@link-assistant/hive-mind 1.64.1 → 1.64.3

package/src/interactive-mode.lib.mjs

@@ -38,6 +38,13 @@ import { CONFIG, createCollapsible, createRawJsonSection, escapeMarkdown, execFi
 // Use the session-started marker as the single source of truth for the
 // header string, keeping posting and filtering in lock-step.
 import { INTERACTIVE_SESSION_STARTED_MARKER, trackToolCommentId } from './tool-comments.lib.mjs';
+// Issue #1745: every comment body posted by the AI bridge MUST flow through
+// sanitizeCommentBody() before leaving the process. The leak in
+// xlab2016/space_db_private#20 happened because raw bash-tool stdout
+// (including TELEGRAM_BOT_TOKEN=...) was published verbatim. See
+// docs/case-studies/issue-1745/analysis.md for the full timeline.
+import { containsKnownToken, getAllKnownLocalTokens, sanitizeCommentBody } from './token-sanitization.lib.mjs';
+import { reportInteractiveLeak } from './telegram-leak-notifier.lib.mjs';
 
 /**
  * Creates an interactive mode handler for processing Claude/Codex CLI events
@@ -52,7 +59,23 @@ import { INTERACTIVE_SESSION_STARTED_MARKER, trackToolCommentId } from './tool-c
  * @returns {Object} Handler object with event processing methods
  */
 export const createInteractiveHandler = options => {
-  const { owner, repo, prNumber, log, verbose = false, execFile: execFileFn } = options;
+  const {
+    owner,
+    repo,
+    prNumber,
+    log,
+    verbose = false,
+    execFile: execFileFn,
+    // Issue #1745: dangerous-skip flags. All default to false; passing them
+    // through lets the operator opt out of pattern-based sanitization (for
+    // controlled debugging in private repos) while keeping active-token
+    // masking on by default.
+    skipOutputSanitization = false,
+    skipActiveTokensOutputSanitization = false,
+    // Pre-existing user content carve-out (issue body / non-bot comments /
+    // pre-existing code). When provided, sanitizer leaves these tokens untouched.
+    excludeTokens = [],
+  } = options;
   // Use injected execFile for testability, or the real one by default
   const runGhApi = execFileFn || execFileAsync;
 
@@ -88,6 +111,71 @@ export const createInteractiveHandler = options => {
     editsFailed: 0,
   };
 
+  /**
+   * Sanitize a comment body and warn the chat owner when a known-local token
+   * was about to be published. Issue #1745. The returned string is what we
+   * actually send to GitHub.
+   *
+   * @param {string} body
+   * @returns {Promise<string>} sanitized body
+   * @private
+   */
+  const sanitizeAndWarn = async body => {
+    if (typeof body !== 'string' || body.length === 0) return body;
+
+    let knownTokens;
+    try {
+      knownTokens = await getAllKnownLocalTokens();
+    } catch (err) {
+      // Best-effort: if token lookup fails, fall back to regex/secretlint only.
+      knownTokens = [];
+      if (verbose) {
+        await log(`⚠️ Interactive mode: getAllKnownLocalTokens failed: ${err.message}`, { verbose: true });
+      }
+    }
+
+    let hits = [];
+    try {
+      hits = await containsKnownToken(body, knownTokens);
+    } catch {
+      hits = [];
+    }
+
+    let sanitized = body;
+    try {
+      sanitized = await sanitizeCommentBody(body, {
+        knownTokens,
+        skipOutputSanitization,
+        skipActiveTokensOutputSanitization,
+        excludeTokens,
+      });
+    } catch (err) {
+      await log(`⚠️ Interactive mode: sanitizeCommentBody failed: ${err.message} — falling back to raw body MASKED`);
+      // Fail closed: if sanitization fails entirely, drop the body to a safe
+      // placeholder rather than leaking. Better to lose detail than secrets.
+      sanitized = '[redacted: sanitization failed]';
+    }
+
+    if (hits.length > 0) {
+      await log(`🚨 Interactive mode: known-local token(s) detected in outbound comment — sanitizer masked them. Sources: ${hits.map(h => h.source).join(', ')}`);
+      try {
+        await reportInteractiveLeak({
+          owner,
+          repo,
+          prNumber,
+          tokenHits: hits,
+          log,
+        });
+      } catch (err) {
+        if (verbose) {
+          await log(`⚠️ Interactive mode: leak notifier failed: ${err.message}`, { verbose: true });
+        }
+      }
+    }
+
+    return sanitized;
+  };
+
   /**
    * Post a comment to the PR (with rate limiting)
    * @param {string} body - Comment body
@@ -104,12 +192,16 @@ export const createInteractiveHandler = options => {
       return null;
     }
 
+    // Issue #1745: sanitize BEFORE rate-limit queuing so queued bodies are
+    // also safe (the queue persists across reconnects).
+    const safeBody = await sanitizeAndWarn(body);
+
     const now = Date.now();
     const timeSinceLastComment = now - state.lastCommentTime;
 
     if (timeSinceLastComment < CONFIG.MIN_COMMENT_INTERVAL) {
       // Queue the comment for later with toolId/taskId for tracking
-      state.commentQueue.push({ body, toolId, taskId });
+      state.commentQueue.push({ body: safeBody, toolId, taskId });
       if (verbose) {
         await log(`📝 Interactive mode: Comment queued (${state.commentQueue.length} in queue)${toolId ? ` [tool: ${toolId}]` : ''}${taskId ? ` [task: ${taskId}]` : ''}`, { verbose: true });
       }
@@ -122,7 +214,7 @@ export const createInteractiveHandler = options => {
       // with complex markdown bodies containing backticks, quotes, etc.
       // See: https://github.com/link-assistant/hive-mind/issues/1458
       const apiUrl = `repos/${owner}/${repo}/issues/${prNumber}/comments`;
-      const jsonPayload = JSON.stringify({ body });
+      const jsonPayload = JSON.stringify({ body: safeBody });
       const { stdout } = await runGhApi('gh', ['api', apiUrl, '-X', 'POST', '--input', '-'], {
         input: jsonPayload,
         maxBuffer: 10 * 1024 * 1024, // 10MB
@@ -147,13 +239,13 @@ export const createInteractiveHandler = options => {
       trackToolCommentId(commentId);
 
       if (verbose) {
-        await log(`✅ Interactive mode: Comment posted${commentId ? ` (ID: ${commentId})` : ''} (body: ${body.length} chars)`, { verbose: true });
+        await log(`✅ Interactive mode: Comment posted${commentId ? ` (ID: ${commentId})` : ''} (body: ${safeBody.length} chars)`, { verbose: true });
       }
       return commentId;
     } catch (error) {
       state.commentsFailed++;
       // Issue #1472: Always log comment failures (not just verbose) — silent failures cause zero-comment bugs
-      await log(`⚠️ Interactive mode: Failed to post comment: ${error.message} (body: ${body.length} chars)`);
+      await log(`⚠️ Interactive mode: Failed to post comment: ${error.message} (body: ${safeBody.length} chars)`);
       return null;
     }
   };
@@ -173,25 +265,29 @@ export const createInteractiveHandler = options => {
       return false;
     }
 
+    // Issue #1745: sanitize before sending. editComment is the path that
+    // leaked TELEGRAM_BOT_TOKEN in xlab2016/space_db_private#20.
+    const safeBody = await sanitizeAndWarn(body);
+
     state.editsAttempted++;
     try {
       // Edit comment via gh api with stdin to avoid shell quoting issues
       // with complex markdown bodies containing backticks, quotes, etc.
       // See: https://github.com/link-assistant/hive-mind/issues/1458
       const apiUrl = `repos/${owner}/${repo}/issues/comments/${commentId}`;
-      const jsonPayload = JSON.stringify({ body });
+      const jsonPayload = JSON.stringify({ body: safeBody });
       await runGhApi('gh', ['api', apiUrl, '-X', 'PATCH', '--input', '-'], {
         input: jsonPayload,
         maxBuffer: 10 * 1024 * 1024, // 10MB
       });
       state.editsSucceeded++;
       if (verbose) {
-        await log(`✅ Interactive mode: Comment ${commentId} updated (body: ${body.length} chars, payload: ${jsonPayload.length} chars)`, { verbose: true });
+        await log(`✅ Interactive mode: Comment ${commentId} updated (body: ${safeBody.length} chars, payload: ${jsonPayload.length} chars)`, { verbose: true });
       }
       return true;
     } catch (error) {
       state.editsFailed++;
-      await log(`⚠️ Interactive mode: Failed to edit comment ${commentId}: ${error.message} (body: ${body.length} chars)`);
+      await log(`⚠️ Interactive mode: Failed to edit comment ${commentId}: ${error.message} (body: ${safeBody.length} chars)`);
       return false;
     }
   };

package/src/lib.mjs

@@ -334,12 +334,12 @@ export const setupStdioLogInterceptor = () => {
  * @param {string} token - Token to mask
  * @param {Object} options - Masking options
  * @param {number} [options.minLength=12] - Minimum length to mask
- * @param {number} [options.startChars=5] - Number of characters to show at start
- * @param {number} [options.endChars=5] - Number of characters to show at end
+ * @param {number} [options.startChars=3] - Number of characters to show at start
+ * @param {number} [options.endChars=3] - Number of characters to show at end
  * @returns {string} Masked token
  */
 export const maskToken = (token, options = {}) => {
-  const { minLength = 12, startChars = 5, endChars = 5 } = options;
+  const { minLength = 12, startChars = 3, endChars = 3 } = options;
 
   if (!token || token.length < minLength) {
     return token; // Don't mask very short strings

package/src/post-finish-sanitization-sweep.lib.mjs

@@ -0,0 +1,201 @@
+#!/usr/bin/env node
+/**
+ * Issue #1745 — post-finish sanitization sweep.
+ *
+ * Comment #4364642786 requirement: "after AI finishes whatever the content
+ * was ... we should by default go and mask the token by editing comments,
+ * pull requests".
+ *
+ * This module re-reads bot-authored comments and the PR description after the
+ * AI session finishes, runs the body through `sanitizeOutput`, and edits the
+ * comment / PR in place if a difference is detected. It is intentionally
+ * conservative:
+ *
+ *   - We only touch content authored by the running gh user (the bot).
+ *   - We never touch issue bodies (those belong to the human).
+ *   - History rewriting (force-pushing to delete commits) is NOT performed
+ *     here. The risk to a shared branch is too high; that step requires the
+ *     operator to opt in explicitly via a future flag, and is documented in
+ *     docs/case-studies/issue-1745/analysis.md.
+ *
+ * @module post-finish-sanitization-sweep
+ */
+
+import { sanitizeOutput, getSanitizationStats } from './token-sanitization.lib.mjs';
+import { wrapDollarWithGhRetry as _wrapDollarWithGhRetry } from './github-rate-limit.lib.mjs'; // rate-limit marker (#1726): caller passes $ already wrapped through wrapDollarWithGhRetry
+
+/**
+ * Determine the bot's gh login name. The function returns null on any error
+ * so the sweep degrades gracefully when offline / unauthenticated.
+ *
+ * @param {Function} $
+ * @returns {Promise<string|null>}
+ */
+const detectBotLogin = async $ => {
+  try {
+    const result = await $`gh api user --jq .login`;
+    if (result && result.code === 0 && result.stdout) {
+      const login = result.stdout.toString().trim();
+      return login || null;
+    }
+  } catch {
+    /* swallow */
+  }
+  return null;
+};
+
+/**
+ * Sanitize bot-authored PR conversation comments (the issuecomment endpoint).
+ *
+ * @param {Object} args
+ * @param {Function} args.$ command-stream helper
+ * @param {string}   args.owner
+ * @param {string}   args.repo
+ * @param {number|string} args.prNumber
+ * @param {string}   args.botLogin
+ * @param {Function} [args.log]
+ * @param {Object}   [args.sanitizationOptions] forwarded to sanitizeOutput
+ * @returns {Promise<{scanned:number, edited:number, errors:number}>}
+ */
+export const sweepPrConversationComments = async ({ $, owner, repo, prNumber, botLogin, log = async () => {}, sanitizationOptions = {} }) => {
+  const stats = { scanned: 0, edited: 0, errors: 0 };
+  let response;
+  try {
+    response = await $`gh api repos/${owner}/${repo}/issues/${prNumber}/comments --paginate`;
+  } catch (err) {
+    await log(`⚠️ post-finish sweep: failed to list comments: ${err.message || err}`);
+    stats.errors++;
+    return stats;
+  }
+  if (!response || response.code !== 0) {
+    stats.errors++;
+    return stats;
+  }
+  let comments;
+  try {
+    comments = JSON.parse(response.stdout.toString());
+  } catch {
+    stats.errors++;
+    return stats;
+  }
+  if (!Array.isArray(comments)) return stats;
+
+  for (const c of comments) {
+    if (!c || !c.user || c.user.login !== botLogin) continue;
+    if (typeof c.body !== 'string' || c.body.length === 0) continue;
+    stats.scanned++;
+    let sanitized;
+    try {
+      sanitized = await sanitizeOutput(c.body, sanitizationOptions);
+    } catch (err) {
+      await log(`⚠️ post-finish sweep: sanitize comment ${c.id} failed: ${err.message || err}`);
+      stats.errors++;
+      continue;
+    }
+    if (sanitized === c.body) continue;
+    try {
+      const payload = JSON.stringify({ body: sanitized });
+      const edit = await $({ stdin: payload })`gh api repos/${owner}/${repo}/issues/comments/${c.id} -X PATCH --input -`;
+      if (edit && edit.code === 0) {
+        stats.edited++;
+        await log(`🔒 post-finish sweep: edited comment ${c.id} to mask leaked token(s)`);
+      } else {
+        stats.errors++;
+      }
+    } catch (err) {
+      await log(`⚠️ post-finish sweep: edit comment ${c.id} failed: ${err.message || err}`);
+      stats.errors++;
+    }
+  }
+  return stats;
+};
+
+/**
+ * Sanitize the PR description if needed.
+ *
+ * @param {Object} args
+ * @returns {Promise<{scanned:number, edited:number, errors:number}>}
+ */
+export const sweepPrDescription = async ({ $, owner, repo, prNumber, log = async () => {}, sanitizationOptions = {} }) => {
+  const stats = { scanned: 0, edited: 0, errors: 0 };
+  let response;
+  try {
+    response = await $`gh api repos/${owner}/${repo}/pulls/${prNumber}`;
+  } catch (err) {
+    await log(`⚠️ post-finish sweep: failed to fetch PR ${prNumber}: ${err.message || err}`);
+    stats.errors++;
+    return stats;
+  }
+  if (!response || response.code !== 0) {
+    stats.errors++;
+    return stats;
+  }
+  let pr;
+  try {
+    pr = JSON.parse(response.stdout.toString());
+  } catch {
+    stats.errors++;
+    return stats;
+  }
+  const body = typeof pr.body === 'string' ? pr.body : '';
+  if (body.length === 0) return stats;
+  stats.scanned++;
+  let sanitized;
+  try {
+    sanitized = await sanitizeOutput(body, sanitizationOptions);
+  } catch (err) {
+    await log(`⚠️ post-finish sweep: sanitize PR body failed: ${err.message || err}`);
+    stats.errors++;
+    return stats;
+  }
+  if (sanitized === body) return stats;
+  try {
+    const payload = JSON.stringify({ body: sanitized });
+    const edit = await $({ stdin: payload })`gh api repos/${owner}/${repo}/pulls/${prNumber} -X PATCH --input -`;
+    if (edit && edit.code === 0) {
+      stats.edited++;
+      await log('🔒 post-finish sweep: edited PR description to mask leaked token(s)');
+    } else {
+      stats.errors++;
+    }
+  } catch (err) {
+    await log(`⚠️ post-finish sweep: edit PR body failed: ${err.message || err}`);
+    stats.errors++;
+  }
+  return stats;
+};
+
+/**
+ * Run the full post-finish sweep: bot-authored PR comments + PR description.
+ * Idempotent and safe to call multiple times.
+ *
+ * @param {Object} args
+ * @returns {Promise<{comments:Object, prBody:Object, totalEdited:number, sanitizationStatsBefore:Object, sanitizationStatsAfter:Object}>}
+ */
+export const runPostFinishSweep = async ({ $, owner, repo, prNumber, log = async () => {}, sanitizationOptions = {}, botLogin: providedBotLogin }) => {
+  const sanitizationStatsBefore = getSanitizationStats();
+  const botLogin = providedBotLogin || (await detectBotLogin($));
+  const result = {
+    comments: { scanned: 0, edited: 0, errors: 0, skipped: !botLogin },
+    prBody: { scanned: 0, edited: 0, errors: 0 },
+    totalEdited: 0,
+    sanitizationStatsBefore,
+    sanitizationStatsAfter: sanitizationStatsBefore,
+  };
+  if (!owner || !repo || !prNumber) return result;
+  if (botLogin) {
+    result.comments = await sweepPrConversationComments({ $, owner, repo, prNumber, botLogin, log, sanitizationOptions });
+  } else {
+    await log('⚠️ post-finish sweep: could not determine bot login; skipping comment sweep.');
+  }
+  result.prBody = await sweepPrDescription({ $, owner, repo, prNumber, log, sanitizationOptions });
+  result.totalEdited = result.comments.edited + result.prBody.edited;
+  result.sanitizationStatsAfter = getSanitizationStats();
+  return result;
+};
+
+export default {
+  sweepPrConversationComments,
+  sweepPrDescription,
+  runPostFinishSweep,
+};

package/src/qwen.lib.mjs

@@ -20,6 +20,7 @@ import { sanitizeObjectStrings } from './unicode-sanitization.lib.mjs';
 import { qwenModels, defaultModels } from './models/index.mjs';
 import { checkPlaywrightMcpPackageAvailability } from './playwright-mcp.lib.mjs';
 import { classifyRetryableError, getRetryDelayMs, maybeSwitchToFallbackModel, waitWithCountdown } from './tool-retry.lib.mjs';
+import { getCumulativeContextInputTokens, getRestoredContextInputTokens, toTokenCount } from './context-fill.lib.mjs';
 
 export const mapModelToId = model => qwenModels[model] || model;
 
@@ -63,6 +64,59 @@ const findFirstValue = (object, paths) => {
   return null;
 };
 
+const createQwenTokenFieldAvailability = () => ({
+  inputTokens: false,
+  outputTokens: false,
+  reasoningTokens: false,
+  cacheReadTokens: false,
+  cacheWriteTokens: false,
+});
+
+const createQwenTokenUsage = modelId => ({
+  inputTokens: 0,
+  outputTokens: 0,
+  reasoningTokens: 0,
+  cacheReadTokens: 0,
+  cacheWriteTokens: 0,
+  totalTokens: 0,
+  stepCount: 0,
+  requestedModelId: modelId || null,
+  respondedModelId: modelId || null,
+  contextLimit: null,
+  outputLimit: null,
+  contextFillInputTokens: 0,
+  peakContextUsage: 0,
+  tokenFieldAvailability: createQwenTokenFieldAvailability(),
+});
+
+const cloneQwenTokenUsage = usage => {
+  if (!usage) return createQwenTokenUsage();
+  return {
+    ...usage,
+    tokenFieldAvailability: {
+      ...createQwenTokenFieldAvailability(),
+      ...(usage.tokenFieldAvailability || {}),
+    },
+  };
+};
+
+const getQwenUsageField = (usage, paths) => {
+  const value = findFirstValue(usage, paths);
+  if (value === null) return { observed: false, value: 0 };
+  return { observed: true, value: toTokenCount(value) };
+};
+
+const QWEN_USAGE_PATHS = {
+  input: [['inputTokens'], ['input_tokens'], ['input'], ['promptTokens'], ['prompt_tokens'], ['prompt']],
+  output: [['outputTokens'], ['output_tokens'], ['output'], ['completionTokens'], ['completion_tokens'], ['completion']],
+  reasoning: [['reasoningTokens'], ['reasoning_tokens'], ['thoughtsTokens'], ['thoughts_tokens']],
+  cacheRead: [['cacheReadTokens'], ['cache_read_tokens'], ['cache_read_input_tokens'], ['cachedInputTokens'], ['cached_input_tokens'], ['prompt_tokens_details', 'cached_tokens'], ['cache', 'read']],
+  cacheWrite: [['cacheWriteTokens'], ['cache_write_tokens'], ['cache_creation_input_tokens'], ['cacheCreationTokens'], ['cacheCreationInputTokens'], ['cache', 'write']],
+  contextLimit: [['contextLimit'], ['context_limit'], ['limit', 'context'], ['limits', 'context']],
+  outputLimit: [['outputLimit'], ['output_limit'], ['limit', 'output'], ['limits', 'output']],
+  model: [['model'], ['model_id'], ['modelId'], ['name']],
+};
+
 const extractTextFragments = value => {
   if (typeof value === 'string') return [value];
   if (!value || typeof value !== 'object') return [];
@@ -89,8 +143,139 @@ const createQwenParserState = state => ({
   errors: Array.isArray(state?.errors) ? [...state.errors] : [],
   sessionId: state?.sessionId || null,
   lastTextContent: state?.lastTextContent || '',
+  tokenUsage: cloneQwenTokenUsage(state?.tokenUsage),
+  resultModelUsage: state?.resultModelUsage ? { ...state.resultModelUsage } : null,
 });
 
+const buildQwenResultModelUsage = tokenUsage => {
+  if (!tokenUsage || tokenUsage.stepCount === 0) return null;
+  const modelId = tokenUsage.respondedModelId || tokenUsage.requestedModelId || 'qwen';
+  const modelInfo = tokenUsage.contextLimit || tokenUsage.outputLimit ? { limit: { context: tokenUsage.contextLimit || null, output: tokenUsage.outputLimit || null } } : null;
+  return {
+    [modelId]: {
+      inputTokens: tokenUsage.inputTokens,
+      cacheCreationTokens: tokenUsage.cacheWriteTokens,
+      cacheReadTokens: tokenUsage.cacheReadTokens,
+      outputTokens: tokenUsage.outputTokens,
+      modelName: modelId,
+      modelInfo,
+      contextFillInputTokens: tokenUsage.contextFillInputTokens,
+      peakContextUsage: tokenUsage.peakContextUsage,
+      costUSD: null,
+    },
+  };
+};
+
+const applyQwenUsageObject = (state, rawUsage, fallbackModelId = null) => {
+  if (!rawUsage || typeof rawUsage !== 'object') return;
+
+  const model = findFirstValue(rawUsage, QWEN_USAGE_PATHS.model) || fallbackModelId;
+  if (model) {
+    state.tokenUsage.requestedModelId ||= String(model);
+    state.tokenUsage.respondedModelId = String(model);
+  }
+
+  const input = getQwenUsageField(rawUsage, QWEN_USAGE_PATHS.input);
+  const output = getQwenUsageField(rawUsage, QWEN_USAGE_PATHS.output);
+  const reasoning = getQwenUsageField(rawUsage, QWEN_USAGE_PATHS.reasoning);
+  const cacheRead = getQwenUsageField(rawUsage, QWEN_USAGE_PATHS.cacheRead);
+  const cacheWrite = getQwenUsageField(rawUsage, QWEN_USAGE_PATHS.cacheWrite);
+  const contextLimit = getQwenUsageField(rawUsage, QWEN_USAGE_PATHS.contextLimit);
+  const outputLimit = getQwenUsageField(rawUsage, QWEN_USAGE_PATHS.outputLimit);
+
+  const observedTokenField = input.observed || output.observed || reasoning.observed || cacheRead.observed || cacheWrite.observed;
+  if (!observedTokenField) return;
+
+  state.tokenUsage.stepCount += 1;
+  if (input.observed) {
+    state.tokenUsage.tokenFieldAvailability.inputTokens = true;
+    state.tokenUsage.inputTokens += input.value;
+  }
+  if (output.observed) {
+    state.tokenUsage.tokenFieldAvailability.outputTokens = true;
+    state.tokenUsage.outputTokens += output.value;
+  }
+  if (reasoning.observed) {
+    state.tokenUsage.tokenFieldAvailability.reasoningTokens = true;
+    state.tokenUsage.reasoningTokens += reasoning.value;
+  }
+  if (cacheRead.observed) {
+    state.tokenUsage.tokenFieldAvailability.cacheReadTokens = true;
+    state.tokenUsage.cacheReadTokens += cacheRead.value;
+  }
+  if (cacheWrite.observed) {
+    state.tokenUsage.tokenFieldAvailability.cacheWriteTokens = true;
+    state.tokenUsage.cacheWriteTokens += cacheWrite.value;
+  }
+  if (contextLimit.observed) state.tokenUsage.contextLimit = contextLimit.value;
+  if (outputLimit.observed) state.tokenUsage.outputLimit = outputLimit.value;
+
+  const stepContextFill = getCumulativeContextInputTokens({
+    inputTokens: input.value,
+    cacheWriteTokens: cacheWrite.value,
+  });
+  if (stepContextFill > (state.tokenUsage.contextFillInputTokens || 0)) {
+    state.tokenUsage.contextFillInputTokens = stepContextFill;
+  }
+
+  const stepRestoredContext = getRestoredContextInputTokens({
+    inputTokens: input.value,
+    cacheWriteTokens: cacheWrite.value,
+    cacheReadTokens: cacheRead.value,
+  });
+  if (stepRestoredContext > (state.tokenUsage.peakContextUsage || 0)) {
+    state.tokenUsage.peakContextUsage = stepRestoredContext;
+  }
+
+  state.tokenUsage.totalTokens = state.tokenUsage.inputTokens + state.tokenUsage.cacheReadTokens + state.tokenUsage.cacheWriteTokens + state.tokenUsage.outputTokens;
+  state.resultModelUsage = buildQwenResultModelUsage(state.tokenUsage);
+};
+
+const applyQwenUsageToState = (state, event) => {
+  const rawUsage = event?.usage || event?.stats || event?.tokenUsage || null;
+  if (!rawUsage || typeof rawUsage !== 'object') return;
+
+  const modelStats = rawUsage.models && typeof rawUsage.models === 'object' ? rawUsage.models : null;
+  if (modelStats) {
+    for (const [modelId, data] of Object.entries(modelStats)) {
+      applyQwenUsageObject(state, data?.tokens || data?.usage || data, modelId);
+    }
+    return;
+  }
+
+  applyQwenUsageObject(state, rawUsage, findFirstValue(event, QWEN_USAGE_PATHS.model));
+};
+
+const buildQwenPricingInfo = (state, mappedModel) => {
+  const tokenUsage = cloneQwenTokenUsage(state?.tokenUsage);
+  if (!tokenUsage || tokenUsage.stepCount === 0) {
+    return {
+      pricingInfo: null,
+      publicPricingEstimate: null,
+      tokenUsage: null,
+      resultModelUsage: null,
+    };
+  }
+
+  tokenUsage.requestedModelId ||= mappedModel || 'qwen';
+  tokenUsage.respondedModelId ||= tokenUsage.requestedModelId;
+  const modelId = tokenUsage.respondedModelId || tokenUsage.requestedModelId;
+
+  return {
+    pricingInfo: {
+      provider: 'Qwen Code',
+      modelId,
+      modelName: modelId,
+      totalCostUSD: null,
+      source: 'qwen-stream-json',
+      tokenUsage,
+    },
+    publicPricingEstimate: null,
+    tokenUsage,
+    resultModelUsage: buildQwenResultModelUsage(tokenUsage),
+  };
+};
+
 const addQwenEventToState = (state, rawEvent) => {
   const event = sanitizeObjectStrings(rawEvent);
   state.parsedEvents.push(event);
@@ -118,6 +303,8 @@ const addQwenEventToState = (state, rawEvent) => {
       isAuthError: isQwenAuthError(errorMessage),
     });
   }
+
+  applyQwenUsageToState(state, event);
 };
 
 export const parseQwenStreamJsonOutput = (output, state = {}) => {
@@ -377,6 +564,7 @@ export const executeQwenCommand = async params => {
         .join('\n');
       const combinedErrorText = `${allOutput}\n${errorMessage}`.trim();
       const limitInfo = detectUsageLimit(combinedErrorText);
+      const usageResult = buildQwenPricingInfo(qwenState, mappedModel);
 
       if (limitInfo.isUsageLimit) {
         const messageLines = formatUsageLimitMessage({
@@ -394,9 +582,7 @@ export const executeQwenCommand = async params => {
           sessionId,
           limitReached: true,
           limitResetTime: limitInfo.resetTime,
-          pricingInfo: null,
-          publicPricingEstimate: null,
-          tokenUsage: null,
+          ...usageResult,
           resultSummary,
         };
       }
@@ -444,9 +630,7 @@ export const executeQwenCommand = async params => {
           sessionId,
           limitReached: false,
           limitResetTime: null,
-          pricingInfo: null,
-          publicPricingEstimate: null,
-          tokenUsage: null,
+          ...usageResult,
           resultSummary,
         };
       }
@@ -461,9 +645,7 @@ export const executeQwenCommand = async params => {
         sessionId,
         limitReached: false,
         limitResetTime: null,
-        pricingInfo: null,
-        publicPricingEstimate: null,
-        tokenUsage: null,
+        ...usageResult,
         resultSummary,
       };
     } catch (error) {

package/src/solve.config.lib.mjs

@@ -115,6 +115,21 @@ export const SOLVE_OPTION_DEFINITIONS = {
     description: 'Upload the solution draft log file to the Pull Request on completion (⚠️ WARNING: May expose sensitive data)',
     default: false,
   },
+  'dangerously-skip-output-sanitization': {
+    type: 'boolean',
+    description: 'DANGEROUS: skip pattern-based sanitization of generated output. Active local token masking stays enabled unless --dangerously-skip-active-tokens-output-sanitization is also set.',
+    default: false,
+  },
+  'dangerously-skip-code-output-sanitization': {
+    type: 'boolean',
+    description: 'DANGEROUS: allow generated code/file output to keep pattern-matched token-looking strings. Active local token masking stays enabled unless explicitly disabled.',
+    default: false,
+  },
+  'dangerously-skip-active-tokens-output-sanitization': {
+    type: 'boolean',
+    description: 'DANGEROUS: skip masking known active local tokens in output. This is separate from other sanitization skip flags and should only be used for controlled debugging.',
+    default: false,
+  },
   'auto-close-pull-request-on-fail': {
     type: 'boolean',
     description: 'Automatically close the pull request if execution fails',