@brutalist/mcp 0.8.1 → 1.0.0

package/dist/cli-agents.js

@@ -1,5 +1,5 @@
 import { spawn, exec } from 'child_process';
-import { realpathSync } from 'fs';
+import { promises as fs, realpathSync } from 'fs';
 import { promisify } from 'util';
 import { logger } from './logger.js';
 // Configurable timeouts and limits
@@ -17,19 +17,37 @@ const activeProcesses = new Map();
 export const AVAILABLE_MODELS = {
     claude: {
         default: undefined, // Uses user's configured model (respects preferences)
-        aliases: ['opus', 'sonnet', 'haiku'],
-        full: ['claude-opus-4-1-20250805', 'claude-sonnet-4-20250514'],
-        recommended: 'opus' // Highest capacity Claude model
+        aliases: ['opus', 'sonnet', 'haiku', 'opus-4.5', 'sonnet-4.5'],
+        full: [
+            'claude-opus-4-5-20251101',
+            'claude-sonnet-4-5-20250929',
+            'claude-haiku-4-5-20251001',
+            'claude-opus-4-1-20250805'
+        ],
+        recommended: 'claude-opus-4-5-20251101' // Highest capacity Claude model
     },
     codex: {
         default: undefined, // Uses Codex CLI's default model (stays current automatically)
-        models: ['gpt-5.1-codex-max', 'gpt-5.1-codex', 'gpt-5.1-codex-mini', 'gpt-5-codex', 'gpt-5', 'o4-mini'],
+        models: [
+            'gpt-5.1-codex-max',
+            'gpt-5.1-codex',
+            'gpt-5.1',
+            'gpt-5-thinking-pro',
+            'gpt-5',
+            'gpt-5-mini',
+            'o4-mini'
+        ],
         recommended: 'gpt-5.1-codex-max' // Current frontier model with compaction
     },
     gemini: {
         default: undefined, // Uses Gemini CLI's default model (stays current automatically)
-        models: ['gemini-3-pro-preview', 'gemini-2.5-pro', 'gemini-2.5-flash', 'gemini-2.5-flash-lite'],
-        recommended: 'gemini-3-pro-preview' // Current #1 on LMArena
+        models: [
+            'gemini-3-pro',
+            'gemini-2.5-pro',
+            'gemini-2.5-flash',
+            'gemini-2.5-flash-lite'
+        ],
+        recommended: 'gemini-3-pro' // Current #1 on LMArena
     }
 };
 // Security utilities for CLI execution
@@ -72,6 +90,32 @@ function validatePath(path, name) {
         throw new Error(`Invalid ${name}: ${error instanceof Error ? error.message : String(error)}`);
     }
 }
+// Async version of validatePath for use in async contexts
+async function asyncValidatePath(path, name) {
+    if (!path) {
+        throw new Error(`${name} cannot be empty`);
+    }
+    // Check for null bytes
+    if (path.includes('\0')) {
+        throw new Error(`${name} contains null byte`);
+    }
+    // Check for dangerous path traversal patterns
+    if (path.includes('../') || path.includes('..\\') || path.includes('/..') || path.includes('\\..')) {
+        throw new Error(`${name} contains path traversal attempt: ${path}`);
+    }
+    // Check path depth to prevent deeply nested attacks
+    const depth = path.split('/').length - 1;
+    if (depth > MAX_PATH_DEPTH) {
+        throw new Error(`${name} exceeds maximum depth: ${depth} > ${MAX_PATH_DEPTH}`);
+    }
+    // Canonicalize the path (this also validates it exists and resolves symlinks)
+    try {
+        return await fs.realpath(path);
+    }
+    catch (error) {
+        throw new Error(`Invalid ${name}: ${error instanceof Error ? error.message : String(error)}`);
+    }
+}
 // Create secure environment for CLI processes
 function createSecureEnvironment() {
     // Minimal environment whitelist
@@ -319,6 +363,30 @@ async function spawnAsync(command, args, options = {}) {
         }
     });
 }
+const CLI_BUILDER_CONFIGS = {
+    claude: {
+        command: 'claude',
+        defaultArgs: ['--print'],
+        modelArgName: '--model',
+        mpcEnvCleanup: ['CLAUDE_MCP_CONFIG', 'MCP_ENABLED', 'CLAUDECODE', 'CLAUDE_CODE_ENTRYPOINT'],
+        streamingArgs: (opts) => opts.progressToken ? ['--output-format', 'stream-json', '--verbose'] : []
+    },
+    codex: {
+        command: 'codex',
+        defaultArgs: ['exec', '--sandbox', 'read-only'],
+        modelArgName: '--model',
+        jsonFlag: '--json',
+        mpcEnvCleanup: ['CODEX_MCP_CONFIG', 'MCP_ENABLED'],
+        promptWrapper: (sys, user) => `${sys}\n\n${user}\n\nUse your shell tools to read files (cat, ls, find, grep, head, etc.) and analyze the codebase. You ARE allowed to run read-only commands. Explore the directory structure, read relevant source files, and provide a comprehensive brutal analysis based on what you find.`
+    },
+    gemini: {
+        command: 'gemini',
+        defaultArgs: [],
+        modelArgName: '--model',
+        envExtras: { TERM: 'dumb', NO_COLOR: '1', CI: 'true' },
+        mpcEnvCleanup: ['GEMINI_MCP_CONFIG', 'MCP_ENABLED']
+    }
+};
 export class CLIAgentOrchestrator {
     defaultTimeout = 1800000; // 30 minutes - complex codebases need time
     defaultWorkingDir = process.cwd();
@@ -366,50 +434,116 @@ export class CLIAgentOrchestrator {
             return chunk;
         }
     }
+    // Parse NDJSON with proper JSON boundary detection
+    // Handles JSON objects that contain embedded newlines without data loss
+    parseNDJSON(input) {
+        if (!input || !input.trim()) {
+            return [];
+        }
+        const results = [];
+        let depth = 0;
+        let inString = false;
+        let escape = false;
+        let start = 0;
+        for (let i = 0; i < input.length; i++) {
+            const char = input[i];
+            // Handle escape sequences
+            if (escape) {
+                escape = false;
+                continue;
+            }
+            if (char === '\\') {
+                escape = true;
+                continue;
+            }
+            // Track string boundaries
+            if (char === '"') {
+                inString = !inString;
+                continue;
+            }
+            // Only count braces/brackets outside of strings
+            if (inString)
+                continue;
+            // Track depth
+            if (char === '{' || char === '[') {
+                depth++;
+            }
+            else if (char === '}' || char === ']') {
+                depth--;
+                // When depth returns to 0, we've found a complete JSON object
+                if (depth === 0) {
+                    const jsonStr = input.slice(start, i + 1).trim();
+                    if (jsonStr) {
+                        try {
+                            const parsed = JSON.parse(jsonStr);
+                            results.push(parsed);
+                        }
+                        catch (e) {
+                            // Log unparseable segments (not silent)
+                            logger.warn(`Failed to parse JSON segment at position ${start}-${i + 1}:`, {
+                                preview: jsonStr.substring(0, 100),
+                                error: e instanceof Error ? e.message : String(e)
+                            });
+                        }
+                    }
+                    // Move start pointer past this object and any whitespace
+                    start = i + 1;
+                    while (start < input.length && /\s/.test(input[start])) {
+                        start++;
+                    }
+                    i = start - 1; // Will be incremented by loop
+                }
+            }
+        }
+        // Warn about incomplete JSON at end of input
+        if (start < input.length) {
+            const remaining = input.slice(start).trim();
+            if (remaining) {
+                logger.warn(`Incomplete JSON at end of input:`, {
+                    preview: remaining.substring(0, 100)
+                });
+            }
+        }
+        return results;
+    }
     // Decode Claude's stream-json NDJSON output into plain text
     decodeClaudeStreamJson(ndjsonOutput) {
         if (!ndjsonOutput || !ndjsonOutput.trim()) {
             return '';
         }
         const textParts = [];
-        const lines = ndjsonOutput.split('\n');
-        for (const line of lines) {
-            if (!line.trim())
+        const events = this.parseNDJSON(ndjsonOutput);
+        for (const event of events) {
+            if (typeof event !== 'object' || event === null)
                 continue;
-            try {
-                const event = JSON.parse(line);
-                // Handle different event types from Claude's stream-json format
-                if (event.type === 'message' && event.message?.content) {
-                    // Full message event
-                    const content = event.message.content;
-                    if (Array.isArray(content)) {
-                        for (const item of content) {
-                            if (item.type === 'text' && item.text) {
-                                textParts.push(item.text);
-                            }
+            const typedEvent = event;
+            // Handle different event types from Claude's stream-json format
+            if (typedEvent.type === 'message' && typedEvent.message?.content) {
+                // Full message event
+                const content = typedEvent.message.content;
+                if (Array.isArray(content)) {
+                    for (const item of content) {
+                        if (item.type === 'text' && item.text) {
+                            textParts.push(item.text);
                         }
                     }
                 }
-                else if (event.type === 'content_block_delta' && event.delta?.text) {
-                    // Incremental text delta
-                    textParts.push(event.delta.text);
-                }
-                else if (event.type === 'assistant' && event.message?.content) {
-                    // Assistant message format (same as parseClaudeStreamOutput)
-                    const content = event.message.content;
-                    if (Array.isArray(content)) {
-                        for (const item of content) {
-                            if (item.type === 'text' && item.text) {
-                                textParts.push(item.text);
-                            }
+            }
+            else if (typedEvent.type === 'content_block_delta' && typedEvent.delta?.text) {
+                // Incremental text delta
+                textParts.push(typedEvent.delta.text);
+            }
+            else if (typedEvent.type === 'assistant' && typedEvent.message?.content) {
+                // Assistant message format (same as parseClaudeStreamOutput)
+                const content = typedEvent.message.content;
+                if (Array.isArray(content)) {
+                    for (const item of content) {
+                        if (item.type === 'text' && item.text) {
+                            textParts.push(item.text);
                         }
                     }
                 }
             }
-            catch {
-                // Skip invalid JSON lines
-                continue;
-            }
         }
         return textParts.join('');
     }
@@ -420,32 +554,25 @@ export class CLIAgentOrchestrator {
             return '';
         }
         const agentMessages = [];
-        const lines = jsonOutput.split('\n');
-        logger.debug(`extractCodexAgentMessage: processing ${lines.length} lines`);
-        for (const line of lines) {
-            if (!line.trim())
+        const events = this.parseNDJSON(jsonOutput);
+        logger.debug(`extractCodexAgentMessage: processing ${events.length} JSON events`);
+        for (const event of events) {
+            if (typeof event !== 'object' || event === null)
                 continue;
-            try {
-                const event = JSON.parse(line);
-                logger.debug(`extractCodexAgentMessage: parsed event type=${event.type}, item.type=${event.item?.type}`);
-                // Codex --json outputs events with structure: {"type":"item.completed","item":{...}}
-                // Only extract agent_message type - this is the actual response
-                if (event.type === 'item.completed' && event.item) {
-                    if (event.item.type === 'agent_message' && event.item.text) {
-                        // Agent's actual response text
-                        logger.info(`✅ extractCodexAgentMessage: found agent_message with ${event.item.text.length} chars`);
-                        agentMessages.push(event.item.text);
-                    }
-                    // Skip all other types:
-                    // - reasoning: internal thinking steps
-                    // - command_execution: file reads, bash commands
-                    // - error: will be in stderr
+            const typedEvent = event;
+            logger.debug(`extractCodexAgentMessage: parsed event type=${typedEvent.type}, item.type=${typedEvent.item?.type}`);
+            // Codex --json outputs events with structure: {"type":"item.completed","item":{...}}
+            // Only extract agent_message type - this is the actual response
+            if (typedEvent.type === 'item.completed' && typedEvent.item) {
+                if (typedEvent.item.type === 'agent_message' && typedEvent.item.text) {
+                    // Agent's actual response text
+                    logger.info(`✅ extractCodexAgentMessage: found agent_message with ${typedEvent.item.text.length} chars`);
+                    agentMessages.push(typedEvent.item.text);
                 }
-            }
-            catch (e) {
-                // Skip non-JSON lines (config output, prompts, etc.)
-                logger.debug(`extractCodexAgentMessage: failed to parse line: ${line.substring(0, 50)}`);
-                continue;
+                // Skip all other types:
+                // - reasoning: internal thinking steps
+                // - command_execution: file reads, bash commands
+                // - error: will be in stderr
             }
         }
         const result = agentMessages.join('\n\n').trim();
@@ -499,6 +626,49 @@ export class CLIAgentOrchestrator {
             buffer.lastFlush = now;
         }
     }
+    buildCLICommand(cli, userPrompt, systemPrompt, options) {
+        const config = CLI_BUILDER_CONFIGS[cli];
+        // Build args
+        const args = [...config.defaultArgs];
+        const model = options.models?.[cli] || AVAILABLE_MODELS[cli].default;
+        if (model) {
+            args.push(config.modelArgName, model);
+        }
+        if (config.jsonFlag && process.env.CODEX_USE_JSON !== 'false') {
+            args.push(config.jsonFlag);
+        }
+        if (config.streamingArgs) {
+            args.push(...config.streamingArgs(options));
+        }
+        // Build prompt
+        const combinedPrompt = config.promptWrapper
+            ? config.promptWrapper(systemPrompt, userPrompt)
+            : `${systemPrompt}\n\n${userPrompt}`;
+        // Build secure env
+        const secureEnv = createSecureEnvironment();
+        // Add CLI-specific env extras
+        if (config.envExtras) {
+            Object.assign(secureEnv, config.envExtras);
+        }
+        // Add required API key
+        const apiKeyMap = {
+            claude: ['ANTHROPIC_API_KEY'],
+            codex: ['OPENAI_API_KEY'],
+            gemini: ['GOOGLE_API_KEY', 'GEMINI_API_KEY']
+        };
+        for (const key of apiKeyMap[cli]) {
+            if (process.env[key])
+                secureEnv[key] = process.env[key];
+        }
+        // Clean up MPC env vars that could cause deadlock
+        if (config.mpcEnvCleanup) {
+            for (const envVar of config.mpcEnvCleanup) {
+                delete secureEnv[envVar];
+            }
+        }
+        secureEnv.BRUTALIST_SUBPROCESS = '1';
+        return { command: config.command, args, input: combinedPrompt, env: secureEnv };
+    }
     async detectCLIContext() {
         // Return cached context if still valid
         if (this.cliContextCached && Date.now() - this.cliContextCacheTime < this.CLI_CACHE_TTL) {
@@ -694,103 +864,13 @@ export class CLIAgentOrchestrator {
         }
     }
     async executeClaudeCode(userPrompt, systemPromptSpec, options = {}) {
-        return this._executeCLI('claude', userPrompt, systemPromptSpec, options, (userPrompt, systemPromptSpec, options) => {
-            const combinedPrompt = `${systemPromptSpec}\n\n${userPrompt}`;
-            const args = ['--print'];
-            // Enable streaming for real-time progress if progress notifications are enabled
-            if (options.progressToken) {
-                args.push('--output-format', 'stream-json', '--verbose');
-            }
-            // Use provided model or let Claude use its default
-            const model = options.models?.claude || AVAILABLE_MODELS.claude.default;
-            if (model) {
-                args.push('--model', model);
-            }
-            // Use stdin to avoid MAX_ARG_LENGTH limit (4096 chars)
-            // Claude --print can read from stdin when no positional argument is provided
-            // DEFENSIVE: Disable MCP and Claude Code integration to prevent stdio deadlock
-            // When Claude CLI runs with MCP enabled or detects Claude Code context,
-            // it tries to communicate over stdio which conflicts with our stdin/stdout usage
-            const cleanEnv = { ...process.env };
-            delete cleanEnv.CLAUDE_MCP_CONFIG;
-            delete cleanEnv.MCP_ENABLED;
-            delete cleanEnv.CLAUDECODE;
-            delete cleanEnv.CLAUDE_CODE_ENTRYPOINT;
-            return {
-                command: 'claude',
-                args,
-                input: combinedPrompt,
-                env: {
-                    ...cleanEnv,
-                    BRUTALIST_SUBPROCESS: '1' // Mark this as a brutalist-spawned subprocess
-                }
-            };
-        });
+        return this._executeCLI('claude', userPrompt, systemPromptSpec, options, (user, sys, opts) => this.buildCLICommand('claude', user, sys, opts));
     }
     async executeCodex(userPrompt, systemPromptSpec, options = {}) {
-        return this._executeCLI('codex', userPrompt, systemPromptSpec, { ...options }, (userPrompt, systemPromptSpec, options) => {
-            // Instruct Codex to analyze immediately in one shot without waiting for approval
-            const combinedPrompt = `${systemPromptSpec}\n\n${userPrompt}\n\nExecute the complete analysis now in a single response without creating a plan first or waiting for input. Provide your full findings immediately.`;
-            const args = ['exec'];
-            // Use provided model or let Codex use its default
-            const model = options.models?.codex || AVAILABLE_MODELS.codex.default;
-            if (model) {
-                args.push('--model', model);
-            }
-            // OPTIONAL: Use --json flag to get structured output (can be disabled for compatibility)
-            if (process.env.CODEX_USE_JSON !== 'false') {
-                args.push('--json');
-            }
-            // DEFENSIVE: Disable MCP if Codex supports it (currently no known MCP support)
-            // This prevents potential stdio deadlock if Codex adds MCP in the future
-            // Note: Codex CLI doesn't currently have documented MCP config flags
-            // Use stdin for the prompt instead of argv to avoid ARG_MAX limits
-            // Create clean environment without MCP-related variables
-            const cleanEnv = { ...process.env };
-            delete cleanEnv.CODEX_MCP_CONFIG;
-            delete cleanEnv.MCP_ENABLED;
-            return {
-                command: 'codex',
-                args,
-                input: combinedPrompt,
-                env: {
-                    ...cleanEnv,
-                    BRUTALIST_SUBPROCESS: '1' // Mark this as a brutalist-spawned subprocess
-                }
-            };
-        });
+        return this._executeCLI('codex', userPrompt, systemPromptSpec, options, (user, sys, opts) => this.buildCLICommand('codex', user, sys, opts));
     }
     async executeGemini(userPrompt, systemPromptSpec, options = {}) {
-        return this._executeCLI('gemini', userPrompt, systemPromptSpec, { ...options }, (userPrompt, systemPromptSpec, options) => {
-            const args = [];
-            // Use provided model or let Gemini use its default
-            const modelName = options.models?.gemini || AVAILABLE_MODELS.gemini.default;
-            if (modelName) {
-                args.push('--model', modelName);
-            }
-            // DEFENSIVE: Disable MCP if Gemini supports it (currently no known MCP support)
-            // This prevents potential stdio deadlock if Gemini adds MCP in the future
-            // Note: Gemini CLI doesn't currently have documented MCP config flags
-            const combinedPrompt = `${systemPromptSpec}\n\n${userPrompt}`;
-            // Use stdin to avoid MAX_ARG_LENGTH limit (4096 chars)
-            // Gemini CLI can read from stdin instead of positional argument
-            // Create clean environment without MCP-related variables
-            const cleanEnv = { ...process.env };
-            delete cleanEnv.GEMINI_MCP_CONFIG;
-            delete cleanEnv.MCP_ENABLED;
-            return {
-                command: 'gemini',
-                args: args,
-                input: combinedPrompt, // Pass prompt via stdin instead of args
-                env: {
-                    ...cleanEnv,
-                    TERM: 'dumb',
-                    NO_COLOR: '1',
-                    CI: 'true',
-                    BRUTALIST_SUBPROCESS: '1' // Mark this as a brutalist-spawned subprocess
-                }
-            };
-        });
+        return this._executeCLI('gemini', userPrompt, systemPromptSpec, options, (user, sys, opts) => this.buildCLICommand('gemini', user, sys, opts));
     }
     async executeSingleCLI(cli, userPrompt, systemPromptSpec, options = {}) {
         // Wait for available slot to prevent resource exhaustion
@@ -823,28 +903,33 @@ export class CLIAgentOrchestrator {
         }
     }
     async executeCLIAgents(cliAgents, systemPrompt, userPrompt, options = {}) {
-        const responses = [];
-        for (const agent of cliAgents) {
-            if (['claude', 'codex', 'gemini'].includes(agent)) {
-                try {
-                    const response = await this.executeCLIAgent(agent, systemPrompt, userPrompt, options);
-                    responses.push(response);
-                }
-                catch (error) {
-                    responses.push({
-                        agent: agent,
-                        success: false,
-                        output: '',
-                        error: error instanceof Error ? error.message : String(error),
-                        executionTime: 0,
-                        command: `${agent} execution failed`,
-                        workingDirectory: options.workingDirectory || process.cwd(),
-                        exitCode: -1
-                    });
-                }
-            }
+        // Filter to valid CLI agents
+        const validAgents = cliAgents.filter(agent => ['claude', 'codex', 'gemini'].includes(agent));
+        if (validAgents.length === 0) {
+            return [];
         }
-        return responses;
+        // Execute all CLIs in parallel with Promise.allSettled
+        const promises = validAgents.map(async (agent) => {
+            try {
+                return await this.executeCLIAgent(agent, systemPrompt, userPrompt, options);
+            }
+            catch (error) {
+                return {
+                    agent,
+                    success: false,
+                    output: '',
+                    error: error instanceof Error ? error.message : String(error),
+                    executionTime: 0,
+                    command: `${agent} execution failed`,
+                    workingDirectory: options.workingDirectory || process.cwd(),
+                    exitCode: -1
+                };
+            }
+        });
+        const results = await Promise.allSettled(promises);
+        return results
+            .filter((result) => result.status === 'fulfilled')
+            .map(result => result.value);
     }
     async executeCLIAgent(agent, systemPrompt, userPrompt, options = {}) {
         if (!['claude', 'codex', 'gemini'].includes(agent)) {
@@ -854,12 +939,13 @@ export class CLIAgentOrchestrator {
     }
     async executeBrutalistAnalysis(analysisType, primaryContent, systemPromptSpec, context, options = {}) {
         // Only validate filesystem paths for tools that actually operate on files/directories
-        const filesystemTools = ['codebase', 'file_structure', 'dependencies', 'git_history', 'test_coverage'];
+        // NOTE: Must match BrutalistPromptType values (camelCase)
+        const filesystemTools = ['codebase', 'fileStructure', 'dependencies', 'gitHistory', 'testCoverage'];
         logger.debug(`Validation check: analysisType="${analysisType}", isFilesystemTool=${filesystemTools.includes(analysisType)}`);
         try {
             if (filesystemTools.includes(analysisType) && primaryContent && primaryContent.trim() !== '') {
                 logger.debug(`Validating path: "${primaryContent}"`);
-                validatePath(primaryContent, 'targetPath');
+                await asyncValidatePath(primaryContent, 'targetPath');
             }
         }
         catch (error) {
@@ -869,41 +955,43 @@ export class CLIAgentOrchestrator {
         // Validate workingDirectory if provided
         try {
             if (options.workingDirectory) {
-                validatePath(options.workingDirectory, 'workingDirectory');
+                await asyncValidatePath(options.workingDirectory, 'workingDirectory');
             }
         }
         catch (error) {
             throw new Error(`Security validation failed: ${error instanceof Error ? error.message : String(error)}`);
         }
         const userPrompt = this.constructUserPrompt(analysisType, primaryContent, context);
-        // If preferred CLI is specified, use single CLI mode
-        if (options.preferredCLI) {
-            const selectedCLI = this.selectSingleCLI(options.preferredCLI, analysisType // Use the direct parameter, not options.analysisType
-            );
-            logger.info(`✅ Using preferred CLI: ${selectedCLI}`);
-            const response = await this.executeSingleCLI(selectedCLI, userPrompt, systemPromptSpec, options);
-            return [{
-                    ...response,
-                    selectionMethod: 'user-specified',
-                    analysisType
-                }];
-        }
-        // Multi-CLI execution (default behavior)
-        logger.info(`🚀 Executing multi-CLI analysis`);
-        // Use all available CLIs - spawning separate processes is fine
-        let availableCLIs = [...this.cliContext.availableCLIs];
-        logger.info(`📋 Using all available CLIs: ${availableCLIs.join(', ')}`);
-        if (availableCLIs.length === 0) {
+        // Determine which CLIs to use
+        let clisToUse;
+        if (options.clis && options.clis.length > 0) {
+            // User specified which CLIs to use - validate they're available
+            const unavailable = options.clis.filter(cli => !this.cliContext.availableCLIs.includes(cli));
+            if (unavailable.length > 0) {
+                throw new Error(`Requested CLIs not available: ${unavailable.join(', ')}. ` +
+                    `Available: ${this.cliContext.availableCLIs.join(', ')}`);
+            }
+            // Deduplicate
+            clisToUse = [...new Set(options.clis)];
+            logger.info(`🎯 Using user-specified CLIs: ${clisToUse.join(', ')}`);
+        }
+        else {
+            // Default: use all available CLIs
+            clisToUse = [...this.cliContext.availableCLIs];
+            logger.info(`📋 Using all available CLIs: ${clisToUse.join(', ')}`);
+        }
+        if (clisToUse.length === 0) {
             throw new Error('No CLI agents available for analysis');
         }
-        logger.info(`📊 Available CLIs: ${availableCLIs.join(', ')}`);
-        // Execute all available CLIs in parallel with allSettled for better error handling
-        const promises = availableCLIs.map(async (cli) => {
+        const selectionMethod = options.clis ? 'user-specified' : 'all-available';
+        logger.info(`📊 Executing ${clisToUse.length} CLI(s): ${clisToUse.join(', ')} (${selectionMethod})`);
+        // Execute selected CLIs in parallel with allSettled for better error handling
+        const promises = clisToUse.map(async (cli) => {
             try {
                 const response = await this.executeSingleCLI(cli, userPrompt, systemPromptSpec, options);
                 return {
                     ...response,
-                    selectionMethod: 'multi-cli',
+                    selectionMethod,
                     analysisType
                 };
             }
@@ -915,7 +1003,7 @@ export class CLIAgentOrchestrator {
                     output: '',
                     error: error instanceof Error ? error.message : String(error),
                     executionTime: 0,
-                    selectionMethod: 'multi-cli',
+                    selectionMethod,
                     analysisType
                 };
             }
@@ -925,7 +1013,7 @@ export class CLIAgentOrchestrator {
         const responses = results
             .filter(result => result.status === 'fulfilled')
             .map(result => result.value);
-        logger.info(`✅ Multi-CLI analysis complete: ${responses.filter(r => r.success).length}/${responses.length} successful`);
+        logger.info(`✅ CLI analysis complete: ${responses.filter(r => r.success).length}/${responses.length} successful`);
         return responses;
     }
     synthesizeBrutalistFeedback(responses, analysisType) {