exoagent 0.0.12 → 0.0.14

package/dist/rpc-toolset-test-helpers.d.ts

@@ -1,5 +1,4 @@
-import { RpcToolset } from './rpc-toolset';
-export declare class TestToolset extends RpcToolset {
+export declare class TestToolset {
     add(input: {
         a: number;
         b: number;
@@ -9,7 +8,7 @@ export declare class TestToolset extends RpcToolset {
         id: string;
     }): Promise<typeof User>;
 }
-export declare class TestToolset2 extends RpcToolset {
+export declare class TestToolset2 {
     subtract(input: {
         a: number;
         b: number;
@@ -20,7 +19,6 @@ declare const User_base: Omit<import('./sql').TableClass<"users">, keyof import(
         remapColumns?: boolean;
     };
     column: (this: InstanceType<import('./sql').TableClass<string>>, columnName: string) => import('./sql/expression').ColumnReferenceExpression;
-    __RPC_TARGET_BRAND: never;
 });
 export declare class User extends User_base {
     id: import('./sql/expression').ColumnReferenceExpression;
@@ -34,7 +32,6 @@ declare const Post_base: Omit<import('./sql').TableClass<"posts">, keyof import(
         remapColumns?: boolean;
     };
     column: (this: InstanceType<import('./sql').TableClass<string>>, columnName: string) => import('./sql/expression').ColumnReferenceExpression;
-    __RPC_TARGET_BRAND: never;
 });
 export declare class Post extends Post_base {
     id: import('./sql/expression').ColumnReferenceExpression;

package/dist/runtime/daemon.d.ts

@@ -0,0 +1,37 @@
+import { Secrets } from './providers/secrets';
+import { StorageCap } from './providers/storage';
+/**
+ * exoagentd — runtime daemon.
+ *
+ * Owns shared infrastructure (storage, secrets) and manages
+ * agent processes via dtach (terminal session manager).
+ */
+export interface DaemonConfig {
+    repoDir: string;
+    dataDir?: string;
+}
+export declare class Daemon {
+    readonly repoDir: string;
+    readonly dataDir: string;
+    readonly storage: StorageCap;
+    readonly secrets: Secrets;
+    private constructor();
+    static start(config: DaemonConfig): Promise<Daemon>;
+    /** Validate agentId — alphanumeric, hyphens, underscores only */
+    private validateAgentId;
+    /** Spawn an agent in a dtach session */
+    spawn(agentId: string): Promise<string>;
+    /** Attach to an agent — replaces current process with dtach */
+    attach(agentId: string): void;
+    /** List running agents (by socket files) */
+    list(): string[];
+    /** Kill an agent — terminates the dtach process tree */
+    kill(agentId: string): void;
+    /** Run an exo with daemon caps */
+    runExo(name: string, exoArgs?: string[]): Promise<unknown>;
+    /** Eval arbitrary code with daemon caps (like an inline exo) */
+    evalCode(code: string): Promise<unknown>;
+    /** Get a ReviewCap for the default clone (if exists) */
+    private getReviewCap;
+    stop(): Promise<void>;
+}

package/dist/runtime/dts.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Generate a .d.ts declaration string from a TypeScript source file.
+ *
+ * Uses the TypeScript compiler API to emit declarations. Resolves imports
+ * so the output includes full type information.
+ *
+ * @param filePath - Absolute path to the .ts source file
+ * @returns The generated .d.ts content
+ */
+export declare function generateDts(filePath: string): string;
+/**
+ * Generate a .d.ts for a class, extracting only its public method signatures.
+ *
+ * This produces a minimal type declaration suitable for codemode — just the
+ * methods the LLM can call, without internal implementation details.
+ *
+ * @param filePath - Absolute path to the .ts source file
+ * @param className - Name of the class to extract
+ * @returns A declaration string like `{ method(args): ReturnType; ... }`
+ */
+export declare function generateCapDts(filePath: string, className: string): string;

package/dist/runtime/eslint-exo-rule.d.ts

@@ -0,0 +1,3 @@
+import { Rule } from 'eslint';
+declare const rule: Rule.RuleModule;
+export default rule;

package/dist/runtime/exo.d.ts

@@ -0,0 +1,33 @@
+/**
+ * An Exo is a sandboxed program. It declares its caps by destructuring
+ * the first argument of its default export.
+ *
+ * ```javascript
+ * export default async ({ sandbox, review, storage }) => {
+ *   await sandbox.exec({ command: 'echo hello' })
+ * }
+ * ```
+ *
+ * Only the destructured caps are available — exoeval enforces this at
+ * the interpreter level. Every exo gets the full cap set; the destructure
+ * is the audit trail for what it actually uses.
+ */
+/**
+ * An exo module's default export signature.
+ * Caps are received as a single object, destructured by the exo.
+ */
+export type ExoFn = (caps: Record<string, object>) => void | Promise<void>;
+/**
+ * Metadata for an exo — loaded from its module.
+ */
+export interface ExoDef {
+    readonly name: string;
+    readonly run: ExoFn;
+}
+/**
+ * Loads an exo from source code via exoImport (the sandboxed interpreter).
+ * The source must `export default` a function that takes a caps object.
+ *
+ * Source should already be plain JS (run through esbuild if TypeScript).
+ */
+export declare function loadExo(name: string, code: string): Promise<ExoDef>;

package/dist/runtime/providers/args.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Args cap — provides CLI arguments to exos.
+ */
+export declare class ArgsCap {
+    private map;
+    constructor(args: string[]);
+    get({ key }: {
+        key: string;
+    }): Promise<string | undefined>;
+    has({ key }: {
+        key: string;
+    }): Promise<boolean>;
+}

package/dist/runtime/providers/pi.d.ts

@@ -0,0 +1,68 @@
+import { Model } from '@mariozechner/pi-ai';
+import { ExtensionFactory, AgentSession, SessionManager, SettingsManager } from '@mariozechner/pi-coding-agent';
+import { Secrets } from './secrets';
+import { StorageCap } from './storage';
+import { ReviewCap } from './review';
+import { SandboxCap } from './sandbox';
+export interface PiCapConfig {
+    sandbox: SandboxCap;
+    /** Arbitrary capability objects to expose via codemode */
+    caps?: Record<string, object>;
+    /** Additional system prompt text */
+    systemPrompt?: string;
+    /** Pre-generated .d.ts for caps (required when caps are provided) */
+    capsDts: string;
+    /** @internal */ model?: Model<any>;
+    /** @internal */ extensionFactories?: ExtensionFactory[];
+    /** @internal */ settingsManager?: SettingsManager;
+    /** @internal */ sessionManager?: SessionManager;
+}
+export declare class PiCap {
+    private config;
+    private session;
+    private modelFallbackMessage?;
+    constructor(config: PiCapConfig);
+    private sandboxBashOps;
+    /** Read a file via sandbox exec, returns base64-decoded content */
+    private sandboxRead;
+    /** Write a file via sandbox exec, content passed via stdin */
+    private sandboxWrite;
+    /** Check file access via sandbox exec */
+    private sandboxAccess;
+    private scopedReadOps;
+    private scopedWriteOps;
+    private scopedEditOps;
+    private buildCodemodeTool;
+    private ensureSession;
+    /** Send a prompt and return the final text response (background mode) */
+    prompt(message: string): Promise<string>;
+    /** Access the underlying session (for interactive TUI attach) */
+    get currentSession(): AgentSession | null;
+    /** Initialize session without prompting (for interactive mode) */
+    init(): Promise<AgentSession>;
+    /** Run pi's interactive TUI (handles /login, /model, etc.) */
+    runInteractive(options?: {
+        initialMessage?: string;
+    }): Promise<void>;
+    /** Dispose the session */
+    dispose(): void;
+}
+export interface SpawnAgentConfig {
+    id: string;
+    repoDir: string;
+    dataDir: string;
+    storage: StorageCap;
+    secrets: Secrets;
+}
+export interface Agent {
+    readonly id: string;
+    readonly pi: PiCap;
+    readonly review: ReviewCap | undefined;
+    readonly cloneDir: string;
+}
+/**
+ * Spawn a coding agent — wires sandbox + review + pi together.
+ * Creates a local clone, sets up sandbox and review caps, and returns
+ * a fully configured Agent.
+ */
+export declare function spawnAgent(config: SpawnAgentConfig): Promise<Agent>;

package/dist/runtime/providers/review.d.ts

@@ -0,0 +1,82 @@
+/**
+ * Review provider — GitHub PR-based code review.
+ *
+ * Pushes branches to GitHub, opens PRs, fetches reviews.
+ * Git push assumes the host has SSH/credentials configured.
+ * Only GitHub API operations use the token (from secrets DB).
+ */
+/** Review result — uses GitHub API shapes directly (no wrapper types) */
+export interface ReviewResult {
+    approved: boolean;
+    body: string;
+    /** Inline review comments (GitHub PullRequestReviewComment objects) */
+    comments: any[];
+    /** PR-level issue comments (GitHub IssueComment objects) */
+    issueComments: any[];
+    pr: number;
+    url: string;
+}
+export interface ReviewCapConfig {
+    /** Path to the agent's local clone */
+    cloneDir: string;
+    /** Nix git store path */
+    git: string;
+    /** GitHub API token (pre-attenuated from secrets) */
+    token: string;
+    /** GitHub owner/repo (e.g. "user/repo") */
+    repo: string;
+    /** Base branch for PRs. Default: "main" */
+    baseBranch?: string;
+    /** Poll interval in ms. Default: 5000 */
+    pollInterval?: number;
+    /** Agent name for branch prefixing. Default: "default" */
+    agentName?: string;
+}
+export declare class ReviewCap {
+    private config;
+    constructor(config: ReviewCapConfig);
+    /** GitHub API token (pre-attenuated, single source of truth) */
+    private get token();
+    /** Prefix branch name with agent namespace. */
+    private qualifyBranch;
+    /**
+     * Push a branch to GitHub and open/update a PR.
+     * Returns immediately with the PR URL.
+     * Remote branch will be auto-prefixed with `exoagent-<agent>/`.
+     */
+    openPR({ branch, title, body }: {
+        branch: string;
+        title: string;
+        body?: string;
+    }): Promise<{
+        pr: number;
+        url: string;
+        sha: string;
+    }>;
+    /**
+     * Get the latest review on a PR. Returns immediately (non-blocking).
+     * Returns the most recent non-pending review with its comments.
+     */
+    getReviews({ pr }: {
+        pr: number;
+    }): Promise<ReviewResult>;
+    /**
+     * Reply to a specific review comment on a PR.
+     */
+    replyToComment({ pr, commentId, body }: {
+        pr: number;
+        commentId: number;
+        body: string;
+    }): Promise<{
+        id: number;
+    }>;
+    /**
+     * Post a general comment on a PR (issue-level comment).
+     */
+    commentOnPR({ pr, body }: {
+        pr: number;
+        body: string;
+    }): Promise<{
+        id: number;
+    }>;
+}

package/dist/runtime/providers/sandbox.d.ts

@@ -0,0 +1,54 @@
+import { StorageCap } from './storage';
+/**
+ * Sandbox provider — bwrap-based execution environment with network
+ * isolation (internet yes, LAN/loopback blocked via pasta + nft).
+ *
+ * - exec: runs commands inside bwrap (PID-isolated, net-filtered, fs-scoped)
+ * - read/write/edit: host-side file ops, path-validated to workspace
+ */
+/** Nix store paths for essential binaries */
+export interface NixPaths {
+    bash: string;
+    coreutils: string;
+    bwrap: string;
+    pasta: string;
+    nft: string;
+    nix: string;
+    cacert: string;
+    git: string;
+    gnugrep: string;
+    dtach: string;
+}
+/** Read nix paths from EXOAGENT_NIX env var (JSON) set by flake.nix devShell */
+export declare function nixPathsFromEnv(): NixPaths;
+interface SandboxConfig {
+    nix: NixPaths;
+    storage: StorageCap;
+    sessionId: string;
+    workspace: string;
+}
+export declare class SandboxCap {
+    private config;
+    private rootDir;
+    private scriptWritten;
+    constructor(config: SandboxConfig);
+    private getRoot;
+    /** Compute the transitive closure of nix store paths needed in the sandbox */
+    private nixClosure;
+    /** Validate a path is safe to interpolate into a shell script (no special chars) */
+    private static assertSafePath;
+    /** Write the wrapper script once, reuse for every exec */
+    private ensureScript;
+    exec({ command, timeout, signal, stdin }: {
+        command: string;
+        timeout?: number;
+        signal?: AbortSignal;
+        stdin?: string;
+    }): Promise<{
+        stdout: string;
+        stderr: string;
+        exitCode: number;
+    }>;
+    get workspace(): string;
+}
+export {};

package/dist/runtime/providers/secrets.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Daemon-only secrets store. Never exposed to exos.
+ * Each provider gets its own set of named secrets (e.g. API keys).
+ */
+export declare class Secrets {
+    private readonly root;
+    private readonly db;
+    private constructor();
+    /**
+     * Create a Secrets store backed by a SQLite DB in the given directory.
+     * Initializes the directory (mode 0700) and DB schema on first call.
+     */
+    static create(root: string): Secrets;
+    get(provider: string, name: string): string | null;
+    set(provider: string, name: string, value: string): void;
+    delete(provider: string, name: string): void;
+    close(): void;
+}

package/dist/runtime/providers/storage.d.ts

@@ -0,0 +1,16 @@
+export declare class StorageCap {
+    private readonly root;
+    private readonly provider;
+    private readonly db;
+    private constructor();
+    /**
+     * Create a StorageCap backed by a SQLite DB in the given directory.
+     * Initializes the directory and DB schema on first call.
+     */
+    static create(root: string, provider?: string): StorageCap;
+    get(key: string): Promise<unknown>;
+    set(key: string, value: unknown): Promise<void>;
+    delete(key: string): Promise<void>;
+    close(): void;
+    dir(name: string): Promise<string>;
+}

package/dist/runtime/secrets-ui.d.ts

@@ -0,0 +1,19 @@
+import { Secrets } from './providers/secrets';
+/**
+ * Secret declaration — providers declare what secrets they need.
+ */
+export interface SecretDecl {
+    name: string;
+    required: boolean;
+    description: string;
+}
+export interface ProviderSecrets {
+    provider: string;
+    secrets: SecretDecl[];
+}
+/** Known providers and their secrets */
+export declare const PROVIDER_SECRETS: ProviderSecrets[];
+/**
+ * Interactive TUI for managing secrets.
+ */
+export declare function runSecretsUI(db: Secrets): Promise<void>;

package/dist/runtime/start-agent.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/runtime/start.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/sql/builder.d.ts

@@ -1,5 +1,4 @@
 import { CompiledQuery, Dialect } from 'kysely';
-import { ToolCallback, RpcToolset } from '../rpc-toolset';
 import { SqlExpressionIn, ColumnReferenceExpression, OrderByValue, SqlExpression } from './expression';
 import { RawSql } from './sql';
 type RowLikeRaw = {
@@ -26,7 +25,7 @@ export declare const isFromItem: (value: unknown) => value is FromItem<string, R
 type TableNamespace = {
     [key: string]: RowLike;
 };
-type OrderByItem<TN extends TableNamespace> = NamespacedExpression<TN, SqlExpression | SqlExpression[] | OrderByValue | OrderByValue[] | (SqlExpression | OrderByValue)[]>;
+type OrderByItem = SqlExpression | SqlExpression[] | OrderByValue | OrderByValue[] | (SqlExpression | OrderByValue)[];
 type Tables<TN extends TableNamespace> = {
     [k in keyof TN & string]: {
         fromItem: FromItem<k, TN[k]>;
@@ -46,7 +45,7 @@ type QueryBuilderParams<N extends string, TN extends TableNamespace, S extends R
     offset?: number;
     rawTable: TableClass<N> | undefined;
 };
-declare class QueryBuilder<N extends string, TN extends TableNamespace, S extends RowLike> extends RpcToolset implements FromItem<N, S> {
+declare class QueryBuilder<N extends string, TN extends TableNamespace, S extends RowLike> implements FromItem<N, S> {
     #private;
     readonly alias: N;
     private selectRowLike;
@@ -56,9 +55,9 @@ declare class QueryBuilder<N extends string, TN extends TableNamespace, S extend
     private arg;
     private rawTable;
     constructor(params: QueryBuilderParams<N, TN, S>);
-    select<S2 extends RowLikeIn>(select: ToolCallback<(arg: TN) => S2>): QueryBuilder<N, TN, AsRowLike<S2>>;
-    where(where: ToolCallback<(arg: TN) => SqlExpressionIn>): QueryBuilder<N, TN, S>;
-    orderBy(orderBy: ToolCallback<OrderByItem<TN>>): QueryBuilder<N, TN, S>;
+    select<S2 extends RowLikeIn>(select: (arg: TN) => S2): QueryBuilder<N, TN, AsRowLike<S2>>;
+    where(where: (arg: TN) => SqlExpressionIn): QueryBuilder<N, TN, S>;
+    orderBy(orderBy: (arg: TN) => OrderByItem): QueryBuilder<N, TN, S>;
     limit(limit: number): QueryBuilder<N, TN, S>;
     offset(offset: number): QueryBuilder<N, TN, S>;
     join<N2 extends string, F2 extends TableClass<N2>>(fromItem: F2 | NamespacedExpression<TN, F2>, on?: NamespacedExpression<TN & {
@@ -84,7 +83,7 @@ declare class QueryBuilder<N extends string, TN extends TableNamespace, S extend
         isSubquery?: boolean;
     }) => import('kysely').RawBuilder<unknown>;
 }
-declare class TableBase extends RpcToolset {
+declare class TableBase {
     opts?: {
         remapColumns?: boolean;
     };

package/dist/sql/expression.d.ts

@@ -1,10 +1,9 @@
 import { RawSql } from './sql';
-import { RpcToolset } from '../rpc-toolset';
 type LiteralValue = number | string | boolean | null;
 export type SqlExpressionIn = LiteralValue | SqlExpression;
 export declare const asSqlExpression: (value: LiteralValue | SqlExpression) => SqlExpression;
 export declare const isSqlExpressionIn: (value: unknown) => value is SqlExpressionIn;
-export declare class SqlExpression extends RpcToolset {
+export declare class SqlExpression {
     precedence: number;
     constructor(precedence?: number);
     compile: () => RawSql;