@byfriends/agent-core 0.2.5 → 0.3.1

package/dist/index.mjs

@@ -843,17 +843,17 @@ async function loadAgentsMd(kaos, workDir) {
 		return true;
 	};
 	const home = kaos.gethome();
-	await collect(joinPath$2(kaos, home, ".byf", "AGENTS.md"));
-	const genericFiles = [joinPath$2(kaos, home, ".agents")].flatMap((dir) => ["AGENTS.md", "agents.md"].map((name) => joinPath$2(kaos, dir, name)));
+	await collect(joinPath$1(kaos, home, ".byf", "AGENTS.md"));
+	const genericFiles = [joinPath$1(kaos, home, ".agents")].flatMap((dir) => ["AGENTS.md", "agents.md"].map((name) => joinPath$1(kaos, dir, name)));
 	for (const file of genericFiles) if (await collect(file)) break;
 	for (const dir of dirs) {
-		await collect(joinPath$2(kaos, dir, ".byf", "AGENTS.md"));
-		for (const fileName of ["AGENTS.md", "agents.md"]) if (await collect(joinPath$2(kaos, dir, fileName))) break;
+		await collect(joinPath$1(kaos, dir, ".byf", "AGENTS.md"));
+		for (const fileName of ["AGENTS.md", "agents.md"]) if (await collect(joinPath$1(kaos, dir, fileName))) break;
 	}
 	return renderAgentFiles(discovered);
 }
 async function findProjectRoot$1(kaos, workDir) {
-	const path = pathMod$6(kaos);
+	const path = pathMod$5(kaos);
 	const initial = kaos.normpath(workDir);
 	let current = initial;
 	while (true) {
@@ -864,7 +864,7 @@ async function findProjectRoot$1(kaos, workDir) {
 	}
 }
 function dirsRootToLeaf(kaos, workDir, projectRoot) {
-	const path = pathMod$6(kaos);
+	const path = pathMod$5(kaos);
 	const dirs = [];
 	let current = kaos.normpath(workDir);
 	while (true) {
@@ -939,10 +939,10 @@ function byteLength(text) {
 function annotationFor(path) {
 	return `<!-- From: ${path} -->\n`;
 }
-function joinPath$2(kaos, ...parts) {
-	return pathMod$6(kaos).join(...parts);
+function joinPath$1(kaos, ...parts) {
+	return pathMod$5(kaos).join(...parts);
 }
-function pathMod$6(kaos) {
+function pathMod$5(kaos) {
 	return kaos.pathClass() === "win32" ? win32Path : posixPath;
 }
 //#endregion
@@ -1195,7 +1195,7 @@ const PROFILE_SOURCES = {
 	"profile/default/agent.yaml": agent_default$1,
 	"profile/default/coder.yaml": coder_default,
 	"profile/default/explore.yaml": explore_default,
-	"profile/default/system.md": "You are BYF, an AI agent running on the user's computer. Your job is to help\nusers accomplish tasks by taking action — read, write, search, and execute to\nmake real changes on the user's system. Answer questions when asked; otherwise,\nact.\n\nWhen responding, use the same language as the user unless explicitly instructed\notherwise.\n\n{{ ROLE_ADDITIONAL }}\n\n# First Principles\n\nThink from first principles. Strip away assumptions and conventions; every\naction must be traceable to a verifiable fact — the actual file contents,\ncommand output, data, or the user's explicit words. When in doubt, read\nbefore guessing, ask before assuming, verify before claiming.\n\n# Tool Use\n\nUse tools only when the task requires them. If the request can be answered\nwithout reading files, running commands, or searching the web, reply in text\ndirectly. When a request is ambiguous, prefer action — the user can see your\noutput and correct course.\n\nCode that only appears in your text response is NOT saved to the file system\nand will not take effect. To create or modify files, use `Write` or `Edit`.\nTo run commands, use `Bash`.\n\n# Protocol\n\n<system> tags in user or tool messages provide supplementary context. Treat\nthem as background information.\n\n<system-reminder> tags are authoritative directives that override default\nbehavior. They are unrelated to the messages they appear in. Always comply.\n\n# Safety\n\nThe environment is not a sandbox — your actions immediately affect the user's\nsystem.\n\n- Stay within the working directory unless explicitly instructed otherwise.\n- Git operations are destructive and may affect remote repositories. Never\n  execute git mutations unless explicitly asked; confirm each time.\n- Avoid installing or deleting anything outside the working directory. If\n  necessary, ask for confirmation first.\n\n# Working Environment\n\n## Operating System\n\nYou are running on **{{ BYF_OS }}**. The Bash tool executes commands using **{{ BYF_SHELL }}**.\n{% if BYF_OS == \"Windows\" %}\n\nIMPORTANT: You are on Windows. The Bash tool runs through Git Bash, so use Unix shell syntax inside Bash commands — `/dev/null` not `NUL`, and forward slashes in paths. For file operations, always prefer the built-in tools (Read, Write, Edit, Glob, Grep) over Bash commands — they work reliably across all platforms.\n{% endif %}\n\n## Working Directory\n\nThe current working directory is `{{ BYF_WORK_DIR }}`. This should be considered as the project root if you are instructed to perform tasks on the project. Every file system operation will be relative to the working directory if you do not explicitly specify the absolute path. Tools may require absolute paths for some parameters, IF SO, YOU MUST use absolute paths for these parameters.\n{% if BYF_ADDITIONAL_DIRS_INFO %}\n\n## Additional Directories\n\nThe following directories have been added to the workspace. You can read, write, search, and glob files in these directories as part of your workspace scope.\n\n{{ BYF_ADDITIONAL_DIRS_INFO }}\n{% endif %}\n\n# Project Information\n\n`AGENTS.md` files contain project-specific context, styles, and conventions for agents. They may exist at different locations in the project — each file governs its directory and all subdirectories beneath it. Deeper files take precedence over parent files.\n\nIf instructions conflict:\n- `<system-reminder>` directives override all other instructions, including user messages.\n- Safety rules are hard constraints and must never be violated, even if a user message or AGENTS.md says otherwise.\n- Beyond those two, user messages > AGENTS.md > default system instructions.\n\n{% if BYF_AGENTS_MD_TOO_LONG %}\n> ⚠️ The merged AGENTS.md content exceeds 4,000 tokens. Consider compressing project instructions to reduce context usage.\n{% endif %}\n\nThe `AGENTS.md` instructions (merged from all applicable directories):\n\n`````````\n{{ BYF_AGENTS_MD }}\n`````````\n\nIf you modified anything mentioned in `AGENTS.md` files, update the corresponding files to keep them up-to-date.\n\n# Skills\n\nSkills are reusable capabilities. When a skill from the listing matches the user's request, you MUST call the `Skill` tool (not free-form text).\n\n{{ BYF_SKILLS }}\n"
+	"profile/default/system.md": "You are BYF, an AI agent running on the user's computer. Your job is to help\nusers accomplish tasks by taking action — read, write, search, and execute to\nmake real changes on the user's system. Answer questions when asked; otherwise,\nact.\n\nWhen responding, use the same language as the user unless explicitly instructed\notherwise.\n\n{{ ROLE_ADDITIONAL }}\n\n# First Principles\n\nThink from first principles. Strip away assumptions and conventions; every\naction must be traceable to a verifiable fact — the actual file contents,\ncommand output, data, or the user's explicit words. When in doubt, read\nbefore guessing, ask before assuming, verify before claiming.\n\n# Tool Use\n\nUse tools only when the task requires them. If the request can be answered\nwithout reading files, running commands, or searching the web, reply in text\ndirectly. When a request is ambiguous, prefer action — the user can see your\noutput and correct course.\n\nCode that only appears in your text response is NOT saved to the file system\nand will not take effect. To create or modify files, use `Write` or `Edit`.\nTo run commands, use `Bash`.\n\n# Protocol\n\n<system> tags in user or tool messages provide supplementary context. Treat\nthem as background information.\n\n<system-reminder> tags are authoritative directives that override default\nbehavior. They are unrelated to the messages they appear in. Always comply.\n\n# Safety\n\nThe environment is not a sandbox — your actions immediately affect the user's\nsystem.\n\n- Stay within the working directory unless explicitly instructed otherwise.\n- Git operations are destructive and may affect remote repositories. Never\n  execute git mutations unless explicitly asked; confirm each time.\n- Avoid installing or deleting anything outside the working directory. If\n  necessary, ask for confirmation first.\n\n# Project Information\n\n`AGENTS.md` files contain project-specific context, styles, and conventions for agents. They may exist at different locations in the project — each file governs its directory and all subdirectories beneath it. Deeper files take precedence over parent files.\n\nIf instructions conflict:\n- `<system-reminder>` directives override all other instructions, including user messages.\n- Safety rules are hard constraints and must never be violated, even if a user message or AGENTS.md says otherwise.\n- Beyond those two, user messages > AGENTS.md > default system instructions.\n\n{% if BYF_AGENTS_MD_TOO_LONG %}\n> ⚠️ The merged AGENTS.md content exceeds 4,000 tokens. Consider compressing project instructions to reduce context usage.\n{% endif %}\n\nThe `AGENTS.md` instructions (merged from all applicable directories):\n\n`````````\n{{ BYF_AGENTS_MD }}\n`````````\n\nIf you modified anything mentioned in `AGENTS.md` files, update the corresponding files to keep them up-to-date.\n\n# Working Environment\n\n## Operating System\n\nYou are running on **{{ BYF_OS }}**. The Bash tool executes commands using **{{ BYF_SHELL }}**.\n{% if BYF_OS == \"Windows\" %}\n\nIMPORTANT: You are on Windows. The Bash tool runs through Git Bash, so use Unix shell syntax inside Bash commands — `/dev/null` not `NUL`, and forward slashes in paths. For file operations, always prefer the built-in tools (Read, Write, Edit, Glob, Grep) over Bash commands — they work reliably across all platforms.\n{% endif %}\n\n## Working Directory\n\nThe current working directory is `{{ BYF_WORK_DIR }}`. This should be considered as the project root if you are instructed to perform tasks on the project. Every file system operation will be relative to the working directory if you do not explicitly specify the absolute path. Tools may require absolute paths for some parameters, IF SO, YOU MUST use absolute paths for these parameters.\n{% if BYF_ADDITIONAL_DIRS_INFO %}\n\n## Additional Directories\n\nThe following directories have been added to the workspace. You can read, write, search, and glob files in these directories as part of your workspace scope.\n\n{{ BYF_ADDITIONAL_DIRS_INFO }}\n{% endif %}\n\n# Skills\n\nSkills are reusable capabilities. When a skill from the listing matches the user's request, you MUST call the `Skill` tool (not free-form text).\n\n{{ BYF_SKILLS }}\n"
 };
 const DEFAULT_INIT_PROMPT = init_default;
 const DEFAULT_AGENT_PROFILES = loadAgentProfilesFromSources([
@@ -1621,6 +1621,7 @@ var BackgroundProcessManager = class {
 		const kind = opts?.kind;
 		const taskId = generateTaskId(kind ?? "bash");
 		const entry = {
+			kind: "process",
 			taskId,
 			command,
 			description,
@@ -1820,9 +1821,10 @@ var BackgroundProcessManager = class {
 		entry.approvalReason = void 0;
 		entry.stopRequested = true;
 		entry.stopReason = stopReason;
-		try {
+		if (entry.kind === "process") try {
 			await entry.proc.kill("SIGTERM");
 		} catch {}
+		else entry.abort();
 		let graceTimer;
 		const graceful = await Promise.race([entry.lifecyclePromise.then(() => true, () => true), new Promise((resolve) => {
 			graceTimer = setTimeout(() => {
@@ -1834,9 +1836,11 @@ var BackgroundProcessManager = class {
 			await entry.persistWriteQueue;
 			return this.toInfo(entry);
 		}
-		if (!graceful && entry.proc.exitCode === null) try {
-			await entry.proc.kill("SIGKILL");
-		} catch {}
+		if (!graceful) if (entry.kind === "process") {
+			if (entry.proc.exitCode === null) try {
+				await entry.proc.kill("SIGKILL");
+			} catch {}
+		} else entry.abort();
 		if (TERMINAL_STATUSES.has(entry.status)) {
 			await entry.persistWriteQueue;
 			return this.toInfo(entry);
@@ -1894,32 +1898,15 @@ var BackgroundProcessManager = class {
 		else this.assertCanRegister();
 		const taskId = generateTaskId("agent");
 		const entry = {
+			kind: "promise",
 			taskId,
 			command: `[agent] ${description}`,
 			description,
 			timeoutMs: opts.timeoutMs,
+			completion,
+			abort: () => opts.abort?.(),
 			agentId: opts.agentId ?? taskId,
 			subagentType: opts.subagentType ?? "agent",
-			proc: {
-				stdin: {
-					write: () => false,
-					end: () => {}
-				},
-				stdout: {
-					setEncoding: () => {},
-					on: () => {}
-				},
-				stderr: {
-					setEncoding: () => {},
-					on: () => {}
-				},
-				pid: 0,
-				exitCode: null,
-				wait: () => completion.then(() => 0),
-				kill: async () => {
-					opts.abort?.();
-				}
-			},
 			outputChunks: [],
 			outputSizeBytes: 0,
 			status: "running",
@@ -2095,7 +2082,7 @@ var BackgroundProcessManager = class {
 		if (this.sessionDir !== void 0) await removeTask(this.sessionDir, taskId);
 	}
 	/**
-	* Persist the current state of a live ManagedProcess. Called from
+	* Persist the current state of a live TaskEntry. Called from
 	* `register()` and the lifecycle finally block. No-op unless attached.
 	*/
 	persistLive(entry) {
@@ -2105,7 +2092,7 @@ var BackgroundProcessManager = class {
 			task_id: entry.taskId,
 			command: entry.command,
 			description: entry.description,
-			pid: entry.proc.pid,
+			pid: entry.kind === "process" ? entry.proc.pid : 0,
 			started_at: entry.startedAt,
 			ended_at: entry.endedAt,
 			exit_code: entry.exitCode,
@@ -2151,7 +2138,7 @@ var BackgroundProcessManager = class {
 	}
 	observedExitCompletions() {
 		const completions = [];
-		for (const entry of this.processes.values()) if (!TERMINAL_STATUSES.has(entry.status) && entry.proc.exitCode !== null) completions.push(entry.lifecyclePromise);
+		for (const entry of this.processes.values()) if (entry.kind === "process" && !TERMINAL_STATUSES.has(entry.status) && entry.proc.exitCode !== null) completions.push(entry.lifecyclePromise);
 		return completions;
 	}
 	toInfo(entry) {
@@ -2160,7 +2147,7 @@ var BackgroundProcessManager = class {
 			command: entry.command,
 			description: entry.description,
 			status: entry.status,
-			pid: entry.proc.pid,
+			pid: entry.kind === "process" ? entry.proc.pid : null,
 			exitCode: entry.exitCode,
 			startedAt: entry.startedAt,
 			endedAt: entry.endedAt,
@@ -2208,7 +2195,7 @@ function infoToPersisted(info) {
 		task_id: info.taskId,
 		command: info.command,
 		description: info.description,
-		pid: info.pid,
+		pid: info.pid ?? 0,
 		started_at: info.startedAt,
 		ended_at: info.endedAt,
 		exit_code: info.exitCode,
@@ -3045,7 +3032,7 @@ function parseSkillText(options) {
 		throw error;
 	}
 	const frontmatter = parsed.data ?? {};
-	if (!isRecord$1(frontmatter)) throw new SkillParseError(`Frontmatter in ${options.skillMdPath} must be a mapping at the top level`);
+	if (!isRecord$2(frontmatter)) throw new SkillParseError(`Frontmatter in ${options.skillMdPath} must be a mapping at the top level`);
 	const metadata = normalizeMetadata(frontmatter);
 	if (!isSupportedSkillType(metadata.type)) throw new UnsupportedSkillTypeError(metadata.type ?? String(frontmatter["type"]));
 	const name = nonEmptyString$2(metadata.name);
@@ -3158,7 +3145,7 @@ function tokenizeArgs(raw) {
 function nonEmptyString$2(value) {
 	return typeof value === "string" && value.trim() !== "" ? value.trim() : void 0;
 }
-function isRecord$1(value) {
+function isRecord$2(value) {
 	return typeof value === "object" && value !== null && !Array.isArray(value);
 }
 //#endregion
@@ -3605,14 +3592,14 @@ const SENSITIVE_DOT_VARIANT_SUFFIXES = [
 ];
 const SENSITIVE_DOT_VARIANT_SUFFIX_SET = new Set(SENSITIVE_DOT_VARIANT_SUFFIXES);
 const DEFAULT_PATH_CLASS$1 = nativePath.sep === "\\" ? "win32" : "posix";
-function pathMod$5(pathClass) {
+function pathMod$4(pathClass) {
 	return pathClass === "win32" ? win32Path : posixPath;
 }
 function comparable(path, pathClass) {
 	return pathClass === "win32" ? path.toLowerCase() : path;
 }
 function isSensitiveFile(path, pathClass = DEFAULT_PATH_CLASS$1) {
-	const mod = pathMod$5(pathClass);
+	const mod = pathMod$4(pathClass);
 	const comparableName = comparable(mod.basename(path), pathClass);
 	const comparablePath = comparable(path, pathClass);
 	if (ENV_EXEMPTIONS.has(comparableName)) return false;
@@ -3666,7 +3653,7 @@ var PathSecurityError = class extends Error {
 	}
 };
 const DEFAULT_PATH_CLASS = nativePath.sep === "\\" ? "win32" : "posix";
-function pathMod$4(pathClass) {
+function pathMod$3(pathClass) {
 	return pathClass === "win32" ? win32Path : posixPath;
 }
 function comparablePath(path, pathClass) {
@@ -3696,7 +3683,7 @@ function normalizeUserPath(path, pathClass = DEFAULT_PATH_CLASS) {
 function expandUserPath$1(path, homeDir, pathClass) {
 	if (homeDir === void 0) return path;
 	if (path === "~") return homeDir;
-	if (path.startsWith("~/") || pathClass === "win32" && path.startsWith("~\\")) return pathMod$4(pathClass).join(homeDir, path.slice(2));
+	if (path.startsWith("~/") || pathClass === "win32" && path.startsWith("~\\")) return pathMod$3(pathClass).join(homeDir, path.slice(2));
 	return path;
 }
 /**
@@ -3705,7 +3692,7 @@ function expandUserPath$1(path, homeDir, pathClass) {
 */
 function canonicalizePath(path, cwd, pathClass = DEFAULT_PATH_CLASS) {
 	if (path === "") throw new PathSecurityError("PATH_INVALID", path, path, "Path cannot be empty");
-	const mod = pathMod$4(pathClass);
+	const mod = pathMod$3(pathClass);
 	const normalizedPath = normalizeUserPath(path, pathClass);
 	if (pathClass === "win32" && isWin32DriveRelative(normalizedPath)) throw new PathSecurityError("PATH_INVALID", path, normalizedPath, `"${path}" is a drive-relative Windows path. Use an absolute path like C:\\path or a path relative to the working directory.`);
 	if (!mod.isAbsolute(normalizedPath) && !mod.isAbsolute(cwd)) throw new PathSecurityError("PATH_INVALID", path, normalizedPath, `Cannot resolve "${path}" against non-absolute cwd "${cwd}".`);
@@ -3717,7 +3704,7 @@ function canonicalizePath(path, cwd, pathClass = DEFAULT_PATH_CLASS) {
 * on path-component boundaries. Both arguments must already be canonical.
 */
 function isWithinDirectory(candidate, base, pathClass = DEFAULT_PATH_CLASS) {
-	const mod = pathMod$4(pathClass);
+	const mod = pathMod$3(pathClass);
 	const comparableCandidate = comparablePath(candidate, pathClass);
 	const comparableBase = comparablePath(base, pathClass);
 	if (comparableCandidate === comparableBase) return true;
@@ -3743,7 +3730,7 @@ function relativeOutsideMessage(path, operation) {
 }
 function resolvePathAccess(path, cwd, config, options) {
 	const pathClass = options.pathClass ?? DEFAULT_PATH_CLASS;
-	const mod = pathMod$4(pathClass);
+	const mod = pathMod$3(pathClass);
 	const expandedPath = expandUserPath$1(normalizeUserPath(path, pathClass), options.homeDir, pathClass);
 	const rawIsAbsolute = mod.isAbsolute(expandedPath);
 	const canonical = canonicalizePath(expandedPath, cwd, pathClass);
@@ -3898,11 +3885,11 @@ var EditTool = class {
 		}
 	}
 };
-async function collectEntries$1(kaos, dirPath, maxWidth, pathClass) {
+async function collectEntries(kaos, dirPath, maxWidth, pathClass) {
 	const all = [];
 	try {
 		for await (const fullPath of kaos.iterdir(dirPath)) {
-			const name = basename$2(fullPath, pathClass);
+			const name = basename$1(fullPath, pathClass);
 			let isDir = false;
 			try {
 				isDir = ((await kaos.stat(fullPath)).stMode & 61440) === 16384;
@@ -3929,11 +3916,11 @@ async function collectEntries$1(kaos, dirPath, maxWidth, pathClass) {
 		readable: true
 	};
 }
-function pathMod$3(pathClass) {
+function pathMod$2(pathClass) {
 	return pathClass === "win32" ? win32Path : posixPath;
 }
-function basename$2(p, pathClass) {
-	return pathMod$3(pathClass).basename(p);
+function basename$1(p, pathClass) {
+	return pathMod$2(pathClass).basename(p);
 }
 /**
 * Return a 2-level tree listing of `workDir` suitable for inclusion in a
@@ -3943,7 +3930,7 @@ function basename$2(p, pathClass) {
 async function listDirectory(kaos, workDir) {
 	const lines = [];
 	const pathClass = kaos.pathClass();
-	const { entries, total, readable } = await collectEntries$1(kaos, workDir, 30, pathClass);
+	const { entries, total, readable } = await collectEntries(kaos, workDir, 30, pathClass);
 	if (!readable) return "[not readable]";
 	const remaining = total - entries.length;
 	for (let i = 0; i < entries.length; i++) {
@@ -3955,7 +3942,7 @@ async function listDirectory(kaos, workDir) {
 		if (isDir) {
 			lines.push(`${connector}${name}/`);
 			const childPrefix = isLast ? "    " : "│   ";
-			const child = await collectEntries$1(kaos, joinPath$1(workDir, name, pathClass), 10, pathClass);
+			const child = await collectEntries(kaos, joinPath(workDir, name, pathClass), 10, pathClass);
 			if (!child.readable) {
 				lines.push(`${childPrefix}└── [not readable]`);
 				continue;
@@ -3974,17 +3961,17 @@ async function listDirectory(kaos, workDir) {
 	if (remaining > 0) lines.push(`└── ... and ${String(remaining)} more entries`);
 	return lines.length > 0 ? lines.join("\n") : "(empty directory)";
 }
-function joinPath$1(parent, child, pathClass) {
-	return pathMod$3(pathClass).join(parent, child);
+function joinPath(parent, child, pathClass) {
+	return pathMod$2(pathClass).join(parent, child);
 }
 //#endregion
 //#region src/tools/builtin/file/glob.md
-var glob_default = "Find files (and optionally directories) by glob pattern, sorted by modification time (most recent first).\n\nGood patterns:\n- `*.ts` — files in the current directory matching an extension\n- `src/**/*.ts` — recursive with a subdirectory anchor and extension\n- `test_*.py` — files whose name starts with a literal prefix\n\nRejected patterns (no literal anchor):\n- `**`, `**/*`, `*/*` — pure wildcards. Add an extension or subdirectory to give the walk a concrete target.\n- Anything starting with `**/` (e.g. `**/*.md`, `**/main/*.py`). Anchor it with a top-level subdirectory like `src/**/*.md`.\n- `*.{ts,tsx}` — brace expansion is not supported. Issue two calls: `*.ts` and `*.tsx`.\n\nLarge-directory warning — avoid recursing into dependency/build output even with an anchor:\n- `node_modules/**/*.js`, `.venv/**/*.py`, `__pycache__/**`, `target/**` match technically but typically produce thousands of results that truncate at the match cap. Prefer specific subpaths like `node_modules/react/src/**/*.js`.\n";
+var glob_default = "Find files (and optionally directories) by glob pattern, sorted by modification time (most recent first).\n\nREJECTED patterns (no literal anchor — will be rejected):\n- **Pure wildcards**: `**`, `**/*`, `*/*` — no literal anchor bounds the result. Add an extension or subdirectory to give the walk a concrete target.\n- **`**/` prefix**: Anything starting with `**/` (e.g. `**/*.py`, `**/main/*.ts`). The leading `**/` has no literal anchor in front of it. Anchor it with a top-level subdirectory like `src/**/*.ts`.\n- **Brace expansion**: `*.{ts,tsx}` is not supported. Split it into separate calls: `*.ts` and `*.tsx`.\n\nGood patterns:\n- `*.ts` — files in the current directory matching an extension\n- `src/**/*.ts` — recursive with a subdirectory anchor and extension\n- `test_*.py` — files whose name starts with a literal prefix\n\nLarge-directory warning — avoid recursing into dependency/build output even with an anchor:\n- `node_modules/**/*.js`, `.venv/**/*.py`, `__pycache__/**`, `target/**` match technically but typically produce thousands of results that truncate at the match cap. Prefer specific subpaths like `node_modules/react/src/**/*.js`.\n\nWhen you need to search the entire project, first use Glob to explore the top-level directory structure, then use an anchored pattern like `src/**/*.ts` or `packages/**/*.ts` to narrow the search.\n";
 //#endregion
 //#region src/tools/builtin/file/glob.ts
 const GlobInputSchema = z.object({
-	pattern: z.string().describe("Glob pattern to match files/directories."),
-	path: z.string().optional().describe("Absolute path to the directory to search in. Defaults to the current working directory."),
+	pattern: z.string().describe("Glob pattern to match files/directories. IMPORTANT: pattern MUST contain a literal anchor like a file extension (.ts) or a subdirectory name (src/). Patterns starting with **/ (e.g. **/*.py, **/main/*.ts), pure wildcards (**, **/*, */*, *), and brace expansion (*.{ts,tsx}) are REJECTED. Example: src/**/*.ts searches all .ts files under src/."),
+	path: z.string().optional().describe("Absolute path to the directory to search in. Defaults to the current working directory. Explicit absolute paths outside the workspace are allowed (e.g. to search a dependency installed elsewhere); relative paths are resolved against the working directory and rejected if they escape it."),
 	include_dirs: z.boolean().default(true).optional().describe("Whether to include directories in results. Defaults to true. Set false to return only files.")
 });
 const MAX_MATCHES = 1e3;
@@ -4026,7 +4013,7 @@ var GlobTool = class {
 			workspace: this.workspace,
 			operation: "search",
 			policy: {
-				guardMode: "strict",
+				guardMode: "absolute-outside-allowed",
 				checkSensitive: false
 			}
 		});
@@ -4060,7 +4047,7 @@ var GlobTool = class {
 			}
 			return {
 				isError: true,
-				output: `Pattern "${args.pattern}" is a pure wildcard (only \`*\`, \`?\`, \`**\`, \`/\`) and would enumerate every file under the search root — with no literal anchor to bound the result set, this typically exhausts your context on large trees. Add an extension ("${args.pattern === "**" || args.pattern === "**/*" ? "**/*.ts" : "**/*.md"}") or a subdirectory ("src/**/*.ts") to constrain the walk.\n\nAllowed roots for explicit path searches:\n${rootList}\n\nTop of ${this.workspace.workspaceDir}:\n${tree}`
+				output: `Pattern "${args.pattern}" is a pure wildcard (only \`*\`, \`?\`, \`**\`, \`/\`) and would enumerate every file under the search root — with no literal anchor to bound the result set, this typically exhausts your context on large trees. Add an extension ("${args.pattern === "**" || args.pattern === "**/*" ? "**/*.ts" : "**/*.md"}") or a subdirectory ("src/**/*.ts") to constrain the walk.\n\nWorkspace roots:\n${rootList}\n\nTop of ${this.workspace.workspaceDir}:\n${tree}`
 			};
 		}
 		if (containsBraceExpansion(args.pattern)) return {
@@ -4088,6 +4075,8 @@ var GlobTool = class {
 		try {
 			const seen = /* @__PURE__ */ new Set();
 			const entries = [];
+			const pathClass = this.kaos.pathClass();
+			const filteredSensitive = [];
 			const YIELD_SAFETY_CAP = MAX_MATCHES * 2;
 			let yielded = 0;
 			let truncated = false;
@@ -4103,6 +4092,10 @@ var GlobTool = class {
 					break outer;
 				}
 				seen.add(filePath);
+				if (isSensitiveFile(filePath, pathClass)) {
+					filteredSensitive.push(filePath);
+					continue;
+				}
 				let mtime = 0;
 				let isDir = false;
 				try {
@@ -4118,10 +4111,10 @@ var GlobTool = class {
 			}
 			entries.sort((a, b) => b.mtime - a.mtime);
 			const paths = entries.map((e) => e.path);
-			const pathClass = this.kaos.pathClass();
 			const relBase = searchRoots[0] ?? this.workspace.workspaceDir;
 			const displayLines = paths.map((p) => relativizeIfUnder$1(p, relBase, pathClass));
-			if (entries.length === 0 && !truncated) return { output: "No matches found" };
+			const filteredSome = filteredSensitive.length > 0;
+			if (entries.length === 0 && !truncated) return { output: filteredSome ? `No non-sensitive matches found (filtered ${String(filteredSensitive.length)} sensitive file(s))` : "No matches found" };
 			const lines = [];
 			if (truncated) {
 				lines.push(`[Truncated at ${String(MAX_MATCHES)} matches — use a more specific pattern]`);
@@ -4129,6 +4122,10 @@ var GlobTool = class {
 			}
 			lines.push(...displayLines);
 			if (!truncated && entries.length === 1e3) lines.push(`Found ${String(entries.length)} matches`);
+			if (filteredSome) {
+				const displayedFiltered = filteredSensitive.map((p) => relativizeIfUnder$1(p, relBase, pathClass));
+				lines.push(`Filtered ${String(filteredSensitive.length)} sensitive file(s): ${displayedFiltered.join(", ")}`);
+			}
 			return { output: lines.join("\n") };
 		} catch (error) {
 			if (error !== null && typeof error === "object" && "code" in error) {
@@ -5955,7 +5952,7 @@ var write_default = "Overwrite or append to a file with content exactly as provi
 const S_IFMT$2 = 61440;
 /** File-type bits of a directory. */
 const S_IFDIR$1 = 16384;
-function pathMod$2(pathClass) {
+function pathMod$1(pathClass) {
 	return pathClass === "win32" ? win32Path : posixPath;
 }
 const WriteInputSchema = z.object({
@@ -6022,7 +6019,7 @@ var WriteTool = class {
 	* skipped and the write proceeds, surfacing the real I/O error if any.
 	*/
 	async checkParentDirectory(safePath) {
-		const parent = pathMod$2(this.kaos.pathClass()).dirname(safePath);
+		const parent = pathMod$1(this.kaos.pathClass()).dirname(safePath);
 		let stat;
 		try {
 			stat = await this.kaos.stat(parent);
@@ -6325,7 +6322,7 @@ function rewriteWindowsNullRedirect$1(command) {
 }
 //#endregion
 //#region src/tools/builtin/state/todo-list.md
-var todo_list_default = "Use this tool to maintain a structured TODO list as you work through a multi-step task.\n\nUse for multi-step tasks, tracking investigation progress, or planning a sequence of edits. Do not use for single-shot answers or trivial requests.\n\n**Avoid churn:**\n- Do not re-call this tool when nothing meaningful has changed since the last call — update the list only after real progress.\n- When unsure of the current state, call query mode first (omit `todos`) to check the list before deciding what to update.\n- If no available tool can move any task forward, tell the user where you are stuck instead of repeatedly re-ordering the same todos.\n\n**How to use:**\n- Call with `todos: [...]` to replace the full list. Statuses: pending / in_progress / done.\n- Call with no arguments to query the current list.\n- Call with `todos: []` to clear the list.\n- Keep titles short and actionable.\n- Update statuses as you make progress — mark one item in_progress at a time.\n";
+var todo_list_default = "Use this tool to maintain a structured TODO list as you work through a multi-step task.\n\nUse for multi-step tasks, tracking investigation progress, or planning a sequence of edits. Do not use for single-shot answers or trivial requests.\n\n**Update discipline:**\n- Update status immediately when you start or complete a subtask: mark it `in_progress` when you begin working on it, and `done` when finished.\n- Do not skip the `in_progress` state — the user should always see what you are currently working on.\n- Avoid redundant calls: do not re-call this tool when nothing meaningful has changed since the last call.\n- When unsure of the current state, call query mode first (omit `todos`) to check the list before deciding what to update.\n- If no available tool can move any task forward, tell the user where you are stuck instead of repeatedly re-ordering the same todos.\n\n**How to use:**\n- Call with `todos: [...]` to replace the full list. Statuses: pending / in_progress / done.\n- Call with no arguments to query the current list.\n- Call with `todos: []` to clear the list.\n- Keep titles short and actionable.\n- Update statuses as you make progress — mark one item in_progress at a time.\n";
 //#endregion
 //#region src/tools/builtin/state/todo-list.ts
 /**
@@ -6935,8 +6932,14 @@ function project(history, ephemeralInjections) {
 		if (isBlockedUserPrompt(message)) return false;
 		return !isTranscriptOnlyHookResult(message) && message.partial !== true && !(message.role === "assistant" && message.content.length === 0 && message.toolCalls.length === 0);
 	}));
-	const injectionMessages = ephemeralInjections?.map((injection) => renderInjection(injection));
-	return injectionMessages ? [...injectionMessages, ...merged] : merged;
+	if (!ephemeralInjections?.length) return merged;
+	const afterSystemMsgs = ephemeralInjections.filter((injection) => !injection.position || injection.position === "after_system").map((injection) => renderInjection(injection));
+	const beforeUserMsgs = ephemeralInjections.filter((injection) => injection.position === "before_user").map((injection) => renderInjection(injection));
+	return [
+		...afterSystemMsgs,
+		...merged,
+		...beforeUserMsgs
+	];
 }
 function isTranscriptOnlyHookResult(message) {
 	return message.origin?.kind === "hook_result" && TRANSCRIPT_ONLY_HOOK_RESULT_EVENTS.has(message.origin.event ?? "");
@@ -7926,7 +7929,15 @@ var ContextMemory = class {
 		return this._history;
 	}
 	get messages() {
-		return project(this.history);
+		return this.getMessages();
+	}
+	/**
+	* Project history into provider-ready messages, optionally with
+	* ephemeral injections (e.g. timestamp, permission mode) appended
+	* at the `'before_user'` position.
+	*/
+	getMessages(ephemeral) {
+		return project(this.history, ephemeral);
 	}
 	applyObservationMasking(config) {
 		const effectiveConfig = config ?? DEFAULT_MASKING_CONFIG;
@@ -8210,7 +8221,7 @@ const OptionalStringSchema = z.preprocess((value) => {
 	if (typeof value === "string") return value;
 	if (typeof value === "number" || typeof value === "boolean" || typeof value === "bigint") return String(value);
 }, z.string().optional());
-const HookSpecificOutputSchema = z.preprocess((value) => isRecord(value) ? value : void 0, z.looseObject({
+const HookSpecificOutputSchema = z.preprocess((value) => isRecord$1(value) ? value : void 0, z.looseObject({
 	message: OptionalStringSchema,
 	permissionDecision: z.unknown().optional(),
 	permissionDecisionReason: OptionalStringSchema
@@ -8370,7 +8381,7 @@ function tryKillProcess(child, signal) {
 		} catch {}
 	}
 }
-function isRecord(value) {
+function isRecord$1(value) {
 	return typeof value === "object" && value !== null && !Array.isArray(value);
 }
 function errorMessage(error) {
@@ -8587,146 +8598,55 @@ var DynamicInjector = class {
 	}
 };
 //#endregion
-//#region src/agent/injection/directory-tree.ts
-const EXCLUDED_DIRS = new Set([
-	"node_modules",
-	".git",
-	"dist",
-	"build",
-	".next",
-	".nuxt",
-	".vite",
-	"target",
-	".turbo",
-	"coverage",
-	".cache",
-	".DS_Store",
-	".idea",
-	".vscode",
-	"venv",
-	".venv"
-]);
-const HIDDEN_DIR_WHITELIST = new Set([
-	".github",
-	".byf",
-	".agents",
-	".changeset",
-	".husky"
-]);
-var DirectoryTreeInjector = class extends DynamicInjector {
-	injectionVariant = "directory_tree";
-	lastTree;
-	hasInjected = false;
-	capturedTimestamp;
-	async getInjection() {
-		const kaos = this.agent.runtime.kaos;
-		const workDir = this.agent.config.cwd || kaos.getcwd();
-		const tree = await buildTree(kaos, workDir);
-		if (this.hasInjected && tree === this.lastTree) return;
-		this.lastTree = tree;
-		this.hasInjected = true;
-		if (this.capturedTimestamp === void 0) this.capturedTimestamp = (/* @__PURE__ */ new Date()).toISOString();
-		return `Current working directory structure (${workDir}):\n${tree}\n\nThe current date and time in ISO format is \`${this.capturedTimestamp}\`. This is only a reference for you when searching the web or checking file modification time, etc. If you need the exact time, use Bash tool with proper command.`;
-	}
-};
-async function buildTree(kaos, workDir) {
-	const lines = [];
-	const pathClass = kaos.pathClass();
-	const { entries, total, readable } = await collectEntries(kaos, workDir, 30, pathClass);
-	if (!readable) return "[not readable]";
-	const remaining = total - entries.length;
-	for (let i = 0; i < entries.length; i++) {
-		const entry = entries[i];
-		if (entry === void 0) continue;
-		const { name, isDir } = entry;
-		const isLast = i === entries.length - 1 && remaining === 0;
-		const connector = isLast ? "└── " : "├── ";
-		if (isDir) {
-			lines.push(`${connector}${name}/`);
-			const childPrefix = isLast ? "    " : "│   ";
-			const child = await collectEntries(kaos, joinPath(workDir, name, pathClass), 10, pathClass);
-			if (!child.readable) {
-				lines.push(`${childPrefix}└── [not readable]`);
-				continue;
-			}
-			const childRemaining = child.total - child.entries.length;
-			for (let j = 0; j < child.entries.length; j++) {
-				const ce = child.entries[j];
-				if (ce === void 0) continue;
-				const cConnector = j === child.entries.length - 1 && childRemaining === 0 ? "└── " : "├── ";
-				const suffix = ce.isDir ? "/" : "";
-				lines.push(`${childPrefix}${cConnector}${ce.name}${suffix}`);
-			}
-			if (childRemaining > 0) lines.push(`${childPrefix}└── ... and ${String(childRemaining)} more`);
-		} else lines.push(`${connector}${name}`);
-	}
-	if (remaining > 0) lines.push(`└── ... and ${String(remaining)} more entries`);
-	return lines.length > 0 ? lines.join("\n") : "(empty directory)";
-}
-async function collectEntries(kaos, dirPath, maxWidth, pathClass) {
-	const all = [];
-	try {
-		for await (const fullPath of kaos.iterdir(dirPath)) {
-			const name = basename$1(fullPath, pathClass);
-			if (shouldExclude(name)) continue;
-			let isDir = false;
-			try {
-				isDir = ((await kaos.stat(fullPath)).stMode & 61440) === 16384;
-			} catch {}
-			all.push({
-				name,
-				isDir
-			});
-		}
-	} catch {
-		return {
-			entries: [],
-			total: 0,
-			readable: false
-		};
-	}
-	all.sort((a, b) => {
-		if (a.isDir !== b.isDir) return a.isDir ? -1 : 1;
-		return a.name.localeCompare(b.name);
-	});
-	return {
-		entries: all.slice(0, maxWidth),
-		total: all.length,
-		readable: true
-	};
-}
-function shouldExclude(name) {
-	if (EXCLUDED_DIRS.has(name)) return true;
-	if (name.startsWith(".") && !HIDDEN_DIR_WHITELIST.has(name)) return true;
-	return false;
-}
-function pathMod$1(pathClass) {
-	return pathClass === "win32" ? win32Path : posixPath;
-}
-function basename$1(p, pathClass) {
-	return pathMod$1(pathClass).basename(p);
-}
-function joinPath(parent, child, pathClass) {
-	return pathMod$1(pathClass).join(parent, child);
-}
-//#endregion
 //#region src/agent/injection/permission-mode.ts
-const AUTO_MODE_ENTER_REMINDER = [
+const AUTO_MODE_REMINDER = [
 	"Auto permission mode is active. Tool approvals will be handled automatically while this mode remains enabled.",
 	"  - Continue normally without pausing for approval prompts.",
 	"  - Do NOT call AskUserQuestion while auto mode is active. Make a reasonable decision and continue without asking the user."
 ].join("\n");
-const AUTO_MODE_EXIT_REMINDER = ["Auto permission mode is no longer active. Tool approvals and permission checks are back to the current mode.", "  - Continue normally, but expect approval prompts or denials when a tool requires them."].join("\n");
+/**
+* Ephemeral injector for permission mode state.
+*
+* Emits the current permission mode as an ephemeral injection placed at
+* the `'before_user'` position. Unlike the previous persistent approach
+* (which recorded transition events into history), the ephemeral approach
+* always reflects the current state — surviving compaction and avoiding
+* history pollution.
+*
+* Only auto mode produces an injection; in all other modes the absence
+* of a reminder signals that normal approval prompts apply.
+*/
 var PermissionModeInjector = class extends DynamicInjector {
 	injectionVariant = "permission_mode";
-	lastMode;
-	getInjection() {
-		const mode = this.agent.permission.mode;
-		const previousMode = this.lastMode;
-		if (mode === previousMode) return void 0;
-		this.lastMode = mode;
-		if (mode === "auto") return AUTO_MODE_ENTER_REMINDER;
-		if (previousMode === "auto") return AUTO_MODE_EXIT_REMINDER;
+	getInjection() {}
+	getEphemeral() {
+		if (this.agent.permission.mode !== "auto") return [];
+		return [{
+			kind: "system_reminder",
+			content: AUTO_MODE_REMINDER,
+			position: "before_user"
+		}];
+	}
+};
+//#endregion
+//#region src/agent/injection/timestamp.ts
+/**
+* Ephemeral injector that provides the current timestamp at request time.
+*
+* The timestamp is rendered fresh on every step (not frozen) and placed
+* at the `'before_user'` position so it never breaks the cached prefix.
+* This aligns with the prompt-cache best practice of keeping per-request
+* dynamic content out of the cacheable system-prompt blocks.
+*/
+var TimestampInjector = class extends DynamicInjector {
+	injectionVariant = "timestamp";
+	getInjection() {}
+	getEphemeral() {
+		return [{
+			kind: "system_reminder",
+			content: `The current date and time in ISO format is \`${(/* @__PURE__ */ new Date()).toISOString()}\`. This is only a reference for you when searching the web or checking file modification time, etc. If you need the exact time, use Bash tool with proper command.`,
+			position: "before_user"
+		}];
 	}
 };
 //#endregion
@@ -8736,11 +8656,20 @@ var InjectionManager = class {
 	injectors;
 	constructor(agent) {
 		this.agent = agent;
-		this.injectors = [new PermissionModeInjector(agent), new DirectoryTreeInjector(agent)];
+		this.injectors = [new PermissionModeInjector(agent), new TimestampInjector(agent)];
 	}
 	async inject() {
 		for (const injector of this.injectors) await injector.inject();
 	}
+	getEphemeralInjections() {
+		return this.injectors.flatMap((injector) => {
+			try {
+				return injector.getEphemeral?.() ?? [];
+			} catch {
+				return [];
+			}
+		});
+	}
 	onContextClear() {
 		for (const injector of this.injectors) injector.onContextClear();
 	}
@@ -11557,8 +11486,7 @@ var AgentRecords = class {
 			tools: "tools",
 			usage: "usage",
 			background: "background",
-			full_compaction: "fullCompaction",
-			plan_mode: "planMode"
+			full_compaction: "fullCompaction"
 		}[recordType.split(".")[0]] ?? null;
 	}
 	async replay() {
@@ -13603,8 +13531,8 @@ var ToolManager = class {
 		return (input) => withProviderRequestAuth(resolveAuth, (auth) => uploadVideo(input, { auth }));
 	}
 	get loopTools() {
-		const builtinNames = [...this.builtinTools.keys()].filter((name) => this.enabledTools.has(name)).sort();
-		const userNames = [...this.userTools.keys()].filter((name) => this.enabledTools.has(name)).sort();
+		const builtinNames = [...this.builtinTools.keys()].filter((name) => this.enabledTools.has(name)).toSorted();
+		const userNames = [...this.userTools.keys()].filter((name) => this.enabledTools.has(name)).toSorted();
 		const mcpNames = [...this.mcpTools.keys()].filter((name) => this.isMcpToolEnabled(name));
 		return [
 			...builtinNames.map((name) => this.builtinTools.get(name)),
@@ -13718,20 +13646,25 @@ const CACHE_BOUNDARY_MARKER = "__CACHE_BOUNDARY__";
 *
 * These headers mark natural breaks in the system prompt where cache boundaries should be placed:
 * - "# Project Information" marks the start of project-specific content
+* - "# Working Environment" marks the start of session-specific environment (OS, working directory)
 * - "# Skills" marks the start of session-specific skills listing
 */
-const IMPLICIT_BOUNDARY_HEADERS = ["# Project Information", "# Skills"];
+const IMPLICIT_BOUNDARY_HEADERS = [
+	"# Project Information",
+	"# Working Environment",
+	"# Skills"
+];
 /**
 * Block names by position.
 *
 * - First block (before first marker): 'base'
 * - Last block (after last marker): 'sessionContext'
-* - Intermediate blocks: Sequential names from 'projectInstructions', 'skillsListing', etc.
+* - Intermediate blocks: Sequential names from 'projectInstructions', 'workingEnvironment', etc.
 */
 const BLOCK_NAMES = [
 	"base",
 	"projectInstructions",
-	"skillsListing",
+	"workingEnvironment",
 	"sessionContext"
 ];
 /**
@@ -13775,7 +13708,7 @@ function findImplicitBoundaries(prompt) {
 		const index = prompt.indexOf(header);
 		if (index !== -1) boundaries.push(index);
 	}
-	return boundaries.sort((a, b) => a - b);
+	return boundaries.toSorted((a, b) => a - b);
 }
 /**
 * Split prompt by implicit boundaries into blocks.
@@ -14555,8 +14488,8 @@ var TurnFlow = class {
 						completionBudgetConfig
 					}),
 					buildMessages: () => {
-						const messages = this.agent.context.messages;
-						return applyCacheStaking(messages, { previousTurnMessageCount: this._previousTurnMessageCount });
+						const ephemeral = this.agent.injection.getEphemeralInjections();
+						return applyCacheStaking(this.agent.context.getMessages(ephemeral), { previousTurnMessageCount: this._previousTurnMessageCount });
 					},
 					dispatchEvent: this.buildDispatchEvent(turnId),
 					tools: this.agent.tools.loopTools,
@@ -15200,15 +15133,6 @@ var Agent = class {
 			getModel: () => {
 				return this.config.modelAlias ?? "";
 			},
-			enterPlan: async () => {
-				throw new ByfError(ErrorCodes.NOT_IMPLEMENTED, "Plan mode has been removed");
-			},
-			cancelPlan: async () => {
-				throw new ByfError(ErrorCodes.NOT_IMPLEMENTED, "Plan mode has been removed");
-			},
-			clearPlan: async () => {
-				throw new ByfError(ErrorCodes.NOT_IMPLEMENTED, "Plan mode has been removed");
-			},
 			beginCompaction: (payload) => {
 				this.fullCompaction.begin({
 					source: "manual",
@@ -15243,7 +15167,6 @@ var Agent = class {
 			getContext: () => this.context.data(),
 			getConfig: () => this.config.data(),
 			getPermission: () => this.permission.data(),
-			getPlan: async () => null,
 			getUsage: () => this.usage.data(),
 			getTools: () => this.tools.data(),
 			getBackground: (payload) => this.background.list(payload.activeOnly ?? false, payload.limit)
@@ -15376,6 +15299,21 @@ function proxyWithExtraPayload(methods, extraPayload) {
 		}, ...args);
 	} });
 }
+/** The Zod `z.enum` literal inferred from registry keys. */
+const PROVIDER_TYPE_VALUES = Object.keys({
+	exa: { defaultBaseUrl: "https://api.exa.ai/search" },
+	brave: { defaultBaseUrl: "https://api.search.brave.com/res/v1/web/search" },
+	firecrawl: { defaultBaseUrl: "https://api.firecrawl.dev/v2/search" }
+});
+const providerClassMap = /* @__PURE__ */ new Map();
+function registerProvider(type, cls) {
+	providerClassMap.set(type, cls);
+}
+function createProvider$1(type, options) {
+	const cls = providerClassMap.get(type);
+	if (cls === void 0) throw new Error(`WebSearch provider type "${type}" is not registered. Did you import the provider module?`);
+	return new cls(options);
+}
 //#endregion
 //#region src/config/schema.ts
 const ProviderTypeSchema = z.enum([
@@ -15475,9 +15413,18 @@ const ByfServiceConfigSchema = z.object({
 	oauth: OAuthRefSchema.optional(),
 	customHeaders: StringRecordSchema.optional()
 });
+/** Provider type enum derived from webSearchProviderRegistry keys. */
+const WebSearchProviderTypeSchema = z.enum(PROVIDER_TYPE_VALUES);
+const WebSearchProviderConfigSchema = z.object({
+	type: WebSearchProviderTypeSchema,
+	apiKeys: z.array(z.string().min(1)).nonempty(),
+	baseUrl: z.string().optional(),
+	priority: z.number().int().positive()
+});
+const WebSearchConfigSchema = z.object({ providers: z.array(WebSearchProviderConfigSchema).nonempty() });
 const ServicesConfigSchema = z.object({
-	byfSearch: ByfServiceConfigSchema.optional(),
-	byfFetch: ByfServiceConfigSchema.optional()
+	webSearch: WebSearchConfigSchema.optional(),
+	fetchUrl: ByfServiceConfigSchema.optional()
 });
 const McpServerCommonFields = {
 	enabled: z.boolean().optional(),
@@ -15543,8 +15490,8 @@ const LoopControlPatchSchema = LoopControlSchema.partial();
 const BackgroundConfigPatchSchema = BackgroundConfigSchema.partial();
 const ByfServiceConfigPatchSchema = ByfServiceConfigSchema.partial();
 const ServicesConfigPatchSchema = z.object({
-	byfSearch: ByfServiceConfigPatchSchema.optional(),
-	byfFetch: ByfServiceConfigPatchSchema.optional()
+	webSearch: WebSearchConfigSchema.optional(),
+	fetchUrl: ByfServiceConfigPatchSchema.optional()
 });
 const ByfConfigPatchSchema = z.object({
 	providers: z.record(z.string(), ProviderConfigPatchSchema).optional(),
@@ -15792,10 +15739,15 @@ function transformServiceData(data) {
 		const targetKey = snakeToCamel(key);
 		if (targetKey === "oauth") out[targetKey] = isPlainObject(value) ? transformPlainObject(value) : value;
 		else if (targetKey === "customHeaders") out[targetKey] = cloneObjectValue(value);
+		else if (Array.isArray(value)) out[targetKey] = value.map((item) => isPlainObject(item) ? transformRecord(item, identity, snakeToCamel) : item);
+		else if (isPlainObject(value)) out[targetKey] = transformPlainObject(value);
 		else out[targetKey] = value;
 	}
 	return out;
 }
+function identity(v) {
+	return v;
+}
 function transformLoopControlData(data) {
 	const out = transformPlainObject(data);
 	if (out["maxStepsPerTurn"] === void 0 && out["maxStepsPerRun"] !== void 0) out["maxStepsPerTurn"] = out["maxStepsPerRun"];
@@ -15815,11 +15767,11 @@ function configToTomlData(config) {
 	delete out["default_yolo"];
 	delete out["defaultYolo"];
 	delete out["defaultPermissionMode"];
+	delete out["default_thinking"];
 	for (const key of [
 		"defaultProvider",
 		"defaultModel",
 		"yolo",
-		"defaultThinking",
 		"defaultPermissionMode",
 		"mergeAllAvailableSkills",
 		"extraSkillDirs"
@@ -15888,10 +15840,17 @@ function permissionRuleToToml(rule) {
 }
 function servicesToToml(services, rawServices) {
 	const out = cloneRecord(rawServices);
-	if (services.byfSearch !== void 0) out["byf_search"] = serviceToToml(services.byfSearch);
-	else delete out["byf_search"];
-	if (services.byfFetch !== void 0) out["byf_fetch"] = serviceToToml(services.byfFetch);
-	else delete out["byf_fetch"];
+	if (services.webSearch !== void 0 && services.webSearch.providers.length > 0) {
+		const providersToml = services.webSearch.providers.map((p) => {
+			const providerOut = {};
+			for (const [key, value] of Object.entries(p)) setDefined(providerOut, camelToSnake(key), value);
+			return providerOut;
+		});
+		out["web_search"] = out["web_search"] ?? {};
+		out["web_search"]["providers"] = providersToml;
+	} else delete out["web_search"];
+	if (services.fetchUrl !== void 0) out["fetch_url"] = serviceToToml(services.fetchUrl);
+	else delete out["fetch_url"];
 	return out;
 }
 function serviceToToml(service) {
@@ -15949,70 +15908,659 @@ function isFileExistsError(error) {
 	return typeof error === "object" && error !== null && error.code === "EEXIST";
 }
 //#endregion
-//#region src/version.ts
-function getCoreVersion() {
-	try {
-		const raw = readFileSync(fileURLToPath(new URL("../package.json", import.meta.url)), "utf-8");
-		const pkg = JSON.parse(raw);
-		return typeof pkg.version === "string" ? pkg.version : "0.0.0";
-	} catch {
-		return "0.0.0";
+//#region src/config/update-rules.ts
+const REMOVED_RULES = [
+	{
+		path: "default_yolo",
+		pathParts: ["default_yolo"],
+		kind: "removed",
+		detail: "Top-level field default_yolo is removed. Use yolo instead.",
+		deprecatedSince: "pre-0.1.0"
+	},
+	{
+		path: "defaultYolo",
+		pathParts: ["defaultYolo"],
+		kind: "removed",
+		detail: "Top-level field defaultYolo is removed. Use yolo instead.",
+		deprecatedSince: "pre-0.1.0"
+	},
+	{
+		path: "services.byf_search",
+		pathParts: ["services", "byf_search"],
+		kind: "removed",
+		detail: "Deprecated service byf_search is removed.",
+		deprecatedSince: "pre-0.1.0"
+	},
+	{
+		path: "services.byf_fetch",
+		pathParts: ["services", "byf_fetch"],
+		kind: "removed",
+		detail: "Deprecated service byf_fetch is removed. Use services.fetch_url instead.",
+		deprecatedSince: "pre-0.1.0"
 	}
-}
-//#endregion
-//#region src/mcp/client-shared.ts
-const BYF_MCP_CLIENT_VERSION = getCoreVersion();
+];
+const RENAMED_RULES = [{
+	path: "loop_control.max_steps_per_run",
+	pathParts: ["loop_control", "max_steps_per_run"],
+	kind: "renamed",
+	detail: "Renamed to max_steps_per_turn.",
+	deprecatedSince: "pre-0.1.0"
+}];
+const MIGRATED_RULES = [{
+	path: "default_thinking",
+	pathParts: ["default_thinking"],
+	kind: "migrated",
+	detail: "Migrate default_thinking to [thinking] block.",
+	deprecatedSince: "pre-0.1.0"
+}];
 /**
-* Build the `RequestOptions` object accepted by the MCP SDK's `callTool`,
-* including either the configured tool-call timeout, an in-flight abort
-* signal, both, or neither. Returns `undefined` when nothing needs to be
-* passed so the SDK falls back to its defaults.
+* Combined list of all deprecated-field rules.
+*
+* Order within the list does not affect correctness (the CLI groups by kind
+* at display time), but a stable order helps test expectations.
 */
-function buildRequestOptions(toolCallTimeoutMs, signal) {
-	if (toolCallTimeoutMs === void 0 && signal === void 0) return void 0;
+const DEPRECATED_FIELD_RULES = [
+	...REMOVED_RULES,
+	...RENAMED_RULES,
+	...MIGRATED_RULES
+];
+//#endregion
+//#region src/providers/runtime-provider.ts
+function resolveRuntimeProvider(input) {
+	const modelName = input.model ?? input.config.defaultModel;
+	if (modelName === void 0) throw new ByfError(ErrorCodes.CONFIG_INVALID, "No model is selected. Set default_model in config.toml or pass a configured model alias.");
+	const alias = input.config.models?.[modelName];
+	if (alias === void 0) throw new ByfError(ErrorCodes.CONFIG_INVALID, `Model "${modelName}" is not configured in config.toml. Add a [models."${modelName}"] entry with max_context_size.`);
+	const resolvedModel = alias.model;
+	const providerName = alias.provider ?? input.config.defaultProvider;
+	const providerConfig = providerName === void 0 ? void 0 : input.config.providers[providerName];
+	if (providerName === void 0) throw new ByfError(ErrorCodes.CONFIG_INVALID, `Model "${modelName}" must define a provider in config.toml.`);
+	if (providerConfig === void 0) throw new ByfError(ErrorCodes.CONFIG_INVALID, `Provider "${providerName}" for model "${modelName}" is not configured.`);
+	if (!Number.isInteger(alias.maxContextSize) || alias.maxContextSize <= 0) throw new ByfError(ErrorCodes.CONFIG_INVALID, `Model "${modelName}" must define a positive max_context_size in config.toml.`);
+	if (input.validateCredentials !== false && providerConfig.type !== "vertexai" && providerConfig.oauth === void 0 && providerApiKey(providerConfig) === void 0) throw new ByfError(ErrorCodes.CONFIG_INVALID, `Provider "${providerName}" has no credentials configured. Set apiKey, oauth, or a provider env API key in config.toml.`);
+	const provider = toKosongProviderConfig(providerConfig, resolvedModel, input.byfRequestHeaders, alias.maxOutputSize, alias.reasoningKey, input.promptCacheKey);
 	return {
-		timeout: toolCallTimeoutMs,
-		signal
+		modelName,
+		providerName,
+		modelCapabilities: resolveModelCapabilities(alias, provider),
+		provider
 	};
 }
-function toMcpToolDefinition(tool) {
+async function resolveRuntimeProviderWithOAuth(input) {
+	const resolved = resolveRuntimeProvider(input);
+	const resolveAuth = createRuntimeProviderAuthResolver(input, resolved);
+	if (resolveAuth === void 0) return resolved;
+	await resolveAuth();
 	return {
-		name: tool.name,
-		description: tool.description ?? "",
-		inputSchema: tool.inputSchema
+		...resolved,
+		resolveAuth
 	};
 }
-/**
-* Normalise the SDK's `callTool` return into kosong's {@link MCPToolResult}.
-* The SDK can return either the modern `{ content, isError }` shape or a
-* legacy `{ toolResult }` shape; we collapse the legacy shape to a single
-* text content block.
-*/
-function toMcpToolResult(result) {
-	if (typeof result === "object" && result !== null && "content" in result) {
-		const typed = result;
-		if (Array.isArray(typed.content)) return {
-			content: typed.content,
-			isError: typed.isError === true
-		};
-	}
-	if (typeof result === "object" && result !== null && "toolResult" in result) {
-		const legacy = result.toolResult;
-		return {
-			content: [{
-				type: "text",
-				text: typeof legacy === "string" ? legacy : JSON.stringify(legacy)
-			}],
-			isError: false
-		};
-	}
-	return {
-		content: [],
-		isError: false
+function createRuntimeProviderAuthResolver(input, resolved = resolveRuntimeProvider(input)) {
+	const providerName = resolved.providerName;
+	if (providerName === void 0) return void 0;
+	const providerConfig = input.config.providers[providerName];
+	if (providerConfig?.oauth === void 0) return void 0;
+	if (providerApiKey(providerConfig) !== void 0) throw new ByfError(ErrorCodes.CONFIG_INVALID, `Provider "${providerName}" has both apiKey and oauth set in config.toml — they are mutually exclusive. Remove one.`);
+	const tokenProvider = input.resolveOAuthTokenProvider?.(providerName, providerConfig.oauth);
+	if (tokenProvider === void 0) return async () => {
+		throw new ByfError(ErrorCodes.AUTH_LOGIN_REQUIRED, `OAuth provider "${providerName}" requires login before it can be used.`);
+	};
+	return async (options) => {
+		let apiKey;
+		try {
+			apiKey = await tokenProvider.getAccessToken(options?.forceRefresh === true ? { force: true } : void 0);
+		} catch (error) {
+			if (!isAuthLoginRequired(error)) (input.log ?? log).warn("oauth token fetch failed", {
+				providerName,
+				error
+			});
+			throw new ByfError(ErrorCodes.AUTH_LOGIN_REQUIRED, `OAuth provider "${providerName}" requires login before it can be used.`, { cause: error });
+		}
+		if (apiKey.trim().length === 0) throw new ByfError(ErrorCodes.AUTH_LOGIN_REQUIRED, `OAuth provider "${providerName}" requires login before it can be used.`);
+		return { apiKey };
 	};
 }
-//#endregion
-//#region src/mcp/client-http.ts
+function isAuthLoginRequired(error) {
+	return isByfError(error) && error.code === ErrorCodes.AUTH_LOGIN_REQUIRED;
+}
+const CAPABILITY_DEFINITIONS = [
+	{
+		name: "image_in",
+		returnKey: "image_in"
+	},
+	{
+		name: "video_in",
+		returnKey: "video_in"
+	},
+	{
+		name: "audio_in",
+		returnKey: "audio_in"
+	},
+	{
+		name: "thinking",
+		returnKey: "thinking"
+	},
+	{
+		name: "always_thinking",
+		returnKey: "thinking"
+	},
+	{
+		name: "tool_use",
+		returnKey: "tool_use"
+	},
+	{
+		name: "thinking_effort",
+		returnKey: "thinking_effort"
+	},
+	{
+		name: "thinking_xhigh",
+		returnKey: "thinking_xhigh"
+	},
+	{
+		name: "thinking_max",
+		returnKey: "thinking_max"
+	}
+];
+/**
+* The list of every valid capability name that can appear in a model
+* alias's `capabilities` array.
+*
+* Derives directly from {@link CAPABILITY_DEFINITIONS} so that adding a
+* new capability in one place automatically keeps both the validation
+* gate (`update-config`) and the runtime resolver in sync.
+*/
+const VALID_CAPABILITIES = CAPABILITY_DEFINITIONS.map((d) => d.name);
+function resolveModelCapabilities(alias, provider) {
+	const capabilities = new Set((alias.capabilities ?? []).map((capability) => capability.trim().toLowerCase()));
+	const has = (capability) => capabilities.has(capability);
+	const providerCapability = createProvider(providerForCapabilityProbe(provider)).getCapability?.(provider.model) ?? UNKNOWN_CAPABILITY;
+	const returnKeyToNames = /* @__PURE__ */ new Map();
+	for (const def of CAPABILITY_DEFINITIONS) {
+		const names = returnKeyToNames.get(def.returnKey) ?? [];
+		names.push(def.name);
+		returnKeyToNames.set(def.returnKey, names);
+	}
+	const resolved = {};
+	for (const [returnKey, names] of returnKeyToNames) resolved[returnKey] = names.some((n) => has(n)) || Boolean(providerCapability[returnKey]);
+	return {
+		...resolved,
+		max_context_tokens: alias.maxContextSize
+	};
+}
+function toKosongProviderConfig(provider, model, byfRequestHeaders, maxOutputSize, reasoningKey, promptCacheKey) {
+	switch (provider.type) {
+		case "anthropic": return {
+			type: "anthropic",
+			model,
+			baseUrl: providerValue(provider.baseUrl, provider.env, "ANTHROPIC_BASE_URL"),
+			apiKey: providerApiKey(provider),
+			...maxOutputSize !== void 0 ? { defaultMaxTokens: maxOutputSize } : {},
+			...defaultHeadersField(provider.customHeaders)
+		};
+		case "openai-completions": {
+			const defaultHeaders = {
+				...byfRequestHeaders,
+				...provider.customHeaders
+			};
+			const generationKwargs = {
+				prompt_cache_key: promptCacheKey,
+				extra_body: provider.extraBody
+			};
+			if (Object.keys(defaultHeaders).length === 0) return {
+				type: "openai-completions",
+				model,
+				baseUrl: providerValue(provider.baseUrl, provider.env, "BYF_BASE_URL"),
+				reasoningKey,
+				thinkingEffortKey: provider.thinkingEffortKey,
+				generationKwargs,
+				apiKey: providerApiKey(provider)
+			};
+			return {
+				type: "openai-completions",
+				model,
+				baseUrl: providerValue(provider.baseUrl, provider.env, "BYF_BASE_URL"),
+				reasoningKey,
+				thinkingEffortKey: provider.thinkingEffortKey,
+				generationKwargs,
+				defaultHeaders,
+				apiKey: providerApiKey(provider)
+			};
+		}
+		case "google-genai": return {
+			type: "google-genai",
+			model,
+			apiKey: providerApiKey(provider)
+		};
+		case "openai_responses": return {
+			type: "openai_responses",
+			model,
+			baseUrl: providerValue(provider.baseUrl, provider.env, "OPENAI_BASE_URL"),
+			apiKey: providerApiKey(provider),
+			...defaultHeadersField(provider.customHeaders)
+		};
+		case "vertexai": return {
+			type: "vertexai",
+			model,
+			vertexai: hasVertexAIServiceEnv(provider),
+			apiKey: hasVertexAIServiceEnv(provider) ? void 0 : providerApiKey(provider),
+			project: vertexAIProject(provider),
+			location: vertexAILocation(provider)
+		};
+		default: {
+			const exhaustive = provider.type;
+			throw new ByfError(ErrorCodes.MODEL_CONFIG_INVALID, `Unsupported provider type: ${String(exhaustive)}`);
+		}
+	}
+}
+function defaultHeadersField(headers) {
+	if (headers === void 0 || Object.keys(headers).length === 0) return {};
+	return { defaultHeaders: { ...headers } };
+}
+function providerForCapabilityProbe(provider) {
+	if (provider.type === "vertexai") return {
+		...provider,
+		vertexai: false,
+		project: void 0,
+		location: void 0,
+		apiKey: provider.apiKey === void 0 || provider.apiKey.length === 0 ? "capability-probe" : provider.apiKey
+	};
+	if (provider.apiKey !== void 0 && provider.apiKey.length > 0) return provider;
+	return {
+		...provider,
+		apiKey: "capability-probe"
+	};
+}
+function providerApiKey(provider) {
+	switch (provider.type) {
+		case "anthropic": return providerValue(provider.apiKey, provider.env, "ANTHROPIC_API_KEY");
+		case "openai_responses": return providerValue(provider.apiKey, provider.env, "OPENAI_API_KEY");
+		case "openai-completions": return providerValue(provider.apiKey, provider.env, "BYF_API_KEY");
+		case "google-genai": return providerValue(provider.apiKey, provider.env, "GOOGLE_API_KEY");
+		case "vertexai": return nonEmptyString$1(provider.apiKey) ?? envValue(provider.env, "VERTEXAI_API_KEY") ?? envValue(provider.env, "GOOGLE_API_KEY");
+		default: {
+			const exhaustive = provider.type;
+			throw new ByfError(ErrorCodes.MODEL_CONFIG_INVALID, `Unsupported provider type: ${String(exhaustive)}`);
+		}
+	}
+}
+function hasVertexAIServiceEnv(provider) {
+	return vertexAIProject(provider) !== void 0 && vertexAILocation(provider) !== void 0;
+}
+function vertexAIProject(provider) {
+	return envValue(provider.env, "GOOGLE_CLOUD_PROJECT");
+}
+function vertexAILocation(provider) {
+	return envValue(provider.env, "GOOGLE_CLOUD_LOCATION") ?? locationFromVertexAIBaseUrl(provider.baseUrl);
+}
+function providerValue(configured, env, envKey) {
+	return nonEmptyString$1(configured) ?? envValue(env, envKey);
+}
+function envValue(env, key) {
+	return nonEmptyString$1(env?.[key]);
+}
+function nonEmptyString$1(value) {
+	const trimmed = value?.trim();
+	return trimmed === void 0 || trimmed.length === 0 ? void 0 : trimmed;
+}
+function locationFromVertexAIBaseUrl(baseUrl) {
+	const url = nonEmptyString$1(baseUrl);
+	if (url === void 0) return void 0;
+	try {
+		const host = new URL(url).hostname;
+		return host.endsWith("-aiplatform.googleapis.com") ? nonEmptyString$1(host.slice(0, -26)) : void 0;
+	} catch {
+		return;
+	}
+}
+//#endregion
+//#region src/config/update.ts
+/**
+* Scan a parsed config (including `config.raw`) and return all Findings
+* for deprecated / renamed / migrated / dangling / unknown / invalid-value
+* fields.
+*
+* This is a **pure** function — no file I/O, no side effects.
+*
+* Detection is based on `config.raw` (the clone of the original TOML data),
+* not on the parsed camelCase schema. This matches the PRD's observation
+* that `raw` is both the protection layer (preserving unknown fields) and
+* the blind spot (retaining stale keys through read→write cycles).
+*/
+function analyzeConfig(config) {
+	const raw = config.raw;
+	const findings = [];
+	if (isRecord(raw)) {
+		for (const rule of DEPRECATED_FIELD_RULES) if (pathExistsInRaw(raw, rule.pathParts)) findings.push({
+			kind: rule.kind,
+			path: rule.path,
+			detail: rule.detail,
+			deprecatedSince: rule.deprecatedSince
+		});
+		const defaultThinkingFinding = findings.find((f) => f.path === "default_thinking");
+		if (defaultThinkingFinding) {
+			const thinking = config.thinking;
+			if (thinking && (thinking.mode !== void 0 || thinking.effort !== void 0)) {
+				defaultThinkingFinding.kind = "removed";
+				defaultThinkingFinding.detail = "Already superseded by [thinking] block.";
+			}
+		}
+		const UNKNOWN_SKIP_PATHS = new Set(DEPRECATED_FIELD_RULES.map((r) => r.pathParts.join(".")));
+		const byfShapeKeys = /* @__PURE__ */ new Set();
+		for (const key of Object.keys(ByfConfigSchema.shape)) {
+			byfShapeKeys.add(key);
+			byfShapeKeys.add(camelToSnakeStatic(key));
+		}
+		for (const rawKey of Object.keys(raw)) {
+			if (rawKey === "raw") continue;
+			if (UNKNOWN_SKIP_PATHS.has(rawKey)) continue;
+			const camelKey = snakeToCamelStatic(rawKey);
+			if (!byfShapeKeys.has(camelKey) && !byfShapeKeys.has(rawKey)) findings.push({
+				kind: "unknown",
+				path: rawKey,
+				detail: `Field "${rawKey}" is not recognized by the current schema. Its value has been ignored. This may be a typo or a field from a previous version.`
+			});
+		}
+		const nestedFindings = scanNestedUnknowns(raw, UNKNOWN_SKIP_PATHS);
+		findings.push(...nestedFindings);
+	}
+	if (config.models) {
+		const validCapsLower = new Set(VALID_CAPABILITIES.map((c) => c.toLowerCase()));
+		for (const [alias, modelConfig] of Object.entries(config.models)) if (modelConfig.capabilities) for (let i = 0; i < modelConfig.capabilities.length; i++) {
+			const cap = modelConfig.capabilities[i];
+			if (cap === void 0) continue;
+			if (!validCapsLower.has(cap.toLowerCase())) findings.push({
+				kind: "invalid-value",
+				path: `models.${alias}.capabilities[${i}]`,
+				detail: `"${cap}" is not a valid capability. Valid values: ${VALID_CAPABILITIES.join(", ")}.`
+			});
+		}
+	}
+	const providerKeys = Object.keys(config.providers ?? {});
+	if (config.models) {
+		for (const [alias, modelConfig] of Object.entries(config.models)) if (!providerKeys.includes(modelConfig.provider)) findings.push({
+			kind: "dangling",
+			path: `models.${alias}.provider`,
+			detail: `Model alias "${alias}" references provider "${modelConfig.provider}", which does not exist in [providers].`
+		});
+	}
+	if (config.defaultProvider !== void 0 && !providerKeys.includes(config.defaultProvider)) findings.push({
+		kind: "dangling",
+		path: "default_provider",
+		detail: `Default provider "${config.defaultProvider}" does not exist in [providers].`
+	});
+	const modelKeys = Object.keys(config.models ?? {});
+	if (config.defaultModel !== void 0 && !modelKeys.includes(config.defaultModel)) findings.push({
+		kind: "dangling",
+		path: "default_model",
+		detail: `Default model "${config.defaultModel}" does not exist in [models].`
+	});
+	return findings;
+}
+/**
+* Apply automatic fixes to a `ByfConfig` by deleting every path registered in
+* `DEPRECATED_FIELD_RULES` from `config.raw`.
+*
+* The `_findings` parameter is intentionally **not consulted** — deletion is
+* driven exclusively by the whitelist in `DEPRECATED_FIELD_RULES`. This ensures
+* that a call to `applyFixes` always produces a clean config regardless of
+* what analysis step previously ran.
+*
+* This is a **pure** function — it returns a new config object without
+* mutating the input.
+*/
+function applyFixes(config, findings) {
+	const newRaw = rawShallowClone(config.raw);
+	for (const rule of DEPRECATED_FIELD_RULES) deletePath(newRaw, rule.pathParts);
+	let newConfig = {
+		...config,
+		raw: newRaw
+	};
+	if (findings.find((f) => f.kind === "migrated" && f.path === "default_thinking")) {
+		const rawValue = config.raw?.["default_thinking"];
+		const isTruthy = rawValue === true || rawValue === "true" || rawValue === 1;
+		newConfig = {
+			...newConfig,
+			thinking: isTruthy ? {
+				mode: "on",
+				effort: "high"
+			} : { mode: "off" }
+		};
+	}
+	return newConfig;
+}
+/** Convert snake_case to camelCase (static helper for unknown detection). */
+function snakeToCamelStatic(str) {
+	return str.replaceAll(/_([a-z])/g, (_, ch) => ch.toUpperCase());
+}
+/** Convert camelCase to snake_case (static helper for unknown detection). */
+function camelToSnakeStatic(str) {
+	return str.replaceAll(/[A-Z]/g, (ch) => `_${ch.toLowerCase()}`);
+}
+/** True when `value` is a non-null, non-array object. */
+function isRecord(value) {
+	return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+/**
+* Walk `root` along `pathParts` checking that **every** segment exists.
+*
+* Returns `true` iff all parts exist as own keys (or inherited keys — TOML
+* parse results are plain objects so the distinction doesn't matter here).
+*/
+function pathExistsInRaw(root, pathParts) {
+	let current = root;
+	for (const part of pathParts) {
+		if (!isRecord(current) || !(part in current)) return false;
+		current = current[part];
+	}
+	return true;
+}
+/**
+* Delete a leaf (or entire sub-tree) from `root` following `pathParts`.
+*
+* If the parent after deletion becomes empty it is cleaned up as well
+* (recursive upward), so that a service table cleared of all deprecated
+* keys does not leave behind an empty `{}`.
+*/
+function deletePath(root, pathParts) {
+	if (pathParts.length === 0) return;
+	const parentParts = pathParts.slice(0, -1);
+	const leafKey = pathParts.at(-1);
+	let current;
+	if (parentParts.length === 0) current = root;
+	else current = traverseTo(root, parentParts);
+	if (current === void 0) return;
+	const keyExisted = leafKey in current;
+	delete current[leafKey];
+	if (keyExisted && parentParts.length > 0 && Object.keys(current).length === 0) deletePath(root, parentParts);
+}
+/**
+* Walk `root` along `pathParts` returning the penultimate record, or
+* `undefined` if any segment is missing.
+*/
+function traverseTo(root, pathParts) {
+	let current = root;
+	for (const part of pathParts) {
+		if (!isRecord(current) || !(part in current)) return void 0;
+		current = current[part];
+	}
+	return isRecord(current) ? current : void 0;
+}
+/**
+* Shallow-clone `raw`: each nested record is also shallow-cloned so that
+* mutations in `applyFixes` do not affect the original object.
+*/
+function rawShallowClone(raw) {
+	if (!isRecord(raw)) return {};
+	const clone = {};
+	for (const [key, value] of Object.entries(raw)) clone[key] = isRecord(value) ? { ...value } : value;
+	return clone;
+}
+/**
+* Build a set of all valid keys (camelCase + snake_case) from a zod
+* object schema's `.shape`.
+*/
+function getShapeKeySet(schema) {
+	const keys = /* @__PURE__ */ new Set();
+	for (const key of Object.keys(schema.shape)) {
+		keys.add(key);
+		keys.add(camelToSnakeStatic(key));
+	}
+	return keys;
+}
+/**
+* Scan known container keys in `raw` for sub-keys that don't match the
+* corresponding schema shape.  Unknown paths that overlap with
+* `skipPaths` (e.g. already reported deprecated fields) are skipped.
+*
+* Detects e.g. `models.gpt4.max_context_tokns` (typo) or
+* `providers.anthropic.api_kei` (typo).
+*/
+function scanNestedUnknowns(raw, skipPaths) {
+	const findings = [];
+	const containers = [
+		{
+			rawKey: "models",
+			isRecord: true,
+			schema: ModelAliasSchema
+		},
+		{
+			rawKey: "providers",
+			isRecord: true,
+			schema: ProviderConfigSchema
+		},
+		{
+			rawKey: "services",
+			isRecord: false,
+			schema: ServicesConfigSchema
+		},
+		{
+			rawKey: "background",
+			isRecord: false,
+			schema: BackgroundConfigSchema
+		},
+		{
+			rawKey: "loop_control",
+			isRecord: false,
+			schema: LoopControlSchema
+		},
+		{
+			rawKey: "thinking",
+			isRecord: false,
+			schema: ThinkingConfigSchema
+		},
+		{
+			rawKey: "permission",
+			isRecord: false,
+			schema: PermissionConfigSchema,
+			legacyKeys: [
+				"deny",
+				"allow",
+				"ask"
+			]
+		}
+	];
+	const schemaKeySets = /* @__PURE__ */ new Map();
+	containers.forEach((entry, index) => {
+		const base = getShapeKeySet(entry.schema);
+		if (entry.legacyKeys) for (const k of entry.legacyKeys) base.add(k);
+		schemaKeySets.set(index, base);
+	});
+	for (const [entryIndex, entry] of containers.entries()) {
+		if (!(entry.rawKey in raw)) continue;
+		const rawValue = raw[entry.rawKey];
+		if (!isRecord(rawValue)) continue;
+		if (entry.isRecord) for (const [itemKey, itemValue] of Object.entries(rawValue)) {
+			if (!isRecord(itemValue)) continue;
+			const validKeys = schemaKeySets.get(entryIndex);
+			for (const subKey of Object.keys(itemValue)) if (!validKeys.has(subKey)) {
+				const path = `${entry.rawKey}.${itemKey}.${subKey}`;
+				if (!skipPaths.has(path)) findings.push({
+					kind: "unknown",
+					path,
+					detail: `Field "${subKey}" is not recognized in ${entry.rawKey}.${itemKey}. This may be a typo or a field from a previous version.`
+				});
+			}
+		}
+		else {
+			const validKeys = schemaKeySets.get(entryIndex);
+			for (const subKey of Object.keys(rawValue)) if (!validKeys.has(subKey)) {
+				const path = `${entry.rawKey}.${subKey}`;
+				if (!skipPaths.has(path)) findings.push({
+					kind: "unknown",
+					path,
+					detail: `Field "${subKey}" is not recognized in [${entry.rawKey}]. This may be a typo or a field from a previous version.`
+				});
+			}
+		}
+	}
+	return findings;
+}
+//#endregion
+//#region src/version.ts
+function getCoreVersion() {
+	try {
+		const raw = readFileSync(fileURLToPath(new URL("../package.json", import.meta.url)), "utf-8");
+		const pkg = JSON.parse(raw);
+		return typeof pkg.version === "string" ? pkg.version : "0.0.0";
+	} catch {
+		return "0.0.0";
+	}
+}
+//#endregion
+//#region src/mcp/client-shared.ts
+const BYF_MCP_CLIENT_VERSION = getCoreVersion();
+/**
+* Build the `RequestOptions` object accepted by the MCP SDK's `callTool`,
+* including either the configured tool-call timeout, an in-flight abort
+* signal, both, or neither. Returns `undefined` when nothing needs to be
+* passed so the SDK falls back to its defaults.
+*/
+function buildRequestOptions(toolCallTimeoutMs, signal) {
+	if (toolCallTimeoutMs === void 0 && signal === void 0) return void 0;
+	return {
+		timeout: toolCallTimeoutMs,
+		signal
+	};
+}
+function toMcpToolDefinition(tool) {
+	return {
+		name: tool.name,
+		description: tool.description ?? "",
+		inputSchema: tool.inputSchema
+	};
+}
+/**
+* Normalise the SDK's `callTool` return into kosong's {@link MCPToolResult}.
+* The SDK can return either the modern `{ content, isError }` shape or a
+* legacy `{ toolResult }` shape; we collapse the legacy shape to a single
+* text content block.
+*/
+function toMcpToolResult(result) {
+	if (typeof result === "object" && result !== null && "content" in result) {
+		const typed = result;
+		if (Array.isArray(typed.content)) return {
+			content: typed.content,
+			isError: typed.isError === true
+		};
+	}
+	if (typeof result === "object" && result !== null && "toolResult" in result) {
+		const legacy = result.toolResult;
+		return {
+			content: [{
+				type: "text",
+				text: typeof legacy === "string" ? legacy : JSON.stringify(legacy)
+			}],
+			isError: false
+		};
+	}
+	return {
+		content: [],
+		isError: false
+	};
+}
+//#endregion
+//#region src/mcp/client-http.ts
 /**
 * Wraps the SDK streamable-HTTP transport as a kosong {@link MCPClient}.
 * Static bearer tokens are looked up from `process.env[bearerTokenEnvVar]`.
@@ -16868,7 +17416,7 @@ var SessionSubagentHost = class {
 		const { id, agent } = await this.session.createAgent({
 			type: "sub",
 			generate: parent.rawGenerate
-		}, void 0, this.ownerAgentId);
+		}, void 0, this.ownerAgentId, options.parentToolCallId);
 		const controller = new AbortController();
 		const unlinkAbortSignal = linkAbortSignal(options.signal, controller);
 		this.activeChildren.set(id, {
@@ -17167,7 +17715,7 @@ var Session = class {
 		})) return;
 		await Promise.all(Array.from(this.agents.values(), (agent) => agent.background.stopAll("Session closed")));
 	}
-	async createAgent(config, profile, parentAgentId) {
+	async createAgent(config, profile, parentAgentId, parentToolCallId) {
 		await this.skillsReady;
 		const type = config.type ?? "main";
 		const id = type === "main" ? "main" : this.nextGeneratedAgentId();
@@ -17179,7 +17727,8 @@ var Session = class {
 		this.metadata.agents[id] = {
 			homedir,
 			type,
-			parentAgentId: parentAgentId ?? null
+			parentAgentId: parentAgentId ?? null,
+			parentToolCallId
 		};
 		this.writeMetadata();
 		return {
@@ -17683,11 +18232,15 @@ function createProxiedFetch(deps) {
 		const proxyUrl = getProxyForUrl(url, envLookup, sysProxy);
 		const noProxyMatch = noProxy !== void 0 && isNoProxyHost(hostname, noProxy);
 		const controller = new AbortController();
-		const timeoutId = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
+		const timeoutId = setTimeout(() => {
+			controller.abort();
+		}, REQUEST_TIMEOUT_MS);
 		if (init?.signal) if (init.signal.aborted) {
 			clearTimeout(timeoutId);
 			controller.abort();
-		} else init.signal.addEventListener("abort", () => controller.abort(), { once: true });
+		} else init.signal.addEventListener("abort", () => {
+			controller.abort();
+		}, { once: true });
 		const mergedInit = {
 			...init,
 			signal: controller.signal
@@ -17699,7 +18252,7 @@ function createProxiedFetch(deps) {
 			return response;
 		} catch (error) {
 			clearTimeout(timeoutId);
-			if (isRetryableError(error) && proxyUrl && !noProxyMatch) return await retryViaProxy(input, init, proxyUrl, innerFetch);
+			if (isRetryableError(error) && proxyUrl && !noProxyMatch) return retryViaProxy(input, init, proxyUrl, innerFetch);
 			throw error;
 		}
 	};
@@ -17707,11 +18260,15 @@ function createProxiedFetch(deps) {
 }
 async function retryViaProxy(input, init, proxyUrl, innerFetch) {
 	const controller = new AbortController();
-	const timeoutId = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
+	const timeoutId = setTimeout(() => {
+		controller.abort();
+	}, REQUEST_TIMEOUT_MS);
 	if (init?.signal) if (init.signal.aborted) {
 		clearTimeout(timeoutId);
 		controller.abort();
-	} else init.signal.addEventListener("abort", () => controller.abort(), { once: true });
+	} else init.signal.addEventListener("abort", () => {
+		controller.abort();
+	}, { once: true });
 	const dispatcher = new ProxyAgent(proxyUrl);
 	const retryInit = {
 		...init,
@@ -17853,90 +18410,196 @@ var RemoteFetchURLProvider = class {
 			if (token.trim().length > 0) return token;
 			if (this.apiKey !== void 0 && this.apiKey.length > 0) return this.apiKey;
 		} catch (error) {
-			if (this.apiKey !== void 0 && this.apiKey.length > 0) return this.apiKey;
-			throw error;
+			if (this.apiKey !== void 0 && this.apiKey.length > 0) return this.apiKey;
+			throw error;
+		}
+		if (this.apiKey !== void 0 && this.apiKey.length > 0) return this.apiKey;
+		throw new Error("Remote fetch service is not configured: missing API key or token provider.");
+	}
+};
+//#endregion
+//#region src/tools/providers/router.ts
+var AllProvidersFailedError = class extends Error {
+	lastError;
+	constructor(lastError) {
+		super(`All search providers failed. Last error: ${lastError ?? "unknown"}`);
+		this.lastError = lastError;
+		this.name = "AllProvidersFailedError";
+	}
+};
+var PriorityRouter = class {
+	providers;
+	constructor(providers) {
+		this.providers = providers;
+	}
+	async search(query, options) {
+		let lastError;
+		for (const provider of this.providers) try {
+			return await provider.search(query, options);
+		} catch (error) {
+			lastError = error instanceof Error ? error.message : String(error);
+		}
+		throw new AllProvidersFailedError(lastError);
+	}
+};
+//#endregion
+//#region src/tools/providers/exa.ts
+var ExaWebSearchProvider = class {
+	apiKeys;
+	baseUrl;
+	fetchImpl;
+	constructor(options) {
+		this.apiKeys = options.apiKeys;
+		this.baseUrl = options.baseUrl ?? "https://api.exa.ai/search";
+		this.fetchImpl = options.fetchImpl ?? globalThis.fetch.bind(globalThis);
+	}
+	async search(query, options) {
+		const limit = options?.limit ?? 5;
+		const includeContent = options?.includeContent ?? false;
+		const contents = {};
+		if (includeContent) contents.text = { maxCharacters: 1e4 };
+		else contents.highlights = {
+			query,
+			maxCharacters: 300
+		};
+		const body = JSON.stringify({
+			query,
+			numResults: limit,
+			contents
+		});
+		let lastError;
+		for (const apiKey of this.apiKeys) try {
+			const response = await this.fetchImpl(this.baseUrl, {
+				method: "POST",
+				headers: {
+					Authorization: `Bearer ${apiKey}`,
+					"Content-Type": "application/json"
+				},
+				body
+			});
+			if (!response.ok) {
+				const detail = (await response.text().catch(() => "")).slice(0, 200);
+				throw new Error(`Exa search failed: HTTP ${response.status}${detail ? `: ${detail}` : ""}`);
+			}
+			const json = await response.json();
+			return (Array.isArray(json.results) ? json.results : []).map((r) => {
+				const out = {
+					title: r.title ?? "",
+					url: r.url ?? "",
+					snippet: ""
+				};
+				if (includeContent && typeof r.text === "string") {
+					out.snippet = r.text.slice(0, 300);
+					if (r.text.length > 0) out.content = r.text;
+				} else if (Array.isArray(r.highlights) && r.highlights.length > 0) out.snippet = r.highlights[0].slice(0, 300);
+				if (typeof r.publishedDate === "string" && r.publishedDate.length > 0) out.date = r.publishedDate;
+				return out;
+			});
+		} catch (error) {
+			lastError = error instanceof Error ? error : new Error(String(error));
+		}
+		throw lastError ?? /* @__PURE__ */ new Error("Exa search failed: no API keys configured");
+	}
+};
+registerProvider("exa", ExaWebSearchProvider);
+//#endregion
+//#region src/tools/providers/brave.ts
+var BraveWebSearchProvider = class {
+	apiKeys;
+	baseUrl;
+	fetchImpl;
+	constructor(options) {
+		this.apiKeys = options.apiKeys;
+		this.baseUrl = options.baseUrl ?? "https://api.search.brave.com/res/v1/web/search";
+		this.fetchImpl = options.fetchImpl ?? globalThis.fetch.bind(globalThis);
+	}
+	async search(query, options) {
+		const limit = options?.limit ?? 5;
+		const url = new URL(this.baseUrl);
+		url.searchParams.set("q", query);
+		url.searchParams.set("count", String(limit));
+		let lastError;
+		for (const apiKey of this.apiKeys) try {
+			const response = await this.fetchImpl(url.toString(), {
+				method: "GET",
+				headers: {
+					"Accept": "application/json",
+					"Accept-Encoding": "gzip",
+					"X-Subscription-Token": apiKey
+				}
+			});
+			if (!response.ok) {
+				const detail = (await response.text().catch(() => "")).slice(0, 200);
+				throw new Error(`Brave search failed: HTTP ${response.status}${detail ? `: ${detail}` : ""}`);
+			}
+			const json = await response.json();
+			return (Array.isArray(json.web?.results) ? json.web.results : []).map((r) => {
+				const out = {
+					title: r.title ?? "",
+					url: r.url ?? "",
+					snippet: r.description ?? ""
+				};
+				if (typeof r.age === "string" && r.age.length > 0) out.date = r.age;
+				return out;
+			});
+		} catch (error) {
+			lastError = error instanceof Error ? error : new Error(String(error));
 		}
-		if (this.apiKey !== void 0 && this.apiKey.length > 0) return this.apiKey;
-		throw new Error("Remote fetch service is not configured: missing API key or token provider.");
+		throw lastError ?? /* @__PURE__ */ new Error("Brave search failed: no API keys configured");
 	}
 };
+registerProvider("brave", BraveWebSearchProvider);
 //#endregion
-//#region src/tools/providers/remote-web-search.ts
-var RemoteWebSearchProvider = class {
-	tokenProvider;
-	apiKey;
+//#region src/tools/providers/firecrawl.ts
+var FirecrawlWebSearchProvider = class {
+	apiKeys;
 	baseUrl;
-	defaultHeaders;
-	customHeaders;
 	fetchImpl;
 	constructor(options) {
-		this.tokenProvider = options.tokenProvider;
-		this.apiKey = options.apiKey;
-		this.baseUrl = options.baseUrl;
-		this.defaultHeaders = options.defaultHeaders ?? {};
-		this.customHeaders = options.customHeaders ?? {};
+		this.apiKeys = options.apiKeys;
+		this.baseUrl = options.baseUrl ?? "https://api.firecrawl.dev/v2/search";
 		this.fetchImpl = options.fetchImpl ?? globalThis.fetch.bind(globalThis);
 	}
 	async search(query, options) {
-		const body = {
-			text_query: query,
-			limit: options?.limit ?? 5,
-			enable_page_crawling: options?.includeContent ?? false,
-			timeout_seconds: 30
+		const limit = options?.limit ?? 5;
+		const includeContent = options?.includeContent ?? false;
+		const requestBody = {
+			query,
+			limit
 		};
-		const bodyJson = JSON.stringify(body);
-		const response = await this.post(bodyJson);
-		if (response.status === 401) {
-			const detail = await safeReadText(response);
-			throw new Error(`Remote search request failed: HTTP 401 (auth/unauthorized). ${detail}`.trim());
-		}
-		if (response.status !== 200) {
-			const detail = await safeReadText(response);
-			throw new Error(`Remote search request failed: HTTP ${String(response.status)}. ${detail}`.trim());
-		}
-		const json = await response.json();
-		return (Array.isArray(json.search_results) ? json.search_results : []).map((r) => {
-			const out = {
-				title: r.title ?? "",
-				url: r.url ?? "",
-				snippet: r.snippet ?? ""
-			};
-			if (typeof r.date === "string" && r.date.length > 0) out.date = r.date;
-			if (typeof r.content === "string" && r.content.length > 0) out.content = r.content;
-			return out;
-		});
-	}
-	async post(bodyJson) {
-		const accessToken = await this.resolveApiKey();
-		return this.fetchImpl(this.baseUrl, {
-			method: "POST",
-			headers: {
-				...this.defaultHeaders,
-				Authorization: `Bearer ${accessToken}`,
-				"Content-Type": "application/json",
-				...this.customHeaders
-			},
-			body: bodyJson
-		});
-	}
-	async resolveApiKey() {
-		if (this.tokenProvider !== void 0) try {
-			return await this.tokenProvider.getAccessToken();
+		if (includeContent) requestBody.scrapeOptions = { formats: ["markdown"] };
+		const body = JSON.stringify(requestBody);
+		let lastError;
+		for (const apiKey of this.apiKeys) try {
+			const response = await this.fetchImpl(this.baseUrl, {
+				method: "POST",
+				headers: {
+					"Authorization": `Bearer ${apiKey}`,
+					"Content-Type": "application/json"
+				},
+				body
+			});
+			if (!response.ok) {
+				const detail = (await response.text().catch(() => "")).slice(0, 200);
+				throw new Error(`Firecrawl search failed: HTTP ${response.status}${detail ? `: ${detail}` : ""}`);
+			}
+			const json = await response.json();
+			return (Array.isArray(json.data?.web) ? json.data.web : []).map((r) => {
+				const out = {
+					title: r.title ?? "",
+					url: r.url ?? "",
+					snippet: r.description ?? ""
+				};
+				if (includeContent && typeof r.markdown === "string" && r.markdown.length > 0) out.content = r.markdown;
+				return out;
+			});
 		} catch (error) {
-			if (this.apiKey !== void 0 && this.apiKey.length > 0) return this.apiKey;
-			throw error;
+			lastError = error instanceof Error ? error : new Error(String(error));
 		}
-		if (this.apiKey !== void 0 && this.apiKey.length > 0) return this.apiKey;
-		throw new Error("Remote search service is not configured: missing API key or token provider.");
+		throw lastError ?? /* @__PURE__ */ new Error("Firecrawl search failed: no API keys configured");
 	}
 };
-async function safeReadText(response) {
-	try {
-		return await response.text();
-	} catch {
-		return "";
-	}
-}
+registerProvider("firecrawl", FirecrawlWebSearchProvider);
 //#endregion
 //#region src/utils/environment.ts
 /**
@@ -18198,15 +18861,6 @@ var SessionAPIImpl = class {
 	getModel({ agentId, ...payload }) {
 		return this.getAgent(agentId).getModel(payload);
 	}
-	enterPlan({ agentId, ...payload }) {
-		return this.getAgent(agentId).enterPlan(payload);
-	}
-	cancelPlan({ agentId, ...payload }) {
-		return this.getAgent(agentId).cancelPlan(payload);
-	}
-	clearPlan({ agentId, ...payload }) {
-		return this.getAgent(agentId).clearPlan(payload);
-	}
 	beginCompaction({ agentId, ...payload }) {
 		return this.getAgent(agentId).beginCompaction(payload);
 	}
@@ -18247,9 +18901,6 @@ var SessionAPIImpl = class {
 	getPermission({ agentId, ...payload }) {
 		return this.getAgent(agentId).getPermission(payload);
 	}
-	getPlan({ agentId, ...payload }) {
-		return this.getAgent(agentId).getPlan(payload);
-	}
 	getUsage({ agentId, ...payload }) {
 		return this.getAgent(agentId).getUsage(payload);
 	}
@@ -19397,207 +20048,6 @@ async function readOptionalFile(path) {
 	}
 }
 //#endregion
-//#region src/providers/runtime-provider.ts
-function resolveRuntimeProvider(input) {
-	const modelName = input.model ?? input.config.defaultModel;
-	if (modelName === void 0) throw new ByfError(ErrorCodes.CONFIG_INVALID, "No model is selected. Set default_model in config.toml or pass a configured model alias.");
-	const alias = input.config.models?.[modelName];
-	if (alias === void 0) throw new ByfError(ErrorCodes.CONFIG_INVALID, `Model "${modelName}" is not configured in config.toml. Add a [models."${modelName}"] entry with max_context_size.`);
-	const resolvedModel = alias.model;
-	const providerName = alias.provider ?? input.config.defaultProvider;
-	const providerConfig = providerName === void 0 ? void 0 : input.config.providers[providerName];
-	if (providerName === void 0) throw new ByfError(ErrorCodes.CONFIG_INVALID, `Model "${modelName}" must define a provider in config.toml.`);
-	if (providerConfig === void 0) throw new ByfError(ErrorCodes.CONFIG_INVALID, `Provider "${providerName}" for model "${modelName}" is not configured.`);
-	if (!Number.isInteger(alias.maxContextSize) || alias.maxContextSize <= 0) throw new ByfError(ErrorCodes.CONFIG_INVALID, `Model "${modelName}" must define a positive max_context_size in config.toml.`);
-	if (input.validateCredentials !== false && providerConfig.type !== "vertexai" && providerConfig.oauth === void 0 && providerApiKey(providerConfig) === void 0) throw new ByfError(ErrorCodes.CONFIG_INVALID, `Provider "${providerName}" has no credentials configured. Set apiKey, oauth, or a provider env API key in config.toml.`);
-	const provider = toKosongProviderConfig(providerConfig, resolvedModel, input.byfRequestHeaders, alias.maxOutputSize, alias.reasoningKey, input.promptCacheKey);
-	return {
-		modelName,
-		providerName,
-		modelCapabilities: resolveModelCapabilities(alias, provider),
-		provider
-	};
-}
-async function resolveRuntimeProviderWithOAuth(input) {
-	const resolved = resolveRuntimeProvider(input);
-	const resolveAuth = createRuntimeProviderAuthResolver(input, resolved);
-	if (resolveAuth === void 0) return resolved;
-	await resolveAuth();
-	return {
-		...resolved,
-		resolveAuth
-	};
-}
-function createRuntimeProviderAuthResolver(input, resolved = resolveRuntimeProvider(input)) {
-	const providerName = resolved.providerName;
-	if (providerName === void 0) return void 0;
-	const providerConfig = input.config.providers[providerName];
-	if (providerConfig?.oauth === void 0) return void 0;
-	if (providerApiKey(providerConfig) !== void 0) throw new ByfError(ErrorCodes.CONFIG_INVALID, `Provider "${providerName}" has both apiKey and oauth set in config.toml — they are mutually exclusive. Remove one.`);
-	const tokenProvider = input.resolveOAuthTokenProvider?.(providerName, providerConfig.oauth);
-	if (tokenProvider === void 0) return async () => {
-		throw new ByfError(ErrorCodes.AUTH_LOGIN_REQUIRED, `OAuth provider "${providerName}" requires login before it can be used.`);
-	};
-	return async (options) => {
-		let apiKey;
-		try {
-			apiKey = await tokenProvider.getAccessToken(options?.forceRefresh === true ? { force: true } : void 0);
-		} catch (error) {
-			if (!isAuthLoginRequired(error)) (input.log ?? log).warn("oauth token fetch failed", {
-				providerName,
-				error
-			});
-			throw new ByfError(ErrorCodes.AUTH_LOGIN_REQUIRED, `OAuth provider "${providerName}" requires login before it can be used.`, { cause: error });
-		}
-		if (apiKey.trim().length === 0) throw new ByfError(ErrorCodes.AUTH_LOGIN_REQUIRED, `OAuth provider "${providerName}" requires login before it can be used.`);
-		return { apiKey };
-	};
-}
-function isAuthLoginRequired(error) {
-	return isByfError(error) && error.code === ErrorCodes.AUTH_LOGIN_REQUIRED;
-}
-function resolveModelCapabilities(alias, provider) {
-	const capabilities = new Set((alias.capabilities ?? []).map((capability) => capability.trim().toLowerCase()));
-	const has = (capability) => capabilities.has(capability);
-	const providerCapability = createProvider(providerForCapabilityProbe(provider)).getCapability?.(provider.model) ?? UNKNOWN_CAPABILITY;
-	return {
-		image_in: has("image_in") || providerCapability.image_in,
-		video_in: has("video_in") || providerCapability.video_in,
-		audio_in: has("audio_in") || providerCapability.audio_in,
-		thinking: has("thinking") || has("always_thinking") || providerCapability.thinking,
-		tool_use: has("tool_use") || providerCapability.tool_use,
-		thinking_effort: has("thinking_effort") || providerCapability.thinking_effort,
-		thinking_xhigh: has("thinking_xhigh") || providerCapability.thinking_xhigh,
-		thinking_max: has("thinking_max") || providerCapability.thinking_max,
-		max_context_tokens: alias.maxContextSize
-	};
-}
-function toKosongProviderConfig(provider, model, byfRequestHeaders, maxOutputSize, reasoningKey, promptCacheKey) {
-	switch (provider.type) {
-		case "anthropic": return {
-			type: "anthropic",
-			model,
-			baseUrl: providerValue(provider.baseUrl, provider.env, "ANTHROPIC_BASE_URL"),
-			apiKey: providerApiKey(provider),
-			...maxOutputSize !== void 0 ? { defaultMaxTokens: maxOutputSize } : {},
-			...defaultHeadersField(provider.customHeaders)
-		};
-		case "openai-completions": {
-			const defaultHeaders = {
-				...byfRequestHeaders,
-				...provider.customHeaders
-			};
-			const generationKwargs = {
-				prompt_cache_key: promptCacheKey,
-				extra_body: provider.extraBody
-			};
-			if (Object.keys(defaultHeaders).length === 0) return {
-				type: "openai-completions",
-				model,
-				baseUrl: providerValue(provider.baseUrl, provider.env, "BYF_BASE_URL"),
-				reasoningKey,
-				thinkingEffortKey: provider.thinkingEffortKey,
-				generationKwargs,
-				apiKey: providerApiKey(provider)
-			};
-			return {
-				type: "openai-completions",
-				model,
-				baseUrl: providerValue(provider.baseUrl, provider.env, "BYF_BASE_URL"),
-				reasoningKey,
-				thinkingEffortKey: provider.thinkingEffortKey,
-				generationKwargs,
-				defaultHeaders,
-				apiKey: providerApiKey(provider)
-			};
-		}
-		case "google-genai": return {
-			type: "google-genai",
-			model,
-			apiKey: providerApiKey(provider)
-		};
-		case "openai_responses": return {
-			type: "openai_responses",
-			model,
-			baseUrl: providerValue(provider.baseUrl, provider.env, "OPENAI_BASE_URL"),
-			apiKey: providerApiKey(provider),
-			...defaultHeadersField(provider.customHeaders)
-		};
-		case "vertexai": return {
-			type: "vertexai",
-			model,
-			vertexai: hasVertexAIServiceEnv(provider),
-			apiKey: hasVertexAIServiceEnv(provider) ? void 0 : providerApiKey(provider),
-			project: vertexAIProject(provider),
-			location: vertexAILocation(provider)
-		};
-		default: {
-			const exhaustive = provider.type;
-			throw new ByfError(ErrorCodes.MODEL_CONFIG_INVALID, `Unsupported provider type: ${String(exhaustive)}`);
-		}
-	}
-}
-function defaultHeadersField(headers) {
-	if (headers === void 0 || Object.keys(headers).length === 0) return {};
-	return { defaultHeaders: { ...headers } };
-}
-function providerForCapabilityProbe(provider) {
-	if (provider.type === "vertexai") return {
-		...provider,
-		vertexai: false,
-		project: void 0,
-		location: void 0,
-		apiKey: provider.apiKey === void 0 || provider.apiKey.length === 0 ? "capability-probe" : provider.apiKey
-	};
-	if (provider.apiKey !== void 0 && provider.apiKey.length > 0) return provider;
-	return {
-		...provider,
-		apiKey: "capability-probe"
-	};
-}
-function providerApiKey(provider) {
-	switch (provider.type) {
-		case "anthropic": return providerValue(provider.apiKey, provider.env, "ANTHROPIC_API_KEY");
-		case "openai_responses": return providerValue(provider.apiKey, provider.env, "OPENAI_API_KEY");
-		case "openai-completions": return providerValue(provider.apiKey, provider.env, "BYF_API_KEY");
-		case "google-genai": return providerValue(provider.apiKey, provider.env, "GOOGLE_API_KEY");
-		case "vertexai": return nonEmptyString$1(provider.apiKey) ?? envValue(provider.env, "VERTEXAI_API_KEY") ?? envValue(provider.env, "GOOGLE_API_KEY");
-		default: {
-			const exhaustive = provider.type;
-			throw new ByfError(ErrorCodes.MODEL_CONFIG_INVALID, `Unsupported provider type: ${String(exhaustive)}`);
-		}
-	}
-}
-function hasVertexAIServiceEnv(provider) {
-	return vertexAIProject(provider) !== void 0 && vertexAILocation(provider) !== void 0;
-}
-function vertexAIProject(provider) {
-	return envValue(provider.env, "GOOGLE_CLOUD_PROJECT");
-}
-function vertexAILocation(provider) {
-	return envValue(provider.env, "GOOGLE_CLOUD_LOCATION") ?? locationFromVertexAIBaseUrl(provider.baseUrl);
-}
-function providerValue(configured, env, envKey) {
-	return nonEmptyString$1(configured) ?? envValue(env, envKey);
-}
-function envValue(env, key) {
-	return nonEmptyString$1(env?.[key]);
-}
-function nonEmptyString$1(value) {
-	const trimmed = value?.trim();
-	return trimmed === void 0 || trimmed.length === 0 ? void 0 : trimmed;
-}
-function locationFromVertexAIBaseUrl(baseUrl) {
-	const url = nonEmptyString$1(baseUrl);
-	if (url === void 0) return void 0;
-	try {
-		const host = new URL(url).hostname;
-		return host.endsWith("-aiplatform.googleapis.com") ? nonEmptyString$1(host.slice(0, -26)) : void 0;
-	} catch {
-		return;
-	}
-}
-//#endregion
 //#region src/providers/provider-manager.ts
 var ProviderManager = class ProviderManager {
 	options;
@@ -19929,15 +20379,6 @@ var ByfCore = class {
 	getModel({ sessionId, ...payload }) {
 		return this.sessionApi(sessionId).getModel(payload);
 	}
-	enterPlan({ sessionId, ...payload }) {
-		return this.sessionApi(sessionId).enterPlan(payload);
-	}
-	cancelPlan({ sessionId, ...payload }) {
-		return this.sessionApi(sessionId).cancelPlan(payload);
-	}
-	clearPlan({ sessionId, ...payload }) {
-		return this.sessionApi(sessionId).clearPlan(payload);
-	}
 	beginCompaction({ sessionId, ...payload }) {
 		return this.sessionApi(sessionId).beginCompaction(payload);
 	}
@@ -19977,9 +20418,6 @@ var ByfCore = class {
 	getPermission({ sessionId, ...payload }) {
 		return this.sessionApi(sessionId).getPermission(payload);
 	}
-	getPlan({ sessionId, ...payload }) {
-		return this.sessionApi(sessionId).getPlan(payload);
-	}
 	getUsage({ sessionId, ...payload }) {
 		return this.sessionApi(sessionId).getUsage(payload);
 	}
@@ -20067,8 +20505,8 @@ async function createRuntimeConfig(input) {
 		systemProxy: () => detectSystemProxy()
 	});
 	const localFetcher = new LocalFetchURLProvider({ fetchImpl: proxiedFetch });
-	const searchService = input.config.services?.byfSearch;
-	const fetchService = input.config.services?.byfFetch;
+	const fetchService = input.config.services?.fetchUrl;
+	const webSearchConfig = input.config.services?.webSearch;
 	return {
 		kaos: localKaos,
 		osEnv: await detectEnvironmentFromNode(),
@@ -20080,12 +20518,11 @@ async function createRuntimeConfig(input) {
 			fetchImpl: proxiedFetch,
 			...serviceCredentials(fetchService, input.resolveOAuthTokenProvider)
 		}),
-		webSearcher: searchService?.baseUrl === void 0 ? void 0 : new RemoteWebSearchProvider({
-			baseUrl: searchService.baseUrl,
-			defaultHeaders: input.byfRequestHeaders,
-			fetchImpl: proxiedFetch,
-			...serviceCredentials(searchService, input.resolveOAuthTokenProvider)
-		})
+		webSearcher: webSearchConfig === void 0 ? void 0 : new PriorityRouter([...webSearchConfig.providers].toSorted((a, b) => a.priority - b.priority).map((p) => createProvider$1(p.type, {
+			apiKeys: p.apiKeys,
+			baseUrl: p.baseUrl,
+			fetchImpl: proxiedFetch
+		})))
 	};
 }
 function serviceCredentials(service, resolveOAuthTokenProvider) {
@@ -20120,11 +20557,11 @@ async function resumeSessionResult(summary, session, warning) {
 			context,
 			replay: agent.replayBuilder.buildResult(),
 			permission,
-			plan: null,
 			usage,
 			tools: await api.getTools({ agentId }),
 			toolStore: agent.tools.storeData(),
-			background: agent.background.list(false)
+			background: agent.background.list(false),
+			parentToolCallId: session.metadata.agents[agentId]?.parentToolCallId
 		};
 	}
 	return {
@@ -20179,4 +20616,4 @@ function parsePositiveInt(value) {
 	return n;
 }
 //#endregion
-export { AGENT_WIRE_PROTOCOL_VERSION, Agent, BYF_ERROR_INFO, BackgroundConfigSchema, ByfConfigPatchSchema, ByfConfigSchema, ByfCore, ByfError, ByfServiceConfigSchema, ErrorCodes, HookDefSchema, LoopControlSchema, MCP_OAUTH_AUTHORIZATION_URL_TOOL_UPDATE, McpServerConfigSchema, McpServerHttpConfigSchema, McpServerStdioConfigSchema, ModelAliasSchema, OAuthRefSchema, PermissionConfigSchema, PermissionModeSchema, PermissionRuleDecisionSchema, PermissionRuleSchema, PermissionRuleScopeSchema, ProviderConfigSchema, ProviderTypeSchema, ServicesConfigSchema, Session, SessionSubagentHost, ThinkingConfigSchema, USER_PROMPT_ORIGIN, WIRE_PROTOCOL_VERSION, buildExportManifest, buildPromptPlan, collectFilesRecursive, configToTomlData, createRPC, ensureByfHome, ensureConfigFile, exportSessionDirectory, flushDiagnosticLogs, formatConfigValidationError, fromByfErrorPayload, getDefaultConfig, getRootLogger, isByfError, log, makeErrorPayload, mergeConfigPatch, normalizeTimestampMs, parseBooleanEnv, parseConfigString, proxyWithExtraPayload, readConfigFile, redact, resolveByfHome, resolveConfigPath, resolveConfigValue, resolveGlobalLogPath, resolveLoggingConfig, scanSessionWire, toByfErrorPayload, transformTomlData, validateConfig, writeConfigFile, writeExportZip };
+export { AGENT_WIRE_PROTOCOL_VERSION, Agent, BYF_ERROR_INFO, BackgroundConfigSchema, ByfConfigPatchSchema, ByfConfigSchema, ByfCore, ByfError, ByfServiceConfigSchema, DEPRECATED_FIELD_RULES, ErrorCodes, HookDefSchema, LoopControlSchema, MCP_OAUTH_AUTHORIZATION_URL_TOOL_UPDATE, McpServerConfigSchema, McpServerHttpConfigSchema, McpServerStdioConfigSchema, ModelAliasSchema, OAuthRefSchema, PermissionConfigSchema, PermissionModeSchema, PermissionRuleDecisionSchema, PermissionRuleSchema, PermissionRuleScopeSchema, ProviderConfigSchema, ProviderTypeSchema, ServicesConfigSchema, Session, SessionSubagentHost, ThinkingConfigSchema, USER_PROMPT_ORIGIN, WIRE_PROTOCOL_VERSION, WebSearchConfigSchema, WebSearchProviderConfigSchema, analyzeConfig, applyFixes, buildExportManifest, buildPromptPlan, collectFilesRecursive, configToTomlData, createRPC, ensureByfHome, ensureConfigFile, exportSessionDirectory, flushDiagnosticLogs, formatConfigValidationError, fromByfErrorPayload, getDefaultConfig, getRootLogger, isByfError, log, makeErrorPayload, mergeConfigPatch, normalizeTimestampMs, parseBooleanEnv, parseConfigString, proxyWithExtraPayload, readConfigFile, redact, resolveByfHome, resolveConfigPath, resolveConfigValue, resolveGlobalLogPath, resolveLoggingConfig, scanSessionWire, toByfErrorPayload, transformTomlData, validateConfig, writeConfigFile, writeExportZip };