feat: implement Programmatic Tool Calling (PTC) with QuickJS sandbox

Adds code_execution tool that enables AI models to execute multiple tool
calls in a single inference round-trip via JavaScript code in a sandboxed
QuickJS environment.

Key features:
- QuickJS-emscripten runtime with Asyncify for async host functions
- Tool bridge exposing all Mux tools under mux.* namespace
- Static analysis: syntax validation, forbidden patterns, unavailable globals
- TypeScript type generation from Zod schemas for model guidance
- Real-time streaming of nested tool calls to UI
- Partial results on failure for debuggability
- Resource limits: 64MB memory, 5-minute timeout

UI components:
- CodeExecutionToolCall with collapsible code/console sections
- NestedToolRenderer routing to specialized tool components
- ConsoleOutput for log/warn/error display
- Storybook stories for all states

Gated behind PROGRAMMATIC_TOOL_CALLING experiment flag with optional
PROGRAMMATIC_TOOL_CALLING_EXCLUSIVE mode for PTC-only tool availability.

136 tests passing across runtime, static analysis, type generation,
streaming aggregator, and tool execution.

Author: ethanndickson

src/browser/components/Messages/ToolMessage.tsx

@@ -13,6 +13,7 @@ import { WebFetchToolCall } from "../tools/WebFetchToolCall";
 import { BashBackgroundListToolCall } from "../tools/BashBackgroundListToolCall";
 import { BashBackgroundTerminateToolCall } from "../tools/BashBackgroundTerminateToolCall";
 import { BashOutputToolCall } from "../tools/BashOutputToolCall";
+import { CodeExecutionToolCall } from "../tools/CodeExecutionToolCall";
 import type {
   BashToolArgs,
   BashToolResult,
@@ -136,6 +137,15 @@ function isBashOutputTool(toolName: string, args: unknown): args is BashOutputTo
   return TOOL_DEFINITIONS.bash_output.schema.safeParse(args).success;
 }
 
+interface CodeExecutionToolArgs {
+  code: string;
+}
+
+function isCodeExecutionTool(toolName: string, args: unknown): args is CodeExecutionToolArgs {
+  if (toolName !== "code_execution") return false;
+  return TOOL_DEFINITIONS.code_execution.schema.safeParse(args).success;
+}
+
 export const ToolMessage: React.FC<ToolMessageProps> = ({
   message,
   className,
@@ -329,6 +339,19 @@ export const ToolMessage: React.FC<ToolMessageProps> = ({
     );
   }
 
+  if (isCodeExecutionTool(message.toolName, message.args)) {
+    return (
+      <div className={className}>
+        <CodeExecutionToolCall
+          args={message.args}
+          result={message.result as Parameters<typeof CodeExecutionToolCall>[0]["result"]}
+          status={message.status}
+          nestedCalls={message.nestedCalls}
+        />
+      </div>
+    );
+  }
+
   // Fallback to generic tool call
   return (
     <div className={className}>

src/browser/components/tools/CodeExecutionToolCall.tsx

@@ -0,0 +1,159 @@
+import React, { useState, useMemo } from "react";
+import { CodeIcon, TerminalIcon, CheckCircleIcon, XCircleIcon } from "lucide-react";
+import { DetailContent } from "./shared/ToolPrimitives";
+import { getStatusDisplay, type ToolStatus } from "./shared/toolUtils";
+import { HighlightedCode } from "./shared/HighlightedCode";
+import { ConsoleOutputDisplay } from "./shared/ConsoleOutput";
+import { NestedToolsContainer } from "./shared/NestedToolsContainer";
+import type { CodeExecutionResult, NestedToolCall } from "./shared/codeExecutionTypes";
+import { cn } from "@/common/lib/utils";
+
+interface CodeExecutionToolCallProps {
+  args: { code: string };
+  result?: CodeExecutionResult;
+  status?: ToolStatus;
+  /** Nested tool calls from streaming (takes precedence over result.toolCalls) */
+  nestedCalls?: NestedToolCall[];
+}
+
+// Threshold for auto-collapsing long results (characters)
+const LONG_RESULT_THRESHOLD = 200;
+
+export const CodeExecutionToolCall: React.FC<CodeExecutionToolCallProps> = ({
+  args,
+  result,
+  status = "pending",
+  nestedCalls,
+}) => {
+  const [codeExpanded, setCodeExpanded] = useState(false);
+  const [consoleExpanded, setConsoleExpanded] = useState(false);
+
+  // Format result for display
+  const formattedResult = useMemo(() => {
+    if (!result?.success || result.result === undefined) return null;
+    return typeof result.result === "string"
+      ? result.result
+      : JSON.stringify(result.result, null, 2);
+  }, [result]);
+
+  // Auto-expand result if it's short
+  const isLongResult = formattedResult ? formattedResult.length > LONG_RESULT_THRESHOLD : false;
+  const [resultExpanded, setResultExpanded] = useState(!isLongResult);
+
+  // Use streaming nested calls if available, otherwise fall back to result
+  const toolCalls = nestedCalls ?? [];
+  const consoleOutput = result?.consoleOutput ?? [];
+  const hasToolCalls = toolCalls.length > 0;
+  const isComplete = status === "completed" || status === "failed";
+
+  return (
+    <fieldset className="flex flex-col gap-3 rounded-lg border border-dashed border-white/20 px-3 pt-2 pb-3">
+      {/* Legend title with status - sits on the border */}
+      <legend className="flex items-center gap-2 px-2">
+        <span className="text-foreground text-sm font-medium">Code Execution</span>
+        <span className="text-muted text-xs">{getStatusDisplay(status)}</span>
+      </legend>
+
+      {/* Code - collapsible toggle */}
+      <div>
+        <button
+          type="button"
+          onClick={() => setCodeExpanded(!codeExpanded)}
+          className="text-muted hover:text-foreground flex items-center gap-1.5 text-xs transition-colors"
+        >
+          <span
+            className={cn(
+              "text-[10px] transition-transform duration-150",
+              codeExpanded && "rotate-90"
+            )}
+          >
+            ▶
+          </span>
+          <CodeIcon className="h-3 w-3" />
+          <span>Show code</span>
+        </button>
+        {codeExpanded && (
+          <div className="mt-2 rounded border border-white/10 bg-black/20 p-2">
+            <HighlightedCode language="javascript" code={args.code} />
+          </div>
+        )}
+      </div>
+
+      {/* Console Output - collapsible toggle */}
+      <div>
+        <button
+          type="button"
+          onClick={() => setConsoleExpanded(!consoleExpanded)}
+          className="text-muted hover:text-foreground flex items-center gap-1.5 text-xs transition-colors"
+        >
+          <span
+            className={cn(
+              "text-[10px] transition-transform duration-150",
+              consoleExpanded && "rotate-90"
+            )}
+          >
+            ▶
+          </span>
+          <TerminalIcon className="h-3 w-3" />
+          <span>Console output</span>
+          {consoleOutput.length > 0 && <span className="text-muted">({consoleOutput.length})</span>}
+        </button>
+        {consoleExpanded && (
+          <div className="mt-2 rounded border border-white/10 bg-black/20 p-2">
+            {consoleOutput.length > 0 ? (
+              <ConsoleOutputDisplay output={consoleOutput} />
+            ) : (
+              <span className="text-muted text-xs italic">No output</span>
+            )}
+          </div>
+        )}
+      </div>
+
+      {/* Nested tool calls - stream in the middle */}
+      {hasToolCalls && <NestedToolsContainer calls={toolCalls} />}
+
+      {/* Result/Error - shown when complete */}
+      {isComplete && result && (
+        <div>
+          <button
+            type="button"
+            onClick={() => setResultExpanded(!resultExpanded)}
+            className={cn(
+              "flex items-center gap-1.5 text-xs transition-colors",
+              result.success
+                ? "text-green-400 hover:text-green-300"
+                : "text-red-400 hover:text-red-300"
+            )}
+          >
+            <span
+              className={cn(
+                "text-[10px] transition-transform duration-150",
+                resultExpanded && "rotate-90"
+              )}
+            >
+              ▶
+            </span>
+            {result.success ? (
+              <CheckCircleIcon className="h-3 w-3" />
+            ) : (
+              <XCircleIcon className="h-3 w-3" />
+            )}
+            <span>{result.success ? "Result" : "Error"}</span>
+          </button>
+          {resultExpanded &&
+            (result.success ? (
+              formattedResult ? (
+                <DetailContent className="mt-2 p-2">{formattedResult}</DetailContent>
+              ) : (
+                <div className="text-muted mt-2 text-xs italic">(no return value)</div>
+              )
+            ) : (
+              <DetailContent className="mt-2 border border-red-500/30 bg-red-500/10 p-2 text-red-400">
+                {result.error}
+              </DetailContent>
+            ))}
+        </div>
+      )}
+    </fieldset>
+  );
+};

src/browser/components/tools/shared/ConsoleOutput.tsx

@@ -0,0 +1,49 @@
+import React from "react";
+import type { ConsoleRecord } from "./codeExecutionTypes";
+
+interface ConsoleOutputDisplayProps {
+  output: ConsoleRecord[];
+}
+
+// Use CSS variables from globals.css
+const levelStyles: Record<string, React.CSSProperties> = {
+  log: { color: "var(--color-muted-foreground)" },
+  warn: { color: "var(--color-warning, #f59e0b)" },
+  error: { color: "var(--color-error, #ef4444)" },
+};
+
+export const ConsoleOutputDisplay: React.FC<ConsoleOutputDisplayProps> = ({ output }) => {
+  return (
+    <div className="space-y-0.5 font-mono text-[11px]">
+      {output.map((record, i) => (
+        <div key={i} className="flex gap-2" style={levelStyles[record.level]}>
+          <span className="opacity-60">[{record.level}]</span>
+          <span>
+            {record.args.map((arg, j) => {
+              // Handle all types to avoid Object.toString() issues
+              let display: string;
+              if (arg === null) {
+                display = "null";
+              } else if (arg === undefined) {
+                display = "undefined";
+              } else if (typeof arg === "string") {
+                display = arg;
+              } else if (typeof arg === "number" || typeof arg === "boolean") {
+                display = String(arg);
+              } else {
+                // objects, arrays, symbols, functions - JSON.stringify handles them all
+                display = JSON.stringify(arg);
+              }
+              return (
+                <span key={j}>
+                  {display}
+                  {j < record.args.length - 1 ? " " : ""}
+                </span>
+              );
+            })}
+          </span>
+        </div>
+      ))}
+    </div>
+  );
+};

src/browser/components/tools/shared/NestedToolRenderer.tsx

@@ -0,0 +1,133 @@
+import React from "react";
+import { TOOL_DEFINITIONS } from "@/common/utils/tools/toolDefinitions";
+import type { ToolStatus } from "./toolUtils";
+import { GenericToolCall } from "../GenericToolCall";
+import { BashToolCall } from "../BashToolCall";
+import { FileEditToolCall } from "../FileEditToolCall";
+import { FileReadToolCall } from "../FileReadToolCall";
+import { WebFetchToolCall } from "../WebFetchToolCall";
+import type {
+  BashToolArgs,
+  BashToolResult,
+  FileReadToolArgs,
+  FileReadToolResult,
+  FileEditReplaceStringToolArgs,
+  FileEditReplaceStringToolResult,
+  FileEditInsertToolArgs,
+  FileEditInsertToolResult,
+  WebFetchToolArgs,
+  WebFetchToolResult,
+} from "@/common/types/tools";
+
+interface NestedToolRendererProps {
+  toolName: string;
+  input: unknown;
+  output?: unknown;
+  status: ToolStatus;
+}
+
+/**
+ * Strip "mux." prefix from tool names.
+ * PTC bridge exposes tools as mux.bash, mux.file_read, etc.
+ */
+function normalizeToolName(toolName: string): string {
+  return toolName.startsWith("mux.") ? toolName.slice(4) : toolName;
+}
+
+// Type guards - reuse schemas from TOOL_DEFINITIONS for validation
+function isBashTool(toolName: string, args: unknown): args is BashToolArgs {
+  if (normalizeToolName(toolName) !== "bash") return false;
+  return TOOL_DEFINITIONS.bash.schema.safeParse(args).success;
+}
+
+function isFileReadTool(toolName: string, args: unknown): args is FileReadToolArgs {
+  if (normalizeToolName(toolName) !== "file_read") return false;
+  return TOOL_DEFINITIONS.file_read.schema.safeParse(args).success;
+}
+
+function isFileEditReplaceStringTool(
+  toolName: string,
+  args: unknown
+): args is FileEditReplaceStringToolArgs {
+  if (normalizeToolName(toolName) !== "file_edit_replace_string") return false;
+  return TOOL_DEFINITIONS.file_edit_replace_string.schema.safeParse(args).success;
+}
+
+function isFileEditInsertTool(toolName: string, args: unknown): args is FileEditInsertToolArgs {
+  if (normalizeToolName(toolName) !== "file_edit_insert") return false;
+  return TOOL_DEFINITIONS.file_edit_insert.schema.safeParse(args).success;
+}
+
+function isWebFetchTool(toolName: string, args: unknown): args is WebFetchToolArgs {
+  if (normalizeToolName(toolName) !== "web_fetch") return false;
+  return TOOL_DEFINITIONS.web_fetch.schema.safeParse(args).success;
+}
+
+/**
+ * Routes nested tool calls to their specialized components.
+ * Similar to ToolMessage.tsx but for nested PTC calls with simpler props.
+ */
+export const NestedToolRenderer: React.FC<NestedToolRendererProps> = ({
+  toolName,
+  input,
+  output,
+  status,
+}) => {
+  const normalizedName = normalizeToolName(toolName);
+
+  // Bash - full styling with icons
+  if (isBashTool(toolName, input)) {
+    return (
+      <BashToolCall args={input} result={output as BashToolResult | undefined} status={status} />
+    );
+  }
+
+  // File read - shows file icon and content preview
+  if (isFileReadTool(toolName, input)) {
+    return (
+      <FileReadToolCall
+        args={input}
+        result={output as FileReadToolResult | undefined}
+        status={status}
+      />
+    );
+  }
+
+  // File edit (replace string) - shows diff with icons
+  if (isFileEditReplaceStringTool(toolName, input)) {
+    return (
+      <FileEditToolCall
+        toolName="file_edit_replace_string"
+        args={input}
+        result={output as FileEditReplaceStringToolResult | undefined}
+        status={status}
+      />
+    );
+  }
+
+  // File edit (insert) - shows diff with icons
+  if (isFileEditInsertTool(toolName, input)) {
+    return (
+      <FileEditToolCall
+        toolName="file_edit_insert"
+        args={input}
+        result={output as FileEditInsertToolResult | undefined}
+        status={status}
+      />
+    );
+  }
+
+  // Web fetch - shows URL and content
+  if (isWebFetchTool(toolName, input)) {
+    return (
+      <WebFetchToolCall
+        args={input}
+        result={output as WebFetchToolResult | undefined}
+        status={status}
+      />
+    );
+  }
+
+  // Fallback for MCP tools and other unsupported tools - use normalized name for display
+  return <GenericToolCall toolName={normalizedName} args={input} result={output} status={status} />;
+};