tryassay 0.6.0 → 0.11.1

package/dist/runtime/stall-detector.js

@@ -0,0 +1,121 @@
+// ============================================================
+// Assay Verified Agent Runtime — Stall Detector
+// Monitors task graph for timeouts, reject loops,
+// dependency deadlocks, and resource contention.
+// ============================================================
+// ── Stall Detector ─────────────────────────────────────────
+export class StallDetector {
+    /**
+     * Detect stalls in a task graph.
+     * Returns stall reports for any problematic tasks.
+     */
+    detectStalls(graph, thresholdMs) {
+        const reports = [];
+        const now = Date.now();
+        for (const task of graph.tasks) {
+            // Skip completed or failed tasks
+            if (task.status === 'completed' || task.status === 'failed')
+                continue;
+            // Check for timeout: task in progress for too long
+            if (task.status === 'in_progress' || task.status === 'assigned') {
+                const taskStart = new Date(task.createdAt).getTime();
+                const elapsed = now - taskStart;
+                if (elapsed > thresholdMs) {
+                    reports.push({
+                        taskId: task.id,
+                        type: 'timeout',
+                        duration: elapsed,
+                        attempts: task.attempts,
+                        suggestedAction: task.attempts >= task.maxAttempts ? 'escalate' : 'reassign',
+                    });
+                }
+            }
+            // Check for reject loop: task rejected too many times
+            if (task.status === 'rejected' && task.attempts >= task.maxAttempts) {
+                reports.push({
+                    taskId: task.id,
+                    type: 'reject_loop',
+                    duration: now - new Date(task.createdAt).getTime(),
+                    attempts: task.attempts,
+                    suggestedAction: task.attempts >= task.maxAttempts ? 'escalate' : 'simplify',
+                });
+            }
+            // Check for resource contention: multiple tasks waiting for the same specialization
+            if (task.status === 'ready' || task.status === 'pending') {
+                const waitingForSameSpec = graph.tasks.filter(t => t.id !== task.id &&
+                    t.specialization === task.specialization &&
+                    (t.status === 'in_progress' || t.status === 'assigned'));
+                if (waitingForSameSpec.length >= 2) {
+                    reports.push({
+                        taskId: task.id,
+                        type: 'resource_contention',
+                        duration: now - new Date(task.createdAt).getTime(),
+                        attempts: task.attempts,
+                        suggestedAction: 'reassign',
+                    });
+                }
+            }
+        }
+        // Check for dependency deadlocks: circular dependencies
+        const deadlockTasks = this.detectDeadlocks(graph);
+        for (const taskId of deadlockTasks) {
+            const task = graph.tasks.find(t => t.id === taskId);
+            if (task) {
+                reports.push({
+                    taskId: task.id,
+                    type: 'dependency_deadlock',
+                    duration: now - new Date(task.createdAt).getTime(),
+                    attempts: task.attempts,
+                    suggestedAction: 'abort',
+                });
+            }
+        }
+        return reports;
+    }
+    /**
+     * Detect circular dependencies in the task graph.
+     * Returns task IDs involved in deadlock cycles.
+     */
+    detectDeadlocks(graph) {
+        const deadlocked = new Set();
+        // Build adjacency list from blocking edges
+        const blockingEdges = graph.edges.filter(e => e.type === 'blocks');
+        const adjacency = new Map();
+        for (const edge of blockingEdges) {
+            const existing = adjacency.get(edge.from) ?? [];
+            existing.push(edge.to);
+            adjacency.set(edge.from, existing);
+        }
+        // DFS-based cycle detection
+        const visited = new Set();
+        const inStack = new Set();
+        const dfs = (taskId) => {
+            if (inStack.has(taskId)) {
+                // Found a cycle — collect all tasks in the cycle
+                deadlocked.add(taskId);
+                return true;
+            }
+            if (visited.has(taskId))
+                return false;
+            visited.add(taskId);
+            inStack.add(taskId);
+            const neighbors = adjacency.get(taskId) ?? [];
+            for (const neighbor of neighbors) {
+                if (dfs(neighbor)) {
+                    deadlocked.add(taskId);
+                }
+            }
+            inStack.delete(taskId);
+            return false;
+        };
+        // Only check tasks that are not yet completed
+        const activeTasks = graph.tasks
+            .filter(t => t.status !== 'completed' && t.status !== 'failed')
+            .map(t => t.id);
+        for (const taskId of activeTasks) {
+            dfs(taskId);
+        }
+        return Array.from(deadlocked);
+    }
+}
+//# sourceMappingURL=stall-detector.js.map

package/dist/runtime/stall-detector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stall-detector.js","sourceRoot":"","sources":["../../src/runtime/stall-detector.ts"],"names":[],"mappings":"AAAA,+DAA+D;AAC/D,gDAAgD;AAChD,kDAAkD;AAClD,iDAAiD;AACjD,+DAA+D;AAQ/D,8DAA8D;AAE9D,MAAM,OAAO,aAAa;IACxB;;;OAGG;IACH,YAAY,CAAC,KAAgB,EAAE,WAAmB;QAChD,MAAM,OAAO,GAAkB,EAAE,CAAC;QAClC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;YAC/B,iCAAiC;YACjC,IAAI,IAAI,CAAC,MAAM,KAAK,WAAW,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ;gBAAE,SAAS;YAEtE,mDAAmD;YACnD,IAAI,IAAI,CAAC,MAAM,KAAK,aAAa,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;gBAChE,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;gBACrD,MAAM,OAAO,GAAG,GAAG,GAAG,SAAS,CAAC;gBAChC,IAAI,OAAO,GAAG,WAAW,EAAE,CAAC;oBAC1B,OAAO,CAAC,IAAI,CAAC;wBACX,MAAM,EAAE,IAAI,CAAC,EAAE;wBACf,IAAI,EAAE,SAAS;wBACf,QAAQ,EAAE,OAAO;wBACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,eAAe,EAAE,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU;qBAC7E,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,sDAAsD;YACtD,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACpE,OAAO,CAAC,IAAI,CAAC;oBACX,MAAM,EAAE,IAAI,CAAC,EAAE;oBACf,IAAI,EAAE,aAAa;oBACnB,QAAQ,EAAE,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;oBAClD,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,eAAe,EAAE,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU;iBAC7E,CAAC,CAAC;YACL,CAAC;YAED,oFAAoF;YACpF,IAAI,IAAI,CAAC,MAAM,KAAK,OAAO,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzD,MAAM,kBAAkB,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAChD,CAAC,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE;oBAChB,CAAC,CAAC,cAAc,KAAK,IAAI,CAAC,cAAc;oBACxC,CAAC,CAAC,CAAC,MAAM,KAAK,aAAa,IAAI,CAAC,CAAC,MAAM,KAAK,UAAU,CAAC,CACxD,CAAC;gBACF,IAAI,kBAAkB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;oBACnC,OAAO,CAAC,IAAI,CAAC;wBACX,MAAM,EAAE,IAAI,CAAC,EAAE;wBACf,IAAI,EAAE,qBAAqB;wBAC3B,QAAQ,EAAE,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;wBAClD,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,eAAe,EAAE,UAAU;qBAC5B,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,wDAAwD;QACxD,MAAM,aAAa,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QAClD,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC;YACpD,IAAI,IAAI,EAAE,CAAC;gBACT,OAAO,CAAC,IAAI,CAAC;oBACX,MAAM,EAAE,IAAI,CAAC,EAAE;oBACf,IAAI,EAAE,qBAAqB;oBAC3B,QAAQ,EAAE,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;oBAClD,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,eAAe,EAAE,OAAO;iBACzB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;OAGG;IACK,eAAe,CAAC,KAAgB;QACtC,MAAM,UAAU,GAAgB,IAAI,GAAG,EAAE,CAAC;QAE1C,2CAA2C;QAC3C,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;QACnE,MAAM,SAAS,GAAG,IAAI,GAAG,EAAoB,CAAC;QAC9C,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAChD,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACvB,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACrC,CAAC;QAED,4BAA4B;QAC5B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;QAClC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;QAElC,MAAM,GAAG,GAAG,CAAC,MAAc,EAAW,EAAE;YACtC,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBACxB,iDAAiD;gBACjD,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBACvB,OAAO,IAAI,CAAC;YACd,CAAC;YACD,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAEtC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAEpB,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YAC9C,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,IAAI,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAClB,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBACzB,CAAC;YACH,CAAC;YAED,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YACvB,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF,8CAA8C;QAC9C,MAAM,WAAW,GAAG,KAAK,CAAC,KAAK;aAC5B,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,IAAI,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC;aAC9D,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAElB,KAAK,MAAM,MAAM,IAAI,WAAW,EAAE,CAAC;YACjC,GAAG,CAAC,MAAM,CAAC,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAChC,CAAC;CACF"}

package/dist/runtime/tool-approval.d.ts

@@ -0,0 +1,51 @@
+import type { ToolDefinition, ToolVerification, ModificationProposal, ModificationApproval, ProposalStatus } from './types.js';
+import { ToolVerifier } from './tool-verifier.js';
+import { CapabilityRegistryManager } from './capability-registry.js';
+export interface PendingApproval {
+    readonly proposal: ModificationProposal;
+    readonly verification: ToolVerification;
+    readonly toolDefinition: ToolDefinition;
+    readonly toolSourceDir: string;
+}
+export declare class ToolApprovalManager {
+    private verifier;
+    private registry;
+    private pendingApprovals;
+    private approvalHistoryPath;
+    constructor(registry: CapabilityRegistryManager, verifier?: ToolVerifier, approvalHistoryPath?: string);
+    /**
+     * Propose a new tool. Runs verification and queues for human approval.
+     * Returns the proposal ID and verification result.
+     */
+    propose(tool: ToolDefinition, toolSourceDir: string, justification: {
+        capability_gap: string;
+        evidence: string[];
+        expected_impact: string;
+        risk_assessment: string;
+    }): Promise<{
+        proposalId: string;
+        verification: ToolVerification;
+        status: ProposalStatus;
+    }>;
+    /**
+     * List all pending approvals.
+     */
+    listPending(): PendingApproval[];
+    /**
+     * Get a specific pending approval.
+     */
+    getPending(proposalId: string): PendingApproval | undefined;
+    /**
+     * Approve a pending tool proposal. Activates the tool in the registry.
+     */
+    approve(proposalId: string, approvedBy: string, reasoning: string, conditions?: string[]): Promise<ModificationApproval>;
+    /**
+     * Reject a pending tool proposal.
+     */
+    reject(proposalId: string, rejectedBy: string, reasoning: string): Promise<ModificationApproval>;
+    /**
+     * Rollback the last registry change.
+     */
+    rollback(rolledBackBy: string): Promise<boolean>;
+    private logApproval;
+}

package/dist/runtime/tool-approval.js

@@ -0,0 +1,148 @@
+// ============================================================
+// Assay Verified Agent Runtime — Tool Approval Flow
+// Orchestrates: propose → verify → approve → activate
+// Human approval is required before any tool goes active.
+// ============================================================
+import { randomUUID } from 'node:crypto';
+import { mkdir, appendFile } from 'node:fs/promises';
+import { dirname } from 'node:path';
+import { ToolVerifier } from './tool-verifier.js';
+// ── Tool Approval Manager ──────────────────────────────────
+export class ToolApprovalManager {
+    verifier;
+    registry;
+    pendingApprovals = new Map();
+    approvalHistoryPath;
+    constructor(registry, verifier, approvalHistoryPath) {
+        this.registry = registry;
+        this.verifier = verifier ?? new ToolVerifier();
+        this.approvalHistoryPath = approvalHistoryPath ?? '.assay/tool-approvals.ndjson';
+    }
+    /**
+     * Propose a new tool. Runs verification and queues for human approval.
+     * Returns the proposal ID and verification result.
+     */
+    async propose(tool, toolSourceDir, justification) {
+        const proposalId = `mod_${Date.now()}_${randomUUID().slice(0, 8)}`;
+        // Create the proposal
+        const proposal = {
+            id: proposalId,
+            type: 'tool',
+            timestamp: new Date().toISOString(),
+            title: `New tool: ${tool.name}`,
+            description: tool.description,
+            payload: tool,
+            justification,
+            safety: {
+                modifies_layer2: false,
+                modifies_approval_framework: false,
+                trust_level_required: 'provisional',
+                rollback_plan: `Deprecate tool ${tool.id} and rollback registry`,
+            },
+            proposed_by: tool.created_by,
+            status: 'verifying',
+        };
+        // Run verification
+        const verification = await this.verifier.verify(tool, toolSourceDir);
+        // Update proposal status based on verification
+        let status;
+        if (verification.verdict === 'reject') {
+            status = 'rejected';
+        }
+        else {
+            status = 'pending_approval';
+            // Queue for human approval
+            this.pendingApprovals.set(proposalId, {
+                proposal: { ...proposal, status, verification_id: verification.verification_id },
+                verification,
+                toolDefinition: tool,
+                toolSourceDir,
+            });
+        }
+        return { proposalId, verification, status };
+    }
+    /**
+     * List all pending approvals.
+     */
+    listPending() {
+        return Array.from(this.pendingApprovals.values());
+    }
+    /**
+     * Get a specific pending approval.
+     */
+    getPending(proposalId) {
+        return this.pendingApprovals.get(proposalId);
+    }
+    /**
+     * Approve a pending tool proposal. Activates the tool in the registry.
+     */
+    async approve(proposalId, approvedBy, reasoning, conditions) {
+        const pending = this.pendingApprovals.get(proposalId);
+        if (!pending) {
+            throw new Error(`No pending approval found for proposal "${proposalId}"`);
+        }
+        const approval = {
+            proposal_id: proposalId,
+            decision: 'approved',
+            decided_by: approvedBy,
+            decided_at: new Date().toISOString(),
+            reasoning,
+            conditions,
+        };
+        // Activate the tool in the registry
+        const approvedTool = {
+            ...pending.toolDefinition,
+            status: 'approved',
+        };
+        this.registry.addTool(approvedTool, approvedBy, proposalId);
+        await this.registry.save();
+        // Remove from pending
+        this.pendingApprovals.delete(proposalId);
+        // Log the approval
+        await this.logApproval(approval);
+        return approval;
+    }
+    /**
+     * Reject a pending tool proposal.
+     */
+    async reject(proposalId, rejectedBy, reasoning) {
+        const pending = this.pendingApprovals.get(proposalId);
+        if (!pending) {
+            throw new Error(`No pending approval found for proposal "${proposalId}"`);
+        }
+        const approval = {
+            proposal_id: proposalId,
+            decision: 'rejected',
+            decided_by: rejectedBy,
+            decided_at: new Date().toISOString(),
+            reasoning,
+        };
+        // Remove from pending
+        this.pendingApprovals.delete(proposalId);
+        // Log the rejection
+        await this.logApproval(approval);
+        return approval;
+    }
+    /**
+     * Rollback the last registry change.
+     */
+    async rollback(rolledBackBy) {
+        const success = this.registry.rollback(rolledBackBy);
+        if (success) {
+            await this.registry.save();
+        }
+        return success;
+    }
+    // ── Private ──────────────────────────────────────────────
+    async logApproval(approval) {
+        try {
+            await mkdir(dirname(this.approvalHistoryPath), { recursive: true });
+            const line = JSON.stringify(approval) + '\n';
+            await appendFile(this.approvalHistoryPath, line, 'utf-8');
+        }
+        catch {
+            // Non-critical: approval history logging failure doesn't block the flow
+        }
+    }
+}
+//# sourceMappingURL=tool-approval.js.map

package/dist/runtime/tool-approval.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-approval.js","sourceRoot":"","sources":["../../src/runtime/tool-approval.ts"],"names":[],"mappings":"AAAA,+DAA+D;AAC/D,oDAAoD;AACpD,sDAAsD;AACtD,0DAA0D;AAC1D,+DAA+D;AAE/D,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AASpC,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAYlD,8DAA8D;AAE9D,MAAM,OAAO,mBAAmB;IACtB,QAAQ,CAAe;IACvB,QAAQ,CAA4B;IACpC,gBAAgB,GAAiC,IAAI,GAAG,EAAE,CAAC;IAC3D,mBAAmB,CAAS;IAEpC,YACE,QAAmC,EACnC,QAAuB,EACvB,mBAA4B;QAE5B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,IAAI,IAAI,YAAY,EAAE,CAAC;QAC/C,IAAI,CAAC,mBAAmB,GAAG,mBAAmB,IAAI,8BAA8B,CAAC;IACnF,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,OAAO,CACX,IAAoB,EACpB,aAAqB,EACrB,aAKC;QAMD,MAAM,UAAU,GAAG,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QAEnE,sBAAsB;QACtB,MAAM,QAAQ,GAAyB;YACrC,EAAE,EAAE,UAAU;YACd,IAAI,EAAE,MAAM;YACZ,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,aAAa,IAAI,CAAC,IAAI,EAAE;YAC/B,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,OAAO,EAAE,IAAI;YACb,aAAa;YACb,MAAM,EAAE;gBACN,eAAe,EAAE,KAAc;gBAC/B,2BAA2B,EAAE,KAAc;gBAC3C,oBAAoB,EAAE,aAA2B;gBACjD,aAAa,EAAE,kBAAkB,IAAI,CAAC,EAAE,wBAAwB;aACjE;YACD,WAAW,EAAE,IAAI,CAAC,UAAU;YAC5B,MAAM,EAAE,WAAW;SACpB,CAAC;QAEF,mBAAmB;QACnB,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QAErE,+CAA+C;QAC/C,IAAI,MAAsB,CAAC;QAC3B,IAAI,YAAY,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,GAAG,UAAU,CAAC;QACtB,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,kBAAkB,CAAC;YAC5B,2BAA2B;YAC3B,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,UAAU,EAAE;gBACpC,QAAQ,EAAE,EAAE,GAAG,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,YAAY,CAAC,eAAe,EAAE;gBAChF,YAAY;gBACZ,cAAc,EAAE,IAAI;gBACpB,aAAa;aACd,CAAC,CAAC;QACL,CAAC;QAED,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,WAAW;QACT,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;IACpD,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,UAAkB;QAC3B,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CACX,UAAkB,EAClB,UAAkB,EAClB,SAAiB,EACjB,UAAqB;QAErB,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACtD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,2CAA2C,UAAU,GAAG,CAAC,CAAC;QAC5E,CAAC;QAED,MAAM,QAAQ,GAAyB;YACrC,WAAW,EAAE,UAAU;YACvB,QAAQ,EAAE,UAAU;YACpB,UAAU,EAAE,UAAU;YACtB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,SAAS;YACT,UAAU;SACX,CAAC;QAEF,oCAAoC;QACpC,MAAM,YAAY,GAAmB;YACnC,GAAG,OAAO,CAAC,cAAc;YACzB,MAAM,EAAE,UAAU;SACnB,CAAC;QACF,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,YAAY,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;QAC5D,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAE3B,sBAAsB;QACtB,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAEzC,mBAAmB;QACnB,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAEjC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CACV,UAAkB,EAClB,UAAkB,EAClB,SAAiB;QAEjB,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACtD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,2CAA2C,UAAU,GAAG,CAAC,CAAC;QAC5E,CAAC;QAED,MAAM,QAAQ,GAAyB;YACrC,WAAW,EAAE,UAAU;YACvB,QAAQ,EAAE,UAAU;YACpB,UAAU,EAAE,UAAU;YACtB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,SAAS;SACV,CAAC;QAEF,sBAAsB;QACtB,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAEzC,oBAAoB;QACpB,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAEjC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAC,YAAoB;QACjC,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QACrD,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,4DAA4D;IAEpD,KAAK,CAAC,WAAW,CAAC,QAA8B;QACtD,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,mBAAmB,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACpE,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC;YAC7C,MAAM,UAAU,CAAC,IAAI,CAAC,mBAAmB,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QAC5D,CAAC;QAAC,MAAM,CAAC;YACP,wEAAwE;QAC1E,CAAC;IACH,CAAC;CACF"}

package/dist/runtime/tool-sandbox.d.ts

@@ -0,0 +1,43 @@
+import type { ToolDefinition, ToolConstraints, ToolTestResult } from './types.js';
+export interface SandboxRequest {
+    readonly toolId: string;
+    readonly entryPoint: string;
+    readonly functionName: string;
+    readonly input: unknown;
+    readonly constraints: ToolConstraints;
+}
+export interface SandboxResponse {
+    readonly status: 'success' | 'error' | 'timeout' | 'constraint_violation';
+    readonly output?: unknown;
+    readonly error?: string;
+    readonly durationMs: number;
+    readonly memoryUsageMb?: number;
+    readonly networkAttempts?: readonly string[];
+    readonly filesystemWrites?: readonly string[];
+}
+export declare class ToolSandbox {
+    private sandboxDir;
+    constructor(sandboxBaseDir?: string);
+    /**
+     * Execute a tool in a sandboxed child process.
+     * Enforces all constraints from the ToolDefinition.
+     */
+    execute(request: SandboxRequest): Promise<SandboxResponse>;
+    /**
+     * Run a full test suite against a tool: happy path, malformed input,
+     * timeout behavior, and constraint compliance.
+     */
+    runTestSuite(tool: ToolDefinition, toolSourceDir: string): Promise<{
+        happy_path: ToolTestResult;
+        malformed_input: ToolTestResult;
+        timeout_behavior: ToolTestResult;
+        constraint_compliance: ToolTestResult;
+    }>;
+    private forkAndRun;
+    private generateRunnerScript;
+    private runSingleTest;
+    private runTimeoutTest;
+    private runConstraintComplianceTest;
+    private generateHappyPathInput;
+    private generateMalformedInput;
+}