@blockrun/franklin 3.6.1 → 3.6.3

package/dist/agent/bash-guard.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Bash Risk Classifier — lightweight Guardian for Franklin.
+ *
+ * Classifies bash commands into three risk levels:
+ *   safe      — read-only or standard dev commands → auto-approve
+ *   normal    — typical mutations (file writes, installs) → default ask behavior
+ *   dangerous — destructive/irreversible operations → always ask, with warning
+ *
+ * Inspired by OpenAI Codex's Guardian system, but deterministic pattern matching
+ * instead of an LLM call. Fast, predictable, zero-cost.
+ */
+export type BashRiskLevel = 'safe' | 'normal' | 'dangerous';
+export interface BashRiskResult {
+    level: BashRiskLevel;
+    reason?: string;
+}
+export declare function classifyBashRisk(command: string): BashRiskResult;

package/dist/agent/bash-guard.js

@@ -0,0 +1,158 @@
+/**
+ * Bash Risk Classifier — lightweight Guardian for Franklin.
+ *
+ * Classifies bash commands into three risk levels:
+ *   safe      — read-only or standard dev commands → auto-approve
+ *   normal    — typical mutations (file writes, installs) → default ask behavior
+ *   dangerous — destructive/irreversible operations → always ask, with warning
+ *
+ * Inspired by OpenAI Codex's Guardian system, but deterministic pattern matching
+ * instead of an LLM call. Fast, predictable, zero-cost.
+ */
+// ─── Dangerous Patterns ──────────────────────────────────────────────────
+// Checked first. If ANY pattern matches, the command is dangerous.
+const DANGEROUS_PATTERNS = [
+    // Destructive file operations
+    [/\brm\s+-[a-zA-Z]*[rR][a-zA-Z]*\s+[/~]/, 'recursive delete on root/home'],
+    [/\brm\s+-[a-zA-Z]*[rR][a-zA-Z]*f/, 'forced recursive delete'],
+    [/\brm\s+-[a-zA-Z]*f[a-zA-Z]*[rR]/, 'forced recursive delete'],
+    [/\bmkfs\b/, 'format filesystem'],
+    [/\bdd\s+.*of=/, 'raw disk write'],
+    // Git irreversible operations
+    [/\bgit\s+push\s+.*--force\b/, 'force push'],
+    [/\bgit\s+push\s+-f\b/, 'force push'],
+    [/\bgit\s+reset\s+--hard\b/, 'hard reset — discards uncommitted changes'],
+    [/\bgit\s+clean\s+-[a-zA-Z]*f/, 'git clean — deletes untracked files'],
+    [/\bgit\s+checkout\s+--\s+\./, 'discard all working changes'],
+    [/\bgit\s+branch\s+-D\b/, 'force delete branch'],
+    // Database destructive
+    [/\bDROP\s+(TABLE|DATABASE|SCHEMA)\b/i, 'drop database objects'],
+    [/\bTRUNCATE\s+TABLE\b/i, 'truncate table'],
+    // System-level danger
+    [/\bchmod\s+(-R\s+)?777\b/, 'world-writable permissions'],
+    [/\bcurl\s+.*\|\s*(sudo\s+)?(ba)?sh\b/, 'pipe URL to shell'],
+    [/\bwget\s+.*\|\s*(sudo\s+)?(ba)?sh\b/, 'pipe URL to shell'],
+    [/\bsudo\s+rm\b/, 'sudo delete'],
+    // Kill/shutdown
+    [/\bkill\s+-9\s+-1\b/, 'kill all processes'],
+    [/\bshutdown\b/, 'system shutdown'],
+    [/\breboot\b/, 'system reboot'],
+];
+// ─── Safe Commands ────────────────────────────────────────────────────────
+// If ALL segments use these commands, auto-approve.
+const SAFE_COMMANDS = new Set([
+    // Filesystem read-only
+    'ls', 'cat', 'head', 'tail', 'wc', 'du', 'df', 'file', 'stat', 'tree',
+    'find', 'grep', 'rg', 'ag', 'ack', 'which', 'whereis', 'type',
+    'echo', 'printf', 'date', 'whoami', 'hostname', 'uname', 'printenv',
+    'pwd', 'realpath', 'dirname', 'basename',
+    // Text processing (read-only when not redirecting)
+    'jq', 'yq', 'sort', 'uniq', 'cut', 'tr', 'diff', 'comm', 'less', 'more',
+    'wc', 'tee', 'xargs',
+]);
+const SAFE_GIT_SUBCOMMANDS = new Set([
+    'status', 'log', 'diff', 'show', 'branch', 'tag', 'remote',
+    'blame', 'shortlog', 'describe', 'rev-parse', 'rev-list',
+    'ls-files', 'ls-tree', 'ls-remote', 'config', 'reflog',
+]);
+const SAFE_PKG_SUBCOMMANDS = new Set([
+    'test', 'run', 'list', 'ls', 'info', 'view', 'show',
+    'outdated', 'audit', 'start', 'dev', 'serve', 'lint', 'check',
+    'why', 'explain', 'doctor',
+]);
+const SAFE_CARGO_SUBCOMMANDS = new Set([
+    'test', 'check', 'clippy', 'build', 'run', 'bench', 'doc',
+    'fmt', 'tree', 'metadata', 'verify-project',
+]);
+// ─── Classifier ──────────────────────────────────────────────────────────
+export function classifyBashRisk(command) {
+    // 1. Check dangerous patterns first (highest priority)
+    for (const [pattern, reason] of DANGEROUS_PATTERNS) {
+        if (pattern.test(command)) {
+            return { level: 'dangerous', reason };
+        }
+    }
+    // 2. Check if every segment is a known-safe command
+    const segments = command.split(/\s*(?:&&|\|\||[;|])\s*/);
+    let allSafe = true;
+    for (const segment of segments) {
+        const trimmed = segment.trim();
+        if (!trimmed)
+            continue;
+        if (!isSegmentSafe(trimmed)) {
+            allSafe = false;
+            break;
+        }
+    }
+    if (allSafe && segments.some(s => s.trim().length > 0)) {
+        return { level: 'safe' };
+    }
+    return { level: 'normal' };
+}
+function isSegmentSafe(segment) {
+    // Parse: strip env vars, extract command and args
+    const words = segment.split(/\s+/).filter(w => !w.includes('='));
+    let idx = 0;
+    let cmd = words[idx] || '';
+    // Strip harmless prefixes
+    while (['time', 'nice'].includes(cmd) && idx < words.length - 1) {
+        cmd = words[++idx] || '';
+    }
+    // sudo → not safe (even if the underlying command is safe)
+    if (cmd === 'sudo')
+        return false;
+    const baseName = cmd.split('/').pop() || cmd;
+    const argIdx = idx + 1;
+    const subCmd = words[argIdx] || '';
+    // git
+    if (baseName === 'git') {
+        return SAFE_GIT_SUBCOMMANDS.has(subCmd);
+    }
+    // npm / yarn / pnpm / bun / npx
+    if (['npm', 'npx', 'yarn', 'pnpm', 'bun'].includes(baseName)) {
+        // "npm run <script>" — safe (dev servers, linters, etc.)
+        if (subCmd === 'run')
+            return true;
+        return SAFE_PKG_SUBCOMMANDS.has(subCmd);
+    }
+    // cargo
+    if (baseName === 'cargo') {
+        return SAFE_CARGO_SUBCOMMANDS.has(subCmd);
+    }
+    // rtk (RTK wrapper — safe, it's a proxy)
+    if (baseName === 'rtk')
+        return true;
+    // Known safe base command
+    if (SAFE_COMMANDS.has(baseName)) {
+        // sed -i is not read-only
+        if (baseName === 'sed' && segment.includes(' -i'))
+            return false;
+        // Output redirection means writing — not safe
+        if (/>\s*[^&|]/.test(segment))
+            return false;
+        return true;
+    }
+    // Version/help checks are always safe
+    if (/\s+(-v|--version|-V)\s*$/.test(segment))
+        return true;
+    if (/\s+(-h|--help)\s*$/.test(segment))
+        return true;
+    // gh (GitHub CLI) read-only commands
+    if (baseName === 'gh') {
+        const ghAction = words.slice(argIdx, argIdx + 2).join(' ');
+        if (/^(pr|issue|repo|release|run)\s+(view|list|status|diff|checks|comments)/.test(ghAction))
+            return true;
+        if (subCmd === 'api')
+            return true; // gh api is read-only (GET)
+        if (subCmd === 'auth' && words[argIdx + 1] === 'status')
+            return true;
+        return false;
+    }
+    // docker/podman read-only
+    if (baseName === 'docker' || baseName === 'podman') {
+        if (['ps', 'images', 'inspect', 'logs', 'stats', 'top', 'port', 'version', 'info'].includes(subCmd))
+            return true;
+        return false;
+    }
+    return false;
+}

package/dist/agent/compact.js

@@ -22,9 +22,9 @@ Critical rules:
 - Preserve EXACT file paths, function names, line numbers, variable names
 - Preserve EXACT error messages and stack traces (verbatim)
 - Preserve user preferences and corrections (especially "don't do X" instructions)
-- Preserve decisions with their rationale (not just the decision)
+- Preserve decisions WITH their rationale — "changed X to Y because Z was broken" (1-2 sentences per decision)
 - Include full code snippets and function signatures when they are load-bearing
-- DO NOT include reasoning that led to decisions — only the decisions themselves
+- DO NOT include verbose reasoning chains — summarize the WHY in 1-2 sentences, not paragraphs
 - DO NOT include pleasantries, meta-commentary, or apologies
 - Use bullet points inside each section
 - Be specific: "edited src/foo.ts:42 to add error handling" not "made some changes"
@@ -46,7 +46,7 @@ Then produce the summary inside <summary> tags using these exact section headers
 [Any errors encountered, their root causes, and how they were resolved — this prevents re-investigating the same issues]
 
 ## Decisions
-[Key decisions made, each with its rationale]
+[Each decision: what was chosen, why, and what constraint/goal drove it. Format: "Chose X over Y because Z." — losing the WHY causes rework later]
 
 ## Files Modified
 [Each file touched, with a one-line description of what changed and why]

package/dist/agent/loop.js

@@ -405,7 +405,15 @@ export async function interactiveSession(config, getUserInput, onEvent, onAbortR
             // Create streaming executor for concurrent tool execution
             const streamExec = new StreamingExecutor({
                 handlers: capabilityMap,
-                scope: { workingDir: workDir, abortSignal: abort.signal, onAskUser: config.onAskUser },
+                scope: {
+                    workingDir: workDir,
+                    abortSignal: abort.signal,
+                    onAskUser: config.onAskUser,
+                    parentContext: {
+                        goal: lastUserInput?.slice(0, 200),
+                        recentFiles: [...readFileCache].slice(-10),
+                    },
+                },
                 permissions,
                 guard: toolGuard,
                 onStart: (id, name, preview) => onEvent({ kind: 'capability_start', id, name, preview }),

package/dist/agent/permissions.js

@@ -7,6 +7,31 @@ import path from 'node:path';
 import readline from 'node:readline';
 import chalk from 'chalk';
 import { BLOCKRUN_DIR } from '../config.js';
+import { classifyBashRisk } from './bash-guard.js';
+// ─── Common dev command patterns (auto-allow without prompting) ──────────
+// These are "normal" risk commands that are too common to interrupt the user.
+// Only applied when --trust flag is set (user explicitly opted into auto-mode).
+const COMMON_DEV_PATTERNS = [
+    /^npm\s+(install|i|ci|run|exec|test|start|build|lint|format|outdated|ls|list|info|view|pack)\b/,
+    /^(pnpm|yarn|bun)\s+(install|add|run|test|build|lint|exec)\b/,
+    /^pip3?\s+install\b/,
+    /^python3?\s+/,
+    /^node\s+/,
+    /^(pytest|jest|vitest|mocha)\b/,
+    /^(tsc|eslint|prettier|biome)\b/,
+    /^git\s+(add|commit|push|pull|fetch|status|diff|log|branch|checkout|switch|merge|rebase|stash|tag|remote|show)\b/,
+    /^(cat|head|tail|wc|sort|uniq|diff|file|which|whoami|hostname|uname|date|echo)\b/,
+    /^(ls|pwd|cd|mkdir|touch)\b/,
+    /^(docker|docker-compose)\s+(ps|logs|images|inspect|stats|exec|build|run|pull)\b/,
+    /^(curl|wget)\s+/,
+    /^make\b/,
+    /^cargo\s+(build|test|check|clippy|run|bench|doc|fmt)\b/,
+    /^go\s+(build|test|run|vet|fmt|mod)\b/,
+];
+function isCommonDevCommand(cmd) {
+    const trimmed = cmd.trim();
+    return COMMON_DEV_PATTERNS.some(p => p.test(trimmed));
+}
 // ─── Default Rules ─────────────────────────────────────────────────────────
 const READ_ONLY_TOOLS = new Set(['Read', 'Glob', 'Grep', 'WebSearch', 'Task', 'AskUser', 'ImageGen', 'TradingSignal', 'TradingMarket', 'SearchX']);
 const DESTRUCTIVE_TOOLS = new Set(['Write', 'Edit', 'Bash']);
@@ -61,8 +86,17 @@ export class PermissionManager {
         if (this.matchesRule(toolName, input, this.rules.allow)) {
             return { behavior: 'allow', reason: 'allowed by rule' };
         }
-        // Check explicit ask rules
+        // Check explicit ask rules — with Bash risk classification
         if (this.matchesRule(toolName, input, this.rules.ask)) {
+            // Bash Guardian: classify risk before blindly asking
+            if (toolName === 'Bash') {
+                const cmd = input.command || '';
+                const risk = classifyBashRisk(cmd);
+                if (risk.level === 'safe') {
+                    return { behavior: 'allow', reason: 'safe command' };
+                }
+                // dangerous and normal both ask, but dangerous gets a warning in describeAction
+            }
             return { behavior: 'ask' };
         }
         // Default: read-only tools are auto-allowed, others ask
@@ -179,7 +213,12 @@ export class PermissionManager {
         switch (toolName) {
             case 'Bash': {
                 const cmd = input.command || '';
-                return `Execute: ${cmd.length > 100 ? cmd.slice(0, 100) + '...' : cmd}`;
+                const preview = cmd.length > 100 ? cmd.slice(0, 100) + '...' : cmd;
+                const risk = classifyBashRisk(cmd);
+                if (risk.level === 'dangerous') {
+                    return `\x1b[31m⚠ DANGEROUS: ${risk.reason}\x1b[0m\n  │ Execute: ${preview}`;
+                }
+                return `Execute: ${preview}`;
             }
             case 'Write': {
                 const fp = input.file_path || '';

package/dist/agent/tokens.js

@@ -180,7 +180,7 @@ const MODEL_CONTEXT_WINDOWS = {
     'xai/grok-4-0709': 131_072,
     'xai/grok-4-1-fast-reasoning': 131_072,
     // Others
-    'zai/glm-5.1': 128_000,
+    'zai/glm-5.1': 200_000,
     'moonshot/kimi-k2.5': 128_000,
     'minimax/minimax-m2.7': 128_000,
 };

package/dist/agent/types.d.ts

@@ -67,6 +67,11 @@ export interface ExecutionScope {
     onProgress?: (text: string) => void;
     /** Routes AskUser questions through ink UI input to avoid raw-mode stdin conflict */
     onAskUser?: (question: string, options?: string[]) => Promise<string>;
+    /** Context from parent agent — helps sub-agents avoid duplicate work */
+    parentContext?: {
+        goal?: string;
+        recentFiles?: string[];
+    };
 }
 export interface StreamTextDelta {
     kind: 'text_delta';

package/dist/mcp/client.js

@@ -79,6 +79,42 @@ async function connectStdio(name, config) {
             concurrent: true, // MCP tools are safe to run concurrently
         });
     }
+    // Discover resources (optional — not all servers expose resources)
+    try {
+        const { resources: mcpResources } = await client.listResources();
+        for (const resource of mcpResources) {
+            const resourceToolName = `mcp__${name}__read_${resource.name.replace(/[^a-zA-Z0-9_]/g, '_')}`;
+            const resourceDesc = resource.description
+                ? `Read resource: ${resource.description}`.slice(0, 2048)
+                : `Read MCP resource "${resource.name}" from ${name}`;
+            capabilities.push({
+                spec: {
+                    name: resourceToolName,
+                    description: resourceDesc,
+                    input_schema: { type: 'object', properties: {}, required: [] },
+                },
+                execute: async () => {
+                    try {
+                        const result = await client.readResource({ uri: resource.uri });
+                        const output = result.contents
+                            ?.map(c => c.text ?? `[resource: ${c.uri}]`)
+                            ?.join('\n') || JSON.stringify(result.contents);
+                        return { output, isError: false };
+                    }
+                    catch (err) {
+                        return {
+                            output: `MCP resource error (${name}/${resource.name}): ${err.message}`,
+                            isError: true,
+                        };
+                    }
+                },
+                concurrent: true,
+            });
+        }
+    }
+    catch {
+        // Server doesn't support resources — that's fine, tools-only mode
+    }
     const connected = { name, client, transport, tools: capabilities };
     connections.set(name, connected);
     return connected;

package/dist/pricing.js

@@ -73,7 +73,7 @@ export const MODEL_PRICING = {
     'zai/glm-5': { input: 0, output: 0, perCall: 0.001 },
     'zai/glm-5.1': { input: 0, output: 0, perCall: 0.001 },
     'zai/glm-5-turbo': { input: 0, output: 0, perCall: 0.001 },
-    'zai/glm-5.1-turbo': { input: 0, output: 0, perCall: 0.001 },
+    'zai/glm-5.1-turbo': { input: 0, output: 0, perCall: 0.001 }, // client alias for zai/glm-5-turbo
 };
 /** Opus pricing for savings calculations */
 export const OPUS_PRICING = MODEL_PRICING['anthropic/claude-opus-4.6'];

package/dist/tools/bash.js

@@ -51,7 +51,26 @@ function compressOutput(command, output) {
         else if (sub === 'install')
             out = compressInstall(out);
     }
-    // 7. Always collapse excessive blank lines
+    // 7. Python — pip install, pytest, python scripts
+    else if (/^(pip|pip3)\s+install\b/.test(fullCmd)) {
+        out = compressInstall(out);
+    }
+    else if (/^(pytest|python.*-m\s+pytest)\b/.test(fullCmd)) {
+        out = compressTests(out);
+    }
+    // 8. Docker — strip layer hashes, progress bars, keep errors + summary
+    else if (/^docker\s+(build|run|pull|push|compose)\b/.test(fullCmd)) {
+        out = compressDocker(out);
+    }
+    // 9. curl/wget — strip progress bars, keep response
+    else if (/^(curl|wget)\b/.test(fullCmd)) {
+        out = compressDownload(out);
+    }
+    // 10. Make — keep errors/warnings, drop recipe lines
+    else if (cmd === 'make') {
+        out = compressBuild(out);
+    }
+    // 11. Always collapse excessive blank lines
     out = collapseBlankLines(out);
     return out;
 }
@@ -161,6 +180,42 @@ function compressBuild(out) {
     });
     return collapseBlankLines(kept.join('\n')).trim() || out.trim();
 }
+function compressDocker(out) {
+    const lines = out.split('\n');
+    const kept = lines.filter(l => {
+        const t = l.trim();
+        // Drop layer progress: "sha256:abc123: Pulling fs layer" / "Downloading [==>  ]"
+        if (/^[a-f0-9]{12}:\s*(Pull|Wait|Download|Extract|Verif|Already)/.test(t))
+            return false;
+        // Drop download/upload progress bars
+        if (/^\[[\s=>#]+\]/.test(t) || /\d+(\.\d+)?%/.test(t) && t.length < 80)
+            return false;
+        // Drop "Sending build context" progress
+        if (/^Sending build context/.test(t))
+            return false;
+        return true;
+    });
+    return collapseBlankLines(kept.join('\n')).trim() || out.trim();
+}
+function compressDownload(out) {
+    const lines = out.split('\n');
+    const kept = lines.filter(l => {
+        const t = l.trim();
+        // Drop curl progress bars: "  % Total    % Received..."
+        if (/^\s*%\s+Total/.test(t))
+            return false;
+        if (/^\s*\d+\s+\d+[kMG]?\s+\d+\s+\d+[kMG]?/.test(t) && t.length < 100)
+            return false;
+        // Drop wget progress: "2024-01-01 12:00:00 (1.23 MB/s) - saved"
+        if (/^\d{4}-\d{2}-\d{2}.*saved/.test(t))
+            return false;
+        // Drop download percentage lines
+        if (/^\s*\d+%\s/.test(t))
+            return false;
+        return true;
+    });
+    return collapseBlankLines(kept.join('\n')).trim() || out.trim();
+}
 const backgroundTasks = new Map();
 let bgTaskCounter = 0;
 /** Get a background task's result (called by the agent to check status). */

package/dist/tools/subagent.js

@@ -24,7 +24,22 @@ async function execute(input, ctx) {
     }
     const toolDefs = subTools.map(c => c.spec);
     const systemInstructions = assembleInstructions(ctx.workingDir);
-    const systemPrompt = systemInstructions.join('\n\n');
+    // Inject parent context so sub-agent avoids duplicate work
+    let parentContextSection = '';
+    if (ctx.parentContext) {
+        const parts = [];
+        if (ctx.parentContext.goal) {
+            parts.push(`Parent task: ${ctx.parentContext.goal}`);
+        }
+        if (ctx.parentContext.recentFiles && ctx.parentContext.recentFiles.length > 0) {
+            parts.push(`Files already read by parent: ${ctx.parentContext.recentFiles.join(', ')}`);
+            parts.push('Do not re-read these files unless you need to verify a change.');
+        }
+        if (parts.length > 0) {
+            parentContextSection = '\n\n# Parent Agent Context\n' + parts.join('\n');
+        }
+    }
+    const systemPrompt = systemInstructions.join('\n\n') + parentContextSection;
     const history = [
         { role: 'user', content: prompt },
     ];

package/dist/tools/websearch.js

@@ -91,6 +91,31 @@ function parseDuckDuckGoResults(html, maxResults) {
             snippet: stripTags(snippet?.[1] || '').trim(),
         });
     }
+    // Last resort: if both parsers failed, extract ANY external links from the page
+    // Partial results are better than "No results found" when the page loaded OK
+    if (results.length === 0) {
+        const allLinks = /<a[^>]*href="([^"]*)"[^>]*>([\s\S]*?)<\/a>/gi;
+        let match;
+        while ((match = allLinks.exec(html)) !== null && results.length < maxResults) {
+            let url = match[1] || '';
+            const text = stripTags(match[2]).trim();
+            // Must be a real external URL with meaningful text
+            if (!text || text.length < 4)
+                continue;
+            if (url.startsWith('/') || url.includes('duckduckgo.com'))
+                continue;
+            // Extract from DDG redirect wrapper
+            const uddg = url.match(/uddg=([^&]+)/);
+            if (uddg)
+                url = decodeURIComponent(uddg[1]);
+            if (!url.startsWith('http'))
+                continue;
+            if (seenUrls.has(url))
+                continue;
+            seenUrls.add(url);
+            results.push({ title: text, url, snippet: '' });
+        }
+    }
     return results;
 }
 function stripTags(html) {

package/dist/ui/app.js

@@ -13,6 +13,7 @@ import { renderMarkdown } from './markdown.js';
 import { resolveModel, PICKER_CATEGORIES, PICKER_MODELS_FLAT, } from './model-picker.js';
 import { estimateCost } from '../pricing.js';
 import { formatTokens, shortModelName } from '../stats/format.js';
+import { mouse } from './mouse.js';
 // ─── Full-width input box ──────────────────────────────────────────────────
 function InputBox({ input, setInput, onSubmit, model, balance, sessionCost, queued, queuedCount, focused, busy, contextPct, vimMode, onVimModeChange }) {
     const { stdout } = useStdout();
@@ -80,6 +81,37 @@ function RunCodeApp({ initialModel, workDir, walletAddress, walletBalance, chain
     // Messages queued while agent is busy — auto-submitted FIFO when turns complete.
     const [queuedInputs, setQueuedInputs] = useState([]);
     const turnDoneCallbackRef = useRef(null);
+    // ── Render throttling: batch rapid text_delta/thinking_delta into 50ms frames ──
+    // Without this, each delta (20-100/sec) triggers a full React re-render.
+    // With this, we accumulate in refs and flush at ~20fps — smooth and efficient.
+    const pendingTextRef = useRef('');
+    const pendingThinkingRef = useRef('');
+    const flushTimerRef = useRef(null);
+    const flushPendingText = useCallback(() => {
+        flushTimerRef.current = null;
+        const text = pendingTextRef.current;
+        const thinking = pendingThinkingRef.current;
+        if (text) {
+            pendingTextRef.current = '';
+            setWaiting(false);
+            setThinking(false);
+            setStreamText(prev => prev + text);
+        }
+        if (thinking) {
+            pendingThinkingRef.current = '';
+            setWaiting(false);
+            setThinking(true);
+            setThinkingText(prev => {
+                const updated = prev + thinking;
+                return updated.length > 500 ? updated.slice(-500) : updated;
+            });
+        }
+    }, []);
+    const scheduleFlush = useCallback(() => {
+        if (!flushTimerRef.current) {
+            flushTimerRef.current = setTimeout(flushPendingText, 50);
+        }
+    }, [flushPendingText]);
     // Refs to read current state values inside memoized event handlers (avoids stale closures)
     const streamTextRef = useRef('');
     const turnTokensRef = useRef({ input: 0, output: 0, calls: 0 });
@@ -110,15 +142,19 @@ function RunCodeApp({ initialModel, workDir, walletAddress, walletBalance, chain
     const commitResponse = useCallback((text, tokens = turnTokensRef.current, cost = turnCostRef.current) => {
         if (!text.trim())
             return;
-        setCommittedResponses((rs) => [...rs, {
-                key: String(Date.now() + Math.random()),
-                text,
-                tokens,
-                cost,
-                model: turnModelRef.current,
-                tier: turnTierRef.current,
-                savings: turnSavingsRef.current,
-            }]);
+        setCommittedResponses((rs) => {
+            const next = [...rs, {
+                    key: String(Date.now() + Math.random()),
+                    text,
+                    tokens,
+                    cost,
+                    model: turnModelRef.current,
+                    tier: turnTierRef.current,
+                    savings: turnSavingsRef.current,
+                }];
+            // Cap at 300 items — older items are already in terminal scrollback
+            return next.length > 300 ? next.slice(-300) : next;
+        });
         const allLines = text.split('\n');
         if (allLines.length > 20) {
             setResponsePreview('  ↑ scroll to see full reply\n' + allLines.slice(-20).join('\n'));
@@ -359,6 +395,25 @@ function RunCodeApp({ initialModel, workDir, walletAddress, walletBalance, chain
         turnSavingsRef.current = undefined;
         onSubmit(trimmed);
     }, [ready, currentModel, totalCost, onSubmit, onModelChange, onAbort, onExit, exit, lastPrompt, inputHistory, showStatus]);
+    // Mouse support — clicks toggle tool results, drag selects text
+    useEffect(() => {
+        const cleanup = mouse.enable();
+        const handleClick = (_event) => {
+            // Click: toggle expandable tool
+            setExpandableTool(prev => prev ? { ...prev, expanded: !prev.expanded } : null);
+        };
+        const handleCopied = (info) => {
+            // Show status when text is copied via drag-select
+            showStatus(`Copied ${info.length} chars to clipboard`, 'success', 2000);
+        };
+        mouse.on('click', handleClick);
+        mouse.on('copied', handleCopied);
+        return () => {
+            mouse.removeListener('click', handleClick);
+            mouse.removeListener('copied', handleCopied);
+            cleanup();
+        };
+    }, []);
     // Expose event handler, balance updater, and permission bridge
     useEffect(() => {
         globalThis.__runcode_ui = {
@@ -390,18 +445,14 @@ function RunCodeApp({ initialModel, workDir, walletAddress, walletBalance, chain
             handleEvent: (event) => {
                 switch (event.kind) {
                     case 'text_delta':
-                        setWaiting(false);
-                        setThinking(false);
-                        setStreamText(prev => prev + event.text);
+                        // Throttled: accumulate in ref, flush every 50ms (~20fps)
+                        pendingTextRef.current += event.text;
+                        scheduleFlush();
                         break;
                     case 'thinking_delta':
-                        setWaiting(false);
-                        setThinking(true);
-                        setThinkingText(prev => {
-                            // Keep last 500 chars of thinking for display
-                            const updated = prev + event.text;
-                            return updated.length > 500 ? updated.slice(-500) : updated;
-                        });
+                        // Throttled: accumulate in ref, flush every 50ms
+                        pendingThinkingRef.current += event.text;
+                        scheduleFlush();
                         break;
                     case 'capability_start':
                         setWaiting(false);
@@ -492,6 +543,17 @@ function RunCodeApp({ initialModel, workDir, walletAddress, walletBalance, chain
                         break;
                     }
                     case 'turn_done': {
+                        // Flush any pending throttled text immediately
+                        if (flushTimerRef.current) {
+                            clearTimeout(flushTimerRef.current);
+                            flushTimerRef.current = null;
+                        }
+                        // Merge pending text into the ref so commitResponse sees the full text
+                        if (pendingTextRef.current) {
+                            streamTextRef.current += pendingTextRef.current;
+                            pendingTextRef.current = '';
+                        }
+                        pendingThinkingRef.current = '';
                         // Flush expandable tool to Static before committing response
                         setExpandableTool(prev => {
                             if (prev)
@@ -649,7 +711,7 @@ export function launchInkUI(opts) {
             return new Promise((resolve) => { resolveInput = resolve; });
         },
         onAbort: (cb) => { abortCallback = cb; },
-        cleanup: () => { instance.unmount(); },
+        cleanup: () => { mouse.disable(); instance.unmount(); },
         requestPermission: (toolName, description) => {
             const ui = globalThis.__runcode_ui;
             return ui?.requestPermission(toolName, description) ?? Promise.resolve('no');

package/dist/ui/model-picker.js

@@ -54,7 +54,7 @@ export const MODEL_SHORTCUTS = {
     // Others
     minimax: 'minimax/minimax-m2.7',
     glm: 'zai/glm-5.1',
-    'glm-turbo': 'zai/glm-5.1-turbo',
+    'glm-turbo': 'zai/glm-5-turbo',
     'glm5': 'zai/glm-5.1',
     kimi: 'moonshot/kimi-k2.5',
 };
@@ -79,7 +79,7 @@ export const PICKER_CATEGORIES = [
         category: '🔥 Promo (flat $0.001/call)',
         models: [
             { id: 'zai/glm-5.1', shortcut: 'glm', label: 'GLM-5.1', price: '$0.001/call', highlight: true },
-            { id: 'zai/glm-5.1-turbo', shortcut: 'glm-turbo', label: 'GLM-5.1 Turbo', price: '$0.001/call', highlight: true },
+            { id: 'zai/glm-5-turbo', shortcut: 'glm-turbo', label: 'GLM-5 Turbo', price: '$0.001/call', highlight: true },
         ],
     },
     {

package/dist/ui/mouse.d.ts

@@ -0,0 +1,43 @@
+/**
+ * Mouse event support for Ink terminal UI.
+ * - SGR extended mouse tracking (DECSET 1000+1002+1006)
+ * - Click detection (left click → 'click' event)
+ * - Drag detection with text selection (press → motion → release)
+ * - Stdout interception for screen text buffer
+ * - Clipboard copy on drag-select
+ */
+import { EventEmitter } from 'node:events';
+export interface MouseEvent {
+    button: 'left' | 'middle' | 'right' | 'wheel-up' | 'wheel-down';
+    action: 'press' | 'release' | 'drag';
+    col: number;
+    row: number;
+}
+export interface Selection {
+    startRow: number;
+    startCol: number;
+    endRow: number;
+    endCol: number;
+    text: string;
+}
+declare class MouseManager extends EventEmitter {
+    private enabled;
+    private stdinListener;
+    private screen;
+    private dragState;
+    private pressPos;
+    private dragPos;
+    /**
+     * Enable mouse tracking + screen buffer. Returns cleanup function.
+     */
+    enable(): () => void;
+    private handleLeftButton;
+    /**
+     * Disable mouse tracking and clean up.
+     */
+    disable(): void;
+    isEnabled(): boolean;
+}
+/** Singleton mouse manager. */
+export declare const mouse: MouseManager;
+export {};

package/dist/ui/mouse.js

@@ -0,0 +1,267 @@
+/**
+ * Mouse event support for Ink terminal UI.
+ * - SGR extended mouse tracking (DECSET 1000+1002+1006)
+ * - Click detection (left click → 'click' event)
+ * - Drag detection with text selection (press → motion → release)
+ * - Stdout interception for screen text buffer
+ * - Clipboard copy on drag-select
+ */
+import { EventEmitter } from 'node:events';
+import { execSync } from 'node:child_process';
+// ─── Terminal escape sequences ────────────────────────────────────────────
+const ENABLE_MOUSE = '\x1b[?1000h' + // Normal mouse tracking (clicks + wheel)
+    '\x1b[?1002h' + // Button-motion tracking (drag events)
+    '\x1b[?1006h'; // SGR extended format (readable coordinates)
+const DISABLE_MOUSE = '\x1b[?1006l' +
+    '\x1b[?1002l' +
+    '\x1b[?1000l';
+// SGR mouse event format: ESC [ < button ; col ; row M (press) or m (release)
+const SGR_MOUSE_RE = /\x1b\[<(\d+);(\d+);(\d+)([Mm])/g;
+// Strip ANSI escape sequences to get plain text
+const ANSI_RE = /\x1b\[[0-9;]*[a-zA-Z]|\x1b\].*?\x07|\x1b[()][012AB]|\x1b\[[\?=]?\d*[hlJKHfABCDEFGSTm]/g;
+function stripAnsi(text) {
+    return text.replace(ANSI_RE, '');
+}
+// ─── Screen Buffer ───────────────────────────────────────────────────────
+// Lightweight stdout interceptor that captures rendered text lines.
+// Doesn't parse ANSI cursor movement — just stores line content as written.
+class ScreenBuffer {
+    lines = [];
+    maxLines = 500; // ring buffer
+    originalWrite = null;
+    capturing = false;
+    start() {
+        if (this.capturing)
+            return;
+        this.capturing = true;
+        this.lines = [];
+        // Intercept stdout.write to capture rendered text
+        this.originalWrite = process.stdout.write.bind(process.stdout);
+        const self = this;
+        process.stdout.write = function (chunk, ...args) {
+            // Capture the text
+            const text = typeof chunk === 'string' ? chunk : chunk.toString('utf-8');
+            self.addText(text);
+            // Pass through to original
+            return self.originalWrite(chunk, ...args);
+        };
+    }
+    stop() {
+        if (!this.capturing)
+            return;
+        this.capturing = false;
+        if (this.originalWrite) {
+            process.stdout.write = this.originalWrite;
+            this.originalWrite = null;
+        }
+    }
+    addText(text) {
+        // Split into lines and store plain text (ANSI stripped)
+        const plain = stripAnsi(text);
+        const newLines = plain.split('\n');
+        for (const line of newLines) {
+            if (line.length > 0) {
+                this.lines.push(line);
+            }
+        }
+        // Cap ring buffer
+        if (this.lines.length > this.maxLines) {
+            this.lines = this.lines.slice(-this.maxLines);
+        }
+    }
+    /**
+     * Get text between two screen coordinates.
+     * Uses the stored text buffer — approximate but good enough for selection.
+     */
+    getTextInRange(startRow, startCol, endRow, endCol) {
+        // Normalize direction
+        let r1 = startRow, c1 = startCol, r2 = endRow, c2 = endCol;
+        if (r1 > r2 || (r1 === r2 && c1 > c2)) {
+            [r1, c1, r2, c2] = [r2, c2, r1, c1];
+        }
+        // Map screen rows to buffer lines
+        // Screen rows are relative to current viewport. Our buffer stores
+        // recent lines. We use terminal rows to estimate offset.
+        const termRows = process.stdout.rows || 24;
+        const bufLen = this.lines.length;
+        // Last N lines correspond to the visible screen
+        const startIdx = Math.max(0, bufLen - termRows + r1);
+        const endIdx = Math.max(0, bufLen - termRows + r2);
+        if (startIdx >= bufLen)
+            return '';
+        const selected = [];
+        for (let i = startIdx; i <= Math.min(endIdx, bufLen - 1); i++) {
+            const line = this.lines[i] || '';
+            if (i === startIdx && i === endIdx) {
+                // Single line selection
+                selected.push(line.slice(c1, c2 + 1));
+            }
+            else if (i === startIdx) {
+                selected.push(line.slice(c1));
+            }
+            else if (i === endIdx) {
+                selected.push(line.slice(0, c2 + 1));
+            }
+            else {
+                selected.push(line);
+            }
+        }
+        return selected.join('\n').trim();
+    }
+}
+// ─── Clipboard ───────────────────────────────────────────────────────────
+function copyToClipboard(text) {
+    if (!text)
+        return false;
+    try {
+        if (process.platform === 'darwin') {
+            execSync('pbcopy', { input: text, timeout: 2000 });
+        }
+        else if (process.platform === 'linux') {
+            // Try xclip first, then xsel
+            try {
+                execSync('xclip -selection clipboard', { input: text, timeout: 2000 });
+            }
+            catch {
+                execSync('xsel --clipboard --input', { input: text, timeout: 2000 });
+            }
+        }
+        else if (process.platform === 'win32') {
+            execSync('clip', { input: text, timeout: 2000 });
+        }
+        else {
+            return false;
+        }
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+class MouseManager extends EventEmitter {
+    enabled = false;
+    stdinListener = null;
+    screen = new ScreenBuffer();
+    // Drag state machine
+    dragState = 'idle';
+    pressPos = { row: 0, col: 0 };
+    dragPos = { row: 0, col: 0 };
+    /**
+     * Enable mouse tracking + screen buffer. Returns cleanup function.
+     */
+    enable() {
+        if (this.enabled)
+            return () => { };
+        this.enabled = true;
+        // Start screen buffer capture
+        this.screen.start();
+        // Write enable sequences
+        process.stdout.write(ENABLE_MOUSE);
+        this.stdinListener = (data) => {
+            const str = data.toString('utf-8');
+            let match;
+            SGR_MOUSE_RE.lastIndex = 0;
+            while ((match = SGR_MOUSE_RE.exec(str)) !== null) {
+                const btnCode = parseInt(match[1], 10);
+                const col = parseInt(match[2], 10) - 1; // 1-indexed → 0-indexed
+                const row = parseInt(match[3], 10) - 1;
+                const isPress = match[4] === 'M';
+                // Decode button
+                const baseBtn = btnCode & 0x03;
+                const isWheel = (btnCode & 0x40) !== 0;
+                const isMotion = (btnCode & 0x20) !== 0; // Bit 5 = motion
+                let button;
+                if (isWheel) {
+                    button = baseBtn === 0 ? 'wheel-up' : 'wheel-down';
+                }
+                else {
+                    button = baseBtn === 0 ? 'left' : baseBtn === 1 ? 'middle' : 'right';
+                }
+                const action = isMotion ? 'drag' : (isPress ? 'press' : 'release');
+                const event = { button, action, col, row };
+                this.emit('mouse', event);
+                // ── Drag state machine (left button only) ──
+                if (button === 'left') {
+                    this.handleLeftButton(action, row, col);
+                }
+            }
+        };
+        process.stdin.on('data', this.stdinListener);
+        return () => this.disable();
+    }
+    handleLeftButton(action, row, col) {
+        switch (this.dragState) {
+            case 'idle':
+                if (action === 'press') {
+                    this.dragState = 'pressing';
+                    this.pressPos = { row, col };
+                    this.dragPos = { row, col };
+                }
+                break;
+            case 'pressing':
+                if (action === 'drag') {
+                    // Movement detected — it's a drag, not a click
+                    const dist = Math.abs(row - this.pressPos.row) + Math.abs(col - this.pressPos.col);
+                    if (dist >= 2) { // Threshold to distinguish drag from click
+                        this.dragState = 'dragging';
+                        this.dragPos = { row, col };
+                        this.emit('drag-start', { ...this.pressPos });
+                    }
+                }
+                else if (action === 'release') {
+                    // Press → release without drag = click
+                    this.dragState = 'idle';
+                    this.emit('click', { button: 'left', action: 'press', col, row });
+                }
+                break;
+            case 'dragging':
+                if (action === 'drag') {
+                    this.dragPos = { row, col };
+                    this.emit('drag-move', { row, col });
+                }
+                else if (action === 'release') {
+                    // Drag complete — extract text and copy to clipboard
+                    const text = this.screen.getTextInRange(this.pressPos.row, this.pressPos.col, row, col);
+                    this.dragState = 'idle';
+                    if (text.length > 0) {
+                        const copied = copyToClipboard(text);
+                        const selection = {
+                            startRow: this.pressPos.row,
+                            startCol: this.pressPos.col,
+                            endRow: row,
+                            endCol: col,
+                            text,
+                        };
+                        this.emit('selection', selection);
+                        if (copied) {
+                            this.emit('copied', { text, length: text.length });
+                        }
+                    }
+                }
+                break;
+        }
+    }
+    /**
+     * Disable mouse tracking and clean up.
+     */
+    disable() {
+        if (!this.enabled)
+            return;
+        this.enabled = false;
+        this.dragState = 'idle';
+        if (this.stdinListener) {
+            process.stdin.removeListener('data', this.stdinListener);
+            this.stdinListener = null;
+        }
+        this.screen.stop();
+        try {
+            process.stdout.write(DISABLE_MOUSE);
+        }
+        catch {
+            // Ignore write errors during cleanup
+        }
+    }
+    isEnabled() { return this.enabled; }
+}
+/** Singleton mouse manager. */
+export const mouse = new MouseManager();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blockrun/franklin",
-  "version": "3.6.1",
+  "version": "3.6.3",
   "description": "Franklin — The AI agent with a wallet. Spends USDC autonomously to get real work done. Pay per action, no subscriptions.",
   "type": "module",
   "exports": {