@gajae-code/coding-agent 0.4.5 → 0.5.1

package/src/modes/shared/agent-wire/deep-interview-gate.ts

@@ -17,12 +17,26 @@ import type { OpenGateInput } from "./workflow-gate-broker";
 /** "Other (type your own)" sentinel, mirroring the interactive ask tool. */
 export const GATE_OTHER_OPTION = "Other (type your own)";
 
+/** Optional structured deep-interview round metadata supplied by the agent. */
+export interface AskGateDeepInterviewState {
+	round_id?: string;
+	round: number;
+	component: string;
+	dimension: string;
+	ambiguity: number;
+}
+
 export interface AskGateQuestion {
 	id: string;
 	question: string;
 	options: Array<{ label: string }>;
 	multi?: boolean;
 	recommended?: number;
+	/**
+	 * Structured round metadata. When present it is the authoritative source for gate
+	 * `stage_state`; when absent, the question text is regex-parsed as a fallback.
+	 */
+	deepInterview?: AskGateDeepInterviewState;
 }
 
 export interface AskGateResult {
@@ -130,6 +144,19 @@ function questionAnswerSchema(question: AskGateQuestion, labels: string[]): RpcJ
 	};
 }
 
+/** Build `stage_state` round metadata from the structured param (authoritative when present). */
+function structuredDeepInterviewState(meta: AskGateDeepInterviewState): Record<string, unknown> {
+	const state: Record<string, unknown> = {
+		deep_interview_metadata: true,
+		round: meta.round,
+		component: meta.component,
+		dimension: meta.dimension,
+		ambiguity: meta.ambiguity,
+	};
+	if (meta.round_id !== undefined) state.round_id = meta.round_id;
+	return state;
+}
+
 /** Build the `workflow_gate` open-input for one deep-interview question. */
 export function questionToGate(question: AskGateQuestion): OpenGateInput {
 	const labels = question.options.map(o => o.label);
@@ -151,7 +178,9 @@ export function questionToGate(question: AskGateQuestion): OpenGateInput {
 				multi: question.multi ?? false,
 				options: labels,
 				other_option: GATE_OTHER_OPTION,
-				...deepInterviewQuestionState(question.question),
+				...(question.deepInterview
+					? structuredDeepInterviewState(question.deepInterview)
+					: deepInterviewQuestionState(question.question)),
 			},
 		},
 	};

package/src/modes/shared/agent-wire/session-registry.ts

@@ -0,0 +1,109 @@
+/**
+ * Cross-process registry of running gjc RPC sessions (issue 10).
+ *
+ * Each live RPC server writes a record under `<agent-dir>/rpc-sessions/<id>.json`
+ * on start and removes it on shutdown, so a separate process can discover which
+ * sessions are alive (and, once persistence lands in issue 09, how to reach
+ * them). Listing reaps records whose owning process is no longer alive, so a
+ * crashed server never leaves a permanent phantom entry.
+ */
+import * as fs from "node:fs/promises";
+import * as path from "node:path";
+import { getAgentDir } from "@gajae-code/utils";
+
+export type RpcSessionTransport = "stdio" | "bridge" | "socket";
+
+export interface RpcSessionRecord {
+	sessionId: string;
+	pid: number;
+	transport: RpcSessionTransport;
+	cwd: string;
+	model?: string;
+	/** ISO-8601 start timestamp. */
+	startedAt: string;
+	/** Reachable endpoint for persistent transports (issue 09); absent for stdio. */
+	endpoint?: string;
+}
+
+/** Registry directory: `<agent-dir>/rpc-sessions` (honors GJC_CODING_AGENT_DIR via getAgentDir). */
+function rpcSessionsDir(agentDir?: string): string {
+	return path.join(agentDir ?? getAgentDir(), "rpc-sessions");
+}
+
+function recordPath(sessionId: string, agentDir?: string): string {
+	return path.join(rpcSessionsDir(agentDir), `${sessionId}.json`);
+}
+
+/**
+ * Write (or replace) the registry record for a session. The record is written to
+ * a same-directory temp file and atomically renamed into place so a concurrent
+ * reader never observes (and reaps) a partially-written record.
+ */
+export async function registerRpcSession(record: RpcSessionRecord, agentDir?: string): Promise<string> {
+	const file = recordPath(record.sessionId, agentDir);
+	// `.tmp` suffix keeps the staging file out of the `*.json` listing/reaping path.
+	const staging = `${file}.${process.pid}.tmp`;
+	await Bun.write(staging, JSON.stringify(record));
+	await fs.rename(staging, file);
+	return file;
+}
+
+/** Remove a session's registry record. Best-effort: a missing file is not an error. */
+export async function unregisterRpcSession(sessionId: string, agentDir?: string): Promise<void> {
+	await fs.rm(recordPath(sessionId, agentDir), { force: true });
+}
+
+function isProcessAlive(pid: number): boolean {
+	if (!Number.isInteger(pid) || pid <= 0) return false;
+	try {
+		// Signal 0 performs error checking without delivering a signal.
+		process.kill(pid, 0);
+		return true;
+	} catch (err) {
+		// ESRCH => no such process (dead). EPERM => alive but owned by another user.
+		return (err as NodeJS.ErrnoException).code === "EPERM";
+	}
+}
+
+function parseRecord(raw: string): RpcSessionRecord | undefined {
+	let obj: Partial<RpcSessionRecord>;
+	try {
+		obj = JSON.parse(raw) as Partial<RpcSessionRecord>;
+	} catch {
+		return undefined;
+	}
+	if (typeof obj.sessionId !== "string" || typeof obj.pid !== "number") return undefined;
+	return obj as RpcSessionRecord;
+}
+
+/**
+ * List live RPC sessions, reaping records whose process is gone or whose file is
+ * unparseable. Returns records sorted by `startedAt` ascending.
+ */
+export async function listRpcSessions(agentDir?: string): Promise<RpcSessionRecord[]> {
+	const dir = rpcSessionsDir(agentDir);
+	let entries: string[];
+	try {
+		entries = await fs.readdir(dir);
+	} catch {
+		return [];
+	}
+	const live: RpcSessionRecord[] = [];
+	for (const entry of entries) {
+		if (!entry.endsWith(".json")) continue;
+		const file = path.join(dir, entry);
+		let raw: string;
+		try {
+			raw = await fs.readFile(file, "utf8");
+		} catch {
+			continue;
+		}
+		const record = parseRecord(raw);
+		if (!record || !isProcessAlive(record.pid)) {
+			await fs.rm(file, { force: true });
+			continue;
+		}
+		live.push(record);
+	}
+	return live.sort((a, b) => a.startedAt.localeCompare(b.startedAt));
+}

package/src/modes/shared/agent-wire/unattended-action-policy.ts

@@ -45,6 +45,30 @@ export function actionClassForScope(scope: BridgeCommandScope): RpcUnattendedAct
 	}
 }
 
+/** Runtime list of every v1 action class — membership-validation source for negotiate (#319). */
+export const RPC_UNATTENDED_ACTION_CLASSES: readonly RpcUnattendedActionClass[] = [
+	"command.prompt",
+	"command.control",
+	"command.bash",
+	"command.export",
+	"command.session",
+	"command.model",
+	"command.message_read",
+	"command.host_tools",
+	"command.host_uri",
+	"command.admin",
+	"bash.readonly",
+	"bash.mutating",
+	"bash.destructive",
+	"git.force_push",
+	"file.delete",
+	"file.write",
+	"host_tool.invoke",
+	"host_uri.read",
+	"host_uri.write",
+	"auth.login",
+];
+
 const READONLY_COMMANDS = new Set([
 	"ls",
 	"cat",

package/src/modes/shared/agent-wire/unattended-run-controller.ts

@@ -24,7 +24,8 @@ import type {
 	RpcUnattendedRefusalCode,
 } from "../../rpc/rpc-types";
 import type { BridgeCommandScope } from "./scopes";
-import { actionClassForScope, classifyBashAction } from "./unattended-action-policy";
+import { BRIDGE_COMMAND_SCOPES, MANDATORY_FLOOR_COMMAND_SCOPES } from "./scopes";
+import { actionClassForScope, classifyBashAction, RPC_UNATTENDED_ACTION_CLASSES } from "./unattended-action-policy";
 
 /** Coordinated abort surfaces invoked exactly once on a budget breach / abort. */
 export interface UnattendedAbortHooks {
@@ -157,8 +158,11 @@ export class UnattendedRunController {
 		this.sessionId = ctx.sessionId;
 		this.actor = declaration.actor;
 		this.budget = budget;
-		this.scopes = new Set(declaration.scopes);
-		this.actionAllowlist = new Set(declaration.action_allowlist);
+		this.scopes = new Set([...declaration.scopes, ...MANDATORY_FLOOR_COMMAND_SCOPES]);
+		this.actionAllowlist = new Set([
+			...declaration.action_allowlist,
+			...MANDATORY_FLOOR_COMMAND_SCOPES.map(actionClassForScope),
+		]);
 		this.now = ctx.now ?? Date.now;
 		this.audit = ctx.audit;
 		this.abortHooks = ctx.abortHooks ?? {};
@@ -183,6 +187,22 @@ export class UnattendedRunController {
 				"declaration.action_allowlist must be string[]",
 			);
 		}
+		const unknownScopes = d.scopes.filter(scope => !BRIDGE_COMMAND_SCOPES.includes(scope as BridgeCommandScope));
+		if (unknownScopes.length > 0) {
+			throw new UnattendedNegotiationError(
+				"invalid_unattended_declaration",
+				`declaration.scopes contains unknown scope(s): ${unknownScopes.join(", ")}`,
+			);
+		}
+		const unknownActions = d.action_allowlist.filter(
+			action => !RPC_UNATTENDED_ACTION_CLASSES.includes(action as RpcUnattendedActionClass),
+		);
+		if (unknownActions.length > 0) {
+			throw new UnattendedNegotiationError(
+				"invalid_unattended_declaration",
+				`declaration.action_allowlist contains unknown action class(es): ${unknownActions.join(", ")}`,
+			);
+		}
 		const budget = validateBudget(d.budget);
 		// Reject providers that cannot account for tokens/cost (fail-closed): require
 		// an explicit positive capability signal — omitted/unknown is refused too.

package/src/modes/shared/agent-wire/unattended-session.ts

@@ -31,6 +31,13 @@ import {
 } from "./unattended-run-controller";
 import { type GateStore, MemoryGateStore, type OpenGateInput, WorkflowGateBroker } from "./workflow-gate-broker";
 
+/**
+ * RPC commands that perform agent/tool work and therefore consume one unit of the
+ * `max_tool_calls` budget. Read-only/control/cancellation commands are wall-time-bounded
+ * and scope-checked but must NOT charge the tool-call budget (issue 04).
+ */
+const CHARGED_COMMAND_TYPES = new Set<RpcCommand["type"]>(["bash", "prompt", "steer", "follow_up", "abort_and_prompt"]);
+
 /** Minimal surface a skill runtime / ask tool uses to emit a gate and await its answer. */
 export interface WorkflowGateEmitter {
 	/** True only when unattended mode has been negotiated. */
@@ -116,7 +123,15 @@ export class UnattendedSessionControlPlane implements RpcUnattendedControlPlane,
 
 	preflightCommand(command: RpcCommand): void {
 		if (!this.#controller) return;
-		this.#controller.preflightToolCall(`${command.type} preflight`);
+		const phase = `${command.type} preflight`;
+		// Always enforce wall-time; only charge the tool-call budget for commands that perform
+		// agent/tool work (issue 04). Read-only/control/cancellation commands must not consume
+		// max_tool_calls, but remain wall-time-bounded and scope/action-checked.
+		if (CHARGED_COMMAND_TYPES.has(command.type)) {
+			this.#controller.preflightToolCall(phase);
+		} else {
+			this.#controller.checkWallTime(phase);
+		}
 		if (command.type === "bash") {
 			this.#controller.authorizeBash(command.command);
 			return;

package/src/sdk.ts

@@ -32,7 +32,7 @@ import {
 	Snowflake,
 } from "@gajae-code/utils";
 
-import { type AsyncJob, AsyncJobManager, isBackgroundJobSupportEnabled } from "./async";
+import { type AsyncJob, AsyncJobManager, isBackgroundJobSupportEnabled, jobElapsedMs } from "./async";
 import { loadCapability } from "./capability";
 import { type Rule, ruleCapability, setActiveRules } from "./capability/rule";
 import { ModelRegistry } from "./config/model-registry";
@@ -50,6 +50,7 @@ import { CursorExecHandlers } from "./cursor";
 import "./discovery";
 import { resolveConfigValue } from "./config/resolve-config-value";
 import { getEmbeddedDefaultGjcSkills } from "./defaults/gjc-defaults";
+import { BUNDLED_GROK_BUILD_EXTENSION_ID, getBundledGrokBuildExtensionFactory } from "./defaults/gjc-grok-cli";
 import { initializeWithSettings } from "./discovery";
 import { disposeAllKernelSessions, disposeKernelSessionsByOwner } from "./eval/py/executor";
 import { TtsrManager } from "./export/ttsr";
@@ -133,7 +134,7 @@ import { ToolContextStore } from "./tools/context";
 import { getImageGenTools } from "./tools/image-gen";
 import { wrapToolWithMetaNotice } from "./tools/output-meta";
 import { EventBus } from "./utils/event-bus";
-import { buildNamedToolChoice } from "./utils/tool-choice";
+import { buildNamedToolChoice, buildNamedToolChoiceResult } from "./utils/tool-choice";
 import { buildWorkspaceTree, type WorkspaceTree } from "./workspace-tree";
 
 type AsyncResultEntry = {
@@ -234,6 +235,8 @@ export interface CreateAgentSessionOptions {
 	modelPattern?: string;
 	/** Thinking selector. Default: from settings, else unset */
 	thinkingLevel?: ThinkingLevel;
+	/** Runtime substitution metadata for the initial model_change session event. */
+	modelSubstitution?: { requestedModel: Model; reason: string };
 	/** Models available for cycling (Ctrl+P in interactive mode) */
 	scopedModels?: ScopedModelSelection[];
 
@@ -1122,7 +1125,7 @@ export async function createAgentSession(options: CreateAgentSessionOptions = {}
 						const formattedResult = await formatAsyncResultForFollowUp(result);
 						if (asyncJobManager!.isDeliverySuppressed(jobId)) return;
 
-						const durationMs = job ? Math.max(0, Date.now() - job.startTime) : undefined;
+						const durationMs = job ? jobElapsedMs(job) : undefined;
 						session.yieldQueue.enqueue<AsyncResultEntry>("async-result", {
 							jobId,
 							result: formattedResult,
@@ -1212,6 +1215,7 @@ export async function createAgentSession(options: CreateAgentSessionOptions = {}
 				const m = session.model;
 				return m ? buildNamedToolChoice(name, m) : undefined;
 			},
+			buildToolChoiceResult: name => buildNamedToolChoiceResult(name, session.model),
 			steer: msg =>
 				session.agent.steer({
 					role: "custom",
@@ -1338,13 +1342,26 @@ export async function createAgentSession(options: CreateAgentSessionOptions = {}
 		}
 
 		// Extension/module discovery is quarantined; retain only the private
-		// runtime needed for explicitly supplied SDK extensions and custom tools.
+		// runtime needed for bundled product extensions, explicitly supplied SDK
+		// extension factories, and custom tools. Filesystem extension paths remain
+		// ignored here even when options.additionalExtensionPaths is supplied.
 		const extensionsResult: LoadExtensionsResult = options.preloadedExtensions ?? {
 			extensions: [],
 			errors: [],
 			runtime: new ExtensionRuntime(),
 		};
 
+		if (!extensionsResult.extensions.some(extension => extension.path === BUNDLED_GROK_BUILD_EXTENSION_ID)) {
+			const bundledGrokExtension = await loadExtensionFromFactory(
+				getBundledGrokBuildExtensionFactory(),
+				cwd,
+				eventBus,
+				extensionsResult.runtime,
+				BUNDLED_GROK_BUILD_EXTENSION_ID,
+			);
+			extensionsResult.extensions.push(bundledGrokExtension);
+		}
+
 		// Load inline extensions from factories
 		if (inlineExtensions.length > 0) {
 			for (let i = 0; i < inlineExtensions.length; i++) {
@@ -1898,6 +1915,19 @@ export async function createAgentSession(options: CreateAgentSessionOptions = {}
 				}
 				return result;
 			},
+			onToolChoiceIncapability: event => {
+				const droppedLabel = session?.toolChoiceQueue.degradeInFlight(event.reason);
+				logger.debug("Dropped in-flight tool choice after runtime incapability", {
+					droppedLabel,
+					api: event.api,
+					provider: event.provider,
+					model: event.model,
+					requestedLevel: event.requestedLevel,
+					resolvedLevel: event.resolvedLevel,
+					reason: event.reason,
+					registryKey: event.registryKey,
+				});
+			},
 			intentTracing: !!intentField,
 			getToolChoice: () => session?.nextToolChoice(),
 			telemetry: options.telemetry,
@@ -1912,7 +1942,18 @@ export async function createAgentSession(options: CreateAgentSessionOptions = {}
 		} else {
 			// Save initial model, thinking level, and service tier for new sessions so they can be restored on resume.
 			if (model) {
-				sessionManager.appendModelChange(`${model.provider}/${model.id}`);
+				const substitution = options.modelSubstitution;
+				sessionManager.appendModelChange(
+					`${model.provider}/${model.id}`,
+					undefined,
+					substitution
+						? {
+								previousModel: `${substitution.requestedModel.provider}/${substitution.requestedModel.id}`,
+								reason: substitution.reason,
+								thinkingLevel: thinkingLevel ?? null,
+							}
+						: undefined,
+				);
 			}
 			sessionManager.appendThinkingLevelChange(thinkingLevel);
 			if (initialServiceTier) {

package/src/secrets/obfuscator.ts

@@ -73,9 +73,24 @@ export class SecretObfuscator {
 	/** Replace-mode plain mappings: secret → replacement */
 	#replaceMappings = new Map<string, string>();
 
+	/** Replace-mode plain mappings sorted longest-first for deterministic longest-match replacement. */
+	#sortedReplaceMappings: Array<{ secret: string; replacement: string }> = [];
+
+	/** Obfuscate-mode plain and regex-discovered mappings sorted longest-first. */
+	#sortedObfuscateMappings: Array<{ secret: string; index: number; placeholder: string }> = [];
+
+	/** Reverse lookup for obfuscate-mode secrets to avoid scanning mappings. */
+	#obfuscateIndexBySecret = new Map<string, number>();
+
 	/** Reverse lookup for deobfuscation: placeholder → secret */
 	#deobfuscateMap = new Map<string, string>();
 
+	/** Combined plain-secret regex cache for single-pass replacement. */
+	#combinedPlainRegex: RegExp | undefined;
+	#combinedPlainReplacementBySecret = new Map<string, string>();
+	#combinedPlainRegexDirty = true;
+	#useSequentialPlainReplacement = false;
+
 	/** Next available index for regex match discoveries */
 	#nextIndex: number;
 
@@ -93,6 +108,7 @@ export class SecretObfuscator {
 					this.#plainMappings.set(entry.content, index);
 					this.#obfuscateMappings.set(index, { secret: entry.content, placeholder });
 					this.#deobfuscateMap.set(placeholder, entry.content);
+					this.#obfuscateIndexBySecret.set(entry.content, index);
 					index++;
 				} else {
 					// replace mode
@@ -111,6 +127,16 @@ export class SecretObfuscator {
 		}
 
 		this.#nextIndex = index;
+		this.#sortedReplaceMappings = [...this.#replaceMappings]
+			.sort((a, b) => b[0].length - a[0].length)
+			.map(([secret, replacement]) => ({ secret, replacement }));
+		this.#sortedObfuscateMappings = [...this.#plainMappings]
+			.sort((a, b) => b[0].length - a[0].length)
+			.map(([secret, mappingIndex]) => ({
+				secret,
+				index: mappingIndex,
+				placeholder: this.#obfuscateMappings.get(mappingIndex)!.placeholder,
+			}));
 		this.#hasAny = entries.length > 0;
 	}
 
@@ -121,18 +147,7 @@ export class SecretObfuscator {
 	/** Obfuscate all secrets in text. Bidirectional placeholders for obfuscate mode, one-way for replace. */
 	obfuscate(text: string): string {
 		if (!this.#hasAny) return text;
-		let result = text;
-
-		// 1. Process replace-mode plain secrets
-		for (const [secret, replacement] of [...this.#replaceMappings].sort((a, b) => b[0].length - a[0].length)) {
-			result = replaceAll(result, secret, replacement);
-		}
-
-		// 2. Process obfuscate-mode plain secrets
-		for (const [secret, index] of [...this.#plainMappings].sort((a, b) => b[0].length - a[0].length)) {
-			const mapping = this.#obfuscateMappings.get(index)!;
-			result = replaceAll(result, secret, mapping.placeholder);
-		}
+		let result = this.#obfuscatePlainMappings(text);
 
 		// 3. Process regex entries — discover new matches
 		for (const entry of this.#regexEntries) {
@@ -160,6 +175,9 @@ export class SecretObfuscator {
 						const placeholder = buildPlaceholder(index);
 						this.#obfuscateMappings.set(index, { secret: matchValue, placeholder });
 						this.#deobfuscateMap.set(placeholder, matchValue);
+						this.#obfuscateIndexBySecret.set(matchValue, index);
+						this.#insertSortedObfuscateMapping({ secret: matchValue, index, placeholder });
+						this.#combinedPlainRegexDirty = true;
 					}
 					const mapping = this.#obfuscateMappings.get(index)!;
 					result = replaceAll(result, matchValue, mapping.placeholder);
@@ -186,15 +204,74 @@ export class SecretObfuscator {
 
 	/** Find the obfuscate index for a known secret value. */
 	#findObfuscateIndex(secret: string): number | undefined {
-		// Check plain mappings first
-		const plainIndex = this.#plainMappings.get(secret);
-		if (plainIndex !== undefined) return plainIndex;
+		return this.#obfuscateIndexBySecret.get(secret);
+	}
+
+	#insertSortedObfuscateMapping(mapping: { secret: string; index: number; placeholder: string }): void {
+		let lo = 0;
+		let hi = this.#sortedObfuscateMappings.length;
+		while (lo < hi) {
+			const mid = (lo + hi) >> 1;
+			if (this.#sortedObfuscateMappings[mid]!.secret.length < mapping.secret.length) {
+				hi = mid;
+			} else {
+				lo = mid + 1;
+			}
+		}
+		this.#sortedObfuscateMappings.splice(lo, 0, mapping);
+	}
+
+	#obfuscatePlainMappings(text: string): string {
+		this.#ensureCombinedPlainRegex();
+		if (this.#useSequentialPlainReplacement) return this.#obfuscatePlainMappingsSequential(text);
+		if (!this.#combinedPlainRegex) return text;
+		return text.replace(
+			this.#combinedPlainRegex,
+			match => this.#combinedPlainReplacementBySecret.get(match) ?? match,
+		);
+	}
 
-		// Check regex-discovered mappings
-		for (const [index, mapping] of this.#obfuscateMappings) {
-			if (mapping.secret === secret) return index;
+	#obfuscatePlainMappingsSequential(text: string): string {
+		let result = text;
+		for (const mapping of this.#sortedReplaceMappings) {
+			result = replaceAll(result, mapping.secret, mapping.replacement);
+		}
+		for (const mapping of this.#sortedObfuscateMappings) {
+			result = replaceAll(result, mapping.secret, mapping.placeholder);
 		}
-		return undefined;
+		return result;
+	}
+
+	#ensureCombinedPlainRegex(): void {
+		if (!this.#combinedPlainRegexDirty) return;
+		this.#combinedPlainRegexDirty = false;
+		this.#combinedPlainReplacementBySecret = new Map<string, string>();
+
+		const mappings = [
+			...this.#sortedReplaceMappings.map(mapping => ({ secret: mapping.secret, replacement: mapping.replacement })),
+			...this.#sortedObfuscateMappings.map(mapping => ({
+				secret: mapping.secret,
+				replacement: mapping.placeholder,
+			})),
+		];
+
+		this.#useSequentialPlainReplacement = mappings.some((mapping, index) =>
+			mappings.some(
+				(other, otherIndex) =>
+					other.secret.length > 0 &&
+					(mapping.replacement.includes(other.secret) ||
+						(index !== otherIndex &&
+							(mapping.secret.includes(other.secret) || other.secret.includes(mapping.secret)))),
+			),
+		);
+		for (const mapping of mappings) {
+			if (!this.#combinedPlainReplacementBySecret.has(mapping.secret))
+				this.#combinedPlainReplacementBySecret.set(mapping.secret, mapping.replacement);
+		}
+		this.#combinedPlainRegex =
+			mappings.length > 0
+				? new RegExp(mappings.map(mapping => escapeRegex(mapping.secret)).join("|"), "g")
+				: undefined;
 	}
 }
 
@@ -238,14 +315,12 @@ export function obfuscateMessages(obfuscator: SecretObfuscator, messages: Messag
 
 /** Replace all occurrences of `search` in `text` with `replacement`. */
 function replaceAll(text: string, search: string, replacement: string): string {
-	if (search.length === 0) return text;
-	let result = text;
-	let idx = result.indexOf(search);
-	while (idx !== -1) {
-		result = result.slice(0, idx) + replacement + result.slice(idx + search.length);
-		idx = result.indexOf(search, idx + replacement.length);
-	}
-	return result;
+	if (search.length === 0 || !text.includes(search)) return text;
+	return text.split(search).join(replacement);
+}
+
+function escapeRegex(value: string): string {
+	return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
 }
 
 /** Deep-walk an object, transforming all string values. */