npm - smol-symphony - Versions diffs - 0.2.0 → 0.3.1 - Mend

smol-symphony 0.2.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (540) hide show

package/AGENTS.md +41 -22
package/DESIGN.md +494 -273
package/README.md +109 -57
package/SPEC.md +33 -24
package/WORKFLOW.minimal.yaml +34 -0
package/{WORKFLOW.template.md → WORKFLOW.template.yaml} +409 -256
package/WORKFLOW.yaml +487 -0
package/assets/skills/symphony-issues/SKILL.md +136 -0
package/assets/symphony-mise.system.toml +68 -0
package/dist/bin/symphony.js +22 -786
package/dist/bin/symphony.js.map +1 -1
package/dist/core/actions/context.js +109 -0
package/dist/core/actions/context.js.map +1 -0
package/dist/{actions/parsing.js → core/actions/parse.js} +33 -114
package/dist/core/actions/parse.js.map +1 -0
package/dist/core/actions/plan.js +197 -0
package/dist/core/actions/plan.js.map +1 -0
package/dist/core/actions/predicates.js +111 -0
package/dist/core/actions/predicates.js.map +1 -0
package/dist/core/actions/run-fold.js +248 -0
package/dist/core/actions/run-fold.js.map +1 -0
package/dist/core/actions/template.js +118 -0
package/dist/core/actions/template.js.map +1 -0
package/dist/core/cli/args.js +116 -0
package/dist/core/cli/args.js.map +1 -0
package/dist/core/coerce.js +75 -0
package/dist/core/coerce.js.map +1 -0
package/dist/core/credential/account-id.js +20 -0
package/dist/core/credential/account-id.js.map +1 -0
package/dist/core/credential/adapter-config.js +136 -0
package/dist/core/credential/adapter-config.js.map +1 -0
package/dist/core/credential/availability.js +98 -0
package/dist/core/credential/availability.js.map +1 -0
package/dist/core/credential/extract.js +228 -0
package/dist/core/credential/extract.js.map +1 -0
package/dist/core/credential/fake-creds.js +171 -0
package/dist/core/credential/fake-creds.js.map +1 -0
package/dist/core/credential/identity.js +125 -0
package/dist/core/credential/identity.js.map +1 -0
package/dist/core/credential/shape.js +230 -0
package/dist/core/credential/shape.js.map +1 -0
package/dist/core/credential/strings.js +15 -0
package/dist/core/credential/strings.js.map +1 -0
package/dist/core/doctor/checks.js +303 -0
package/dist/core/doctor/checks.js.map +1 -0
package/dist/core/git/result.js +107 -0
package/dist/core/git/result.js.map +1 -0
package/dist/core/http/decisions.js +225 -0
package/dist/core/http/decisions.js.map +1 -0
package/dist/{http.js → core/http/render.js} +472 -738
package/dist/core/http/render.js.map +1 -0
package/dist/{http-handlers.js → core/http/routes.js} +52 -87
package/dist/core/http/routes.js.map +1 -0
package/dist/core/http/views.js +181 -0
package/dist/core/http/views.js.map +1 -0
package/dist/core/image/managed-image.js +95 -0
package/dist/core/image/managed-image.js.map +1 -0
package/dist/core/issue/file.js +149 -0
package/dist/core/issue/file.js.map +1 -0
package/dist/core/issue/parse.js +210 -0
package/dist/core/issue/parse.js.map +1 -0
package/dist/core/mcp/dispatch.js +239 -0
package/dist/core/mcp/dispatch.js.map +1 -0
package/dist/core/mcp/post-move.js +92 -0
package/dist/core/mcp/post-move.js.map +1 -0
package/dist/core/mcp/protocol.js +293 -0
package/dist/core/mcp/protocol.js.map +1 -0
package/dist/core/mcp/url.js +162 -0
package/dist/core/mcp/url.js.map +1 -0
package/dist/core/path.js +63 -0
package/dist/core/path.js.map +1 -0
package/dist/core/reconcile/image-decide.js +48 -0
package/dist/core/reconcile/image-decide.js.map +1 -0
package/dist/core/reconcile/ledger.js +142 -0
package/dist/core/reconcile/ledger.js.map +1 -0
package/dist/core/reconcile/pr-classify.js +62 -0
package/dist/core/reconcile/pr-classify.js.map +1 -0
package/dist/{reconciler → core/reconcile}/pr-decide.js +25 -12
package/dist/core/reconcile/pr-decide.js.map +1 -0
package/dist/core/reconcile/pr-loop.js +161 -0
package/dist/core/reconcile/pr-loop.js.map +1 -0
package/dist/core/reconcile/pr-notes.js +35 -0
package/dist/core/reconcile/pr-notes.js.map +1 -0
package/dist/core/reconcile/vm-decide.js +70 -0
package/dist/core/reconcile/vm-decide.js.map +1 -0
package/dist/core/reconcile/vm-reap.js +207 -0
package/dist/core/reconcile/vm-reap.js.map +1 -0
package/dist/core/reconcile/workspace-decide.js +162 -0
package/dist/core/reconcile/workspace-decide.js.map +1 -0
package/dist/core/runlog/summary.js +231 -0
package/dist/core/runlog/summary.js.map +1 -0
package/dist/core/runner/dispatch-config.js +95 -0
package/dist/core/runner/dispatch-config.js.map +1 -0
package/dist/core/runner/injection.js +61 -0
package/dist/core/runner/injection.js.map +1 -0
package/dist/core/runner/mise.js +210 -0
package/dist/core/runner/mise.js.map +1 -0
package/dist/core/runner/prompt.js +720 -0
package/dist/core/runner/prompt.js.map +1 -0
package/dist/core/runner/turn.js +242 -0
package/dist/core/runner/turn.js.map +1 -0
package/dist/core/runner/vm-plan.js +390 -0
package/dist/core/runner/vm-plan.js.map +1 -0
package/dist/core/schedule/admission.js +123 -0
package/dist/core/schedule/admission.js.map +1 -0
package/dist/core/schedule/circuit-breaker.js +111 -0
package/dist/core/schedule/circuit-breaker.js.map +1 -0
package/dist/core/schedule/eligibility.js +83 -0
package/dist/core/schedule/eligibility.js.map +1 -0
package/dist/core/schedule/reconcile-issue.js +82 -0
package/dist/core/schedule/reconcile-issue.js.map +1 -0
package/dist/core/schedule/retry.js +96 -0
package/dist/core/schedule/retry.js.map +1 -0
package/dist/core/schedule/sleep-cycle.js +133 -0
package/dist/core/schedule/sleep-cycle.js.map +1 -0
package/dist/core/schedule/slots.js +124 -0
package/dist/core/schedule/slots.js.map +1 -0
package/dist/core/schedule/tick.js +553 -0
package/dist/core/schedule/tick.js.map +1 -0
package/dist/core/schedule/token-fold.js +181 -0
package/dist/core/schedule/token-fold.js.map +1 -0
package/dist/core/state-resolve.js +86 -0
package/dist/core/state-resolve.js.map +1 -0
package/dist/core/vm-guards.js +278 -0
package/dist/core/vm-guards.js.map +1 -0
package/dist/core/workflow/derive.js +107 -0
package/dist/core/workflow/derive.js.map +1 -0
package/dist/core/workflow/parse.js +687 -0
package/dist/core/workflow/parse.js.map +1 -0
package/dist/core/workflow/prompt-probe.js +78 -0
package/dist/core/workflow/prompt-probe.js.map +1 -0
package/dist/core/workflow/validate.js +189 -0
package/dist/core/workflow/validate.js.map +1 -0
package/dist/core/workspace-key.js +19 -0
package/dist/core/workspace-key.js.map +1 -0
package/dist/shell/actions-runner.js +356 -0
package/dist/shell/actions-runner.js.map +1 -0
package/dist/shell/adapter/adapter-registry.js +45 -0
package/dist/shell/adapter/adapter-registry.js.map +1 -0
package/dist/shell/adapter/clock-random.js +96 -0
package/dist/shell/adapter/clock-random.js.map +1 -0
package/dist/shell/adapter/gondolin-dispatch-helpers.js +158 -0
package/dist/shell/adapter/gondolin-dispatch-helpers.js.map +1 -0
package/dist/shell/adapter/gondolin-dispatch.js +385 -0
package/dist/shell/adapter/gondolin-dispatch.js.map +1 -0
package/dist/shell/adapter/gondolin-image-converter.js +233 -0
package/dist/shell/adapter/gondolin-image-converter.js.map +1 -0
package/dist/shell/adapter/gondolin-image-fetch.js +180 -0
package/dist/shell/adapter/gondolin-image-fetch.js.map +1 -0
package/dist/shell/adapter/launcher-asset.js +57 -0
package/dist/shell/adapter/launcher-asset.js.map +1 -0
package/dist/shell/adapter/mise-config-asset.js +65 -0
package/dist/shell/adapter/mise-config-asset.js.map +1 -0
package/dist/shell/adapter/workflow-loader.js +304 -0
package/dist/shell/adapter/workflow-loader.js.map +1 -0
package/dist/shell/cli/doctor.js +268 -0
package/dist/shell/cli/doctor.js.map +1 -0
package/dist/shell/effect-interpreter-families.js +314 -0
package/dist/shell/effect-interpreter-families.js.map +1 -0
package/dist/shell/effect-interpreter.js +29 -0
package/dist/shell/effect-interpreter.js.map +1 -0
package/dist/shell/interp/acp-frame.js +137 -0
package/dist/shell/interp/acp-frame.js.map +1 -0
package/dist/shell/interp/acp-ws-conn.js +320 -0
package/dist/shell/interp/acp-ws-conn.js.map +1 -0
package/dist/shell/interp/acp-ws-frames.js +159 -0
package/dist/shell/interp/acp-ws-frames.js.map +1 -0
package/dist/shell/interp/acp-ws.js +197 -0
package/dist/shell/interp/acp-ws.js.map +1 -0
package/dist/shell/interp/acp.js +319 -0
package/dist/shell/interp/acp.js.map +1 -0
package/dist/shell/interp/credential-defaults.js +128 -0
package/dist/shell/interp/credential-defaults.js.map +1 -0
package/dist/shell/interp/credential-hooks.js +149 -0
package/dist/shell/interp/credential-hooks.js.map +1 -0
package/dist/shell/interp/credential-registry.js +226 -0
package/dist/shell/interp/credential-registry.js.map +1 -0
package/dist/shell/interp/credential.js +103 -0
package/dist/shell/interp/credential.js.map +1 -0
package/dist/shell/interp/gh.js +163 -0
package/dist/shell/interp/gh.js.map +1 -0
package/dist/shell/interp/git.js +28 -0
package/dist/shell/interp/git.js.map +1 -0
package/dist/shell/interp/log.js +213 -0
package/dist/shell/interp/log.js.map +1 -0
package/dist/shell/interp/process.js +178 -0
package/dist/shell/interp/process.js.map +1 -0
package/dist/shell/interp/runlog.js +193 -0
package/dist/shell/interp/runlog.js.map +1 -0
package/dist/shell/interp/timer.js +64 -0
package/dist/shell/interp/timer.js.map +1 -0
package/dist/shell/interp/tracker-disk.js +99 -0
package/dist/shell/interp/tracker-disk.js.map +1 -0
package/dist/shell/interp/tracker-parse.js +71 -0
package/dist/shell/interp/tracker-parse.js.map +1 -0
package/dist/shell/interp/tracker-scan.js +238 -0
package/dist/shell/interp/tracker-scan.js.map +1 -0
package/dist/shell/interp/tracker-write.js +91 -0
package/dist/shell/interp/tracker-write.js.map +1 -0
package/dist/shell/interp/tracker.js +41 -0
package/dist/shell/interp/tracker.js.map +1 -0
package/dist/shell/interp/tty.js +48 -0
package/dist/shell/interp/tty.js.map +1 -0
package/dist/shell/interp/vm.js +199 -0
package/dist/shell/interp/vm.js.map +1 -0
package/dist/shell/interp/workspace.js +310 -0
package/dist/shell/interp/workspace.js.map +1 -0
package/dist/shell/main-acp.js +78 -0
package/dist/shell/main-acp.js.map +1 -0
package/dist/shell/main-adapters.js +222 -0
package/dist/shell/main-adapters.js.map +1 -0
package/dist/shell/main-credential.js +122 -0
package/dist/shell/main-credential.js.map +1 -0
package/dist/shell/main-doctor.js +22 -0
package/dist/shell/main-doctor.js.map +1 -0
package/dist/shell/main-entry.js +46 -0
package/dist/shell/main-entry.js.map +1 -0
package/dist/shell/main-http-csrf.js +45 -0
package/dist/shell/main-http-csrf.js.map +1 -0
package/dist/shell/main-http-handler.js +389 -0
package/dist/shell/main-http-handler.js.map +1 -0
package/dist/shell/main-http-mcp.js +122 -0
package/dist/shell/main-http-mcp.js.map +1 -0
package/dist/shell/main-http-views.js +253 -0
package/dist/shell/main-http-views.js.map +1 -0
package/dist/shell/main-http.js +76 -0
package/dist/shell/main-http.js.map +1 -0
package/dist/shell/main-loops.js +130 -0
package/dist/shell/main-loops.js.map +1 -0
package/dist/shell/main-mcp.js +129 -0
package/dist/shell/main-mcp.js.map +1 -0
package/dist/shell/main-orchestrator.js +120 -0
package/dist/shell/main-orchestrator.js.map +1 -0
package/dist/shell/main-preflight.js +43 -0
package/dist/shell/main-preflight.js.map +1 -0
package/dist/shell/main-reconcilers-helpers.js +244 -0
package/dist/shell/main-reconcilers-helpers.js.map +1 -0
package/dist/shell/main-reconcilers-pr.js +148 -0
package/dist/shell/main-reconcilers-pr.js.map +1 -0
package/dist/shell/main-reconcilers.js +225 -0
package/dist/shell/main-reconcilers.js.map +1 -0
package/dist/shell/main-runner.js +355 -0
package/dist/shell/main-runner.js.map +1 -0
package/dist/shell/main-scaffold.js +116 -0
package/dist/shell/main-scaffold.js.map +1 -0
package/dist/shell/main-shutdown.js +115 -0
package/dist/shell/main-shutdown.js.map +1 -0
package/dist/shell/main-startup.js +48 -0
package/dist/shell/main-startup.js.map +1 -0
package/dist/shell/main-substrates.js +43 -0
package/dist/shell/main-substrates.js.map +1 -0
package/dist/shell/main.js +385 -0
package/dist/shell/main.js.map +1 -0
package/dist/shell/orchestrator-feedback.js +69 -0
package/dist/shell/orchestrator-feedback.js.map +1 -0
package/dist/shell/orchestrator-image.js +167 -0
package/dist/shell/orchestrator-image.js.map +1 -0
package/dist/shell/orchestrator-loop.js +468 -0
package/dist/shell/orchestrator-loop.js.map +1 -0
package/dist/shell/orchestrator-reconcile.js +36 -0
package/dist/shell/orchestrator-reconcile.js.map +1 -0
package/dist/shell/reconciler-loop.js +228 -0
package/dist/shell/reconciler-loop.js.map +1 -0
package/dist/shell/runner-loop-turn.js +301 -0
package/dist/shell/runner-loop-turn.js.map +1 -0
package/dist/shell/runner-loop.js +338 -0
package/dist/shell/runner-loop.js.map +1 -0
package/dist/shell/server/http.js +208 -0
package/dist/shell/server/http.js.map +1 -0
package/dist/shell/server/mcp-runtime-effects.js +237 -0
package/dist/shell/server/mcp-runtime-effects.js.map +1 -0
package/dist/shell/server/mcp-runtime.js +99 -0
package/dist/shell/server/mcp-runtime.js.map +1 -0
package/dist/shell/workspace-key.js +14 -0
package/dist/shell/workspace-key.js.map +1 -0
package/dist/types/acp.js +8 -0
package/dist/types/acp.js.map +1 -0
package/dist/types/actions/plan.js +6 -0
package/dist/types/actions/plan.js.map +1 -0
package/dist/types/actions/predicates.js +6 -0
package/dist/types/actions/predicates.js.map +1 -0
package/dist/types/actions/run-fold.js +8 -0
package/dist/types/actions/run-fold.js.map +1 -0
package/dist/types/actions.js +7 -0
package/dist/types/actions.js.map +1 -0
package/dist/types/adapter/clock-random.js +4 -0
package/dist/types/adapter/clock-random.js.map +1 -0
package/dist/types/adapter/gondolin-image-converter.js +5 -0
package/dist/types/adapter/gondolin-image-converter.js.map +1 -0
package/dist/types/adapter/gondolin-image-fetch.js +5 -0
package/dist/types/adapter/gondolin-image-fetch.js.map +1 -0
package/dist/types/adapter/workflow-loader.js +4 -0
package/dist/types/adapter/workflow-loader.js.map +1 -0
package/dist/types/cli/args.js +8 -0
package/dist/types/cli/args.js.map +1 -0
package/dist/types/config.js +8 -0
package/dist/types/config.js.map +1 -0
package/dist/types/credential-interp.js +6 -0
package/dist/types/credential-interp.js.map +1 -0
package/dist/types/credentials.js +10 -0
package/dist/types/credentials.js.map +1 -0
package/dist/types/doctor.js +7 -0
package/dist/types/doctor.js.map +1 -0
package/dist/types/domain.js +7 -0
package/dist/types/domain.js.map +1 -0
package/dist/types/effect.js +15 -0
package/dist/types/effect.js.map +1 -0
package/dist/types/errors.js +39 -0
package/dist/types/errors.js.map +1 -0
package/dist/types/http/decisions.js +6 -0
package/dist/types/http/decisions.js.map +1 -0
package/dist/types/http/render.js +10 -0
package/dist/types/http/render.js.map +1 -0
package/dist/types/http/views.js +6 -0
package/dist/types/http/views.js.map +1 -0
package/dist/types/http.js +9 -0
package/dist/types/http.js.map +1 -0
package/dist/types/image/managed-image.js +7 -0
package/dist/types/image/managed-image.js.map +1 -0
package/dist/types/interp/effect-interpreter.js +8 -0
package/dist/types/interp/effect-interpreter.js.map +1 -0
package/dist/types/interp/tracker.js +7 -0
package/dist/types/interp/tracker.js.map +1 -0
package/dist/types/issue/file.js +6 -0
package/dist/types/issue/file.js.map +1 -0
package/dist/types/issue/parse.js +8 -0
package/dist/types/issue/parse.js.map +1 -0
package/dist/types/main-acp.js +13 -0
package/dist/types/main-acp.js.map +1 -0
package/dist/types/main-adapters.js +5 -0
package/dist/types/main-adapters.js.map +1 -0
package/dist/types/main-credential.js +21 -0
package/dist/types/main-credential.js.map +1 -0
package/dist/types/main-doctor.js +6 -0
package/dist/types/main-doctor.js.map +1 -0
package/dist/types/main-http-handler.js +12 -0
package/dist/types/main-http-handler.js.map +1 -0
package/dist/types/main-http.js +5 -0
package/dist/types/main-http.js.map +1 -0
package/dist/types/main-loops.js +5 -0
package/dist/types/main-loops.js.map +1 -0
package/dist/types/main-mcp.js +12 -0
package/dist/types/main-mcp.js.map +1 -0
package/dist/types/main-orchestrator.js +5 -0
package/dist/types/main-orchestrator.js.map +1 -0
package/dist/types/main-reconcilers.js +11 -0
package/dist/types/main-reconcilers.js.map +1 -0
package/dist/types/main-runner.js +13 -0
package/dist/types/main-runner.js.map +1 -0
package/dist/types/main-startup.js +5 -0
package/dist/types/main-startup.js.map +1 -0
package/dist/types/main-substrates.js +5 -0
package/dist/types/main-substrates.js.map +1 -0
package/dist/types/mcp/dispatch.js +4 -0
package/dist/types/mcp/dispatch.js.map +1 -0
package/dist/types/mcp/post-move.js +7 -0
package/dist/types/mcp/post-move.js.map +1 -0
package/dist/types/mcp.js +9 -0
package/dist/types/mcp.js.map +1 -0
package/dist/types/ports.js +12 -0
package/dist/types/ports.js.map +1 -0
package/dist/types/reconcile/image-decide.js +5 -0
package/dist/types/reconcile/image-decide.js.map +1 -0
package/dist/types/reconcile/ledger.js +7 -0
package/dist/types/reconcile/ledger.js.map +1 -0
package/dist/types/reconcile/pr-loop.js +8 -0
package/dist/types/reconcile/pr-loop.js.map +1 -0
package/dist/types/reconcile/vm-reap.js +8 -0
package/dist/types/reconcile/vm-reap.js.map +1 -0
package/dist/types/reconcile/workspace-decide.js +7 -0
package/dist/types/reconcile/workspace-decide.js.map +1 -0
package/dist/types/reconcile.js +9 -0
package/dist/types/reconcile.js.map +1 -0
package/dist/types/runlog.js +7 -0
package/dist/types/runlog.js.map +1 -0
package/dist/types/runner/actions-runner.js +12 -0
package/dist/types/runner/actions-runner.js.map +1 -0
package/dist/types/runner/gondolin-dispatch.js +5 -0
package/dist/types/runner/gondolin-dispatch.js.map +1 -0
package/dist/types/runner/injection.js +6 -0
package/dist/types/runner/injection.js.map +1 -0
package/dist/types/runner/runner-loop.js +5 -0
package/dist/types/runner/runner-loop.js.map +1 -0
package/dist/types/runner/turn.js +4 -0
package/dist/types/runner/turn.js.map +1 -0
package/dist/types/runner/vm-plan.js +4 -0
package/dist/types/runner/vm-plan.js.map +1 -0
package/dist/types/runtime.js +9 -0
package/dist/types/runtime.js.map +1 -0
package/dist/types/schedule/admission.js +7 -0
package/dist/types/schedule/admission.js.map +1 -0
package/dist/types/schedule/circuit-breaker.js +2 -0
package/dist/types/schedule/circuit-breaker.js.map +1 -0
package/dist/types/schedule/eligibility.js +9 -0
package/dist/types/schedule/eligibility.js.map +1 -0
package/dist/types/schedule/orchestrator-loop.js +10 -0
package/dist/types/schedule/orchestrator-loop.js.map +1 -0
package/dist/types/schedule/sleep-cycle.js +4 -0
package/dist/types/schedule/sleep-cycle.js.map +1 -0
package/dist/types/schedule/slots.js +8 -0
package/dist/types/schedule/slots.js.map +1 -0
package/dist/types/schedule/tick.js +9 -0
package/dist/types/schedule/tick.js.map +1 -0
package/dist/types/server/mcp-runtime.js +8 -0
package/dist/types/server/mcp-runtime.js.map +1 -0
package/dist/types/workflow/parse.js +4 -0
package/dist/types/workflow/parse.js.map +1 -0
package/package.json +22 -10
package/patches/@earendil-works+gondolin+0.12.0.patch +173 -0
package/prompts/Reflect.md +91 -0
package/prompts/Review.md +97 -0
package/prompts/Todo.md +96 -0
package/prompts/_footer.md +41 -0
package/prompts/_preamble.md +42 -0
package/prompts-minimal/Todo.md +26 -0
package/scripts/postinstall.mjs +63 -0
package/scripts/vm-agent.mjs +312 -90
package/WORKFLOW.md +0 -744
package/dist/acp-bridge.js +0 -324
package/dist/acp-bridge.js.map +0 -1
package/dist/actions/cache.js +0 -191
package/dist/actions/cache.js.map +0 -1
package/dist/actions/effects.js +0 -41
package/dist/actions/effects.js.map +0 -1
package/dist/actions/executor.js +0 -570
package/dist/actions/executor.js.map +0 -1
package/dist/actions/index.js +0 -13
package/dist/actions/index.js.map +0 -1
package/dist/actions/parsing.js.map +0 -1
package/dist/actions/predicate-env.js +0 -27
package/dist/actions/predicate-env.js.map +0 -1
package/dist/actions/predicates.js +0 -49
package/dist/actions/predicates.js.map +0 -1
package/dist/actions/templating.js +0 -66
package/dist/actions/templating.js.map +0 -1
package/dist/actions/types.js +0 -15
package/dist/actions/types.js.map +0 -1
package/dist/agent/acp.js +0 -473
package/dist/agent/acp.js.map +0 -1
package/dist/agent/adapter-names.js +0 -159
package/dist/agent/adapter-names.js.map +0 -1
package/dist/agent/adapters.js +0 -511
package/dist/agent/adapters.js.map +0 -1
package/dist/agent/credential-extractors.js +0 -342
package/dist/agent/credential-extractors.js.map +0 -1
package/dist/agent/credential-secrets.js +0 -628
package/dist/agent/credential-secrets.js.map +0 -1
package/dist/agent/credential-ticker.js +0 -57
package/dist/agent/credential-ticker.js.map +0 -1
package/dist/agent/gondolin-creds-staging.js +0 -356
package/dist/agent/gondolin-creds-staging.js.map +0 -1
package/dist/agent/gondolin-dispatch.js +0 -375
package/dist/agent/gondolin-dispatch.js.map +0 -1
package/dist/agent/gondolin.js +0 -124
package/dist/agent/gondolin.js.map +0 -1
package/dist/agent/runner-decisions.js +0 -134
package/dist/agent/runner-decisions.js.map +0 -1
package/dist/agent/runner.js +0 -1456
package/dist/agent/runner.js.map +0 -1
package/dist/agent/tool-call-summary.js +0 -102
package/dist/agent/tool-call-summary.js.map +0 -1
package/dist/agent/vm-acp-mapping.js +0 -73
package/dist/agent/vm-acp-mapping.js.map +0 -1
package/dist/agent/vm-guards.js +0 -262
package/dist/agent/vm-guards.js.map +0 -1
package/dist/agent/vm-port.js +0 -22
package/dist/agent/vm-port.js.map +0 -1
package/dist/agent/vm-process-registry.js +0 -79
package/dist/agent/vm-process-registry.js.map +0 -1
package/dist/bin/cli-args.js +0 -105
package/dist/bin/cli-args.js.map +0 -1
package/dist/errors.js +0 -15
package/dist/errors.js.map +0 -1
package/dist/http-disk.js +0 -135
package/dist/http-disk.js.map +0 -1
package/dist/http-handlers.js.map +0 -1
package/dist/http.js.map +0 -1
package/dist/issues.js +0 -178
package/dist/issues.js.map +0 -1
package/dist/logging.js +0 -203
package/dist/logging.js.map +0 -1
package/dist/mcp.js +0 -706
package/dist/mcp.js.map +0 -1
package/dist/memory.js +0 -85
package/dist/memory.js.map +0 -1
package/dist/orchestrator-decisions.js +0 -331
package/dist/orchestrator-decisions.js.map +0 -1
package/dist/orchestrator.js +0 -1569
package/dist/orchestrator.js.map +0 -1
package/dist/prompt.js +0 -65
package/dist/prompt.js.map +0 -1
package/dist/reconciler/cache.js +0 -65
package/dist/reconciler/cache.js.map +0 -1
package/dist/reconciler/index.js +0 -448
package/dist/reconciler/index.js.map +0 -1
package/dist/reconciler/ledger.js +0 -131
package/dist/reconciler/ledger.js.map +0 -1
package/dist/reconciler/pr-adapters.js +0 -174
package/dist/reconciler/pr-adapters.js.map +0 -1
package/dist/reconciler/pr-decide.js.map +0 -1
package/dist/reconciler/pr.js +0 -422
package/dist/reconciler/pr.js.map +0 -1
package/dist/reconciler/types.js +0 -12
package/dist/reconciler/types.js.map +0 -1
package/dist/reconciler/vm.js +0 -243
package/dist/reconciler/vm.js.map +0 -1
package/dist/reconciler/workspace-defaults.js +0 -83
package/dist/reconciler/workspace-defaults.js.map +0 -1
package/dist/reconciler/workspace.js +0 -272
package/dist/reconciler/workspace.js.map +0 -1
package/dist/runlog.js +0 -403
package/dist/runlog.js.map +0 -1
package/dist/scaffold.js +0 -165
package/dist/scaffold.js.map +0 -1
package/dist/trackers/local.js +0 -445
package/dist/trackers/local.js.map +0 -1
package/dist/trackers/types.js +0 -10
package/dist/trackers/types.js.map +0 -1
package/dist/types.js +0 -3
package/dist/types.js.map +0 -1
package/dist/util/clock.js +0 -12
package/dist/util/clock.js.map +0 -1
package/dist/util/crypto.js +0 -25
package/dist/util/crypto.js.map +0 -1
package/dist/util/frontmatter.js +0 -70
package/dist/util/frontmatter.js.map +0 -1
package/dist/util/fs-issues.js +0 -22
package/dist/util/fs-issues.js.map +0 -1
package/dist/util/process.js +0 -152
package/dist/util/process.js.map +0 -1
package/dist/util/workspace-key.js +0 -10
package/dist/util/workspace-key.js.map +0 -1
package/dist/workflow-loader.js +0 -147
package/dist/workflow-loader.js.map +0 -1
package/dist/workflow.js +0 -822
package/dist/workflow.js.map +0 -1
package/dist/workspace-types.js +0 -8
package/dist/workspace-types.js.map +0 -1
package/dist/workspace.js +0 -443
package/dist/workspace.js.map +0 -1

package/dist/agent/credential-ticker.js DELETED Viewed

@@ -1,57 +0,0 @@
-// Host-side OAuth ticker — periodically drives a credential refresh so the
-// on-demand fallback isn't the only thing keeping the host access token fresh
-// during long idle windows.
-//
-// Under the Gondolin secret-substitution model the work is delegated to the
-// credential registry's `refreshAll()` (which fans `refreshAdapter` over every
-// live adapter); the registry's per-adapter refresh carries the shared flock +
-// single-flight, so concurrent ticks + a per-VM proactive `expiresAt` tick
-// collapse into a single host-side refresh.
-//
-// Lifecycle:
-//   start() — install the interval timer. Idempotent.
-//   stop()  — clear the timer. Idempotent.
-import { log } from '../logging.js';
-export class CredentialTicker {
-    timer = null;
-    stopped = false;
-    intervalMs;
-    refreshAll;
-    constructor(opts) {
-        this.intervalMs = opts.intervalMs;
-        this.refreshAll = opts.refreshAll;
-    }
-    start() {
-        if (this.timer || this.stopped)
-            return;
-        if (this.intervalMs <= 0) {
-            log.info('credential ticker disabled (interval_ms <= 0)');
-            return;
-        }
-        this.timer = setInterval(() => void this.tick(), this.intervalMs);
-        // Don't prevent process shutdown on the ticker — the lifecycle is owned
-        // by `stop()` below, but if a future code path drops the reference, we
-        // shouldn't keep the event loop alive.
-        if (typeof this.timer.unref === 'function')
-            this.timer.unref();
-        log.info('credential ticker started', { interval_ms: this.intervalMs });
-    }
-    stop() {
-        this.stopped = true;
-        if (this.timer) {
-            clearInterval(this.timer);
-            this.timer = null;
-        }
-    }
-    async tick() {
-        if (this.stopped)
-            return;
-        try {
-            await this.refreshAll();
-        }
-        catch (err) {
-            log.warn('credential ticker: refresh failed', { error: err.message });
-        }
-    }
-}
-//# sourceMappingURL=credential-ticker.js.map

package/dist/agent/credential-ticker.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"credential-ticker.js","sourceRoot":"","sources":["../../src/agent/credential-ticker.ts"],"names":[],"mappings":"AAAA,2EAA2E;AAC3E,8EAA8E;AAC9E,4BAA4B;AAC5B,EAAE;AACF,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,2EAA2E;AAC3E,4CAA4C;AAC5C,EAAE;AACF,aAAa;AACb,sDAAsD;AACtD,2CAA2C;AAE3C,OAAO,EAAE,GAAG,EAAE,MAAM,eAAe,CAAC;AAapC,MAAM,OAAO,gBAAgB;IACnB,KAAK,GAA0B,IAAI,CAAC;IACpC,OAAO,GAAG,KAAK,CAAC;IACP,UAAU,CAAS;IACnB,UAAU,CAAsB;IAEjD,YAAY,IAA6B;QACvC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;QAClC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IACpC,CAAC;IAED,KAAK;QACH,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO;QACvC,IAAI,IAAI,CAAC,UAAU,IAAI,CAAC,EAAE,CAAC;YACzB,GAAG,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;YAC1D,OAAO;QACT,CAAC;QACD,IAAI,CAAC,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC,KAAK,IAAI,CAAC,IAAI,EAAE,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAClE,wEAAwE;QACxE,uEAAuE;QACvE,uCAAuC;QACvC,IAAI,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,UAAU;YAAE,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QAC/D,GAAG,CAAC,IAAI,CAAC,2BAA2B,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED,IAAI;QACF,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACpB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QACpB,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,IAAI;QAChB,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO;QACzB,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAC1B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,IAAI,CAAC,mCAAmC,EAAE,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QACnF,CAAC;IACH,CAAC;CACF"}

package/dist/agent/gondolin-creds-staging.js DELETED Viewed

@@ -1,356 +0,0 @@
-// Per-adapter Gondolin fake-native-credential staging (design §3.3).
-//
-// This is the credential-MODEL half of the Gondolin backend — NOT the old proxy
-// model. There is no proxy server and no base-URL injection: the in-VM client
-// dials its REAL upstream (claude→api.anthropic.com, codex→chatgpt.com backend,
-// opencode→api.githubcopilot.com) in its NATIVE mode, with a token-shaped
-// PLACEHOLDER as its bearer. Gondolin substitutes the real access token into the
-// outbound request at egress (TLS-MITM) per the per-VM `secretManager`; the real
-// refresh/durable token NEVER enters the guest (the invariant).
-//
-// Given an adapter id + the placeholder value (from `createHttpHooks().env`) +
-// identity inputs, this module builds the set of FAKE native credential FILES to
-// stage into the guest (guest path + JSON content), each holding ONLY
-// placeholders (plus, for codex, the non-secret `account_id` read from the host
-// auth.json), and the guest ENV additions (the placeholder bearer keyed by the
-// secret name) for a client that reads its bearer from env rather than a file.
-//
-// CRITICAL — placeholder identity: Gondolin substitutes the secret by EXACT
-// string match in the outbound `Authorization` header (design §2). So the bearer
-// the guest sends MUST equal the placeholder Gondolin holds. We therefore use the
-// placeholder from `createHttpHooks().env[secretName]` VERBATIM as the staged
-// file's bearer field (claude `claudeAiOauth.accessToken`, codex
-// `tokens.access_token`). For codex that placeholder is ALREADY JWT-shaped with a
-// far-future `exp` (see `credential-secrets.ts` `codexPlaceholder`/
-// `assemblePlaceholderJwt`), so codex's native mode never refreshes it.
-//
-// Pure-ish: the only IO is reading the host `~/.codex/auth.json` to copy the
-// non-secret `account_id` (codex) and the host `~/.claude.json` to copy the
-// non-secret oauthAccount identity (claude). Both are injected via `hostReaders`
-// so tests pass fakes — no real creds, no FS.
-//
-// INVARIANT (precise — codex review): the host `~/.codex/auth.json` DOES contain
-// real tokens, so the default reader parses a file whose bytes include them (the
-// host process already holds these tokens — `credential-secrets.ts` reads the same
-// file for the access token, so this is no new host-side exposure). What this
-// module guarantees is that it **extracts and EMITS only non-secret identity +
-// metadata** (codex `account_id` / `auth_mode` / `last_refresh`, claude
-// oauthAccount UUIDs — all read by an allowlist of known non-secret keys) — a real
-// access/refresh token (or a real `OPENAI_API_KEY`) is never returned to the
-// caller, never written into a staged file, and never put in the guest env. The
-// guest-facing invariant (no real token in the VM) holds.
-//
-// LIVE: the runner (`runner.ts`) and `gondolin-dispatch.ts` consume this on the
-// dispatch path. The runtime (non-credential) files still flow through
-// `adapters.ts`' `stage*` helpers.
-//
-// The fake-creds shapes are the ones the spike VERIFIED end-to-end (B5 claude,
-// C7 codex) — see `spike/gondolin/tests/{b5-claude-real,c7-codex-real}.mjs` and
-// `docs/research/gondolin-sandbox-migration.md` §3.3.
-import os from 'node:os';
-import path from 'node:path';
-import { log } from '../logging.js';
-import { buildOpencodeConfig, OPENCODE_CONFIG_GUEST_PATH } from './adapters.js';
-// ---------------------------------------------------------------------------
-// Constants.
-// ---------------------------------------------------------------------------
-// Guest paths the fake native creds land at (the VM runs as root). These mirror
-// the runner's `stageAdapterExtras` guest paths (runner.ts) so a client finds its
-// creds in exactly the place its native mode looks.
-const CLAUDE_CREDENTIALS_GUEST_PATH = '/root/.claude/.credentials.json';
-const CLAUDE_CONFIG_GUEST_PATH = '/root/.claude.json';
-const CODEX_AUTH_GUEST_PATH = '/root/.codex/auth.json';
-const CRED_FILE_MODE = 0o600;
-// Far-future expiry (2100-01-01T00:00:00Z, ms since epoch) so the claude client
-// never proactively refreshes the placeholder (a refresh attempt would be
-// egress-blocked and is pure waste). Matches the spike's `4102444800000`. (codex's
-// far-future `exp` lives inside its JWT placeholder, set in credential-secrets.ts.)
-const FAR_FUTURE_MS = 4_102_444_800_000;
-// A junk refresh token: token-SHAPED but explicitly never a real token. The guest
-// has nothing to rotate (the real refresh token stays host-side, layer 1).
-const JUNK_REFRESH = 'JUNK-PLACEHOLDER-REFRESH-not-a-real-token';
-// ---------------------------------------------------------------------------
-// Builders per adapter.
-// ---------------------------------------------------------------------------
-/**
- * Build the fake native creds + env additions for `adapterId`. The placeholder
- * (a fake, token-shaped value) is what the guest sees as its bearer; Gondolin
- * substitutes the real token at egress. The returned `env` is always the
- * single-entry `{ [secretName]: placeholder }` so a client reading its bearer
- * from env (not a file) still gets the placeholder.
- */
-export async function buildGondolinFakeCreds(adapterId, input) {
-    const env = { [input.secretName]: input.placeholder };
-    const readers = input.hostReaders ?? defaultHostIdentityReaders();
-    switch (adapterId) {
-        case 'claude':
-            return { files: await buildClaudeFiles(input.placeholder, readers), env };
-        case 'codex':
-            return { files: await buildCodexFiles(input.placeholder, readers), env };
-        case 'opencode':
-            return { files: buildOpencodeFiles(input.opencodeModel ?? null), env };
-    }
-}
-/**
- * claude fake `~/.claude/.credentials.json` = `{ claudeAiOauth: { accessToken:
- * <placeholder>, refreshToken: <junk>, expiresAt: <far future ms> } }` (spike B5).
- * Far-future expiry ⇒ no proactive refresh. ALSO stage the scrubbed
- * `~/.claude.json` identity (oauthAccount UUIDs only — the real accountUuid /
- * organizationUuid are identifiers, NOT secrets) when the host provides one;
- * absent identity is non-fatal (best-effort, matching `stageClaudeIdentity`).
- */
-async function buildClaudeFiles(placeholder, readers) {
-    const credsContent = JSON.stringify({
-        claudeAiOauth: {
-            accessToken: placeholder,
-            refreshToken: JUNK_REFRESH,
-            expiresAt: FAR_FUTURE_MS,
-        },
-    });
-    const files = [credFile(CLAUDE_CREDENTIALS_GUEST_PATH, credsContent)];
-    const identity = await safeReadClaudeIdentity(readers);
-    if (identity !== null) {
-        const configContent = JSON.stringify({
-            hasCompletedOnboarding: true,
-            oauthAccount: identity,
-            projects: {},
-        });
-        files.push(credFile(CLAUDE_CONFIG_GUEST_PATH, configContent));
-    }
-    return files;
-}
-/**
- * codex fake `~/.codex/auth.json`, shaped to be COMPLETE for codex 0.135.
- *
- * GO-LIVE FINDING (2026-05-30, the real root cause; the earlier "post-101 WS
- * drop" was a red herring): codex 0.135's local auth manager runs a COMPLETENESS
- * check on auth.json BEFORE it will send the `Authorization` bearer. A too-minimal
- * `{ tokens: { access_token, id_token, refresh_token, account_id } }` is judged
- * "credentials incomplete" — so codex sends NO bearer at all → unauthenticated →
- * 401 → a blocked refresh → turn refusal. With a COMPLETE auth.json the WS Upgrade
- * gets a clean 101 through Gondolin and the turn completes. The proven-working
- * shape (spike C7, VERIFIED) carries the non-secret top-level completeness fields
- * `auth_mode` + `last_refresh` (and `OPENAI_API_KEY: null`) alongside the tokens
- * block.
- *
- * SAFETY-FIRST: we do NOT spread the host auth.json into the staged file (that
- * would leak a real token if any secret field were missed). Instead we read ONLY
- * an ALLOWLIST of non-secret metadata via the injected reader and BUILD a fresh
- * object from scratch:
- *   - top level: `OPENAI_API_KEY: null` (the OAuth tokens block is the live cred,
- *     never an apikey) + the non-secret `auth_mode` + `last_refresh` when known;
- *   - `tokens`: the JWT-shaped `placeholder` as both `access_token` (codex's
- *     bearer; Gondolin substitutes the real token at egress) and `id_token`, a
- *     JUNK `refresh_token` (the guest has nothing real to rotate), and the
- *     non-secret `account_id` (the `chatgpt-account-id` routing identifier).
- * The placeholder's far-future JWT `exp` (baked in by `credential-secrets.ts`)
- * keeps codex from proactively refreshing. The real access/id/refresh token never
- * enters this object.
- */
-async function buildCodexFiles(placeholder, readers) {
-    const meta = await safeReadCodexMetadata(readers);
-    // Re-validate at this STAGING chokepoint (codex review, HIGH). `HostIdentityReaders`
-    // is an injectable boundary, so even though the default reader already guards via
-    // `extractCodexMetadata`, a custom/buggy/hostile reader could hand us a non-UUID
-    // `accountId` (or an out-of-allowlist `authMode`/`lastRefresh`). The same shared
-    // guards run again here so a token-shaped value is OMITTED from the staged
-    // auth.json regardless of which reader produced it (defense-in-depth).
-    const accountId = validAccountId(meta?.accountId ?? null);
-    const authMode = validAuthMode(meta?.authMode ?? null);
-    const lastRefresh = validLastRefresh(meta?.lastRefresh ?? null);
-    const tokens = {
-        access_token: placeholder,
-        id_token: placeholder,
-        refresh_token: JUNK_REFRESH,
-        ...(accountId !== null ? { account_id: accountId } : {}),
-    };
-    // Top-level non-secret completeness fields. `OPENAI_API_KEY: null` mirrors the
-    // host (codex stores the OAuth tokens block, NOT an api key); `auth_mode` /
-    // `last_refresh` are the markers codex 0.135's completeness check requires (see
-    // the doc comment). All are non-secret; absent/invalid ⇒ omitted (best-effort).
-    const auth = {
-        OPENAI_API_KEY: null,
-        ...(authMode !== null ? { auth_mode: authMode } : {}),
-        tokens,
-        ...(lastRefresh !== null ? { last_refresh: lastRefresh } : {}),
-    };
-    return [credFile(CODEX_AUTH_GUEST_PATH, JSON.stringify(auth))];
-}
-/**
- * opencode reuses the existing custom-provider config (`buildOpencodeConfig`):
- * `apiKey: {env:OPENCODE_PROXY_TOKEN}`. The placeholder bearer is delivered via
- * the env additions (the `{env:…}` interpolation reads it), so the config file
- * itself holds no token — only the provider declaration + model.
- */
-function buildOpencodeFiles(model) {
-    return [credFile(OPENCODE_CONFIG_GUEST_PATH, buildOpencodeConfig(model))];
-}
-// ---------------------------------------------------------------------------
-// Helpers.
-// ---------------------------------------------------------------------------
-function credFile(guestPath, content) {
-    return { guestPath, content, mode: CRED_FILE_MODE };
-}
-async function safeReadClaudeIdentity(readers) {
-    try {
-        return await readers.readClaudeIdentity();
-    }
-    catch (err) {
-        log.warn('gondolin-creds-staging: claude identity read failed (non-fatal)', {
-            error: err.message,
-        });
-        return null;
-    }
-}
-async function safeReadCodexMetadata(readers) {
-    try {
-        return await readers.readCodexMetadata();
-    }
-    catch (err) {
-        log.warn('gondolin-creds-staging: codex metadata read failed (non-fatal)', {
-            error: err.message,
-        });
-        return null;
-    }
-}
-// ---------------------------------------------------------------------------
-// Default host identity readers (real FS; parse host creds but emit only identity).
-// ---------------------------------------------------------------------------
-/**
- * Default readers backed by the host filesystem. Each parses the host file and
- * returns ONLY the non-secret identity/metadata — the claude oauthAccount UUIDs,
- * the codex `account_id`, and the codex completeness metadata (account_id /
- * auth_mode / last_refresh, allowlisted). The codex auth.json's bytes also contain
- * real tokens; they are parsed-then-discarded and never returned/emitted (module
- * header invariant). A missing/malformed file yields null.
- */
-export function defaultHostIdentityReaders() {
-    const readCodexAuth = () => readHostJson(path.join(os.homedir(), '.codex', 'auth.json'));
-    return {
-        readClaudeIdentity: async () => extractClaudeIdentity(await readHostJson(path.join(os.homedir(), '.claude.json'))),
-        readCodexAccountId: async () => extractCodexAccountId(await readCodexAuth()),
-        readCodexMetadata: async () => extractCodexMetadata(await readCodexAuth()),
-    };
-}
-async function readHostJson(p) {
-    const { readFile } = await import('node:fs/promises');
-    let raw;
-    try {
-        raw = await readFile(p, 'utf8');
-    }
-    catch {
-        return null;
-    }
-    try {
-        return JSON.parse(raw);
-    }
-    catch {
-        return null;
-    }
-}
-/**
- * Pure: pull ONLY the non-secret oauthAccount UUIDs out of a parsed `~/.claude.json`.
- * Mirrors `adapters.ts` `extractOauthAccountIdentity` — no token, no device/session
- * id, no local config.
- */
-export function extractClaudeIdentity(parsed) {
-    const acct = pickObject(parsed, 'oauthAccount');
-    if (acct === null)
-        return null;
-    const accountUuid = pickString(acct, 'accountUuid');
-    const organizationUuid = pickString(acct, 'organizationUuid');
-    if (accountUuid === null || organizationUuid === null)
-        return null;
-    return { accountUuid, organizationUuid };
-}
-/**
- * Pure: pull ONLY the non-secret `account_id` out of a parsed `~/.codex/auth.json`
- * `tokens` block. The parsed object also holds the real access/refresh tokens (the
- * caller parsed the whole file), but this function reads + returns ONLY `account_id`
- * — the tokens are never returned or emitted.
- *
- * SAFETY-CRITICAL (codex review, HIGH): this value flows (via `symphony.ts` →
- * `buildAdapterCredentialSpecs({ codexAccountId })` → `codexPlaceholder` →
- * `assemblePlaceholderJwt`) into the placeholder JWT's `chatgpt_account_id` claim,
- * and that JWT IS the guest's staged `tokens.access_token` BEARER. So we validate
- * the value through the SHARED {@link validAccountId} UUID guard here: a hostile /
- * malformed `account_id` (a token / `sk-…` / JWT string) is NOT a UUID → returns
- * null → the claim is OMITTED from the bearer (the SAFE failure), never embedded.
- */
-export function extractCodexAccountId(parsed) {
-    const tokens = pickObject(parsed, 'tokens');
-    if (tokens === null)
-        return null;
-    return validAccountId(pickString(tokens, 'account_id'));
-}
-/**
- * Pure: pull ONLY the allowlisted NON-SECRET codex completeness metadata out of a
- * parsed `~/.codex/auth.json`. SAFETY-CRITICAL: this reads three explicit
- * non-secret keys by name (`tokens.account_id`, top-level `auth_mode`,
- * `last_refresh`) and NEVER touches `tokens.access_token` / `tokens.id_token` /
- * `tokens.refresh_token` / a real `OPENAI_API_KEY` — even though the parsed object
- * holds them. Returns null only when the file is entirely missing/unparseable
- * (parsed === null); a present-but-sparse auth.json yields a struct with null
- * fields (each omitted downstream). The non-null fields are pure identity /
- * metadata that codex 0.135 needs to consider the staged creds complete.
- */
-export function extractCodexMetadata(parsed) {
-    if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed))
-        return null;
-    const top = parsed;
-    const tokens = pickObject(parsed, 'tokens');
-    // Strict format guards (codex review, HIGH): account_id flows into the placeholder
-    // JWT payload → the guest BEARER, so a hostile/malformed host auth.json must not be
-    // able to smuggle a token-shaped value through it. Real tokens (JWT/`sk-…`/refresh)
-    // don't match a UUID / a known auth_mode / an ISO-timestamp shape, so on a mismatch
-    // we OMIT the field — codex may then judge creds incomplete (the SAFE failure)
-    // rather than us staging a real-looking value into a bearer/metadata slot.
-    return {
-        accountId: validAccountId(tokens !== null ? pickString(tokens, 'account_id') : null),
-        authMode: validAuthMode(pickString(top, 'auth_mode')),
-        lastRefresh: validLastRefresh(pickString(top, 'last_refresh')),
-    };
-}
-/** A ChatGPT account_id is a UUID; a real token (JWT/`sk-…`/refresh) never matches this. */
-const UUID_RE = /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$/;
-/** codex auth modes are a tiny closed set. */
-const KNOWN_AUTH_MODES = new Set(['chatgpt', 'apikey']);
-/** `last_refresh` is an ISO-8601 timestamp: digits + `-:.TZ+`, bounded length. */
-const ISO_TIMESTAMP_RE = /^[0-9T:.Z+-]{1,40}$/;
-/**
- * SHARED account_id guard (codex review, HIGH). The `account_id` is a non-secret
- * UUID routing identifier; a real token (JWT / `sk-…` / refresh) NEVER matches a
- * UUID. Both account_id flows MUST validate through THIS one definition so a
- * hostile/malformed host `~/.codex/auth.json` cannot smuggle a token-shaped value
- * into either sink:
- *   1. the placeholder JWT's `https://api.openai.com/auth.chatgpt_account_id`
- *      claim — which becomes the guest BEARER (`credential-secrets.ts`
- *      `assemblePlaceholderJwt` imports this); and
- *   2. the staged `~/.codex/auth.json` `tokens.account_id` metadata
- *      (`extractCodexMetadata`, below).
- * On a non-UUID value we return null so the field is OMITTED from BOTH sinks (the
- * JWT stays well-formed; codex may then prompt — the SAFE failure) rather than
- * embed a real-looking value.
- */
-export function validAccountId(v) {
-    return v !== null && UUID_RE.test(v) ? v : null;
-}
-function validAuthMode(v) {
-    return v !== null && KNOWN_AUTH_MODES.has(v) ? v : null;
-}
-function validLastRefresh(v) {
-    return v !== null && ISO_TIMESTAMP_RE.test(v) ? v : null;
-}
-function pickObject(value, key) {
-    if (!value || typeof value !== 'object' || Array.isArray(value))
-        return null;
-    const v = value[key];
-    if (!v || typeof v !== 'object' || Array.isArray(v))
-        return null;
-    return v;
-}
-function pickString(obj, key) {
-    const v = obj[key];
-    return typeof v === 'string' && v.length > 0 ? v : null;
-}
-//# sourceMappingURL=gondolin-creds-staging.js.map

package/dist/agent/gondolin-creds-staging.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"gondolin-creds-staging.js","sourceRoot":"","sources":["../../src/agent/gondolin-creds-staging.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,EAAE;AACF,gFAAgF;AAChF,8EAA8E;AAC9E,gFAAgF;AAChF,0EAA0E;AAC1E,iFAAiF;AACjF,iFAAiF;AACjF,gEAAgE;AAChE,EAAE;AACF,+EAA+E;AAC/E,iFAAiF;AACjF,sEAAsE;AACtE,gFAAgF;AAChF,+EAA+E;AAC/E,+EAA+E;AAC/E,EAAE;AACF,4EAA4E;AAC5E,iFAAiF;AACjF,kFAAkF;AAClF,8EAA8E;AAC9E,iEAAiE;AACjE,kFAAkF;AAClF,oEAAoE;AACpE,wEAAwE;AACxE,EAAE;AACF,6EAA6E;AAC7E,4EAA4E;AAC5E,iFAAiF;AACjF,8CAA8C;AAC9C,EAAE;AACF,iFAAiF;AACjF,iFAAiF;AACjF,mFAAmF;AACnF,8EAA8E;AAC9E,+EAA+E;AAC/E,wEAAwE;AACxE,mFAAmF;AACnF,6EAA6E;AAC7E,gFAAgF;AAChF,0DAA0D;AAC1D,EAAE;AACF,gFAAgF;AAChF,uEAAuE;AACvE,mCAAmC;AACnC,EAAE;AACF,+EAA+E;AAC/E,gFAAgF;AAChF,sDAAsD;AAEtD,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,GAAG,EAAE,MAAM,eAAe,CAAC;AAEpC,OAAO,EAAE,mBAAmB,EAAE,0BAA0B,EAAE,MAAM,eAAe,CAAC;AA2BhF,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E,gFAAgF;AAChF,kFAAkF;AAClF,oDAAoD;AACpD,MAAM,6BAA6B,GAAG,iCAAiC,CAAC;AACxE,MAAM,wBAAwB,GAAG,oBAAoB,CAAC;AACtD,MAAM,qBAAqB,GAAG,wBAAwB,CAAC;AAEvD,MAAM,cAAc,GAAG,KAAK,CAAC;AAE7B,gFAAgF;AAChF,0EAA0E;AAC1E,mFAAmF;AACnF,oFAAoF;AACpF,MAAM,aAAa,GAAG,iBAAiB,CAAC;AAExC,kFAAkF;AAClF,2EAA2E;AAC3E,MAAM,YAAY,GAAG,2CAA2C,CAAC;AAmEjE,8EAA8E;AAC9E,wBAAwB;AACxB,8EAA8E;AAE9E;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,SAAuB,EACvB,KAAyB;IAEzB,MAAM,GAAG,GAAG,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;IACtD,MAAM,OAAO,GAAG,KAAK,CAAC,WAAW,IAAI,0BAA0B,EAAE,CAAC;IAClE,QAAQ,SAAS,EAAE,CAAC;QAClB,KAAK,QAAQ;YACX,OAAO,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAC,KAAK,CAAC,WAAW,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC;QAC5E,KAAK,OAAO;YACV,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC,KAAK,CAAC,WAAW,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC;QAC3E,KAAK,UAAU;YACb,OAAO,EAAE,KAAK,EAAE,kBAAkB,CAAC,KAAK,CAAC,aAAa,IAAI,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;IAC3E,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,gBAAgB,CAC7B,WAAmB,EACnB,OAA4B;IAE5B,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC;QAClC,aAAa,EAAE;YACb,WAAW,EAAE,WAAW;YACxB,YAAY,EAAE,YAAY;YAC1B,SAAS,EAAE,aAAa;SACzB;KACF,CAAC,CAAC;IACH,MAAM,KAAK,GAAoB,CAAC,QAAQ,CAAC,6BAA6B,EAAE,YAAY,CAAC,CAAC,CAAC;IAEvF,MAAM,QAAQ,GAAG,MAAM,sBAAsB,CAAC,OAAO,CAAC,CAAC;IACvD,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC;YACnC,sBAAsB,EAAE,IAAI;YAC5B,YAAY,EAAE,QAAQ;YACtB,QAAQ,EAAE,EAAE;SACb,CAAC,CAAC;QACH,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,wBAAwB,EAAE,aAAa,CAAC,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,KAAK,UAAU,eAAe,CAC5B,WAAmB,EACnB,OAA4B;IAE5B,MAAM,IAAI,GAAG,MAAM,qBAAqB,CAAC,OAAO,CAAC,CAAC;IAClD,qFAAqF;IACrF,kFAAkF;IAClF,iFAAiF;IACjF,iFAAiF;IACjF,2EAA2E;IAC3E,uEAAuE;IACvE,MAAM,SAAS,GAAG,cAAc,CAAC,IAAI,EAAE,SAAS,IAAI,IAAI,CAAC,CAAC;IAC1D,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,EAAE,QAAQ,IAAI,IAAI,CAAC,CAAC;IACvD,MAAM,WAAW,GAAG,gBAAgB,CAAC,IAAI,EAAE,WAAW,IAAI,IAAI,CAAC,CAAC;IAChE,MAAM,MAAM,GAA4B;QACtC,YAAY,EAAE,WAAW;QACzB,QAAQ,EAAE,WAAW;QACrB,aAAa,EAAE,YAAY;QAC3B,GAAG,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACzD,CAAC;IACF,+EAA+E;IAC/E,4EAA4E;IAC5E,gFAAgF;IAChF,gFAAgF;IAChF,MAAM,IAAI,GAA4B;QACpC,cAAc,EAAE,IAAI;QACpB,GAAG,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACrD,MAAM;QACN,GAAG,CAAC,WAAW,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC/D,CAAC;IACF,OAAO,CAAC,QAAQ,CAAC,qBAAqB,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACjE,CAAC;AAED;;;;;GAKG;AACH,SAAS,kBAAkB,CAAC,KAAoB;IAC9C,OAAO,CAAC,QAAQ,CAAC,0BAA0B,EAAE,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AAC5E,CAAC;AAED,8EAA8E;AAC9E,WAAW;AACX,8EAA8E;AAE9E,SAAS,QAAQ,CAAC,SAAiB,EAAE,OAAe;IAClD,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC;AACtD,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,OAA4B;IAChE,IAAI,CAAC;QACH,OAAO,MAAM,OAAO,CAAC,kBAAkB,EAAE,CAAC;IAC5C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,IAAI,CAAC,iEAAiE,EAAE;YAC1E,KAAK,EAAG,GAAa,CAAC,OAAO;SAC9B,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,qBAAqB,CAAC,OAA4B;IAC/D,IAAI,CAAC;QACH,OAAO,MAAM,OAAO,CAAC,iBAAiB,EAAE,CAAC;IAC3C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,IAAI,CAAC,gEAAgE,EAAE;YACzE,KAAK,EAAG,GAAa,CAAC,OAAO;SAC9B,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,oFAAoF;AACpF,8EAA8E;AAE9E;;;;;;;GAOG;AACH,MAAM,UAAU,0BAA0B;IACxC,MAAM,aAAa,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC;IACzF,OAAO;QACL,kBAAkB,EAAE,KAAK,IAAI,EAAE,CAC7B,qBAAqB,CAAC,MAAM,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,cAAc,CAAC,CAAC,CAAC;QACpF,kBAAkB,EAAE,KAAK,IAAI,EAAE,CAAC,qBAAqB,CAAC,MAAM,aAAa,EAAE,CAAC;QAC5E,iBAAiB,EAAE,KAAK,IAAI,EAAE,CAAC,oBAAoB,CAAC,MAAM,aAAa,EAAE,CAAC;KAC3E,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,CAAS;IACnC,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;IACtD,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,qBAAqB,CAAC,MAAe;IACnD,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAChD,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAC/B,MAAM,WAAW,GAAG,UAAU,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;IACpD,MAAM,gBAAgB,GAAG,UAAU,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;IAC9D,IAAI,WAAW,KAAK,IAAI,IAAI,gBAAgB,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACnE,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAE,CAAC;AAC3C,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,qBAAqB,CAAC,MAAe;IACnD,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC5C,IAAI,MAAM,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACjC,OAAO,cAAc,CAAC,UAAU,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC;AAC1D,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAAe;IAClD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAChF,MAAM,GAAG,GAAG,MAAiC,CAAC;IAC9C,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC5C,mFAAmF;IACnF,oFAAoF;IACpF,oFAAoF;IACpF,oFAAoF;IACpF,+EAA+E;IAC/E,2EAA2E;IAC3E,OAAO;QACL,SAAS,EAAE,cAAc,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACpF,QAAQ,EAAE,aAAa,CAAC,UAAU,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QACrD,WAAW,EAAE,gBAAgB,CAAC,UAAU,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;KAC/D,CAAC;AACJ,CAAC;AAED,4FAA4F;AAC5F,MAAM,OAAO,GAAG,+EAA+E,CAAC;AAChG,8CAA8C;AAC9C,MAAM,gBAAgB,GAAwB,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC;AAC7E,kFAAkF;AAClF,MAAM,gBAAgB,GAAG,qBAAqB,CAAC;AAE/C;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,cAAc,CAAC,CAAgB;IAC7C,OAAO,CAAC,KAAK,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAClD,CAAC;AACD,SAAS,aAAa,CAAC,CAAgB;IACrC,OAAO,CAAC,KAAK,IAAI,IAAI,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC1D,CAAC;AACD,SAAS,gBAAgB,CAAC,CAAgB;IACxC,OAAO,CAAC,KAAK,IAAI,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC3D,CAAC;AAED,SAAS,UAAU,CAAC,KAAc,EAAE,GAAW;IAC7C,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7E,MAAM,CAAC,GAAI,KAAiC,CAAC,GAAG,CAAC,CAAC;IAClD,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACjE,OAAO,CAA4B,CAAC;AACtC,CAAC;AAED,SAAS,UAAU,CAAC,GAA4B,EAAE,GAAW;IAC3D,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IACnB,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC1D,CAAC"}