hyperclaw 4.0.0 → 4.0.2

package/dist/destructive-gate-m-dWqUFg.js

@@ -0,0 +1,101 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+
+//#region src/infra/destructive-gate.ts
+function isDangerousShellCommand(cmd) {
+	const c = (cmd || "").trim();
+	for (const re of DANGEROUS_SHELL_PATTERNS) if (re.test(c)) return true;
+	return false;
+}
+/**
+
+* Wrap tools so destructive ones are gated. When sessionId set, stores pending for confirm flow.
+
+*/
+function applyDestructiveGate(tools, opts) {
+	const { elevated, source, sessionId } = opts;
+	const fromChannel = source && CHANNEL_SOURCES.has(source);
+	if (!fromChannel || elevated) return tools;
+	return tools.map((t) => {
+		if (DESTRUCTIVE_TOOLS.includes(t.name)) {
+			const orig = t.handler;
+			return {
+				...t,
+				handler: async (input) => {
+					if (sessionId) {
+						const { setPending } = await Promise.resolve().then(() => require("./pending-approval-DIHvwwWS.js"));
+						setPending(sessionId, {
+							toolName: t.name,
+							input,
+							execute: () => orig(input)
+						});
+						return PENDING_MSG;
+					}
+					return BLOCKED_MSG;
+				}
+			};
+		}
+		if (t.name === "run_shell") {
+			const orig = t.handler;
+			return {
+				...t,
+				handler: async (input) => {
+					const cmd = input.command || "";
+					if (isDangerousShellCommand(cmd)) {
+						if (sessionId) {
+							const { setPending } = await Promise.resolve().then(() => require("./pending-approval-DIHvwwWS.js"));
+							setPending(sessionId, {
+								toolName: "run_shell",
+								input,
+								execute: () => orig(input)
+							});
+							return PENDING_MSG;
+						}
+						return BLOCKED_MSG;
+					}
+					return orig(input);
+				}
+			};
+		}
+		return t;
+	});
+}
+var DESTRUCTIVE_TOOLS, DANGEROUS_SHELL_PATTERNS, CHANNEL_SOURCES, BLOCKED_MSG, PENDING_MSG;
+var init_destructive_gate = require_chunk.__esm({ "src/infra/destructive-gate.ts"() {
+	DESTRUCTIVE_TOOLS = ["delete_file", "kill_process"];
+	DANGEROUS_SHELL_PATTERNS = [
+		/\brm\s+-[rf]\b|\brm\s+--recursive|\brm\s+-rf\b/,
+		/\bmkfs\.|format\s+/i,
+		/\bdd\s+if=/,
+		/\b>\/dev\/sd[a-z]/,
+		/\bshutdown\s+-/,
+		/\breboot\b/i,
+		/\b:\(\)\s*\{\s*:\s*\|\s*:\s*&\s*\}/,
+		/\bcurl\s+.*\s*\|\s*sh\b/,
+		/\bwget\s+.*\s*\|\s*(bash|sh)\b/
+	];
+	CHANNEL_SOURCES = new Set([
+		"telegram",
+		"discord",
+		"whatsapp",
+		"slack",
+		"signal",
+		"matrix",
+		"line",
+		"nostr",
+		"feishu",
+		"msteams",
+		"teams",
+		"instagram",
+		"messenger",
+		"twitter",
+		"viber",
+		"zalo",
+		"webhook:inbound"
+	]);
+	BLOCKED_MSG = "Blocked: destructive action requires elevated session. Use \"elevate\" or run from CLI with full access.";
+	PENDING_MSG = "This action requires confirmation. Ask the user to reply \"confirm\" to proceed.";
+} });
+
+//#endregion
+init_destructive_gate();
+exports.applyDestructiveGate = applyDestructiveGate;

package/dist/developer-keys-JaJK3T27.js

@@ -0,0 +1,127 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const require_paths = require('./paths-AIyBxIzm.js');
+const fs_extra = require_chunk.__toESM(require("fs-extra"));
+const path = require_chunk.__toESM(require("path"));
+const crypto = require_chunk.__toESM(require("crypto"));
+
+//#region src/infra/developer-keys.ts
+require_paths.init_paths();
+const KEYS_FILE = "developer-keys.json";
+function getKeysPath(baseDir) {
+	const root = baseDir ?? require_paths.getHyperClawDir();
+	return path.default.join(root, KEYS_FILE);
+}
+function hashKey(key) {
+	return crypto.default.createHash("sha256").update(key, "utf8").digest("hex");
+}
+function generateKey() {
+	return `hc_${crypto.default.randomBytes(24).toString("base64url")}`;
+}
+async function loadKeys(baseDir) {
+	const fp = getKeysPath(baseDir);
+	if (!await fs_extra.default.pathExists(fp)) return [];
+	try {
+		const data = await fs_extra.default.readJson(fp);
+		return Array.isArray(data.keys) ? data.keys : [];
+	} catch {
+		return [];
+	}
+}
+async function saveKeys(keys, baseDir) {
+	const fp = getKeysPath(baseDir);
+	const dir = path.default.dirname(fp);
+	await fs_extra.default.ensureDir(dir);
+	await fs_extra.default.writeJson(fp, {
+		keys,
+		updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+	}, { spaces: 2 });
+}
+/** Create a new developer key. Returns the raw key (show once). Optional tenantId for multi-tenant. */
+async function createDeveloperKey(name, opts) {
+	const rawKey = generateKey();
+	const keyHash = hashKey(rawKey);
+	const id = `key_${crypto.default.randomBytes(8).toString("hex")}`;
+	const entry = {
+		id,
+		name: name || "Unnamed",
+		keyHash,
+		tenantId: opts?.tenantId,
+		createdAt: (/* @__PURE__ */ new Date()).toISOString()
+	};
+	const keys = await loadKeys(opts?.baseDir);
+	keys.push(entry);
+	await saveKeys(keys, opts?.baseDir);
+	return {
+		id,
+		key: rawKey,
+		name: entry.name,
+		tenantId: entry.tenantId
+	};
+}
+/** List developer keys (without raw keys). Optional tenantId filter. */
+async function listDeveloperKeys(opts) {
+	let keys = await loadKeys(opts?.baseDir);
+	if (opts?.tenantId) keys = keys.filter((k) => k.tenantId === opts.tenantId);
+	return keys.map((k) => ({
+		id: k.id,
+		name: k.name,
+		tenantId: k.tenantId,
+		createdAt: k.createdAt,
+		lastUsedAt: k.lastUsedAt
+	}));
+}
+/** Revoke a developer key by id. */
+async function revokeDeveloperKey(id) {
+	const keys = await loadKeys();
+	const before = keys.length;
+	const filtered = keys.filter((k) => k.id !== id);
+	if (filtered.length === before) return false;
+	await saveKeys(filtered);
+	return true;
+}
+/**
+
+* Validate a Bearer token. Returns { valid: true, tenantId?: string } or { valid: false }.
+
+* Use with gateway token check: valid = gatewayToken OR result.valid.
+
+*/
+async function validateDeveloperKey(bearer, opts) {
+	if (!bearer || bearer.length < 20) return { valid: false };
+	const keys = await loadKeys(opts?.baseDir);
+	const hash = hashKey(bearer);
+	const idx = keys.findIndex((k) => k.keyHash === hash);
+	if (idx < 0) return { valid: false };
+	keys[idx].lastUsedAt = (/* @__PURE__ */ new Date()).toISOString();
+	await saveKeys(keys, opts?.baseDir).catch(() => {});
+	return {
+		valid: true,
+		tenantId: keys[idx].tenantId
+	};
+}
+
+//#endregion
+Object.defineProperty(exports, 'createDeveloperKey', {
+  enumerable: true,
+  get: function () {
+    return createDeveloperKey;
+  }
+});
+Object.defineProperty(exports, 'listDeveloperKeys', {
+  enumerable: true,
+  get: function () {
+    return listDeveloperKeys;
+  }
+});
+Object.defineProperty(exports, 'revokeDeveloperKey', {
+  enumerable: true,
+  get: function () {
+    return revokeDeveloperKey;
+  }
+});
+Object.defineProperty(exports, 'validateDeveloperKey', {
+  enumerable: true,
+  get: function () {
+    return validateDeveloperKey;
+  }
+});

package/dist/developer-keys-kyqmtWK3.js

@@ -0,0 +1,8 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+require('./paths-AIyBxIzm.js');
+const require_developer_keys = require('./developer-keys-JaJK3T27.js');
+
+exports.createDeveloperKey = require_developer_keys.createDeveloperKey;
+exports.listDeveloperKeys = require_developer_keys.listDeveloperKeys;
+exports.revokeDeveloperKey = require_developer_keys.revokeDeveloperKey;
+exports.validateDeveloperKey = require_developer_keys.validateDeveloperKey;

package/dist/doctor-3oi89QIc.js

@@ -0,0 +1,175 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const chalk = require_chunk.__toESM(require("chalk"));
+const ora = require_chunk.__toESM(require("ora"));
+const fs_extra = require_chunk.__toESM(require("fs-extra"));
+const path = require_chunk.__toESM(require("path"));
+const os = require_chunk.__toESM(require("os"));
+const net = require_chunk.__toESM(require("net"));
+
+//#region src/commands/doctor.ts
+async function isPortOpen(port) {
+	return new Promise((resolve) => {
+		const s = new net.default.Socket();
+		s.setTimeout(500);
+		s.on("connect", () => {
+			s.destroy();
+			resolve(true);
+		});
+		s.on("error", () => resolve(false));
+		s.on("timeout", () => resolve(false));
+		try {
+			s.connect(port, "127.0.0.1");
+		} catch {
+			resolve(false);
+		}
+	});
+}
+async function runDoctor(fix = false) {
+	const spinner = (0, ora.default)("Running health checks...").start();
+	await new Promise((r) => setTimeout(r, 800));
+	spinner.stop();
+	const configDir = path.default.join(os.default.homedir(), ".hyperclaw");
+	const configFile = path.default.join(configDir, "config.json");
+	const agentsFile = path.default.join(configDir, "AGENTS.md");
+	const authFile = path.default.join(configDir, "auth.json");
+	const pairingFile = path.default.join(configDir, "pairing-store.json");
+	let cfg = null;
+	try {
+		cfg = fs_extra.default.readJsonSync(configFile);
+	} catch {}
+	const issues = [];
+	if (!cfg) issues.push({
+		id: "no-config",
+		severity: "error",
+		title: "No configuration found",
+		detail: "Run: hyperclaw init",
+		fixable: false
+	});
+	else {
+		const hasToken = !!cfg.gateway?.authToken;
+		issues.push({
+			id: "gateway-token",
+			severity: hasToken ? "ok" : "warn",
+			title: hasToken ? "Gateway auth token set" : "Gateway auth token missing",
+			detail: hasToken ? "Token is configured" : "Set a strong token in gateway config",
+			fixable: !hasToken,
+			fix: async () => {
+				const crypto = await import("crypto");
+				cfg.gateway = cfg.gateway || {};
+				cfg.gateway.authToken = crypto.randomBytes(32).toString("hex");
+				fs_extra.default.writeJsonSync(configFile, cfg, { spaces: 2 });
+				console.log(chalk.default.green("  ✔  Generated and saved gateway auth token"));
+			}
+		});
+		const channels = cfg.channels || [];
+		const channelConfigs = cfg.channelConfigs || {};
+		for (const ch of channels) {
+			const dmPolicy = channelConfigs[ch]?.dmPolicy?.policy;
+			if (dmPolicy === "open") issues.push({
+				id: `dm-open-${ch}`,
+				severity: "warn",
+				title: `DM policy is "open" on ${ch}`,
+				detail: `Anyone can DM your agent on ${ch}. Consider using "pairing" or "allowlist".`,
+				fixable: false
+			});
+			if (dmPolicy === "allowlist") {
+				const allowFrom = channelConfigs[ch]?.dmPolicy?.allowFrom || [];
+				if (allowFrom.length === 0) issues.push({
+					id: `dm-empty-allowlist-${ch}`,
+					severity: "error",
+					title: `Empty allowlist on ${ch} — DMs will be silently dropped`,
+					detail: `channel.${ch}.dmPolicy.allowFrom is empty. Add users or change policy.`,
+					fixable: true,
+					fix: async () => {
+						try {
+							const pairingEntries = fs_extra.default.readJsonSync(pairingFile);
+							const approved = pairingEntries.filter((e) => e.channelId === ch && e.status === "approved" && e.userId);
+							if (approved.length > 0) {
+								channelConfigs[ch].dmPolicy.allowFrom = approved.map((e) => e.userId);
+								cfg.channelConfigs = channelConfigs;
+								fs_extra.default.writeJsonSync(configFile, cfg, { spaces: 2 });
+								console.log(chalk.default.green(`  ✔  Restored ${approved.length} user(s) from pairing store to ${ch} allowlist`));
+							}
+						} catch {}
+					}
+				});
+			}
+		}
+		const hasApiKey = !!cfg.provider?.apiKey;
+		const isLocal = cfg.provider?.providerId === "local";
+		if (!hasApiKey && !isLocal) issues.push({
+			id: "no-api-key",
+			severity: "error",
+			title: "No AI provider API key configured",
+			detail: "Run: hyperclaw config set-key",
+			fixable: false
+		});
+		else issues.push({
+			id: "api-key",
+			severity: "ok",
+			title: "AI provider key configured",
+			detail: `Provider: ${cfg.provider?.providerId}`,
+			fixable: false
+		});
+		issues.push({
+			id: "agents-md",
+			severity: await fs_extra.default.pathExists(agentsFile) ? "ok" : "warn",
+			title: await fs_extra.default.pathExists(agentsFile) ? "AGENTS.md exists" : "AGENTS.md missing",
+			detail: await fs_extra.default.pathExists(agentsFile) ? agentsFile : "Run: hyperclaw memory init to generate",
+			fixable: false
+		});
+		const port = cfg.gateway?.port || 1515;
+		const running = await isPortOpen(port);
+		issues.push({
+			id: "gateway-running",
+			severity: running ? "ok" : "warn",
+			title: running ? `Gateway running on port ${port}` : `Gateway not running on port ${port}`,
+			detail: running ? `ws://127.0.0.1:${port}` : "Run: hyperclaw daemon start",
+			fixable: false
+		});
+		if (await fs_extra.default.pathExists(authFile)) {
+			const stat = await fs_extra.default.stat(authFile);
+			const unsafe = (stat.mode & 63) !== 0;
+			issues.push({
+				id: "auth-permissions",
+				severity: unsafe ? "warn" : "ok",
+				title: unsafe ? "Auth store has unsafe permissions" : "Auth store permissions OK",
+				detail: unsafe ? `chmod 600 ${authFile}` : `Mode: 600`,
+				fixable: unsafe,
+				fix: async () => {
+					await fs_extra.default.chmod(authFile, 384);
+					console.log(chalk.default.green(`  ✔  Fixed permissions on ${authFile}`));
+				}
+			});
+		}
+	}
+	console.log(chalk.default.bold.cyan("\n  🩺 HYPERCLAW DOCTOR\n"));
+	let errorCount = 0, warnCount = 0;
+	for (const issue of issues) {
+		const icon = {
+			error: chalk.default.red("✖"),
+			warn: chalk.default.yellow("⚠"),
+			ok: chalk.default.green("✔")
+		}[issue.severity];
+		console.log(`  ${icon} ${chalk.default.white(issue.title)}`);
+		console.log(`     ${chalk.default.gray(issue.detail)}`);
+		if (issue.fixable && fix && issue.fix) await issue.fix();
+		else if (issue.fixable && !fix) console.log(chalk.default.gray("     Run with --fix to auto-repair"));
+		if (issue.severity === "error") errorCount++;
+		if (issue.severity === "warn") warnCount++;
+		console.log();
+	}
+	const total = issues.length;
+	const okCount = total - errorCount - warnCount;
+	console.log(`  ${chalk.default.bold("Summary:")} ${chalk.default.green(`${okCount} ok`)}  ${chalk.default.yellow(`${warnCount} warnings`)}  ${chalk.default.red(`${errorCount} errors`)}`);
+	if (errorCount > 0 || warnCount > 0) console.log(chalk.default.gray("\n  Run: hyperclaw doctor --fix   to auto-repair fixable issues\n"));
+	else console.log(chalk.default.green("\n  ✔  All checks passed!\n"));
+}
+
+//#endregion
+Object.defineProperty(exports, 'runDoctor', {
+  enumerable: true,
+  get: function () {
+    return runDoctor;
+  }
+});

package/dist/doctor-Cf1XSfp9.js

@@ -0,0 +1,4 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const require_doctor = require('./doctor-3oi89QIc.js');
+
+exports.runDoctor = require_doctor.runDoctor;

package/dist/engine-B4eMiTgl.js

@@ -0,0 +1,7 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+require('./paths-AIyBxIzm.js');
+require('./src-DWCUhnD4.js');
+const require_engine = require('./engine-BhT-1M9W.js');
+
+require_engine.init_engine();
+exports.runAgentEngine = require_engine.runAgentEngine;

package/dist/engine-B8M7dYul.js

@@ -0,0 +1,7 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+require('./paths-AIyBxIzm.js');
+require('./src-BeacbqsZ.js');
+const require_engine = require('./engine-D49jnSd_.js');
+
+require_engine.init_engine();
+exports.runAgentEngine = require_engine.runAgentEngine;

package/dist/engine-BhT-1M9W.js

@@ -0,0 +1,256 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const require_paths = require('./paths-AIyBxIzm.js');
+const require_src = require('./src-DWCUhnD4.js');
+const fs_extra = require_chunk.__toESM(require("fs-extra"));
+const path = require_chunk.__toESM(require("path"));
+
+//#region packages/core/src/agent/engine.ts
+/**
+
+* Load workspace context: SOUL, AGENTS, MEMORY + custom .md
+
+*/
+async function loadWorkspaceContext(hcDir) {
+	const dir = hcDir || require_paths.getHyperClawDir();
+	let context = "";
+	const core = [
+		"SOUL.md",
+		"AGENTS.md",
+		"MEMORY.md"
+	];
+	for (const f of core) {
+		const fp = path.default.join(dir, f);
+		if (fs_extra.default.pathExistsSync(fp)) context += `## ${f}\n${fs_extra.default.readFileSync(fp, "utf8")}\n\n`;
+	}
+	try {
+		const entries = fs_extra.default.readdirSync(dir);
+		for (const f of entries) if (f.endsWith(".md") && !core.includes(f)) {
+			const fp = path.default.join(dir, f);
+			if (fs_extra.default.statSync(fp).isFile()) context += `## ${f}\n${fs_extra.default.readFileSync(fp, "utf8")}\n\n`;
+		}
+	} catch {}
+	return context;
+}
+/**
+
+* Load skills context (bundled + workspace)
+
+*/
+async function loadSkillsContext() {
+	const { loadSkills, buildSkillsContext } = await Promise.resolve().then(() => require("./skill-loader-BkceKkIg.js"));
+	const skills = await loadSkills();
+	return skills.length > 0 ? buildSkillsContext(skills) : "";
+}
+/**
+
+* Resolve tools with policy, PC access, elevation.
+
+*/
+async function resolveTools(opts) {
+	const { config, source, elevated, sessionId, daemonMode, activeServer } = opts;
+	const cfg = config;
+	const sandboxNonMain = cfg?.agents?.defaults?.sandbox?.mode === "non-main" && source && CHANNEL_SOURCES.includes(source);
+	const { loadPCAccessConfig, getPCAccessTools } = await Promise.resolve().then(() => require("./pc-access-Ly-uA8mn.js"));
+	const pcCfg = await loadPCAccessConfig({ daemonMode });
+	const dockerSandbox = cfg?.tools?.dockerSandbox?.enabled === true;
+	const pcTools = pcCfg.enabled && (!sandboxNonMain || elevated) ? getPCAccessTools({ dockerSandbox }) : [];
+	const { getSessionsTools } = await Promise.resolve().then(() => require("./sessions-tools-CB2qbwIk.js"));
+	const sessionsTools = getSessionsTools(() => activeServer ?? null, sessionId);
+	const { InferenceEngine, getBuiltinTools } = await Promise.resolve().then(() => require("./inference-ix607p7k.js"));
+	const { getSubAgentTools } = await Promise.resolve().then(() => require("./sub-agent-tools-BD9DF8_g.js"));
+	const { getBrowserTools } = await Promise.resolve().then(() => require("./browser-tools-CQBSbIuO.js"));
+	const { getExtractionTools } = await Promise.resolve().then(() => require("./extraction-tools-DLr_AEwq.js"));
+	const { getWebsiteWatchTools } = await Promise.resolve().then(() => require("./website-watch-tools-Bk_TnwuE.js"));
+	const { getVisionTools } = await Promise.resolve().then(() => require("./vision-tools-CFZEpQKm.js"));
+	const { getBountyTools } = await Promise.resolve().then(() => require("./bounty-tools-C6LyzxM-.js"));
+	const { loadMCPTools } = await Promise.resolve().then(() => require("./mcp-loader-DSM5UiFG.js"));
+	const { applyToolPolicy } = await Promise.resolve().then(() => require("./tool-policy-DNvNRnve.js"));
+	const isLocal = cfg?.provider?.providerId === "local" || cfg?.provider?.providerId === "ollama";
+	const provider = cfg?.provider?.providerId === "anthropic" ? "anthropic" : cfg?.provider?.providerId === "custom" || isLocal ? "custom" : "openrouter";
+	const visionProvider = cfg?.provider?.providerId === "custom" || isLocal ? "openrouter" : provider === "anthropic" ? "anthropic" : "openrouter";
+	const apiKey = await (await Promise.resolve().then(() => require("./env-resolve-DWOQ45jG.js"))).getProviderCredentialAsync(cfg);
+	const visionTools = getVisionTools({
+		apiKey: apiKey || "",
+		provider: visionProvider
+	});
+	const bountyTools = getBountyTools(cfg);
+	let skillInvokeTools = [];
+	try {
+		const { loadSkills } = await Promise.resolve().then(() => require("./skill-loader-BkceKkIg.js"));
+		const { getSkillInvokeTools } = await Promise.resolve().then(() => require("./skill-runtime-C5l0Tgt-.js"));
+		const loaded = await loadSkills();
+		skillInvokeTools = getSkillInvokeTools(loaded);
+	} catch {}
+	let allTools = [
+		...getBuiltinTools(),
+		...getSubAgentTools(),
+		...sessionsTools,
+		...pcTools,
+		...getBrowserTools(),
+		...getExtractionTools(),
+		...getWebsiteWatchTools(),
+		...visionTools,
+		...bountyTools,
+		...skillInvokeTools
+	];
+	try {
+		const mcpTools = await loadMCPTools();
+		if (mcpTools.length > 0) allTools = [...allTools, ...mcpTools];
+	} catch {}
+	const policyConfig = cfg?.tools ? {
+		profile: cfg.tools.profile,
+		allow: cfg.tools.allow ?? cfg.tools.allowlist,
+		deny: cfg.tools.deny ?? cfg.tools.blocklist,
+		byProvider: cfg.tools.byProvider
+	} : void 0;
+	let tools = applyToolPolicy(allTools, policyConfig, {
+		provider: cfg?.provider?.providerId === "anthropic" ? "anthropic" : "openrouter",
+		model: cfg?.provider?.modelId
+	});
+	const { applyDestructiveGate } = await Promise.resolve().then(() => require("./destructive-gate-m-dWqUFg.js"));
+	tools = applyDestructiveGate(tools, {
+		elevated: elevated ?? false,
+		source,
+		sessionId
+	});
+	return tools;
+}
+/**
+
+* Run agent: context + tools + inference.
+
+*/
+async function runAgentEngine(message, opts) {
+	const cfg = await fs_extra.default.readJson(require_paths.getConfigPath()).catch(() => ({}));
+	const isLocalProvider = cfg?.provider?.providerId === "local" || cfg?.provider?.providerId === "ollama";
+	const apiKey = await (await Promise.resolve().then(() => require("./env-resolve-DWOQ45jG.js"))).getProviderCredentialAsync(cfg);
+	if (!apiKey && !isLocalProvider) return {
+		text: "No API key configured. Run: hyperclaw config set-key",
+		error: "no_api_key"
+	};
+	const sid = opts.sessionId;
+	if (sid && opts.appendTranscript) opts.appendTranscript(sid, "user", message);
+	let context = await loadWorkspaceContext(opts.workspace);
+	try {
+		const { getContextSummary } = await Promise.resolve().then(() => require("./knowledge-graph-DqA-Fztl.js"));
+		const kg = await getContextSummary(25);
+		if (kg) context += kg + "\n\n";
+	} catch {}
+	context += await loadSkillsContext();
+	const serviceKeys = cfg?.skills?.apiKeys ? Object.keys(cfg.skills.apiKeys) : [];
+	if (serviceKeys.length > 0) context += `\n## Service API Keys (configured)\nAvailable for research/skills: ${serviceKeys.join(", ")}. Use hackerone_list_programs, bugcrowd_list_programs, synack_list_targets when applicable, or create_skill for custom integrations.\n\n`;
+	const tools = await resolveTools({
+		config: cfg,
+		source: opts.source,
+		elevated: opts.elevated,
+		sessionId: sid,
+		daemonMode: opts.daemonMode,
+		activeServer: opts.activeServer
+	});
+	const rawModel = opts.modelOverride || cfg?.provider?.modelId || "claude-sonnet-4-5";
+	const isLocal2 = cfg?.provider?.providerId === "local" || cfg?.provider?.providerId === "ollama";
+	const model = rawModel.startsWith("ollama/") ? rawModel.slice(7) : rawModel;
+	const provider = cfg?.provider?.providerId === "anthropic" ? "anthropic" : cfg?.provider?.providerId === "custom" || isLocal2 ? "custom" : "openrouter";
+	const ollamaBaseUrl = isLocal2 ? cfg?.provider?.baseUrl || "http://localhost:11434/v1" : void 0;
+	const thinkingBudget = opts.thinkingBudget ?? 0;
+	const maxTokens = thinkingBudget > 0 ? thinkingBudget + 4096 : 4096;
+	try {
+		const { InferenceEngine } = await Promise.resolve().then(() => require("./inference-ix607p7k.js"));
+		const engineOpts = {
+			model,
+			apiKey,
+			provider,
+			system: context || void 0,
+			tools,
+			maxTokens,
+			onToken: opts.onToken ?? (() => {}),
+			onThinking: opts.onThinking,
+			onToolCall: opts.onToolCall,
+			onToolResult: opts.onToolResult,
+			...provider === "custom" ? { baseUrl: ollamaBaseUrl || cfg?.provider?.baseUrl || "" } : {},
+			...thinkingBudget > 0 && (model.includes("claude") || model.includes("anthropic")) ? { thinking: { budget_tokens: thinkingBudget } } : {}
+		};
+		const engine = new InferenceEngine(engineOpts);
+		const result = await engine.run([{
+			role: "user",
+			content: message
+		}]);
+		const text = result.text || "(empty)";
+		if (sid && opts.appendTranscript) opts.appendTranscript(sid, "assistant", text);
+		try {
+			const { AutoMemory } = await Promise.resolve().then(() => require("./memory-auto-DPfbkMVt.js"));
+			const mem = new AutoMemory({ extractEveryNTurns: 1 });
+			mem.addTurn("user", message);
+			mem.addTurn("assistant", text);
+			await mem.extract();
+		} catch {}
+		opts.onDone?.(text);
+		opts.onRunEnd?.(result.usage);
+		return {
+			text,
+			usage: result.usage
+		};
+	} catch (e) {
+		const errText = `Error: ${e.message}`;
+		opts.onDone?.(errText);
+		opts.onRunEnd?.(void 0, e.message);
+		return {
+			text: errText,
+			error: e.message
+		};
+	}
+}
+var CHANNEL_SOURCES;
+var init_engine = require_chunk.__esm({ "packages/core/src/agent/engine.ts"() {
+	require_src.init_src();
+	CHANNEL_SOURCES = [
+		"telegram",
+		"discord",
+		"whatsapp",
+		"slack",
+		"signal",
+		"matrix",
+		"line",
+		"nostr",
+		"feishu",
+		"msteams",
+		"teams",
+		"instagram",
+		"messenger",
+		"twitter",
+		"viber",
+		"zalo"
+	];
+} });
+
+//#endregion
+Object.defineProperty(exports, 'init_engine', {
+  enumerable: true,
+  get: function () {
+    return init_engine;
+  }
+});
+Object.defineProperty(exports, 'loadSkillsContext', {
+  enumerable: true,
+  get: function () {
+    return loadSkillsContext;
+  }
+});
+Object.defineProperty(exports, 'loadWorkspaceContext', {
+  enumerable: true,
+  get: function () {
+    return loadWorkspaceContext;
+  }
+});
+Object.defineProperty(exports, 'resolveTools', {
+  enumerable: true,
+  get: function () {
+    return resolveTools;
+  }
+});
+Object.defineProperty(exports, 'runAgentEngine', {
+  enumerable: true,
+  get: function () {
+    return runAgentEngine;
+  }
+});