opensip-cli 0.1.8 → 0.1.10

package/dist/bootstrap/config-and-capabilities.d.ts

@@ -26,7 +26,7 @@
  * config namespace (see `docs/public/10-concepts/03-modular-monolith.md`); at
  * run time they read the validated namespace off `scope.toolConfig`.
  */
-import { type CapabilityRegistry, type ResolvedToolConfig, type ToolPluginManifest, type ToolRegistry } from '@opensip-cli/core';
+import { type CapabilityRegistry, type ResolvedToolConfig, type ToolPluginManifest, type ToolProvenance, type ToolRegistry } from '@opensip-cli/core';
 /**
  * Compose + strict-validate the config document, then resolve precedence.
  *
@@ -49,6 +49,7 @@ import { type CapabilityRegistry, type ResolvedToolConfig, type ToolPluginManife
 export declare function composeAndValidateToolConfig(args: {
     readonly tools: ToolRegistry;
     readonly manifests?: readonly ToolPluginManifest[];
+    readonly provenance?: readonly ToolProvenance[];
     readonly configPath: string | undefined;
     readonly env: Readonly<Record<string, string | undefined>>;
 }): {
@@ -58,19 +59,33 @@ export declare function composeAndValidateToolConfig(args: {
 /**
  * Construct + populate the per-run capability registry (§5.3, Phase 4).
  *
- * Registers every admitted manifest's declared capability domains (each with
- * a deferred placeholder registrar), then replaces each placeholder with the
- * owning tool's REAL registrar from `tool.capabilityRegistrars`. A registrar
- * for a domain the tool's manifest did not declare is skipped (the host only
- * wires registrars for declared domains).
+ * Step 1 registers every admitted manifest's declared capability domains (each
+ * with a deferred placeholder registrar) — pure MANIFEST data: the manifest is
+ * serializable, the placeholder is a host-owned deferred stub (it throws if a
+ * domain is driven before a real registrar is installed); NO external runtime
+ * code runs here. Step 2 replaces each placeholder with the owning tool's REAL
+ * registrar from `tool.capabilityRegistrars`.
+ *
+ * ADR-0054 M4-F: step 2 is gated on {@link shouldRunHookInHost}. For an EXTERNAL
+ * tool in the HOST process the real registrar is NOT installed host-side (reading
+ * `tool.capabilityRegistrars` + invoking the registrar runs untrusted runtime
+ * code — the load-time hole the ADR rejects); the external domain keeps its
+ * deferred placeholder in the host registry. The real registrar is installed
+ * worker-side: the dispatch worker re-runs this SAME wiring with the host-skip
+ * INACTIVE, so the dispatched external tool's registrar IS installed there (the
+ * isolation boundary). Bundled tools install in-host exactly as before. A
+ * registrar whose domain id was not declared in any manifest is skipped
+ * (hasDomain false) — the host never invents a domain a tool didn't declare.
  *
  * @param tools The per-run tool registry (supplies each tool's real registrars).
  * @param manifests The admitted manifests (supply the declared domains).
+ * @param provenance The per-run provenance (drives the M4-F host/external gate).
  * @returns The populated registry, ready to attach to `scope.capabilities`.
  */
 export declare function wireCapabilityRegistry(args: {
     readonly tools: ToolRegistry;
     readonly manifests: readonly ToolPluginManifest[];
     readonly registry: CapabilityRegistry;
+    readonly provenance?: readonly ToolProvenance[];
 }): CapabilityRegistry;
 //# sourceMappingURL=config-and-capabilities.d.ts.map

package/dist/bootstrap/config-and-capabilities.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config-and-capabilities.d.ts","sourceRoot":"","sources":["../../src/bootstrap/config-and-capabilities.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAYH,OAAO,EACL,KAAK,kBAAkB,EAKvB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,YAAY,EAElB,MAAM,mBAAmB,CAAC;AA4E3B;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,4BAA4B,CAAC,IAAI,EAAE;IACjD,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC;IAC7B,QAAQ,CAAC,SAAS,CAAC,EAAE,SAAS,kBAAkB,EAAE,CAAC;IACnD,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,CAAC;IACxC,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC;CAC5D,GAAG;IAAE,QAAQ,CAAC,MAAM,EAAE,kBAAkB,GAAG,SAAS,CAAC;IAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;CAAE,CAwDlF;AA2CD;;;;;;;;;;;;GAYG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE;IAC3C,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC;IAC7B,QAAQ,CAAC,SAAS,EAAE,SAAS,kBAAkB,EAAE,CAAC;IAClD,QAAQ,CAAC,QAAQ,EAAE,kBAAkB,CAAC;CACvC,GAAG,kBAAkB,CAuBrB"}
+{"version":3,"file":"config-and-capabilities.d.ts","sourceRoot":"","sources":["../../src/bootstrap/config-and-capabilities.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAaH,OAAO,EACL,KAAK,kBAAkB,EAKvB,KAAK,kBAAkB,EAEvB,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,YAAY,EAElB,MAAM,mBAAmB,CAAC;AA0H3B;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,4BAA4B,CAAC,IAAI,EAAE;IACjD,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC;IAC7B,QAAQ,CAAC,SAAS,CAAC,EAAE,SAAS,kBAAkB,EAAE,CAAC;IACnD,QAAQ,CAAC,UAAU,CAAC,EAAE,SAAS,cAAc,EAAE,CAAC;IAChD,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,CAAC;IACxC,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC;CAC5D,GAAG;IAAE,QAAQ,CAAC,MAAM,EAAE,kBAAkB,GAAG,SAAS,CAAC;IAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;CAAE,CA8DlF;AA2CD;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE;IAC3C,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC;IAC7B,QAAQ,CAAC,SAAS,EAAE,SAAS,kBAAkB,EAAE,CAAC;IAClD,QAAQ,CAAC,QAAQ,EAAE,kBAAkB,CAAC;IACtC,QAAQ,CAAC,UAAU,CAAC,EAAE,SAAS,cAAc,EAAE,CAAC;CACjD,GAAG,kBAAkB,CAyBrB"}

package/dist/bootstrap/config-and-capabilities.js

@@ -26,26 +26,62 @@
  * config namespace (see `docs/public/10-concepts/03-modular-monolith.md`); at
  * run time they read the validated namespace off `scope.toolConfig`.
  */
-import { analyzeNamespaceClaims, composeConfigSchema, decorateToolConfigDeclarationsWithGateKeys, hostConfigDeclarations, resolveConfig, validateConfigDocument, } from '@opensip-cli/config';
+import { analyzeNamespaceClaims, composeConfigSchema, decorateToolConfigDeclarationsWithGateKeys, hostConfigDeclarations, jsonSchemaObjectToZod, resolveConfig, validateConfigDocument, } from '@opensip-cli/config';
 import { ConfigurationError, logger, readYamlFileOrThrow, resolveToolHooks, registerCapabilityDomainsFromManifest, } from '@opensip-cli/core';
+import { provenanceSourceFor, shouldRunHookInHost } from './tool-provenance.js';
 /** A plain-object guard that treats arrays and null as non-objects. */
 function isPlainObject(value) {
     return typeof value === 'object' && value !== null && !Array.isArray(value);
 }
 /**
- * Collect the contributed config declarations from the registered tools. A
- * tool's `config` slot is the kernel-side `ToolConfigContribution` carrier; it
- * is structurally a `ToolConfigDeclaration` (the schema is `unknown` at the
- * kernel boundary, a Zod schema at the config layer), so narrowing it here —
- * the composition root, which DOES import `@opensip-cli/config` — is sound.
+ * Find the manifest config descriptor for a tool, matching by stable id then by
+ * the manifest's human id. Returns `undefined` when no admitted manifest for the
+ * tool declares a `config` descriptor.
  */
-function collectDeclarations(tools) {
+function manifestDescriptorFor(tool, manifests) {
+    const manifest = manifests.find((m) => m.stableId !== undefined && m.stableId === tool.metadata.id) ??
+        manifests.find((m) => m.id === tool.metadata.name);
+    return manifest?.config;
+}
+/**
+ * Collect the contributed config declarations from the registered tools —
+ * provenance-aware (ADR-0054 M4-E Config two-pass).
+ *
+ *   - **Bundled** (trusted computing base) → fold the tool's runtime Zod
+ *     `config` declaration host-side, exactly as before. A bundled tool's
+ *     `config` slot is the kernel-side `ToolConfigContribution` carrier,
+ *     structurally a `ToolConfigDeclaration` (schema `unknown` at the kernel
+ *     boundary, a Zod schema at the config layer), so narrowing it here — the
+ *     composition root, which DOES import `@opensip-cli/config` — is sound.
+ *   - **External** (installed / project-local / user-global) → NEVER import the
+ *     tool's Zod (executable code — the ADR-0054 load-time hole). Instead derive
+ *     a COARSE declaration from the tool's serializable manifest descriptor
+ *     ({@link ToolConfigManifestDescriptor}); the host validates the namespace's
+ *     top-level shape as pure data. An external tool that ships NO descriptor
+ *     contributes no declaration — its namespace (if present) passes through the
+ *     document catchall (rule-2) and ALL of its validation defers to the worker
+ *     deep pass.
+ */
+function collectDeclarations(tools, provenance, manifests) {
     const declarations = [];
     for (const tool of tools.list()) {
-        const config = resolveToolHooks(tool).config;
-        if (config !== undefined) {
-            declarations.push(config);
+        if (provenanceSourceFor(tool, provenance) === 'bundled') {
+            const config = resolveToolHooks(tool).config;
+            if (config !== undefined) {
+                declarations.push(config);
+            }
+            continue;
+        }
+        // External: coarse, manifest-descriptor-derived schema only — no Zod import.
+        const descriptor = manifestDescriptorFor(tool, manifests);
+        if (descriptor !== undefined) {
+            declarations.push({
+                namespace: descriptor.namespace,
+                schema: jsonSchemaObjectToZod(descriptor.schema),
+            });
         }
+        // No descriptor → defer entirely to the worker deep pass (catchall passes
+        // any present namespace block through; do NOT host-import its Zod to "help").
     }
     return declarations;
 }
@@ -109,8 +145,12 @@ function fileBlocksFor(declarations, validated) {
  *   strict validation in ANY tool namespace.
  */
 export function composeAndValidateToolConfig(args) {
-    const { tools, configPath, env, manifests = [] } = args;
-    const toolDeclarations = decorateToolConfigDeclarationsWithGateKeys(collectDeclarations(tools));
+    const { tools, configPath, env, manifests = [], provenance = [] } = args;
+    // ADR-0054 M4-E: provenance-aware fold — bundled tools' Zod is composed
+    // host-side (trusted), external tools validate from their serializable
+    // manifest descriptor (coarse, NO Zod import); the deep Zod pass runs in the
+    // worker.
+    const toolDeclarations = decorateToolConfigDeclarationsWithGateKeys(collectDeclarations(tools, provenance, manifests));
     // A run with no tools that declare config (e.g. a project-agnostic context)
     // carries no toolConfig — tools fall back to their in-tool defaults. The host
     // document-level blocks (cli/dashboard/schemaVersion) only need composing when
@@ -193,27 +233,43 @@ function reportUnclaimedNamespaces(args) {
 /**
  * Construct + populate the per-run capability registry (§5.3, Phase 4).
  *
- * Registers every admitted manifest's declared capability domains (each with
- * a deferred placeholder registrar), then replaces each placeholder with the
- * owning tool's REAL registrar from `tool.capabilityRegistrars`. A registrar
- * for a domain the tool's manifest did not declare is skipped (the host only
- * wires registrars for declared domains).
+ * Step 1 registers every admitted manifest's declared capability domains (each
+ * with a deferred placeholder registrar) — pure MANIFEST data: the manifest is
+ * serializable, the placeholder is a host-owned deferred stub (it throws if a
+ * domain is driven before a real registrar is installed); NO external runtime
+ * code runs here. Step 2 replaces each placeholder with the owning tool's REAL
+ * registrar from `tool.capabilityRegistrars`.
+ *
+ * ADR-0054 M4-F: step 2 is gated on {@link shouldRunHookInHost}. For an EXTERNAL
+ * tool in the HOST process the real registrar is NOT installed host-side (reading
+ * `tool.capabilityRegistrars` + invoking the registrar runs untrusted runtime
+ * code — the load-time hole the ADR rejects); the external domain keeps its
+ * deferred placeholder in the host registry. The real registrar is installed
+ * worker-side: the dispatch worker re-runs this SAME wiring with the host-skip
+ * INACTIVE, so the dispatched external tool's registrar IS installed there (the
+ * isolation boundary). Bundled tools install in-host exactly as before. A
+ * registrar whose domain id was not declared in any manifest is skipped
+ * (hasDomain false) — the host never invents a domain a tool didn't declare.
  *
  * @param tools The per-run tool registry (supplies each tool's real registrars).
  * @param manifests The admitted manifests (supply the declared domains).
+ * @param provenance The per-run provenance (drives the M4-F host/external gate).
  * @returns The populated registry, ready to attach to `scope.capabilities`.
  */
 export function wireCapabilityRegistry(args) {
-    const { tools, manifests, registry } = args;
-    // 1. Register every manifest-declared domain with a deferred placeholder.
+    const { tools, manifests, registry, provenance = [] } = args;
+    // 1. Register every manifest-declared domain with a deferred placeholder
+    //    (manifest data only — no external runtime code runs).
     for (const manifest of manifests) {
         registerCapabilityDomainsFromManifest(manifest, registry);
     }
-    // 2. Replace each placeholder with the owning tool's real registrar. A
-    //    registrar whose domain id was not declared in any manifest is skipped
-    //    (hasDomain false) — the host never invents a domain a tool didn't
-    //    declare.
+    // 2. Replace each placeholder with the owning tool's real registrar — IN-HOST
+    //    only for tools whose hooks may run in the host (bundled, or — inside the
+    //    dispatch worker — the dispatched external tool). External tools in the
+    //    host keep the deferred placeholder; their registrar installs worker-side.
     for (const tool of tools.list()) {
+        if (!shouldRunHookInHost(tool, provenance))
+            continue;
         const registrars = resolveToolHooks(tool).capabilityRegistrars;
         if (registrars === undefined)
             continue;

package/dist/bootstrap/config-and-capabilities.js.map

@@ -1 +1 @@
-{"version":3,"file":"config-and-capabilities.js","sourceRoot":"","sources":["../../src/bootstrap/config-and-capabilities.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,OAAO,EACL,sBAAsB,EACtB,mBAAmB,EACnB,0CAA0C,EAC1C,sBAAsB,EACtB,aAAa,EACb,sBAAsB,GAGvB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAEL,kBAAkB,EAClB,MAAM,EACN,mBAAmB,EACnB,gBAAgB,EAIhB,qCAAqC,GACtC,MAAM,mBAAmB,CAAC;AAE3B,uEAAuE;AACvE,SAAS,aAAa,CAAC,KAAc;IACnC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC9E,CAAC;AAED;;;;;;GAMG;AACH,SAAS,mBAAmB,CAAC,KAAmB;IAC9C,MAAM,YAAY,GAA4B,EAAE,CAAC;IACjD,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;QAC7C,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,YAAY,CAAC,IAAI,CAAC,MAA+B,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,kBAAkB,CACzB,IAAqD,EACrD,GAAuB,EACvB,IAAwC;IAExC,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO;IAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QAChD,MAAM,IAAI,kBAAkB,CAC1B,sBAAsB,GAAG,+CAA+C,QAAQ,KAAK,IAAI,IAAI,EAC7F,EAAE,IAAI,EAAE,qBAAqB,EAAE,SAAS,EAAE,SAAS,EAAE,CACtD,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;AACtB,CAAC;AAED,SAAS,uBAAuB,CAC9B,SAAwC;IAExC,MAAM,IAAI,GAAG,IAAI,GAAG,EAA8C,CAAC;IACnE,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,KAAK,MAAM,UAAU,IAAI,QAAQ,CAAC,YAAY,IAAI,EAAE,EAAE,CAAC;YACrD,MAAM,UAAU,GAAG,UAAU,CAAC,SAAS,EAAE,UAAU,CAAC;YACpD,IAAI,UAAU,KAAK,SAAS;gBAAE,SAAS;YACvC,kBAAkB,CAAC,IAAI,EAAE,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;YAC1D,kBAAkB,CAAC,IAAI,EAAE,UAAU,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;YAClE,kBAAkB,CAAC,IAAI,EAAE,UAAU,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACnE,CAAC;AAED;;;;;GAKG;AACH,SAAS,aAAa,CACpB,YAA8C,EAC9C,SAAkB;IAElB,MAAM,IAAI,GAA4C,EAAE,CAAC;IACzD,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAC3C,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACxC,IAAI,aAAa,CAAC,KAAK,CAAC;YAAE,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC;IACzD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,4BAA4B,CAAC,IAK5C;IACC,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,EAAE,SAAS,GAAG,EAAE,EAAE,GAAG,IAAI,CAAC;IACxD,MAAM,gBAAgB,GAAG,0CAA0C,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC;IAChG,4EAA4E;IAC5E,8EAA8E;IAC9E,+EAA+E;IAC/E,6EAA6E;IAC7E,oEAAoE;IACpE,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAE9E,6EAA6E;IAC7E,mEAAmE;IACnE,uEAAuE;IACvE,gFAAgF;IAChF,wEAAwE;IACxE,MAAM,YAAY,GAAqC;QACrD,GAAG,sBAAsB,CAAC,EAAE,gBAAgB,EAAE,uBAAuB,CAAC,SAAS,CAAC,EAAE,CAAC;QACnF,GAAG,gBAAgB;KACpB,CAAC;IAEF,qEAAqE;IACrE,yEAAyE;IACzE,qEAAqE;IACrE,kEAAkE;IAClE,uEAAuE;IACvE,sDAAsD;IACtD,MAAM,GAAG,GACP,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,mBAAmB,CAAC,UAAU,EAAE,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC;IAChG,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAE/C,MAAM,MAAM,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAC;IACjD,4EAA4E;IAC5E,0EAA0E;IAC1E,MAAM,SAAS,GAAG,sBAAsB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAE3D,uEAAuE;IACvE,6EAA6E;IAC7E,sEAAsE;IACtE,2EAA2E;IAC3E,yEAAyE;IACzE,yEAAyE;IACzE,yBAAyB,CAAC,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;IAExE,0EAA0E;IAC1E,wEAAwE;IACxE,0EAA0E;IAC1E,2EAA2E;IAC3E,sEAAsE;IACtE,OAAO;QACL,MAAM,EAAE,aAAa,CAAC;YACpB,YAAY;YACZ,IAAI,EAAE,aAAa,CAAC,YAAY,EAAE,SAAS,CAAC;YAC5C,GAAG;SACJ,CAAC;QACF,QAAQ,EAAE,SAAS;KACpB,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,yBAAyB,CAAC,IAIlC;IACC,MAAM,MAAM,GAAG,sBAAsB,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxE,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO;IAE1C,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IAChG,MAAM,QAAQ,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;IAClF,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjE,MAAM,IAAI,kBAAkB,CAC1B,mBAAmB,KAAK,qEAAqE;YAC3F,+FAA+F,EACjG,EAAE,IAAI,EAAE,qBAAqB,EAAE,CAChC,CAAC;IACJ,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACjC,MAAM,UAAU,GAAG,CAAC,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,UAAU,KAAK,CAAC;QAC3F,MAAM,CAAC,IAAI,CAAC;YACV,GAAG,EAAE,gCAAgC;YACrC,MAAM,EAAE,eAAe;YACvB,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,UAAU,EAAE,CAAC,CAAC,UAAU;SACzB,CAAC,CAAC;QACH,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,8BAA8B,CAAC,CAAC,SAAS,uCAAuC,UAAU,GAAG;YAC3F,2DAA2D,CAC9D,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,sBAAsB,CAAC,IAItC;IACC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;IAE5C,0EAA0E;IAC1E,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,qCAAqC,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC5D,CAAC;IAED,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,cAAc;IACd,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QAChC,MAAM,UAAU,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,oBAAoB,CAAC;QAC/D,IAAI,UAAU,KAAK,SAAS;YAAE,SAAS;QACvC,KAAK,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/D,IAAI,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACjC,QAAQ,CAAC,YAAY,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
+{"version":3,"file":"config-and-capabilities.js","sourceRoot":"","sources":["../../src/bootstrap/config-and-capabilities.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,OAAO,EACL,sBAAsB,EACtB,mBAAmB,EACnB,0CAA0C,EAC1C,sBAAsB,EACtB,qBAAqB,EACrB,aAAa,EACb,sBAAsB,GAGvB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAEL,kBAAkB,EAClB,MAAM,EACN,mBAAmB,EACnB,gBAAgB,EAMhB,qCAAqC,GACtC,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAEhF,uEAAuE;AACvE,SAAS,aAAa,CAAC,KAAc;IACnC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC9E,CAAC;AAED;;;;GAIG;AACH,SAAS,qBAAqB,CAC5B,IAAU,EACV,SAAwC;IAExC,MAAM,QAAQ,GACZ,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,IAAI,CAAC,CAAC,QAAQ,KAAK,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClF,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACrD,OAAO,QAAQ,EAAE,MAAM,CAAC;AAC1B,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAS,mBAAmB,CAC1B,KAAmB,EACnB,UAAqC,EACrC,SAAwC;IAExC,MAAM,YAAY,GAA4B,EAAE,CAAC;IACjD,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QAChC,IAAI,mBAAmB,CAAC,IAAI,EAAE,UAAU,CAAC,KAAK,SAAS,EAAE,CAAC;YACxD,MAAM,MAAM,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAC7C,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,YAAY,CAAC,IAAI,CAAC,MAA+B,CAAC,CAAC;YACrD,CAAC;YACD,SAAS;QACX,CAAC;QACD,6EAA6E;QAC7E,MAAM,UAAU,GAAG,qBAAqB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAC1D,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,YAAY,CAAC,IAAI,CAAC;gBAChB,SAAS,EAAE,UAAU,CAAC,SAAS;gBAC/B,MAAM,EAAE,qBAAqB,CAAC,UAAU,CAAC,MAAM,CAAC;aACjD,CAAC,CAAC;QACL,CAAC;QACD,0EAA0E;QAC1E,8EAA8E;IAChF,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,kBAAkB,CACzB,IAAqD,EACrD,GAAuB,EACvB,IAAwC;IAExC,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO;IAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QAChD,MAAM,IAAI,kBAAkB,CAC1B,sBAAsB,GAAG,+CAA+C,QAAQ,KAAK,IAAI,IAAI,EAC7F,EAAE,IAAI,EAAE,qBAAqB,EAAE,SAAS,EAAE,SAAS,EAAE,CACtD,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;AACtB,CAAC;AAED,SAAS,uBAAuB,CAC9B,SAAwC;IAExC,MAAM,IAAI,GAAG,IAAI,GAAG,EAA8C,CAAC;IACnE,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,KAAK,MAAM,UAAU,IAAI,QAAQ,CAAC,YAAY,IAAI,EAAE,EAAE,CAAC;YACrD,MAAM,UAAU,GAAG,UAAU,CAAC,SAAS,EAAE,UAAU,CAAC;YACpD,IAAI,UAAU,KAAK,SAAS;gBAAE,SAAS;YACvC,kBAAkB,CAAC,IAAI,EAAE,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;YAC1D,kBAAkB,CAAC,IAAI,EAAE,UAAU,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;YAClE,kBAAkB,CAAC,IAAI,EAAE,UAAU,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACnE,CAAC;AAED;;;;;GAKG;AACH,SAAS,aAAa,CACpB,YAA8C,EAC9C,SAAkB;IAElB,MAAM,IAAI,GAA4C,EAAE,CAAC;IACzD,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAC3C,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACxC,IAAI,aAAa,CAAC,KAAK,CAAC;YAAE,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC;IACzD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,4BAA4B,CAAC,IAM5C;IACC,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,EAAE,SAAS,GAAG,EAAE,EAAE,UAAU,GAAG,EAAE,EAAE,GAAG,IAAI,CAAC;IACzE,wEAAwE;IACxE,uEAAuE;IACvE,6EAA6E;IAC7E,UAAU;IACV,MAAM,gBAAgB,GAAG,0CAA0C,CACjE,mBAAmB,CAAC,KAAK,EAAE,UAAU,EAAE,SAAS,CAAC,CAClD,CAAC;IACF,4EAA4E;IAC5E,8EAA8E;IAC9E,+EAA+E;IAC/E,6EAA6E;IAC7E,oEAAoE;IACpE,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAE9E,6EAA6E;IAC7E,mEAAmE;IACnE,uEAAuE;IACvE,gFAAgF;IAChF,wEAAwE;IACxE,MAAM,YAAY,GAAqC;QACrD,GAAG,sBAAsB,CAAC,EAAE,gBAAgB,EAAE,uBAAuB,CAAC,SAAS,CAAC,EAAE,CAAC;QACnF,GAAG,gBAAgB;KACpB,CAAC;IAEF,qEAAqE;IACrE,yEAAyE;IACzE,qEAAqE;IACrE,kEAAkE;IAClE,uEAAuE;IACvE,sDAAsD;IACtD,MAAM,GAAG,GACP,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,mBAAmB,CAAC,UAAU,EAAE,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC;IAChG,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAE/C,MAAM,MAAM,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAC;IACjD,4EAA4E;IAC5E,0EAA0E;IAC1E,MAAM,SAAS,GAAG,sBAAsB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAE3D,uEAAuE;IACvE,6EAA6E;IAC7E,sEAAsE;IACtE,2EAA2E;IAC3E,yEAAyE;IACzE,yEAAyE;IACzE,yBAAyB,CAAC,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;IAExE,0EAA0E;IAC1E,wEAAwE;IACxE,0EAA0E;IAC1E,2EAA2E;IAC3E,sEAAsE;IACtE,OAAO;QACL,MAAM,EAAE,aAAa,CAAC;YACpB,YAAY;YACZ,IAAI,EAAE,aAAa,CAAC,YAAY,EAAE,SAAS,CAAC;YAC5C,GAAG;SACJ,CAAC;QACF,QAAQ,EAAE,SAAS;KACpB,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,yBAAyB,CAAC,IAIlC;IACC,MAAM,MAAM,GAAG,sBAAsB,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxE,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO;IAE1C,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IAChG,MAAM,QAAQ,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;IAClF,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjE,MAAM,IAAI,kBAAkB,CAC1B,mBAAmB,KAAK,qEAAqE;YAC3F,+FAA+F,EACjG,EAAE,IAAI,EAAE,qBAAqB,EAAE,CAChC,CAAC;IACJ,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACjC,MAAM,UAAU,GAAG,CAAC,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,UAAU,KAAK,CAAC;QAC3F,MAAM,CAAC,IAAI,CAAC;YACV,GAAG,EAAE,gCAAgC;YACrC,MAAM,EAAE,eAAe;YACvB,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,UAAU,EAAE,CAAC,CAAC,UAAU;SACzB,CAAC,CAAC;QACH,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,8BAA8B,CAAC,CAAC,SAAS,uCAAuC,UAAU,GAAG;YAC3F,2DAA2D,CAC9D,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,MAAM,UAAU,sBAAsB,CAAC,IAKtC;IACC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU,GAAG,EAAE,EAAE,GAAG,IAAI,CAAC;IAE7D,yEAAyE;IACzE,2DAA2D;IAC3D,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,qCAAqC,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC5D,CAAC;IAED,8EAA8E;IAC9E,8EAA8E;IAC9E,4EAA4E;IAC5E,+EAA+E;IAC/E,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QAChC,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,UAAU,CAAC;YAAE,SAAS;QACrD,MAAM,UAAU,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,oBAAoB,CAAC;QAC/D,IAAI,UAAU,KAAK,SAAS;YAAE,SAAS;QACvC,KAAK,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/D,IAAI,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACjC,QAAQ,CAAC,YAAY,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/bootstrap/dispatch-external-tool-command.d.ts

@@ -0,0 +1,67 @@
+/**
+ * dispatch-external-tool-command — the HOST supervisor for the out-of-process
+ * external tool COMMAND dispatch plane (ADR-0054, increments M4-C / M4-D / M4-E).
+ *
+ * For an EXTERNAL-provenance tool command (installed / project-local /
+ * user-global), the host forks the {@link executeToolCommandWorker} entry
+ * instead of importing + running the handler in-process. The worker imports the
+ * untrusted runtime and runs the handler; this supervisor:
+ *
+ *   1. marshals the minimal serializable {@link ToolCommandWorkerSpec} to a temp
+ *      file and forks the worker entry via the shared {@link runWorkerSpec}
+ *      fork/IPC core, which turns a child throw / `process.exit` / crash /
+ *      premature-exit / fork-failure into a structured parent-side rejection,
+ *      enforces the wall-clock timeout, serves the worker's host-RPC upcalls
+ *      against the REAL host {@link ToolCliContext}, and inherits run correlation
+ *      through the child env;
+ *   2. on success, replays the slim {@link ToolCommandResult} through the REAL
+ *      host seams (`render` / `emitEnvelope` / `emitJson` / `emitRaw` /
+ *      `emitError` / `setExitCode`) so the output contract stays byte-identical
+ *      to the in-process path.
+ *
+ * Bundled first-party tools never reach here — they stay in-process (the trusted
+ * computing base). External tools have NO in-process fallback by trust tier
+ * (ADR-0054): a fork failure is a hard, structured error, not a silent in-host
+ * run.
+ */
+import { type ToolProvenance } from '@opensip-cli/core';
+import { type DispatchHostCtx } from './dispatch-replay-result.js';
+export interface DispatchExternalToolCommandArgs {
+    /** The external tool's provenance (source must NOT be `'bundled'`). */
+    readonly provenance: ToolProvenance;
+    /** Which command (by `CommandSpec.name`) to run in the worker. */
+    readonly commandName: string;
+    /** Parsed opts for this invocation (serializable). */
+    readonly opts: Record<string, unknown>;
+    /** Trailing positionals (`_args`) for this invocation (serializable). */
+    readonly positionals: readonly unknown[];
+    /**
+     * The tool's RAW config namespace block for the WORKER deep pass (ADR-0054
+     * M4-E Config two-pass). Forwarded into the spec so the worker runs the tool's
+     * real Zod after load. `undefined` when there is no block to validate.
+     */
+    readonly config?: unknown;
+    /** The real host context the supervisor replays the worker result through. */
+    readonly ctx: DispatchHostCtx;
+    /** Override the wall-clock timeout (tests use a short one). */
+    readonly timeoutMs?: number;
+    /**
+     * Override the CLI entry script the supervisor forks (defaults to
+     * `process.argv[1]`). The worker runs as `node <cliScript> __tool-command-worker
+     * <specPath> --cwd <cwd>`, going through the full bootstrap so the dispatched
+     * tool's scope (config/registries/subscope) is worker-local (ADR-0054 M4-E).
+     * Tests point this at the built CLI dist entry.
+     */
+    readonly cliScript?: string;
+}
+/**
+ * Fork the worker, await its slim {@link ToolCommandResult}, and replay it
+ * through the host seams. A worker fault (throw / `process.exit` / crash /
+ * timeout / fork failure) becomes a structured {@link ToolError} — the host never
+ * crashes.
+ *
+ * @throws {SystemError} when the external command's provenance is `'bundled'`
+ *   (a misuse — bundled tools run in-process), or when the worker fails.
+ */
+export declare function dispatchExternalToolCommand(args: DispatchExternalToolCommandArgs): Promise<void>;
+//# sourceMappingURL=dispatch-external-tool-command.d.ts.map

package/dist/bootstrap/dispatch-external-tool-command.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dispatch-external-tool-command.d.ts","sourceRoot":"","sources":["../../src/bootstrap/dispatch-external-tool-command.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,EAA6B,KAAK,cAAc,EAAmB,MAAM,mBAAmB,CAAC;AAOpG,OAAO,EAAgB,KAAK,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAIjF,MAAM,WAAW,+BAA+B;IAC9C,uEAAuE;IACvE,QAAQ,CAAC,UAAU,EAAE,cAAc,CAAC;IACpC,kEAAkE;IAClE,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,sDAAsD;IACtD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,yEAAyE;IACzE,QAAQ,CAAC,WAAW,EAAE,SAAS,OAAO,EAAE,CAAC;IACzC;;;;OAIG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC;IAC1B,8EAA8E;IAC9E,QAAQ,CAAC,GAAG,EAAE,eAAe,CAAC;IAC9B,+DAA+D;IAC/D,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B;;;;;;OAMG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED;;;;;;;;GAQG;AACH,wBAAsB,2BAA2B,CAC/C,IAAI,EAAE,+BAA+B,GACpC,OAAO,CAAC,IAAI,CAAC,CA6Bf"}

package/dist/bootstrap/dispatch-external-tool-command.js

@@ -0,0 +1,79 @@
+/**
+ * dispatch-external-tool-command — the HOST supervisor for the out-of-process
+ * external tool COMMAND dispatch plane (ADR-0054, increments M4-C / M4-D / M4-E).
+ *
+ * For an EXTERNAL-provenance tool command (installed / project-local /
+ * user-global), the host forks the {@link executeToolCommandWorker} entry
+ * instead of importing + running the handler in-process. The worker imports the
+ * untrusted runtime and runs the handler; this supervisor:
+ *
+ *   1. marshals the minimal serializable {@link ToolCommandWorkerSpec} to a temp
+ *      file and forks the worker entry via the shared {@link runWorkerSpec}
+ *      fork/IPC core, which turns a child throw / `process.exit` / crash /
+ *      premature-exit / fork-failure into a structured parent-side rejection,
+ *      enforces the wall-clock timeout, serves the worker's host-RPC upcalls
+ *      against the REAL host {@link ToolCliContext}, and inherits run correlation
+ *      through the child env;
+ *   2. on success, replays the slim {@link ToolCommandResult} through the REAL
+ *      host seams (`render` / `emitEnvelope` / `emitJson` / `emitRaw` /
+ *      `emitError` / `setExitCode`) so the output contract stays byte-identical
+ *      to the in-process path.
+ *
+ * Bundled first-party tools never reach here — they stay in-process (the trusted
+ * computing base). External tools have NO in-process fallback by trust tier
+ * (ADR-0054): a fork failure is a hard, structured error, not a silent in-host
+ * run.
+ */
+import { currentScope, SystemError } from '@opensip-cli/core';
+import { DEFAULT_DISPATCH_TIMEOUT_MS, requirePackageDir, runWorkerSpec, } from './dispatch-fork-core.js';
+import { replayResult } from './dispatch-replay-result.js';
+/**
+ * Fork the worker, await its slim {@link ToolCommandResult}, and replay it
+ * through the host seams. A worker fault (throw / `process.exit` / crash /
+ * timeout / fork failure) becomes a structured {@link ToolError} — the host never
+ * crashes.
+ *
+ * @throws {SystemError} when the external command's provenance is `'bundled'`
+ *   (a misuse — bundled tools run in-process), or when the worker fails.
+ */
+export async function dispatchExternalToolCommand(args) {
+    if (args.provenance.source === 'bundled') {
+        throw new SystemError('dispatchExternalToolCommand called for a bundled tool; bundled tools run in-process.', { code: 'SYSTEM.DISPATCH.BUNDLED_MISUSE' });
+    }
+    // Lifecycle observability: the out-of-process dispatch is a major run phase, so
+    // emit a structured event onto the scope DiagnosticsBus (the same bus the
+    // in-process action emits `execute` events onto). A `--json` consumer reads
+    // `outcome.diagnostics.events` for context even without full OTEL.
+    const diagnostics = currentScope()?.diagnostics;
+    diagnostics?.event('execute', 'debug', `dispatching external tool '${args.provenance.id}' command '${args.commandName}' out-of-process`);
+    const result = await runCommandWorker(args);
+    diagnostics?.event('execute', 'debug', `external tool '${args.provenance.id}' command '${args.commandName}' worker resolved`);
+    await replayResult(result, args.ctx, {
+        commandName: args.commandName,
+        opts: { ...args.opts, _args: args.positionals },
+        positionals: args.positionals,
+    });
+}
+/** Marshal the command spec + run it through the shared fork/IPC core. */
+function runCommandWorker(args) {
+    const spec = {
+        toolId: args.provenance.id,
+        toolPackageDir: requirePackageDir(args.provenance),
+        source: args.provenance.source,
+        commandName: args.commandName,
+        opts: args.opts,
+        positionals: args.positionals,
+        // ADR-0054 M4-E: forward the coarse-validated config block so the worker can
+        // run the tool's real Zod deep pass after load. Omitted when no block exists.
+        ...(args.config === undefined ? {} : { config: args.config }),
+    };
+    const cwd = typeof args.opts.cwd === 'string' ? args.opts.cwd : process.cwd();
+    return runWorkerSpec({
+        spec,
+        ctx: args.ctx,
+        cwd,
+        ...(args.cliScript === undefined ? {} : { cliScript: args.cliScript }),
+        timeoutMs: args.timeoutMs ?? DEFAULT_DISPATCH_TIMEOUT_MS,
+    });
+}
+//# sourceMappingURL=dispatch-external-tool-command.js.map

package/dist/bootstrap/dispatch-external-tool-command.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dispatch-external-tool-command.js","sourceRoot":"","sources":["../../src/bootstrap/dispatch-external-tool-command.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,EAAE,YAAY,EAAE,WAAW,EAAwC,MAAM,mBAAmB,CAAC;AAEpG,OAAO,EACL,2BAA2B,EAC3B,iBAAiB,EACjB,aAAa,GACd,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,YAAY,EAAwB,MAAM,6BAA6B,CAAC;AAiCjF;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,IAAqC;IAErC,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QACzC,MAAM,IAAI,WAAW,CACnB,sFAAsF,EACtF,EAAE,IAAI,EAAE,gCAAgC,EAAE,CAC3C,CAAC;IACJ,CAAC;IAED,gFAAgF;IAChF,0EAA0E;IAC1E,4EAA4E;IAC5E,mEAAmE;IACnE,MAAM,WAAW,GAAG,YAAY,EAAE,EAAE,WAAW,CAAC;IAChD,WAAW,EAAE,KAAK,CAChB,SAAS,EACT,OAAO,EACP,8BAA8B,IAAI,CAAC,UAAU,CAAC,EAAE,cAAc,IAAI,CAAC,WAAW,kBAAkB,CACjG,CAAC;IACF,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,CAAC;IAC5C,WAAW,EAAE,KAAK,CAChB,SAAS,EACT,OAAO,EACP,kBAAkB,IAAI,CAAC,UAAU,CAAC,EAAE,cAAc,IAAI,CAAC,WAAW,mBAAmB,CACtF,CAAC;IACF,MAAM,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE;QACnC,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,IAAI,EAAE,EAAE,GAAG,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,WAAW,EAAE;QAC/C,WAAW,EAAE,IAAI,CAAC,WAAW;KAC9B,CAAC,CAAC;AACL,CAAC;AAED,0EAA0E;AAC1E,SAAS,gBAAgB,CAAC,IAAqC;IAC7D,MAAM,IAAI,GAA0B;QAClC,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,EAAE;QAC1B,cAAc,EAAE,iBAAiB,CAAC,IAAI,CAAC,UAAU,CAAC;QAClD,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,MAAwC;QAChE,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,6EAA6E;QAC7E,8EAA8E;QAC9E,GAAG,CAAC,IAAI,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;KAC9D,CAAC;IACF,MAAM,GAAG,GAAG,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;IAC9E,OAAO,aAAa,CAAC;QACnB,IAAI;QACJ,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,GAAG;QACH,GAAG,CAAC,IAAI,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;QACtE,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,2BAA2B;KACzD,CAAC,CAAC;AACL,CAAC"}

package/dist/bootstrap/dispatch-external-tool-hook.d.ts

@@ -0,0 +1,47 @@
+/**
+ * dispatch-external-tool-hook — the HOST supervisor for running an EXTERNAL
+ * tool's LIFECYCLE HOOK out-of-process (ADR-0054 M4-F).
+ *
+ * After M4-F the host never executes an external-provenance tool's lifecycle
+ * hooks in-process. Two host-command hooks still need the tool's runtime to
+ * produce data: `collectReportData` (the `report` command + report auto-open) and
+ * `sessionReplay` (`sessions show`). For an external tool the host forks the SAME
+ * `__tool-command-worker` subcommand the command dispatch uses — but in HOOK mode
+ * (the spec sets `hook` instead of `commandName`). The worker imports the
+ * untrusted runtime, runs the named hook against its own re-bootstrapped scope,
+ * and returns the hook's plain-data result in {@link ToolCommandResult.hookResult}.
+ *
+ * The host gets the data WITHOUT executing the external runtime in the kernel
+ * process. A fork failure / throw / timeout is a structured {@link ToolError} —
+ * the host never crashes and never falls back to in-host execution.
+ */
+import { type ToolProvenance } from '@opensip-cli/core';
+import { type DispatchHostCtx } from './dispatch-replay-result.js';
+import type { ToolCommandWorkerSpec } from './tool-command-dispatch-types.js';
+export interface DispatchExternalToolHookArgs {
+    /** The external tool's provenance (source must NOT be `'bundled'`). */
+    readonly provenance: ToolProvenance;
+    /** Which lifecycle hook to run in the worker. */
+    readonly hook: NonNullable<ToolCommandWorkerSpec['hook']>;
+    /** The serializable argument the hook needs (e.g. the stored session row). */
+    readonly hookArg?: unknown;
+    /** The project cwd the worker bootstraps against (steers discovery + project). */
+    readonly cwd: string;
+    /** The real host context the supervisor serves host-RPC upcalls through. */
+    readonly ctx: DispatchHostCtx;
+    /** Override the wall-clock timeout (tests use a short one). */
+    readonly timeoutMs?: number;
+    /** Override the CLI entry script the supervisor forks (defaults to argv[1]). */
+    readonly cliScript?: string;
+}
+/**
+ * Run one external tool lifecycle hook in a forked worker and return its
+ * plain-data result. A worker fault becomes a structured {@link ToolError} — the
+ * host never crashes; external runtime never falls back to in-host execution.
+ *
+ * @returns The hook's result (`hookResult`) — a `Record<string, unknown>` for
+ *   `collectReportData`, a `ToolSessionReplay` for `sessionReplay`, or `undefined`
+ *   when the worker tool declared no such hook.
+ */
+export declare function dispatchExternalToolHook(args: DispatchExternalToolHookArgs): Promise<unknown>;
+//# sourceMappingURL=dispatch-external-tool-hook.d.ts.map

package/dist/bootstrap/dispatch-external-tool-hook.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dispatch-external-tool-hook.d.ts","sourceRoot":"","sources":["../../src/bootstrap/dispatch-external-tool-hook.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,KAAK,cAAc,EAAmB,MAAM,mBAAmB,CAAC;AAOzE,OAAO,EAAE,KAAK,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAEnE,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAC;AAE9E,MAAM,WAAW,4BAA4B;IAC3C,uEAAuE;IACvE,QAAQ,CAAC,UAAU,EAAE,cAAc,CAAC;IACpC,iDAAiD;IACjD,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC;IAC1D,8EAA8E;IAC9E,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B,kFAAkF;IAClF,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,4EAA4E;IAC5E,QAAQ,CAAC,GAAG,EAAE,eAAe,CAAC;IAC9B,+DAA+D;IAC/D,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,gFAAgF;IAChF,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED;;;;;;;;GAQG;AACH,wBAAsB,wBAAwB,CAC5C,IAAI,EAAE,4BAA4B,GACjC,OAAO,CAAC,OAAO,CAAC,CAoBlB"}

package/dist/bootstrap/dispatch-external-tool-hook.js

@@ -0,0 +1,49 @@
+/**
+ * dispatch-external-tool-hook — the HOST supervisor for running an EXTERNAL
+ * tool's LIFECYCLE HOOK out-of-process (ADR-0054 M4-F).
+ *
+ * After M4-F the host never executes an external-provenance tool's lifecycle
+ * hooks in-process. Two host-command hooks still need the tool's runtime to
+ * produce data: `collectReportData` (the `report` command + report auto-open) and
+ * `sessionReplay` (`sessions show`). For an external tool the host forks the SAME
+ * `__tool-command-worker` subcommand the command dispatch uses — but in HOOK mode
+ * (the spec sets `hook` instead of `commandName`). The worker imports the
+ * untrusted runtime, runs the named hook against its own re-bootstrapped scope,
+ * and returns the hook's plain-data result in {@link ToolCommandResult.hookResult}.
+ *
+ * The host gets the data WITHOUT executing the external runtime in the kernel
+ * process. A fork failure / throw / timeout is a structured {@link ToolError} —
+ * the host never crashes and never falls back to in-host execution.
+ */
+import { DEFAULT_DISPATCH_TIMEOUT_MS, requirePackageDir, runWorkerSpec, } from './dispatch-fork-core.js';
+/**
+ * Run one external tool lifecycle hook in a forked worker and return its
+ * plain-data result. A worker fault becomes a structured {@link ToolError} — the
+ * host never crashes; external runtime never falls back to in-host execution.
+ *
+ * @returns The hook's result (`hookResult`) — a `Record<string, unknown>` for
+ *   `collectReportData`, a `ToolSessionReplay` for `sessionReplay`, or `undefined`
+ *   when the worker tool declared no such hook.
+ */
+export async function dispatchExternalToolHook(args) {
+    const spec = {
+        toolId: args.provenance.id,
+        toolPackageDir: requirePackageDir(args.provenance),
+        source: args.provenance.source,
+        hook: args.hook,
+        // The worker resolves the project cwd from the spec opts (symmetric to the
+        // command path). Hook mode carries no Commander opts/positionals.
+        opts: { cwd: args.cwd },
+        positionals: [],
+        ...(args.hookArg === undefined ? {} : { hookArg: args.hookArg }),
+    };
+    const result = await runWorkerSpec({
+        spec,
+        ctx: args.ctx,
+        cwd: args.cwd,
+        ...(args.cliScript === undefined ? {} : { cliScript: args.cliScript }),
+        timeoutMs: args.timeoutMs ?? DEFAULT_DISPATCH_TIMEOUT_MS,
+    });
+    return result.hookResult;
+}
+//# sourceMappingURL=dispatch-external-tool-hook.js.map

package/dist/bootstrap/dispatch-external-tool-hook.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dispatch-external-tool-hook.js","sourceRoot":"","sources":["../../src/bootstrap/dispatch-external-tool-hook.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH,OAAO,EACL,2BAA2B,EAC3B,iBAAiB,EACjB,aAAa,GACd,MAAM,yBAAyB,CAAC;AAsBjC;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,IAAkC;IAElC,MAAM,IAAI,GAA0B;QAClC,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,EAAE;QAC1B,cAAc,EAAE,iBAAiB,CAAC,IAAI,CAAC,UAAU,CAAC;QAClD,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,MAAwC;QAChE,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,2EAA2E;QAC3E,kEAAkE;QAClE,IAAI,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE;QACvB,WAAW,EAAE,EAAE;QACf,GAAG,CAAC,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;KACjE,CAAC;IACF,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC;QACjC,IAAI;QACJ,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,GAAG,CAAC,IAAI,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;QACtE,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,2BAA2B;KACzD,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,UAAU,CAAC;AAC3B,CAAC"}

package/dist/bootstrap/dispatch-fork-core.d.ts

@@ -0,0 +1,48 @@
+/**
+ * dispatch-fork-core — the shared fork + IPC settle + host-RPC supervisor for the
+ * ADR-0054 out-of-process external-tool worker (increments M4-C / M4-D / M4-F).
+ *
+ * Both supervisors fork the SAME internal `__tool-command-worker` subcommand and
+ * settle on the SAME `ToolCommandResult` shape:
+ *   - `dispatch-external-tool-command.ts` runs an external tool's COMMAND;
+ *   - `dispatch-external-tool-hook.ts` (M4-F) runs an external tool's LIFECYCLE
+ *     HOOK (`collectReportData` / `sessionReplay`).
+ *
+ * They differ only in the {@link ToolCommandWorkerSpec} they marshal (a
+ * `commandName` vs a `hook`) and how they replay the result. This module owns the
+ * common machinery so neither duplicates it: marshal the spec to a temp file,
+ * fork the CLI binary as the worker subcommand (full bootstrap re-runs
+ * worker-local), enforce a wall-clock timeout, serve mid-run host-RPC upcalls
+ * against the REAL host `ToolCliContext`, and resolve the worker's
+ * {@link ToolCommandResult} (or reject with a structured {@link ToolError}).
+ *
+ * The host remains the ONLY process that performs the privileged effect; a worker
+ * fault (throw / `process.exit` / crash / timeout / fork failure) becomes a
+ * structured parent-side {@link ToolError} — the host never crashes and external
+ * runtime NEVER falls back to in-host execution (ADR-0054 trust tier).
+ */
+import { type ToolError, type ToolProvenance } from '@opensip-cli/core';
+import { type DispatchHostCtx } from './dispatch-replay-result.js';
+import type { ToolCommandResult, ToolCommandWorkerSpec } from './tool-command-dispatch-types.js';
+/** Default supervisor wall-clock timeout for one forked worker run (ms). */
+export declare const DEFAULT_DISPATCH_TIMEOUT_MS = 120000;
+/** The internal worker subcommand the supervisor forks the CLI binary into. */
+export declare const WORKER_SUBCOMMAND = "__tool-command-worker";
+/** Resolve the package dir for an external tool, or fail with a structured error. */
+export declare function requirePackageDir(provenance: ToolProvenance): string;
+/**
+ * Marshal a worker spec to a temp file, fork the worker, enforce the timeout, and
+ * resolve the worker's {@link ToolCommandResult}. The temp dir is always cleaned
+ * up. `cliScript` defaults to the running CLI entry; tests point it at the dist
+ * entry. `cwd` defaults to the spec's `opts.cwd` (or `process.cwd()`).
+ */
+export declare function runWorkerSpec(args: {
+    readonly spec: ToolCommandWorkerSpec;
+    readonly ctx: DispatchHostCtx;
+    readonly cwd: string;
+    readonly cliScript?: string;
+    readonly timeoutMs?: number;
+}): Promise<ToolCommandResult>;
+/** Build a structured supervisor-side dispatch error, logged with its failure class. */
+export declare function dispatchError(spec: ToolCommandWorkerSpec, message: string, failureClass: string): ToolError;
+//# sourceMappingURL=dispatch-fork-core.d.ts.map

package/dist/bootstrap/dispatch-fork-core.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dispatch-fork-core.d.ts","sourceRoot":"","sources":["../../src/bootstrap/dispatch-fork-core.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAOH,OAAO,EAIL,KAAK,SAAS,EACd,KAAK,cAAc,EAEpB,MAAM,mBAAmB,CAAC;AAI3B,OAAO,EAAE,KAAK,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAGnE,OAAO,KAAK,EAGV,iBAAiB,EACjB,qBAAqB,EACtB,MAAM,kCAAkC,CAAC;AAE1C,4EAA4E;AAC5E,eAAO,MAAM,2BAA2B,SAAU,CAAC;AAEnD,+EAA+E;AAC/E,eAAO,MAAM,iBAAiB,0BAA0B,CAAC;AAQzD,qFAAqF;AACrF,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,cAAc,GAAG,MAAM,CASpE;AAED;;;;;GAKG;AACH,wBAAsB,aAAa,CAAC,IAAI,EAAE;IACxC,QAAQ,CAAC,IAAI,EAAE,qBAAqB,CAAC;IACrC,QAAQ,CAAC,GAAG,EAAE,eAAe,CAAC;IAC9B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;CAC7B,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAoB7B;AA4JD,wFAAwF;AACxF,wBAAgB,aAAa,CAC3B,IAAI,EAAE,qBAAqB,EAC3B,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,GACnB,SAAS,CAoBX"}