skyloom 1.16.2 → 1.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (109) hide show
  1. package/README.md +15 -3
  2. package/dist/cli/loom_chat.d.ts.map +1 -1
  3. package/dist/cli/loom_chat.js +17 -0
  4. package/dist/cli/loom_chat.js.map +1 -1
  5. package/dist/cli/main.js +37 -1
  6. package/dist/cli/main.js.map +1 -1
  7. package/dist/core/agent.d.ts +2 -0
  8. package/dist/core/agent.d.ts.map +1 -1
  9. package/dist/core/agent.js +21 -5
  10. package/dist/core/agent.js.map +1 -1
  11. package/dist/core/bgproc.d.ts +59 -0
  12. package/dist/core/bgproc.d.ts.map +1 -0
  13. package/dist/core/bgproc.js +135 -0
  14. package/dist/core/bgproc.js.map +1 -0
  15. package/dist/core/commands.d.ts.map +1 -1
  16. package/dist/core/commands.js +20 -0
  17. package/dist/core/commands.js.map +1 -1
  18. package/dist/core/diagnostics.d.ts +39 -0
  19. package/dist/core/diagnostics.d.ts.map +1 -0
  20. package/dist/core/diagnostics.js +206 -0
  21. package/dist/core/diagnostics.js.map +1 -0
  22. package/dist/core/diff.d.ts +31 -0
  23. package/dist/core/diff.d.ts.map +1 -0
  24. package/dist/core/diff.js +82 -0
  25. package/dist/core/diff.js.map +1 -0
  26. package/dist/core/envcontext.d.ts +25 -0
  27. package/dist/core/envcontext.d.ts.map +1 -0
  28. package/dist/core/envcontext.js +112 -0
  29. package/dist/core/envcontext.js.map +1 -0
  30. package/dist/core/factory.d.ts +2 -0
  31. package/dist/core/factory.d.ts.map +1 -1
  32. package/dist/core/factory.js +35 -2
  33. package/dist/core/factory.js.map +1 -1
  34. package/dist/core/patch.d.ts +59 -0
  35. package/dist/core/patch.d.ts.map +1 -0
  36. package/dist/core/patch.js +220 -0
  37. package/dist/core/patch.js.map +1 -0
  38. package/dist/core/protocol.d.ts +11 -0
  39. package/dist/core/protocol.d.ts.map +1 -0
  40. package/dist/core/protocol.js +39 -0
  41. package/dist/core/protocol.js.map +1 -0
  42. package/dist/core/sandbox.d.ts +1 -0
  43. package/dist/core/sandbox.d.ts.map +1 -1
  44. package/dist/core/sandbox.js +1 -0
  45. package/dist/core/sandbox.js.map +1 -1
  46. package/dist/core/search.d.ts +41 -0
  47. package/dist/core/search.d.ts.map +1 -0
  48. package/dist/core/search.js +156 -0
  49. package/dist/core/search.js.map +1 -0
  50. package/dist/core/security.d.ts +22 -2
  51. package/dist/core/security.d.ts.map +1 -1
  52. package/dist/core/security.js +55 -24
  53. package/dist/core/security.js.map +1 -1
  54. package/dist/core/skill.d.ts +4 -0
  55. package/dist/core/skill.d.ts.map +1 -1
  56. package/dist/core/skill.js +1 -0
  57. package/dist/core/skill.js.map +1 -1
  58. package/dist/core/subagent.d.ts +75 -0
  59. package/dist/core/subagent.d.ts.map +1 -0
  60. package/dist/core/subagent.js +287 -0
  61. package/dist/core/subagent.js.map +1 -0
  62. package/dist/core/tool.d.ts +23 -1
  63. package/dist/core/tool.d.ts.map +1 -1
  64. package/dist/core/tool.js +95 -30
  65. package/dist/core/tool.js.map +1 -1
  66. package/dist/plugins/loader.d.ts +49 -8
  67. package/dist/plugins/loader.d.ts.map +1 -1
  68. package/dist/plugins/loader.js +129 -16
  69. package/dist/plugins/loader.js.map +1 -1
  70. package/dist/tools/builtin.d.ts.map +1 -1
  71. package/dist/tools/builtin.js +183 -17
  72. package/dist/tools/builtin.js.map +1 -1
  73. package/dist/tools/spawn.d.ts +23 -0
  74. package/dist/tools/spawn.d.ts.map +1 -0
  75. package/dist/tools/spawn.js +77 -0
  76. package/dist/tools/spawn.js.map +1 -0
  77. package/docs/OPTIMIZATION_PLAN.md +21 -4
  78. package/package.json +1 -1
  79. package/src/cli/loom_chat.ts +11 -0
  80. package/src/cli/main.ts +31 -1
  81. package/src/core/agent.ts +20 -5
  82. package/src/core/bgproc.ts +153 -0
  83. package/src/core/commands.ts +20 -0
  84. package/src/core/diagnostics.ts +178 -0
  85. package/src/core/diff.ts +98 -0
  86. package/src/core/envcontext.ts +79 -0
  87. package/src/core/factory.ts +31 -2
  88. package/src/core/patch.ts +176 -0
  89. package/src/core/protocol.ts +36 -0
  90. package/src/core/sandbox.ts +1 -1
  91. package/src/core/search.ts +138 -0
  92. package/src/core/security.ts +63 -21
  93. package/src/core/skill.ts +1 -1
  94. package/src/core/subagent.ts +272 -0
  95. package/src/core/tool.ts +101 -31
  96. package/src/plugins/loader.ts +145 -18
  97. package/src/tools/builtin.ts +167 -17
  98. package/src/tools/spawn.ts +92 -0
  99. package/tests/bgproc.test.ts +65 -0
  100. package/tests/diagnostics.test.ts +86 -0
  101. package/tests/edit_diff.test.ts +102 -0
  102. package/tests/envcontext.test.ts +67 -0
  103. package/tests/patch.test.ts +128 -0
  104. package/tests/plugins.test.ts +84 -0
  105. package/tests/protocol.test.ts +27 -0
  106. package/tests/search.test.ts +87 -0
  107. package/tests/security.test.ts +87 -0
  108. package/tests/subagent.test.ts +211 -0
  109. package/tests/tool.test.ts +120 -0
@@ -0,0 +1,138 @@
1
+ /**
2
+ * Code search — a dependency-light, cross-platform engine for "find where X is
3
+ * used and read it in context". Backs the code_search tool and is the fallback
4
+ * for grep when ripgrep/grep aren't installed (common on Windows), so search
5
+ * never silently returns nothing just because a binary is missing.
6
+ */
7
+
8
+ import * as fs from 'fs';
9
+ import * as path from 'path';
10
+ import { globSync } from 'glob';
11
+
12
+ export interface SearchOptions {
13
+ pattern: string;
14
+ /** Root directory to search (default: cwd). */
15
+ root?: string;
16
+ /** Glob to restrict files (e.g. "**\/*.ts"). Default: all files. */
17
+ glob?: string;
18
+ /** Case-insensitive match (default false). */
19
+ ignoreCase?: boolean;
20
+ /** Treat pattern as a regular expression (default true). */
21
+ regex?: boolean;
22
+ /** Lines of context around each match (default 0). */
23
+ context?: number;
24
+ /** Cap on total matches returned (default 200). */
25
+ maxResults?: number;
26
+ /** Skip files larger than this many bytes (default 2 MiB). */
27
+ maxFileBytes?: number;
28
+ }
29
+
30
+ export interface SearchMatch {
31
+ file: string; // relative to root
32
+ line: number; // 1-based
33
+ text: string;
34
+ before?: string[];
35
+ after?: string[];
36
+ }
37
+
38
+ export interface SearchResult {
39
+ matches: SearchMatch[];
40
+ filesScanned: number;
41
+ truncated: boolean;
42
+ error?: string;
43
+ }
44
+
45
+ /** Directories never worth searching — vendored, generated, or VCS internals. */
46
+ const DEFAULT_IGNORES = [
47
+ '**/node_modules/**', '**/.git/**', '**/dist/**', '**/build/**',
48
+ '**/coverage/**', '**/.next/**', '**/out/**', '**/.cache/**',
49
+ '**/vendor/**', '**/.venv/**', '**/__pycache__/**',
50
+ ];
51
+
52
+ function looksBinary(buf: Buffer): boolean {
53
+ const n = Math.min(buf.length, 8000);
54
+ for (let i = 0; i < n; i++) if (buf[i] === 0) return true; // NUL byte ⇒ binary
55
+ return false;
56
+ }
57
+
58
+ /** Pure-JS recursive code search. No external process required. */
59
+ export function searchCode(opts: SearchOptions): SearchResult {
60
+ const root = path.resolve(opts.root || process.cwd());
61
+ const maxResults = opts.maxResults ?? 200;
62
+ const maxFileBytes = opts.maxFileBytes ?? 2 * 1024 * 1024;
63
+ const context = Math.max(0, opts.context ?? 0);
64
+
65
+ let matcher: (line: string) => boolean;
66
+ if (opts.regex === false) {
67
+ const needle = opts.ignoreCase ? opts.pattern.toLowerCase() : opts.pattern;
68
+ matcher = (line) => (opts.ignoreCase ? line.toLowerCase() : line).includes(needle);
69
+ } else {
70
+ let re: RegExp;
71
+ try {
72
+ re = new RegExp(opts.pattern, opts.ignoreCase ? 'i' : '');
73
+ } catch (e) {
74
+ return { matches: [], filesScanned: 0, truncated: false, error: `invalid regex: ${e}` };
75
+ }
76
+ matcher = (line) => re.test(line);
77
+ }
78
+
79
+ let files: string[];
80
+ try {
81
+ files = globSync(opts.glob || '**/*', {
82
+ cwd: root, nodir: true, dot: false, ignore: DEFAULT_IGNORES,
83
+ });
84
+ } catch (e) {
85
+ return { matches: [], filesScanned: 0, truncated: false, error: `glob failed: ${e}` };
86
+ }
87
+
88
+ const matches: SearchMatch[] = [];
89
+ let filesScanned = 0;
90
+ let truncated = false;
91
+
92
+ for (const rel of files) {
93
+ if (matches.length >= maxResults) { truncated = true; break; }
94
+ const abs = path.join(root, rel);
95
+ let buf: Buffer;
96
+ try {
97
+ const stat = fs.statSync(abs);
98
+ if (stat.size > maxFileBytes) continue;
99
+ buf = fs.readFileSync(abs);
100
+ } catch { continue; }
101
+ if (looksBinary(buf)) continue;
102
+
103
+ filesScanned++;
104
+ const lines = buf.toString('utf8').split('\n');
105
+ for (let i = 0; i < lines.length; i++) {
106
+ if (!matcher(lines[i])) continue;
107
+ const m: SearchMatch = { file: rel.split(path.sep).join('/'), line: i + 1, text: lines[i] };
108
+ if (context > 0) {
109
+ m.before = lines.slice(Math.max(0, i - context), i);
110
+ m.after = lines.slice(i + 1, i + 1 + context);
111
+ }
112
+ matches.push(m);
113
+ if (matches.length >= maxResults) { truncated = true; break; }
114
+ }
115
+ }
116
+
117
+ return { matches, filesScanned, truncated };
118
+ }
119
+
120
+ /** Render a SearchResult as ripgrep-style `file:line:text` (with context). */
121
+ export function formatSearchResult(res: SearchResult): string {
122
+ if (res.error) return `Search error: ${res.error}`;
123
+ if (res.matches.length === 0) return 'No matches found.';
124
+ const out: string[] = [];
125
+ let lastFile = '';
126
+ for (const m of res.matches) {
127
+ if (m.file !== lastFile) { if (out.length) out.push(''); lastFile = m.file; }
128
+ for (let k = 0; k < (m.before?.length || 0); k++) {
129
+ out.push(`${m.file}:${m.line - (m.before!.length - k)}- ${m.before![k]}`);
130
+ }
131
+ out.push(`${m.file}:${m.line}: ${m.text}`);
132
+ for (let k = 0; k < (m.after?.length || 0); k++) {
133
+ out.push(`${m.file}:${m.line + k + 1}- ${m.after![k]}`);
134
+ }
135
+ }
136
+ if (res.truncated) out.push(`\n…[results truncated at ${res.matches.length} matches — narrow the pattern or glob]`);
137
+ return out.join('\n');
138
+ }
@@ -77,6 +77,7 @@ const TOOL_DANGER_MAP: Record<string, DangerLevel> = {
77
77
 
78
78
  write_file: DangerLevel.LOW,
79
79
  edit_file: DangerLevel.LOW,
80
+ apply_patch: DangerLevel.LOW,
80
81
  copy_file: DangerLevel.LOW,
81
82
  move_file: DangerLevel.LOW,
82
83
  make_directory: DangerLevel.LOW,
@@ -137,20 +138,75 @@ export interface AuditEntry {
137
138
  /* ═══════════════════════════════════════
138
139
  Security context — per-session security state
139
140
  ═══════════════════════════════════════ */
141
+ /**
142
+ * Permission modes (Claude Code parity):
143
+ * - strict deny every non-SAFE tool (read-only-ish lockdown)
144
+ * - interactive ask before every non-SAFE tool ("default")
145
+ * - auto allow LOW, ask MEDIUM/HIGH, deny CRITICAL
146
+ * - acceptEdits auto-accept file-edit tools, otherwise behave like auto
147
+ * - bypass allow everything except red-line patterns ("yolo")
148
+ */
149
+ export type ApprovalMode = "auto" | "interactive" | "strict" | "acceptEdits" | "bypass";
150
+ export type Decision = "allow" | "ask" | "deny";
151
+
152
+ /** User-facing aliases → canonical permission mode (for /perm and config). */
153
+ export const PERMISSION_MODE_ALIASES: Record<string, ApprovalMode> = {
154
+ default: "interactive",
155
+ interactive: "interactive",
156
+ ask: "interactive",
157
+ auto: "auto",
158
+ accept: "acceptEdits",
159
+ acceptedits: "acceptEdits",
160
+ edits: "acceptEdits",
161
+ strict: "strict",
162
+ readonly: "strict",
163
+ bypass: "bypass",
164
+ yolo: "bypass",
165
+ };
166
+
167
+ /** Tools that mutate the filesystem — the ones acceptEdits waves through. */
168
+ const EDIT_TOOL_RE = /^(write_|edit_|append_|replace_|create_|make_|copy_|move_|delete_)|^apply_patch$/;
169
+ export function isEditTool(toolName: string): boolean { return EDIT_TOOL_RE.test(toolName); }
170
+
171
+ /**
172
+ * Pure permission decision (red-line is gated separately, before this). Keeps
173
+ * the ask/allow/deny semantics in one testable place across all modes.
174
+ */
175
+ export function decideApproval(level: DangerLevel, mode: ApprovalMode, toolName: string): Decision {
176
+ if (level === DangerLevel.SAFE) return "allow";
177
+ switch (mode) {
178
+ case "bypass": return "allow";
179
+ case "strict": return "deny";
180
+ case "interactive": return "ask";
181
+ case "acceptEdits":
182
+ if (level === DangerLevel.CRITICAL) return "deny";
183
+ if (isEditTool(toolName)) return "allow";
184
+ return level <= DangerLevel.LOW ? "allow" : "ask";
185
+ case "auto":
186
+ default:
187
+ if (level <= DangerLevel.LOW) return "allow";
188
+ if (level === DangerLevel.CRITICAL) return "deny";
189
+ return "ask";
190
+ }
191
+ }
192
+
140
193
  export class SecurityContext {
141
194
  public auditLog: AuditEntry[] = [];
142
195
  public deniedCount = 0;
143
196
  public autoApprovedCount = 0;
144
197
  public manualApprovedCount = 0;
145
- public approvalMode: "auto" | "interactive" | "strict" = "auto";
198
+ public approvalMode: ApprovalMode = "auto";
146
199
 
147
200
  private approvalCallback: ((tool: string, args: Record<string, any>, level: DangerLevel) => Promise<boolean>) | null = null;
148
201
 
149
- constructor(opts?: { mode?: "auto" | "interactive" | "strict"; onApprove?: (tool: string, args: Record<string, any>, level: DangerLevel) => Promise<boolean> }) {
202
+ constructor(opts?: { mode?: ApprovalMode; onApprove?: (tool: string, args: Record<string, any>, level: DangerLevel) => Promise<boolean> }) {
150
203
  if (opts?.mode) this.approvalMode = opts.mode;
151
204
  if (opts?.onApprove) this.approvalCallback = opts.onApprove;
152
205
  }
153
206
 
207
+ /** Switch the active permission mode at runtime. */
208
+ setMode(mode: ApprovalMode): void { this.approvalMode = mode; }
209
+
154
210
  /** Get the danger level for a tool. Defaults to SAFE for unknown tools. */
155
211
  getDangerLevel(toolName: string): DangerLevel {
156
212
  return TOOL_DANGER_MAP[toolName] ?? DangerLevel.SAFE;
@@ -180,27 +236,13 @@ export class SecurityContext {
180
236
  return [false, redline];
181
237
  }
182
238
 
183
- // Safe always allow
184
- if (level === DangerLevel.SAFE) return [true, "safe"];
185
-
186
- // Strict mode deny all non-safe
187
- if (this.approvalMode === "strict") {
188
- return [false, `Strict mode: tool '${toolName}' (level ${level}) requires manual approval`];
189
- }
190
-
191
- // Auto mode — allow LOW, prompt for MEDIUM+, deny CRITICAL
192
- if (this.approvalMode === "auto") {
193
- if (level <= DangerLevel.LOW) return [true, "auto-low"];
194
- if (level === DangerLevel.CRITICAL) return [false, `CRITICAL tool '${toolName}' requires explicit human approval`];
195
- // MEDIUM/HIGH with auto mode => need callback
196
- if (this.approvalCallback) {
197
- const approved = await this.approvalCallback(toolName, args, level);
198
- return [approved, approved ? "user-approved" : "user-denied"];
199
- }
200
- return [true, "auto-med"]; // no callback → auto-allow but log
239
+ const decision = decideApproval(level, this.approvalMode, toolName);
240
+ if (decision === "allow") return [true, level === DangerLevel.SAFE ? "safe" : `${this.approvalMode}-allow`];
241
+ if (decision === "deny") {
242
+ return [false, `${this.approvalMode} mode: tool '${toolName}' (level ${level}) requires approval / is blocked`];
201
243
  }
202
244
 
203
- // Interactive modeprompt for LOW+
245
+ // decision === "ask" defer to the interactive callback if present.
204
246
  if (this.approvalCallback) {
205
247
  const approved = await this.approvalCallback(toolName, args, level);
206
248
  return [approved, approved ? "user-approved" : "user-denied"];
package/src/core/skill.ts CHANGED
@@ -210,7 +210,7 @@ function parseFrontmatter(text: string): { fm: Record<string, any>; body: string
210
210
  /**
211
211
  * Normalize a Claude Code tool name into sky's registry name.
212
212
  */
213
- function normalizeClaudeToolName(raw: string): string {
213
+ export function normalizeClaudeToolName(raw: string): string {
214
214
  let s = raw.trim();
215
215
  if (!s) return s;
216
216
  // Strip permission scoping: Bash(ls *) -> Bash
@@ -0,0 +1,272 @@
1
+ /**
2
+ * Subagents — general-purpose, user-definable agents spawned with an ISOLATED
3
+ * context to handle one focused, self-contained task (the `spawn_agent` tool).
4
+ *
5
+ * This mirrors Claude Code's Task tool / opencode subagents: an orchestrator
6
+ * spins up a child agent that has its own fresh memory and a (optionally
7
+ * restricted) tool set, runs it to completion, and gets back only the child's
8
+ * final report — keeping the parent's context clean.
9
+ *
10
+ * Definitions come from three places (later wins on name collision):
11
+ * 1. built-in: general-purpose, explore
12
+ * 2. user: ~/.claude/agents/ (Claude Code compatible), ~/.skyloom/agents/
13
+ * 3. project: <cwd>/.claude/agents/, <cwd>/.sky/agents/
14
+ *
15
+ * Each file is `<root>/<name>.md` with Claude Code compatible YAML frontmatter
16
+ * (name / description / tools / model). The body is the subagent's system
17
+ * prompt. `tools` accepts Claude names (Read, Grep, Bash…) — they're aliased to
18
+ * sky's registry names. Omitting `tools` grants the full inherited tool set.
19
+ */
20
+
21
+ import * as fs from 'fs';
22
+ import * as os from 'os';
23
+ import * as path from 'path';
24
+ import { parse as parseYaml } from 'yaml';
25
+
26
+ import { BaseAgent } from './agent';
27
+ import type { MessageBus } from './bus';
28
+ import { LLMClient } from './llm';
29
+ import { ToolRegistry } from './tool';
30
+ import { SkillRegistry } from './skill';
31
+ import { normalizeClaudeToolName } from './skill';
32
+ import { getLogger } from './logger';
33
+
34
+ const log = getLogger('subagent');
35
+
36
+ export interface SubagentDefinition {
37
+ /** Identifier used as `agent_type` in the spawn_agent tool. */
38
+ name: string;
39
+ /** One-line summary — shown to the orchestrator to choose the right subagent. */
40
+ description: string;
41
+ /** The subagent's system prompt (markdown body of the definition file). */
42
+ systemPrompt: string;
43
+ /** Allowlist of tool names; `null` means inherit the full tool set. */
44
+ tools: string[] | null;
45
+ /** Optional model override (else the spawning agent's default model). */
46
+ model?: string;
47
+ /** Where this definition came from: 'builtin' or an absolute file path. */
48
+ source: string;
49
+ }
50
+
51
+ /** Read-only tools for the `explore` subagent — search/read, never mutate. */
52
+ export const READ_ONLY_TOOLS = [
53
+ 'read_file', 'list_directory', 'tree', 'file_search', 'code_search', 'grep',
54
+ 'web_search', 'fetch_page', 'http_get',
55
+ 'git_status', 'git_diff', 'git_log',
56
+ 'system_info',
57
+ ];
58
+
59
+ const BUILTIN_DEFS: SubagentDefinition[] = [
60
+ {
61
+ name: 'general-purpose',
62
+ description: '通用子智能体 — 研究复杂问题、搜索代码、执行多步任务。当你不确定一两次能否定位答案时,把搜索/调研整段交给它。',
63
+ systemPrompt:
64
+ '你是一个通用子智能体,擅长把一个目标拆成步骤并用工具逐一推进:搜索、阅读、分析、必要时修改,然后汇报。' +
65
+ '独立完成任务,不要反问;遇到歧义就合理假设并说明。最终回复要完整自洽 —— 编排者只看得到这一条。',
66
+ tools: null,
67
+ source: 'builtin',
68
+ },
69
+ {
70
+ name: 'explore',
71
+ description: '只读探索子智能体 — 在大量文件/目录中做广度搜索,只读不写。需要"扫一遍代码库定位某物"且只要结论时用它。',
72
+ systemPrompt:
73
+ '你是一个只读探索子智能体。你的工作是在代码库/网络中快速定位信息并给出结论,绝不修改任何文件。' +
74
+ '优先用 grep / code_search / file_search / tree 做广度扫描,读取关键片段而非整文件。' +
75
+ '汇报时给出精确的文件路径与行号(file_path:line),以及一段简明结论。',
76
+ tools: READ_ONLY_TOOLS,
77
+ source: 'builtin',
78
+ },
79
+ ];
80
+
81
+ /** User/project subagent definition roots, lowest precedence first. */
82
+ export function subagentDirs(cwd: string = process.cwd()): string[] {
83
+ return [
84
+ path.join(os.homedir(), '.claude', 'agents'),
85
+ path.join(os.homedir(), '.skyloom', 'agents'),
86
+ path.join(cwd, '.claude', 'agents'),
87
+ path.join(cwd, '.sky', 'agents'),
88
+ ];
89
+ }
90
+
91
+ function parseToolsField(raw: unknown): string[] | null {
92
+ let list: string[] | null = null;
93
+ if (Array.isArray(raw)) {
94
+ list = raw.filter((t): t is string => typeof t === 'string');
95
+ } else if (typeof raw === 'string') {
96
+ const trimmed = raw.trim();
97
+ if (!trimmed || trimmed === '*' || trimmed.toLowerCase() === 'all') return null;
98
+ list = trimmed.split(',').map((t) => t.trim()).filter(Boolean);
99
+ } else {
100
+ return null; // omitted → inherit all
101
+ }
102
+ if (!list || list.length === 0) return null;
103
+ // Normalize Claude names → sky names, dedupe preserving order
104
+ const seen = new Set<string>();
105
+ const out: string[] = [];
106
+ for (const t of list.map(normalizeClaudeToolName)) {
107
+ if (!seen.has(t)) { seen.add(t); out.push(t); }
108
+ }
109
+ return out;
110
+ }
111
+
112
+ /** Parse a single `<name>.md` subagent definition file. */
113
+ export function parseSubagentFile(filePath: string): SubagentDefinition | null {
114
+ let text: string;
115
+ try {
116
+ text = fs.readFileSync(filePath, 'utf8');
117
+ } catch {
118
+ return null;
119
+ }
120
+ let fm: Record<string, any> = {};
121
+ let body = text;
122
+ const m = text.match(/^---\s*\n(.*?)\n---\s*\n?(.*)/s);
123
+ if (m) {
124
+ try { fm = parseYaml(m[1]) || {}; } catch { fm = {}; }
125
+ body = m[2];
126
+ }
127
+ const fileBase = path.basename(filePath).replace(/\.md$/i, '');
128
+ const name = (typeof fm.name === 'string' && fm.name.trim()) ? fm.name.trim() : fileBase;
129
+ if (!name) return null;
130
+ const description = (typeof fm.description === 'string' && fm.description.trim())
131
+ ? fm.description.trim()
132
+ : `自定义子智能体 ${name}`;
133
+ const model = (typeof fm.model === 'string' && fm.model.trim()) ? fm.model.trim() : undefined;
134
+ return {
135
+ name,
136
+ description,
137
+ systemPrompt: body.trim() || `你是 ${name} 子智能体。${description}`,
138
+ tools: parseToolsField(fm.tools),
139
+ model,
140
+ source: filePath,
141
+ };
142
+ }
143
+
144
+ /**
145
+ * Load all subagent definitions: built-ins overlaid by user then project files.
146
+ * Cheap enough to call per spawn so edits to definition files apply live.
147
+ */
148
+ export function loadSubagentDefinitions(cwd: string = process.cwd()): Map<string, SubagentDefinition> {
149
+ const map = new Map<string, SubagentDefinition>();
150
+ for (const d of BUILTIN_DEFS) map.set(d.name, d);
151
+
152
+ for (const dir of subagentDirs(cwd)) {
153
+ let entries: string[];
154
+ try {
155
+ if (!fs.existsSync(dir)) continue;
156
+ entries = fs.readdirSync(dir);
157
+ } catch { continue; }
158
+ for (const entry of entries) {
159
+ if (!entry.toLowerCase().endsWith('.md')) continue;
160
+ const def = parseSubagentFile(path.join(dir, entry));
161
+ if (def) map.set(def.name, def);
162
+ }
163
+ }
164
+ return map;
165
+ }
166
+
167
+ /**
168
+ * A generic agent built from a SubagentDefinition. Reuses the full BaseAgent
169
+ * reasoning loop but supplies its own identity block (the team-persona block
170
+ * would crash for a non-team name).
171
+ */
172
+ export class GenericSubagent extends BaseAgent {
173
+ private _subDef: SubagentDefinition;
174
+
175
+ constructor(
176
+ def: SubagentDefinition,
177
+ config: any,
178
+ llm: LLMClient,
179
+ bus: MessageBus,
180
+ toolRegistry: ToolRegistry,
181
+ skillRegistry: SkillRegistry,
182
+ runtimeName: string,
183
+ ) {
184
+ super(config, llm, bus, toolRegistry, skillRegistry);
185
+ this.name = runtimeName;
186
+ this.displayName = def.name;
187
+ this.emoji = '◇';
188
+ this.specialty = def.description;
189
+ this.systemPrompt = def.systemPrompt;
190
+ this._subDef = def;
191
+ }
192
+
193
+ protected runtimeIdentityBlock(): string {
194
+ const lang = (this.config as any).llm?.language || 'zh';
195
+ if (lang === 'en') {
196
+ return `\n\n## Who You Are\nYou are the **${this._subDef.name}** subagent — ${this._subDef.description}\nYou run in an ISOLATED context spawned by an orchestrator for one focused, self-contained task. The orchestrator sees ONLY your final message, never your intermediate steps. So your final message must be a COMPLETE, self-contained report: what you found, what you did, and concrete results (file paths, code, answers). Be thorough; do not ask follow-up questions — make reasonable assumptions and act.`;
197
+ }
198
+ return `\n\n## 你是谁\n你是 **${this._subDef.name}** 子智能体 —— ${this._subDef.description}\n你运行在编排者派生的**隔离上下文**中,负责一个聚焦、自洽的任务。编排者只能看到你的最终回复,看不到任何中间步骤。因此你的最终回复必须是一份**完整、自洽的报告**:你发现了什么、做了什么、以及具体结果(文件路径、代码、答案)。要彻底;不要反问,合理假设后直接行动。`;
199
+ }
200
+ }
201
+
202
+ let _spawnSeq = 0;
203
+
204
+ /**
205
+ * Run a subagent to completion in an isolated context and return its final
206
+ * report. Creates an ephemeral on-disk memory in a temp dir and removes it
207
+ * afterward, so nothing leaks into the parent agent or the user's ~/.skyloom.
208
+ */
209
+ export async function runSubagent(opts: {
210
+ def: SubagentDefinition;
211
+ task: string;
212
+ config: any;
213
+ llm: LLMClient;
214
+ bus: MessageBus;
215
+ baseToolRegistry: ToolRegistry;
216
+ baseSkillRegistry: SkillRegistry;
217
+ onStatus?: ((status: string) => void) | null;
218
+ }): Promise<string> {
219
+ const { def, task, config, llm, bus, baseToolRegistry, baseSkillRegistry, onStatus } = opts;
220
+
221
+ const safe = def.name.replace(/[^A-Za-z0-9_-]/g, '_').slice(0, 24) || 'sub';
222
+ const runtimeName = `sub-${safe}-${Date.now().toString(36)}-${(_spawnSeq++).toString(36)}`;
223
+
224
+ // Filtered tool registry (allowlist), never carrying spawn_agent (no recursion).
225
+ const reg = new ToolRegistry();
226
+ reg.merge(baseToolRegistry);
227
+ if (def.tools !== null) {
228
+ const allow = new Set(def.tools);
229
+ for (const n of reg.listNames()) {
230
+ if (!allow.has(n)) reg.unregister(n);
231
+ }
232
+ }
233
+ reg.unregister('spawn_agent');
234
+ reg.unregister('delegate_to');
235
+
236
+ const skills = new SkillRegistry();
237
+ skills.merge(baseSkillRegistry);
238
+
239
+ let tmpDir: string;
240
+ try {
241
+ tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'sky-sub-'));
242
+ } catch (e) {
243
+ return `[spawn_agent error] could not create isolated workspace: ${e}`;
244
+ }
245
+
246
+ const subConfig = {
247
+ ...config,
248
+ agents: {
249
+ ...(config?.agents || {}),
250
+ [runtimeName]: def.model ? { model: def.model } : {},
251
+ },
252
+ memory: {
253
+ ...(config?.memory || {}),
254
+ dbPath: path.join(tmpDir, 'mem'),
255
+ },
256
+ };
257
+
258
+ const agent = new GenericSubagent(def, subConfig, llm, bus, reg, skills, runtimeName);
259
+
260
+ try {
261
+ await agent.init();
262
+ if (onStatus) onStatus(`spawn ${def.name}…`);
263
+ const report = await agent.chat(task, onStatus || undefined);
264
+ return report || '(subagent produced no output)';
265
+ } catch (e) {
266
+ log.warn('subagent_run_failed', { agent: def.name, error: String(e) });
267
+ return `[spawn_agent error] subagent '${def.name}' failed: ${e}`;
268
+ } finally {
269
+ try { await agent.close(); } catch { /* ignore */ }
270
+ try { fs.rmSync(tmpDir, { recursive: true, force: true }); } catch { /* ignore */ }
271
+ }
272
+ }