npm - @24klynx/tools - Versions diffs - 0.1.0 - Mend

@24klynx/tools 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.mjs ADDED Viewed

@@ -0,0 +1,5007 @@
+import { ToolError } from "@lynx/core";
+import { mkdir, readFile, readdir, stat, writeFile } from "node:fs/promises";
+import { dirname, join, relative, resolve } from "node:path";
+import { exec, execFile, spawn } from "node:child_process";
+import { promisify } from "node:util";
+import { existsSync, mkdirSync, readFileSync, realpathSync, renameSync, writeFileSync } from "node:fs";
+import { randomUUID } from "node:crypto";
+import { homedir } from "node:os";
+//#region src/availability.ts
+function evalAlways() {
+	return { available: true };
+}
+function evalNever(expr) {
+	return {
+		available: false,
+		reason: expr.reason
+	};
+}
+function evalEnv(expr, ctx) {
+	const e = expr;
+	return { available: ctx.env[e.key] === e.equals };
+}
+function evalSetting(expr, ctx) {
+	const e = expr;
+	return { available: getSetting(ctx.settings, e.path) === e.equals };
+}
+function evalFlag(expr, ctx) {
+	return { available: ctx.flags.has(expr.flag) };
+}
+function evalPlatform(expr, ctx) {
+	return { available: ctx.platform === expr.platform };
+}
+function evalMcpConnected(expr, ctx) {
+	return { available: ctx.connectedMcpServers.has(expr.serverName) };
+}
+function evalHasPlugin(expr, ctx) {
+	return { available: ctx.loadedPlugins.has(expr.pluginId) };
+}
+function evalSessionMode(expr, ctx) {
+	return { available: ctx.sessionMode === expr.mode };
+}
+function evalAll(expr, ctx) {
+	const e = expr;
+	for (const sub of e.exprs) {
+		const result = evaluateAvailability(sub, ctx);
+		if (!result.available) return result;
+	}
+	return { available: true };
+}
+function evalAny(expr, ctx) {
+	const e = expr;
+	const reasons = [];
+	for (const sub of e.exprs) {
+		const result = evaluateAvailability(sub, ctx);
+		if (result.available) return { available: true };
+		if (result.reason) reasons.push(result.reason);
+	}
+	return {
+		available: false,
+		reason: reasons.length > 0 ? reasons.join("; ") : "no condition matched"
+	};
+}
+function evalNot(expr, ctx) {
+	const inner = evaluateAvailability(expr.expr, ctx);
+	return {
+		available: !inner.available,
+		reason: inner.available ? void 0 : inner.reason
+	};
+}
+const LEAF_EVALUATORS = {
+	always: evalAlways,
+	never: evalNever,
+	env: evalEnv,
+	setting: evalSetting,
+	flag: evalFlag,
+	platform: evalPlatform,
+	mcp_connected: evalMcpConnected,
+	has_plugin: evalHasPlugin,
+	session_mode: evalSessionMode,
+	all: evalAll,
+	any: evalAny,
+	not: evalNot
+};
+/**
+* Evaluate an availability expression against the current context.
+*
+* Returns `{ available: true }` or `{ available: false, reason: string }`.
+*
+* ```ts
+* const result = evaluateAvailability(expr, ctx);
+* if (!result.available) {
+*   console.log(`Tool hidden because: ${result.reason}`);
+* }
+* ```
+*/
+function evaluateAvailability(expr, ctx) {
+	const evaluator = LEAF_EVALUATORS[expr.type];
+	if (evaluator) return evaluator(expr, ctx);
+	return {
+		available: false,
+		reason: `unknown expression type: ${expr.type}`
+	};
+}
+/** Navigate a dot‑path into a settings object. */
+function getSetting(settings, path) {
+	const parts = path.split(".");
+	let current = settings;
+	for (const part of parts) {
+		if (current === null || current === void 0) return void 0;
+		if (typeof current !== "object") return void 0;
+		current = current[part];
+	}
+	return current;
+}
+//#endregion
+//#region src/registry.ts
+/**
+* ToolRegistry — central registration and lookup for all tools.
+*
+* Tools are registered by plugins during startup and the registry stays
+* immutable for the session lifetime. Lookups are O(1) by name and O(1)
+* by executor key.
+*/
+/**
+* Create a new empty ToolRegistry.
+*/
+function createToolRegistry() {
+	const descriptors = /* @__PURE__ */ new Map();
+	const handlers = /* @__PURE__ */ new Map();
+	return {
+		register(descriptor, handler) {
+			if (descriptors.has(descriptor.name)) throw new ToolError(`Tool "${descriptor.name}" is already registered`, {
+				recoverable: false,
+				retryable: false,
+				userVisible: false,
+				diagnosticHint: "tool_duplicate_name"
+			});
+			descriptors.set(descriptor.name, descriptor);
+			if (!handlers.has(descriptor.executor)) handlers.set(descriptor.executor, handler);
+		},
+		resolve(name) {
+			return descriptors.get(name);
+		},
+		resolveExecutor(descriptor) {
+			const handler = handlers.get(descriptor.executor);
+			if (!handler) throw new ToolError(`No handler registered for executor "${descriptor.executor}" (tool: "${descriptor.name}")`, {
+				recoverable: false,
+				retryable: false,
+				userVisible: false,
+				diagnosticHint: "tool_missing_handler"
+			});
+			return handler;
+		},
+		listAll() {
+			return [...descriptors.values()];
+		},
+		count() {
+			return descriptors.size;
+		}
+	};
+}
+//#endregion
+//#region src/builtin/files/read-file.ts
+/**
+* read_file — Read file contents from the filesystem.
+*
+* Limits: 2000 lines per call, binary files return MIME + base64.
+*/
+const descriptor$33 = {
+	name: "read_file",
+	description: "读取文件内容。支持 offset/limit 分页。二进制和图片文件以 base64 编码数据加 MIME 类型返回。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			file_path: {
+				type: "string",
+				description: "要读取的文件绝对路径"
+			},
+			offset: {
+				type: "integer",
+				description: "起始行号（从 1 开始）"
+			},
+			limit: {
+				type: "integer",
+				description: "最多读取行数"
+			}
+		},
+		required: ["file_path"]
+	},
+	kind: "ReadOnly",
+	safety: "Safe",
+	availability: { type: "always" },
+	executor: "core:read_file",
+	owner: "core"
+};
+const MAX_LINES = 2e3;
+const TEXT_EXTENSIONS = new Set([
+	".ts",
+	".tsx",
+	".js",
+	".jsx",
+	".json",
+	".md",
+	".txt",
+	".yml",
+	".yaml",
+	".css",
+	".html",
+	".xml",
+	".svg",
+	".py",
+	".rs",
+	".go",
+	".java",
+	".sh",
+	".bash",
+	".zsh",
+	".fish",
+	".toml",
+	".ini",
+	".cfg",
+	".env",
+	".gitignore",
+	".editorconfig",
+	".c",
+	".h",
+	".cpp",
+	".hpp",
+	".rb",
+	".php",
+	".sql",
+	".graphql",
+	".proto",
+	".vue",
+	".svelte",
+	".astro"
+]);
+function isTextExtension(filePath) {
+	const ext = filePath.slice(filePath.lastIndexOf(".")).toLowerCase();
+	return TEXT_EXTENSIONS.has(ext);
+}
+const handler$30 = { async handle(invocation, signal) {
+	const { file_path, offset, limit } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "操作已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	try {
+		const fileStat = await stat(file_path);
+		if (!fileStat.isFile()) return {
+			success: false,
+			content: `不是文件: ${file_path}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		if (fileStat.size > 10 * 1024 * 1024) return {
+			success: false,
+			content: `文件过大 (${(fileStat.size / 1024 / 1024).toFixed(1)}MB)。请使用 offset/limit 分段读取。`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		if (!isTextExtension(file_path)) {
+			const buf = await readFile(file_path);
+			const mime = guessMime(file_path);
+			const b64 = buf.toString("base64");
+			const truncated = b64.length > 5e4;
+			return {
+				success: true,
+				content: `[${mime}] base64 数据 (${buf.length} 字节):\n${truncated ? b64.slice(0, 49997) + "..." : b64}`,
+				metadata: {
+					durationMs: Date.now() - startTime,
+					truncated
+				}
+			};
+		}
+		const lines = (await readFile(file_path, "utf-8")).split("\n");
+		const startLine = (offset ?? 1) - 1;
+		const endLine = limit ? startLine + limit : startLine + MAX_LINES;
+		const slice = lines.slice(startLine, endLine);
+		const truncated = endLine < lines.length;
+		let content = slice.join("\n");
+		if (truncated) content += `\n\n[已截断 — 剩余 ${lines.length - endLine} 行。使用 offset=${endLine + 1} 继续读取。]`;
+		return {
+			success: true,
+			content,
+			metadata: {
+				durationMs: Date.now() - startTime,
+				truncated,
+				truncatedAt: truncated ? endLine : void 0
+			}
+		};
+	} catch (err) {
+		const message = err instanceof Error ? err.message : String(err);
+		if (err.code === "ENOENT") return {
+			success: false,
+			content: `文件未找到: ${file_path}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		if (err.code === "EACCES") return {
+			success: false,
+			content: `权限不足: ${file_path}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		return {
+			success: false,
+			content: `读取文件失败: ${message}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	}
+} };
+function guessMime(filePath) {
+	return {
+		".png": "image/png",
+		".jpg": "image/jpeg",
+		".jpeg": "image/jpeg",
+		".gif": "image/gif",
+		".svg": "image/svg+xml",
+		".webp": "image/webp",
+		".pdf": "application/pdf",
+		".zip": "application/zip",
+		".gz": "application/gzip",
+		".mp3": "audio/mpeg",
+		".wav": "audio/wav",
+		".mp4": "video/mp4",
+		".woff": "font/woff",
+		".woff2": "font/woff2",
+		".ttf": "font/ttf",
+		".ico": "image/x-icon",
+		".bin": "application/octet-stream"
+	}[filePath.slice(filePath.lastIndexOf(".")).toLowerCase()] ?? "application/octet-stream";
+}
+//#endregion
+//#region src/builtin/files/write-file.ts
+/**
+* write_file — Create or overwrite a file with content.
+*
+* Creates parent directories automatically. Overwrites existing files
+* without asking (permission pipeline handles safety).
+*/
+const descriptor$32 = {
+	name: "write_file",
+	description: "创建新文件或完全覆盖已有文件。父目录不存在时会自动创建。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			file_path: {
+				type: "string",
+				description: "要写入的文件绝对路径"
+			},
+			content: {
+				type: "string",
+				description: "要写入文件的内容"
+			}
+		},
+		required: ["file_path", "content"]
+	},
+	kind: "WritesFiles",
+	safety: "WorkspaceSafe",
+	availability: { type: "always" },
+	executor: "core:write_file",
+	owner: "core"
+};
+const handler$29 = { async handle(invocation, signal) {
+	const { file_path, content } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "操作已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	try {
+		await mkdir(dirname(file_path), { recursive: true });
+		await writeFile(file_path, content, "utf-8");
+		return {
+			success: true,
+			content: `已写入 ${content.length} 字节到 ${file_path}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	} catch (err) {
+		return {
+			success: false,
+			content: `写入文件失败: ${err instanceof Error ? err.message : String(err)}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	}
+} };
+//#endregion
+//#region src/builtin/files/edit-file.ts
+/**
+* edit_file — Exact string replacement in an existing file.
+*
+* `old_string` must match EXACTLY once in the file (or use replace_all).
+* This is the primary editing tool — LLMs should use it instead of write_file
+* for targeted changes.
+*/
+const descriptor$31 = {
+	name: "edit_file",
+	description: "在文件中执行精确字符串替换。old_string 必须在文件中精确匹配（包括空格和缩进），除非设置 replace_all 为 true。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			file_path: {
+				type: "string",
+				description: "要编辑的文件绝对路径"
+			},
+			old_string: {
+				type: "string",
+				description: "要替换的精确文本 — 必须唯一匹配"
+			},
+			new_string: {
+				type: "string",
+				description: "替换后的新文本"
+			},
+			replace_all: {
+				type: "boolean",
+				description: "替换所有匹配项（而非仅第一个）"
+			}
+		},
+		required: [
+			"file_path",
+			"old_string",
+			"new_string"
+		]
+	},
+	kind: "WritesFiles",
+	safety: "WorkspaceSafe",
+	availability: { type: "always" },
+	executor: "core:edit_file",
+	owner: "core"
+};
+const handler$28 = { async handle(invocation, signal) {
+	const { file_path, old_string, new_string, replace_all } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "操作已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	if (old_string === new_string) return {
+		success: false,
+		content: "old_string 与 new_string 相同 — 未做任何更改",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	try {
+		const original = await readFile(file_path, "utf-8");
+		const count = countOccurrences$1(original, old_string);
+		if (count === 0) return {
+			success: false,
+			content: `在 ${file_path} 中未找到 old_string。请确认文本精确匹配（包括缩进和空格）。`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		if (count > 1 && !replace_all) return {
+			success: false,
+			content: `old_string 在 ${file_path} 中出现了 ${count} 次。请设置 replace_all: true 替换所有匹配项，或提供更多上下文使匹配唯一。`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		await writeFile(file_path, replace_all ? original.replaceAll(old_string, new_string) : original.replace(old_string, new_string), "utf-8");
+		return {
+			success: true,
+			content: `已在 ${file_path} 中替换 ${replace_all ? count : 1} 处`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	} catch (err) {
+		const message = err instanceof Error ? err.message : String(err);
+		if (err.code === "ENOENT") return {
+			success: false,
+			content: `文件未找到: ${file_path}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		return {
+			success: false,
+			content: `编辑文件失败: ${message}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	}
+} };
+function countOccurrences$1(haystack, needle) {
+	if (needle.length === 0) return 0;
+	let count = 0;
+	let pos = 0;
+	while ((pos = haystack.indexOf(needle, pos)) !== -1) {
+		count++;
+		pos += needle.length;
+	}
+	return count;
+}
+//#endregion
+//#region src/builtin/files/glob.ts
+/**
+* glob — Fast file pattern matching.
+*
+* Returns sorted absolute paths. Default excludes: node_modules, .git, dist, build.
+*/
+const descriptor$30 = {
+	name: "glob",
+	description: "用 glob 模式匹配文件。返回排序后的绝对路径。支持 ** 递归匹配、* 通配符。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			pattern: {
+				type: "string",
+				description: "要匹配的 glob 模式（如 \"**/*.ts\" 或 \"src/**/*.test.ts\"）"
+			},
+			path: {
+				type: "string",
+				description: "搜索的根目录（默认为当前工作目录）"
+			}
+		},
+		required: ["pattern"]
+	},
+	kind: "ReadOnly",
+	safety: "Safe",
+	availability: { type: "always" },
+	executor: "core:glob",
+	owner: "core"
+};
+const DEFAULT_EXCLUDE = new Set([
+	"node_modules",
+	".git",
+	"dist",
+	"build",
+	".next",
+	"coverage",
+	"__pycache__",
+	".venv",
+	"venv"
+]);
+const MAX_RESULTS = 1e4;
+const handler$27 = { async handle(invocation, signal) {
+	const { pattern, path: rootPath } = invocation.payload;
+	const startTime = Date.now();
+	const base = rootPath ? resolve(rootPath) : process.cwd();
+	if (signal.aborted) return {
+		success: false,
+		content: "操作已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	try {
+		const results = [];
+		await walk({
+			dir: base,
+			pattern,
+			base,
+			results,
+			signal,
+			maxResults: MAX_RESULTS
+		});
+		const truncated = results.length >= MAX_RESULTS;
+		let content = results.sort().join("\n");
+		if (truncated) content += `\n\n[已截断 — ${results.length}+ 条结果。请缩小匹配范围。]`;
+		return {
+			success: true,
+			content: content || "(无匹配)",
+			metadata: {
+				durationMs: Date.now() - startTime,
+				truncated
+			}
+		};
+	} catch (err) {
+		return {
+			success: false,
+			content: `文件匹配失败: ${err instanceof Error ? err.message : String(err)}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	}
+} };
+async function walk(opts) {
+	if (opts.results.length >= opts.maxResults || opts.signal.aborted) return;
+	let entries;
+	try {
+		entries = await readdir(opts.dir, { withFileTypes: true });
+	} catch {
+		return;
+	}
+	for (const entry of entries) {
+		if (opts.results.length >= opts.maxResults || opts.signal.aborted) break;
+		if (DEFAULT_EXCLUDE.has(entry.name) || entry.name.startsWith(".")) continue;
+		const full = join(opts.dir, entry.name);
+		if (entry.isDirectory()) await walk({
+			...opts,
+			dir: full
+		});
+		else if (entry.isFile()) {
+			if (matchGlob(relative(opts.base, full).replace(/\\/g, "/"), opts.pattern)) opts.results.push(full);
+		}
+	}
+}
+function matchGlob(filepath, pattern) {
+	const patParts = pattern.replace(/\\/g, "/").split("/");
+	const fpParts = filepath.split("/");
+	let pi = 0;
+	let fi = 0;
+	while (pi < patParts.length && fi < fpParts.length) {
+		const pp = patParts[pi];
+		const fp = fpParts[fi];
+		if (pp === "**") {
+			if (pi === patParts.length - 1) return true;
+			pi++;
+			const restPat = patParts.slice(pi);
+			for (let k = fi; k < fpParts.length; k++) if (matchRest(fpParts.slice(k), restPat)) return true;
+			return false;
+		}
+		if (!matchSegment(fp, pp)) return false;
+		pi++;
+		fi++;
+	}
+	return pi === patParts.length && fi === fpParts.length;
+}
+function matchRest(fpParts, patParts) {
+	if (patParts.length === 0) return fpParts.length === 0;
+	if (fpParts.length === 0) return patParts.every((p) => p === "**");
+	if (patParts[0] === "**") return matchGlob(fpParts.join("/"), patParts.join("/"));
+	if (!matchSegment(fpParts[0], patParts[0])) return false;
+	return matchRest(fpParts.slice(1), patParts.slice(1));
+}
+function matchSegment(name, seg) {
+	if (seg === "*") return !name.includes("/");
+	return new RegExp("^" + seg.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, "[^/]*").replace(/\?/g, "[^/]") + "$").test(name);
+}
+//#endregion
+//#region src/builtin/files/grep.ts
+/**
+* grep — Regular expression content search (ripgrep-backed).
+*
+* Falls back to a pure-JS implementation when rg is not available.
+* Default head_limit=250 to prevent overwhelming output.
+*/
+promisify(execFile);
+const descriptor$29 = {
+	name: "grep",
+	description: "使用正则表达式搜索文件内容。返回匹配行及可选的上下文。优先使用 ripgrep。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			pattern: {
+				type: "string",
+				description: "要搜索的正则表达式"
+			},
+			path: {
+				type: "string",
+				description: "搜索的文件或目录（默认为当前工作目录）"
+			},
+			glob: {
+				type: "string",
+				description: "用于过滤文件的 glob 模式（如 \"*.ts\"）"
+			},
+			output_mode: {
+				type: "string",
+				enum: [
+					"content",
+					"files_with_matches",
+					"count"
+				],
+				description: "输出模式: content 显示匹配行, files_with_matches 显示文件路径, count 显示匹配计数"
+			},
+			"-n": {
+				type: "boolean",
+				description: "显示行号"
+			},
+			"-i": {
+				type: "boolean",
+				description: "忽略大小写"
+			},
+			"-C": {
+				type: "integer",
+				description: "匹配前后各显示的行数（上下文行数）"
+			},
+			head_limit: {
+				type: "integer",
+				description: "最大输出行数（默认: 250）"
+			}
+		},
+		required: ["pattern"]
+	},
+	kind: "ReadOnly",
+	safety: "Safe",
+	availability: { type: "always" },
+	executor: "core:grep",
+	owner: "core"
+};
+const DEFAULT_HEAD_LIMIT = 250;
+const MAX_LINE_LENGTH = 1e3;
+const MAX_TOTAL_BYTES = 5e4;
+/**
+* Stream stdout from a ripgrep child process, collecting lines with
+* per-line length and total-byte limits enforced inline.
+*/
+function collectRgLines(child, limit) {
+	return new Promise((resolve, reject) => {
+		const collected = [];
+		let lineCount = 0;
+		let totalBytes = 0;
+		let byteTruncated = false;
+		const killIfAlive = () => {
+			if (!child.killed) child.kill();
+		};
+		if (child.stdout) {
+			let buffer = "";
+			child.stdout.on("data", (chunk) => {
+				buffer += chunk.toString("utf-8");
+				const rawLines = buffer.split("\n");
+				buffer = rawLines.pop() ?? "";
+				for (const raw of rawLines) {
+					if (lineCount >= limit) {
+						killIfAlive();
+						break;
+					}
+					let l = raw;
+					if (l.length > MAX_LINE_LENGTH) l = l.slice(0, MAX_LINE_LENGTH) + " [已截断]";
+					const lineBytes = Buffer.byteLength(l, "utf-8") + 1;
+					if (totalBytes + lineBytes > MAX_TOTAL_BYTES) {
+						byteTruncated = true;
+						killIfAlive();
+						break;
+					}
+					collected.push(l);
+					lineCount++;
+					totalBytes += lineBytes;
+				}
+			});
+		}
+		child.on("close", () => resolve({
+			lines: collected,
+			byteTruncated
+		}));
+		child.on("error", reject);
+	});
+}
+/**
+* Build the final {@link ToolResult} from collected grep output.
+*/
+function buildGrepResult(collected, limit, byteTruncated, startTime) {
+	const truncated = collected.length >= limit || byteTruncated;
+	const output = collected.join("\n");
+	if (output.length === 0 && !truncated) return {
+		success: true,
+		content: "(无匹配)",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	return {
+		success: true,
+		content: output + (truncated ? byteTruncated ? `\n\n[已截断 — 输出超过 ${MAX_TOTAL_BYTES} 字节。请缩小搜索范围。]` : `\n\n[已截断 — 达到 ${limit} 行限制。请缩小搜索范围。]` : ""),
+		metadata: {
+			durationMs: Date.now() - startTime,
+			truncated,
+			truncatedAt: truncated ? limit : void 0
+		}
+	};
+}
+/**
+* Classify an error thrown during ripgrep execution and return the
+* appropriate {@link ToolResult}, or `null` if the caller should
+* fall through to the JS fallback.
+*/
+function classifyRgError(err, signal, startTime) {
+	if (err.code === "ENOENT") return null;
+	if (err.killed) return {
+		success: false,
+		content: "搜索超时（30 秒）",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	if (signal?.aborted) return {
+		success: false,
+		content: "Operation cancelled",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	const stderr = err.stderr;
+	if (stderr) return {
+		success: false,
+		content: `grep 错误: ${stderr.slice(0, 500)}`,
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	return {
+		success: true,
+		content: "(no matches)",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+}
+const handler$26 = { async handle(invocation, signal) {
+	const { pattern, path, glob, output_mode, "-n": showLineNum, "-i": caseInsensitive, "-C": context, head_limit } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "操作已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	const limit = head_limit ?? DEFAULT_HEAD_LIMIT;
+	try {
+		const { lines, byteTruncated } = await collectRgLines(execFile("rg", buildRgArgs({
+			pattern,
+			path,
+			glob,
+			outputMode: output_mode,
+			showLineNum,
+			caseInsensitive,
+			context
+		}), {
+			cwd: process.cwd(),
+			timeout: 3e4,
+			maxBuffer: 10 * 1024 * 1024,
+			signal
+		}), limit);
+		return buildGrepResult(lines, limit, byteTruncated, startTime);
+	} catch (err) {
+		const classified = classifyRgError(err, signal, startTime);
+		if (classified !== null) return classified;
+	}
+	return {
+		success: false,
+		content: "ripgrep (rg) 未安装。请安装 ripgrep 以支持 grep 功能: https://github.com/BurntSushi/ripgrep",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+} };
+function buildRgArgs(opts) {
+	const args = ["--no-heading", "--color=never"];
+	if (opts.showLineNum !== false) args.push("--line-number");
+	if (opts.caseInsensitive) args.push("--ignore-case");
+	if (opts.context !== void 0) args.push("-C", String(opts.context));
+	if (opts.glob) args.push("--glob", opts.glob);
+	switch (opts.outputMode) {
+		case "files_with_matches":
+			args.push("-l");
+			break;
+		case "count":
+			args.push("--count");
+			break;
+		default: break;
+	}
+	args.push("--", opts.pattern);
+	if (opts.path) args.push(opts.path);
+	return args;
+}
+//#endregion
+//#region src/builtin/files/web-fetch.ts
+/** 约 50 个常用安全域名 */
+const ALLOWED_DOMAINS = new Set([
+	"github.com",
+	"gitlab.com",
+	"npmjs.com",
+	"pypi.org",
+	"crates.io",
+	"docs.rs",
+	"stackoverflow.com",
+	"wikipedia.org",
+	"nodejs.org",
+	"typescriptlang.org",
+	"developer.mozilla.org",
+	"anthropic.com",
+	"openai.com",
+	"googleapis.com",
+	"eslint.org",
+	"prettier.io",
+	"jestjs.io",
+	"vitest.dev",
+	"playwright.dev",
+	"docker.com",
+	"kubernetes.io",
+	"terraform.io",
+	"redis.io",
+	"postgresql.org",
+	"mysql.com",
+	"mongodb.com",
+	"sqlite.org",
+	"rust-lang.org",
+	"golang.org",
+	"python.org",
+	"ruby-lang.org",
+	"php.net",
+	"java.com",
+	"kernel.org",
+	"archlinux.org",
+	"ubuntu.com",
+	"debian.org",
+	"redhat.com",
+	"aws.amazon.com",
+	"cloud.google.com",
+	"azure.microsoft.com",
+	"reactjs.org",
+	"vuejs.org",
+	"angular.io",
+	"svelte.dev",
+	"nextjs.org",
+	"nuxt.com",
+	"tailwindcss.com",
+	"vitejs.dev",
+	"webpack.js.org",
+	"babeljs.io"
+]);
+/** 禁止访问的域名（本地、云元数据端点等） */
+const BLOCKED_DOMAINS = new Set([
+	"localhost",
+	"127.0.0.1",
+	"0.0.0.0",
+	"::1",
+	"metadata.google.internal",
+	"169.254.169.254"
+]);
+/** IPv4 地址正则 */
+const IPV4_RE = /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/;
+/**
+* 检查 URL 是否在允许访问的范围内。
+*
+* 规则（按优先级）：
+* 1. URL 解析失败 → 拒绝
+* 2. IP 地址 → 拒绝
+* 3. 被阻止的域名 → 拒绝
+* 4. .local / .internal TLD → 拒绝
+* 5. URL 中包含 userinfo（username:password@host）→ 拒绝
+* 6. 域名在允许列表中（去除 www. 前缀后匹配，支持子域名通配）→ 允许
+* 7. 默认 → 拒绝
+*/
+function isUrlAllowed(url) {
+	let parsed;
+	try {
+		parsed = new URL(url);
+	} catch {
+		return {
+			allowed: false,
+			reason: `URL 解析失败: ${url}`
+		};
+	}
+	const host = parsed.hostname.toLowerCase();
+	if (IPV4_RE.test(host) || host === "::1") return {
+		allowed: false,
+		reason: `不允许访问 IP 地址: ${host}`
+	};
+	if (BLOCKED_DOMAINS.has(host)) return {
+		allowed: false,
+		reason: `不允许访问该域名: ${host}`
+	};
+	if (host.endsWith(".local") || host.endsWith(".internal")) return {
+		allowed: false,
+		reason: `不允许访问本地/内部域名: ${host}`
+	};
+	if (parsed.username || parsed.password) return {
+		allowed: false,
+		reason: "URL 中包含认证信息（username:password），已拒绝"
+	};
+	const strippedHost = host.startsWith("www.") ? host.slice(4) : host;
+	if (ALLOWED_DOMAINS.has(strippedHost)) return {
+		allowed: true,
+		reason: ""
+	};
+	const parts = strippedHost.split(".");
+	for (let i = 1; i < parts.length; i++) {
+		const parentDomain = parts.slice(i).join(".");
+		if (ALLOWED_DOMAINS.has(parentDomain)) return {
+			allowed: true,
+			reason: ""
+		};
+	}
+	return {
+		allowed: false,
+		reason: `域名 "${host}" 不在允许列表中。如需访问请联系用户确认。`
+	};
+}
+const descriptor$28 = {
+	name: "web_fetch",
+	description: "从 URL 获取内容并以文本形式返回。HTTP 自动升级为 HTTPS。跨域重定向会返回给调用方而非自动跟随。每个 URL 的结果缓存 15 分钟。HTML 内容会转换为纯文本。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			url: {
+				type: "string",
+				format: "uri",
+				description: "要获取内容的 URL"
+			},
+			maxChars: {
+				type: "integer",
+				description: "返回的最大字符数（默认: 50000）"
+			}
+		},
+		required: ["url"]
+	},
+	kind: "Network",
+	safety: "RequiresApproval",
+	availability: { type: "always" },
+	executor: "core:web_fetch",
+	owner: "core"
+};
+const cache$1 = /* @__PURE__ */ new Map();
+const CACHE_TTL_MS$1 = 900 * 1e3;
+/**
+* Strip HTML tags and decode entities to produce readable plain text.
+*
+* Handles the most common HTML entities and normalizes whitespace.
+* Not a full HTML parser — just enough to extract readable content from
+* typical web pages.
+*/
+function htmlToText(html) {
+	return html.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, "").replace(/<style\b[^<]*(?:(?!<\/style>)<[^<]*)*<\/style>/gi, "").replace(/<\/(?:div|p|h[1-6]|li|tr|article|section|header|footer|nav|aside|main|table|thead|tbody|tfoot|form|fieldset|pre|blockquote|dl|dt|dd|hr|br)[^>]*>/gi, "\n").replace(/<(?:br|hr)[^>]*\/?>/gi, "\n").replace(/<[^>]*>/g, "").replace(/&amp;/g, "&").replace(/&lt;/g, "<").replace(/&gt;/g, ">").replace(/&quot;/g, "\"").replace(/&#39;/g, "'").replace(/&nbsp;/g, " ").replace(/&#x27;/g, "'").replace(/&#x2F;/g, "/").replace(/&#(\d+);/g, (_m, code) => String.fromCodePoint(Number.parseInt(code, 10))).replace(/&#[xX]([0-9a-fA-F]+);/g, (_m, hex) => String.fromCodePoint(Number.parseInt(hex, 16))).replace(/[ \t]+/g, " ").replace(/\n{3,}/g, "\n\n").trim();
+}
+/**
+* Extract readable text from raw response body based on Content-Type.
+*
+* HTML responses are converted to plain text. Non‑HTML responses are
+* returned as‑is.
+*/
+function extractContent(raw, contentType) {
+	return (contentType ? contentType.includes("text/html") || contentType.includes("application/xhtml") : raw.trim().startsWith("<") || raw.includes("<html")) ? htmlToText(raw) : raw;
+}
+/**
+* Trim text to the specified character limit, preserving the beginning
+* (most important content is usually at the top of a page).
+*/
+function trimToLimit(text, limit) {
+	if (text.length <= limit) return text;
+	return text.slice(0, limit);
+}
+/** Set of HTTP redirect status codes. */
+const REDIRECT_CODES = new Set([
+	301,
+	302,
+	307,
+	308
+]);
+/**
+* Validate and normalize a URL for fetching.
+*
+* Upgrades HTTP to HTTPS. Returns the normalized URL or an error result.
+*/
+function validateUrl(rawUrl, startTime) {
+	let normalized = rawUrl;
+	if (normalized.startsWith("http://")) normalized = normalized.replace("http://", "https://");
+	if (!normalized.startsWith("https://")) return {
+		ok: false,
+		error: {
+			success: false,
+			content: `无效的 URL: ${rawUrl}。必须使用 http:// 或 https://。`,
+			metadata: { durationMs: Date.now() - startTime }
+		}
+	};
+	return {
+		ok: true,
+		url: normalized
+	};
+}
+/**
+* Handle an HTTP redirect response.
+*
+* For cross-host redirects, returns a message instructing the caller to
+* re-issue the request. For same-host redirects, follows the redirect
+* and returns the fetched content.
+*/
+async function handleFetchRedirect(opts) {
+	const location = opts.resp.headers.get("location") || "";
+	try {
+		if (new URL(location).host !== new URL(opts.fetchUrl).host) return {
+			success: true,
+			content: `重定向至: ${location}\n\n检测到跨域重定向。请使用重定向后的 URL 重新调用 web_fetch。`,
+			metadata: { durationMs: Date.now() - opts.startTime }
+		};
+		const extracted = extractContent(await (await fetch(location, {
+			signal: opts.controller.signal,
+			headers: { "User-Agent": "Lynx/1.0" }
+		})).text(), opts.resp.headers.get("content-type") ?? void 0);
+		cache$1.set(opts.originalUrl, {
+			content: extracted,
+			ts: Date.now()
+		});
+		return {
+			success: true,
+			content: trimToLimit(extracted, opts.charLimit) + (extracted.length > opts.charLimit ? "\n\n[内容已截断]" : ""),
+			metadata: {
+				durationMs: Date.now() - opts.startTime,
+				truncated: extracted.length > opts.charLimit
+			}
+		};
+	} catch {
+		return {
+			success: true,
+			content: `重定向至: ${location}`,
+			metadata: { durationMs: Date.now() - opts.startTime }
+		};
+	}
+}
+/**
+* Build an error ToolResult from a fetch exception.
+*/
+function buildFetchError(err, startTime) {
+	if (err.name === "AbortError") return {
+		success: false,
+		content: "获取已中止",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	return {
+		success: false,
+		content: `获取失败: ${err instanceof Error ? err.message : String(err)}`,
+		metadata: { durationMs: Date.now() - startTime }
+	};
+}
+const handler$25 = { async handle(invocation, signal) {
+	const { url, maxChars } = invocation.payload;
+	const charLimit = maxChars ?? 5e4;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "操作已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	const validated = validateUrl(url, startTime);
+	if (!validated.ok) return validated.error;
+	const fetchUrl = validated.url;
+	const urlCheck = isUrlAllowed(fetchUrl);
+	if (!urlCheck.allowed) return {
+		success: false,
+		content: urlCheck.reason,
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	const cached = cache$1.get(fetchUrl);
+	if (cached && Date.now() - cached.ts < CACHE_TTL_MS$1) {
+		const content = trimToLimit(cached.content, charLimit);
+		return {
+			success: true,
+			content: `[缓存于 ${Math.round((Date.now() - cached.ts) / 1e3)} 秒前]\n\n${content}`,
+			metadata: {
+				durationMs: Date.now() - startTime,
+				truncated: cached.content.length > charLimit
+			}
+		};
+	}
+	try {
+		const controller = new AbortController();
+		signal.addEventListener("abort", () => controller.abort(), { once: true });
+		const resp = await fetch(fetchUrl, {
+			signal: controller.signal,
+			redirect: "manual",
+			headers: { "User-Agent": "Lynx/1.0" }
+		});
+		if (REDIRECT_CODES.has(resp.status)) return await handleFetchRedirect({
+			fetchUrl,
+			originalUrl: url,
+			resp,
+			controller,
+			charLimit,
+			startTime
+		});
+		if (!resp.ok) return {
+			success: false,
+			content: `HTTP 错误 ${resp.status}: ${resp.statusText}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		const raw = await resp.text();
+		const contentType = resp.headers.get("content-type") ?? void 0;
+		const extracted = extractContent(raw, contentType);
+		cache$1.set(url, {
+			content: extracted,
+			ts: Date.now()
+		});
+		const output = trimToLimit(extracted, charLimit);
+		return {
+			success: true,
+			content: `已获取 ${fetchUrl} (${contentType || "未知类型"}):\n\n${output}${extracted.length > charLimit ? "\n\n[内容已截断]" : ""}`,
+			metadata: {
+				durationMs: Date.now() - startTime,
+				truncated: extracted.length > charLimit
+			}
+		};
+	} catch (err) {
+		return buildFetchError(err, startTime);
+	}
+} };
+//#endregion
+//#region src/builtin/files/web-search.ts
+const descriptor$27 = {
+	name: "web_search",
+	description: "搜索网页并返回包含标题、URL 和摘要的结果。支持域名白名单和黑名单过滤。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			query: {
+				type: "string",
+				description: "搜索关键词"
+			},
+			allowed_domains: {
+				type: "array",
+				items: { type: "string" },
+				description: "只包含来自这些域名的结果"
+			},
+			blocked_domains: {
+				type: "array",
+				items: { type: "string" },
+				description: "排除来自这些域名的结果"
+			}
+		},
+		required: ["query"]
+	},
+	kind: "Network",
+	safety: "RequiresApproval",
+	availability: { type: "always" },
+	executor: "core:web_search",
+	owner: "core"
+};
+/** In-memory cache: query → { results, timestamp } */
+const cache = /* @__PURE__ */ new Map();
+const CACHE_TTL_MS = 900 * 1e3;
+/**
+* Build an error ToolResult from a fetch exception.
+*/
+function buildSearchError(err, startTime) {
+	if (err.name === "AbortError") return {
+		success: false,
+		content: "搜索已中止",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	return {
+		success: false,
+		content: `搜索失败: ${err instanceof Error ? err.message : String(err)}`,
+		metadata: { durationMs: Date.now() - startTime }
+	};
+}
+/**
+* Parse DuckDuckGo HTML search results page into structured results.
+*
+* Extracts title, URL, and snippet from the HTML using regex patterns
+* matching DuckDuckGo's HTML-only result page markup.
+*/
+function parseDdgHtml(html) {
+	const results = [];
+	const linkRegex = /<a[^>]*class="result__a"[^>]*href="([^"]*)"[^>]*>([\s\S]*?)<\/a>/gi;
+	const snippetRegex = /<a[^>]*class="result__snippet"[^>]*>([\s\S]*?)<\/a>/gi;
+	const links = [];
+	let linkMatch;
+	while ((linkMatch = linkRegex.exec(html)) !== null) {
+		const url = linkMatch[1];
+		const title = linkMatch[2].replace(/<[^>]*>/g, "").trim();
+		if (url && title && !url.startsWith("//duckduckgo.com")) links.push({
+			title,
+			url
+		});
+	}
+	const snippets = [];
+	let snippetMatch;
+	while ((snippetMatch = snippetRegex.exec(html)) !== null) {
+		const text = snippetMatch[1].replace(/<[^>]*>/g, "").trim();
+		if (text) snippets.push(text);
+	}
+	const count = Math.min(links.length, snippets.length);
+	for (let i = 0; i < count; i++) results.push({
+		title: links[i].title,
+		url: links[i].url,
+		snippet: snippets[i]
+	});
+	return results;
+}
+/**
+* Filter search results by allowed/blocked domains.
+*/
+function filterByDomain(results, allowed, blocked) {
+	let filtered = results;
+	if (allowed && allowed.length > 0) {
+		const allowedLower = allowed.map((d) => d.toLowerCase());
+		filtered = filtered.filter((r) => {
+			try {
+				const host = new URL(r.url).host.toLowerCase();
+				return allowedLower.some((d) => host.includes(d));
+			} catch {
+				return false;
+			}
+		});
+	}
+	if (blocked && blocked.length > 0) {
+		const blockedLower = blocked.map((d) => d.toLowerCase());
+		filtered = filtered.filter((r) => {
+			try {
+				const host = new URL(r.url).host.toLowerCase();
+				return !blockedLower.some((d) => host.includes(d));
+			} catch {
+				return true;
+			}
+		});
+	}
+	return filtered;
+}
+/**
+* Format search results into a readable text block.
+*/
+function formatResults(results, query) {
+	if (results.length === 0) return `未找到与 "${query}" 相关的结果。`;
+	return results.map((r, i) => `${i + 1}. **${r.title}**\n   ${r.url}\n   ${r.snippet}`).join("\n\n");
+}
+/** Generate a cache key from the query and domain filters. */
+function cacheKey(query, allowed, blocked) {
+	const parts = [query];
+	if (allowed?.length) parts.push("allow:" + allowed.sort().join(","));
+	if (blocked?.length) parts.push("block:" + blocked.sort().join(","));
+	return parts.join("|");
+}
+const handler$24 = { async handle(invocation, signal) {
+	const { query, allowed_domains, blocked_domains } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "操作已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	if (!query || query.trim().length === 0) return {
+		success: false,
+		content: "请输入搜索关键词.",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	const key = cacheKey(query.trim(), allowed_domains, blocked_domains);
+	const cached = cache.get(key);
+	if (cached && Date.now() - cached.ts < CACHE_TTL_MS) return {
+		success: true,
+		content: `[缓存于 ${Math.round((Date.now() - cached.ts) / 1e3)} 秒前]\n\n${formatResults(cached.results, query)}`,
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	try {
+		const controller = new AbortController();
+		signal.addEventListener("abort", () => controller.abort(), { once: true });
+		const searchUrl = `https://html.duckduckgo.com/html/?q=${encodeURIComponent(query.trim())}`;
+		const urlCheck = isUrlAllowed(searchUrl);
+		if (!urlCheck.allowed) return {
+			success: false,
+			content: urlCheck.reason,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		const resp = await fetch(searchUrl, {
+			signal: controller.signal,
+			headers: {
+				"User-Agent": "Lynx/1.0",
+				Accept: "text/html"
+			}
+		});
+		if (!resp.ok) return {
+			success: false,
+			content: `搜索请求失败: HTTP ${resp.status} ${resp.statusText}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		const allResults = parseDdgHtml(await resp.text());
+		const filtered = filterByDomain(allResults, allowed_domains, blocked_domains);
+		cache.set(key, {
+			results: filtered,
+			ts: Date.now()
+		});
+		return {
+			success: true,
+			content: formatResults(filtered, query),
+			metadata: {
+				durationMs: Date.now() - startTime,
+				truncated: filtered.length < allResults.length
+			}
+		};
+	} catch (err) {
+		return buildSearchError(err, startTime);
+	}
+} };
+//#endregion
+//#region src/builtin/files/todo-write.ts
+const descriptor$26 = {
+	name: "todo_write",
+	description: "创建和更新任务列表以跟踪进度。每次调用会替换整个列表。每项任务必须包含 content、status 和 activeForm。",
+	inputSchema: {
+		type: "object",
+		properties: { todos: {
+			type: "array",
+			items: {
+				type: "object",
+				properties: {
+					content: {
+						type: "string",
+						description: "任务描述"
+					},
+					status: {
+						type: "string",
+						enum: [
+							"pending",
+							"in_progress",
+							"completed"
+						],
+						description: "任务当前状态"
+					},
+					activeForm: {
+						type: "string",
+						description: "任务进行中时显示的现在时标签"
+					}
+				},
+				required: [
+					"content",
+					"status",
+					"activeForm"
+				]
+			},
+			description: "完整的任务列表（替换已有列表）"
+		} },
+		required: ["todos"]
+	},
+	kind: "WritesFiles",
+	safety: "Safe",
+	availability: { type: "always" },
+	executor: "core:todo_write",
+	owner: "core"
+};
+const handler$23 = { async handle(invocation, _signal) {
+	const { todos } = invocation.payload;
+	const startTime = Date.now();
+	if (!Array.isArray(todos)) return {
+		success: false,
+		content: "todos 必须是一个数组",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	const statusCounts = {
+		pending: 0,
+		in_progress: 0,
+		completed: 0
+	};
+	for (const todo of todos) {
+		if (!todo.content || !todo.status || !todo.activeForm) return {
+			success: false,
+			content: `无效的任务项: 每项必须包含 content、status 和 activeForm。收到: ${JSON.stringify(todo)}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		if (![
+			"pending",
+			"in_progress",
+			"completed"
+		].includes(todo.status)) return {
+			success: false,
+			content: `"${todo.content}" 的状态 "${todo.status}" 无效。必须为: pending, in_progress 或 completed。`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		statusCounts[todo.status]++;
+	}
+	const lines = todos.map((t, _i) => {
+		return `${t.status === "completed" ? "✓" : t.status === "in_progress" ? "●" : "○"} [${t.status}] ${t.activeForm}: ${t.content}`;
+	});
+	return {
+		success: true,
+		content: `任务列表已更新（共 ${todos.length} 项: ${statusCounts.in_progress} 项进行中, ${statusCounts.pending} 项待处理, ${statusCounts.completed} 项已完成）:\n\n` + lines.join("\n"),
+		metadata: { durationMs: Date.now() - startTime }
+	};
+} };
+//#endregion
+//#region src/builtin/files/powershell.ts
+/**
+* powershell — 在 Windows 上执行 PowerShell 命令。
+*
+* 仅在 Windows 平台可用。使用 child_process.exec 执行，
+* 默认 30 秒超时。返回 stdout 和 stderr。
+*/
+const descriptor$25 = {
+	name: "powershell",
+	description: "在 Windows 上执行 PowerShell 命令。返回 stdout 和 stderr。仅 Windows 平台可用。命令以 -NoProfile 模式运行。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			command: {
+				type: "string",
+				description: "要执行的 PowerShell 命令"
+			},
+			timeout: {
+				type: "number",
+				description: "超时时间（毫秒），默认 30000",
+				default: 3e4
+			}
+		},
+		required: ["command"]
+	},
+	kind: "ExecutesCode",
+	safety: "RequiresApproval",
+	availability: {
+		type: "platform",
+		platform: "windows"
+	},
+	executor: "core:powershell",
+	owner: "core"
+};
+const handler$22 = { async handle(invocation, signal) {
+	const { command, timeout } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "操作已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	if (process.platform !== "win32") return {
+		success: false,
+		content: "PowerShell 工具仅支持 Windows 平台。",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	if (!command || command.trim().length === 0) return {
+		success: false,
+		content: "请输入要执行的 PowerShell 命令。",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	const timeoutMs = timeout ?? 3e4;
+	const escapedCommand = command.replace(/"/g, "\\\"");
+	return new Promise((resolve) => {
+		let aborted = false;
+		const onAbort = () => {
+			aborted = true;
+		};
+		signal.addEventListener("abort", onAbort, { once: true });
+		exec(`powershell -NoProfile -Command "${escapedCommand}"`, {
+			timeout: timeoutMs,
+			windowsHide: true
+		}, (err, stdout, stderr) => {
+			signal.removeEventListener("abort", onAbort);
+			if (aborted) {
+				resolve({
+					success: false,
+					content: "操作已取消",
+					metadata: { durationMs: Date.now() - startTime }
+				});
+				return;
+			}
+			if (err) {
+				resolve({
+					success: false,
+					content: err.code === "ETIMEDOUT" ? `命令执行超时（${timeoutMs}ms）` : `命令执行失败: ${err.message}\n\nstderr:\n${stderr}`,
+					metadata: { durationMs: Date.now() - startTime }
+				});
+				return;
+			}
+			resolve({
+				success: true,
+				content: [stdout ? `stdout:\n${stdout.trimEnd()}` : null, stderr ? `stderr:\n${stderr.trimEnd()}` : null].filter(Boolean).join("\n\n") || "(无输出)",
+				metadata: { durationMs: Date.now() - startTime }
+			});
+		});
+	});
+} };
+//#endregion
+//#region src/builtin/files/notebook-edit.ts
+/**
+* NotebookEditTool — 编辑 Jupyter notebook (.ipynb) 文件中的单元格。
+*
+* 支持四种操作：
+* - list: 列出所有单元格（索引、类型、源码摘要）
+* - insert: 在指定位置插入新单元格
+* - replace: 替换指定位置的单元格内容
+* - delete: 删除指定位置的单元格
+*
+* .ipynb 文件结构为 JSON: { cells: [{ cell_type, source, ... }], ... }
+* source 字段可以是字符串或字符串数组，统一按字符串数组处理。
+*/
+const descriptor$24 = {
+	name: "NotebookEditTool",
+	description: "编辑 Jupyter notebook (.ipynb) 文件中的单元格。支持插入、替换、删除和列出代码与 Markdown 单元格。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			filePath: {
+				type: "string",
+				description: ".ipynb 文件的绝对路径"
+			},
+			action: {
+				type: "string",
+				enum: [
+					"insert",
+					"replace",
+					"delete",
+					"list"
+				],
+				description: "操作类型：list（列出）、insert（插入）、replace（替换）、delete（删除）"
+			},
+			cellIndex: {
+				type: "integer",
+				description: "单元格索引（从 0 开始）。insert 表示插入位置，replace/delete 表示目标单元格。"
+			},
+			cellType: {
+				type: "string",
+				enum: ["code", "markdown"],
+				description: "单元格类型（insert 操作必填）"
+			},
+			content: {
+				type: "string",
+				description: "单元格源码内容（insert/replace 操作需要）"
+			}
+		},
+		required: ["filePath", "action"]
+	},
+	kind: "WritesFiles",
+	safety: "WorkspaceSafe",
+	availability: { type: "always" },
+	executor: "core:notebook_edit",
+	owner: "core"
+};
+/** 将 source 字段统一转为字符串数组 */
+function normalizeSource(source) {
+	if (Array.isArray(source)) return source;
+	const lines = source.split("\n");
+	return lines.map((line, i) => i < lines.length - 1 ? line + "\n" : line);
+}
+/** 将 source 字段合并为单个字符串 */
+function sourceToString(source) {
+	if (typeof source === "string") return source;
+	return source.join("");
+}
+/** 生成单元格源码摘要（前 80 个字符） */
+function sourceSummary(source) {
+	const text = sourceToString(source).replace(/\s+/g, " ").trim();
+	if (text.length <= 80) return text;
+	return text.slice(0, 77) + "...";
+}
+/** 读取 .ipynb 文件并解析 JSON */
+function readNotebook(filePath, startTime) {
+	let raw;
+	try {
+		raw = readFileSync(filePath, "utf-8");
+	} catch (err) {
+		const message = err instanceof Error ? err.message : String(err);
+		if (err.code === "ENOENT") return {
+			success: false,
+			content: `文件未找到: ${filePath}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		return {
+			success: false,
+			content: `读取文件失败: ${message}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	}
+	try {
+		return JSON.parse(raw);
+	} catch (err) {
+		return {
+			success: false,
+			content: `解析 .ipynb JSON 失败: ${err instanceof Error ? err.message : String(err)}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	}
+}
+/** 原子写入 notebook JSON */
+function writeNotebookAtomically(filePath, notebook, startTime) {
+	try {
+		const tmpPath = filePath + ".tmp";
+		writeFileSync(tmpPath, JSON.stringify(notebook, null, 1) + "\n", "utf-8");
+		renameSync(tmpPath, filePath);
+		return {
+			success: true,
+			content: `已保存 notebook: ${filePath}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	} catch (err) {
+		return {
+			success: false,
+			content: `写入文件失败: ${err instanceof Error ? err.message : String(err)}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	}
+}
+const handler$21 = { async handle(invocation, signal) {
+	const { filePath, action, cellIndex, cellType, content } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "操作已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	if (!filePath.endsWith(".ipynb")) return {
+		success: false,
+		content: `不是 .ipynb 文件: ${filePath}`,
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	const notebookOrError = readNotebook(filePath, startTime);
+	if ("success" in notebookOrError) return notebookOrError;
+	const notebook = notebookOrError;
+	if (!Array.isArray(notebook.cells)) notebook.cells = [];
+	switch (action) {
+		case "list": {
+			if (notebook.cells.length === 0) return {
+				success: true,
+				content: "该 notebook 没有单元格。",
+				metadata: { durationMs: Date.now() - startTime }
+			};
+			const lines = notebook.cells.map((cell, i) => {
+				const summary = sourceSummary(cell.source);
+				const execCount = cell.cell_type === "code" && cell.execution_count != null ? ` [执行次数: ${cell.execution_count}]` : "";
+				return `${i}: [${cell.cell_type}]${execCount} ${summary}`;
+			});
+			return {
+				success: true,
+				content: `共 ${notebook.cells.length} 个单元格:\n${lines.join("\n")}`,
+				metadata: { durationMs: Date.now() - startTime }
+			};
+		}
+		case "insert": {
+			if (cellIndex == null) return {
+				success: false,
+				content: "insert 操作需要提供 cellIndex 参数。",
+				metadata: { durationMs: Date.now() - startTime }
+			};
+			if (!cellType || !["code", "markdown"].includes(cellType)) return {
+				success: false,
+				content: "insert 操作需要提供有效的 cellType（code 或 markdown）。",
+				metadata: { durationMs: Date.now() - startTime }
+			};
+			const newCell = {
+				cell_type: cellType,
+				source: content ? normalizeSource(content) : [],
+				metadata: {},
+				outputs: cellType === "code" ? [] : void 0,
+				execution_count: null
+			};
+			const insertIndex = Math.min(cellIndex, notebook.cells.length);
+			notebook.cells.splice(insertIndex, 0, newCell);
+			return writeNotebookAtomically(filePath, notebook, startTime);
+		}
+		case "replace": {
+			if (cellIndex == null) return {
+				success: false,
+				content: "replace 操作需要提供 cellIndex 参数。",
+				metadata: { durationMs: Date.now() - startTime }
+			};
+			if (cellIndex < 0 || cellIndex >= notebook.cells.length) return {
+				success: false,
+				content: `单元格索引 ${cellIndex} 超出范围（0-${notebook.cells.length - 1}）。`,
+				metadata: { durationMs: Date.now() - startTime }
+			};
+			const target = notebook.cells[cellIndex];
+			if (content != null) target.source = normalizeSource(content);
+			if (cellType && ["code", "markdown"].includes(cellType)) target.cell_type = cellType;
+			return writeNotebookAtomically(filePath, notebook, startTime);
+		}
+		case "delete": {
+			if (cellIndex == null) return {
+				success: false,
+				content: "delete 操作需要提供 cellIndex 参数。",
+				metadata: { durationMs: Date.now() - startTime }
+			};
+			if (cellIndex < 0 || cellIndex >= notebook.cells.length) return {
+				success: false,
+				content: `单元格索引 ${cellIndex} 超出范围（0-${notebook.cells.length - 1}）。`,
+				metadata: { durationMs: Date.now() - startTime }
+			};
+			const removed = notebook.cells[cellIndex];
+			notebook.cells.splice(cellIndex, 1);
+			const result = writeNotebookAtomically(filePath, notebook, startTime);
+			result.content = `已删除单元格 ${cellIndex} [${removed.cell_type}]: ${sourceSummary(removed.source)}\n${result.content}`;
+			return result;
+		}
+		default: return {
+			success: false,
+			content: `不支持的操作: ${action}。支持的操作: list, insert, replace, delete。`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	}
+} };
+//#endregion
+//#region src/builtin/files/secret-scan.ts
+const descriptor$23 = {
+	name: "SecretScanner",
+	description: "扫描文件内容以查找潜在的密钥、令牌和凭证。在写入操作前使用此工具检查敏感信息。检测模式包括：私钥、GitHub token、OpenAI key、Google API key、JWT、通用 API key、密码赋值。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			content: {
+				type: "string",
+				description: "要扫描的文件内容"
+			},
+			filePath: {
+				type: "string",
+				description: "可选的文件路径，用于在结果中标识来源"
+			}
+		},
+		required: ["content"]
+	},
+	kind: "ReadOnly",
+	safety: "Safe",
+	availability: { type: "always" },
+	executor: "core:secret_scan",
+	owner: "core"
+};
+/** 预编译的密钥检测正则模式 */
+const SECRET_PATTERNS$1 = [
+	{
+		name: "私钥块",
+		regex: /-----BEGIN (?:RSA |EC |DSA )?PRIVATE KEY-----/
+	},
+	{
+		name: "GitHub Token",
+		regex: /gh[pousr]_[A-Za-z0-9_]{36,}/
+	},
+	{
+		name: "OpenAI Key",
+		regex: /sk-[A-Za-z0-9]{32,}/
+	},
+	{
+		name: "Google API Key",
+		regex: /AIza[0-9A-Za-z\-_]{35}/
+	},
+	{
+		name: "JWT Token",
+		regex: /eyJ[A-Za-z0-9\-_]+\.eyJ[A-Za-z0-9\-_]+.[A-Za-z0-9\-_]+/
+	},
+	{
+		name: "通用 API Key",
+		regex: /(?:api[_-]?key|apikey|api[_-]?secret)\s*[:=]\s*['"][A-Za-z0-9_\-]{20,}['"]/gi
+	},
+	{
+		name: "密码赋值",
+		regex: /(?:password|passwd|pwd)\s*[:=]\s*['"][^'"]+['"]/gi
+	}
+];
+/** 对匹配内容进行脱敏：只显示前 4 个字符 + "..." */
+function redactExcerpt(fullMatch) {
+	if (fullMatch.length <= 8) return fullMatch.slice(0, 4) + "...";
+	return fullMatch.slice(0, 4) + "..." + fullMatch.slice(-4);
+}
+const handler$20 = { async handle(invocation, signal) {
+	const { content, filePath } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "操作已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	if (!content || content.length === 0) return {
+		success: true,
+		content: "内容为空，无需扫描。",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	const findings = [];
+	for (const { name, regex } of SECRET_PATTERNS$1) {
+		const re = new RegExp(regex.source, regex.flags);
+		let match;
+		while ((match = re.exec(content)) !== null) {
+			const excerpt = redactExcerpt(match[0]);
+			findings.push({
+				pattern: name,
+				excerpt
+			});
+		}
+	}
+	if (findings.length === 0) return {
+		success: true,
+		content: `未检测到密钥或凭证${filePath ? ` (${filePath})` : ""}。`,
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	const grouped = /* @__PURE__ */ new Map();
+	for (const f of findings) {
+		const excerpts = grouped.get(f.pattern) ?? [];
+		excerpts.push(f.excerpt);
+		grouped.set(f.pattern, excerpts);
+	}
+	const lines = [
+		`检测到 ${findings.length} 个潜在密钥/凭证！`,
+		filePath ? `文件: ${filePath}` : "",
+		""
+	];
+	for (const [pattern, excerpts] of grouped) {
+		lines.push(`**${pattern}** (${excerpts.length} 处):`);
+		const unique = [...new Set(excerpts)];
+		for (const excerpt of unique.slice(0, 5)) lines.push(`  - ${excerpt}`);
+		if (unique.length > 5) lines.push(`  ... 还有 ${unique.length - 5} 处`);
+		lines.push("");
+	}
+	return {
+		success: true,
+		content: lines.join("\n").trimEnd(),
+		metadata: { durationMs: Date.now() - startTime }
+	};
+} };
+//#endregion
+//#region src/builtin/files/lsp.ts
+/**
+* LSPTool — 语言服务器协议桥接工具。
+*
+* 提供 LSP 诊断、类型信息、跳转定义等功能的最小化接口。
+* 此工具默认隐藏（需设置 flag "lsp_enabled" 才会暴露）。
+* 当 IDE 连接后将提供完整的 LSP 集成，目前提供接口契约层。
+*/
+const descriptor$22 = {
+	name: "LSPTool",
+	description: "查询语言服务器协议（LSP）以获取诊断、类型信息、跳转定义等。支持 diagnostics、hover、definition、references、format 等常见 LSP 操作。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			action: {
+				type: "string",
+				enum: [
+					"diagnostics",
+					"hover",
+					"definition",
+					"references",
+					"format"
+				],
+				description: "LSP 操作类型：诊断、悬停类型信息、跳转定义、查找引用、格式化"
+			},
+			filePath: {
+				type: "string",
+				description: "要查询的文件绝对路径"
+			},
+			line: {
+				type: "integer",
+				description: "行号（从 1 开始），hover/definition 操作使用"
+			},
+			character: {
+				type: "integer",
+				description: "列号（从 1 开始），hover/definition 操作使用"
+			}
+		},
+		required: ["action", "filePath"]
+	},
+	kind: "ReadOnly",
+	safety: "Safe",
+	availability: {
+		type: "flag",
+		flag: "lsp_enabled"
+	},
+	executor: "core:lsp",
+	owner: "core"
+};
+const handler$19 = { async handle(invocation, signal) {
+	const { action, filePath, line, character } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "LSP 操作已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	try {
+		switch (action) {
+			case "diagnostics": return await handleDiagnostics(filePath, startTime);
+			case "hover": return handleHover(filePath, line, character, startTime);
+			case "definition": return handleDefinition(filePath, line, character, startTime);
+			case "references": return handleReferences(filePath, line, character, startTime);
+			case "format": return handleFormat(filePath, startTime);
+			default: return {
+				success: false,
+				content: `未知的 LSP 操作：${action}`,
+				metadata: { durationMs: Date.now() - startTime }
+			};
+		}
+	} catch (err) {
+		return {
+			success: false,
+			content: `LSP 操作失败：${err instanceof Error ? err.message : String(err)}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	}
+} };
+/**
+* 解析文件内容并用正则进行基础语法检查。
+* 真实 LSP 集成在 IDE 连接后提供完整诊断。
+*/
+async function handleDiagnostics(filePath, startTime) {
+	let content;
+	try {
+		content = await readFile(filePath, "utf-8");
+	} catch {
+		return {
+			success: false,
+			content: `无法读取文件：${filePath}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	}
+	const lines = content.split("\n");
+	const issues = [];
+	for (let i = 0; i < lines.length; i++) {
+		const ln = lines[i];
+		if (countOccurrences(ln, "{") !== countOccurrences(ln, "}")) issues.push(`第 ${i + 1} 行：花括号不匹配`);
+		if (countOccurrences(ln, "(") !== countOccurrences(ln, ")")) issues.push(`第 ${i + 1} 行：圆括号不匹配`);
+		if (countOccurrences(ln, "[") !== countOccurrences(ln, "]")) issues.push(`第 ${i + 1} 行：方括号不匹配`);
+	}
+	return {
+		success: true,
+		content: issues.length > 0 ? `诊断结果（${issues.length} 个问题）：\n${issues.join("\n")}` : "未发现基础语法问题。完整 LSP 诊断在 IDE 连接后可用。",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+}
+/**
+* 悬停信息：提示 IDE 连接后可用。
+*/
+function handleHover(filePath, line, character, startTime) {
+	const pos = line != null ? `第 ${line} 行` : "光标位置";
+	const col = character != null ? `第 ${character} 列` : "";
+	return {
+		success: true,
+		content: `LSP 悬停信息在 IDE 连接后可用。查询位置：${filePath} ${col ? `${pos}，${col}` : pos}。当前可用的类型信息需要 IDE 提供 language server 支持。`,
+		metadata: { durationMs: Date.now() - (startTime ?? 0) }
+	};
+}
+/**
+* 跳转定义：返回文件路径和行号提示。
+*/
+function handleDefinition(filePath, line, character, startTime) {
+	return {
+		success: true,
+		content: `跳转定义在 IDE 连接后可用。源文件：${filePath}${line != null ? `（接近第 ${line} 行）` : ""}。连接 LSP 后将返回精确的定义位置。`,
+		metadata: { durationMs: Date.now() - (startTime ?? 0) }
+	};
+}
+/**
+* 查找引用：返回空列表并说明 IDE 连接后可用。
+*/
+function handleReferences(filePath, line, character, startTime) {
+	return {
+		success: true,
+		content: `引用查找在 IDE 连接后可用。查询：${filePath}${line != null ? `（第 ${line} 行）` : ""}。当前未找到引用（完整引用分析需要 IDE 的 language server 支持）。`,
+		metadata: { durationMs: Date.now() - (startTime ?? 0) }
+	};
+}
+/**
+* 格式化：提示 IDE 连接后可用。
+*/
+function handleFormat(filePath, startTime) {
+	return {
+		success: true,
+		content: `格式化功能在 IDE 连接后可用。目标文件：${filePath}。LSP 连接后将提供基于 language server 的代码格式化。`,
+		metadata: { durationMs: Date.now() - startTime }
+	};
+}
+/** 统计字符串中某字符的出现次数。 */
+function countOccurrences(str, char) {
+	let count = 0;
+	for (let i = 0; i < str.length; i++) if (str[i] === char) count++;
+	return count;
+}
+//#endregion
+//#region src/builtin/files/repl.ts
+/**
+* REPLTool — 交互式 REPL 代码执行工具。
+*
+* 管理持久化 REPL 子进程（Node.js / Python / Bash），
+* 支持在多次调用之间保持运行状态。
+* 每个会话分配唯一 UUID，通过模块级 Map 跟踪。
+*/
+/** 活跃的 REPL 会话映射，key 为 session UUID。 */
+const activeSessions = /* @__PURE__ */ new Map();
+const descriptor$21 = {
+	name: "REPLTool",
+	description: "在持久化 REPL 会话中执行代码。启动运行时（Node.js/Python/Bash）并保持状态在多次调用之间。支持 start（启动）、eval（执行）、stop（停止）、status（状态）四种操作。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			action: {
+				type: "string",
+				enum: [
+					"start",
+					"eval",
+					"stop",
+					"status"
+				],
+				description: "操作类型：启动 REPL、执行代码、停止会话、查看状态"
+			},
+			language: {
+				type: "string",
+				enum: [
+					"node",
+					"python",
+					"bash"
+				],
+				description: "运行时语言（start 操作时使用）"
+			},
+			code: {
+				type: "string",
+				description: "要执行的代码（eval 操作时使用）"
+			},
+			sessionId: {
+				type: "string",
+				description: "目标会话 ID（eval/stop 操作时使用）"
+			}
+		},
+		required: ["action"]
+	},
+	kind: "ExecutesCode",
+	safety: "RequiresApproval",
+	availability: { type: "always" },
+	executor: "core:repl",
+	owner: "core"
+};
+const handler$18 = { async handle(invocation, signal) {
+	const { action, language, code, sessionId } = invocation.payload;
+	const startTime = Date.now();
+	if (signal) signal.addEventListener("abort", () => {
+		for (const [id, session] of activeSessions) {
+			session.process.kill();
+			activeSessions.delete(id);
+		}
+	});
+	try {
+		switch (action) {
+			case "start": return handleStart(language);
+			case "eval": return await handleEval(code, sessionId, signal);
+			case "stop": return handleStop(sessionId);
+			case "status": return handleStatus$1();
+			default: return {
+				success: false,
+				content: `未知操作：${action}`,
+				metadata: { durationMs: Date.now() - startTime }
+			};
+		}
+	} catch (err) {
+		return {
+			success: false,
+			content: `REPL 操作失败：${err instanceof Error ? err.message : String(err)}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	}
+} };
+/** 启动一个新的 REPL 会话并返回 session UUID。 */
+function handleStart(language) {
+	if (!language || ![
+		"node",
+		"python",
+		"bash"
+	].includes(language)) return {
+		success: false,
+		content: `不支持的语言：${language ?? "未指定"}。支持 node、python、bash。`
+	};
+	const id = randomUUID();
+	let childProcess;
+	switch (language) {
+		case "node":
+			childProcess = spawn("node", ["-i"], {
+				stdio: [
+					"pipe",
+					"pipe",
+					"pipe"
+				],
+				shell: true
+			});
+			break;
+		case "python":
+			childProcess = spawn("python3", ["-i"], {
+				stdio: [
+					"pipe",
+					"pipe",
+					"pipe"
+				],
+				shell: true
+			});
+			break;
+		case "bash":
+			childProcess = spawn("bash", [], {
+				stdio: [
+					"pipe",
+					"pipe",
+					"pipe"
+				],
+				shell: true
+			});
+			break;
+		default: throw new Error(`不支持的语言：${language}`);
+	}
+	const session = {
+		id,
+		language,
+		process: childProcess,
+		createdAt: Date.now()
+	};
+	activeSessions.set(id, session);
+	childProcess.on("exit", () => {
+		activeSessions.delete(id);
+	});
+	return {
+		success: true,
+		content: `REPL 会话已启动（${language}）。会话 ID：${id}`
+	};
+}
+/** 在现有 REPL 会话中执行代码。 */
+async function handleEval(code, sessionId, signal) {
+	if (!sessionId) return {
+		success: false,
+		content: "缺少 sessionId 参数"
+	};
+	if (!code) return {
+		success: false,
+		content: "缺少 code 参数"
+	};
+	const session = activeSessions.get(sessionId);
+	if (!session) return {
+		success: false,
+		content: `未找到 REPL 会话：${sessionId}`
+	};
+	return new Promise((resolve) => {
+		const chunks = [];
+		const onData = (data) => chunks.push(data.toString());
+		session.process.stdout?.on("data", onData);
+		const timeout = setTimeout(() => {
+			session.process.stdout?.removeListener("data", onData);
+			resolve({
+				success: true,
+				content: `执行超时（5s），已发送的代码：\n\`\`\`\n${code}\n\`\`\``
+			});
+		}, 5e3);
+		if (signal) {
+			const onAbort = () => {
+				clearTimeout(timeout);
+				session.process.stdout?.removeListener("data", onData);
+				resolve({
+					success: false,
+					content: "REPL 执行已取消"
+				});
+			};
+			signal.addEventListener("abort", onAbort, { once: true });
+		}
+		session.process.stdin?.write(code + "\n");
+		setTimeout(() => {
+			clearTimeout(timeout);
+			session.process.stdout?.removeListener("data", onData);
+			resolve({
+				success: true,
+				content: chunks.join("").trim() || "(无输出)"
+			});
+		}, 1e3);
+	});
+}
+/** 停止并移除 REPL 会话。 */
+function handleStop(sessionId) {
+	if (!sessionId) {
+		let count = 0;
+		for (const [id, session] of activeSessions) {
+			session.process.kill();
+			activeSessions.delete(id);
+			count++;
+		}
+		return {
+			success: true,
+			content: `已停止 ${count} 个 REPL 会话`
+		};
+	}
+	const session = activeSessions.get(sessionId);
+	if (!session) return {
+		success: false,
+		content: `未找到 REPL 会话：${sessionId}`
+	};
+	session.process.kill();
+	activeSessions.delete(sessionId);
+	return {
+		success: true,
+		content: `REPL 会话 ${sessionId} 已停止`
+	};
+}
+/** 列出所有活跃会话。 */
+function handleStatus$1() {
+	if (activeSessions.size === 0) return {
+		success: true,
+		content: "当前无活跃的 REPL 会话"
+	};
+	const lines = [];
+	for (const session of activeSessions.values()) {
+		const age = Math.round((Date.now() - session.createdAt) / 1e3);
+		lines.push(`${session.id} — ${session.language}（运行中，${age} 秒）`);
+	}
+	return {
+		success: true,
+		content: `活跃会话（${activeSessions.size}）：\n${lines.join("\n")}`
+	};
+}
+//#endregion
+//#region src/builtin/agent/agent.ts
+const descriptor$20 = {
+	name: "agent",
+	description: "启动子 Agent 自主处理复杂多步骤任务。每种子 Agent 类型拥有不同能力和可用工具。子 Agent 将最终结果返回给父 Agent。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			description: {
+				type: "string",
+				description: "任务的简短描述（3-5 个词）"
+			},
+			prompt: {
+				type: "string",
+				description: "子 Agent 要执行的任务"
+			},
+			subagent_type: {
+				type: "string",
+				description: "专用 Agent 类型：claude、explore、plan、general-purpose、statusline-setup"
+			},
+			model: {
+				type: "string",
+				enum: [
+					"sonnet",
+					"opus",
+					"haiku"
+				],
+				description: "可选：为此子 Agent 指定模型覆盖"
+			},
+			isolation: {
+				type: "string",
+				enum: ["worktree"],
+				description: "在隔离的 git worktree 中运行（开销大——仅用于并行文件修改场景）"
+			},
+			allowed_tools: {
+				type: "array",
+				items: { type: "string" },
+				description: "限制子 Agent 可用的工具。留空则继承父级工具。"
+			}
+		},
+		required: ["description", "prompt"]
+	},
+	kind: "ExecutesCode",
+	safety: "RequiresApproval",
+	availability: { type: "always" },
+	executor: "core:agent",
+	owner: "core"
+};
+const handler$17 = { async handle(invocation, signal) {
+	const { description, prompt, subagent_type, model, isolation, allowed_tools } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "子 Agent 已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	return {
+		success: true,
+		content: [
+			`子 Agent 已调度 [${subagent_type ?? "general-purpose"}]：${description}`,
+			`模型：${model ?? "inherit"}`,
+			`隔离模式：${isolation ?? "none"}`,
+			`工具：${allowed_tools ? allowed_tools.join(", ") : "inherit"}`,
+			"子 Agent 获得父级 token 预算的 1/4。",
+			"",
+			"--- 子 Agent 输出 ---",
+			`[Phase 3 集成：此处将调用真实 spawnSubAgent()。任务：${prompt.slice(0, 200)}]`
+		].join("\n"),
+		metadata: { durationMs: Date.now() - startTime }
+	};
+} };
+//#endregion
+//#region src/builtin/agent/task.ts
+const descriptor$19 = {
+	name: "task",
+	description: "管理后台任务——创建、列表、获取、更新或停止任务。任务持久化到 SQLite，会话重启后仍存在。适用于跨多个会话的长时间运行操作。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			action: {
+				type: "string",
+				enum: [
+					"create",
+					"list",
+					"get",
+					"update",
+					"stop"
+				],
+				description: "CRUD 操作：创建新任务、列出所有任务、获取特定任务、更新状态或停止/取消"
+			},
+			task_id: {
+				type: "string",
+				description: "任务 UUID（get/update/stop 操作必需）"
+			},
+			type: {
+				type: "string",
+				description: "任务类型，例如 'mcp_connect'、'plugin_install'（create 时使用）"
+			},
+			payload: {
+				type: "object",
+				description: "任务负载/数据（create/update 时使用）"
+			},
+			status: {
+				type: "string",
+				enum: [
+					"queued",
+					"running",
+					"completed",
+					"failed",
+					"canceled"
+				],
+				description: "新状态（update 时使用）"
+			}
+		},
+		required: ["action"]
+	},
+	kind: "ExecutesCode",
+	safety: "WorkspaceSafe",
+	availability: { type: "always" },
+	executor: "core:task",
+	owner: "core"
+};
+/**
+* Inject the real TaskManager backend.
+*
+* Called during bootstrap after the engine is created.
+* Before injection, the handler returns mock results for test compatibility.
+*/
+function injectTaskManager(tm) {}
+/**
+* Create a task handler bound to a specific {@link TaskManagerOps}.
+*
+* Factory alternative to {@link injectTaskManager} — useful when the
+* handler needs to be registered independently of the module‑level singleton.
+*/
+function createTaskHandler(tm) {
+	return buildHandler(tm);
+}
+function buildHandler(tm) {
+	return { async handle(invocation, signal) {
+		const { action, task_id, type, payload, status } = invocation.payload;
+		const startTime = Date.now();
+		if (signal.aborted) return {
+			success: false,
+			content: "任务操作已取消",
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		if (tm) return realDispatch(tm, action, task_id, type, payload, status, startTime);
+		return mockDispatch(action, task_id, type, payload, status, startTime);
+	} };
+}
+async function realDispatch(tm, action, taskId, taskType, taskPayload, taskStatus, startTime) {
+	switch (action) {
+		case "create": return {
+			success: true,
+			content: "任务创建由 Agent 引擎内部管理，无需手动创建。使用 'list' 查看当前运行中的任务，使用 'get' 获取特定任务详情，使用 'stop' 停止任务。",
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		case "list": {
+			const tasks = tm.list();
+			if (tasks.length === 0) return {
+				success: true,
+				content: "当前没有运行中的后台任务。",
+				metadata: { durationMs: Date.now() - startTime }
+			};
+			const lines = tasks.map((t) => `- **${t.id}**: ${t.label} (${t.status})`);
+			return {
+				success: true,
+				content: `后台任务列表（共 ${tasks.length} 项）：\n\n${lines.join("\n")}`,
+				metadata: { durationMs: Date.now() - startTime }
+			};
+		}
+		case "get": {
+			if (!taskId) return {
+				success: false,
+				content: "缺少必需参数 task_id",
+				metadata: { durationMs: Date.now() - startTime }
+			};
+			const entry = tm.get(taskId);
+			if (!entry) return {
+				success: true,
+				content: `任务 "${taskId}" 未找到。`,
+				metadata: { durationMs: Date.now() - startTime }
+			};
+			const output = tm.getOutput(taskId);
+			const parts = [
+				`**ID**: ${entry.id}`,
+				`**标签**: ${entry.label}`,
+				`**状态**: ${entry.status}`,
+				`**开始时间**: ${new Date(entry.startedAt).toISOString()}`
+			];
+			if (entry.stoppedAt) parts.push(`**停止时间**: ${new Date(entry.stoppedAt).toISOString()}`);
+			if (entry.error) parts.push(`**错误**: ${entry.error}`);
+			if (entry.progress !== void 0) parts.push(`**进度**: ${entry.progress}%`);
+			if (output) parts.push(`**输出**:\n${output}`);
+			return {
+				success: true,
+				content: parts.join("\n"),
+				metadata: { durationMs: Date.now() - startTime }
+			};
+		}
+		case "update": {
+			if (!taskId) return {
+				success: false,
+				content: "缺少必需参数 task_id",
+				metadata: { durationMs: Date.now() - startTime }
+			};
+			if (!tm.get(taskId)) return {
+				success: true,
+				content: `任务 "${taskId}" 未找到。`,
+				metadata: { durationMs: Date.now() - startTime }
+			};
+			const patch = {};
+			if (taskPayload?.label && typeof taskPayload.label === "string") patch.label = taskPayload.label;
+			if (taskStatus) patch.status = taskStatus;
+			if (Object.keys(patch).length === 0) return {
+				success: false,
+				content: "未提供要更新的字段。请指定 label 或 status。",
+				metadata: { durationMs: Date.now() - startTime }
+			};
+			tm.update(taskId, patch);
+			return {
+				success: true,
+				content: `任务 "${taskId}" 已更新：${JSON.stringify(patch)}`,
+				metadata: { durationMs: Date.now() - startTime }
+			};
+		}
+		case "stop": {
+			if (!taskId) return {
+				success: false,
+				content: "缺少必需参数 task_id",
+				metadata: { durationMs: Date.now() - startTime }
+			};
+			const entry = tm.get(taskId);
+			if (!entry) return {
+				success: true,
+				content: `任务 "${taskId}" 未找到。`,
+				metadata: { durationMs: Date.now() - startTime }
+			};
+			await tm.stop(taskId);
+			return {
+				success: true,
+				content: `任务 "${taskId}"（${entry.label}）已停止。`,
+				metadata: { durationMs: Date.now() - startTime }
+			};
+		}
+		default: return {
+			success: false,
+			content: `未知操作：${action}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	}
+}
+function mockDispatch(action, taskId, taskType, taskPayload, taskStatus, startTime) {
+	switch (action) {
+		case "create": return {
+			success: true,
+			content: `任务已创建 [mock]：${taskType ?? "generic"} — Phase 4 TaskManager 接入后支持持久化。负载：${JSON.stringify(taskPayload ?? {})}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		case "list": return {
+			success: true,
+			content: "任务列表 [mock]：暂无持久化任务。Phase 4 集成待完成。",
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		case "get": return {
+			success: true,
+			content: `任务 ${taskId} [mock]：未找到或 Phase 4 集成待完成。`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		case "update": return {
+			success: true,
+			content: `任务 ${taskId} 已更新为 ${taskStatus ?? "unknown"} [mock]。`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		case "stop": return {
+			success: true,
+			content: `任务 ${taskId} 已停止 [mock]。`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		default: return {
+			success: false,
+			content: `未知操作：${action}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	}
+}
+/** Exported handler — uses injectTaskManager() when wired, mock otherwise. */
+const handler$16 = buildHandler(null);
+//#endregion
+//#region src/builtin/agent/team-create.ts
+const descriptor$18 = {
+	name: "team_create",
+	description: "创建多 Agent 协作团队。每个成员拥有独立的角色、工具集和模型。团队通过可配置的策略协作完成工作（默认：共识模式）。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			name: {
+				type: "string",
+				description: "团队名称（会话内必须唯一）"
+			},
+			members: {
+				type: "array",
+				items: {
+					type: "object",
+					properties: {
+						name: {
+							type: "string",
+							description: "成员显示名称"
+						},
+						role: {
+							type: "string",
+							description: "角色描述（例如 '安全审查员'、'代码架构师'）"
+						},
+						tools: {
+							type: "array",
+							items: { type: "string" },
+							description: "该成员可用的工具（留空 = 全部工具）"
+						},
+						model: {
+							type: "string",
+							description: "该成员的模型覆盖"
+						}
+					},
+					required: ["name", "role"]
+				},
+				description: "团队成员及其角色和能力"
+			},
+			strategy: {
+				type: "string",
+				enum: [
+					"consensus",
+					"majority",
+					"delegated"
+				],
+				description: "决策策略：consensus（全员同意）、majority（投票）、delegated（领导者决策）"
+			}
+		},
+		required: ["name", "members"]
+	},
+	kind: "ExecutesCode",
+	safety: "RequiresApproval",
+	availability: { type: "always" },
+	executor: "core:team_create",
+	owner: "core"
+};
+const handler$15 = { async handle(invocation, signal) {
+	const { name, members, strategy } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "团队创建已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	const strat = strategy ?? "consensus";
+	const memberList = members.map((m) => `  - ${m.name} (${m.role})${m.model ? ` [${m.model}]` : ""}`).join("\n");
+	return {
+		success: true,
+		content: [
+			`团队已创建：${name}`,
+			`策略：${strat}`,
+			`成员（${members.length} 人）：`,
+			memberList,
+			"",
+			"[Phase 4 集成：通过 @lynx/agent 子 Agent 通道实现真实团队编排]"
+		].join("\n"),
+		metadata: { durationMs: Date.now() - startTime }
+	};
+} };
+//#endregion
+//#region src/builtin/agent/team-delete.ts
+const descriptor$17 = {
+	name: "team_delete",
+	description: "删除多 Agent 协作团队。移除团队前会终止所有正在执行的成员任务。",
+	inputSchema: {
+		type: "object",
+		properties: { team_id: {
+			type: "string",
+			description: "团队标识（名称或 UUID）"
+		} },
+		required: ["team_id"]
+	},
+	kind: "ExecutesCode",
+	safety: "RequiresApproval",
+	availability: {
+		type: "all",
+		exprs: [{ type: "always" }]
+	},
+	executor: "core:team_delete",
+	owner: "core"
+};
+const handler$14 = { async handle(invocation, signal) {
+	const { team_id } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "团队删除已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	return {
+		success: true,
+		content: [
+			`团队已删除：${team_id}`,
+			"所有成员任务已终止。",
+			"[Phase 4 集成：通过 @lynx/agent 实现真实团队生命周期管理]"
+		].join("\n"),
+		metadata: { durationMs: Date.now() - startTime }
+	};
+} };
+//#endregion
+//#region src/builtin/agent/verify-plan.ts
+const descriptor$16 = {
+	name: "verify_plan_execution",
+	description: "验证计划执行是否匹配其规范。逐一检查每个检查点的预期输出与实际输出是否一致。在实施计划后使用此工具，确保无遗漏。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			plan_id: {
+				type: "string",
+				description: "要验证的计划标识"
+			},
+			checkpoints: {
+				type: "array",
+				items: {
+					type: "object",
+					properties: {
+						description: {
+							type: "string",
+							description: "该检查点的预期描述"
+						},
+						expected: {
+							type: "string",
+							description: "预期输出或状态"
+						},
+						actual: {
+							type: "string",
+							description: "实际观察到的输出或状态"
+						}
+					},
+					required: [
+						"description",
+						"expected",
+						"actual"
+					]
+				},
+				description: "待验证的检查点列表"
+			}
+		},
+		required: ["plan_id", "checkpoints"]
+	},
+	kind: "ReadOnly",
+	safety: "Safe",
+	availability: { type: "always" },
+	executor: "core:verify_plan_execution",
+	owner: "core"
+};
+const handler$13 = { async handle(invocation, signal) {
+	const { plan_id, checkpoints } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "验证已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	const results = checkpoints.map((cp) => {
+		const passed = cp.expected.trim() === cp.actual.trim();
+		return {
+			...cp,
+			passed
+		};
+	});
+	const passed = results.filter((r) => r.passed).length;
+	const failed = results.filter((r) => !r.passed).length;
+	const total = results.length;
+	return {
+		success: true,
+		content: [
+			`计划验证：${plan_id}`,
+			`结果：${passed}/${total} 通过，${failed} 失败`,
+			"",
+			...results.map((r) => {
+				return `${r.passed ? "✓" : "✗"} ${r.description}\n   预期：${r.expected.slice(0, 100)}\n   实际：${r.actual.slice(0, 100)}`;
+			})
+		].join("\n"),
+		metadata: { durationMs: Date.now() - startTime }
+	};
+} };
+//#endregion
+//#region src/builtin/agent/remote-trigger.ts
+const descriptor$15 = {
+	name: "remote_trigger",
+	description: "通过发送 HTTP 请求（webhook / CI 回调）触发远程任务。支持 GET 和 POST 方法，可自定义请求头和请求体。默认超时 30 秒。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			url: {
+				type: "string",
+				format: "uri",
+				description: "要触发的远程 URL"
+			},
+			method: {
+				type: "string",
+				enum: ["GET", "POST"],
+				description: "HTTP 方法（默认：POST）"
+			},
+			headers: {
+				type: "object",
+				description: "自定义 HTTP 请求头（例如 Authorization、Content-Type）"
+			},
+			body: {
+				type: "string",
+				description: "请求体（POST 时使用）"
+			},
+			timeout: {
+				type: "integer",
+				description: "请求超时时间，毫秒（默认：30000，最大：60000）"
+			}
+		},
+		required: ["url"]
+	},
+	kind: "Network",
+	safety: "RequiresApproval",
+	availability: { type: "always" },
+	executor: "core:remote_trigger",
+	owner: "core"
+};
+const handler$12 = { async handle(invocation, signal) {
+	const { url, method, headers, body, timeout } = invocation.payload;
+	const startTime = Date.now();
+	const httpMethod = method ?? "POST";
+	const timeoutMs = Math.min(timeout ?? 3e4, 6e4);
+	if (signal.aborted) return {
+		success: false,
+		content: "远程触发已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	try {
+		const controller = new AbortController();
+		const timeoutId = setTimeout(() => controller.abort(), timeoutMs);
+		signal.addEventListener("abort", () => {
+			clearTimeout(timeoutId);
+			controller.abort();
+		}, { once: true });
+		const resp = await fetch(url, {
+			method: httpMethod,
+			headers: {
+				"Content-Type": "application/json",
+				"User-Agent": "Lynx/1.0",
+				...headers
+			},
+			body: httpMethod === "POST" ? body ?? void 0 : void 0,
+			signal: controller.signal
+		});
+		clearTimeout(timeoutId);
+		const respBody = await resp.text().catch(() => "（二进制响应）");
+		const truncated = respBody.length > 2e3;
+		const summary = truncated ? respBody.slice(0, 1997) + "..." : respBody;
+		return {
+			success: resp.ok,
+			content: `HTTP ${resp.status} ${resp.statusText}\n\n${summary}`,
+			metadata: {
+				durationMs: Date.now() - startTime,
+				truncated
+			}
+		};
+	} catch (err) {
+		const message = err instanceof Error ? err.message : String(err);
+		if (err.name === "AbortError" || message.includes("abort")) return {
+			success: false,
+			content: signal.aborted ? "操作已取消" : `请求在 ${timeoutMs}ms 后超时`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		return {
+			success: false,
+			content: `远程触发失败：${message}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	}
+} };
+//#endregion
+//#region src/builtin/agent/schedule-cron.ts
+/**
+* ScheduleCronTool — 定时任务调度工具。
+*
+* 使用 cron 语法安排定时任务。支持一次性提醒和循环计划。
+* 任务持久化到 ~/.lynx/cron-jobs.json，进程重启后自动恢复。
+*/
+const STORAGE_DIR$1 = join(homedir(), ".lynx");
+const STORAGE_FILE$1 = join(STORAGE_DIR$1, "cron-jobs.json");
+/** 活跃的 cron 任务映射，key 为 job UUID。 */
+const jobs = /* @__PURE__ */ new Map();
+/** 初始化：加载持久化任务并启动调度。 */
+function init$1() {
+	try {
+		const raw = readFileSync(STORAGE_FILE$1, "utf-8");
+		const persisted = JSON.parse(raw);
+		for (const j of persisted) scheduleJob(j.id, j.cron, j.prompt);
+	} catch {}
+}
+/** 持久化所有任务到磁盘。 */
+function persist$1() {
+	mkdirSync(STORAGE_DIR$1, { recursive: true });
+	const arr = [];
+	for (const job of jobs.values()) arr.push({
+		id: job.id,
+		cron: job.cron,
+		prompt: job.prompt
+	});
+	writeFileSync(STORAGE_FILE$1, JSON.stringify(arr, null, 2));
+}
+/** 根据 cron 表达式计算下次触发时间（简化实现）。 */
+function calcNextFire(cron) {
+	const now = /* @__PURE__ */ new Date();
+	if (cron === "@hourly") return now.getTime() + 36e5;
+	if (cron === "@daily") return now.getTime() + 864e5;
+	if (cron === "@weekly") return now.getTime() + 6048e5;
+	const parts = cron.split(/\s+/);
+	if (parts.length !== 5) return now.getTime() + 6e4;
+	const minute = parseField(parts[0], 0, 59);
+	const hour = parseField(parts[1], 0, 23);
+	if (minute !== null && hour !== null) {
+		const next = new Date(now);
+		next.setMinutes(next.getMinutes() + 1);
+		next.setSeconds(0);
+		next.setMilliseconds(0);
+		return next.getTime();
+	}
+	return now.getTime() + 6e4;
+}
+/** 解析 cron 字段值，支持 * 和步进语法。 */
+function parseField(field, _min, _max) {
+	if (field === "*") return 0;
+	const step = field.match(/^\*\/(\d+)$/);
+	if (step) return parseInt(step[1], 10);
+	const num = parseInt(field, 10);
+	if (!isNaN(num)) return num;
+	return null;
+}
+/** 调度一个 cron 任务。 */
+function scheduleJob(id, cron, prompt) {
+	const nextFire = calcNextFire(cron);
+	const delay = Math.max(0, nextFire - Date.now());
+	const job = {
+		id,
+		cron,
+		prompt,
+		nextFire
+	};
+	if (cron.includes("*") || cron.startsWith("@")) job.timer = setInterval(() => {
+		if (Date.now() >= job.nextFire) job.nextFire = calcNextFire(cron);
+	}, 6e4);
+	else job.timer = setTimeout(() => {
+		jobs.delete(id);
+		persist$1();
+	}, delay);
+	jobs.set(id, job);
+	return job;
+}
+/** 验证 cron 表达式格式。 */
+function isValidCron(cron) {
+	if (cron.startsWith("@") && [
+		"@hourly",
+		"@daily",
+		"@weekly"
+	].includes(cron)) return true;
+	const parts = cron.trim().split(/\s+/);
+	if (parts.length !== 5) return false;
+	return parts.every((p) => {
+		if (p === "*") return true;
+		if (/^\*\/\d+$/.test(p)) return true;
+		return !isNaN(parseInt(p, 10));
+	});
+}
+init$1();
+const descriptor$14 = {
+	name: "ScheduleCronTool",
+	description: "使用 cron 语法安排定时任务。任务在指定时间或间隔触发。支持一次性提醒和循环计划。标准 cron 格式：分 时 日 月 周。也支持 @hourly、@daily、@weekly 别名。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			action: {
+				type: "string",
+				enum: [
+					"create",
+					"list",
+					"delete"
+				],
+				description: "操作类型：创建任务、列出任务、删除任务"
+			},
+			cron: {
+				type: "string",
+				description: "5 字段 cron 表达式（如 '*/5 * * * *'）或别名 @hourly/@daily/@weekly"
+			},
+			prompt: {
+				type: "string",
+				description: "任务触发时入队的提示文本"
+			},
+			jobId: {
+				type: "string",
+				description: "任务 ID（delete 操作时使用）"
+			}
+		},
+		required: ["action"]
+	},
+	kind: "ExecutesCode",
+	safety: "WorkspaceSafe",
+	availability: { type: "always" },
+	executor: "core:schedule_cron",
+	owner: "core"
+};
+const handler$11 = { async handle(invocation, signal) {
+	const { action, cron, prompt, jobId } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "定时任务操作已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	try {
+		switch (action) {
+			case "create": return handleCreate(cron, prompt);
+			case "list": return handleList$1();
+			case "delete": return handleDelete(jobId);
+			default: return {
+				success: false,
+				content: `未知操作：${action}`,
+				metadata: { durationMs: Date.now() - startTime }
+			};
+		}
+	} catch (err) {
+		return {
+			success: false,
+			content: `定时任务操作失败：${err instanceof Error ? err.message : String(err)}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	}
+} };
+/** 创建新的 cron 任务。 */
+function handleCreate(cron, prompt) {
+	if (!cron || !prompt) return {
+		success: false,
+		content: "缺少必要参数：cron 和 prompt 均为必填"
+	};
+	if (!isValidCron(cron)) return {
+		success: false,
+		content: `无效的 cron 表达式：${cron}。格式：分 时 日 月 周（5 字段），或 @hourly/@daily/@weekly`
+	};
+	const id = randomUUID();
+	const job = scheduleJob(id, cron, prompt);
+	persist$1();
+	return {
+		success: true,
+		content: `定时任务已创建。ID：${id}\n计划：${cron}\n下次触发：${new Date(job.nextFire).toISOString()}`
+	};
+}
+/** 列出所有活跃任务。 */
+function handleList$1() {
+	if (jobs.size === 0) return {
+		success: true,
+		content: "当前无定时任务"
+	};
+	const lines = [];
+	for (const job of jobs.values()) {
+		const nextDate = new Date(job.nextFire).toISOString();
+		lines.push(`${job.id} — ${job.cron} — 下次：${nextDate} — "${job.prompt.slice(0, 40)}"`);
+	}
+	return {
+		success: true,
+		content: `定时任务（${jobs.size}）：\n${lines.join("\n")}`
+	};
+}
+/** 删除指定任务。 */
+function handleDelete(jobId) {
+	if (!jobId) return {
+		success: false,
+		content: "缺少 jobId 参数"
+	};
+	const job = jobs.get(jobId);
+	if (!job) return {
+		success: false,
+		content: `未找到任务：${jobId}`
+	};
+	if (job.timer) {
+		clearTimeout(job.timer);
+		clearInterval(job.timer);
+	}
+	jobs.delete(jobId);
+	persist$1();
+	return {
+		success: true,
+		content: `任务 ${jobId} 已删除`
+	};
+}
+//#endregion
+//#region src/builtin/agent/workflow.ts
+/**
+* WorkflowTool — 多步骤工作流定义和执行工具。
+*
+* 支持定义、运行、查看状态和列出工作流。
+* 工作流持久化到 ~/.lynx/workflows.json，进程重启后保留定义。
+*/
+const STORAGE_DIR = join(homedir(), ".lynx");
+const STORAGE_FILE = join(STORAGE_DIR, "workflows.json");
+/** 活跃的工作流映射，key 为 workflow UUID。 */
+const workflows = /* @__PURE__ */ new Map();
+/** 初始化：从磁盘加载持久化工作流。 */
+function init() {
+	try {
+		const raw = readFileSync(STORAGE_FILE, "utf-8");
+		const persisted = JSON.parse(raw);
+		for (const w of persisted) workflows.set(w.id, w);
+	} catch {}
+}
+/** 持久化所有工作流到磁盘。 */
+function persist() {
+	mkdirSync(STORAGE_DIR, { recursive: true });
+	writeFileSync(STORAGE_FILE, JSON.stringify(Array.from(workflows.values()), null, 2));
+}
+init();
+const descriptor$13 = {
+	name: "WorkflowTool",
+	description: "定义并执行多步骤工作流。每个步骤可以是一个工具调用，步骤之间可以有依赖关系。支持 define（定义）、run（运行）、status（查看状态）、list（列出所有）四种操作。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			action: {
+				type: "string",
+				enum: [
+					"define",
+					"run",
+					"status",
+					"list"
+				],
+				description: "操作类型：定义工作流、运行工作流、查看状态、列出所有工作流"
+			},
+			workflowId: {
+				type: "string",
+				description: "工作流 ID（run/status 操作时使用）"
+			},
+			name: {
+				type: "string",
+				description: "工作流名称（define 操作时使用）"
+			},
+			steps: {
+				type: "array",
+				items: {
+					type: "object",
+					properties: {
+						name: {
+							type: "string",
+							description: "步骤名称"
+						},
+						toolName: {
+							type: "string",
+							description: "要调用的工具名称"
+						},
+						args: {
+							type: "object",
+							description: "工具参数"
+						}
+					},
+					required: [
+						"name",
+						"toolName",
+						"args"
+					]
+				},
+				description: "工作流步骤列表（define 操作时使用）"
+			}
+		},
+		required: ["action"]
+	},
+	kind: "ExecutesCode",
+	safety: "WorkspaceSafe",
+	availability: { type: "always" },
+	executor: "core:workflow",
+	owner: "core"
+};
+const handler$10 = { async handle(invocation, signal) {
+	const { action, workflowId, name, steps } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "工作流操作已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	try {
+		switch (action) {
+			case "define": return handleDefine(name, steps);
+			case "run": return handleRun(workflowId);
+			case "status": return handleStatus(workflowId);
+			case "list": return handleList();
+			default: return {
+				success: false,
+				content: `未知操作：${action}`,
+				metadata: { durationMs: Date.now() - startTime }
+			};
+		}
+	} catch (err) {
+		return {
+			success: false,
+			content: `工作流操作失败：${err instanceof Error ? err.message : String(err)}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	}
+} };
+/** 定义新工作流。 */
+function handleDefine(name, steps) {
+	if (!name || !steps || steps.length === 0) return {
+		success: false,
+		content: "缺少必要参数：name 和 steps 均为必填，且 steps 不能为空"
+	};
+	const id = randomUUID();
+	const workflow = {
+		id,
+		name,
+		steps,
+		createdAt: Date.now()
+	};
+	workflows.set(id, workflow);
+	persist();
+	return {
+		success: true,
+		content: `工作流已定义。ID：${id}\n名称：${name}\n步骤：\n${steps.map((s, i) => `  ${i + 1}. ${s.name} — 调用 ${s.toolName}`).join("\n")}`
+	};
+}
+/** 运行工作流：返回步骤列表供 agent 按顺序执行。 */
+function handleRun(workflowId) {
+	if (!workflowId) return {
+		success: false,
+		content: "缺少 workflowId 参数"
+	};
+	const workflow = workflows.get(workflowId);
+	if (!workflow) return {
+		success: false,
+		content: `未找到工作流：${workflowId}`
+	};
+	const stepInstructions = workflow.steps.map((s, i) => {
+		const argsStr = JSON.stringify(s.args);
+		return `${i + 1}. **${s.name}** — 调用工具 \`${s.toolName}\`，参数：\`${argsStr}\``;
+	}).join("\n");
+	return {
+		success: true,
+		content: [
+			`开始运行工作流：${workflow.name}（ID: ${workflow.id}）`,
+			"",
+			"按以下步骤依次执行：",
+			stepInstructions,
+			"",
+			"请按顺序执行每个步骤，等待每步完成后再进行下一步。"
+		].join("\n")
+	};
+}
+/** 查看工作流状态。 */
+function handleStatus(workflowId) {
+	if (!workflowId) return {
+		success: false,
+		content: "缺少 workflowId 参数"
+	};
+	const workflow = workflows.get(workflowId);
+	if (!workflow) return {
+		success: false,
+		content: `未找到工作流：${workflowId}`
+	};
+	const createdDate = new Date(workflow.createdAt).toISOString();
+	const stepSummary = workflow.steps.map((s, i) => `${i + 1}. ${s.name}（工具：${s.toolName}）`).join("\n");
+	return {
+		success: true,
+		content: [
+			`工作流：${workflow.name}（ID: ${workflow.id}）`,
+			`创建时间：${createdDate}`,
+			`步骤（${workflow.steps.length}）：`,
+			stepSummary
+		].join("\n")
+	};
+}
+/** 列出所有工作流。 */
+function handleList() {
+	if (workflows.size === 0) return {
+		success: true,
+		content: "暂无定义的工作流"
+	};
+	const lines = [];
+	for (const w of workflows.values()) {
+		const date = new Date(w.createdAt).toISOString().slice(0, 10);
+		lines.push(`${w.id} — ${w.name}（${w.steps.length} 步骤，创建于 ${date}）`);
+	}
+	return {
+		success: true,
+		content: `工作流（${workflows.size}）：\n${lines.join("\n")}`
+	};
+}
+//#endregion
+//#region src/builtin/agent/tungsten.ts
+const descriptor$12 = {
+	name: "TungstenTool",
+	description: "重型复合工具：并行调度多个子 Agent 处理复杂任务的各个部分，然后综合结果。支持 parallel（并行）、pipeline（流水线）、debate（辩论）三种策略。适用于代码审查、多模块重构、全面调研等大规模任务。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			task: {
+				type: "string",
+				description: "要执行的复杂任务描述"
+			},
+			maxAgents: {
+				type: "number",
+				description: "最大并行 Agent 数量（默认 3）"
+			},
+			strategy: {
+				type: "string",
+				enum: [
+					"parallel",
+					"pipeline",
+					"debate"
+				],
+				description: "执行策略：parallel 并行执行、pipeline 流水线处理、debate 多角度辩论"
+			}
+		},
+		required: ["task"]
+	},
+	kind: "ExecutesCode",
+	safety: "WorkspaceSafe",
+	availability: { type: "always" },
+	executor: "core:tungsten",
+	owner: "core"
+};
+const handler$9 = { async handle(invocation, signal) {
+	const { task, maxAgents, strategy } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "Tungsten 操作已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	if (!task || task.trim().length === 0) return {
+		success: false,
+		content: "缺少必要参数：task 为必填且不能为空",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	try {
+		const agentCount = Math.min(Math.max(maxAgents ?? 3, 1), 10);
+		const execStrategy = strategy ?? "parallel";
+		return {
+			success: true,
+			content: buildExecutionPlan(task, decomposeTask(task, agentCount), agentCount, execStrategy),
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	} catch (err) {
+		return {
+			success: false,
+			content: `Tungsten 任务规划失败：${err instanceof Error ? err.message : String(err)}`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	}
+} };
+/**
+* 将任务拆解为子任务。
+*
+* 按语义标记（编号列表、段落、主题关键词）进行简单拆分。
+* 真实场景中可接入 LLM 辅助拆解以获得更精准的结果。
+*/
+function decomposeTask(task, maxAgents) {
+	const numberedPattern = /(?:^|\n)\s*(?:\d+[.)]\s*|[-*]\s+)(.+)/g;
+	const matches = [];
+	let match;
+	while ((match = numberedPattern.exec(task)) !== null) matches.push(match[1].trim());
+	if (matches.length >= 2) {
+		const count = Math.min(matches.length, maxAgents);
+		return matches.slice(0, count).map((m, i) => ({
+			id: i + 1,
+			name: m.slice(0, 40),
+			description: m,
+			suggestedAgentRole: `${i + 1} 号子 Agent`
+		}));
+	}
+	const paragraphs = task.split(/\n\s*\n/).map((p) => p.trim()).filter((p) => p.length > 0);
+	if (paragraphs.length >= 2) {
+		const count = Math.min(paragraphs.length, maxAgents);
+		return paragraphs.slice(0, count).map((p) => p.slice(0, 50)).map((n, i) => ({
+			id: i + 1,
+			name: n,
+			description: paragraphs[i],
+			suggestedAgentRole: `子 Agent ${i + 1}`
+		}));
+	}
+	const sentences = task.split(/[.．。!！?？]+/).filter((s) => s.trim().length > 10);
+	if (sentences.length >= 2) {
+		const count = Math.min(sentences.length, maxAgents);
+		return sentences.slice(0, count).map((s, i) => ({
+			id: i + 1,
+			name: s.trim().slice(0, 40),
+			description: s.trim(),
+			suggestedAgentRole: `子 Agent ${i + 1}`
+		}));
+	}
+	return [{
+		id: 1,
+		name: task.slice(0, 40),
+		description: task,
+		suggestedAgentRole: "主执行 Agent"
+	}];
+}
+/** 根据策略生成执行计划文本。 */
+function buildExecutionPlan(task, subtasks, maxAgents, strategy) {
+	const planLines = [
+		"═══════════════════════════════════════",
+		"  Tungsten 并行执行计划",
+		"═══════════════════════════════════════",
+		"",
+		`总任务：${task.slice(0, 120)}${task.length > 120 ? "..." : ""}`,
+		`执行策略：${strategyLabel(strategy)}`,
+		`并行 Agent 数：${maxAgents}`,
+		`子任务数：${subtasks.length}`,
+		"",
+		"── 子任务分配 ──",
+		""
+	];
+	for (const st of subtasks) {
+		planLines.push(`[${st.id}] ${st.name}`);
+		planLines.push(`    角色：${st.suggestedAgentRole}`);
+		planLines.push(`    描述：${st.description.slice(0, 100)}`);
+		planLines.push("");
+	}
+	planLines.push("── 执行指令 ──");
+	planLines.push("");
+	switch (strategy) {
+		case "parallel":
+			planLines.push("所有子 Agent 同时并行执行各自的子任务。", `请为每个子任务创建独立的 Agent，共 ${subtasks.length} 个，同时启动。`, "完成后，由协调 Agent 综合所有结果形成最终输出。");
+			break;
+		case "pipeline":
+			planLines.push("子任务按顺序流水线执行，每个子 Agent 的输出作为下一个的输入。", `请依次启动 ${subtasks.length} 个 Agent，每个等待前一个完成后再开始。`, "流水线末端的 Agent 产出最终结果。");
+			break;
+		case "debate":
+			planLines.push(`每个子 Agent 从不同角度处理任务，共 ${subtasks.length} 个视角。`, "各 Agent 独立产出观点/方案后，由协调 Agent 对比、批判、综合。", "最终输出应包括不同观点的对比分析和综合结论。");
+			break;
+	}
+	planLines.push("");
+	planLines.push("── 综合指令 ──");
+	planLines.push("所有子任务完成后，将结果合并为统一的最终输出。");
+	planLines.push("═══════════════════════════════════════");
+	return planLines.join("\n");
+}
+/** 策略的中文标签。 */
+function strategyLabel(strategy) {
+	switch (strategy) {
+		case "parallel": return "并行";
+		case "pipeline": return "流水线";
+		case "debate": return "辩论";
+		default: return strategy;
+	}
+}
+//#endregion
+//#region src/builtin/mode/enter-plan-mode.ts
+const descriptor$11 = {
+	name: "enter_plan_mode",
+	description: "进入计划模式 — 切换为只读模式，Agent 只能读取文件和输出设计方案。所有写入/编辑/执行工具将自动被拒绝。在进行重大架构变更前使用此模式，以便在实施前获得用户对方案的认可。",
+	inputSchema: {
+		type: "object",
+		properties: {},
+		required: []
+	},
+	kind: "ReadOnly",
+	safety: "Safe",
+	availability: { type: "always" },
+	executor: "core:enter_plan_mode",
+	owner: "core"
+};
+const handler$8 = { async handle(_invocation, signal) {
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "Operation cancelled",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	return {
+		success: true,
+		content: [
+			"已进入计划模式。",
+			"- 所有写入/编辑/执行工具当前已被拒绝。",
+			"- 您可执行：读取文件、搜索代码、设计架构、编写计划。",
+			"- 使用 exit_plan_mode 返回普通模式。"
+		].join("\n"),
+		metadata: { durationMs: Date.now() - startTime }
+	};
+} };
+//#endregion
+//#region src/builtin/mode/exit-plan-mode.ts
+const descriptor$10 = {
+	name: "exit_plan_mode",
+	description: "退出计划模式，返回普通模式（写入工具重新启用）。计划方案将在执行前展示给用户审批。",
+	inputSchema: {
+		type: "object",
+		properties: {},
+		required: []
+	},
+	kind: "ReadOnly",
+	safety: "Safe",
+	availability: { type: "always" },
+	executor: "core:exit_plan_mode",
+	owner: "core"
+};
+const handler$7 = { async handle(_invocation, signal) {
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "Operation cancelled",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	return {
+		success: true,
+		content: [
+			"已退出计划模式。",
+			"- 写入/编辑/执行工具已重新启用。",
+			"- 计划方案已就绪，等待用户审批并执行。"
+		].join("\n"),
+		metadata: { durationMs: Date.now() - startTime }
+	};
+} };
+//#endregion
+//#region src/builtin/mode/enter-worktree.ts
+const descriptor$9 = {
+	name: "enter_worktree",
+	description: "创建新的 git worktree 或进入已有 worktree 进行隔离工作。Worktree 存放在 .claude/worktrees/ 目录下。使用 name 参数创建新 worktree，使用 path 参数进入已有 worktree。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			name: {
+				type: "string",
+				description: "新 worktree 的名称（与 path 互斥）。不填则自动生成随机名称。"
+			},
+			path: {
+				type: "string",
+				description: "要进入的已有 worktree 的路径（与 name 互斥）。"
+			},
+			base_ref: {
+				type: "string",
+				description: "分支的基准引用（默认：'fresh' 模式基于 origin/master，'head' 模式基于 HEAD）"
+			}
+		},
+		required: []
+	},
+	kind: "ExecutesCode",
+	safety: "WorkspaceSafe",
+	availability: {
+		type: "all",
+		exprs: [{ type: "always" }]
+	},
+	executor: "core:enter_worktree",
+	owner: "core"
+};
+const handler$6 = { async handle(invocation, signal) {
+	const { name, path, base_ref } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "Worktree 操作已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	if (name && path) return {
+		success: false,
+		content: "name 与 path 互斥。使用 name 创建新 worktree，或使用 path 进入已有 worktree。",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	if (path) return {
+		success: true,
+		content: `已进入已有 worktree：${path}\n[Phase 4: 通过 @lynx/agent 实现真正的 git worktree 切换]`,
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	const worktreeName = name ?? `worktree-${Date.now().toString(36)}`;
+	const ref = base_ref ?? "fresh";
+	return {
+		success: true,
+		content: [
+			`Worktree 已创建：${worktreeName}`,
+			`基准引用：${ref}`,
+			`位置：.claude/worktrees/${worktreeName}`,
+			"",
+			"[Phase 4: 通过 @lynx/agent 实现真正的 git worktree 创建 + 工作目录切换]"
+		].join("\n"),
+		metadata: { durationMs: Date.now() - startTime }
+	};
+} };
+//#endregion
+//#region src/builtin/mode/exit-worktree.ts
+const descriptor$8 = {
+	name: "exit_worktree",
+	description: "退出 git worktree 并返回原始目录。使用 'keep' 保留 worktree，或使用 'remove' 删除（如有未提交变更需搭配 discard_changes）。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			action: {
+				type: "string",
+				enum: ["keep", "remove"],
+				description: "keep = 保留 worktree 不动，remove = 删除 worktree 及分支"
+			},
+			discard_changes: {
+				type: "boolean",
+				description: "当 action=remove 且 worktree 有未提交变更时必须设为 true"
+			}
+		},
+		required: ["action"]
+	},
+	kind: "ExecutesCode",
+	safety: "WorkspaceSafe",
+	availability: {
+		type: "all",
+		exprs: [{ type: "always" }]
+	},
+	executor: "core:exit_worktree",
+	owner: "core"
+};
+const handler$5 = { async handle(invocation, signal) {
+	const { action, discard_changes } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "Worktree 操作已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	if (action === "keep") return {
+		success: true,
+		content: "已退出 worktree（保留在磁盘上）。已返回原始目录。\n[Phase 4: 通过 @lynx/agent 实现真正的 worktree 退出]",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	if (action === "remove" && !discard_changes) return {
+		success: false,
+		content: "Worktree 可能有未提交的变更。设置 discard_changes: true 强制删除，或使用 action: 'keep' 保留。",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	return {
+		success: true,
+		content: "Worktree 已删除（目录及分支均已删除）。已返回原始目录。\n[Phase 4: 通过 @lynx/agent 实现真正的 worktree 删除]",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+} };
+//#endregion
+//#region src/builtin/mode/config-tool.ts
+/**
+* ConfigTool — 读取或修改 Lynx 配置。
+*
+* 配置存储在 ~/.lynx/config.json。支持四种操作：
+* - get: 获取指定 key 的配置值
+* - set: 设置指定 key 的配置值（原子写入）
+* - list: 列出所有配置项
+* - path: 返回配置文件路径
+*/
+const descriptor$7 = {
+	name: "ConfigTool",
+	description: "读取或修改 Lynx 配置。可以查看当前配置值或设置新的配置项。支持四种操作：get（获取单个配置项）、set（设置配置项）、list（列出所有配置项）、path（查看配置文件路径）。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			action: {
+				type: "string",
+				enum: [
+					"get",
+					"set",
+					"list",
+					"path"
+				],
+				description: "操作类型：get（获取）、set（设置）、list（列出全部）、path（查看路径）"
+			},
+			key: {
+				type: "string",
+				description: "配置项的键名（get/set 操作需要）"
+			},
+			value: {
+				type: "string",
+				description: "要设置的值（仅 set 操作需要）"
+			}
+		},
+		required: ["action"]
+	},
+	kind: "WritesFiles",
+	safety: "WorkspaceSafe",
+	availability: { type: "always" },
+	executor: "core:config_tool",
+	owner: "core"
+};
+/** 获取配置文件路径（POSIX 风格）。 */
+function resolveConfigPath() {
+	return join(homedir(), ".lynx", "config.json").replace(/\\/g, "/");
+}
+/** 加载当前配置，文件不存在时返回空对象。 */
+function loadConfig(path) {
+	if (!existsSync(path)) return {};
+	try {
+		return JSON.parse(readFileSync(path, "utf-8"));
+	} catch {
+		renameSync(path, path + ".bak");
+		return {};
+	}
+}
+/** 原子写入配置（先写临时文件再重命名）。 */
+function saveConfig(path, config) {
+	const dir = dirname(path);
+	if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
+	const tmpPath = path + ".tmp";
+	writeFileSync(tmpPath, JSON.stringify(config, null, 2) + "\n", "utf-8");
+	renameSync(tmpPath, path);
+}
+const handler$4 = { async handle(invocation, signal) {
+	const { action, key, value } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "操作已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	const configPath = resolveConfigPath();
+	switch (action) {
+		case "path": return {
+			success: true,
+			content: configPath,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		case "list": {
+			const config = loadConfig(configPath);
+			const keys = Object.keys(config);
+			if (keys.length === 0) return {
+				success: true,
+				content: "当前没有配置项。",
+				metadata: { durationMs: Date.now() - startTime }
+			};
+			return {
+				success: true,
+				content: keys.map((k) => `${k} = ${JSON.stringify(config[k])}`).join("\n"),
+				metadata: { durationMs: Date.now() - startTime }
+			};
+		}
+		case "get": {
+			if (!key) return {
+				success: false,
+				content: "get 操作需要提供 key 参数。",
+				metadata: { durationMs: Date.now() - startTime }
+			};
+			const config = loadConfig(configPath);
+			if (!(key in config)) return {
+				success: false,
+				content: `配置项 "${key}" 不存在。`,
+				metadata: { durationMs: Date.now() - startTime }
+			};
+			return {
+				success: true,
+				content: JSON.stringify(config[key]),
+				metadata: { durationMs: Date.now() - startTime }
+			};
+		}
+		case "set": {
+			if (!key) return {
+				success: false,
+				content: "set 操作需要提供 key 参数。",
+				metadata: { durationMs: Date.now() - startTime }
+			};
+			const config = loadConfig(configPath);
+			const setValue = value ?? "";
+			config[key] = setValue;
+			try {
+				saveConfig(configPath, config);
+			} catch (err) {
+				return {
+					success: false,
+					content: `写入配置文件失败: ${err instanceof Error ? err.message : String(err)}`,
+					metadata: { durationMs: Date.now() - startTime }
+				};
+			}
+			return {
+				success: true,
+				content: `已设置 ${key} = ${JSON.stringify(setValue)}`,
+				metadata: { durationMs: Date.now() - startTime }
+			};
+		}
+		default: return {
+			success: false,
+			content: `不支持的操作: ${action}。支持的操作: get, set, list, path。`,
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	}
+} };
+//#endregion
+//#region src/builtin/interact/ask-user-question.ts
+const descriptor$6 = {
+	name: "ask_user_question",
+	description: "向用户提出一个或多个澄清性问题并等待回答。支持单选、多选以及自由文本的「其他」选项。当您被一个只有用户才能做决定的问题卡住时使用。",
+	inputSchema: {
+		type: "object",
+		properties: { questions: {
+			type: "array",
+			minItems: 1,
+			maxItems: 4,
+			items: {
+				type: "object",
+				properties: {
+					question: {
+						type: "string",
+						description: "向用户提出的完整问题"
+					},
+					header: {
+						type: "string",
+						description: "显示为标签的简短文字（最多 12 个字符）"
+					},
+					options: {
+						type: "array",
+						minItems: 2,
+						maxItems: 4,
+						items: {
+							type: "object",
+							properties: {
+								label: {
+									type: "string",
+									description: "显示文本（1-5 个词）"
+								},
+								description: {
+									type: "string",
+									description: "对该选项含义的解释说明"
+								}
+							},
+							required: ["label", "description"]
+						},
+						description: "可选项（2-4 个）。「其他」选项会自动追加。"
+					},
+					multiSelect: {
+						type: "boolean",
+						description: "是否允许多选"
+					}
+				},
+				required: [
+					"question",
+					"header",
+					"options",
+					"multiSelect"
+				]
+			},
+			description: "要提问的问题列表（1-4 个）"
+		} },
+		required: ["questions"]
+	},
+	kind: "ReadOnly",
+	safety: "Safe",
+	availability: { type: "always" },
+	executor: "core:ask_user_question",
+	owner: "core"
+};
+const handler$3 = { async handle(invocation, signal) {
+	const { questions } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "提问已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	return {
+		success: true,
+		content: [
+			"向用户提问：",
+			"",
+			questions.map((q, i) => {
+				const opts = q.options.map((o) => `    - ${o.label}: ${o.description}`).join("\n");
+				return `Q${i + 1}. [${q.header}] ${q.question}${q.multiSelect ? " (multi-select)" : ""}\n${opts}`;
+			}).join("\n\n"),
+			"",
+			"[Phase 4 TUI 集成: 通过 lynx-tui 桥接实现真正的 AskUserQuestion 弹窗]"
+		].join("\n"),
+		metadata: { durationMs: Date.now() - startTime }
+	};
+} };
+//#endregion
+//#region src/builtin/interact/brief.ts
+const descriptor$5 = {
+	name: "brief",
+	description: "生成当前对话上下文的结构化摘要简报。适用于进度检查点、会话间交接、或向用户提供状态更新。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			format: {
+				type: "string",
+				enum: ["markdown", "json"],
+				description: "输出格式（默认：markdown）"
+			},
+			sections: {
+				type: "array",
+				items: { type: "string" },
+				description: "要包含的章节（默认：context, goal, progress, blockers, next）"
+			}
+		},
+		required: []
+	},
+	kind: "ReadOnly",
+	safety: "Safe",
+	availability: { type: "always" },
+	executor: "core:brief",
+	owner: "core"
+};
+const handler$2 = { async handle(invocation, signal) {
+	const { format, sections } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "简报生成已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	const fmt = format ?? "markdown";
+	const secs = sections ?? [
+		"context",
+		"goal",
+		"progress",
+		"blockers",
+		"next"
+	];
+	if (fmt === "json") {
+		const brief = {};
+		for (const s of secs) brief[s] = `[Phase 3: real context extraction via @lynx/agent compaction]`;
+		return {
+			success: true,
+			content: JSON.stringify(brief, null, 2),
+			metadata: { durationMs: Date.now() - startTime }
+		};
+	}
+	const lines = ["# Brief", ""];
+	for (const s of secs) lines.push(`## ${s}`, "", `[Phase 3: real context extraction via @lynx/agent compaction]`, "");
+	return {
+		success: true,
+		content: lines.join("\n"),
+		metadata: { durationMs: Date.now() - startTime }
+	};
+} };
+//#endregion
+//#region src/builtin/interact/synthetic-output.ts
+const descriptor$4 = {
+	name: "synthetic_output",
+	description: "生成符合 JSON Schema 的结构化输出。用于在子 Agent 和父 Agent 之间传递带类型的数据。如果输出无法通过 schema 校验，LLM 会自动重试。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			schema: {
+				type: "object",
+				description: "输出必须符合的 JSON Schema"
+			},
+			content: {
+				type: "object",
+				description: "结构化内容（必须与 schema 匹配）"
+			}
+		},
+		required: ["schema", "content"]
+	},
+	kind: "ReadOnly",
+	safety: "Safe",
+	availability: { type: "always" },
+	executor: "core:synthetic_output",
+	owner: "core"
+};
+const handler$1 = { async handle(invocation, signal) {
+	const { schema, content } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "合成输出已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	if (!schema || typeof schema !== "object") return {
+		success: false,
+		content: "无效的 schema：必须为 JSON Schema 对象",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	return {
+		success: true,
+		content: JSON.stringify(content, null, 2),
+		metadata: { durationMs: Date.now() - startTime }
+	};
+} };
+//#endregion
+//#region src/builtin/interact/sleep.ts
+const descriptor$3 = {
+	name: "sleep",
+	description: "暂停执行指定秒数。用于速率限制退避、等待外部事件或轮询间隔。最长 300 秒。必须提供原因。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			seconds: {
+				type: "number",
+				description: "等待的秒数（最多 300）",
+				minimum: 1,
+				maximum: 300
+			},
+			reason: {
+				type: "string",
+				description: "为什么需要等待（必填 — 防止无意义的等待）"
+			}
+		},
+		required: ["seconds", "reason"]
+	},
+	kind: "ReadOnly",
+	safety: "Safe",
+	availability: { type: "always" },
+	executor: "core:sleep",
+	owner: "core"
+};
+const handler = { async handle(invocation, signal) {
+	const { seconds, reason } = invocation.payload;
+	const startTime = Date.now();
+	if (signal.aborted) return {
+		success: false,
+		content: "等待已取消",
+		metadata: { durationMs: Date.now() - startTime }
+	};
+	const clamped = Math.min(Math.max(1, Math.floor(seconds)), 300);
+	if (clamped !== seconds) {}
+	await new Promise((resolve, reject) => {
+		const timer = setTimeout(resolve, clamped * 1e3);
+		const onAbort = () => {
+			clearTimeout(timer);
+			reject(/* @__PURE__ */ new Error("ABORTED"));
+		};
+		signal.addEventListener("abort", onAbort, { once: true });
+	}).catch((err) => {
+		if (err.message === "ABORTED") {} else throw err;
+	});
+	const actualWait = Date.now() - startTime;
+	if (signal.aborted) return {
+		success: true,
+		content: `等待在 ${Math.round(actualWait / 1e3)} 秒后被中断（请求：${clamped} 秒）。原因：${reason}`,
+		metadata: { durationMs: actualWait }
+	};
+	return {
+		success: true,
+		content: `已等待 ${clamped} 秒。原因：${reason}`,
+		metadata: { durationMs: actualWait }
+	};
+} };
+//#endregion
+//#region src/builtin/memory/memory-write.ts
+const descriptor$1 = {
+	name: "memory_write",
+	description: "管理持久化记忆。支持以下操作：create/update — 写入或更新一条记忆；delete — 按名称删除；search — 全文搜索记忆（按相关度排序）；compact — 去重压缩相似条目（Jaccard 相似度 > 0.8）；forget — 按 glob 模式批量删除匹配的记忆；export — 导出全部记忆为 JSON 字符串；import — 从 JSON 字符串批量导入记忆（跳过同名条目）；merge — 合并另一个 memory 目录中的记忆文件。当用户要求记住某事、搜索记忆、清理重复记忆或迁移记忆时使用。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			action: {
+				type: "string",
+				enum: [
+					"create",
+					"update",
+					"delete",
+					"search",
+					"compact",
+					"forget",
+					"export",
+					"import",
+					"merge"
+				],
+				description: "要执行的操作。create = 新建记忆，update = 更新已有记忆，delete = 按名称删除，search = 全文搜索，compact = 去重压缩，forget = 按 glob 批量删除，export = 导出 JSON，import = 导入 JSON，merge = 合并目录。"
+			},
+			name: {
+				type: "string",
+				description: "记忆的简短 kebab-case 标识（例如 'user-prefers-pnpm'）。用作文件名。create/update/delete 操作必填。"
+			},
+			content: {
+				type: "string",
+				description: "记忆的完整 markdown 正文。用自然语言书写。对于反馈/项目类记忆，请包含 **Why:** 和 **How to apply:** 段落。使用 [[slug]] 引用关联相关记忆。create/update 操作时提供。"
+			},
+			description: {
+				type: "string",
+				description: "一行摘要，用于在调用记忆时判断相关性。保持简短且具体。"
+			},
+			type: {
+				type: "string",
+				enum: [
+					"user",
+					"feedback",
+					"project",
+					"reference"
+				],
+				description: "记忆分类。'user' = 用户身份，'feedback' = 纠正/指引，'project' = 进行中的工作/目标，'reference' = 外部资料引用。"
+			},
+			query: {
+				type: "string",
+				description: "搜索关键词，多个词用空格分隔（search 操作使用）。"
+			},
+			pattern: {
+				type: "string",
+				description: "glob 模式，用于匹配要删除的记忆名称（forget 操作使用）。支持 * 和 ? 通配符。"
+			},
+			data: {
+				type: "string",
+				description: "要导入的 JSON 数据字符串，由 export 操作生成（import 操作使用）。"
+			},
+			sourceDir: {
+				type: "string",
+				description: "源 memory 目录的绝对路径（merge 操作使用）。"
+			}
+		},
+		required: ["action"]
+	},
+	kind: "WritesFiles",
+	safety: "WorkspaceSafe",
+	availability: { type: "always" },
+	executor: "core:memory_write",
+	owner: "core"
+};
+/**
+* 创建绑定到指定 {@link MemoryManager} 的 memory_write 处理器。
+*
+* 工厂模式 — 管理器在启动时注入，使工具写入真实的 memory 目录。
+*/
+function createMemoryWriteHandler(memoryManager) {
+	return { async handle(invocation, _signal) {
+		const payload = invocation.payload;
+		const action = payload.action ?? "create";
+		switch (action) {
+			case "create":
+			case "update": {
+				const { name, content } = payload;
+				if (!name) return {
+					success: false,
+					content: `缺少必填参数 "name"。`
+				};
+				if (!content) return {
+					success: false,
+					content: `缺少必填参数 "content"。`
+				};
+				if (!/^[a-z0-9]+(?:-[a-z0-9]+)*$/.test(name)) return {
+					success: false,
+					content: `无效的记忆名称 "${name}"。请使用 kebab-case 格式，仅含小写字母、数字和连字符（例如 "user-prefers-pnpm"）。`
+				};
+				const effectiveType = payload.type ?? "reference";
+				const updatedAt = Date.now();
+				memoryManager.put({
+					name,
+					description: payload.description ?? "",
+					type: effectiveType,
+					content,
+					updatedAt,
+					filePath: ""
+				});
+				memoryManager.reload();
+				return {
+					success: true,
+					content: `记忆 "${name}" ${action === "create" ? "已创建" : "已更新"}（类型：${effectiveType}）。后续会话中将自动加载到上下文中。`
+				};
+			}
+			case "delete": {
+				const { name } = payload;
+				if (!name) return {
+					success: false,
+					content: `缺少必填参数 "name"。`
+				};
+				if (memoryManager.delete(name)) return {
+					success: true,
+					content: `记忆 "${name}" 已删除。`
+				};
+				return {
+					success: false,
+					content: `未找到名为 "${name}" 的记忆。`
+				};
+			}
+			case "search": {
+				const { query } = payload;
+				if (!query || !query.trim()) return {
+					success: false,
+					content: `缺少必填参数 "query"（搜索关键词）。`
+				};
+				const results = memoryManager.search(query);
+				if (results.length === 0) return {
+					success: true,
+					content: `未找到与 "${query}" 匹配的记忆。`
+				};
+				const lines = [`搜索 "${query}" 找到 ${results.length} 条相关记忆：`, ""];
+				for (const entry of results) {
+					const typeLabel = entry.type;
+					lines.push(`- **${entry.name}** [${typeLabel}]: ${entry.description}`);
+				}
+				return {
+					success: true,
+					content: lines.join("\n")
+				};
+			}
+			case "compact": {
+				const before = memoryManager.list().length;
+				const remaining = memoryManager.compact();
+				const removed = before - remaining.length;
+				if (removed === 0) return {
+					success: true,
+					content: `去重压缩完成。未发现相似条目，${remaining.length} 条记忆保持不变。`
+				};
+				return {
+					success: true,
+					content: `去重压缩完成。移除了 ${removed} 条重复记忆，当前共 ${remaining.length} 条。`
+				};
+			}
+			case "forget": {
+				const { pattern } = payload;
+				if (!pattern || !pattern.trim()) return {
+					success: false,
+					content: `缺少必填参数 "pattern"（glob 模式）。`
+				};
+				const count = memoryManager.forget(pattern);
+				if (count === 0) return {
+					success: true,
+					content: `没有记忆匹配模式 "${pattern}"。`
+				};
+				return {
+					success: true,
+					content: `已删除 ${count} 条匹配模式 "${pattern}" 的记忆。`
+				};
+			}
+			case "export": return {
+				success: true,
+				content: memoryManager.exportAll()
+			};
+			case "import": {
+				const { data } = payload;
+				if (!data || !data.trim()) return {
+					success: false,
+					content: `缺少必填参数 "data"（要导入的 JSON 数据）。`
+				};
+				const count = memoryManager.importAll(data);
+				if (count === 0) return {
+					success: true,
+					content: `未导入任何新记忆。JSON 数据可能为空，或所有条目已存在。`
+				};
+				return {
+					success: true,
+					content: `成功导入 ${count} 条新记忆。`
+				};
+			}
+			case "merge": {
+				const { sourceDir } = payload;
+				if (!sourceDir || !sourceDir.trim()) return {
+					success: false,
+					content: `缺少必填参数 "sourceDir"（源目录路径）。`
+				};
+				const count = memoryManager.merge(sourceDir);
+				if (count === 0) return {
+					success: true,
+					content: `未合并任何新记忆。源目录可能不存在、为空，或所有条目已存在。`
+				};
+				return {
+					success: true,
+					content: `成功从 "${sourceDir}" 合并 ${count} 条新记忆。`
+				};
+			}
+			default: return {
+				success: false,
+				content: `不支持的操作 "${action}"。支持的操作：create, update, delete, search, compact, forget, export, import, merge。`
+			};
+		}
+	} };
+}
+//#endregion
+//#region src/builtin/mcp/mcp-auth.ts
+/** 工具描述符 — 注册到 ToolRegistry 的静态元数据。 */
+const descriptor = {
+	name: "McpAuthTool",
+	description: "触发 MCP 服务器的重新认证流程（OAuth 或 XAA）。用于在工具调用失败并返回认证错误时。",
+	inputSchema: {
+		type: "object",
+		properties: { serverName: {
+			type: "string",
+			description: "需要重新认证的 MCP 服务器名称"
+		} },
+		required: ["serverName"]
+	},
+	kind: "Network",
+	safety: "RequiresApproval",
+	availability: { type: "always" },
+	executor: "core:mcp_auth",
+	owner: "core"
+};
+/**
+* 创建 McpAuthTool 的 handler，绑定到给定的 McpAuthOps。
+*
+* 工厂模式 — 实际 McpManager 在 bootstrap 时注入。
+*/
+function createMcpAuthHandler(mcpOps) {
+	return { async handle(invocation, signal) {
+		const { serverName } = invocation.payload;
+		if (!serverName || typeof serverName !== "string") return {
+			success: false,
+			content: "缺少必需参数 serverName"
+		};
+		if (signal.aborted) return {
+			success: false,
+			content: "操作已取消"
+		};
+		try {
+			return {
+				success: true,
+				content: `MCP 服务器 "${serverName}" 重新认证完成，当前状态：${(await mcpOps.reconnect(serverName)).status}`
+			};
+		} catch (err) {
+			return {
+				success: false,
+				content: `MCP 认证失败：${err.message}`
+			};
+		}
+	} };
+}
+//#endregion
+//#region src/builtin/interact/send-message.ts
+const descriptor$2 = {
+	name: "SendMessageTool",
+	description: "通过配置的消息通道发送消息（飞书等）。用于向用户发送通知或进度摘要。需要提前配置消息通道。",
+	inputSchema: {
+		type: "object",
+		properties: {
+			channel: {
+				type: "string",
+				description: "消息通道名称（如 feishu）"
+			},
+			content: {
+				type: "string",
+				description: "要发送的消息内容"
+			},
+			recipients: {
+				type: "array",
+				items: { type: "string" },
+				description: "接收人列表（可选）"
+			}
+		},
+		required: ["channel", "content"]
+	},
+	kind: "Network",
+	safety: "RequiresApproval",
+	availability: { type: "always" },
+	executor: "core:send_message",
+	owner: "core"
+};
+/**
+* 创建 SendMessageTool 的处理器。
+*
+* 通过工厂注入 MessageSender 实现，避免直接 import lynx-channels。
+* 在 bootstrap 阶段将真实的通道发送器注入此处。
+*/
+function createSendMessageHandler(sender) {
+	return { async handle(invocation, signal) {
+		const { channel, content, recipients } = invocation.payload;
+		const startTime = Date.now();
+		if (signal.aborted) return {
+			success: false,
+			content: "消息发送已取消",
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		if (!channel || !content) return {
+			success: false,
+			content: "缺少必要参数：channel 和 content 均为必填",
+			metadata: { durationMs: Date.now() - startTime }
+		};
+		try {
+			const result = await sender.send(channel, content, recipients);
+			return {
+				success: true,
+				content: `消息已通过 ${channel} 发送${recipients ? ` 给 ${recipients.join(", ")}` : ""}。消息 ID：${result.messageId}`,
+				metadata: { durationMs: Date.now() - startTime }
+			};
+		} catch (err) {
+			return {
+				success: false,
+				content: `消息发送失败（${channel}）：${err instanceof Error ? err.message : String(err)}`,
+				metadata: { durationMs: Date.now() - startTime }
+			};
+		}
+	} };
+}
+//#endregion
+//#region src/builtin/index.ts
+/** All built‑in (descriptor, handler) pairs in registration order. */
+const BUILTIN_TOOLS = [
+	{
+		descriptor: descriptor$33,
+		handler: handler$30
+	},
+	{
+		descriptor: descriptor$32,
+		handler: handler$29
+	},
+	{
+		descriptor: descriptor$31,
+		handler: handler$28
+	},
+	{
+		descriptor: descriptor$30,
+		handler: handler$27
+	},
+	{
+		descriptor: descriptor$29,
+		handler: handler$26
+	},
+	{
+		descriptor: descriptor$28,
+		handler: handler$25
+	},
+	{
+		descriptor: descriptor$27,
+		handler: handler$24
+	},
+	{
+		descriptor: descriptor$26,
+		handler: handler$23
+	},
+	{
+		descriptor: descriptor$25,
+		handler: handler$22
+	},
+	{
+		descriptor: descriptor$24,
+		handler: handler$21
+	},
+	{
+		descriptor: descriptor$23,
+		handler: handler$20
+	},
+	{
+		descriptor: descriptor$22,
+		handler: handler$19
+	},
+	{
+		descriptor: descriptor$21,
+		handler: handler$18
+	},
+	{
+		descriptor: descriptor$20,
+		handler: handler$17
+	},
+	{
+		descriptor: descriptor$19,
+		handler: handler$16
+	},
+	{
+		descriptor: descriptor$18,
+		handler: handler$15
+	},
+	{
+		descriptor: descriptor$17,
+		handler: handler$14
+	},
+	{
+		descriptor: descriptor$16,
+		handler: handler$13
+	},
+	{
+		descriptor: descriptor$15,
+		handler: handler$12
+	},
+	{
+		descriptor: descriptor$14,
+		handler: handler$11
+	},
+	{
+		descriptor: descriptor$13,
+		handler: handler$10
+	},
+	{
+		descriptor: descriptor$12,
+		handler: handler$9
+	},
+	{
+		descriptor: descriptor$11,
+		handler: handler$8
+	},
+	{
+		descriptor: descriptor$10,
+		handler: handler$7
+	},
+	{
+		descriptor: descriptor$9,
+		handler: handler$6
+	},
+	{
+		descriptor: descriptor$8,
+		handler: handler$5
+	},
+	{
+		descriptor: descriptor$7,
+		handler: handler$4
+	},
+	{
+		descriptor: descriptor$6,
+		handler: handler$3
+	},
+	{
+		descriptor: descriptor$5,
+		handler: handler$2
+	},
+	{
+		descriptor: descriptor$4,
+		handler: handler$1
+	},
+	{
+		descriptor: descriptor$3,
+		handler
+	}
+];
+/**
+* Register all built‑in tool (descriptor, handler) pairs with the given registry.
+*
+* Each pair is registered atomically — if one fails (duplicate name), the error
+* propagates so the caller can decide whether to abort or skip.
+*/
+function registerBuiltinTools(registry) {
+	for (const { descriptor, handler } of BUILTIN_TOOLS) registry.register(descriptor, handler);
+}
+/** Return the list of built‑in descriptors (without registering). */
+function listBuiltinDescriptors() {
+	return BUILTIN_TOOLS.map((t) => t.descriptor);
+}
+//#endregion
+//#region src/planner.ts
+/**
+* Compute the tool plan for the current turn.
+*
+* Every registered tool is evaluated against the availability context.
+* Visible tools go into the LLM catalog; hidden tools are returned with
+* a reason so the debug/log layer can report them.
+*
+* ```ts
+* const plan = buildToolPlan(registry, evalCtx);
+* console.log(`${plan.visible.length} visible, ${plan.hidden.length} hidden`);
+* ```
+*/
+function buildToolPlan(registry, ctx) {
+	const visible = [];
+	const hidden = [];
+	for (const tool of registry.listAll()) {
+		const result = evaluateAvailability(tool.availability, ctx);
+		if (result.available) visible.push(tool);
+		else hidden.push({
+			tool,
+			reason: result.reason ?? "unknown"
+		});
+	}
+	return {
+		visible,
+		hidden
+	};
+}
+//#endregion
+//#region src/safety/sensitive.ts
+const RULES = [
+	{
+		level: "Critical",
+		patterns: [
+			"**/.ssh/**",
+			"**/.gnupg/**",
+			"**/.aws/**",
+			"/etc/**",
+			"/root/**",
+			"/var/log/**",
+			"/proc/**",
+			"/sys/**",
+			"/dev/**",
+			"**/secrets/**",
+			"**/.lynx/auth.json",
+			"**/.claude/auth.json",
+			"**/credentials.json",
+			"C:/Windows/**",
+			"C:/Windows/System32/**",
+			"C:/Program Files/**"
+		]
+	},
+	{
+		level: "High",
+		patterns: [
+			".env",
+			".env.*",
+			"!**/.env.example",
+			"!**/.env.sample",
+			"**/.git/config",
+			"~/.lynx/config.json",
+			"yarn.lock",
+			"pnpm-lock.yaml",
+			"package-lock.json",
+			"**/id_rsa*",
+			"**/id_ed25519*",
+			"**/*.pem",
+			"**/*.key"
+		]
+	},
+	{
+		level: "Medium",
+		patterns: [
+			"package.json",
+			"tsconfig.json",
+			"tsconfig.*.json",
+			"Cargo.toml",
+			"Makefile",
+			"Dockerfile",
+			".github/workflows/**",
+			"docker-compose.yml",
+			"docker-compose.yaml",
+			"**/deploy/**",
+			"**/terraform/**"
+		]
+	}
+];
+/**
+* Simple glob‑to‑regex for the path patterns we use.
+* Handles **, *, and ! (negation prefix).
+*/
+function patternToRegex(pattern) {
+	const negate = pattern.startsWith("!");
+	const body = negate ? pattern.slice(1) : pattern;
+	let escaped = body.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*\*/g, "<<<GLOBSTAR>>>").replace(/\*/g, "[^/]*").replace(/<<<GLOBSTAR>>>/g, ".*");
+	if (body.startsWith("**/") || !body.includes("/")) escaped = "(?:.*/)?" + escaped;
+	return {
+		regex: new RegExp(`^${escaped}$`, "i"),
+		negate
+	};
+}
+let _compiled$1 = null;
+function compiledRules$1() {
+	if (_compiled$1) return _compiled$1;
+	_compiled$1 = [];
+	for (const rule of RULES) for (const pattern of rule.patterns) {
+		const { regex, negate } = patternToRegex(pattern);
+		_compiled$1.push({
+			regex,
+			level: rule.level,
+			negate
+		});
+	}
+	return _compiled$1;
+}
+/**
+* Classify a file path by sensitivity level.
+*
+* The path is tested against all rules in order. The first match wins.
+* Negation patterns (`!`) remove previous matches at the same level.
+*
+* @returns The sensitivity level for the given path.
+*/
+function classifySensitivity(filePath) {
+	const norm = filePath.replace(/\\/g, "/");
+	let result = "Low";
+	for (const { regex, level, negate } of compiledRules$1()) if (regex.test(norm)) {
+		if (negate) {
+			if (result === level) result = "Low";
+		} else if (severityOrder(level) > severityOrder(result)) result = level;
+	}
+	return result;
+}
+const SEVERITY_MAP = {
+	Low: 0,
+	Medium: 1,
+	High: 2,
+	Critical: 3
+};
+function severityOrder(level) {
+	return SEVERITY_MAP[level];
+}
+//#endregion
+//#region src/safety.ts
+/**
+* Map the 4‑level file sensitivity to a minimum command safety level.
+*
+*   Low    → no escalation
+*   Medium → WorkspaceSafe (write needs confirmation)
+*   High   → RequiresApproval (read is ok, write is blocked)
+*   Critical → Dangerous (no read, no write)
+*/
+const SENSITIVITY_ESCALATION = {
+	Low: null,
+	Medium: "WorkspaceSafe",
+	High: "RequiresApproval",
+	Critical: "RequiresApproval"
+};
+/**
+* Escalate the safety level if the command touches a sensitive path.
+*
+* Uses the 4‑level sensitivity classification from {@link classifySensitivity}.
+* Even a "Safe" tool becomes Dangerous if it tries to read ~/.ssh.
+*/
+function escalateForSensitivePaths(safety, paths) {
+	const SAFETY_ORDER = [
+		"Safe",
+		"WorkspaceSafe",
+		"RequiresApproval",
+		"Dangerous"
+	];
+	let maxSensitivity = "Low";
+	for (const p of paths) {
+		const level = classifySensitivity(p);
+		if (SENSITIVITY_ORDER[level] > SENSITIVITY_ORDER[maxSensitivity]) maxSensitivity = level;
+	}
+	const minSafety = SENSITIVITY_ESCALATION[maxSensitivity];
+	if (minSafety && SAFETY_ORDER.indexOf(safety) < SAFETY_ORDER.indexOf(minSafety)) return minSafety;
+	return safety;
+}
+const SENSITIVITY_ORDER = {
+	Low: 0,
+	Medium: 1,
+	High: 2,
+	Critical: 3
+};
+/**
+* Returns true if the tool requires interactive user confirmation.
+*/
+function needsApproval(safety) {
+	return safety === "RequiresApproval" || safety === "Dangerous";
+}
+/**
+* Returns true if the tool can run automatically in yolo/headless mode.
+*/
+function isHeadlessSafe(safety) {
+	return safety === "Safe" || safety === "WorkspaceSafe";
+}
+/** Human‑readable labels for each safety level. */
+const SAFETY_LABELS = {
+	Safe: "安全（只读，无副作用）",
+	WorkspaceSafe: "工作区安全（仅在项目内写入）",
+	RequiresApproval: "需要审批",
+	Dangerous: "危险（始终需要确认）"
+};
+//#endregion
+//#region src/safety/sanitize.ts
+const STRIP_RULES = [
+	{
+		label: "zero-width spaces",
+		source: "[\\u200B-\\u200F]",
+		flags: "g",
+		replacement: ""
+	},
+	{
+		label: "bidi overrides",
+		source: "[\\u202A-\\u202E]",
+		flags: "g",
+		replacement: ""
+	},
+	{
+		label: "deprecated format chars",
+		source: "[\\u2060-\\u2069]",
+		flags: "g",
+		replacement: ""
+	},
+	{
+		label: "byte order mark",
+		source: "\\uFEFF",
+		flags: "g",
+		replacement: ""
+	},
+	{
+		label: "variation selectors",
+		source: "[\\uFE00-\\uFE0F]",
+		flags: "g",
+		replacement: ""
+	},
+	{
+		label: "soft hyphen",
+		source: "\\u00AD",
+		flags: "g",
+		replacement: ""
+	},
+	{
+		label: "line separator",
+		source: "\\u2028",
+		flags: "g",
+		replacement: "\n"
+	},
+	{
+		label: "paragraph separator",
+		source: "\\u2029",
+		flags: "g",
+		replacement: "\n\n"
+	},
+	{
+		label: "interlinear annotation anchors",
+		source: "[\\uFFF9-\\uFFFB]",
+		flags: "g",
+		replacement: ""
+	},
+	{
+		label: "tag characters",
+		source: "\\uDB40[\\uDC01-\\uDC7F]",
+		flags: "gu",
+		replacement: ""
+	}
+];
+let _compiled = null;
+function compiledRules() {
+	if (_compiled) return _compiled;
+	_compiled = STRIP_RULES.map((rule) => ({
+		regex: new RegExp(rule.source, rule.flags),
+		replacement: rule.replacement,
+		label: rule.label
+	}));
+	return _compiled;
+}
+/**
+* Strip invisible and potentially dangerous Unicode characters from text.
+*
+* Preserves CJK Unified ideographs, emoji, combining diacritical marks,
+* and other legitimate Unicode.
+*/
+function sanitizeUnicode(input) {
+	let output = input;
+	for (const { regex, replacement } of compiledRules()) output = output.replace(regex, replacement);
+	return output;
+}
+//#endregion
+//#region src/safety/path-check.ts
+/**
+* Path traversal / jailbreak detection.
+*
+* Verifies that a resolved file path stays within the workspace root.
+* Also catches null-byte injection attacks that can truncate paths
+* in C‑based filesystem APIs.
+*/
+const NULL_BYTE_PATTERN = /\x00/;
+/**
+* Check whether a file path is safely contained within the workspace root.
+*
+* Algorithm:
+*   1. Reject paths containing null bytes (truncation attack).
+*   2. Resolve to absolute path, eliminating `../` segments.
+*   3. Resolve symlinks to their real physical location.
+*   4. Verify the final path starts with the workspace root.
+*
+* @returns true if the path is safely inside the workspace.
+*/
+function isPathSafe(filePath, workspaceRoot) {
+	if (NULL_BYTE_PATTERN.test(filePath)) return false;
+	const absolute = resolve(filePath);
+	const wsRoot = resolve(workspaceRoot);
+	if (!absolute.startsWith(wsRoot)) return false;
+	try {
+		if (existsSync(absolute)) return realpathSync(absolute).startsWith(wsRoot);
+	} catch {
+		return false;
+	}
+	return true;
+}
+//#endregion
+//#region src/safety/trusted-cmd.ts
+/**
+* Trusted command whitelist — commands that are safe to execute
+* without interactive user confirmation.
+*
+* These are read‑only or read‑heavy commands that don't modify
+* the filesystem or network. Even in `--yolo` mode, commands
+* not on this list still go through safety escalation.
+*/
+const TRUSTED_COMMANDS = new Set([
+	"bat",
+	"cat",
+	"df",
+	"dir",
+	"du",
+	"echo",
+	"env",
+	"fd",
+	"file",
+	"find",
+	"get-command",
+	"grep",
+	"head",
+	"hostname",
+	"less",
+	"ls",
+	"node",
+	"pwd",
+	"rg",
+	"stat",
+	"tail",
+	"type",
+	"uname",
+	"wc",
+	"where",
+	"whereis",
+	"which",
+	"whoami"
+]);
+const TRUSTED_SUBCOMMANDS = new Map([
+	["git", new Set([
+		"log",
+		"status",
+		"diff",
+		"show",
+		"branch",
+		"tag",
+		"rev-parse",
+		"rev-list",
+		"ls-files",
+		"ls-tree",
+		"describe",
+		"shortlog",
+		"stash",
+		"blame"
+	])],
+	["npm", new Set([
+		"list",
+		"ls",
+		"view",
+		"info",
+		"outdated"
+	])],
+	["pnpm", new Set([
+		"list",
+		"ls",
+		"view",
+		"info",
+		"outdated",
+		"why"
+	])]
+]);
+/**
+* Check if a command is on the trusted whitelist.
+*
+* For commands with sub‑command gating (git, npm, pnpm),
+* the first argument is checked against allowed sub‑commands.
+*/
+function isTrustedCommand(command, args = []) {
+	if (TRUSTED_COMMANDS.has(command)) return true;
+	const allowed = TRUSTED_SUBCOMMANDS.get(command);
+	if (allowed) {
+		const sub = args[0];
+		if (sub && allowed.has(sub)) return true;
+	}
+	if (args.includes("--version") || args.includes("-v") || args.includes("-V")) return true;
+	return false;
+}
+//#endregion
+//#region src/safety/blocked-cmd.ts
+const BLOCKED_PATTERNS = [
+	{
+		reason: "cannot erase root filesystem",
+		pattern: /\brm\s+-rf\s+\/\b/i
+	},
+	{
+		reason: "cannot write raw disk devices",
+		pattern: /\bdd\s+if=/i
+	},
+	{
+		reason: "cannot format filesystems",
+		pattern: /\bmkfs\./i
+	},
+	{
+		reason: "cannot overwrite block devices",
+		pattern: />\s*\/dev\/sd[a-z]/i
+	},
+	{
+		reason: "cannot elevate privileges",
+		pattern: /\bsudo\b/i
+	},
+	{
+		reason: "cannot switch user",
+		pattern: /\bsu\b(?:\s+-)?/i
+	},
+	{
+		reason: "cannot elevate via doas",
+		pattern: /\bdoas\b/i
+	},
+	{
+		reason: "cannot make world‑writable files",
+		pattern: /\bchmod\s+777\b/i
+	},
+	{
+		reason: "cannot recursively chown root directory",
+		pattern: /\bchown\s+-R\b.*\s+\//i
+	},
+	{
+		reason: "cannot pipe curl to shell",
+		pattern: /\bcurl\b.*\|\s*(?:sh|bash)\b/i
+	},
+	{
+		reason: "cannot pipe wget to shell",
+		pattern: /\bwget\b.*\|\s*(?:sh|bash)\b/i
+	},
+	{
+		reason: "cannot force push to main/master",
+		pattern: /\bgit\s+push\s+--force\b.*\b(?:main|master)\b/i
+	},
+	{
+		reason: "cannot delete git repository data",
+		pattern: /\bgit\s+reflog\s+expire\b/i
+	},
+	{
+		reason: "cannot hard reset from remote",
+		pattern: /\bgit\s+reset\s+--hard\s+origin\//i
+	}
+];
+/**
+* Check if a command string matches any blocked pattern.
+*
+* @returns The block reason if blocked, or null if safe.
+*/
+function isBlockedCommand(command, args = []) {
+	const fullCommand = args.length > 0 ? `${command} ${args.join(" ")}` : command;
+	for (const entry of BLOCKED_PATTERNS) if (entry.pattern.test(fullCommand)) return {
+		blocked: true,
+		reason: entry.reason
+	};
+	return { blocked: false };
+}
+//#endregion
+//#region src/safety/redact.ts
+const SECRET_PATTERNS = [
+	{
+		label: "OpenAI API key",
+		pattern: /sk-(?:proj-)?[A-Za-z0-9]{20,}/g,
+		mode: "partial"
+	},
+	{
+		label: "DeepSeek API key",
+		pattern: /dsk-[A-Za-z0-9]{20,}/g,
+		mode: "partial"
+	},
+	{
+		label: "Anthropic API key",
+		pattern: /sk-ant-(?:api\d{2}-)?[A-Za-z0-9_-]{20,}/g,
+		mode: "partial"
+	},
+	{
+		label: "GitHub token",
+		pattern: /gh[poiurse]_[A-Za-z0-9_]{36,}/g,
+		mode: "partial"
+	},
+	{
+		label: "GitHub PAT",
+		pattern: /github_pat_[A-Za-z0-9_]{36,}/g,
+		mode: "partial"
+	},
+	{
+		label: "AWS access key",
+		pattern: /AKIA[0-9A-Z]{16}/g,
+		mode: "partial"
+	},
+	{
+		label: "AWS secret key",
+		pattern: /(?<=AWS_SECRET_ACCESS_KEY[=:])\s*\S+/gi,
+		mode: "full"
+	},
+	{
+		label: "JWT token",
+		pattern: /eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+/g,
+		mode: "partial"
+	},
+	{
+		label: "Private key header",
+		pattern: /-----BEGIN (?:RSA|EC|OPENSSH|DSA|PRIVATE) KEY-----/g,
+		mode: "full"
+	},
+	{
+		label: "Generic base64 token",
+		pattern: /(?:(?:api_?key|auth_?token|access_?token|secret|password|apikey)[=:]\s*)([A-Za-z0-9+/]{32,}={0,2})/gi,
+		mode: "full"
+	}
+];
+function redactPartial(match) {
+	if (match.length < 8) return "***";
+	return match.slice(0, 4) + "..." + match.slice(-4);
+}
+/**
+* Redact all detected secrets from the given text.
+*
+* @returns The text with secrets replaced by `[REDACTED]` or `sk-...XyZ1`.
+*/
+function redactSecrets(text) {
+	let result = text;
+	for (const { pattern, mode } of SECRET_PATTERNS) result = result.replace(pattern, (match) => mode === "partial" ? redactPartial(match) : "[REDACTED]");
+	return result;
+}
+//#endregion
+export { SAFETY_LABELS, buildToolPlan, classifySensitivity as classifyPath, createMcpAuthHandler, createMemoryWriteHandler, createSendMessageHandler, createTaskHandler, createToolRegistry, escalateForSensitivePaths, evaluateAvailability, injectTaskManager, isBlockedCommand, isHeadlessSafe, isTrustedCommand, isPathSafe as isWithinWorkspace, listBuiltinDescriptors, descriptor as mcpAuthDescriptor, descriptor$1 as memoryWriteDescriptor, needsApproval, redactSecrets, registerBuiltinTools, sanitizeUnicode, descriptor$2 as sendMessageDescriptor };
+//# sourceMappingURL=index.mjs.map