hovclaw 0.1.3 → 0.1.4

package/dist/hovclaw.js

@@ -116,7 +116,27 @@ const DEFAULT_FILE_CONFIG = {
 			"tail",
 			"wc"
 		],
-		tools: { bashEnabled: false }
+		tools: {
+			bashEnabled: false,
+			exec: {
+				enabled: false,
+				security: "allowlist",
+				ask: "on-miss",
+				approvalTimeoutMs: 12e4,
+				allowlist: [],
+				safeBins: [...[
+					"jq",
+					"grep",
+					"cut",
+					"sort",
+					"uniq",
+					"head",
+					"tail",
+					"tr",
+					"wc"
+				]]
+			}
+		}
 	},
 	channels: {
 		discord: {
@@ -221,6 +241,22 @@ const commandsConfigSchema = z.object({
 	useAccessGroups: z.boolean(),
 	allowFrom: commandAllowFromSchema
 });
+const runtimeExecConfigSchema = z.object({
+	enabled: z.boolean(),
+	security: z.enum([
+		"deny",
+		"allowlist",
+		"full"
+	]),
+	ask: z.enum([
+		"off",
+		"on-miss",
+		"always"
+	]),
+	approvalTimeoutMs: z.number().int().positive(),
+	allowlist: z.array(z.string().min(1)),
+	safeBins: z.array(z.string().min(1))
+});
 const telegramTopicConfigSchema = z.object({
 	enabled: z.boolean().optional(),
 	requireMention: z.boolean().optional(),
@@ -383,7 +419,10 @@ const fileConfigSchema = z.object({
 		allowedReadRoots: z.array(z.string().min(1)),
 		allowedWriteRoots: z.array(z.string().min(1)),
 		allowedCommandPrefixes: z.array(z.string().min(1)).min(1),
-		tools: z.object({ bashEnabled: z.boolean() })
+		tools: z.object({
+			bashEnabled: z.boolean(),
+			exec: runtimeExecConfigSchema
+		})
 	}),
 	channels: z.object({
 		discord: z.object({
@@ -460,7 +499,21 @@ const partialFileConfigSchema = z.object({
 	bindings: fileConfigSchema.shape.bindings.optional(),
 	models: fileConfigSchema.shape.models.partial().optional(),
 	commands: commandsConfigSchema.partial().optional(),
-	runtime: fileConfigSchema.shape.runtime.partial().optional(),
+	runtime: z.object({
+		mode: z.enum(["local", "container"]).optional(),
+		containerImage: z.string().min(1).optional(),
+		idleTimeoutMs: z.number().int().positive().optional(),
+		networkMode: z.string().min(1).optional(),
+		timeoutMs: z.number().int().positive().optional(),
+		maxOutputBytes: z.number().int().positive().optional(),
+		allowedReadRoots: z.array(z.string().min(1)).optional(),
+		allowedWriteRoots: z.array(z.string().min(1)).optional(),
+		allowedCommandPrefixes: z.array(z.string().min(1)).min(1).optional(),
+		tools: z.object({
+			bashEnabled: z.boolean().optional(),
+			exec: runtimeExecConfigSchema.partial().optional()
+		}).optional()
+	}).optional(),
 	channels: partialChannelsSchema,
 	gateway: partialGatewayConfigSchema,
 	scheduler: fileConfigSchema.shape.scheduler.partial().optional()
@@ -731,7 +784,17 @@ function mergeWithDefaults(partial) {
 			allowedReadRoots: partial.runtime?.allowedReadRoots ?? DEFAULT_FILE_CONFIG.runtime.allowedReadRoots,
 			allowedWriteRoots: partial.runtime?.allowedWriteRoots ?? DEFAULT_FILE_CONFIG.runtime.allowedWriteRoots,
 			allowedCommandPrefixes: partial.runtime?.allowedCommandPrefixes ?? DEFAULT_FILE_CONFIG.runtime.allowedCommandPrefixes,
-			tools: { bashEnabled: partial.runtime?.tools?.bashEnabled ?? DEFAULT_FILE_CONFIG.runtime.tools.bashEnabled }
+			tools: {
+				bashEnabled: partial.runtime?.tools?.bashEnabled ?? DEFAULT_FILE_CONFIG.runtime.tools.bashEnabled,
+				exec: {
+					enabled: partial.runtime?.tools?.exec?.enabled ?? partial.runtime?.tools?.bashEnabled ?? DEFAULT_FILE_CONFIG.runtime.tools.exec.enabled,
+					security: partial.runtime?.tools?.exec?.security ?? DEFAULT_FILE_CONFIG.runtime.tools.exec.security,
+					ask: partial.runtime?.tools?.exec?.ask ?? DEFAULT_FILE_CONFIG.runtime.tools.exec.ask,
+					approvalTimeoutMs: partial.runtime?.tools?.exec?.approvalTimeoutMs ?? DEFAULT_FILE_CONFIG.runtime.tools.exec.approvalTimeoutMs,
+					allowlist: partial.runtime?.tools?.exec?.allowlist ?? DEFAULT_FILE_CONFIG.runtime.tools.exec.allowlist,
+					safeBins: partial.runtime?.tools?.exec?.safeBins ?? DEFAULT_FILE_CONFIG.runtime.tools.exec.safeBins
+				}
+			}
 		},
 		channels: {
 			discord: {
@@ -843,7 +906,17 @@ function applyEnvOverrides(base, env) {
 			allowedReadRoots: splitCsv(env.ALLOWED_READ_ROOTS, base.runtime.allowedReadRoots),
 			allowedWriteRoots: splitCsv(env.ALLOWED_WRITE_ROOTS, base.runtime.allowedWriteRoots),
 			allowedCommandPrefixes: splitCsv(env.ALLOWED_COMMAND_PREFIXES, base.runtime.allowedCommandPrefixes),
-			tools: { bashEnabled: toBool(env.RUNTIME_BASH_ENABLED, base.runtime.tools.bashEnabled) }
+			tools: {
+				bashEnabled: toBool(env.RUNTIME_BASH_ENABLED, base.runtime.tools.bashEnabled),
+				exec: {
+					enabled: toBool(env.RUNTIME_EXEC_ENABLED, toBool(env.RUNTIME_BASH_ENABLED, base.runtime.tools.exec.enabled)),
+					security: env.RUNTIME_EXEC_SECURITY === "deny" || env.RUNTIME_EXEC_SECURITY === "allowlist" || env.RUNTIME_EXEC_SECURITY === "full" ? env.RUNTIME_EXEC_SECURITY : base.runtime.tools.exec.security,
+					ask: env.RUNTIME_EXEC_ASK === "off" || env.RUNTIME_EXEC_ASK === "on-miss" || env.RUNTIME_EXEC_ASK === "always" ? env.RUNTIME_EXEC_ASK : base.runtime.tools.exec.ask,
+					approvalTimeoutMs: toPositiveInt(env.RUNTIME_EXEC_APPROVAL_TIMEOUT_MS, base.runtime.tools.exec.approvalTimeoutMs),
+					allowlist: splitCsv(env.RUNTIME_EXEC_ALLOWLIST, base.runtime.tools.exec.allowlist),
+					safeBins: splitCsv(env.RUNTIME_EXEC_SAFE_BINS, base.runtime.tools.exec.safeBins)
+				}
+			}
 		},
 		channels: {
 			discord: {
@@ -948,7 +1021,17 @@ function loadConfig(env = process.env) {
 			allowedReadRoots: normalizeRoots(merged.runtime.allowedReadRoots),
 			allowedWriteRoots: normalizeRoots(merged.runtime.allowedWriteRoots),
 			allowedCommandPrefixes: merged.runtime.allowedCommandPrefixes,
-			tools: { bashEnabled: merged.runtime.tools.bashEnabled }
+			tools: {
+				bashEnabled: merged.runtime.tools.bashEnabled,
+				exec: {
+					enabled: merged.runtime.tools.exec.enabled || merged.runtime.tools.bashEnabled,
+					security: merged.runtime.tools.exec.security,
+					ask: merged.runtime.tools.exec.ask,
+					approvalTimeoutMs: merged.runtime.tools.exec.approvalTimeoutMs,
+					allowlist: [...merged.runtime.tools.exec.allowlist],
+					safeBins: [...merged.runtime.tools.exec.safeBins]
+				}
+			}
 		},
 		channels: {
 			discord: {
@@ -1046,6 +1129,12 @@ function legacyEnvKeys() {
 		"ALLOWED_WRITE_ROOTS",
 		"ALLOWED_COMMAND_PREFIXES",
 		"RUNTIME_BASH_ENABLED",
+		"RUNTIME_EXEC_ENABLED",
+		"RUNTIME_EXEC_SECURITY",
+		"RUNTIME_EXEC_ASK",
+		"RUNTIME_EXEC_APPROVAL_TIMEOUT_MS",
+		"RUNTIME_EXEC_ALLOWLIST",
+		"RUNTIME_EXEC_SAFE_BINS",
 		"TOOL_TIMEOUT_MS",
 		"TOOL_MAX_OUTPUT_BYTES",
 		"ENABLE_DISCORD",
@@ -3002,7 +3091,7 @@ function redactSensitiveData(value) {
 
 //#endregion
 //#region src/db.ts
-function nowIso$1() {
+function nowIso$2() {
 	return (/* @__PURE__ */ new Date()).toISOString();
 }
 var HovClawDb = class {
@@ -3130,7 +3219,7 @@ var HovClawDb = class {
 		return Boolean(row?.name);
 	}
 	upsertSession(parts, sessionKey, model, options) {
-		const createdAt = nowIso$1();
+		const createdAt = nowIso$2();
 		this.db.prepare(`
         INSERT INTO sessions (
           session_key,
@@ -3225,7 +3314,7 @@ var HovClawDb = class {
         ON CONFLICT(account_id) DO UPDATE SET
           last_update_id = excluded.last_update_id,
           updated_at = excluded.updated_at
-      `).run(accountId, updateId, nowIso$1());
+      `).run(accountId, updateId, nowIso$2());
 	}
 	hasTelegramDedupe(accountId, updateId) {
 		return typeof this.db.prepare(`
@@ -3238,7 +3327,7 @@ var HovClawDb = class {
 		this.db.prepare(`
         INSERT OR IGNORE INTO telegram_dedupe (account_id, update_id, updated_at)
         VALUES (?, ?, ?)
-      `).run(accountId, updateId, nowIso$1());
+      `).run(accountId, updateId, nowIso$2());
 	}
 	pruneTelegramDedupe(olderThanIso) {
 		return this.db.prepare(`
@@ -3247,7 +3336,7 @@ var HovClawDb = class {
       `).run(olderThanIso).changes;
 	}
 	appendMessage(sessionKey, role, content) {
-		this.db.prepare(`INSERT INTO messages (session_key, role, content, created_at) VALUES (?, ?, ?, ?)`).run(sessionKey, role, content, nowIso$1());
+		this.db.prepare(`INSERT INTO messages (session_key, role, content, created_at) VALUES (?, ?, ?, ?)`).run(sessionKey, role, content, nowIso$2());
 	}
 	getMessages(sessionKey) {
 		return this.db.prepare(`
@@ -3268,7 +3357,7 @@ var HovClawDb = class {
         ON CONFLICT(session_key) DO UPDATE SET
           state_json = excluded.state_json,
           updated_at = excluded.updated_at
-      `).run(sessionKey, stateJson, nowIso$1());
+      `).run(sessionKey, stateJson, nowIso$2());
 	}
 	getAgentState(sessionKey) {
 		return this.db.prepare(`SELECT state_json FROM agent_state WHERE session_key = ?`).get(sessionKey)?.state_json ?? null;
@@ -3289,7 +3378,7 @@ var HovClawDb = class {
           cost_usd,
           created_at
         ) VALUES (?, ?, ?, ?, ?, ?, ?)
-      `).run(record.sessionKey, record.provider, record.model, record.inputTokens, record.outputTokens, record.costUsd, record.createdAt ?? nowIso$1());
+      `).run(record.sessionKey, record.provider, record.model, record.inputTokens, record.outputTokens, record.costUsd, record.createdAt ?? nowIso$2());
 	}
 	upsertScheduledJob(job) {
 		this.db.prepare(`
@@ -3423,7 +3512,7 @@ var HovClawDb = class {
 		this.db.prepare(`
         INSERT INTO audit_log (ts, session_key, actor, event_type, payload_json)
         VALUES (?, ?, ?, ?, ?)
-      `).run(record.ts ?? nowIso$1(), record.sessionKey ?? null, record.actor, record.eventType, JSON.stringify(sanitizedPayload));
+      `).run(record.ts ?? nowIso$2(), record.sessionKey ?? null, record.actor, record.eventType, JSON.stringify(sanitizedPayload));
 	}
 	getAuditEvents(eventType) {
 		const query = eventType ? `SELECT ts, session_key, actor, event_type, payload_json FROM audit_log WHERE event_type = ? ORDER BY id DESC` : `SELECT ts, session_key, actor, event_type, payload_json FROM audit_log ORDER BY id DESC`;
@@ -3437,6 +3526,435 @@ var HovClawDb = class {
 	}
 };
 
+//#endregion
+//#region src/exec-approvals.ts
+const DEFAULT_FILE_VERSION = 1;
+const DEFAULT_APPROVAL_TIMEOUT_MS = 12e4;
+const ONE_TIME_APPROVAL_TTL_MS = 5 * 6e4;
+const SHELL_DISALLOWED_PATTERN = /[;&|`$()<>]|[\r\n]/;
+const SHELL_QUOTE_OR_ESCAPE_PATTERN = /["'\\]/;
+function nowIso$1() {
+	return (/* @__PURE__ */ new Date()).toISOString();
+}
+function normalizeExecSecurity(value) {
+	if (value === "deny" || value === "allowlist" || value === "full") return value;
+	return null;
+}
+function normalizeExecAsk(value) {
+	if (value === "off" || value === "on-miss" || value === "always") return value;
+	return null;
+}
+function normalizeAllowlist(entries) {
+	if (!Array.isArray(entries)) return [];
+	const out = [];
+	const seen = /* @__PURE__ */ new Set();
+	for (const entry of entries) {
+		if (!entry || typeof entry !== "object") continue;
+		const pattern = typeof entry.pattern === "string" ? entry.pattern.trim() : "";
+		if (!pattern) continue;
+		const lowered = pattern.toLowerCase();
+		if (seen.has(lowered)) continue;
+		seen.add(lowered);
+		out.push({
+			pattern,
+			lastUsedAt: typeof entry.lastUsedAt === "string" ? entry.lastUsedAt : void 0,
+			lastUsedCommand: typeof entry.lastUsedCommand === "string" ? entry.lastUsedCommand : void 0,
+			lastResolvedPath: typeof entry.lastResolvedPath === "string" ? entry.lastResolvedPath : void 0
+		});
+	}
+	return out;
+}
+function normalizeFile(value, defaults) {
+	if (!value || typeof value !== "object" || Array.isArray(value)) return {
+		version: DEFAULT_FILE_VERSION,
+		defaults: {
+			security: defaults.security,
+			ask: defaults.ask
+		},
+		agents: {}
+	};
+	const raw = value;
+	const security = typeof raw.defaults?.security === "string" ? normalizeExecSecurity(raw.defaults.security) : null;
+	const ask = typeof raw.defaults?.ask === "string" ? normalizeExecAsk(raw.defaults.ask) : null;
+	const agents = {};
+	if (raw.agents && typeof raw.agents === "object" && !Array.isArray(raw.agents)) for (const [agentId, agentValue] of Object.entries(raw.agents)) {
+		if (!agentId.trim()) continue;
+		agents[agentId] = { allowlist: agentValue && typeof agentValue === "object" && !Array.isArray(agentValue) ? normalizeAllowlist(agentValue.allowlist) : [] };
+	}
+	return {
+		version: DEFAULT_FILE_VERSION,
+		defaults: {
+			security: security ?? defaults.security,
+			ask: ask ?? defaults.ask
+		},
+		agents
+	};
+}
+function normalizePathForMatch(value) {
+	if (process.platform === "win32") return value.replace(/\\/g, "/").toLowerCase();
+	return value;
+}
+function resolveExecutablePath(executable, cwd, env) {
+	if (!executable.trim()) return;
+	if (executable.includes("/") || executable.includes("\\")) {
+		const absolute = path.isAbsolute(executable) ? path.resolve(executable) : path.resolve(cwd, executable);
+		if (fs.existsSync(absolute)) return absolute;
+		return;
+	}
+	const pathEntries = (env.PATH || process.env.PATH || "").split(path.delimiter).filter(Boolean);
+	for (const entry of pathEntries) {
+		const candidate = path.join(entry, executable);
+		if (fs.existsSync(candidate)) return candidate;
+	}
+}
+function analyzeCommand(command, cwd, env) {
+	const trimmed = command.trim();
+	if (!trimmed) return {
+		ok: false,
+		reason: "empty command",
+		args: []
+	};
+	if (SHELL_DISALLOWED_PATTERN.test(trimmed)) return {
+		ok: false,
+		reason: "disallowed shell syntax",
+		args: []
+	};
+	if (SHELL_QUOTE_OR_ESCAPE_PATTERN.test(trimmed)) return {
+		ok: false,
+		reason: "quoted/escaped shell syntax is not allowed",
+		args: []
+	};
+	const tokens = trimmed.split(/\s+/).filter(Boolean);
+	if (tokens.length === 0) return {
+		ok: false,
+		reason: "empty command",
+		args: []
+	};
+	const executableRaw = tokens[0];
+	const resolvedPath = resolveExecutablePath(executableRaw, cwd, env);
+	return {
+		ok: true,
+		executableRaw,
+		executableName: resolvedPath ? path.basename(resolvedPath) : path.basename(executableRaw),
+		resolvedPath,
+		args: tokens.slice(1)
+	};
+}
+function hasPathLikeArg(value) {
+	if (!value || value === "-") return false;
+	if (value.startsWith("/") || value.startsWith("./") || value.startsWith("../") || value.startsWith("~/") || /^[A-Za-z]:[\\/]/.test(value)) return true;
+	return value.includes("/") || value.includes("\\");
+}
+function isSafeBinUsage(analysis, safeBins) {
+	if (!analysis.ok || !analysis.executableName) return false;
+	const executable = analysis.executableName.toLowerCase();
+	if (!safeBins.has(executable)) return false;
+	for (const arg of analysis.args) {
+		if (arg.startsWith("-")) {
+			const eqIndex = arg.indexOf("=");
+			if (eqIndex > 0 && hasPathLikeArg(arg.slice(eqIndex + 1))) return false;
+			continue;
+		}
+		if (hasPathLikeArg(arg)) return false;
+	}
+	return true;
+}
+function matchAllowlistPattern(pattern, executableName, resolvedPath) {
+	const trimmed = pattern.trim();
+	if (!trimmed) return false;
+	const normalizedPattern = normalizePathForMatch(trimmed);
+	const normalizedExecutable = executableName.toLowerCase();
+	const normalizedResolved = resolvedPath ? normalizePathForMatch(resolvedPath) : "";
+	if (!trimmed.includes("/") && !trimmed.includes("\\") && !trimmed.endsWith("*")) return normalizedPattern === normalizedExecutable;
+	if (trimmed.endsWith("*")) {
+		const prefix = normalizePathForMatch(trimmed.slice(0, -1));
+		return normalizedResolved.length > 0 && normalizedResolved.startsWith(prefix) || normalizedExecutable.startsWith(prefix);
+	}
+	if (normalizedResolved.length > 0 && normalizedResolved === normalizedPattern) return true;
+	return normalizedExecutable === normalizedPattern;
+}
+function makeCommandApprovalKey(agentId, command) {
+	return crypto.createHash("sha256").update(`${agentId}::${command.trim()}`).digest("hex");
+}
+var ExecApprovalsManager = class {
+	filePath;
+	onRequested;
+	onResolved;
+	defaults;
+	pending = /* @__PURE__ */ new Map();
+	oneTimeApprovals = /* @__PURE__ */ new Map();
+	constructor(options) {
+		this.filePath = path.join(options.storeDir, "exec-approvals.json");
+		this.defaults = options.defaults;
+		this.onRequested = options.onRequested;
+		this.onResolved = options.onResolved;
+	}
+	getConfigPath() {
+		return this.filePath;
+	}
+	ensureDir() {
+		fs.mkdirSync(path.dirname(this.filePath), {
+			recursive: true,
+			mode: 448
+		});
+	}
+	readRaw() {
+		if (!fs.existsSync(this.filePath)) return null;
+		const raw = fs.readFileSync(this.filePath, "utf8");
+		return JSON.parse(raw);
+	}
+	writeFile(value) {
+		this.ensureDir();
+		fs.writeFileSync(this.filePath, `${JSON.stringify(value, null, 2)}\n`, {
+			encoding: "utf8",
+			mode: 384
+		});
+		fs.chmodSync(this.filePath, 384);
+	}
+	getSnapshot() {
+		try {
+			return normalizeFile(this.readRaw(), this.defaults);
+		} catch {
+			return normalizeFile(null, this.defaults);
+		}
+	}
+	setSnapshot(next) {
+		const normalized = normalizeFile(next, this.defaults);
+		this.writeFile(normalized);
+		return normalized;
+	}
+	resolveDefaults(policy) {
+		const snapshot = this.getSnapshot();
+		return {
+			security: snapshot.defaults.security ?? policy.security,
+			ask: snapshot.defaults.ask ?? policy.ask
+		};
+	}
+	getAgentAllowlist(agentId, policyAllowlist) {
+		const byAgent = this.getSnapshot().agents[agentId]?.allowlist ?? [];
+		const merged = [];
+		const seen = /* @__PURE__ */ new Set();
+		for (const entry of policyAllowlist) {
+			const pattern = entry.trim();
+			if (!pattern) continue;
+			const key = pattern.toLowerCase();
+			if (seen.has(key)) continue;
+			seen.add(key);
+			merged.push({ pattern });
+		}
+		for (const entry of byAgent) {
+			const pattern = entry.pattern.trim();
+			if (!pattern) continue;
+			const key = pattern.toLowerCase();
+			if (seen.has(key)) continue;
+			seen.add(key);
+			merged.push(entry);
+		}
+		return merged;
+	}
+	addAllowlistEntry(agentId, pattern) {
+		const normalizedPattern = pattern.trim();
+		if (!normalizedPattern) return;
+		const snapshot = this.getSnapshot();
+		const current = snapshot.agents[agentId]?.allowlist ?? [];
+		if (current.some((entry) => entry.pattern.toLowerCase() === normalizedPattern.toLowerCase())) return;
+		const nextAllowlist = [...current, {
+			pattern: normalizedPattern,
+			lastUsedAt: nowIso$1()
+		}];
+		snapshot.agents[agentId] = { allowlist: nextAllowlist };
+		this.writeFile(snapshot);
+	}
+	recordAllowlistUse(agentId, pattern, command, resolvedPath) {
+		const snapshot = this.getSnapshot();
+		const current = snapshot.agents[agentId]?.allowlist ?? [];
+		const lowered = pattern.toLowerCase();
+		const nextAllowlist = current.map((entry) => {
+			if (entry.pattern.toLowerCase() !== lowered) return entry;
+			return {
+				...entry,
+				lastUsedAt: nowIso$1(),
+				lastUsedCommand: command,
+				lastResolvedPath: resolvedPath
+			};
+		});
+		snapshot.agents[agentId] = { allowlist: nextAllowlist };
+		this.writeFile(snapshot);
+	}
+	request(params) {
+		const now = Date.now();
+		const timeoutMs = Math.max(5e3, Number.isFinite(params.timeoutMs) ? Math.floor(params.timeoutMs) : DEFAULT_APPROVAL_TIMEOUT_MS);
+		const record = {
+			id: crypto.randomUUID(),
+			createdAtMs: now,
+			expiresAtMs: now + timeoutMs,
+			command: params.command,
+			agentId: params.agentId,
+			sessionKey: params.sessionKey,
+			resolvedPath: params.resolvedPath,
+			timeoutMs,
+			target: params.target
+		};
+		this.pending.set(record.id, {
+			record,
+			onApproved: params.onApproved
+		});
+		this.onRequested?.(record);
+		return record;
+	}
+	getPending(recordId) {
+		const pending = this.pending.get(recordId);
+		if (!pending) return null;
+		if (pending.record.expiresAtMs <= Date.now()) {
+			this.pending.delete(recordId);
+			return null;
+		}
+		return pending.record;
+	}
+	resolve(recordId, decision, resolvedBy) {
+		const pending = this.pending.get(recordId);
+		if (!pending) return null;
+		if (pending.record.expiresAtMs <= Date.now()) {
+			this.pending.delete(recordId);
+			return null;
+		}
+		this.pending.delete(recordId);
+		const resolvedRecord = {
+			...pending.record,
+			decision,
+			resolvedBy,
+			resolvedAtMs: Date.now()
+		};
+		if (decision === "allow-always" && resolvedRecord.resolvedPath) this.addAllowlistEntry(resolvedRecord.agentId, resolvedRecord.resolvedPath);
+		if (decision === "allow-once") {
+			const key = makeCommandApprovalKey(resolvedRecord.agentId, resolvedRecord.command);
+			this.oneTimeApprovals.set(key, {
+				key,
+				expiresAtMs: Date.now() + ONE_TIME_APPROVAL_TTL_MS
+			});
+		}
+		this.onResolved?.(resolvedRecord);
+		if ((decision === "allow-once" || decision === "allow-always") && pending.onApproved) pending.onApproved(resolvedRecord).catch(() => {});
+		return resolvedRecord;
+	}
+	consumeOneTimeApproval(agentId, command) {
+		const key = makeCommandApprovalKey(agentId, command);
+		const pending = this.oneTimeApprovals.get(key);
+		if (!pending) return false;
+		this.oneTimeApprovals.delete(key);
+		if (pending.expiresAtMs <= Date.now()) return false;
+		return true;
+	}
+};
+function evaluateExecPolicy(params) {
+	const cwd = params.cwd || process.cwd();
+	const env = params.env || process.env;
+	const analysis = analyzeCommand(params.command, cwd, env);
+	const defaults = params.manager.resolveDefaults(params.policy);
+	const security = defaults.security;
+	const ask = defaults.ask;
+	if (!analysis.ok) return {
+		analysisOk: false,
+		reason: analysis.reason,
+		executableName: analysis.executableName,
+		resolvedPath: analysis.resolvedPath,
+		allowlistSatisfied: false,
+		safeBinSatisfied: false,
+		requiresApproval: false,
+		denied: true,
+		deniedReason: analysis.reason ? `exec denied: ${analysis.reason}` : "exec denied: invalid command"
+	};
+	if (security === "deny") return {
+		analysisOk: analysis.ok,
+		reason: analysis.reason,
+		executableName: analysis.executableName,
+		resolvedPath: analysis.resolvedPath,
+		allowlistSatisfied: false,
+		safeBinSatisfied: false,
+		requiresApproval: false,
+		denied: true,
+		deniedReason: "exec denied: security=deny"
+	};
+	const mergedAllowlist = params.manager.getAgentAllowlist(params.agentId, params.policy.allowlist);
+	const safeBins = new Set(params.policy.safeBins.map((entry) => entry.trim().toLowerCase()).filter(Boolean));
+	const oneTimeApproved = params.manager.consumeOneTimeApproval(params.agentId, params.command);
+	const safeBinSatisfied = isSafeBinUsage(analysis, safeBins);
+	let allowlistSatisfied = false;
+	let allowlistPattern;
+	if (analysis.ok && analysis.executableName) if (oneTimeApproved) {
+		allowlistSatisfied = true;
+		allowlistPattern = "one-time-approval";
+	} else {
+		for (const entry of mergedAllowlist) if (matchAllowlistPattern(entry.pattern, analysis.executableName, analysis.resolvedPath)) {
+			allowlistSatisfied = true;
+			allowlistPattern = entry.pattern;
+			break;
+		}
+		if (!allowlistSatisfied && safeBinSatisfied) {
+			allowlistSatisfied = true;
+			allowlistPattern = `safe-bin:${analysis.executableName.toLowerCase()}`;
+		}
+	}
+	if (security === "full") {
+		if (ask === "always") return {
+			analysisOk: analysis.ok,
+			reason: analysis.reason,
+			executableName: analysis.executableName,
+			resolvedPath: analysis.resolvedPath,
+			allowlistSatisfied,
+			allowlistPattern,
+			safeBinSatisfied,
+			requiresApproval: true,
+			denied: false
+		};
+		return {
+			analysisOk: analysis.ok,
+			reason: analysis.reason,
+			executableName: analysis.executableName,
+			resolvedPath: analysis.resolvedPath,
+			allowlistSatisfied,
+			allowlistPattern,
+			safeBinSatisfied,
+			requiresApproval: false,
+			denied: false
+		};
+	}
+	if (allowlistSatisfied && ask !== "always") return {
+		analysisOk: analysis.ok,
+		reason: analysis.reason,
+		executableName: analysis.executableName,
+		resolvedPath: analysis.resolvedPath,
+		allowlistSatisfied,
+		allowlistPattern,
+		safeBinSatisfied,
+		requiresApproval: false,
+		denied: false
+	};
+	if (ask === "off") return {
+		analysisOk: analysis.ok,
+		reason: analysis.reason,
+		executableName: analysis.executableName,
+		resolvedPath: analysis.resolvedPath,
+		allowlistSatisfied,
+		allowlistPattern,
+		safeBinSatisfied,
+		requiresApproval: false,
+		denied: true,
+		deniedReason: allowlistSatisfied ? "exec denied: ask=off" : "exec denied: allowlist miss"
+	};
+	return {
+		analysisOk: analysis.ok,
+		reason: analysis.reason,
+		executableName: analysis.executableName,
+		resolvedPath: analysis.resolvedPath,
+		allowlistSatisfied,
+		allowlistPattern,
+		safeBinSatisfied,
+		requiresApproval: true,
+		denied: false
+	};
+}
+
 //#endregion
 //#region src/runtime/container-runtime.ts
 function startsWithAnyRoot$1(filePath, roots) {
@@ -4086,150 +4604,386 @@ function normalizeErrorMessage(error) {
 	if (error instanceof Error) return error.message;
 	return String(error);
 }
-function createTools({ runtime, audit, bashEnabled }) {
+function resolveExecAgentId() {
+	const context = getRuntimeSessionContext();
+	if (context?.agentName?.trim()) return context.agentName.trim();
+	if (context?.sessionKey?.trim()) {
+		const first = context.sessionKey.split(":")[0];
+		if (first?.trim()) return first.trim();
+	}
+	return "main";
+}
+function formatExecOutput(result) {
+	return [
+		`exitCode: ${result.exitCode}`,
+		result.timedOut ? "timedOut: true" : "timedOut: false",
+		result.truncated ? "truncated: true" : "truncated: false",
+		"",
+		result.stdout ? `stdout:\n${result.stdout}` : "stdout: <empty>",
+		"",
+		result.stderr ? `stderr:\n${result.stderr}` : "stderr: <empty>"
+	].join("\n");
+}
+function firstToken(command) {
+	const trimmed = command.trim();
+	if (!trimmed) return "";
+	return trimmed.split(/\s+/)[0] ?? "";
+}
+function diagnosticsCommandsForPlatform(platform) {
+	const common = [
+		{
+			key: "os",
+			command: "uname -a"
+		},
+		{
+			key: "uptime",
+			command: "uptime"
+		},
+		{
+			key: "disk",
+			command: "df -h"
+		},
+		{
+			key: "processes",
+			command: "ps -A"
+		}
+	];
+	if (platform === "darwin") return [
+		...common,
+		{
+			key: "memory",
+			command: "vm_stat"
+		},
+		{
+			key: "cpu",
+			command: "sysctl -n machdep.cpu.brand_string"
+		},
+		{
+			key: "network",
+			command: "ifconfig"
+		}
+	];
+	if (platform === "linux") return [
+		...common,
+		{
+			key: "memory",
+			command: "free -m"
+		},
+		{
+			key: "cpu",
+			command: "lscpu"
+		},
+		{
+			key: "network",
+			command: "ip addr"
+		}
+	];
+	if (platform === "win32") return [
+		{
+			key: "os",
+			command: "ver"
+		},
+		{
+			key: "uptime",
+			command: "net stats workstation"
+		},
+		{
+			key: "disk",
+			command: "wmic logicaldisk get size,freespace,caption"
+		},
+		{
+			key: "processes",
+			command: "tasklist"
+		},
+		{
+			key: "cpu",
+			command: "wmic cpu get name"
+		},
+		{
+			key: "memory",
+			command: "wmic os get totalvisiblememorysize,freephysicalmemory"
+		},
+		{
+			key: "network",
+			command: "ipconfig"
+		}
+	];
+	return common;
+}
+function createTools({ runtime, audit, execPolicy, execApprovals }) {
 	const parser = new Parser();
-	const bashTool = {
-		name: "bash",
-		label: "Bash",
-		description: "Run a shell command on allowed command prefixes only.",
-		parameters: Type.Object({
-			command: Type.String(),
-			timeoutMs: Type.Optional(Type.Number({
-				minimum: 1e3,
-				maximum: 12e4
-			}))
-		}),
-		execute: async (_toolCallId, params) => {
-			audit({
-				actor: "tool",
-				eventType: "tool.exec",
-				payload: { command: params.command }
+	const execSchema = Type.Object({
+		command: Type.String(),
+		timeoutMs: Type.Optional(Type.Number({
+			minimum: 1e3,
+			maximum: 12e4
+		}))
+	});
+	async function executeCommandWithPolicy(toolName, params) {
+		const command = params.command.trim();
+		if (!command) throw new Error("Command cannot be empty.");
+		const sessionContext = getRuntimeSessionContext();
+		const agentId = resolveExecAgentId();
+		const evaluation = evaluateExecPolicy({
+			command,
+			agentId,
+			policy: execPolicy,
+			manager: execApprovals,
+			cwd: sessionContext?.workspaceDir,
+			env: process.env
+		});
+		audit({
+			sessionKey: sessionContext?.sessionKey,
+			actor: "tool",
+			eventType: "tool.exec",
+			payload: {
+				toolName,
+				command,
+				security: execPolicy.security,
+				ask: execPolicy.ask,
+				allowlistSatisfied: evaluation.allowlistSatisfied,
+				safeBinSatisfied: evaluation.safeBinSatisfied,
+				analysisOk: evaluation.analysisOk,
+				requiresApproval: evaluation.requiresApproval
+			}
+		});
+		if (evaluation.denied) throw new Error(evaluation.deniedReason || "exec denied by policy");
+		if (evaluation.requiresApproval) {
+			const approval = execApprovals.request({
+				command,
+				agentId,
+				sessionKey: sessionContext?.sessionKey,
+				resolvedPath: evaluation.resolvedPath,
+				timeoutMs: execPolicy.approvalTimeoutMs
 			});
-			const result = await runtime.exec(params.command, { timeoutMs: params.timeoutMs });
 			return textResult([
-				`exitCode: ${result.exitCode}`,
-				result.timedOut ? "timedOut: true" : "timedOut: false",
-				result.truncated ? "truncated: true" : "truncated: false",
+				`approvalRequired: true`,
+				`approvalId: ${approval.id}`,
+				`expiresAtMs: ${approval.expiresAtMs}`,
 				"",
-				result.stdout ? `stdout:\n${result.stdout}` : "stdout: <empty>",
-				"",
-				result.stderr ? `stderr:\n${result.stderr}` : "stderr: <empty>"
-			].join("\n"), result);
-		}
-	};
-	const readFileTool = {
-		name: "read_file",
-		label: "Read File",
-		description: "Read a text file from an allowlisted path.",
-		parameters: Type.Object({
-			path: Type.String(),
-			maxBytes: Type.Optional(Type.Number({
-				minimum: 128,
-				maximum: 1e6
-			}))
-		}),
-		execute: async (_toolCallId, params) => {
-			audit({
-				actor: "tool",
-				eventType: "tool.read_file",
-				payload: { path: params.path }
+				"Run /approve <id> allow-once|allow-always|deny, then retry the command."
+			].join("\n"), {
+				status: "approval-pending",
+				approvalId: approval.id,
+				expiresAtMs: approval.expiresAtMs,
+				command,
+				resolvedPath: evaluation.resolvedPath,
+				analysisOk: evaluation.analysisOk
 			});
-			const result = await runtime.readFile(params.path, { maxOutputBytes: params.maxBytes });
-			return textResult(result.content, result);
 		}
-	};
-	const writeFileTool = {
-		name: "write_file",
-		label: "Write File",
-		description: "Write UTF-8 text content to an allowlisted path.",
-		parameters: Type.Object({
-			path: Type.String(),
-			content: Type.String()
-		}),
+		const result = await runtime.exec(command, { timeoutMs: params.timeoutMs });
+		if (evaluation.allowlistPattern && !evaluation.allowlistPattern.startsWith("safe-bin:") && evaluation.allowlistPattern !== "one-time-approval") execApprovals.recordAllowlistUse(agentId, evaluation.allowlistPattern, command, evaluation.resolvedPath);
+		return textResult(formatExecOutput(result), {
+			...result,
+			command,
+			resolvedPath: evaluation.resolvedPath
+		});
+	}
+	const execTool = {
+		name: "exec",
+		label: "Exec",
+		description: "Run a shell command with approval and allowlist policy.",
+		parameters: execSchema,
 		execute: async (_toolCallId, params) => {
-			audit({
-				actor: "tool",
-				eventType: "tool.write_file",
-				payload: {
-					path: params.path,
-					bytes: Buffer.byteLength(params.content, "utf8")
-				}
-			});
-			const result = await runtime.writeFile(params.path, params.content);
-			return textResult(`Wrote ${result.bytesWritten} bytes to ${params.path}.`, result);
+			return executeCommandWithPolicy("exec", params);
 		}
 	};
-	const webSearchTool = {
-		name: "web_search",
-		label: "Web Search",
-		description: "Fetch a URL and return readable article text.",
-		parameters: Type.Object({ url: Type.String({ format: "uri" }) }),
+	const bashTool = {
+		name: "bash",
+		label: "Bash",
+		description: "Compatibility alias for exec tool policy.",
+		parameters: execSchema,
 		execute: async (_toolCallId, params) => {
-			audit({
-				actor: "tool",
-				eventType: "tool.fetch_web",
-				payload: { url: params.url }
-			});
-			const result = await runtime.fetchWeb(params.url);
-			return textResult(`${result.title ? `# ${result.title}\n\n` : ""}${result.markdown}`.trim(), result);
+			return executeCommandWithPolicy("bash", params);
 		}
 	};
-	const fetchPodcastFeedTool = {
-		name: "fetch_podcast_feed",
-		label: "Fetch Podcast Feed",
-		description: "Fetch one or more RSS podcast feeds and return recent episodes.",
+	const diagnoseDeviceTool = {
+		name: "diagnose_device",
+		label: "Diagnose Device",
+		description: "Run read-only core diagnostics for OS, CPU, memory, disk, network, and process status.",
 		parameters: Type.Object({
-			urls: Type.Array(Type.String({ format: "uri" }), {
-				minItems: 1,
-				maxItems: 20
-			}),
-			limitPerFeed: Type.Optional(Type.Number({
-				minimum: 1,
-				maximum: 50
+			profile: Type.Optional(Type.String({ default: "core" })),
+			timeoutMs: Type.Optional(Type.Number({
+				minimum: 1e3,
+				maximum: 12e4
 			}))
 		}),
 		execute: async (_toolCallId, params) => {
-			const limit = params.limitPerFeed ?? 5;
-			const output = [];
-			for (const url of params.urls) try {
-				const feed = await parser.parseURL(url);
-				const episodes = (feed.items ?? []).slice(0, limit).map((item) => ({
-					title: item.title ?? "Untitled episode",
-					publishedAt: item.pubDate || item.isoDate || null,
-					link: item.link ?? "",
-					summary: (item.contentSnippet || item.content || item.summary || "").replace(/\s+/g, " ").trim().slice(0, 400) || "No summary available."
-				}));
-				output.push({
-					url,
-					title: feed.title ?? "Untitled feed",
-					episodes
+			const profile = (params.profile || "core").trim().toLowerCase();
+			if (profile !== "core") throw new Error(`Unsupported diagnostic profile: ${profile}`);
+			const timeoutMs = params.timeoutMs ?? 1e4;
+			const commands = diagnosticsCommandsForPlatform(process.platform);
+			const sections = [];
+			for (const entry of commands) try {
+				const result = await runtime.exec(entry.command, {
+					timeoutMs,
+					allowedCommandPrefixes: [firstToken(entry.command)]
+				});
+				sections.push({
+					key: entry.key,
+					command: entry.command,
+					ok: result.exitCode === 0 && !result.timedOut,
+					exitCode: result.exitCode,
+					stdout: result.stdout,
+					stderr: result.stderr,
+					timedOut: result.timedOut,
+					truncated: result.truncated
 				});
 			} catch (error) {
-				output.push({
-					url,
-					title: "Unknown feed",
-					episodes: [],
-					error: normalizeErrorMessage(error)
+				sections.push({
+					key: entry.key,
+					command: entry.command,
+					ok: false,
+					exitCode: 1,
+					stdout: "",
+					stderr: normalizeErrorMessage(error),
+					timedOut: false,
+					truncated: false
 				});
 			}
 			audit({
 				actor: "tool",
-				eventType: "tool.fetch_podcast_feed",
+				eventType: "tool.diagnose_device",
 				payload: {
-					urls: params.urls,
-					limitPerFeed: limit
+					profile,
+					commandCount: sections.length,
+					failed: sections.filter((entry) => !entry.ok).length
 				}
 			});
-			return textResult(output.map((feed) => {
-				if (feed.error) return `Feed: ${feed.url}\nError: ${feed.error}`;
-				const episodesText = feed.episodes.map((episode, index) => `${index + 1}. ${episode.title}${episode.publishedAt ? ` (${episode.publishedAt})` : ""}\n${episode.link}\n${episode.summary}`).join("\n\n");
-				return `Feed: ${feed.title}\nSource: ${feed.url}\n\n${episodesText}`;
-			}).join("\n\n---\n\n"), output);
+			const summaryLines = [
+				`profile: ${profile}`,
+				`platform: ${process.platform}`,
+				`sections: ${sections.length}`,
+				`failed: ${sections.filter((entry) => !entry.ok).length}`
+			];
+			for (const section of sections) {
+				summaryLines.push("");
+				summaryLines.push(`[${section.key}] ${section.command}`);
+				summaryLines.push(`ok=${section.ok} exitCode=${section.exitCode} timedOut=${section.timedOut}`);
+				if (section.stdout) summaryLines.push(`stdout:\n${section.stdout}`);
+				if (section.stderr) summaryLines.push(`stderr:\n${section.stderr}`);
+			}
+			return textResult(summaryLines.join("\n"), {
+				profile,
+				platform: process.platform,
+				sections
+			});
 		}
 	};
-	const tools = [];
-	if (bashEnabled) tools.push(bashTool);
-	tools.push(readFileTool, writeFileTool, webSearchTool, fetchPodcastFeedTool);
+	const tools = [
+		{
+			name: "read_file",
+			label: "Read File",
+			description: "Read a text file from an allowlisted path.",
+			parameters: Type.Object({
+				path: Type.String(),
+				maxBytes: Type.Optional(Type.Number({
+					minimum: 128,
+					maximum: 1e6
+				}))
+			}),
+			execute: async (_toolCallId, params) => {
+				audit({
+					actor: "tool",
+					eventType: "tool.read_file",
+					payload: { path: params.path }
+				});
+				const result = await runtime.readFile(params.path, { maxOutputBytes: params.maxBytes });
+				return textResult(result.content, result);
+			}
+		},
+		{
+			name: "write_file",
+			label: "Write File",
+			description: "Write UTF-8 text content to an allowlisted path.",
+			parameters: Type.Object({
+				path: Type.String(),
+				content: Type.String()
+			}),
+			execute: async (_toolCallId, params) => {
+				audit({
+					actor: "tool",
+					eventType: "tool.write_file",
+					payload: {
+						path: params.path,
+						bytes: Buffer.byteLength(params.content, "utf8")
+					}
+				});
+				const result = await runtime.writeFile(params.path, params.content);
+				return textResult(`Wrote ${result.bytesWritten} bytes to ${params.path}.`, result);
+			}
+		},
+		{
+			name: "web_search",
+			label: "Web Search",
+			description: "Fetch a URL and return readable article text.",
+			parameters: Type.Object({ url: Type.String({ format: "uri" }) }),
+			execute: async (_toolCallId, params) => {
+				audit({
+					actor: "tool",
+					eventType: "tool.fetch_web",
+					payload: { url: params.url }
+				});
+				const result = await runtime.fetchWeb(params.url);
+				return textResult(`${result.title ? `# ${result.title}\n\n` : ""}${result.markdown}`.trim(), result);
+			}
+		},
+		{
+			name: "fetch_podcast_feed",
+			label: "Fetch Podcast Feed",
+			description: "Fetch one or more RSS podcast feeds and return recent episodes.",
+			parameters: Type.Object({
+				urls: Type.Array(Type.String({ format: "uri" }), {
+					minItems: 1,
+					maxItems: 20
+				}),
+				limitPerFeed: Type.Optional(Type.Number({
+					minimum: 1,
+					maximum: 50
+				}))
+			}),
+			execute: async (_toolCallId, params) => {
+				const limit = params.limitPerFeed ?? 5;
+				const output = [];
+				for (const url of params.urls) try {
+					const feed = await parser.parseURL(url);
+					const episodes = (feed.items ?? []).slice(0, limit).map((item) => ({
+						title: item.title ?? "Untitled episode",
+						publishedAt: item.pubDate || item.isoDate || null,
+						link: item.link ?? "",
+						summary: (item.contentSnippet || item.content || item.summary || "").replace(/\s+/g, " ").trim().slice(0, 400) || "No summary available."
+					}));
+					output.push({
+						url,
+						title: feed.title ?? "Untitled feed",
+						episodes
+					});
+				} catch (error) {
+					output.push({
+						url,
+						title: "Unknown feed",
+						episodes: [],
+						error: normalizeErrorMessage(error)
+					});
+				}
+				audit({
+					actor: "tool",
+					eventType: "tool.fetch_podcast_feed",
+					payload: {
+						urls: params.urls,
+						limitPerFeed: limit
+					}
+				});
+				return textResult(output.map((feed) => {
+					if (feed.error) return `Feed: ${feed.url}\nError: ${feed.error}`;
+					const episodesText = feed.episodes.map((episode, index) => `${index + 1}. ${episode.title}${episode.publishedAt ? ` (${episode.publishedAt})` : ""}\n${episode.link}\n${episode.summary}`).join("\n\n");
+					return `Feed: ${feed.title}\nSource: ${feed.url}\n\n${episodesText}`;
+				}).join("\n\n---\n\n"), output);
+			}
+		},
+		diagnoseDeviceTool
+	];
+	if (execPolicy.enabled) tools.unshift(execTool, bashTool);
 	return tools;
 }
 
@@ -5479,7 +6233,7 @@ function registerGatewayCommands(program, deps = defaultGatewayCommandDeps) {
 	gateway.command("run").description("Run HOVClaw daemon with gateway in foreground").action(async () => {
 		if (!config.gateway.enabled) throw new Error("Gateway is disabled in config. Enable gateway.enabled first.");
 		process.stdout.write(`Starting HOVClaw gateway on ${config.gateway.host}:${config.gateway.port}...\n`);
-		await import("./src-qX1C6PLF.js");
+		await import("./src-GZDRRc5A.js");
 	});
 	gateway.command("open-ui").description("Open the minimal gateway web UI in your default browser").option("--no-open", "Print URL but do not open browser").option("--json", "Print JSON output").action(async (options) => {
 		const url = resolveGatewayWebUiUrl();
@@ -5777,13 +6531,13 @@ function loadCliVersion() {
 }
 function registerCoreCommands(program) {
 	program.command("onboard").description("Run interactive onboarding wizard").action(async () => {
-		await (await import("./onboard-DL6VDf50.js")).main();
+		await (await import("./onboard-Cc2XHLT4.js")).main();
 	});
 	program.command("login [provider]").description("Run OAuth login for a provider").action(async (provider) => {
-		await (await import("./login-BwvBMKdz.js")).main(provider ? [provider] : []);
+		await (await import("./login-BtLE2Bye.js")).main(provider ? [provider] : []);
 	});
 	program.command("doctor").description("Run installation and config health checks").option("--fix", "Attempt auto-repair").option("--repair", "Attempt auto-repair").option("--deep", "Run deep checks").option("--json", "Print JSON output").action(async (options) => {
-		const module = await import("./doctor-DJHTvhli.js");
+		const module = await import("./doctor-0iphhiTj.js");
 		const args = [];
 		if (options.fix || options.repair) args.push("--fix");
 		if (options.deep) args.push("--deep");
@@ -5791,7 +6545,7 @@ function registerCoreCommands(program) {
 		await module.main(args);
 	});
 	program.command("reset").description("Reset local config/state while keeping HovClaw installed").option("--scope <scope>", "config|config+creds+sessions|full").option("--yes", "Skip confirmation prompts").option("--non-interactive", "Disable prompts (requires --scope + --yes)").option("--dry-run", "Print reset plan without deleting files").option("--json", "Print JSON output").action(async (options) => {
-		const module = await import("./reset-BJUhrojJ.js");
+		const module = await import("./reset-ChNzCD2s.js");
 		try {
 			const result = await module.runResetCommand({
 				scope: options.scope,
@@ -5907,4 +6661,4 @@ main().catch((error) => {
 });
 
 //#endregion
-export { ensureConfigFromLegacyEnv as A, resolveTelegramAccountConfig as B, resolveModelAlias as C, parseGatewayFrame as D, parseConnectParams as E, hasConfigFile as F, saveCredentials as H, hasCredentialsFile as I, loadConfig as L, getCredentialsPath as M, getDefaultFileConfig as N, config as O, getHovclawHome as P, loadCredentials as R, parseModelRef as S, PROTOCOL_VERSION as T, saveConfigFile as V, extractAssistantText as _, LocalHostRuntime as a, loadSkill as b, redactSensitiveData as c, PiAgentManager as d, composeSessionKey as f, extractAssistantError as g, resolveAgentWorkspaceDir as h, createTools as i, getConfigPath as j, detectLegacyEnvConfig as k, TelegramChannel as l, ensureWorkspaceBootstrapForConfig as m, stopDaemon as n, ContainerRuntime as o, WORKSPACE_CONTEXT_FILE_ORDER as p, TelegramPairingStore as r, HovClawDb as s, requestDaemonRestartFromCurrentProcess as t, DiscordChannel as u, toUserFacingAssistantError as v, logger as w, listConfiguredModelRefs as x, listAvailableSkills as y, loadFileConfig as z };
+export { config as A, loadCredentials as B, listConfiguredModelRefs as C, PROTOCOL_VERSION as D, logger as E, getDefaultFileConfig as F, resolveTelegramAccountConfig as H, getHovclawHome as I, hasConfigFile as L, ensureConfigFromLegacyEnv as M, getConfigPath as N, parseConnectParams as O, getCredentialsPath as P, hasCredentialsFile as R, loadSkill as S, resolveModelAlias as T, saveConfigFile as U, loadFileConfig as V, saveCredentials as W, resolveAgentWorkspaceDir as _, LocalHostRuntime as a, toUserFacingAssistantError as b, evaluateExecPolicy as c, TelegramChannel as d, DiscordChannel as f, ensureWorkspaceBootstrapForConfig as g, WORKSPACE_CONTEXT_FILE_ORDER as h, createTools as i, detectLegacyEnvConfig as j, parseGatewayFrame as k, HovClawDb as l, composeSessionKey as m, stopDaemon as n, ContainerRuntime as o, PiAgentManager as p, TelegramPairingStore as r, ExecApprovalsManager as s, requestDaemonRestartFromCurrentProcess as t, redactSensitiveData as u, extractAssistantError as v, parseModelRef as w, listAvailableSkills as x, extractAssistantText as y, loadConfig as z };