ghost-dragon 4.2.1

package/.github/workflows/ci.yml

@@ -0,0 +1,23 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  build-test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+          cache: npm
+      - run: npm ci
+      - name: Build
+        run: npm run build
+      - name: Typecheck (no dead code)
+        run: npm run typecheck
+      - name: Tests (security + pure logic)
+        run: npx vitest run

package/CHANGELOG.md

@@ -0,0 +1,96 @@
+# Changelog
+
+## 4.2.1 (2026-06-04)
+
+Positioning + hardening pass from the premortem & competitive teardown
+(`specs/002-premortem-positioning/premortem.md`, methodology captured as the
+`agentic-cli-premortem` skill). No new features — breadth is deliberately frozen.
+
+- **README reframed** from the stale v1.0.0 "product manager" framing to what Dragon
+  actually is: the **sovereign operator console for the Ghost Protocol stack**. Leads with
+  the three wedges the incumbents can't follow (sovereignty, owned cross-session memory,
+  stack-fusion), an honest three-way matrix vs Claude Code / Copilot CLI, and a Positioning
+  note (bundled/internal, not a public coding-CLI). DragonSpark/`ghost` reframed as optional
+  R&D upside, not a dependency.
+- **Closed the "untested authed / single-machine path" gap.** Extracted pure, injectable
+  cores so the previously machine-dependent paths are deterministically tested:
+  `resolveAuthFrom(env, cfg)` in `auth.ts` (token > session > none precedence, env > config,
+  origin self-heal, header-injection rejection) and `normalizeWorkerTurn(data)` in
+  `brain/worker.ts` (tolerant of the flaky fp8 tool-caller — string/object/missing args,
+  nameless tool_calls, empty response). +14 tests (`test/auth.test.ts`, `test/brain.test.ts`).
+- Corrected stale `auth.ts` doc comment (device-flow shipped; token is the primary path).
+
+## 4.2.0 (2026-06-04)
+
+`dragon tui` rebuilt into an operator command-center, in the ghosts.lk visual language
+(near-black depth, brushed-chrome, a whisper of emerald), using advanced/obscure
+terminal-graphics craft (now captured as the `advanced-tui-design` +
+`terminal-subcell-graphics` skills):
+
+- **Flicker-free**: runs on the alternate screen buffer (htop-style; restores your
+  scrollback), hides the cursor, and paints each frame inside **synchronized output
+  (DEC ?2026)** with per-line clear-to-EOL — atomic, tear-free frames.
+- **Hero**: chrome-gradient phantom sigil + letter-spaced wordmark + eyebrow + tagline.
+- **Live panels**: two-column SYSTEM · SIGNAL with status dots, a **disk gauge**
+  (eighth-cell precision, green→amber→red) and a **traces-per-hour sparkline**
+  (`▁▂▃▄▅▆▇█`), plus a pulsing emerald OPSEC bar with a heartbeat.
+- New `ui.ts` primitives: `sparkline()`, `gauge()`, `joinColumns()`, `chromeRule()`,
+  `emerald`. Width-aware (wide columns / narrow stacked); graceful color downsampling.
+
+## 4.1.0 (2026-06-04)
+
+Structured stack-action tools — closes the last godmode item. Contracts mapped by
+parallel investigation agents, one per product.
+
+- **`stack_pentest`** — runs a PhantomDragon web scan against a URL (authorized
+  targets only; `dangerous`, always prompts) and returns structured findings
+  (severity, category, CVSS, confirmed, remediation) + risk summary, parsed from
+  the scanner's native `findings.json`.
+- **`stack_keep`** — runs a DragonKeep system-security scan (read-only) via
+  `--format json` and returns structured findings (severity, CVSS, fix) + summary.
+  stdout/stderr kept separate so progress never corrupts the parsed JSON.
+- **OSINT/DragonNet** needs no bespoke tool — it ships an MCP server; wire it with
+  `dragon mcp add dragonnet …` and the MCP hub exposes its 5 tools.
+
+## 4.0.0 — "Godmode" (2026-06-04)
+
+Dragon becomes a flagship operator toolkit: a Claude-Code-style coding **and** ops
+agent that runs on any brain, remembers across sessions, and is hardened like we'd
+pentest a client. (Major bump — the CLI is fundamentally an agent now.)
+
+### Agent
+- Client-side model↔tool loop with local coding tools: read / write / edit / list /
+  glob / grep / bash.
+- **Pluggable brain** with graceful fallback + first-run picker: `claude` (default) ·
+  `worker` (free Cloudflare Workers AI, zero-key) · `local` (Ollama) · `ghost`
+  (DragonSpark) · `openai` · `custom` (any OpenAI-compatible endpoint).
+- **Deep Wyrm memory** by default — recall + capture across sessions; primes project context.
+- **Skills-as-tools** — search + apply the 200+ Ghost Protocol skill library mid-task.
+- **Stack-fused** — `stack_status` / `stack_run` drive the whole dragon stack.
+- **Sub-agents** — a `task` tool spawns focused read-only investigators.
+- **MCP hub** — `dragon mcp add` wires in any MCP server's tools.
+- Hosted account assistant available as the `portal_ask` tool.
+
+### Auth
+- `dragon login` browser device-code flow (90-day bearer tokens); `--session`/`--token` fallbacks.
+
+### Safety (DEF-CON self-pentest → fixed)
+- File tools confined to the working dir (symlink-aware); credential paths blocked.
+- `bash` is always-prompt (never auto-run); catastrophic-command flagging; full command shown.
+- `--sandbox` runs shell in a bwrap jail (cwd writable, rest read-only, secrets masked).
+- Secrets 0600 (config + traces); broad redaction; credential header-injection guard;
+  SSRF / restricted-port URL guard; global crash handler (`--debug` for stacks).
+
+### Modes & QoL
+- `--auto` (safe in-cwd writes) · `--plan` (read-only) · `--sovereign` (local brain + Wyrm only).
+- `dragon doctor` (health panel) · `dragon brains` (model picker) · `dragon tui` (live dashboard)
+  · `dragon mcp` · `dragon completions` (bash/zsh/fish) · `dragon upgrade` (self-update).
+- Session resume (`--resume`) + transcript export (`/save`). Trace flywheel → DragonSpark.
+
+### Brand & quality
+- Stealth-silver "ops console" theme across every surface.
+- 21 adversarial/unit tests + GitHub Actions CI (build + no-unused + tests).
+
+### Companions
+- DragonSpark (our nano-LLM, the `ghost` brain) scaffolded; DragonBrain appliance now
+  bundles the agent for sovereign on-box operation.

package/README.md

@@ -0,0 +1,193 @@
+<p align="center">
+  <img src="media/dragon-silver.png" alt="Ghost Protocol Dragon" width="190" />
+</p>
+
+<h1 align="center">Dragon CLI</h1>
+
+**The sovereign operator console for the Ghost Protocol stack.** A Claude-Code-style
+agentic coding **and** ops CLI that runs on any brain — including fully on-host or free —
+remembers across every project, drives Ghost Protocol's own security tooling, and is
+hardened like we'd pentest a client.
+
+```
+   ▄▄▄▄▄
+  ▟█████▙     G H O S T   P R O T O C O L
+  █ ▘ ▘ █     ▌ OPERATOR CONSOLE // DRAGON v4.2.1
+  ▜█████▛     on-host coding + ops agent · sovereign-capable · ghosts.lk
+   ▘▘ ▘▘
+```
+
+> Proprietary © 2026 Ghost Protocol (Pvt) Ltd. Internal + bundled tooling — not a public,
+> general-purpose coding CLI. See **[Positioning](#positioning)** for why that's deliberate.
+
+---
+
+## Why this exists (and why it isn't trying to be "Claude Code, but ours")
+
+Claude Code (Anthropic) and Copilot CLI (GitHub) are excellent, better-resourced, and own
+the model frontier. Dragon does **not** try to out-quality them on raw model output — that's
+a losing axis. It wins on the three things neither incumbent can structurally follow:
+
+| | **Dragon** | Claude Code | Copilot CLI |
+|---|---|---|---|
+| **Sovereignty** — runs fully on-host or free | ✅ `--sovereign` (local + Wyrm, zero cloud) · free `worker` brain | ❌ cloud-only | ❌ cloud-only |
+| **Memory you own** — cross-session, cross-project | ✅ Wyrm by default | partial (vendor-side) | ❌ cloud-tied |
+| **Stack-fusion** — drives our own security tools | ✅ `stack_pentest` · `stack_keep` | ❌ | ❌ |
+| Cost floor | **~$0** (local/worker) | $$$ | $$ (premium requests) |
+| Hardening | built + self-pentested by us | OS sandbox | `/sandbox` |
+| Model quality | rents the best (Claude default) | **owns it** | rents Claude |
+
+It rents the best model when quality matters (Claude is the default brain) and falls back to
+free or fully-local brains when sovereignty or cost matters more. **Use the right tool for the
+job** — Dragon is the one wired into *our* stack and memory.
+
+---
+
+## Install
+
+```bash
+git clone https://github.com/ghosts-lk/dragon-cli.git
+cd dragon-cli
+npm install && npm run build && npm link    # → `dragon` on your PATH
+# or run from source without linking:
+npx tsx src/index.ts --help
+```
+
+Requires **Node.js 18+**. On first `dragon chat` with no brain configured you'll get a model
+picker; or sign in for the free brain with `dragon login`.
+
+---
+
+## Quick start
+
+```bash
+dragon login                 # browser device-code sign-in → free Cloudflare brain, no API key
+dragon chat                  # interactive agent REPL (coding + ops)
+dragon ask "what changed in src today?"   # one-shot, read-only by default
+dragon doctor                # health panel: brain, auth, memory, skills, stack
+dragon tui                   # live operator command-center (press q to quit)
+```
+
+In `chat`: `/brain` switch model · `/tools` list · `/memory <q>` recall · `/auto` arm safe
+writes · `/plan` read-only · `@path` attach a file · `/save` export transcript · Ctrl-C aborts
+the turn.
+
+---
+
+## Brains (pluggable model, with graceful fallback)
+
+Tools always execute **locally**; the brain only does inference. Pick per-invocation with
+`--brain <id>`, or set a default with `dragon brains` / `dragon config brain <id>`.
+
+| Brain | What it is | Needs |
+|---|---|---|
+| `claude` *(default)* | Anthropic Claude (`claude-sonnet-4-6`) — best quality | `ANTHROPIC_API_KEY` |
+| `worker` | **Free**, zero-key — our Cloudflare Workers AI (Llama 3.3 70B) | just `dragon login` |
+| `local` | Ollama / any OpenAI-compatible local server — sovereign, $0 | Ollama running |
+| `ghost` | **DragonSpark**, our own nano-LLM *(optional R&D upside — not required)* | DragonSpark served |
+| `openai` | OpenAI models | `OPENAI_API_KEY` |
+| `custom` | Any OpenAI-compatible endpoint (OpenRouter, vLLM, LM Studio…) | `DRAGON_OPENAI_BASE` |
+
+A configured brain that can't run (e.g. `claude` with no key) **auto-falls back** to `worker`
+(if signed in) and then `local`, so the CLI always does *something* useful.
+
+---
+
+## What the agent can do (tool surface)
+
+- **Code** — read / write / edit / list / glob / grep / bash (local files, ripgrep-backed).
+- **Remember** — deep **Wyrm** memory by default: recalls + captures across sessions, primes
+  project context into the system prompt.
+- **Apply skills** — searches + reads the 200+ Ghost Protocol skill library mid-task
+  (`skill_search` / `skill_read`).
+- **Drive the stack** — `stack_status` / `stack_run` (any `dragon` subcommand),
+  `stack_pentest` (PhantomDragon web scan → structured findings),
+  `stack_keep` (DragonKeep system scan → structured findings).
+- **Delegate** — a read-only `task` sub-agent for focused investigation.
+- **Extend** — an **MCP hub**: `dragon mcp add <name> …` wires any MCP server's tools in.
+- **Ask the portal** — `portal_ask` hits the hosted account.ghosts.lk assistant (when signed in).
+
+### Modes
+
+```bash
+dragon chat --auto         # allow safe, in-cwd file writes without prompting
+dragon ask  --plan         # read-only profile (no writes, no bash mutations)
+dragon chat --sovereign    # local brain + Wyrm only — no cloud, no portal
+dragon chat --sandbox      # run bash inside a bubblewrap jail (cwd writable, rest read-only,
+                           #   ~/.ssh /.aws /.gnupg /.dragon masked via tmpfs)
+```
+
+---
+
+## Security (built + self-pentested by the team that sells pentests)
+
+This is both the biggest liability of an agent that can touch your machine **and** the point.
+The hardening must never regress:
+
+- **Working-dir confinement** — file tools are sandboxed to the cwd (realpath/symlink-aware);
+  reads outside need approval; **credential paths are blocked outright**
+  (`.ssh`, `.aws`, `.gnupg`, `.dragon`, `.env`, `*.pem`).
+- **`bash` is always-prompt** — never auto-run, the full command is shown, catastrophic
+  patterns are flagged. `--sandbox` adds a bubblewrap jail.
+- **Secrets at rest 0600** — config + traces; broad redaction of key/cookie/JWT shapes in
+  traces and logs.
+- **Network guards** — restricted-port / SSRF URL guard; HTTP-header-injection guard on all
+  credentials (no CRLF smuggling).
+- **Fail safe** — global crash handler (`--debug` for stacks); a slow/broken brain or Wyrm
+  degrades gracefully instead of hanging.
+
+Verified by an adversarial unit suite (`npm test`) + GitHub Actions CI (build · typecheck ·
+tests). The auth-resolution and worker-brain paths are pure-function-tested so they're
+deterministic on any machine — not just the author's.
+
+---
+
+## Commands
+
+```bash
+dragon chat | ask          # the agent (interactive REPL | one-shot)
+dragon login               # browser device-code sign-in (--paste for headless boxes)
+dragon brains              # interactive model picker / set default brain
+dragon config <...>        # brain | model | key | custom-url | show
+dragon doctor              # health panel    ·   dragon contract  (config contract test)
+dragon tui                 # live operator command-center
+dragon mcp add|list|remove # MCP server hub
+dragon completions <shell> # bash | zsh | fish completions
+dragon upgrade             # git-pull self-update
+dragon --help              # everything, incl. the per-product stack commands
+```
+
+Stack commands (`dragon scale | wyrm | pentest | keep | osint | …`) drive the individual
+Ghost Protocol products; the agent reaches them via `stack_run`. See `dragon --help`.
+
+---
+
+## Configuration
+
+Stored at `~/.dragon/config.json` (mode **0600** — it may hold a token). Holds the active
+brain + model, product paths, MCP servers, and auth. Env vars always override config:
+`ANTHROPIC_API_KEY`, `OPENAI_API_KEY`, `DRAGON_BRAIN`, `DRAGON_MODEL`, `DRAGON_TOKEN`,
+`DRAGON_SESSION`, `DRAGON_API`, `DRAGON_LOCAL_URL`, `DRAGON_GHOST_URL`, `DRAGON_OPENAI_BASE`,
+`DRAGON_NO_TRACE`.
+
+The trace flywheel logs each settled turn (secret-redacted) to `~/.dragon/traces/<date>.jsonl`
+→ training data for DragonSpark. Disable with `--no-trace` / `DRAGON_NO_TRACE`.
+
+---
+
+## Tech stack
+
+Node 18+ · TypeScript (ESM) · Commander · `@anthropic-ai/sdk` · `@modelcontextprotocol/sdk` ·
+chalk · boxen · conf · vitest. DragonBrain bundles the agent for sovereign on-box operation.
+
+## Positioning
+
+Dragon is **bundled and internal**, not a public coding-CLI vying for mindshare against
+Anthropic and GitHub. Its job is to (a) make Ghost Protocol's solo operator faster across the
+portfolio, and (b) ship as the sovereign agent inside DragonBrain / the PTaaS offering, where
+the buyer is already acquired. The deep analysis behind this is in
+[`specs/002-premortem-positioning/premortem.md`](specs/002-premortem-positioning/premortem.md).
+
+## License
+
+Proprietary © 2026 Ghost Protocol (Pvt) Ltd. All Rights Reserved · [ghosts.lk](https://ghosts.lk)

package/bootstrap.ps1

@@ -0,0 +1,83 @@
+# Ghost Protocol · Dragon Stack Bootstrap · Windows PowerShell
+# Pipe into PowerShell on a fresh Windows machine:
+#   iwr -useb https://raw.githubusercontent.com/ghosts-lk/dragon-cli/main/bootstrap.ps1 | iex
+#
+# Spec: dragon-platform/specs/009-bootstrap-cross-os
+# Copyright 2026 Ghost Protocol (Pvt) Ltd. All Rights Reserved.
+
+$ErrorActionPreference = "Stop"
+$Esc = [char]27
+function Green($t) { Write-Host "$Esc[32m$t$Esc[0m" }
+function Dim($t)   { Write-Host "$Esc[2m$t$Esc[0m" }
+function Warn($t)  { Write-Host "$Esc[33m! $t$Esc[0m" }
+function Fail($t)  { Write-Host "$Esc[31mx $t$Esc[0m"; exit 1 }
+
+Green "[Dragon Stack Bootstrap · Windows] Ghost Protocol · ghosts.lk"
+Write-Host ""
+
+# 1. Sanity checks
+foreach ($cmd in @("git", "node", "npm")) {
+  if (-not (Get-Command $cmd -ErrorAction SilentlyContinue)) {
+    Fail "Missing required tool: $cmd · install Node 22+ (https://nodejs.org) and Git, then re-run"
+  }
+}
+
+# 2. Recommended tools
+if (-not (Get-Command python -ErrorAction SilentlyContinue) -and
+    -not (Get-Command python3 -ErrorAction SilentlyContinue)) {
+  Warn "python not found · Phantom Memory + DragonChronicle will be skipped"
+}
+if (-not (Get-Command cargo -ErrorAction SilentlyContinue)) {
+  Warn "cargo not found · DragonKeep build will be skipped (https://rustup.rs)"
+}
+if (-not (Get-Command pnpm -ErrorAction SilentlyContinue)) {
+  Warn "pnpm not found · npm install -g pnpm recommended"
+}
+
+# 3. Resolve install root
+$Root = if ($env:DRAGON_ROOT) { $env:DRAGON_ROOT } else { Join-Path $HOME "GitProjects" }
+New-Item -ItemType Directory -Force -Path $Root | Out-Null
+Green "Install root: $Root"
+
+# 4. Clone dragon-cli
+$CliDir = Join-Path $Root "dragon-cli"
+if (Test-Path $CliDir) {
+  Dim "  ~ dragon-cli already present · pulling latest"
+  Push-Location $CliDir
+  git pull --quiet
+  Pop-Location
+} else {
+  Green "  + cloning dragon-cli"
+  git clone --quiet https://github.com/ghosts-lk/dragon-cli.git $CliDir
+}
+
+# 5. Build dragon-cli
+Push-Location $CliDir
+Green "  + npm install + build"
+npm install --silent
+npm run build --silent
+Pop-Location
+
+# 6. Add `dragon` to PATH via a Scripts shim
+$ShimDir = Join-Path $env:LOCALAPPDATA "Dragon\bin"
+New-Item -ItemType Directory -Force -Path $ShimDir | Out-Null
+$ShimPath = Join-Path $ShimDir "dragon.cmd"
+$NodePath = (Get-Command node).Source
+$EntryJs  = Join-Path $CliDir "dist\index.js"
+@"
+@echo off
+"$NodePath" "$EntryJs" %*
+"@ | Set-Content -Encoding ASCII $ShimPath
+
+# 7. Persist PATH (user scope)
+$userPath = [Environment]::GetEnvironmentVariable("Path", "User")
+if ($userPath -notlike "*$ShimDir*") {
+  [Environment]::SetEnvironmentVariable("Path", "$userPath;$ShimDir", "User")
+  Green "  + added $ShimDir to user PATH (restart shell to pick up)"
+}
+
+# 8. Optional: register dragonkeep as a Windows Service (admin only)
+Write-Host ""
+Green "[Dragon] bootstrap complete · run 'dragon list' to see installable modules"
+Dim   "[Dragon] Windows ETW path: 'dragonkeep monitor --etw' (run elevated)"
+Dim   "[Dragon] open Dragon Console: 'dragon up dragon-console' then http://localhost:4090"

package/bootstrap.sh

@@ -0,0 +1,71 @@
+#!/bin/sh
+# Ghost Protocol · Dragon Stack Bootstrap
+# Pipe into shell on a fresh machine:
+#   curl -fsSL https://raw.githubusercontent.com/ghosts-lk/dragon-cli/main/bootstrap.sh | sh
+#
+# Copyright 2026 Ghost Protocol (Pvt) Ltd. All Rights Reserved.
+
+set -e
+
+GREEN='\033[0;32m'
+DIM='\033[2m'
+RESET='\033[0m'
+
+echo "${GREEN}[Dragon Stack Bootstrap]${RESET} Ghost Protocol · ghosts.lk"
+echo ""
+
+# 1. Sanity checks
+for cmd in git node npm; do
+  if ! command -v "$cmd" >/dev/null 2>&1; then
+    echo "✗ Missing required tool: $cmd"
+    echo "  Install Node 18+ (https://nodejs.org) and git, then re-run."
+    exit 1
+  fi
+done
+
+# 2. Check Python (recommended)
+if ! command -v python3 >/dev/null 2>&1; then
+  echo "⚠ python3 not found — Python tools (Phantom Memory, MCP servers, DragonChronicle) will be skipped"
+fi
+
+# 3. Check pnpm (recommended)
+if ! command -v pnpm >/dev/null 2>&1; then
+  echo "⚠ pnpm not found — npm install -g pnpm recommended for monorepo products"
+fi
+
+# 4. Check Rust (DragonKeep)
+if ! command -v cargo >/dev/null 2>&1; then
+  echo "⚠ cargo not found — DragonKeep build will be skipped (https://rustup.rs)"
+fi
+
+# 5. Clone dragon-cli if not present
+DRAGON_HOME="${DRAGON_HOME:-$HOME/Git Projects/dragon-cli}"
+if [ ! -d "$DRAGON_HOME/.git" ]; then
+  echo "${DIM}Cloning dragon-cli to $DRAGON_HOME${RESET}"
+  mkdir -p "$(dirname "$DRAGON_HOME")"
+  git clone https://github.com/ghosts-lk/dragon-cli.git "$DRAGON_HOME"
+fi
+
+# 6. Build + link dragon
+echo "${DIM}Installing dragon-cli...${RESET}"
+cd "$DRAGON_HOME"
+npm install --silent
+npm run build
+npm link
+
+# 7. Run the full stack bootstrap
+echo ""
+echo "${GREEN}[dragon up]${RESET} bringing up the rest of the stack..."
+echo ""
+dragon up
+
+echo ""
+echo "${GREEN}✓ Dragon stack bootstrap complete.${RESET}"
+echo ""
+echo "Next steps:"
+echo "  dragon list             — see installed products"
+echo "  dragon serve            — start the daemons"
+echo "  dragon status           — verify everything is online"
+echo "  dragon ai mcp-config    — wire Claude Desktop to the MCP servers"
+echo ""
+echo "Documentation: https://ghosts.lk"

package/dist/agent/loop.d.ts

@@ -0,0 +1,68 @@
+/**
+ * The agent loop — Dragon's engine. Runs the model↔tool cycle entirely
+ * client-side so tools touch THIS machine:
+ *
+ *   user → brain.turn(tools) → [tool calls?] → execute locally → feed back → repeat
+ *                                  └ no calls → final answer, done
+ *
+ * Tools come from three sources, routed by name: local coding tools (read/edit/
+ * bash/grep…), the curated Wyrm memory tools (`wyrm_*` → MCP), and the optional
+ * hosted Dragon portal (`portal_ask`). Wyrm is wired by default and the system
+ * prompt tells the model to use it as long-term memory.
+ *
+ * Copyright 2026 Ghost Protocol (Pvt) Ltd. All Rights Reserved.
+ */
+import type { Brain, BrainMessage, ToolSpec } from '../brain/types.js';
+import { type ToolContext } from './tools.js';
+import type { Wyrm } from '../wyrm/mcp.js';
+import type { SkillLibrary } from './skills.js';
+import type { StackTools } from './stack.js';
+import type { McpHub } from './mcp.js';
+import type { TaskTool } from './task.js';
+export interface PortalTool {
+    spec: ToolSpec;
+    call(args: Record<string, unknown>): Promise<string>;
+}
+export interface AgentRender {
+    /** First text delta of an assistant segment (print the ◆ prefix etc). */
+    onAssistantStart(): void;
+    onDelta(s: string): void;
+    onToolStart(summary: string): void;
+    onToolEnd(summary: string, resultPreview: string, ok: boolean): void;
+}
+export interface AgentDeps {
+    brain: Brain;
+    wyrm: Wyrm | null;
+    portal: PortalTool | null;
+    skills: SkillLibrary | null;
+    stack: StackTools | null;
+    mcp: McpHub | null;
+    task: TaskTool | null;
+    cwd: string;
+    system: string;
+    toolCtx: ToolContext;
+    messages: BrainMessage[];
+}
+export declare function buildSystemPrompt(opts: {
+    cwd: string;
+    wyrm: boolean;
+    portal: boolean;
+    brainId: string;
+    skills?: number;
+    primed?: string | null;
+}): string;
+/** Build the full tool surface handed to the brain this session. */
+export declare function buildToolSpecs(deps: {
+    wyrm: Wyrm | null;
+    portal: PortalTool | null;
+    skills: SkillLibrary | null;
+    stack: StackTools | null;
+    mcp: McpHub | null;
+    task: TaskTool | null;
+}): ToolSpec[];
+/**
+ * Run one user message to completion (through any number of tool steps).
+ * Mutates deps.messages so the conversation persists across calls.
+ */
+export declare function runAgent(deps: AgentDeps, userText: string, render: AgentRender, signal: AbortSignal): Promise<void>;
+//# sourceMappingURL=loop.d.ts.map

package/dist/agent/loop.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"loop.d.ts","sourceRoot":"","sources":["../../src/agent/loop.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,KAAK,EAAE,YAAY,EAAY,QAAQ,EAAE,MAAM,mBAAmB,CAAA;AAChF,OAAO,EAAgC,KAAK,WAAW,EAAE,MAAM,YAAY,CAAA;AAC3E,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAA;AAC1C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAC/C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAC5C,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,UAAU,CAAA;AACtC,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAA;AAIzC,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,QAAQ,CAAA;IACd,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;CACrD;AAED,MAAM,WAAW,WAAW;IAC1B,yEAAyE;IACzE,gBAAgB,IAAI,IAAI,CAAA;IACxB,OAAO,CAAC,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAA;IAClC,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,GAAG,IAAI,CAAA;CACrE;AAED,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,KAAK,CAAA;IACZ,IAAI,EAAE,IAAI,GAAG,IAAI,CAAA;IACjB,MAAM,EAAE,UAAU,GAAG,IAAI,CAAA;IACzB,MAAM,EAAE,YAAY,GAAG,IAAI,CAAA;IAC3B,KAAK,EAAE,UAAU,GAAG,IAAI,CAAA;IACxB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAA;IAClB,IAAI,EAAE,QAAQ,GAAG,IAAI,CAAA;IACrB,GAAG,EAAE,MAAM,CAAA;IACX,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,WAAW,CAAA;IACpB,QAAQ,EAAE,YAAY,EAAE,CAAA;CACzB;AAED,wBAAgB,iBAAiB,CAAC,IAAI,EAAE;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,GAAG,MAAM,CA+BzJ;AAED,oEAAoE;AACpE,wBAAgB,cAAc,CAAC,IAAI,EAAE;IAAE,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;IAAC,MAAM,EAAE,UAAU,GAAG,IAAI,CAAC;IAAC,MAAM,EAAE,YAAY,GAAG,IAAI,CAAC;IAAC,KAAK,EAAE,UAAU,GAAG,IAAI,CAAC;IAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,IAAI,EAAE,QAAQ,GAAG,IAAI,CAAA;CAAE,GAAG,QAAQ,EAAE,CAUnM;AAoCD;;;GAGG;AACH,wBAAsB,QAAQ,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CA4BzH"}