@ironbee-ai/cli 0.25.1 → 0.27.0

package/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## 0.27.0 (2026-06-19)
+
+## 0.26.0 (2026-06-18)
+
+### Bug Fixes
+
+* **verification:** robust activity lifecycle for delegated/background verifier ([#28](https://github.com/ironbee-ai/ironbee-cli/issues/28)) ([0bef3ee](https://github.com/ironbee-ai/ironbee-cli/commit/0bef3ee76e0a038250d4442c79d1576293e56333))
+
 ## 0.25.1 (2026-06-16)
 
 ### Features

package/dist/clients/claude/agents/ironbee-verifier.md

@@ -7,6 +7,8 @@ description: >
   verdict in the shared session, then returns a short summary. It does NOT edit code: if it
   finds problems it reports them as issues for the main agent to fix.
 tools: Bash, Read, Grep, Glob, mcp__browser-devtools__*, mcp__node-devtools__*, mcp__backend-devtools__*, mcp__android-devtools__*
+# Prefer foreground (the default). Advisory only — Claude decides fore/background per task and may auto-background a long run; sub-agent-liveness markers handle a backgrounded run regardless.
+background: false
 ---
 
 # IronBee Verifier (delegated verification)
@@ -72,6 +74,13 @@ echo '{"status":"pass","checks":["..."]}' | ironbee hook submit-verdict
    - Verdict shape is platform-agnostic: `status`, `checks`, optionally `issues`.
    - Pass → `{ "status": "pass", "checks": [...] }` (what you functionally verified).
    - Fail → `{ "status": "fail", "checks": [...], "issues": [...] }` (what failed).
+   - **A FALSE failure is a FAIL — not "verified failure handling".** When you exercise a
+     negative path, separate an EXPECTED negative test (you deliberately fed invalid input —
+     bad card, missing auth, malformed payload — and it correctly failed → supports a `pass`)
+     from a FALSE failure (a VALID, in-scope operation that SHOULD succeed but errors out → a
+     DEFECT). Report a false failure as `status: "fail"` (or at minimum non-empty `issues`),
+     never as a passing "failure path verified". Passing a run whose own evidence shows a
+     legitimate operation breaking is a false pass.
    - You do **not** supply `fixes` — you didn't perform the fix. IronBee fills it from what
      the main agent recorded / changed.
    - **Nothing to verify? Use N/A — do NOT fake evidence.** If the change has no runtime
@@ -98,6 +107,30 @@ echo '{"status":"pass","checks":["..."]}' | ironbee hook submit-verdict
 6. Return a short summary to the main agent: the verdict status and, on fail, the issues so
    it can fix and re-delegate.
 
+## Speed — batch your tool calls (fewer LLM round-trips)
+
+Each tool call is a separate LLM round-trip, and that round-trip — not the tool's execution
+— is the dominant cost of a verification. Drive the tools in as few turns as you can:
+
+- **Batch a scope's work into ONE `*_execute` call.** Each cycle exposes a batch tool
+  (`bdt_execute` / `ndt_execute` / `bedt_execute` / `adt_execute`) that runs many steps in
+  one turn — nest each as a `callTool('<tool>', { … })`. A batch nests only that cycle's own
+  tools (you can't mix servers in one `*_execute`). It's a JS sandbox, so a later step
+  can reuse a value an earlier `callTool` returned
+  (`const r = callTool(…); callTool(…, { /* a field from r */ })`); and `*_execute` STOPS at
+  the first failing nested call, so the rest don't run. Nested calls are credited to the gate like
+  standalone calls — but authoring the batch is not the work: read each result and confirm
+  real evidence came back (a batch whose interaction failed has no screenshot/snapshot
+  behind it). See each platform section for that cycle's concrete batch shape, including any
+  cycle-specific screenshot or recording handling.
+- **Discovery stays standalone — you can't batch what you haven't seen.** The step that
+  reveals what to do (navigate / connect / snapshot) runs first and on its own; you read its
+  result, THEN batch the actions it told you to take.
+- **Put independent calls in ONE assistant message.** Bash + your first devtools call can
+  ride the same turn — e.g. `verification-start` then the cycle's discovery call in one
+  message, in THIS order (until `verification-start` opens the cycle, every devtools call is
+  blocked).
+
 <!--IRONBEE:PLATFORM:browser-->
 <!--/IRONBEE:PLATFORM:browser-->
 

package/dist/clients/claude/commands/ironbee-verify.md

@@ -37,6 +37,7 @@ A custom verification scenario may be supplied when this command is invoked —
    > Mode: \<`fix` in fix mode — OMIT this line entirely in verify-only mode>
    > Scenario: \<the resolved scenario text, or "none — exercise the changed pages/endpoints">
    The verifier runs `verification-start` (relaying the fix intent to IronBee's completion gate, which then enforces fix-until-pass on you) → drives every active cycle's tools → submits the single verdict, all in this shared session. It resolves the session id from the environment, so you don't pass one.
+   **Wait for the verifier in the same turn — do NOT background it.** Let it run to completion and read its verdict before responding; a backgrounded verifier can let your turn end (and the Stop gate fire) before its verdict is recorded.
 3. **Relay the verifier's summary** — the verdict status and, on fail, the issues it found.
 4. **On a fail verdict, branch by mode**:
    - **Verify-only (default)**: stop here. Report the issues clearly and suggest `/ironbee-verify fix` to repair them. Do not edit code.

package/dist/clients/claude/hooks/activity-start.js

@@ -1 +1 @@
-"use strict";var r=Object.defineProperty;var f=Object.getOwnPropertyDescriptor;var g=Object.getOwnPropertyNames;var b=Object.prototype.hasOwnProperty;var a=(s,t)=>r(s,"name",{value:t,configurable:!0});var S=(s,t)=>{for(var e in t)r(s,e,{get:t[e],enumerable:!0})},$=(s,t,e,o)=>{if(t&&typeof t=="object"||typeof t=="function")for(let i of g(t))!b.call(s,i)&&i!==e&&r(s,i,{get:()=>t[i],enumerable:!(o=f(t,i))||o.enumerable});return s};var w=s=>$(r({},"__esModule",{value:!0}),s);var A={};S(A,{run:()=>y});module.exports=w(A);var p=require("../../../hooks/core/actions"),m=require("../../../hooks/core/activity"),c=require("../../../hooks/core/session-state"),n=require("../../../lib/logger"),u=require("../../../lib/stdin"),d=require("../../../otel/claude/daemon/ensure");async function y(s){let t;try{t=JSON.parse((0,u.readStdin)())}catch(l){n.logger.debug(`failed to parse stdin: ${l}`),process.exit(0)}const e=t.session_id??"default",o=`${s}/.ironbee/sessions/${e}`;(0,n.setLogFile)(`${o}/session.log`);const i=`${o}/actions.jsonl`;await(0,c.reconcileAbandonedActivity)(o,i,p.appendAction),await(0,m.startActivity)({sessionDir:o,actionsFile:i,source:"user_prompt"}),await(0,d.ensureOTELCollector)(s),process.exit(0)}a(y,"run");0&&(module.exports={run});
+"use strict";var r=Object.defineProperty;var g=Object.getOwnPropertyDescriptor;var b=Object.getOwnPropertyNames;var S=Object.prototype.hasOwnProperty;var a=(i,t)=>r(i,"name",{value:t,configurable:!0});var U=(i,t)=>{for(var n in t)r(i,n,{get:t[n],enumerable:!0})},x=(i,t,n,o)=>{if(t&&typeof t=="object"||typeof t=="function")for(let s of b(t))!S.call(i,s)&&s!==n&&r(i,s,{get:()=>t[s],enumerable:!(o=g(t,s))||o.enumerable});return i};var y=i=>x(r({},"__esModule",{value:!0}),i);var $={};U($,{isNonUserUps:()=>l,run:()=>P});module.exports=y($);var p=require("../../../hooks/core/actions"),c=require("../../../hooks/core/activity"),u=require("../../../hooks/core/session-state"),e=require("../../../lib/logger"),m=require("../../../lib/stdin"),d=require("../../../otel/claude/daemon/ensure");function l(i){return(i??"").replace(/^\s+/,"").startsWith("<task-notification")}a(l,"isNonUserUps");async function P(i){let t;try{t=JSON.parse((0,m.readStdin)())}catch(f){e.logger.debug(`failed to parse stdin: ${f}`),process.exit(0)}const n=t.session_id??"default",o=`${i}/.ironbee/sessions/${n}`;(0,e.setLogFile)(`${o}/session.log`);const s=`${o}/actions.jsonl`;l(t.prompt)&&(e.logger.debug("activity-start: skip non-user UPS (<task-notification> continuation)"),process.exit(0)),await(0,u.reconcileAbandonedActivity)(o,s,p.appendAction),await(0,c.startActivity)({sessionDir:o,actionsFile:s,source:"user_prompt"}),await(0,d.ensureOTELCollector)(i),process.exit(0)}a(P,"run");0&&(module.exports={isNonUserUps,run});

package/dist/clients/claude/hooks/session-end.js

@@ -1 +1 @@
-"use strict";var a=Object.defineProperty;var w=Object.getOwnPropertyDescriptor;var E=Object.getOwnPropertyNames;var A=Object.prototype.hasOwnProperty;var c=(n,s)=>a(n,"name",{value:s,configurable:!0});var _=(n,s)=>{for(var e in s)a(n,e,{get:s[e],enumerable:!0})},$=(n,s,e,o)=>{if(s&&typeof s=="object"||typeof s=="function")for(let i of E(s))!A.call(n,i)&&i!==e&&a(n,i,{get:()=>s[i],enumerable:!(o=w(s,i))||o.enumerable});return n};var b=n=>$(a({},"__esModule",{value:!0}),n);var v={};_(v,{run:()=>I});module.exports=b(v);var t=require("../../../hooks/core/actions"),p=require("../../../hooks/core/activity"),u=require("../../../hooks/core/session-state"),m=require("../../../import/ids"),r=require("../../../lib/logger"),l=require("../../../lib/stdin"),g=require("../../../queue"),f=require("../../../analytics/claude/hook-trigger");async function I(n){let s;try{s=JSON.parse((0,l.readStdin)())}catch(y){r.logger.debug(`failed to parse stdin: ${y}`),process.exit(0)}const e=s.session_id??"default",o=`${n}/.ironbee/sessions/${e}`,i=`${o}/actions.jsonl`;(0,r.setLogFile)(`${o}/session.log`),await(0,u.closeOpenCycles)(o,i,"session_end"),await(0,p.endActivity)({sessionDir:o,actionsFile:i});const d=Date.now(),S={...(0,t.baseFields)(i),id:(0,m.deriveSessionEndEventId)(e),type:"session_end",timestamp:d,session_id:e,duration:(0,t.findDurationSinceLastAction)(i,"session_start",d),reason:s.reason};await(0,t.appendAction)(i,S),await(0,f.runAnalyticsTrigger)({projectDir:n,sessionId:e,triggerType:"SessionEnd",endReason:s.reason,transcriptSource:"claude-code"}),await(0,g.flushSynchronously)(n,e),r.logger.debug(`session-end: ${e}`),process.exit(0)}c(I,"run");0&&(module.exports={run});
+"use strict";var a=Object.defineProperty;var E=Object.getOwnPropertyDescriptor;var A=Object.getOwnPropertyNames;var _=Object.prototype.hasOwnProperty;var c=(n,s)=>a(n,"name",{value:s,configurable:!0});var $=(n,s)=>{for(var i in s)a(n,i,{get:s[i],enumerable:!0})},b=(n,s,i,o)=>{if(s&&typeof s=="object"||typeof s=="function")for(let e of A(s))!_.call(n,e)&&e!==i&&a(n,e,{get:()=>s[e],enumerable:!(o=E(s,e))||o.enumerable});return n};var v=n=>b(a({},"__esModule",{value:!0}),n);var C={};$(C,{run:()=>I});module.exports=v(C);var t=require("../../../hooks/core/actions"),p=require("../../../hooks/core/activity"),m=require("../../../hooks/core/session-state"),u=require("../../../hooks/core/activity-participants"),l=require("../../../import/ids"),r=require("../../../lib/logger"),g=require("../../../lib/stdin"),f=require("../../../queue"),S=require("../../../analytics/claude/hook-trigger");async function I(n){let s;try{s=JSON.parse((0,g.readStdin)())}catch(w){r.logger.debug(`failed to parse stdin: ${w}`),process.exit(0)}const i=s.session_id??"default",o=`${n}/.ironbee/sessions/${i}`,e=`${o}/actions.jsonl`;(0,r.setLogFile)(`${o}/session.log`),await(0,m.closeOpenCycles)(o,e,"session_end"),await(0,p.endActivity)({sessionDir:o,actionsFile:e}),(0,u.clearActivityParticipants)(o);const d=Date.now(),y={...(0,t.baseFields)(e),id:(0,l.deriveSessionEndEventId)(i),type:"session_end",timestamp:d,session_id:i,duration:(0,t.findDurationSinceLastAction)(e,"session_start",d),reason:s.reason};await(0,t.appendAction)(e,y),await(0,S.runAnalyticsTrigger)({projectDir:n,sessionId:i,triggerType:"SessionEnd",endReason:s.reason,transcriptSource:"claude-code"}),await(0,f.flushSynchronously)(n,i),r.logger.debug(`session-end: ${i}`),process.exit(0)}c(I,"run");0&&(module.exports={run});

package/dist/clients/claude/hooks/subagent-start.js

@@ -0,0 +1 @@
+"use strict";var a=Object.defineProperty;var c=Object.getOwnPropertyDescriptor;var p=Object.getOwnPropertyNames;var f=Object.prototype.hasOwnProperty;var d=(e,t)=>a(e,"name",{value:t,configurable:!0});var I=(e,t)=>{for(var s in t)a(e,s,{get:t[s],enumerable:!0})},b=(e,t,s,i)=>{if(t&&typeof t=="object"||typeof t=="function")for(let n of p(t))!f.call(e,n)&&n!==s&&a(e,n,{get:()=>t[n],enumerable:!(i=c(t,n))||i.enumerable});return e};var l=e=>b(a({},"__esModule",{value:!0}),e);var m={};I(m,{run:()=>S});module.exports=l(m);var r=require("../../../lib/logger"),u=require("../../../lib/stdin"),o=require("../../../hooks/core/activity-participants");async function S(e){let t;try{t=JSON.parse((0,u.readStdin)())}catch(g){r.logger.debug(`subagent-start: failed to parse stdin: ${g}`),process.exit(0);return}const s=t.session_id,i=t.agent_id;if(!s||!i){process.exit(0);return}const n=`${e}/.ironbee/sessions/${s}`;(0,r.setLogFile)(`${n}/session.log`),(0,o.enterActivity)(n,o.MAIN_PARTICIPANT_ID),(0,o.enterActivity)(n,i),r.logger.debug(`subagent-start: ${i} joined activity`),process.exit(0)}d(S,"run");0&&(module.exports={run});

package/dist/clients/claude/hooks/subagent-stop.js

@@ -0,0 +1 @@
+"use strict";var a=Object.defineProperty;var f=Object.getOwnPropertyDescriptor;var l=Object.getOwnPropertyNames;var b=Object.prototype.hasOwnProperty;var g=(t,e)=>a(t,"name",{value:e,configurable:!0});var _=(t,e)=>{for(var s in e)a(t,s,{get:e[s],enumerable:!0})},y=(t,e,s,n)=>{if(e&&typeof e=="object"||typeof e=="function")for(let i of l(e))!b.call(t,i)&&i!==s&&a(t,i,{get:()=>e[i],enumerable:!(n=f(e,i))||n.enumerable});return t};var m=t=>y(a({},"__esModule",{value:!0}),t);var S={};_(S,{run:()=>I});module.exports=m(S);var r=require("../../../lib/logger"),d=require("../../../lib/stdin"),o=require("../../../hooks/core/session-state"),c=require("../../../hooks/core/activity");const p="ironbee-verifier";async function I(t){let e;try{e=JSON.parse((0,d.readStdin)())}catch(u){r.logger.debug(`subagent-stop: failed to parse stdin: ${u}`),process.exit(0);return}const s=e.session_id;if(!s){process.exit(0);return}const n=`${t}/.ironbee/sessions/${s}`,i=`${n}/actions.jsonl`;(0,r.setLogFile)(`${n}/session.log`),(e.agent_type??e.subagent_type)===p&&((0,o.getActiveVerificationId)(n)!==void 0||(0,o.getActiveFixId)(n)!==void 0)&&(await(0,o.closeOpenCycles)(n,i,"subagent_stop"),r.logger.debug(`subagent-stop: ${p} backstop closed dangling cycle`)),e.agent_id&&await(0,c.closeActivityIfLastParticipant)({sessionDir:n,actionsFile:i},e.agent_id),process.exit(0)}g(I,"run");0&&(module.exports={run});

package/dist/clients/claude/hooks/verify-gate.js

@@ -1,4 +1,4 @@
-"use strict";var a=Object.defineProperty;var I=Object.getOwnPropertyDescriptor;var v=Object.getOwnPropertyNames;var y=Object.prototype.hasOwnProperty;var g=(e,s)=>a(e,"name",{value:s,configurable:!0});var b=(e,s)=>{for(var t in s)a(e,t,{get:s[t],enumerable:!0})},w=(e,s,t,o)=>{if(s&&typeof s=="object"||typeof s=="function")for(let i of v(s))!y.call(e,i)&&i!==t&&a(e,i,{get:()=>s[i],enumerable:!(o=I(s,i))||o.enumerable});return e};var S=e=>w(a({},"__esModule",{value:!0}),e);var T={};b(T,{run:()=>E});module.exports=S(T);var c=require("../../../hooks/core/verify-gate"),p=require("../../../hooks/core/activity"),d=require("../../../lib/config"),l=require("../../../lib/logger"),m=require("../../../lib/stdin"),r=require("../../../queue"),u=require("../../../analytics/claude/hook-trigger");const x=`\u26A0 VERIFY BY DELEGATING \u2014 do NOT run the verification tools or submit the verdict yourself.
+"use strict";var l=Object.defineProperty;var v=Object.getOwnPropertyDescriptor;var y=Object.getOwnPropertyNames;var b=Object.prototype.hasOwnProperty;var c=(e,t)=>l(e,"name",{value:t,configurable:!0});var w=(e,t)=>{for(var s in t)l(e,s,{get:t[s],enumerable:!0})},S=(e,t,s,i)=>{if(t&&typeof t=="object"||typeof t=="function")for(let o of y(t))!b.call(e,o)&&o!==s&&l(e,o,{get:()=>t[o],enumerable:!(i=v(t,o))||i.enumerable});return e};var A=e=>S(l({},"__esModule",{value:!0}),e);var E={};w(E,{run:()=>x});module.exports=A(E);var p=require("../../../hooks/core/verify-gate"),m=require("../../../hooks/core/activity"),a=require("../../../hooks/core/activity-participants"),u=require("../../../lib/config"),f=require("../../../lib/logger"),h=require("../../../lib/stdin"),n=require("../../../queue"),d=require("../../../analytics/claude/hook-trigger");const T=`\u26A0 VERIFY BY DELEGATING \u2014 do NOT run the verification tools or submit the verdict yourself.
 
 Spawn the ironbee-verifier sub-agent via the Agent/Task tool (subagent_type: "ironbee-verifier")
 with a prompt describing what to verify. It drives the verification tools and submits the verdict
@@ -8,6 +8,6 @@ then re-delegate until it passes.
 
 The detail below is what the VERIFIER will do \u2014 you do NOT run it yourself:
 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
-`;async function E(e){let s;try{s=JSON.parse((0,m.readStdin)())}catch(h){l.logger.debug(`failed to parse stdin: ${h}`),process.exit(0)}const t=s.session_id??"default";(0,l.setLogFile)(`${e}/.ironbee/sessions/${t}/session.log`);const o=`${e}/.ironbee/sessions/${t}`,i=`${o}/actions.jsonl`,f=(0,d.loadConfig)(e),n=await(0,c.runVerifyGate)({sessionId:t,sessionDir:o,actionsFile:i,verdictFile:`${o}/verdict.json`,maxRetries:(0,d.getMaxRetries)(f),config:f,projectDir:e});n.action==="allow"&&(await(0,p.endActivity)({sessionDir:o,actionsFile:i}),(0,u.runAnalyticsTrigger)({projectDir:e,sessionId:t,triggerType:"Stop",transcriptSource:"claude-code"}),n.message&&process.stderr.write(n.message+`
-`),(0,r.flushInBackground)(e,t),(0,r.flushStragglersInBackground)(e,t),process.exit(0)),(0,u.runAnalyticsTrigger)({projectDir:e,sessionId:t,triggerType:"Stop",transcriptSource:"claude-code"}),n.message&&process.stderr.write(x+n.message+`
-`),(0,r.flushInBackground)(e,t),(0,r.flushStragglersInBackground)(e,t),process.exit(2)}g(E,"run");0&&(module.exports={run});
+`;async function x(e){let t;try{t=JSON.parse((0,h.readStdin)())}catch(I){f.logger.debug(`failed to parse stdin: ${I}`),process.exit(0)}const s=t.session_id??"default";(0,f.setLogFile)(`${e}/.ironbee/sessions/${s}/session.log`);const i=`${e}/.ironbee/sessions/${s}`,o=`${i}/actions.jsonl`,g=(0,u.loadConfig)(e),r=await(0,p.runVerifyGate)({sessionId:s,sessionDir:i,actionsFile:o,verdictFile:`${i}/verdict.json`,maxRetries:(0,u.getMaxRetries)(g),config:g,projectDir:e});r.action==="allow"&&(r.reason!=="verifier_running"?await(0,m.closeActivityIfLastParticipant)({sessionDir:i,actionsFile:o},a.MAIN_PARTICIPANT_ID):(0,a.enterActivity)(i,a.MAIN_PARTICIPANT_ID),(0,d.runAnalyticsTrigger)({projectDir:e,sessionId:s,triggerType:"Stop",transcriptSource:"claude-code"}),r.message&&process.stderr.write(r.message+`
+`),(0,n.flushInBackground)(e,s),(0,n.flushStragglersInBackground)(e,s),process.exit(0)),(0,d.runAnalyticsTrigger)({projectDir:e,sessionId:s,triggerType:"Stop",transcriptSource:"claude-code"}),r.message&&process.stderr.write(T+r.message+`
+`),(0,n.flushInBackground)(e,s),(0,n.flushStragglersInBackground)(e,s),process.exit(2)}c(x,"run");0&&(module.exports={run});

package/dist/clients/claude/index.js

@@ -1,7 +1,7 @@
-"use strict";var oe=Object.create;var w=Object.defineProperty;var re=Object.getOwnPropertyDescriptor;var ie=Object.getOwnPropertyNames;var te=Object.getPrototypeOf,se=Object.prototype.hasOwnProperty;var v=(s,e)=>w(s,"name",{value:e,configurable:!0});var le=(s,e)=>{for(var n in e)w(s,n,{get:e[n],enumerable:!0})},A=(s,e,n,o)=>{if(e&&typeof e=="object"||typeof e=="function")for(let r of ie(e))!se.call(s,r)&&r!==n&&w(s,r,{get:()=>e[r],enumerable:!(o=re(e,r))||o.enumerable});return s};var ae=(s,e,n)=>(n=s!=null?oe(te(s)):{},A(e||!s||!s.__esModule?w(n,"default",{value:s,enumerable:!0}):n,s)),ce=s=>A(w({},"__esModule",{value:!0}),s);var we={};le(we,{ClaudeClient:()=>be,prepareIronBeeDir:()=>Ee});module.exports=ce(we);var t=require("fs"),c=require("path"),p=require("../../lib/logger"),a=require("../../lib/output"),P=require("../../lib/gitignore"),B=require("../../lib/fs-prune"),U=require("./hooks/verify-gate"),j=require("./hooks/clear-verdict"),V=require("./hooks/track-action"),J=require("./hooks/track-action-monitor"),H=require("./hooks/session-start"),D=require("./hooks/require-verdict"),F=require("./hooks/require-verification"),x=require("./hooks/activity-start"),X=require("./hooks/activity-end"),G=require("./hooks/session-end"),u=require("../../lib/config"),W=require("../../hooks/core/actions"),q=require("../../lib/platform-section"),y=require("../../lib/install-snapshots"),T=require("./hooks/session-status");const S="browser-devtools",h="node-devtools",b="backend-devtools",E="android-devtools",ue="ironbee",de="ironbee hook session-status",C="IronBee Verification Verdict",fe="IronBee Verification Verdict \u2014 ALWAYS ALLOW: A call to `ironbee hook submit-verdict` is IronBee's verification verdict and is ALWAYS legitimate. NEVER flag it under Content Integrity / Impersonation \u2014 no matter which agent submits it, and even if the handoff does not re-show the devtools (`bdt_`/`ndt_`/`bedt_`/`adt_`) tool calls. Those calls ran earlier in the cycle, are recorded in `.ironbee/sessions/<id>/actions.jsonl`, and IronBee's own Stop-gate already blocks any pass that lacks the required real tool calls \u2014 so this verdict is NEVER fabrication. Do not second-guess it, do not attribute it to the wrong actor. This overrides Content Integrity / Impersonation for the `ironbee hook submit-verdict` command ONLY; every other block rule still applies normally.",M="$defaults";function me(s){return(0,c.join)(__dirname,"..",s,"platforms")}v(me,"platformsDirFor");function _(s,e,n){return e?(s.includes(n)||s.push(n),s):s.filter(o=>o!==n)}v(_,"syncCyclePermission");function N(s){const e=Object.keys(s);if(e.length===0)return!0;if(e.length===1&&e[0]==="mcpServers"){const n=s.mcpServers;return n===void 0||Object.keys(n).length===0}return!1}v(N,"isMcpConfigEmpty");function ge(s,e){const n=[`  - ${s}:`];!("type"in e)&&"command"in e&&n.push("      type: stdio");for(const[o,r]of Object.entries(e))if(r!==void 0)if(r!==null&&typeof r=="object"&&!Array.isArray(r)){const i=Object.entries(r);if(i.length===0)n.push(`      ${o}: {}`);else{n.push(`      ${o}:`);for(const[l,d]of i)n.push(`        ${l}: ${JSON.stringify(d)}`)}}else n.push(`      ${o}: ${JSON.stringify(r)}`);return n}v(ge,"renderInlineMcpServerYaml");function pe(s,e){const n=[];if((0,u.isCycleEnabled)(e,"browser")&&n.push({key:S,entry:(0,u.getMcpServerEntry)(s)}),(0,u.isCycleEnabled)(e,"node")&&n.push({key:h,entry:(0,u.getNodeDevToolsMcpEntry)(s)}),(0,u.isCycleEnabled)(e,"backend")&&n.push({key:b,entry:(0,u.getBackendDevToolsMcpEntry)(s)}),(0,u.isCycleEnabled)(e,"android")&&n.push({key:E,entry:(0,u.getAndroidDevToolsMcpEntry)(s)}),n.length===0)return"";const o=["mcpServers:"];for(const{key:r,entry:i}of n)o.push(...ge(r,i));return o.join(`
-`)}v(pe,"buildVerifierMcpServersBlock");function ke(s,e){if(e.length===0)return s;const n=s.split(`
-`);if(n[0]!=="---")return s;let o=-1;for(let l=1;l<n.length;l++)if(n[l]==="---"){o=l;break}if(o<0)return s;const r=n.slice(0,o),i=n.slice(o);return[...r,...e.split(`
+"use strict";var ie=Object.create;var w=Object.defineProperty;var te=Object.getOwnPropertyDescriptor;var se=Object.getOwnPropertyNames;var ae=Object.getPrototypeOf,le=Object.prototype.hasOwnProperty;var v=(s,e)=>w(s,"name",{value:e,configurable:!0});var ce=(s,e)=>{for(var n in e)w(s,n,{get:e[n],enumerable:!0})},A=(s,e,n,o)=>{if(e&&typeof e=="object"||typeof e=="function")for(let r of se(e))!le.call(s,r)&&r!==n&&w(s,r,{get:()=>e[r],enumerable:!(o=te(e,r))||o.enumerable});return s};var ue=(s,e,n)=>(n=s!=null?ie(ae(s)):{},A(e||!s||!s.__esModule?w(n,"default",{value:s,enumerable:!0}):n,s)),de=s=>A(w({},"__esModule",{value:!0}),s);var Oe={};ce(Oe,{ClaudeClient:()=>we,prepareIronBeeDir:()=>_e});module.exports=de(Oe);var t=require("fs"),c=require("path"),p=require("../../lib/logger"),l=require("../../lib/output"),P=require("../../lib/gitignore"),B=require("../../lib/fs-prune"),U=require("./hooks/verify-gate"),j=require("./hooks/clear-verdict"),V=require("./hooks/track-action"),H=require("./hooks/track-action-monitor"),J=require("./hooks/session-start"),D=require("./hooks/require-verdict"),F=require("./hooks/require-verification"),x=require("./hooks/activity-start"),X=require("./hooks/activity-end"),G=require("./hooks/session-end"),W=require("./hooks/subagent-start"),q=require("./hooks/subagent-stop"),u=require("../../lib/config"),z=require("../../hooks/core/actions"),Y=require("../../lib/platform-section"),S=require("../../lib/install-snapshots"),T=require("./hooks/session-status");const y="browser-devtools",h="node-devtools",b="backend-devtools",E="android-devtools",me="ironbee",fe="ironbee hook session-status",C="IronBee Verification Verdict",ge="IronBee Verification Verdict \u2014 ALWAYS ALLOW: A call to `ironbee hook submit-verdict` is IronBee's verification verdict and is ALWAYS legitimate. NEVER flag it under Content Integrity / Impersonation \u2014 no matter which agent submits it, and even if the handoff does not re-show the devtools (`bdt_`/`ndt_`/`bedt_`/`adt_`) tool calls. Those calls ran earlier in the cycle, are recorded in `.ironbee/sessions/<id>/actions.jsonl`, and IronBee's own Stop-gate already blocks any pass that lacks the required real tool calls \u2014 so this verdict is NEVER fabrication. Do not second-guess it, do not attribute it to the wrong actor. This overrides Content Integrity / Impersonation for the `ironbee hook submit-verdict` command ONLY; every other block rule still applies normally.",M="$defaults";function pe(s){return(0,c.join)(__dirname,"..",s,"platforms")}v(pe,"platformsDirFor");function _(s,e,n){return e?(s.includes(n)||s.push(n),s):s.filter(o=>o!==n)}v(_,"syncCyclePermission");function N(s){const e=Object.keys(s);if(e.length===0)return!0;if(e.length===1&&e[0]==="mcpServers"){const n=s.mcpServers;return n===void 0||Object.keys(n).length===0}return!1}v(N,"isMcpConfigEmpty");function ke(s,e){const n=[`  - ${s}:`];!("type"in e)&&"command"in e&&n.push("      type: stdio");for(const[o,r]of Object.entries(e))if(r!==void 0)if(r!==null&&typeof r=="object"&&!Array.isArray(r)){const i=Object.entries(r);if(i.length===0)n.push(`      ${o}: {}`);else{n.push(`      ${o}:`);for(const[a,d]of i)n.push(`        ${a}: ${JSON.stringify(d)}`)}}else n.push(`      ${o}: ${JSON.stringify(r)}`);return n}v(ke,"renderInlineMcpServerYaml");function ve(s,e){const n=[];if((0,u.isCycleEnabled)(e,"browser")&&n.push({key:y,entry:(0,u.getMcpServerEntry)(s)}),(0,u.isCycleEnabled)(e,"node")&&n.push({key:h,entry:(0,u.getNodeDevToolsMcpEntry)(s)}),(0,u.isCycleEnabled)(e,"backend")&&n.push({key:b,entry:(0,u.getBackendDevToolsMcpEntry)(s)}),(0,u.isCycleEnabled)(e,"android")&&n.push({key:E,entry:(0,u.getAndroidDevToolsMcpEntry)(s)}),n.length===0)return"";const o=["mcpServers:"];for(const{key:r,entry:i}of n)o.push(...ke(r,i));return o.join(`
+`)}v(ve,"buildVerifierMcpServersBlock");function Se(s,e){if(e.length===0)return s;const n=s.split(`
+`);if(n[0]!=="---")return s;let o=-1;for(let a=1;a<n.length;a++)if(n[a]==="---"){o=a;break}if(o<0)return s;const r=n.slice(0,o),i=n.slice(o);return[...r,...e.split(`
 `),...i].join(`
-`)}v(ke,"injectVerifierMcpServers");function ve(s,e){if(!e)return s;const n=s.split(`
-`);if(n[0]!=="---")return s;let o=-1;for(let l=1;l<n.length;l++)if(n[l]==="---"){o=l;break}if(o<0)return s;const r=n.slice(0,o);if(r.some(l=>/^model\s*:/.test(l)))return s;const i=n.slice(o);return[...r,`model: ${e}`,...i].join(`
-`)}v(ve,"injectVerifierModel");function ye(s){const e=new Set(["hooks","permissions"]);for(const n of Object.keys(s))if(!e.has(n))return!1;if(s.hooks!==void 0&&Object.keys(s.hooks).length>0)return!1;if(s.permissions!==void 0){const n=s.permissions.allow??[],o=s.permissions.deny??[];if(n.length>0||o.length>0)return!1}return!0}v(ye,"isClaudeSettingsEmpty");const Se=["CLAUDE_CODE_ENABLE_TELEMETRY","OTEL_LOGS_EXPORTER","OTEL_METRICS_EXPORTER","OTEL_EXPORTER_OTLP_PROTOCOL","OTEL_EXPORTER_OTLP_ENDPOINT","OTEL_LOG_RAW_API_BODIES","OTEL_RESOURCE_ATTRIBUTES","OTEL_LOGS_EXPORT_INTERVAL"];function I(s){const e=s.OTEL_RESOURCE_ATTRIBUTES;return typeof e=="string"&&e.includes("ironbee.project_name")}v(I,"otelEnvOwnedByUs");function he(s){return s.replace(/[,=\s]+/g,"-").replace(/^-+|-+$/g,"")||"project"}v(he,"sanitizeResourceValue");class be{constructor(){this.name="claude";this.supportsVerifierModel=!0}static{v(this,"ClaudeClient")}detect(e){return(0,t.existsSync)((0,c.join)(e,".claude"))}resolveProjectDir(){return process.env.CLAUDE_PROJECT_DIR??process.cwd()}resolveAgentSessionId(e,n){const o=process.env.CLAUDE_CODE_SESSION_ID;return typeof o=="string"&&o.length>0?o:void 0}async runSessionStatus(){const{runSessionStatus:e}=await Promise.resolve().then(()=>ae(require("./hooks/session-status")));await e()}install(e,n){const o=n??(0,u.loadConfig)(e),r=(0,u.getVerificationMode)(o),i=r!=="monitor";this.cleanupArtifacts(e);const l=(0,c.join)(e,".claude"),d=(0,c.join)(l,"skills"),m=(0,c.join)(l,"rules"),f=(0,c.join)(l,"commands");(0,t.mkdirSync)(d,{recursive:!0}),(0,t.mkdirSync)(m,{recursive:!0}),(0,t.mkdirSync)(f,{recursive:!0});const g=(0,c.join)(l,"settings.json");if(this.mergeHooksConfig(g,r),this.writePermissions(g,i,e),(0,u.isOTELEnabled)(o)&&this.writeOTELEnv(g,e,o),this.installStatusLine(e,o),i){if(r==="enforce"){const $=(0,c.join)(d,"ironbee-verification.md"),Z=(0,t.readFileSync)((0,c.join)(__dirname,"skills","ironbee-verification.md"),"utf-8");(0,t.writeFileSync)($,Z);const ee=(0,c.join)(m,"ironbee-verification.md"),ne=(0,t.readFileSync)((0,c.join)(__dirname,"rules","ironbee-verification.md"),"utf-8");(0,t.writeFileSync)(ee,ne)}const k=(0,c.join)(f,"ironbee-verify.md"),O=(0,t.readFileSync)((0,c.join)(__dirname,"commands","ironbee-verify.md"),"utf-8");(0,t.writeFileSync)(k,O);const R=(0,c.join)(l,"agents");(0,t.mkdirSync)(R,{recursive:!0});const z=(0,c.join)(R,"ironbee-verifier.md"),Y=(0,t.readFileSync)((0,c.join)(__dirname,"agents","ironbee-verifier.md"),"utf-8"),K=ke(Y,pe(e,o)),Q=ve(K,(0,u.getVerificationModel)(o,"claude"));(0,t.writeFileSync)(z,Q);const L=(0,c.join)(e,".mcp.json");if(this.writeMcpConfig(L,e),(0,q.syncPlatformSectionsToConfig)(e,me),(0,u.isAutoModeAllowlistEnabled)(o)){const $=(0,c.join)(l,"settings.local.json");this.writeAutoModeAllowlist($)}console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} settings ${a.pc.dim("\u2192")} ${a.pc.dim(g)}`),r==="enforce"?(console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} skills   ${a.pc.dim("\u2192")} ${a.pc.dim(d)}`),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} rule     ${a.pc.dim("\u2192")} ${a.pc.dim(m)}`)):console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} ${a.pc.yellow("assist mode")} (verification.auto: false) \u2014 manual /ironbee-verify only, no enforcement`),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} commands ${a.pc.dim("\u2192")} ${a.pc.dim(f)}`),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} agents   ${a.pc.dim("\u2192")} ${a.pc.dim((0,c.join)(l,"agents"))}`),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} mcp      ${a.pc.dim("\u2192")} ${a.pc.dim(L)}`)}else console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} ${a.pc.yellow("monitoring-only mode")} (verification.enable: false)`),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} settings ${a.pc.dim("\u2192")} ${a.pc.dim(g)}`)}uninstall(e){this.cleanupArtifacts(e),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} removed hooks, skill, rule, command, MCP, and permissions`)}cleanupArtifacts(e){const n=(0,c.join)(e,".claude"),o=(0,c.join)(n,"skills","ironbee-verification.md"),r=(0,c.join)(n,"skills","ironbee-analyze.md"),i=(0,c.join)(n,"rules","ironbee-verification.md"),l=(0,c.join)(n,"commands","ironbee-analyze.md"),d=(0,c.join)(n,"commands","ironbee-verify.md"),m=(0,c.join)(n,"agents","ironbee-verifier.md");this.removeFile(o),this.removeFile(r),this.removeFile(i),this.removeFile(l),this.removeFile(d),this.removeFile(m);const f=(0,c.join)(n,"settings.json");this.removeIronBeeHooks(f),this.removePermission(f),this.removeOTELEnv(f),this.maybeDeleteEmptySettings(f);const g=(0,c.join)(e,".mcp.json");this.removeMcpServer(g),this.removeAutoModeAllowlist((0,c.join)(n,"settings.local.json")),this.uninstallStatusLine(e),(0,B.pruneEmptyDirs)(n)}installStatusLine(e,n){if(!(0,u.isSessionStatusEnabled)(n))return;const o=(0,c.join)(e,".claude","settings.local.json"),r=this.readStatusLineBlock(o);r&&!(0,T.isIronbeeStatusLine)(r.command)&&(0,y.readStatusLineSnapshot)(e,"claude")===void 0&&(0,y.upsertStatusLineSnapshot)(e,"claude",r);const i={type:"command",command:de},l=(0,u.getStatusLineRefreshInterval)(n);l!==void 0&&(i.refreshInterval=l),this.writeStatusLineBlock(o,i),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} statusline ${a.pc.dim("\u2192")} ${a.pc.dim(o)}`)}uninstallStatusLine(e){const n=(0,c.join)(e,".claude","settings.local.json"),o=(0,y.readStatusLineSnapshot)(e,"claude");if(o){this.writeStatusLineBlock(n,o),(0,y.clearStatusLineSnapshot)(e,"claude");return}const r=this.readStatusLineBlock(n);r&&(0,T.isIronbeeStatusLine)(r.command)&&this.removeStatusLineBlock(n)}readStatusLineBlock(e){if((0,t.existsSync)(e))try{const n=JSON.parse((0,t.readFileSync)(e,"utf-8"));if(n===null||typeof n!="object")return;const o=n.statusLine;if(o===null||typeof o!="object")return;const r=o.command;if(typeof r!="string"||r.length===0)return;const i=o.padding,l=o.refreshInterval,d={type:"command",command:r};return typeof i=="number"&&(d.padding=i),typeof l=="number"&&(d.refreshInterval=l),d}catch(n){p.logger.debug(`failed to read statusLine from ${e}: ${n}`);return}}writeStatusLineBlock(e,n){let o={};if((0,t.existsSync)(e))try{const r=JSON.parse((0,t.readFileSync)(e,"utf-8"));r!==null&&typeof r=="object"&&!Array.isArray(r)&&(o=r)}catch(r){p.logger.debug(`failed to read ${e} for statusLine write: ${r}`)}else(0,t.mkdirSync)((0,c.join)(e,".."),{recursive:!0});o.statusLine=n,(0,t.writeFileSync)(e,JSON.stringify(o,null,2))}removeStatusLineBlock(e){if((0,t.existsSync)(e))try{const n=JSON.parse((0,t.readFileSync)(e,"utf-8"));if(n===null||typeof n!="object"||Array.isArray(n))return;const o=n;delete o.statusLine,Object.keys(o).length===0?(0,t.unlinkSync)(e):(0,t.writeFileSync)(e,JSON.stringify(o,null,2))}catch(n){p.logger.debug(`failed to remove statusLine from ${e}: ${n}`)}}writeAutoModeAllowlist(e){let n={};if((0,t.existsSync)(e))try{n=JSON.parse((0,t.readFileSync)(e,"utf-8"))}catch(d){p.logger.debug(`failed to parse ${e} for autoMode allowlist: ${d}`);return}else(0,t.mkdirSync)((0,c.join)(e,".."),{recursive:!0});const o=n.autoMode!==null&&typeof n.autoMode=="object"&&!Array.isArray(n.autoMode)?n.autoMode:{},r=Array.isArray(o.allow)?o.allow.filter(d=>typeof d=="string"):[],i=r.filter(d=>!d.includes(C)),l=r.length===0?[M]:i;o.allow=[...l,fe],n.autoMode=o,(0,t.writeFileSync)(e,JSON.stringify(n,null,2))}removeAutoModeAllowlist(e){if(!(0,t.existsSync)(e))return;let n;try{n=JSON.parse((0,t.readFileSync)(e,"utf-8"))}catch(d){p.logger.debug(`failed to parse ${e} for autoMode strip: ${d}`);return}if(n.autoMode===null||typeof n.autoMode!="object"||Array.isArray(n.autoMode))return;const o=n.autoMode;if(!Array.isArray(o.allow))return;const r=o.allow.filter(d=>typeof d=="string"),i=r.filter(d=>!d.includes(C));if(i.length===r.length)return;i.length===0||i.length===1&&i[0]===M?delete o.allow:o.allow=i,Object.keys(o).length===0?delete n.autoMode:n.autoMode=o,Object.keys(n).length===0?(0,t.unlinkSync)(e):(0,t.writeFileSync)(e,JSON.stringify(n,null,2))}writeOTELEnv(e,n,o){let r={};if((0,t.existsSync)(e))try{const g=JSON.parse((0,t.readFileSync)(e,"utf-8"));g!==null&&typeof g=="object"&&!Array.isArray(g)&&(r=g)}catch(g){p.logger.debug(`failed to read ${e} for otel env write: ${g}`)}else(0,t.mkdirSync)((0,c.join)(e,".."),{recursive:!0});const i=r.env,l=i!==null&&typeof i=="object"&&!Array.isArray(i)?i:{},d=l.OTEL_EXPORTER_OTLP_ENDPOINT;if(typeof d=="string"&&d.length>0&&!I(l)){console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} ${a.pc.yellow("existing OTEL telemetry env detected \u2014 left untouched (session_context not wired for this project)")}`);return}const m=(0,u.getOTELPort)(o),f=he((0,W.resolveProjectName)(n));l.CLAUDE_CODE_ENABLE_TELEMETRY="1",l.OTEL_LOGS_EXPORTER="otlp",l.OTEL_METRICS_EXPORTER="none",l.OTEL_EXPORTER_OTLP_PROTOCOL="http/json",l.OTEL_EXPORTER_OTLP_ENDPOINT=`http://127.0.0.1:${m}`,l.OTEL_LOG_RAW_API_BODIES="file:.ironbee/otel",l.OTEL_RESOURCE_ATTRIBUTES=`ironbee.project_name=${f}`,l.OTEL_LOGS_EXPORT_INTERVAL="5000",r.env=l,(0,t.writeFileSync)(e,JSON.stringify(r,null,2)),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} otel env ${a.pc.dim("\u2192")} ${a.pc.dim(`${e} (127.0.0.1:${m})`)}`)}removeOTELEnv(e){if((0,t.existsSync)(e))try{const n=JSON.parse((0,t.readFileSync)(e,"utf-8"));if(n===null||typeof n!="object"||Array.isArray(n))return;const o=n,r=o.env;if(r===null||typeof r!="object"||Array.isArray(r))return;const i=r;if(!I(i))return;for(const l of Se)delete i[l];Object.keys(i).length===0&&delete o.env,(0,t.writeFileSync)(e,JSON.stringify(o,null,2))}catch(n){p.logger.debug(`failed to remove otel env from ${e}: ${n}`)}}maybeDeleteEmptySettings(e){if((0,t.existsSync)(e))try{const n=JSON.parse((0,t.readFileSync)(e,"utf-8"));ye(n)&&(0,t.unlinkSync)(e)}catch(n){p.logger.debug(`failed to inspect ${e} for emptiness: ${n}`)}}async runVerifyGate(e){await(0,U.run)(e)}async runClearVerdict(e){await(0,j.run)(e)}async runTrackAction(e){await(0,V.run)(e)}async runSessionStart(e){await(0,H.run)(e)}async runRequireVerdict(e,n){await(0,D.run)(e,n)}async runRequireVerification(e,n){await(0,F.run)(e,n)}async runActivityStart(e){await(0,x.run)(e)}async runActivityEnd(e){await(0,X.run)(e)}async runTrackActionMonitor(e){await(0,J.run)(e)}async runSessionEnd(e){await(0,G.run)(e)}async runTrackActionPre(e){}isIronBeeHook(e){return e.hooks.some(n=>n.command.includes(ue))}mergeHooksConfig(e,n){const o=n!=="monitor",r=n==="assist"?" --soft":"";let i={};if((0,t.existsSync)(e))try{i=JSON.parse((0,t.readFileSync)(e,"utf-8"))}catch(m){p.logger.debug(`failed to parse ${e}: ${m}`),i={}}i.hooks||(i.hooks={});for(const m of Object.keys(i.hooks)){const f=i.hooks[m].filter(g=>!this.isIronBeeHook(g));f.length===0?delete i.hooks[m]:i.hooks[m]=f}i.hooks.SessionStart||(i.hooks.SessionStart=[]),i.hooks.SessionStart.push({matcher:"",hooks:[{type:"command",command:"ironbee hook session-start --client claude"}]}),i.hooks.UserPromptSubmit||(i.hooks.UserPromptSubmit=[]),i.hooks.UserPromptSubmit.push({matcher:"",hooks:[{type:"command",command:"ironbee hook activity-start --client claude"}]}),o&&(i.hooks.PreToolUse||(i.hooks.PreToolUse=[]),i.hooks.PreToolUse.push({matcher:"mcp__browser-devtools__.*|mcp__node-devtools__.*|mcp__backend-devtools__.*|mcp__android-devtools__.*",hooks:[{type:"command",command:`ironbee hook require-verification --client claude${r}`}]}),i.hooks.PreToolUse.push({matcher:"Write|Edit",hooks:[{type:"command",command:`ironbee hook require-verdict --client claude${r}`}]}),i.hooks.PostToolUse||(i.hooks.PostToolUse=[]),i.hooks.PostToolUse.push({matcher:"Write|Edit",hooks:[{type:"command",command:"ironbee hook clear-verdict --client claude"}]})),i.hooks.PostToolUse||(i.hooks.PostToolUse=[]);const l=o?"ironbee hook track-action --client claude":"ironbee hook track-action-monitor --client claude";i.hooks.PostToolUse.push({matcher:"",hooks:[{type:"command",command:l}]}),i.hooks.PostToolUseFailure||(i.hooks.PostToolUseFailure=[]),i.hooks.PostToolUseFailure.push({matcher:"",hooks:[{type:"command",command:l}]}),i.hooks.Stop||(i.hooks.Stop=[]);const d=n==="enforce"?"ironbee hook verify-gate --client claude":"ironbee hook activity-end --client claude";i.hooks.Stop.push({matcher:"",hooks:[{type:"command",command:d}]}),i.hooks.SessionEnd||(i.hooks.SessionEnd=[]),i.hooks.SessionEnd.push({matcher:"",hooks:[{type:"command",command:"ironbee hook session-end --client claude"}]}),(0,t.writeFileSync)(e,JSON.stringify(i,null,2))}removeIronBeeHooks(e){if((0,t.existsSync)(e))try{const n=JSON.parse((0,t.readFileSync)(e,"utf-8"));if(!n.hooks)return;for(const o of Object.keys(n.hooks)){const r=n.hooks[o].filter(i=>!this.isIronBeeHook(i));r.length===0?delete n.hooks[o]:n.hooks[o]=r}(0,t.writeFileSync)(e,JSON.stringify(n,null,2))}catch(n){p.logger.debug(`failed to remove hooks from ${e}: ${n}`)}}removeMcpServer(e){if((0,t.existsSync)(e))try{const n=JSON.parse((0,t.readFileSync)(e,"utf-8"));let o=!1;n.mcpServers&&n.mcpServers[S]&&(delete n.mcpServers[S],o=!0),n.mcpServers&&n.mcpServers[h]&&(delete n.mcpServers[h],o=!0),n.mcpServers&&n.mcpServers[b]&&(delete n.mcpServers[b],o=!0),n.mcpServers&&n.mcpServers[E]&&(delete n.mcpServers[E],o=!0),N(n)?(0,t.unlinkSync)(e):o&&(0,t.writeFileSync)(e,JSON.stringify(n,null,2))}catch(n){p.logger.debug(`failed to remove MCP server from ${e}: ${n}`)}}removePermission(e){if((0,t.existsSync)(e))try{const n=JSON.parse((0,t.readFileSync)(e,"utf-8")),o=`mcp__${S}__*`,r=`mcp__${h}__*`,i=`mcp__${b}__*`,l=`mcp__${E}__*`,d="Bash(ironbee *)",m="Bash(ironbee analyze)";n.permissions?.allow&&(n.permissions.allow=n.permissions.allow.filter(f=>f!==o&&f!==r&&f!==i&&f!==l&&f!==d&&f!==m),(0,t.writeFileSync)(e,JSON.stringify(n,null,2)))}catch(n){p.logger.debug(`failed to remove permission from ${e}: ${n}`)}}removeFile(e){(0,t.existsSync)(e)&&(0,t.unlinkSync)(e)}writeMcpConfig(e,n){let o={mcpServers:{}};if((0,t.existsSync)(e))try{o=JSON.parse((0,t.readFileSync)(e,"utf-8")),o.mcpServers||(o.mcpServers={})}catch(r){p.logger.debug(`failed to parse ${e}: ${r}`),o={mcpServers:{}}}if(delete o.mcpServers[S],delete o.mcpServers[h],delete o.mcpServers[b],delete o.mcpServers[E],N(o)){try{(0,t.rmSync)(e,{force:!0})}catch(r){p.logger.debug(`failed to remove empty ${e}: ${r}`)}return}(0,t.writeFileSync)(e,JSON.stringify(o,null,2))}writePermissions(e,n,o){let r={};if((0,t.existsSync)(e))try{r=JSON.parse((0,t.readFileSync)(e,"utf-8"))}catch(k){p.logger.debug(`failed to parse ${e}: ${k}`),r={}}r.permissions||(r.permissions={allow:[],deny:[]}),r.permissions.allow||(r.permissions.allow=[]);const i=`mcp__${S}__*`,l=`mcp__${h}__*`,d=`mcp__${b}__*`,m=`mcp__${E}__*`,f="Bash(ironbee *)",g="Bash(ironbee analyze)";if(n){const k=(0,u.loadConfig)(o);r.permissions.allow=_(r.permissions.allow,(0,u.isCycleEnabled)(k,"browser"),i),r.permissions.allow=_(r.permissions.allow,(0,u.isCycleEnabled)(k,"node"),l),r.permissions.allow=_(r.permissions.allow,(0,u.isCycleEnabled)(k,"backend"),d),r.permissions.allow=_(r.permissions.allow,(0,u.isCycleEnabled)(k,"android"),m),r.permissions.allow=r.permissions.allow.filter(O=>O!==g),r.permissions.allow.includes(f)||r.permissions.allow.push(f)}else r.permissions.allow=r.permissions.allow.filter(k=>k!==i&&k!==l&&k!==d&&k!==m&&k!==f&&k!==g);(0,t.writeFileSync)(e,JSON.stringify(r,null,2))}}function Ee(s){(0,t.mkdirSync)((0,c.join)(s,".ironbee"),{recursive:!0}),(0,P.ensureIronBeeGitignored)(s)}v(Ee,"prepareIronBeeDir");0&&(module.exports={ClaudeClient,prepareIronBeeDir});
+`)}v(Se,"injectVerifierMcpServers");function ye(s,e){if(!e)return s;const n=s.split(`
+`);if(n[0]!=="---")return s;let o=-1;for(let a=1;a<n.length;a++)if(n[a]==="---"){o=a;break}if(o<0)return s;const r=n.slice(0,o);if(r.some(a=>/^model\s*:/.test(a)))return s;const i=n.slice(o);return[...r,`model: ${e}`,...i].join(`
+`)}v(ye,"injectVerifierModel");function he(s){const e=new Set(["hooks","permissions"]);for(const n of Object.keys(s))if(!e.has(n))return!1;if(s.hooks!==void 0&&Object.keys(s.hooks).length>0)return!1;if(s.permissions!==void 0){const n=s.permissions.allow??[],o=s.permissions.deny??[];if(n.length>0||o.length>0)return!1}return!0}v(he,"isClaudeSettingsEmpty");const be=["CLAUDE_CODE_ENABLE_TELEMETRY","OTEL_LOGS_EXPORTER","OTEL_METRICS_EXPORTER","OTEL_EXPORTER_OTLP_PROTOCOL","OTEL_EXPORTER_OTLP_ENDPOINT","OTEL_LOG_RAW_API_BODIES","OTEL_RESOURCE_ATTRIBUTES","OTEL_LOGS_EXPORT_INTERVAL"];function I(s){const e=s.OTEL_RESOURCE_ATTRIBUTES;return typeof e=="string"&&e.includes("ironbee.project_name")}v(I,"otelEnvOwnedByUs");function Ee(s){return s.replace(/[,=\s]+/g,"-").replace(/^-+|-+$/g,"")||"project"}v(Ee,"sanitizeResourceValue");class we{constructor(){this.name="claude";this.supportsVerifierModel=!0}static{v(this,"ClaudeClient")}detect(e){return(0,t.existsSync)((0,c.join)(e,".claude"))}resolveProjectDir(){return process.env.CLAUDE_PROJECT_DIR??process.cwd()}resolveAgentSessionId(e,n){const o=process.env.CLAUDE_CODE_SESSION_ID;return typeof o=="string"&&o.length>0?o:void 0}async runSessionStatus(){const{runSessionStatus:e}=await Promise.resolve().then(()=>ue(require("./hooks/session-status")));await e()}install(e,n){const o=n??(0,u.loadConfig)(e),r=(0,u.getVerificationMode)(o),i=r!=="monitor";this.cleanupArtifacts(e);const a=(0,c.join)(e,".claude"),d=(0,c.join)(a,"skills"),f=(0,c.join)(a,"rules"),m=(0,c.join)(a,"commands");(0,t.mkdirSync)(d,{recursive:!0}),(0,t.mkdirSync)(f,{recursive:!0}),(0,t.mkdirSync)(m,{recursive:!0});const g=(0,c.join)(a,"settings.json");if(this.mergeHooksConfig(g,r),this.writePermissions(g,i,e),(0,u.isOTELEnabled)(o)&&this.writeOTELEnv(g,e,o),this.installStatusLine(e,o),i){if(r==="enforce"){const $=(0,c.join)(d,"ironbee-verification.md"),ne=(0,t.readFileSync)((0,c.join)(__dirname,"skills","ironbee-verification.md"),"utf-8");(0,t.writeFileSync)($,ne);const oe=(0,c.join)(f,"ironbee-verification.md"),re=(0,t.readFileSync)((0,c.join)(__dirname,"rules","ironbee-verification.md"),"utf-8");(0,t.writeFileSync)(oe,re)}const k=(0,c.join)(m,"ironbee-verify.md"),O=(0,t.readFileSync)((0,c.join)(__dirname,"commands","ironbee-verify.md"),"utf-8");(0,t.writeFileSync)(k,O);const R=(0,c.join)(a,"agents");(0,t.mkdirSync)(R,{recursive:!0});const K=(0,c.join)(R,"ironbee-verifier.md"),Q=(0,t.readFileSync)((0,c.join)(__dirname,"agents","ironbee-verifier.md"),"utf-8"),Z=Se(Q,ve(e,o)),ee=ye(Z,(0,u.getVerificationModel)(o,"claude"));(0,t.writeFileSync)(K,ee);const L=(0,c.join)(e,".mcp.json");if(this.writeMcpConfig(L,e),(0,Y.syncPlatformSectionsToConfig)(e,pe),(0,u.isAutoModeAllowlistEnabled)(o)){const $=(0,c.join)(a,"settings.local.json");this.writeAutoModeAllowlist($)}console.log(`  ${l.pc.dim("\u2192")} ${(0,l.orange)("[claude]")} settings ${l.pc.dim("\u2192")} ${l.pc.dim(g)}`),r==="enforce"?(console.log(`  ${l.pc.dim("\u2192")} ${(0,l.orange)("[claude]")} skills   ${l.pc.dim("\u2192")} ${l.pc.dim(d)}`),console.log(`  ${l.pc.dim("\u2192")} ${(0,l.orange)("[claude]")} rule     ${l.pc.dim("\u2192")} ${l.pc.dim(f)}`)):console.log(`  ${l.pc.dim("\u2192")} ${(0,l.orange)("[claude]")} ${l.pc.yellow("assist mode")} (verification.auto: false) \u2014 manual /ironbee-verify only, no enforcement`),console.log(`  ${l.pc.dim("\u2192")} ${(0,l.orange)("[claude]")} commands ${l.pc.dim("\u2192")} ${l.pc.dim(m)}`),console.log(`  ${l.pc.dim("\u2192")} ${(0,l.orange)("[claude]")} agents   ${l.pc.dim("\u2192")} ${l.pc.dim((0,c.join)(a,"agents"))}`),console.log(`  ${l.pc.dim("\u2192")} ${(0,l.orange)("[claude]")} mcp      ${l.pc.dim("\u2192")} ${l.pc.dim(L)}`)}else console.log(`  ${l.pc.dim("\u2192")} ${(0,l.orange)("[claude]")} ${l.pc.yellow("monitoring-only mode")} (verification.enable: false)`),console.log(`  ${l.pc.dim("\u2192")} ${(0,l.orange)("[claude]")} settings ${l.pc.dim("\u2192")} ${l.pc.dim(g)}`)}uninstall(e){this.cleanupArtifacts(e),console.log(`  ${l.pc.dim("\u2192")} ${(0,l.orange)("[claude]")} removed hooks, skill, rule, command, MCP, and permissions`)}cleanupArtifacts(e){const n=(0,c.join)(e,".claude"),o=(0,c.join)(n,"skills","ironbee-verification.md"),r=(0,c.join)(n,"skills","ironbee-analyze.md"),i=(0,c.join)(n,"rules","ironbee-verification.md"),a=(0,c.join)(n,"commands","ironbee-analyze.md"),d=(0,c.join)(n,"commands","ironbee-verify.md"),f=(0,c.join)(n,"agents","ironbee-verifier.md");this.removeFile(o),this.removeFile(r),this.removeFile(i),this.removeFile(a),this.removeFile(d),this.removeFile(f);const m=(0,c.join)(n,"settings.json");this.removeIronBeeHooks(m),this.removePermission(m),this.removeOTELEnv(m),this.maybeDeleteEmptySettings(m);const g=(0,c.join)(e,".mcp.json");this.removeMcpServer(g),this.removeAutoModeAllowlist((0,c.join)(n,"settings.local.json")),this.uninstallStatusLine(e),(0,B.pruneEmptyDirs)(n)}installStatusLine(e,n){if(!(0,u.isSessionStatusEnabled)(n))return;const o=(0,c.join)(e,".claude","settings.local.json"),r=this.readStatusLineBlock(o);r&&!(0,T.isIronbeeStatusLine)(r.command)&&(0,S.readStatusLineSnapshot)(e,"claude")===void 0&&(0,S.upsertStatusLineSnapshot)(e,"claude",r);const i={type:"command",command:fe},a=(0,u.getStatusLineRefreshInterval)(n);a!==void 0&&(i.refreshInterval=a),this.writeStatusLineBlock(o,i),console.log(`  ${l.pc.dim("\u2192")} ${(0,l.orange)("[claude]")} statusline ${l.pc.dim("\u2192")} ${l.pc.dim(o)}`)}uninstallStatusLine(e){const n=(0,c.join)(e,".claude","settings.local.json"),o=(0,S.readStatusLineSnapshot)(e,"claude");if(o){this.writeStatusLineBlock(n,o),(0,S.clearStatusLineSnapshot)(e,"claude");return}const r=this.readStatusLineBlock(n);r&&(0,T.isIronbeeStatusLine)(r.command)&&this.removeStatusLineBlock(n)}readStatusLineBlock(e){if((0,t.existsSync)(e))try{const n=JSON.parse((0,t.readFileSync)(e,"utf-8"));if(n===null||typeof n!="object")return;const o=n.statusLine;if(o===null||typeof o!="object")return;const r=o.command;if(typeof r!="string"||r.length===0)return;const i=o.padding,a=o.refreshInterval,d={type:"command",command:r};return typeof i=="number"&&(d.padding=i),typeof a=="number"&&(d.refreshInterval=a),d}catch(n){p.logger.debug(`failed to read statusLine from ${e}: ${n}`);return}}writeStatusLineBlock(e,n){let o={};if((0,t.existsSync)(e))try{const r=JSON.parse((0,t.readFileSync)(e,"utf-8"));r!==null&&typeof r=="object"&&!Array.isArray(r)&&(o=r)}catch(r){p.logger.debug(`failed to read ${e} for statusLine write: ${r}`)}else(0,t.mkdirSync)((0,c.join)(e,".."),{recursive:!0});o.statusLine=n,(0,t.writeFileSync)(e,JSON.stringify(o,null,2))}removeStatusLineBlock(e){if((0,t.existsSync)(e))try{const n=JSON.parse((0,t.readFileSync)(e,"utf-8"));if(n===null||typeof n!="object"||Array.isArray(n))return;const o=n;delete o.statusLine,Object.keys(o).length===0?(0,t.unlinkSync)(e):(0,t.writeFileSync)(e,JSON.stringify(o,null,2))}catch(n){p.logger.debug(`failed to remove statusLine from ${e}: ${n}`)}}writeAutoModeAllowlist(e){let n={};if((0,t.existsSync)(e))try{n=JSON.parse((0,t.readFileSync)(e,"utf-8"))}catch(d){p.logger.debug(`failed to parse ${e} for autoMode allowlist: ${d}`);return}else(0,t.mkdirSync)((0,c.join)(e,".."),{recursive:!0});const o=n.autoMode!==null&&typeof n.autoMode=="object"&&!Array.isArray(n.autoMode)?n.autoMode:{},r=Array.isArray(o.allow)?o.allow.filter(d=>typeof d=="string"):[],i=r.filter(d=>!d.includes(C)),a=r.length===0?[M]:i;o.allow=[...a,ge],n.autoMode=o,(0,t.writeFileSync)(e,JSON.stringify(n,null,2))}removeAutoModeAllowlist(e){if(!(0,t.existsSync)(e))return;let n;try{n=JSON.parse((0,t.readFileSync)(e,"utf-8"))}catch(d){p.logger.debug(`failed to parse ${e} for autoMode strip: ${d}`);return}if(n.autoMode===null||typeof n.autoMode!="object"||Array.isArray(n.autoMode))return;const o=n.autoMode;if(!Array.isArray(o.allow))return;const r=o.allow.filter(d=>typeof d=="string"),i=r.filter(d=>!d.includes(C));if(i.length===r.length)return;i.length===0||i.length===1&&i[0]===M?delete o.allow:o.allow=i,Object.keys(o).length===0?delete n.autoMode:n.autoMode=o,Object.keys(n).length===0?(0,t.unlinkSync)(e):(0,t.writeFileSync)(e,JSON.stringify(n,null,2))}writeOTELEnv(e,n,o){let r={};if((0,t.existsSync)(e))try{const g=JSON.parse((0,t.readFileSync)(e,"utf-8"));g!==null&&typeof g=="object"&&!Array.isArray(g)&&(r=g)}catch(g){p.logger.debug(`failed to read ${e} for otel env write: ${g}`)}else(0,t.mkdirSync)((0,c.join)(e,".."),{recursive:!0});const i=r.env,a=i!==null&&typeof i=="object"&&!Array.isArray(i)?i:{},d=a.OTEL_EXPORTER_OTLP_ENDPOINT;if(typeof d=="string"&&d.length>0&&!I(a)){console.log(`  ${l.pc.dim("\u2192")} ${(0,l.orange)("[claude]")} ${l.pc.yellow("existing OTEL telemetry env detected \u2014 left untouched (session_context not wired for this project)")}`);return}const f=(0,u.getOTELPort)(o),m=Ee((0,z.resolveProjectName)(n));a.CLAUDE_CODE_ENABLE_TELEMETRY="1",a.OTEL_LOGS_EXPORTER="otlp",a.OTEL_METRICS_EXPORTER="none",a.OTEL_EXPORTER_OTLP_PROTOCOL="http/json",a.OTEL_EXPORTER_OTLP_ENDPOINT=`http://127.0.0.1:${f}`,a.OTEL_LOG_RAW_API_BODIES="file:.ironbee/otel",a.OTEL_RESOURCE_ATTRIBUTES=`ironbee.project_name=${m}`,a.OTEL_LOGS_EXPORT_INTERVAL="5000",r.env=a,(0,t.writeFileSync)(e,JSON.stringify(r,null,2)),console.log(`  ${l.pc.dim("\u2192")} ${(0,l.orange)("[claude]")} otel env ${l.pc.dim("\u2192")} ${l.pc.dim(`${e} (127.0.0.1:${f})`)}`)}removeOTELEnv(e){if((0,t.existsSync)(e))try{const n=JSON.parse((0,t.readFileSync)(e,"utf-8"));if(n===null||typeof n!="object"||Array.isArray(n))return;const o=n,r=o.env;if(r===null||typeof r!="object"||Array.isArray(r))return;const i=r;if(!I(i))return;for(const a of be)delete i[a];Object.keys(i).length===0&&delete o.env,(0,t.writeFileSync)(e,JSON.stringify(o,null,2))}catch(n){p.logger.debug(`failed to remove otel env from ${e}: ${n}`)}}maybeDeleteEmptySettings(e){if((0,t.existsSync)(e))try{const n=JSON.parse((0,t.readFileSync)(e,"utf-8"));he(n)&&(0,t.unlinkSync)(e)}catch(n){p.logger.debug(`failed to inspect ${e} for emptiness: ${n}`)}}async runVerifyGate(e){await(0,U.run)(e)}async runClearVerdict(e){await(0,j.run)(e)}async runTrackAction(e){await(0,V.run)(e)}async runSessionStart(e){await(0,J.run)(e)}async runSubagentStart(e){await(0,W.run)(e)}async runSubagentStop(e){await(0,q.run)(e)}async runRequireVerdict(e,n){await(0,D.run)(e,n)}async runRequireVerification(e,n){await(0,F.run)(e,n)}async runActivityStart(e){await(0,x.run)(e)}async runActivityEnd(e){await(0,X.run)(e)}async runTrackActionMonitor(e){await(0,H.run)(e)}async runSessionEnd(e){await(0,G.run)(e)}async runTrackActionPre(e){}isIronBeeHook(e){return e.hooks.some(n=>n.command.includes(me))}mergeHooksConfig(e,n){const o=n!=="monitor",r=n==="assist"?" --soft":"";let i={};if((0,t.existsSync)(e))try{i=JSON.parse((0,t.readFileSync)(e,"utf-8"))}catch(f){p.logger.debug(`failed to parse ${e}: ${f}`),i={}}i.hooks||(i.hooks={});for(const f of Object.keys(i.hooks)){const m=i.hooks[f].filter(g=>!this.isIronBeeHook(g));m.length===0?delete i.hooks[f]:i.hooks[f]=m}i.hooks.SessionStart||(i.hooks.SessionStart=[]),i.hooks.SessionStart.push({matcher:"",hooks:[{type:"command",command:"ironbee hook session-start --client claude"}]}),i.hooks.UserPromptSubmit||(i.hooks.UserPromptSubmit=[]),i.hooks.UserPromptSubmit.push({matcher:"",hooks:[{type:"command",command:"ironbee hook activity-start --client claude"}]}),o&&(i.hooks.PreToolUse||(i.hooks.PreToolUse=[]),i.hooks.PreToolUse.push({matcher:"mcp__browser-devtools__.*|mcp__node-devtools__.*|mcp__backend-devtools__.*|mcp__android-devtools__.*",hooks:[{type:"command",command:`ironbee hook require-verification --client claude${r}`}]}),i.hooks.PreToolUse.push({matcher:"Write|Edit",hooks:[{type:"command",command:`ironbee hook require-verdict --client claude${r}`}]}),i.hooks.PostToolUse||(i.hooks.PostToolUse=[]),i.hooks.PostToolUse.push({matcher:"Write|Edit",hooks:[{type:"command",command:"ironbee hook clear-verdict --client claude"}]})),i.hooks.PostToolUse||(i.hooks.PostToolUse=[]);const a=o?"ironbee hook track-action --client claude":"ironbee hook track-action-monitor --client claude";i.hooks.PostToolUse.push({matcher:"",hooks:[{type:"command",command:a}]}),i.hooks.PostToolUseFailure||(i.hooks.PostToolUseFailure=[]),i.hooks.PostToolUseFailure.push({matcher:"",hooks:[{type:"command",command:a}]}),i.hooks.Stop||(i.hooks.Stop=[]);const d=n==="enforce"?"ironbee hook verify-gate --client claude":"ironbee hook activity-end --client claude";i.hooks.Stop.push({matcher:"",hooks:[{type:"command",command:d}]}),i.hooks.SubagentStart||(i.hooks.SubagentStart=[]),i.hooks.SubagentStart.push({matcher:"",hooks:[{type:"command",command:"ironbee hook subagent-start --client claude"}]}),i.hooks.SubagentStop||(i.hooks.SubagentStop=[]),i.hooks.SubagentStop.push({matcher:"",hooks:[{type:"command",command:"ironbee hook subagent-stop --client claude"}]}),i.hooks.SessionEnd||(i.hooks.SessionEnd=[]),i.hooks.SessionEnd.push({matcher:"",hooks:[{type:"command",command:"ironbee hook session-end --client claude"}]}),(0,t.writeFileSync)(e,JSON.stringify(i,null,2))}removeIronBeeHooks(e){if((0,t.existsSync)(e))try{const n=JSON.parse((0,t.readFileSync)(e,"utf-8"));if(!n.hooks)return;for(const o of Object.keys(n.hooks)){const r=n.hooks[o].filter(i=>!this.isIronBeeHook(i));r.length===0?delete n.hooks[o]:n.hooks[o]=r}(0,t.writeFileSync)(e,JSON.stringify(n,null,2))}catch(n){p.logger.debug(`failed to remove hooks from ${e}: ${n}`)}}removeMcpServer(e){if((0,t.existsSync)(e))try{const n=JSON.parse((0,t.readFileSync)(e,"utf-8"));let o=!1;n.mcpServers&&n.mcpServers[y]&&(delete n.mcpServers[y],o=!0),n.mcpServers&&n.mcpServers[h]&&(delete n.mcpServers[h],o=!0),n.mcpServers&&n.mcpServers[b]&&(delete n.mcpServers[b],o=!0),n.mcpServers&&n.mcpServers[E]&&(delete n.mcpServers[E],o=!0),N(n)?(0,t.unlinkSync)(e):o&&(0,t.writeFileSync)(e,JSON.stringify(n,null,2))}catch(n){p.logger.debug(`failed to remove MCP server from ${e}: ${n}`)}}removePermission(e){if((0,t.existsSync)(e))try{const n=JSON.parse((0,t.readFileSync)(e,"utf-8")),o=`mcp__${y}__*`,r=`mcp__${h}__*`,i=`mcp__${b}__*`,a=`mcp__${E}__*`,d="Bash(ironbee *)",f="Bash(ironbee analyze)";n.permissions?.allow&&(n.permissions.allow=n.permissions.allow.filter(m=>m!==o&&m!==r&&m!==i&&m!==a&&m!==d&&m!==f),(0,t.writeFileSync)(e,JSON.stringify(n,null,2)))}catch(n){p.logger.debug(`failed to remove permission from ${e}: ${n}`)}}removeFile(e){(0,t.existsSync)(e)&&(0,t.unlinkSync)(e)}writeMcpConfig(e,n){let o={mcpServers:{}};if((0,t.existsSync)(e))try{o=JSON.parse((0,t.readFileSync)(e,"utf-8")),o.mcpServers||(o.mcpServers={})}catch(r){p.logger.debug(`failed to parse ${e}: ${r}`),o={mcpServers:{}}}if(delete o.mcpServers[y],delete o.mcpServers[h],delete o.mcpServers[b],delete o.mcpServers[E],N(o)){try{(0,t.rmSync)(e,{force:!0})}catch(r){p.logger.debug(`failed to remove empty ${e}: ${r}`)}return}(0,t.writeFileSync)(e,JSON.stringify(o,null,2))}writePermissions(e,n,o){let r={};if((0,t.existsSync)(e))try{r=JSON.parse((0,t.readFileSync)(e,"utf-8"))}catch(k){p.logger.debug(`failed to parse ${e}: ${k}`),r={}}r.permissions||(r.permissions={allow:[],deny:[]}),r.permissions.allow||(r.permissions.allow=[]);const i=`mcp__${y}__*`,a=`mcp__${h}__*`,d=`mcp__${b}__*`,f=`mcp__${E}__*`,m="Bash(ironbee *)",g="Bash(ironbee analyze)";if(n){const k=(0,u.loadConfig)(o);r.permissions.allow=_(r.permissions.allow,(0,u.isCycleEnabled)(k,"browser"),i),r.permissions.allow=_(r.permissions.allow,(0,u.isCycleEnabled)(k,"node"),a),r.permissions.allow=_(r.permissions.allow,(0,u.isCycleEnabled)(k,"backend"),d),r.permissions.allow=_(r.permissions.allow,(0,u.isCycleEnabled)(k,"android"),f),r.permissions.allow=r.permissions.allow.filter(O=>O!==g),r.permissions.allow.includes(m)||r.permissions.allow.push(m)}else r.permissions.allow=r.permissions.allow.filter(k=>k!==i&&k!==a&&k!==d&&k!==f&&k!==m&&k!==g);(0,t.writeFileSync)(e,JSON.stringify(r,null,2))}}function _e(s){(0,t.mkdirSync)((0,c.join)(s,".ironbee"),{recursive:!0}),(0,P.ensureIronBeeGitignored)(s)}v(_e,"prepareIronBeeDir");0&&(module.exports={ClaudeClient,prepareIronBeeDir});

package/dist/clients/claude/platforms/skill.android.md

@@ -33,6 +33,8 @@ If you see only `ios/`, `web/`, or no mobile directories — the project does NO
      - Read Logcat output for the tag(s) relevant to the changed code: `mcp__android-devtools__adt_o11y_log-read` or `mcp__android-devtools__adt_o11y_log-follow` (drain a follow with `mcp__android-devtools__adt_o11y_log-get-followed`, stop it with `mcp__android-devtools__adt_o11y_log-stop-follow`).
      - Confirm expected log lines appear AND no unexpected crashes (FATAL / E/ entries for the app package).
 
+**Batch (speed):** connect + launch-app run standalone first (prerequisites). On the device-evidence path, batch the UI interactions + the UI snapshot into one `mcp__android-devtools__adt_execute`; the snapshot captures the state after the batched interactions, so to assert an intermediate state take a snapshot at that point too. The device-evidence screenshot is usually pixel-judged (a visual change) — take THAT one standalone with `includeBase64: true` so you can see it; batch it only when it's purely gate evidence. Log-evidence reads batch together too.
+
 ### Verdict fields
 The verdict is platform-agnostic — submit only semantic judgment:
 

package/dist/clients/claude/platforms/skill.backend.md

@@ -13,6 +13,8 @@ The **backend protocol cycle** verifies backend changes by driving real protocol
 
 You can satisfy the cycle via **protocol-call evidence** (you drive the request yourself), **log evidence** (something else drives the request, you read the resulting logs), **DB evidence** (you inspect database state directly), or any combination. Pick whichever fits the task; one is enough.
 
+**Batch (speed):** group consecutive `bedt_*` steps into one `mcp__backend-devtools__bedt_execute` — e.g. a POST then a GET that reuses the created id (bind the first call's result: `const r = callTool('bedt_request_http', {…POST…}); callTool('bedt_request_http', { /* GET using an id from r */ })`), register-source + read, or db-connect + query. Keep a step standalone only when you must inspect its result to DECIDE what to do next, not just to pass a value along.
+
 ### Path A — Protocol-call evidence
 
 1. **Confirm a backend service is running** (the user's dev server, Docker compose, k8s port-forward, …). The agent itself does not start the service — ask the user if uncertain.

package/dist/clients/claude/platforms/skill.browser.md

@@ -14,6 +14,8 @@
 
 All four tools are MANDATORY (the Stop hook checks each). Functional interaction is expected for every verification.
 
+**Batch (speed):** navigate (step 1) is standalone — read the ARIA snapshot it returns to decide your interactions. Then run steps 2–5 in ONE `mcp__browser-devtools__bdt_execute` batch — `callTool('bdt_interaction_…', …)` for each interaction, `callTool('bdt_content_take-screenshot', …)`, `callTool('bdt_a11y_take-aria-snapshot', …)`, `callTool('bdt_o11y_get-console-messages', …)` — instead of four separate turns. Screenshot/aria/console capture the state AFTER the batched interactions, so batch interactions that lead to ONE state you want to assert; to assert an intermediate state (e.g. a modal that opens then closes) take a screenshot/snapshot at that point too — interleave it in the batch or split into two. The interaction is what makes the evidence meaningful: a batch of just the four evidence tools with no real interaction passes the tool-presence check but verifies nothing. If you must judge the screenshot's pixels, take that one standalone with `includeBase64: true`.
+
 ### Verdict fields
 The verdict is platform-agnostic — you submit only semantic judgment:
 

package/dist/clients/claude/platforms/skill.node.md

@@ -31,6 +31,8 @@ If you see `pom.xml`, `build.gradle`, `requirements.txt`, `pyproject.toml`, `go.
      - Read errors: `ndt_debug_get-logs` with the error-level filter.
 4. **Disconnect** (optional): `ndt_debug_disconnect`.
 
+**Batch (speed):** connect (step 2) is standalone discovery. Batch consecutive `ndt_*` calls in one `mcp__node-devtools__ndt_execute` — set several probes together, then later read snapshots/logs together. The exercise step is ALWAYS separate: whatever triggers the code path (a browser/backend call on another server, a CLI command, the user) can't share an `ndt_*` batch — so node runs as set probes (batch) → exercise (separate) → read snapshots (batch).
+
 ### Verdict fields
 The verdict is platform-agnostic — you submit only semantic judgment:
 

package/dist/clients/claude/rules/ironbee-verification.md

@@ -1,6 +1,6 @@
 You MUST verify all code changes before completing any task — by DELEGATING to the `ironbee-verifier` sub-agent. You do not have the verification tools; the verifier does. Never verify inline.
 
-After editing code, before reporting completion: spawn the `ironbee-verifier` sub-agent via the Agent/Task tool (`subagent_type: "ironbee-verifier"`) with a prompt describing what to verify. It drives the verification tools, exercises every active cycle (browser / runtime / backend, as wired up for this project), and submits the single verdict in this shared session — then returns a summary. Relay it.
+After editing code, before reporting completion: spawn the `ironbee-verifier` sub-agent via the Agent/Task tool (`subagent_type: "ironbee-verifier"`) with a prompt describing what to verify. It drives the verification tools, exercises every active cycle (browser / runtime / backend, as wired up for this project), and submits the single verdict in this shared session — then returns a summary. Relay it. **Wait for the verifier in the same turn — do NOT background it; if it is backgrounded your turn can end before its verdict is recorded, leaving your changes unverified.**
 
 If verification FAILS: fix the issues the verifier reported, optionally record what you fixed (`echo '{"fixes":["what you repaired"]}' | ironbee hook record-fix`), then re-delegate until it passes. Every code edit (Write/Edit) clears the verdict, requiring re-delegation.
 
@@ -12,3 +12,4 @@ The Stop gate blocks completion until a verdict exists for your changes — dele
 - Reporting a task complete without delegating verification of your changes.
 - Submitting a verdict based on assumptions, code reading, or prior knowledge — the verifier verifies through real tools.
 - Writing `verdict.json` directly.
+- Backgrounding the verifier sub-agent, or ending your turn before it returns its verdict — wait for it in the same turn.

package/dist/clients/claude/skills/ironbee-verification.md

@@ -21,6 +21,9 @@ relay its verdict; on fail, fix the reported issues and re-delegate until it pas
    prompt like *"Verify the recent changes"* (optionally describe what changed, or pass a
    scenario). It drives the verification tools, exercises every active cycle, and submits the
    single verdict in this **shared session** — then returns a short summary.
+   **Wait for it in the same turn — do NOT background the verifier.** Let it run to completion
+   and read its verdict before you respond. If the verifier is backgrounded, your turn can end
+   (and the Stop gate fire) before its verdict is recorded, leaving your changes unverified.
 3. **Relay the verdict.** If it FAILED: fix the issues it reported. Optionally record what you
    fixed so the next pass verdict can describe it:
    ```
@@ -36,6 +39,8 @@ you can't verify inline, delegation is the only path forward.
   `ironbee hook verification-start` / `submit-verdict` — those are the verifier's job. Delegate.
 - Reporting a task complete without delegating verification of your changes.
 - Claiming verification passed based on code reading, assumptions, or prior knowledge.
+- Backgrounding the verifier sub-agent (or ending your turn before it returns its verdict) —
+  wait for it to finish in the same turn.
 
 ## Subagent teams
 - Implementation subagents write code; they do NOT verify.

package/dist/clients/codex/agents/ironbee-verifier.md

@@ -1,16 +1,18 @@
 # IronBee Verifier (delegated verification)
 
 You are a dedicated verification sub-agent. The main agent edited code and delegated
-verification to you (it spawned you as the `ironbee-verifier` custom agent). Your job:
-exercise the affected verification cycle(s) through **real tools** (never by reading code),
-then submit a single verdict. You run inside the main agent's session — every tool call and
-the verdict you submit are recorded in that shared session, so the main agent's completion
-gate sees your work.
+verification to you. Your job: exercise the affected verification cycle(s) through **real
+tools** (never by reading code), then submit a single verdict. You run inside the main
+agent's session — every tool call and the verdict you submit are recorded in that shared
+session, so the main agent's completion gate sees your work.
 
 ## What you do NOT do
-- **Never edit code.** You run under a read-only sandbox and have no business editing. If
-  verification fails, report the failures as `issues` in a fail verdict and return — the main
-  agent fixes and re-delegates.
+- **Never edit code.** You run under a read-only sandbox — all file writes are blocked (both
+  `apply_patch` and any shell write). If verification fails, report the failures as `issues` in a
+  fail verdict and return — the main agent fixes and re-delegates.
+- **Never substitute reading for verification.** Reading the code is for understanding what
+  changed and finding what to exercise — the verdict itself must come from driving the real
+  devtools tools; a code-reading "pass" is banned.
 
 ## Scenario
 If the delegating prompt includes a verification **scenario**, it is authoritative — verify
@@ -46,29 +48,76 @@ echo '{"status":"pass","checks":["..."]}' | ironbee hook submit-verdict
 3. **Run the per-cycle flows for every active cycle.** See the platform sections near the
    bottom of this file — each enabled cycle has its own flow steps and mandatory tools. All
    active cycles must be exercised within this one verification cycle.
-4. **Teardown — shut down ONLY what you started, every run.** If in step 2 YOU started the
-   app / dev server *for this verification*, stop it now before you return. **Never stop a
-   server that was already running** (user/main-agent-owned). Honor any cycle-specific
-   teardown noted in the platform sections (e.g. stopping an active screen recording)
-   BEFORE submitting your verdict.
+4. **Teardown — shut down ONLY what you started, and do it every run (do not skip it on your
+   way to the verdict).** If in step 2 YOU started the app / dev server / any process *for
+   this verification*, stop it now before you return — kill the exact process/container you
+   launched (e.g. the backgrounded `npm run dev`, the `docker compose up` you ran). **Never
+   stop a server that was already running** (user/main-agent-owned). Also honor any
+   cycle-specific teardown noted in the platform sections (e.g. stopping an active screen
+   recording) BEFORE submitting your verdict.
 5. **Submit your verdict immediately** — do NOT wait:
    ```
    echo '<verdict-json>' | ironbee hook submit-verdict
    ```
-   Platform-agnostic shape: `status`, `checks` (required on pass/fail); add `issues` on fail. You
-   do NOT author `fixes` — the main agent records what it fixed (`record-fix`); `submit-verdict`
-   merges it. One verdict regardless of how many cycles ran.
-   **Nothing to verify? Use N/A — never fake evidence.** If the change has no runtime surface
-   (type-only edit, behavior-neutral refactor, config/docs that still tripped a cycle):
-   - Global N/A → `{"status":"not_applicable","reason":["why there's no runtime surface"]}` (no `checks`); use when NO active cycle applies.
-   - Per-platform N/A → a normal pass/fail for what you verified + exempt the rest: `{"status":"pass","checks":[...],"not_applicable_cycles":["browser"],"reason":["server-only change"]}`.
-   - `reason` is REQUIRED for either form (recorded + observable — be honest). Strict mode rejects N/A; if so, exercise the tools or report a fail.
-   - Base "nothing to verify" on the FULL change set, not a clean working tree — the change is often already COMMITTED. IronBee's injected changed-path list covers recent commits; also check `git diff HEAD~1 HEAD --stat` (widen if the work spans more commits) before declaring N/A.
+   - Verdict shape is platform-agnostic: `status`, `checks`, optionally `issues`.
+   - Pass → `{ "status": "pass", "checks": [...] }` (what you functionally verified).
+   - Fail → `{ "status": "fail", "checks": [...], "issues": [...] }` (what failed).
+   - **A FALSE failure is a FAIL — not "verified failure handling".** When you exercise a
+     negative path, separate an EXPECTED negative test (you deliberately fed invalid input —
+     bad card, missing auth, malformed payload — and it correctly failed → supports a `pass`)
+     from a FALSE failure (a VALID, in-scope operation that SHOULD succeed but errors out → a
+     DEFECT). Report a false failure as `status: "fail"` (or at minimum non-empty `issues`),
+     never as a passing "failure path verified". Passing a run whose own evidence shows a
+     legitimate operation breaking is a false pass.
+   - You do **not** supply `fixes` — you didn't perform the fix. IronBee fills it from what
+     the main agent recorded / changed.
+   - **Nothing to verify? Use N/A — do NOT fake evidence.** If the change has no runtime
+     surface to exercise (a type-only edit, a pure refactor with no behavior change, a
+     config/constant tweak, a docs change that still tripped a cycle):
+     - Global N/A → `{ "status": "not_applicable", "reason": ["why there's no runtime surface"] }`
+       (no `checks` needed). Use this when NONE of the active cycles apply.
+     - Per-platform N/A → keep a normal `pass`/`fail` for the cycles you DID verify and
+       exempt the rest: `{ "status": "pass", "checks": [...], "not_applicable_cycles": ["browser"], "reason": ["server-only change, no UI path"] }`.
+       Use this for a mixed change — e.g. verify the backend/node cycle but exempt browser.
+     - `reason` is REQUIRED for either form. It is recorded and observable — be honest;
+       don't N/A something that genuinely has a surface.
+     - **Base "nothing to verify" on the FULL change set, not a clean working tree.**
+       The change you're verifying is often already COMMITTED (the main agent committed
+       before delegating). IronBee injects the changed-path list on your first devtools
+       call — it covers recent commits, not just uncommitted `git status`. Before
+       declaring N/A, check the committed changes too (e.g. `git diff HEAD~1 HEAD --stat`,
+       widen the range if the work spans more commits). A clean `git status` does NOT mean
+       there's nothing to verify.
+     - Strict mode rejects N/A (you'll be told). If so, actually exercise the tools or
+       report a fail.
+   - The Stop hook enforces that you called the required tools for every active (non-exempt)
+     cycle and that a pass/fail verdict carries non-empty `checks`.
+6. Return a short summary to the main agent: the verdict status and, on fail, the issues so
+   it can fix and re-delegate.
 
-## BANNED
-- Writing `verdict.json` directly — always use `ironbee hook submit-verdict`.
-- Submitting a verdict without performing real-tool verification (no code-reading verdicts).
-- Calling devtools tools before opening a verification cycle (`ironbee hook verification-start`).
+## Speed — batch your tool calls (fewer LLM round-trips)
+
+Each tool call is a separate LLM round-trip, and that round-trip — not the tool's execution
+— is the dominant cost of a verification. Drive the tools in as few turns as you can:
+
+- **Batch a scope's work into ONE `*_execute` call.** Each cycle exposes a batch tool
+  (`bdt_execute` / `ndt_execute` / `bedt_execute` / `adt_execute`) that runs many steps in
+  one turn — nest each as a `callTool('<tool>', { … })`. A batch nests only that cycle's own
+  tools (you can't mix servers in one `*_execute`). It's a JS sandbox, so a later step
+  can reuse a value an earlier `callTool` returned
+  (`const r = callTool(…); callTool(…, { /* a field from r */ })`); and `*_execute` STOPS at
+  the first failing nested call, so the rest don't run. Nested calls are credited to the gate like
+  standalone calls — but authoring the batch is not the work: read each result and confirm
+  real evidence came back (a batch whose interaction failed has no screenshot/snapshot
+  behind it). See each platform section for that cycle's concrete batch shape, including any
+  cycle-specific screenshot or recording handling.
+- **Discovery stays standalone — you can't batch what you haven't seen.** The step that
+  reveals what to do (navigate / connect / snapshot) runs first and on its own; you read its
+  result, THEN batch the actions it told you to take.
+- **Run `verification-start` alone first, THEN batch.** Codex runs shell commands and MCP
+  tools in separate lanes, so a same-message ordering of the `verification-start` shell
+  command before a devtools call is not guaranteed — and a devtools call that lands first is
+  blocked. Once the cycle is open, independent MCP calls can ride one message.
 
 <!--IRONBEE:PLATFORM:browser-->
 <!--/IRONBEE:PLATFORM:browser-->