2025-12-29 15:30:57 +05:30
|
|
|
{
|
|
|
|
|
"name": "@x/core",
|
|
|
|
|
"private": true,
|
|
|
|
|
"type": "module",
|
|
|
|
|
"main": "./dist/index.js",
|
|
|
|
|
"types": "./dist/index.d.ts",
|
|
|
|
|
"scripts": {
|
Refactor builtin file tools beyond workspace scope
Replace workspace-scoped builtin file tools with general-purpose file-* tools that accept relative, absolute, and ~/ paths. Relative paths still resolve against the configured workdir.
File operations within the workdir are auto-approved. File operations outside the workdir now emit file permission metadata and require user approval, with support for once, session, and persistent grants.
Add a shared filesystem layer for text-focused read/write/edit/list/search operations, including binary-file safeguards for text reads. parseFile and LLMParse continue to read file buffers for document/image parsing.
Update copilot prompts, background/live-note agents, knowledge workflows, and renderer labels/UI to use the new file-* tool surface and permission details.
Add package-local Vitest setup for @x/core with colocated filesystem unit tests covering path resolution, canonical permission paths, binary detection, read/write/edit behavior, glob, and grep.
2026-05-25 16:21:40 +05:30
|
|
|
"build": "rm -rf dist && tsc -p tsconfig.build.json",
|
|
|
|
|
"dev": "tsc -w -p tsconfig.build.json",
|
2026-07-10 16:27:06 +05:30
|
|
|
"typecheck": "tsc --noEmit -p tsconfig.json",
|
Refactor builtin file tools beyond workspace scope
Replace workspace-scoped builtin file tools with general-purpose file-* tools that accept relative, absolute, and ~/ paths. Relative paths still resolve against the configured workdir.
File operations within the workdir are auto-approved. File operations outside the workdir now emit file permission metadata and require user approval, with support for once, session, and persistent grants.
Add a shared filesystem layer for text-focused read/write/edit/list/search operations, including binary-file safeguards for text reads. parseFile and LLMParse continue to read file buffers for document/image parsing.
Update copilot prompts, background/live-note agents, knowledge workflows, and renderer labels/UI to use the new file-* tool surface and permission details.
Add package-local Vitest setup for @x/core with colocated filesystem unit tests covering path resolution, canonical permission paths, binary detection, read/write/edit behavior, glob, and grep.
2026-05-25 16:21:40 +05:30
|
|
|
"test": "vitest run",
|
2026-07-02 13:00:33 +05:30
|
|
|
"test:watch": "vitest",
|
refactor(x): the runtime moves under one roof — core/src/runtime/
Everything "model runtime" now lives under core/src/runtime/, whose
five children are the architecture: turns/ (the engine + bridges),
sessions/, assembly/ (what an agent is: registry, composer, workspace
context, message encoding, permission metadata, headless runners,
spawn-agent, copilot/ definition, capabilities/, skills/ — no longer
buried at application/assistant), tools/ (catalog + domains + exec
plumbing + descriptors, which leave turns/bridges and fix the upward
lib→bridges edge), and legacy/ (the quarantined runs engine, with
agents/runtime.ts finally honestly named engine.ts).
Pure moves via git mv (history follows) with mechanical import
rewrites; no durable schema, wire format, or behavior changes — the
golden prompt snapshots and the catalog key-order pin pass unchanged.
di/ stays top-level (whole-app composition root); application/ shrinks
to browser-control/browser-skills/notification and true cross-cutting
lib utils.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-10 11:48:32 +05:30
|
|
|
"inspect-turn": "node dist/runtime/turns/inspect-cli.js",
|
|
|
|
|
"inspect": "node dist/runtime/turns/inspect-cli.js"
|
2025-12-29 15:30:57 +05:30
|
|
|
},
|
|
|
|
|
"dependencies": {
|
2026-07-06 12:57:02 +05:30
|
|
|
"@agentclientprotocol/claude-agent-acp": "^0.55.0",
|
|
|
|
|
"@agentclientprotocol/codex-acp": "^1.1.0",
|
|
|
|
|
"@agentclientprotocol/sdk": "^1.1.0",
|
2026-02-14 12:16:28 +05:30
|
|
|
"@ai-sdk/anthropic": "^2.0.63",
|
|
|
|
|
"@ai-sdk/google": "^2.0.53",
|
|
|
|
|
"@ai-sdk/openai": "^2.0.91",
|
|
|
|
|
"@ai-sdk/openai-compatible": "^1.0.33",
|
|
|
|
|
"@ai-sdk/provider": "^2.0.1",
|
2026-02-04 23:21:13 +05:30
|
|
|
"@composio/core": "^0.6.0",
|
2025-12-29 15:30:57 +05:30
|
|
|
"@google-cloud/local-auth": "^3.0.1",
|
|
|
|
|
"@modelcontextprotocol/sdk": "^1.25.1",
|
|
|
|
|
"@openrouter/ai-sdk-provider": "^1.2.6",
|
2026-01-30 13:30:06 +05:30
|
|
|
"@react-pdf/renderer": "^4.3.2",
|
|
|
|
|
"@types/react": "^19.2.7",
|
2025-12-29 15:30:57 +05:30
|
|
|
"@x/shared": "workspace:*",
|
2026-02-14 12:16:28 +05:30
|
|
|
"ai": "^5.0.133",
|
2025-12-29 15:30:57 +05:30
|
|
|
"awilix": "^12.0.5",
|
2026-07-03 19:25:06 +05:30
|
|
|
"baileys": "7.0.0-rc13",
|
2025-12-29 15:30:57 +05:30
|
|
|
"chokidar": "^4.0.3",
|
2026-03-28 00:41:46 +05:30
|
|
|
"cors": "^2.8.6",
|
2026-02-04 23:21:13 +05:30
|
|
|
"cron-parser": "^5.5.0",
|
2026-03-28 00:41:46 +05:30
|
|
|
"express": "^5.2.1",
|
2026-01-16 15:51:29 +05:30
|
|
|
"glob": "^13.0.0",
|
2025-12-29 15:30:57 +05:30
|
|
|
"google-auth-library": "^10.5.0",
|
|
|
|
|
"googleapis": "^169.0.0",
|
Refactor builtin file tools beyond workspace scope
Replace workspace-scoped builtin file tools with general-purpose file-* tools that accept relative, absolute, and ~/ paths. Relative paths still resolve against the configured workdir.
File operations within the workdir are auto-approved. File operations outside the workdir now emit file permission metadata and require user approval, with support for once, session, and persistent grants.
Add a shared filesystem layer for text-focused read/write/edit/list/search operations, including binary-file safeguards for text reads. parseFile and LLMParse continue to read file buffers for document/image parsing.
Update copilot prompts, background/live-note agents, knowledge workflows, and renderer labels/UI to use the new file-* tool surface and permission details.
Add package-local Vitest setup for @x/core with colocated filesystem unit tests covering path resolution, canonical permission paths, binary detection, read/write/edit behavior, glob, and grep.
2026-05-25 16:21:40 +05:30
|
|
|
"isomorphic-git": "^1.29.0",
|
2026-02-07 16:11:13 +05:30
|
|
|
"mammoth": "^1.11.0",
|
2025-12-29 15:30:57 +05:30
|
|
|
"node-html-markdown": "^2.0.0",
|
|
|
|
|
"ollama-ai-provider-v2": "^1.5.4",
|
2026-01-07 12:29:20 +05:30
|
|
|
"openid-client": "^6.8.1",
|
2026-02-07 16:11:13 +05:30
|
|
|
"papaparse": "^5.5.3",
|
|
|
|
|
"pdf-parse": "^2.4.5",
|
2026-04-28 19:53:40 +05:30
|
|
|
"posthog-node": "^4.18.0",
|
2026-07-03 19:25:06 +05:30
|
|
|
"qrcode": "^1.5.4",
|
2026-01-30 13:30:06 +05:30
|
|
|
"react": "^19.2.3",
|
2026-02-07 16:11:13 +05:30
|
|
|
"xlsx": "^0.18.5",
|
2025-12-29 15:30:57 +05:30
|
|
|
"yaml": "^2.8.2",
|
feat(apps): M3 groundwork — packager, GitHub device-flow auth, registry client
- env: GITHUB_OAUTH_CLIENT_ID (device flow enabled on the Rowboat OAuth app;
overridable via ROWBOAT_GITHUB_CLIENT_ID)
- packager (§4.4): allowlist-only .rowboat-app ZIP (yazl), sorted entries,
symlink skip, sha256
- github-auth (§10): device-code start/poll, identity fetch, token stored
0600 with safeStorage encryption injected from main (core stays
electron-free); githubAuth:* IPC + external open of the verification page
- registry client (§9.2): unauthenticated tarball index with 5-min cache and
stale fallback, raw-record resolve, substring search, quota-free
latestManifest via release-asset redirect with name-mismatch guard
- registry repo contents (docs/apps-registry): record JSON schema +
validate-and-merge Action implementing §9.3 checks 1-7 with rejected:<code>
comments and per-name concurrency
- fix: host-api copilot-run adapted to dev's ModelSelection {provider,model}
(this is the same fix dev needs for Ramnique's packaging break)
- pnpm 11: blockExoticSubdeps=false (electron-forge has a git subdep)
2026-07-06 14:49:52 +05:30
|
|
|
"yauzl": "^3.4.0",
|
|
|
|
|
"yazl": "^3.3.1",
|
2025-12-29 15:30:57 +05:30
|
|
|
"zod": "^4.2.1"
|
|
|
|
|
},
|
|
|
|
|
"devDependencies": {
|
2026-03-28 00:41:46 +05:30
|
|
|
"@types/cors": "^2.8.19",
|
|
|
|
|
"@types/express": "^5.0.6",
|
2026-02-07 16:11:13 +05:30
|
|
|
"@types/node": "^25.0.3",
|
|
|
|
|
"@types/papaparse": "^5.5.2",
|
Refactor builtin file tools beyond workspace scope
Replace workspace-scoped builtin file tools with general-purpose file-* tools that accept relative, absolute, and ~/ paths. Relative paths still resolve against the configured workdir.
File operations within the workdir are auto-approved. File operations outside the workdir now emit file permission metadata and require user approval, with support for once, session, and persistent grants.
Add a shared filesystem layer for text-focused read/write/edit/list/search operations, including binary-file safeguards for text reads. parseFile and LLMParse continue to read file buffers for document/image parsing.
Update copilot prompts, background/live-note agents, knowledge workflows, and renderer labels/UI to use the new file-* tool surface and permission details.
Add package-local Vitest setup for @x/core with colocated filesystem unit tests covering path resolution, canonical permission paths, binary detection, read/write/edit behavior, glob, and grep.
2026-05-25 16:21:40 +05:30
|
|
|
"@types/pdf-parse": "^1.1.5",
|
2026-07-03 19:25:06 +05:30
|
|
|
"@types/qrcode": "^1.5.6",
|
feat(apps): M3 groundwork — packager, GitHub device-flow auth, registry client
- env: GITHUB_OAUTH_CLIENT_ID (device flow enabled on the Rowboat OAuth app;
overridable via ROWBOAT_GITHUB_CLIENT_ID)
- packager (§4.4): allowlist-only .rowboat-app ZIP (yazl), sorted entries,
symlink skip, sha256
- github-auth (§10): device-code start/poll, identity fetch, token stored
0600 with safeStorage encryption injected from main (core stays
electron-free); githubAuth:* IPC + external open of the verification page
- registry client (§9.2): unauthenticated tarball index with 5-min cache and
stale fallback, raw-record resolve, substring search, quota-free
latestManifest via release-asset redirect with name-mismatch guard
- registry repo contents (docs/apps-registry): record JSON schema +
validate-and-merge Action implementing §9.3 checks 1-7 with rejected:<code>
comments and per-name concurrency
- fix: host-api copilot-run adapted to dev's ModelSelection {provider,model}
(this is the same fix dev needs for Ramnique's packaging break)
- pnpm 11: blockExoticSubdeps=false (electron-forge has a git subdep)
2026-07-06 14:49:52 +05:30
|
|
|
"@types/yauzl": "^3.4.0",
|
|
|
|
|
"@types/yazl": "^3.3.1",
|
Refactor builtin file tools beyond workspace scope
Replace workspace-scoped builtin file tools with general-purpose file-* tools that accept relative, absolute, and ~/ paths. Relative paths still resolve against the configured workdir.
File operations within the workdir are auto-approved. File operations outside the workdir now emit file permission metadata and require user approval, with support for once, session, and persistent grants.
Add a shared filesystem layer for text-focused read/write/edit/list/search operations, including binary-file safeguards for text reads. parseFile and LLMParse continue to read file buffers for document/image parsing.
Update copilot prompts, background/live-note agents, knowledge workflows, and renderer labels/UI to use the new file-* tool surface and permission details.
Add package-local Vitest setup for @x/core with colocated filesystem unit tests covering path resolution, canonical permission paths, binary detection, read/write/edit behavior, glob, and grep.
2026-05-25 16:21:40 +05:30
|
|
|
"vitest": "catalog:"
|
2025-12-29 15:30:57 +05:30
|
|
|
}
|
|
|
|
|
}
|