seclaw-agent 0.1.0

package/dist/agent/loop.js

@@ -0,0 +1,858 @@
+"use strict";
+/**
+ * Agent loop - TypeScript port of seclaw/agent/loop.py
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AgentLoop = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const logger_1 = __importDefault(require("../utils/logger"));
+const events_1 = require("../bus/events");
+const context_1 = require("./context");
+const registry_1 = require("./tools/registry");
+const filesystem_1 = require("./tools/filesystem");
+const shell_1 = require("./tools/shell");
+const web_1 = require("./tools/web");
+const message_1 = require("./tools/message");
+const spawn_1 = require("./tools/spawn");
+const cron_1 = require("./tools/cron");
+const memory_1 = require("./memory");
+const subagent_1 = require("./subagent");
+const manager_1 = require("../session/manager");
+const input_validation_1 = require("./security/input_validation");
+const docker_snapshot_1 = require("./security/snapshot_and_rollback/docker_snapshot");
+const index_1 = require("./security/snapshot_and_rollback/index");
+const skill_audit_1 = require("./security/skill_audit");
+const execution_audit_1 = require("./security/execution_audit");
+const memory_audit_1 = require("./security/memory_audit");
+class AgentLoop {
+    bus;
+    provider;
+    workspace;
+    model;
+    maxIterations;
+    temperature;
+    maxTokens;
+    memoryWindow;
+    braveApiKey;
+    execConfig;
+    cronService;
+    restrictToWorkspace;
+    dockerSandbox;
+    securityConfig;
+    onReady;
+    readySignaled = false;
+    readyPromise;
+    resolveReady;
+    context;
+    sessions;
+    tools;
+    subagents;
+    running = false;
+    security;
+    dockerSnapshot = null;
+    constructor(opts) {
+        this.bus = opts.bus;
+        this.provider = opts.provider;
+        this.workspace = opts.workspace;
+        this.model = opts.model ?? opts.provider.getDefaultModel();
+        this.maxIterations = opts.maxIterations ?? 20;
+        this.temperature = opts.temperature ?? 0.7;
+        this.maxTokens = opts.maxTokens ?? 4096;
+        this.memoryWindow = opts.memoryWindow ?? 50;
+        this.braveApiKey = opts.braveApiKey;
+        this.execConfig = opts.execConfig ?? {};
+        this.cronService = opts.cronService;
+        this.restrictToWorkspace = opts.restrictToWorkspace ?? false;
+        this.dockerSandbox = opts.dockerSandbox;
+        this.securityConfig = opts.securityConfig ?? {};
+        this.onReady = opts.onReady;
+        this.readyPromise = new Promise((resolve) => {
+            this.resolveReady = resolve;
+        });
+        const containerWorkspace = this.dockerSandbox?.workspaceContainer;
+        const pathTranslator = this.dockerSandbox
+            ? (p) => this.dockerSandbox.hostToContainer(p)
+            : undefined;
+        this.context = new context_1.ContextBuilder({
+            workspace: this.workspace,
+            containerWorkspace,
+            pathTranslator,
+            dockerSandbox: this.dockerSandbox
+                ? { image: this.dockerSandbox.image }
+                : undefined,
+        });
+        this.sessions = opts.sessionManager ?? new manager_1.SessionManager(this.workspace);
+        this.tools = new registry_1.ToolRegistry();
+        this.subagents = new subagent_1.SubagentManager({
+            provider: this.provider,
+            workspace: this.workspace,
+            bus: this.bus,
+            model: this.model,
+            braveApiKey: this.braveApiKey,
+            execConfig: this.execConfig,
+            restrictToWorkspace: this.restrictToWorkspace,
+        });
+        this._registerDefaultTools();
+        // Initialize security validator
+        this.security = new input_validation_1.SecurityValidator({
+            provider: this.provider,
+            model: this.model,
+            toolRegistry: this.tools,
+            workspace: this.workspace,
+            prohibitedCommands: this.securityConfig.prohibitedCommands ?? [],
+        });
+        // Build DockerSnapshotManager
+        if (this.dockerSandbox) {
+            const _hostBackend = (0, index_1.getBackend)();
+            const _snapshotEnabled = this.dockerSandbox.snapshotEnabled ?? false;
+            const _hostDirs = (this.dockerSandbox.extraMounts ?? []).map((m) => m.split(":")[0]);
+            this.dockerSnapshot = _snapshotEnabled
+                ? new docker_snapshot_1.DockerSnapshotManager({
+                    containerName: this.dockerSandbox.containerName,
+                    workspace: this.workspace,
+                    hostBackend: _hostBackend?.isAvailable() ? _hostBackend : null,
+                    hostDirs: _hostDirs,
+                    maxSnapshots: this.dockerSandbox.snapshotMax ?? 10,
+                })
+                : null;
+        }
+        else {
+            this.dockerSnapshot = null;
+        }
+    }
+    _registerDefaultTools() {
+        const allowedDir = this.restrictToWorkspace ? this.workspace : undefined;
+        const sandbox = this.dockerSandbox ?? undefined;
+        this.tools.register(new filesystem_1.ReadFileTool({ allowedDir, dockerSandbox: sandbox }));
+        this.tools.register(new filesystem_1.WriteFileTool({ allowedDir, dockerSandbox: sandbox }));
+        this.tools.register(new filesystem_1.EditFileTool({ allowedDir, dockerSandbox: sandbox }));
+        this.tools.register(new filesystem_1.ListDirTool({ allowedDir, dockerSandbox: sandbox }));
+        const workingDir = sandbox?.workspaceContainer ?? this.workspace;
+        this.tools.register(new shell_1.ExecTool({
+            workingDir,
+            timeout: this.execConfig.timeout,
+            restrictToWorkspace: this.restrictToWorkspace,
+            dockerSandbox: sandbox,
+        }));
+        this.tools.register(new web_1.WebSearchTool({ apiKey: this.braveApiKey }));
+        this.tools.register(new web_1.WebFetchTool());
+        const messageTool = new message_1.MessageTool({
+            sendCallback: (msg) => this.bus.publishOutbound(msg),
+        });
+        this.tools.register(messageTool);
+        const spawnTool = new spawn_1.SpawnTool(this.subagents);
+        this.tools.register(spawnTool);
+        if (this.cronService) {
+            this.tools.register(new cron_1.CronTool(this.cronService));
+        }
+    }
+    _setToolContext(channel, chatId) {
+        const messageTool = this.tools.get("message");
+        if (messageTool instanceof message_1.MessageTool)
+            messageTool.setContext(channel, chatId);
+        const spawnTool = this.tools.get("spawn");
+        if (spawnTool instanceof spawn_1.SpawnTool)
+            spawnTool.setContext(channel, chatId);
+        const cronTool = this.tools.get("cron");
+        if (cronTool instanceof cron_1.CronTool)
+            cronTool.setContext(channel, chatId);
+    }
+    async run() {
+        this.running = true;
+        logger_1.default.info("Agent loop started");
+        // Reuse the same pending promise to avoid accumulating dangling waiters
+        // in AsyncQueue when Promise.race timeout fires before a message arrives.
+        let pending = null;
+        let readyAnnounced = false;
+        while (this.running) {
+            try {
+                if (!pending) {
+                    pending = this.bus.consumeInbound();
+                    if (!readyAnnounced) {
+                        readyAnnounced = true;
+                        this._signalReady();
+                    }
+                }
+                const msg = await Promise.race([
+                    pending.then((m) => { pending = null; return m; }),
+                    new Promise((res) => setTimeout(() => res(null), 1000)),
+                ]);
+                if (!msg)
+                    continue;
+                try {
+                    const response = await this._processMessage(msg);
+                    if (response)
+                        await this.bus.publishOutbound(response);
+                }
+                catch (e) {
+                    logger_1.default.error(`Error processing message: ${e}`);
+                    await this.bus.publishOutbound((0, events_1.makeOutboundMessage)({
+                        channel: msg.channel,
+                        chatId: msg.chatId,
+                        content: `Sorry, I encountered an error: ${String(e)}`,
+                    }));
+                }
+            }
+            catch {
+                // Timeout or other error — continue
+            }
+        }
+    }
+    stop() {
+        this.running = false;
+        logger_1.default.info("Agent loop stopping");
+    }
+    _signalReady() {
+        if (this.readySignaled)
+            return;
+        this.readySignaled = true;
+        this.resolveReady();
+        if (this.onReady) {
+            try {
+                this.onReady();
+            }
+            catch (e) {
+                logger_1.default.warn(`Agent onReady callback error: ${e}`);
+            }
+        }
+    }
+    async waitUntilReady(timeoutMs = 0) {
+        if (this.readySignaled)
+            return;
+        if (timeoutMs <= 0) {
+            await this.readyPromise;
+            return;
+        }
+        await Promise.race([
+            this.readyPromise,
+            new Promise((_, reject) => {
+                setTimeout(() => reject(new Error(`Agent readiness timeout after ${timeoutMs}ms`)), timeoutMs);
+            }),
+        ]);
+    }
+    _secondsSinceLastUserMessage(session) {
+        for (let i = session.messages.length - 1; i >= 0; i--) {
+            const item = session.messages[i];
+            if (item["role"] !== "user")
+                continue;
+            const rawTs = item["timestamp"];
+            if (!rawTs)
+                continue;
+            try {
+                let tsText = String(rawTs);
+                if (tsText.endsWith("Z"))
+                    tsText = tsText.slice(0, -1) + "+00:00";
+                const parsed = new Date(tsText);
+                return Math.max(0, (Date.now() - parsed.getTime()) / 1000);
+            }
+            catch {
+                continue;
+            }
+        }
+        return null;
+    }
+    _isToolOutputSummary(content) {
+        return String(content ?? "").startsWith("[Concise summary of earlier tool output]");
+    }
+    async _llmSummarizeToolOutput(content) {
+        const text = String(content ?? "").trim();
+        if (!text)
+            return "[Concise summary of earlier tool output] (empty output)";
+        if (this._isToolOutputSummary(text))
+            return text;
+        const prompt = "Summarize this tool output in 1-2 short sentences for future agent context. " +
+            "Keep only decisive facts: status, key findings, important paths/values, and errors. " +
+            `No markdown or bullet points.\n\nTool output:\n${text.slice(0, 5000)}`;
+        try {
+            const response = await this.provider.chat([
+                { role: "system", content: "You compress tool outputs into concise factual summaries." },
+                { role: "user", content: prompt },
+            ], { model: this.model });
+            const summary = (response.content ?? "").replace(/\s+/g, " ").trim();
+            if (summary)
+                return `[Concise summary of earlier tool output] ${summary.slice(0, 360)}`;
+        }
+        catch (e) {
+            logger_1.default.warn(`LLM tool-output summary failed, using fallback: ${e}`);
+        }
+        const normalized = text.replace(/\s+/g, " ");
+        if (normalized.length <= 280)
+            return `[Concise summary of earlier tool output] ${normalized}`;
+        return `[Concise summary of earlier tool output] ${normalized.slice(0, 200)} ... ${normalized.slice(-60)}`;
+    }
+    async _appendToolResultWithIncrementalCompression(execMessages, toolCallId, toolName, result, latestFullToolIdx) {
+        if (latestFullToolIdx !== null && latestFullToolIdx >= 0 && latestFullToolIdx < execMessages.length) {
+            const prev = execMessages[latestFullToolIdx];
+            if (prev["role"] === "tool") {
+                const summarized = await this._llmSummarizeToolOutput(prev["content"]);
+                execMessages[latestFullToolIdx] = { ...prev, content: summarized };
+            }
+        }
+        this.context.addToolResult(execMessages, toolCallId, toolName, String(result));
+        return [execMessages, execMessages.length - 1];
+    }
+    async _takeSnapshotIfEnabled(msg, key, label) {
+        if (!this.dockerSnapshot || !this.dockerSandbox)
+            return;
+        const dockerSandbox = this.dockerSandbox;
+        const minInterval = Math.max(0, this.securityConfig.dockerSandbox?.snapshotMinIntervalSeconds ?? 0);
+        const session = this.sessions.getOrCreate(key);
+        const secondsSinceLast = this._secondsSinceLastUserMessage(session);
+        const shouldSnapshot = minInterval === 0 || secondsSinceLast === null || secondsSinceLast >= minInterval;
+        if (!shouldSnapshot) {
+            logger_1.default.info(`Skip snapshot due to interval threshold: gap=${secondsSinceLast?.toFixed(1)}s < min=${minInterval}s`);
+            return;
+        }
+        await this.bus.publishOutbound((0, events_1.makeOutboundMessage)({
+            channel: msg.channel,
+            chatId: msg.chatId,
+            content: "🛟 Generating snapshot, Please wait a minute ...",
+            metadata: { keepTyping: true },
+        }));
+        await new Promise((resolve) => setImmediate(resolve));
+        let snapTag = null;
+        try {
+            snapTag = await this.dockerSnapshot.takeSnapshotAsync(label, (tag) => dockerSandbox.buildRunCmd(tag));
+        }
+        catch (e) {
+            logger_1.default.warn(`Snapshot failed: ${e}`);
+        }
+        if (snapTag) {
+            const manifestPath = this.dockerSnapshot.getManifestPath();
+            await this.bus.publishOutbound((0, events_1.makeOutboundMessage)({
+                channel: msg.channel,
+                chatId: msg.chatId,
+                content: `✅ Snapshot created successfully: ${snapTag}\nSnapshot cleanup location: ${manifestPath}`,
+                metadata: { keepTyping: true },
+            }));
+        }
+        else {
+            await this.bus.publishOutbound((0, events_1.makeOutboundMessage)({
+                channel: msg.channel,
+                chatId: msg.chatId,
+                content: "⚠️ Snapshot creation failed, continuing.",
+                metadata: { keepTyping: true },
+            }));
+        }
+    }
+    async _buildConfirmationMessage(opts) {
+        const { toolName, toolArgs, messages, securityReason } = opts;
+        const historyLines = [];
+        for (const m of messages) {
+            const role = String(m["role"] ?? "");
+            const content = String(m["content"] ?? "");
+            if (role === "system")
+                continue;
+            if (role === "tool") {
+                const snippet = content.slice(0, 200) + (content.length > 200 ? "..." : "");
+                historyLines.push(`[tool result ${String(m["tool_call_id"] ?? "?")}]: ${snippet}`);
+            }
+            else if (role === "assistant") {
+                const tcs = m["tool_calls"] ?? [];
+                for (const tc of tcs) {
+                    const fn = tc["function"] ?? {};
+                    historyLines.push(`[assistant called]: ${String(fn["name"] ?? "")}(${String(fn["arguments"] ?? "").slice(0, 150)})`);
+                }
+                if (content)
+                    historyLines.push(`[assistant]: ${content.slice(0, 200)}`);
+            }
+            else {
+                historyLines.push(`[${role}]: ${content.slice(0, 200)}`);
+            }
+        }
+        const executionHistory = historyLines.slice(-30).join("\n");
+        const argsSummary = JSON.stringify(toolArgs).slice(0, 400);
+        const prompt = `You are a security assistant helping a user understand why their AI agent is pausing for confirmation.
+
+The agent was about to call a tool but security validation flagged it.
+
+Tool name: ${toolName}
+Tool arguments (truncated): ${argsSummary}
+
+Execution history (most recent at bottom):
+${executionHistory}
+
+Pending Reason (internal reason): ${securityReason}
+
+Write a clear, concise confirmation request in natural language (2-4 short paragraphs):
+1. Indicate the specific command (tool call) that will be executed ("tool name", "parameters", or "shell command").
+2. Explain what the agent has done and why it decided to execute the current command.
+3. Explain the pending reason / security concern in as much detail as possible — what risk or anomaly was detected.
+4. End with a direct yes/no question asking the user whether to proceed.
+
+## Output format (no more than 200 words):
+  Pending Tool Call: <tool-call-command>
+    Explanation: <the task execution context and why the agent is calling this tool>
+    Pending Reason: <detailed explanation of the detected pending reason / security risk>
+    Confirmation Request: <a direct yes/no question asking the user whether to proceed>
+`;
+        try {
+            const resp = await this.provider.chat([
+                { role: "system", content: "You are a security assistant composing user-friendly confirmation requests." },
+                { role: "user", content: prompt },
+            ], { model: this.model });
+            const text = (resp.content ?? "").trim();
+            if (text)
+                return text;
+        }
+        catch (e) {
+            logger_1.default.warn(`_buildConfirmationMessage LLM call failed: ${e}`);
+        }
+        return `Pending Tool Call: ${toolName} ${argsSummary}\n\nExplanation: The agent selected this step to continue your requested task based on recent execution context.\n\nPending Reason: ${securityReason}\n\nConfirmation Request: Do you want to proceed with this action? (yes/no)`;
+    }
+    async _processMessage(msg, sessionKeyOverride) {
+        if (msg.channel === "system")
+            return this._processSystemMessage(msg);
+        const preview = msg.content.length > 80 ? msg.content.slice(0, 80) + "..." : msg.content;
+        logger_1.default.info(`Processing message from ${msg.channel}:${msg.senderId}: ${preview}`);
+        const key = sessionKeyOverride ?? (0, events_1.sessionKey)(msg);
+        const session = this.sessions.getOrCreate(key);
+        // Handle slash commands
+        const rawCmd = msg.content.trim().replace(/^@/, "").trim();
+        const cmd = rawCmd.toLowerCase();
+        if (cmd === "/new") {
+            const msgsBefore = [...session.messages];
+            (0, manager_1.clearSession)(session);
+            this.sessions.save(session);
+            this.sessions.invalidate(session.key);
+            this._consolidateMemory(session, true, msgsBefore).catch(() => { });
+            return (0, events_1.makeOutboundMessage)({
+                channel: msg.channel,
+                chatId: msg.chatId,
+                content: "New session started. Memory consolidation in progress.",
+            });
+        }
+        if (cmd === "/help") {
+            return (0, events_1.makeOutboundMessage)({
+                channel: msg.channel,
+                chatId: msg.chatId,
+                content: "🦾 seclaw commands:\n/new — Start a new conversation\n/skill_audit — Audit loaded skills for security risks\n/memory_audit — Audit stored memory for security risks\n/take_snapshot [label] — Manually create a snapshot\n/snapshot_list — List all available snapshots\n/snapshot_restore <TAG> — Restore a snapshot by tag\n/help — Show available commands",
+            });
+        }
+        if (cmd === "/skill_audit") {
+            await this._takeSnapshotIfEnabled(msg, key, `${key}: /skill_audit`);
+            return (0, skill_audit_1.auditSkills)({
+                skillsLoader: this.context.skills,
+                provider: this.provider,
+                model: this.model,
+                workspace: this.workspace,
+                msg,
+            });
+        }
+        if (cmd === "/memory_audit") {
+            await this._takeSnapshotIfEnabled(msg, key, `${key}: /memory_audit`);
+            return (0, memory_audit_1.auditMemory)({
+                workspace: this.workspace,
+                provider: this.provider,
+                model: this.model,
+                msg,
+            });
+        }
+        if (cmd === "/snapshot_list") {
+            if (!this.dockerSnapshot) {
+                return (0, events_1.makeOutboundMessage)({ channel: msg.channel, chatId: msg.chatId, content: "⚠️ Snapshot feature is not enabled." });
+            }
+            const snapshots = this.dockerSnapshot.listSnapshots();
+            if (!snapshots.length) {
+                return (0, events_1.makeOutboundMessage)({ channel: msg.channel, chatId: msg.chatId, content: "No snapshots found." });
+            }
+            const snapshotLines = [`📦 Available snapshots (${snapshots.length} total):\n`];
+            for (let si = 0; si < snapshots.length; si++) {
+                const s = snapshots[si];
+                snapshotLines.push(`${si}. [${String(s["timestamp"] ?? "?")}] ${String(s["tag"] ?? "?")}\n   ${String(s["label"] ?? "")}`);
+            }
+            return (0, events_1.makeOutboundMessage)({ channel: msg.channel, chatId: msg.chatId, content: snapshotLines.join("\n") });
+        }
+        if (cmd === "/take_snapshot" || cmd.startsWith("/take_snapshot ")) {
+            if (!this.dockerSnapshot || !this.dockerSandbox) {
+                return (0, events_1.makeOutboundMessage)({ channel: msg.channel, chatId: msg.chatId, content: "⚠️ Snapshot feature is not enabled." });
+            }
+            const labelArg = rawCmd.replace(/^\/take_snapshot\b/i, "").trim();
+            const label = labelArg || `${key}: manual /take_snapshot`;
+            await this.bus.publishOutbound((0, events_1.makeOutboundMessage)({
+                channel: msg.channel,
+                chatId: msg.chatId,
+                content: "🛟 Generating snapshot, please wait a moment ...",
+                metadata: { keepTyping: true },
+            }));
+            await new Promise((resolve) => setImmediate(resolve));
+            let snapTag = null;
+            try {
+                snapTag = await this.dockerSnapshot.takeSnapshotAsync(label, (tag) => this.dockerSandbox.buildRunCmd(tag));
+            }
+            catch (e) {
+                logger_1.default.warn(`Manual snapshot failed: ${e}`);
+            }
+            if (!snapTag) {
+                return (0, events_1.makeOutboundMessage)({ channel: msg.channel, chatId: msg.chatId, content: "❌ Snapshot creation failed." });
+            }
+            const manifestPath = this.dockerSnapshot.getManifestPath();
+            return (0, events_1.makeOutboundMessage)({
+                channel: msg.channel,
+                chatId: msg.chatId,
+                content: `✅ Snapshot created successfully: ${snapTag}\nSnapshot cleanup location: ${manifestPath}`,
+            });
+        }
+        if (cmd.startsWith("/snapshot_restore")) {
+            if (!this.dockerSnapshot) {
+                return (0, events_1.makeOutboundMessage)({ channel: msg.channel, chatId: msg.chatId, content: "⚠️ Snapshot feature is not enabled." });
+            }
+            const dockerSandbox = this.dockerSandbox;
+            const cmdParts = rawCmd.split(/\s+/, 2);
+            const snapTag = cmdParts[1]?.trim() ?? "";
+            if (!snapTag) {
+                return (0, events_1.makeOutboundMessage)({ channel: msg.channel, chatId: msg.chatId, content: "⚠️ Please provide a tag. Usage: /snapshot_restore <TAG>" });
+            }
+            try {
+                this.dockerSnapshot.restoreSnapshot(snapTag, dockerSandbox ? (tag) => dockerSandbox.buildRunCmd(tag) : undefined);
+                return (0, events_1.makeOutboundMessage)({ channel: msg.channel, chatId: msg.chatId, content: `✅ Restored to snapshot: ${snapTag}` });
+            }
+            catch (e) {
+                return (0, events_1.makeOutboundMessage)({ channel: msg.channel, chatId: msg.chatId, content: `❌ Restore failed: ${e}` });
+            }
+        }
+        // Take a Docker snapshot before processing each user message
+        await this._takeSnapshotIfEnabled(msg, key, `${key}: ${msg.content.slice(0, 60)}`);
+        // Update tool contexts
+        this._setToolContext(msg.channel, msg.chatId);
+        let messages = this.context.buildMessages({
+            history: (0, manager_1.getHistory)(session, this.memoryWindow),
+            currentMessage: msg.content,
+            media: msg.media,
+            channel: msg.channel,
+            chatId: msg.chatId,
+        });
+        let execMessages = JSON.parse(JSON.stringify(messages));
+        let latestFullToolIdx = null;
+        for (let i = execMessages.length - 1; i >= 0; i--) {
+            if (execMessages[i]["role"] === "tool") {
+                latestFullToolIdx = i;
+                break;
+            }
+        }
+        // Resume execution if previous message was a user confirmation response
+        const confirmationMarker = /USER_CONFIRMATION_REQUEST/i;
+        const shouldResume = (messages.length >= 2
+            && messages[messages.length - 2]["role"] === "assistant"
+            && confirmationMarker.test(String(messages[messages.length - 2]["content"] ?? "")));
+        if (shouldResume) {
+            const resumePath = path.join(path.dirname(this.workspace), "security", "EXECUTION_RESUME.json");
+            try {
+                const resumed = JSON.parse(fs.readFileSync(resumePath, "utf-8"));
+                resumed.push({ role: "user", content: msg.content });
+                messages = resumed;
+                execMessages = JSON.parse(JSON.stringify(messages));
+                latestFullToolIdx = null;
+                for (let i = execMessages.length - 1; i >= 0; i--) {
+                    if (execMessages[i]["role"] === "tool") {
+                        latestFullToolIdx = i;
+                        break;
+                    }
+                }
+            }
+            catch (e) {
+                logger_1.default.warn(`Failed to load resume execution state: ${e}`);
+            }
+        }
+        // Analyze task for security validation
+        if (this.securityConfig.inputValidationEnabled) {
+            const execConversations = messages.filter((m) => m["role"] !== "system");
+            const userTask = JSON.stringify(execConversations);
+            await this.security.analyzeTask(userTask);
+            logger_1.default.info(`Security validation initialized`);
+            logger_1.default.info(`\n${this.security.getTrajectorySummary()}`);
+        }
+        // Agent loop
+        let iteration = 0;
+        let finalContent = null;
+        const toolsUsed = [];
+        while (iteration < this.maxIterations) {
+            iteration++;
+            const response = await this.provider.chat(execMessages, { tools: this.tools.getDefinitions(), model: this.model });
+            if (response.toolCalls.length > 0) {
+                const toolCallDicts = response.toolCalls.map((tc) => ({
+                    id: tc.id,
+                    type: "function",
+                    function: { name: tc.name, arguments: JSON.stringify(tc.arguments) },
+                }));
+                this.context.addAssistantMessage(messages, response.content, toolCallDicts, response.reasoningContent ?? undefined);
+                this.context.addAssistantMessage(execMessages, response.content, toolCallDicts, response.reasoningContent ?? undefined);
+                for (const toolCall of response.toolCalls) {
+                    toolsUsed.push(toolCall.name);
+                    const argsStr = JSON.stringify(toolCall.arguments).slice(0, 200);
+                    logger_1.default.info(`Tool call: ${toolCall.name}(${argsStr})`);
+                    // Security validation gate
+                    let isValid = true;
+                    let securityReason = "Input validation disabled";
+                    if (this.securityConfig.inputValidationEnabled) {
+                        [isValid, securityReason] = await this.security.validateToolCall(toolCall.name, toolCall.arguments);
+                    }
+                    if (!isValid) {
+                        logger_1.default.warn(`Tool call requires user confirmation: ${toolCall.name}`);
+                        const blockedResult = "⚠️ Tool call blocked by security validation. Waiting for user confirmation.";
+                        this.context.addToolResult(messages, toolCall.id, toolCall.name, blockedResult);
+                        [execMessages, latestFullToolIdx] = await this._appendToolResultWithIncrementalCompression(execMessages, toolCall.id, toolCall.name, blockedResult, latestFullToolIdx);
+                        const rawReason = securityReason.replace(/^USER_CONFIRMATION_REQUEST:\s*/, "");
+                        const confirmMsg = await this._buildConfirmationMessage({
+                            toolName: toolCall.name,
+                            toolArgs: toolCall.arguments,
+                            messages,
+                            securityReason: rawReason,
+                        });
+                        const fullConfirmation = `🟡 **USER_CONFIRMATION_REQUEST**\n\n${confirmMsg}`;
+                        messages.push({ role: "assistant", content: fullConfirmation });
+                        execMessages.push({ role: "assistant", content: fullConfirmation });
+                        const resumePath = path.join(path.dirname(this.workspace), "security", "EXECUTION_RESUME.json");
+                        fs.mkdirSync(path.dirname(resumePath), { recursive: true });
+                        fs.writeFileSync(resumePath, JSON.stringify(execMessages, null, 4), "utf-8");
+                        logger_1.default.info(`Execution state saved to ${resumePath}`);
+                        finalContent = fullConfirmation;
+                        break;
+                    }
+                    const result = await this.tools.execute(toolCall.name, toolCall.arguments);
+                    // Guard model: detect and sanitize prompt injection in tool output
+                    let safeResult = String(result);
+                    if (this.securityConfig.outputValidationEnabled) {
+                        const [sanitized, injectionDetected, detectionReason] = await this.security.detectAndSanitizeOutput(toolCall.name, result);
+                        if (injectionDetected) {
+                            logger_1.default.warn(`🛡️ Guard model sanitized output from ${toolCall.name}: ${detectionReason}`);
+                            safeResult = `[Security Notice: Potential prompt injection detected and removed]\n\n${sanitized}`;
+                        }
+                    }
+                    // Record observation for information flow tracking
+                    this.security.recordObservation(toolCall.name, safeResult);
+                    this.context.addToolResult(messages, toolCall.id, toolCall.name, safeResult);
+                    [execMessages, latestFullToolIdx] = await this._appendToolResultWithIncrementalCompression(execMessages, toolCall.id, toolCall.name, safeResult, latestFullToolIdx);
+                }
+                // If user confirmation is needed, break iteration loop
+                if (finalContent !== null)
+                    break;
+                // Save execution log if needed
+                const logEnabled = this.securityConfig.executionLogEnabled;
+                const logStep = this.securityConfig.executionLogStep ?? 5;
+                if (logEnabled && iteration % logStep === 0) {
+                    const logName = `trajectory_${session.key}.json`;
+                    const logDir = path.join(path.dirname(this.workspace), "security", "execution_logs");
+                    fs.mkdirSync(logDir, { recursive: true });
+                    fs.writeFileSync(path.join(logDir, logName), JSON.stringify(messages, null, 2), "utf-8");
+                }
+            }
+            else {
+                finalContent = response.content ?? null;
+                break;
+            }
+        }
+        if (finalContent === null)
+            finalContent = "I've completed processing but have no response to give.";
+        const responsePreview = finalContent.length > 120 ? finalContent.slice(0, 120) + "..." : finalContent;
+        logger_1.default.info(`Response to ${msg.channel}:${msg.senderId}: ${responsePreview}`);
+        messages.push({ role: "assistant", content: finalContent });
+        if (this.securityConfig.executionLogEnabled) {
+            const logName = `trajectory_${session.key}_${new Date().toISOString().replace(/[:.]/g, "")}.json`;
+            const logDir = path.join(path.dirname(this.workspace), "security", "execution_logs");
+            fs.mkdirSync(logDir, { recursive: true });
+            fs.writeFileSync(path.join(logDir, logName), JSON.stringify(messages, null, 2), "utf-8");
+        }
+        (0, manager_1.addMessage)(session, "user", msg.content);
+        (0, manager_1.addMessage)(session, "assistant", finalContent, toolsUsed.length ? { tools_used: toolsUsed } : {});
+        this.sessions.save(session);
+        // Launch post-execution risk audit in background
+        if (this.securityConfig.postExecutionAuditEnabled && toolsUsed.length > 0) {
+            (0, execution_audit_1.auditExecution)({
+                sessionKey: session.key,
+                messages,
+                toolsUsed,
+                provider: this.provider,
+                model: this.model,
+                workspace: this.workspace,
+                bus: this.bus,
+                channel: msg.channel,
+                chatId: msg.chatId,
+            }).catch(() => { });
+        }
+        if (session.messages.length > this.memoryWindow) {
+            this._consolidateMemory(session).catch(() => { });
+        }
+        return (0, events_1.makeOutboundMessage)({
+            channel: msg.channel,
+            chatId: msg.chatId,
+            content: finalContent,
+            metadata: msg.metadata ?? {},
+        });
+    }
+    async _processSystemMessage(msg) {
+        logger_1.default.info(`Processing system message from ${msg.senderId}`);
+        let originChannel = "cli";
+        let originChatId = msg.chatId;
+        if (msg.chatId.includes(":")) {
+            [originChannel, originChatId] = msg.chatId.split(":", 2);
+        }
+        const sessionKey = `${originChannel}:${originChatId}`;
+        const session = this.sessions.getOrCreate(sessionKey);
+        this._setToolContext(originChannel, originChatId);
+        let messages = this.context.buildMessages({
+            history: (0, manager_1.getHistory)(session),
+            currentMessage: msg.content,
+            channel: originChannel,
+            chatId: originChatId,
+        });
+        let execMessages = messages.map((m) => ({ ...m }));
+        let latestFullToolIdx = null;
+        let iteration = 0;
+        let finalContent = null;
+        while (iteration < this.maxIterations) {
+            iteration++;
+            const response = await this.provider.chat(execMessages, { tools: this.tools.getDefinitions(), model: this.model });
+            if (response.toolCalls.length > 0) {
+                const toolCallDicts = response.toolCalls.map((tc) => ({
+                    id: tc.id,
+                    type: "function",
+                    function: { name: tc.name, arguments: JSON.stringify(tc.arguments) },
+                }));
+                this.context.addAssistantMessage(messages, response.content, toolCallDicts);
+                this.context.addAssistantMessage(execMessages, response.content, toolCallDicts);
+                for (const tc of response.toolCalls) {
+                    const result = await this.tools.execute(tc.name, tc.arguments);
+                    this.context.addToolResult(messages, tc.id, tc.name, result);
+                    [execMessages, latestFullToolIdx] = await this._appendToolResultWithIncrementalCompression(execMessages, tc.id, tc.name, result, latestFullToolIdx);
+                }
+            }
+            else {
+                finalContent = response.content ?? null;
+                break;
+            }
+        }
+        if (finalContent === null)
+            finalContent = "Background task completed.";
+        (0, manager_1.addMessage)(session, "user", `[System: ${msg.senderId}] ${msg.content}`);
+        (0, manager_1.addMessage)(session, "assistant", finalContent);
+        this.sessions.save(session);
+        return (0, events_1.makeOutboundMessage)({ channel: originChannel, chatId: originChatId, content: finalContent });
+    }
+    async _consolidateMemory(session, archiveAll = false, messagesOverride) {
+        const memory = new memory_1.MemoryStore(this.workspace);
+        const keepCount = this.memoryWindow / 2;
+        let oldMessages;
+        if (archiveAll) {
+            oldMessages = messagesOverride ?? session.messages;
+            logger_1.default.info(`Memory consolidation (archive_all): ${oldMessages.length} total messages archived`);
+        }
+        else {
+            if (session.messages.length <= keepCount)
+                return;
+            const lastConsolidated = session.lastConsolidated ?? 0;
+            const toProcess = session.messages.length - lastConsolidated;
+            if (toProcess <= 0)
+                return;
+            oldMessages = session.messages.slice(lastConsolidated, -keepCount);
+            if (oldMessages.length === 0)
+                return;
+            logger_1.default.info(`Memory consolidation: ${session.messages.length} total, ${oldMessages.length} new to process`);
+        }
+        const lines = [];
+        for (const m of oldMessages) {
+            if (!m["content"])
+                continue;
+            const tools = m["tools_used"] ? ` [tools: ${m["tools_used"].join(", ")}]` : "";
+            lines.push(`[${String(m["timestamp"] ?? "?").slice(0, 16)}] ${String(m["role"]).toUpperCase()}${tools}: ${m["content"]}`);
+        }
+        const conversation = lines.join("\n");
+        const currentMemory = memory.readLongTerm();
+        const prompt = `You are a memory consolidation agent. Process this conversation and return a JSON object with exactly two keys:
+
+1. "history_entry": A paragraph (2-5 sentences) summarizing the key events/decisions/topics. Start with a timestamp like [YYYY-MM-DD HH:MM]. Include enough detail to be useful when found by grep search later.
+
+2. "memory_update": The updated long-term memory content. Add any new facts: user location, preferences, personal info, habits, project context, technical decisions, tools/services used. If nothing new, return the existing content unchanged.
+
+## Current Long-term Memory
+${currentMemory || "(empty)"}
+
+## Conversation to Process
+${conversation}
+
+Respond with ONLY valid JSON, no markdown fences.`;
+        try {
+            const response = await this.provider.chat([
+                { role: "system", content: "You are a memory consolidation agent. Respond only with valid JSON." },
+                { role: "user", content: prompt },
+            ], { model: this.model });
+            let text = (response.content ?? "").trim();
+            if (!text)
+                return;
+            if (text.startsWith("```"))
+                text = text.split("\n").slice(1).join("\n").split("```")[0].trim();
+            let result;
+            try {
+                result = JSON.parse(text);
+            }
+            catch {
+                // Attempt a simple repair: extract JSON object pattern
+                const match = text.match(/\{[\s\S]*\}/);
+                if (!match)
+                    return;
+                try {
+                    result = JSON.parse(match[0]);
+                }
+                catch {
+                    return;
+                }
+            }
+            if (result["history_entry"])
+                memory.appendHistory(result["history_entry"]);
+            if (result["memory_update"] && result["memory_update"] !== currentMemory) {
+                memory.writeLongTerm(result["memory_update"]);
+            }
+            if (!archiveAll) {
+                session.lastConsolidated = session.messages.length - keepCount;
+            }
+            logger_1.default.info("Memory consolidation done");
+        }
+        catch (e) {
+            logger_1.default.error(`Memory consolidation failed: ${e}`);
+        }
+    }
+    async processDirect(content, sessionKey = "cli:direct", channel = "cli", chatId = "direct") {
+        const msg = (0, events_1.makeInboundMessage)({ channel, senderId: "user", chatId, content });
+        const response = await this._processMessage(msg, sessionKey);
+        return response?.content ?? "";
+    }
+}
+exports.AgentLoop = AgentLoop;
+//# sourceMappingURL=loop.js.map