freddie 0.0.41

package/src/tools/terminal.js

@@ -0,0 +1,29 @@
+import { spawn } from 'node:child_process'
+import { registry } from './registry.js'
+
+const _sessions = new Map()
+
+registry.register({
+    name: 'terminal',
+    toolset: 'core',
+    schema: { name: 'terminal', description: 'Open a long-lived shell session, send input lines, capture output. Actions: open, send, read, close.', parameters: { type: 'object', properties: { action: { type: 'string', enum: ['open', 'send', 'read', 'close', 'list'] }, id: { type: 'string' }, input: { type: 'string' }, cwd: { type: 'string' } }, required: ['action'] } },
+    handler: async ({ action, id, input, cwd }) => {
+        if (action === 'open') {
+            const sid = 'term-' + Date.now()
+            const sh = process.platform === 'win32' ? 'cmd' : 'sh'
+            const child = spawn(sh, [], { cwd: cwd || process.cwd(), env: process.env })
+            const buf = { stdout: '', stderr: '' }
+            child.stdout?.on('data', d => buf.stdout += d.toString())
+            child.stderr?.on('data', d => buf.stderr += d.toString())
+            _sessions.set(sid, { child, buf })
+            return { id: sid, opened: true }
+        }
+        const s = _sessions.get(id)
+        if (!s) return { error: 'unknown terminal id: ' + id }
+        if (action === 'send') { s.child.stdin?.write(input + '\n'); return { sent: true } }
+        if (action === 'read') { const out = { ...s.buf }; s.buf.stdout = ''; s.buf.stderr = ''; return out }
+        if (action === 'close') { try { s.child.kill('SIGTERM') } catch {} _sessions.delete(id); return { closed: id } }
+        if (action === 'list') return { sessions: [..._sessions.keys()] }
+        return { error: 'unknown action' }
+    },
+})

package/src/tools/tirith_security.js

@@ -0,0 +1,25 @@
+import fs from 'node:fs'
+import path from 'node:path'
+import { getFophHome } from '../home.js'
+import { registry } from './registry.js'
+
+function policyPath() { return path.join(getFophHome(), 'policy.json') }
+function loadPolicy() { try { return JSON.parse(fs.readFileSync(policyPath(), 'utf8')) } catch { return { tools: {}, hosts: { allow: [], deny: [] } } } }
+
+registry.register({
+    name: 'tirith_security',
+    toolset: 'core',
+    schema: { name: 'tirith_security', description: 'Evaluate a candidate action against ~/.freddie/policy.json. Returns allow|deny|ask.', parameters: { type: 'object', properties: { kind: { type: 'string' }, target: { type: 'string' } }, required: ['kind', 'target'] } },
+    handler: async ({ kind, target }) => {
+        const p = loadPolicy()
+        if (kind === 'tool') {
+            const t = p.tools?.[target]
+            if (t === 'allow' || t === 'deny') return { decision: t }
+        }
+        if (kind === 'host') {
+            if (p.hosts?.deny?.some(d => target.includes(d))) return { decision: 'deny' }
+            if (p.hosts?.allow?.some(d => target.includes(d))) return { decision: 'allow' }
+        }
+        return { decision: 'ask' }
+    },
+})

package/src/tools/todo.js

@@ -0,0 +1,54 @@
+import { db } from '../db.js'
+import { registry } from './registry.js'
+
+async function init() {
+    const d = await db()
+    d.exec(`CREATE TABLE IF NOT EXISTS todos (id INTEGER PRIMARY KEY AUTOINCREMENT, session_id TEXT, content TEXT NOT NULL, status TEXT NOT NULL DEFAULT 'pending', created INTEGER NOT NULL, updated INTEGER NOT NULL)`)
+    return d
+}
+
+const ACTIONS = {
+    add: async ({ session_id = null, content }) => {
+        if (!content) return { error: 'content required' }
+        const d = await init(); const now = Date.now()
+        const info = d.prepare(`INSERT INTO todos (session_id, content, status, created, updated) VALUES (?, ?, 'pending', ?, ?)`).run(session_id, content, now, now)
+        return { id: info.lastInsertRowid, content, status: 'pending' }
+    },
+    list: async ({ session_id = null }) => {
+        const d = await init()
+        const rows = session_id ? d.prepare(`SELECT * FROM todos WHERE session_id = ? ORDER BY id DESC`).all(session_id) : d.prepare(`SELECT * FROM todos ORDER BY id DESC`).all()
+        return { todos: rows }
+    },
+    update: async ({ id, status }) => {
+        if (!id) return { error: 'id required' }
+        (await init()).prepare(`UPDATE todos SET status = ?, updated = ? WHERE id = ?`).run(status, Date.now(), id)
+        return { id, status }
+    },
+    complete: async ({ id }) => ACTIONS.update({ id, status: 'completed' }),
+    delete: async ({ id }) => { (await init()).prepare(`DELETE FROM todos WHERE id = ?`).run(id); return { id, deleted: true } },
+}
+
+registry.register({
+    name: 'todo',
+    toolset: 'core',
+    schema: {
+        name: 'todo',
+        description: 'Manage per-session todos. Actions: add, list, update, complete, delete.',
+        parameters: {
+            type: 'object',
+            properties: {
+                action: { type: 'string', enum: Object.keys(ACTIONS) },
+                content: { type: 'string' },
+                id: { type: 'number' },
+                status: { type: 'string' },
+                session_id: { type: 'string' },
+            },
+            required: ['action'],
+        },
+    },
+    handler: async (args) => {
+        const fn = ACTIONS[args.action]
+        if (!fn) return { error: 'unknown action: ' + args.action }
+        return fn(args)
+    },
+})

package/src/tools/tool_backend_helpers.js

@@ -0,0 +1,26 @@
+import { registry } from './registry.js'
+
+export function shapeArgs(schema, args) {
+    if (!schema?.properties) return args
+    const out = {}
+    for (const [k, def] of Object.entries(schema.properties)) {
+        if (k in args) out[k] = args[k]
+        else if ('default' in def) out[k] = def.default
+    }
+    return out
+}
+export function describeTools(filter = null) {
+    let list = registry.list()
+    if (filter) list = list.filter(t => t.toolset === filter)
+    return list.map(t => ({ name: t.name, description: t.schema.description, toolset: t.toolset }))
+}
+registry.register({
+    name: 'tool_backend_helpers',
+    toolset: 'core',
+    schema: { name: 'tool_backend_helpers', description: 'Helper meta-tool: describeTools(filter), shapeArgs(schema, args).', parameters: { type: 'object', properties: { action: { type: 'string', enum: ['describe', 'shape'] }, filter: { type: 'string' }, schema: {}, args: {} }, required: ['action'] } },
+    handler: async ({ action, filter, schema, args }) => {
+        if (action === 'describe') return { tools: describeTools(filter) }
+        if (action === 'shape') return { args: shapeArgs(schema, args || {}) }
+        return { error: 'unknown action' }
+    },
+})

package/src/tools/tool_output_limits.js

@@ -0,0 +1,15 @@
+import { registry } from './registry.js'
+import { getConfigValue } from '../config.js'
+
+export function truncate(s, max = null) {
+    const limit = max ?? getConfigValue('tool.output_limit', 100_000)
+    const t = String(s)
+    if (t.length <= limit) return t
+    return t.slice(0, limit) + `\n…[truncated ${t.length - limit} chars]`
+}
+registry.register({
+    name: 'tool_output_limits',
+    toolset: 'core',
+    schema: { name: 'tool_output_limits', description: 'Apply the configured output truncation cap to a string.', parameters: { type: 'object', properties: { text: { type: 'string' }, max: { type: 'number' } }, required: ['text'] } },
+    handler: async ({ text, max }) => ({ text: truncate(text, max) }),
+})

package/src/tools/tool_result_storage.js

@@ -0,0 +1,20 @@
+import fs from 'node:fs'
+import path from 'node:path'
+import crypto from 'node:crypto'
+import { getFophHome } from '../home.js'
+import { registry } from './registry.js'
+
+function dir() { const d = path.join(getFophHome(), 'tool-results'); fs.mkdirSync(d, { recursive: true }); return d }
+
+registry.register({
+    name: 'tool_result_storage',
+    toolset: 'core',
+    schema: { name: 'tool_result_storage', description: 'Persist a large tool result to disk; return reference token. Actions: store, fetch, list, delete.', parameters: { type: 'object', properties: { action: { type: 'string', enum: ['store', 'fetch', 'list', 'delete'] }, content: { type: 'string' }, token: { type: 'string' } }, required: ['action'] } },
+    handler: async ({ action, content, token }) => {
+        if (action === 'store') { const t = crypto.randomBytes(8).toString('hex'); fs.writeFileSync(path.join(dir(), t + '.txt'), content || '', 'utf8'); return { token: t, bytes: (content || '').length } }
+        if (action === 'fetch') { const f = path.join(dir(), token + '.txt'); return fs.existsSync(f) ? { content: fs.readFileSync(f, 'utf8') } : { error: 'not found' } }
+        if (action === 'list') return { tokens: fs.readdirSync(dir()).filter(f => f.endsWith('.txt')).map(f => f.replace(/\.txt$/, '')) }
+        if (action === 'delete') { const f = path.join(dir(), token + '.txt'); if (fs.existsSync(f)) fs.unlinkSync(f); return { deleted: token } }
+        return { error: 'unknown action' }
+    },
+})

package/src/tools/transcription.js

@@ -0,0 +1,19 @@
+import fs from 'node:fs'
+import { registry } from './registry.js'
+registry.register({
+    name: 'transcription',
+    toolset: 'creative',
+    schema: { name: 'transcription', description: 'Transcribe audio with OpenAI Whisper.', parameters: { type: 'object', properties: { file_path: { type: 'string' }, model: { type: 'string', default: 'whisper-1' } }, required: ['file_path'] } },
+    requiresEnv: ['OPENAI_API_KEY'],
+    checkFn: () => Boolean(process.env.OPENAI_API_KEY),
+    handler: async ({ file_path, model = 'whisper-1' }) => {
+        if (!process.env.OPENAI_API_KEY) return { error: 'OPENAI_API_KEY required' }
+        if (!fs.existsSync(file_path)) return { error: 'file not found: ' + file_path }
+        const blob = new Blob([fs.readFileSync(file_path)])
+        const fd = new FormData()
+        fd.append('file', blob, file_path.split(/[\\/]/).pop())
+        fd.append('model', model)
+        const r = await fetch('https://api.openai.com/v1/audio/transcriptions', { method: 'POST', headers: { authorization: `Bearer ${process.env.OPENAI_API_KEY}` }, body: fd })
+        return await r.json()
+    },
+})

package/src/tools/tts.js

@@ -0,0 +1,19 @@
+import { registry } from './registry.js'
+registry.register({
+    name: 'tts',
+    toolset: 'creative',
+    schema: { name: 'tts', description: 'Synthesize speech (OpenAI tts-1 or ElevenLabs).', parameters: { type: 'object', properties: { text: { type: 'string' }, provider: { type: 'string', enum: ['openai', 'elevenlabs'], default: 'openai' }, voice: { type: 'string' } }, required: ['text'] } },
+    requiresEnv: ['OPENAI_API_KEY or ELEVENLABS_API_KEY'],
+    checkFn: () => Boolean(process.env.OPENAI_API_KEY || process.env.ELEVENLABS_API_KEY),
+    handler: async ({ text, provider = 'openai', voice = 'alloy' }) => {
+        if (provider === 'elevenlabs') {
+            if (!process.env.ELEVENLABS_API_KEY) return { error: 'ELEVENLABS_API_KEY required' }
+            const v = voice || '21m00Tcm4TlvDq8ikWAM'
+            const r = await fetch(`https://api.elevenlabs.io/v1/text-to-speech/${v}`, { method: 'POST', headers: { 'xi-api-key': process.env.ELEVENLABS_API_KEY, 'content-type': 'application/json' }, body: JSON.stringify({ text }) })
+            return { status: r.status, contentType: r.headers.get('content-type'), bytes: (await r.arrayBuffer()).byteLength }
+        }
+        if (!process.env.OPENAI_API_KEY) return { error: 'OPENAI_API_KEY required' }
+        const r = await fetch('https://api.openai.com/v1/audio/speech', { method: 'POST', headers: { authorization: `Bearer ${process.env.OPENAI_API_KEY}`, 'content-type': 'application/json' }, body: JSON.stringify({ model: 'tts-1', input: text, voice }) })
+        return { status: r.status, bytes: (await r.arrayBuffer()).byteLength }
+    },
+})

package/src/tools/url_safety.js

@@ -0,0 +1,15 @@
+import { registry } from './registry.js'
+const SUSPICIOUS = ['phish', 'malware', '.onion']
+const PRIVATE_RANGES = [/^10\./, /^192\.168\./, /^172\.(1[6-9]|2\d|3[01])\./, /^127\./, /^0\./, /^169\.254\./]
+registry.register({
+    name: 'url_safety',
+    toolset: 'core',
+    schema: { name: 'url_safety', description: 'Heuristic URL safety check (private IPs, known-bad TLDs, scheme).', parameters: { type: 'object', properties: { url: { type: 'string' } }, required: ['url'] } },
+    handler: async ({ url }) => {
+        let u; try { u = new URL(url) } catch { return { safe: false, reason: 'invalid URL' } }
+        if (!['http:', 'https:'].includes(u.protocol)) return { safe: false, reason: 'unsupported scheme: ' + u.protocol }
+        if (PRIVATE_RANGES.some(re => re.test(u.hostname))) return { safe: false, reason: 'private IP host' }
+        for (const s of SUSPICIOUS) if (u.hostname.includes(s)) return { safe: false, reason: 'suspicious token: ' + s }
+        return { safe: true, host: u.hostname }
+    },
+})

package/src/tools/vision.js

@@ -0,0 +1,18 @@
+import { registry } from './registry.js'
+registry.register({
+    name: 'vision',
+    toolset: 'creative',
+    schema: { name: 'vision', description: 'Describe an image (URL or base64) using a vision-capable LLM.', parameters: { type: 'object', properties: { image_url: { type: 'string' }, prompt: { type: 'string', default: 'Describe this image.' }, provider: { type: 'string', enum: ['openai', 'anthropic'], default: 'openai' } }, required: ['image_url'] } },
+    requiresEnv: ['OPENAI_API_KEY or ANTHROPIC_API_KEY'],
+    checkFn: () => Boolean(process.env.OPENAI_API_KEY || process.env.ANTHROPIC_API_KEY),
+    handler: async ({ image_url, prompt = 'Describe this image.', provider = 'openai' }) => {
+        if (provider === 'anthropic') {
+            if (!process.env.ANTHROPIC_API_KEY) return { error: 'ANTHROPIC_API_KEY required' }
+            const r = await fetch('https://api.anthropic.com/v1/messages', { method: 'POST', headers: { 'x-api-key': process.env.ANTHROPIC_API_KEY, 'anthropic-version': '2023-06-01', 'content-type': 'application/json' }, body: JSON.stringify({ model: 'claude-sonnet-4-6', max_tokens: 1024, messages: [{ role: 'user', content: [{ type: 'image', source: { type: 'url', url: image_url } }, { type: 'text', text: prompt }] }] }) })
+            return await r.json()
+        }
+        if (!process.env.OPENAI_API_KEY) return { error: 'OPENAI_API_KEY required' }
+        const r = await fetch('https://api.openai.com/v1/chat/completions', { method: 'POST', headers: { authorization: `Bearer ${process.env.OPENAI_API_KEY}`, 'content-type': 'application/json' }, body: JSON.stringify({ model: 'gpt-4o-mini', messages: [{ role: 'user', content: [{ type: 'text', text: prompt }, { type: 'image_url', image_url: { url: image_url } }] }] }) })
+        return await r.json()
+    },
+})

package/src/tools/voice_mode.js

@@ -0,0 +1,10 @@
+import { registry } from './registry.js'
+registry.register({
+    name: 'voice_mode',
+    toolset: 'creative',
+    schema: { name: 'voice_mode', description: 'Toggle full-duplex voice (transcription in + tts out) for the active session. Returns the new state.', parameters: { type: 'object', properties: { enabled: { type: 'boolean' } } } },
+    handler: async ({ enabled }, ctx = {}) => {
+        if (typeof ctx.setVoiceMode === 'function') return await ctx.setVoiceMode(Boolean(enabled))
+        return { enabled: Boolean(enabled), note: 'voice mode toggled in-process; bind ctx.setVoiceMode to wire to a real audio loop' }
+    },
+})

package/src/tools/web_search.js

@@ -0,0 +1,37 @@
+import { registry } from './registry.js'
+
+registry.register({
+    name: 'web_search',
+    toolset: 'browse',
+    schema: {
+        name: 'web_search',
+        description: 'Search the web (DuckDuckGo HTML or SerpAPI). Returns title/url/snippet list.',
+        parameters: {
+            type: 'object',
+            properties: {
+                query: { type: 'string' },
+                limit: { type: 'number', default: 5 },
+            },
+            required: ['query'],
+        },
+    },
+    checkFn: () => true,
+    requiresEnv: ['SERPAPI_KEY (optional, falls back to DDG)'],
+    handler: async ({ query, limit = 5 }) => {
+        if (process.env.SERPAPI_KEY) {
+            const url = `https://serpapi.com/search.json?q=${encodeURIComponent(query)}&api_key=${process.env.SERPAPI_KEY}`
+            const data = await fetch(url).then(r => r.json())
+            const results = (data.organic_results || []).slice(0, limit).map(r => ({ title: r.title, url: r.link, snippet: r.snippet }))
+            return { results }
+        }
+        const fetchFn = globalThis.__fophFetch || fetch
+        const html = await fetchFn(`https://html.duckduckgo.com/html/?q=${encodeURIComponent(query)}`).then(r => r.text())
+        const results = []
+        const re = /<a class="result__a"[^>]*href="([^"]+)"[^>]*>([^<]+)<\/a>[\s\S]*?<a class="result__snippet"[^>]*>([^<]+)<\/a>/g
+        let m
+        while ((m = re.exec(html)) && results.length < limit) {
+            results.push({ url: m[1], title: m[2].replace(/&amp;/g, '&'), snippet: m[3].replace(/<\/?b>/g, '') })
+        }
+        return { results }
+    },
+})

package/src/tools/web_tools.js

@@ -0,0 +1,18 @@
+import { registry } from './registry.js'
+registry.register({
+    name: 'web_fetch',
+    toolset: 'browse',
+    schema: { name: 'web_fetch', description: 'Fetch a URL and return text/json/headers.', parameters: { type: 'object', properties: { url: { type: 'string' }, method: { type: 'string', default: 'GET' }, headers: {}, body: { type: 'string' }, parse: { type: 'string', enum: ['text', 'json'] } }, required: ['url'] } },
+    handler: async ({ url, method = 'GET', headers = {}, body, parse = 'text' }) => {
+        const r = await fetch(url, { method, headers, body })
+        const ct = r.headers.get('content-type')
+        const out = parse === 'json' ? await r.json().catch(() => null) : await r.text()
+        return { status: r.status, contentType: ct, body: out }
+    },
+})
+registry.register({
+    name: 'web_extract',
+    toolset: 'browse',
+    schema: { name: 'web_extract', description: 'Strip tags from HTML to plain text.', parameters: { type: 'object', properties: { html: { type: 'string' } }, required: ['html'] } },
+    handler: async ({ html }) => ({ text: String(html).replace(/<script[\s\S]*?<\/script>/gi, '').replace(/<style[\s\S]*?<\/style>/gi, '').replace(/<[^>]+>/g, ' ').replace(/\s+/g, ' ').trim() }),
+})

package/src/tools/website_policy.js

@@ -0,0 +1,14 @@
+import { registry } from './registry.js'
+import { getConfigValue } from '../config.js'
+registry.register({
+    name: 'website_policy',
+    toolset: 'core',
+    schema: { name: 'website_policy', description: 'Per-host fetch policy (rate limit, allow/deny). Reads config.website_policy.', parameters: { type: 'object', properties: { url: { type: 'string' } }, required: ['url'] } },
+    handler: async ({ url }) => {
+        const policy = getConfigValue('website_policy', { allow: [], deny: [], ratelimit_ms: 1000 }) || {}
+        const u = new URL(url)
+        if (policy.deny?.some(d => u.hostname.includes(d))) return { decision: 'deny' }
+        if (policy.allow?.length && !policy.allow.some(a => u.hostname.includes(a))) return { decision: 'deny', reason: 'not in allow list' }
+        return { decision: 'allow', ratelimit_ms: policy.ratelimit_ms || 1000 }
+    },
+})

package/src/tools/write.js

@@ -0,0 +1,25 @@
+import fs from 'node:fs'
+import path from 'node:path'
+import { registry } from './registry.js'
+
+registry.register({
+    name: 'write',
+    toolset: 'core',
+    schema: {
+        name: 'write',
+        description: 'Write content to a file (overwrites).',
+        parameters: {
+            type: 'object',
+            properties: {
+                path: { type: 'string' },
+                content: { type: 'string' },
+            },
+            required: ['path', 'content'],
+        },
+    },
+    handler: async ({ path: p, content }) => {
+        fs.mkdirSync(path.dirname(p), { recursive: true })
+        fs.writeFileSync(p, content, 'utf8')
+        return { path: p, bytes: Buffer.byteLength(content, 'utf8') }
+    },
+})

package/src/tools/xai_http.js

@@ -0,0 +1,13 @@
+import { registry } from './registry.js'
+registry.register({
+    name: 'xai_grok',
+    toolset: 'core',
+    schema: { name: 'xai_grok', description: 'Chat completion via xAI Grok.', parameters: { type: 'object', properties: { prompt: { type: 'string' }, model: { type: 'string', default: 'grok-3' } }, required: ['prompt'] } },
+    requiresEnv: ['XAI_API_KEY'],
+    checkFn: () => Boolean(process.env.XAI_API_KEY),
+    handler: async ({ prompt, model = 'grok-3' }) => {
+        if (!process.env.XAI_API_KEY) return { error: 'XAI_API_KEY required' }
+        const r = await fetch('https://api.x.ai/v1/chat/completions', { method: 'POST', headers: { authorization: `Bearer ${process.env.XAI_API_KEY}`, 'content-type': 'application/json' }, body: JSON.stringify({ model, messages: [{ role: 'user', content: prompt }] }) })
+        return await r.json()
+    },
+})

package/src/tools/yuanbao_tools.js

@@ -0,0 +1,13 @@
+import { registry } from './registry.js'
+registry.register({
+    name: 'yuanbao_tools',
+    toolset: 'core',
+    schema: { name: 'yuanbao_tools', description: 'Tencent Yuanbao chat completion (Hunyuan).', parameters: { type: 'object', properties: { prompt: { type: 'string' }, model: { type: 'string', default: 'hunyuan-pro' } }, required: ['prompt'] } },
+    requiresEnv: ['YUANBAO_API_KEY'],
+    checkFn: () => Boolean(process.env.YUANBAO_API_KEY),
+    handler: async ({ prompt, model = 'hunyuan-pro' }) => {
+        if (!process.env.YUANBAO_API_KEY) return { error: 'YUANBAO_API_KEY required' }
+        const r = await fetch('https://api.hunyuan.cloud.tencent.com/v1/chat/completions', { method: 'POST', headers: { authorization: `Bearer ${process.env.YUANBAO_API_KEY}`, 'content-type': 'application/json' }, body: JSON.stringify({ model, messages: [{ role: 'user', content: prompt }] }) })
+        return await r.json()
+    },
+})

package/src/toolset_distributions.js

@@ -0,0 +1,18 @@
+import { saveConfigValue } from './config.js'
+
+export const DEFAULT_DISTRIBUTIONS = {
+    coder: { enabledToolsets: ['core', 'browse'], disabledToolsets: [] },
+    researcher: { enabledToolsets: ['core', 'browse', 'creative'], disabledToolsets: [] },
+    ops: { enabledToolsets: ['core'], disabledToolsets: ['creative', 'browse'] },
+    minimal: { enabledToolsets: ['core'], disabledToolsets: ['browse', 'creative'] },
+    full: { enabledToolsets: ['core', 'browse', 'creative'], disabledToolsets: [] },
+}
+export function listDistributions() { return Object.keys(DEFAULT_DISTRIBUTIONS) }
+export function getDistribution(name) { return DEFAULT_DISTRIBUTIONS[name] || null }
+export function applyDistribution(name) {
+    const d = getDistribution(name)
+    if (!d) throw new Error('unknown distribution: ' + name)
+    saveConfigValue('toolsets.enabled', d.enabledToolsets)
+    saveConfigValue('toolsets.disabled', d.disabledToolsets)
+    return d
+}

package/src/toolsets.js

@@ -0,0 +1,26 @@
+import { registry, discoverBuiltinTools } from './tools/registry.js'
+
+export const _FREDDIE_CORE_TOOLS = ['bash', 'read', 'write', 'edit', 'grep']
+
+export async function getEnabledToolSchemas(enabled = ['core'], disabled = []) {
+    await discoverBuiltinTools()
+    const all = registry.available()
+    const enabledSet = new Set(enabled)
+    const disabledSet = new Set(disabled)
+    return all.filter(t => enabledSet.has(t.toolset) && !disabledSet.has(t.name)).map(t => t.schema)
+}
+
+export async function getEnabledToolNames(enabled = ['core'], disabled = []) {
+    await discoverBuiltinTools()
+    const all = registry.available()
+    const enabledSet = new Set(enabled)
+    const disabledSet = new Set(disabled)
+    return all.filter(t => enabledSet.has(t.toolset) && !disabledSet.has(t.name)).map(t => t.name)
+}
+
+export async function getAvailableToolsets() {
+    await discoverBuiltinTools()
+    const ts = new Set()
+    for (const t of registry.list()) ts.add(t.toolset)
+    return [...ts]
+}

package/src/tui/index.js

@@ -0,0 +1,26 @@
+import { interactive } from '../cli/interactive.js'
+import { logger } from '../observability/log.js'
+
+const log = logger('tui')
+
+let _piTui = null
+async function probePiTui() {
+    if (_piTui !== null) return _piTui
+    try { _piTui = await import('@mariozechner/pi-tui') } catch { _piTui = false }
+    return _piTui
+}
+
+export async function launchTui({ output = process.stdout, callLLM = null } = {}) {
+    const tui = await probePiTui()
+    if (!tui) {
+        log.info('pi-tui unavailable, falling back to readline cli')
+        return interactive({ output, callLLM })
+    }
+    if (!process.stdout.isTTY) {
+        log.info('non-tty, falling back to readline cli')
+        return interactive({ output, callLLM })
+    }
+    if (typeof tui.InteractiveMode === 'function') return new tui.InteractiveMode({ callLLM })
+    log.info('pi-tui shape unfamiliar, falling back')
+    return interactive({ output, callLLM })
+}

package/src/utils.js

@@ -0,0 +1,54 @@
+import crypto from 'node:crypto'
+export const clamp = (v, lo, hi) => Math.min(hi, Math.max(lo, v))
+export const sleep = (ms) => new Promise(r => setTimeout(r, ms))
+export async function retry({ fn, attempts = 3, backoff = 200, factor = 2 }) {
+    let last
+    for (let i = 0; i < attempts; i++) {
+        try { return await fn(i) } catch (e) { last = e; if (i < attempts - 1) await sleep(backoff * Math.pow(factor, i)) }
+    }
+    throw last
+}
+export function debounce(fn, ms) {
+    let t = null
+    return (...args) => { clearTimeout(t); t = setTimeout(() => fn(...args), ms) }
+}
+export function sha256(s) { return crypto.createHash('sha256').update(s).digest('hex') }
+export function randomId(len = 12) { return crypto.randomBytes(len).toString('hex') }
+export function deepClone(o) { return JSON.parse(JSON.stringify(o)) }
+export function deepMerge(t, s) {
+    if (!s || typeof s !== 'object') return t
+    for (const k of Object.keys(s)) {
+        if (s[k] && typeof s[k] === 'object' && !Array.isArray(s[k]) && t[k] && typeof t[k] === 'object' && !Array.isArray(t[k])) deepMerge(t[k], s[k])
+        else t[k] = s[k]
+    }
+    return t
+}
+const SECRET_PATTERNS = [
+    /sk-[A-Za-z0-9-_]{20,}/g,
+    /ghp_[A-Za-z0-9]{36}/g,
+    /xox[baprs]-[A-Za-z0-9-]{10,}/g,
+    /AKIA[0-9A-Z]{16}/g,
+    /[a-zA-Z0-9._%+-]+:[^@\s]+@[a-zA-Z0-9.-]+/g,
+    /Bearer\s+[A-Za-z0-9._-]+/gi,
+]
+export function redactSecret(s) {
+    let out = String(s)
+    for (const re of SECRET_PATTERNS) out = out.replace(re, '[REDACTED]')
+    return out
+}
+export function ansiStrip(s) {
+    return String(s).replace(/\x1b\[[0-9;?]*[A-Za-z]/g, '').replace(/\x1b\][^\x07]*\x07/g, '')
+}
+export function fuzzyMatch(needle, hay) {
+    needle = String(needle).toLowerCase(); hay = String(hay).toLowerCase()
+    let i = 0, score = 0
+    for (const c of hay) {
+        if (i < needle.length && c === needle[i]) { score += 2 + (score & 1); i++ } else { score = score & ~1 }
+    }
+    return i === needle.length ? score : 0
+}
+export function parseEnvKeyList(name) {
+    const v = process.env[name]
+    if (!v) return []
+    return v.split(',').map(x => x.trim()).filter(Boolean)
+}