npm - cowork-os - Versions diffs - 0.3.21 - Mend

cowork-os 0.3.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (526) hide show

package/LICENSE +21 -0
package/README.md +1638 -0
package/bin/cowork.js +42 -0
package/build/entitlements.mac.plist +16 -0
package/build/icon.icns +0 -0
package/build/icon.png +0 -0
package/dist/electron/electron/activity/ActivityRepository.js +190 -0
package/dist/electron/electron/agent/browser/browser-service.js +639 -0
package/dist/electron/electron/agent/context-manager.js +225 -0
package/dist/electron/electron/agent/custom-skill-loader.js +566 -0
package/dist/electron/electron/agent/daemon.js +975 -0
package/dist/electron/electron/agent/executor.js +3561 -0
package/dist/electron/electron/agent/llm/anthropic-provider.js +155 -0
package/dist/electron/electron/agent/llm/bedrock-provider.js +202 -0
package/dist/electron/electron/agent/llm/gemini-provider.js +375 -0
package/dist/electron/electron/agent/llm/index.js +34 -0
package/dist/electron/electron/agent/llm/ollama-provider.js +263 -0
package/dist/electron/electron/agent/llm/openai-oauth.js +101 -0
package/dist/electron/electron/agent/llm/openai-provider.js +657 -0
package/dist/electron/electron/agent/llm/openrouter-provider.js +232 -0
package/dist/electron/electron/agent/llm/pricing.js +160 -0
package/dist/electron/electron/agent/llm/provider-factory.js +880 -0
package/dist/electron/electron/agent/llm/types.js +178 -0
package/dist/electron/electron/agent/queue-manager.js +378 -0
package/dist/electron/electron/agent/sandbox/docker-sandbox.js +402 -0
package/dist/electron/electron/agent/sandbox/macos-sandbox.js +407 -0
package/dist/electron/electron/agent/sandbox/runner.js +410 -0
package/dist/electron/electron/agent/sandbox/sandbox-factory.js +228 -0
package/dist/electron/electron/agent/sandbox/security-utils.js +258 -0
package/dist/electron/electron/agent/search/brave-provider.js +119 -0
package/dist/electron/electron/agent/search/google-provider.js +100 -0
package/dist/electron/electron/agent/search/index.js +28 -0
package/dist/electron/electron/agent/search/provider-factory.js +395 -0
package/dist/electron/electron/agent/search/serpapi-provider.js +112 -0
package/dist/electron/electron/agent/search/tavily-provider.js +90 -0
package/dist/electron/electron/agent/search/types.js +40 -0
package/dist/electron/electron/agent/security/index.js +12 -0
package/dist/electron/electron/agent/security/input-sanitizer.js +303 -0
package/dist/electron/electron/agent/security/output-filter.js +217 -0
package/dist/electron/electron/agent/skill-eligibility.js +281 -0
package/dist/electron/electron/agent/skill-registry.js +396 -0
package/dist/electron/electron/agent/skills/document.js +878 -0
package/dist/electron/electron/agent/skills/image-generator.js +225 -0
package/dist/electron/electron/agent/skills/organizer.js +141 -0
package/dist/electron/electron/agent/skills/presentation.js +367 -0
package/dist/electron/electron/agent/skills/spreadsheet.js +165 -0
package/dist/electron/electron/agent/tools/browser-tools.js +523 -0
package/dist/electron/electron/agent/tools/builtin-settings.js +384 -0
package/dist/electron/electron/agent/tools/canvas-tools.js +530 -0
package/dist/electron/electron/agent/tools/cron-tools.js +577 -0
package/dist/electron/electron/agent/tools/edit-tools.js +194 -0
package/dist/electron/electron/agent/tools/file-tools.js +719 -0
package/dist/electron/electron/agent/tools/glob-tools.js +283 -0
package/dist/electron/electron/agent/tools/grep-tools.js +387 -0
package/dist/electron/electron/agent/tools/image-tools.js +111 -0
package/dist/electron/electron/agent/tools/mention-tools.js +282 -0
package/dist/electron/electron/agent/tools/node-tools.js +476 -0
package/dist/electron/electron/agent/tools/registry.js +2719 -0
package/dist/electron/electron/agent/tools/search-tools.js +91 -0
package/dist/electron/electron/agent/tools/shell-tools.js +574 -0
package/dist/electron/electron/agent/tools/skill-tools.js +274 -0
package/dist/electron/electron/agent/tools/system-tools.js +578 -0
package/dist/electron/electron/agent/tools/web-fetch-tools.js +444 -0
package/dist/electron/electron/agent/tools/x-tools.js +264 -0
package/dist/electron/electron/agents/AgentRoleRepository.js +420 -0
package/dist/electron/electron/agents/HeartbeatService.js +356 -0
package/dist/electron/electron/agents/MentionRepository.js +197 -0
package/dist/electron/electron/agents/TaskSubscriptionRepository.js +168 -0
package/dist/electron/electron/agents/WorkingStateRepository.js +229 -0
package/dist/electron/electron/canvas/canvas-manager.js +714 -0
package/dist/electron/electron/canvas/canvas-preload.js +53 -0
package/dist/electron/electron/canvas/canvas-protocol.js +195 -0
package/dist/electron/electron/canvas/canvas-store.js +174 -0
package/dist/electron/electron/canvas/index.js +13 -0
package/dist/electron/electron/control-plane/client.js +364 -0
package/dist/electron/electron/control-plane/handlers.js +572 -0
package/dist/electron/electron/control-plane/index.js +41 -0
package/dist/electron/electron/control-plane/node-manager.js +264 -0
package/dist/electron/electron/control-plane/protocol.js +194 -0
package/dist/electron/electron/control-plane/remote-client.js +437 -0
package/dist/electron/electron/control-plane/server.js +640 -0
package/dist/electron/electron/control-plane/settings.js +369 -0
package/dist/electron/electron/control-plane/ssh-tunnel.js +549 -0
package/dist/electron/electron/cron/index.js +30 -0
package/dist/electron/electron/cron/schedule.js +190 -0
package/dist/electron/electron/cron/service.js +614 -0
package/dist/electron/electron/cron/store.js +155 -0
package/dist/electron/electron/cron/types.js +82 -0
package/dist/electron/electron/cron/webhook.js +258 -0
package/dist/electron/electron/database/SecureSettingsRepository.js +444 -0
package/dist/electron/electron/database/TaskLabelRepository.js +120 -0
package/dist/electron/electron/database/repositories.js +1781 -0
package/dist/electron/electron/database/schema.js +978 -0
package/dist/electron/electron/extensions/index.js +33 -0
package/dist/electron/electron/extensions/loader.js +313 -0
package/dist/electron/electron/extensions/registry.js +485 -0
package/dist/electron/electron/extensions/types.js +11 -0
package/dist/electron/electron/gateway/channel-registry.js +1102 -0
package/dist/electron/electron/gateway/channels/bluebubbles-client.js +479 -0
package/dist/electron/electron/gateway/channels/bluebubbles.js +432 -0
package/dist/electron/electron/gateway/channels/discord.js +975 -0
package/dist/electron/electron/gateway/channels/email-client.js +593 -0
package/dist/electron/electron/gateway/channels/email.js +443 -0
package/dist/electron/electron/gateway/channels/google-chat.js +631 -0
package/dist/electron/electron/gateway/channels/imessage-client.js +363 -0
package/dist/electron/electron/gateway/channels/imessage.js +465 -0
package/dist/electron/electron/gateway/channels/index.js +36 -0
package/dist/electron/electron/gateway/channels/line-client.js +470 -0
package/dist/electron/electron/gateway/channels/line.js +479 -0
package/dist/electron/electron/gateway/channels/matrix-client.js +432 -0
package/dist/electron/electron/gateway/channels/matrix.js +592 -0
package/dist/electron/electron/gateway/channels/mattermost-client.js +394 -0
package/dist/electron/electron/gateway/channels/mattermost.js +496 -0
package/dist/electron/electron/gateway/channels/signal-client.js +500 -0
package/dist/electron/electron/gateway/channels/signal.js +582 -0
package/dist/electron/electron/gateway/channels/slack.js +415 -0
package/dist/electron/electron/gateway/channels/teams.js +596 -0
package/dist/electron/electron/gateway/channels/telegram.js +1390 -0
package/dist/electron/electron/gateway/channels/twitch-client.js +502 -0
package/dist/electron/electron/gateway/channels/twitch.js +396 -0
package/dist/electron/electron/gateway/channels/types.js +8 -0
package/dist/electron/electron/gateway/channels/whatsapp.js +953 -0
package/dist/electron/electron/gateway/context-policy.js +268 -0
package/dist/electron/electron/gateway/index.js +1063 -0
package/dist/electron/electron/gateway/infrastructure.js +496 -0
package/dist/electron/electron/gateway/router.js +2700 -0
package/dist/electron/electron/gateway/security.js +375 -0
package/dist/electron/electron/gateway/session.js +115 -0
package/dist/electron/electron/gateway/tunnel.js +503 -0
package/dist/electron/electron/guardrails/guardrail-manager.js +348 -0
package/dist/electron/electron/hooks/gmail-watcher.js +300 -0
package/dist/electron/electron/hooks/index.js +46 -0
package/dist/electron/electron/hooks/mappings.js +381 -0
package/dist/electron/electron/hooks/server.js +480 -0
package/dist/electron/electron/hooks/settings.js +447 -0
package/dist/electron/electron/hooks/types.js +41 -0
package/dist/electron/electron/ipc/canvas-handlers.js +158 -0
package/dist/electron/electron/ipc/handlers.js +3138 -0
package/dist/electron/electron/ipc/mission-control-handlers.js +141 -0
package/dist/electron/electron/main.js +448 -0
package/dist/electron/electron/mcp/client/MCPClientManager.js +330 -0
package/dist/electron/electron/mcp/client/MCPServerConnection.js +437 -0
package/dist/electron/electron/mcp/client/transports/SSETransport.js +304 -0
package/dist/electron/electron/mcp/client/transports/StdioTransport.js +307 -0
package/dist/electron/electron/mcp/client/transports/WebSocketTransport.js +329 -0
package/dist/electron/electron/mcp/host/MCPHostServer.js +354 -0
package/dist/electron/electron/mcp/host/ToolAdapter.js +100 -0
package/dist/electron/electron/mcp/registry/MCPRegistryManager.js +497 -0
package/dist/electron/electron/mcp/settings.js +446 -0
package/dist/electron/electron/mcp/types.js +59 -0
package/dist/electron/electron/memory/MemoryService.js +435 -0
package/dist/electron/electron/notifications/index.js +17 -0
package/dist/electron/electron/notifications/service.js +118 -0
package/dist/electron/electron/notifications/store.js +144 -0
package/dist/electron/electron/preload.js +842 -0
package/dist/electron/electron/reports/StandupReportService.js +272 -0
package/dist/electron/electron/security/concurrency.js +293 -0
package/dist/electron/electron/security/index.js +15 -0
package/dist/electron/electron/security/policy-manager.js +435 -0
package/dist/electron/electron/settings/appearance-manager.js +193 -0
package/dist/electron/electron/settings/personality-manager.js +724 -0
package/dist/electron/electron/settings/x-manager.js +58 -0
package/dist/electron/electron/tailscale/exposure.js +188 -0
package/dist/electron/electron/tailscale/index.js +28 -0
package/dist/electron/electron/tailscale/settings.js +205 -0
package/dist/electron/electron/tailscale/tailscale.js +355 -0
package/dist/electron/electron/tray/QuickInputWindow.js +568 -0
package/dist/electron/electron/tray/TrayManager.js +895 -0
package/dist/electron/electron/tray/index.js +9 -0
package/dist/electron/electron/updater/index.js +6 -0
package/dist/electron/electron/updater/update-manager.js +418 -0
package/dist/electron/electron/utils/env-migration.js +209 -0
package/dist/electron/electron/utils/process.js +102 -0
package/dist/electron/electron/utils/rate-limiter.js +104 -0
package/dist/electron/electron/utils/validation.js +419 -0
package/dist/electron/electron/utils/x-cli.js +177 -0
package/dist/electron/electron/voice/VoiceService.js +507 -0
package/dist/electron/electron/voice/index.js +14 -0
package/dist/electron/electron/voice/voice-settings-manager.js +359 -0
package/dist/electron/shared/channelMessages.js +170 -0
package/dist/electron/shared/types.js +1185 -0
package/package.json +159 -0
package/resources/skills/1password.json +10 -0
package/resources/skills/add-documentation.json +31 -0
package/resources/skills/analyze-csv.json +17 -0
package/resources/skills/apple-notes.json +10 -0
package/resources/skills/apple-reminders.json +10 -0
package/resources/skills/auto-commenter.json +10 -0
package/resources/skills/bear-notes.json +10 -0
package/resources/skills/bird.json +35 -0
package/resources/skills/blogwatcher.json +10 -0
package/resources/skills/blucli.json +10 -0
package/resources/skills/bluebubbles.json +10 -0
package/resources/skills/camsnap.json +10 -0
package/resources/skills/clean-imports.json +18 -0
package/resources/skills/code-review.json +18 -0
package/resources/skills/coding-agent.json +10 -0
package/resources/skills/compare-files.json +23 -0
package/resources/skills/convert-code.json +34 -0
package/resources/skills/create-changelog.json +24 -0
package/resources/skills/debug-error.json +17 -0
package/resources/skills/dependency-check.json +10 -0
package/resources/skills/discord.json +10 -0
package/resources/skills/eightctl.json +10 -0
package/resources/skills/explain-code.json +29 -0
package/resources/skills/extract-todos.json +18 -0
package/resources/skills/food-order.json +10 -0
package/resources/skills/gemini.json +10 -0
package/resources/skills/generate-readme.json +10 -0
package/resources/skills/gifgrep.json +10 -0
package/resources/skills/git-commit.json +10 -0
package/resources/skills/github.json +10 -0
package/resources/skills/gog.json +10 -0
package/resources/skills/goplaces.json +10 -0
package/resources/skills/himalaya.json +10 -0
package/resources/skills/imsg.json +10 -0
package/resources/skills/karpathy-guidelines.json +12 -0
package/resources/skills/last30days.json +26 -0
package/resources/skills/local-places.json +10 -0
package/resources/skills/mcporter.json +10 -0
package/resources/skills/model-usage.json +10 -0
package/resources/skills/nano-banana-pro.json +10 -0
package/resources/skills/nano-pdf.json +10 -0
package/resources/skills/notion.json +10 -0
package/resources/skills/obsidian.json +10 -0
package/resources/skills/openai-image-gen.json +10 -0
package/resources/skills/openai-whisper-api.json +10 -0
package/resources/skills/openai-whisper.json +10 -0
package/resources/skills/openhue.json +10 -0
package/resources/skills/oracle.json +10 -0
package/resources/skills/ordercli.json +10 -0
package/resources/skills/peekaboo.json +10 -0
package/resources/skills/project-structure.json +10 -0
package/resources/skills/proofread.json +17 -0
package/resources/skills/refactor-code.json +31 -0
package/resources/skills/rename-symbol.json +23 -0
package/resources/skills/sag.json +10 -0
package/resources/skills/security-audit.json +18 -0
package/resources/skills/session-logs.json +10 -0
package/resources/skills/sherpa-onnx-tts.json +10 -0
package/resources/skills/skill-creator.json +15 -0
package/resources/skills/skill-hub.json +29 -0
package/resources/skills/slack.json +10 -0
package/resources/skills/songsee.json +10 -0
package/resources/skills/sonoscli.json +10 -0
package/resources/skills/spotify-player.json +10 -0
package/resources/skills/startup-cfo.json +55 -0
package/resources/skills/summarize-folder.json +18 -0
package/resources/skills/summarize.json +10 -0
package/resources/skills/things-mac.json +10 -0
package/resources/skills/tmux.json +10 -0
package/resources/skills/translate.json +36 -0
package/resources/skills/trello.json +10 -0
package/resources/skills/video-frames.json +10 -0
package/resources/skills/voice-call.json +10 -0
package/resources/skills/wacli.json +10 -0
package/resources/skills/weather.json +10 -0
package/resources/skills/write-tests.json +31 -0
package/src/electron/activity/ActivityRepository.ts +238 -0
package/src/electron/agent/browser/browser-service.ts +721 -0
package/src/electron/agent/context-manager.ts +257 -0
package/src/electron/agent/custom-skill-loader.ts +634 -0
package/src/electron/agent/daemon.ts +1097 -0
package/src/electron/agent/executor.ts +4017 -0
package/src/electron/agent/llm/anthropic-provider.ts +175 -0
package/src/electron/agent/llm/bedrock-provider.ts +236 -0
package/src/electron/agent/llm/gemini-provider.ts +422 -0
package/src/electron/agent/llm/index.ts +9 -0
package/src/electron/agent/llm/ollama-provider.ts +347 -0
package/src/electron/agent/llm/openai-oauth.ts +127 -0
package/src/electron/agent/llm/openai-provider.ts +686 -0
package/src/electron/agent/llm/openrouter-provider.ts +273 -0
package/src/electron/agent/llm/pricing.ts +180 -0
package/src/electron/agent/llm/provider-factory.ts +971 -0
package/src/electron/agent/llm/types.ts +291 -0
package/src/electron/agent/queue-manager.ts +408 -0
package/src/electron/agent/sandbox/docker-sandbox.ts +453 -0
package/src/electron/agent/sandbox/macos-sandbox.ts +426 -0
package/src/electron/agent/sandbox/runner.ts +453 -0
package/src/electron/agent/sandbox/sandbox-factory.ts +337 -0
package/src/electron/agent/sandbox/security-utils.ts +251 -0
package/src/electron/agent/search/brave-provider.ts +141 -0
package/src/electron/agent/search/google-provider.ts +131 -0
package/src/electron/agent/search/index.ts +6 -0
package/src/electron/agent/search/provider-factory.ts +450 -0
package/src/electron/agent/search/serpapi-provider.ts +138 -0
package/src/electron/agent/search/tavily-provider.ts +108 -0
package/src/electron/agent/search/types.ts +118 -0
package/src/electron/agent/security/index.ts +20 -0
package/src/electron/agent/security/input-sanitizer.ts +380 -0
package/src/electron/agent/security/output-filter.ts +259 -0
package/src/electron/agent/skill-eligibility.ts +334 -0
package/src/electron/agent/skill-registry.ts +457 -0
package/src/electron/agent/skills/document.ts +1070 -0
package/src/electron/agent/skills/image-generator.ts +272 -0
package/src/electron/agent/skills/organizer.ts +131 -0
package/src/electron/agent/skills/presentation.ts +418 -0
package/src/electron/agent/skills/spreadsheet.ts +166 -0
package/src/electron/agent/tools/browser-tools.ts +546 -0
package/src/electron/agent/tools/builtin-settings.ts +422 -0
package/src/electron/agent/tools/canvas-tools.ts +572 -0
package/src/electron/agent/tools/cron-tools.ts +723 -0
package/src/electron/agent/tools/edit-tools.ts +196 -0
package/src/electron/agent/tools/file-tools.ts +811 -0
package/src/electron/agent/tools/glob-tools.ts +303 -0
package/src/electron/agent/tools/grep-tools.ts +432 -0
package/src/electron/agent/tools/image-tools.ts +126 -0
package/src/electron/agent/tools/mention-tools.ts +371 -0
package/src/electron/agent/tools/node-tools.ts +550 -0
package/src/electron/agent/tools/registry.ts +3052 -0
package/src/electron/agent/tools/search-tools.ts +111 -0
package/src/electron/agent/tools/shell-tools.ts +651 -0
package/src/electron/agent/tools/skill-tools.ts +340 -0
package/src/electron/agent/tools/system-tools.ts +665 -0
package/src/electron/agent/tools/web-fetch-tools.ts +528 -0
package/src/electron/agent/tools/x-tools.ts +267 -0
package/src/electron/agents/AgentRoleRepository.ts +557 -0
package/src/electron/agents/HeartbeatService.ts +469 -0
package/src/electron/agents/MentionRepository.ts +242 -0
package/src/electron/agents/TaskSubscriptionRepository.ts +231 -0
package/src/electron/agents/WorkingStateRepository.ts +278 -0
package/src/electron/canvas/canvas-manager.ts +818 -0
package/src/electron/canvas/canvas-preload.ts +102 -0
package/src/electron/canvas/canvas-protocol.ts +174 -0
package/src/electron/canvas/canvas-store.ts +200 -0
package/src/electron/canvas/index.ts +8 -0
package/src/electron/control-plane/client.ts +527 -0
package/src/electron/control-plane/handlers.ts +723 -0
package/src/electron/control-plane/index.ts +51 -0
package/src/electron/control-plane/node-manager.ts +322 -0
package/src/electron/control-plane/protocol.ts +269 -0
package/src/electron/control-plane/remote-client.ts +517 -0
package/src/electron/control-plane/server.ts +853 -0
package/src/electron/control-plane/settings.ts +401 -0
package/src/electron/control-plane/ssh-tunnel.ts +624 -0
package/src/electron/cron/index.ts +9 -0
package/src/electron/cron/schedule.ts +217 -0
package/src/electron/cron/service.ts +743 -0
package/src/electron/cron/store.ts +165 -0
package/src/electron/cron/types.ts +291 -0
package/src/electron/cron/webhook.ts +303 -0
package/src/electron/database/SecureSettingsRepository.ts +514 -0
package/src/electron/database/TaskLabelRepository.ts +148 -0
package/src/electron/database/repositories.ts +2397 -0
package/src/electron/database/schema.ts +1017 -0
package/src/electron/extensions/index.ts +18 -0
package/src/electron/extensions/loader.ts +336 -0
package/src/electron/extensions/registry.ts +546 -0
package/src/electron/extensions/types.ts +372 -0
package/src/electron/gateway/channel-registry.ts +1267 -0
package/src/electron/gateway/channels/bluebubbles-client.ts +641 -0
package/src/electron/gateway/channels/bluebubbles.ts +509 -0
package/src/electron/gateway/channels/discord.ts +1150 -0
package/src/electron/gateway/channels/email-client.ts +708 -0
package/src/electron/gateway/channels/email.ts +516 -0
package/src/electron/gateway/channels/google-chat.ts +760 -0
package/src/electron/gateway/channels/imessage-client.ts +473 -0
package/src/electron/gateway/channels/imessage.ts +520 -0
package/src/electron/gateway/channels/index.ts +21 -0
package/src/electron/gateway/channels/line-client.ts +598 -0
package/src/electron/gateway/channels/line.ts +559 -0
package/src/electron/gateway/channels/matrix-client.ts +632 -0
package/src/electron/gateway/channels/matrix.ts +655 -0
package/src/electron/gateway/channels/mattermost-client.ts +526 -0
package/src/electron/gateway/channels/mattermost.ts +550 -0
package/src/electron/gateway/channels/signal-client.ts +722 -0
package/src/electron/gateway/channels/signal.ts +666 -0
package/src/electron/gateway/channels/slack.ts +458 -0
package/src/electron/gateway/channels/teams.ts +681 -0
package/src/electron/gateway/channels/telegram.ts +1727 -0
package/src/electron/gateway/channels/twitch-client.ts +665 -0
package/src/electron/gateway/channels/twitch.ts +468 -0
package/src/electron/gateway/channels/types.ts +1002 -0
package/src/electron/gateway/channels/whatsapp.ts +1101 -0
package/src/electron/gateway/context-policy.ts +382 -0
package/src/electron/gateway/index.ts +1274 -0
package/src/electron/gateway/infrastructure.ts +645 -0
package/src/electron/gateway/router.ts +3206 -0
package/src/electron/gateway/security.ts +422 -0
package/src/electron/gateway/session.ts +144 -0
package/src/electron/gateway/tunnel.ts +626 -0
package/src/electron/guardrails/guardrail-manager.ts +380 -0
package/src/electron/hooks/gmail-watcher.ts +355 -0
package/src/electron/hooks/index.ts +30 -0
package/src/electron/hooks/mappings.ts +404 -0
package/src/electron/hooks/server.ts +574 -0
package/src/electron/hooks/settings.ts +466 -0
package/src/electron/hooks/types.ts +245 -0
package/src/electron/ipc/canvas-handlers.ts +223 -0
package/src/electron/ipc/handlers.ts +3661 -0
package/src/electron/ipc/mission-control-handlers.ts +182 -0
package/src/electron/main.ts +496 -0
package/src/electron/mcp/client/MCPClientManager.ts +406 -0
package/src/electron/mcp/client/MCPServerConnection.ts +514 -0
package/src/electron/mcp/client/transports/SSETransport.ts +360 -0
package/src/electron/mcp/client/transports/StdioTransport.ts +355 -0
package/src/electron/mcp/client/transports/WebSocketTransport.ts +384 -0
package/src/electron/mcp/host/MCPHostServer.ts +388 -0
package/src/electron/mcp/host/ToolAdapter.ts +140 -0
package/src/electron/mcp/registry/MCPRegistryManager.ts +565 -0
package/src/electron/mcp/settings.ts +468 -0
package/src/electron/mcp/types.ts +371 -0
package/src/electron/memory/MemoryService.ts +523 -0
package/src/electron/notifications/index.ts +16 -0
package/src/electron/notifications/service.ts +161 -0
package/src/electron/notifications/store.ts +163 -0
package/src/electron/preload.ts +2845 -0
package/src/electron/reports/StandupReportService.ts +356 -0
package/src/electron/security/concurrency.ts +333 -0
package/src/electron/security/index.ts +17 -0
package/src/electron/security/policy-manager.ts +539 -0
package/src/electron/settings/appearance-manager.ts +182 -0
package/src/electron/settings/personality-manager.ts +800 -0
package/src/electron/settings/x-manager.ts +62 -0
package/src/electron/tailscale/exposure.ts +262 -0
package/src/electron/tailscale/index.ts +34 -0
package/src/electron/tailscale/settings.ts +218 -0
package/src/electron/tailscale/tailscale.ts +379 -0
package/src/electron/tray/QuickInputWindow.ts +609 -0
package/src/electron/tray/TrayManager.ts +1005 -0
package/src/electron/tray/index.ts +6 -0
package/src/electron/updater/index.ts +1 -0
package/src/electron/updater/update-manager.ts +447 -0
package/src/electron/utils/env-migration.ts +203 -0
package/src/electron/utils/process.ts +124 -0
package/src/electron/utils/rate-limiter.ts +130 -0
package/src/electron/utils/validation.ts +493 -0
package/src/electron/utils/x-cli.ts +198 -0
package/src/electron/voice/VoiceService.ts +583 -0
package/src/electron/voice/index.ts +9 -0
package/src/electron/voice/voice-settings-manager.ts +403 -0
package/src/renderer/App.tsx +775 -0
package/src/renderer/components/ActivityFeed.tsx +407 -0
package/src/renderer/components/ActivityFeedItem.tsx +285 -0
package/src/renderer/components/AgentRoleCard.tsx +343 -0
package/src/renderer/components/AgentRoleEditor.tsx +805 -0
package/src/renderer/components/AgentSquadSettings.tsx +295 -0
package/src/renderer/components/AgentWorkingStatePanel.tsx +411 -0
package/src/renderer/components/AppearanceSettings.tsx +122 -0
package/src/renderer/components/ApprovalDialog.tsx +100 -0
package/src/renderer/components/BlueBubblesSettings.tsx +505 -0
package/src/renderer/components/BuiltinToolsSettings.tsx +307 -0
package/src/renderer/components/CanvasPreview.tsx +1189 -0
package/src/renderer/components/CommandOutput.tsx +202 -0
package/src/renderer/components/ContextPolicySettings.tsx +523 -0
package/src/renderer/components/ControlPlaneSettings.tsx +1134 -0
package/src/renderer/components/DisclaimerModal.tsx +124 -0
package/src/renderer/components/DiscordSettings.tsx +436 -0
package/src/renderer/components/EmailSettings.tsx +606 -0
package/src/renderer/components/ExtensionsSettings.tsx +542 -0
package/src/renderer/components/FileViewer.tsx +224 -0
package/src/renderer/components/GoogleChatSettings.tsx +535 -0
package/src/renderer/components/GuardrailSettings.tsx +487 -0
package/src/renderer/components/HooksSettings.tsx +581 -0
package/src/renderer/components/ImessageSettings.tsx +484 -0
package/src/renderer/components/LineSettings.tsx +483 -0
package/src/renderer/components/MCPRegistryBrowser.tsx +386 -0
package/src/renderer/components/MCPSettings.tsx +943 -0
package/src/renderer/components/MainContent.tsx +2433 -0
package/src/renderer/components/MatrixSettings.tsx +510 -0
package/src/renderer/components/MattermostSettings.tsx +473 -0
package/src/renderer/components/MemorySettings.tsx +247 -0
package/src/renderer/components/MentionBadge.tsx +87 -0
package/src/renderer/components/MentionInput.tsx +409 -0
package/src/renderer/components/MentionList.tsx +476 -0
package/src/renderer/components/MissionControlPanel.tsx +1995 -0
package/src/renderer/components/NodesSettings.tsx +316 -0
package/src/renderer/components/NotificationPanel.tsx +481 -0
package/src/renderer/components/Onboarding/AwakeningOrb.tsx +44 -0
package/src/renderer/components/Onboarding/Onboarding.tsx +443 -0
package/src/renderer/components/Onboarding/TypewriterText.tsx +102 -0
package/src/renderer/components/Onboarding/index.ts +3 -0
package/src/renderer/components/OnboardingModal.tsx +698 -0
package/src/renderer/components/PairingCodeDisplay.tsx +324 -0
package/src/renderer/components/PersonalitySettings.tsx +597 -0
package/src/renderer/components/QueueSettings.tsx +119 -0
package/src/renderer/components/QuickTaskFAB.tsx +71 -0
package/src/renderer/components/RightPanel.tsx +413 -0
package/src/renderer/components/ScheduledTasksSettings.tsx +1328 -0
package/src/renderer/components/SearchSettings.tsx +328 -0
package/src/renderer/components/Settings.tsx +1504 -0
package/src/renderer/components/Sidebar.tsx +344 -0
package/src/renderer/components/SignalSettings.tsx +673 -0
package/src/renderer/components/SkillHubBrowser.tsx +458 -0
package/src/renderer/components/SkillParameterModal.tsx +185 -0
package/src/renderer/components/SkillsSettings.tsx +451 -0
package/src/renderer/components/SlackSettings.tsx +442 -0
package/src/renderer/components/StandupReportViewer.tsx +614 -0
package/src/renderer/components/TaskBoard.tsx +498 -0
package/src/renderer/components/TaskBoardCard.tsx +357 -0
package/src/renderer/components/TaskBoardColumn.tsx +211 -0
package/src/renderer/components/TaskLabelManager.tsx +472 -0
package/src/renderer/components/TaskQueuePanel.tsx +144 -0
package/src/renderer/components/TaskQuickActions.tsx +492 -0
package/src/renderer/components/TaskTimeline.tsx +216 -0
package/src/renderer/components/TaskView.tsx +162 -0
package/src/renderer/components/TeamsSettings.tsx +518 -0
package/src/renderer/components/TelegramSettings.tsx +421 -0
package/src/renderer/components/Toast.tsx +76 -0
package/src/renderer/components/TraySettings.tsx +189 -0
package/src/renderer/components/TwitchSettings.tsx +511 -0
package/src/renderer/components/UpdateSettings.tsx +295 -0
package/src/renderer/components/VoiceIndicator.tsx +270 -0
package/src/renderer/components/VoiceSettings.tsx +867 -0
package/src/renderer/components/WhatsAppSettings.tsx +721 -0
package/src/renderer/components/WorkingStateEditor.tsx +309 -0
package/src/renderer/components/WorkingStateHistory.tsx +481 -0
package/src/renderer/components/WorkspaceSelector.tsx +150 -0
package/src/renderer/components/XSettings.tsx +311 -0
package/src/renderer/global.d.ts +9 -0
package/src/renderer/hooks/useAgentContext.ts +153 -0
package/src/renderer/hooks/useOnboardingFlow.ts +548 -0
package/src/renderer/hooks/useVoiceInput.ts +268 -0
package/src/renderer/index.html +12 -0
package/src/renderer/main.tsx +10 -0
package/src/renderer/public/cowork-os-logo.png +0 -0
package/src/renderer/quick-input.html +164 -0
package/src/renderer/styles/index.css +14504 -0
package/src/renderer/utils/agentMessages.ts +749 -0
package/src/renderer/utils/voice-directives.ts +169 -0
package/src/shared/channelMessages.ts +213 -0
package/src/shared/types.ts +3608 -0
package/tsconfig.electron.json +26 -0
package/tsconfig.json +26 -0
package/tsconfig.node.json +10 -0
package/vite.config.ts +23 -0

package/src/electron/agent/sandbox/sandbox-factory.ts ADDED Viewed

@@ -0,0 +1,337 @@
+/**
+ * Sandbox Factory
+ *
+ * Provides a unified interface for sandbox implementations and factory
+ * function to create the appropriate sandbox based on platform and availability.
+ *
+ * Supports:
+ * - macOS sandbox-exec (native, preferred on macOS)
+ * - Docker containers (cross-platform)
+ * - No sandbox (fallback)
+ */
+import { Workspace } from '../../../shared/types';
+import { MacOSSandbox } from './macos-sandbox';
+import { DockerSandbox } from './docker-sandbox';
+import { spawn } from 'child_process';
+import { createSecureTempFile } from './security-utils';
+/**
+ * Sandbox type enumeration
+ */
+export type SandboxType = 'macos' | 'docker' | 'none';
+/**
+ * Sandbox execution options
+ */
+export interface SandboxOptions {
+  /** Working directory for command execution */
+  cwd?: string;
+  /** Command execution timeout in milliseconds */
+  timeout?: number;
+  /** Maximum output size in bytes */
+  maxOutputSize?: number;
+  /** Allow network access */
+  allowNetwork?: boolean;
+  /** Additional allowed paths for read access */
+  allowedReadPaths?: string[];
+  /** Additional allowed paths for write access */
+  allowedWritePaths?: string[];
+  /** Environment variables to pass through */
+  envPassthrough?: string[];
+}
+/**
+ * Sandbox execution result
+ */
+export interface SandboxResult {
+  exitCode: number;
+  stdout: string;
+  stderr: string;
+  killed: boolean;
+  timedOut: boolean;
+  error?: string;
+}
+/**
+ * Unified sandbox interface
+ * All sandbox implementations must implement this interface
+ */
+export interface ISandbox {
+  /** The type of sandbox implementation */
+  readonly type: SandboxType;
+  /**
+   * Initialize the sandbox environment
+   * Must be called before execute()
+   */
+  initialize(): Promise<void>;
+  /**
+   * Execute a command in the sandbox
+   */
+  execute(
+    command: string,
+    args?: string[],
+    options?: SandboxOptions
+  ): Promise<SandboxResult>;
+  /**
+   * Execute code in the sandbox (Python or JavaScript)
+   */
+  executeCode(
+    code: string,
+    language: 'python' | 'javascript'
+  ): Promise<SandboxResult>;
+  /**
+   * Cleanup sandbox resources
+   */
+  cleanup(): void;
+}
+/**
+ * No-op sandbox implementation for when sandboxing is unavailable
+ * Still enforces timeouts and output limits, but no OS-level isolation
+ */
+export class NoSandbox implements ISandbox {
+  readonly type: SandboxType = 'none';
+  private workspace: Workspace;
+  constructor(workspace: Workspace) {
+    this.workspace = workspace;
+  }
+  async initialize(): Promise<void> {
+    // No initialization needed
+  }
+  async execute(
+    command: string,
+    args: string[] = [],
+    options: SandboxOptions = {}
+  ): Promise<SandboxResult> {
+    const timeout = options.timeout ?? 5 * 60 * 1000;
+    const maxOutputSize = options.maxOutputSize ?? 100 * 1024;
+    const cwd = options.cwd || this.workspace.path;
+    return new Promise((resolve) => {
+      let stdout = '';
+      let stderr = '';
+      let killed = false;
+      let timedOut = false;
+      const proc = spawn('/bin/sh', ['-c', `${command} ${args.join(' ')}`], {
+        cwd,
+        shell: true,
+        stdio: ['ignore', 'pipe', 'pipe'],
+      });
+      const timeoutHandle = setTimeout(() => {
+        timedOut = true;
+        killed = true;
+        proc.kill('SIGKILL');
+      }, timeout);
+      proc.stdout?.on('data', (data: Buffer) => {
+        const chunk = data.toString();
+        if (stdout.length + chunk.length <= maxOutputSize) {
+          stdout += chunk;
+        } else if (stdout.length < maxOutputSize) {
+          stdout += chunk.slice(0, maxOutputSize - stdout.length);
+          stdout += '\n[Output truncated]';
+        }
+      });
+      proc.stderr?.on('data', (data: Buffer) => {
+        const chunk = data.toString();
+        if (stderr.length + chunk.length <= maxOutputSize) {
+          stderr += chunk;
+        } else if (stderr.length < maxOutputSize) {
+          stderr += chunk.slice(0, maxOutputSize - stderr.length);
+          stderr += '\n[Output truncated]';
+        }
+      });
+      proc.on('close', (code) => {
+        clearTimeout(timeoutHandle);
+        resolve({
+          exitCode: code ?? 1,
+          stdout,
+          stderr,
+          killed,
+          timedOut,
+        });
+      });
+      proc.on('error', (err) => {
+        clearTimeout(timeoutHandle);
+        resolve({
+          exitCode: 1,
+          stdout,
+          stderr: err.message,
+          killed,
+          timedOut,
+          error: err.message,
+        });
+      });
+    });
+  }
+  async executeCode(
+    code: string,
+    language: 'python' | 'javascript'
+  ): Promise<SandboxResult> {
+    const ext = language === 'python' ? '.py' : '.js';
+    const { filePath, cleanup } = createSecureTempFile(ext, code);
+    try {
+      const interpreter = language === 'python' ? 'python3' : 'node';
+      return await this.execute(interpreter, [filePath], {
+        timeout: 60 * 1000,
+        allowNetwork: false,
+      });
+    } finally {
+      cleanup();
+    }
+  }
+  cleanup(): void {
+    // No cleanup needed
+  }
+}
+/**
+ * Cached Docker availability status
+ */
+let dockerAvailable: boolean | null = null;
+let dockerCheckPromise: Promise<boolean> | null = null;
+/**
+ * Check if Docker is available and running
+ */
+export async function isDockerAvailable(): Promise<boolean> {
+  // Return cached result if available
+  if (dockerAvailable !== null) {
+    return dockerAvailable;
+  }
+  // Return existing promise if check is in progress
+  if (dockerCheckPromise) {
+    return dockerCheckPromise;
+  }
+  dockerCheckPromise = new Promise((resolve) => {
+    const proc = spawn('docker', ['info'], {
+      stdio: ['ignore', 'pipe', 'pipe'],
+    });
+    let resolved = false;
+    const timeout = setTimeout(() => {
+      if (!resolved) {
+        resolved = true;
+        proc.kill();
+        dockerAvailable = false;
+        resolve(false);
+      }
+    }, 5000);
+    proc.on('close', (code) => {
+      clearTimeout(timeout);
+      if (!resolved) {
+        resolved = true;
+        dockerAvailable = code === 0;
+        resolve(dockerAvailable);
+      }
+    });
+    proc.on('error', () => {
+      clearTimeout(timeout);
+      if (!resolved) {
+        resolved = true;
+        dockerAvailable = false;
+        resolve(false);
+      }
+    });
+  });
+  return dockerCheckPromise;
+}
+/**
+ * Detect the best available sandbox type for the current platform
+ */
+export async function detectAvailableSandbox(): Promise<SandboxType> {
+  // On macOS, prefer native sandbox-exec
+  if (process.platform === 'darwin') {
+    return 'macos';
+  }
+  // On other platforms, check for Docker
+  if (await isDockerAvailable()) {
+    return 'docker';
+  }
+  // Fallback to no sandbox
+  return 'none';
+}
+/**
+ * Create a sandbox instance for the given workspace
+ *
+ * @param workspace - The workspace to create a sandbox for
+ * @param preferredType - Optional preferred sandbox type (overrides auto-detection)
+ * @returns An initialized sandbox instance
+ */
+export async function createSandbox(
+  workspace: Workspace,
+  preferredType?: SandboxType | 'auto'
+): Promise<ISandbox> {
+  let sandboxType: SandboxType;
+  if (preferredType && preferredType !== 'auto') {
+    // Validate the preferred type is available
+    if (preferredType === 'macos' && process.platform !== 'darwin') {
+      console.warn(
+        'macOS sandbox requested but not on macOS, falling back to auto-detect'
+      );
+      sandboxType = await detectAvailableSandbox();
+    } else if (preferredType === 'docker' && !(await isDockerAvailable())) {
+      console.warn(
+        'Docker sandbox requested but Docker not available, falling back to auto-detect'
+      );
+      sandboxType = await detectAvailableSandbox();
+    } else {
+      sandboxType = preferredType;
+    }
+  } else {
+    sandboxType = await detectAvailableSandbox();
+  }
+  let sandbox: ISandbox;
+  switch (sandboxType) {
+    case 'macos':
+      sandbox = new MacOSSandbox(workspace);
+      break;
+    case 'docker':
+      sandbox = new DockerSandbox(workspace);
+      break;
+    case 'none':
+    default:
+      sandbox = new NoSandbox(workspace);
+      break;
+  }
+  await sandbox.initialize();
+  return sandbox;
+}
+/**
+ * Reset Docker availability cache (useful for testing or after Docker installation)
+ */
+export function resetDockerCache(): void {
+  dockerAvailable = null;
+  dockerCheckPromise = null;
+}

package/src/electron/agent/sandbox/security-utils.ts ADDED Viewed

@@ -0,0 +1,251 @@
+/**
+ * Security Utilities for Sandbox Operations
+ *
+ * Provides secure implementations for common operations:
+ * - Secure temp file creation (TOCTOU-safe)
+ * - Path validation with symlink resolution
+ * - String escaping for sandbox profiles
+ */
+import * as fs from 'fs';
+import * as path from 'path';
+import * as os from 'os';
+import * as crypto from 'crypto';
+/**
+ * Create a secure temporary file with random name
+ * Uses crypto.randomBytes to prevent predictable filenames (TOCTOU mitigation)
+ *
+ * @param extension - File extension (e.g., '.py', '.js')
+ * @param content - Content to write to the file
+ * @returns Object with file path and cleanup function
+ */
+export function createSecureTempFile(
+  extension: string,
+  content: string
+): { filePath: string; cleanup: () => void } {
+  // Generate cryptographically random filename
+  const randomBytes = crypto.randomBytes(16).toString('hex');
+  const filename = `cowork_${randomBytes}${extension}`;
+  const tempDir = os.tmpdir();
+  // Validate temp directory exists and is writable
+  if (!fs.existsSync(tempDir)) {
+    throw new Error(`Temp directory does not exist: ${tempDir}`);
+  }
+  const filePath = path.join(tempDir, filename);
+  // Use O_CREAT | O_EXCL to atomically create file (fails if exists)
+  // This prevents TOCTOU race conditions
+  const fd = fs.openSync(filePath, fs.constants.O_CREAT | fs.constants.O_EXCL | fs.constants.O_WRONLY, 0o600);
+  try {
+    fs.writeSync(fd, content, 0, 'utf8');
+  } finally {
+    fs.closeSync(fd);
+  }
+  const cleanup = () => {
+    try {
+      if (fs.existsSync(filePath)) {
+        fs.unlinkSync(filePath);
+      }
+    } catch {
+      // Ignore cleanup errors
+    }
+  };
+  return { filePath, cleanup };
+}
+/**
+ * Validate and resolve a path, following symlinks
+ * Returns null if path is outside allowed boundaries
+ *
+ * @param targetPath - Path to validate
+ * @param allowedBasePaths - List of allowed base paths
+ * @returns Resolved real path or null if invalid/outside boundaries
+ */
+export function validateAndResolvePath(
+  targetPath: string,
+  allowedBasePaths: string[]
+): string | null {
+  // Reject paths with null bytes (path traversal attack vector)
+  if (targetPath.includes('\0')) {
+    return null;
+  }
+  // Normalize the path first
+  const normalizedTarget = path.normalize(targetPath);
+  // Check if path exists before attempting to resolve symlinks
+  if (!fs.existsSync(normalizedTarget)) {
+    // For non-existent paths, just validate against normalized path
+    for (const basePath of allowedBasePaths) {
+      const normalizedBase = path.resolve(basePath);
+      if (path.resolve(normalizedTarget).startsWith(normalizedBase + path.sep) ||
+          path.resolve(normalizedTarget) === normalizedBase) {
+        return path.resolve(normalizedTarget);
+      }
+    }
+    return null;
+  }
+  try {
+    // Resolve symlinks to get real path
+    const realPath = fs.realpathSync(normalizedTarget);
+    // Check if real path is within allowed boundaries
+    for (const basePath of allowedBasePaths) {
+      const realBasePath = fs.existsSync(basePath)
+        ? fs.realpathSync(basePath)
+        : path.resolve(basePath);
+      if (realPath.startsWith(realBasePath + path.sep) || realPath === realBasePath) {
+        return realPath;
+      }
+    }
+    return null;
+  } catch {
+    // If we can't resolve the path, it's not valid
+    return null;
+  }
+}
+/**
+ * Escape a string for use in macOS sandbox-exec profile
+ * Prevents sandbox profile injection attacks
+ *
+ * @param input - String to escape
+ * @returns Escaped string safe for sandbox profile
+ */
+export function escapeSandboxProfileString(input: string): string {
+  // Validate input doesn't contain null bytes
+  if (input.includes('\0')) {
+    throw new Error('Path contains null byte, which is not allowed');
+  }
+  // Escape characters that have special meaning in sandbox profiles:
+  // - Backslash: escape character
+  // - Double quote: string delimiter
+  // - Parentheses: LISP-like syntax
+  // - Semicolon: comment start
+  return input
+    .replace(/\\/g, '\\\\')     // Escape backslashes first
+    .replace(/"/g, '\\"')       // Escape double quotes
+    .replace(/\(/g, '\\(')      // Escape open paren
+    .replace(/\)/g, '\\)')      // Escape close paren
+    .replace(/;/g, '\\;');      // Escape semicolons
+}
+/**
+ * Validate a path is safe for sandbox profile inclusion
+ * Rejects paths with dangerous characters that could break profile syntax
+ *
+ * @param pathToValidate - Path to validate
+ * @returns true if safe, throws error if not
+ */
+export function validatePathForSandboxProfile(pathToValidate: string): boolean {
+  // Check for null bytes
+  if (pathToValidate.includes('\0')) {
+    throw new Error('Path contains null byte');
+  }
+  // Check for newlines (could inject new profile lines)
+  if (pathToValidate.includes('\n') || pathToValidate.includes('\r')) {
+    throw new Error('Path contains newline characters');
+  }
+  // Validate path is absolute and normalized
+  if (!path.isAbsolute(pathToValidate)) {
+    throw new Error('Path must be absolute');
+  }
+  return true;
+}
+/**
+ * Escape a value for Docker environment variable
+ * Prevents command injection through environment variables
+ *
+ * @param value - Environment variable value to escape
+ * @returns Escaped value safe for Docker -e flag
+ */
+export function escapeDockerEnvValue(value: string): string {
+  // Reject values with null bytes
+  if (value.includes('\0')) {
+    throw new Error('Environment value contains null byte');
+  }
+  // For Docker, we need to handle shell metacharacters
+  // The safest approach is to reject problematic characters
+  // or use Docker's --env-file feature for complex values
+  // Check for newlines which could inject additional arguments
+  if (value.includes('\n') || value.includes('\r')) {
+    throw new Error('Environment value contains newline characters');
+  }
+  return value;
+}
+/**
+ * Validate an environment variable name is safe
+ *
+ * @param name - Environment variable name
+ * @returns true if valid, throws if not
+ */
+export function validateEnvVarName(name: string): boolean {
+  // Standard env var naming: alphanumeric and underscore, starting with letter or underscore
+  if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(name)) {
+    throw new Error(`Invalid environment variable name: ${name}`);
+  }
+  // Blacklist dangerous environment variables that could affect sandboxed processes
+  const dangerousVars = [
+    'LD_PRELOAD',
+    'LD_LIBRARY_PATH',
+    'DYLD_INSERT_LIBRARIES',
+    'DYLD_LIBRARY_PATH',
+    'PYTHONPATH',
+    'NODE_OPTIONS',
+    'NODE_PATH',
+    'PERL5OPT',
+    'RUBYOPT',
+  ];
+  if (dangerousVars.includes(name.toUpperCase())) {
+    throw new Error(`Dangerous environment variable not allowed: ${name}`);
+  }
+  return true;
+}
+/**
+ * Safe environment passthrough that validates and filters variables
+ *
+ * @param requestedVars - List of environment variable names to pass through
+ * @returns Record of safe environment variables
+ */
+export function buildSafeEnvironment(
+  requestedVars: string[]
+): Record<string, string | undefined> {
+  const safeEnv: Record<string, string | undefined> = {};
+  for (const name of requestedVars) {
+    try {
+      validateEnvVarName(name);
+      const value = process.env[name];
+      if (value !== undefined) {
+        escapeDockerEnvValue(value); // Validates value is safe
+        safeEnv[name] = value;
+      }
+    } catch {
+      // Skip invalid or dangerous variables silently
+      console.warn(`[SecurityUtils] Skipping unsafe environment variable: ${name}`);
+    }
+  }
+  return safeEnv;
+}