smol-symphony 0.1.0

package/dist/agent/acp.js

@@ -0,0 +1,304 @@
+// ACP (Agent Client Protocol) client wrapper.
+//
+// Symphony talks the Zed Agent Client Protocol (https://agentclientprotocol.com) so that a
+// single integration covers Claude (`claude-agent-acp`), Codex (`codex-acp`), and OpenCode
+// (`opencode acp`). The protocol is JSON-RPC over stdio.
+//
+// This wrapper:
+//   * spawns the adapter command inside a smolvm machine (the child process stdio is the
+//     transport; nothing local is mutated outside the VM)
+//   * bridges Node child process stdio to the SDK's WHATWG streams via Readable.toWeb / etc.
+//   * implements the small Client surface ACP requires — session update streaming,
+//     permission requests, and (optionally) fs/terminal — under a documented high-trust
+//     posture (auto-approve, no client-side fs writes; the agent uses its own tools in-VM)
+//   * exposes high-level methods `initSession()` and `runPrompt()` that the agent runner
+//     uses to drive one turn of work.
+import { Readable, Writable } from 'node:stream';
+import { ClientSideConnection, ndJsonStream, PROTOCOL_VERSION, } from '@agentclientprotocol/sdk';
+import { log } from '../logging.js';
+export class AcpProtocolError extends Error {
+    code;
+    constructor(code, message) {
+        super(message);
+        this.code = code;
+        this.name = 'AcpProtocolError';
+    }
+}
+function nowIso() {
+    return new Date().toISOString();
+}
+function summarize(raw, max = 240) {
+    let s;
+    try {
+        s = typeof raw === 'string' ? raw : JSON.stringify(raw);
+    }
+    catch {
+        s = String(raw);
+    }
+    if (s.length > max)
+        s = s.slice(0, max) + '…';
+    return s;
+}
+function extractTextContent(content) {
+    if (!content || typeof content !== 'object')
+        return '';
+    const c = content;
+    if (c.type === 'text' && typeof c.text === 'string')
+        return c.text;
+    return '';
+}
+// One open ACP session bound to a single child process. The adapter is expected to be
+// already running; `initSession()` performs `initialize` + `session/new`, and `runPrompt()`
+// drives one prompt-to-stop_reason cycle.
+export class AcpClient {
+    opts;
+    conn;
+    sessionId = null;
+    closed = false;
+    cancelled = false;
+    // Tracked here so the runner snapshot picks up the most recent assistant text per turn.
+    lastAssistantText = '';
+    constructor(opts) {
+        this.opts = opts;
+        // Bridge child stdio to the WHATWG streams the SDK speaks. `ndJsonStream` expects raw
+        // bytes; we use Readable.toWeb / Writable.toWeb for the conversion.
+        const input = Readable.toWeb(opts.stdout);
+        const output = Writable.toWeb(opts.stdin);
+        const stream = ndJsonStream(output, input);
+        this.conn = new ClientSideConnection((_agent) => this.makeClient(), stream);
+        opts.stderr.setEncoding('utf8');
+        opts.stderr.on('data', (chunk) => {
+            const text = chunk.trim();
+            if (text.length > 0) {
+                this.emit('agent_stderr', summarize(text));
+                // Adapters shouldn't normally write to stderr; when they do it's a real
+                // condition (a failed in-VM cp, a missing binary, an SDK warning). Log
+                // at info so it lands in the symphony log alongside other lifecycle
+                // events instead of disappearing into the per-issue event ring buffer.
+                log.info('agent stderr', { text: text.slice(0, 500) });
+            }
+        });
+        opts.stdout.on('close', () => this.handleTransportClose('stdout_closed'));
+        opts.stdin.on('error', () => {
+            /* surface through transport close */
+        });
+    }
+    // The Client interface implementation that the adapter calls back into. Every method is
+    // implemented because we run the agent inside a smolvm; ACP requires the client to handle
+    // requests it advertises, and the SDK's Client interface lists them all.
+    makeClient() {
+        const self = this;
+        return {
+            async sessionUpdate(params) {
+                return self.onSessionUpdate(params);
+            },
+            async requestPermission(params) {
+                return self.onPermissionRequest(params);
+            },
+            async readTextFile(_params) {
+                // §10.5 "high-trust" posture: the agent has direct workspace access inside the VM,
+                // so client-mediated reads are unsupported. Returning an error keeps the session
+                // alive (per §10.5 "unsupported dynamic tool calls return failure without stall").
+                throw new AcpProtocolError('client_capability_not_implemented', 'client fs read not supported');
+            },
+            async writeTextFile(_params) {
+                throw new AcpProtocolError('client_capability_not_implemented', 'client fs write not supported');
+            },
+            async createTerminal(_params) {
+                throw new AcpProtocolError('client_capability_not_implemented', 'client terminal not supported');
+            },
+            async terminalOutput(_params) {
+                throw new AcpProtocolError('client_capability_not_implemented', 'client terminal not supported');
+            },
+            async waitForTerminalExit(_params) {
+                throw new AcpProtocolError('client_capability_not_implemented', 'client terminal not supported');
+            },
+            async killTerminal(_params) {
+                throw new AcpProtocolError('client_capability_not_implemented', 'client terminal not supported');
+            },
+            async releaseTerminal(_params) {
+                throw new AcpProtocolError('client_capability_not_implemented', 'client terminal not supported');
+            },
+        };
+    }
+    emit(event, message) {
+        this.opts.onEvent({ at: nowIso(), event, message });
+    }
+    onSessionUpdate(params) {
+        const update = params.update;
+        switch (update.sessionUpdate) {
+            case 'agent_message_chunk': {
+                const text = extractTextContent(update.content);
+                if (text) {
+                    this.lastAssistantText += text;
+                    this.emit('agent_message_chunk', text.length > 80 ? text.slice(0, 80) + '…' : text);
+                }
+                return;
+            }
+            case 'agent_thought_chunk': {
+                const text = extractTextContent(update.content);
+                if (text)
+                    this.emit('agent_thought_chunk', text.length > 80 ? text.slice(0, 80) + '…' : text);
+                return;
+            }
+            case 'tool_call': {
+                const name = typeof update.title === 'string' ? update.title : String(update.toolCallId ?? '?');
+                this.emit('tool_call', `${name}: ${summarize(update)}`);
+                return;
+            }
+            case 'tool_call_update': {
+                const status = typeof update.status === 'string' ? update.status : '';
+                this.emit('tool_call_update', `${status}: ${summarize(update)}`);
+                return;
+            }
+            case 'plan': {
+                this.emit('plan', summarize(update.entries ?? update));
+                return;
+            }
+            case 'usage_update': {
+                // ACP usage is "context-window used / size", not cumulative I/O tokens. We map it
+                // into total_tokens so the existing orchestrator accounting stays meaningful; the
+                // I/O split is recorded as zero because ACP does not expose it.
+                const used = Number(update.used ?? 0);
+                const size = Number(update.size ?? 0);
+                this.opts.onTokenUsage({ input_tokens: 0, output_tokens: 0, total_tokens: used });
+                this.emit('usage_update', `used=${used}/${size}`);
+                return;
+            }
+            default:
+                this.emit('session_update', `${update.sessionUpdate}: ${summarize(update)}`);
+        }
+    }
+    onPermissionRequest(params) {
+        // §10.5 high-trust posture: auto-approve every prompt with "allow_always" so the
+        // agent doesn't ask twice in the same session. Falls back to the first listed option
+        // if no "allow_*" kind is present, which keeps the session alive in degraded mode.
+        const preferred = params.options.find((o) => o.kind === 'allow_always') ??
+            params.options.find((o) => o.kind === 'allow_once') ??
+            params.options[0];
+        const optionId = preferred?.optionId ?? '';
+        this.emit('approval_auto_approved', `${optionId || 'unknown'}: ${summarize(params.toolCall)}`);
+        return { outcome: { outcome: 'selected', optionId } };
+    }
+    handleTransportClose(reason) {
+        if (this.closed)
+            return;
+        this.closed = true;
+        this.emit('subprocess_exit', reason);
+    }
+    // Negotiate protocol + open a session. Throws on either failure.
+    async initSession() {
+        const init = await withTimeout(this.conn.initialize({
+            protocolVersion: PROTOCOL_VERSION,
+            clientInfo: { name: 'smol-symphony', version: '0.1.0' },
+            clientCapabilities: {
+                // Advertise the minimum: the agent can read/write the workspace itself inside
+                // the VM, so we do not offer fs/terminal capabilities.
+                fs: { readTextFile: false, writeTextFile: false },
+                terminal: false,
+            },
+        }), this.opts.readTimeoutMs, 'initialize');
+        this.emit('session_init', `protocolVersion=${init.protocolVersion}`);
+        // MCP is required for symphony operations: if the agent doesn't advertise support
+        // for a requested transport, we refuse to start the session rather than silently
+        // dropping the entry and running a degraded agent that has no mark_done /
+        // request_human_steering tools. ACP's mcpCapabilities is optional and advertises
+        // `http`/`sse`/`acp` as booleans; missing/undefined means "not supported." Stdio is
+        // implicit (the spec treats it as the baseline) and has no `type` discriminator.
+        const requested = this.opts.mcpServers ?? [];
+        const caps = (init.agentCapabilities ?? {});
+        const mcpCaps = caps.mcpCapabilities ?? {};
+        const supportsKind = (kind) => {
+            if (kind === 'stdio')
+                return true;
+            if (kind === 'http')
+                return mcpCaps.http === true;
+            if (kind === 'sse')
+                return mcpCaps.sse === true;
+            if (kind === 'acp')
+                return mcpCaps.acp === true;
+            return false;
+        };
+        const unsupported = requested.filter((s) => {
+            const kind = (s.type ?? 'stdio');
+            return !supportsKind(kind);
+        });
+        if (unsupported.length > 0) {
+            const kinds = unsupported
+                .map((s) => s.type ?? 'stdio')
+                .join(', ');
+            this.emit('mcp_capability_mismatch', `unsupported=${kinds} adapter_caps=${JSON.stringify(mcpCaps)}`);
+            throw new AcpProtocolError('mcp_capability_mismatch', `agent does not support required MCP transport(s): ${kinds}. Adapter caps: ${JSON.stringify(mcpCaps)}`);
+        }
+        const session = await withTimeout(this.conn.newSession({ cwd: this.opts.cwd, mcpServers: requested }), this.opts.readTimeoutMs, 'session/new');
+        this.sessionId = session.sessionId;
+        this.emit('session_started', `sessionId=${session.sessionId} cwd=${this.opts.cwd} mcp_servers=${requested.length}`);
+        return { sessionId: session.sessionId };
+    }
+    async runPrompt(promptText) {
+        if (this.closed)
+            return { reason: 'subprocess_exit', message: 'adapter already closed' };
+        if (!this.sessionId)
+            return { reason: 'startup_failed', message: 'no active session' };
+        this.lastAssistantText = '';
+        const request = {
+            sessionId: this.sessionId,
+            prompt: [{ type: 'text', text: promptText }],
+        };
+        let resp;
+        try {
+            resp = await withTimeout(this.conn.prompt(request), this.opts.promptTimeoutMs, 'session/prompt');
+        }
+        catch (err) {
+            if (err instanceof TimeoutError) {
+                // Best-effort cancel so the adapter doesn't keep working in the background.
+                this.cancel().catch(() => undefined);
+                return { reason: 'prompt_timeout', message: err.message };
+            }
+            if (this.closed)
+                return { reason: 'subprocess_exit', message: err.message };
+            return { reason: 'refusal', message: err.message };
+        }
+        return mapStopReason(resp.stopReason, this.lastAssistantText);
+    }
+    async cancel() {
+        if (!this.sessionId || this.closed || this.cancelled)
+            return;
+        this.cancelled = true;
+        const note = { sessionId: this.sessionId };
+        try {
+            await this.conn.cancel(note);
+        }
+        catch (err) {
+            log.debug('acp cancel failed', { error: err.message });
+        }
+    }
+}
+function mapStopReason(stopReason, lastText) {
+    switch (stopReason) {
+        case 'end_turn':
+            return { reason: 'end_turn', message: summarize(lastText) };
+        case 'max_tokens':
+        case 'max_turn_requests':
+        case 'refusal':
+        case 'cancelled':
+            return { reason: stopReason, message: summarize(lastText) };
+        default:
+            return { reason: 'refusal', message: `unknown stop_reason ${stopReason}` };
+    }
+}
+class TimeoutError extends Error {
+}
+function withTimeout(p, ms, label) {
+    return new Promise((resolve, reject) => {
+        const t = setTimeout(() => reject(new TimeoutError(`${label} timed out after ${ms}ms`)), ms);
+        p.then((v) => {
+            clearTimeout(t);
+            resolve(v);
+        }, (e) => {
+            clearTimeout(t);
+            reject(e);
+        });
+    });
+}
+//# sourceMappingURL=acp.js.map

package/dist/agent/acp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"acp.js","sourceRoot":"","sources":["../../src/agent/acp.ts"],"names":[],"mappings":"AAAA,8CAA8C;AAC9C,EAAE;AACF,2FAA2F;AAC3F,2FAA2F;AAC3F,yDAAyD;AACzD,EAAE;AACF,gBAAgB;AAChB,yFAAyF;AACzF,0DAA0D;AAC1D,6FAA6F;AAC7F,mFAAmF;AACnF,wFAAwF;AACxF,2FAA2F;AAC3F,yFAAyF;AACzF,sCAAsC;AAEtC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,EACL,oBAAoB,EACpB,YAAY,EACZ,gBAAgB,GA0BjB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,GAAG,EAAE,MAAM,eAAe,CAAC;AAsBpC,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IACtB;IAAnB,YAAmB,IAAY,EAAE,OAAe;QAC9C,KAAK,CAAC,OAAO,CAAC,CAAC;QADE,SAAI,GAAJ,IAAI,CAAQ;QAE7B,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AAED,SAAS,MAAM;IACb,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;AAClC,CAAC;AAED,SAAS,SAAS,CAAC,GAAY,EAAE,GAAG,GAAG,GAAG;IACxC,IAAI,CAAS,CAAC;IACd,IAAI,CAAC;QACH,CAAC,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC1D,CAAC;IAAC,MAAM,CAAC;QACP,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,GAAG,GAAG;QAAE,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC;IAC9C,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAgB;IAC1C,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IACvD,MAAM,CAAC,GAAG,OAAkC,CAAC;IAC7C,IAAI,CAAC,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAC,IAAI,CAAC;IACnE,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,sFAAsF;AACtF,4FAA4F;AAC5F,0CAA0C;AAC1C,MAAM,OAAO,SAAS;IAQA;IAPZ,IAAI,CAAuB;IAC3B,SAAS,GAAkB,IAAI,CAAC;IAChC,MAAM,GAAG,KAAK,CAAC;IACf,SAAS,GAAG,KAAK,CAAC;IAC1B,wFAAwF;IAChF,iBAAiB,GAAG,EAAE,CAAC;IAE/B,YAAoB,IAAsB;QAAtB,SAAI,GAAJ,IAAI,CAAkB;QACxC,sFAAsF;QACtF,oEAAoE;QACpE,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAA+B,CAAC;QACxE,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAA+B,CAAC;QACxE,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC3C,IAAI,CAAC,IAAI,GAAG,IAAI,oBAAoB,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,MAAM,CAAC,CAAC;QAE5E,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAChC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACvC,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC3C,wEAAwE;gBACxE,uEAAuE;gBACvE,oEAAoE;gBACpE,uEAAuE;gBACvE,GAAG,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YACzD,CAAC;QACH,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,oBAAoB,CAAC,eAAe,CAAC,CAAC,CAAC;QAC1E,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YAC1B,qCAAqC;QACvC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,wFAAwF;IACxF,0FAA0F;IAC1F,yEAAyE;IACjE,UAAU;QAChB,MAAM,IAAI,GAAG,IAAI,CAAC;QAClB,OAAO;YACL,KAAK,CAAC,aAAa,CAAC,MAA2B;gBAC7C,OAAO,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;YACtC,CAAC;YACD,KAAK,CAAC,iBAAiB,CAAC,MAAgC;gBACtD,OAAO,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAC1C,CAAC;YACD,KAAK,CAAC,YAAY,CAAC,OAA4B;gBAC7C,mFAAmF;gBACnF,iFAAiF;gBACjF,mFAAmF;gBACnF,MAAM,IAAI,gBAAgB,CAAC,mCAAmC,EAAE,8BAA8B,CAAC,CAAC;YAClG,CAAC;YACD,KAAK,CAAC,aAAa,CAAC,OAA6B;gBAC/C,MAAM,IAAI,gBAAgB,CAAC,mCAAmC,EAAE,+BAA+B,CAAC,CAAC;YACnG,CAAC;YACD,KAAK,CAAC,cAAc,CAAC,OAA8B;gBACjD,MAAM,IAAI,gBAAgB,CAAC,mCAAmC,EAAE,+BAA+B,CAAC,CAAC;YACnG,CAAC;YACD,KAAK,CAAC,cAAc,CAAC,OAA8B;gBACjD,MAAM,IAAI,gBAAgB,CAAC,mCAAmC,EAAE,+BAA+B,CAAC,CAAC;YACnG,CAAC;YACD,KAAK,CAAC,mBAAmB,CAAC,OAAmC;gBAC3D,MAAM,IAAI,gBAAgB,CAAC,mCAAmC,EAAE,+BAA+B,CAAC,CAAC;YACnG,CAAC;YACD,KAAK,CAAC,YAAY,CAAC,OAA4B;gBAC7C,MAAM,IAAI,gBAAgB,CAAC,mCAAmC,EAAE,+BAA+B,CAAC,CAAC;YACnG,CAAC;YACD,KAAK,CAAC,eAAe,CAAC,OAA+B;gBACnD,MAAM,IAAI,gBAAgB,CAAC,mCAAmC,EAAE,+BAA+B,CAAC,CAAC;YACnG,CAAC;SACF,CAAC;IACJ,CAAC;IAEO,IAAI,CAAC,KAAa,EAAE,OAAe;QACzC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;IACtD,CAAC;IAEO,eAAe,CAAC,MAA2B;QACjD,MAAM,MAAM,GAAG,MAAM,CAAC,MAA6D,CAAC;QACpF,QAAQ,MAAM,CAAC,aAAa,EAAE,CAAC;YAC7B,KAAK,qBAAqB,CAAC,CAAC,CAAC;gBAC3B,MAAM,IAAI,GAAG,kBAAkB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAChD,IAAI,IAAI,EAAE,CAAC;oBACT,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC;oBAC/B,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;gBACtF,CAAC;gBACD,OAAO;YACT,CAAC;YACD,KAAK,qBAAqB,CAAC,CAAC,CAAC;gBAC3B,MAAM,IAAI,GAAG,kBAAkB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAChD,IAAI,IAAI;oBAAE,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;gBAC9F,OAAO;YACT,CAAC;YACD,KAAK,WAAW,CAAC,CAAC,CAAC;gBACjB,MAAM,IAAI,GAAG,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC;gBAChG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,IAAI,KAAK,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBACxD,OAAO;YACT,CAAC;YACD,KAAK,kBAAkB,CAAC,CAAC,CAAC;gBACxB,MAAM,MAAM,GAAG,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtE,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,GAAG,MAAM,KAAK,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBACjE,OAAO;YACT,CAAC;YACD,KAAK,MAAM,CAAC,CAAC,CAAC;gBACZ,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC;gBACvD,OAAO;YACT,CAAC;YACD,KAAK,cAAc,CAAC,CAAC,CAAC;gBACpB,kFAAkF;gBAClF,kFAAkF;gBAClF,gEAAgE;gBAChE,MAAM,IAAI,GAAG,MAAM,CAAE,MAAkC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC;gBACnE,MAAM,IAAI,GAAG,MAAM,CAAE,MAAkC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC;gBACnE,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,aAAa,EAAE,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;gBAClF,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;gBAClD,OAAO;YACT,CAAC;YACD;gBACE,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,GAAG,MAAM,CAAC,aAAa,KAAK,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAEO,mBAAmB,CAAC,MAAgC;QAC1D,iFAAiF;QACjF,qFAAqF;QACrF,mFAAmF;QACnF,MAAM,SAAS,GACb,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC;YACrD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC;YACnD,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACpB,MAAM,QAAQ,GAAG,SAAS,EAAE,QAAQ,IAAI,EAAE,CAAC;QAC3C,IAAI,CAAC,IAAI,CAAC,wBAAwB,EAAE,GAAG,QAAQ,IAAI,SAAS,KAAK,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QAC/F,OAAO,EAAE,OAAO,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,EAAE,CAAC;IACxD,CAAC;IAEO,oBAAoB,CAAC,MAAc;QACzC,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO;QACxB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAC;IACvC,CAAC;IAED,iEAAiE;IACjE,KAAK,CAAC,WAAW;QACf,MAAM,IAAI,GAAG,MAAM,WAAW,CAC5B,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC;YACnB,eAAe,EAAE,gBAAgB;YACjC,UAAU,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,OAAO,EAAE;YACvD,kBAAkB,EAAE;gBAClB,8EAA8E;gBAC9E,uDAAuD;gBACvD,EAAE,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,EAAE;gBACjD,QAAQ,EAAE,KAAK;aAChB;SACF,CAAC,EACF,IAAI,CAAC,IAAI,CAAC,aAAa,EACvB,YAAY,CACb,CAAC;QACF,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,mBAAmB,IAAI,CAAC,eAAe,EAAE,CAAC,CAAC;QAErE,kFAAkF;QAClF,iFAAiF;QACjF,0EAA0E;QAC1E,iFAAiF;QACjF,oFAAoF;QACpF,iFAAiF;QACjF,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC;QAC7C,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,iBAAiB,IAAI,EAAE,CAEzC,CAAC;QACF,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,IAAI,EAAE,CAAC;QAC3C,MAAM,YAAY,GAAG,CAAC,IAAsC,EAAW,EAAE;YACvE,IAAI,IAAI,KAAK,OAAO;gBAAE,OAAO,IAAI,CAAC;YAClC,IAAI,IAAI,KAAK,MAAM;gBAAE,OAAO,OAAO,CAAC,IAAI,KAAK,IAAI,CAAC;YAClD,IAAI,IAAI,KAAK,KAAK;gBAAE,OAAO,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC;YAChD,IAAI,IAAI,KAAK,KAAK;gBAAE,OAAO,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC;YAChD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QACF,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YACzC,MAAM,IAAI,GAAG,CAAE,CAAuB,CAAC,IAAI,IAAI,OAAO,CAAqC,CAAC;YAC5F,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;QACH,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,MAAM,KAAK,GAAG,WAAW;iBACtB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAE,CAAuB,CAAC,IAAI,IAAI,OAAO,CAAC;iBACpD,IAAI,CAAC,IAAI,CAAC,CAAC;YACd,IAAI,CAAC,IAAI,CACP,yBAAyB,EACzB,eAAe,KAAK,iBAAiB,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAC/D,CAAC;YACF,MAAM,IAAI,gBAAgB,CACxB,yBAAyB,EACzB,qDAAqD,KAAK,mBAAmB,IAAI,CAAC,SAAS,CACzF,OAAO,CACR,EAAE,CACJ,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAC/B,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,EACnE,IAAI,CAAC,IAAI,CAAC,aAAa,EACvB,aAAa,CACd,CAAC;QACF,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QACnC,IAAI,CAAC,IAAI,CACP,iBAAiB,EACjB,aAAa,OAAO,CAAC,SAAS,QAAQ,IAAI,CAAC,IAAI,CAAC,GAAG,gBAAgB,SAAS,CAAC,MAAM,EAAE,CACtF,CAAC;QACF,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,UAAkB;QAChC,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;QACzF,IAAI,CAAC,IAAI,CAAC,SAAS;YAAE,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;QACvF,IAAI,CAAC,iBAAiB,GAAG,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAkB;YAC7B,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;SAC7C,CAAC;QACF,IAAI,IAAoB,CAAC;QACzB,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,gBAAgB,CAAC,CAAC;QACnG,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,YAAY,EAAE,CAAC;gBAChC,4EAA4E;gBAC5E,IAAI,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;gBACrC,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;YAC5D,CAAC;YACD,IAAI,IAAI,CAAC,MAAM;gBAAE,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAAE,OAAO,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC;YACvF,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC;QAChE,CAAC;QACD,OAAO,aAAa,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAChE,CAAC;IAED,KAAK,CAAC,MAAM;QACV,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,SAAS;YAAE,OAAO;QAC7D,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;QACtB,MAAM,IAAI,GAAuB,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;QAC/D,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,KAAK,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;CACF;AAED,SAAS,aAAa,CAAC,UAAkB,EAAE,QAAgB;IACzD,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,UAAU;YACb,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9D,KAAK,YAAY,CAAC;QAClB,KAAK,mBAAmB,CAAC;QACzB,KAAK,SAAS,CAAC;QACf,KAAK,WAAW;YACd,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9D;YACE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,uBAAuB,UAAU,EAAE,EAAE,CAAC;IAC/E,CAAC;AACH,CAAC;AAED,MAAM,YAAa,SAAQ,KAAK;CAAG;AAEnC,SAAS,WAAW,CAAI,CAAa,EAAE,EAAU,EAAE,KAAa;IAC9D,OAAO,IAAI,OAAO,CAAI,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACxC,MAAM,CAAC,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,YAAY,CAAC,GAAG,KAAK,oBAAoB,EAAE,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC7F,CAAC,CAAC,IAAI,CACJ,CAAC,CAAC,EAAE,EAAE;YACJ,YAAY,CAAC,CAAC,CAAC,CAAC;YAChB,OAAO,CAAC,CAAC,CAAC,CAAC;QACb,CAAC,EACD,CAAC,CAAC,EAAE,EAAE;YACJ,YAAY,CAAC,CAAC,CAAC,CAAC;YAChB,MAAM,CAAC,CAAU,CAAC,CAAC;QACrB,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/agent/adapters.js

@@ -0,0 +1,275 @@
+// Registry of ACP adapters symphony knows how to launch end-to-end.
+//
+// Each profile encodes everything symphony needs to ship a working adapter into the
+// per-issue smolvm without per-workflow bash boilerplate:
+//
+//   - hostCredentialPath : the file on the host (relative to $HOME) that authenticates
+//                          the adapter. Symphony reads this and stages it into the
+//                          workspace before VM boot.
+//   - guestCredentialPath: the absolute path inside the VM where the adapter expects
+//                          to find that file. Symphony's auto-generated acp launch
+//                          command copies the staged file here at startup.
+//   - binary             : the executable inside the VM that speaks ACP.
+//
+// To add a new adapter (e.g. opencode), populate the profile and add it to ADAPTERS.
+// Until an adapter has a verified profile, workflows can still target it by setting
+// `acp.command` explicitly — that opts out of symphony's auto-staging and the operator
+// becomes responsible for getting credentials to the adapter themselves.
+//
+// IMPORTANT: every host path here is treated as private. Symphony reads the file,
+// stages a copy into the workspace, and chmods the copy to 0600. The original host
+// file is never exposed via a bind mount.
+import { constants as fsConstants } from 'node:fs';
+import { access, copyFile, mkdir, chmod, lstat, rm, realpath } from 'node:fs/promises';
+import path from 'node:path';
+import os from 'node:os';
+export const ADAPTERS = {
+    claude: {
+        id: 'claude',
+        hostCredentialPath: '.claude/.credentials.json',
+        guestCredentialPath: '/root/.claude/.credentials.json',
+        binary: ['claude-agent-acp'],
+    },
+    codex: {
+        id: 'codex',
+        hostCredentialPath: '.codex/auth.json',
+        guestCredentialPath: '/root/.codex/auth.json',
+        binary: ['codex-acp'],
+    },
+};
+export function isKnownAdapter(id) {
+    return id === 'claude' || id === 'codex';
+}
+export function profileFor(id) {
+    return ADAPTERS[id];
+}
+/** Absolute path on the host where the adapter's credential file lives. */
+export function hostCredentialAbsPath(profile) {
+    return path.join(os.homedir(), profile.hostCredentialPath);
+}
+/** Verify the host credential file exists and is readable. Used at startup validation. */
+export async function assertHostCredentialReadable(profile) {
+    const p = hostCredentialAbsPath(profile);
+    try {
+        await access(p, fsConstants.R_OK);
+    }
+    catch (err) {
+        throw new Error(`adapter "${profile.id}" requires a host credential at ${p}, but it is missing or unreadable: ${err.message}`);
+    }
+}
+/**
+ * Copy the host's credential file into the workspace's runtime staging area, chmod 600.
+ * Re-runs every attempt so a host-side token rotation is picked up automatically.
+ *
+ * Defense layers, in order:
+ *   1. `resolveStagingLocation` picks a path OUTSIDE the working tree when git is
+ *      present (`.git/symphony-runtime/...`) so `git add -A`, a tracked file at
+ *      `.symphony-runtime/`, or a `.gitignore` negation cannot expose the secret.
+ *      Linked worktrees are refused (operator must override acp.command).
+ *   2. `ensureRealDir` walks each parent we materialize and refuses if any exists
+ *      as a symlink or non-directory.
+ *   3. `rm + copyFile(COPYFILE_EXCL)` closes the local race on the leaf path:
+ *      after explicit cleanup, the create is strict and fails if anything raced
+ *      back in.
+ *   4. Post-write `realpath` check confirms the file landed at the expected
+ *      absolute path. On mismatch (a parent was swapped for a symlink between
+ *      ensureRealDir and copyFile), we unlink the staging path itself — which
+ *      removes a symlink without following it — and refuse. We deliberately do
+ *      NOT touch whatever the symlink resolved to, since that file is by
+ *      definition attacker-chosen.
+ */
+export async function stageCredential(workspacePath, profile) {
+    const src = hostCredentialAbsPath(profile);
+    const { stagingRootAbs, stagingRootRel } = await resolveStagingLocation(workspacePath);
+    const credsDir = path.join(stagingRootAbs, 'credentials');
+    await ensureRealDir(stagingRootAbs);
+    await ensureRealDir(credsDir);
+    const dst = path.join(credsDir, profile.id);
+    await rm(dst, { force: true, recursive: false });
+    await copyFile(src, dst, fsConstants.COPYFILE_EXCL);
+    await chmod(dst, 0o600);
+    const expectedReal = path.join(await realpath(workspacePath), stagingRootRel, 'credentials', profile.id);
+    const actualReal = await realpath(dst);
+    if (actualReal !== expectedReal) {
+        // Unlinking dst removes the symlink itself (does not follow). Leaked
+        // credential at actualReal is left in place because we cannot prove
+        // ownership; operator must inspect.
+        await rm(dst, { force: true }).catch(() => undefined);
+        throw new Error(`staging path redirected: wrote to ${actualReal}, expected ${expectedReal}. ` +
+            `A symlink raced in during staging; manually inspect and remove any leaked ` +
+            `credential at the actual path before retrying.`);
+    }
+    const relPath = path.posix.join(stagingRootRel, 'credentials', profile.id);
+    return { absPath: dst, relPath };
+}
+/**
+ * Decide where to stage credentials based on workspace shape. See StagedCredentialPaths
+ * for the policy. Returns absolute + relative (POSIX, relative to workspacePath)
+ * paths to the staging root directory; the caller composes `credentials/<id>` under it.
+ */
+async function resolveStagingLocation(workspacePath) {
+    const gitPath = path.join(workspacePath, '.git');
+    let gitSt;
+    try {
+        gitSt = await lstat(gitPath);
+    }
+    catch (err) {
+        if (err.code === 'ENOENT') {
+            // No `.git` in the workspace itself. The workspace-root fallback is only
+            // safe when the workspace is also NOT inside an ancestor git repo — git's
+            // repository discovery walks up the directory tree, so a workspace at e.g.
+            // `<parent>/.symphony/workspaces/X` with no own `.git` ends up inside
+            // `<parent>/.git`. A `git add -A` (from a host-side hook, or from any
+            // process with the host filesystem visible) would then stage the
+            // credential in the parent's index. Detect that and refuse.
+            //
+            // Resolve symlinks first: git's discovery follows the resolved path, so
+            // walking the lexical `workspacePath` would miss an ancestor `.git` that
+            // sits above the symlink's real target (e.g. `/home/user/repo-link`
+            // pointing at `/srv/repo` where `/srv/.git` exists). A broken symlink at
+            // workspacePath itself is treated as a refusal: we cannot prove the
+            // workspace isn't inside someone's working tree, so don't stage.
+            let resolvedWorkspace;
+            try {
+                resolvedWorkspace = await realpath(workspacePath);
+            }
+            catch (resolveErr) {
+                throw new Error(`cannot auto-stage credentials: workspace ${workspacePath} could not be resolved ` +
+                    `(realpath failed: ${resolveErr.message}). Refusing to stage without a ` +
+                    `canonical path; fix the workspace or set acp.command explicitly.`);
+            }
+            const ancestor = await findAncestorGit(resolvedWorkspace);
+            if (ancestor !== null) {
+                throw new Error(`cannot auto-stage credentials: workspace ${workspacePath} has no .git of its own ` +
+                    `but is inside an ancestor git repo at ${ancestor}. Either create a nested clone ` +
+                    `(e.g. via hooks.after_create) or set acp.command explicitly.`);
+            }
+            return {
+                stagingRootAbs: path.join(workspacePath, '.symphony-runtime'),
+                stagingRootRel: '.symphony-runtime',
+            };
+        }
+        throw err;
+    }
+    if (gitSt.isDirectory()) {
+        // Normal clone: stage inside `.git/`, which is outside the working tree.
+        // Git never recurses into `.git/` for `add`/`status`, so the credential is
+        // structurally untrackable — no `info/exclude` games needed, and a tracked
+        // `.symphony-runtime/credentials/<id>` at workspace root cannot interfere.
+        return {
+            stagingRootAbs: path.join(workspacePath, '.git', 'symphony-runtime'),
+            stagingRootRel: path.posix.join('.git', 'symphony-runtime'),
+        };
+    }
+    if (gitSt.isFile()) {
+        // Linked worktree: .git is a pointer file at /<worktree>/.git -> per-worktree
+        // gitdir (typically /<main>/.git/worktrees/<name>/). The per-worktree gitdir
+        // lives outside the workspace mount, so symphony cannot place the credential
+        // there and still have the in-VM agent reach it. Any worktree-internal path
+        // is inside the working tree, where `.gitignore` negation or a tracked file
+        // could still expose the secret to `git add -A`. Refuse loudly; operators
+        // who need a worktree workspace must set acp.command and manage credentials
+        // themselves.
+        throw new Error(`cannot auto-stage credentials in a linked worktree (.git at ${gitPath} is a file). ` +
+            `Set acp.command explicitly and manage credentials in that command.`);
+    }
+    throw new Error(`cannot auto-stage credentials: ${gitPath} is neither a directory nor a file ` +
+        `(symlink, device, or other unexpected entry).`);
+}
+/**
+ * Walk up from `workspacePath` looking for an ancestor `.git` entry (file or dir).
+ * Returns the absolute path of the first one found, or null when the walk reaches
+ * the filesystem root without hitting one. Used to detect workspaces that, despite
+ * having no `.git` of their own, are still inside the working tree of an ancestor
+ * git repo.
+ *
+ * The caller is expected to pass an already-canonical (realpath-resolved) path:
+ * git discovery follows the resolved path, so a lexical walk on a symlinked input
+ * would miss the real ancestor. Once the input is canonical, every `path.dirname`
+ * step stays canonical (a directory's parent is itself a directory component,
+ * never a symlink), so no per-level re-resolve is needed.
+ */
+async function findAncestorGit(workspacePath) {
+    const root = path.parse(workspacePath).root;
+    let current = path.dirname(workspacePath);
+    while (current && current !== root) {
+        const candidate = path.join(current, '.git');
+        try {
+            await lstat(candidate);
+            return candidate;
+        }
+        catch (err) {
+            if (err.code !== 'ENOENT')
+                throw err;
+        }
+        const next = path.dirname(current);
+        if (next === current)
+            break;
+        current = next;
+    }
+    // Final check at the root itself.
+    try {
+        await lstat(path.join(root, '.git'));
+        return path.join(root, '.git');
+    }
+    catch (err) {
+        if (err.code !== 'ENOENT')
+            throw err;
+    }
+    return null;
+}
+/**
+ * Ensure `p` is a real directory we own. Creates it if missing; refuses if it exists
+ * as a symlink (defense against the staging-via-symlink attack) or as a non-directory.
+ */
+async function ensureRealDir(p) {
+    let st;
+    try {
+        st = await lstat(p);
+    }
+    catch (err) {
+        if (err.code === 'ENOENT') {
+            await mkdir(p, { recursive: false });
+            return;
+        }
+        throw err;
+    }
+    if (st.isSymbolicLink()) {
+        throw new Error(`refusing to write symphony-runtime through a symlink at ${p}`);
+    }
+    if (!st.isDirectory()) {
+        throw new Error(`expected a directory at ${p}, found a non-directory`);
+    }
+}
+/**
+ * Build the bash command symphony will exec inside the VM. Copies the staged credential
+ * (located at `stagedRelPath`, a POSIX path relative to the in-VM cwd which equals the
+ * workspace mount) to the adapter's expected location, chmods it, and exec's the
+ * adapter binary.
+ *
+ * Every interpolated value (binary tokens, paths) is run through shQuote so future
+ * profiles with spaces or metacharacters compose safely. `stagedRelPath` comes from
+ * `stageCredential`, which picks a path outside the working tree when git is present.
+ */
+export function deriveAcpCommand(profile, stagedRelPath) {
+    if (profile.binary.length === 0) {
+        throw new Error(`adapter "${profile.id}" has an empty binary launch vector`);
+    }
+    const guestDir = path.posix.dirname(profile.guestCredentialPath);
+    const guestPath = profile.guestCredentialPath;
+    const execCmd = profile.binary.map(shQuote).join(' ');
+    return [
+        `mkdir -p ${shQuote(guestDir)}`,
+        `cp ${shQuote(stagedRelPath)} ${shQuote(guestPath)}`,
+        `chmod 600 ${shQuote(guestPath)}`,
+        `exec ${execCmd}`,
+    ].join(' && ');
+}
+// Minimal POSIX-shell single-quoting. None of the paths we emit contain `'`, but be
+// defensive in case a future binary name or path changes.
+function shQuote(s) {
+    if (/^[A-Za-z0-9_\-./]+$/.test(s))
+        return s;
+    return `'${s.replace(/'/g, `'\\''`)}'`;
+}
+//# sourceMappingURL=adapters.js.map

package/dist/agent/adapters.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"adapters.js","sourceRoot":"","sources":["../../src/agent/adapters.ts"],"names":[],"mappings":"AAAA,oEAAoE;AACpE,EAAE;AACF,oFAAoF;AACpF,0DAA0D;AAC1D,EAAE;AACF,uFAAuF;AACvF,mFAAmF;AACnF,qDAAqD;AACrD,qFAAqF;AACrF,mFAAmF;AACnF,2EAA2E;AAC3E,yEAAyE;AACzE,EAAE;AACF,qFAAqF;AACrF,oFAAoF;AACpF,uFAAuF;AACvF,yEAAyE;AACzE,EAAE;AACF,kFAAkF;AAClF,mFAAmF;AACnF,0CAA0C;AAE1C,OAAO,EAAE,SAAS,IAAI,WAAW,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AACvF,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AAkBzB,MAAM,CAAC,MAAM,QAAQ,GAAyC;IAC5D,MAAM,EAAE;QACN,EAAE,EAAE,QAAQ;QACZ,kBAAkB,EAAE,2BAA2B;QAC/C,mBAAmB,EAAE,iCAAiC;QACtD,MAAM,EAAE,CAAC,kBAAkB,CAAC;KAC7B;IACD,KAAK,EAAE;QACL,EAAE,EAAE,OAAO;QACX,kBAAkB,EAAE,kBAAkB;QACtC,mBAAmB,EAAE,wBAAwB;QAC7C,MAAM,EAAE,CAAC,WAAW,CAAC;KACtB;CACF,CAAC;AAEF,MAAM,UAAU,cAAc,CAAC,EAAU;IACvC,OAAO,EAAE,KAAK,QAAQ,IAAI,EAAE,KAAK,OAAO,CAAC;AAC3C,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,EAAgB;IACzC,OAAO,QAAQ,CAAC,EAAE,CAAC,CAAC;AACtB,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,qBAAqB,CAAC,OAAuB;IAC3D,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,OAAO,CAAC,kBAAkB,CAAC,CAAC;AAC7D,CAAC;AA8BD,0FAA0F;AAC1F,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAAC,OAAuB;IACxE,MAAM,CAAC,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IACzC,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,CAAC,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,YAAY,OAAO,CAAC,EAAE,mCAAmC,CAAC,sCACvD,GAAa,CAAC,OACjB,EAAE,CACH,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,aAAqB,EACrB,OAAuB;IAEvB,MAAM,GAAG,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IAC3C,MAAM,EAAE,cAAc,EAAE,cAAc,EAAE,GAAG,MAAM,sBAAsB,CAAC,aAAa,CAAC,CAAC;IACvF,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC;IAC1D,MAAM,aAAa,CAAC,cAAc,CAAC,CAAC;IACpC,MAAM,aAAa,CAAC,QAAQ,CAAC,CAAC;IAE9B,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;IAC5C,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;IACjD,MAAM,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,WAAW,CAAC,aAAa,CAAC,CAAC;IACpD,MAAM,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAExB,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAC5B,MAAM,QAAQ,CAAC,aAAa,CAAC,EAC7B,cAAc,EACd,aAAa,EACb,OAAO,CAAC,EAAE,CACX,CAAC;IACF,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC;IACvC,IAAI,UAAU,KAAK,YAAY,EAAE,CAAC;QAChC,qEAAqE;QACrE,oEAAoE;QACpE,oCAAoC;QACpC,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QACtD,MAAM,IAAI,KAAK,CACb,qCAAqC,UAAU,cAAc,YAAY,IAAI;YAC3E,4EAA4E;YAC5E,gDAAgD,CACnD,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,cAAc,EAAE,aAAa,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;IAC3E,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;AACnC,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,sBAAsB,CAAC,aAAqB;IAIzD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;IACjD,IAAI,KAAK,CAAC;IACV,IAAI,CAAC;QACH,KAAK,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACrD,yEAAyE;YACzE,0EAA0E;YAC1E,2EAA2E;YAC3E,sEAAsE;YACtE,sEAAsE;YACtE,iEAAiE;YACjE,4DAA4D;YAC5D,EAAE;YACF,wEAAwE;YACxE,yEAAyE;YACzE,oEAAoE;YACpE,yEAAyE;YACzE,oEAAoE;YACpE,iEAAiE;YACjE,IAAI,iBAAyB,CAAC;YAC9B,IAAI,CAAC;gBACH,iBAAiB,GAAG,MAAM,QAAQ,CAAC,aAAa,CAAC,CAAC;YACpD,CAAC;YAAC,OAAO,UAAU,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CACb,4CAA4C,aAAa,yBAAyB;oBAChF,qBAAsB,UAAoB,CAAC,OAAO,iCAAiC;oBACnF,kEAAkE,CACrE,CAAC;YACJ,CAAC;YACD,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,iBAAiB,CAAC,CAAC;YAC1D,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;gBACtB,MAAM,IAAI,KAAK,CACb,4CAA4C,aAAa,0BAA0B;oBACjF,yCAAyC,QAAQ,iCAAiC;oBAClF,8DAA8D,CACjE,CAAC;YACJ,CAAC;YACD,OAAO;gBACL,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,mBAAmB,CAAC;gBAC7D,cAAc,EAAE,mBAAmB;aACpC,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IACD,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;QACxB,yEAAyE;QACzE,2EAA2E;QAC3E,2EAA2E;QAC3E,2EAA2E;QAC3E,OAAO;YACL,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,EAAE,kBAAkB,CAAC;YACpE,cAAc,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,kBAAkB,CAAC;SAC5D,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;QACnB,8EAA8E;QAC9E,6EAA6E;QAC7E,6EAA6E;QAC7E,4EAA4E;QAC5E,4EAA4E;QAC5E,0EAA0E;QAC1E,4EAA4E;QAC5E,cAAc;QACd,MAAM,IAAI,KAAK,CACb,+DAA+D,OAAO,eAAe;YACnF,oEAAoE,CACvE,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,KAAK,CACb,kCAAkC,OAAO,qCAAqC;QAC5E,+CAA+C,CAClD,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,KAAK,UAAU,eAAe,CAAC,aAAqB;IAClD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC;IAC5C,IAAI,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAC1C,OAAO,OAAO,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACnC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,SAAS,CAAC,CAAC;YACvB,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ;gBAAE,MAAM,GAAG,CAAC;QAClE,CAAC;QACD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACnC,IAAI,IAAI,KAAK,OAAO;YAAE,MAAM;QAC5B,OAAO,GAAG,IAAI,CAAC;IACjB,CAAC;IACD,kCAAkC;IAClC,IAAI,CAAC;QACH,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACjC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ;YAAE,MAAM,GAAG,CAAC;IAClE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,aAAa,CAAC,CAAS;IACpC,IAAI,EAAE,CAAC;IACP,IAAI,CAAC;QACH,EAAE,GAAG,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACrD,MAAM,KAAK,CAAC,CAAC,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;YACrC,OAAO;QACT,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IACD,IAAI,EAAE,CAAC,cAAc,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,EAAE,CAAC,CAAC;IAClF,CAAC;IACD,IAAI,CAAC,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,yBAAyB,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAuB,EAAE,aAAqB;IAC7E,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,YAAY,OAAO,CAAC,EAAE,qCAAqC,CAAC,CAAC;IAC/E,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACjE,MAAM,SAAS,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAC9C,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACtD,OAAO;QACL,YAAY,OAAO,CAAC,QAAQ,CAAC,EAAE;QAC/B,MAAM,OAAO,CAAC,aAAa,CAAC,IAAI,OAAO,CAAC,SAAS,CAAC,EAAE;QACpD,aAAa,OAAO,CAAC,SAAS,CAAC,EAAE;QACjC,QAAQ,OAAO,EAAE;KAClB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AACjB,CAAC;AAED,oFAAoF;AACpF,0DAA0D;AAC1D,SAAS,OAAO,CAAC,CAAS;IACxB,IAAI,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,CAAC,CAAC;IAC5C,OAAO,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC;AACzC,CAAC"}