mach6-core 1.1.0

package/dist/tools/policy.js

@@ -0,0 +1,106 @@
+// Mach6 — Tool Policy Engine (fixes Pain #6, #12)
+// Clean allow/deny, no phantom queues, dynamic iteration limits, resource budgets
+const DEFAULT_LIMITS = {
+    simple: 10,
+    complex: 50,
+};
+const DEFAULT_TOOL_POLICY = 'allow';
+export class PolicyEngine {
+    sessionPolicies = new Map();
+    globalDeny = new Set(); // tools denied for everyone
+    budgets = new Map();
+    /** Set global deny list */
+    setGlobalDeny(tools) {
+        this.globalDeny = new Set(tools);
+    }
+    /** Configure policy for a session */
+    setSessionPolicy(policy) {
+        this.sessionPolicies.set(policy.sessionId, policy);
+    }
+    /** Check if a tool is allowed for a session. No phantom queues — immediate answer. */
+    check(sessionId, toolName) {
+        // Global deny takes precedence
+        if (this.globalDeny.has(toolName)) {
+            return { allowed: false, reason: `Tool "${toolName}" is globally denied` };
+        }
+        const sp = this.sessionPolicies.get(sessionId);
+        if (sp?.tools[toolName] === 'deny') {
+            return { allowed: false, reason: `Tool "${toolName}" denied for session ${sessionId}` };
+        }
+        if (sp?.tools[toolName] === 'allow') {
+            return { allowed: true };
+        }
+        // Default policy
+        return { allowed: DEFAULT_TOOL_POLICY === 'allow' };
+    }
+    /** Get iteration limit for a session */
+    getIterationLimit(sessionId) {
+        const sp = this.sessionPolicies.get(sessionId);
+        if (sp?.maxIterations)
+            return sp.maxIterations;
+        const complexity = sp?.complexity ?? 'complex';
+        return DEFAULT_LIMITS[complexity] ?? 25;
+    }
+    /**
+     * Check iteration progress. Returns warning message if approaching limit.
+     */
+    checkIteration(sessionId, current) {
+        const limit = this.getIterationLimit(sessionId);
+        const ratio = current / limit;
+        if (ratio >= 1) {
+            return { ok: false, warning: `Iteration limit reached (${current}/${limit}). Stopping.` };
+        }
+        if (ratio >= 0.8) {
+            return { ok: true, warning: `Approaching iteration limit: ${current}/${limit} (${Math.round(ratio * 100)}%)` };
+        }
+        return { ok: true };
+    }
+    // ── Resource Budgets ──
+    /** Register a resource budget */
+    registerBudget(resource, dailyLimit, perRun) {
+        const now = Date.now();
+        const resetAt = this.nextMidnight(now);
+        this.budgets.set(resource, { resource, dailyLimit, perRun, used: 0, resetAt });
+    }
+    /** Try to consume resource. Returns true if allowed. */
+    consumeResource(resource, amount) {
+        const budget = this.budgets.get(resource);
+        if (!budget)
+            return { allowed: true, remaining: Infinity }; // no budget = unlimited
+        // Reset if past midnight
+        if (Date.now() >= budget.resetAt) {
+            budget.used = 0;
+            budget.resetAt = this.nextMidnight(Date.now());
+        }
+        // Check per-run limit
+        if (budget.perRun !== undefined && amount > budget.perRun) {
+            return { allowed: false, remaining: budget.dailyLimit - budget.used, reason: `Exceeds per-run limit (${amount} > ${budget.perRun})` };
+        }
+        // Check daily limit
+        if (budget.used + amount > budget.dailyLimit) {
+            return { allowed: false, remaining: budget.dailyLimit - budget.used, reason: `Daily budget exhausted (${budget.used}/${budget.dailyLimit})` };
+        }
+        budget.used += amount;
+        const remaining = budget.dailyLimit - budget.used;
+        // Warn at 80%
+        if (budget.used / budget.dailyLimit >= 0.8) {
+            console.warn(`⚠️  Resource "${resource}" at ${Math.round((budget.used / budget.dailyLimit) * 100)}% of daily budget (${budget.used}/${budget.dailyLimit})`);
+        }
+        return { allowed: true, remaining };
+    }
+    /** Get budget status for a resource */
+    getBudgetStatus(resource) {
+        const budget = this.budgets.get(resource);
+        if (budget && Date.now() >= budget.resetAt) {
+            budget.used = 0;
+            budget.resetAt = this.nextMidnight(Date.now());
+        }
+        return budget;
+    }
+    nextMidnight(now) {
+        const d = new Date(now);
+        d.setHours(24, 0, 0, 0);
+        return d.getTime();
+    }
+}
+//# sourceMappingURL=policy.js.map

package/dist/tools/policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../src/tools/policy.ts"],"names":[],"mappings":"AAAA,kDAAkD;AAClD,kFAAkF;AA4BlF,MAAM,cAAc,GAA2B;IAC7C,MAAM,EAAE,EAAE;IACV,OAAO,EAAE,EAAE;CACZ,CAAC;AAEF,MAAM,mBAAmB,GAAmB,OAAO,CAAC;AAEpD,MAAM,OAAO,YAAY;IACf,eAAe,GAAG,IAAI,GAAG,EAAyB,CAAC;IACnD,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC,CAAC,4BAA4B;IAC5D,OAAO,GAAG,IAAI,GAAG,EAA0B,CAAC;IAEpD,2BAA2B;IAC3B,aAAa,CAAC,KAAe;QAC3B,IAAI,CAAC,UAAU,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;IACnC,CAAC;IAED,qCAAqC;IACrC,gBAAgB,CAAC,MAAqB;QACpC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACrD,CAAC;IAED,sFAAsF;IACtF,KAAK,CAAC,SAAiB,EAAE,QAAgB;QACvC,+BAA+B;QAC/B,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,QAAQ,sBAAsB,EAAE,CAAC;QAC7E,CAAC;QAED,MAAM,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC/C,IAAI,EAAE,EAAE,KAAK,CAAC,QAAQ,CAAC,KAAK,MAAM,EAAE,CAAC;YACnC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,QAAQ,wBAAwB,SAAS,EAAE,EAAE,CAAC;QAC1F,CAAC;QACD,IAAI,EAAE,EAAE,KAAK,CAAC,QAAQ,CAAC,KAAK,OAAO,EAAE,CAAC;YACpC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QAED,iBAAiB;QACjB,OAAO,EAAE,OAAO,EAAE,mBAAmB,KAAK,OAAO,EAAE,CAAC;IACtD,CAAC;IAED,wCAAwC;IACxC,iBAAiB,CAAC,SAAiB;QACjC,MAAM,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC/C,IAAI,EAAE,EAAE,aAAa;YAAE,OAAO,EAAE,CAAC,aAAa,CAAC;QAC/C,MAAM,UAAU,GAAG,EAAE,EAAE,UAAU,IAAI,SAAS,CAAC;QAC/C,OAAO,cAAc,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,SAAiB,EAAE,OAAe;QAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAChD,MAAM,KAAK,GAAG,OAAO,GAAG,KAAK,CAAC;QAE9B,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;YACf,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,4BAA4B,OAAO,IAAI,KAAK,cAAc,EAAE,CAAC;QAC5F,CAAC;QACD,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;YACjB,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,gCAAgC,OAAO,IAAI,KAAK,KAAK,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;QACjH,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;IAED,yBAAyB;IAEzB,iCAAiC;IACjC,cAAc,CAAC,QAAgB,EAAE,UAAkB,EAAE,MAAe;QAClE,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IACjF,CAAC;IAED,wDAAwD;IACxD,eAAe,CAAC,QAAgB,EAAE,MAAc;QAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM;YAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC,wBAAwB;QAEpF,yBAAyB;QACzB,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACjC,MAAM,CAAC,IAAI,GAAG,CAAC,CAAC;YAChB,MAAM,CAAC,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QACjD,CAAC;QAED,sBAAsB;QACtB,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,IAAI,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;YAC1D,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,0BAA0B,MAAM,MAAM,MAAM,CAAC,MAAM,GAAG,EAAE,CAAC;QACxI,CAAC;QAED,oBAAoB;QACpB,IAAI,MAAM,CAAC,IAAI,GAAG,MAAM,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;YAC7C,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,2BAA2B,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,UAAU,GAAG,EAAE,CAAC;QAChJ,CAAC;QAED,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC;QACtB,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC;QAElD,cAAc;QACd,IAAI,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC;YAC3C,OAAO,CAAC,IAAI,CAAC,iBAAiB,QAAQ,QAAQ,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,GAAG,CAAC,sBAAsB,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,UAAU,GAAG,CAAC,CAAC;QAC9J,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;IACtC,CAAC;IAED,uCAAuC;IACvC,eAAe,CAAC,QAAgB;QAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC1C,IAAI,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YAC3C,MAAM,CAAC,IAAI,GAAG,CAAC,CAAC;YAChB,MAAM,CAAC,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QACjD,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,YAAY,CAAC,GAAW;QAC9B,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC;QACxB,CAAC,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACxB,OAAO,CAAC,CAAC,OAAO,EAAE,CAAC;IACrB,CAAC;CACF"}

package/dist/tools/registry.d.ts

@@ -0,0 +1,15 @@
+import type { ToolDef } from '../providers/types.js';
+import type { ToolDefinition } from './types.js';
+export declare class ToolRegistry {
+    private tools;
+    register(tool: ToolDefinition): void;
+    get(name: string): ToolDefinition | undefined;
+    list(): ToolDefinition[];
+    /** Convert all registered tools to provider-format ToolDefs */
+    toProviderFormat(): ToolDef[];
+    /** Execute a tool by name */
+    execute(name: string, input: Record<string, unknown>): Promise<string>;
+}
+/** Create a registry with all builtin tools pre-registered */
+export declare function createDefaultRegistry(): ToolRegistry;
+//# sourceMappingURL=registry.d.ts.map

package/dist/tools/registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../src/tools/registry.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAEjD,qBAAa,YAAY;IACvB,OAAO,CAAC,KAAK,CAAqC;IAElD,QAAQ,CAAC,IAAI,EAAE,cAAc,GAAG,IAAI;IAIpC,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS;IAI7C,IAAI,IAAI,cAAc,EAAE;IAIxB,+DAA+D;IAC/D,gBAAgB,IAAI,OAAO,EAAE;IAQ7B,6BAA6B;IACvB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC;CAU7E;AAED,8DAA8D;AAC9D,wBAAgB,qBAAqB,IAAI,YAAY,CAIpD"}

package/dist/tools/registry.js

@@ -0,0 +1,41 @@
+// Mach6 — Tool registry: register, lookup, dispatch, convert to provider format
+export class ToolRegistry {
+    tools = new Map();
+    register(tool) {
+        this.tools.set(tool.name, tool);
+    }
+    get(name) {
+        return this.tools.get(name);
+    }
+    list() {
+        return [...this.tools.values()];
+    }
+    /** Convert all registered tools to provider-format ToolDefs */
+    toProviderFormat() {
+        return this.list().map(t => ({
+            name: t.name,
+            description: t.description,
+            parameters: t.parameters,
+        }));
+    }
+    /** Execute a tool by name */
+    async execute(name, input) {
+        const tool = this.tools.get(name);
+        if (!tool)
+            return JSON.stringify({ error: `Unknown tool: ${name}` });
+        try {
+            return await tool.execute(input);
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            return JSON.stringify({ error: msg });
+        }
+    }
+}
+/** Create a registry with all builtin tools pre-registered */
+export function createDefaultRegistry() {
+    const registry = new ToolRegistry();
+    // Lazy import to avoid circular deps — tools register themselves
+    return registry;
+}
+//# sourceMappingURL=registry.js.map

package/dist/tools/registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/tools/registry.ts"],"names":[],"mappings":"AAAA,gFAAgF;AAKhF,MAAM,OAAO,YAAY;IACf,KAAK,GAAG,IAAI,GAAG,EAA0B,CAAC;IAElD,QAAQ,CAAC,IAAoB;QAC3B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,GAAG,CAAC,IAAY;QACd,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED,IAAI;QACF,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IAClC,CAAC;IAED,+DAA+D;IAC/D,gBAAgB;QACd,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC3B,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,WAAW,EAAE,CAAC,CAAC,WAAW;YAC1B,UAAU,EAAE,CAAC,CAAC,UAAU;SACzB,CAAC,CAAC,CAAC;IACN,CAAC;IAED,6BAA6B;IAC7B,KAAK,CAAC,OAAO,CAAC,IAAY,EAAE,KAA8B;QACxD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,IAAI,EAAE,EAAE,CAAC,CAAC;QACrE,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;CACF;AAED,8DAA8D;AAC9D,MAAM,UAAU,qBAAqB;IACnC,MAAM,QAAQ,GAAG,IAAI,YAAY,EAAE,CAAC;IACpC,iEAAiE;IACjE,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/tools/sandbox.d.ts

@@ -0,0 +1,91 @@
+/**
+ * Mach6 — Tool Sandbox
+ *
+ * Enforces per-session security boundaries on tool execution.
+ * This is the ONLY place where tool access control happens.
+ *
+ * Architecture:
+ * - Every agent session gets a SandboxedToolRegistry wrapping the real ToolRegistry
+ * - The sandbox intercepts execute() calls and enforces rules BEFORE the tool runs
+ * - Rules are based on session context (channel, sender, adapter) not string matching
+ * - The real tools never see the sandbox — it's transparent wrapping
+ *
+ * Security model:
+ * - ADMIN sessions (owner DM on primary adapters) get full access
+ * - STANDARD sessions get restricted access (no infrastructure modification)
+ * - Rules are declarative and audited — every denial is logged
+ */
+import type { ToolExecutor } from '../agent/runner.js';
+export type SessionTier = 'admin' | 'standard' | 'restricted';
+export interface SessionContext {
+    sessionId: string;
+    adapterId: string;
+    channelType: string;
+    chatType: 'direct' | 'group';
+    senderId: string;
+    isOwner: boolean;
+}
+export interface SandboxRule {
+    /** Human-readable name for logging */
+    name: string;
+    /** Which tools this rule applies to. '*' = all tools. */
+    tools: string[] | '*';
+    /** The check function. Return null to allow, or a string reason to deny. */
+    check: (tool: string, input: Record<string, unknown>, ctx: SessionContext) => string | null;
+}
+export interface SandboxDenial {
+    timestamp: number;
+    sessionId: string;
+    tier: SessionTier;
+    tool: string;
+    rule: string;
+    reason: string;
+    input: Record<string, unknown>;
+}
+export declare function classifySession(ctx: SessionContext): SessionTier;
+export declare function getAuditLog(): SandboxDenial[];
+/**
+ * A ToolRegistry wrapper that enforces sandbox rules per-session.
+ *
+ * Usage in daemon.ts:
+ *   const sandboxed = createSandboxedRegistry(this.toolRegistry, sessionContext);
+ *   // Pass sandboxed to runAgent instead of this.toolRegistry
+ */
+export declare class SandboxedToolRegistry {
+    private inner;
+    private ctx;
+    private tier;
+    private rules;
+    private customRules;
+    constructor(inner: ToolExecutor, ctx: SessionContext, extraRules?: SandboxRule[]);
+    /** Proxy: get tool definition */
+    get(name: string): {
+        name: string;
+        description: string;
+        parameters: any;
+    } | undefined;
+    /** Proxy: list all tools (but may filter for restricted sessions) */
+    list(): Array<{
+        name: string;
+        description: string;
+        parameters: any;
+    }>;
+    /** Proxy: convert to provider format (respects tool visibility) */
+    toProviderFormat(): {
+        name: string;
+        description: string;
+        parameters: any;
+    }[];
+    /** Execute with sandbox enforcement */
+    execute(name: string, input: Record<string, unknown>): Promise<string>;
+    /** Sanitize input for audit log (remove large content, sensitive values) */
+    private sanitizeInput;
+    /** Get session tier */
+    getTier(): SessionTier;
+}
+/**
+ * Create a sandboxed tool registry for a specific session.
+ * This is the primary API — call it in daemon.ts before each agent turn.
+ */
+export declare function createSandboxedRegistry(inner: ToolExecutor, ctx: SessionContext, extraRules?: SandboxRule[]): SandboxedToolRegistry;
+//# sourceMappingURL=sandbox.d.ts.map

package/dist/tools/sandbox.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.d.ts","sourceRoot":"","sources":["../../src/tools/sandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAOH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAIvD,MAAM,MAAM,WAAW,GAAG,OAAO,GAAG,UAAU,GAAG,YAAY,CAAC;AAE9D,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,WAAW;IAC1B,sCAAsC;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,yDAAyD;IACzD,KAAK,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC;IACtB,4EAA4E;IAC5E,KAAK,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,cAAc,KAAK,MAAM,GAAG,IAAI,CAAC;CAC7F;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,WAAW,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAChC;AAMD,wBAAgB,eAAe,CAAC,GAAG,EAAE,cAAc,GAAG,WAAW,CAWhE;AA8KD,wBAAgB,WAAW,IAAI,aAAa,EAAE,CAE7C;AAID;;;;;;GAMG;AACH,qBAAa,qBAAqB;IAChC,OAAO,CAAC,KAAK,CAAe;IAC5B,OAAO,CAAC,GAAG,CAAiB;IAC5B,OAAO,CAAC,IAAI,CAAc;IAC1B,OAAO,CAAC,KAAK,CAAgB;IAC7B,OAAO,CAAC,WAAW,CAAqB;gBAE5B,KAAK,EAAE,YAAY,EAAE,GAAG,EAAE,cAAc,EAAE,UAAU,CAAC,EAAE,WAAW,EAAE;IAShF,iCAAiC;IACjC,GAAG,CAAC,IAAI,EAAE,MAAM;cAKM,MAAM;qBAAe,MAAM;oBAAc,GAAG;;IADlE,qEAAqE;IACrE,IAAI,IAAI,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,GAAG,CAAA;KAAE,CAAC;IAYrE,mEAAmE;IACnE,gBAAgB;;;;;IAQhB,uCAAuC;IACjC,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC;IAyB5E,4EAA4E;IAC5E,OAAO,CAAC,aAAa;IAYrB,uBAAuB;IACvB,OAAO,IAAI,WAAW;CAGvB;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,YAAY,EACnB,GAAG,EAAE,cAAc,EACnB,UAAU,CAAC,EAAE,WAAW,EAAE,GACzB,qBAAqB,CAEvB"}

package/dist/tools/sandbox.js

@@ -0,0 +1,279 @@
+/**
+ * Mach6 — Tool Sandbox
+ *
+ * Enforces per-session security boundaries on tool execution.
+ * This is the ONLY place where tool access control happens.
+ *
+ * Architecture:
+ * - Every agent session gets a SandboxedToolRegistry wrapping the real ToolRegistry
+ * - The sandbox intercepts execute() calls and enforces rules BEFORE the tool runs
+ * - Rules are based on session context (channel, sender, adapter) not string matching
+ * - The real tools never see the sandbox — it's transparent wrapping
+ *
+ * Security model:
+ * - ADMIN sessions (owner DM on primary adapters) get full access
+ * - STANDARD sessions get restricted access (no infrastructure modification)
+ * - Rules are declarative and audited — every denial is logged
+ */
+import * as path from 'node:path';
+import { fileURLToPath } from 'node:url';
+// ─── Tier Classification ───────────────────────────────────────────────────
+const PRIMARY_ADAPTERS = new Set(['discord-main', 'whatsapp-main']);
+export function classifySession(ctx) {
+    // Admin: owner DM on any adapter (if the owner is talking to us directly, they're admin)
+    if (ctx.isOwner && ctx.chatType === 'direct') {
+        return 'admin';
+    }
+    // Standard: owner in group chats
+    if (ctx.isOwner) {
+        return 'standard';
+    }
+    // Restricted: non-owner
+    return 'restricted';
+}
+// ─── Built-in Rules ────────────────────────────────────────────────────────
+function resolvePath(p) {
+    return path.resolve(p);
+}
+/** Mach6 engine directory (absolute) */
+const __filename_esm = fileURLToPath(import.meta.url);
+const __dirname_esm = path.dirname(__filename_esm);
+const MACH6_ROOT = path.resolve(__dirname_esm, '..', '..');
+/**
+ * Rule: No modifying Mach6 engine files (src/, dist/, config, package.json)
+ * Applies to: edit, write tools for non-admin sessions
+ */
+const noEngineModification = {
+    name: 'no-engine-modification',
+    tools: ['edit', 'write'],
+    check: (tool, input, ctx) => {
+        // Admin gets full access
+        if (classifySession(ctx) === 'admin')
+            return null;
+        const filePath = resolvePath(String(input.path ?? ''));
+        if (filePath.startsWith(MACH6_ROOT)) {
+            return `Cannot modify Mach6 engine files (${path.relative(MACH6_ROOT, filePath)}). Only admin sessions can edit engine code.`;
+        }
+        return null;
+    },
+};
+/**
+ * Rule: No dangerous shell commands for non-admin sessions
+ * Blocks: systemctl restart, kill, rm -rf on system dirs, etc.
+ */
+const noDangerousCommands = {
+    name: 'no-dangerous-commands',
+    tools: ['exec', 'process_start'],
+    check: (tool, input, ctx) => {
+        if (classifySession(ctx) === 'admin')
+            return null;
+        const command = String(input.command ?? '');
+        // Patterns that are NEVER allowed for non-admin sessions
+        const dangerousPatterns = [
+            // Process/service control
+            [/systemctl\s+.*(restart|stop|start|kill|daemon-reload).*mach6/i, 'Cannot control Mach6 service'],
+            [/kill\s+(-9\s+)?(\d+|%|\$)/i, 'Cannot kill processes'],
+            [/pkill|killall/i, 'Cannot kill processes'],
+            // Engine file modification via shell
+            [/(?:cat|echo|tee|sed|awk)\s+.*>.*mach6-core/i, 'Cannot modify Mach6 files via shell'],
+            [/(?:cp|mv|ln)\s+.*mach6-core\/(src|dist)/i, 'Cannot modify Mach6 files via shell'],
+            [/rm\s+.*mach6-core/i, 'Cannot delete Mach6 files'],
+            // System-level destruction
+            [/rm\s+-rf?\s+\/(usr|etc|var|home|boot|sys|proc)/i, 'Cannot delete system directories'],
+            [/mkfs|dd\s+.*of=\/dev/i, 'Cannot modify block devices'],
+            [/chmod\s+.*777\s+\//i, 'Cannot change root permissions'],
+            // Code execution that bypasses the sandbox
+            [/node\s+-e\s+.*child_process/i, 'Cannot spawn child processes via eval'],
+            [/python3?\s+-c\s+.*subprocess/i, 'Cannot spawn subprocesses via eval'],
+            // Network exfiltration
+            [/curl\s+.*-d\s+.*@/i, 'Cannot exfiltrate files via curl'],
+            [/scp\s+/i, 'Cannot use scp'],
+            [/rsync\s+.*:/i, 'Cannot use rsync to remote'],
+            // Credential access
+            [/cat\s+.*\.env\b/i, 'Cannot read environment files'],
+            [/cat\s+.*credentials/i, 'Cannot read credential files'],
+            [/cat\s+.*\.ava-private\/credentials/i, 'Cannot read credentials'],
+        ];
+        for (const [pattern, reason] of dangerousPatterns) {
+            if (pattern.test(command)) {
+                return reason;
+            }
+        }
+        return null;
+    },
+};
+/**
+ * Rule: No reading sensitive files for non-admin sessions
+ */
+const noSensitiveReads = {
+    name: 'no-sensitive-reads',
+    tools: ['read'],
+    check: (tool, input, ctx) => {
+        if (classifySession(ctx) === 'admin')
+            return null;
+        const filePath = resolvePath(String(input.path ?? ''));
+        const sensitivePatterns = [
+            /\.env$/,
+            /credentials\.(json|md|txt)$/,
+            /\.ava-private\/credentials/,
+            /\.ssh\//,
+            /\.gnupg\//,
+        ];
+        for (const pattern of sensitivePatterns) {
+            if (pattern.test(filePath)) {
+                return `Cannot read sensitive file: ${path.basename(filePath)}`;
+            }
+        }
+        return null;
+    },
+};
+/**
+ * Rule: Restricted sessions get read-only + limited exec
+ */
+const restrictedLimitations = {
+    name: 'restricted-limitations',
+    tools: ['write', 'edit', 'exec', 'process_start', 'spawn'],
+    check: (tool, input, ctx) => {
+        if (classifySession(ctx) !== 'restricted')
+            return null;
+        // Restricted sessions can only read, search, fetch
+        if (['write', 'edit'].includes(tool)) {
+            return 'Write access not available in this session';
+        }
+        if (['exec', 'process_start'].includes(tool)) {
+            return 'Shell access not available in this session';
+        }
+        if (tool === 'spawn') {
+            return 'Sub-agent spawning not available in this session';
+        }
+        return null;
+    },
+};
+/**
+ * Rule: No cross-channel messaging to owner's private chats for non-admin
+ */
+const noCrossChannelToOwner = {
+    name: 'no-cross-channel-to-owner',
+    tools: ['message'],
+    check: (tool, input, ctx) => {
+        if (classifySession(ctx) === 'admin')
+            return null;
+        // Non-admin sessions can't send messages to other channels
+        // (they can only respond through the gateway's normal response path)
+        return 'Cross-channel messaging is only available in admin sessions';
+    },
+};
+/** All built-in rules */
+const BUILTIN_RULES = [
+    noEngineModification,
+    noDangerousCommands,
+    noSensitiveReads,
+    restrictedLimitations,
+    noCrossChannelToOwner,
+];
+// ─── Audit Log ─────────────────────────────────────────────────────────────
+const MAX_AUDIT_LOG = 1000;
+const auditLog = [];
+function logDenial(denial) {
+    auditLog.push(denial);
+    if (auditLog.length > MAX_AUDIT_LOG)
+        auditLog.shift();
+    console.warn(`[sandbox] DENIED: session=${denial.sessionId} tier=${denial.tier} ` +
+        `tool=${denial.tool} rule=${denial.rule} reason="${denial.reason}"`);
+}
+export function getAuditLog() {
+    return [...auditLog];
+}
+// ─── Sandboxed Tool Registry ───────────────────────────────────────────────
+/**
+ * A ToolRegistry wrapper that enforces sandbox rules per-session.
+ *
+ * Usage in daemon.ts:
+ *   const sandboxed = createSandboxedRegistry(this.toolRegistry, sessionContext);
+ *   // Pass sandboxed to runAgent instead of this.toolRegistry
+ */
+export class SandboxedToolRegistry {
+    inner;
+    ctx;
+    tier;
+    rules;
+    customRules = [];
+    constructor(inner, ctx, extraRules) {
+        this.inner = inner;
+        this.ctx = ctx;
+        this.tier = classifySession(ctx);
+        this.rules = [...BUILTIN_RULES, ...(extraRules ?? [])];
+        console.log(`[sandbox] Session ${ctx.sessionId} classified as ${this.tier} (adapter=${ctx.adapterId}, owner=${ctx.isOwner}, chat=${ctx.chatType})`);
+    }
+    /** Proxy: get tool definition */
+    get(name) {
+        return this.list().find(t => t.name === name);
+    }
+    /** Proxy: list all tools (but may filter for restricted sessions) */
+    list() {
+        const all = this.inner.list();
+        if (this.tier === 'restricted') {
+            // Restricted sessions don't even see dangerous tools
+            const hiddenTools = new Set(['exec', 'process_start', 'process_kill', 'write', 'edit', 'spawn', 'message', 'delete_message']);
+            return all.filter(t => !hiddenTools.has(t.name));
+        }
+        return all;
+    }
+    /** Proxy: convert to provider format (respects tool visibility) */
+    toProviderFormat() {
+        return this.list().map(t => ({
+            name: t.name,
+            description: t.description,
+            parameters: t.parameters,
+        }));
+    }
+    /** Execute with sandbox enforcement */
+    async execute(name, input) {
+        // Check all applicable rules
+        for (const rule of this.rules) {
+            if (rule.tools === '*' || rule.tools.includes(name)) {
+                const denial = rule.check(name, input, this.ctx);
+                if (denial) {
+                    const record = {
+                        timestamp: Date.now(),
+                        sessionId: this.ctx.sessionId,
+                        tier: this.tier,
+                        tool: name,
+                        rule: rule.name,
+                        reason: denial,
+                        input: this.sanitizeInput(input),
+                    };
+                    logDenial(record);
+                    return JSON.stringify({ error: denial, sandbox: true });
+                }
+            }
+        }
+        // All rules passed — execute
+        return this.inner.execute(name, input);
+    }
+    /** Sanitize input for audit log (remove large content, sensitive values) */
+    sanitizeInput(input) {
+        const clean = {};
+        for (const [key, value] of Object.entries(input)) {
+            if (typeof value === 'string' && value.length > 200) {
+                clean[key] = value.slice(0, 200) + '...[truncated]';
+            }
+            else {
+                clean[key] = value;
+            }
+        }
+        return clean;
+    }
+    /** Get session tier */
+    getTier() {
+        return this.tier;
+    }
+}
+/**
+ * Create a sandboxed tool registry for a specific session.
+ * This is the primary API — call it in daemon.ts before each agent turn.
+ */
+export function createSandboxedRegistry(inner, ctx, extraRules) {
+    return new SandboxedToolRegistry(inner, ctx, extraRules);
+}
+//# sourceMappingURL=sandbox.js.map

package/dist/tools/sandbox.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../../src/tools/sandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAqCzC,8EAA8E;AAE9E,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,eAAe,CAAC,CAAC,CAAC;AAEpE,MAAM,UAAU,eAAe,CAAC,GAAmB;IACjD,yFAAyF;IACzF,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC7C,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,iCAAiC;IACjC,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;QAChB,OAAO,UAAU,CAAC;IACpB,CAAC;IACD,wBAAwB;IACxB,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,8EAA8E;AAE9E,SAAS,WAAW,CAAC,CAAS;IAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,wCAAwC;AACxC,MAAM,cAAc,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACtD,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;AACnD,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;AAE3D;;;GAGG;AACH,MAAM,oBAAoB,GAAgB;IACxC,IAAI,EAAE,wBAAwB;IAC9B,KAAK,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;IACxB,KAAK,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;QAC1B,yBAAyB;QACzB,IAAI,eAAe,CAAC,GAAG,CAAC,KAAK,OAAO;YAAE,OAAO,IAAI,CAAC;QAElD,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC;QACvD,IAAI,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACpC,OAAO,qCAAqC,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,8CAA8C,CAAC;QAChI,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,mBAAmB,GAAgB;IACvC,IAAI,EAAE,uBAAuB;IAC7B,KAAK,EAAE,CAAC,MAAM,EAAE,eAAe,CAAC;IAChC,KAAK,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;QAC1B,IAAI,eAAe,CAAC,GAAG,CAAC,KAAK,OAAO;YAAE,OAAO,IAAI,CAAC;QAElD,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;QAE5C,yDAAyD;QACzD,MAAM,iBAAiB,GAA4B;YACjD,0BAA0B;YAC1B,CAAC,+DAA+D,EAAE,8BAA8B,CAAC;YACjG,CAAC,4BAA4B,EAAE,uBAAuB,CAAC;YACvD,CAAC,gBAAgB,EAAE,uBAAuB,CAAC;YAE3C,qCAAqC;YACrC,CAAC,6CAA6C,EAAE,qCAAqC,CAAC;YACtF,CAAC,0CAA0C,EAAE,qCAAqC,CAAC;YACnF,CAAC,oBAAoB,EAAE,2BAA2B,CAAC;YAEnD,2BAA2B;YAC3B,CAAC,iDAAiD,EAAE,kCAAkC,CAAC;YACvF,CAAC,uBAAuB,EAAE,6BAA6B,CAAC;YACxD,CAAC,qBAAqB,EAAE,gCAAgC,CAAC;YAEzD,2CAA2C;YAC3C,CAAC,8BAA8B,EAAE,uCAAuC,CAAC;YACzE,CAAC,+BAA+B,EAAE,oCAAoC,CAAC;YAEvE,uBAAuB;YACvB,CAAC,oBAAoB,EAAE,kCAAkC,CAAC;YAC1D,CAAC,SAAS,EAAE,gBAAgB,CAAC;YAC7B,CAAC,cAAc,EAAE,4BAA4B,CAAC;YAE9C,oBAAoB;YACpB,CAAC,kBAAkB,EAAE,+BAA+B,CAAC;YACrD,CAAC,sBAAsB,EAAE,8BAA8B,CAAC;YACxD,CAAC,qCAAqC,EAAE,yBAAyB,CAAC;SACnE,CAAC;QAEF,KAAK,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,iBAAiB,EAAE,CAAC;YAClD,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,gBAAgB,GAAgB;IACpC,IAAI,EAAE,oBAAoB;IAC1B,KAAK,EAAE,CAAC,MAAM,CAAC;IACf,KAAK,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;QAC1B,IAAI,eAAe,CAAC,GAAG,CAAC,KAAK,OAAO;YAAE,OAAO,IAAI,CAAC;QAElD,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC;QACvD,MAAM,iBAAiB,GAAG;YACxB,QAAQ;YACR,6BAA6B;YAC7B,4BAA4B;YAC5B,SAAS;YACT,WAAW;SACZ,CAAC;QAEF,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;YACxC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC3B,OAAO,+BAA+B,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClE,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,qBAAqB,GAAgB;IACzC,IAAI,EAAE,wBAAwB;IAC9B,KAAK,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,OAAO,CAAC;IAC1D,KAAK,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;QAC1B,IAAI,eAAe,CAAC,GAAG,CAAC,KAAK,YAAY;YAAE,OAAO,IAAI,CAAC;QAEvD,mDAAmD;QACnD,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACrC,OAAO,4CAA4C,CAAC;QACtD,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7C,OAAO,4CAA4C,CAAC;QACtD,CAAC;QACD,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;YACrB,OAAO,kDAAkD,CAAC;QAC5D,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,qBAAqB,GAAgB;IACzC,IAAI,EAAE,2BAA2B;IACjC,KAAK,EAAE,CAAC,SAAS,CAAC;IAClB,KAAK,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;QAC1B,IAAI,eAAe,CAAC,GAAG,CAAC,KAAK,OAAO;YAAE,OAAO,IAAI,CAAC;QAElD,2DAA2D;QAC3D,qEAAqE;QACrE,OAAO,6DAA6D,CAAC;IACvE,CAAC;CACF,CAAC;AAEF,yBAAyB;AACzB,MAAM,aAAa,GAAkB;IACnC,oBAAoB;IACpB,mBAAmB;IACnB,gBAAgB;IAChB,qBAAqB;IACrB,qBAAqB;CACtB,CAAC;AAEF,8EAA8E;AAE9E,MAAM,aAAa,GAAG,IAAI,CAAC;AAC3B,MAAM,QAAQ,GAAoB,EAAE,CAAC;AAErC,SAAS,SAAS,CAAC,MAAqB;IACtC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACtB,IAAI,QAAQ,CAAC,MAAM,GAAG,aAAa;QAAE,QAAQ,CAAC,KAAK,EAAE,CAAC;IAEtD,OAAO,CAAC,IAAI,CACV,6BAA6B,MAAM,CAAC,SAAS,SAAS,MAAM,CAAC,IAAI,GAAG;QACpE,QAAQ,MAAM,CAAC,IAAI,SAAS,MAAM,CAAC,IAAI,YAAY,MAAM,CAAC,MAAM,GAAG,CACpE,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,WAAW;IACzB,OAAO,CAAC,GAAG,QAAQ,CAAC,CAAC;AACvB,CAAC;AAED,8EAA8E;AAE9E;;;;;;GAMG;AACH,MAAM,OAAO,qBAAqB;IACxB,KAAK,CAAe;IACpB,GAAG,CAAiB;IACpB,IAAI,CAAc;IAClB,KAAK,CAAgB;IACrB,WAAW,GAAkB,EAAE,CAAC;IAExC,YAAY,KAAmB,EAAE,GAAmB,EAAE,UAA0B;QAC9E,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,CAAC,KAAK,GAAG,CAAC,GAAG,aAAa,EAAE,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,CAAC;QAEvD,OAAO,CAAC,GAAG,CAAC,qBAAqB,GAAG,CAAC,SAAS,kBAAkB,IAAI,CAAC,IAAI,aAAa,GAAG,CAAC,SAAS,WAAW,GAAG,CAAC,OAAO,UAAU,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC;IACtJ,CAAC;IAED,iCAAiC;IACjC,GAAG,CAAC,IAAY;QACd,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;IAChD,CAAC;IAED,qEAAqE;IACrE,IAAI;QACF,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAE9B,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC/B,qDAAqD;YACrD,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,eAAe,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC;YAC9H,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACnD,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED,mEAAmE;IACnE,gBAAgB;QACd,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC3B,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,WAAW,EAAE,CAAC,CAAC,WAAW;YAC1B,UAAU,EAAE,CAAC,CAAC,UAAU;SACzB,CAAC,CAAC,CAAC;IACN,CAAC;IAED,uCAAuC;IACvC,KAAK,CAAC,OAAO,CAAC,IAAY,EAAE,KAA8B;QACxD,6BAA6B;QAC7B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,IAAI,IAAI,CAAC,KAAK,KAAK,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACpD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;gBACjD,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,MAAM,GAAkB;wBAC5B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;wBACrB,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,SAAS;wBAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,IAAI,EAAE,IAAI;wBACV,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,MAAM,EAAE,MAAM;wBACd,KAAK,EAAE,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC;qBACjC,CAAC;oBACF,SAAS,CAAC,MAAM,CAAC,CAAC;oBAClB,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC1D,CAAC;YACH,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACzC,CAAC;IAED,4EAA4E;IACpE,aAAa,CAAC,KAA8B;QAClD,MAAM,KAAK,GAA4B,EAAE,CAAC;QAC1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACjD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;gBACpD,KAAK,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,gBAAgB,CAAC;YACtD,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YACrB,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,uBAAuB;IACvB,OAAO;QACL,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CACrC,KAAmB,EACnB,GAAmB,EACnB,UAA0B;IAE1B,OAAO,IAAI,qBAAqB,CAAC,KAAK,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;AAC3D,CAAC"}

package/dist/tools/types.d.ts

@@ -0,0 +1,23 @@
+export interface ToolParameter {
+    type: string;
+    description?: string;
+    required?: boolean;
+    enum?: string[];
+    items?: Record<string, unknown>;
+    properties?: Record<string, ToolParameter>;
+}
+export interface ToolDefinition {
+    name: string;
+    description: string;
+    parameters: {
+        type: 'object';
+        properties: Record<string, ToolParameter>;
+        required?: string[];
+    };
+    execute: (input: Record<string, unknown>, opts?: ToolExecuteOptions) => Promise<string>;
+}
+export interface ToolExecuteOptions {
+    sessionId?: string;
+    onProgress?: (chunk: string) => void;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/tools/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/tools/types.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;CAC5C;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE;QACV,IAAI,EAAE,QAAQ,CAAC;QACf,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QAC1C,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;KACrB,CAAC;IACF,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,CAAC,EAAE,kBAAkB,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;CACzF;AAED,MAAM,WAAW,kBAAkB;IACjC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;CACtC"}

package/dist/tools/types.js

@@ -0,0 +1,3 @@
+// Mach6 — Tool type definitions
+export {};
+//# sourceMappingURL=types.js.map

package/dist/tools/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/tools/types.ts"],"names":[],"mappings":"AAAA,gCAAgC"}