skimpyclaw 0.3.14 → 0.4.0

package/dist/providers/openai.js

@@ -1,355 +0,0 @@
-// OpenAI-Compatible Provider (OpenAI, OpenRouter, Groq, etc.)
-import { startObservation } from '@langfuse/tracing';
-import { stripProvider, toOpenAITools, truncateToolResult } from './utils.js';
-import { compactOpenAIMessages } from './context-manager.js';
-import { toOpenAIContent } from './content.js';
-import { toUsageDetails, toCostDetails } from './observability.js';
-import { getToolDefinitions, executeTool } from '../tools.js';
-import { toErrorMessage } from '../utils.js';
-import { ToolCallGuard } from './tool-guard.js';
-import { addEvent } from '../audit.js';
-import { buildUsageRecord, recordUsage } from '../usage.js';
-// Map of provider name → OpenAI client
-const openaiClients = new Map();
-export function addOpenAIClient(name, client) {
-    openaiClients.set(name, client);
-}
-export function getOpenAIClient(name) {
-    return openaiClients.get(name);
-}
-export function hasOpenAIClient(name) {
-    return openaiClients.has(name);
-}
-export function clearOpenAIClients() {
-    openaiClients.clear();
-}
-export function resetOpenAIProviderState() {
-    openaiClients.clear();
-}
-export function isOpenAIAvailable(provider) {
-    return openaiClients.has(provider);
-}
-const LANGFUSE_APP_NAME = 'skimpyclaw';
-function recordOpenAIUsage(params) {
-    const usage = params.usage;
-    let inputTokens = typeof usage?.prompt_tokens === 'number'
-        ? usage.prompt_tokens
-        : (typeof usage?.input_tokens === 'number' ? usage.input_tokens : 0);
-    const outputTokens = typeof usage?.completion_tokens === 'number'
-        ? usage.completion_tokens
-        : (typeof usage?.output_tokens === 'number' ? usage.output_tokens : 0);
-    // Some OpenAI-compatible providers only return total_tokens.
-    if (inputTokens === 0 && outputTokens === 0 && typeof usage?.total_tokens === 'number') {
-        inputTokens = usage.total_tokens;
-    }
-    const cost = toCostDetails(params.model, usage);
-    recordUsage(buildUsageRecord({
-        model: params.model,
-        provider: params.provider,
-        inputTokens,
-        outputTokens,
-        inputCost: cost?.input ?? 0,
-        outputCost: cost?.output ?? 0,
-        totalCost: cost?.total ?? 0,
-        trigger: params.trigger || 'api',
-        agentId: params.agentId,
-    }));
-}
-async function startGenerationObservation(name, attributes) {
-    const { isLangfuseEnabled } = await import('../langfuse.js');
-    if (!isLangfuseEnabled())
-        return null;
-    attributes.metadata = { app: LANGFUSE_APP_NAME, ...attributes.metadata };
-    return startObservation(name, attributes, { asType: 'generation' });
-}
-export async function chatOpenAI(params, provider) {
-    const client = openaiClients.get(provider);
-    if (!client) {
-        throw new Error(`OpenAI client not initialized for provider: ${provider}`);
-    }
-    const { messages, options, config } = params;
-    const modelId = stripProvider(options.model, openaiClients);
-    const providerBaseURL = config.models.providers[provider]?.baseURL || '';
-    const isKimiLike = providerBaseURL.includes('kimi.com') || providerBaseURL.includes('moonshot.ai');
-    const kimiRequestExtras = isKimiLike
-        ? { extra_body: { interleaved: { field: 'reasoning_content' } } }
-        : {};
-    const openaiMessages = messages.map(m => ({
-        role: m.role,
-        content: toOpenAIContent(m.content),
-    }));
-    const genObs = await startGenerationObservation(`${provider}:${modelId}`, {
-        input: { messages: openaiMessages },
-        model: modelId,
-        modelParameters: {
-            max_tokens: options.maxTokens || 4096,
-            temperature: options.temperature,
-        },
-        metadata: { provider },
-    });
-    try {
-        const response = await client.chat.completions.create({
-            model: modelId,
-            messages: openaiMessages,
-            max_tokens: options.maxTokens || 4096,
-            temperature: options.temperature,
-            ...kimiRequestExtras,
-        });
-        let content = response.choices[0]?.message?.content || '';
-        // Strip <think>...</think> reasoning blocks (e.g. MiniMax M2.x)
-        content = content.replace(/<think>[\s\S]*?<\/think>\s*/g, '').trim();
-        recordOpenAIUsage({ model: modelId, provider, usage: response.usage, trigger: 'api' });
-        genObs?.update({
-            output: response.choices[0]?.message,
-            usageDetails: toUsageDetails(response.usage),
-            costDetails: toCostDetails(modelId, response.usage),
-        });
-        genObs?.end();
-        return content;
-    }
-    catch (err) {
-        const errorMessage = toErrorMessage(err);
-        genObs?.update({ level: 'ERROR', statusMessage: errorMessage, output: { error: errorMessage } });
-        genObs?.end();
-        throw err;
-    }
-}
-export async function chatWithToolsOpenAI(params, provider) {
-    const client = openaiClients.get(provider);
-    if (!client) {
-        throw new Error(`OpenAI client not initialized for provider: ${provider}`);
-    }
-    const { messages, options, config, toolConfig, toolContext } = params;
-    const modelId = stripProvider(options.model, openaiClients);
-    const maxIterations = toolConfig.maxIterations || 20;
-    // Resolve tools once at start
-    const includeSpawn = !!(toolContext?.fullConfig && (toolContext?.chatId || toolContext?.isCronJob));
-    const toolDefs = await getToolDefinitions(toolConfig, {
-        includeAgentTools: includeSpawn,
-        includeMcp: false,
-        projects: toolContext?.fullConfig?.projects
-    });
-    const openaiTools = toOpenAITools(toolDefs);
-    // Kimi requires interleaved reasoning content when replaying tool calls.
-    const providerBaseURL = config.models.providers[provider]?.baseURL || '';
-    const requiresReasoningContent = providerBaseURL.includes('kimi.com') || providerBaseURL.includes('moonshot.ai');
-    const kimiRequestExtras = requiresReasoningContent
-        ? { extra_body: { interleaved: { field: 'reasoning_content' } } }
-        : {};
-    // Build messages for OpenAI format — preserve images for vision models
-    const apiMessages = messages.map(m => ({
-        role: m.role,
-        content: toOpenAIContent(m.content),
-    }));
-    const toolLog = [];
-    // Guard: spin detection, no-progress detection, token budget
-    const guard = new ToolCallGuard(toolConfig.maxTurnTokens);
-    for (let i = 0; i < maxIterations; i++) {
-        // Check abort signal
-        if (toolContext?.abortSignal?.aborted) {
-            return {
-                response: `[Cancelled after ${toolLog.length} tool calls]`,
-                toolCalls: toolLog,
-            };
-        }
-        // Compact old tool results if context is growing large
-        const compactionResult = await compactOpenAIMessages(apiMessages, toolConfig.contextManagement, i + 1, config);
-        const messagesForApi = compactionResult.messages;
-        if (compactionResult.compacted) {
-            const method = compactionResult.method === 'llm' ? 'LLM summary' : 'truncation';
-            const detail = `~${Math.round((compactionResult.tokensBefore || 0) / 1000)}k → ~${Math.round((compactionResult.tokensAfter || 0) / 1000)}k tokens`;
-            toolLog.push(`[context compacted via ${method}: ${detail}]`);
-        }
-        console.log(`[agent:openai-tools] Iteration ${i + 1}/${maxIterations} (provider: ${provider}, model: ${modelId})`);
-        const genObs = await startGenerationObservation(`${provider}:${modelId}`, {
-            input: { messages: apiMessages },
-            model: modelId,
-            modelParameters: {
-                max_tokens: options.maxTokens || 4096,
-                temperature: options.temperature,
-            },
-            metadata: { provider, iteration: i + 1 },
-        });
-        let completion;
-        try {
-            completion = await client.chat.completions.create({
-                model: modelId,
-                messages: messagesForApi,
-                tools: openaiTools,
-                max_tokens: options.maxTokens || 4096,
-                temperature: options.temperature,
-                ...kimiRequestExtras,
-            });
-            recordOpenAIUsage({
-                model: modelId,
-                provider,
-                usage: completion.usage,
-                trigger: toolContext?.trigger || 'api',
-                agentId: toolContext?.agentId,
-            });
-            genObs?.update({
-                output: completion.choices[0]?.message,
-                usageDetails: toUsageDetails(completion.usage),
-                costDetails: toCostDetails(modelId, completion.usage),
-            });
-            genObs?.end();
-            // Guard: track token usage (stats only, no enforcement)
-            guard.recordTokens(completion.usage?.prompt_tokens ?? 0, completion.usage?.completion_tokens ?? 0);
-        }
-        catch (err) {
-            const errorMessage = toErrorMessage(err);
-            genObs?.update({ level: 'ERROR', statusMessage: errorMessage, output: { error: errorMessage } });
-            genObs?.end();
-            throw err;
-        }
-        const message = completion.choices[0]?.message;
-        if (!message) {
-            return {
-                response: '[No response from model]',
-                toolCalls: toolLog,
-                usage: {
-                    prompt_tokens: completion.usage?.prompt_tokens ?? 0,
-                    completion_tokens: completion.usage?.completion_tokens ?? 0,
-                    total_tokens: completion.usage?.total_tokens ?? 0,
-                },
-                cost: toCostDetails(modelId, completion.usage),
-            };
-        }
-        // No tool calls — return the text response
-        if (completion.choices[0]?.finish_reason !== 'tool_calls' || !message.tool_calls?.length) {
-            let content = message.content || '';
-            // Strip <think>...</think> reasoning blocks (e.g. MiniMax M2.x)
-            content = content.replace(/<think>[\s\S]*?<\/think>\s*/g, '').trim();
-            if (!content && toolLog.length > 0) {
-                content = `[Completed with ${toolLog.length} tool calls, no text response]`;
-            }
-            return {
-                response: content,
-                toolCalls: toolLog,
-                usage: {
-                    prompt_tokens: completion.usage?.prompt_tokens ?? 0,
-                    completion_tokens: completion.usage?.completion_tokens ?? 0,
-                    total_tokens: completion.usage?.total_tokens ?? 0,
-                },
-                cost: toCostDetails(modelId, completion.usage),
-            };
-        }
-        // Append assistant message with tool_calls to conversation.
-        // Kimi requires reasoning_content when thinking mode is enabled.
-        const assistantToolCallMessage = {
-            role: 'assistant',
-            content: message.content ?? null,
-            tool_calls: message.tool_calls,
-        };
-        const rawReasoning = message.reasoning_content
-            ?? message.additional_kwargs?.reasoning_content
-            ?? message.reasoning?.content;
-        if (rawReasoning !== undefined && rawReasoning !== null) {
-            assistantToolCallMessage.reasoning_content = Array.isArray(rawReasoning)
-                ? rawReasoning.join('\n')
-                : String(rawReasoning);
-        }
-        else if (requiresReasoningContent) {
-            // Some Kimi responses omit reasoning_content despite thinking mode.
-            // Send a placeholder to satisfy strict tool-call replay validation.
-            assistantToolCallMessage.reasoning_content = ' ';
-        }
-        apiMessages.push(assistantToolCallMessage);
-        // Execute each tool call
-        for (const toolCall of message.tool_calls) {
-            const fnName = toolCall.function.name;
-            if (fnName.startsWith('$')) {
-                const unsupported = `Provider-native tool "${fnName}" is not supported in this runtime.`;
-                console.warn(`[agent:openai-tools] ${unsupported}`);
-                apiMessages.push({
-                    role: 'tool',
-                    tool_call_id: toolCall.id,
-                    content: unsupported,
-                });
-                toolLog.push(`${fnName} [SKIPPED: provider-native tool unsupported]`);
-                continue;
-            }
-            let args;
-            try {
-                args = JSON.parse(toolCall.function.arguments || '{}');
-            }
-            catch {
-                args = {};
-            }
-            const inputStr = JSON.stringify(args).slice(0, 200);
-            console.log(`[agent:openai-tools] -> ${fnName}(${inputStr})`);
-            // Guard: spin detection
-            const guardResult = guard.recordCall(fnName, args);
-            if (guardResult.warning)
-                console.warn(`[agent:openai-tools:guard] ${guardResult.warning}`);
-            if (guardResult.blocked) {
-                apiMessages.push({
-                    role: 'tool',
-                    tool_call_id: toolCall.id,
-                    content: guardResult.warning || 'Blocked: repeated identical call',
-                });
-                toolLog.push(`${fnName} [BLOCKED: spin detected]`);
-                continue;
-            }
-            const { isLangfuseEnabled } = await import('../langfuse.js');
-            const toolObs = isLangfuseEnabled()
-                ? startObservation(`tool:${fnName}`, { input: args, metadata: { app: LANGFUSE_APP_NAME, tool: fnName } }, { asType: 'tool' })
-                : null;
-            const toolStart = Date.now();
-            try {
-                const result = await executeTool(fnName, args, toolConfig, toolContext) || '';
-                const truncatedResult = truncateToolResult(result);
-                const resultPreview = result.slice(0, 200) + (result.length > 200 ? '...' : '');
-                console.log(`[agent:openai-tools] <- ${resultPreview}`);
-                toolLog.push(`${fnName}(${inputStr}) → ${resultPreview}`);
-                toolObs?.update({ output: result });
-                toolObs?.end();
-                if (toolContext?.auditTraceId) {
-                    addEvent(toolContext.auditTraceId, {
-                        type: 'tool_use',
-                        summary: `${fnName}(${inputStr})`,
-                        durationMs: Date.now() - toolStart,
-                    });
-                }
-                // Add tool result in OpenAI format
-                apiMessages.push({
-                    role: 'tool',
-                    tool_call_id: toolCall.id,
-                    content: truncatedResult,
-                });
-                // Guard: no-progress detection
-                const progressResult = guard.recordResult(result);
-                if (progressResult.nudge) {
-                    console.warn(`[agent:openai-tools:guard] ${progressResult.nudge}`);
-                    apiMessages[apiMessages.length - 1].content += `\n\n[System: ${progressResult.nudge}]`;
-                }
-            }
-            catch (err) {
-                const errorMessage = toErrorMessage(err);
-                toolObs?.update({ level: 'ERROR', statusMessage: errorMessage, output: { error: errorMessage } });
-                toolObs?.end();
-                if (toolContext?.auditTraceId) {
-                    addEvent(toolContext.auditTraceId, {
-                        type: 'tool_error',
-                        summary: `${fnName} error: ${errorMessage.slice(0, 150)}`,
-                        durationMs: Date.now() - toolStart,
-                    });
-                }
-                throw err;
-            }
-        }
-    }
-    console.warn(`[agent:openai-tools] Max iterations (${maxIterations}) reached`);
-    return {
-        response: '[Tool use loop reached maximum iterations]',
-        toolCalls: toolLog,
-    };
-}
-/** Build UsageDetails from OpenAI usage response */
-function buildOpenAIUsageDetails(usage) {
-    return {
-        prompt_tokens: usage?.prompt_tokens ?? 0,
-        completion_tokens: usage?.completion_tokens ?? 0,
-        total_tokens: usage?.total_tokens ?? 0,
-    };
-}

package/dist/sandbox/bridge.d.ts

@@ -1,5 +0,0 @@
-export declare function sandboxBash(containerName: string, command: string, cwd?: string, timeout?: number): Promise<string>;
-export declare function sandboxReadFile(containerName: string, path: string): Promise<string>;
-export declare function sandboxWriteFile(containerName: string, path: string, content: string): Promise<string>;
-export declare function sandboxListDir(containerName: string, path: string): Promise<string>;
-export declare function sandboxGlob(containerName: string, base: string, pattern: string): Promise<string>;

package/dist/sandbox/bridge.js

@@ -1,63 +0,0 @@
-import { execInContainer } from './runtime.js';
-const MAX_BASH_OUTPUT = 50 * 1024; // 50KB
-const MAX_READ_OUTPUT = 100 * 1024; // 100KB
-function truncate(s, maxBytes) {
-    if (Buffer.byteLength(s) <= maxBytes)
-        return s;
-    const truncated = Buffer.from(s).subarray(0, maxBytes).toString('utf-8');
-    return truncated + '\n... (output truncated)';
-}
-/**
- * Shell-escape a string for use inside sh -c '...'
- * NOTE: execInContainer already wraps in sh -c, so callers pass
- * args as individual tokens. The runtime joins them with spaces
- * and does basic single-quote escaping. For bash commands we pass
- * the whole command as a single arg string.
- */
-function shellEscape(s) {
-    return "'" + s.replace(/'/g, "'\\''") + "'";
-}
-export async function sandboxBash(containerName, command, cwd, timeout) {
-    // Pass the full command as a single string so sh -c runs it verbatim
-    const shellCmd = cwd
-        ? `cd ${shellEscape(cwd)} && ${command}`
-        : command;
-    const result = await execInContainer(containerName, [shellCmd], { timeout: timeout ?? 30_000 });
-    let output = [result.stdout, result.stderr].filter(Boolean).join('\n');
-    output = truncate(output, MAX_BASH_OUTPUT);
-    if (result.exitCode !== 0) {
-        output += `\n[exit code: ${result.exitCode}]`;
-    }
-    return output || '(no output)';
-}
-export async function sandboxReadFile(containerName, path) {
-    // Pass as a single command string to avoid double-escaping
-    const result = await execInContainer(containerName, [`cat -- ${shellEscape(path)}`]);
-    if (result.exitCode !== 0) {
-        throw new Error(`Failed to read ${path}: ${result.stderr}`);
-    }
-    return truncate(result.stdout, MAX_READ_OUTPUT);
-}
-export async function sandboxWriteFile(containerName, path, content) {
-    // mkdir -p for parent dir, then write via stdin
-    const result = await execInContainer(containerName, [`mkdir -p $(dirname ${shellEscape(path)}) && cat > ${shellEscape(path)}`], { stdin: content });
-    if (result.exitCode !== 0) {
-        throw new Error(`Failed to write ${path}: ${result.stderr}`);
-    }
-    const bytes = Buffer.byteLength(content);
-    return `Written: ${path} (${bytes} bytes)`;
-}
-export async function sandboxListDir(containerName, path) {
-    const result = await execInContainer(containerName, [`ls -la ${shellEscape(path)}`]);
-    if (result.exitCode !== 0) {
-        throw new Error(`Failed to list ${path}: ${result.stderr}`);
-    }
-    return result.stdout;
-}
-export async function sandboxGlob(containerName, base, pattern) {
-    const result = await execInContainer(containerName, [`find ${shellEscape(base)} -name ${shellEscape(pattern)} -maxdepth 10 -type f`]);
-    if (result.exitCode !== 0) {
-        throw new Error(`Failed to glob ${base}/${pattern}: ${result.stderr}`);
-    }
-    return result.stdout;
-}

package/dist/sandbox/index.d.ts

@@ -1,5 +0,0 @@
-export { createContainer, execInContainer, removeContainer, isContainerRunning, cleanupOrphans, setRuntime, getRuntime, resetRuntime, probeRuntime } from './runtime.js';
-export type { ContainerOpts, ExecOpts, ExecResult } from './runtime.js';
-export { ensureContainer, releaseContainer, pruneIdle, releaseAll, SANDBOX_DEFAULTS } from './manager.js';
-export { sandboxBash, sandboxReadFile, sandboxWriteFile, sandboxListDir, sandboxGlob } from './bridge.js';
-export { validateMountPaths, isBlockedPath, translatePath } from './mount-security.js';

package/dist/sandbox/index.js

@@ -1,4 +0,0 @@
-export { createContainer, execInContainer, removeContainer, isContainerRunning, cleanupOrphans, setRuntime, getRuntime, resetRuntime, probeRuntime } from './runtime.js';
-export { ensureContainer, releaseContainer, pruneIdle, releaseAll, SANDBOX_DEFAULTS } from './manager.js';
-export { sandboxBash, sandboxReadFile, sandboxWriteFile, sandboxListDir, sandboxGlob } from './bridge.js';
-export { validateMountPaths, isBlockedPath, translatePath } from './mount-security.js';

package/dist/sandbox/manager.d.ts

@@ -1,7 +0,0 @@
-import type { SandboxConfig } from '../types.js';
-export declare const SANDBOX_DEFAULTS: SandboxConfig;
-export declare function ensureContainer(sessionId: string, config: SandboxConfig, allowedPaths: string[]): Promise<string>;
-export declare function releaseContainer(sessionId: string): Promise<void>;
-export declare function pruneIdle(maxIdleMs: number): Promise<number>;
-export declare function releaseAll(): Promise<void>;
-export declare function resetForTesting(): void;

package/dist/sandbox/manager.js

@@ -1,100 +0,0 @@
-import { createContainer, removeContainer, isContainerRunning } from './runtime.js';
-import { validateMountPaths } from './mount-security.js';
-export const SANDBOX_DEFAULTS = {
-    enabled: false,
-    image: 'skimpyclaw-sandbox',
-    cpus: 2,
-    memory: '2G',
-    network: 'bridge',
-    idleTimeoutMs: 3_600_000,
-};
-const activeContainers = new Map();
-export async function ensureContainer(sessionId, config, allowedPaths) {
-    const name = `skimpyclaw-sbx-${sessionId}`;
-    const existing = activeContainers.get(sessionId);
-    if (existing) {
-        const running = await isContainerRunning(existing.name);
-        if (running) {
-            existing.lastUsed = Date.now();
-            return existing.name;
-        }
-        // Container died — remove from map, recreate
-        activeContainers.delete(sessionId);
-    }
-    // Process restarts clear in-memory state; adopt or clean an existing named
-    // container so a duplicate-name create does not fail.
-    const alreadyRunning = await isContainerRunning(name);
-    if (alreadyRunning) {
-        activeContainers.set(sessionId, {
-            name,
-            sessionId,
-            lastUsed: Date.now(),
-        });
-        return name;
-    }
-    // Best effort cleanup for stopped or half-created containers with same name.
-    await removeContainer(name);
-    const mounts = validateMountPaths(allowedPaths);
-    const uid = process.getuid?.() ?? 501;
-    const gid = process.getgid?.() ?? 20;
-    const merged = { ...SANDBOX_DEFAULTS, ...config };
-    // Expand ${VAR} references in env values from process.env
-    let resolvedEnv;
-    if (config.env) {
-        resolvedEnv = {};
-        for (const [key, val] of Object.entries(config.env)) {
-            resolvedEnv[key] = val.replace(/\$\{(\w+)\}/g, (_match, name) => {
-                return process.env[name] ?? '';
-            });
-        }
-    }
-    const opts = {
-        image: merged.image,
-        cpus: merged.cpus,
-        memory: merged.memory,
-        network: merged.network,
-        mounts: mounts.map((m) => ({
-            host: m.host,
-            container: m.container,
-            readOnly: m.readOnly,
-        })),
-        env: resolvedEnv,
-        user: `${uid}:${gid}`,
-    };
-    await createContainer(name, opts);
-    activeContainers.set(sessionId, {
-        name,
-        sessionId,
-        lastUsed: Date.now(),
-    });
-    return name;
-}
-export async function releaseContainer(sessionId) {
-    const entry = activeContainers.get(sessionId);
-    if (!entry)
-        return;
-    activeContainers.delete(sessionId);
-    await removeContainer(entry.name);
-}
-export async function pruneIdle(maxIdleMs) {
-    const now = Date.now();
-    let pruned = 0;
-    for (const [sessionId, entry] of activeContainers) {
-        if (now - entry.lastUsed > maxIdleMs) {
-            activeContainers.delete(sessionId);
-            await removeContainer(entry.name);
-            pruned++;
-        }
-    }
-    return pruned;
-}
-export async function releaseAll() {
-    const entries = Array.from(activeContainers.values());
-    activeContainers.clear();
-    for (const entry of entries) {
-        await removeContainer(entry.name);
-    }
-}
-export function resetForTesting() {
-    activeContainers.clear();
-}

package/dist/sandbox/mount-security.d.ts

@@ -1,12 +0,0 @@
-export interface MountSpec {
-    host: string;
-    container: string;
-    readOnly: boolean;
-}
-export declare function isBlockedPath(resolvedPath: string): boolean;
-export declare function validateMountPaths(allowedPaths: string[]): MountSpec[];
-/**
- * Translate a host path to its container equivalent using mount specs.
- * Returns the original path if no mount matches (will likely fail inside container).
- */
-export declare function translatePath(hostPath: string, mounts: MountSpec[]): string;

package/dist/sandbox/mount-security.js

@@ -1,122 +0,0 @@
-import { realpathSync, existsSync } from 'fs';
-import { resolve, basename } from 'path';
-import { homedir } from 'os';
-const BLOCKED_PATTERNS = [
-    '.ssh',
-    '.gnupg',
-    '.gpg',
-    '.aws',
-    '.azure',
-    '.gcloud',
-    'credentials',
-    '.env',
-    '.npmrc',
-    '.pypirc',
-    '.docker/config.json',
-    '.kube',
-];
-export function isBlockedPath(resolvedPath) {
-    const segments = resolvedPath.split('/');
-    for (const segment of segments) {
-        if (BLOCKED_PATTERNS.includes(segment)) {
-            return true;
-        }
-    }
-    // Also check for compound patterns like .docker/config.json
-    for (const pattern of BLOCKED_PATTERNS) {
-        if (pattern.includes('/') && resolvedPath.includes(pattern)) {
-            return true;
-        }
-    }
-    return false;
-}
-export function validateMountPaths(allowedPaths) {
-    const home = homedir();
-    const mounts = [];
-    const usedBaseNames = new Map();
-    for (const rawPath of allowedPaths) {
-        const expanded = rawPath.startsWith('~')
-            ? resolve(home, rawPath.slice(2))
-            : resolve(rawPath);
-        let resolved;
-        try {
-            if (!existsSync(expanded)) {
-                continue; // Skip missing paths
-            }
-            resolved = realpathSync(expanded);
-        }
-        catch {
-            continue; // Skip paths that can't be resolved
-        }
-        if (isBlockedPath(resolved)) {
-            throw new Error(`Blocked path: ${resolved} matches security exclusion pattern`);
-        }
-        let base = basename(resolved);
-        const count = usedBaseNames.get(base) ?? 0;
-        usedBaseNames.set(base, count + 1);
-        if (count > 0) {
-            base = `${base}_${count}`;
-        }
-        mounts.push({
-            host: resolved,
-            container: `/workspace/${base}`,
-            readOnly: false,
-        });
-    }
-    // Always add ~/.skimpyclaw at /workspace/config
-    const skimpyclawDir = resolve(home, '.skimpyclaw');
-    if (existsSync(skimpyclawDir)) {
-        const resolved = realpathSync(skimpyclawDir);
-        // Only add if not already included
-        if (!mounts.some((m) => m.host === resolved)) {
-            mounts.push({
-                host: resolved,
-                container: '/workspace/config',
-                readOnly: false,
-            });
-        }
-    }
-    return mounts;
-}
-/**
- * Translate a host path to its container equivalent using mount specs.
- * Returns the original path if no mount matches (will likely fail inside container).
- */
-export function translatePath(hostPath, mounts) {
-    // Expand ~ to home directory (~ is a shell feature, not handled by resolve())
-    const expanded = hostPath.startsWith('~/')
-        ? homedir() + hostPath.slice(1)
-        : hostPath;
-    const candidates = getPathCandidates(expanded);
-    // Sort by host path length descending so we match the most specific mount first
-    const sorted = [...mounts].sort((a, b) => b.host.length - a.host.length);
-    for (const candidate of candidates) {
-        for (const mount of sorted) {
-            if (candidate === mount.host || candidate.startsWith(mount.host + '/')) {
-                const relative = candidate.slice(mount.host.length);
-                return mount.container + relative;
-            }
-        }
-    }
-    return hostPath;
-}
-function getPathCandidates(hostPath) {
-    const set = new Set();
-    const resolved = resolve(hostPath);
-    set.add(resolved);
-    try {
-        set.add(realpathSync(resolved));
-    }
-    catch {
-        // Path may not exist yet (e.g. write targets); keep resolved form.
-    }
-    for (const p of Array.from(set)) {
-        if (p.startsWith('/Users/')) {
-            set.add(`/System/Volumes/Data${p}`);
-        }
-        else if (p.startsWith('/System/Volumes/Data/Users/')) {
-            set.add(p.replace('/System/Volumes/Data', ''));
-        }
-    }
-    return Array.from(set);
-}