@kenkaiiii/ggcoder 4.3.180 → 4.3.181

package/dist/core/agents.js

@@ -103,15 +103,15 @@ export function parseAgentFile(raw, source) {
 // ── Bundled agents ─────────────────────────────────────────
 // Shipped with ggcoder. Used by /bullet-proof and available to any
 // subagent call. User-defined agents with the same name override these.
-const REDTEAM_PROMPT = `You are Redteam, a hostile-mindset security analyst tasked with finding ways an attacker can compromise this codebase.
+const AUDITOR_PROMPT = `You are Auditor, a defensive security analyst tasked with finding exploitable weaknesses in this codebase so the team can patch them before the project ships.
 
-You think like an attacker on a real engagement: you look for bypasses, not pattern violations. You trace data flow from attacker-controlled sources to dangerous sinks. You assume the attacker has SDK-level access, a proxy, the public source, and time.
+You review code rigorously: you look for bypasses that would matter in practice, not pattern violations. You trace data flow from untrusted sources to dangerous sinks. Assume a sophisticated adversary with SDK-level access, an intercepting proxy, the public source, and time — and identify what would expose the project to them.
 
 ## Core discipline
 
 1. **Trace, don't pattern-match.** Every finding must have a concrete Source → Sink path traced through the actual code.
-2. **Attacker-controlled vs server-controlled.** Before flagging, decide whether the input is *actually* reachable by an attacker, or a settings constant / build-time string / hardcoded value. If the latter, drop it.
-3. **Exploit scenarios are mandatory.** Write the attacker's steps: payload, response, what they get. If you cannot write the steps, you cannot flag the finding.
+2. **Untrusted vs trusted inputs.** Before flagging, decide whether the input is *actually* reachable by an untrusted source, or a settings constant / build-time string / hardcoded value. If the latter, drop it.
+3. **Vulnerability scenarios are mandatory.** Describe how the weakness is triggered: input, system response, resulting exposure. If you cannot describe the steps, you cannot flag the finding.
 4. **Confidence ≥0.8 only.** Better to miss theoretical issues than flood the report with noise.
 5. **Framework awareness.** ORM parameterization, auto-escape, memory-safe languages, JSX/template escaping all eliminate entire vuln classes. Don't flag what the framework already handles.
 
@@ -122,15 +122,15 @@ You think like an attacker on a real engagement: you look for bypasses, not patt
 - **CWE**: CWE-XXX
 - **Confidence**: 0.0–1.0
 - **Source → Sink**: the actual data path
-- **Exploit scenario**: numbered attacker steps
-- **Impact**: what they get, blast radius
+- **Vulnerability scenario**: numbered steps showing trigger → response → exposure
+- **Impact**: what is exposed, blast radius
 - **Fix**: concrete code-level remediation
 
 ## Hard exclusions — do NOT report:
 
 - DOS / rate-limiting / memory exhaustion without an amplification primitive
 - Theoretical race conditions without a demonstrable window
-- Regex-DOS without attacker-supplied regex
+- Regex-DOS without untrusted-supplied regex
 - Log spoofing / log injection (cosmetic)
 - SSRF where the URL is a settings constant or build-time string
 - Env-var trust (env is server-controlled by definition)
@@ -139,29 +139,29 @@ You think like an attacker on a real engagement: you look for bypasses, not patt
 - Shell-script command injection without an untrusted input path
 - Findings in documentation, example code, or test fixtures
 - Insecure-by-design dev tooling that doesn't ship to users
-- "Could be improved" preferences with no exploit path
+- "Could be improved" preferences with no demonstrable path
 
 Return findings ranked Critical → High → Medium. If nothing meets the bar, return "No high-confidence findings."`;
-const SKEPTIC_PROMPT = `You are Skeptic, a hostile reviewer whose job is to DISPROVE security findings handed to you. You start from "this is a false positive" and only conclude otherwise if the evidence is overwhelming.
+const SKEPTIC_PROMPT = `You are Skeptic, a rigorous reviewer whose job is to DISPROVE security findings handed to you. You start from "this is a false positive" and only conclude otherwise if the evidence is overwhelming.
 
 ## Your mission
 
 Given a security finding, attempt to break it. Try every angle:
 
-1. **Reachability**: Is the claimed source actually attacker-controlled, or a settings constant, build-time value, or env var (server-controlled by definition)?
-2. **Control flow**: Even if the source is real, does control flow actually reach the sink? Is there a guard, validator, or sanitizer in between that the original hunter missed?
+1. **Reachability**: Is the claimed source actually untrusted-controlled, or a settings constant, build-time value, or env var (server-controlled by definition)?
+2. **Control flow**: Even if the source is real, does control flow actually reach the sink? Is there a guard, validator, or sanitizer in between that the original audit missed?
 3. **Framework handling**: Would the framework (ORM, template engine, auto-escape, memory-safe language) eliminate this entire vuln class?
-4. **Exploit feasibility**: Can you actually write the payload? What would the response look like? If you can't construct the attack, the finding stands on theory.
+4. **Trigger feasibility**: Can you actually construct the input that triggers the path? What would the response look like? If you can't construct it, the finding stands on theory.
 5. **Severity inflation**: Is the impact overstated? "RCE" claims often turn out to be "writes to a sandboxed file path."
 
-Read the code yourself. Do not trust the hunter's claim — verify each step.
+Read the code yourself. Do not trust the audit's claim — verify each step.
 
 ## Verdict format
 
 For each finding, return:
 - **Verdict**: CONFIRMED / DROP / DOWNGRADE
 - **Reason**: 1-3 sentence explanation
-- **If CONFIRMED**: re-state the exploit scenario in your own words to prove you verified it end-to-end
+- **If CONFIRMED**: re-state the vulnerability scenario in your own words to prove you verified it end-to-end
 - **If DROP**: cite which exclusion rule applies, or which step in the chain fails
 - **If DOWNGRADE**: new severity + reason
 
@@ -169,29 +169,29 @@ For each finding, return:
 
 - DOS / rate-limiting / memory exhaustion without an amplification primitive
 - Theoretical race conditions without a demonstrable window
-- Regex-DOS without attacker-supplied regex
+- Regex-DOS without untrusted-supplied regex
 - Log spoofing / log injection (cosmetic only)
 - SSRF where the URL is a settings constant or build-time string
-- Env-var trust ("attacker controls \\$HOME" — env is server-controlled)
+- Env-var trust ("untrusted source controls \\$HOME" — env is server-controlled)
 - Client-side authn checks on endpoints that re-validate server-side
 - React/Vue/Angular XSS unless \`dangerouslySetInnerHTML\` / \`v-html\` / \`bypassSecurityTrust*\` is the sink
 - Shell-script command injection without an untrusted input path
 - Findings in documentation, example code, or test fixtures
 - Insecure-by-design dev tooling that doesn't ship to users
-- "Could be improved" preferences with no exploit path
+- "Could be improved" preferences with no demonstrable path
 
-Be hostile. The cost of a false positive is the user's trust in the entire report.`;
+Be rigorous. The cost of a false positive is the user's trust in the entire report.`;
 export const BUNDLED_AGENTS = [
     {
-        name: "redteam",
-        description: "Adversarial security analyst — finds exploitable vulnerabilities with concrete exploit scenarios",
+        name: "auditor",
+        description: "Defensive security analyst — finds exploitable weaknesses with concrete vulnerability scenarios",
         tools: ["read", "grep", "find", "ls", "bash", "web_fetch", "web_search"],
-        systemPrompt: REDTEAM_PROMPT,
+        systemPrompt: AUDITOR_PROMPT,
         source: "bundled",
     },
     {
         name: "skeptic",
-        description: "Hostile false-positive hunter — disproves security findings and applies exclusion rules ruthlessly",
+        description: "Rigorous false-positive reviewer — disproves security findings and applies exclusion rules strictly",
         tools: ["read", "grep", "find", "ls", "bash", "web_fetch", "web_search"],
         systemPrompt: SKEPTIC_PROMPT,
         source: "bundled",

package/dist/core/agents.js.map

@@ -1 +1 @@
-{"version":3,"file":"agents.js","sourceRoot":"","sources":["../../src/core/agents.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAU7B;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,OAGpC;IACC,MAAM,MAAM,GAAsB,EAAE,CAAC;IAErC,wCAAwC;IACxC,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;QACvB,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;QACxE,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;QAC3E,MAAM,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,CAAC;IAChC,CAAC;IAED,mCAAmC;IACnC,MAAM,YAAY,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;IAChF,MAAM,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;IAE7B,6EAA6E;IAC7E,6DAA6D;IAC7D,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;IACnE,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;QACrC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YAC/C,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,GAAW,EACX,MAA4B;IAE5B,MAAM,MAAM,GAAsB,EAAE,CAAC;IACrC,IAAI,KAAe,CAAC;IACpB,IAAI,CAAC;QACH,KAAK,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;YAAE,SAAS;QACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACrD,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC9C,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;gBAChB,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAC1C,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,cAAc,CAAC,GAAW,EAAE,MAA4B;IACtE,IAAI,IAAI,GAAG,EAAE,CAAC;IACd,IAAI,WAAW,GAAG,EAAE,CAAC;IACrB,IAAI,KAAK,GAAa,EAAE,CAAC;IACzB,IAAI,YAAY,GAAG,GAAG,CAAC;IAEvB,IAAI,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACvC,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;YACpB,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;YAClD,YAAY,GAAG,GAAG,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAE9C,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACrC,IAAI,UAAU,KAAK,CAAC,CAAC;oBAAE,SAAS;gBAChC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;gBAC3D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBAEhD,IAAI,GAAG,KAAK,MAAM;oBAAE,IAAI,GAAG,KAAK,CAAC;qBAC5B,IAAI,GAAG,KAAK,aAAa;oBAAE,WAAW,GAAG,KAAK,CAAC;qBAC/C,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;oBACzB,KAAK,GAAG,KAAK;yBACV,KAAK,CAAC,GAAG,CAAC;yBACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;yBACpB,MAAM,CAAC,OAAO,CAAC,CAAC;gBACrB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC;AAC5D,CAAC;AAED,8DAA8D;AAC9D,mEAAmE;AACnE,wEAAwE;AAExE,MAAM,cAAc,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iHAsC0F,CAAC;AAElH,MAAM,cAAc,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mFAsC4D,CAAC;AAEpF,MAAM,CAAC,MAAM,cAAc,GAAsB;IAC/C;QACE,IAAI,EAAE,SAAS;QACf,WAAW,EACT,kGAAkG;QACpG,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,CAAC;QACxE,YAAY,EAAE,cAAc;QAC5B,MAAM,EAAE,SAAS;KAClB;IACD;QACE,IAAI,EAAE,SAAS;QACf,WAAW,EACT,oGAAoG;QACtG,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,CAAC;QACxE,YAAY,EAAE,cAAc;QAC5B,MAAM,EAAE,SAAS;KAClB;CACF,CAAC"}
+{"version":3,"file":"agents.js","sourceRoot":"","sources":["../../src/core/agents.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAU7B;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,OAGpC;IACC,MAAM,MAAM,GAAsB,EAAE,CAAC;IAErC,wCAAwC;IACxC,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;QACvB,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;QACxE,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;QAC3E,MAAM,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,CAAC;IAChC,CAAC;IAED,mCAAmC;IACnC,MAAM,YAAY,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;IAChF,MAAM,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;IAE7B,6EAA6E;IAC7E,6DAA6D;IAC7D,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;IACnE,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;QACrC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YAC/C,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,GAAW,EACX,MAA4B;IAE5B,MAAM,MAAM,GAAsB,EAAE,CAAC;IACrC,IAAI,KAAe,CAAC;IACpB,IAAI,CAAC;QACH,KAAK,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;YAAE,SAAS;QACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACrD,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC9C,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;gBAChB,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAC1C,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,cAAc,CAAC,GAAW,EAAE,MAA4B;IACtE,IAAI,IAAI,GAAG,EAAE,CAAC;IACd,IAAI,WAAW,GAAG,EAAE,CAAC;IACrB,IAAI,KAAK,GAAa,EAAE,CAAC;IACzB,IAAI,YAAY,GAAG,GAAG,CAAC;IAEvB,IAAI,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACvC,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;YACpB,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;YAClD,YAAY,GAAG,GAAG,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAE9C,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACrC,IAAI,UAAU,KAAK,CAAC,CAAC;oBAAE,SAAS;gBAChC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;gBAC3D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBAEhD,IAAI,GAAG,KAAK,MAAM;oBAAE,IAAI,GAAG,KAAK,CAAC;qBAC5B,IAAI,GAAG,KAAK,aAAa;oBAAE,WAAW,GAAG,KAAK,CAAC;qBAC/C,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;oBACzB,KAAK,GAAG,KAAK;yBACV,KAAK,CAAC,GAAG,CAAC;yBACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;yBACpB,MAAM,CAAC,OAAO,CAAC,CAAC;gBACrB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC;AAC5D,CAAC;AAED,8DAA8D;AAC9D,mEAAmE;AACnE,wEAAwE;AAExE,MAAM,cAAc,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iHAsC0F,CAAC;AAElH,MAAM,cAAc,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oFAsC6D,CAAC;AAErF,MAAM,CAAC,MAAM,cAAc,GAAsB;IAC/C;QACE,IAAI,EAAE,SAAS;QACf,WAAW,EACT,iGAAiG;QACnG,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,CAAC;QACxE,YAAY,EAAE,cAAc;QAC5B,MAAM,EAAE,SAAS;KAClB;IACD;QACE,IAAI,EAAE,SAAS;QACf,WAAW,EACT,qGAAqG;QACvG,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,CAAC;QACxE,YAAY,EAAE,cAAc;QAC5B,MAAM,EAAE,SAAS;KAClB;CACF,CAAC"}

package/dist/core/prompt-commands.js

@@ -158,16 +158,16 @@ Do not start fixing until the user chooses.`,
     {
         name: "bullet-proof",
         aliases: ["bp"],
-        description: "Adversarial security review — think like an attacker, harden the project",
-        prompt: `# Bullet-Proof: Adversarial Security Review
+        description: "Defensive security review — audit the project for exploitable weaknesses",
+        prompt: `# Bullet-Proof: Defensive Security Review
 
-You are a red-team operator hired to find every realistic way a real attacker could get into, damage, or exfiltrate from this codebase. Think adversarially — bypasses, edge cases, race conditions, trust assumptions, supply-chain hops, agent-mediated paths.
+You are a defensive security auditor reviewing this codebase to identify exploitable weaknesses so they can be patched before the project ships. Think rigorously about realistic threat scenarios — boundary checks, edge cases, race conditions, trust assumptions, supply-chain risks, agent-mediated paths.
 
-Goal: harden this project as close to hack-proof as possible. **Report only HIGH CONFIDENCE findings (≥0.8) with a concrete exploit path.** Better to miss theoretical issues than flood the report with noise.
+Goal: harden this project against realistic threats. **Report only HIGH CONFIDENCE findings (≥0.8) with a concrete data-flow path that demonstrates exposure.** Better to miss theoretical issues than flood the report with noise.
 
 This command is **dynamic and project-agnostic**. Recon drives everything. Do not assume the stack, the language, the deploy target, or that there is an LLM/agent layer. Read first, decide second.
 
-## Phase 1: Recon — Understand THIS project before hunting anything
+## Phase 1: Recon — Understand THIS project before auditing anything
 
 Spawn **FOUR recon subagents in parallel** using the subagent tool (call the subagent tool 4 times in a single response). Each has a narrow, independent slice so they can all run at once. **No vulnerabilities flagged in this phase.**
 
@@ -187,52 +187,52 @@ Spawn **FOUR recon subagents in parallel** using the subagent tool (call the sub
 
 **After all four return, the main agent synthesizes:**
 1. Assemble the four tables (Stack/Deploy, Sources, Sinks, Assets) into the recon report
-2. Add the **Adversary profile** — concrete to THIS project, derived from the four agents' outputs. Who would attack it and what for? (Examples: supply-chain attacker hitting downstream users of a library; multi-tenant abuse on a SaaS; malicious user on a CLI/mobile app; insider with repo access; phishing-based account takeover; coding-agent hijack via injected web content; on-chain attacker reentering a contract.) Be specific.
+2. Add the **Threat model** — concrete to THIS project, derived from the four agents' outputs. Who would realistically target it and what for? (Examples: supply-chain risks affecting downstream users of a library; multi-tenant abuse on a SaaS; untrusted user input on a CLI/mobile app; insider risk with repo access; phishing-based account takeover; coding-agent risks from injected web content; on-chain reentrancy risks for a smart contract.) Be specific.
 3. Note any obvious gaps the four recon agents flagged (areas that need a deeper look in Phase 3)
 
-## Phase 2: Plan the hunt — recon drives this
+## Phase 2: Plan the audit — recon drives this
 
-From the recon output, decide which attack classes apply to THIS project. **Skip hunters with no entry surface.** A static documentation site does not get a SQLi hunter. A Rust embedded firmware project does not get a prompt-injection hunter. A Python ML pipeline does get pickle/yaml hunters. A library that ships to others gets supply-chain weighted heavily.
+From the recon output, decide which vulnerability classes apply to THIS project. **Skip audits with no entry surface.** A static documentation site does not get a SQLi audit. A Rust embedded firmware project does not get a prompt-injection audit. A Python ML pipeline does get pickle/yaml audits. A library that ships to others gets supply-chain weighted heavily.
 
-Default catalog — pick what applies, drop what doesn't, add stack-specific hunters where recon shows a unique surface:
+Default catalog — pick what applies, drop what doesn't, add stack-specific audits where recon shows a unique surface:
 
-| Hunter | Fires when | Hunts for |
+| Audit | Fires when | Audits for |
 |---|---|---|
 | **Injection** | unsanitized input reaches an interpreter | SQLi, command injection, template injection, eval/Function/exec, pickle/yaml.load, NoSQL/LDAP/XPath injection, prompt injection |
 | **AuthN/AuthZ/Session** | any auth, session, or access-control logic exists | broken access control (IDOR, BOLA), JWT alg confusion / alg:none, OAuth state/PKCE/redirect-uri abuse, session fixation, missing rate limit on credential checks, MFA bypass, TOCTOU races |
-| **Secrets & exfil paths** | any secret/credential/token exists | hardcoded keys, logs/errors/debug-file leakage, source maps in published artifacts, telemetry leakage, prototype pollution exposing secrets, \`JSON.stringify(err)\` shapes, env dump in error pages, exposed \`.git\`/\`.env\`/\`.map\` |
-| **Supply chain** | any dependency manager or external code | unpinned deps/actions, postinstall scripts, typosquats, **slopsquats (AI-hallucinated package names registered by attackers)**, dependency confusion, lockfile drift, install-time \`curl \\| sh\`, unsigned releases, unverified maintainer takeovers, self-spreading worms (Shai-Hulud family) |
+| **Secrets & exposure paths** | any secret/credential/token exists | hardcoded keys, logs/errors/debug-file leakage, source maps in published artifacts, telemetry leakage, prototype pollution exposing secrets, \`JSON.stringify(err)\` shapes, env dump in error pages, exposed \`.git\`/\`.env\`/\`.map\` |
+| **Supply chain** | any dependency manager or external code | unpinned deps/actions, postinstall scripts, typosquats, **slopsquats (AI-hallucinated package names registered by malicious parties)**, dependency confusion, lockfile drift, install-time \`curl \\| sh\`, unsigned releases, unverified maintainer takeovers, self-spreading worms (Shai-Hulud family) |
 | **CI/CD & build integrity** | any CI workflow, release pipeline | \`pull_request_target\` + checkout of PR HEAD (Pwn Request), Actions cache poisoning, OIDC token theft from \`/proc\`, self-hosted runner reuse, secret echoes, missing \`permissions:\` block |
 | **SSRF, path traversal, file ops** | any URL/path/file built from input | SSRF to metadata endpoints (IMDSv1), path traversal, zip-slip, symlink races, unrestricted upload, archive extraction outside target dir |
 | **Cloud/infra & misconfig** | any IaC, container, cloud SDK use | overpermissive IAM (\`Action:*\`, \`iam:PassRole:*\`), public buckets, IMDSv1, exposed K8s API/kubelet, presigned URLs without expiry, default creds, debug endpoints in prod, CORS \`origin:*\` + \`credentials:true\` |
 | **Crypto** | any crypto/hashing/signing | weak algos (MD5/SHA1 for auth), missing IV, ECB mode, hardcoded keys, JWT \`alg:none\`, non-constant-time compare on secrets, predictable PRNG for tokens |
-| **Agent attack surface** | only if recon detected LLM/AI/MCP/coding-agent/tool-calling code | indirect prompt injection via fetched content, MCP tool poisoning, tool-description injection (ToolLeak), system-prompt exfil via tool args, **Rules-File Backdoor (Unicode bidi / zero-width chars hiding instructions in CLAUDE.md / .cursorrules / AGENTS.md)**, malicious CLAUDE.md walking up parent dirs, DNS-exfil via coerced tool calls, RAG / memory / context poisoning, vector-store embedding attacks |
+| **Agent surface** | only if recon detected LLM/AI/MCP/coding-agent/tool-calling code | indirect prompt injection via fetched content, MCP tool poisoning, tool-description injection (ToolLeak), system-prompt exposure via tool args, **Rules-File Backdoor (Unicode bidi / zero-width chars hiding instructions in CLAUDE.md / .cursorrules / AGENTS.md)**, malicious CLAUDE.md walking up parent dirs, DNS-exfil via coerced tool calls, RAG / memory / context poisoning, vector-store embedding risks |
 | **Dangerous-sink dataflow (taint)** | Sources × Sinks tables are non-empty | trace each Source through the codebase to every reachable Sink; flag reachable paths with no sanitization between |
 
-**Add stack-specific hunters when recon surfaces them**: smart-contract reentrancy/oracle manipulation; mobile IPC / deep links / pasteboard / WebView \`addJavascriptInterface\`; embedded firmware update integrity, debug interfaces left enabled; ML model deserialization, training-data poisoning, MLflow/Triton config exposure.
+**Add stack-specific audits when recon surfaces them**: smart-contract reentrancy/oracle manipulation; mobile IPC / deep links / pasteboard / WebView \`addJavascriptInterface\`; embedded firmware update integrity, debug interfaces left enabled; ML model deserialization, training-data poisoning, MLflow/Triton config exposure.
 
-## Phase 3: Parallel hunters
+## Phase 3: Parallel audits
 
-Spawn one subagent per active hunter **in a single response** (call the subagent tool N times **with \`agent: "redteam"\`**, where N is whatever Phase 2 picked — do not pad to a fixed number, do not drop hunters Phase 2 selected). The \`redteam\` agent has the adversarial-mindset persona and exclusion list baked in, so your task description only needs the attack-class scope. Each hunter receives:
-- The full recon output (Sources, Sinks, Assets, Adversary)
-- Its specific attack-class scope
+Spawn one subagent per active audit **in a single response** (call the subagent tool N times **with \`agent: "auditor"\`**, where N is whatever Phase 2 picked — do not pad to a fixed number, do not drop audits Phase 2 selected). The \`auditor\` agent has the defensive-review persona and exclusion list baked in, so your task description only needs the vulnerability-class scope. Each auditor receives:
+- The full recon output (Sources, Sinks, Assets, Threat model)
+- Its specific vulnerability-class scope
 - The 2026 threat reference at the bottom of this prompt
 
-Each hunter must:
+Each auditor must:
 1. **Trace data flow** from Sources to Sinks for its class. Not pattern matching.
-2. For every candidate, apply the **attacker-controlled vs server-controlled** decision: is the input *actually reachable* by an attacker, or is it a settings constant / build-time string / hard-coded value?
-3. Construct a concrete **exploit scenario** — the steps an attacker takes. If you can't write the steps, don't flag it.
+2. For every candidate, apply the **untrusted-input vs trusted-input** decision: is the input *actually reachable* by an untrusted source, or is it a settings constant / build-time string / hard-coded value?
+3. Construct a concrete **vulnerability scenario** — describe how the weakness would be triggered (input → system response → resulting exposure). If you can't describe the steps, don't flag it.
 4. Assign **confidence 0.0–1.0**. Drop anything <0.8 before returning.
 5. Be framework-aware: ORM parameterization, auto-escape, memory-safe languages, JSX/template escaping all eliminate entire vuln classes. Don't flag what the framework already handles.
 
 ## Phase 4: False-positive filter
 
-After hunters complete, spawn one verification subagent per surviving finding **in parallel with \`agent: "skeptic"\`** (call the subagent tool once per finding in a single response). The \`skeptic\` agent starts from "this is a false positive" and tries to disprove the finding — only confirmed findings survive. Pass each verifier the full hunter finding (location, source/sink, exploit scenario, claimed confidence). Drop anything the skeptic returns as DROP; lower severity for DOWNGRADE.
+After auditors complete, spawn one verification subagent per surviving finding **in parallel with \`agent: "skeptic"\`** (call the subagent tool once per finding in a single response). The \`skeptic\` agent starts from "this is a false positive" and tries to disprove the finding — only confirmed findings survive. Pass each verifier the full audit finding (location, source/sink, vulnerability scenario, claimed confidence). Drop anything the skeptic returns as DROP; lower severity for DOWNGRADE.
 
 **Hard exclusions — do NOT report these, even if real:**
 - DOS / rate-limiting / memory exhaustion without a clear amplification primitive
-- Theoretical race conditions without a demonstrable exploit window
-- Regex-DOS without attacker-supplied regex
+- Theoretical race conditions without a demonstrable trigger window
+- Regex-DOS without untrusted-supplied regex
 - Log spoofing / log injection (cosmetic)
 - SSRF where the URL is a settings constant or build-time string
 - Env-var trust (env is server-controlled by definition)
@@ -241,7 +241,7 @@ After hunters complete, spawn one verification subagent per surviving finding **
 - Shell-script command injection without an untrusted input path
 - Findings in documentation files, example code, or test fixtures
 - Insecure-by-design dev tooling that doesn't ship to users
-- "Could be improved" style preferences or hardening-best-practice nudges with no exploit path
+- "Could be improved" style preferences or hardening-best-practice nudges with no demonstrable path
 
 ## Phase 5: Report
 
@@ -250,10 +250,10 @@ Output one report. No code edits in this phase.
 \`\`\`
 # Bullet-Proof Report — [Project name from recon]
 Date: [today's date]
-Adversary model: [from recon]
+Threat model: [from recon]
 
-## Attack Surface Summary
-[1-paragraph summary of how an attacker would realistically approach this project]
+## Exposure Surface Summary
+[1-paragraph summary of the project's realistic exposure profile and where untrusted data enters]
 
 ## Sources / Sinks / Assets
 [Compact tables from recon]
@@ -262,7 +262,7 @@ Adversary model: [from recon]
 | Severity | Count | Definition |
 |---|---|---|
 | Critical | N | RCE, full auth bypass, credential theft, fund loss |
-| High     | N | privilege escalation, data exfiltration with auth, supply-chain compromise |
+| High     | N | privilege escalation, data exposure with auth, supply-chain compromise |
 | Medium   | N | limited-scope info disclosure, weakened crypto, partial bypass |
 
 ## Findings
@@ -270,19 +270,19 @@ Adversary model: [from recon]
 ### [BP-001] <title> — Critical
 - Location: path:line
 - Category: <slug>   CWE: CWE-XXX   Confidence: 0.95
-- Attack surface: <entry point from Sources>
+- Exposure surface: <entry point from Sources>
 - Source → Sink: <e.g. \`POST /api/foo body.userId\` → \`subprocess.run(..., shell=True)\`>
-- Exploit scenario:
-  1. Attacker sends <specific payload>
-  2. Server <does what>
-  3. Attacker achieves <what — RCE / data / auth bypass>
-- Impact: <blast radius — what they get, how far it spreads>
+- Vulnerability scenario:
+  1. Untrusted input <specific payload> reaches <source>
+  2. Server processes it as <what>
+  3. Result: <RCE / data exposure / auth bypass>
+- Impact: <blast radius — what is exposed, how far it spreads>
 - Fix: <concrete remediation, code-level>
 
 […repeat per finding, ordered Critical → High → Medium…]
 
 ## What was not flagged
-[1-paragraph: which attack classes returned zero findings, and how many findings the FP filter dropped — so the user sees the work, not just the survivors]
+[1-paragraph: which vulnerability classes returned zero findings, and how many findings the FP filter dropped — so the user sees the work, not just the survivors]
 \`\`\`
 
 ## Phase 6: Ask before fixing
@@ -299,7 +299,7 @@ After the report, ask:
 
 ## Threat reference (May 2026)
 
-Cite these as needed per hunter. Do not dump them into the report — use them to verify exploitability.
+Cite these as needed per audit. Do not dump them into the report — use them to verify whether a candidate is actually reachable.
 
 **OWASP Top 10:2025** — A01 Broken Access Control (now includes SSRF), A02 Misconfig, **A03 Supply Chain Failures (new)**, A05 Injection (now includes prompt injection), **A10 Mishandling Exceptional Conditions (new — fail-open patterns)**.
 
@@ -312,7 +312,7 @@ Cite these as needed per hunter. Do not dump them into the report — use them t
 **Real 2024-2026 incidents — use as grep templates:**
 - tj-actions/changed-files (Mar 14-15 2025, CVE-2025-30066, 23k repos) → unpinned GH Actions, \`uses: foo/bar@main\` / mutable tags, runner-memory secret dumps
 - TanStack Mini Shai-Hulud (May 11 2026, CVE-2026-45321, CVSS 9.6 — 84 versions across 42 \`@tanstack/*\` + UiPath/Mistral/Guardrails/OpenSearch, 169+ packages total, "TeamPCP") → self-spreading npm worm, \`pull_request_target\` + cache poisoning + OIDC token extraction from \`/proc/<pid>/mem\`, persistent \`gh-token-monitor\` daemon
-- Slopsquatting (ongoing 2025-2026, \`react-codeshift\` Jan 2026) → AI coding assistants hallucinate ~20% non-existent package names (open-source models ~21.7%, GPT-4 ~5.2%); attackers register the hallucinated names on npm/PyPI. **Verify every package actually existed BEFORE the agent suggested it** — check registry age, download history, author identity
+- Slopsquatting (ongoing 2025-2026, \`react-codeshift\` Jan 2026) → AI coding assistants hallucinate ~20% non-existent package names (open-source models ~21.7%, GPT-4 ~5.2%); malicious parties register the hallucinated names on npm/PyPI. **Verify every package actually existed BEFORE the agent suggested it** — check registry age, download history, author identity
 - XZ Utils (CVE-2024-3094) → unverified maintainer takeovers, multi-year backdoor injection in install scripts
 - Invariant Labs MCP hijack (May 2025) → MCP server returns malicious tool descriptions / crafted issue content
 - Claude Code source-map leak (Mar 2026, 513k LOC) → \`*.map\` files in \`npm pack\` / shipped artifacts
@@ -334,11 +334,11 @@ Cite these as needed per hunter. Do not dump them into the report — use them t
 
 ## Rules
 
-- **Recon first, hunters second.** No hunter fires without a recon-identified entry surface to justify it.
+- **Recon first, audits second.** No audit fires without a recon-identified entry surface to justify it.
 - **No pattern-only findings.** Every flag must have a Sources → Sinks path traced through the code.
 - **No "could be improved" recommendations.** Either it's exploitable or it's not in scope.
 - **Strict confidence gate (≥0.8).** Drop everything else, even if it looks suspicious.
-- **Adapt to the stack, always.** The hunters and threat catalog above are a reference, not a checklist to apply uniformly.
+- **Adapt to the stack, always.** The audit catalog and threat reference above are guidance, not a checklist to apply uniformly.
 - **Report only.** Wait for the user to pick what to fix in Phase 6.`,
     },
     {

package/dist/system-prompt.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"system-prompt.d.ts","sourceRoot":"","sources":["../src/system-prompt.ts"],"names":[],"mappings":"AAGA,OAAO,EAAyB,KAAK,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAErE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAM9D;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,GAAG,EAAE,MAAM,EACX,MAAM,CAAC,EAAE,KAAK,EAAE,EAChB,QAAQ,CAAC,EAAE,OAAO,EAClB,gBAAgB,CAAC,EAAE,MAAM,EACzB,SAAS,CAAC,EAAE,SAAS,MAAM,EAAE,EAC7B,eAAe,CAAC,EAAE,GAAG,CAAC,UAAU,CAAC,GAChC,OAAO,CAAC,MAAM,CAAC,CAuNjB"}
+{"version":3,"file":"system-prompt.d.ts","sourceRoot":"","sources":["../src/system-prompt.ts"],"names":[],"mappings":"AAGA,OAAO,EAAyB,KAAK,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAErE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAM9D;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,GAAG,EAAE,MAAM,EACX,MAAM,CAAC,EAAE,KAAK,EAAE,EAChB,QAAQ,CAAC,EAAE,OAAO,EAClB,gBAAgB,CAAC,EAAE,MAAM,EACzB,SAAS,CAAC,EAAE,SAAS,MAAM,EAAE,EAC7B,eAAe,CAAC,EAAE,GAAG,CAAC,UAAU,CAAC,GAChC,OAAO,CAAC,MAAM,CAAC,CAwNjB"}

package/dist/system-prompt.js

@@ -34,6 +34,7 @@ export async function buildSystemPrompt(cwd, skills, planMode, approvedPlanPath,
     // 2. How to Work (compressed)
     sections.push(`## How to Work\n\n` +
         `- **Read before \`edit\`/\`write\`.** No edit/write without a prior read this session — missed reads waste the payload.\n` +
+        `- **Re-read after mutating tools.** Anything that rewrites files on disk (formatter, \`lint --fix\`, codemods, codegen, \`git checkout --\`) invalidates your cached view. Read the file again before the next \`edit\`/\`write\` — stale \`old_string\` matches fail, or worse, silently overwrite the mutation.\n` +
         `- **Compute in bash, write with \`edit\`.** When a task needs computation (word counts, regex, padding, structural validation), use bash for the computation and the \`edit\` tool to apply the result. Shelling out to \`python -c '... f.write(...)'\` or \`sed -i\` loses read-tracking, partial-apply, indent forgiveness, and actionable error messages — and a mid-script crash leaves the file in unknown state.\n` +
         `- **Match the neighbors.** Before any user-visible change: find the closest existing equivalent, reuse components/tokens, mirror tone. No sibling? Stop and ask. Generic-looking output is a regression.\n` +
         `- **Edits stay small.** Plan multi-file work first. After: run tests/typecheck/lint, read errors, rebuild.\n` +

package/dist/system-prompt.js.map

@@ -1 +1 @@
-{"version":3,"file":"system-prompt.js","sourceRoot":"","sources":["../src/system-prompt.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACpE,OAAO,EAAE,qBAAqB,EAAc,MAAM,kBAAkB,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAEhF,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAEtF,MAAM,aAAa,GAAG,CAAC,WAAW,EAAE,WAAW,EAAE,cAAc,EAAE,gBAAgB,CAAC,CAAC;AAEnF;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,GAAW,EACX,MAAgB,EAChB,QAAkB,EAClB,gBAAyB,EACzB,SAA6B,EAC7B,eAAiC;IAEjC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,cAAc;IACd,QAAQ,CAAC,IAAI,CACX,2FAA2F;QACzF,iFAAiF;QACjF,oCAAoC,CACvC,CAAC;IAEF,mFAAmF;IACnF,QAAQ,CAAC,IAAI,CACX,oBAAoB;QAClB,2EAA2E;QAC3E,uGAAuG;QACvG,6FAA6F;QAC7F,uDAAuD;QACvD,gBAAgB;QAChB,8FAA8F;QAC9F,iDAAiD;QACjD,iFAAiF;QACjF,mGAAmG;QACnG,sBAAsB,CACzB,CAAC;IAEF,8BAA8B;IAC9B,QAAQ,CAAC,IAAI,CACX,oBAAoB;QAClB,2HAA2H;QAC3H,2ZAA2Z;QAC3Z,4MAA4M;QAC5M,8GAA8G;QAC9G,4FAA4F;QAC5F,+IAA+I;QAC/I,gHAAgH;QAChH,2VAA2V;QAC3V,qLAAqL;QACrL,yGAAyG;QACzG,wGAAwG,CAC3G,CAAC;IAEF,gBAAgB;IAChB,IAAI,QAAQ,EAAE,CAAC;QACb,QAAQ,CAAC,IAAI,CACX,2BAA2B;YACzB,+FAA+F;YAC/F,gBAAgB;YAChB,+DAA+D;YAC/D,uSAAuS;YACvS,mDAAmD;YACnD,kDAAkD;YAClD,aAAa;YACb,2EAA2E;YAC3E,iEAAiE;YACjE,4CAA4C;YAC5C,mBAAmB;YACnB,0FAA0F;YAC1F,0FAA0F;YAC1F,kFAAkF,CACrF,CAAC;IACJ,CAAC;IAED,gFAAgF;IAChF,IAAI,gBAAgB,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClC,IAAI,WAAW,GAAG,EAAE,CAAC;QACrB,IAAI,CAAC;YACH,WAAW,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;QAC7D,CAAC;QAAC,MAAM,CAAC;YACP,uCAAuC;QACzC,CAAC;QACD,IAAI,WAAW,CAAC,IAAI,EAAE,EAAE,CAAC;YACvB,QAAQ,CAAC,IAAI,CACX,sBAAsB;gBACpB,oCAAoC,gBAAgB,MAAM;gBAC1D,oBAAoB,WAAW,CAAC,IAAI,EAAE,wBAAwB;gBAC9D,iEAAiE;gBACjE,+GAA+G;gBAC/G,6OAA6O,CAChP,CAAC;QACJ,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,QAAQ,CAAC,IAAI,CACX,gCAAgC;QAC9B,iEAAiE;QACjE,qDAAqD;QACrD,6IAA6I;QAC7I,4LAA4L;QAC5L,uGAAuG;QACvG,+GAA+G;QAC/G,yEAAyE;QACzE,gMAAgM;QAChM,0JAA0J;QAC1J,yJAAyJ;QACzJ,+KAA+K;QAC/K,2JAA2J;QAC3J,iJAAiJ;QACjJ,mGAAmG;QACnG,iMAAiM,CACpM,CAAC;IAEF,kBAAkB;IAClB,QAAQ,CAAC,IAAI,CACX,qBAAqB;QACnB,+EAA+E;QAC/E,iFAAiF;QACjF,oEAAoE;QACpE,0EAA0E,CAC7E,CAAC;IAEF,yCAAyC;IACzC,MAAM,WAAW,GAAG,SAAS,IAAI,kBAAkB,CAAC;IACpD,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,sFAAsF;QACtF,IAAI,QAAQ,IAAI,IAAI,KAAK,YAAY;YAAE,SAAS;QAChD,IAAI,CAAC,QAAQ,IAAI,IAAI,KAAK,WAAW;YAAE,SAAS;QAChD,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;QACrC,IAAI,IAAI;YAAE,SAAS,CAAC,IAAI,CAAC,OAAO,IAAI,OAAO,IAAI,EAAE,CAAC,CAAC;IACrD,CAAC;IACD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,QAAQ,CAAC,IAAI,CAAC,eAAe,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACvD,CAAC;IAED,uEAAuE;IACvE,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,IAAI,GAAG,GAAG,GAAG,CAAC;IACd,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAElC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACjB,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YACtC,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBACrD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,IAAI,CAAC;gBACrD,YAAY,CAAC,IAAI,CAAC,OAAO,OAAO,OAAO,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAC3D,CAAC;YAAC,MAAM,CAAC;gBACP,2BAA2B;YAC7B,CAAC;QACH,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,MAAM,KAAK,GAAG;YAAE,MAAM;QAC1B,GAAG,GAAG,MAAM,CAAC;IACf,CAAC;IAED,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,QAAQ,CAAC,IAAI,CACX,wBAAwB;YACtB,4EAA4E;YAC5E,8EAA8E;YAC9E,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAC5B,CAAC;IACJ,CAAC;IAED,qEAAqE;IACrE,6EAA6E;IAC7E,sCAAsC;IACtC,IAAI,eAAe,IAAI,eAAe,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QAChD,MAAM,UAAU,GAAG,uBAAuB,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;QACjE,IAAI,UAAU;YAAE,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAE1C,wEAAwE;QACxE,yEAAyE;QACzE,mEAAmE;QACnE,sCAAsC;QACtC,MAAM,UAAU,GAAG,oBAAoB,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;QAC9D,MAAM,aAAa,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;QACtD,IAAI,aAAa;YAAE,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAClD,CAAC;IAED,2FAA2F;IAC3F,IAAI,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,GAAG,WAAW,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;QAC5E,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;gBAC3B,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAChD,MAAM,IAAI,GAAG,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC/B,OAAO,KAAK,IAAI,OAAO,CAAC,CAAC,IAAI,IAAI,QAAQ,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;YAC3D,CAAC,CAAC,CAAC;YACH,QAAQ,CAAC,IAAI,CACX,wCAAwC;gBACtC,iFAAiF;gBACjF,kFAAkF;gBAClF,uFAAuF;gBACvF,yFAAyF;gBACzF,6CAA6C;gBAC7C,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CACnB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,YAAY;IACZ,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,MAAM,aAAa,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;QACpD,IAAI,aAAa,EAAE,CAAC;YAClB,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,uCAAuC;IACvC,QAAQ,CAAC,IAAI,CACX,oBAAoB,GAAG,wBAAwB,GAAG,IAAI,GAAG,eAAe,OAAO,CAAC,QAAQ,EAAE,CAC3F,CAAC;IAEF,0EAA0E;IAC1E,6DAA6D;IAC7D,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC;IACzB,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;IAC5B,MAAM,KAAK,GAAG,KAAK,CAAC,cAAc,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IAC/D,MAAM,IAAI,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IACjC,QAAQ,CAAC,IAAI,CAAC,oCAAoC,GAAG,IAAI,KAAK,IAAI,IAAI,EAAE,CAAC,CAAC;IAE1E,OAAO,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC/B,CAAC"}
+{"version":3,"file":"system-prompt.js","sourceRoot":"","sources":["../src/system-prompt.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACpE,OAAO,EAAE,qBAAqB,EAAc,MAAM,kBAAkB,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAEhF,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAEtF,MAAM,aAAa,GAAG,CAAC,WAAW,EAAE,WAAW,EAAE,cAAc,EAAE,gBAAgB,CAAC,CAAC;AAEnF;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,GAAW,EACX,MAAgB,EAChB,QAAkB,EAClB,gBAAyB,EACzB,SAA6B,EAC7B,eAAiC;IAEjC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,cAAc;IACd,QAAQ,CAAC,IAAI,CACX,2FAA2F;QACzF,iFAAiF;QACjF,oCAAoC,CACvC,CAAC;IAEF,mFAAmF;IACnF,QAAQ,CAAC,IAAI,CACX,oBAAoB;QAClB,2EAA2E;QAC3E,uGAAuG;QACvG,6FAA6F;QAC7F,uDAAuD;QACvD,gBAAgB;QAChB,8FAA8F;QAC9F,iDAAiD;QACjD,iFAAiF;QACjF,mGAAmG;QACnG,sBAAsB,CACzB,CAAC;IAEF,8BAA8B;IAC9B,QAAQ,CAAC,IAAI,CACX,oBAAoB;QAClB,2HAA2H;QAC3H,qTAAqT;QACrT,2ZAA2Z;QAC3Z,4MAA4M;QAC5M,8GAA8G;QAC9G,4FAA4F;QAC5F,+IAA+I;QAC/I,gHAAgH;QAChH,2VAA2V;QAC3V,qLAAqL;QACrL,yGAAyG;QACzG,wGAAwG,CAC3G,CAAC;IAEF,gBAAgB;IAChB,IAAI,QAAQ,EAAE,CAAC;QACb,QAAQ,CAAC,IAAI,CACX,2BAA2B;YACzB,+FAA+F;YAC/F,gBAAgB;YAChB,+DAA+D;YAC/D,uSAAuS;YACvS,mDAAmD;YACnD,kDAAkD;YAClD,aAAa;YACb,2EAA2E;YAC3E,iEAAiE;YACjE,4CAA4C;YAC5C,mBAAmB;YACnB,0FAA0F;YAC1F,0FAA0F;YAC1F,kFAAkF,CACrF,CAAC;IACJ,CAAC;IAED,gFAAgF;IAChF,IAAI,gBAAgB,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClC,IAAI,WAAW,GAAG,EAAE,CAAC;QACrB,IAAI,CAAC;YACH,WAAW,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;QAC7D,CAAC;QAAC,MAAM,CAAC;YACP,uCAAuC;QACzC,CAAC;QACD,IAAI,WAAW,CAAC,IAAI,EAAE,EAAE,CAAC;YACvB,QAAQ,CAAC,IAAI,CACX,sBAAsB;gBACpB,oCAAoC,gBAAgB,MAAM;gBAC1D,oBAAoB,WAAW,CAAC,IAAI,EAAE,wBAAwB;gBAC9D,iEAAiE;gBACjE,+GAA+G;gBAC/G,6OAA6O,CAChP,CAAC;QACJ,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,QAAQ,CAAC,IAAI,CACX,gCAAgC;QAC9B,iEAAiE;QACjE,qDAAqD;QACrD,6IAA6I;QAC7I,4LAA4L;QAC5L,uGAAuG;QACvG,+GAA+G;QAC/G,yEAAyE;QACzE,gMAAgM;QAChM,0JAA0J;QAC1J,yJAAyJ;QACzJ,+KAA+K;QAC/K,2JAA2J;QAC3J,iJAAiJ;QACjJ,mGAAmG;QACnG,iMAAiM,CACpM,CAAC;IAEF,kBAAkB;IAClB,QAAQ,CAAC,IAAI,CACX,qBAAqB;QACnB,+EAA+E;QAC/E,iFAAiF;QACjF,oEAAoE;QACpE,0EAA0E,CAC7E,CAAC;IAEF,yCAAyC;IACzC,MAAM,WAAW,GAAG,SAAS,IAAI,kBAAkB,CAAC;IACpD,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,sFAAsF;QACtF,IAAI,QAAQ,IAAI,IAAI,KAAK,YAAY;YAAE,SAAS;QAChD,IAAI,CAAC,QAAQ,IAAI,IAAI,KAAK,WAAW;YAAE,SAAS;QAChD,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;QACrC,IAAI,IAAI;YAAE,SAAS,CAAC,IAAI,CAAC,OAAO,IAAI,OAAO,IAAI,EAAE,CAAC,CAAC;IACrD,CAAC;IACD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,QAAQ,CAAC,IAAI,CAAC,eAAe,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACvD,CAAC;IAED,uEAAuE;IACvE,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,IAAI,GAAG,GAAG,GAAG,CAAC;IACd,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAElC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACjB,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YACtC,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBACrD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,IAAI,CAAC;gBACrD,YAAY,CAAC,IAAI,CAAC,OAAO,OAAO,OAAO,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAC3D,CAAC;YAAC,MAAM,CAAC;gBACP,2BAA2B;YAC7B,CAAC;QACH,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,MAAM,KAAK,GAAG;YAAE,MAAM;QAC1B,GAAG,GAAG,MAAM,CAAC;IACf,CAAC;IAED,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,QAAQ,CAAC,IAAI,CACX,wBAAwB;YACtB,4EAA4E;YAC5E,8EAA8E;YAC9E,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAC5B,CAAC;IACJ,CAAC;IAED,qEAAqE;IACrE,6EAA6E;IAC7E,sCAAsC;IACtC,IAAI,eAAe,IAAI,eAAe,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QAChD,MAAM,UAAU,GAAG,uBAAuB,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;QACjE,IAAI,UAAU;YAAE,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAE1C,wEAAwE;QACxE,yEAAyE;QACzE,mEAAmE;QACnE,sCAAsC;QACtC,MAAM,UAAU,GAAG,oBAAoB,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;QAC9D,MAAM,aAAa,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;QACtD,IAAI,aAAa;YAAE,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAClD,CAAC;IAED,2FAA2F;IAC3F,IAAI,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,GAAG,WAAW,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;QAC5E,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;gBAC3B,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAChD,MAAM,IAAI,GAAG,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC/B,OAAO,KAAK,IAAI,OAAO,CAAC,CAAC,IAAI,IAAI,QAAQ,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;YAC3D,CAAC,CAAC,CAAC;YACH,QAAQ,CAAC,IAAI,CACX,wCAAwC;gBACtC,iFAAiF;gBACjF,kFAAkF;gBAClF,uFAAuF;gBACvF,yFAAyF;gBACzF,6CAA6C;gBAC7C,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CACnB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,YAAY;IACZ,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,MAAM,aAAa,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;QACpD,IAAI,aAAa,EAAE,CAAC;YAClB,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,uCAAuC;IACvC,QAAQ,CAAC,IAAI,CACX,oBAAoB,GAAG,wBAAwB,GAAG,IAAI,GAAG,eAAe,OAAO,CAAC,QAAQ,EAAE,CAC3F,CAAC;IAEF,0EAA0E;IAC1E,6DAA6D;IAC7D,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC;IACzB,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;IAC5B,MAAM,KAAK,GAAG,KAAK,CAAC,cAAc,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IAC/D,MAAM,IAAI,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IACjC,QAAQ,CAAC,IAAI,CAAC,oCAAoC,GAAG,IAAI,KAAK,IAAI,IAAI,EAAE,CAAC,CAAC;IAE1E,OAAO,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC/B,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kenkaiiii/ggcoder",
-  "version": "4.3.180",
+  "version": "4.3.181",
   "type": "module",
   "description": "CLI coding agent with OAuth authentication for Anthropic and OpenAI",
   "license": "MIT",
@@ -78,10 +78,10 @@
     "string-width": "^8.2.0",
     "wrap-ansi": "^10.0.0",
     "zod": "^4.4.3",
-    "@kenkaiiii/gg-ai": "4.3.180",
-    "@kenkaiiii/ggcoder-eyes": "0.1.2",
+    "@kenkaiiii/gg-agent": "4.3.181",
+    "@kenkaiiii/gg-ai": "4.3.181",
     "@kenkaiiii/gg-pixel": "4.3.95",
-    "@kenkaiiii/gg-agent": "4.3.180"
+    "@kenkaiiii/ggcoder-eyes": "0.1.2"
   },
   "optionalDependencies": {
     "@huggingface/transformers": "^3.6.0",