qlogicagent 2.11.4 → 2.11.6

package/dist/types/runtime/infra/model-registry.d.ts

@@ -1,3 +1,4 @@
+import { type ReasoningMode } from "./provider-catalog-adapter.js";
 import { type KeyConfig, type KeyHandle, type LoadBalanceStrategy, type PoolStatus, type ProviderPoolConfig } from "./key-pool.js";
 export type RegistryChangeCallback = () => void;
 export type ModelPurpose = "textGeneration" | "smallModel" | "stt" | "tts" | "imageGeneration" | "imageUnderstanding" | "videoGeneration" | "videoUnderstanding" | "threeDGeneration" | "embedding" | "voiceClone" | "musicGeneration" | "realtimeAudio" | "realtimeVideo";
@@ -34,6 +35,8 @@ export interface ModelEntry {
     streamRequired?: boolean;
     capabilities?: string[];
     pricing?: Record<string, unknown>;
+    /** Thinking-strength control class for the UI (see ReasoningMode). */
+    reasoningMode?: ReasoningMode;
 }
 export type PurposeBindings = Partial<Record<ModelPurpose, string>>;
 export interface ModelRegistryConfig {
@@ -87,6 +90,12 @@ export declare class ModelRegistry {
     addModel(entry: Omit<ModelEntry, "id"> & {
         id?: string;
     }): string;
+    /**
+     * Backfill the reasoning control class for entries that arrived without it
+     * (e.g. from the llmrouter cloud catalog), using provider-core as the single
+     * source of truth. Entries that already carry reasoningMode are left as-is.
+     */
+    private withReasoningMode;
     replaceCatalogModels(entries: ModelEntry[]): void;
     replaceProviderModels(providerId: string, entries: ModelEntry[]): void;
     migrateModelIds(aliasToNative: Map<string, string>): void;

package/dist/types/runtime/infra/provider-catalog-adapter.d.ts

@@ -1,5 +1,17 @@
 import { type ProviderVariantCapability } from "@xiaozhiclaw/provider-core";
 export type RuntimeProviderVariantCapability = ProviderVariantCapability;
+/**
+ * How a model's thinking depth can be controlled, derived from provider-core
+ * capabilities + quirks. The UI maps each mode to a different effort option set:
+ *   - none      : model has no reasoning/thinking → hide the strength control
+ *   - adaptive  : model self-regulates depth natively (Anthropic Opus/Sonnet
+ *                 type:"adaptive") → only "智能"
+ *   - collapsed : provider collapses effort levels (DeepSeek: low/medium→high,
+ *                 high/xhigh→max) → "标准 / 最大" only
+ *   - effort    : full granular control honored (o-series/Kimi reasoning_effort,
+ *                 Anthropic budget thinking) → full 5 options
+ */
+export type ReasoningMode = "none" | "adaptive" | "collapsed" | "effort";
 export interface RuntimeProviderCatalogProvider {
     id: string;
     name: string;
@@ -24,6 +36,8 @@ export interface RuntimeProviderCatalogModel {
     costCacheRead?: number;
     costCacheWrite?: number;
     pricing?: Record<string, unknown>;
+    /** Derived control class for thinking strength (see ReasoningMode). */
+    reasoningMode?: ReasoningMode;
 }
 export interface RuntimeProviderVariantResolutionInput {
     publicModel: string;
@@ -44,5 +58,12 @@ export declare class ProviderCatalogAdapter {
     getProvider(providerId: string): RuntimeProviderCatalogProvider | undefined;
     listProviders(): RuntimeProviderCatalogProvider[];
     listModels(providerId: string): RuntimeProviderCatalogModel[];
+    /**
+     * Classify a model's reasoning control from provider-core (the single source of
+     * truth), for entries sourced outside the builtin catalog (e.g. the llmrouter
+     * cloud catalog). Returns undefined when the model isn't a known provider-core
+     * model — callers should fall back to the granular default.
+     */
+    classifyReasoningMode(providerId: string, modelId: string): ReasoningMode | undefined;
     resolveBest(input: RuntimeProviderVariantResolutionInput): RuntimeProviderVariantResolution | undefined;
 }

package/dist/types/runtime/infra/trae-adapter.d.ts

@@ -0,0 +1,31 @@
+export interface TraeProc {
+    stdout?: {
+        on(ev: "data", cb: (c: Buffer | string) => void): void;
+    } | null;
+    stderr?: {
+        on(ev: "data", cb: (c: Buffer | string) => void): void;
+    } | null;
+    on(ev: "close", cb: (code: number | null) => void): void;
+    on(ev: "error", cb: (e: Error) => void): void;
+    kill(signal?: string): void;
+}
+export type TraeSpawn = (command: string, args: string[], opts: {
+    cwd?: string;
+    env?: Record<string, string>;
+}) => TraeProc;
+export interface TraeTurnOptions {
+    cliCommand?: string;
+    cwd?: string;
+    env?: Record<string, string>;
+    provider?: string;
+    model?: string;
+    timeoutMs?: number;
+    spawnImpl?: TraeSpawn;
+}
+export interface TraeTurnResult {
+    ok: boolean;
+    content: string;
+    error?: string;
+}
+/** Run one Trae turn (`trae-cli run "<prompt>"`) and return its captured output. */
+export declare function runTraeTurn(prompt: string, opts?: TraeTurnOptions): Promise<TraeTurnResult>;

package/dist/types/runtime/ports/permission-contracts.d.ts

@@ -9,6 +9,12 @@ export interface PermissionRuleEntry {
     behavior: PermissionBehavior;
     reason?: string;
     source?: string;
+    /**
+     * When set, the rule only matches if this operation-classification flag is true
+     * (in addition to pattern/pathPrefix). Lets a rule target an operation property
+     * (e.g. a shell command that performs network egress) rather than just a tool name.
+     */
+    requireOp?: "commandNetworkEgress";
 }
 export type PermissionDecisionReason = {
     type: "rule";

package/dist/types/skills/permissions/community-sandbox-policy.d.ts

@@ -1,3 +1,3 @@
 import type { PermissionRuleEntry } from "./types.js";
 export type CommunitySandboxRuleId = "community-l1-shell" | "community-l1-file-read" | "community-l1-file-write" | "community-l1-network" | "community-l1-mcp" | "community-l1-host-control" | "community-l2-host-side-effect" | "community-l2-data-egress" | "community-l2-provider-prompt-egress" | "community-l2-provider-media-egress";
-export declare function createCommunityL1SandboxRules(): PermissionRuleEntry[];
+export declare function createCommunitySandboxScopedRules(): PermissionRuleEntry[];

package/dist/types/skills/permissions/hook-runner.d.ts

@@ -66,7 +66,13 @@ export declare class PermissionChecker {
     private readonly getTurnId;
     private readonly communityTelemetryRecorder;
     private readonly communitySandboxTurnIds;
-    private readonly communitySandboxRuleEngine;
+    /**
+     * cut7c — community-skill (untrusted) scoped deny/ask rules, passed per-call as
+     * `ruleEngine.check(..., { extraRules })` for community turns. NOT a second engine:
+     * the single rule engine evaluates these alongside the base rules. FS/exec tools are
+     * absent here → they flow through the unified pipeline (workspace + prompt + OS sandbox).
+     */
+    private readonly communityScopedRules;
     private unregisterHook;
     /** Tool meta cache — populated from ToolDefinition[] at agent creation */
     private toolMetaCache;
@@ -89,7 +95,12 @@ export declare class PermissionChecker {
      */
     setToolMeta(tools: ToolDefinition[]): void;
     get ruleEngineRef(): PermissionRuleEngine;
-    private checkCommunitySandboxThenBase;
+    /**
+     * cut7c — whether the CURRENT turn is a community-skill (untrusted) turn. Consumed by
+     * the OS-sandbox builder to tighten community execs (netPolicy=deny: no outbound network
+     * from the sandboxed child) as defense-in-depth on POSIX.
+     */
+    isCommunitySandboxTurn(): boolean;
     /** Fire permission.denied hook + onDenied callback + audit log */
     private fireDenied;
     private handleResult;

package/dist/types/skills/permissions/operation-classifier.d.ts

@@ -14,6 +14,13 @@ export interface OperationClassification {
     isEgress: boolean;
     egressCarriesData: boolean;
     isDestructive: boolean;
+    /**
+     * Shell command performs network egress (curl/wget/nc/scp/...). Used to gate
+     * untrusted community-skill shell commands (which would otherwise bypass the
+     * web_fetch/web_search deny via raw shell). Best-effort detection; the OS sandbox
+     * (netPolicy=deny on community turns) is the robust second layer on POSIX.
+     */
+    commandNetworkEgress: boolean;
 }
 export interface ClassifyContext {
     workspaceRoot: string;

package/dist/types/skills/permissions/rule-engine.d.ts

@@ -26,9 +26,18 @@ export declare class PermissionRuleEngine {
      * `op` is optional and defaults to an all-false classification so callers
      * that have not yet been wired to the classifier keep compiling.
      */
-    check(input: ToolPermissionCheckInput, op?: OperationClassification): PermissionResult;
+    check(input: ToolPermissionCheckInput, op?: OperationClassification, ctx?: {
+        extraRules?: readonly PermissionRuleEntry[];
+    }): PermissionResult;
     /** Rebuild compiledPatterns: [persistent-deny] → [session] → [persistent non-deny]. */
     private recompile;
+    /**
+     * Match a caller-supplied rule set (deny-first) against this call, using the SAME
+     * matching semantics as the base rules (pathPrefix prefix-match, else toolName glob).
+     * Returns the first hit's result, or null if none match. Used for per-call scoped
+     * rules (community-skill turns) so trust-level restrictions stay in the one engine.
+     */
+    private matchRuleSet;
 }
 /**
  * Parse permission config from Gateway-injected or local settings.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "qlogicagent",
-  "version": "2.11.4",
+  "version": "2.11.6",
   "description": "XiaozhiClaw Agent CLI — subprocess architecture (JSON-RPC over stdio)",
   "type": "module",
   "main": "dist/index.js",
@@ -86,6 +86,7 @@
     "node": ">=22.0.0"
   },
   "dependencies": {
+    "@agentclientprotocol/sdk": "^0.25.0",
     "@napi-rs/canvas": "0.1.100",
     "@xiaozhiclaw/pet-core": "0.1.0",
     "@xiaozhiclaw/provider-core": "0.1.4",
@@ -98,7 +99,6 @@
   "devDependencies": {
     "@types/better-sqlite3": "^7.6.13",
     "@types/node": "^22.15.0",
-    "@zed-industries/agent-client-protocol": "0.4.5",
     "esbuild": "^0.28.0",
     "oxlint": "1.67.0",
     "tsx": "^4.19.0",