAAC,SAAS,CAAC;KACtB;IACD,UAAU,EAAE,KAAK;IACjB,aAAa,EAAE,IAAI;IAEnB,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG;QACnB,MAAM,UAAU,GAAG,KAAK,CAAC,OAAiB,CAAC;QAC3C,MAAM,OAAO,GAAI,KAAK,CAAC,OAAkB,IAAI,OAAO,CAAC;QACrD,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;QAE1B,8DAA8D;QAC9D,kEAAkE;QAClE,yDAAyD;QACzD,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,EAAE,KAAK,IAAI,KAAK,CAAC;QAC1C,IAAI,OAAO,GAAG,UAAU,CAAC;QACzB,IAAI,YAAY,GAAG,EAAE,CAAC;QACtB,IAAI,KAAK,KAAK,KAAK,EAAE,CAAC;YACpB,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;YAC5B,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;gBAClB,MAAM,OAAO,GAAG,WAAW,CAAC,UAAU,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;gBACxD,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC;gBACtB,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC;YAC/B,CAAC;iBAAM,CAAC;gBACN,6DAA6D;gBAC7D,4DAA4D;gBAC5D,6DAA6D;gBAC7D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yBAAyB,KAAK,QAAQ,GAAG,CAAC,MAAM,IAAI,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;QACD,IAAI,YAAY,EAAE,CAAC;YACjB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,YAAY,IAAI,CAAC,CAAC;QACxD,CAAC;QAED,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,IAAI,CACF,OAAO,EACP;gBACE,GAAG;gBACH,OAAO;gBACP,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,OAAO;gBACpC,KAAK;aACN,EACD,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;gBACxB,IAAI,KAAK,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;oBAChC,OAAO,CAAC,EAAE,MAAM,EAAE,UAAU,KAAK,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;oBAC9D,OAAO;gBACT,CAAC;gBACD,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACxD,MAAM,UAAU,GAAG,OAAO,CAAC;gBAC3B,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,GAAG,UAAU,CAAC;gBAC1C,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,IAAI,aAAa,CAAC;gBAE9D,OAAO,CAAC;oBACN,MAAM,EAAE,SAAS;wBACf,CAAC,CAAC,WAAW,GAAG,sCAAsC;wBACtD,CAAC,CAAC,WAAW;oBACf,OAAO,EAAE,CAAC,CAAC,KAAK;iBACjB,CAAC,CAAC;YACL,CAAC,CACF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;CACF,CAAC"}

package/dist/types.d.ts

@@ -9,6 +9,7 @@ export interface Message {
 }
 export interface CrowcoderConfig {
     apiKey: string;
+    apiKeys?: string[];
     baseURL: string;
     model: string;
     fallbackModel?: string;
@@ -23,6 +24,11 @@ export interface CrowcoderConfig {
     showThinking?: boolean;
     voice?: VoiceConfig;
     memory?: MemoryConfig;
+    sandbox?: SandboxConfig;
+}
+export interface SandboxConfig {
+    /** off (no wrap) | standard (cwd + /tmp writable, net allowed) | strict (cwd-only) */
+    level?: 'off' | 'standard' | 'strict';
 }
 export interface MemoryConfig {
     enabled?: boolean;

package/dist/types.js

@@ -47,6 +47,17 @@ export const PROVIDERS = {
         defaultModel: 'glm-4-plus',
         requiresKey: true,
     },
+    nvidia: {
+        name: 'NVIDIA NIM',
+        baseURL: 'https://integrate.api.nvidia.com/v1',
+        // meta/llama-3.1-70b-instruct is the most-reliable widely-available
+        // default on build.nvidia.com's free tier as of 2026. Users can switch
+        // to nvidia/nemotron-4-340b-instruct, qwen/qwen-2.5-coder-32b-instruct,
+        // deepseek-ai/deepseek-coder-6.7b-instruct, or any of the ~100 models
+        // exposed at /v1/chat/completions via /model.
+        defaultModel: 'meta/llama-3.1-70b-instruct',
+        requiresKey: true,
+    },
     custom: {
         name: 'Custom',
         baseURL: '',

package/dist/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AA+FA,MAAM,CAAC,MAAM,SAAS,GAAmC;IACvD,SAAS,EAAE;QACT,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,+BAA+B;QACxC,YAAY,EAAE,0BAA0B;QACxC,WAAW,EAAE,IAAI;KAClB;IACD,MAAM,EAAE;QACN,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,2BAA2B;QACpC,YAAY,EAAE,QAAQ;QACtB,WAAW,EAAE,IAAI;KAClB;IACD,UAAU,EAAE;QACV,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,8BAA8B;QACvC,YAAY,EAAE,2BAA2B;QACzC,WAAW,EAAE,IAAI;KAClB;IACD,MAAM,EAAE;QACN,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,0DAA0D;QACnE,YAAY,EAAE,kBAAkB;QAChC,WAAW,EAAE,IAAI;KAClB;IACD,QAAQ,EAAE;QACR,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,6BAA6B;QACtC,YAAY,EAAE,eAAe;QAC7B,WAAW,EAAE,IAAI;KAClB;IACD,MAAM,EAAE;QACN,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,2BAA2B;QACpC,YAAY,EAAE,sBAAsB;QACpC,WAAW,EAAE,KAAK;KACnB;IACD,QAAQ,EAAE;QACR,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,0BAA0B;QACnC,YAAY,EAAE,cAAc;QAC5B,WAAW,EAAE,KAAK;KACnB;IACD,GAAG,EAAE;QACH,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,sCAAsC;QAC/C,YAAY,EAAE,YAAY;QAC1B,WAAW,EAAE,IAAI;KAClB;IACD,MAAM,EAAE;QACN,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,EAAE;QACX,YAAY,EAAE,EAAE;QAChB,WAAW,EAAE,IAAI;KAClB;CACF,CAAC"}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAiHA,MAAM,CAAC,MAAM,SAAS,GAAmC;IACvD,SAAS,EAAE;QACT,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,+BAA+B;QACxC,YAAY,EAAE,0BAA0B;QACxC,WAAW,EAAE,IAAI;KAClB;IACD,MAAM,EAAE;QACN,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,2BAA2B;QACpC,YAAY,EAAE,QAAQ;QACtB,WAAW,EAAE,IAAI;KAClB;IACD,UAAU,EAAE;QACV,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,8BAA8B;QACvC,YAAY,EAAE,2BAA2B;QACzC,WAAW,EAAE,IAAI;KAClB;IACD,MAAM,EAAE;QACN,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,0DAA0D;QACnE,YAAY,EAAE,kBAAkB;QAChC,WAAW,EAAE,IAAI;KAClB;IACD,QAAQ,EAAE;QACR,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,6BAA6B;QACtC,YAAY,EAAE,eAAe;QAC7B,WAAW,EAAE,IAAI;KAClB;IACD,MAAM,EAAE;QACN,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,2BAA2B;QACpC,YAAY,EAAE,sBAAsB;QACpC,WAAW,EAAE,KAAK;KACnB;IACD,QAAQ,EAAE;QACR,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,0BAA0B;QACnC,YAAY,EAAE,cAAc;QAC5B,WAAW,EAAE,KAAK;KACnB;IACD,GAAG,EAAE;QACH,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,sCAAsC;QAC/C,YAAY,EAAE,YAAY;QAC1B,WAAW,EAAE,IAAI;KAClB;IACD,MAAM,EAAE;QACN,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,qCAAqC;QAC9C,oEAAoE;QACpE,uEAAuE;QACvE,wEAAwE;QACxE,sEAAsE;QACtE,8CAA8C;QAC9C,YAAY,EAAE,6BAA6B;QAC3C,WAAW,EAAE,IAAI;KAClB;IACD,MAAM,EAAE;QACN,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,EAAE;QACX,YAAY,EAAE,EAAE;QAChB,WAAW,EAAE,IAAI;KAClB;CACF,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "compact-agent",
-  "version": "1.21.0",
+  "version": "1.23.0",
   "description": "A dense, feature-rich AI coding agent for the terminal. Built-in voice dictation (Whisper) + TTS readout (ElevenLabs) + screen-reader mode for blind / low-vision users. 80+ slash commands, 9 modes including Hermes self-improving loop, multi-agent orchestration, bundled everything-claude-code skills library, learning system, and observable LLM transport. Works with OpenRouter, OpenAI, Anthropic-compatible, Ollama, LM Studio, DeepSeek, or any OpenAI-compatible API.",
   "type": "module",
   "license": "MIT",