@luanpdd/kit-mcp 1.5.3 → 1.6.0

package/kit/hooks/sidecar-tool-publisher.js

@@ -0,0 +1,182 @@
+#!/usr/bin/env node
+// hook-version: 1.6.0
+// kit-mcp · Sidecar Tool Publisher (PostToolUse)
+//
+// Publishes every Claude Code tool invocation to the kit-mcp sidecar so the
+// localhost UI shows real-time activity from this IDE — including edits,
+// reads, bash, agent spawns, MCP calls. Closes the gap where the sidecar
+// previously only saw `kit sync`/`reverse-sync`/`gates` operations.
+//
+// Pipeline: PostToolUse hook → reads stdin envelope → discovers sidecar
+// lockfile (per project_root) → POST /publish → fire-and-forget.
+//
+// SOFT failure: any error logs to stderr and exits 0. Never blocks the user.
+//
+// Module format: ESM (package.json "type": "module"). Stays compatible whether
+// run from inside the kit-mcp repo or from a user project.
+//
+// Enable via `~/.claude/settings.json` (or per-project `.claude/settings.json`):
+//   {
+//     "hooks": {
+//       "PostToolUse": [{
+//         "matcher": "*",
+//         "hooks": [{
+//           "type": "command",
+//           "command": "node /abs/path/to/sidecar-tool-publisher.js"
+//         }]
+//       }]
+//     }
+//   }
+
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+import http from 'node:http';
+import crypto from 'node:crypto';
+import process from 'node:process';
+
+let input = '';
+const stdinTimeout = setTimeout(() => process.exit(0), 1500);
+process.stdin.setEncoding('utf8');
+process.stdin.on('data', (chunk) => { input += chunk; });
+process.stdin.on('end', () => {
+  clearTimeout(stdinTimeout);
+  try {
+    const data = input ? JSON.parse(input) : {};
+    const toolName = data.tool_name || data.toolName || 'unknown';
+    const projectRoot = data.project_root || data.cwd || process.cwd();
+
+    debugLog({ phase: 'received', toolName, projectRoot, cwd: process.cwd(), keys: Object.keys(data) });
+
+    // Try requested projectRoot first; if no lockfile found, scan all
+    // kit-mcp-ui-*.lock files in tmpdir and pick one that healthz-responds.
+    // This makes the hook resilient to projectRoot mismatch (case, separators,
+    // trailing slash, parent-of-project edits, etc).
+    let port = readSidecarPort(projectRoot);
+    if (!port) port = scanAnyRunningSidecar();
+    if (!port) {
+      debugLog({ phase: 'no_sidecar', projectRoot });
+      process.exit(0);
+    }
+
+    const payload = {
+      tool: toolName,
+      sessionId: data.session_id || data.sessionId || null,
+      durationMs: typeof data.duration_ms === 'number' ? data.duration_ms : null,
+      argsSummary: summarizeArgs(data.tool_input),
+      source: detectSource(),
+    };
+
+    const event = {
+      type: 'tool_invocation',
+      ts: Date.now(),
+      runId: null,
+      payload,
+    };
+
+    publish(port, event);
+    process.exit(0);
+  } catch (err) {
+    process.stderr.write(`[sidecar-tool-publisher] ${err.message}\n`);
+    process.exit(0);
+  }
+});
+
+function readSidecarPort(projectRoot) {
+  // Mirror src/ui/lockfile.js#lockPathFor (sha1(projectRoot).slice(0,16))
+  try {
+    const hash = crypto.createHash('sha1').update(projectRoot).digest('hex').slice(0, 16);
+    const lockPath = path.join(os.tmpdir(), `kit-mcp-ui-${hash}.lock`);
+    const raw = fs.readFileSync(lockPath, 'utf8');
+    const lock = JSON.parse(raw);
+    return typeof lock.port === 'number' ? lock.port : null;
+  } catch {
+    return null;
+  }
+}
+
+// Scan os.tmpdir() for any kit-mcp-ui-*.lock and return the first valid port.
+// Used as a fallback when projectRoot doesn't match any known lockfile (case
+// variants, separator differences, parent-dir edits, etc).
+function scanAnyRunningSidecar() {
+  try {
+    const dir = os.tmpdir();
+    const entries = fs.readdirSync(dir);
+    for (const name of entries) {
+      if (!/^kit-mcp-ui-[0-9a-f]{16}\.lock$/.test(name)) continue;
+      try {
+        const raw = fs.readFileSync(path.join(dir, name), 'utf8');
+        const lock = JSON.parse(raw);
+        if (typeof lock.port === 'number' && typeof lock.pid === 'number') {
+          // Best-effort liveness check.
+          try { process.kill(lock.pid, 0); return lock.port; } catch { /* dead */ }
+        }
+      } catch { /* skip unreadable */ }
+    }
+  } catch { /* tmpdir unreadable */ }
+  return null;
+}
+
+function debugLog(obj) {
+  if (process.env.KIT_MCP_HOOK_DEBUG !== '1') return;
+  try {
+    const line = JSON.stringify({ ts: Date.now(), ...obj }) + '\n';
+    fs.appendFileSync(path.join(os.tmpdir(), 'kit-mcp-hook.log'), line);
+  } catch { /* noop */ }
+}
+
+function summarizeArgs(args) {
+  if (!args || typeof args !== 'object') return null;
+  const out = {};
+  if (typeof args.command === 'string')       out.command   = truncate(args.command, 120);
+  if (typeof args.file_path === 'string')     out.file_path = truncate(args.file_path, 200);
+  if (typeof args.pattern === 'string')       out.pattern   = truncate(args.pattern, 80);
+  if (typeof args.url === 'string')           out.url       = truncate(args.url, 120);
+  if (typeof args.description === 'string')   out.description = truncate(args.description, 80);
+  if (Array.isArray(args.actions))            out.action_count = args.actions.length;
+  return Object.keys(out).length ? out : null;
+}
+
+function truncate(s, n) { return s.length > n ? s.slice(0, n - 1) + '…' : s; }
+
+function detectSource() {
+  const ide = detectIde();
+  const pid = process.ppid || process.pid;
+  const id = `${ide}:${pid}`;
+  return {
+    id,
+    ide,
+    pid,
+    hostname: os.hostname(),
+  };
+}
+
+function detectIde() {
+  if (process.env.CLAUDE_CODE_VERSION || process.env.CLAUDECODE) return 'claude-code';
+  if (process.env.CURSOR_TRACE_ID) return 'cursor';
+  if (process.env.TERM_PROGRAM === 'vscode') return 'vscode';
+  if (process.env.JETBRAINS_IDE) return 'jetbrains';
+  return 'unknown';
+}
+
+function publish(port, event) {
+  const body = JSON.stringify(event);
+  const req = http.request({
+    method: 'POST',
+    host: '127.0.0.1',
+    port,
+    path: '/publish',
+    agent: false,
+    headers: {
+      host: `127.0.0.1:${port}`,
+      'content-type': 'application/json',
+      'content-length': Buffer.byteLength(body, 'utf8'),
+      origin: `http://127.0.0.1:${port}`,
+      connection: 'close',
+    },
+  }, (res) => { res.resume(); });
+  req.on('error', () => { /* fire-and-forget */ });
+  req.setTimeout(800, () => { try { req.destroy(); } catch (_) { /* noop */ } });
+  req.write(body);
+  req.end();
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@luanpdd/kit-mcp",
-  "version": "1.5.3",
+  "version": "1.6.0",
   "description": "Generic infrastructure to ship YOUR personal kit of agents/commands/skills as an MCP server, with cross-IDE sync (Claude Code, Cursor, Codex, Gemini, Windsurf, Antigravity, Copilot, Trae).",
   "type": "module",
   "bin": {
@@ -44,7 +44,8 @@
     "smoke": "node bin/cli.js kit list-agents | head -5",
     "test": "node test/run.mjs test/unit",
     "test:integration": "node test/run.mjs test/integration",
-    "test:all": "node test/run.mjs test"
+    "test:all": "node test/run.mjs test",
+    "prepublishOnly": "node test/run.mjs test/unit && node test/run.mjs test/integration"
   },
   "dependencies": {
     "@inquirer/prompts": "^8.4.2",

package/src/core/kit.js

@@ -10,6 +10,12 @@ import { fileURLToPath } from 'node:url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname  = path.dirname(__filename);
 
+// PERF-02: Frontmatter regexes compiled once at module load (was being recompiled
+// on every readMdDir / readSkillsDir entry — 60+ times per listKit call).
+const FRONTMATTER_SPLIT_RE = /^---\r?\n([\s\S]*?)\r?\n---\r?\n?([\s\S]*)$/;
+const FRONTMATTER_RAW_RE   = /^(---\r?\n[\s\S]*?\r?\n---\r?\n?)/;
+const YAML_KEY_RE          = /^([A-Za-z0-9_-]+):\s*(.*)$/;
+
 // Resolution order for the kit root (re-evaluated on each call so env-var
 // overrides set after module load — e.g. by the CLI preAction hook — work):
 //   1. explicit `kitRoot` opt passed by caller
@@ -22,15 +28,30 @@ export function resolveKitRoot(kitRoot) {
   return BUNDLED_KIT_ROOT;
 }
 
+// PERF-01: TTL cache for listKit output. Repeated calls within KIT_CACHE_TTL_MS
+// return the cached value — sync/reverse-sync/MCP list-* tools used to walk the
+// disk on every invocation. Trade-off: callers that edit kit/ inside the same
+// process may see stale data for up to 30s. Acceptable for MCP/CLI ergonomics.
+const KIT_CACHE_TTL_MS = 30_000;
+const kitCache = new Map(); // kitRoot -> { value, ts }
+
+export function clearKitCache() { kitCache.clear(); }
+
 export async function listKit(kitRoot) {
   kitRoot = resolveKitRoot(kitRoot);
+  const cached = kitCache.get(kitRoot);
+  if (cached && Date.now() - cached.ts < KIT_CACHE_TTL_MS) {
+    return cached.value;
+  }
   const [agents, commands, skills, skillsExtras] = await Promise.all([
     readMdDir(path.join(kitRoot, 'agents'),    'agent'),
     readMdDir(path.join(kitRoot, 'commands'),  'command'),
     readSkillsDir(path.join(kitRoot, 'skills')),
     readSkillsDir(path.join(kitRoot, 'skills-extras')).catch(() => []),
   ]);
-  return { agents, commands, skills, skillsExtras, kitRoot };
+  const value = { agents, commands, skills, skillsExtras, kitRoot };
+  kitCache.set(kitRoot, { value, ts: Date.now() });
+  return value;
 }
 
 async function readMdDir(dir, kind) {
@@ -95,13 +116,13 @@ async function readSkillsDir(dir) {
 // Good enough for our SKILL.md / agent.md headers.
 
 function splitFrontmatter(raw) {
-  const m = raw.match(/^---\r?\n([\s\S]*?)\r?\n---\r?\n?([\s\S]*)$/);
+  const m = raw.match(FRONTMATTER_SPLIT_RE);
   if (!m) return { frontmatter: null, body: raw };
   return { frontmatter: parseLooseYaml(m[1]), body: m[2] };
 }
 
 function matchFrontmatterRaw(raw) {
-  const m = raw.match(/^(---\r?\n[\s\S]*?\r?\n---\r?\n?)/);
+  const m = raw.match(FRONTMATTER_RAW_RE);
   return m ? m[1] : '';
 }
 
@@ -111,7 +132,7 @@ function parseLooseYaml(text) {
   let i = 0;
   while (i < lines.length) {
     const line = lines[i];
-    const m = line.match(/^([A-Za-z0-9_-]+):\s*(.*)$/);
+    const m = line.match(YAML_KEY_RE);
     if (!m) { i++; continue; }
     const key = m[1];
     let val = m[2];

package/src/core/reverse-sync.js

@@ -26,7 +26,8 @@ export async function detectReverse(targetId, opts = {}) {
   const target      = getTarget(targetId);
   const projectRoot = path.resolve(opts.projectRoot ?? process.cwd());
   const kitRoot     = resolveKitRoot(opts.kitRoot);
-  const kit         = await listKit(kitRoot);
+  // PERF-03: accept a pre-loaded kit; reduces sync+reverse-sync from 2 walks to 1.
+  const kit         = opts.kit ?? await listKit(kitRoot);
 
   const candidates = [];
 

package/src/core/sync.js

@@ -26,7 +26,9 @@ export async function syncTo(targetId, opts = {}) {
   const dryRun      = !!opts.dryRun;
   const onProgress  = opts.onProgress ?? (() => {});
 
-  const kit  = await listKit(kitRoot);
+  // PERF-03: accept a pre-loaded kit to avoid re-walking the disk when callers
+  // already have one in hand (CLI sync that follows reverse-sync detect, etc).
+  const kit  = opts.kit ?? await listKit(kitRoot);
   const ops  = [];
 
   if (target.rules) {
@@ -99,6 +101,16 @@ export async function syncTo(targetId, opts = {}) {
   return { target: targetId, mode, projectRoot, kitRoot, written: ops.map(o => o.path), dryRun };
 }
 
+// SEC-02: walkTree refuses entries whose normalized rel-path escapes the root or
+// is absolute, blocking path-traversal via maliciously-named files in mode=copy.
+function isSafeRel(rel) {
+  if (!rel) return false;
+  const norm = path.posix.normalize(rel.replaceAll('\\', '/'));
+  if (norm.startsWith('..') || norm.startsWith('/') || /^[A-Za-z]:/.test(norm)) return false;
+  if (norm.split('/').some((seg) => seg === '..')) return false;
+  return true;
+}
+
 async function walkTree(dir) {
   const out = [];
   async function visit(current, relPrefix) {
@@ -108,6 +120,12 @@ async function walkTree(dir) {
     for (const e of entries) {
       const abs = path.join(current, e.name);
       const rel = relPrefix ? `${relPrefix}/${e.name}` : e.name;
+      // SEC-02: reject names that would compose into path-traversal.
+      if (!isSafeRel(rel)) {
+        const err = new Error(`walkTree refuses unsafe path: ${rel}`);
+        err.code = 'EUNSAFEPATH';
+        throw err;
+      }
       if (e.isDirectory()) {
         await visit(abs, rel);
       } else if (e.isFile()) {
@@ -233,28 +251,37 @@ See: [\`${rel}\`](${rel})
 `;
 }
 
-function buildAggregatedRules(kit, target, kitRoot) {
+// TOK-02: produce summary-only listings. Full descriptions live in each item's
+// own file under kit/ — duplicating them here costs tokens in every Claude
+// Code session. Cap each line at ~80 chars; users can `kit get <name>` for the
+// full description.
+const SUMMARY_MAX_CHARS = 80;
+function summarize(desc) {
+  if (!desc) return '';
+  const flat = desc.replace(/\s+/g, ' ').trim();
+  if (flat.length <= SUMMARY_MAX_CHARS) return flat;
+  return flat.slice(0, SUMMARY_MAX_CHARS - 1) + '…';
+}
+
+function buildAggregatedRules(kit, target /* , kitRoot */) {
   const lines = [
     STUB_MARKER,
     '',
-    '# Personal kit instructions',
-    '',
-    '> Auto-generated by kit-mcp. Edit the canonical source files under `kit/` —',
-    '> running `kit sync ' + (target.label ? '<target>' : '') + '` regenerates this file.',
-    '',
-    '## Available agents',
+    '# Personal kit',
+    `> Auto-gen. Edit \`kit/\`; rerun \`kit sync ${target.label ? '<target>' : ''}\`.`,
     '',
+    '## Agents',
   ];
   for (const a of kit.agents) {
-    lines.push(`- **${a.name}** — ${a.description || '(no description)'}`);
+    lines.push(`- **${a.name}** — ${summarize(a.description) || '(no description)'}`);
   }
-  lines.push('', '## Available commands', '');
+  lines.push('', '## Commands');
   for (const c of kit.commands) {
-    lines.push(`- **/${c.name}** — ${c.description || '(no description)'}`);
+    lines.push(`- **/${c.name}** — ${summarize(c.description) || '(no description)'}`);
   }
-  lines.push('', '## Available skills', '');
+  lines.push('', '## Skills');
   for (const s of [...kit.skills, ...kit.skillsExtras]) {
-    lines.push(`- **${s.name}** — ${s.description || '(no description)'}`);
+    lines.push(`- **${s.name}** — ${summarize(s.description) || '(no description)'}`);
   }
   lines.push('');
   return lines.join('\n');

package/src/ui/lockfile.js

@@ -97,7 +97,26 @@ export function releaseLock(projectRoot) {
 //   { stale: false, reason: 'healthz_ok' }      — process exists AND healthz responded
 //   { stale: true,  reason: 'pid_gone' }        — pid is ESRCH
 //   { stale: true,  reason: 'healthz_failed' }  — pid alive but no healthz response (used when healthzProbe provided)
-export async function probeStale(lock, { healthzProbe } = {}) {
+// PERF-04: budget for healthz probe inside acquireLockOrReclaim. A misbehaving
+// sidecar that accepts the connection but never responds shouldn't block startup
+// of a fresh sidecar — we treat slow-as-dead and reclaim.
+const HEALTHZ_PROBE_TIMEOUT_MS = 500;
+
+function withTimeout(promise, ms, fallback) {
+  return new Promise((resolve) => {
+    let settled = false;
+    const timer = setTimeout(() => {
+      if (!settled) { settled = true; resolve(fallback); }
+    }, ms);
+    if (typeof timer.unref === 'function') timer.unref();
+    Promise.resolve(promise).then(
+      (v) => { if (!settled) { settled = true; clearTimeout(timer); resolve(v); } },
+      () => { if (!settled) { settled = true; clearTimeout(timer); resolve(fallback); } },
+    );
+  });
+}
+
+export async function probeStale(lock, { healthzProbe, probeTimeoutMs } = {}) {
   if (!lock || typeof lock.pid !== 'number') {
     return { stale: true, reason: 'invalid_lock' };
   }
@@ -115,26 +134,47 @@ export async function probeStale(lock, { healthzProbe } = {}) {
   if (!healthzProbe) {
     return { stale: false, reason: 'pid_alive' };
   }
-  try {
-    const ok = await healthzProbe(lock.port);
-    if (ok) return { stale: false, reason: 'healthz_ok' };
-    return { stale: true, reason: 'healthz_failed' };
-  } catch {
-    return { stale: true, reason: 'healthz_failed' };
-  }
+  // PERF-04: bound the probe so a hung sidecar can't stall startup forever.
+  const ms = probeTimeoutMs ?? HEALTHZ_PROBE_TIMEOUT_MS;
+  const ok = await withTimeout(healthzProbe(lock.port), ms, false);
+  if (ok) return { stale: false, reason: 'healthz_ok' };
+  return { stale: true, reason: 'healthz_failed' };
 }
 
 // Convenience: take + retry once if stale lock is detected.
+// SEC-01: re-prove staleness after releaseLock and before the retry acquire to
+// close the TOCTOU window where a competing process could have raced into the
+// lockfile between our probe and our retry.
 export async function acquireLockOrReclaim(opts) {
   try {
     return acquireLock(opts);
   } catch (err) {
     if (err.code !== 'ELOCKED') throw err;
     const existing = readLock(opts.projectRoot);
-    const probe = await probeStale(existing, { healthzProbe: opts.healthzProbe });
+    const probe = await probeStale(existing, { healthzProbe: opts.healthzProbe, probeTimeoutMs: opts.probeTimeoutMs });
     if (probe.stale) {
       releaseLock(opts.projectRoot);
-      return acquireLock(opts);
+      // SEC-01: second prove. If something raced into the lock between our
+      // releaseLock and our retry-acquire, surface ELIVE instead of clobbering.
+      try {
+        return acquireLock(opts);
+      } catch (retryErr) {
+        if (retryErr.code !== 'ELOCKED') throw retryErr;
+        const racer = readLock(opts.projectRoot);
+        const racerProbe = await probeStale(racer, { healthzProbe: opts.healthzProbe, probeTimeoutMs: opts.probeTimeoutMs });
+        if (racerProbe.stale) {
+          // Genuinely dead again — third try. If THIS fails too, give up.
+          releaseLock(opts.projectRoot);
+          return acquireLock(opts);
+        }
+        const liveErr = new Error(
+          `Sidecar reclaimed by another process during retry (pid=${racer?.pid}, port=${racer?.port}). ` +
+          `Use \`kit ui status\` to inspect.`,
+        );
+        liveErr.code = 'ELIVE';
+        liveErr.lock = racer;
+        throw liveErr;
+      }
     }
     const liveErr = new Error(
       `Sidecar already running for this project (pid=${existing?.pid}, port=${existing?.port}). ` +

package/src/ui/server.js

@@ -311,12 +311,30 @@ export function createServer({
     });
   }
 
-  function handleState(res) {
+  // PERF-05: optional pagination via ?offset=N&limit=M. No query → ring inteiro
+  // (back-compat preservada). Out-of-range values clamp to bounds rather than 4xx.
+  function handleState(res, url) {
+    let events = ring;
+    const offsetRaw = url?.searchParams?.get('offset');
+    const limitRaw  = url?.searchParams?.get('limit');
+    if (offsetRaw !== null && offsetRaw !== undefined) {
+      const offset = Math.max(0, Number.parseInt(offsetRaw, 10) || 0);
+      const limit  = limitRaw !== null && limitRaw !== undefined
+        ? Math.max(0, Number.parseInt(limitRaw, 10) || 0)
+        : ring.length - offset;
+      events = ring.slice(offset, offset + limit);
+    } else if (limitRaw !== null && limitRaw !== undefined) {
+      const limit = Math.max(0, Number.parseInt(limitRaw, 10) || 0);
+      events = ring.slice(0, limit);
+    } else {
+      events = ring.slice();
+    }
     sendJson(res, 200, {
       version,
       port: listeningPort,
       eventsTotal: nextSeq - 1,
-      events: ring.slice(),
+      ringSize: ring.length,
+      events,
     });
   }
 
@@ -360,7 +378,7 @@ export function createServer({
         case 'GET /healthz':
           return handleHealthz(res);
         case 'GET /state':
-          return handleState(res);
+          return handleState(res, url);
         case 'POST /publish':
           return handlePublish(req, res);
         case 'POST /shutdown':

package/src/ui/static/index.html

@@ -613,6 +613,23 @@ button { font: inherit; color: inherit; background: none; border: 0; cursor: poi
   flex-shrink: 0;
 }
 
+/* Source pill: identifies which terminal/IDE/PID emitted this event.
+   Used by the sidecar-tool-publisher hook (v1.6+) and any future multi-source clients. */
+.tl-source {
+  font-family: var(--mono);
+  font-size: 10px;
+  color: var(--text-3);
+  background: var(--surface-2);
+  border: 1px solid var(--line);
+  border-radius: 3px;
+  padding: 1px 6px;
+  flex-shrink: 0;
+}
+.tl-source[data-ide="claude-code"] { color: var(--accent); border-color: var(--accent-soft); }
+.tl-source[data-ide="cursor"]      { color: #8be9fd; }
+.tl-source[data-ide="vscode"]      { color: #58a6ff; }
+.tl-source[data-ide="jetbrains"]   { color: #ff9d76; }
+
 /* ───────────────────────── empty state ───────────────────────── */
 .empty {
   margin: 32px 0;
@@ -1679,7 +1696,8 @@ function rowHtml(evt, idx, prev) {
     case "tool_invocation": {
       const tool = safeStr(evt.payload?.tool || "");
       const title = humanizeTool(tool) || fallback(evt.payload?.title, evt.payload?.label, "ferramenta invocada");
-      msg = `<strong>${escapeHtml(title)}</strong>${tool ? ` <span class="ident">${escapeHtml(tool)}</span>` : ""}`;
+      const argsHint = renderArgsSummary(evt.payload?.argsSummary);
+      msg = `<strong>${escapeHtml(title)}</strong>${tool ? ` <span class="ident">${escapeHtml(tool)}</span>` : ""}${argsHint}`;
       break;
     }
     case "shutdown": {
@@ -1689,6 +1707,7 @@ function rowHtml(evt, idx, prev) {
     default:
       msg = `<span class="ident">${escapeHtml(badge.toLowerCase())}</span>`;
   }
+  const sourcePill = renderSourcePill(evt.payload?.source);
   return `
     <div class="tl-row" data-type="${evt.type}" data-ok="${ok}" data-grouped="${grouped}">
       <div class="tl-time" title="${time}">${rel}</div>
@@ -1697,12 +1716,33 @@ function rowHtml(evt, idx, prev) {
         <span class="tl-badge">${badge}</span>
         <span class="tl-msg">${msg}</span>
         ${tokenChip}
+        ${sourcePill}
         ${evt.runId ? `<span class="tl-runid">${evt.runId.slice(0,6)}</span>` : ""}
       </div>
     </div>
   `;
 }
 
+function renderArgsSummary(args) {
+  if (!args || typeof args !== "object") return "";
+  const bits = [];
+  if (args.file_path) bits.push(`<span class="path">${escapeHtml(safeStr(args.file_path))}</span>`);
+  if (args.command)   bits.push(`<span class="ident">${escapeHtml(safeStr(args.command))}</span>`);
+  if (args.pattern)   bits.push(`<span class="ident">/${escapeHtml(safeStr(args.pattern))}/</span>`);
+  if (args.url)       bits.push(`<span class="ident">${escapeHtml(safeStr(args.url))}</span>`);
+  if (args.description) bits.push(`<span class="ident">${escapeHtml(safeStr(args.description))}</span>`);
+  if (args.action_count) bits.push(`<span class="ident">×${args.action_count}</span>`);
+  return bits.length ? ` ${bits.join(" ")}` : "";
+}
+
+function renderSourcePill(source) {
+  if (!source || typeof source !== "object") return "";
+  const ide = safeStr(source.ide || "");
+  const id = safeStr(source.id || "") || (source.pid ? `${ide}:${source.pid}` : ide);
+  if (!id) return "";
+  return `<span class="tl-source" data-ide="${escapeHtml(ide)}" title="${escapeHtml(id)}">${escapeHtml(id)}</span>`;
+}
+
 function escapeHtml(s) {
   return String(s ?? "").replace(/[&<>"']/g, (c) => ({"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;"}[c]));
 }

package/src/ui/wrapper.js

@@ -21,16 +21,26 @@ function escapeForReplace(s) {
   return s.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
 }
 
+// SEC-03: Match Windows-style paths (backslash) AND POSIX-style (forward slash)
+// AND case variants on case-insensitive filesystems. We swap each separator for
+// a placeholder, then regex-escape the rest, then put back a char class that
+// matches either separator. 'i' flag handles case-insensitive Windows drives.
+const PATH_SEP_PLACEHOLDER = '
KMSEP
';
+function buildPathRegex(rawPath) {
+  const withPlaceholders = rawPath.replace(/[\\/]+/g, PATH_SEP_PLACEHOLDER);
+  const escaped = escapeForReplace(withPlaceholders);
+  const flexible = escaped.split(PATH_SEP_PLACEHOLDER).join('[\\\\/]+');
+  return new RegExp(flexible, 'gi');
+}
+
 export function redactPath(value, projectRoot) {
   if (typeof value === 'string') {
     let out = value;
     if (projectRoot) {
-      const re = new RegExp(escapeForReplace(projectRoot), 'g');
-      out = out.replace(re, '<project>');
+      out = out.replace(buildPathRegex(projectRoot), '<project>');
     }
     if (HOME) {
-      const re = new RegExp(escapeForReplace(HOME), 'g');
-      out = out.replace(re, '~');
+      out = out.replace(buildPathRegex(HOME), '~');
     }
     return out;
   }