spawnfile 0.1.0 → 0.1.2

package/dist/runtime/openclaw/moltnet.js

@@ -0,0 +1,124 @@
+const MOLTNET_OPTION_KEYS = new Set([
+    "base_url",
+    "enabled",
+    "network_id",
+    "timeout_ms",
+    "token",
+    "token_secret"
+]);
+const parseMoltnetOptions = (options) => {
+    const raw = options.moltnet;
+    if (raw === undefined) {
+        return { errors: [] };
+    }
+    if (!raw || typeof raw !== "object" || Array.isArray(raw)) {
+        return {
+            errors: [
+                "OpenClaw runtime option moltnet must be an object with enabled/base_url/network_id/timeout_ms/token/token_secret"
+            ]
+        };
+    }
+    const value = raw;
+    const errors = [];
+    for (const key of Object.keys(value)) {
+        if (!MOLTNET_OPTION_KEYS.has(key)) {
+            errors.push(`OpenClaw runtime option moltnet.${key} is unsupported`);
+        }
+    }
+    const parsed = {};
+    if ("enabled" in value) {
+        if (typeof value.enabled !== "boolean") {
+            errors.push("OpenClaw runtime option moltnet.enabled must be a boolean");
+        }
+        else {
+            parsed.enabled = value.enabled;
+        }
+    }
+    if ("base_url" in value) {
+        if (typeof value.base_url !== "string" || value.base_url.trim().length === 0) {
+            errors.push("OpenClaw runtime option moltnet.base_url must be a non-empty string");
+        }
+        else {
+            try {
+                const url = new URL(value.base_url);
+                if (url.protocol !== "http:" && url.protocol !== "https:") {
+                    errors.push("OpenClaw runtime option moltnet.base_url must use http or https");
+                }
+                else {
+                    parsed.baseUrl = value.base_url.trim().replace(/\/+$/, "");
+                }
+            }
+            catch {
+                errors.push("OpenClaw runtime option moltnet.base_url must be a valid URL");
+            }
+        }
+    }
+    if ("network_id" in value) {
+        if (typeof value.network_id !== "string" || value.network_id.trim().length === 0) {
+            errors.push("OpenClaw runtime option moltnet.network_id must be a non-empty string");
+        }
+        else {
+            parsed.networkId = value.network_id.trim();
+        }
+    }
+    if ("timeout_ms" in value) {
+        if (typeof value.timeout_ms !== "number" ||
+            !Number.isInteger(value.timeout_ms) ||
+            value.timeout_ms <= 0) {
+            errors.push("OpenClaw runtime option moltnet.timeout_ms must be a positive integer");
+        }
+        else {
+            parsed.timeoutMs = value.timeout_ms;
+        }
+    }
+    if ("token" in value) {
+        if (typeof value.token !== "string" || value.token.trim().length === 0) {
+            errors.push("OpenClaw runtime option moltnet.token must be a non-empty string");
+        }
+        else {
+            parsed.token = value.token.trim();
+        }
+    }
+    if ("token_secret" in value) {
+        if (typeof value.token_secret !== "string" || value.token_secret.trim().length === 0) {
+            errors.push("OpenClaw runtime option moltnet.token_secret must be a non-empty string");
+        }
+        else {
+            parsed.tokenSecret = value.token_secret.trim();
+        }
+    }
+    if (parsed.enabled === true && !parsed.baseUrl) {
+        errors.push("OpenClaw runtime option moltnet.base_url is required when moltnet.enabled=true");
+    }
+    if (parsed.token && parsed.tokenSecret) {
+        errors.push("OpenClaw runtime option moltnet must not declare both token and token_secret");
+    }
+    return errors.length > 0 ? { errors } : { errors, value: parsed };
+};
+export const validateOpenClawMoltnetRuntimeOptions = (options) => parseMoltnetOptions(options).errors;
+export const buildOpenClawMoltnetConfig = (options) => {
+    const parsed = parseMoltnetOptions(options);
+    if (parsed.errors.length > 0 || !parsed.value) {
+        return undefined;
+    }
+    const config = {
+        ...(parsed.value.enabled !== undefined ? { enabled: parsed.value.enabled } : {}),
+        ...(parsed.value.baseUrl ? { baseUrl: parsed.value.baseUrl } : {}),
+        ...(parsed.value.networkId ? { networkId: parsed.value.networkId } : {}),
+        ...(parsed.value.timeoutMs !== undefined ? { timeoutMs: parsed.value.timeoutMs } : {}),
+        ...(parsed.value.token ? { token: parsed.value.token } : {})
+    };
+    return Object.keys(config).length > 0 ? config : undefined;
+};
+export const buildOpenClawMoltnetEnvBindings = (options) => {
+    const parsed = parseMoltnetOptions(options);
+    if (parsed.errors.length > 0 || !parsed.value?.tokenSecret) {
+        return undefined;
+    }
+    return [
+        {
+            envName: parsed.value.tokenSecret,
+            jsonPath: "moltnet.token"
+        }
+    ];
+};

package/dist/runtime/openclaw/surfaces.js

@@ -246,6 +246,9 @@ export const buildOpenClawSurfaceEnvBindings = (surfaces) => {
     return bindings.length > 0 ? bindings : undefined;
 };
 export const assertSupportedOpenClawSurfaces = (surfaces) => {
+    if (surfaces?.http) {
+        throw new SpawnfileError("validation_error", "OpenClaw does not support portable HTTP surfaces in Spawnfile v0.1");
+    }
     const discordAccess = surfaces?.discord?.access;
     if (discordAccess && discordAccess.mode === "allowlist" && discordAccess.channels.length > 0 && discordAccess.guilds.length !== 1) {
         throw new SpawnfileError("validation_error", "OpenClaw Discord channel allowlists require exactly one guild id");

package/dist/runtime/picoclaw/adapter.js

@@ -4,6 +4,7 @@ import { createAgentCapabilities, createDiagnostic, createDocumentFiles, createS
 import { preparePicoClawRuntimeAuth } from "./runAuth.js";
 import { createPicoClawAgentScaffold } from "./scaffold.js";
 import { assertSupportedPicoClawSurfaces, buildPicoClawChannelConfig, buildPicoClawSurfaceEnvBindings } from "./surfaces.js";
+import { PICOCLAW_GATEWAY_BASE_PORT, PICOCLAW_INTERNAL_PICO_TOKEN } from "./pico.js";
 const formatModelName = (node) => {
     const primary = node.execution?.model?.primary;
     if (!primary)
@@ -79,6 +80,21 @@ const buildMcpServers = (servers) => {
     }
     return result;
 };
+const buildPicoClawToolsConfig = (node) => {
+    const tools = {};
+    if (node.surfaces?.moltnet) {
+        tools.exec = {
+            enabled: true
+        };
+    }
+    if (node.mcpServers.length > 0) {
+        tools.mcp = {
+            enabled: true,
+            servers: buildMcpServers(node.mcpServers)
+        };
+    }
+    return Object.keys(tools).length > 0 ? tools : undefined;
+};
 const buildPicoClawConfig = (node) => {
     const modelName = formatModelName(node);
     const restrictToWorkspace = node.runtime.options.restrict_to_workspace ?? true;
@@ -98,13 +114,9 @@ const buildPicoClawConfig = (node) => {
     if (Object.keys(channels).length > 0) {
         config.channels = channels;
     }
-    if (node.mcpServers.length > 0) {
-        config.tools = {
-            mcp: {
-                enabled: true,
-                servers: buildMcpServers(node.mcpServers)
-            }
-        };
+    const tools = buildPicoClawToolsConfig(node);
+    if (tools) {
+        config.tools = tools;
     }
     return `${JSON.stringify(config, null, 2)}\n`;
 };
@@ -163,15 +175,22 @@ export const picoClawAdapter = {
             homePathTemplate: "<instance-root>/picoclaw",
             workspacePathTemplate: "<instance-root>/picoclaw/workspace"
         },
-        port: 18790,
+        port: PICOCLAW_GATEWAY_BASE_PORT,
         portEnv: "PICOCLAW_GATEWAY_PORT",
         standaloneBaseImage: "debian:bookworm-slim",
         startCommand: ["picoclaw", "gateway", "--allow-empty"],
         staticEnv: {
+            PICOCLAW_CHANNELS_PICO_TOKEN: PICOCLAW_INTERNAL_PICO_TOKEN,
             PICOCLAW_GATEWAY_HOST: "0.0.0.0"
         },
         systemDeps: ["bash", "ca-certificates", "curl", "nodejs", "npm", "tar"]
     },
+    systemInstructionSurface: {
+        placement: "append_pointer",
+        resolvePath() {
+            return "workspace/AGENTS.md";
+        }
+    },
     async compileAgent(node) {
         return {
             capabilities: createAgentCapabilities(node),

package/dist/runtime/picoclaw/pico.d.ts

@@ -0,0 +1,2 @@
+export declare const PICOCLAW_GATEWAY_BASE_PORT = 18990;
+export declare const PICOCLAW_INTERNAL_PICO_TOKEN = "spawnfile-internal-pico";

package/dist/runtime/picoclaw/pico.js

@@ -0,0 +1,2 @@
+export const PICOCLAW_GATEWAY_BASE_PORT = 18990;
+export const PICOCLAW_INTERNAL_PICO_TOKEN = "spawnfile-internal-pico";

package/dist/runtime/picoclaw/surfaces.js

@@ -1,4 +1,5 @@
 import { SpawnfileError } from "../../shared/index.js";
+import { PICOCLAW_INTERNAL_PICO_TOKEN } from "./pico.js";
 export const buildPicoClawChannelConfig = (surfaces) => {
     if (!surfaces) {
         return {};
@@ -41,6 +42,13 @@ export const buildPicoClawChannelConfig = (surfaces) => {
             }
         };
     }
+    if (surfaces.moltnet) {
+        channels.pico = {
+            allow_token_query: true,
+            enabled: true,
+            token: PICOCLAW_INTERNAL_PICO_TOKEN
+        };
+    }
     return channels;
 };
 export const buildPicoClawSurfaceEnvBindings = (surfaces) => {
@@ -72,6 +80,9 @@ export const buildPicoClawSurfaceEnvBindings = (surfaces) => {
     return bindings.length > 0 ? bindings : undefined;
 };
 export const assertSupportedPicoClawSurfaces = (surfaces) => {
+    if (surfaces?.http) {
+        throw new SpawnfileError("validation_error", "PicoClaw does not support portable HTTP surfaces in Spawnfile v0.1");
+    }
     const discordAccess = surfaces?.discord?.access;
     if (discordAccess) {
         if (discordAccess.mode === "pairing") {

package/dist/runtime/tinyclaw/adapter.js

@@ -5,6 +5,7 @@ import { prepareTinyClawRuntimeAuth } from "./runAuth.js";
 import { createTinyClawAgentScaffold } from "./scaffold.js";
 import { assertSupportedTinyClawSurfaces, buildTinyClawChannels, resolveTinyClawSurfaceTokenBindings } from "./surfaces.js";
 const WORKSPACE_PLACEHOLDER = "<workspace-path>";
+const SUPPORTED_TINYCLAW_OPENAI_MODEL_PREFIXES = ["gpt-5"];
 const TINYCLAW_START_SCRIPT = `
 set -euo pipefail
 PIDS=()
@@ -55,6 +56,7 @@ for pid in "\${PIDS[@]}"; do
 done
 exit "$status"
 `.trim();
+const isSupportedTinyClawOpenAiModel = (modelName) => SUPPORTED_TINYCLAW_OPENAI_MODEL_PREFIXES.some((prefix) => modelName.startsWith(prefix));
 const buildTinyClawSettings = (node) => {
     const [primary] = listEffectiveExecutionModelTargets(node.execution);
     const agentEntry = {
@@ -168,12 +170,15 @@ export const tinyClawAdapter = {
             throw new SpawnfileError("validation_error", "TinyClaw custom or local endpoints are not supported in Spawnfile v0.1");
         }
         if (target.provider === "anthropic") {
-            if (target.auth.method === "claude-code") {
+            if (target.auth.method === "claude-code" || target.auth.method === "api_key") {
                 return;
             }
         }
         else if (target.provider === "openai") {
-            if (target.auth.method === "codex") {
+            if (!isSupportedTinyClawOpenAiModel(target.name)) {
+                throw new SpawnfileError("validation_error", `TinyClaw OpenAI models must use the runtime's Codex/GPT-5 path; received ${target.name}`);
+            }
+            if (target.auth.method === "codex" || target.auth.method === "api_key") {
                 return;
             }
         }
@@ -190,11 +195,11 @@ export const tinyClawAdapter = {
         configEnvBindings: [
             {
                 envName: "ANTHROPIC_API_KEY",
-                jsonPath: "models.anthropic.auth_token"
+                jsonPath: "models.anthropic.api_key"
             },
             {
                 envName: "OPENAI_API_KEY",
-                jsonPath: "models.openai.auth_token"
+                jsonPath: "models.openai.api_key"
             }
         ],
         homeEnv: "TINYAGI_HOME",
@@ -210,6 +215,12 @@ export const tinyClawAdapter = {
         startCommand: ["bash", "-lc", TINYCLAW_START_SCRIPT],
         systemDeps: ["bash", "ca-certificates", "curl", "g++", "make", "python3", "tar"]
     },
+    systemInstructionSurface: {
+        placement: "append_pointer",
+        resolvePath({ node }) {
+            return `workspace/${node.name}/AGENTS.md`;
+        }
+    },
     async compileAgent(node) {
         return {
             capabilities: createAgentCapabilities(node, {
@@ -234,17 +245,20 @@ export const tinyClawAdapter = {
         const agentIds = node.members
             .filter((member) => member.kind === "agent")
             .map((member) => member.id);
+        const leadAgent = node.lead
+            ? node.members.find((member) => member.id === node.lead && member.kind === "agent")
+            : null;
         const teamConfig = {
             name: node.name,
             agents: agentIds,
-            leader_agent: node.structure.leader ?? agentIds[0] ?? "leader"
+            ...(leadAgent ? { leader_agent: leadAgent.id } : {})
         };
         return {
             capabilities: [
                 createCapability("team.members", "supported"),
-                createCapability("team.structure.mode", node.structure.mode === "hierarchical" ? "supported" : "degraded", "TinyClaw only supports leader-led teams"),
-                createCapability("team.structure.leader", node.structure.leader ? "supported" : "degraded", "TinyClaw requires a leader_agent"),
-                createCapability("team.structure.external", "degraded", "TinyClaw does not enforce external boundary"),
+                createCapability("team.mode", node.mode === "hierarchical" ? "supported" : "degraded", "TinyClaw only supports leader-led teams"),
+                createCapability("team.lead", leadAgent ? "supported" : "degraded", leadAgent ? "" : "TinyClaw requires a concrete leader_agent"),
+                createCapability("team.external", "degraded", "TinyClaw does not enforce external boundary"),
                 createCapability("team.shared", "supported"),
                 createCapability("team.nested", "degraded", "TinyClaw nested teams flatten in v0.1")
             ],

package/dist/runtime/tinyclaw/runAuth.js

@@ -1,4 +1,20 @@
+import path from "node:path";
 import { loadImportedClaudeCodeCredential, loadImportedCodexCredential } from "../../auth/index.js";
+import { ensureDirectory, readUtf8File, writeUtf8File } from "../../filesystem/index.js";
+const resolveRootfsSourcePath = (outputDirectory, containerPath) => path.join(outputDirectory, "container", "rootfs", ...path.posix.relative("/", containerPath).split("/"));
+const createMountArgs = (hostPath, containerPath) => [
+    "-v",
+    `${hostPath}:${containerPath}`
+];
+const writeRuntimeAuthFile = async (input, relativePath, content) => {
+    const hostPath = path.join(input.tempRoot, "runtime-auth", "tinyclaw", input.instance.id, ...relativePath.split("/"));
+    await ensureDirectory(path.dirname(hostPath));
+    await writeUtf8File(hostPath, content);
+    return hostPath;
+};
+const writePatchedSettings = async (input, config) => {
+    return writeRuntimeAuthFile(input, "settings.json", `${JSON.stringify(config, null, 2)}\n`);
+};
 export const prepareTinyClawRuntimeAuth = async (input) => {
     const coveredModelSecrets = [];
     const claudeCode = input.authProfile.imports["claude-code"]
@@ -15,8 +31,19 @@ export const prepareTinyClawRuntimeAuth = async (input) => {
         codex) {
         coveredModelSecrets.push("OPENAI_API_KEY");
     }
+    const sourceConfig = JSON.parse(await readUtf8File(resolveRootfsSourcePath(input.outputDirectory, input.instance.config_path)));
+    const patchedConfigPath = await writePatchedSettings(input, sourceConfig);
+    const mountArgs = createMountArgs(patchedConfigPath, input.instance.config_path);
+    if (input.instance.home_path && input.instance.model_auth_methods.anthropic === "claude-code" && claudeCode) {
+        const mountedClaudePath = await writeRuntimeAuthFile(input, ".claude/.credentials.json", await readUtf8File(path.join(input.authProfile.imports["claude-code"].path, ".credentials.json")));
+        mountArgs.push(...createMountArgs(mountedClaudePath, path.posix.join(input.instance.home_path, ".claude", ".credentials.json")));
+    }
+    if (input.instance.home_path && input.instance.model_auth_methods.openai === "codex" && codex) {
+        const mountedAuthPath = await writeRuntimeAuthFile(input, ".codex/auth.json", await readUtf8File(path.join(input.authProfile.imports.codex.path, "auth.json")));
+        mountArgs.push(...createMountArgs(mountedAuthPath, path.posix.join(input.instance.home_path, ".codex", "auth.json")));
+    }
     return {
         coveredModelSecrets,
-        mountArgs: []
+        mountArgs
     };
 };

package/dist/runtime/tinyclaw/surfaces.js

@@ -1,3 +1,4 @@
+import { listInteractiveSurfaceScopes } from "../../compiler/interactiveSurfaceScopes.js";
 import { SpawnfileError } from "../../shared/index.js";
 export const buildTinyClawChannels = (surfaces) => {
     const enabled = [];
@@ -51,6 +52,9 @@ export const resolveTinyClawSurfaceTokenBindings = (inputs) => {
     return bindings.length > 0 ? bindings : undefined;
 };
 export const assertSupportedTinyClawSurfaces = (surfaces) => {
+    if (surfaces?.http) {
+        throw new SpawnfileError("validation_error", "TinyClaw does not support portable HTTP surfaces in Spawnfile v0.1");
+    }
     const discordAccess = surfaces?.discord?.access;
     if (discordAccess) {
         if (discordAccess.mode !== "pairing") {
@@ -83,4 +87,8 @@ export const assertSupportedTinyClawSurfaces = (surfaces) => {
     if (surfaces?.slack) {
         throw new SpawnfileError("validation_error", "TinyClaw does not support Slack in Spawnfile v0.1");
     }
+    const interactiveScopes = listInteractiveSurfaceScopes(surfaces);
+    if (interactiveScopes.length > 1) {
+        throw new SpawnfileError("validation_error", `TinyClaw preserves only one interactive conversation scope in Spawnfile v0.1; declared ${interactiveScopes.join(", ")}`);
+    }
 };

package/dist/runtime/types.d.ts

@@ -5,6 +5,7 @@ import type { CapabilityReport, DiagnosticReport } from "../report/index.js";
 import type { ContainerRuntimeInstanceReport } from "../report/index.js";
 export interface EmittedFile {
     content: string;
+    mode?: number;
     path: string;
 }
 export interface RuntimeAgentScaffold {
@@ -51,6 +52,7 @@ export interface RuntimeContainerMeta {
     instancePaths: RuntimeContainerInstancePaths;
     globalNpmPackages?: string[];
     port?: number;
+    portStride?: number;
     portEnv?: string;
     standaloneBaseImage: string;
     startCommand: string[];
@@ -68,6 +70,14 @@ export interface RuntimeAuthPreparationResult {
     coveredModelSecrets: string[];
     mountArgs: string[];
 }
+export interface RuntimeSystemInstructionSurfaceInput {
+    node: ResolvedAgentNode;
+}
+export type RuntimeSystemInstructionPlacement = "append_pointer" | "append_inline" | "replace_generated_block";
+export interface RuntimeSystemInstructionSurface {
+    placement: RuntimeSystemInstructionPlacement;
+    resolvePath(input: RuntimeSystemInstructionSurfaceInput): string;
+}
 export interface AdapterCompileResult {
     capabilities: CapabilityReport[];
     diagnostics: DiagnosticReport[];
@@ -83,5 +93,6 @@ export interface RuntimeAdapter {
     name: string;
     prepareRuntimeAuth?(input: RuntimeAuthPreparationInput): Promise<RuntimeAuthPreparationResult>;
     scaffoldAgentProject?(): RuntimeAgentScaffold;
+    systemInstructionSurface?: RuntimeSystemInstructionSurface;
     validateRuntimeOptions?(options: Record<string, unknown>): DiagnosticReport[];
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "spawnfile",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "Canonical source compiler for autonomous agents and teams.",
   "license": "MIT",
   "type": "module",
@@ -16,13 +16,19 @@
   },
   "scripts": {
     "blueprints": "./scripts/blueprints.sh",
-    "build": "tsc --project tsconfig.build.json && node ./scripts/copy-runtime-scaffold-assets.mjs",
+    "build": "rm -rf dist && tsc --project tsconfig.build.json && node ./scripts/copy-runtime-scaffold-assets.mjs",
     "clean": "rm -rf coverage dist",
     "coverage": "vitest run --coverage",
     "dev": "tsx src/cli/index.ts",
+    "prepack": "npm run build",
+    "prepublishOnly": "npm run typecheck && npm test",
+    "release:patch": "npm version patch && npm publish",
+    "release:minor": "npm version minor && npm publish",
+    "release:major": "npm version major && npm publish",
     "runtimes": "./scripts/runtimes.sh",
     "runtimes:sync": "./scripts/runtimes.sh && ./scripts/blueprints.sh",
     "test:e2e:docker-auth": "tsx src/e2e/cli.ts",
+    "test:e2e:moltnet-team-chat": "tsx src/e2e/cli.ts moltnet-team-chat",
     "test": "vitest run",
     "typecheck": "tsc --project tsconfig.json --noEmit"
   },
@@ -37,5 +43,6 @@
     "tsx": "^4.20.6",
     "typescript": "^5.9.3",
     "vitest": "^3.2.4"
-  }
+  },
+  "packageManager": "pnpm@10.32.1+sha512.a706938f0e89ac1456b6563eab4edf1d1faf3368d1191fc5c59790e96dc918e4456ab2e67d613de1043d2e8c81f87303e6b40d4ffeca9df15ef1ad567348f2be"
 }

package/runtimes.yaml

@@ -26,12 +26,12 @@ runtimes:
 
   picoclaw:
     remote: git@github.com:sipeed/picoclaw.git
-    ref: v0.2.3
+    ref: v0.2.5
     default_branch: main
     install:
       kind: github_release_archive
       repository: sipeed/picoclaw
-      tag: v0.2.3
+      tag: v0.2.5
       binary: picoclaw
       assets:
         linux_amd64: picoclaw_Linux_x86_64.tar.gz
@@ -40,12 +40,12 @@ runtimes:
 
   tinyclaw:
     remote: git@github.com:TinyAGI/tinyclaw.git
-    ref: v0.0.15
+    ref: v0.0.20
     default_branch: main
     install:
       kind: github_release_bundle
       repository: TinyAGI/tinyagi
-      tag: v0.0.15
+      tag: v0.0.20
       asset: tinyagi-bundle.tar.gz
     status: active
 

package/dist/.env.example

@@ -1,5 +0,0 @@
-# Generated by spawnfile compile
-
-# Required
-# Model provider auth for ANTHROPIC_API_KEY
-ANTHROPIC_API_KEY=

package/dist/Dockerfile

@@ -1,21 +0,0 @@
-FROM debian:bookworm-slim
-USER root
-
-WORKDIR /opt/spawnfile
-RUN apt-get update && apt-get install -y --no-install-recommends bash ca-certificates curl nodejs npm tar && rm -rf /var/lib/apt/lists/*
-
-RUN npm install -g --omit=dev --no-fund --no-audit @anthropic-ai/claude-code @openai/codex
-
-RUN mkdir -p /opt/spawnfile/runtime-installs/picoclaw/bin
-RUN arch="$(dpkg --print-architecture)" && case "$arch" in amd64) asset="picoclaw_Linux_x86_64.tar.gz" ;; arm64) asset="picoclaw_Linux_arm64.tar.gz" ;; *) echo "Unsupported PicoClaw release architecture: $arch" >&2; exit 1 ;; esac && url="https://github.com/sipeed/picoclaw/releases/download/v0.2.3/$asset" && curl -fsSL -o /tmp/picoclaw.tar.gz "$url" && rm -rf /tmp/picoclaw-extract && mkdir -p /tmp/picoclaw-extract && tar -xzf /tmp/picoclaw.tar.gz -C /tmp/picoclaw-extract && binary_path="$(find /tmp/picoclaw-extract -type f -name "picoclaw" | head -n 1)" && [ -n "$binary_path" ] && install -m 0755 "$binary_path" /opt/spawnfile/runtime-installs/picoclaw/bin/picoclaw && ln -sf /opt/spawnfile/runtime-installs/picoclaw/bin/picoclaw /usr/local/bin/picoclaw && rm -rf /tmp/picoclaw.tar.gz /tmp/picoclaw-extract
-
-RUN if ! id -u spawnfile >/dev/null 2>&1; then useradd --create-home --home-dir /home/spawnfile --shell /bin/bash spawnfile; fi
-
-COPY container/rootfs/ /
-COPY .env.example /opt/spawnfile/.env.example
-COPY entrypoint.sh /opt/spawnfile/entrypoint.sh
-RUN chmod +x /opt/spawnfile/entrypoint.sh
-RUN mkdir -p /var/lib/spawnfile && chown -R spawnfile:spawnfile /var/lib/spawnfile /opt/spawnfile
-EXPOSE 18790
-USER spawnfile
-ENTRYPOINT ["/opt/spawnfile/entrypoint.sh"]

package/dist/compiler/discordSurface.d.ts

@@ -1,4 +0,0 @@
-import { SurfacesBlock } from "../manifest/index.js";
-import type { ResolvedAgentSurfaces } from "./types.js";
-export declare const resolveAgentSurfaces: (surfaces: SurfacesBlock | undefined) => ResolvedAgentSurfaces | undefined;
-export declare const listAgentSurfaceSecretNames: (surfaces: ResolvedAgentSurfaces | undefined) => string[];

package/dist/compiler/discordSurface.js

@@ -1,28 +0,0 @@
-import { DEFAULT_DISCORD_BOT_TOKEN_SECRET } from "../shared/index.js";
-export const resolveAgentSurfaces = (surfaces) => {
-    if (!surfaces?.discord) {
-        return undefined;
-    }
-    return {
-        discord: {
-            ...(surfaces.discord.access
-                ? {
-                    access: {
-                        channels: [...(surfaces.discord.access.channels ?? [])],
-                        guilds: [...(surfaces.discord.access.guilds ?? [])],
-                        mode: surfaces.discord.access.mode ??
-                            "allowlist",
-                        users: [...(surfaces.discord.access.users ?? [])]
-                    }
-                }
-                : {}),
-            botTokenSecret: surfaces.discord.bot_token_secret ?? DEFAULT_DISCORD_BOT_TOKEN_SECRET
-        }
-    };
-};
-export const listAgentSurfaceSecretNames = (surfaces) => {
-    if (!surfaces?.discord) {
-        return [];
-    }
-    return [surfaces.discord.botTokenSecret];
-};

package/dist/container/rootfs/var/lib/spawnfile/instances/picoclaw/agent-assistant/picoclaw/config.json

@@ -1,16 +0,0 @@
-{
-  "agents": {
-    "defaults": {
-      "workspace": "/var/lib/spawnfile/instances/picoclaw/agent-assistant/picoclaw/workspace",
-      "restrict_to_workspace": true,
-      "model_name": "claude-sonnet-4.6"
-    }
-  },
-  "model_list": [
-    {
-      "api_key": "file://secrets/ANTHROPIC_API_KEY",
-      "model_name": "claude-sonnet-4.6",
-      "model": "anthropic/claude-sonnet-4.6"
-    }
-  ]
-}

package/dist/container/rootfs/var/lib/spawnfile/instances/picoclaw/agent-assistant/picoclaw/workspace/AGENTS.md

@@ -1 +0,0 @@
-You are a concise assistant. Reply with exactly the requested token and nothing else.

package/dist/e2e/cli.js

@@ -1,40 +0,0 @@
-import { Command } from "commander";
-import { isSpawnfileError } from "../shared/index.js";
-import { runDockerAuthE2E } from "./dockerAuth.js";
-const collect = (value, previous) => [...previous, value];
-const main = async () => {
-    const program = new Command();
-    program
-        .name("spawnfile-e2e")
-        .description("Run opt-in Docker auth E2E scenarios against real runtime images")
-        .option("--scenario <id>", "Scenario id to run", collect, [])
-        .option("--runtime <runtime>", "Runtime filter", collect, [])
-        .option("--auth <method>", "Auth method filter", collect, [])
-        .option("--env-file <path>", "Env file for api_key scenarios")
-        .option("--claude-from <directory>", "Claude Code config directory override")
-        .option("--codex-from <directory>", "Codex config directory override")
-        .option("--keep-artifacts", "Keep temporary projects and compile output")
-        .option("--keep-images", "Keep built Docker images after each scenario");
-    await program.parseAsync(process.argv);
-    const options = program.opts();
-    const result = await runDockerAuthE2E({
-        authMethods: options.auth,
-        claudeCodeDirectory: options.claudeFrom,
-        codexDirectory: options.codexFrom,
-        envFilePath: options.envFile,
-        keepArtifacts: options.keepArtifacts,
-        keepImages: options.keepImages,
-        runtimes: options.runtime,
-        scenarioIds: options.scenario
-    });
-    console.log(`Docker auth E2E passed (${result.results.length} scenarios)`);
-};
-main().catch((error) => {
-    const message = isSpawnfileError(error)
-        ? `${error.code}: ${error.message}`
-        : error instanceof Error
-            ? error.message
-            : String(error);
-    process.stderr.write(`${message}\n`);
-    process.exitCode = 1;
-});

package/dist/e2e/dockerAuth.d.ts

@@ -1,18 +0,0 @@
-import type { DockerAuthE2EFilters, DockerAuthE2EScenarioResult } from "./types.js";
-export interface DockerAuthE2ELogger {
-    error(message: string): void;
-    info(message: string): void;
-}
-export interface RunDockerAuthE2EOptions extends DockerAuthE2EFilters {
-    claudeCodeDirectory?: string;
-    codexDirectory?: string;
-    dockerCommand?: string;
-    envFilePath?: string;
-    keepArtifacts?: boolean;
-    keepImages?: boolean;
-    logger?: DockerAuthE2ELogger;
-}
-export interface RunDockerAuthE2EResult {
-    results: DockerAuthE2EScenarioResult[];
-}
-export declare const runDockerAuthE2E: (options?: RunDockerAuthE2EOptions) => Promise<RunDockerAuthE2EResult>;