skimpyclaw 0.1.9 → 0.3.0

package/dist/providers/openai.js

@@ -33,7 +33,7 @@ function recordOpenAIUsage(params) {
     let inputTokens = typeof usage?.prompt_tokens === 'number'
         ? usage.prompt_tokens
         : (typeof usage?.input_tokens === 'number' ? usage.input_tokens : 0);
-    let outputTokens = typeof usage?.completion_tokens === 'number'
+    const outputTokens = typeof usage?.completion_tokens === 'number'
         ? usage.completion_tokens
         : (typeof usage?.output_tokens === 'number' ? usage.output_tokens : 0);
     // Some OpenAI-compatible providers only return total_tokens.
@@ -121,7 +121,7 @@ export async function chatWithToolsOpenAI(params, provider) {
     const modelId = stripProvider(options.model, openaiClients);
     const maxIterations = toolConfig.maxIterations || 20;
     // Resolve tools once at start
-    const includeSpawn = !!(toolContext?.chatId && toolContext?.fullConfig);
+    const includeSpawn = !!(toolContext?.fullConfig && (toolContext?.chatId || toolContext?.isCronJob));
     const toolDefs = await getToolDefinitions(toolConfig, {
         includeSpawnSubagent: includeSpawn,
         includeMcp: false,

package/dist/sandbox/bridge.d.ts

@@ -0,0 +1,5 @@
+export declare function sandboxBash(containerName: string, command: string, cwd?: string, timeout?: number): Promise<string>;
+export declare function sandboxReadFile(containerName: string, path: string): Promise<string>;
+export declare function sandboxWriteFile(containerName: string, path: string, content: string): Promise<string>;
+export declare function sandboxListDir(containerName: string, path: string): Promise<string>;
+export declare function sandboxGlob(containerName: string, base: string, pattern: string): Promise<string>;

package/dist/sandbox/bridge.js

@@ -0,0 +1,63 @@
+import { execInContainer } from './runtime.js';
+const MAX_BASH_OUTPUT = 50 * 1024; // 50KB
+const MAX_READ_OUTPUT = 100 * 1024; // 100KB
+function truncate(s, maxBytes) {
+    if (Buffer.byteLength(s) <= maxBytes)
+        return s;
+    const truncated = Buffer.from(s).subarray(0, maxBytes).toString('utf-8');
+    return truncated + '\n... (output truncated)';
+}
+/**
+ * Shell-escape a string for use inside sh -c '...'
+ * NOTE: execInContainer already wraps in sh -c, so callers pass
+ * args as individual tokens. The runtime joins them with spaces
+ * and does basic single-quote escaping. For bash commands we pass
+ * the whole command as a single arg string.
+ */
+function shellEscape(s) {
+    return "'" + s.replace(/'/g, "'\\''") + "'";
+}
+export async function sandboxBash(containerName, command, cwd, timeout) {
+    // Pass the full command as a single string so sh -c runs it verbatim
+    const shellCmd = cwd
+        ? `cd ${shellEscape(cwd)} && ${command}`
+        : command;
+    const result = await execInContainer(containerName, [shellCmd], { timeout: timeout ?? 30_000 });
+    let output = [result.stdout, result.stderr].filter(Boolean).join('\n');
+    output = truncate(output, MAX_BASH_OUTPUT);
+    if (result.exitCode !== 0) {
+        output += `\n[exit code: ${result.exitCode}]`;
+    }
+    return output || '(no output)';
+}
+export async function sandboxReadFile(containerName, path) {
+    // Pass as a single command string to avoid double-escaping
+    const result = await execInContainer(containerName, [`cat -- ${shellEscape(path)}`]);
+    if (result.exitCode !== 0) {
+        throw new Error(`Failed to read ${path}: ${result.stderr}`);
+    }
+    return truncate(result.stdout, MAX_READ_OUTPUT);
+}
+export async function sandboxWriteFile(containerName, path, content) {
+    // mkdir -p for parent dir, then write via stdin
+    const result = await execInContainer(containerName, [`mkdir -p $(dirname ${shellEscape(path)}) && cat > ${shellEscape(path)}`], { stdin: content });
+    if (result.exitCode !== 0) {
+        throw new Error(`Failed to write ${path}: ${result.stderr}`);
+    }
+    const bytes = Buffer.byteLength(content);
+    return `Written: ${path} (${bytes} bytes)`;
+}
+export async function sandboxListDir(containerName, path) {
+    const result = await execInContainer(containerName, [`ls -la ${shellEscape(path)}`]);
+    if (result.exitCode !== 0) {
+        throw new Error(`Failed to list ${path}: ${result.stderr}`);
+    }
+    return result.stdout;
+}
+export async function sandboxGlob(containerName, base, pattern) {
+    const result = await execInContainer(containerName, [`find ${shellEscape(base)} -name ${shellEscape(pattern)} -maxdepth 10 -type f`]);
+    if (result.exitCode !== 0) {
+        throw new Error(`Failed to glob ${base}/${pattern}: ${result.stderr}`);
+    }
+    return result.stdout;
+}

package/dist/sandbox/index.d.ts

@@ -0,0 +1,5 @@
+export { createContainer, execInContainer, removeContainer, isContainerRunning, cleanupOrphans, setRuntime, getRuntime, resetRuntime, probeRuntime } from './runtime.js';
+export type { ContainerOpts, ExecOpts, ExecResult } from './runtime.js';
+export { ensureContainer, releaseContainer, pruneIdle, releaseAll, SANDBOX_DEFAULTS } from './manager.js';
+export { sandboxBash, sandboxReadFile, sandboxWriteFile, sandboxListDir, sandboxGlob } from './bridge.js';
+export { validateMountPaths, isBlockedPath, translatePath } from './mount-security.js';

package/dist/sandbox/index.js

@@ -0,0 +1,4 @@
+export { createContainer, execInContainer, removeContainer, isContainerRunning, cleanupOrphans, setRuntime, getRuntime, resetRuntime, probeRuntime } from './runtime.js';
+export { ensureContainer, releaseContainer, pruneIdle, releaseAll, SANDBOX_DEFAULTS } from './manager.js';
+export { sandboxBash, sandboxReadFile, sandboxWriteFile, sandboxListDir, sandboxGlob } from './bridge.js';
+export { validateMountPaths, isBlockedPath, translatePath } from './mount-security.js';

package/dist/sandbox/manager.d.ts

@@ -0,0 +1,7 @@
+import type { SandboxConfig } from '../types.js';
+export declare const SANDBOX_DEFAULTS: SandboxConfig;
+export declare function ensureContainer(sessionId: string, config: SandboxConfig, allowedPaths: string[]): Promise<string>;
+export declare function releaseContainer(sessionId: string): Promise<void>;
+export declare function pruneIdle(maxIdleMs: number): Promise<number>;
+export declare function releaseAll(): Promise<void>;
+export declare function resetForTesting(): void;

package/dist/sandbox/manager.js

@@ -0,0 +1,89 @@
+import { createContainer, removeContainer, isContainerRunning } from './runtime.js';
+import { validateMountPaths } from './mount-security.js';
+export const SANDBOX_DEFAULTS = {
+    enabled: false,
+    image: 'skimpyclaw-sandbox',
+    cpus: 2,
+    memory: '2G',
+    network: 'bridge',
+    idleTimeoutMs: 3_600_000,
+};
+const activeContainers = new Map();
+export async function ensureContainer(sessionId, config, allowedPaths) {
+    const name = `skimpyclaw-sbx-${sessionId}`;
+    const existing = activeContainers.get(sessionId);
+    if (existing) {
+        const running = await isContainerRunning(existing.name);
+        if (running) {
+            existing.lastUsed = Date.now();
+            return existing.name;
+        }
+        // Container died — remove from map, recreate
+        activeContainers.delete(sessionId);
+    }
+    // Process restarts clear in-memory state; adopt or clean an existing named
+    // container so a duplicate-name create does not fail.
+    const alreadyRunning = await isContainerRunning(name);
+    if (alreadyRunning) {
+        activeContainers.set(sessionId, {
+            name,
+            sessionId,
+            lastUsed: Date.now(),
+        });
+        return name;
+    }
+    // Best effort cleanup for stopped or half-created containers with same name.
+    await removeContainer(name);
+    const mounts = validateMountPaths(allowedPaths);
+    const uid = process.getuid?.() ?? 501;
+    const gid = process.getgid?.() ?? 20;
+    const merged = { ...SANDBOX_DEFAULTS, ...config };
+    const opts = {
+        image: merged.image,
+        cpus: merged.cpus,
+        memory: merged.memory,
+        network: merged.network,
+        mounts: mounts.map((m) => ({
+            host: m.host,
+            container: m.container,
+            readOnly: m.readOnly,
+        })),
+        user: `${uid}:${gid}`,
+    };
+    await createContainer(name, opts);
+    activeContainers.set(sessionId, {
+        name,
+        sessionId,
+        lastUsed: Date.now(),
+    });
+    return name;
+}
+export async function releaseContainer(sessionId) {
+    const entry = activeContainers.get(sessionId);
+    if (!entry)
+        return;
+    activeContainers.delete(sessionId);
+    await removeContainer(entry.name);
+}
+export async function pruneIdle(maxIdleMs) {
+    const now = Date.now();
+    let pruned = 0;
+    for (const [sessionId, entry] of activeContainers) {
+        if (now - entry.lastUsed > maxIdleMs) {
+            activeContainers.delete(sessionId);
+            await removeContainer(entry.name);
+            pruned++;
+        }
+    }
+    return pruned;
+}
+export async function releaseAll() {
+    const entries = Array.from(activeContainers.values());
+    activeContainers.clear();
+    for (const entry of entries) {
+        await removeContainer(entry.name);
+    }
+}
+export function resetForTesting() {
+    activeContainers.clear();
+}

package/dist/sandbox/mount-security.d.ts

@@ -0,0 +1,12 @@
+export interface MountSpec {
+    host: string;
+    container: string;
+    readOnly: boolean;
+}
+export declare function isBlockedPath(resolvedPath: string): boolean;
+export declare function validateMountPaths(allowedPaths: string[]): MountSpec[];
+/**
+ * Translate a host path to its container equivalent using mount specs.
+ * Returns the original path if no mount matches (will likely fail inside container).
+ */
+export declare function translatePath(hostPath: string, mounts: MountSpec[]): string;

package/dist/sandbox/mount-security.js

@@ -0,0 +1,118 @@
+import { realpathSync, existsSync } from 'fs';
+import { resolve, basename } from 'path';
+import { homedir } from 'os';
+const BLOCKED_PATTERNS = [
+    '.ssh',
+    '.gnupg',
+    '.gpg',
+    '.aws',
+    '.azure',
+    '.gcloud',
+    'credentials',
+    '.env',
+    '.npmrc',
+    '.pypirc',
+    '.docker/config.json',
+    '.kube',
+];
+export function isBlockedPath(resolvedPath) {
+    const segments = resolvedPath.split('/');
+    for (const segment of segments) {
+        if (BLOCKED_PATTERNS.includes(segment)) {
+            return true;
+        }
+    }
+    // Also check for compound patterns like .docker/config.json
+    for (const pattern of BLOCKED_PATTERNS) {
+        if (pattern.includes('/') && resolvedPath.includes(pattern)) {
+            return true;
+        }
+    }
+    return false;
+}
+export function validateMountPaths(allowedPaths) {
+    const home = homedir();
+    const mounts = [];
+    const usedBaseNames = new Map();
+    for (const rawPath of allowedPaths) {
+        const expanded = rawPath.startsWith('~')
+            ? resolve(home, rawPath.slice(2))
+            : resolve(rawPath);
+        let resolved;
+        try {
+            if (!existsSync(expanded)) {
+                continue; // Skip missing paths
+            }
+            resolved = realpathSync(expanded);
+        }
+        catch {
+            continue; // Skip paths that can't be resolved
+        }
+        if (isBlockedPath(resolved)) {
+            throw new Error(`Blocked path: ${resolved} matches security exclusion pattern`);
+        }
+        let base = basename(resolved);
+        const count = usedBaseNames.get(base) ?? 0;
+        usedBaseNames.set(base, count + 1);
+        if (count > 0) {
+            base = `${base}_${count}`;
+        }
+        mounts.push({
+            host: resolved,
+            container: `/workspace/${base}`,
+            readOnly: false,
+        });
+    }
+    // Always add ~/.skimpyclaw at /workspace/config
+    const skimpyclawDir = resolve(home, '.skimpyclaw');
+    if (existsSync(skimpyclawDir)) {
+        const resolved = realpathSync(skimpyclawDir);
+        // Only add if not already included
+        if (!mounts.some((m) => m.host === resolved)) {
+            mounts.push({
+                host: resolved,
+                container: '/workspace/config',
+                readOnly: false,
+            });
+        }
+    }
+    return mounts;
+}
+/**
+ * Translate a host path to its container equivalent using mount specs.
+ * Returns the original path if no mount matches (will likely fail inside container).
+ */
+export function translatePath(hostPath, mounts) {
+    const candidates = getPathCandidates(hostPath);
+    // Sort by host path length descending so we match the most specific mount first
+    const sorted = [...mounts].sort((a, b) => b.host.length - a.host.length);
+    for (const candidate of candidates) {
+        for (const mount of sorted) {
+            if (candidate === mount.host || candidate.startsWith(mount.host + '/')) {
+                const relative = candidate.slice(mount.host.length);
+                return mount.container + relative;
+            }
+        }
+    }
+    return hostPath;
+}
+function getPathCandidates(hostPath) {
+    const set = new Set();
+    const resolved = resolve(hostPath);
+    set.add(resolved);
+    try {
+        set.add(realpathSync(resolved));
+    }
+    catch {
+        // Path may not exist yet (e.g. write targets); keep resolved form.
+    }
+    for (const p of Array.from(set)) {
+        if (p.startsWith('/Users/')) {
+            set.add(`/System/Volumes/Data${p}`);
+        }
+        else if (p.startsWith('/System/Volumes/Data/Users/')) {
+            set.add(p.replace('/System/Volumes/Data', ''));
+        }
+    }
+    return Array.from(set);
+}

package/dist/sandbox/runtime.d.ts

@@ -0,0 +1,38 @@
+export interface ContainerOpts {
+    image: string;
+    cpus?: number;
+    memory?: string;
+    network?: string;
+    mounts?: Array<{
+        host: string;
+        container: string;
+        readOnly?: boolean;
+    }>;
+    user?: string;
+}
+export interface ExecOpts {
+    stdin?: string;
+    timeout?: number;
+    env?: Record<string, string>;
+}
+export interface ExecResult {
+    stdout: string;
+    stderr: string;
+    exitCode: number;
+}
+/** Set the container runtime binary ('container' or 'docker'). */
+export declare function setRuntime(runtime: 'container' | 'docker'): void;
+/** Get the container runtime binary, auto-detecting if not explicitly set. */
+export declare function getRuntime(): string;
+/**
+ * Check if a usable container runtime is available.
+ * Returns the runtime name if found, null otherwise. Never throws.
+ */
+export declare function probeRuntime(preferred?: string): string | null;
+/** Reset runtime detection (for testing). */
+export declare function resetRuntime(): void;
+export declare function createContainer(name: string, opts: ContainerOpts): Promise<void>;
+export declare function execInContainer(name: string, args: string[], opts?: ExecOpts): Promise<ExecResult>;
+export declare function removeContainer(name: string): Promise<void>;
+export declare function isContainerRunning(name: string): Promise<boolean>;
+export declare function cleanupOrphans(): Promise<number>;

package/dist/sandbox/runtime.js

@@ -0,0 +1,187 @@
+import { spawn, spawnSync } from 'child_process';
+const DEFAULT_TIMEOUT = 30_000;
+const CONTAINER_PREFIX = 'skimpyclaw-sbx-';
+/** Resolved container CLI binary. Set once via setRuntime() or auto-detected on first use. */
+let runtimeBinary = null;
+/** Set the container runtime binary ('container' or 'docker'). */
+export function setRuntime(runtime) {
+    runtimeBinary = runtime;
+}
+/** Get the container runtime binary, auto-detecting if not explicitly set. */
+export function getRuntime() {
+    if (runtimeBinary)
+        return runtimeBinary;
+    // Auto-detect: prefer Apple Containers, fall back to Docker
+    if (spawnSync('container', ['--version'], { stdio: 'ignore' }).status === 0) {
+        runtimeBinary = 'container';
+    }
+    else if (spawnSync('docker', ['--version'], { stdio: 'ignore' }).status === 0) {
+        runtimeBinary = 'docker';
+    }
+    else {
+        throw new Error('No container runtime found. Install Apple Containers or Docker.');
+    }
+    return runtimeBinary;
+}
+/**
+ * Check if a usable container runtime is available.
+ * Returns the runtime name if found, null otherwise. Never throws.
+ */
+export function probeRuntime(preferred) {
+    // If a preferred runtime is specified, check that one first
+    if (preferred) {
+        const result = spawnSync(preferred, ['--version'], { stdio: 'ignore' });
+        if (result.status === 0)
+            return preferred;
+    }
+    // Auto-detect: prefer Apple Containers, fall back to Docker
+    if (spawnSync('container', ['--version'], { stdio: 'ignore' }).status === 0) {
+        return 'container';
+    }
+    if (spawnSync('docker', ['--version'], { stdio: 'ignore' }).status === 0) {
+        return 'docker';
+    }
+    return null;
+}
+/** Reset runtime detection (for testing). */
+export function resetRuntime() {
+    runtimeBinary = null;
+}
+function runCommand(cmd, args, opts) {
+    return new Promise((resolve, reject) => {
+        const timeout = opts?.timeout ?? DEFAULT_TIMEOUT;
+        const child = spawn(cmd, args, {
+            stdio: [opts?.stdin ? 'pipe' : 'ignore', 'pipe', 'pipe'],
+            signal: AbortSignal.timeout(timeout),
+        });
+        const stdoutChunks = [];
+        const stderrChunks = [];
+        child.stdout?.on('data', (chunk) => stdoutChunks.push(chunk));
+        child.stderr?.on('data', (chunk) => stderrChunks.push(chunk));
+        if (opts?.stdin && child.stdin) {
+            child.stdin.write(opts.stdin);
+            child.stdin.end();
+        }
+        child.on('close', (code) => {
+            resolve({
+                stdout: Buffer.concat(stdoutChunks).toString('utf-8'),
+                stderr: Buffer.concat(stderrChunks).toString('utf-8'),
+                exitCode: code ?? 1,
+            });
+        });
+        child.on('error', (err) => {
+            const timeout = opts?.timeout ?? DEFAULT_TIMEOUT;
+            if (err.name === 'AbortError') {
+                reject(new Error(`Sandbox command timed out after ${Math.round(timeout / 1000)}s`));
+                return;
+            }
+            reject(err);
+        });
+    });
+}
+function formatCreateContainerError(runtime, network, stderr) {
+    const raw = stderr.trim();
+    if (raw.includes('network bridge not found')) {
+        return `network "${network || 'bridge'}" not found for ${runtime}. ` +
+            `Use sandbox.network="${runtime === 'container' ? 'default' : 'bridge'}" and retry.`;
+    }
+    if (raw.includes('pull access denied') || raw.includes('not found')) {
+        return `sandbox image is missing. Build it with: ${runtime} build -t skimpyclaw-sandbox:latest sandbox/`;
+    }
+    return raw;
+}
+export async function createContainer(name, opts) {
+    const runtime = getRuntime();
+    const args = ['run', '-d', '--name', name];
+    if (opts.user) {
+        args.push('--user', opts.user);
+    }
+    if (opts.cpus) {
+        args.push('--cpus', String(opts.cpus));
+    }
+    if (opts.memory) {
+        args.push('--memory', opts.memory);
+    }
+    if (opts.network) {
+        args.push('--network', opts.network);
+    }
+    if (opts.mounts) {
+        for (const m of opts.mounts) {
+            let mountArg = `type=bind,src=${m.host},dst=${m.container}`;
+            if (m.readOnly) {
+                mountArg += ',ro';
+            }
+            args.push('--mount', mountArg);
+        }
+    }
+    args.push(opts.image, 'sleep', 'infinity');
+    const result = await runCommand(runtime, args);
+    if (result.exitCode !== 0) {
+        const hint = formatCreateContainerError(runtime, opts.network, result.stderr);
+        throw new Error(`Failed to create container ${name}: ${hint}`);
+    }
+}
+export async function execInContainer(name, args, opts) {
+    // Callers (bridge.ts) handle their own escaping — just join args
+    const escaped = args.join(' ');
+    const execArgs = ['exec'];
+    if (opts?.stdin) {
+        execArgs.push('-i');
+    }
+    if (opts?.env) {
+        for (const [key, val] of Object.entries(opts.env)) {
+            execArgs.push('-e', `${key}=${val}`);
+        }
+    }
+    execArgs.push(name, 'sh', '-c', escaped);
+    return runCommand(getRuntime(), execArgs, {
+        stdin: opts?.stdin,
+        timeout: opts?.timeout ?? DEFAULT_TIMEOUT,
+    });
+}
+export async function removeContainer(name) {
+    const runtime = getRuntime();
+    // Best-effort stop then force rm to clear stopped/dead containers
+    await runCommand(runtime, ['stop', name]).catch(() => { });
+    await runCommand(runtime, ['rm', '-f', name]).catch(() => { });
+}
+export async function isContainerRunning(name) {
+    const runtime = getRuntime();
+    // Docker: use --format to check the running state directly
+    if (runtime === 'docker') {
+        const result = await runCommand(runtime, ['inspect', '--format', '{{.State.Running}}', name]);
+        return result.exitCode === 0 && result.stdout.trim() === 'true';
+    }
+    // Apple Containers: inspect succeeds for any state; check ps output
+    const result = await runCommand(runtime, ['inspect', name]);
+    if (result.exitCode !== 0)
+        return false;
+    // If stdout contains "running" state indicator, it's running
+    const output = result.stdout.toLowerCase();
+    return output.includes('"running"') || output.includes('status: running') || output.includes('state: running');
+}
+export async function cleanupOrphans() {
+    const rt = getRuntime();
+    // Try Docker-style --format first, fall back to plain ps for Apple Containers
+    let result = await runCommand(rt, ['ps', '-a', '--format', '{{.Names}}']);
+    if (result.exitCode !== 0) {
+        // Fallback: plain ps output, grep for our prefix
+        result = await runCommand(rt, ['ps', '-a']);
+        if (result.exitCode !== 0)
+            return 0;
+    }
+    const names = result.stdout
+        .split('\n')
+        .map((n) => n.trim())
+        .filter((n) => n.startsWith(CONTAINER_PREFIX) || n.includes(CONTAINER_PREFIX))
+        // Extract container name if it's in a table row
+        .map((n) => {
+        const match = n.match(new RegExp(`(${CONTAINER_PREFIX}[\\w-]+)`));
+        return match ? match[1] : n;
+    })
+        .filter((n) => n.startsWith(CONTAINER_PREFIX));
+    for (const name of names) {
+        await removeContainer(name);
+    }
+    return names.length;
+}

package/dist/service.js

@@ -5,12 +5,36 @@ import { initActiveChannel, startActiveChannel, stopActiveChannel } from './chan
 import { initProviders } from './agent.js';
 import { initLangfuse, shutdownLangfuse } from './langfuse.js';
 import { restoreCodeAgentTasks, setCodeAgentConfig } from './tools.js';
+import { releaseAll, cleanupOrphans, setRuntime, probeRuntime } from './sandbox/index.js';
 export async function startRuntime(config) {
     const smokeTest = process.env.SKIMPYCLAW_SMOKE_TEST === '1';
     initLangfuse(config);
     initProviders(config);
     restoreCodeAgentTasks();
     setCodeAgentConfig(config);
+    // Initialize sandbox runtime if configured — auto-disable if no runtime available
+    if (config.sandbox?.enabled) {
+        const detected = probeRuntime(config.sandbox.runtime);
+        if (detected) {
+            setRuntime(detected);
+            if (detected !== config.sandbox.runtime) {
+                console.log(`[sandbox] Configured runtime "${config.sandbox.runtime}" not found, using "${detected}" instead`);
+            }
+            // Clean up orphaned sandbox containers from previous runs
+            try {
+                const count = await cleanupOrphans();
+                if (count > 0)
+                    console.log(`[sandbox] Cleaned up ${count} orphaned container(s)`);
+            }
+            catch (err) {
+                console.warn('[sandbox] Failed to clean up orphaned containers:', err instanceof Error ? err.message : err);
+            }
+        }
+        else {
+            console.warn('[sandbox] No container runtime found (docker/container not installed). Sandbox disabled.');
+            config.sandbox.enabled = false;
+        }
+    }
     const port = smokeTest ? (parseInt(process.env.SKIMPYCLAW_SMOKE_PORT || '19999', 10)) : config.gateway.port;
     const gateway = await createGateway(config);
     const host = config.gateway.host ?? '127.0.0.1';
@@ -28,6 +52,7 @@ export async function startRuntime(config) {
         config,
         gateway,
         stop: async () => {
+            await releaseAll();
             stopCron();
             stopHeartbeat();
             await stopActiveChannel();

package/dist/setup.d.ts

@@ -13,9 +13,19 @@ interface SetupFeatures {
     browser: boolean;
     voice: boolean;
     mcp: boolean;
+    sandbox: boolean;
+}
+interface SetupStarters {
+    cronTechNews: boolean;
+    cronWeather: boolean;
+    timezone: string;
+    weatherLocation: string;
+    skillCodeReview: boolean;
+    skillDailyNotes: boolean;
 }
 interface SetupBuildInput {
     workspaceDir: string;
+    extraAllowedPaths?: string[];
     telegramId: string;
     telegramToken: string;
     discordToken?: string;
@@ -25,6 +35,7 @@ interface SetupBuildInput {
     selectedProviders: Set<ProviderChoice>;
     providerSecrets: ProviderSecrets;
     features?: SetupFeatures;
+    starters?: SetupStarters;
 }
 export declare function buildSetupConfig(input: SetupBuildInput): Record<string, unknown>;
 export declare function buildSetupArtifacts(input: SetupBuildInput): {