praisonai 1.7.0 → 1.7.2

package/dist/agent/simple.js

@@ -116,6 +116,23 @@ class Agent {
                         this.addAutoGeneratedToolDefinition(randomName, tool);
                     }
                 }
+                else if (tool && typeof tool === 'object' && typeof tool.execute === 'function' && tool.name) {
+                    // If it's a FunctionTool instance (has execute method and name)
+                    const funcName = tool.name;
+                    // Register the execute function with args as object (not spread)
+                    this.registerToolFunction(funcName, async (args) => {
+                        return tool.execute(args);
+                    });
+                    // Add the tool definition from FunctionTool
+                    processedTools.push(tool.toOpenAITool ? tool.toOpenAITool() : {
+                        type: 'function',
+                        function: {
+                            name: tool.name,
+                            description: tool.description || `Function ${tool.name}`,
+                            parameters: tool.parameters || { type: 'object', properties: {} },
+                        }
+                    });
+                }
                 else {
                     // If it's already a tool definition, add it as is
                     processedTools.push(tool);
@@ -295,8 +312,8 @@ class Agent {
                 if (!this.toolFunctions[name]) {
                     throw new Error(`Function ${name} not registered`);
                 }
-                // Call the function
-                const result = await this.toolFunctions[name](...Object.values(args));
+                // Call the function - pass args as object (for FunctionTool) or spread (for legacy functions)
+                const result = await this.toolFunctions[name](args);
                 // Add result to messages
                 results.push({
                     role: 'tool',

package/dist/ai/agent-loop.d.ts

@@ -154,6 +154,10 @@ export declare class AgentLoop {
      * Get the final result.
      */
     getResult(): AgentLoopResult;
+    /**
+     * Wrap tools so onToolCall approval runs before execution.
+     */
+    private wrapToolsWithApproval;
     /**
      * Check if the loop should stop.
      */

package/dist/ai/agent-loop.js

@@ -111,6 +111,9 @@ class AgentLoop {
             maxSteps: 10,
             ...config,
         };
+        if (this.config.onToolCall && this.config.tools) {
+            this.config.tools = this.wrapToolsWithApproval(this.config.tools);
+        }
         // Add system message if provided
         if (config.system) {
             this.messages.push({ role: 'system', content: config.system });
@@ -182,16 +185,9 @@ class AgentLoop {
         }
         // Handle tool calls
         if (step.toolCalls.length > 0) {
-            // Check for approval if callback provided
-            if (this.config.onToolCall) {
-                for (const toolCall of step.toolCalls) {
-                    const approved = await this.config.onToolCall(toolCall);
-                    if (!approved) {
-                        this.complete = true;
-                        step.finishReason = 'tool_rejected';
-                        break;
-                    }
-                }
+            // Rejection is handled in wrapped tool execute before execution
+            if (step.finishReason === 'tool_rejected') {
+                this.complete = true;
             }
             // Add tool call message
             const toolCallParts = step.toolCalls.map(tc => ({
@@ -260,6 +256,33 @@ class AgentLoop {
             finishReason: lastStep?.finishReason || 'unknown',
         };
     }
+    /**
+     * Wrap tools so onToolCall approval runs before execution.
+     */
+    wrapToolsWithApproval(tools) {
+        const onToolCall = this.config.onToolCall;
+        if (!onToolCall) {
+            return tools;
+        }
+        const wrapped = {};
+        for (const [name, tool] of Object.entries(tools)) {
+            wrapped[name] = {
+                ...tool,
+                execute: async (args) => {
+                    const approved = await onToolCall({
+                        toolCallId: `pending-${name}`,
+                        toolName: name,
+                        args,
+                    });
+                    if (!approved) {
+                        throw new Error(`Tool call rejected: ${name}`);
+                    }
+                    return tool.execute(args);
+                },
+            };
+        }
+        return wrapped;
+    }
     /**
      * Check if the loop should stop.
      */

package/dist/cli/features/external-agents.d.ts

@@ -16,6 +16,16 @@ export interface ExternalAgentResult {
     exitCode: number;
     duration: number;
 }
+export type StreamEvent = {
+    type: 'text';
+    content: string;
+} | {
+    type: 'json';
+    data: unknown;
+} | {
+    type: 'error';
+    error: string;
+};
 /**
  * Base class for external agent integrations
  */
@@ -30,6 +40,10 @@ export declare abstract class BaseExternalAgent {
      * Execute a prompt with the external agent
      */
     abstract execute(prompt: string): Promise<ExternalAgentResult>;
+    /**
+     * Stream output from the external agent
+     */
+    abstract stream(prompt: string): AsyncGenerator<StreamEvent, void, unknown>;
     /**
      * Get the agent name
      */
@@ -38,6 +52,10 @@ export declare abstract class BaseExternalAgent {
      * Execute a command and return result
      */
     protected runCommand(args: string[]): Promise<ExternalAgentResult>;
+    /**
+     * Stream command output line by line
+     */
+    protected streamCommand(args: string[]): AsyncGenerator<StreamEvent, void, unknown>;
     /**
      * Check if a command exists
      */
@@ -50,6 +68,7 @@ export declare class ClaudeCodeAgent extends BaseExternalAgent {
     constructor(cwd?: string);
     isAvailable(): Promise<boolean>;
     execute(prompt: string): Promise<ExternalAgentResult>;
+    stream(prompt: string): AsyncGenerator<StreamEvent, void, unknown>;
     executeWithSession(prompt: string, sessionId?: string): Promise<ExternalAgentResult>;
 }
 /**
@@ -60,6 +79,7 @@ export declare class GeminiCliAgent extends BaseExternalAgent {
     constructor(cwd?: string, model?: string);
     isAvailable(): Promise<boolean>;
     execute(prompt: string): Promise<ExternalAgentResult>;
+    stream(prompt: string): AsyncGenerator<StreamEvent, void, unknown>;
 }
 /**
  * OpenAI Codex CLI integration
@@ -68,6 +88,7 @@ export declare class CodexCliAgent extends BaseExternalAgent {
     constructor(cwd?: string);
     isAvailable(): Promise<boolean>;
     execute(prompt: string): Promise<ExternalAgentResult>;
+    stream(prompt: string): AsyncGenerator<StreamEvent, void, unknown>;
 }
 /**
  * Aider CLI integration
@@ -76,6 +97,7 @@ export declare class AiderAgent extends BaseExternalAgent {
     constructor(cwd?: string);
     isAvailable(): Promise<boolean>;
     execute(prompt: string): Promise<ExternalAgentResult>;
+    stream(prompt: string): AsyncGenerator<StreamEvent, void, unknown>;
 }
 /**
  * Generic external agent for any CLI tool
@@ -87,6 +109,7 @@ export declare class GenericExternalAgent extends BaseExternalAgent {
     });
     isAvailable(): Promise<boolean>;
     execute(prompt: string): Promise<ExternalAgentResult>;
+    stream(prompt: string): AsyncGenerator<StreamEvent, void, unknown>;
 }
 /**
  * External Agent Registry

package/dist/cli/features/external-agents.js

@@ -97,6 +97,59 @@ class BaseExternalAgent {
             });
         });
     }
+    /**
+     * Stream command output line by line
+     */
+    async *streamCommand(args) {
+        const { spawn } = await Promise.resolve().then(() => __importStar(require('child_process')));
+        const proc = spawn(this.config.command, args, {
+            cwd: this.config.cwd || process.cwd(),
+            env: { ...process.env, ...this.config.env },
+            timeout: this.config.timeout,
+            stdio: ['pipe', 'pipe', 'pipe']
+        });
+        if (!proc.stdout) {
+            throw new Error('Failed to create stdout stream');
+        }
+        let stderr = '';
+        proc.stderr?.on('data', (chunk) => {
+            stderr += chunk.toString();
+        });
+        const exit = new Promise((resolve, reject) => {
+            proc.once('error', reject);
+            proc.once('close', resolve);
+        });
+        const readline = await Promise.resolve().then(() => __importStar(require('readline')));
+        const rl = readline.createInterface({
+            input: proc.stdout,
+            crlfDelay: Infinity
+        });
+        try {
+            for await (const line of rl) {
+                if (line.trim()) {
+                    // Try to parse as JSON first
+                    try {
+                        const event = JSON.parse(line);
+                        yield { type: 'json', data: event };
+                    }
+                    catch {
+                        // If not JSON, treat as text
+                        yield { type: 'text', content: line };
+                    }
+                }
+            }
+            const exitCode = await exit;
+            if (exitCode !== 0) {
+                throw new Error(stderr || `${this.config.command} exited with code ${exitCode}`);
+            }
+        }
+        finally {
+            rl.close();
+            if (!proc.killed) {
+                proc.kill();
+            }
+        }
+    }
     /**
      * Check if a command exists
      */
@@ -127,6 +180,9 @@ class ClaudeCodeAgent extends BaseExternalAgent {
     async execute(prompt) {
         return this.runCommand(['--print', prompt]);
     }
+    async *stream(prompt) {
+        yield* this.streamCommand(['--print', '--output-format', 'stream-json', prompt]);
+    }
     async executeWithSession(prompt, sessionId) {
         const args = ['--print'];
         if (sessionId) {
@@ -155,6 +211,9 @@ class GeminiCliAgent extends BaseExternalAgent {
     async execute(prompt) {
         return this.runCommand(['-m', this.model, prompt]);
     }
+    async *stream(prompt) {
+        yield* this.streamCommand(['-m', this.model, '--json', prompt]);
+    }
 }
 exports.GeminiCliAgent = GeminiCliAgent;
 /**
@@ -174,6 +233,9 @@ class CodexCliAgent extends BaseExternalAgent {
     async execute(prompt) {
         return this.runCommand(['exec', '--full-auto', prompt]);
     }
+    async *stream(prompt) {
+        yield* this.streamCommand(['exec', '--full-auto', '--json', prompt]);
+    }
 }
 exports.CodexCliAgent = CodexCliAgent;
 /**
@@ -193,6 +255,18 @@ class AiderAgent extends BaseExternalAgent {
     async execute(prompt) {
         return this.runCommand(['--message', prompt, '--yes']);
     }
+    async *stream(prompt) {
+        // Aider doesn't support JSON streaming, so just yield text events
+        const result = await this.execute(prompt);
+        if (!result.success) {
+            throw new Error(result.error || 'Aider execution failed');
+        }
+        for (const line of result.output.split('\n')) {
+            if (line.trim()) {
+                yield { type: 'text', content: line };
+            }
+        }
+    }
 }
 exports.AiderAgent = AiderAgent;
 /**
@@ -216,6 +290,16 @@ class GenericExternalAgent extends BaseExternalAgent {
         }
         return this.runCommand(args);
     }
+    async *stream(prompt) {
+        const args = [...(this.config.args || [])];
+        if (this.promptArg) {
+            args.push(this.promptArg, prompt);
+        }
+        else {
+            args.push(prompt);
+        }
+        yield* this.streamCommand(args);
+    }
 }
 exports.GenericExternalAgent = GenericExternalAgent;
 /**

package/dist/cli/features/sandbox-executor.d.ts

@@ -28,6 +28,11 @@ export declare const DEFAULT_BLOCKED_COMMANDS: string[];
  * Default blocked paths
  */
 export declare const DEFAULT_BLOCKED_PATHS: string[];
+/** Shell metacharacters that enable command chaining or substitution */
+export declare const SHELL_METACHAR_PATTERN: RegExp;
+/** Commands that typically require network access */
+export declare const NETWORK_COMMANDS: string[];
+export declare function containsShellMetacharacters(command: string): boolean;
 /**
  * Command validator
  */
@@ -35,6 +40,7 @@ export declare class CommandValidator {
     private blockedCommands;
     private blockedPaths;
     private allowedCommands?;
+    private networkIsolated;
     constructor(config?: Partial<SandboxConfig>);
     /**
      * Validate a command
@@ -56,7 +62,7 @@ export declare class SandboxExecutor {
      */
     execute(command: string): Promise<ExecutionResult>;
     /**
-     * Spawn the command
+     * Spawn the command without shell when allowlisted or in strict mode
      */
     private spawn;
     /**

package/dist/cli/features/sandbox-executor.js

@@ -36,7 +36,8 @@ var __importStar = (this && this.__importStar) || (function () {
     };
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.SandboxExecutor = exports.CommandValidator = exports.DEFAULT_BLOCKED_PATHS = exports.DEFAULT_BLOCKED_COMMANDS = void 0;
+exports.SandboxExecutor = exports.CommandValidator = exports.NETWORK_COMMANDS = exports.SHELL_METACHAR_PATTERN = exports.DEFAULT_BLOCKED_PATHS = exports.DEFAULT_BLOCKED_COMMANDS = void 0;
+exports.containsShellMetacharacters = containsShellMetacharacters;
 exports.createSandboxExecutor = createSandboxExecutor;
 exports.sandboxExec = sandboxExec;
 /**
@@ -80,6 +81,28 @@ exports.DEFAULT_BLOCKED_PATHS = [
     '/sys',
     '/proc'
 ];
+/** Shell metacharacters that enable command chaining or substitution */
+exports.SHELL_METACHAR_PATTERN = /[;|&`><]|\$\([^)]*\)|\$\{/;
+/** Commands that typically require network access */
+exports.NETWORK_COMMANDS = [
+    'curl', 'wget', 'nc', 'netcat', 'ssh', 'scp', 'sftp', 'ftp', 'telnet',
+    'ping', 'nslookup', 'dig', 'host', 'traceroute', 'tracepath', 'nmap',
+    'socat', 'openssl', 'node', 'python', 'python3', 'ruby', 'perl',
+];
+/** Environment variables commonly used for network/proxy configuration */
+const NETWORK_ENV_VARS = [
+    'http_proxy', 'https_proxy', 'HTTP_PROXY', 'HTTPS_PROXY',
+    'ALL_PROXY', 'all_proxy', 'NO_PROXY', 'no_proxy',
+    'FTP_PROXY', 'ftp_proxy', 'SOCKS_PROXY', 'socks_proxy',
+];
+function containsShellMetacharacters(command) {
+    return exports.SHELL_METACHAR_PATTERN.test(command);
+}
+function parseCommandParts(command) {
+    const parts = command.trim().match(/(?:[^\s"']+|"[^"]*"|'[^']*')+/g) ?? [];
+    const unquoted = parts.map((part) => part.replace(/^["']|["']$/g, ''));
+    return { cmd: unquoted[0] ?? '', args: unquoted.slice(1) };
+}
 /**
  * Command validator
  */
@@ -88,19 +111,31 @@ class CommandValidator {
         this.blockedCommands = config.blockedCommands || exports.DEFAULT_BLOCKED_COMMANDS;
         this.blockedPaths = config.blockedPaths || exports.DEFAULT_BLOCKED_PATHS;
         this.allowedCommands = config.allowedCommands;
+        this.networkIsolated = config.mode === 'network-isolated';
     }
     /**
      * Validate a command
      */
     validate(command) {
-        const normalized = command.toLowerCase().trim();
+        const trimmed = command.trim();
+        if (!trimmed) {
+            return { valid: false, reason: 'Empty command' };
+        }
+        if (containsShellMetacharacters(trimmed)) {
+            return { valid: false, reason: 'Shell metacharacters are not allowed' };
+        }
+        const { cmd } = parseCommandParts(trimmed);
+        const normalized = trimmed.toLowerCase();
         // Check allowlist first if specified
         if (this.allowedCommands) {
-            const baseCmd = normalized.split(/\s+/)[0];
-            if (!this.allowedCommands.includes(baseCmd)) {
-                return { valid: false, reason: `Command '${baseCmd}' not in allowlist` };
+            if (!this.allowedCommands.includes(cmd.toLowerCase())) {
+                return { valid: false, reason: `Command '${cmd}' not in allowlist` };
             }
         }
+        // network-isolated: reject network-oriented commands (proxy env alone is insufficient)
+        if (this.networkIsolated && exports.NETWORK_COMMANDS.includes(cmd.toLowerCase())) {
+            return { valid: false, reason: `Network command '${cmd}' blocked in network-isolated mode` };
+        }
         // Check blocked commands
         for (const blocked of this.blockedCommands) {
             if (normalized.includes(blocked.toLowerCase())) {
@@ -190,18 +225,28 @@ class SandboxExecutor {
         }
     }
     /**
-     * Spawn the command
+     * Spawn the command without shell when allowlisted or in strict mode
      */
     async spawn(command) {
         const { spawn } = await Promise.resolve().then(() => __importStar(require('child_process')));
+        const env = this.buildEnv();
+        const useDirectSpawn = Boolean(this.config.allowedCommands) || this.config.mode === 'strict';
+        const { cmd, args } = parseCommandParts(command);
         return new Promise((resolve) => {
-            const env = this.buildEnv();
-            const proc = spawn('sh', ['-c', command], {
-                cwd: this.config.cwd,
-                env,
-                timeout: this.config.timeout,
-                stdio: ['pipe', 'pipe', 'pipe']
-            });
+            const proc = useDirectSpawn
+                ? spawn(cmd, args, {
+                    cwd: this.config.cwd,
+                    env,
+                    timeout: this.config.timeout,
+                    shell: false,
+                    stdio: ['pipe', 'pipe', 'pipe'],
+                })
+                : spawn('sh', ['-c', command], {
+                    cwd: this.config.cwd,
+                    env,
+                    timeout: this.config.timeout,
+                    stdio: ['pipe', 'pipe', 'pipe'],
+                });
             let stdout = '';
             let stderr = '';
             let truncated = false;
@@ -260,7 +305,11 @@ class SandboxExecutor {
                     ...this.config.env
                 };
             case 'network-isolated':
-                // No network access (requires additional OS-level setup)
+                // Proxy env vars alone do not block network; also reject network commands in validator.
+                // Strip common proxy/network env vars as a defence-in-depth measure.
+                for (const key of NETWORK_ENV_VARS) {
+                    delete baseEnv[key];
+                }
                 return {
                     ...baseEnv,
                     http_proxy: 'http://localhost:0',
@@ -268,7 +317,7 @@ class SandboxExecutor {
                     HTTP_PROXY: 'http://localhost:0',
                     HTTPS_PROXY: 'http://localhost:0',
                     no_proxy: '',
-                    NO_PROXY: ''
+                    NO_PROXY: '',
                 };
             case 'basic':
             default:
@@ -296,6 +345,7 @@ class SandboxExecutor {
      */
     setMode(mode) {
         this.config.mode = mode;
+        this.validator = new CommandValidator(this.config);
     }
 }
 exports.SandboxExecutor = SandboxExecutor;

package/dist/index.d.ts

@@ -48,9 +48,9 @@ export { BaseTool, ToolResult, ToolValidationError, validateTool, createTool, Fu
 export * from './tools/arxivTools';
 export * from './tools/mcpSse';
 export { tools, registerBuiltinTools } from './tools/tools';
-export { getToolsRegistry, createToolsRegistry, resetToolsRegistry, ToolsRegistry } from './tools/registry';
+export { getToolsRegistry, createToolsRegistry, resetToolsRegistry, ToolsRegistry, get_registry, get_tool, register_tool, validate_tool } from './tools/registry';
 export type { ToolExecutionContext, ToolLimits, RedactionHooks, ToolLogger, ToolCapabilities, InstallHints, ToolMetadata, ToolExecutionResult, PraisonTool, ToolParameterSchema, ToolParameterProperty, ToolMiddleware, ToolHooks, ToolFactory, RegisteredTool, ToolInstallStatus } from './tools/registry';
-export { MissingDependencyError, MissingEnvVarError } from './tools/registry';
+export { MissingDependencyError, MissingEnvVarError, BudgetExceededError } from './tools/registry';
 export { createLoggingMiddleware, createTimeoutMiddleware, createRedactionMiddleware, createRateLimitMiddleware, createRetryMiddleware, createTracingMiddleware, createValidationMiddleware, composeMiddleware } from './tools/registry';
 export { codeExecution, tavilySearch, tavilyExtract, tavilyCrawl, exaSearch, perplexitySearch, parallelSearch, firecrawlScrape, firecrawlCrawl, superagentGuard, superagentRedact, superagentVerify, valyuWebSearch, valyuFinanceSearch, valyuPaperSearch, valyuBioSearch, valyuPatentSearch, valyuSecSearch, valyuEconomicsSearch, valyuCompanyResearch, bedrockCodeInterpreter, bedrockBrowserNavigate, bedrockBrowserClick, bedrockBrowserFill, airweaveSearch, codeMode, registerCustomTool, createCustomTool, registerNpmTool, registerLocalTool } from './tools/builtins';
 export * from './session';
@@ -115,3 +115,4 @@ export { type ConditionProtocol, type RoutingConditionProtocol, DictCondition, E
 export { type BotConfig, type BotUser, type BotChannel, type BotMessage, type BotProtocol, type GatewayConfig, type GatewayEvent, type GatewayMessage, type GatewayProtocol, type GatewayClientProtocol, type GatewaySessionProtocol, type ProviderStatus, type FailoverConfig, type AuthProfile, type ResourceLimits, type SandboxResult, type SandboxProtocol, type ReflectionOutput, type AutoRagConfig, SandboxStatus, AutonomyLevel, RagRetrievalPolicy, FailoverManager, } from './gateway';
 export { type TaskConfig as AgentTaskConfig, type TaskOutput, type Task as AgentTask, BaseTask, createTaskOutput, } from './task';
 export { A2ATaskState, A2ARole, type A2ATextPart, type A2AFilePart, type A2ADataPart, type A2APart, type A2AMessage, type A2ATaskStatus, type A2ATask, type A2AArtifact, type A2AAgentSkill, type A2AAgentCapabilities, type A2AAgentCard, type A2ASendMessageRequest, A2A, AGUI, RetrievalPolicy as AutoRetrievalPolicy, type AutoRagAgentConfig, DEFAULT_AUTO_KEYWORDS, AutoRagAgent, type ToolDefinition, Tools, config, memory, obs, workflows, type GuardrailPolicy, resolveGuardrailPolicies, GUARDRAIL_POLICY_PRESETS, type AgentManager, } from './protocols';
+export { type AudioConfig, type CodeConfig, type OCRConfig, type VisionConfig, type VideoConfig, type RealtimeConfig, CodeAgent, OCRAgent, VisionAgent, VideoAgent, RealtimeAgent, EmbeddingAgent, type MCPCall, type WebSearchCall, type FileSearchCall, type CodeExecutionStep, type DeepResearchResponse, type Provider, createContextAgent as create_context_agent, handoffFilters as handoff_filters, promptWithHandoffInstructions as prompt_with_handoff_instructions, Chunking, If, when, Knowledge, Parallel, Route, Session, ContextManager, MCP, type ManagerConfig, type OptimizerStrategy, type ContextPack, type GuardrailResult, type ContextConfig, enableTelemetry as enable_telemetry, disableTelemetry as disable_telemetry, getTelemetry as get_telemetry, enablePerformanceMode as enable_performance_mode, disablePerformanceMode as disable_performance_mode, cleanupTelemetryResources as cleanup_telemetry_resources, register_display_callback, sync_display_callbacks, async_display_callbacks, display_error, display_generating, display_instruction, display_interaction, display_self_reflection, display_tool_call, error_logs, get_plugin_manager, get_default_plugin_dirs, ensure_plugin_dir, get_plugin_template, load_plugin, parse_plugin_header, parse_plugin_header_from_file, discover_plugins, discover_and_load_plugins, evaluate_condition, get_dimensions, track_workflow, resolve_guardrail_policies, trace_context, } from './parity';