omnilimb 0.8.0__py3-none-any.whl

omnilimb/__init__.py

@@ -0,0 +1,114 @@
+"""Omnilimb — Hermes plugin.
+
+Turns OpenClaw / ClawHub's mature execution substrate (skill registry, local
+sandbox, Playwright browser automation, multi-language runtimes, retry/rollback)
+into a set of structured-JSON tools for Hermes.
+
+Design:
+- Hermes is the brain (LLM/conversation/memory/UI).
+- Omnilimb is the hands/feet (deterministic execution). It NEVER calls an
+  LLM itself -> zero extra model tokens on the execution path.
+- Two interchangeable backends, switchable via config:
+    * "cli"    -> shells out to the real `openclaw` / `clawhub` CLIs.
+    * "native" -> a decoupled Python re-implementation (no Node dependency).
+    * "auto"   -> cli if the `openclaw` binary is present, else native.
+
+Every tool handler:
+  - has signature `handler(args: dict, **kwargs) -> str`
+  - ALWAYS returns a JSON string (success and error alike)
+  - NEVER raises
+"""
+
+from __future__ import annotations
+
+import logging
+
+from . import schemas, tools
+from .config import get_settings
+
+logger = logging.getLogger(__name__)
+
+__version__ = "0.8.0"
+
+
+def _cli_available() -> bool:
+    """check_fn used to hide CLI-only behaviour gracefully (never raises)."""
+    try:
+        from .backends.cli_backend import openclaw_binary
+
+        return openclaw_binary() is not None
+    except Exception:  # pragma: no cover - defensive
+        return False
+
+
+def _tools_available() -> bool:
+    """Tools are available whenever a backend can be resolved.
+
+    The CLI backend needs the `openclaw` binary; the native backend always
+    resolves. So tools are available unless the user pinned `backend: cli`
+    without installing the CLI.
+    """
+    try:
+        settings = get_settings()
+        if settings.backend == "cli":
+            return _cli_available()
+        return True
+    except Exception:  # pragma: no cover - defensive
+        return True
+
+
+def register(ctx) -> None:
+    """Entry point called once at startup. Wires schemas -> handlers.
+
+    If this function raises, Hermes disables the plugin but keeps running, so we
+    keep it defensive and side-effect-light.
+    """
+    pairs = (
+        ("claw_skill_search", schemas.CLAW_SKILL_SEARCH, tools.claw_skill_search),
+        ("claw_skill_install", schemas.CLAW_SKILL_INSTALL, tools.claw_skill_install),
+        ("claw_skill_list", schemas.CLAW_SKILL_LIST, tools.claw_skill_list),
+        ("claw_skill_runs", schemas.CLAW_SKILL_RUNS, tools.claw_skill_runs),
+        ("claw_skill_run", schemas.CLAW_SKILL_RUN, tools.claw_skill_run),
+        ("claw_sandbox_exec", schemas.CLAW_SANDBOX_EXEC, tools.claw_sandbox_exec),
+        ("claw_browser", schemas.CLAW_BROWSER, tools.claw_browser),
+        ("claw_runtime", schemas.CLAW_RUNTIME, tools.claw_runtime),
+    )
+
+    for name, schema, handler in pairs:
+        ctx.register_tool(
+            name=name,
+            toolset="omnilimb",
+            schema=schema,
+            handler=handler,
+            check_fn=_tools_available,
+        )
+
+    # Ship an opt-in "how to drive me" skill. Not in the system-prompt index,
+    # so it costs zero standing tokens until the agent explicitly loads it.
+    try:
+        from pathlib import Path
+
+        skill_md = Path(__file__).parent / "skills" / "omnilimb" / "SKILL.md"
+        if skill_md.exists():
+            ctx.register_skill("omnilimb", skill_md)
+    except Exception as exc:  # pragma: no cover - optional
+        logger.debug("omnilimb: skill registration skipped: %s", exc)
+
+    # Diagnostics slash command: /exo status
+    try:
+        ctx.register_command(
+            "exo",
+            handler=tools.slash_claw,
+            description="Omnilimb status / backend / diagnostics",
+            args_hint="[status|backend|doctor]",
+        )
+    except Exception as exc:  # pragma: no cover - optional
+        logger.debug("omnilimb: slash command skipped: %s", exc)
+
+    s = get_settings()
+    logger.info(
+        "omnilimb v%s registered (backend=%s, resolved=%s)",
+        __version__,
+        s.backend,
+        s.resolved_backend(),
+    )

omnilimb/_cache.py

@@ -0,0 +1,123 @@
+"""Tiny SQLite-backed fallback cache for registry results (offline-first).
+
+Goal: when the upstream skill market (ClawHub / SkillHub) is unreachable, serve
+the last *successful* lookup instead of an empty/error result — so search keeps
+working during an outage. Strategy is **live-first, cache-as-fallback**: a live
+success is always preferred (and refreshes the cache); the cache is only served
+when the live call fails. This avoids serving stale data while online.
+
+Stdlib only (`sqlite3`), profile-safe path under `state_dir()`, and every
+function is defensive — a cache failure must never break a tool call.
+"""
+
+from __future__ import annotations
+
+import hashlib
+import json
+import sqlite3
+import time
+from typing import Any, Callable
+
+from .config import get_settings
+
+
+def _db_path() -> str:
+    return str(get_settings().state_dir() / "cache.db")
+
+
+def _conn() -> sqlite3.Connection:
+    c = sqlite3.connect(_db_path(), timeout=5)
+    c.execute("CREATE TABLE IF NOT EXISTS cache (k TEXT PRIMARY KEY, ts REAL, payload TEXT)")
+    return c
+
+
+def make_key(*parts: Any) -> str:
+    raw = "|".join("" if p is None else str(p) for p in parts)
+    return hashlib.sha1(raw.encode("utf-8")).hexdigest()  # noqa: S324 - cache key, not security
+
+
+def cache_get(key: str) -> dict | None:
+    try:
+        c = _conn()
+        try:
+            row = c.execute("SELECT ts, payload FROM cache WHERE k=?", (key,)).fetchone()
+        finally:
+            c.close()
+        if not row:
+            return None
+        return {"ts": float(row[0]), "payload": json.loads(row[1])}
+    except Exception:
+        return None
+
+
+def cache_put(key: str, payload: dict) -> None:
+    try:
+        c = _conn()
+        try:
+            c.execute(
+                "INSERT OR REPLACE INTO cache (k, ts, payload) VALUES (?, ?, ?)",
+                (key, time.time(), json.dumps(payload, ensure_ascii=False, default=str)),
+            )
+            c.commit()
+        finally:
+            c.close()
+    except Exception:
+        pass
+
+
+def cache_fresh(key: str, max_age_s: int) -> dict | None:
+    """Fast-path: return the cached payload only if it's younger than max_age_s.
+
+    Unlike :func:`cached` (which serves stale data only on live failure), this is
+    a *freshness* read used to skip a live call entirely when a recent result
+    exists — the basis for snappy repeat/paginated searches.
+    """
+    hit = cache_get(key)
+    if not hit or not isinstance(hit.get("payload"), dict):
+        return None
+    age = time.time() - hit["ts"]
+    if age > max_age_s:
+        return None
+    out = dict(hit["payload"])
+    out["from_cache"] = True
+    out["cache_age_s"] = int(age)
+    return out
+
+
+def cached(
+    key: str,
+    fn: Callable[[], dict],
+    *,
+    enabled: bool = True,
+    max_age_s: int = 604800,
+) -> dict:
+    """Run *fn*; cache a success; on failure serve the last cached result.
+
+    Returns the live result when it succeeds (and refreshes the cache). On
+    failure, returns the cached payload annotated with ``from_cache``/``stale``/
+    ``cache_age_s`` when a cache entry exists and is younger than *max_age_s*;
+    otherwise returns the live failure result unchanged.
+    """
+    if not enabled:
+        try:
+            return fn()
+        except Exception as exc:
+            return {"ok": False, "error": f"{type(exc).__name__}: {exc}", "retryable": True}
+    try:
+        res = fn()
+    except Exception as exc:
+        res = {"ok": False, "error": f"{type(exc).__name__}: {exc}", "retryable": True}
+    if isinstance(res, dict) and res.get("ok"):
+        cache_put(key, res)
+        return res
+    hit = cache_get(key)
+    if hit:
+        age = int(time.time() - hit["ts"])
+        if age <= max_age_s and isinstance(hit["payload"], dict):
+            out = dict(hit["payload"])
+            out["from_cache"] = True
+            out["stale"] = True
+            out["cache_age_s"] = age
+            out["cache_note"] = "upstream unavailable — served cached result"
+            return out
+    return res

omnilimb/_errors.py

@@ -0,0 +1,54 @@
+"""Feature H — map raw error strings to human-friendly {reason, fix} guidance.
+
+Pure functions, no I/O. Used by install / smoke-test / run paths so the UI can
+show "why + how to fix" instead of a raw stack trace. First matching rule wins.
+"""
+
+from __future__ import annotations
+
+import re
+
+# (regex, reason, fix). Patterns matched case-insensitively against the error.
+_RULES: list[tuple[str, str, str]] = [
+    (r"git_terminal_prompt|could not read username|authentication failed|terminal prompts disabled",
+     "Git 需要认证（私有仓库或凭据缺失）",
+     "确认该技能是公开仓库；私有仓库需先配置 Git 凭据，或改用注册表安装。"),
+    (r"could not resolve host|name resolution|getaddrinfo|network is unreachable|connection refused|timed out|timeout|temporarily unavailable",
+     "网络不可达或超时",
+     "检查网络/代理后重试；上游市场可能临时不可用，可用缓存结果或切换市场。"),
+    (r"permission denied|access is denied|eacces|operation not permitted",
+     "权限不足",
+     "检查目标目录写权限；尽量在工作区内安装，避免写入系统目录。"),
+    (r"cannot connect to the docker daemon|docker daemon|docker.*not running|docker.*not found",
+     "需要 Docker 但未运行/未安装",
+     "安装并启动 Docker Desktop；或在设置里切到 native 后端用本地回退执行。"),
+    (r"command not found|is not recognized|missing dependency|requires?\.?bins?",
+     "缺少所需命令行依赖",
+     "按技能 SKILL.md 的 requires.bins 安装对应工具后重试（见‘环境检查’）。"),
+    (r"api[_ ]?key|unauthorized|\b401\b|invalid token|missing.*key|forbidden|\b403\b",
+     "缺少或无效的 API Key",
+     "在该技能详情页的‘凭据’区填入所需 API Key 后重试。"),
+    (r"checksum|signature|verify failed|verification failed|integrity",
+     "完整性/签名校验失败",
+     "包内容与签名不符，可能被篡改或源异常；请勿强装，换可信源或反馈维护者。"),
+    (r"unknown pack|not found|no such file|enoent|cannot find|does not exist|404",
+     "目标不存在",
+     "确认 slug/名称拼写正确，或先用搜索确认它在当前市场存在。"),
+    (r"disk|no space left|enospc",
+     "磁盘空间不足",
+     "清理磁盘空间后重试。"),
+]
+
+
+def humanize(error) -> dict | None:
+    """Return {reason, fix} for a raw error string, or None if there is no error."""
+    if not error:
+        return None
+    text = str(error).lower()
+    for pat, reason, fix in _RULES:
+        if re.search(pat, text):
+            return {"reason": reason, "fix": fix}
+    return {
+        "reason": "执行失败",
+        "fix": "查看下方原始错误；可重试，或检查依赖/网络/凭据/权限。",
+    }

omnilimb/_retry.py

@@ -0,0 +1,64 @@
+"""Retry + rollback helper.
+
+`with_retry` runs an operation that returns a result dict. It retries on
+*recoverable* failures (exceptions, or dicts with a truthy `retryable` flag /
+network-ish errors) up to `retries` times with exponential backoff. The operation
+itself is responsible for being safe to retry — pass `retries=0` for
+non-idempotent operations.
+"""
+
+from __future__ import annotations
+
+import logging
+import time
+from typing import Any, Callable
+
+logger = logging.getLogger(__name__)
+
+_RETRYABLE_HINTS = ("timeout", "unreachable", "temporarily", "connection", "reset", "502", "503", "504")
+
+
+def _looks_retryable(result: Any) -> bool:
+    if not isinstance(result, dict):
+        return False
+    if result.get("ok"):
+        return False
+    if result.get("retryable") is True:
+        return True
+    err = str(result.get("error", "")).lower()
+    return any(h in err for h in _RETRYABLE_HINTS)
+
+
+def with_retry(
+    op: Callable[[], dict],
+    *,
+    retries: int = 2,
+    backoff_s: float = 1.0,
+    rollback: bool = True,
+) -> dict:
+    attempt = 0
+    last: dict = {"ok": False, "error": "not executed"}
+    while True:
+        try:
+            result = op()
+            if isinstance(result, dict) and result.get("ok"):
+                if attempt:
+                    result.setdefault("attempts", attempt + 1)
+                return result
+            last = result if isinstance(result, dict) else {"ok": False, "error": str(result)}
+            if not _looks_retryable(last) or attempt >= retries:
+                if rollback and not last.get("ok"):
+                    last.setdefault("rolled_back", True)
+                last.setdefault("attempts", attempt + 1)
+                return last
+        except Exception as exc:  # treat as retryable transient
+            last = {"ok": False, "error": f"{type(exc).__name__}: {exc}"}
+            if attempt >= retries:
+                if rollback:
+                    last.setdefault("rolled_back", True)
+                last.setdefault("attempts", attempt + 1)
+                return last
+        sleep_for = backoff_s * (2**attempt)
+        logger.debug("with_retry: attempt %s failed, sleeping %.1fs", attempt + 1, sleep_for)
+        time.sleep(min(sleep_for, 30.0))
+        attempt += 1

omnilimb/_scoring.py

@@ -0,0 +1,236 @@
+"""Pro-3: deterministic skill health + Hermes-fit scoring (pure functions).
+
+`score_skill` takes normalized metadata and returns a transparent, explainable
+0-100 score with per-dimension breakdown, hard blockers, and an install
+recommendation. No I/O — the dashboard endpoint gathers the inputs and calls in.
+
+Dimensions (weights): Trust 25 · Completeness 20 · Hermes-fit 30 · Maintenance 15
+· Safety 10. When run history is supplied, a real-world reliability adjustment
+is folded in (a skill that actually runs green scores higher; one that keeps
+failing is penalised and flagged).
+"""
+
+from __future__ import annotations
+
+import time
+from typing import Any
+
+
+def _grade(score: int) -> str:
+    if score >= 85:
+        return "A"
+    if score >= 70:
+        return "B"
+    if score >= 50:
+        return "C"
+    return "D"
+
+
+def _num(value: Any) -> float:
+    """Coerce possibly-string/None metadata numbers to a float; 0 on garbage."""
+    if value is None:
+        return 0.0
+    try:
+        return float(value)
+    except (TypeError, ValueError):
+        try:
+            return float(str(value).replace(",", "").strip())
+        except (TypeError, ValueError):
+            return 0.0
+
+
+def infer_capabilities(meta: dict) -> list[str]:
+    """Best-effort capability tags (what the skill can touch) for the Safety view (J)."""
+    caps = meta.get("capabilities")
+    if isinstance(caps, list) and caps:
+        return [str(c) for c in caps]
+    out: list[str] = []
+    if meta.get("requires_api_key") or meta.get("requires_env"):
+        out.append("network")
+    bins = [str(b).lower() for b in (meta.get("requires_bins") or [])]
+    if any(b in ("docker", "bash", "sh", "powershell", "node", "python") for b in bins):
+        out.append("exec")
+    if any(b in ("git", "curl", "wget") for b in bins):
+        out.append("network")
+    # skills almost always read/write files in their workspace
+    out.append("filesystem")
+    # de-dupe, stable order
+    seen: list[str] = []
+    for c in out:
+        if c not in seen:
+            seen.append(c)
+    return seen
+
+
+def score_skill(meta: dict, *, installed_bins: set | None = None,
+                runs_summary: dict | None = None) -> dict:
+    """Return {score, grade, recommendation, dimensions, blockers, capabilities}."""
+    installed_bins = installed_bins or set()
+    dims: list[dict] = []
+    blockers: list[str] = []
+
+    # --- Trust (25) ---
+    tscore = 0
+    treasons = []
+    if meta.get("verified"):
+        tscore += 12
+        treasons.append("已验证发布者")
+    elif meta.get("moderation_clean"):
+        tscore += 7
+        treasons.append("已通过官方安全审核")
+    dl_raw = meta.get("downloads")
+    st_raw = meta.get("stars")
+    adoption_known = (dl_raw is not None) or (st_raw is not None)
+    dl = _num(dl_raw)
+    st = _num(st_raw)
+    if dl >= 1000 or st >= 50:
+        tscore += 9
+        treasons.append("社区采用度高")
+    elif dl >= 100 or st >= 10:
+        tscore += 5
+        treasons.append("有一定采用度")
+    elif not adoption_known:
+        # Absence of data is not evidence of low quality — credit neutrally
+        # rather than punishing skills on markets that don't expose counts.
+        tscore += 4
+        treasons.append("采用度数据未公开")
+    else:
+        treasons.append("采用度偏低")
+    if meta.get("source"):
+        tscore += 4
+    dims.append({"name": "可信度", "score": min(tscore, 25), "max": 25, "reasons": treasons})
+
+    # --- Completeness (20) ---
+    cscore = 0
+    creasons = []
+    if meta.get("has_skill_md"):
+        cscore += 10
+        creasons.append("含 SKILL.md")
+    else:
+        creasons.append("缺少 SKILL.md")
+    desc = (meta.get("description") or "").strip()
+    if len(desc) >= 40:
+        cscore += 6
+        creasons.append("描述完整")
+    elif desc:
+        cscore += 3
+        creasons.append("描述简短")
+    else:
+        creasons.append("无描述")
+    if meta.get("version"):
+        cscore += 4
+        creasons.append("有版本号")
+    dims.append({"name": "完整性", "score": min(cscore, 20), "max": 20, "reasons": creasons})
+
+    # --- Hermes-fit (30) ---
+    fscore = 18  # baseline: all skills run through deterministic structured-JSON tools
+    freasons = ["走确定性结构化 JSON 工具"]
+    req_bins = [str(b) for b in (meta.get("requires_bins") or [])]
+    missing = [b for b in req_bins if b not in installed_bins] if req_bins else []
+    if not req_bins:
+        fscore += 8
+        freasons.append("无额外命令行依赖")
+    elif not missing:
+        fscore += 8
+        freasons.append("依赖均已就绪")
+    else:
+        freasons.append("缺少依赖：" + ", ".join(missing))
+        blockers.append("缺少命令行依赖：" + ", ".join(missing))
+    lic = (meta.get("license") or "").lower()
+    if any(k in lic for k in ("mit", "apache", "bsd", "isc")):
+        fscore += 4
+        freasons.append("许可证宽松")
+    elif lic:
+        fscore += 2
+    dims.append({"name": "Hermes 兼容性", "score": min(fscore, 30), "max": 30, "reasons": freasons})
+
+    # --- Maintenance (15) ---
+    mscore = 0
+    mreasons = []
+    upd = meta.get("updated_at")
+    ts = None
+    if isinstance(upd, (int, float)):
+        ts = float(upd)
+    elif isinstance(upd, str) and upd.strip():
+        u = upd.strip()
+        try:
+            ts = float(u)  # epoch seconds as string
+        except ValueError:
+            try:
+                import datetime as _dt
+
+                ts = _dt.datetime.fromisoformat(u.replace("Z", "+00:00")).timestamp()
+            except Exception:
+                ts = None
+    if ts:
+        age_days = (time.time() - ts) / 86400.0
+        if age_days <= 90:
+            mscore += 12
+            mreasons.append("近 3 个月有更新")
+        elif age_days <= 365:
+            mscore += 7
+            mreasons.append("一年内有更新")
+        else:
+            mscore += 2
+            mreasons.append("超过一年未更新")
+    else:
+        mscore += 5
+        mreasons.append("更新时间未知")
+    if meta.get("version"):
+        mscore += 3
+        mreasons.append("版本可锁定")
+    dims.append({"name": "维护度", "score": min(mscore, 15), "max": 15, "reasons": mreasons})
+
+    # --- Safety (10) ---
+    sscore = 10
+    sreasons = []
+    caps = infer_capabilities(meta)
+    if "exec" in caps and "network" in caps:
+        sscore -= 3
+        sreasons.append("可执行命令且联网（注意授权）")
+    if meta.get("requires_api_key"):
+        sreasons.append("需 API Key（如实声明）")
+    if not sreasons:
+        sreasons.append("无明显风险信号")
+    dims.append({"name": "安全", "score": max(sscore, 0), "max": 10, "reasons": sreasons})
+
+    base = sum(d["score"] for d in dims)
+
+    # --- Real-world reliability (from Pro-1 run history) ---
+    reliability = None
+    if runs_summary and runs_summary.get("total"):
+        total = int(runs_summary["total"])
+        sr = runs_summary.get("success_rate")
+        sr = float(sr) if sr is not None else None
+        if sr is not None:
+            if sr >= 0.9:
+                base = min(100, base + 5)
+                rel_note = "实测可靠（成功率 %d%%）" % round(sr * 100)
+            elif sr >= 0.6:
+                rel_note = "实测一般（成功率 %d%%）" % round(sr * 100)
+            else:
+                base = max(0, base - 8)
+                rel_note = "实测不稳定（成功率 %d%%，近 %d 次）" % (round(sr * 100), total)
+                blockers.append(rel_note)
+            reliability = {"total": total, "success_rate": sr, "note": rel_note}
+
+    score = max(0, min(100, int(round(base))))
+    grade = _grade(score)
+    if blockers:
+        recommendation = "caution"
+    elif score >= 75:
+        recommendation = "recommended"
+    elif score >= 50:
+        recommendation = "caution"
+    else:
+        recommendation = "not_recommended"
+
+    return {
+        "score": score,
+        "grade": grade,
+        "recommendation": recommendation,
+        "dimensions": dims,
+        "blockers": blockers,
+        "capabilities": caps,
+        "reliability": reliability,
+    }

omnilimb/backends/__init__.py

@@ -0,0 +1,42 @@
+"""Backend resolver — picks CLI vs native per config and caches the instance."""
+
+from __future__ import annotations
+
+import threading
+
+from ..config import get_settings
+from .base import Backend
+
+_lock = threading.Lock()
+_cache: dict[str, Backend] = {}
+
+
+def get_backend() -> Backend:
+    """Resolve the active backend (thread-safe, cached by resolved name)."""
+    resolved = get_settings().resolved_backend()
+    cached = _cache.get(resolved)
+    if cached is not None:
+        return cached
+    with _lock:
+        cached = _cache.get(resolved)
+        if cached is not None:
+            return cached
+        if resolved == "cli":
+            from .cli_backend import CliBackend
+
+            backend: Backend = CliBackend()
+        else:
+            from .native_backend import NativeBackend
+
+            backend = NativeBackend()
+        _cache[resolved] = backend
+        return backend
+
+
+def reset_backend() -> None:
+    """Drop cached backends (tests / config reload)."""
+    with _lock:
+        _cache.clear()
+
+
+__all__ = ["Backend", "get_backend", "reset_backend"]

omnilimb/backends/base.py

@@ -0,0 +1,56 @@
+"""Backend abstract base class.
+
+A backend is the deterministic execution substrate. Two implementations:
+- CliBackend    : shells out to `openclaw` / `clawhub`.
+- NativeBackend : decoupled Python re-implementation (no Node dependency).
+
+All methods return a plain dict (NOT a JSON string); tools.py handles
+serialization, retry, rollback and audit. Methods may raise — the caller
+wraps them. Prefer returning {"ok": False, "error": ...} for expected
+failures and raising only for unexpected ones.
+"""
+
+from __future__ import annotations
+
+import abc
+from typing import Any
+
+
+class Backend(abc.ABC):
+    name: str = "base"
+
+    # -- skill registry ----------------------------------------------------
+    @abc.abstractmethod
+    def skill_search(self, *, query: str, limit: int, page: int = 1,
+                     category: str | None = None, sort: str | None = None) -> dict[str, Any]: ...
+
+    @abc.abstractmethod
+    def skill_install(
+        self, *, slug: str, verify: bool, global_install: bool, git_fallback: bool = False
+    ) -> dict[str, Any]: ...
+
+    @abc.abstractmethod
+    def skill_run(
+        self, *, slug: str, entry: str, args: dict, sandbox: bool
+    ) -> dict[str, Any]: ...
+
+    @abc.abstractmethod
+    def skill_update(self, *, slug: str | None, all_: bool) -> dict[str, Any]: ...
+
+    # -- execution ---------------------------------------------------------
+    @abc.abstractmethod
+    def sandbox_exec(
+        self,
+        *,
+        command: str,
+        image: str,
+        timeout_s: int,
+        network: bool,
+        workdir: str | None,
+    ) -> dict[str, Any]: ...
+
+    @abc.abstractmethod
+    def browser(self, *, actions: list[dict], headless: bool) -> dict[str, Any]: ...
+
+    @abc.abstractmethod
+    def runtime(self, *, lang: str, code: str, timeout_s: int) -> dict[str, Any]: ...