cueclaw 0.0.1 → 0.0.3

package/dist/chunk-D77G7ABJ.js

@@ -0,0 +1,1051 @@
+import {
+  insertStepRun,
+  insertWorkflowRun,
+  updateStepRunStatus,
+  updateWorkflowPhase,
+  updateWorkflowRunStatus
+} from "./chunk-K4PGB2DU.js";
+import {
+  ConfigError,
+  ExecutorError,
+  PlannerError,
+  cueclawHome,
+  loadConfig
+} from "./chunk-JRHM3Z4C.js";
+import {
+  logger
+} from "./chunk-E7BP6DMO.js";
+
+// src/planner.ts
+import Anthropic from "@anthropic-ai/sdk";
+import { z } from "zod/v4";
+import { nanoid } from "nanoid";
+
+// src/workflow.ts
+function validateDAG(steps) {
+  const errors = [];
+  const stepIds = new Set(steps.map((s) => s.id));
+  for (const step of steps) {
+    for (const dep of step.depends_on) {
+      if (!stepIds.has(dep)) {
+        errors.push(`Step "${step.id}" depends on unknown step "${dep}"`);
+      }
+    }
+  }
+  for (const step of steps) {
+    const refs = extractStepRefs(step.inputs);
+    for (const ref of refs) {
+      if (!stepIds.has(ref)) {
+        errors.push(`Step "${step.id}" references unknown step "${ref}" in inputs`);
+      }
+      if (stepIds.has(ref) && !step.depends_on.includes(ref)) {
+        errors.push(`Step "${step.id}" references "$steps.${ref}.output" but does not list "${ref}" in depends_on`);
+      }
+    }
+  }
+  if (hasCycle(steps)) {
+    errors.push("DAG contains a cycle");
+  }
+  return errors;
+}
+function extractStepRefs(obj) {
+  const refs = [];
+  const pattern = /\$steps\.([a-z0-9-]+)\.output/g;
+  function walk(value) {
+    if (typeof value === "string") {
+      let match;
+      while ((match = pattern.exec(value)) !== null) {
+        refs.push(match[1]);
+      }
+      pattern.lastIndex = 0;
+    } else if (Array.isArray(value)) {
+      for (const item of value) walk(item);
+    } else if (value !== null && typeof value === "object") {
+      for (const v of Object.values(value)) walk(v);
+    }
+  }
+  walk(obj);
+  return refs;
+}
+function hasCycle(steps) {
+  const inDegree = /* @__PURE__ */ new Map();
+  const adjacency = /* @__PURE__ */ new Map();
+  for (const step of steps) {
+    inDegree.set(step.id, 0);
+    adjacency.set(step.id, []);
+  }
+  for (const step of steps) {
+    for (const dep of step.depends_on) {
+      if (adjacency.has(dep)) {
+        adjacency.get(dep).push(step.id);
+        inDegree.set(step.id, (inDegree.get(step.id) ?? 0) + 1);
+      }
+    }
+  }
+  const queue = [];
+  for (const [id, deg] of inDegree) {
+    if (deg === 0) queue.push(id);
+  }
+  let processed = 0;
+  while (queue.length > 0) {
+    const current = queue.shift();
+    processed++;
+    for (const neighbor of adjacency.get(current) ?? []) {
+      const newDeg = (inDegree.get(neighbor) ?? 1) - 1;
+      inDegree.set(neighbor, newDeg);
+      if (newDeg === 0) queue.push(neighbor);
+    }
+  }
+  return processed !== steps.length;
+}
+
+// src/planner.ts
+var PlanStepSchema = z.object({
+  id: z.string(),
+  description: z.string(),
+  expected_output: z.string().optional(),
+  agent: z.literal("claude"),
+  inputs: z.record(z.string(), z.any()),
+  depends_on: z.array(z.string())
+});
+var TriggerConfigSchema = z.union([
+  z.object({
+    type: z.literal("poll"),
+    interval_seconds: z.number(),
+    check_script: z.string(),
+    diff_mode: z.enum(["new_items", "any_change"])
+  }),
+  z.object({
+    type: z.literal("cron"),
+    expression: z.string(),
+    timezone: z.string().optional()
+  }),
+  z.object({ type: z.literal("manual") })
+]);
+var FailurePolicySchema = z.object({
+  on_step_failure: z.enum(["stop", "skip_dependents", "ask_user"]),
+  max_retries: z.number(),
+  retry_delay_ms: z.number()
+});
+var PlannerOutputSchema = z.object({
+  name: z.string(),
+  description: z.string(),
+  trigger: TriggerConfigSchema,
+  steps: z.array(PlanStepSchema).min(1),
+  failure_policy: FailurePolicySchema
+});
+var plannerOutputJsonSchema = {
+  type: "object",
+  required: ["name", "description", "trigger", "steps", "failure_policy"],
+  properties: {
+    name: { type: "string", description: "Short workflow name" },
+    description: { type: "string", description: "User's original natural language description" },
+    trigger: {
+      type: "object",
+      description: "Trigger configuration",
+      properties: {
+        type: { type: "string", enum: ["poll", "cron", "manual"] },
+        interval_seconds: { type: "number" },
+        check_script: { type: "string" },
+        diff_mode: { type: "string", enum: ["new_items", "any_change"] },
+        expression: { type: "string" },
+        timezone: { type: "string" }
+      },
+      required: ["type"]
+    },
+    steps: {
+      type: "array",
+      items: {
+        type: "object",
+        required: ["id", "description", "agent", "inputs", "depends_on"],
+        properties: {
+          id: { type: "string", description: "kebab-case step ID" },
+          description: { type: "string", description: "Detailed step description for the agent" },
+          expected_output: { type: "string" },
+          agent: { type: "string", enum: ["claude"] },
+          inputs: { type: "object", description: "Step inputs, may use $steps.{id}.output or $trigger_data" },
+          depends_on: { type: "array", items: { type: "string" }, description: "Step IDs this step depends on" }
+        }
+      },
+      minItems: 1
+    },
+    failure_policy: {
+      type: "object",
+      required: ["on_step_failure", "max_retries", "retry_delay_ms"],
+      properties: {
+        on_step_failure: { type: "string", enum: ["stop", "skip_dependents", "ask_user"] },
+        max_retries: { type: "number" },
+        retry_delay_ms: { type: "number" }
+      }
+    }
+  }
+};
+var plannerTool = {
+  name: "create_workflow",
+  description: "Create a workflow definition from the user description. Generate steps as a DAG with proper dependencies.",
+  input_schema: plannerOutputJsonSchema
+};
+function buildPlannerSystemPrompt(config) {
+  const identity = config.identity?.name ? `
+User identity: ${config.identity.name}` : "";
+  return `You are CueClaw Planner. Convert user's natural language into a structured Workflow.
+
+## Execution Environment
+
+All steps are executed by the Claude Agent SDK. The agent has Bash and can use
+any CLI tool installed locally. It auto-loads .claude/skills/.
+You don't need to verify tool availability \u2014 the agent detects at runtime.
+
+## Rules
+
+1. Every step's agent field is "claude" (Claude Agent SDK execution)
+2. Step description uses natural language \u2014 the agent decides which tools to use
+3. depends_on must reference defined step IDs, forming a valid DAG (no cycles)
+4. Step IDs use kebab-case: "fetch-issues", "create-branch"
+5. Use $steps.{id}.output in inputs to reference prior step results
+6. Use $trigger_data in inputs to reference the trigger's output data
+7. Do NOT generate position, phase, schema_version, status, or timestamp fields (framework auto-fills). You MUST generate step id fields.
+8. Trigger check_script can use any shell commands
+9. Step description should be detailed enough for the agent to execute independently \u2014 not just a one-line summary
+10. Input keys use snake_case (e.g., issue_number, repo_path)
+11. Steps must NOT include a status field \u2014 the framework sets all steps to pending automatically
+12. Step output is a plain text string \u2014 downstream agents parse structure themselves
+
+## User Identity
+${identity}`;
+}
+async function generatePlan(userDescription, config) {
+  const anthropic = new Anthropic({ apiKey: config.claude.api_key });
+  const MAX_RETRIES = 2;
+  let retryContext = "";
+  for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
+    const prompt = retryContext ? `${userDescription}
+
+${retryContext}` : userDescription;
+    logger.debug({ attempt, hasRetryContext: !!retryContext }, "Planner attempt");
+    const response = await anthropic.messages.create({
+      model: config.claude.planner.model,
+      max_tokens: 4096,
+      system: buildPlannerSystemPrompt(config),
+      messages: [{ role: "user", content: prompt }],
+      tools: [plannerTool],
+      tool_choice: { type: "tool", name: "create_workflow" }
+    });
+    const toolBlock = response.content.find((b) => b.type === "tool_use");
+    if (!toolBlock || toolBlock.type !== "tool_use") {
+      throw new PlannerError("Unexpected planner response format: no tool_use block");
+    }
+    const parseResult = PlannerOutputSchema.safeParse(toolBlock.input);
+    if (!parseResult.success) {
+      const errMsg = parseResult.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join("; ");
+      if (attempt < MAX_RETRIES) {
+        retryContext = `[System] Previous plan had validation issues:
+${errMsg}
+Please fix and try again.`;
+        continue;
+      }
+      throw new PlannerError(`Invalid plan after ${MAX_RETRIES + 1} attempts: ${errMsg}`);
+    }
+    const dagErrors = validateDAG(parseResult.data.steps);
+    if (dagErrors.length > 0) {
+      if (attempt < MAX_RETRIES) {
+        retryContext = `[System] DAG dependency issues:
+${dagErrors.join("\n")}
+Please fix the step dependencies.`;
+        continue;
+      }
+      throw new PlannerError(`DAG validation failed after ${MAX_RETRIES + 1} attempts: ${dagErrors.join(", ")}`);
+    }
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    return {
+      ...parseResult.data,
+      schema_version: "1.0",
+      id: `wf_${nanoid()}`,
+      phase: "awaiting_confirmation",
+      created_at: now,
+      updated_at: now
+    };
+  }
+  throw new PlannerError("Failed to generate valid plan after retries");
+}
+async function modifyPlan(originalWorkflow, modificationDescription, config) {
+  const plannerOutput = {
+    name: originalWorkflow.name,
+    description: originalWorkflow.description,
+    trigger: originalWorkflow.trigger,
+    steps: originalWorkflow.steps,
+    failure_policy: originalWorkflow.failure_policy
+  };
+  const combinedPrompt = `Here is the current workflow plan:
+\`\`\`json
+${JSON.stringify(plannerOutput, null, 2)}
+\`\`\`
+
+The user wants to modify it as follows:
+${modificationDescription}
+
+Preserve unmodified steps' IDs, descriptions, and dependencies \u2014 only change what the user specified.
+Return the complete modified workflow using the create_workflow tool.`;
+  const result = await generatePlan(combinedPrompt, config);
+  return {
+    ...result,
+    id: originalWorkflow.id,
+    updated_at: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function confirmPlan(workflow) {
+  if (workflow.phase !== "awaiting_confirmation") {
+    throw new PlannerError(`Cannot confirm workflow in phase "${workflow.phase}"`);
+  }
+  const nextPhase = workflow.trigger.type === "manual" ? "executing" : "active";
+  return {
+    ...workflow,
+    phase: nextPhase,
+    updated_at: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function rejectPlan(workflow) {
+  return {
+    ...workflow,
+    phase: "planning",
+    updated_at: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+
+// src/executor.ts
+import { nanoid as nanoid4 } from "nanoid";
+
+// src/hooks.ts
+function checkBashSafety(command) {
+  const dangerousPatterns = [
+    [/rm\s+-rf\s+\//, "recursive delete from root"],
+    [/\bsudo\b/, "privilege escalation"],
+    [/chmod\s+777/, "world-writable permissions"],
+    [/>\s*\/etc\//, "write to system config"],
+    [/\bmkfs\b/, "format filesystem"],
+    [/curl\s.*\|\s*(ba)?sh/, "pipe-to-shell execution"],
+    [/wget\s.*\|\s*(ba)?sh/, "pipe-to-shell execution"],
+    [/\bdd\b.*\bif=\/dev\//, "raw disk operations"],
+    [/>\s*\/dev\//, "write to device files"],
+    [/\bnc\b.*-[lp]/, "netcat listener"],
+    [/\bncat\b/, "ncat listener"]
+  ];
+  for (const [pattern, reason] of dangerousPatterns) {
+    if (pattern.test(command)) {
+      return { allowed: false, reason: `Dangerous command blocked: ${reason}` };
+    }
+  }
+  return { allowed: true };
+}
+
+// src/container-runner.ts
+import { spawn } from "child_process";
+import { mkdirSync as mkdirSync2 } from "fs";
+import { join as join3 } from "path";
+
+// src/mount-security.ts
+import { readFileSync, writeFileSync, existsSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+function expandHome(path) {
+  if (path.startsWith("~/")) return join(homedir(), path.slice(2));
+  if (path === "~") return homedir();
+  return path;
+}
+function loadMountAllowlist() {
+  const path = join(cueclawHome(), "mount-allowlist.json");
+  if (!existsSync(path)) {
+    const defaults = generateDefaultAllowlist();
+    writeFileSync(path, JSON.stringify(defaults, null, 2));
+    return defaults;
+  }
+  return JSON.parse(readFileSync(path, "utf-8"));
+}
+function validateAdditionalMounts(mounts, allowlist) {
+  for (const mount of mounts) {
+    const expanded = expandHome(mount.hostPath);
+    for (const pattern of allowlist.blockedPatterns) {
+      if (expanded.includes(pattern)) {
+        throw new ConfigError(`Mount blocked: "${mount.hostPath}" matches blocked pattern "${pattern}"`);
+      }
+    }
+    const allowed = allowlist.allowedRoots.find(
+      (root) => expanded.startsWith(expandHome(root.path))
+    );
+    if (!allowed) {
+      throw new ConfigError(`Mount not in allowlist: "${mount.hostPath}". Add it to ~/.cueclaw/mount-allowlist.json`);
+    }
+    if (mount.readonly === false && !allowed.allowReadWrite) {
+      throw new ConfigError(`Mount "${mount.hostPath}" is read-only in allowlist but requested read-write`);
+    }
+  }
+}
+function generateDefaultAllowlist() {
+  return {
+    allowedRoots: [
+      { path: "~/projects", allowReadWrite: true, description: "User project directories" },
+      { path: "/tmp", allowReadWrite: true, description: "Temporary files" }
+    ],
+    blockedPatterns: [".ssh", ".gnupg", ".aws", ".env", "credentials", "private_key", ".docker"],
+    nonMainReadOnly: true
+  };
+}
+
+// src/ipc.ts
+import {
+  existsSync as existsSync2,
+  readdirSync,
+  readFileSync as readFileSync2,
+  writeFileSync as writeFileSync2,
+  unlinkSync,
+  renameSync,
+  mkdirSync
+} from "fs";
+import { join as join2 } from "path";
+import { nanoid as nanoid2 } from "nanoid";
+var IpcWatcher = class {
+  constructor(workflowId, _stepId, ipcDir, onMessage, pollInterval = 500) {
+    this.workflowId = workflowId;
+    this.ipcDir = ipcDir;
+    this.onMessage = onMessage;
+    this.pollInterval = pollInterval;
+  }
+  timeout = null;
+  start() {
+    this.scheduleNext();
+  }
+  scheduleNext() {
+    this.timeout = setTimeout(async () => {
+      await this.poll();
+      if (this.timeout !== null) this.scheduleNext();
+    }, this.pollInterval);
+  }
+  stop() {
+    if (this.timeout) {
+      clearTimeout(this.timeout);
+      this.timeout = null;
+    }
+  }
+  async poll() {
+    const outputDir = join2(this.ipcDir, "output");
+    if (!existsSync2(outputDir)) return;
+    const files = readdirSync(outputDir).filter((f) => f.endsWith(".json")).sort();
+    for (const file of files) {
+      const filePath = join2(outputDir, file);
+      try {
+        const content = readFileSync2(filePath, "utf-8");
+        const msg = JSON.parse(content);
+        if (msg.workflowId !== this.workflowId) {
+          logger.warn({ file, expected: this.workflowId, got: msg.workflowId }, "IPC message workflow mismatch");
+          this.moveToErrors(filePath, outputDir);
+          continue;
+        }
+        this.onMessage(msg);
+        unlinkSync(filePath);
+      } catch (err) {
+        logger.error({ file, err }, "Failed to process IPC message");
+        this.moveToErrors(filePath, outputDir);
+      }
+    }
+  }
+  sendToContainer(msg) {
+    const inputDir = join2(this.ipcDir, "input");
+    mkdirSync(inputDir, { recursive: true });
+    const filename = `${Date.now()}-${nanoid2(6)}.json`;
+    const tempPath = join2(inputDir, `.${filename}.tmp`);
+    const finalPath = join2(inputDir, filename);
+    writeFileSync2(tempPath, JSON.stringify(msg));
+    renameSync(tempPath, finalPath);
+  }
+  signalClose() {
+    writeFileSync2(join2(this.ipcDir, "_close"), "");
+  }
+  moveToErrors(filePath, outputDir) {
+    const errorsDir = join2(outputDir, "..", "errors");
+    mkdirSync(errorsDir, { recursive: true });
+    const filename = filePath.split("/").pop();
+    try {
+      renameSync(filePath, join2(errorsDir, filename));
+    } catch {
+      try {
+        unlinkSync(filePath);
+      } catch {
+      }
+    }
+  }
+};
+
+// src/mcp-server.ts
+var McpMessageHandler = class {
+  constructor(db, router, ipcWatcher) {
+    this.db = db;
+    this.router = router;
+    this.ipcWatcher = ipcWatcher;
+  }
+  log = logger.child({ module: "mcp-handler" });
+  handle(msg) {
+    switch (msg.type) {
+      case "progress":
+        this.handleProgress(msg);
+        break;
+      case "notification":
+        this.handleNotification(msg);
+        break;
+      case "context_request":
+        this.handleContextRequest(msg);
+        break;
+      default:
+        this.log.warn({ type: msg.type }, "Unknown IPC message type");
+    }
+  }
+  handleProgress(msg) {
+    this.db.prepare(
+      "UPDATE step_runs SET status = ?, output_json = ? WHERE step_id = ? AND run_id = ?"
+    ).run(msg.data.status, msg.data.output ?? null, msg.stepId, msg.data.runId);
+    this.log.info({ stepId: msg.stepId, status: msg.data.status }, "Step progress update");
+  }
+  handleNotification(msg) {
+    this.router.broadcastNotification(msg.data.message);
+  }
+  handleContextRequest(msg) {
+    const stepRun = this.db.prepare(
+      "SELECT output_json FROM step_runs WHERE step_id = ? AND run_id = ?"
+    ).get(msg.data.requestedStepId, msg.data.runId);
+    this.ipcWatcher.sendToContainer({
+      workflowId: msg.workflowId,
+      stepId: msg.stepId,
+      type: "user_message",
+      correlationId: msg.correlationId,
+      data: { context: stepRun?.output_json ?? null },
+      timestamp: (/* @__PURE__ */ new Date()).toISOString()
+    });
+  }
+};
+
+// src/container-runner.ts
+var OUTPUT_START_MARKER = "---CUECLAW_OUTPUT_START---";
+var OUTPUT_END_MARKER = "---CUECLAW_OUTPUT_END---";
+async function runContainerAgent(opts) {
+  const config = loadConfig();
+  const allowlist = loadMountAllowlist();
+  if (opts.additionalMounts) {
+    validateAdditionalMounts(opts.additionalMounts, allowlist);
+  }
+  mkdirSync2(opts.workDir, { recursive: true });
+  mkdirSync2(join3(opts.ipcDir, "input"), { recursive: true });
+  mkdirSync2(join3(opts.ipcDir, "output"), { recursive: true });
+  const image = config.container?.image ?? "cueclaw-agent:latest";
+  const network = config.container?.network ?? "none";
+  const volumeMounts = buildVolumeMounts(opts);
+  const dockerArgs = [
+    "run",
+    "--rm",
+    "-i",
+    "--name",
+    opts.containerName,
+    "--network",
+    network,
+    "--user",
+    "1000:1000",
+    "--memory",
+    "4g",
+    "--cpus",
+    "2",
+    ...volumeMounts,
+    image
+  ];
+  let ipcWatcher;
+  if (opts.db && opts.router) {
+    ipcWatcher = new IpcWatcher(opts.workflowId, opts.stepId, opts.ipcDir, (msg) => {
+      const handler = new McpMessageHandler(opts.db, opts.router, ipcWatcher);
+      handler.handle(msg);
+    });
+    ipcWatcher.start();
+  }
+  try {
+    const result = await spawnContainer(dockerArgs, opts, config);
+    return result;
+  } finally {
+    ipcWatcher?.stop();
+  }
+}
+function buildVolumeMounts(opts) {
+  const mounts = [
+    "-v",
+    `${opts.cwd}:/workspace/project:ro`,
+    "-v",
+    `${opts.workDir}:/workspace/work`,
+    "-v",
+    `${opts.ipcDir}:/workspace/ipc`
+  ];
+  for (const mount of opts.additionalMounts ?? []) {
+    const expanded = expandHome(mount.hostPath);
+    const containerPath = mount.containerPath ?? `/workspace/mounts${expanded}`;
+    const mode = mount.readonly !== false ? "ro" : "rw";
+    mounts.push("-v", `${expanded}:${containerPath}:${mode}`);
+  }
+  return mounts;
+}
+async function spawnContainer(dockerArgs, opts, config) {
+  return new Promise((resolve) => {
+    const proc = spawn("docker", dockerArgs, {
+      stdio: ["pipe", "pipe", "pipe"]
+    });
+    const input = {
+      prompt: opts.prompt,
+      workflowId: opts.workflowId,
+      stepId: opts.stepId,
+      runId: opts.runId,
+      apiKey: config.claude.api_key,
+      allowedTools: opts.allowedTools
+    };
+    proc.stdin.write(JSON.stringify(input));
+    proc.stdin.end();
+    const hardTimeout = config.container?.timeout ?? 18e5;
+    const idleTimeout = config.container?.idle_timeout ?? 18e5;
+    const maxOutputSize = config.container?.max_output_size ?? 10485760;
+    let lastActivity = Date.now();
+    let totalOutput = 0;
+    let truncated = false;
+    const hardTimer = setTimeout(() => {
+      logger.warn({ containerName: opts.containerName }, "Container hard timeout reached");
+      gracefulStop(opts.containerName);
+    }, hardTimeout);
+    const idleCheck = setInterval(() => {
+      if (Date.now() - lastActivity > idleTimeout) {
+        logger.warn({ containerName: opts.containerName }, "Container idle timeout reached");
+        gracefulStop(opts.containerName);
+      }
+    }, 1e4);
+    opts.signal?.addEventListener("abort", () => gracefulStop(opts.containerName), { once: true });
+    let stdout = "";
+    let resultBuffer = "";
+    proc.stdout?.on("data", (chunk) => {
+      lastActivity = Date.now();
+      const text = chunk.toString();
+      totalOutput += text.length;
+      if (totalOutput > maxOutputSize) {
+        if (!truncated) {
+          truncated = true;
+          logger.warn({ containerName: opts.containerName, size: totalOutput }, "Container output size cap reached, stopping container");
+          gracefulStop(opts.containerName);
+        }
+        return;
+      }
+      stdout += text;
+      opts.onProgress?.({ type: "output", data: text });
+    });
+    let stderr = "";
+    proc.stderr?.on("data", (chunk) => {
+      lastActivity = Date.now();
+      stderr += chunk.toString();
+    });
+    proc.on("close", (code) => {
+      clearTimeout(hardTimer);
+      clearInterval(idleCheck);
+      if (truncated) {
+        resolve({ status: "failed", error: "Container output size cap exceeded" });
+        return;
+      }
+      const startIdx = stdout.indexOf(OUTPUT_START_MARKER);
+      const endIdx = stdout.indexOf(OUTPUT_END_MARKER);
+      if (startIdx !== -1 && endIdx !== -1) {
+        resultBuffer = stdout.slice(startIdx + OUTPUT_START_MARKER.length + 1, endIdx).trim();
+      }
+      if (code !== 0 && !resultBuffer) {
+        resolve({
+          status: "failed",
+          error: stderr || `Container exited with code ${code}`
+        });
+        return;
+      }
+      try {
+        const parsed = JSON.parse(resultBuffer);
+        resolve({
+          status: "succeeded",
+          output: parsed.result ?? null,
+          sessionId: parsed.sessionId
+        });
+      } catch {
+        if (resultBuffer) {
+          resolve({ status: "succeeded", output: resultBuffer });
+        } else {
+          resolve({
+            status: "failed",
+            error: stderr || "No output captured from container"
+          });
+        }
+      }
+    });
+    proc.on("error", (err) => {
+      clearTimeout(hardTimer);
+      clearInterval(idleCheck);
+      resolve({
+        status: "failed",
+        error: `Docker spawn error: ${err.message}`
+      });
+    });
+  });
+}
+function gracefulStop(containerName) {
+  try {
+    spawn("docker", ["stop", containerName]);
+  } catch {
+  }
+}
+function prepareContainerOpts(workflowId, stepId, runId, prompt, cwd, allowedTools) {
+  const ipcDir = join3(cueclawHome(), "ipc", workflowId, stepId);
+  const workDir = join3(cueclawHome(), "work", workflowId, stepId);
+  const containerName = `cueclaw-${workflowId}-${stepId}-${Date.now()}`;
+  mkdirSync2(workDir, { recursive: true });
+  mkdirSync2(join3(ipcDir, "input"), { recursive: true });
+  mkdirSync2(join3(ipcDir, "output"), { recursive: true });
+  return {
+    workflowId,
+    stepId,
+    runId,
+    prompt,
+    cwd,
+    workDir,
+    ipcDir,
+    containerName,
+    allowedTools
+  };
+}
+
+// src/agent-runner.ts
+function runAgent(opts) {
+  const config = loadConfig();
+  if (config.container?.enabled && opts.workflowId && opts.stepId && opts.runId) {
+    const containerOpts = prepareContainerOpts(
+      opts.workflowId,
+      opts.stepId,
+      opts.runId,
+      opts.prompt,
+      opts.cwd,
+      opts.allowedTools
+    );
+    const resultPromise2 = runContainerAgent({
+      ...containerOpts,
+      signal: opts.signal,
+      onProgress: opts.onProgress
+    });
+    return {
+      resultPromise: resultPromise2,
+      abort: () => {
+        try {
+          import("child_process").then(({ spawn: spawn2 }) => {
+            spawn2("docker", ["stop", containerOpts.containerName]);
+          });
+        } catch {
+        }
+      }
+    };
+  }
+  let aborted = false;
+  const resultPromise = (async () => {
+    try {
+      const { query } = await import("@anthropic-ai/claude-agent-sdk");
+      const q = query({
+        prompt: opts.prompt,
+        options: {
+          cwd: opts.cwd,
+          model: config.claude.executor.model,
+          resume: opts.sessionId,
+          allowedTools: opts.allowedTools ?? [
+            "Bash",
+            "Read",
+            "Write",
+            "Edit",
+            "Glob",
+            "Grep",
+            "WebSearch",
+            "WebFetch"
+          ],
+          settingSources: ["project"],
+          permissionMode: "default"
+        }
+      });
+      let sessionId;
+      let result = null;
+      for await (const message of q) {
+        if (aborted) {
+          if ("interrupt" in q && typeof q.interrupt === "function") {
+            q.interrupt();
+          }
+          return { status: "failed", error: "Aborted by user" };
+        }
+        if (message.type === "system" && message.subtype === "init") {
+          sessionId = message.session_id;
+        }
+        if (message.type === "assistant") {
+          for (const block of message.content ?? []) {
+            if (block.type === "tool_use" && block.name === "Bash") {
+              const cmd = block.input?.command;
+              if (cmd) {
+                const check = checkBashSafety(cmd);
+                if (!check.allowed) {
+                  logger.warn({ command: cmd, reason: check.reason }, "Blocked dangerous command");
+                  return { status: "failed", error: `Blocked dangerous command: ${check.reason}` };
+                }
+              }
+            }
+          }
+        }
+        if ("result" in message) {
+          result = message.result ?? null;
+        }
+        opts.onProgress?.(message);
+      }
+      return { status: "succeeded", output: result, sessionId };
+    } catch (err) {
+      const errorMsg = err instanceof Error ? err.message : String(err);
+      logger.error({ err, stepId: opts.stepId }, "Agent execution failed");
+      return { status: "failed", error: errorMsg };
+    }
+  })();
+  return {
+    resultPromise,
+    abort: () => {
+      aborted = true;
+    }
+  };
+}
+
+// src/session.ts
+import { nanoid as nanoid3 } from "nanoid";
+function createSession(db, stepRunId, sdkSessionId) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const session = {
+    id: `sess_${nanoid3()}`,
+    step_run_id: stepRunId,
+    sdk_session_id: sdkSessionId,
+    created_at: now,
+    last_used_at: now,
+    is_active: true
+  };
+  db.prepare(`
+    INSERT INTO sessions (id, step_run_id, sdk_session_id, created_at, last_used_at, is_active)
+    VALUES (?, ?, ?, ?, ?, ?)
+  `).run(session.id, session.step_run_id, session.sdk_session_id ?? null, session.created_at, session.last_used_at, 1);
+  return session;
+}
+function deactivateSession(db, sessionId) {
+  db.prepare("UPDATE sessions SET is_active = 0, last_used_at = ? WHERE id = ?").run((/* @__PURE__ */ new Date()).toISOString(), sessionId);
+}
+function updateSessionSdkId(db, sessionId, sdkSessionId) {
+  db.prepare("UPDATE sessions SET sdk_session_id = ?, last_used_at = ? WHERE id = ?").run(sdkSessionId, (/* @__PURE__ */ new Date()).toISOString(), sessionId);
+}
+
+// src/executor.ts
+var STEP_REF_PATTERN = /\$steps\.([a-z0-9-]+)\.output/g;
+var TRIGGER_DATA_PATTERN = /\$trigger_data/g;
+var MAX_OUTPUT_SIZE = 10240;
+function resolveValue(value, completedSteps, triggerData) {
+  if (typeof value === "string") {
+    let shouldSkip = false;
+    let resolved = value.replace(STEP_REF_PATTERN, (_match, stepId) => {
+      const result = completedSteps.get(stepId);
+      if (!result) return "null";
+      if (result.status === "failed" || result.status === "skipped") {
+        shouldSkip = true;
+        return "null";
+      }
+      const output = result.output ?? "null";
+      return output.length > MAX_OUTPUT_SIZE ? output.slice(0, MAX_OUTPUT_SIZE) + "\n[truncated]" : output;
+    });
+    if (shouldSkip) return { __skip: true };
+    resolved = resolved.replace(TRIGGER_DATA_PATTERN, triggerData ?? "null");
+    return resolved;
+  }
+  if (Array.isArray(value)) {
+    return value.map((item) => resolveValue(item, completedSteps, triggerData));
+  }
+  if (value !== null && typeof value === "object") {
+    return resolveInputs(value, completedSteps, triggerData);
+  }
+  return value;
+}
+function resolveInputs(inputs, completedSteps, triggerData) {
+  const resolved = {};
+  for (const [key, value] of Object.entries(inputs)) {
+    resolved[key] = resolveValue(value, completedSteps, triggerData);
+  }
+  return resolved;
+}
+function hasSkipMarker(inputs) {
+  for (const value of Object.values(inputs)) {
+    if (value && typeof value === "object" && "__skip" in value) return true;
+    if (typeof value === "object" && value !== null && !Array.isArray(value) && hasSkipMarker(value)) return true;
+  }
+  return false;
+}
+async function executeStepOnce(step, resolvedInputs, runId, db, cwd, onProgress) {
+  const stepRunId = `sr_${nanoid4()}`;
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const stepRun = {
+    id: stepRunId,
+    run_id: runId,
+    step_id: step.id,
+    status: "running",
+    started_at: now
+  };
+  insertStepRun(db, stepRun);
+  const inputContext = Object.keys(resolvedInputs).length > 0 ? `
+
+Inputs:
+${JSON.stringify(resolvedInputs, null, 2)}` : "";
+  const prompt = `${step.description}${inputContext}`;
+  const handle = runAgent({
+    prompt,
+    cwd,
+    workflowId: step.id,
+    stepId: step.id,
+    runId,
+    onProgress: onProgress ? (msg) => onProgress(step.id, msg) : void 0
+  });
+  const result = await handle.resultPromise;
+  if (result.sessionId) {
+    const session = createSession(db, stepRunId, result.sessionId);
+    updateSessionSdkId(db, session.id, result.sessionId);
+    deactivateSession(db, session.id);
+  }
+  updateStepRunStatus(db, stepRunId, result.status, result.output ?? void 0, result.error);
+  return result;
+}
+async function executeStepWithRetry(step, resolvedInputs, runId, db, cwd, policy, onProgress) {
+  const maxRetries = policy.max_retries ?? 0;
+  let delay = policy.retry_delay_ms ?? 5e3;
+  for (let attempt = 0; attempt <= maxRetries; attempt++) {
+    const result = await executeStepOnce(step, resolvedInputs, runId, db, cwd, onProgress);
+    if (result.status !== "failed" || attempt === maxRetries) return result;
+    logger.info({ stepId: step.id, attempt, delay }, "Retrying step");
+    await new Promise((r) => setTimeout(r, delay));
+    delay *= 2;
+  }
+  throw new ExecutorError("Unreachable: step retry loop exited without returning");
+}
+async function executeWorkflow(opts) {
+  const { workflow, triggerData, db, cwd, onStepFailure, onProgress, signal } = opts;
+  const runId = `run_${nanoid4()}`;
+  const run = {
+    id: runId,
+    workflow_id: workflow.id,
+    trigger_data: triggerData,
+    status: "running",
+    started_at: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  insertWorkflowRun(db, run);
+  updateWorkflowPhase(db, workflow.id, "executing");
+  const completed = /* @__PURE__ */ new Map();
+  const remaining = new Set(workflow.steps.map((s) => s.id));
+  const stepMap = new Map(workflow.steps.map((s) => [s.id, s]));
+  let runFailed = false;
+  try {
+    while (remaining.size > 0) {
+      if (signal?.aborted) {
+        for (const id of remaining) {
+          completed.set(id, { status: "skipped", error: "Aborted" });
+        }
+        remaining.clear();
+        runFailed = true;
+        break;
+      }
+      const ready = [...remaining].filter((id) => {
+        const step = stepMap.get(id);
+        return step.depends_on.every((dep) => completed.has(dep));
+      });
+      if (ready.length === 0) {
+        throw new ExecutorError("Deadlock: no ready steps but remaining steps exist");
+      }
+      const executable = [];
+      for (const id of ready) {
+        const step = stepMap.get(id);
+        const depsFailed = step.depends_on.some(
+          (dep) => completed.get(dep)?.status === "failed" || completed.get(dep)?.status === "skipped"
+        );
+        if (depsFailed && workflow.failure_policy.on_step_failure !== "ask_user") {
+          remaining.delete(id);
+          completed.set(id, { status: "skipped" });
+          const skipRunId = `sr_${nanoid4()}`;
+          insertStepRun(db, { id: skipRunId, run_id: runId, step_id: id, status: "skipped" });
+          continue;
+        }
+        const resolvedInputs = resolveInputs(step.inputs, completed, triggerData);
+        if (hasSkipMarker(resolvedInputs)) {
+          remaining.delete(id);
+          completed.set(id, { status: "skipped" });
+          const skipRunId = `sr_${nanoid4()}`;
+          insertStepRun(db, { id: skipRunId, run_id: runId, step_id: id, status: "skipped" });
+          continue;
+        }
+        executable.push(step);
+      }
+      if (executable.length === 0) continue;
+      const results = await Promise.all(
+        executable.map(async (step) => {
+          remaining.delete(step.id);
+          const resolvedInputs = resolveInputs(step.inputs, completed, triggerData);
+          const result = await executeStepWithRetry(
+            step,
+            resolvedInputs,
+            runId,
+            db,
+            cwd,
+            workflow.failure_policy,
+            onProgress
+          );
+          return { stepId: step.id, result };
+        })
+      );
+      for (const { stepId, result } of results) {
+        completed.set(stepId, result);
+        if (result.status === "failed") {
+          const policy = workflow.failure_policy.on_step_failure;
+          if (policy === "stop") {
+            for (const remainingId of remaining) {
+              completed.set(remainingId, { status: "skipped" });
+              const skipRunId = `sr_${nanoid4()}`;
+              insertStepRun(db, { id: skipRunId, run_id: runId, step_id: remainingId, status: "skipped" });
+            }
+            remaining.clear();
+            runFailed = true;
+            break;
+          }
+          if (policy === "ask_user" && onStepFailure) {
+            const decision = await onStepFailure(stepMap.get(stepId), result.error ?? "Unknown error");
+            if (decision === "stop") {
+              for (const remainingId of remaining) {
+                completed.set(remainingId, { status: "skipped" });
+                const skipRunId = `sr_${nanoid4()}`;
+                insertStepRun(db, { id: skipRunId, run_id: runId, step_id: remainingId, status: "skipped" });
+              }
+              remaining.clear();
+              runFailed = true;
+              break;
+            }
+          }
+        }
+      }
+    }
+  } catch (err) {
+    runFailed = true;
+    logger.error({ err, runId }, "Workflow execution error");
+  }
+  const finalStatus = runFailed ? "failed" : "completed";
+  updateWorkflowRunStatus(db, runId, finalStatus);
+  if (workflow.trigger.type === "manual") {
+    updateWorkflowPhase(db, workflow.id, runFailed ? "failed" : "completed");
+  } else {
+    updateWorkflowPhase(db, workflow.id, "active");
+  }
+  return { runId, status: finalStatus, results: completed };
+}
+
+export {
+  generatePlan,
+  modifyPlan,
+  confirmPlan,
+  rejectPlan,
+  executeWorkflow
+};