npm - iosm-cli - Versions diffs - 0.2.14 → 0.2.16 - Mend

iosm-cli 0.2.14 → 0.2.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (161) hide show

package/CHANGELOG.md +50 -0
package/README.md +18 -1
package/dist/cli/args.d.ts +2 -1
package/dist/cli/args.d.ts.map +1 -1
package/dist/cli/args.js +16 -3
package/dist/cli/args.js.map +1 -1
package/dist/core/agent-profiles.d.ts.map +1 -1
package/dist/core/agent-profiles.js +3 -0
package/dist/core/agent-profiles.js.map +1 -1
package/dist/core/agent-session.d.ts +2 -0
package/dist/core/agent-session.d.ts.map +1 -1
package/dist/core/agent-session.js +26 -10
package/dist/core/agent-session.js.map +1 -1
package/dist/core/agent-teams.d.ts.map +1 -1
package/dist/core/agent-teams.js +12 -9
package/dist/core/agent-teams.js.map +1 -1
package/dist/core/checkpoint/fs-checkpoint.d.ts +14 -0
package/dist/core/checkpoint/fs-checkpoint.d.ts.map +1 -0
package/dist/core/checkpoint/fs-checkpoint.js +211 -0
package/dist/core/checkpoint/fs-checkpoint.js.map +1 -0
package/dist/core/command-dispatcher.d.ts +2 -0
package/dist/core/command-dispatcher.d.ts.map +1 -1
package/dist/core/command-dispatcher.js +78 -13
package/dist/core/command-dispatcher.js.map +1 -1
package/dist/core/mcp/cli.d.ts.map +1 -1
package/dist/core/mcp/cli.js +26 -0
package/dist/core/mcp/cli.js.map +1 -1
package/dist/core/mcp/config.d.ts.map +1 -1
package/dist/core/mcp/config.js +55 -0
package/dist/core/mcp/config.js.map +1 -1
package/dist/core/mcp/index.d.ts +1 -1
package/dist/core/mcp/index.d.ts.map +1 -1
package/dist/core/mcp/index.js.map +1 -1
package/dist/core/mcp/runtime.d.ts +3 -1
package/dist/core/mcp/runtime.d.ts.map +1 -1
package/dist/core/mcp/runtime.js +21 -2
package/dist/core/mcp/runtime.js.map +1 -1
package/dist/core/mcp/types.d.ts +30 -2
package/dist/core/mcp/types.d.ts.map +1 -1
package/dist/core/mcp/types.js.map +1 -1
package/dist/core/package-manager.d.ts +10 -0
package/dist/core/package-manager.d.ts.map +1 -1
package/dist/core/package-manager.js +100 -2
package/dist/core/package-manager.js.map +1 -1
package/dist/core/policy/engine.d.ts +77 -0
package/dist/core/policy/engine.d.ts.map +1 -0
package/dist/core/policy/engine.js +614 -0
package/dist/core/policy/engine.js.map +1 -0
package/dist/core/policy/index.d.ts +2 -0
package/dist/core/policy/index.d.ts.map +1 -0
package/dist/core/policy/index.js +2 -0
package/dist/core/policy/index.js.map +1 -0
package/dist/core/sandbox/executor.d.ts +13 -0
package/dist/core/sandbox/executor.d.ts.map +1 -0
package/dist/core/sandbox/executor.js +64 -0
package/dist/core/sandbox/executor.js.map +1 -0
package/dist/core/sdk.d.ts +2 -2
package/dist/core/sdk.d.ts.map +1 -1
package/dist/core/sdk.js +3 -3
package/dist/core/sdk.js.map +1 -1
package/dist/core/security/index.d.ts +3 -0
package/dist/core/security/index.d.ts.map +1 -0
package/dist/core/security/index.js +3 -0
package/dist/core/security/index.js.map +1 -0
package/dist/core/security/source-security.d.ts +43 -0
package/dist/core/security/source-security.d.ts.map +1 -0
package/dist/core/security/source-security.js +94 -0
package/dist/core/security/source-security.js.map +1 -0
package/dist/core/security/trust-ledger.d.ts +24 -0
package/dist/core/security/trust-ledger.d.ts.map +1 -0
package/dist/core/security/trust-ledger.js +66 -0
package/dist/core/security/trust-ledger.js.map +1 -0
package/dist/core/session-manager.d.ts.map +1 -1
package/dist/core/session-manager.js +128 -15
package/dist/core/session-manager.js.map +1 -1
package/dist/core/settings-manager.d.ts +6 -0
package/dist/core/settings-manager.d.ts.map +1 -1
package/dist/core/settings-manager.js +22 -1
package/dist/core/settings-manager.js.map +1 -1
package/dist/core/system-prompt.d.ts.map +1 -1
package/dist/core/system-prompt.js +9 -2
package/dist/core/system-prompt.js.map +1 -1
package/dist/core/task-plan.d.ts +1 -0
package/dist/core/task-plan.d.ts.map +1 -1
package/dist/core/task-plan.js +103 -0
package/dist/core/task-plan.js.map +1 -1
package/dist/core/tools/apply-patch.d.ts +29 -0
package/dist/core/tools/apply-patch.d.ts.map +1 -0
package/dist/core/tools/apply-patch.js +167 -0
package/dist/core/tools/apply-patch.js.map +1 -0
package/dist/core/tools/bash.d.ts.map +1 -1
package/dist/core/tools/bash.js +15 -1
package/dist/core/tools/bash.js.map +1 -1
package/dist/core/tools/git-common.d.ts.map +1 -1
package/dist/core/tools/git-common.js +15 -1
package/dist/core/tools/git-common.js.map +1 -1
package/dist/core/tools/index.d.ts +20 -2
package/dist/core/tools/index.d.ts.map +1 -1
package/dist/core/tools/index.js +85 -25
package/dist/core/tools/index.js.map +1 -1
package/dist/core/tools/permissions.d.ts +16 -0
package/dist/core/tools/permissions.d.ts.map +1 -1
package/dist/core/tools/permissions.js +34 -1
package/dist/core/tools/permissions.js.map +1 -1
package/dist/core/tools/task.d.ts.map +1 -1
package/dist/core/tools/task.js +68 -24
package/dist/core/tools/task.js.map +1 -1
package/dist/core/tools/tool-search.d.ts +24 -0
package/dist/core/tools/tool-search.d.ts.map +1 -0
package/dist/core/tools/tool-search.js +85 -0
package/dist/core/tools/tool-search.js.map +1 -0
package/dist/core/tools/tool-suggest.d.ts +18 -0
package/dist/core/tools/tool-suggest.d.ts.map +1 -0
package/dist/core/tools/tool-suggest.js +94 -0
package/dist/core/tools/tool-suggest.js.map +1 -0
package/dist/core/tools/verification-runner.d.ts.map +1 -1
package/dist/core/tools/verification-runner.js +15 -1
package/dist/core/tools/verification-runner.js.map +1 -1
package/dist/core/unified-exec.d.ts +39 -0
package/dist/core/unified-exec.d.ts.map +1 -0
package/dist/core/unified-exec.js +286 -0
package/dist/core/unified-exec.js.map +1 -0
package/dist/main.d.ts.map +1 -1
package/dist/main.js +93 -11
package/dist/main.js.map +1 -1
package/dist/modes/acp/acp-mode.d.ts +17 -0
package/dist/modes/acp/acp-mode.d.ts.map +1 -0
package/dist/modes/acp/acp-mode.js +352 -0
package/dist/modes/acp/acp-mode.js.map +1 -0
package/dist/modes/index.d.ts +2 -1
package/dist/modes/index.d.ts.map +1 -1
package/dist/modes/index.js +1 -0
package/dist/modes/index.js.map +1 -1
package/dist/modes/interactive/components/tool-execution.d.ts.map +1 -1
package/dist/modes/interactive/components/tool-execution.js +217 -0
package/dist/modes/interactive/components/tool-execution.js.map +1 -1
package/dist/modes/interactive/interactive-mode.d.ts +8 -0
package/dist/modes/interactive/interactive-mode.d.ts.map +1 -1
package/dist/modes/interactive/interactive-mode.js +159 -72
package/dist/modes/interactive/interactive-mode.js.map +1 -1
package/dist/modes/rpc/rpc-client.d.ts +25 -1
package/dist/modes/rpc/rpc-client.d.ts.map +1 -1
package/dist/modes/rpc/rpc-client.js +33 -0
package/dist/modes/rpc/rpc-client.js.map +1 -1
package/dist/modes/rpc/rpc-mode.d.ts +13 -1
package/dist/modes/rpc/rpc-mode.d.ts.map +1 -1
package/dist/modes/rpc/rpc-mode.js +189 -28
package/dist/modes/rpc/rpc-mode.js.map +1 -1
package/dist/modes/rpc/rpc-types.d.ts +54 -1
package/dist/modes/rpc/rpc-types.d.ts.map +1 -1
package/dist/modes/rpc/rpc-types.js.map +1 -1
package/dist/modes/telegram/telegram-bridge-mode.js +51 -22
package/dist/modes/telegram/telegram-bridge-mode.js.map +1 -1
package/dist/utils/tools-manager.d.ts.map +1 -1
package/dist/utils/tools-manager.js +96 -9
package/dist/utils/tools-manager.js.map +1 -1
package/docs/README.md +2 -0
package/docs/acp-rpc-mapping.md +38 -0
package/docs/configuration.generated.md +81 -0
package/docs/configuration.md +7 -0
package/package.json +4 -1

package/dist/core/unified-exec.js ADDED Viewed

@@ -0,0 +1,286 @@
+import { spawn } from "node:child_process";
+import { resolve } from "node:path";
+import stripAnsi from "strip-ansi";
+import { getShellConfig, getShellEnv, killProcessTree, sanitizeBinaryOutput } from "../utils/shell.js";
+const DEFAULT_YIELD_TIME_MS = 1000;
+const MAX_YIELD_TIME_MS = 60_000;
+const DEFAULT_MAX_OUTPUT_CHARS = 12_000;
+const MAX_OUTPUT_CHARS = 250_000;
+const MAX_PENDING_OUTPUT_CHARS = 1_000_000;
+const FINISHED_SESSION_TTL_MS = 5 * 60_000;
+const EXIT_GRACE_TIME_MS = 75;
+const DEFAULT_PTY_BRIDGE_BIN = "python3";
+const PYTHON_PTY_BRIDGE_SCRIPT = String.raw `import os
+import pty
+import select
+import subprocess
+import sys
+if len(sys.argv) < 2:
+	print("pty bridge requires shell command arguments", file=sys.stderr)
+	sys.exit(2)
+command = sys.argv[1:]
+master_fd, slave_fd = pty.openpty()
+child = subprocess.Popen(command, stdin=slave_fd, stdout=slave_fd, stderr=slave_fd)
+os.close(slave_fd)
+stdin_fd = sys.stdin.fileno()
+stdout_fd = sys.stdout.fileno()
+stdin_open = True
+while True:
+	readers = [master_fd]
+	if stdin_open:
+		readers.append(stdin_fd)
+	readable, _, _ = select.select(readers, [], [], 0.05)
+	if master_fd in readable:
+		try:
+			chunk = os.read(master_fd, 4096)
+		except OSError:
+			chunk = b""
+		if chunk:
+			os.write(stdout_fd, chunk)
+	if stdin_open and stdin_fd in readable:
+		input_chunk = os.read(stdin_fd, 4096)
+		if input_chunk:
+			os.write(master_fd, input_chunk)
+		else:
+			stdin_open = False
+	if child.poll() is not None:
+		while True:
+			try:
+				chunk = os.read(master_fd, 4096)
+			except OSError:
+				chunk = b""
+			if not chunk:
+				break
+			os.write(stdout_fd, chunk)
+		break
+sys.exit(child.returncode if child.returncode is not None else 0)`;
+function normalizeYieldTimeMs(value) {
+    if (typeof value !== "number" || Number.isNaN(value))
+        return DEFAULT_YIELD_TIME_MS;
+    return Math.max(0, Math.min(MAX_YIELD_TIME_MS, Math.floor(value)));
+}
+function normalizeMaxOutputChars(value) {
+    if (typeof value !== "number" || Number.isNaN(value))
+        return DEFAULT_MAX_OUTPUT_CHARS;
+    return Math.max(1, Math.min(MAX_OUTPUT_CHARS, Math.floor(value)));
+}
+export class UnifiedExecManager {
+    constructor() {
+        this.sessions = new Map();
+        this.nextSessionId = 1;
+    }
+    async execCommand(input) {
+        const command = input.command?.trim();
+        if (!command) {
+            throw new Error("exec_command requires a non-empty command.");
+        }
+        const session = this.createSession(command, input);
+        await this.waitForUpdate(session, normalizeYieldTimeMs(input.yieldTimeMs));
+        await this.waitForExitGrace(session);
+        return this.buildPollResult(session, normalizeMaxOutputChars(input.maxOutputChars));
+    }
+    async writeStdin(input) {
+        const session = this.sessions.get(input.sessionId);
+        if (!session) {
+            throw new Error(`exec session not found: ${input.sessionId}`);
+        }
+        if (input.chars && session.running) {
+            try {
+                session.child.stdin?.write(input.chars);
+            }
+            catch (error) {
+                throw new Error(`Failed to write to exec session ${input.sessionId}: ${error instanceof Error ? error.message : String(error)}`);
+            }
+        }
+        await this.waitForUpdate(session, normalizeYieldTimeMs(input.yieldTimeMs));
+        await this.waitForExitGrace(session);
+        return this.buildPollResult(session, normalizeMaxOutputChars(input.maxOutputChars));
+    }
+    dispose() {
+        for (const session of this.sessions.values()) {
+            if (session.cleanupTimer) {
+                clearTimeout(session.cleanupTimer);
+                session.cleanupTimer = undefined;
+            }
+            if (session.running && session.child.pid) {
+                killProcessTree(session.child.pid);
+            }
+            session.waiters.clear();
+        }
+        this.sessions.clear();
+    }
+    createSession(command, input) {
+        const invocation = this.resolveInvocation(command, input);
+        const child = spawn(invocation.command, invocation.args, {
+            cwd: input.cwd ? resolve(input.cwd) : undefined,
+            env: getShellEnv(),
+            detached: true,
+            stdio: ["pipe", "pipe", "pipe"],
+        });
+        const session = {
+            id: this.nextSessionId++,
+            child,
+            usesPty: invocation.usesPty,
+            pendingOutput: [],
+            pendingChars: 0,
+            running: true,
+            exitCode: null,
+            waiters: new Set(),
+        };
+        this.sessions.set(session.id, session);
+        const stdoutDecoder = new TextDecoder();
+        const stderrDecoder = new TextDecoder();
+        const pushOutput = (raw, decoder) => {
+            let text = sanitizeBinaryOutput(stripAnsi(decoder.decode(raw, { stream: true }))).replace(/\r/g, "");
+            if (session.usesPty) {
+                text = text.replace(/\^D\x08\x08/g, "");
+            }
+            if (!text)
+                return;
+            this.appendOutput(session, text);
+        };
+        child.stdout?.on("data", (raw) => pushOutput(raw, stdoutDecoder));
+        child.stderr?.on("data", (raw) => pushOutput(raw, stderrDecoder));
+        child.on("error", (error) => {
+            this.appendOutput(session, `\n[exec error] ${error.message}\n`);
+        });
+        child.on("close", (code) => {
+            session.running = false;
+            session.exitCode = code ?? null;
+            this.notify(session);
+            session.cleanupTimer = setTimeout(() => {
+                this.sessions.delete(session.id);
+            }, FINISHED_SESSION_TTL_MS);
+            session.cleanupTimer.unref();
+        });
+        return session;
+    }
+    appendOutput(session, chunk) {
+        session.pendingOutput.push(chunk);
+        session.pendingChars += chunk.length;
+        while (session.pendingChars > MAX_PENDING_OUTPUT_CHARS && session.pendingOutput.length > 1) {
+            const removed = session.pendingOutput.shift();
+            if (!removed)
+                break;
+            session.pendingChars -= removed.length;
+        }
+        this.notify(session);
+    }
+    notify(session) {
+        if (session.waiters.size === 0)
+            return;
+        const waiters = Array.from(session.waiters);
+        session.waiters.clear();
+        for (const resolveWaiter of waiters) {
+            resolveWaiter();
+        }
+    }
+    async waitForUpdate(session, timeoutMs) {
+        if (!session.running || session.pendingChars > 0 || timeoutMs <= 0) {
+            return;
+        }
+        await new Promise((resolveWait) => {
+            const onUpdate = () => {
+                if (timer)
+                    clearTimeout(timer);
+                resolveWait();
+            };
+            const timer = setTimeout(() => {
+                session.waiters.delete(onUpdate);
+                resolveWait();
+            }, timeoutMs);
+            session.waiters.add(onUpdate);
+        });
+    }
+    async waitForExitGrace(session) {
+        if (!session.running)
+            return;
+        await this.waitForClose(session, EXIT_GRACE_TIME_MS);
+    }
+    async waitForClose(session, timeoutMs) {
+        if (!session.running || timeoutMs <= 0)
+            return;
+        await new Promise((resolveWait) => {
+            const onUpdate = () => {
+                if (!session.running) {
+                    if (timer)
+                        clearTimeout(timer);
+                    session.waiters.delete(onUpdate);
+                    resolveWait();
+                }
+            };
+            const timer = setTimeout(() => {
+                session.waiters.delete(onUpdate);
+                resolveWait();
+            }, timeoutMs);
+            session.waiters.add(onUpdate);
+        });
+    }
+    drainOutput(session, maxOutputChars) {
+        const combined = session.pendingOutput.join("");
+        session.pendingOutput = [];
+        session.pendingChars = 0;
+        if (combined.length <= maxOutputChars)
+            return combined;
+        return combined.slice(combined.length - maxOutputChars);
+    }
+    buildPollResult(session, maxOutputChars) {
+        const output = this.drainOutput(session, maxOutputChars);
+        if (session.running) {
+            return {
+                output,
+                running: true,
+                sessionId: session.id,
+            };
+        }
+        if (session.cleanupTimer) {
+            clearTimeout(session.cleanupTimer);
+            session.cleanupTimer = undefined;
+        }
+        this.sessions.delete(session.id);
+        return {
+            output,
+            running: false,
+            exitCode: session.exitCode,
+        };
+    }
+    resolveInvocation(command, input) {
+        const shellConfig = getShellConfig();
+        const shell = typeof input.shell === "string" && input.shell.trim().length > 0 ? input.shell.trim() : shellConfig.shell;
+        const shellArgs = this.buildShellArgs(command, input.login, shellConfig.args);
+        if (!input.tty) {
+            return {
+                command: shell,
+                args: shellArgs,
+                usesPty: false,
+            };
+        }
+        if (process.platform === "win32") {
+            throw new Error("exec_command tty=true is not supported on Windows.");
+        }
+        const ptyBridgeBin = process.env.IOSM_EXEC_PTY_BRIDGE_BIN?.trim() || DEFAULT_PTY_BRIDGE_BIN;
+        return {
+            command: ptyBridgeBin,
+            args: ["-u", "-c", PYTHON_PTY_BRIDGE_SCRIPT, shell, ...shellArgs],
+            usesPty: true,
+        };
+    }
+    buildShellArgs(command, login, defaultArgs) {
+        if (login === true) {
+            return ["-l", "-c", command];
+        }
+        if (login === false) {
+            return ["-c", command];
+        }
+        return [...defaultArgs, command];
+    }
+}
+//# sourceMappingURL=unified-exec.js.map

package/dist/core/unified-exec.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"unified-exec.js","sourceRoot":"","sources":["../../src/core/unified-exec.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAqB,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,SAAS,MAAM,YAAY,CAAC;AACnC,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AAEvG,MAAM,qBAAqB,GAAG,IAAI,CAAC;AACnC,MAAM,iBAAiB,GAAG,MAAM,CAAC;AACjC,MAAM,wBAAwB,GAAG,MAAM,CAAC;AACxC,MAAM,gBAAgB,GAAG,OAAO,CAAC;AACjC,MAAM,wBAAwB,GAAG,SAAS,CAAC;AAC3C,MAAM,uBAAuB,GAAG,CAAC,GAAG,MAAM,CAAC;AAC3C,MAAM,kBAAkB,GAAG,EAAE,CAAC;AAC9B,MAAM,sBAAsB,GAAG,SAAS,CAAC;AAEzC,MAAM,wBAAwB,GAAG,MAAM,CAAC,GAAG,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kEAmDuB,CAAC;AAsCnE,SAAS,oBAAoB,CAAC,KAAyB;IACtD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;QAAE,OAAO,qBAAqB,CAAC;IACnF,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,iBAAiB,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACpE,CAAC;AAED,SAAS,uBAAuB,CAAC,KAAyB;IACzD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;QAAE,OAAO,wBAAwB,CAAC;IACtF,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,gBAAgB,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnE,CAAC;AAED,MAAM,OAAO,kBAAkB;IAA/B;QACS,aAAQ,GAAG,IAAI,GAAG,EAA8B,CAAC;QACjD,kBAAa,GAAG,CAAC,CAAC;IA+N3B,CAAC;IA7NA,KAAK,CAAC,WAAW,CAAC,KAA0B;QAC3C,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC;QACtC,IAAI,CAAC,OAAO,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACnD,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,oBAAoB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC;QAC3E,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,uBAAuB,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC;IACrF,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,KAA4B;QAC5C,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACnD,IAAI,CAAC,OAAO,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,2BAA2B,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;QAC/D,CAAC;QAED,IAAI,KAAK,CAAC,KAAK,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpC,IAAI,CAAC;gBACJ,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACzC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CAAC,mCAAmC,KAAK,CAAC,SAAS,KAAK,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAClI,CAAC;QACF,CAAC;QAED,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,oBAAoB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC;QAC3E,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,uBAAuB,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC;IACrF,CAAC;IAED,OAAO;QACN,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;YAC9C,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;gBAC1B,YAAY,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;gBACnC,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC;YAClC,CAAC;YACD,IAAI,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;gBAC1C,eAAe,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YACD,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACzB,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;IAEO,aAAa,CAAC,OAAe,EAAE,KAA0B;QAChE,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC1D,MAAM,KAAK,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO,EAAE,UAAU,CAAC,IAAI,EAAE;YACxD,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;YAC/C,GAAG,EAAE,WAAW,EAAE;YAClB,QAAQ,EAAE,IAAI;YACd,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAC/B,CAAC,CAAC;QAEH,MAAM,OAAO,GAAuB;YACnC,EAAE,EAAE,IAAI,CAAC,aAAa,EAAE;YACxB,KAAK;YACL,OAAO,EAAE,UAAU,CAAC,OAAO;YAC3B,aAAa,EAAE,EAAE;YACjB,YAAY,EAAE,CAAC;YACf,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,IAAI;YACd,OAAO,EAAE,IAAI,GAAG,EAAE;SAClB,CAAC;QACF,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAEvC,MAAM,aAAa,GAAG,IAAI,WAAW,EAAE,CAAC;QACxC,MAAM,aAAa,GAAG,IAAI,WAAW,EAAE,CAAC;QACxC,MAAM,UAAU,GAAG,CAAC,GAAW,EAAE,OAAyC,EAAQ,EAAE;YACnF,IAAI,IAAI,GAAG,oBAAoB,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACrG,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;gBACrB,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;YACzC,CAAC;YACD,IAAI,CAAC,IAAI;gBAAE,OAAO;YAClB,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAClC,CAAC,CAAC;QAEF,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,GAAW,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC,CAAC;QAC1E,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,GAAW,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC,CAAC;QAC1E,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;YAC3B,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,kBAAkB,KAAK,CAAC,OAAO,IAAI,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YAC1B,OAAO,CAAC,OAAO,GAAG,KAAK,CAAC;YACxB,OAAO,CAAC,QAAQ,GAAG,IAAI,IAAI,IAAI,CAAC;YAChC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACrB,OAAO,CAAC,YAAY,GAAG,UAAU,CAAC,GAAG,EAAE;gBACtC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YAClC,CAAC,EAAE,uBAAuB,CAAC,CAAC;YAC5B,OAAO,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;QAC9B,CAAC,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IAChB,CAAC;IAEO,YAAY,CAAC,OAA2B,EAAE,KAAa;QAC9D,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClC,OAAO,CAAC,YAAY,IAAI,KAAK,CAAC,MAAM,CAAC;QACrC,OAAO,OAAO,CAAC,YAAY,GAAG,wBAAwB,IAAI,OAAO,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5F,MAAM,OAAO,GAAG,OAAO,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;YAC9C,IAAI,CAAC,OAAO;gBAAE,MAAM;YACpB,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;QACxC,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACtB,CAAC;IAEO,MAAM,CAAC,OAA2B;QACzC,IAAI,OAAO,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC;YAAE,OAAO;QACvC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5C,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACxB,KAAK,MAAM,aAAa,IAAI,OAAO,EAAE,CAAC;YACrC,aAAa,EAAE,CAAC;QACjB,CAAC;IACF,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,OAA2B,EAAE,SAAiB;QACzE,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,YAAY,GAAG,CAAC,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;YACpE,OAAO;QACR,CAAC;QACD,MAAM,IAAI,OAAO,CAAO,CAAC,WAAW,EAAE,EAAE;YACvC,MAAM,QAAQ,GAAG,GAAG,EAAE;gBACrB,IAAI,KAAK;oBAAE,YAAY,CAAC,KAAK,CAAC,CAAC;gBAC/B,WAAW,EAAE,CAAC;YACf,CAAC,CAAC;YACF,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC7B,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;gBACjC,WAAW,EAAE,CAAC;YACf,CAAC,EAAE,SAAS,CAAC,CAAC;YACd,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,OAA2B;QACzD,IAAI,CAAC,OAAO,CAAC,OAAO;YAAE,OAAO;QAC7B,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;IACtD,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,OAA2B,EAAE,SAAiB;QACxE,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,SAAS,IAAI,CAAC;YAAE,OAAO;QAC/C,MAAM,IAAI,OAAO,CAAO,CAAC,WAAW,EAAE,EAAE;YACvC,MAAM,QAAQ,GAAG,GAAG,EAAE;gBACrB,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;oBACtB,IAAI,KAAK;wBAAE,YAAY,CAAC,KAAK,CAAC,CAAC;oBAC/B,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;oBACjC,WAAW,EAAE,CAAC;gBACf,CAAC;YACF,CAAC,CAAC;YACF,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC7B,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;gBACjC,WAAW,EAAE,CAAC;YACf,CAAC,EAAE,SAAS,CAAC,CAAC;YACd,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;IACJ,CAAC;IAEO,WAAW,CAAC,OAA2B,EAAE,cAAsB;QACtE,MAAM,QAAQ,GAAG,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAChD,OAAO,CAAC,aAAa,GAAG,EAAE,CAAC;QAC3B,OAAO,CAAC,YAAY,GAAG,CAAC,CAAC;QACzB,IAAI,QAAQ,CAAC,MAAM,IAAI,cAAc;YAAE,OAAO,QAAQ,CAAC;QACvD,OAAO,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,cAAc,CAAC,CAAC;IACzD,CAAC;IAEO,eAAe,CAAC,OAA2B,EAAE,cAAsB;QAC1E,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;QACzD,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACrB,OAAO;gBACN,MAAM;gBACN,OAAO,EAAE,IAAI;gBACb,SAAS,EAAE,OAAO,CAAC,EAAE;aACrB,CAAC;QACH,CAAC;QACD,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;YAC1B,YAAY,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YACnC,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC;QAClC,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACjC,OAAO;YACN,MAAM;YACN,OAAO,EAAE,KAAK;YACd,QAAQ,EAAE,OAAO,CAAC,QAAQ;SAC1B,CAAC;IACH,CAAC;IAEO,iBAAiB,CACxB,OAAe,EACf,KAA0B;QAE1B,MAAM,WAAW,GAAG,cAAc,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC;QACxH,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC;QAE9E,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;YAChB,OAAO;gBACN,OAAO,EAAE,KAAK;gBACd,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,KAAK;aACd,CAAC;QACH,CAAC;QAED,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACvE,CAAC;QAED,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,IAAI,EAAE,IAAI,sBAAsB,CAAC;QAC5F,OAAO;YACN,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,wBAAwB,EAAE,KAAK,EAAE,GAAG,SAAS,CAAC;YACjE,OAAO,EAAE,IAAI;SACb,CAAC;IACH,CAAC;IAEO,cAAc,CAAC,OAAe,EAAE,KAA0B,EAAE,WAAqB;QACxF,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACpB,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QAC9B,CAAC;QACD,IAAI,KAAK,KAAK,KAAK,EAAE,CAAC;YACrB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACxB,CAAC;QACD,OAAO,CAAC,GAAG,WAAW,EAAE,OAAO,CAAC,CAAC;IAClC,CAAC;CACD","sourcesContent":["import { spawn, type ChildProcess } from \"node:child_process\";\nimport { resolve } from \"node:path\";\nimport stripAnsi from \"strip-ansi\";\nimport { getShellConfig, getShellEnv, killProcessTree, sanitizeBinaryOutput } from \"../utils/shell.js\";\n\nconst DEFAULT_YIELD_TIME_MS = 1000;\nconst MAX_YIELD_TIME_MS = 60_000;\nconst DEFAULT_MAX_OUTPUT_CHARS = 12_000;\nconst MAX_OUTPUT_CHARS = 250_000;\nconst MAX_PENDING_OUTPUT_CHARS = 1_000_000;\nconst FINISHED_SESSION_TTL_MS = 5 * 60_000;\nconst EXIT_GRACE_TIME_MS = 75;\nconst DEFAULT_PTY_BRIDGE_BIN = \"python3\";\n\nconst PYTHON_PTY_BRIDGE_SCRIPT = String.raw`import os\nimport pty\nimport select\nimport subprocess\nimport sys\n\nif len(sys.argv) < 2:\n\tprint(\"pty bridge requires shell command arguments\", file=sys.stderr)\n\tsys.exit(2)\n\ncommand = sys.argv[1:]\nmaster_fd, slave_fd = pty.openpty()\nchild = subprocess.Popen(command, stdin=slave_fd, stdout=slave_fd, stderr=slave_fd)\nos.close(slave_fd)\n\nstdin_fd = sys.stdin.fileno()\nstdout_fd = sys.stdout.fileno()\nstdin_open = True\n\nwhile True:\n\treaders = [master_fd]\n\tif stdin_open:\n\t\treaders.append(stdin_fd)\n\treadable, _, _ = select.select(readers, [], [], 0.05)\n\n\tif master_fd in readable:\n\t\ttry:\n\t\t\tchunk = os.read(master_fd, 4096)\n\t\texcept OSError:\n\t\t\tchunk = b\"\"\n\t\tif chunk:\n\t\t\tos.write(stdout_fd, chunk)\n\n\tif stdin_open and stdin_fd in readable:\n\t\tinput_chunk = os.read(stdin_fd, 4096)\n\t\tif input_chunk:\n\t\t\tos.write(master_fd, input_chunk)\n\t\telse:\n\t\t\tstdin_open = False\n\n\tif child.poll() is not None:\n\t\twhile True:\n\t\t\ttry:\n\t\t\t\tchunk = os.read(master_fd, 4096)\n\t\t\texcept OSError:\n\t\t\t\tchunk = b\"\"\n\t\t\tif not chunk:\n\t\t\t\tbreak\n\t\t\tos.write(stdout_fd, chunk)\n\t\tbreak\n\nsys.exit(child.returncode if child.returncode is not None else 0)`;\n\nexport interface UnifiedExecRunInput {\n\tcommand: string;\n\tcwd?: string;\n\ttty?: boolean;\n\tshell?: string;\n\tlogin?: boolean;\n\tyieldTimeMs?: number;\n\tmaxOutputChars?: number;\n}\n\nexport interface UnifiedExecWriteInput {\n\tsessionId: number;\n\tchars?: string;\n\tyieldTimeMs?: number;\n\tmaxOutputChars?: number;\n}\n\nexport interface UnifiedExecPollResult {\n\toutput: string;\n\trunning: boolean;\n\tsessionId?: number;\n\texitCode?: number | null;\n}\n\ninterface UnifiedExecSession {\n\tid: number;\n\tchild: ChildProcess;\n\tusesPty: boolean;\n\tpendingOutput: string[];\n\tpendingChars: number;\n\trunning: boolean;\n\texitCode: number | null;\n\twaiters: Set<() => void>;\n\tcleanupTimer?: NodeJS.Timeout;\n}\n\nfunction normalizeYieldTimeMs(value: number | undefined): number {\n\tif (typeof value !== \"number\" || Number.isNaN(value)) return DEFAULT_YIELD_TIME_MS;\n\treturn Math.max(0, Math.min(MAX_YIELD_TIME_MS, Math.floor(value)));\n}\n\nfunction normalizeMaxOutputChars(value: number | undefined): number {\n\tif (typeof value !== \"number\" || Number.isNaN(value)) return DEFAULT_MAX_OUTPUT_CHARS;\n\treturn Math.max(1, Math.min(MAX_OUTPUT_CHARS, Math.floor(value)));\n}\n\nexport class UnifiedExecManager {\n\tprivate sessions = new Map<number, UnifiedExecSession>();\n\tprivate nextSessionId = 1;\n\n\tasync execCommand(input: UnifiedExecRunInput): Promise<UnifiedExecPollResult> {\n\t\tconst command = input.command?.trim();\n\t\tif (!command) {\n\t\t\tthrow new Error(\"exec_command requires a non-empty command.\");\n\t\t}\n\n\t\tconst session = this.createSession(command, input);\n\t\tawait this.waitForUpdate(session, normalizeYieldTimeMs(input.yieldTimeMs));\n\t\tawait this.waitForExitGrace(session);\n\t\treturn this.buildPollResult(session, normalizeMaxOutputChars(input.maxOutputChars));\n\t}\n\n\tasync writeStdin(input: UnifiedExecWriteInput): Promise<UnifiedExecPollResult> {\n\t\tconst session = this.sessions.get(input.sessionId);\n\t\tif (!session) {\n\t\t\tthrow new Error(`exec session not found: ${input.sessionId}`);\n\t\t}\n\n\t\tif (input.chars && session.running) {\n\t\t\ttry {\n\t\t\t\tsession.child.stdin?.write(input.chars);\n\t\t\t} catch (error) {\n\t\t\t\tthrow new Error(`Failed to write to exec session ${input.sessionId}: ${error instanceof Error ? error.message : String(error)}`);\n\t\t\t}\n\t\t}\n\n\t\tawait this.waitForUpdate(session, normalizeYieldTimeMs(input.yieldTimeMs));\n\t\tawait this.waitForExitGrace(session);\n\t\treturn this.buildPollResult(session, normalizeMaxOutputChars(input.maxOutputChars));\n\t}\n\n\tdispose(): void {\n\t\tfor (const session of this.sessions.values()) {\n\t\t\tif (session.cleanupTimer) {\n\t\t\t\tclearTimeout(session.cleanupTimer);\n\t\t\t\tsession.cleanupTimer = undefined;\n\t\t\t}\n\t\t\tif (session.running && session.child.pid) {\n\t\t\t\tkillProcessTree(session.child.pid);\n\t\t\t}\n\t\t\tsession.waiters.clear();\n\t\t}\n\t\tthis.sessions.clear();\n\t}\n\n\tprivate createSession(command: string, input: UnifiedExecRunInput): UnifiedExecSession {\n\t\tconst invocation = this.resolveInvocation(command, input);\n\t\tconst child = spawn(invocation.command, invocation.args, {\n\t\t\tcwd: input.cwd ? resolve(input.cwd) : undefined,\n\t\t\tenv: getShellEnv(),\n\t\t\tdetached: true,\n\t\t\tstdio: [\"pipe\", \"pipe\", \"pipe\"],\n\t\t});\n\n\t\tconst session: UnifiedExecSession = {\n\t\t\tid: this.nextSessionId++,\n\t\t\tchild,\n\t\t\tusesPty: invocation.usesPty,\n\t\t\tpendingOutput: [],\n\t\t\tpendingChars: 0,\n\t\t\trunning: true,\n\t\t\texitCode: null,\n\t\t\twaiters: new Set(),\n\t\t};\n\t\tthis.sessions.set(session.id, session);\n\n\t\tconst stdoutDecoder = new TextDecoder();\n\t\tconst stderrDecoder = new TextDecoder();\n\t\tconst pushOutput = (raw: Buffer, decoder: InstanceType<typeof TextDecoder>): void => {\n\t\t\tlet text = sanitizeBinaryOutput(stripAnsi(decoder.decode(raw, { stream: true }))).replace(/\\r/g, \"\");\n\t\t\tif (session.usesPty) {\n\t\t\t\ttext = text.replace(/\\^D\\x08\\x08/g, \"\");\n\t\t\t}\n\t\t\tif (!text) return;\n\t\t\tthis.appendOutput(session, text);\n\t\t};\n\n\t\tchild.stdout?.on(\"data\", (raw: Buffer) => pushOutput(raw, stdoutDecoder));\n\t\tchild.stderr?.on(\"data\", (raw: Buffer) => pushOutput(raw, stderrDecoder));\n\t\tchild.on(\"error\", (error) => {\n\t\t\tthis.appendOutput(session, `\\n[exec error] ${error.message}\\n`);\n\t\t});\n\t\tchild.on(\"close\", (code) => {\n\t\t\tsession.running = false;\n\t\t\tsession.exitCode = code ?? null;\n\t\t\tthis.notify(session);\n\t\t\tsession.cleanupTimer = setTimeout(() => {\n\t\t\t\tthis.sessions.delete(session.id);\n\t\t\t}, FINISHED_SESSION_TTL_MS);\n\t\t\tsession.cleanupTimer.unref();\n\t\t});\n\n\t\treturn session;\n\t}\n\n\tprivate appendOutput(session: UnifiedExecSession, chunk: string): void {\n\t\tsession.pendingOutput.push(chunk);\n\t\tsession.pendingChars += chunk.length;\n\t\twhile (session.pendingChars > MAX_PENDING_OUTPUT_CHARS && session.pendingOutput.length > 1) {\n\t\t\tconst removed = session.pendingOutput.shift();\n\t\t\tif (!removed) break;\n\t\t\tsession.pendingChars -= removed.length;\n\t\t}\n\t\tthis.notify(session);\n\t}\n\n\tprivate notify(session: UnifiedExecSession): void {\n\t\tif (session.waiters.size === 0) return;\n\t\tconst waiters = Array.from(session.waiters);\n\t\tsession.waiters.clear();\n\t\tfor (const resolveWaiter of waiters) {\n\t\t\tresolveWaiter();\n\t\t}\n\t}\n\n\tprivate async waitForUpdate(session: UnifiedExecSession, timeoutMs: number): Promise<void> {\n\t\tif (!session.running || session.pendingChars > 0 || timeoutMs <= 0) {\n\t\t\treturn;\n\t\t}\n\t\tawait new Promise<void>((resolveWait) => {\n\t\t\tconst onUpdate = () => {\n\t\t\t\tif (timer) clearTimeout(timer);\n\t\t\t\tresolveWait();\n\t\t\t};\n\t\t\tconst timer = setTimeout(() => {\n\t\t\t\tsession.waiters.delete(onUpdate);\n\t\t\t\tresolveWait();\n\t\t\t}, timeoutMs);\n\t\t\tsession.waiters.add(onUpdate);\n\t\t});\n\t}\n\n\tprivate async waitForExitGrace(session: UnifiedExecSession): Promise<void> {\n\t\tif (!session.running) return;\n\t\tawait this.waitForClose(session, EXIT_GRACE_TIME_MS);\n\t}\n\n\tprivate async waitForClose(session: UnifiedExecSession, timeoutMs: number): Promise<void> {\n\t\tif (!session.running || timeoutMs <= 0) return;\n\t\tawait new Promise<void>((resolveWait) => {\n\t\t\tconst onUpdate = () => {\n\t\t\t\tif (!session.running) {\n\t\t\t\t\tif (timer) clearTimeout(timer);\n\t\t\t\t\tsession.waiters.delete(onUpdate);\n\t\t\t\t\tresolveWait();\n\t\t\t\t}\n\t\t\t};\n\t\t\tconst timer = setTimeout(() => {\n\t\t\t\tsession.waiters.delete(onUpdate);\n\t\t\t\tresolveWait();\n\t\t\t}, timeoutMs);\n\t\t\tsession.waiters.add(onUpdate);\n\t\t});\n\t}\n\n\tprivate drainOutput(session: UnifiedExecSession, maxOutputChars: number): string {\n\t\tconst combined = session.pendingOutput.join(\"\");\n\t\tsession.pendingOutput = [];\n\t\tsession.pendingChars = 0;\n\t\tif (combined.length <= maxOutputChars) return combined;\n\t\treturn combined.slice(combined.length - maxOutputChars);\n\t}\n\n\tprivate buildPollResult(session: UnifiedExecSession, maxOutputChars: number): UnifiedExecPollResult {\n\t\tconst output = this.drainOutput(session, maxOutputChars);\n\t\tif (session.running) {\n\t\t\treturn {\n\t\t\t\toutput,\n\t\t\t\trunning: true,\n\t\t\t\tsessionId: session.id,\n\t\t\t};\n\t\t}\n\t\tif (session.cleanupTimer) {\n\t\t\tclearTimeout(session.cleanupTimer);\n\t\t\tsession.cleanupTimer = undefined;\n\t\t}\n\t\tthis.sessions.delete(session.id);\n\t\treturn {\n\t\t\toutput,\n\t\t\trunning: false,\n\t\t\texitCode: session.exitCode,\n\t\t};\n\t}\n\n\tprivate resolveInvocation(\n\t\tcommand: string,\n\t\tinput: UnifiedExecRunInput,\n\t): { command: string; args: string[]; usesPty: boolean } {\n\t\tconst shellConfig = getShellConfig();\n\t\tconst shell = typeof input.shell === \"string\" && input.shell.trim().length > 0 ? input.shell.trim() : shellConfig.shell;\n\t\tconst shellArgs = this.buildShellArgs(command, input.login, shellConfig.args);\n\n\t\tif (!input.tty) {\n\t\t\treturn {\n\t\t\t\tcommand: shell,\n\t\t\t\targs: shellArgs,\n\t\t\t\tusesPty: false,\n\t\t\t};\n\t\t}\n\n\t\tif (process.platform === \"win32\") {\n\t\t\tthrow new Error(\"exec_command tty=true is not supported on Windows.\");\n\t\t}\n\n\t\tconst ptyBridgeBin = process.env.IOSM_EXEC_PTY_BRIDGE_BIN?.trim() || DEFAULT_PTY_BRIDGE_BIN;\n\t\treturn {\n\t\t\tcommand: ptyBridgeBin,\n\t\t\targs: [\"-u\", \"-c\", PYTHON_PTY_BRIDGE_SCRIPT, shell, ...shellArgs],\n\t\t\tusesPty: true,\n\t\t};\n\t}\n\n\tprivate buildShellArgs(command: string, login: boolean | undefined, defaultArgs: string[]): string[] {\n\t\tif (login === true) {\n\t\t\treturn [\"-l\", \"-c\", command];\n\t\t}\n\t\tif (login === false) {\n\t\t\treturn [\"-c\", command];\n\t\t}\n\t\treturn [...defaultArgs, command];\n\t}\n}\n"]}

package/dist/main.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"main.d.ts","sourceRoot":"","sources":["../src/main.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;~~AAyqDH~~,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,~~iBA6SxC~~"}
1	+ {"version":3,"file":"main.d.ts","sourceRoot":"","sources":["../src/main.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AA2uDH,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,iBAmUxC"}

package/dist/main.js CHANGED Viewed

@@ -24,6 +24,7 @@ import { loadModelsDevProviderCatalog } from "./core/models-dev-provider-catalog
 import { getMcpCommandHelp, getMergedServerByName, loadMergedMcpConfig, McpRuntime, parseMcpAddCommand, parseMcpTargetCommand, } from "./core/mcp/index.js";
 import { getSemanticCommandHelp, parseSemanticCliCommand, SemanticConfigMissingError, SemanticIndexRequiredError, SemanticRebuildRequiredError, SemanticSearchRuntime, } from "./core/semantic/index.js";
 import { DefaultPackageManager } from "./core/package-manager.js";
+import { PolicyEngineV2 } from "./core/policy/index.js";
 import { DefaultResourceLoader } from "./core/resource-loader.js";
 import { createAgentSession } from "./core/sdk.js";
 import { getProfileNames, isValidProfileName } from "./core/agent-profiles.js";
@@ -32,7 +33,7 @@ import { SettingsManager } from "./core/settings-manager.js";
 import { printTimings, time } from "./core/timings.js";
 import { allTools } from "./core/tools/index.js";
 import { runMigrations, showDeprecationWarnings } from "./migrations.js";
-import { InteractiveMode, runPrintMode, runRpcMode, runTelegramBridgeMode } from "./modes/index.js";
+import { InteractiveMode, runAcpMode, runPrintMode, runRpcMode, runTelegramBridgeMode } from "./modes/index.js";
 import { initTheme, stopThemeWatcher } from "./modes/interactive/theme/theme.js";
 import { buildIosmAgentVerificationPrompt, buildIosmGuideAuthoringPrompt, buildIosmPriorityChecklist, createMetricSnapshot, extractAssistantText, formatMetricSnapshot, getIosmGuidePath, initIosmWorkspace, inspectIosmCycle, listIosmCycles, planIosmCycle, readIosmCycleReport, recordIosmCycleHistory, normalizeIosmGuideMarkdown, writeIosmGuideDocument, } from "./iosm/index.js";
 /**
@@ -199,6 +200,7 @@ Install a package and add it to settings.
 Options:
   -l, --local    Install project-locally (${CONFIG_DIR_NAME}/settings.json)
+  --yes-trust    Non-interactive trust override for source/integrity checks
 Examples:
   ${APP_NAME} install npm:@foo/bar
@@ -228,6 +230,9 @@ Example:
 Update installed packages.
 If <source> is provided, only that package is updated.
+Options:
+  --yes-trust    Non-interactive trust override for source/integrity checks
 `);
             return;
         case "list":
@@ -246,6 +251,7 @@ function parsePackageCommand(args) {
     }
     let local = false;
     let help = false;
+    let yesTrust = false;
     let invalidOption;
     let source;
     for (const arg of rest) {
@@ -262,6 +268,10 @@ function parsePackageCommand(args) {
             }
             continue;
         }
+        if (arg === "--yes-trust") {
+            yesTrust = true;
+            continue;
+        }
         if (arg.startsWith("-")) {
             invalidOption = invalidOption ?? arg;
             continue;
@@ -270,7 +280,26 @@ function parsePackageCommand(args) {
             source = arg;
         }
     }
-    return { command, source, local, help, invalidOption };
+    return { command, source, local, help, yesTrust, invalidOption };
+}
+async function requestTrustConsentFromTerminal(question) {
+    if (!process.stdin.isTTY || !process.stdout.isTTY) {
+        return false;
+    }
+    const rl = createInterface({
+        input: process.stdin,
+        output: process.stdout,
+    });
+    try {
+        const answer = await new Promise((resolve) => {
+            rl.question(`${question} [y/N] `, resolve);
+        });
+        const normalized = answer.trim().toLowerCase();
+        return normalized === "y" || normalized === "yes";
+    }
+    finally {
+        rl.close();
+    }
 }
 async function handlePackageCommand(args) {
     const options = parsePackageCommand(args);
@@ -298,7 +327,25 @@ async function handlePackageCommand(args) {
     const agentDir = getAgentDir();
     const settingsManager = SettingsManager.create(cwd, agentDir);
     reportSettingsErrors(settingsManager, "package command");
-    const packageManager = new DefaultPackageManager({ cwd, agentDir, settingsManager });
+    const policyEngine = new PolicyEngineV2({ cwd, agentDir, settingsManager });
+    const packageManager = new DefaultPackageManager({
+        cwd,
+        agentDir,
+        settingsManager,
+        allowedSourceHosts: policyEngine.getAllowedSourceHosts(),
+        allowNonInteractiveTrustOverride: options.yesTrust,
+        trustConsentProvider: async (request) => {
+            if (options.yesTrust)
+                return true;
+            if (!process.stdin.isTTY || !process.stdout.isTTY) {
+                return false;
+            }
+            const reasonLabel = request.reason === "fingerprint-change"
+                ? `fingerprint changed (${request.previousFingerprint ?? "unknown"} -> ${request.fingerprint})`
+                : `new source fingerprint ${request.fingerprint}`;
+            return requestTrustConsentFromTerminal(`Trust ${request.sourceType} source "${request.source}" on host ${request.host} (${reasonLabel})?`);
+        },
+    });
     packageManager.setProgressCallback((event) => {
         if (event.type === "start") {
             process.stdout.write(chalk.dim(`${event.message}\n`));
@@ -1113,7 +1160,19 @@ async function handleConfigCommand(args) {
     const agentDir = getAgentDir();
     const settingsManager = SettingsManager.create(cwd, agentDir);
     reportSettingsErrors(settingsManager, "config command");
-    const packageManager = new DefaultPackageManager({ cwd, agentDir, settingsManager });
+    const policyEngine = new PolicyEngineV2({ cwd, agentDir, settingsManager });
+    const packageManager = new DefaultPackageManager({
+        cwd,
+        agentDir,
+        settingsManager,
+        allowedSourceHosts: policyEngine.getAllowedSourceHosts(),
+        trustConsentProvider: async (request) => {
+            const reasonLabel = request.reason === "fingerprint-change"
+                ? `fingerprint changed (${request.previousFingerprint ?? "unknown"} -> ${request.fingerprint})`
+                : `new source fingerprint ${request.fingerprint}`;
+            return requestTrustConsentFromTerminal(`Trust ${request.sourceType} source "${request.source}" on host ${request.host} (${reasonLabel})?`);
+        },
+    });
     const resolvedPaths = await packageManager.resolve();
     await selectConfig({
         resolvedPaths,
@@ -1487,6 +1546,7 @@ export async function main(args) {
     const agentDir = getAgentDir();
     const settingsManager = SettingsManager.create(cwd, agentDir);
     reportSettingsErrors(settingsManager, "startup");
+    const policyEngine = new PolicyEngineV2({ cwd, agentDir, settingsManager });
     const authStorage = AuthStorage.create();
     const modelRegistry = new ModelRegistry(authStorage, getModelsPath());
     await hydrateAuthenticatedProviderModelsOnStartup(modelRegistry);
@@ -1552,8 +1612,8 @@ export async function main(args) {
         });
         return;
     }
-    // Read piped stdin content (if any) - skip for RPC mode which uses stdin for JSON-RPC
-    if (parsed.mode !== "rpc") {
+    // Read piped stdin content (if any) - skip for RPC/ACP modes which use stdin for protocol transport
+    if (parsed.mode !== "rpc" && parsed.mode !== "acp") {
         const stdinContent = await readPipedStdin();
         if (stdinContent !== undefined) {
             // Force print mode since interactive mode requires a TTY for keyboard input
@@ -1576,13 +1636,15 @@ export async function main(args) {
         console.log(`Exported to: ${result}`);
         process.exit(0);
     }
-    if (parsed.mode === "rpc" && parsed.fileArgs.length > 0) {
-        console.error(chalk.red("Error: @file arguments are not supported in RPC mode"));
+    if ((parsed.mode === "rpc" || parsed.mode === "acp") && parsed.fileArgs.length > 0) {
+        console.error(chalk.red("Error: @file arguments are not supported in RPC/ACP mode"));
         process.exit(1);
     }
     const { initialMessage, initialImages } = await prepareInitialMessage(parsed, settingsManager.getImageAutoResize());
     const isInteractive = !parsed.print && parsed.mode === undefined;
     const mode = parsed.mode || "text";
+    const sandboxEnabled = parsed.sandbox ?? settingsManager.getSandboxEnabled();
+    process.env.IOSM_SANDBOX_ENABLED = sandboxEnabled ? "1" : "0";
     initTheme(settingsManager.getTheme(), isInteractive);
     // Show deprecation warnings in interactive mode
     if (isInteractive && deprecationWarnings.length > 0) {
@@ -1611,7 +1673,7 @@ export async function main(args) {
     sessionOptions.authStorage = authStorage;
     sessionOptions.modelRegistry = modelRegistry;
     sessionOptions.resourceLoader = resourceLoader;
-    sessionOptions.enableAskUserTool = isInteractive || mode === "rpc";
+    sessionOptions.enableAskUserTool = isInteractive || mode === "rpc" || mode === "acp";
     // Handle CLI --api-key as runtime override (not persisted)
     if (parsed.apiKey) {
         if (!sessionOptions.model) {
@@ -1621,12 +1683,19 @@ export async function main(args) {
         authStorage.setRuntimeApiKey(sessionOptions.model.provider, parsed.apiKey);
     }
     let mcpRuntime;
+    let sessionTraceSink;
     try {
         mcpRuntime = new McpRuntime({
             cwd,
             agentDir,
             clientName: APP_NAME,
             clientVersion: VERSION,
+            onPolicyDecision: (event) => {
+                sessionTraceSink?.appendRuntimeTrace("policy_decision", {
+                    scope: "mcp",
+                    ...event,
+                });
+            },
         });
         await mcpRuntime.refresh();
         printMcpConfigWarnings(mcpRuntime.getErrors());
@@ -1635,9 +1704,10 @@ export async function main(args) {
             sessionOptions.customTools = [...(sessionOptions.customTools ?? []), ...mcpTools];
         }
         const { session, modelFallbackMessage } = await createAgentSession(sessionOptions);
+        sessionTraceSink = session;
         // RPC mode must start even without a preselected model so remote clients
         // (for example Telegram bridge) can choose one later via /model.
-        if (!isInteractive && mode !== "rpc" && !session.model) {
+        if (!isInteractive && mode !== "rpc" && mode !== "acp" && !session.model) {
             console.error(chalk.red("No model selected."));
             console.error(chalk.yellow("\nSelect one explicitly:"));
             console.error(`  ${APP_NAME} --provider <provider> --model <model-id> ...`);
@@ -1662,7 +1732,18 @@ export async function main(args) {
             }
         }
         if (mode === "rpc") {
-            await runRpcMode(session);
+            await runRpcMode(session, {
+                mcpRuntime,
+                policyEngine,
+                profileName: sessionOptions.profile,
+            });
+        }
+        else if (mode === "acp") {
+            await runAcpMode(session, {
+                mcpRuntime,
+                policyEngine,
+                profileName: sessionOptions.profile,
+            });
         }
         else if (isInteractive) {
             if (scopedModels.length > 0 && (parsed.verbose || !settingsManager.getQuietStartup())) {
@@ -1685,6 +1766,7 @@ export async function main(args) {
                 planMode: parsed.plan,
                 profile: sessionOptions.profile,
                 mcpRuntime,
+                policyEngine,
             });
             await mode.run();
         }