kly 0.1.0

package/dist/bin/kly.mjs

@@ -0,0 +1,2888 @@
+#!/usr/bin/env bun
+import { dirname, join, relative, resolve } from "node:path";
+import * as clack from "@clack/prompts";
+import pc, { default as pc$1 } from "picocolors";
+import { existsSync, mkdirSync, readFileSync, readdirSync, rmSync, statSync, writeFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { exec, spawn } from "node:child_process";
+import { SandboxManager } from "@anthropic-ai/sandbox-runtime";
+import { promisify } from "node:util";
+import { createHash } from "node:crypto";
+
+//#region rolldown:runtime
+var __esmMin = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
+
+//#endregion
+//#region src/ai/models-dev.ts
+const MODELS_DEV_API = "https://models.dev/api.json";
+const CACHE_FILE = join(homedir(), ".kly", "models-cache.json");
+const CACHE_TTL = 1440 * 60 * 1e3;
+/**
+* Fetch models.dev data with caching
+*/
+async function fetchModelsDevData(forceRefresh = false) {
+	if (!forceRefresh && existsSync(CACHE_FILE)) try {
+		const cached = JSON.parse(readFileSync(CACHE_FILE, "utf-8"));
+		if (Date.now() - cached.timestamp < CACHE_TTL) return cached;
+	} catch (_error) {}
+	try {
+		const response = await fetch(MODELS_DEV_API);
+		if (!response.ok) return null;
+		const cachedData = {
+			providers: await response.json(),
+			timestamp: Date.now()
+		};
+		try {
+			writeFileSync(CACHE_FILE, JSON.stringify(cachedData, null, 2), "utf-8");
+		} catch (_error) {}
+		return cachedData;
+	} catch (_error) {
+		if (existsSync(CACHE_FILE)) try {
+			return JSON.parse(readFileSync(CACHE_FILE, "utf-8"));
+		} catch {}
+		return null;
+	}
+}
+/**
+* Map our provider IDs to models.dev IDs
+*/
+const PROVIDER_ID_MAP = {
+	openai: "openai",
+	anthropic: "anthropic",
+	google: "google",
+	deepseek: "deepseek",
+	groq: "groq",
+	mistral: "mistral",
+	cohere: "cohere",
+	ollama: "ollama"
+};
+/**
+* Get provider info by our internal provider ID
+*/
+function getProviderInfo(data, provider) {
+	const modelsDevId = PROVIDER_ID_MAP[provider];
+	if (!modelsDevId) return null;
+	return data.providers[modelsDevId] || null;
+}
+/**
+* Get all models for a provider
+*/
+function getProviderModels(data, provider) {
+	const providerInfo = getProviderInfo(data, provider);
+	if (!providerInfo) return [];
+	return Object.values(providerInfo.models);
+}
+/**
+* Get model info by ID
+*/
+function getModelInfo(data, provider, modelId) {
+	const providerInfo = getProviderInfo(data, provider);
+	if (!providerInfo) return null;
+	return providerInfo.models[modelId] || null;
+}
+/**
+* Format price for display
+*/
+function formatPrice(pricePerMillion) {
+	if (pricePerMillion === void 0) return "N/A";
+	if (pricePerMillion === 0) return "Free";
+	return pricePerMillion.toFixed(2).replace(/\.?0+$/, "");
+}
+/**
+* Format capabilities for display
+*/
+function formatCapabilities(model) {
+	const caps = [];
+	if (model.tool_call) caps.push("Tools");
+	if (model.reasoning) caps.push("Reasoning");
+	if (model.structured_output) caps.push("JSON");
+	if (model.attachment) caps.push("Files");
+	return caps;
+}
+
+//#endregion
+//#region src/ai/provider-config.ts
+/**
+* Provider configurations
+* Based on https://models.dev/api.json
+*/
+const PROVIDER_CONFIGS = {
+	openai: {
+		docURL: "https://platform.openai.com/docs",
+		description: "OpenAI's GPT models"
+	},
+	anthropic: {
+		docURL: "https://docs.anthropic.com",
+		description: "Anthropic's Claude models"
+	},
+	google: {
+		docURL: "https://ai.google.dev/docs",
+		description: "Google's Gemini models"
+	},
+	deepseek: {
+		docURL: "https://platform.deepseek.com/docs",
+		description: "DeepSeek's AI models"
+	},
+	groq: {
+		baseURL: "https://api.groq.com/openai/v1",
+		docURL: "https://console.groq.com/docs",
+		description: "Ultra-fast LLM inference"
+	},
+	mistral: {
+		docURL: "https://docs.mistral.ai",
+		description: "Mistral AI models"
+	},
+	cohere: {
+		baseURL: "https://api.cohere.ai/v1",
+		docURL: "https://docs.cohere.com",
+		description: "Cohere's language models"
+	},
+	ollama: {
+		baseURL: "http://localhost:11434/v1",
+		docURL: "https://ollama.ai",
+		description: "Local AI models"
+	}
+};
+/**
+* Get default base URL for a provider
+*/
+function getDefaultBaseURL(provider) {
+	return PROVIDER_CONFIGS[provider]?.baseURL;
+}
+/**
+* Get provider description
+*/
+function getProviderDescription(provider) {
+	return PROVIDER_CONFIGS[provider]?.description;
+}
+
+//#endregion
+//#region src/ai/storage.ts
+const CONFIG_DIR$1 = join(homedir(), ".kly");
+const CONFIG_FILE = join(CONFIG_DIR$1, "config.json");
+/**
+* Ensure config directory exists
+*/
+function ensureConfigDir() {
+	if (!existsSync(CONFIG_DIR$1)) mkdirSync(CONFIG_DIR$1, { recursive: true });
+}
+/**
+* Load configuration from ~/.kly/config.json
+*/
+function loadConfig() {
+	ensureConfigDir();
+	if (!existsSync(CONFIG_FILE)) return { models: {} };
+	try {
+		const content = readFileSync(CONFIG_FILE, "utf-8");
+		return JSON.parse(content);
+	} catch (error) {
+		console.error("Failed to parse config file:", error);
+		return { models: {} };
+	}
+}
+/**
+* Save configuration to ~/.kly/config.json
+*/
+function saveConfig(config) {
+	ensureConfigDir();
+	writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2), "utf-8");
+}
+/**
+* Get current active model configuration
+*/
+function getCurrentModelConfig() {
+	const config = loadConfig();
+	if (!config.currentModel) return null;
+	return config.models[config.currentModel] || null;
+}
+/**
+* Set a model as current
+*/
+function setCurrentModel(modelName) {
+	const config = loadConfig();
+	if (!config.models[modelName]) throw new Error(`Model '${modelName}' not found in config`);
+	config.currentModel = modelName;
+	saveConfig(config);
+}
+/**
+* Add or update a model configuration
+*/
+function saveModelConfig(modelName, modelConfig) {
+	const config = loadConfig();
+	config.models[modelName] = modelConfig;
+	if (!config.currentModel) config.currentModel = modelName;
+	saveConfig(config);
+}
+/**
+* Remove a model configuration
+*/
+function removeModelConfig(modelName) {
+	const config = loadConfig();
+	delete config.models[modelName];
+	if (config.currentModel === modelName) config.currentModel = void 0;
+	saveConfig(config);
+}
+/**
+* List all configured models
+*/
+function listModels() {
+	const config = loadConfig();
+	return Object.entries(config.models).map(([name, modelConfig]) => ({
+		name,
+		config: modelConfig,
+		isCurrent: name === config.currentModel
+	}));
+}
+/**
+* Get provider display name
+*/
+function getProviderDisplayName(provider) {
+	return {
+		openai: "OpenAI",
+		anthropic: "Anthropic",
+		google: "Google",
+		deepseek: "DeepSeek",
+		ollama: "Ollama",
+		groq: "Groq",
+		mistral: "Mistral",
+		cohere: "Cohere",
+		"openai-compatible": "OpenAI Compatible"
+	}[provider];
+}
+
+//#endregion
+//#region src/ai/types.ts
+/**
+* Default models for each provider
+* Based on https://models.dev/ (2025-12)
+*/
+const DEFAULT_MODELS = {
+	openai: "gpt-4o-mini",
+	anthropic: "claude-3-5-sonnet-20241022",
+	google: "gemini-2.5-flash",
+	deepseek: "deepseek-v3",
+	ollama: "llama3.2",
+	groq: "llama-3.3-70b-versatile",
+	mistral: "mistral-large-2411",
+	cohere: "command-r-plus",
+	"openai-compatible": "gpt-4o-mini"
+};
+
+//#endregion
+//#region src/ai/models-command.ts
+const PROVIDER_OPTIONS = [
+	{
+		value: "openai",
+		label: "OpenAI",
+		hint: getProviderDescription("openai")
+	},
+	{
+		value: "anthropic",
+		label: "Anthropic",
+		hint: getProviderDescription("anthropic")
+	},
+	{
+		value: "google",
+		label: "Google",
+		hint: getProviderDescription("google")
+	},
+	{
+		value: "deepseek",
+		label: "DeepSeek",
+		hint: getProviderDescription("deepseek")
+	},
+	{
+		value: "groq",
+		label: "Groq",
+		hint: getProviderDescription("groq")
+	},
+	{
+		value: "mistral",
+		label: "Mistral",
+		hint: getProviderDescription("mistral")
+	},
+	{
+		value: "cohere",
+		label: "Cohere",
+		hint: getProviderDescription("cohere")
+	},
+	{
+		value: "ollama",
+		label: "Ollama",
+		hint: getProviderDescription("ollama")
+	},
+	{
+		value: "openai-compatible",
+		label: "OpenAI Compatible",
+		hint: "Custom endpoint"
+	}
+];
+/**
+* Main entry point for `kly models` command
+*/
+async function modelsCommand() {
+	clack.intro(pc.bgCyan(pc.black(" kly models ")));
+	const models = listModels();
+	const action = await clack.select({
+		message: "What would you like to do?",
+		options: [
+			{
+				value: "list",
+				label: "List configured models"
+			},
+			{
+				value: "add",
+				label: "Add a new model"
+			},
+			{
+				value: "switch",
+				label: "Switch current model",
+				disabled: models.length === 0
+			},
+			{
+				value: "remove",
+				label: "Remove a model",
+				disabled: models.length === 0
+			}
+		]
+	});
+	if (clack.isCancel(action)) {
+		clack.cancel("Operation cancelled");
+		process.exit(0);
+	}
+	switch (action) {
+		case "list":
+			await listAction();
+			break;
+		case "add":
+			await addAction();
+			break;
+		case "switch":
+			await switchAction();
+			break;
+		case "remove":
+			await removeAction();
+			break;
+	}
+	clack.outro(pc.green("Done!"));
+}
+/**
+* List all configured models
+*/
+async function listAction() {
+	const models = listModels();
+	if (models.length === 0) {
+		clack.note("No models configured yet.\nRun 'kly models' and select 'Add a new model'");
+		return;
+	}
+	const modelsData = await fetchModelsDevData();
+	const lines = [];
+	for (const model of models) {
+		const current = model.isCurrent ? pc.green("✓ ") : "  ";
+		const provider = getProviderDisplayName(model.config.provider);
+		const modelName = model.config.model || DEFAULT_MODELS[model.config.provider];
+		let line = `${current}${pc.cyan(model.name)} - ${provider} (${modelName})`;
+		if (modelsData) {
+			const modelInfo = getModelInfo(modelsData, model.config.provider, modelName);
+			if (modelInfo) {
+				const metadata = formatModelMetadata(modelInfo);
+				if (metadata) line += ` ${pc.dim(metadata)}`;
+			}
+		}
+		lines.push(line);
+	}
+	clack.note(lines.join("\n"), "Configured models:");
+}
+/**
+* Format model metadata (pricing and capabilities) for display
+*/
+function formatModelMetadata(modelInfo) {
+	const parts = [];
+	if (modelInfo.cost?.input !== void 0 && modelInfo.cost?.output !== void 0) parts.push(`[$${formatPrice(modelInfo.cost.input)}/$${formatPrice(modelInfo.cost.output)} per 1M]`);
+	const caps = formatCapabilities(modelInfo);
+	if (caps.length > 0) parts.push(`[${caps.join(", ")}]`);
+	return parts.join(" ");
+}
+/**
+* Add a new model configuration
+*/
+async function addAction() {
+	const name = await clack.text({
+		message: "Enter a name for this model configuration:",
+		placeholder: "my-openai",
+		validate: (value) => {
+			if (!value) return "Name is required";
+			if (listModels().some((m) => m.name === value)) return "A model with this name already exists";
+		}
+	});
+	if (clack.isCancel(name)) {
+		clack.cancel("Operation cancelled");
+		process.exit(0);
+	}
+	const provider = await clack.select({
+		message: "Select a provider:",
+		options: PROVIDER_OPTIONS
+	});
+	if (clack.isCancel(provider)) {
+		clack.cancel("Operation cancelled");
+		process.exit(0);
+	}
+	saveModelConfig(name, await getProviderConfig(provider));
+	clack.note(`Model '${pc.cyan(name)}' configured with ${getProviderDisplayName(provider)}`, pc.green("Success!"));
+}
+/**
+* Switch to a different model
+*/
+async function switchAction() {
+	const models = listModels();
+	if (models.length === 0) {
+		clack.note("No models configured");
+		return;
+	}
+	const modelName = await clack.select({
+		message: "Select a model:",
+		options: models.map((m) => ({
+			value: m.name,
+			label: m.name,
+			hint: `${getProviderDisplayName(m.config.provider)} - ${m.config.model || DEFAULT_MODELS[m.config.provider]}`
+		}))
+	});
+	if (clack.isCancel(modelName)) {
+		clack.cancel("Operation cancelled");
+		process.exit(0);
+	}
+	setCurrentModel(modelName);
+	clack.note(`Switched to '${pc.cyan(modelName)}'`, pc.green("Success!"));
+}
+/**
+* Remove a model configuration
+*/
+async function removeAction() {
+	const models = listModels();
+	if (models.length === 0) {
+		clack.note("No models configured");
+		return;
+	}
+	const modelName = await clack.select({
+		message: "Select a model to remove:",
+		options: models.map((m) => ({
+			value: m.name,
+			label: m.name,
+			hint: `${getProviderDisplayName(m.config.provider)}`
+		}))
+	});
+	if (clack.isCancel(modelName)) {
+		clack.cancel("Operation cancelled");
+		process.exit(0);
+	}
+	const confirm$1 = await clack.confirm({ message: `Are you sure you want to remove '${modelName}'?` });
+	if (clack.isCancel(confirm$1) || !confirm$1) {
+		clack.cancel("Operation cancelled");
+		process.exit(0);
+	}
+	removeModelConfig(modelName);
+	clack.note(`Removed '${pc.cyan(modelName)}'`, pc.green("Success!"));
+}
+/**
+* Get provider-specific configuration
+*/
+async function getProviderConfig(provider) {
+	const defaultModel = DEFAULT_MODELS[provider];
+	if (provider === "ollama") {
+		const baseURL$1 = await clack.text({
+			message: "Ollama base URL:",
+			placeholder: "http://localhost:11434",
+			defaultValue: "http://localhost:11434"
+		});
+		if (clack.isCancel(baseURL$1)) {
+			clack.cancel("Operation cancelled");
+			process.exit(0);
+		}
+		const model$1 = await clack.text({
+			message: "Model name:",
+			placeholder: defaultModel,
+			defaultValue: defaultModel
+		});
+		if (clack.isCancel(model$1)) {
+			clack.cancel("Operation cancelled");
+			process.exit(0);
+		}
+		return {
+			provider,
+			baseURL: baseURL$1 || "http://localhost:11434",
+			model: model$1 || defaultModel
+		};
+	}
+	const apiKey = await clack.password({
+		message: `Enter your ${getProviderDisplayName(provider)} API key:`,
+		validate: (value) => {
+			if (!value) return "API key is required";
+		}
+	});
+	if (clack.isCancel(apiKey)) {
+		clack.cancel("Operation cancelled");
+		process.exit(0);
+	}
+	const customBaseURL = await clack.confirm({
+		message: "Do you want to specify a custom base URL?",
+		initialValue: false
+	});
+	if (clack.isCancel(customBaseURL)) {
+		clack.cancel("Operation cancelled");
+		process.exit(0);
+	}
+	let baseURL;
+	if (customBaseURL) {
+		const defaultURL = getDefaultBaseURL(provider);
+		const baseURLInput = await clack.text({
+			message: "Base URL:",
+			placeholder: defaultURL || ""
+		});
+		if (clack.isCancel(baseURLInput)) {
+			clack.cancel("Operation cancelled");
+			process.exit(0);
+		}
+		baseURL = baseURLInput || void 0;
+	}
+	const model = await selectModelForProvider(provider, defaultModel);
+	return {
+		provider,
+		apiKey,
+		baseURL,
+		model
+	};
+}
+/**
+* Let user select a model for a provider
+*/
+async function selectModelForProvider(provider, defaultModel) {
+	const modelsData = await fetchModelsDevData();
+	if (modelsData) {
+		const availableModels = getProviderModels(modelsData, provider);
+		if (availableModels.length > 0) return await selectFromModelList(availableModels, defaultModel);
+	}
+	return await selectModelWithInput(defaultModel);
+}
+/**
+* Show model selection list with pricing and capabilities
+*/
+async function selectFromModelList(availableModels, defaultModel) {
+	const modelOptions = availableModels.slice(0, 10).map((m) => {
+		const parts = [];
+		if (m.cost?.input !== void 0 && m.cost?.output !== void 0) parts.push(`$${formatPrice(m.cost.input)}/$${formatPrice(m.cost.output)} per 1M`);
+		const caps = formatCapabilities(m);
+		if (caps.length > 0) parts.push(caps.join(", "));
+		return {
+			value: m.id,
+			label: m.name || m.id,
+			hint: parts.length > 0 ? parts.join(" • ") : "No info available"
+		};
+	});
+	modelOptions.push({
+		value: "__default__",
+		label: `Use default (${defaultModel})`,
+		hint: "Recommended"
+	});
+	modelOptions.push({
+		value: "__custom__",
+		label: "Enter custom model name",
+		hint: "Advanced"
+	});
+	const selectedModel = await clack.select({
+		message: "Select a model:",
+		options: modelOptions
+	});
+	if (clack.isCancel(selectedModel)) {
+		clack.cancel("Operation cancelled");
+		process.exit(0);
+	}
+	if (selectedModel === "__default__") return;
+	if (selectedModel === "__custom__") return await promptForModelName(defaultModel);
+	return selectedModel;
+}
+/**
+* Simple model selection via confirm + input
+*/
+async function selectModelWithInput(defaultModel) {
+	const useDefault = await clack.confirm({
+		message: `Use default model (${defaultModel})?`,
+		initialValue: true
+	});
+	if (clack.isCancel(useDefault)) {
+		clack.cancel("Operation cancelled");
+		process.exit(0);
+	}
+	if (useDefault) return;
+	return await promptForModelName(defaultModel);
+}
+/**
+* Prompt user to enter a custom model name
+*/
+async function promptForModelName(defaultModel) {
+	const modelInput = await clack.text({
+		message: "Model name:",
+		placeholder: defaultModel,
+		defaultValue: defaultModel
+	});
+	if (clack.isCancel(modelInput)) {
+		clack.cancel("Operation cancelled");
+		process.exit(0);
+	}
+	return modelInput || defaultModel;
+}
+
+//#endregion
+//#region src/shared/ipc-protocol.ts
+/**
+* Type guard for IPC messages
+*/
+function isIPCRequest(msg) {
+	return typeof msg === "object" && msg !== null && "type" in msg && "id" in msg && typeof msg.id === "string";
+}
+function isExecutionCompleteMessage(msg) {
+	return typeof msg === "object" && msg !== null && "type" in msg && msg.type === "complete";
+}
+
+//#endregion
+//#region src/host/resource-provider.ts
+/**
+* Resource Provider - Host-side IPC server
+* Handles resource requests from the sandboxed child process
+* Enforces permissions and provides controlled access to sensitive resources
+*/
+var ResourceProvider = class {
+	constructor(options) {
+		this.options = options;
+	}
+	/**
+	* Handle an IPC request from sandbox
+	*/
+	async handle(request) {
+		try {
+			switch (request.type) {
+				case "listModels": return this.handleListModels(request.id);
+				case "getModelConfig": return this.handleGetModelConfig(request.id, request.payload.name);
+				case "log": return this.handleLog(request.id, request.payload.level, request.payload.message);
+				case "prompt:input": return this.handlePromptInput(request.id, request.payload);
+				case "prompt:select": return this.handlePromptSelect(request.id, request.payload);
+				case "prompt:confirm": return this.handlePromptConfirm(request.id, request.payload);
+				case "prompt:multiselect": return this.handlePromptMultiselect(request.id, request.payload);
+				case "prompt:form": return this.handlePromptForm(request.id, request.payload);
+				default: {
+					const unknownRequest = request;
+					return {
+						type: "response",
+						id: unknownRequest.id,
+						success: false,
+						error: `Unknown request type: ${unknownRequest.type}`
+					};
+				}
+			}
+		} catch (error) {
+			return {
+				type: "response",
+				id: request.id,
+				success: false,
+				error: error instanceof Error ? error.message : String(error)
+			};
+		}
+	}
+	/**
+	* Handle: List available models (no permission required)
+	*/
+	handleListModels(requestId) {
+		return {
+			type: "response",
+			id: requestId,
+			success: true,
+			data: listModels().map((m) => ({
+				name: m.name,
+				provider: m.config.provider,
+				model: m.config.model,
+				isCurrent: m.isCurrent
+			}))
+		};
+	}
+	/**
+	* Handle: Get model config with API key (requires permission)
+	*/
+	handleGetModelConfig(requestId, name) {
+		if (!this.options.allowApiKey) return {
+			type: "response",
+			id: requestId,
+			success: false,
+			error: "Permission denied: API key access not allowed for this app"
+		};
+		let modelConfig = null;
+		if (name) {
+			const found = listModels().find((m) => m.name === name);
+			if (found) modelConfig = {
+				provider: found.config.provider,
+				model: found.config.model,
+				apiKey: found.config.apiKey,
+				baseURL: found.config.baseURL
+			};
+		} else {
+			const current = getCurrentModelConfig();
+			if (current) modelConfig = {
+				provider: current.provider,
+				model: current.model,
+				apiKey: current.apiKey,
+				baseURL: current.baseURL
+			};
+		}
+		return {
+			type: "response",
+			id: requestId,
+			success: true,
+			data: modelConfig
+		};
+	}
+	/**
+	* Handle: Log message (for debugging)
+	*/
+	handleLog(requestId, level, message) {
+		const prefix = `[Sandbox:${this.options.appId}]`;
+		switch (level) {
+			case "info":
+				console.log(`${prefix} ${message}`);
+				break;
+			case "warn":
+				console.warn(`${prefix} ${message}`);
+				break;
+			case "error":
+				console.error(`${prefix} ${message}`);
+				break;
+		}
+		return {
+			type: "response",
+			id: requestId,
+			success: true,
+			data: void 0
+		};
+	}
+	/**
+	* Handle: Interactive input prompt
+	*/
+	async handlePromptInput(requestId, payload) {
+		const result = await clack.text({
+			message: payload.prompt,
+			defaultValue: payload.defaultValue,
+			placeholder: payload.placeholder,
+			validate: payload.maxLength ? (value) => {
+				if (value && value.length > payload.maxLength) return `Input must be ${payload.maxLength} characters or less`;
+			} : void 0
+		});
+		if (clack.isCancel(result)) return {
+			type: "response",
+			id: requestId,
+			success: false,
+			error: "Operation cancelled by user"
+		};
+		return {
+			type: "response",
+			id: requestId,
+			success: true,
+			data: result
+		};
+	}
+	/**
+	* Handle: Interactive select prompt
+	*/
+	async handlePromptSelect(requestId, payload) {
+		const mappedOptions = payload.options.map((opt) => ({
+			label: opt.name,
+			value: opt.value,
+			...opt.description && { hint: opt.description }
+		}));
+		const result = await clack.select({
+			message: payload.prompt,
+			options: mappedOptions
+		});
+		if (clack.isCancel(result)) return {
+			type: "response",
+			id: requestId,
+			success: false,
+			error: "Operation cancelled by user"
+		};
+		return {
+			type: "response",
+			id: requestId,
+			success: true,
+			data: result
+		};
+	}
+	/**
+	* Handle: Interactive confirm prompt
+	*/
+	async handlePromptConfirm(requestId, payload) {
+		const result = await clack.confirm({
+			message: payload.message,
+			initialValue: payload.defaultValue
+		});
+		if (clack.isCancel(result)) return {
+			type: "response",
+			id: requestId,
+			success: false,
+			error: "Operation cancelled by user"
+		};
+		return {
+			type: "response",
+			id: requestId,
+			success: true,
+			data: result
+		};
+	}
+	/**
+	* Handle: Interactive multiselect prompt
+	*/
+	async handlePromptMultiselect(requestId, payload) {
+		const mappedOptions = payload.options.map((opt) => ({
+			label: opt.name,
+			value: opt.value,
+			...opt.description && { hint: opt.description }
+		}));
+		const result = await clack.multiselect({
+			message: payload.prompt,
+			options: mappedOptions,
+			required: payload.required
+		});
+		if (clack.isCancel(result)) return {
+			type: "response",
+			id: requestId,
+			success: false,
+			error: "Operation cancelled by user"
+		};
+		return {
+			type: "response",
+			id: requestId,
+			success: true,
+			data: result
+		};
+	}
+	/**
+	* Handle: Interactive form prompt
+	*/
+	async handlePromptForm(requestId, payload) {
+		const result = {};
+		if (payload.title) console.log(`\n${pc.bold(payload.title)}\n`);
+		for (const field of payload.fields) {
+			const label = field.description ? `${field.label} (${field.description})` : field.label;
+			if (field.type === "boolean") {
+				const value = await clack.confirm({
+					message: label,
+					initialValue: field.defaultValue
+				});
+				if (clack.isCancel(value)) return {
+					type: "response",
+					id: requestId,
+					success: false,
+					error: "Operation cancelled by user"
+				};
+				result[field.name] = value;
+			} else if (field.type === "enum" && field.enumValues?.length) {
+				const value = await clack.select({
+					message: label,
+					options: field.enumValues.map((v) => ({
+						label: v,
+						value: v
+					}))
+				});
+				if (clack.isCancel(value)) return {
+					type: "response",
+					id: requestId,
+					success: false,
+					error: "Operation cancelled by user"
+				};
+				result[field.name] = value;
+			} else if (field.type === "number") {
+				const strValue = await clack.text({
+					message: label,
+					defaultValue: field.defaultValue?.toString(),
+					validate: (value) => {
+						if (value && Number.isNaN(Number.parseFloat(value))) return "Please enter a valid number";
+					}
+				});
+				if (clack.isCancel(strValue)) return {
+					type: "response",
+					id: requestId,
+					success: false,
+					error: "Operation cancelled by user"
+				};
+				result[field.name] = Number.parseFloat(strValue);
+			} else {
+				const value = await clack.text({
+					message: label,
+					defaultValue: field.defaultValue
+				});
+				if (clack.isCancel(value)) return {
+					type: "response",
+					id: requestId,
+					success: false,
+					error: "Operation cancelled by user"
+				};
+				result[field.name] = value;
+			}
+		}
+		return {
+			type: "response",
+			id: requestId,
+			success: true,
+			data: result
+		};
+	}
+};
+/**
+* Factory function to create a resource provider
+*/
+function createResourceProvider(options) {
+	return new ResourceProvider(options);
+}
+
+//#endregion
+//#region src/host/launcher.ts
+/**
+* Launch a user script in a sandboxed child process
+* This is the Host-side launcher that:
+* 1. Spawns a child process with IPC
+* 2. Applies OS-level sandboxing
+* 3. Handles IPC communication for resource access
+* 4. Returns execution result
+*/
+async function launchSandbox(options) {
+	const { scriptPath, args: args$1, appId, sandboxConfig, allowApiKey } = options;
+	await SandboxManager.initialize(sandboxConfig);
+	const absoluteScriptPath = resolve(process.cwd(), scriptPath);
+	const executorPath = resolve(__dirname, "../sandbox/bundled-executor.mjs");
+	if (!SandboxManager.isSandboxingEnabled()) {
+		console.warn("⚠️  Sandboxing is not supported on this platform.");
+		console.warn("   Running without OS-level isolation.");
+	} else {
+		console.log("🔒 Sandbox Configuration:");
+		console.log(`   Read denied: ${sandboxConfig.filesystem.denyRead.length} paths`);
+		console.log(`   Write allowed: ${sandboxConfig.filesystem.allowWrite.length} paths`);
+		console.log(`   Network: ${sandboxConfig.network.allowedDomains.join(", ") || "none"}`);
+		console.log("");
+	}
+	const command$1 = `bun run ${executorPath}`;
+	const child = spawn(await SandboxManager.wrapWithSandbox(command$1), {
+		shell: true,
+		stdio: [
+			"inherit",
+			"inherit",
+			"inherit",
+			"ipc"
+		],
+		env: {
+			...process.env,
+			KLY_SANDBOX_MODE: "true"
+		}
+	});
+	const resourceProvider = createResourceProvider({
+		appId,
+		allowApiKey,
+		sandboxConfig
+	});
+	child.on("message", async (message) => {
+		if (isIPCRequest(message)) {
+			const response = await resourceProvider.handle(message);
+			child.send(response);
+		}
+	});
+	const initMessage = {
+		type: "init",
+		scriptPath: absoluteScriptPath,
+		args: args$1,
+		appId,
+		permissions: {
+			allowApiKey,
+			sandboxConfig
+		}
+	};
+	child.send(initMessage);
+	return new Promise((resolve$1, reject) => {
+		let executionResult = null;
+		child.on("message", (message) => {
+			if (isExecutionCompleteMessage(message)) executionResult = message;
+		});
+		child.on("error", (error) => {
+			reject(/* @__PURE__ */ new Error(`Sandbox process error: ${error.message}`));
+		});
+		child.on("exit", (code) => {
+			if (executionResult) resolve$1({
+				exitCode: code ?? 0,
+				result: executionResult.result,
+				error: executionResult.error
+			});
+			else resolve$1({
+				exitCode: code ?? 1,
+				error: code !== 0 ? `Process exited with code ${code}` : void 0
+			});
+		});
+	});
+}
+
+//#endregion
+//#region src/shared/constants.ts
+/**
+* Centralized constants for the KLY project
+* Prevents magic strings and improves maintainability
+*/
+/**
+* Environment variable names used throughout the application
+*/
+const ENV_VARS = {
+	SANDBOX_MODE: "KLY_SANDBOX_MODE",
+	MCP_MODE: "KLY_MCP_MODE",
+	PROGRAMMATIC: "KLY_PROGRAMMATIC",
+	TRUST_ALL: "KLY_TRUST_ALL",
+	LOCAL_REF: "KLY_LOCAL_REF",
+	REMOTE_REF: "KLY_REMOTE_REF"
+};
+/**
+* File and directory paths used for configuration and caching
+*/
+const PATHS = {
+	CONFIG_DIR: ".kly",
+	META_FILE: ".kly-meta.json",
+	PERMISSIONS_FILE: "permissions.json",
+	CONFIG_FILE: "config.json"
+};
+/**
+* Timeout values in milliseconds
+*/
+const TIMEOUTS = {
+	IPC_REQUEST: 3e4,
+	IPC_LONG_REQUEST: 6e4
+};
+/**
+* LLM API domains for network permission configuration
+*/
+const LLM_API_DOMAINS = [
+	"api.openai.com",
+	"*.anthropic.com",
+	"generativelanguage.googleapis.com",
+	"api.deepseek.com"
+];
+
+//#endregion
+//#region src/shared/runtime-mode.ts
+/**
+* Check if running in sandbox mode
+* Sandbox mode: Isolated child process with restricted permissions
+*/
+function isSandbox() {
+	return process.env[ENV_VARS.SANDBOX_MODE] === "true";
+}
+/**
+* Check if running in MCP (Model Context Protocol) mode
+* MCP mode: Running as an MCP server for Claude Desktop integration
+*/
+function isMCP() {
+	return process.env[ENV_VARS.MCP_MODE] === "true";
+}
+/**
+* Check if running with trust all flag
+* Trust all: Skip permission prompts (for testing/automation)
+*/
+function isTrustAll() {
+	return process.env[ENV_VARS.TRUST_ALL] === "true";
+}
+/**
+* Get local reference environment variable
+*/
+function getLocalRef() {
+	return process.env[ENV_VARS.LOCAL_REF];
+}
+/**
+* Get remote reference environment variable
+*/
+function getRemoteRef() {
+	return process.env[ENV_VARS.REMOTE_REF];
+}
+
+//#endregion
+//#region src/ui/utils/tty.ts
+/**
+* Check if we're in a TTY environment
+* Returns false in CI or non-interactive environments
+*/
+function isTTY() {
+	return Boolean(process.stdout.isTTY && process.stdin.isTTY && !process.env.CI);
+}
+
+//#endregion
+//#region src/sandbox/ipc-client.ts
+/**
+* Send an IPC request to the host and wait for response
+* Used by UI components and other sandbox code to communicate with the host process
+*/
+async function sendIPCRequest(type, payload) {
+	if (!process.send) throw new Error("IPC not available - not running in sandbox mode");
+	return new Promise((resolve$1, reject) => {
+		const requestId = `${type}-${Date.now()}-${Math.random()}`;
+		const request = {
+			type,
+			id: requestId,
+			payload
+		};
+		const responseHandler = (message) => {
+			if (typeof message === "object" && message !== null && "type" in message && message.type === "response" && "id" in message && message.id === requestId) {
+				process.off("message", responseHandler);
+				const response = message;
+				if (response.success) resolve$1(response.data);
+				else reject(new Error(response.error));
+			}
+		};
+		process.on("message", responseHandler);
+		if (!process.send(request)) {
+			process.off("message", responseHandler);
+			reject(/* @__PURE__ */ new Error("Failed to send IPC message"));
+			return;
+		}
+		setTimeout(() => {
+			process.off("message", responseHandler);
+			reject(/* @__PURE__ */ new Error(`IPC request timeout: ${type}`));
+		}, TIMEOUTS.IPC_LONG_REQUEST);
+	});
+}
+
+//#endregion
+//#region src/ui/components/confirm.ts
+/**
+* Simplified confirm function
+*
+* @example
+* ```typescript
+* const proceed = await confirm("Continue?", true);
+* ```
+*/
+async function confirm(message, defaultValue = false) {
+	if (isSandbox()) return sendIPCRequest("prompt:confirm", {
+		message,
+		defaultValue
+	});
+	if (!isTTY()) {
+		if (isMCP()) console.warn(`[MCP Warning] Interactive confirmation not available. Using default value (${defaultValue}) for: ${message}`);
+		return defaultValue;
+	}
+	const result = await clack.confirm({
+		message,
+		initialValue: defaultValue
+	});
+	if (clack.isCancel(result)) {
+		clack.cancel("Operation cancelled");
+		process.exit(0);
+	}
+	return result;
+}
+
+//#endregion
+//#region src/ui/components/select.ts
+/**
+* Show a selection menu and wait for user choice
+*
+* @example
+* ```typescript
+* const color = await select({
+*   options: [
+*     { name: "Red", value: "red" },
+*     { name: "Blue", value: "blue", description: "Ocean color" },
+*   ],
+*   prompt: "Pick a color"
+* });
+* ```
+*/
+async function select(config) {
+	if (isSandbox()) return sendIPCRequest("prompt:select", {
+		prompt: config.prompt ?? "Select an option",
+		options: config.options
+	});
+	if (!isTTY()) {
+		if (isMCP()) throw new Error(`Interactive selection not available in MCP mode. All parameters must be defined in the tool's inputSchema. Selection prompt: ${config.prompt}`);
+		const firstOption = config.options[0];
+		if (!firstOption) throw new Error("No options provided");
+		return firstOption.value;
+	}
+	const mappedOptions = config.options.map((opt) => ({
+		label: opt.name,
+		value: opt.value,
+		...opt.description && { hint: opt.description }
+	}));
+	const result = await clack.select({
+		message: config.prompt ?? "Select an option",
+		options: mappedOptions
+	});
+	if (clack.isCancel(result)) {
+		clack.cancel("Operation cancelled");
+		process.exit(0);
+	}
+	return result;
+}
+
+//#endregion
+//#region src/ui/utils/colors.ts
+/**
+* Format text with picocolors
+*/
+function formatText(text, options) {
+	let result = text;
+	if (options?.color) switch (options.color) {
+		case "red":
+			result = pc$1.red(result);
+			break;
+		case "green":
+			result = pc$1.green(result);
+			break;
+		case "yellow":
+			result = pc$1.yellow(result);
+			break;
+		case "blue":
+			result = pc$1.blue(result);
+			break;
+		case "magenta":
+			result = pc$1.magenta(result);
+			break;
+		case "cyan":
+			result = pc$1.cyan(result);
+			break;
+		case "white":
+			result = pc$1.white(result);
+			break;
+		case "gray":
+			result = pc$1.gray(result);
+			break;
+	}
+	if (options?.bold) result = pc$1.bold(result);
+	if (options?.dim) result = pc$1.dim(result);
+	if (options?.italic) result = pc$1.italic(result);
+	if (options?.underline) result = pc$1.underline(result);
+	return result;
+}
+
+//#endregion
+//#region src/ui/components/table.ts
+/**
+* Align text within a given width
+*/
+function alignText(text, width, align) {
+	const textLength = stripAnsi(text).length;
+	const padding = Math.max(0, width - textLength);
+	switch (align) {
+		case "right": return " ".repeat(padding) + text;
+		case "center": {
+			const leftPad = Math.floor(padding / 2);
+			const rightPad = padding - leftPad;
+			return " ".repeat(leftPad) + text + " ".repeat(rightPad);
+		}
+		default: return text + " ".repeat(padding);
+	}
+}
+/**
+* Strip ANSI escape codes from string for length calculation
+*/
+function stripAnsi(str) {
+	return str.replace(/\x1b\[[0-9;]*m/g, "");
+}
+/**
+* Calculate column widths based on content
+*/
+function calculateColumnWidths(columns, rows, showHeader) {
+	return columns.map((col) => {
+		if (col.width !== void 0) return col.width;
+		let maxWidth = showHeader ? col.header.length : 0;
+		for (const row of rows) {
+			const value = row[col.key];
+			const length = stripAnsi(col.formatter ? col.formatter(value, row) : String(value ?? "")).length;
+			maxWidth = Math.max(maxWidth, length);
+		}
+		return maxWidth;
+	});
+}
+/**
+* Format a single cell value
+*/
+function formatCell(value, row, column) {
+	if (column.formatter) return column.formatter(value, row);
+	if (value === null || value === void 0) return pc$1.dim("-");
+	return String(value);
+}
+/**
+* Render table in TTY mode with borders and styling
+*/
+function renderTTY(config) {
+	const { columns, rows, showHeader = true, showBorders = true, title } = config;
+	const lines = [];
+	const widths = calculateColumnWidths(columns, rows, showHeader);
+	if (title) {
+		lines.push("");
+		lines.push(formatText(`${title}`, { bold: true }));
+		lines.push("");
+	}
+	if (showHeader) {
+		const headerCells = columns.map((col, i) => {
+			return alignText(formatText(col.header, {
+				bold: true,
+				color: "cyan"
+			}), widths[i], col.align ?? "left");
+		});
+		lines.push(headerCells.join(" "));
+		if (showBorders) {
+			const separatorParts = widths.map((w) => "─".repeat(w));
+			lines.push(pc$1.gray(separatorParts.join("─")));
+		}
+	}
+	for (const row of rows) {
+		const cells = columns.map((col, i) => {
+			const value = row[col.key];
+			return alignText(formatCell(value, row, col), widths[i], col.align ?? "left");
+		});
+		lines.push(cells.join(" "));
+	}
+	if (showBorders && rows.length > 0) {
+		const separatorParts = widths.map((w) => "─".repeat(w));
+		lines.push(pc$1.gray(separatorParts.join("─")));
+	}
+	return lines.join("\n");
+}
+/**
+* Render table in non-TTY mode (plain text)
+*/
+function renderPlain(config) {
+	const { columns, rows, showHeader = true, title } = config;
+	const lines = [];
+	const widths = calculateColumnWidths(columns, rows, showHeader);
+	if (title) {
+		lines.push("");
+		lines.push(title);
+		lines.push("");
+	}
+	if (showHeader) {
+		const headerCells = columns.map((col, i) => alignText(col.header, widths[i], col.align ?? "left"));
+		lines.push(headerCells.join(" "));
+		const separator = columns.map((_, i) => "-".repeat(widths[i])).join(" ");
+		lines.push(separator);
+	}
+	for (const row of rows) {
+		const cells = columns.map((col, i) => {
+			const value = row[col.key];
+			return alignText(stripAnsi(formatCell(value, row, col)), widths[i], col.align ?? "left");
+		});
+		lines.push(cells.join(" "));
+	}
+	return lines.join("\n");
+}
+/**
+* Display a table with columns and rows
+*
+* @example
+* ```typescript
+* table({
+*   title: "Users",
+*   columns: [
+*     { key: "name", header: "Name" },
+*     { key: "age", header: "Age", align: "right" },
+*     { key: "status", header: "Status", formatter: (val) =>
+*       val === "active" ? pc.green("✓ Active") : pc.red("✗ Inactive")
+*     },
+*   ],
+*   rows: [
+*     { name: "Alice", age: 25, status: "active" },
+*     { name: "Bob", age: 30, status: "inactive" },
+*   ],
+* });
+* ```
+*/
+function table(config) {
+	const output$1 = isTTY() ? renderTTY(config) : renderPlain(config);
+	console.log(output$1);
+}
+
+//#endregion
+//#region src/ui/utils/output.ts
+/**
+* Output a result to the console
+*
+* @param result - The result to display (string, object, etc.)
+*/
+function output(result) {
+	if (result === void 0 || result === null) return;
+	if (typeof result === "string") console.log(result);
+	else console.log(JSON.stringify(result, null, 2));
+}
+
+//#endregion
+//#region src/permissions/index.ts
+const CONFIG_DIR = join(homedir(), PATHS.CONFIG_DIR);
+const PERMISSIONS_FILE = join(CONFIG_DIR, PATHS.PERMISSIONS_FILE);
+/**
+* Get app identifier from script path
+*/
+function getAppIdentifier() {
+	const localRef = getLocalRef();
+	if (localRef) return localRef;
+	const remoteRef = getRemoteRef();
+	if (remoteRef) return remoteRef;
+	const scriptPath = process.argv[1] ?? "";
+	if (scriptPath.startsWith("/") || scriptPath.startsWith("C:\\")) return `local:${scriptPath}`;
+	return scriptPath || "unknown";
+}
+/**
+* Get friendly app name for display
+*/
+function getAppName(appId) {
+	if (appId.startsWith("local:")) {
+		const path = appId.slice(6);
+		const parts = path.split("/");
+		return parts[parts.length - 1] || path;
+	}
+	if (appId.startsWith("github.com/")) return appId.split("/").slice(1, 3).join("/");
+	return appId;
+}
+/**
+* Ensure permissions config directory exists
+*/
+function ensurePermissionsDir() {
+	if (!existsSync(CONFIG_DIR)) mkdirSync(CONFIG_DIR, { recursive: true });
+}
+/**
+* Load permissions configuration
+*/
+function loadPermissions() {
+	ensurePermissionsDir();
+	if (!existsSync(PERMISSIONS_FILE)) return { trustedApps: {} };
+	try {
+		const content = readFileSync(PERMISSIONS_FILE, "utf-8");
+		return JSON.parse(content);
+	} catch (error) {
+		console.error("Failed to parse permissions file:", error);
+		return { trustedApps: {} };
+	}
+}
+/**
+* Save permissions configuration
+*/
+function savePermissions(config) {
+	ensurePermissionsDir();
+	writeFileSync(PERMISSIONS_FILE, JSON.stringify(config, null, 2), "utf-8");
+}
+/**
+* Request permission from user with interactive prompt
+*/
+async function requestPermission(appId, appName) {
+	if (!isTTY()) {
+		console.error(`\nPermission required: App "${appName}" (${appId}) wants to access your API keys.`);
+		console.error("Set KLY_TRUST_ALL=true environment variable to grant access in non-interactive mode.");
+		return false;
+	}
+	console.log("");
+	console.log(`App "${appName}" is requesting access to your API keys.`);
+	console.log(`Source: ${appId}`);
+	console.log("");
+	console.log("This will allow the app to use your configured LLM models.");
+	console.log("");
+	const choice = await select({
+		prompt: "Do you want to allow this?",
+		options: [
+			{
+				name: "Allow once",
+				value: "once",
+				description: "Allow for this session only"
+			},
+			{
+				name: "Always allow",
+				value: "always",
+				description: "Remember this choice for future runs"
+			},
+			{
+				name: "Cancel",
+				value: "cancel",
+				description: "Cancel and exit"
+			}
+		]
+	});
+	if (choice === "cancel") return false;
+	if (choice === "always") {
+		const config = loadPermissions();
+		config.trustedApps[appId] = {
+			timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+			choice: "always"
+		};
+		savePermissions(config);
+		return true;
+	}
+	return true;
+}
+/**
+* Check if an app has permission to access API keys
+* If not, prompt user for permission (in interactive mode)
+*/
+async function checkApiKeyPermission(appId) {
+	if (isTrustAll()) return true;
+	const record = loadPermissions().trustedApps[appId];
+	if (record && record.choice === "always") return true;
+	return await requestPermission(appId, getAppName(appId));
+}
+/**
+* Revoke permission for an app
+*/
+function revokePermission(appId) {
+	const config = loadPermissions();
+	delete config.trustedApps[appId];
+	savePermissions(config);
+}
+/**
+* List all granted permissions
+* Only "always allow" permissions are stored
+*/
+function listPermissions() {
+	const config = loadPermissions();
+	return Object.entries(config.trustedApps).map(([appId, record]) => ({
+		appId,
+		appName: getAppName(appId),
+		timestamp: record.timestamp,
+		choice: record.choice
+	}));
+}
+/**
+* Request sandbox configuration from user interactively
+* Returns SandboxRuntimeConfig directly (no conversion needed)
+*/
+async function requestSandboxConfig(appId, appName) {
+	if (!isTTY()) {
+		console.error(`\nSandbox permission required for: "${appName}" (${appId})`);
+		console.error("Set KLY_TRUST_ALL=true environment variable to run without sandboxing in non-interactive mode.");
+		return null;
+	}
+	const homeDir = homedir();
+	const currentDir = process.cwd();
+	console.log("");
+	console.log(`🔐 Sandbox Permission Request from: ${appName}`);
+	console.log("");
+	console.log("📂 Filesystem Read Access:");
+	const fsReadChoice = await select({
+		prompt: "Which files should be denied for reading?",
+		options: [
+			{
+				name: "Sensitive only",
+				value: "sensitive",
+				description: "Deny access to ~/.kly, ~/.ssh, ~/.aws, etc."
+			},
+			{
+				name: "All home directory",
+				value: "all-home",
+				description: "Deny access to entire home directory"
+			},
+			{
+				name: "None (allow all)",
+				value: "none",
+				description: "No read restrictions (except ~/.kly)"
+			}
+		]
+	});
+	let denyRead = [join(homeDir, ".kly")];
+	if (fsReadChoice === "sensitive") denyRead = [
+		join(homeDir, ".kly"),
+		join(homeDir, ".ssh"),
+		join(homeDir, ".aws"),
+		join(homeDir, ".gnupg")
+	];
+	else if (fsReadChoice === "all-home") denyRead = [homeDir];
+	console.log("");
+	console.log("📝 Filesystem Write Access:");
+	const fsWriteChoice = await select({
+		prompt: "Which directories should be allowed for writing?",
+		options: [
+			{
+				name: "None",
+				value: "none",
+				description: "No write access"
+			},
+			{
+				name: "Current directory only",
+				value: "current",
+				description: `Allow write to ${currentDir}`
+			},
+			{
+				name: "Temporary directory",
+				value: "temp",
+				description: "Allow write to system temp directory"
+			}
+		]
+	});
+	let allowWrite = [];
+	if (fsWriteChoice === "current") allowWrite = [currentDir];
+	else if (fsWriteChoice === "temp") allowWrite = [process.env.TMPDIR || process.env.TEMP || "/tmp"];
+	const denyWrite = [
+		join(homeDir, ".kly"),
+		join(homeDir, ".ssh"),
+		join(homeDir, ".aws"),
+		join(homeDir, ".gnupg")
+	];
+	console.log("");
+	console.log("🌐 Network Access:");
+	const networkChoice = await select({
+		prompt: "Which network access should be allowed?",
+		options: [
+			{
+				name: "None",
+				value: "none",
+				description: "No network access"
+			},
+			{
+				name: "LLM APIs only",
+				value: "llm-apis",
+				description: "OpenAI, Anthropic, Google AI"
+			},
+			{
+				name: "Common APIs",
+				value: "common",
+				description: "LLM + GitHub, npm, etc."
+			},
+			{
+				name: "All domains",
+				value: "all",
+				description: "Allow all network access"
+			}
+		]
+	});
+	let allowedDomains = [];
+	if (networkChoice === "llm-apis") allowedDomains = [
+		"api.openai.com",
+		"*.anthropic.com",
+		"generativelanguage.googleapis.com"
+	];
+	else if (networkChoice === "common") allowedDomains = [
+		"api.openai.com",
+		"*.anthropic.com",
+		"generativelanguage.googleapis.com",
+		"*.github.com",
+		"registry.npmjs.org"
+	];
+	else if (networkChoice === "all") allowedDomains = ["*"];
+	console.log("");
+	const duration = await select({
+		prompt: "How long should these permissions last?",
+		options: [
+			{
+				name: "One time only",
+				value: "once",
+				description: "Ask again next time"
+			},
+			{
+				name: "Always allow",
+				value: "always",
+				description: "Remember for this app"
+			},
+			{
+				name: "Cancel",
+				value: "cancel",
+				description: "Cancel and exit"
+			}
+		]
+	});
+	if (duration === "cancel") return null;
+	const sandboxConfig = {
+		network: {
+			allowedDomains,
+			deniedDomains: []
+		},
+		filesystem: {
+			denyRead,
+			allowWrite,
+			denyWrite
+		}
+	};
+	if (duration === "always") {
+		const config = loadPermissions();
+		config.trustedApps[appId] = {
+			sandboxConfig,
+			timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+			choice: "always"
+		};
+		savePermissions(config);
+	}
+	console.log("");
+	console.log("✅ Sandbox permissions granted!");
+	return sandboxConfig;
+}
+/**
+* Get sandbox configuration for an app
+* Returns SandboxRuntimeConfig directly (no conversion needed)
+*
+* @param appId - App identifier
+* @returns SandboxRuntimeConfig or null if denied
+*/
+async function getAppSandboxConfig(appId) {
+	const homeDir = homedir();
+	if (isTrustAll()) return {
+		network: {
+			allowedDomains: ["*"],
+			deniedDomains: []
+		},
+		filesystem: {
+			denyRead: [join(homeDir, ".kly")],
+			allowWrite: ["*"],
+			denyWrite: [
+				join(homeDir, ".kly"),
+				join(homeDir, ".ssh"),
+				join(homeDir, ".aws"),
+				join(homeDir, ".gnupg")
+			]
+		}
+	};
+	const record = loadPermissions().trustedApps[appId];
+	if (record?.choice === "always" && record.sandboxConfig) return record.sandboxConfig;
+	return await requestSandboxConfig(appId, getAppName(appId));
+}
+/**
+* Clear all permissions
+*/
+function clearAllPermissions() {
+	savePermissions({ trustedApps: {} });
+}
+
+//#endregion
+//#region src/permissions/cli.ts
+/**
+* Permissions management CLI
+*/
+async function permissionsCommand() {
+	switch (await select({
+		prompt: "Permissions Management",
+		options: [
+			{
+				name: "List permissions",
+				value: "list",
+				description: "View all granted permissions"
+			},
+			{
+				name: "Revoke permission",
+				value: "revoke",
+				description: "Remove permission for a specific app"
+			},
+			{
+				name: "Clear all",
+				value: "clear",
+				description: "Remove all permissions"
+			}
+		]
+	})) {
+		case "list":
+			await listPermissionsAction();
+			break;
+		case "revoke":
+			await revokePermissionAction();
+			break;
+		case "clear":
+			await clearAllPermissionsAction();
+			break;
+	}
+}
+/**
+* List all permissions
+*/
+async function listPermissionsAction() {
+	const permissions = listPermissions();
+	if (permissions.length === 0) {
+		output("\nNo permissions granted yet.\n");
+		return;
+	}
+	output("\n📋 Granted Permissions:\n");
+	table({
+		columns: [{
+			key: "app",
+			header: "App"
+		}, {
+			key: "grantedAt",
+			header: "Granted At"
+		}],
+		rows: permissions.map((p) => ({
+			app: p.appName,
+			grantedAt: new Date(p.timestamp).toLocaleString()
+		}))
+	});
+	output("");
+}
+/**
+* Revoke permission for a specific app
+*/
+async function revokePermissionAction() {
+	const permissions = listPermissions();
+	if (permissions.length === 0) {
+		output("\nNo permissions to revoke.\n");
+		return;
+	}
+	const appId = await select({
+		prompt: "Select app to revoke permission:",
+		options: permissions.map((p) => ({
+			name: p.appName,
+			value: p.appId,
+			description: "Always allowed"
+		}))
+	});
+	if (await confirm("Are you sure you want to revoke this permission?")) {
+		revokePermission(appId);
+		output("\n✅ Permission revoked.\n");
+	} else output("\n❌ Cancelled.\n");
+}
+/**
+* Clear all permissions
+*/
+async function clearAllPermissionsAction() {
+	if (await confirm("Are you sure you want to clear ALL permissions?")) {
+		clearAllPermissions();
+		output("\n✅ All permissions cleared.\n");
+	} else output("\n❌ Cancelled.\n");
+}
+
+//#endregion
+//#region src/permissions/config-builder.ts
+/**
+* Always protected paths (never allow write, some deny read)
+*/
+const PROTECTED_PATHS = {
+	alwaysDenyWrite: [
+		join(homedir(), ".kly"),
+		join(homedir(), ".ssh"),
+		join(homedir(), ".aws"),
+		join(homedir(), ".gnupg")
+	],
+	alwaysDenyRead: [join(homedir(), ".kly")]
+};
+/**
+* Build a complete SandboxRuntimeConfig from declared app permissions
+*
+* This merges:
+* 1. Default safe configuration
+* 2. Automatic LLM domains (if apiKeys: true)
+* 3. User-declared sandbox config
+* 4. Mandatory protections (always applied)
+*
+* @param permissions - Declared app permissions
+* @returns Complete sandbox configuration ready for SandboxManager
+*/
+function buildSandboxConfig(permissions) {
+	const currentDir = process.cwd();
+	let allowedDomains = [];
+	let allowWrite = [currentDir];
+	let denyRead = [...PROTECTED_PATHS.alwaysDenyRead];
+	if (permissions?.apiKeys) allowedDomains = [...LLM_API_DOMAINS];
+	if (permissions?.sandbox) {
+		const userSandbox = permissions.sandbox;
+		if (userSandbox.network?.allowedDomains) allowedDomains = [...allowedDomains, ...userSandbox.network.allowedDomains];
+		if (userSandbox.filesystem) {
+			if (userSandbox.filesystem.allowWrite) allowWrite = userSandbox.filesystem.allowWrite;
+			if (userSandbox.filesystem.denyRead) denyRead = [...denyRead, ...userSandbox.filesystem.denyRead];
+		}
+	}
+	return {
+		network: {
+			allowedDomains,
+			deniedDomains: []
+		},
+		filesystem: {
+			denyRead,
+			allowWrite,
+			denyWrite: PROTECTED_PATHS.alwaysDenyWrite
+		}
+	};
+}
+/**
+* Get a human-readable summary of permissions for display
+* Only shows special/non-default permissions
+*/
+function formatPermissionsSummary(permissions) {
+	const summary = [];
+	if (permissions?.apiKeys) summary.push("• API Keys access (to call LLM APIs)");
+	const config = buildSandboxConfig(permissions);
+	const currentDir = process.cwd();
+	if (config.network.allowedDomains.length > 0) if (config.network.allowedDomains.includes("*")) summary.push("• Network: All domains");
+	else {
+		const domains = config.network.allowedDomains.slice(0, 3).join(", ");
+		const more = config.network.allowedDomains.length > 3 ? ` +${config.network.allowedDomains.length - 3} more` : "";
+		summary.push(`• Network: ${domains}${more}`);
+	}
+	if (config.filesystem.allowWrite.length > 1 || config.filesystem.allowWrite.length === 1 && config.filesystem.allowWrite[0] !== currentDir) {
+		const dirs = config.filesystem.allowWrite.map((p) => p === currentDir ? "current directory" : p).slice(0, 2).join(", ");
+		const more = config.filesystem.allowWrite.length > 2 ? ` +${config.filesystem.allowWrite.length - 2} more` : "";
+		summary.push(`• Filesystem write: ${dirs}${more}`);
+	}
+	if (permissions?.sandbox?.filesystem?.denyRead) summary.push(`• Filesystem read denied: ${permissions.sandbox.filesystem.denyRead.length} path(s)`);
+	return summary;
+}
+
+//#endregion
+//#region src/permissions/extract.ts
+/**
+* Extract permissions from a user's app script
+* This runs in the host process BEFORE launching the sandbox
+*
+* @param scriptPath - Absolute path to the user's script
+* @returns Declared permissions or undefined if not specified
+*/
+async function extractAppPermissions(scriptPath) {
+	try {
+		const prevMode = process.env[ENV_VARS.PROGRAMMATIC];
+		process.env[ENV_VARS.PROGRAMMATIC] = "true";
+		const module = await import(scriptPath);
+		if (prevMode === void 0) delete process.env[ENV_VARS.PROGRAMMATIC];
+		else process.env[ENV_VARS.PROGRAMMATIC] = prevMode;
+		const app = module.default;
+		if (!app || !app.definition) return;
+		return app.definition.permissions;
+	} catch (error) {
+		console.warn(`Warning: Could not extract permissions from ${scriptPath}:`, error instanceof Error ? error.message : String(error));
+		return;
+	}
+}
+
+//#endregion
+//#region src/permissions/unified-prompt.ts
+/**
+* Check if permissions require user prompt
+* Only prompt for special permissions (API keys, custom network/filesystem)
+* Default permissions (current directory write, no network) are auto-granted
+*/
+function needsPermissionPrompt(permissions, sandboxConfig) {
+	if (permissions?.apiKeys) return true;
+	if (sandboxConfig.network.allowedDomains.length > 0) return true;
+	if (permissions?.sandbox?.filesystem) return true;
+	return false;
+}
+/**
+* Request permission with a single unified prompt
+* Shows all requested permissions at once
+*
+* @param appId - App identifier
+* @param appPermissions - Declared permissions from app
+* @param sandboxConfig - Generated sandbox configuration
+* @returns true if allowed, false if cancelled
+*/
+async function requestUnifiedPermission(appId, appPermissions, sandboxConfig) {
+	if (isTrustAll()) return true;
+	const config = loadPermissions();
+	const record = config.trustedApps[appId];
+	if (record && record.choice === "always") return true;
+	if (!needsPermissionPrompt(appPermissions, sandboxConfig)) return true;
+	if (!isTTY()) {
+		const appName$1 = getAppName(appId);
+		console.error(`\nPermission required: App "${appName$1}" (${appId}) requests permissions.`);
+		console.error("Set KLY_TRUST_ALL=true environment variable to grant access in non-interactive mode.");
+		return false;
+	}
+	const appName = getAppName(appId);
+	console.log("");
+	console.log(`App "${appName}" requests the following permissions:`);
+	console.log("");
+	const summary = formatPermissionsSummary(appPermissions);
+	for (const line of summary) console.log(`  ${line}`);
+	console.log("");
+	console.log(`Source: ${appId}`);
+	console.log("");
+	const choice = await select({
+		prompt: "Do you want to allow this?",
+		options: [
+			{
+				name: "Allow once",
+				value: "once",
+				description: "Allow for this session only"
+			},
+			{
+				name: "Always allow",
+				value: "always",
+				description: "Remember this choice for future runs"
+			},
+			{
+				name: "Cancel",
+				value: "cancel",
+				description: "Cancel and exit"
+			}
+		]
+	});
+	if (choice === "cancel") return false;
+	if (choice === "always") {
+		config.trustedApps[appId] = {
+			timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+			choice: "always",
+			sandboxConfig
+		};
+		savePermissions(config);
+	}
+	return true;
+}
+/**
+* Check if app needs permission check
+* Returns stored sandbox config if "always" was granted
+*/
+function checkStoredPermission(appId) {
+	if (isTrustAll()) return null;
+	const record = loadPermissions().trustedApps[appId];
+	if (record?.choice === "always" && record.sandboxConfig) return record.sandboxConfig;
+	return null;
+}
+
+//#endregion
+//#region src/remote/parser.ts
+/**
+* Parse various remote formats into RepoRef
+*
+* Supported formats:
+* - user/repo
+* - user/repo@v1.0.0
+* - user/repo@branch
+* - github.com/user/repo
+* - github.com/user/repo@ref
+* - https://github.com/user/repo
+*/
+function parseRemoteRef(input) {
+	let normalized = input.trim();
+	normalized = normalized.replace(/^https?:\/\//, "");
+	normalized = normalized.replace(/^github\.com\//, "");
+	let ref = "main";
+	const atIndex = normalized.indexOf("@");
+	if (atIndex !== -1) {
+		ref = normalized.slice(atIndex + 1);
+		normalized = normalized.slice(0, atIndex);
+	}
+	normalized = normalized.replace(/\.git$/, "");
+	const parts = normalized.split("/");
+	if (parts.length !== 2) return null;
+	const [owner, repo] = parts;
+	if (!owner || !repo || !isValidGitHubName(owner) || !isValidGitHubName(repo)) return null;
+	return {
+		owner,
+		repo,
+		ref
+	};
+}
+/**
+* Check if a string is a valid GitHub username or repo name
+*/
+function isValidGitHubName(name) {
+	return /^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?$/.test(name) || /^[a-zA-Z0-9]$/.test(name);
+}
+/**
+* Get the kly cache directory
+*/
+function getCacheDir() {
+	return join(homedir(), ".kly", "cache");
+}
+/**
+* Get the cache path for a specific repo ref
+*/
+function getRepoCachePath(ref) {
+	return join(getCacheDir(), "github.com", ref.owner, ref.repo, ref.ref);
+}
+/**
+* Check if an input looks like a remote reference (vs local file path)
+*/
+function isRemoteRef(input) {
+	if (input.startsWith("./") || input.startsWith("../") || input.startsWith("/") || input.includes("\\")) return false;
+	return parseRemoteRef(input) !== null;
+}
+var init_parser = __esmMin((() => {}));
+
+//#endregion
+//#region src/remote/cache.ts
+init_parser();
+const META_FILENAME = ".kly-meta.json";
+/**
+* Check if cache exists and is valid
+*/
+function checkCache(ref) {
+	const cachePath = getRepoCachePath(ref);
+	const metaPath = join(cachePath, META_FILENAME);
+	if (!existsSync(cachePath)) return {
+		exists: false,
+		valid: false,
+		reason: "Cache directory does not exist"
+	};
+	if (!existsSync(metaPath)) return {
+		exists: true,
+		valid: false,
+		reason: "Cache metadata missing"
+	};
+	try {
+		const metadata = JSON.parse(readFileSync(metaPath, "utf-8"));
+		if (!existsSync(join(cachePath, metadata.entryPoint))) return {
+			exists: true,
+			valid: false,
+			metadata,
+			reason: "Entry point file missing"
+		};
+		if (!metadata.dependenciesInstalled) return {
+			exists: true,
+			valid: false,
+			metadata,
+			reason: "Dependencies not installed"
+		};
+		return {
+			exists: true,
+			valid: true,
+			metadata
+		};
+	} catch {
+		return {
+			exists: true,
+			valid: false,
+			reason: "Invalid cache metadata"
+		};
+	}
+}
+/**
+* Write cache metadata
+*/
+function writeMetadata(ref, metadata) {
+	const metaPath = join(getRepoCachePath(ref), META_FILENAME);
+	mkdirSync(dirname(metaPath), { recursive: true });
+	writeFileSync(metaPath, JSON.stringify(metadata, null, 2));
+}
+/**
+* Remove cached repository
+*/
+function invalidateCache(ref) {
+	const cachePath = getRepoCachePath(ref);
+	if (existsSync(cachePath)) rmSync(cachePath, {
+		recursive: true,
+		force: true
+	});
+}
+
+//#endregion
+//#region src/remote/fetcher.ts
+init_parser();
+const execAsync = promisify(exec);
+/**
+* Clone a repository to cache
+*/
+async function cloneRepo(ref) {
+	const repoUrl = `https://github.com/${ref.owner}/${ref.repo}.git`;
+	const targetPath = getRepoCachePath(ref);
+	if (existsSync(targetPath)) rmSync(targetPath, {
+		recursive: true,
+		force: true
+	});
+	mkdirSync(dirname(targetPath), { recursive: true });
+	try {
+		await execAsync(`git clone --depth 1 --branch ${ref.ref} ${repoUrl} "${targetPath}"`, { timeout: 6e4 });
+	} catch (error) {
+		if (ref.ref === "main") try {
+			await execAsync(`git clone --depth 1 ${repoUrl} "${targetPath}"`, { timeout: 6e4 });
+			return;
+		} catch {}
+		throw new Error(`Failed to clone ${ref.owner}/${ref.repo}@${ref.ref}: ${error instanceof Error ? error.message : String(error)}`);
+	}
+}
+/**
+* Install dependencies using bun
+*/
+async function installDependencies(repoPath) {
+	if (!existsSync(`${repoPath}/package.json`)) return;
+	try {
+		await execAsync("bun install", {
+			cwd: repoPath,
+			timeout: 12e4
+		});
+	} catch (error) {
+		throw new Error(`Failed to install dependencies: ${error instanceof Error ? error.message : String(error)}`);
+	}
+}
+/**
+* Get the commit SHA of a cloned repo
+*/
+async function getCommitSha(repoPath) {
+	try {
+		const { stdout } = await execAsync("git rev-parse HEAD", {
+			cwd: repoPath,
+			timeout: 5e3
+		});
+		return stdout.trim();
+	} catch {
+		return "unknown";
+	}
+}
+
+//#endregion
+//#region src/remote/integrity.ts
+/**
+* Directories and files to ignore when calculating repository hash
+*/
+const IGNORE_PATTERNS = [
+	".git",
+	"node_modules",
+	"dist",
+	"build",
+	"coverage",
+	".kly",
+	".kly-meta.json",
+	".DS_Store",
+	"*.log"
+];
+/**
+* File extensions to include in hash calculation
+*/
+const SOURCE_EXTENSIONS = [
+	".ts",
+	".js",
+	".tsx",
+	".jsx",
+	".json",
+	".md",
+	".txt"
+];
+/**
+* Calculate integrity hash for a cloned repository
+* Uses SHA-384 (consistent with browser Subresource Integrity)
+*
+* Hash includes:
+* - All source code files (sorted by path)
+* - File paths (for structure verification)
+* - Lock file (bun.lockb) if present
+*
+* @param repoPath - Absolute path to the repository
+* @param algorithm - Hash algorithm (default: sha384)
+* @returns Hash in format "sha384-base64..."
+*/
+function calculateRepoHash(repoPath, algorithm = "sha384") {
+	const hash = createHash(algorithm);
+	const files = collectSourceFiles(repoPath);
+	files.sort();
+	for (const file of files) {
+		const relativePath = relative(repoPath, file);
+		const content = readFileSync(file);
+		hash.update(`FILE:${relativePath}\n`);
+		hash.update(content);
+		hash.update("\n");
+	}
+	const lockFile = join(repoPath, "bun.lockb");
+	if (existsSync(lockFile)) {
+		hash.update("LOCK:bun.lockb\n");
+		hash.update(readFileSync(lockFile));
+		hash.update("\n");
+	}
+	return `${algorithm}-${hash.digest("base64")}`;
+}
+/**
+* Recursively collect all source files in a directory
+*
+* @param dir - Directory to scan
+* @param results - Accumulator for file paths
+* @returns Array of absolute file paths
+*/
+function collectSourceFiles(dir, results = []) {
+	if (!existsSync(dir)) return results;
+	try {
+		const entries = readdirSync(dir);
+		for (const entry of entries) {
+			if (shouldIgnore(entry)) continue;
+			const fullPath = join(dir, entry);
+			let stat;
+			try {
+				stat = statSync(fullPath);
+			} catch {
+				continue;
+			}
+			if (stat.isDirectory()) collectSourceFiles(fullPath, results);
+			else if (stat.isFile() && shouldIncludeFile(entry)) results.push(fullPath);
+		}
+	} catch {}
+	return results;
+}
+/**
+* Check if a file/directory should be ignored
+*/
+function shouldIgnore(name) {
+	for (const pattern of IGNORE_PATTERNS) if (pattern.startsWith("*")) {
+		const ext = pattern.slice(1);
+		if (name.endsWith(ext)) return true;
+	} else if (name === pattern) return true;
+	return false;
+}
+/**
+* Check if a file should be included in hash calculation
+*/
+function shouldIncludeFile(name) {
+	return SOURCE_EXTENSIONS.some((ext) => name.endsWith(ext));
+}
+
+//#endregion
+//#region src/remote/resolver.ts
+/**
+* Entry point candidates to search for (in order)
+*/
+const ENTRY_CANDIDATES = [
+	"index.ts",
+	"main.ts",
+	"src/index.ts",
+	"src/main.ts",
+	"app.ts"
+];
+/**
+* Resolve entry point for a kly app
+* Priority: main field > convention candidates
+*/
+function resolveEntryPoint(repoPath) {
+	const pkgPath = join(repoPath, "package.json");
+	if (existsSync(pkgPath)) try {
+		const pkg = JSON.parse(readFileSync(pkgPath, "utf-8"));
+		if (pkg.main && (pkg.main.endsWith(".ts") || pkg.main.endsWith(".js"))) {
+			if (existsSync(join(repoPath, pkg.main))) return pkg.main;
+		}
+	} catch {}
+	for (const candidate of ENTRY_CANDIDATES) if (existsSync(join(repoPath, candidate))) return candidate;
+	return null;
+}
+/**
+* Read kly configuration from package.json
+*/
+function readKlyConfig(repoPath) {
+	const pkgPath = join(repoPath, "package.json");
+	if (!existsSync(pkgPath)) return null;
+	try {
+		return JSON.parse(readFileSync(pkgPath, "utf-8")).kly ?? null;
+	} catch {
+		return null;
+	}
+}
+/**
+* Check if current kly version satisfies the required version
+* Simple semver check (supports >=x.y.z format)
+*/
+function validateVersion(required, current) {
+	const reqMatch = required.match(/^>=?\s*(\d+)\.(\d+)\.(\d+)/);
+	if (!reqMatch) return true;
+	const curMatch = current.match(/^(\d+)\.(\d+)\.(\d+)/);
+	if (!curMatch) return true;
+	const reqMajor = Number(reqMatch[1]);
+	const reqMinor = Number(reqMatch[2]);
+	const reqPatch = Number(reqMatch[3]);
+	const curMajor = Number(curMatch[1]);
+	const curMinor = Number(curMatch[2]);
+	const curPatch = Number(curMatch[3]);
+	if (curMajor > reqMajor) return true;
+	if (curMajor < reqMajor) return false;
+	if (curMinor > reqMinor) return true;
+	if (curMinor < reqMinor) return false;
+	return curPatch >= reqPatch;
+}
+/**
+* Check required environment variables
+* Returns list of missing variables
+*/
+function checkEnvVars(required) {
+	return required.filter((name) => !process.env[name]);
+}
+
+//#endregion
+//#region src/remote/sumfile.ts
+/**
+* Get the path to kly.sum file
+*/
+function getSumFilePath() {
+	return join(homedir(), ".kly", "kly.sum");
+}
+/**
+* Manager for kly.sum file (integrity verification database)
+*
+* File format (one entry per line):
+* github.com/owner/repo@ref sha384-hash timestamp trusted|untrusted
+*
+* Example:
+* github.com/jack/weather@v1.0.0 sha384-oqVuAfXRKap7fdgc... 1704067200 trusted
+*/
+var SumFileManager = class {
+	entries = /* @__PURE__ */ new Map();
+	sumFilePath;
+	dirty = false;
+	constructor(sumFilePath) {
+		this.sumFilePath = sumFilePath || getSumFilePath();
+		this.load();
+	}
+	/**
+	* Load entries from kly.sum file
+	*/
+	load() {
+		if (!existsSync(this.sumFilePath)) return;
+		try {
+			const lines = readFileSync(this.sumFilePath, "utf-8").split("\n");
+			for (const line of lines) {
+				const trimmed = line.trim();
+				if (!trimmed || trimmed.startsWith("#")) continue;
+				const entry = this.parseLine(trimmed);
+				if (entry) this.entries.set(entry.url, entry);
+			}
+		} catch (error) {
+			console.warn(`Warning: Failed to load kly.sum: ${error}`);
+		}
+	}
+	/**
+	* Parse a single line from kly.sum
+	*/
+	parseLine(line) {
+		const parts = line.split(/\s+/);
+		if (parts.length < 4) return null;
+		const [url, hash, timestampStr, trustedStr] = parts;
+		if (!url || !hash || !timestampStr || !trustedStr) return null;
+		const timestamp = Number(timestampStr);
+		if (Number.isNaN(timestamp)) return null;
+		return {
+			url,
+			hash,
+			timestamp,
+			trusted: trustedStr === "trusted"
+		};
+	}
+	/**
+	* Format an entry for writing to file
+	*/
+	formatEntry(entry) {
+		return `${entry.url} ${entry.hash} ${entry.timestamp} ${entry.trusted ? "trusted" : "untrusted"}`;
+	}
+	/**
+	* Save entries to kly.sum file
+	*/
+	save() {
+		if (!this.dirty) return;
+		try {
+			const dir = dirname(this.sumFilePath);
+			if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
+			const lines = [
+				"# kly.sum - Integrity verification database",
+				"# Format: url hash timestamp trusted|untrusted",
+				"# DO NOT EDIT THIS FILE MANUALLY",
+				"",
+				...Array.from(this.entries.values()).sort((a, b) => a.url.localeCompare(b.url)).map((entry) => this.formatEntry(entry))
+			];
+			writeFileSync(this.sumFilePath, `${lines.join("\n")}\n`, "utf-8");
+			this.dirty = false;
+		} catch (error) {
+			console.error(`Error: Failed to save kly.sum: ${error}`);
+			throw error;
+		}
+	}
+	/**
+	* Verify a repository's integrity hash
+	*
+	* @param url - Full URL (e.g., "github.com/owner/repo@ref")
+	* @param hash - Calculated hash to verify
+	* @returns "ok" if matches, "mismatch" if different, "new" if first time
+	*/
+	verify(url, hash) {
+		const entry = this.entries.get(url);
+		if (!entry) return "new";
+		if (entry.hash === hash) return "ok";
+		return "mismatch";
+	}
+	/**
+	* Add or update an entry in kly.sum
+	*
+	* @param url - Full URL
+	* @param hash - Integrity hash
+	* @param trusted - Whether user explicitly trusted this code
+	*/
+	add(url, hash, trusted = false) {
+		this.entries.set(url, {
+			url,
+			hash,
+			timestamp: Math.floor(Date.now() / 1e3),
+			trusted
+		});
+		this.dirty = true;
+		this.save();
+	}
+	/**
+	* Update an existing entry's hash (e.g., user approved new version)
+	*
+	* @param url - Full URL
+	* @param hash - New hash
+	* @param trusted - Whether user explicitly trusted this update
+	*/
+	update(url, hash, trusted = false) {
+		const existing = this.entries.get(url);
+		this.entries.set(url, {
+			url,
+			hash,
+			timestamp: existing?.timestamp ?? Math.floor(Date.now() / 1e3),
+			trusted
+		});
+		this.dirty = true;
+		this.save();
+	}
+	/**
+	* Remove an entry from kly.sum
+	*
+	* @param url - Full URL to remove
+	* @returns true if removed, false if not found
+	*/
+	remove(url) {
+		const existed = this.entries.delete(url);
+		if (existed) {
+			this.dirty = true;
+			this.save();
+		}
+		return existed;
+	}
+	/**
+	* Get an entry by URL
+	*
+	* @param url - Full URL
+	* @returns Entry if found, undefined otherwise
+	*/
+	get(url) {
+		return this.entries.get(url);
+	}
+	/**
+	* Get all entries
+	*
+	* @returns Array of all sum entries
+	*/
+	getAll() {
+		return Array.from(this.entries.values());
+	}
+	/**
+	* Clear all entries (for testing or reset)
+	*/
+	clear() {
+		this.entries.clear();
+		this.dirty = true;
+		this.save();
+	}
+	/**
+	* Get statistics about the sum file
+	*/
+	getStats() {
+		const entries = Array.from(this.entries.values());
+		return {
+			total: entries.length,
+			trusted: entries.filter((e) => e.trusted).length,
+			untrusted: entries.filter((e) => !e.trusted).length
+		};
+	}
+};
+
+//#endregion
+//#region src/remote/index.ts
+init_parser();
+/** Current kly CLI version */
+const KLY_VERSION = "0.1.0";
+/**
+* Run a remote GitHub repository as a kly app
+*/
+async function runRemote(input, options = {}) {
+	const ref = parseRemoteRef(input);
+	if (!ref) throw new Error(`Invalid remote reference: ${input}`);
+	const repoPath = getRepoCachePath(ref);
+	const cacheResult = checkCache(ref);
+	if (!cacheResult.valid || options.force) {
+		if (options.force && cacheResult.exists) {
+			console.log(`Refreshing ${ref.owner}/${ref.repo}@${ref.ref}...`);
+			invalidateCache(ref);
+		} else console.log(`Fetching ${ref.owner}/${ref.repo}@${ref.ref}...`);
+		await cloneRepo(ref);
+		const entryPoint = resolveEntryPoint(repoPath);
+		if (!entryPoint) throw new Error(`No entry point found in ${ref.owner}/${ref.repo}. Set "main" in package.json or create index.ts`);
+		if (!options.skipInstall) {
+			console.log("Installing dependencies...");
+			await installDependencies(repoPath);
+		}
+		writeMetadata(ref, {
+			commitSha: await getCommitSha(repoPath),
+			cachedAt: (/* @__PURE__ */ new Date()).toISOString(),
+			entryPoint,
+			dependenciesInstalled: !options.skipInstall
+		});
+		console.log("Ready!\n");
+	}
+	if (!options.skipIntegrityCheck) {
+		if (!(await verifyIntegrity(ref, repoPath)).proceedWithExecution) {
+			console.error("\n❌ Execution cancelled due to integrity verification failure");
+			process.exit(1);
+		}
+	}
+	await executeApp(ref, repoPath, options.args ?? [], options.mcp ?? false);
+}
+/**
+* Verify repository integrity using kly.sum
+*
+* @param ref - Repository reference
+* @param repoPath - Local path to repository
+* @returns Object with integrity check result and whether to proceed with execution
+*/
+async function verifyIntegrity(ref, repoPath) {
+	const url = `github.com/${ref.owner}/${ref.repo}@${ref.ref}`;
+	console.log("\n🔐 Verifying code integrity...");
+	const hash = calculateRepoHash(repoPath);
+	console.log(`   Hash: ${hash.slice(0, 20)}...`);
+	const sumManager = new SumFileManager();
+	const verifyResult = sumManager.verify(url, hash);
+	const result = {
+		status: verifyResult,
+		hash,
+		requiresTrust: verifyResult !== "ok"
+	};
+	switch (verifyResult) {
+		case "ok":
+			console.log("   ✓ Integrity verified\n");
+			return {
+				proceedWithExecution: true,
+				result
+			};
+		case "new":
+			console.log("\n⚠️  SECURITY NOTICE: First time running this tool\n");
+			console.log("   This code has not been verified before.");
+			console.log("   Please review the source code before proceeding:");
+			console.log(`   https://github.com/${ref.owner}/${ref.repo}/tree/${ref.ref}\n`);
+			if (await confirm("Do you trust this code and want to proceed?")) {
+				sumManager.add(url, hash, true);
+				console.log("   ✓ Code trusted and added to kly.sum\n");
+				return {
+					proceedWithExecution: true,
+					result
+				};
+			}
+			console.log("\n   User declined to trust the code");
+			return {
+				proceedWithExecution: false,
+				result
+			};
+		case "mismatch":
+			result.expectedHash = sumManager.get(url)?.hash;
+			console.log("\n🚨 SECURITY WARNING: Code has been modified!\n");
+			console.log("   The code for this tool has changed since you last ran it.");
+			console.log("   This could indicate:");
+			console.log("   - A supply chain attack (code tampering)");
+			console.log("   - Maintainer account compromise");
+			console.log("   - Git history rewrite\n");
+			console.log("   Expected hash:", `${result.expectedHash?.slice(0, 40)}...`);
+			console.log("   Current hash: ", `${hash.slice(0, 40)}...\n`);
+			console.log("   Recommended actions:");
+			console.log("   1. Check GitHub for official announcements");
+			console.log("   2. Contact the maintainer");
+			console.log("   3. Review code changes carefully");
+			console.log(`   4. Visit: https://github.com/${ref.owner}/${ref.repo}/commits/${ref.ref}\n`);
+			if (await confirm("⚠️  Proceed anyway? (NOT RECOMMENDED)", false)) {
+				if (await confirm("Update kly.sum with new hash?", false)) {
+					sumManager.update(url, hash, true);
+					console.log("   ✓ kly.sum updated with new hash\n");
+				}
+				return {
+					proceedWithExecution: true,
+					result
+				};
+			}
+			console.log("\n   Execution cancelled for safety");
+			return {
+				proceedWithExecution: false,
+				result
+			};
+		default:
+			console.error("Unknown verification result");
+			return {
+				proceedWithExecution: false,
+				result
+			};
+	}
+}
+/**
+* Execute the kly app
+*/
+async function executeApp(ref, repoPath, args$1, mcp) {
+	const config = readKlyConfig(repoPath);
+	if (config?.version) {
+		if (!validateVersion(config.version, KLY_VERSION)) throw new Error(`This app requires kly ${config.version}, but you have ${KLY_VERSION}`);
+	}
+	if (config?.env && config.env.length > 0) {
+		const missing = checkEnvVars(config.env);
+		if (missing.length > 0) console.warn(`Warning: Required environment variables not set: ${missing.join(", ")}`);
+	}
+	const entryPoint = resolveEntryPoint(repoPath);
+	if (!entryPoint) throw new Error(`Cannot resolve entry point for ${ref.owner}/${ref.repo}`);
+	const absoluteEntryPath = join(repoPath, entryPoint);
+	const remoteRef = `github.com/${ref.owner}/${ref.repo}`;
+	const prevRemoteRef = process.env[ENV_VARS.REMOTE_REF];
+	process.env[ENV_VARS.REMOTE_REF] = remoteRef;
+	try {
+		const { getAppIdentifier: getAppIdentifier$1, checkApiKeyPermission: checkApiKeyPermission$1, getAppSandboxConfig: getAppSandboxConfig$1 } = await import("./permissions-2r_7ZqaH.mjs");
+		const { launchSandbox: launchSandbox$1 } = await import("./launcher-vTpgdO9n.mjs");
+		const appId = getAppIdentifier$1();
+		console.log("🔐 Checking permissions...");
+		const allowApiKey = await checkApiKeyPermission$1(appId);
+		if (!allowApiKey) {
+			console.error("❌ Permission denied: API key access rejected");
+			process.exit(1);
+		}
+		const sandboxConfig = await getAppSandboxConfig$1(appId);
+		if (!sandboxConfig) {
+			console.error("❌ Permission denied: Sandbox configuration rejected");
+			process.exit(1);
+		}
+		if (mcp) {
+			console.warn("⚠️  MCP mode with remote repos not yet fully supported in new architecture");
+			process.env[ENV_VARS.MCP_MODE] = "true";
+			process.argv = ["bun", absoluteEntryPath];
+			await import(absoluteEntryPath);
+			return;
+		}
+		const result = await launchSandbox$1({
+			scriptPath: absoluteEntryPath,
+			args: args$1,
+			appId,
+			sandboxConfig,
+			allowApiKey
+		});
+		if (result.error) console.error(`\n❌ Error: ${result.error}`);
+		if (result.exitCode !== 0) process.exit(result.exitCode);
+	} finally {
+		if (prevRemoteRef === void 0) delete process.env[ENV_VARS.REMOTE_REF];
+		else process.env[ENV_VARS.REMOTE_REF] = prevRemoteRef;
+	}
+}
+
+//#endregion
+//#region bin/kly.ts
+const args = process.argv.slice(2);
+const command = args[0];
+async function main() {
+	if (!command || command === "--help" || command === "-h") {
+		showHelp();
+		return;
+	}
+	if (command === "--version" || command === "-v") {
+		showVersion();
+		return;
+	}
+	if (command === "models") {
+		await modelsCommand();
+		return;
+	}
+	if (command === "permissions") {
+		await permissionsCommand();
+		return;
+	}
+	if (command === "run") {
+		const target = args[1];
+		if (!target) {
+			console.error("Error: Missing file path or remote reference");
+			console.error("Usage: kly run <file|user/repo[@ref]>");
+			process.exit(1);
+		}
+		const force = args.indexOf("--force") !== -1;
+		const dashDashIndex = args.indexOf("--");
+		const appArgs = dashDashIndex !== -1 ? args.slice(dashDashIndex + 1) : args.slice(2).filter((arg) => arg !== "--force");
+		if (isRemoteRef(target)) await runRemote(target, {
+			args: appArgs,
+			force
+		});
+		else await runFile(target, appArgs);
+		return;
+	}
+	if (command === "mcp") {
+		const target = args[1];
+		if (!target) {
+			console.error("Error: Missing file path or remote reference");
+			console.error("Usage: kly mcp <file|user/repo[@ref]>");
+			process.exit(1);
+		}
+		const force = args.indexOf("--force") !== -1;
+		if (isRemoteRef(target)) await runRemote(target, {
+			args: [],
+			force,
+			mcp: true
+		});
+		else await runFileAsMcp(target);
+		return;
+	}
+	console.error(`Unknown command: ${command}`);
+	console.error("Run \"kly --help\" for usage");
+	process.exit(1);
+}
+async function runFile(filePath, appArgs) {
+	const absolutePath = resolve(process.cwd(), filePath);
+	const prevLocalRef = process.env.KLY_LOCAL_REF;
+	process.env.KLY_LOCAL_REF = `local:${absolutePath}`;
+	try {
+		const appId = getAppIdentifier();
+		const storedConfig = checkStoredPermission(appId);
+		let sandboxConfig;
+		let allowApiKey = false;
+		if (!storedConfig) {
+			const appPermissions = await extractAppPermissions(absolutePath);
+			sandboxConfig = buildSandboxConfig(appPermissions);
+			console.log("🔐 Checking permissions...");
+			if (!await requestUnifiedPermission(appId, appPermissions, sandboxConfig)) {
+				console.error("❌ Permission denied");
+				process.exit(1);
+			}
+			allowApiKey = appPermissions?.apiKeys ?? false;
+		} else {
+			sandboxConfig = storedConfig;
+			allowApiKey = (await extractAppPermissions(absolutePath))?.apiKeys ?? false;
+		}
+		const result = await launchSandbox({
+			scriptPath: absolutePath,
+			args: appArgs,
+			appId,
+			sandboxConfig,
+			allowApiKey
+		});
+		if (result.error) console.error(`\n❌ Error: ${result.error}`);
+		if (result.exitCode !== 0) process.exit(result.exitCode);
+	} finally {
+		if (prevLocalRef === void 0) delete process.env.KLY_LOCAL_REF;
+		else process.env.KLY_LOCAL_REF = prevLocalRef;
+	}
+}
+async function runFileAsMcp(filePath) {
+	const absolutePath = resolve(process.cwd(), filePath);
+	process.env.KLY_MCP_MODE = "true";
+	process.argv = ["bun", absolutePath];
+	await import(absolutePath);
+}
+function showHelp() {
+	console.log(`
+kly - Command Line AI
+
+Usage:
+  kly <command> [options]
+
+Commands:
+  models         Manage LLM model configurations
+  permissions    Manage app permissions
+  run <target>   Run a Kly app
+  mcp <target>   Start an MCP server for a Kly app
+
+Target can be:
+  ./file.ts              Local file
+  user/repo              GitHub repo (main branch)
+  user/repo@v1.0.0       GitHub repo at specific tag
+  user/repo@branch       GitHub repo at specific branch
+
+Options:
+  --force        Force re-fetch remote repo (ignore cache)
+  --help, -h     Show help
+  --version, -v  Show version
+
+Examples:
+  kly models
+  kly permissions
+  kly run ./my-tool.ts
+  kly run ./my-tool.ts --name=World
+  kly run user/weather-app
+  kly run user/weather-app@v1.0.0
+  kly run user/weather-app -- --city=Beijing
+  kly mcp ./my-tool.ts
+  kly mcp user/weather-app
+`);
+}
+function showVersion() {
+	console.log("0.1.0");
+}
+main().catch((err) => {
+	console.error(err.message || err);
+	process.exit(1);
+});
+
+//#endregion
+export { getAppSandboxConfig as a, revokePermission as c, getAppName as i, savePermissions as l, clearAllPermissions as n, listPermissions as o, getAppIdentifier as r, loadPermissions as s, checkApiKeyPermission as t, launchSandbox as u };
+//# sourceMappingURL=kly.mjs.map