sylas-edge-worker 0.2.21

package/dist/UserAccessControl.d.ts

@@ -0,0 +1,69 @@
+import type { UserAccessControlConfig } from "sylas-core";
+/**
+ * Result of an access check operation.
+ */
+export type AccessCheckResult = {
+    allowed: true;
+} | {
+    allowed: false;
+    reason: string;
+};
+/**
+ * Default message shown when a user is blocked and blockBehavior is 'comment'.
+ * Supports template variables:
+ * - {{userName}} - The user's display name
+ * - {{userId}} - The user's Linear ID
+ */
+export declare const DEFAULT_BLOCK_MESSAGE = "{{userName}}, you are not authorized to delegate issues to this agent.";
+/**
+ * User access control manager for Linear user whitelisting/blacklisting.
+ *
+ * Access Check Logic:
+ * 1. Build effective blocklist: global blockedUsers + repo blockedUsers (union)
+ * 2. Check if user matches any entry in effective blocklist -> BLOCKED
+ * 3. Determine effective allowlist:
+ *    - If repo has allowedUsers -> use repo allowlist only
+ *    - Else if global has allowedUsers -> use global allowlist
+ *    - Else -> no allowlist (everyone allowed)
+ * 4. If effective allowlist exists and user NOT in it -> BLOCKED
+ * 5. Otherwise -> ALLOWED
+ */
+export declare class UserAccessControl {
+    private globalConfig;
+    private repoConfigs;
+    /**
+     * Creates a new UserAccessControl instance.
+     * @param globalConfig - Global access control configuration
+     * @param repoConfigs - Map of repository ID to repository-specific access control config
+     */
+    constructor(globalConfig: UserAccessControlConfig | undefined, repoConfigs: Map<string, UserAccessControlConfig | undefined>);
+    /**
+     * Check if a user is allowed to delegate issues to a specific repository.
+     * @param userId - The user's Linear ID
+     * @param userEmail - The user's email address
+     * @param repositoryId - The target repository ID
+     * @returns AccessCheckResult indicating if access is allowed
+     */
+    checkAccess(userId: string | undefined, userEmail: string | undefined, repositoryId: string): AccessCheckResult;
+    /**
+     * Get the effective block behavior for a repository.
+     * Repo config overrides global config.
+     * @param repositoryId - The repository ID
+     * @returns 'silent' or 'comment'
+     */
+    getBlockBehavior(repositoryId: string): "silent" | "comment";
+    /**
+     * Get the effective block message for a repository.
+     * Repo config overrides global config.
+     * @param repositoryId - The repository ID
+     * @returns The block message to display
+     */
+    getBlockMessage(repositoryId: string): string;
+    /**
+     * Check if any access control is configured (either globally or for any repository).
+     * Useful for short-circuiting when no access control is needed.
+     * @returns true if any access control configuration exists
+     */
+    hasAnyConfiguration(): boolean;
+}
+//# sourceMappingURL=UserAccessControl.d.ts.map

package/dist/UserAccessControl.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"UserAccessControl.d.ts","sourceRoot":"","sources":["../src/UserAccessControl.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,uBAAuB,EAAkB,MAAM,YAAY,CAAC;AAE1E;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAC1B;IAAE,OAAO,EAAE,IAAI,CAAA;CAAE,GACjB;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAEtC;;;;;GAKG;AACH,eAAO,MAAM,qBAAqB,2EACuC,CAAC;AA6C1E;;;;;;;;;;;;GAYG;AACH,qBAAa,iBAAiB;IAC7B,OAAO,CAAC,YAAY,CAAsC;IAC1D,OAAO,CAAC,WAAW,CAAmD;IAEtE;;;;OAIG;gBAEF,YAAY,EAAE,uBAAuB,GAAG,SAAS,EACjD,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,uBAAuB,GAAG,SAAS,CAAC;IAM9D;;;;;;OAMG;IACH,WAAW,CACV,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,SAAS,EAAE,MAAM,GAAG,SAAS,EAC7B,YAAY,EAAE,MAAM,GAClB,iBAAiB;IAmDpB;;;;;OAKG;IACH,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,QAAQ,GAAG,SAAS;IAgB5D;;;;;OAKG;IACH,eAAe,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM;IAgB7C;;;;OAIG;IACH,mBAAmB,IAAI,OAAO;CAqB9B"}

package/dist/UserAccessControl.js

@@ -0,0 +1,171 @@
+/**
+ * Default message shown when a user is blocked and blockBehavior is 'comment'.
+ * Supports template variables:
+ * - {{userName}} - The user's display name
+ * - {{userId}} - The user's Linear ID
+ */
+export const DEFAULT_BLOCK_MESSAGE = "{{userName}}, you are not authorized to delegate issues to this agent.";
+/**
+ * Checks if a user matches a given identifier.
+ * @param userId - The user's Linear ID
+ * @param userEmail - The user's email address
+ * @param identifier - The identifier to match against
+ * @returns true if the user matches the identifier
+ */
+function userMatchesIdentifier(userId, userEmail, identifier) {
+    if (typeof identifier === "string") {
+        // String is treated as user ID
+        return userId === identifier;
+    }
+    if ("id" in identifier) {
+        return userId === identifier.id;
+    }
+    if ("email" in identifier) {
+        // Case-insensitive email comparison
+        return userEmail?.toLowerCase() === identifier.email.toLowerCase();
+    }
+    return false;
+}
+/**
+ * Checks if a user matches any identifier in a list.
+ * @param userId - The user's Linear ID
+ * @param userEmail - The user's email address
+ * @param identifiers - List of identifiers to check against
+ * @returns true if the user matches any identifier
+ */
+function userMatchesAny(userId, userEmail, identifiers) {
+    return identifiers.some((identifier) => userMatchesIdentifier(userId, userEmail, identifier));
+}
+/**
+ * User access control manager for Linear user whitelisting/blacklisting.
+ *
+ * Access Check Logic:
+ * 1. Build effective blocklist: global blockedUsers + repo blockedUsers (union)
+ * 2. Check if user matches any entry in effective blocklist -> BLOCKED
+ * 3. Determine effective allowlist:
+ *    - If repo has allowedUsers -> use repo allowlist only
+ *    - Else if global has allowedUsers -> use global allowlist
+ *    - Else -> no allowlist (everyone allowed)
+ * 4. If effective allowlist exists and user NOT in it -> BLOCKED
+ * 5. Otherwise -> ALLOWED
+ */
+export class UserAccessControl {
+    globalConfig;
+    repoConfigs;
+    /**
+     * Creates a new UserAccessControl instance.
+     * @param globalConfig - Global access control configuration
+     * @param repoConfigs - Map of repository ID to repository-specific access control config
+     */
+    constructor(globalConfig, repoConfigs) {
+        this.globalConfig = globalConfig;
+        this.repoConfigs = repoConfigs;
+    }
+    /**
+     * Check if a user is allowed to delegate issues to a specific repository.
+     * @param userId - The user's Linear ID
+     * @param userEmail - The user's email address
+     * @param repositoryId - The target repository ID
+     * @returns AccessCheckResult indicating if access is allowed
+     */
+    checkAccess(userId, userEmail, repositoryId) {
+        const repoConfig = this.repoConfigs.get(repositoryId);
+        // Step 1: Build effective blocklist (global + repo, union)
+        const effectiveBlocklist = [
+            ...(this.globalConfig?.blockedUsers ?? []),
+            ...(repoConfig?.blockedUsers ?? []),
+        ];
+        // Step 2: Check if user is in blocklist
+        if (effectiveBlocklist.length > 0 &&
+            userMatchesAny(userId, userEmail, effectiveBlocklist)) {
+            return {
+                allowed: false,
+                reason: "User is in blocklist",
+            };
+        }
+        // Step 3: Determine effective allowlist
+        // Repo allowlist OVERRIDES global (not merged)
+        let effectiveAllowlist;
+        if (repoConfig?.allowedUsers !== undefined) {
+            effectiveAllowlist = repoConfig.allowedUsers;
+        }
+        else if (this.globalConfig?.allowedUsers !== undefined) {
+            effectiveAllowlist = this.globalConfig.allowedUsers;
+        }
+        // Step 4: If allowlist exists, check if user is in it
+        if (effectiveAllowlist !== undefined) {
+            // Empty allowlist means no one is allowed
+            if (effectiveAllowlist.length === 0) {
+                return {
+                    allowed: false,
+                    reason: "No users are allowed (empty allowlist)",
+                };
+            }
+            if (!userMatchesAny(userId, userEmail, effectiveAllowlist)) {
+                return {
+                    allowed: false,
+                    reason: "User is not in allowlist",
+                };
+            }
+        }
+        // Step 5: User is allowed
+        return { allowed: true };
+    }
+    /**
+     * Get the effective block behavior for a repository.
+     * Repo config overrides global config.
+     * @param repositoryId - The repository ID
+     * @returns 'silent' or 'comment'
+     */
+    getBlockBehavior(repositoryId) {
+        const repoConfig = this.repoConfigs.get(repositoryId);
+        // Repo blockBehavior overrides global
+        if (repoConfig?.blockBehavior !== undefined) {
+            return repoConfig.blockBehavior;
+        }
+        if (this.globalConfig?.blockBehavior !== undefined) {
+            return this.globalConfig.blockBehavior;
+        }
+        // Default to silent
+        return "silent";
+    }
+    /**
+     * Get the effective block message for a repository.
+     * Repo config overrides global config.
+     * @param repositoryId - The repository ID
+     * @returns The block message to display
+     */
+    getBlockMessage(repositoryId) {
+        const repoConfig = this.repoConfigs.get(repositoryId);
+        // Repo blockMessage overrides global
+        if (repoConfig?.blockMessage !== undefined) {
+            return repoConfig.blockMessage;
+        }
+        if (this.globalConfig?.blockMessage !== undefined) {
+            return this.globalConfig.blockMessage;
+        }
+        // Default message
+        return DEFAULT_BLOCK_MESSAGE;
+    }
+    /**
+     * Check if any access control is configured (either globally or for any repository).
+     * Useful for short-circuiting when no access control is needed.
+     * @returns true if any access control configuration exists
+     */
+    hasAnyConfiguration() {
+        // Check global config
+        if (this.globalConfig?.allowedUsers !== undefined ||
+            this.globalConfig?.blockedUsers !== undefined) {
+            return true;
+        }
+        // Check repo configs
+        for (const config of this.repoConfigs.values()) {
+            if (config?.allowedUsers !== undefined ||
+                config?.blockedUsers !== undefined) {
+                return true;
+            }
+        }
+        return false;
+    }
+}
+//# sourceMappingURL=UserAccessControl.js.map

package/dist/UserAccessControl.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"UserAccessControl.js","sourceRoot":"","sources":["../src/UserAccessControl.ts"],"names":[],"mappings":"AASA;;;;;GAKG;AACH,MAAM,CAAC,MAAM,qBAAqB,GACjC,wEAAwE,CAAC;AAE1E;;;;;;GAMG;AACH,SAAS,qBAAqB,CAC7B,MAA0B,EAC1B,SAA6B,EAC7B,UAA0B;IAE1B,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QACpC,+BAA+B;QAC/B,OAAO,MAAM,KAAK,UAAU,CAAC;IAC9B,CAAC;IACD,IAAI,IAAI,IAAI,UAAU,EAAE,CAAC;QACxB,OAAO,MAAM,KAAK,UAAU,CAAC,EAAE,CAAC;IACjC,CAAC;IACD,IAAI,OAAO,IAAI,UAAU,EAAE,CAAC;QAC3B,oCAAoC;QACpC,OAAO,SAAS,EAAE,WAAW,EAAE,KAAK,UAAU,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;IACpE,CAAC;IACD,OAAO,KAAK,CAAC;AACd,CAAC;AAED;;;;;;GAMG;AACH,SAAS,cAAc,CACtB,MAA0B,EAC1B,SAA6B,EAC7B,WAA6B;IAE7B,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE,CACtC,qBAAqB,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,CACpD,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,OAAO,iBAAiB;IACrB,YAAY,CAAsC;IAClD,WAAW,CAAmD;IAEtE;;;;OAIG;IACH,YACC,YAAiD,EACjD,WAA6D;QAE7D,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IAChC,CAAC;IAED;;;;;;OAMG;IACH,WAAW,CACV,MAA0B,EAC1B,SAA6B,EAC7B,YAAoB;QAEpB,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAEtD,2DAA2D;QAC3D,MAAM,kBAAkB,GAAqB;YAC5C,GAAG,CAAC,IAAI,CAAC,YAAY,EAAE,YAAY,IAAI,EAAE,CAAC;YAC1C,GAAG,CAAC,UAAU,EAAE,YAAY,IAAI,EAAE,CAAC;SACnC,CAAC;QAEF,wCAAwC;QACxC,IACC,kBAAkB,CAAC,MAAM,GAAG,CAAC;YAC7B,cAAc,CAAC,MAAM,EAAE,SAAS,EAAE,kBAAkB,CAAC,EACpD,CAAC;YACF,OAAO;gBACN,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,sBAAsB;aAC9B,CAAC;QACH,CAAC;QAED,wCAAwC;QACxC,+CAA+C;QAC/C,IAAI,kBAAgD,CAAC;QACrD,IAAI,UAAU,EAAE,YAAY,KAAK,SAAS,EAAE,CAAC;YAC5C,kBAAkB,GAAG,UAAU,CAAC,YAAY,CAAC;QAC9C,CAAC;aAAM,IAAI,IAAI,CAAC,YAAY,EAAE,YAAY,KAAK,SAAS,EAAE,CAAC;YAC1D,kBAAkB,GAAG,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC;QACrD,CAAC;QAED,sDAAsD;QACtD,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;YACtC,0CAA0C;YAC1C,IAAI,kBAAkB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACrC,OAAO;oBACN,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,wCAAwC;iBAChD,CAAC;YACH,CAAC;YAED,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,SAAS,EAAE,kBAAkB,CAAC,EAAE,CAAC;gBAC5D,OAAO;oBACN,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,0BAA0B;iBAClC,CAAC;YACH,CAAC;QACF,CAAC;QAED,0BAA0B;QAC1B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC1B,CAAC;IAED;;;;;OAKG;IACH,gBAAgB,CAAC,YAAoB;QACpC,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAEtD,sCAAsC;QACtC,IAAI,UAAU,EAAE,aAAa,KAAK,SAAS,EAAE,CAAC;YAC7C,OAAO,UAAU,CAAC,aAAa,CAAC;QACjC,CAAC;QAED,IAAI,IAAI,CAAC,YAAY,EAAE,aAAa,KAAK,SAAS,EAAE,CAAC;YACpD,OAAO,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC;QACxC,CAAC;QAED,oBAAoB;QACpB,OAAO,QAAQ,CAAC;IACjB,CAAC;IAED;;;;;OAKG;IACH,eAAe,CAAC,YAAoB;QACnC,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAEtD,qCAAqC;QACrC,IAAI,UAAU,EAAE,YAAY,KAAK,SAAS,EAAE,CAAC;YAC5C,OAAO,UAAU,CAAC,YAAY,CAAC;QAChC,CAAC;QAED,IAAI,IAAI,CAAC,YAAY,EAAE,YAAY,KAAK,SAAS,EAAE,CAAC;YACnD,OAAO,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC;QACvC,CAAC;QAED,kBAAkB;QAClB,OAAO,qBAAqB,CAAC;IAC9B,CAAC;IAED;;;;OAIG;IACH,mBAAmB;QAClB,sBAAsB;QACtB,IACC,IAAI,CAAC,YAAY,EAAE,YAAY,KAAK,SAAS;YAC7C,IAAI,CAAC,YAAY,EAAE,YAAY,KAAK,SAAS,EAC5C,CAAC;YACF,OAAO,IAAI,CAAC;QACb,CAAC;QAED,qBAAqB;QACrB,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;YAChD,IACC,MAAM,EAAE,YAAY,KAAK,SAAS;gBAClC,MAAM,EAAE,YAAY,KAAK,SAAS,EACjC,CAAC;gBACF,OAAO,IAAI,CAAC;YACb,CAAC;QACF,CAAC;QAED,OAAO,KAAK,CAAC;IACd,CAAC;CACD"}

package/dist/WorktreeIncludeService.d.ts

@@ -0,0 +1,32 @@
+import { type ILogger } from "sylas-core";
+/**
+ * Service responsible for handling .worktreeinclude file processing
+ *
+ * The .worktreeinclude file specifies which files ignored by .gitignore
+ * should be copied from the main repository to new worktrees.
+ *
+ * Files must match BOTH .worktreeinclude AND .gitignore patterns to be copied.
+ * This ensures only intended ignored files are duplicated.
+ */
+export declare class WorktreeIncludeService {
+    private logger;
+    constructor(logger?: ILogger);
+    /**
+     * Process .worktreeinclude and copy matching ignored files to the worktree
+     *
+     * @param repositoryPath - Path to the main repository
+     * @param worktreePath - Path to the newly created worktree
+     */
+    copyIgnoredFiles(repositoryPath: string, worktreePath: string): Promise<void>;
+    /**
+     * Parse a pattern file (like .gitignore or .worktreeinclude)
+     * Returns an array of non-empty, non-comment lines
+     */
+    private parsePatternFile;
+    /**
+     * Recursively find all files in the repository that match both
+     * .worktreeinclude AND .gitignore patterns
+     */
+    private findMatchingFiles;
+}
+//# sourceMappingURL=WorktreeIncludeService.d.ts.map

package/dist/WorktreeIncludeService.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"WorktreeIncludeService.d.ts","sourceRoot":"","sources":["../src/WorktreeIncludeService.ts"],"names":[],"mappings":"AASA,OAAO,EAAgB,KAAK,OAAO,EAAE,MAAM,YAAY,CAAC;AAExD;;;;;;;;GAQG;AACH,qBAAa,sBAAsB;IAClC,OAAO,CAAC,MAAM,CAAU;gBAEZ,MAAM,CAAC,EAAE,OAAO;IAK5B;;;;;OAKG;IACG,gBAAgB,CACrB,cAAc,EAAE,MAAM,EACtB,YAAY,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC;IA2EhB;;;OAGG;IACH,OAAO,CAAC,gBAAgB;IAQxB;;;OAGG;IACH,OAAO,CAAC,iBAAiB;CAuCzB"}

package/dist/WorktreeIncludeService.js

@@ -0,0 +1,123 @@
+import { copyFileSync, existsSync, mkdirSync, readdirSync, readFileSync, } from "node:fs";
+import { dirname, join, relative } from "node:path";
+import ignore from "ignore";
+import { createLogger } from "sylas-core";
+/**
+ * Service responsible for handling .worktreeinclude file processing
+ *
+ * The .worktreeinclude file specifies which files ignored by .gitignore
+ * should be copied from the main repository to new worktrees.
+ *
+ * Files must match BOTH .worktreeinclude AND .gitignore patterns to be copied.
+ * This ensures only intended ignored files are duplicated.
+ */
+export class WorktreeIncludeService {
+    logger;
+    constructor(logger) {
+        this.logger =
+            logger ?? createLogger({ component: "WorktreeIncludeService" });
+    }
+    /**
+     * Process .worktreeinclude and copy matching ignored files to the worktree
+     *
+     * @param repositoryPath - Path to the main repository
+     * @param worktreePath - Path to the newly created worktree
+     */
+    async copyIgnoredFiles(repositoryPath, worktreePath) {
+        const worktreeIncludePath = join(repositoryPath, ".worktreeinclude");
+        // Check if .worktreeinclude exists
+        if (!existsSync(worktreeIncludePath)) {
+            // No .worktreeinclude file, nothing to do
+            return;
+        }
+        this.logger.info("Found .worktreeinclude file, processing...");
+        // Parse .worktreeinclude patterns
+        const worktreeIncludePatterns = this.parsePatternFile(worktreeIncludePath);
+        if (worktreeIncludePatterns.length === 0) {
+            this.logger.info(".worktreeinclude is empty, nothing to copy");
+            return;
+        }
+        // Parse .gitignore patterns
+        const gitignorePath = join(repositoryPath, ".gitignore");
+        const gitignorePatterns = existsSync(gitignorePath)
+            ? this.parsePatternFile(gitignorePath)
+            : [];
+        if (gitignorePatterns.length === 0) {
+            this.logger.warn("No .gitignore found or empty, .worktreeinclude requires files to be gitignored");
+            return;
+        }
+        // Create ignore matchers
+        const worktreeIncludeMatcher = ignore().add(worktreeIncludePatterns);
+        const gitignoreMatcher = ignore().add(gitignorePatterns);
+        // Find files that match both patterns
+        const filesToCopy = this.findMatchingFiles(repositoryPath, worktreeIncludeMatcher, gitignoreMatcher);
+        if (filesToCopy.length === 0) {
+            this.logger.info("No files match both .worktreeinclude and .gitignore");
+            return;
+        }
+        this.logger.info(`Copying ${filesToCopy.length} ignored file(s) to worktree...`);
+        // Copy each matching file
+        for (const relativePath of filesToCopy) {
+            const sourcePath = join(repositoryPath, relativePath);
+            const destPath = join(worktreePath, relativePath);
+            try {
+                // Ensure destination directory exists
+                const destDir = dirname(destPath);
+                if (!existsSync(destDir)) {
+                    mkdirSync(destDir, { recursive: true });
+                }
+                copyFileSync(sourcePath, destPath);
+                this.logger.info(`  Copied: ${relativePath}`);
+            }
+            catch (error) {
+                this.logger.warn(`  Failed to copy ${relativePath}: ${error.message}`);
+            }
+        }
+        this.logger.info("Finished copying ignored files");
+    }
+    /**
+     * Parse a pattern file (like .gitignore or .worktreeinclude)
+     * Returns an array of non-empty, non-comment lines
+     */
+    parsePatternFile(filePath) {
+        const content = readFileSync(filePath, "utf-8");
+        return content
+            .split("\n")
+            .map((line) => line.trim())
+            .filter((line) => line.length > 0 && !line.startsWith("#"));
+    }
+    /**
+     * Recursively find all files in the repository that match both
+     * .worktreeinclude AND .gitignore patterns
+     */
+    findMatchingFiles(repositoryPath, worktreeIncludeMatcher, gitignoreMatcher) {
+        const matchingFiles = [];
+        const walkDirectory = (currentPath) => {
+            const entries = readdirSync(currentPath, { withFileTypes: true });
+            for (const entry of entries) {
+                const fullPath = join(currentPath, entry.name);
+                const relativePath = relative(repositoryPath, fullPath);
+                // Skip .git directory
+                if (entry.name === ".git") {
+                    continue;
+                }
+                if (entry.isDirectory()) {
+                    // Walk into directories to find specific files
+                    // We don't add directories themselves to the copy list
+                    walkDirectory(fullPath);
+                }
+                else if (entry.isFile()) {
+                    // Check if file matches both patterns
+                    const isGitignored = gitignoreMatcher.ignores(relativePath);
+                    const isWorktreeIncluded = worktreeIncludeMatcher.ignores(relativePath);
+                    if (isGitignored && isWorktreeIncluded) {
+                        matchingFiles.push(relativePath);
+                    }
+                }
+            }
+        };
+        walkDirectory(repositoryPath);
+        return matchingFiles;
+    }
+}
+//# sourceMappingURL=WorktreeIncludeService.js.map

package/dist/WorktreeIncludeService.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"WorktreeIncludeService.js","sourceRoot":"","sources":["../src/WorktreeIncludeService.ts"],"names":[],"mappings":"AAAA,OAAO,EACN,YAAY,EACZ,UAAU,EACV,SAAS,EACT,WAAW,EACX,YAAY,GACZ,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACpD,OAAO,MAAuB,MAAM,QAAQ,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAgB,MAAM,YAAY,CAAC;AAExD;;;;;;;;GAQG;AACH,MAAM,OAAO,sBAAsB;IAC1B,MAAM,CAAU;IAExB,YAAY,MAAgB;QAC3B,IAAI,CAAC,MAAM;YACV,MAAM,IAAI,YAAY,CAAC,EAAE,SAAS,EAAE,wBAAwB,EAAE,CAAC,CAAC;IAClE,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,gBAAgB,CACrB,cAAsB,EACtB,YAAoB;QAEpB,MAAM,mBAAmB,GAAG,IAAI,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;QAErE,mCAAmC;QACnC,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,EAAE,CAAC;YACtC,0CAA0C;YAC1C,OAAO;QACR,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QAE/D,kCAAkC;QAClC,MAAM,uBAAuB,GAAG,IAAI,CAAC,gBAAgB,CAAC,mBAAmB,CAAC,CAAC;QAC3E,IAAI,uBAAuB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;YAC/D,OAAO;QACR,CAAC;QAED,4BAA4B;QAC5B,MAAM,aAAa,GAAG,IAAI,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,iBAAiB,GAAG,UAAU,CAAC,aAAa,CAAC;YAClD,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC;YACtC,CAAC,CAAC,EAAE,CAAC;QAEN,IAAI,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpC,IAAI,CAAC,MAAM,CAAC,IAAI,CACf,gFAAgF,CAChF,CAAC;YACF,OAAO;QACR,CAAC;QAED,yBAAyB;QACzB,MAAM,sBAAsB,GAAG,MAAM,EAAE,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;QACrE,MAAM,gBAAgB,GAAG,MAAM,EAAE,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QAEzD,sCAAsC;QACtC,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,CACzC,cAAc,EACd,sBAAsB,EACtB,gBAAgB,CAChB,CAAC;QAEF,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;YACxE,OAAO;QACR,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,IAAI,CACf,WAAW,WAAW,CAAC,MAAM,iCAAiC,CAC9D,CAAC;QAEF,0BAA0B;QAC1B,KAAK,MAAM,YAAY,IAAI,WAAW,EAAE,CAAC;YACxC,MAAM,UAAU,GAAG,IAAI,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;YACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;YAElD,IAAI,CAAC;gBACJ,sCAAsC;gBACtC,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;gBAClC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC1B,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;gBACzC,CAAC;gBAED,YAAY,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;gBACnC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,YAAY,EAAE,CAAC,CAAC;YAC/C,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBAChB,IAAI,CAAC,MAAM,CAAC,IAAI,CACf,oBAAoB,YAAY,KAAM,KAAe,CAAC,OAAO,EAAE,CAC/D,CAAC;YACH,CAAC;QACF,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;IACpD,CAAC;IAED;;;OAGG;IACK,gBAAgB,CAAC,QAAgB;QACxC,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAChD,OAAO,OAAO;aACZ,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;aAC1B,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9D,CAAC;IAED;;;OAGG;IACK,iBAAiB,CACxB,cAAsB,EACtB,sBAA8B,EAC9B,gBAAwB;QAExB,MAAM,aAAa,GAAa,EAAE,CAAC;QAEnC,MAAM,aAAa,GAAG,CAAC,WAAmB,EAAQ,EAAE;YACnD,MAAM,OAAO,GAAG,WAAW,CAAC,WAAW,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;YAElE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC/C,MAAM,YAAY,GAAG,QAAQ,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;gBAExD,sBAAsB;gBACtB,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;oBAC3B,SAAS;gBACV,CAAC;gBAED,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;oBACzB,+CAA+C;oBAC/C,uDAAuD;oBACvD,aAAa,CAAC,QAAQ,CAAC,CAAC;gBACzB,CAAC;qBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;oBAC3B,sCAAsC;oBACtC,MAAM,YAAY,GAAG,gBAAgB,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;oBAC5D,MAAM,kBAAkB,GACvB,sBAAsB,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;oBAE9C,IAAI,YAAY,IAAI,kBAAkB,EAAE,CAAC;wBACxC,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBAClC,CAAC;gBACF,CAAC;YACF,CAAC;QACF,CAAC,CAAC;QAEF,aAAa,CAAC,cAAc,CAAC,CAAC;QAC9B,OAAO,aAAa,CAAC;IACtB,CAAC;CACD"}

package/dist/index.d.ts

@@ -0,0 +1,22 @@
+export type { SDKMessage } from "sylas-claude-runner";
+export { getAllTools, readOnlyTools } from "sylas-claude-runner";
+export type { EdgeConfig, EdgeWorkerConfig, OAuthCallbackHandler, RepositoryConfig, UserAccessControlConfig, UserIdentifier, Workspace, } from "sylas-core";
+export { AgentSessionManager } from "./AgentSessionManager.js";
+export type { AskUserQuestionHandlerConfig, AskUserQuestionHandlerDeps, } from "./AskUserQuestionHandler.js";
+export { AskUserQuestionHandler } from "./AskUserQuestionHandler.js";
+export type { ChatPlatformAdapter, ChatPlatformName, ChatSessionHandlerDeps, } from "./ChatSessionHandler.js";
+export { ChatSessionHandler } from "./ChatSessionHandler.js";
+export { EdgeWorker } from "./EdgeWorker.js";
+export { GitService } from "./GitService.js";
+export type { SerializedGlobalRegistryState } from "./GlobalSessionRegistry.js";
+export { GlobalSessionRegistry } from "./GlobalSessionRegistry.js";
+export { RepositoryRouter } from "./RepositoryRouter.js";
+export { SharedApplicationServer } from "./SharedApplicationServer.js";
+export { SlackChatAdapter } from "./SlackChatAdapter.js";
+export type { ActivityPostOptions, ActivityPostResult, ActivitySignal, IActivitySink, } from "./sinks/index.js";
+export { LinearActivitySink } from "./sinks/index.js";
+export type { EdgeWorkerEvents } from "./types.js";
+export { type AccessCheckResult, DEFAULT_BLOCK_MESSAGE, UserAccessControl, } from "./UserAccessControl.js";
+export { DEFAULT_VALIDATION_LOOP_CONFIG, parseValidationResult, VALIDATION_RESULT_SCHEMA, type ValidationFixerContext, type ValidationLoopConfig, type ValidationLoopState, type ValidationResult, } from "./validation/index.js";
+export { WorktreeIncludeService } from "./WorktreeIncludeService.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,YAAY,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACjE,YAAY,EACX,UAAU,EACV,gBAAgB,EAChB,oBAAoB,EACpB,gBAAgB,EAChB,uBAAuB,EACvB,cAAc,EACd,SAAS,GACT,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAC/D,YAAY,EACX,4BAA4B,EAC5B,0BAA0B,GAC1B,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,YAAY,EACX,mBAAmB,EACnB,gBAAgB,EAChB,sBAAsB,GACtB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,YAAY,EAAE,6BAA6B,EAAE,MAAM,4BAA4B,CAAC;AAChF,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,YAAY,EACX,mBAAmB,EACnB,kBAAkB,EAClB,cAAc,EACd,aAAa,GACb,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AACtD,YAAY,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAEnD,OAAO,EACN,KAAK,iBAAiB,EACtB,qBAAqB,EACrB,iBAAiB,GACjB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACN,8BAA8B,EAC9B,qBAAqB,EACrB,wBAAwB,EACxB,KAAK,sBAAsB,EAC3B,KAAK,oBAAoB,EACzB,KAAK,mBAAmB,EACxB,KAAK,gBAAgB,GACrB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC"}

package/dist/index.js

@@ -0,0 +1,17 @@
+export { getAllTools, readOnlyTools } from "sylas-claude-runner";
+export { AgentSessionManager } from "./AgentSessionManager.js";
+export { AskUserQuestionHandler } from "./AskUserQuestionHandler.js";
+export { ChatSessionHandler } from "./ChatSessionHandler.js";
+export { EdgeWorker } from "./EdgeWorker.js";
+export { GitService } from "./GitService.js";
+export { GlobalSessionRegistry } from "./GlobalSessionRegistry.js";
+export { RepositoryRouter } from "./RepositoryRouter.js";
+export { SharedApplicationServer } from "./SharedApplicationServer.js";
+export { SlackChatAdapter } from "./SlackChatAdapter.js";
+export { LinearActivitySink } from "./sinks/index.js";
+// User access control
+export { DEFAULT_BLOCK_MESSAGE, UserAccessControl, } from "./UserAccessControl.js";
+// Export validation loop module
+export { DEFAULT_VALIDATION_LOOP_CONFIG, parseValidationResult, VALIDATION_RESULT_SCHEMA, } from "./validation/index.js";
+export { WorktreeIncludeService } from "./WorktreeIncludeService.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAUjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAK/D,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAMrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAE7C,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAOzD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAEtD,sBAAsB;AACtB,OAAO,EAEN,qBAAqB,EACrB,iBAAiB,GACjB,MAAM,wBAAwB,CAAC;AAChC,gCAAgC;AAChC,OAAO,EACN,8BAA8B,EAC9B,qBAAqB,EACrB,wBAAwB,GAKxB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC"}

package/dist/label-prompt-template.md

@@ -0,0 +1,27 @@
+<git_context>
+<repository>{{repository_name}}</repository>
+<base_branch>{{base_branch}}</base_branch>
+</git_context>
+
+<linear_issue>
+<id>{{issue_id}}</id>
+<identifier>{{issue_identifier}}</identifier>
+<title>{{issue_title}}</title>
+<description>{{issue_description}}</description>
+<url>{{issue_url}}</url>
+<assignee>
+<id>{{assignee_id}}</id>
+<name>{{assignee_name}}</name>
+</assignee>
+</linear_issue>
+
+<workspace_context>
+<teams>
+{{workspace_teams}}
+</teams>
+<labels>
+{{workspace_labels}}
+</labels>
+</workspace_context>
+
+{{routing_context}}

package/dist/procedures/ProcedureAnalyzer.d.ts

@@ -0,0 +1,69 @@
+/**
+ * ProcedureAnalyzer - Intelligent analysis of agent sessions to determine procedures
+ *
+ * Uses a SimpleAgentRunner (Claude or Gemini) to analyze requests and determine
+ * which procedure (sequence of subroutines) should be executed.
+ */
+import { type ILogger, type SylasAgentSession } from "sylas-core";
+import type { ProcedureAnalysisDecision, ProcedureDefinition, SubroutineDefinition } from "./types.js";
+export type SimpleRunnerType = "claude" | "gemini" | "opencode";
+export interface ProcedureAnalyzerConfig {
+    sylasHome: string;
+    model?: string;
+    timeoutMs?: number;
+    runnerType?: SimpleRunnerType;
+    logger?: ILogger;
+}
+export declare class ProcedureAnalyzer {
+    private analysisRunner;
+    private procedures;
+    private logger;
+    constructor(config: ProcedureAnalyzerConfig);
+    /**
+     * Build the system prompt for request analysis and classification
+     */
+    private buildAnalysisSystemPrompt;
+    /**
+     * Load predefined procedures from registry
+     */
+    private loadPredefinedProcedures;
+    /**
+     * Analyze a request and determine which procedure to use
+     */
+    determineRoutine(requestText: string): Promise<ProcedureAnalysisDecision>;
+    /**
+     * Get the next subroutine for a session
+     * Returns null if procedure is complete
+     */
+    getNextSubroutine(session: SylasAgentSession): SubroutineDefinition | null;
+    /**
+     * Get the current subroutine for a session
+     */
+    getCurrentSubroutine(session: SylasAgentSession): SubroutineDefinition | null;
+    /**
+     * Initialize procedure metadata for a new session
+     */
+    initializeProcedureMetadata(session: SylasAgentSession, procedure: ProcedureDefinition): void;
+    /**
+     * Record subroutine completion and advance to next
+     */
+    advanceToNextSubroutine(session: SylasAgentSession, sessionId: string | null, result?: string): void;
+    /**
+     * Get the result from the last completed subroutine in the history.
+     * Returns null if there is no history or no result stored.
+     */
+    getLastSubroutineResult(session: SylasAgentSession): string | null;
+    /**
+     * Check if procedure is complete
+     */
+    isProcedureComplete(session: SylasAgentSession): boolean;
+    /**
+     * Register a custom procedure
+     */
+    registerProcedure(procedure: ProcedureDefinition): void;
+    /**
+     * Get procedure by name
+     */
+    getProcedure(name: string): ProcedureDefinition | undefined;
+}
+//# sourceMappingURL=ProcedureAnalyzer.d.ts.map

package/dist/procedures/ProcedureAnalyzer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ProcedureAnalyzer.d.ts","sourceRoot":"","sources":["../../src/procedures/ProcedureAnalyzer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAEN,KAAK,OAAO,EAEZ,KAAK,iBAAiB,EACtB,MAAM,YAAY,CAAC;AAIpB,OAAO,KAAK,EACX,yBAAyB,EACzB,mBAAmB,EAGnB,oBAAoB,EACpB,MAAM,YAAY,CAAC;AAEpB,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG,QAAQ,GAAG,UAAU,CAAC;AAEhE,MAAM,WAAW,uBAAuB;IACvC,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,MAAM,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,qBAAa,iBAAiB;IAC7B,OAAO,CAAC,cAAc,CAA4C;IAClE,OAAO,CAAC,UAAU,CAA+C;IACjE,OAAO,CAAC,MAAM,CAAU;gBAEZ,MAAM,EAAE,uBAAuB;IA4C3C;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAmDjC;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAMhC;;OAEG;IACG,gBAAgB,CACrB,WAAW,EAAE,MAAM,GACjB,OAAO,CAAC,yBAAyB,CAAC;IAyCrC;;;OAGG;IACH,iBAAiB,CAAC,OAAO,EAAE,iBAAiB,GAAG,oBAAoB,GAAG,IAAI;IA6B1E;;OAEG;IACH,oBAAoB,CACnB,OAAO,EAAE,iBAAiB,GACxB,oBAAoB,GAAG,IAAI;IAwB9B;;OAEG;IACH,2BAA2B,CAC1B,OAAO,EAAE,iBAAiB,EAC1B,SAAS,EAAE,mBAAmB,GAC5B,IAAI;IAYP;;OAEG;IACH,uBAAuB,CACtB,OAAO,EAAE,iBAAiB,EAC1B,SAAS,EAAE,MAAM,GAAG,IAAI,EACxB,MAAM,CAAC,EAAE,MAAM,GACb,IAAI;IA8CP;;;OAGG;IACH,uBAAuB,CAAC,OAAO,EAAE,iBAAiB,GAAG,MAAM,GAAG,IAAI;IAiBlE;;OAEG;IACH,mBAAmB,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO;IAIxD;;OAEG;IACH,iBAAiB,CAAC,SAAS,EAAE,mBAAmB,GAAG,IAAI;IAIvD;;OAEG;IACH,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,mBAAmB,GAAG,SAAS;CAG3D"}