@nanhara/hara 0.48.0 → 0.62.0

package/dist/tools/web.js

@@ -1,7 +1,67 @@
 // web_fetch — fetch an http(s) URL and return readable text (HTML reduced to text). Read-only.
-// Uses Node's global fetch (Node >=20). NOT sandboxed (network egress is in-process, not via bash).
+// Uses Node's global fetch (Node >=20). NOT sandboxed (network egress is in-process, not via bash) —
+// so it carries an SSRF guard: private/loopback/link-local targets are refused, re-checked on every
+// redirect hop, and the body is read under a hard byte ceiling.
 import { registerTool } from "./registry.js";
+import { lookup } from "node:dns/promises";
+import { isIP } from "node:net";
 const MAX = 60_000;
+/** True for loopback / private / link-local / ULA / CGNAT addresses we must not let web_fetch reach. */
+export function isPrivateIp(ip) {
+    const host = ip.replace(/^\[|\]$/g, "");
+    if (isIP(host) === 4) {
+        const p = host.split(".").map(Number);
+        return p[0] === 0 || p[0] === 10 || p[0] === 127 || (p[0] === 172 && p[1] >= 16 && p[1] <= 31) || (p[0] === 192 && p[1] === 168) || (p[0] === 169 && p[1] === 254) || (p[0] === 100 && p[1] >= 64 && p[1] <= 127);
+    }
+    const l = host.toLowerCase();
+    if (l === "::1" || l === "::")
+        return true;
+    if (l.startsWith("fe80") || l.startsWith("fc") || l.startsWith("fd"))
+        return true; // link-local + unique-local
+    const m = /^::ffff:(\d+\.\d+\.\d+\.\d+)$/.exec(l); // IPv4-mapped IPv6
+    return m ? isPrivateIp(m[1]) : false;
+}
+/** Refuse to fetch a host that is (or resolves to) a private/internal address — defeats metadata-endpoint
+ *  / localhost SSRF. Throws (caught by the caller) on a blocked or unresolvable host. */
+async function assertPublicHost(hostname) {
+    const host = hostname.replace(/^\[|\]$/g, "");
+    if (isIP(host)) {
+        if (isPrivateIp(host))
+            throw new Error(`refusing to fetch ${host} (private/loopback address)`);
+        return;
+    }
+    const addrs = await lookup(host, { all: true });
+    for (const a of addrs)
+        if (isPrivateIp(a.address))
+            throw new Error(`refusing to fetch ${host} — resolves to a private/internal address (${a.address})`);
+}
+/** Read a fetch Response body up to `maxBytes`, then stop (avoids materializing a huge / bomb body). */
+async function readCapped(res, maxBytes) {
+    if (!res.body)
+        return res.text();
+    const reader = res.body.getReader();
+    const chunks = [];
+    let total = 0;
+    for (;;) {
+        const { done, value } = await reader.read();
+        if (done)
+            break;
+        if (value) {
+            chunks.push(value);
+            total += value.length;
+        }
+        if (total >= maxBytes) {
+            try {
+                await reader.cancel();
+            }
+            catch {
+                /* already closing */
+            }
+            break;
+        }
+    }
+    return Buffer.concat(chunks).toString("utf8");
+}
 /** Strip HTML to a readable-ish plain-text approximation (no dependency). */
 export function htmlToText(html) {
     return html
@@ -24,6 +84,103 @@ export function htmlToText(html) {
         .replace(/\n{3,}/g, "\n\n")
         .trim();
 }
+/** Parse DuckDuckGo HTML results → [{title, url, snippet}]. Best-effort HTML scrape (no key, no dependency). */
+export function parseSearchResults(html, limit) {
+    const strip = (s) => s
+        .replace(/<[^>]+>/g, "")
+        .replace(/&amp;/g, "&")
+        .replace(/&lt;/g, "<")
+        .replace(/&gt;/g, ">")
+        .replace(/&quot;/g, '"')
+        .replace(/&#x27;|&#39;/g, "'")
+        .replace(/\s+/g, " ")
+        .trim();
+    const snippets = [];
+    const snipRe = /class="result__snippet"[^>]*>([\s\S]*?)<\/a>/g;
+    let m;
+    while ((m = snipRe.exec(html)))
+        snippets.push(strip(m[1]));
+    const out = [];
+    const linkRe = /class="result__a"[^>]*href="([^"]+)"[^>]*>([\s\S]*?)<\/a>/g;
+    let i = 0;
+    while ((m = linkRe.exec(html)) && out.length < limit) {
+        let href = m[1].replace(/&amp;/g, "&");
+        const uddg = /[?&]uddg=([^&]+)/.exec(href); // DuckDuckGo wraps results in a /l/?uddg=<real-url> redirect
+        if (uddg)
+            href = decodeURIComponent(uddg[1]);
+        else if (href.startsWith("//"))
+            href = "https:" + href;
+        out.push({ title: strip(m[2]), url: href, snippet: snippets[i++] ?? "" });
+    }
+    return out;
+}
+registerTool({
+    name: "web_search",
+    description: "Search the web and return the top results (title, URL, snippet). Use it to FIND information or pages you " +
+        "don't already have a URL for, then `web_fetch` a result to read it. Read-only. Reliable with a Tavily key " +
+        "(env HARA_SEARCH_API_KEY); otherwise a best-effort keyless fallback that may be rate-limited.",
+    input_schema: {
+        type: "object",
+        properties: {
+            query: { type: "string" },
+            limit: { type: "number", description: "max results (default 6, max 10)" },
+        },
+        required: ["query"],
+    },
+    kind: "read",
+    async run(input) {
+        const q = String(input.query ?? "").trim();
+        if (!q)
+            return "(empty query)";
+        const limit = Math.min(Math.max(1, Number(input.limit) || 6), 10);
+        const fmt = (rs) => rs.map((r, n) => `${n + 1}. ${r.title}\n   ${r.url}${r.snippet ? `\n   ${r.snippet}` : ""}`).join("\n\n");
+        const ctrl = new AbortController();
+        const timer = setTimeout(() => ctrl.abort(), 20_000);
+        try {
+            // Reliable path: Tavily (designed for agents, free tier) when a key is configured.
+            const key = process.env.HARA_SEARCH_API_KEY || process.env.TAVILY_API_KEY;
+            if (key) {
+                const res = await fetch("https://api.tavily.com/search", {
+                    method: "POST",
+                    signal: ctrl.signal,
+                    headers: { "content-type": "application/json" },
+                    body: JSON.stringify({ api_key: key, query: q, max_results: limit }),
+                });
+                if (res.ok) {
+                    const j = (await res.json());
+                    const rs = (j.results ?? []).map((x) => ({ title: String(x.title ?? x.url ?? ""), url: String(x.url ?? ""), snippet: String(x.content ?? "").slice(0, 200) }));
+                    if (rs.length)
+                        return fmt(rs);
+                }
+                // Tavily failed → fall through to the keyless best-effort path.
+            }
+            // Keyless fallback: DuckDuckGo HTML (POST — GET returns a 202 challenge). May be rate-limited.
+            const res = await fetch("https://html.duckduckgo.com/html/", {
+                method: "POST",
+                signal: ctrl.signal,
+                redirect: "follow",
+                headers: {
+                    "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0 Safari/537.36",
+                    "content-type": "application/x-www-form-urlencoded",
+                    accept: "text/html",
+                },
+                body: `q=${encodeURIComponent(q)}`,
+            });
+            if (!res.ok)
+                return `Search failed: HTTP ${res.status}. Keyless search is rate-limited — set HARA_SEARCH_API_KEY (Tavily) for reliable search, or web_fetch a known URL.`;
+            const results = parseSearchResults(await res.text(), limit);
+            if (!results.length)
+                return "(no results — the keyless endpoint is rate-limited or changed. Set HARA_SEARCH_API_KEY (Tavily) for reliable search, or web_fetch a known URL.)";
+            return fmt(results);
+        }
+        catch (e) {
+            return `Search failed: ${e?.name === "AbortError" ? "timed out (20s)" : (e?.message ?? e)}`;
+        }
+        finally {
+            clearTimeout(timer);
+        }
+    },
+});
 registerTool({
     name: "web_fetch",
     description: "Fetch an http(s) URL and return its text content (HTML is reduced to readable text). Read-only. " +
@@ -51,17 +208,30 @@ registerTool({
         const ctrl = new AbortController();
         const timer = setTimeout(() => ctrl.abort(), 30_000);
         try {
-            const res = await fetch(url, {
-                signal: ctrl.signal,
-                redirect: "follow",
-                headers: { "user-agent": "hara-cli", accept: "text/html,text/plain,application/json,*/*" },
-            });
+            // Follow redirects manually so the SSRF guard runs on EVERY hop (a public URL can 30x to 169.254…).
+            let current = url;
+            let res;
+            for (let hop = 0;; hop++) {
+                await assertPublicHost(current.hostname);
+                res = await fetch(current, {
+                    signal: ctrl.signal,
+                    redirect: "manual",
+                    headers: { "user-agent": "hara-cli", accept: "text/html,text/plain,application/json,*/*" },
+                });
+                const loc = res.status >= 300 && res.status < 400 ? res.headers.get("location") : null;
+                if (!loc || hop >= 5)
+                    break;
+                const next = new URL(loc, current);
+                if (next.protocol !== "http:" && next.protocol !== "https:")
+                    return "Error: redirect to a non-http(s) URL was blocked.";
+                current = next;
+            }
             const ct = res.headers.get("content-type") ?? "";
-            const raw = await res.text();
+            const raw = await readCapped(res, cap * 4); // byte ceiling (HTML→text shrinks; cap*4 leaves headroom)
             let text = /html/i.test(ct) ? htmlToText(raw) : raw;
             if (text.length > cap)
                 text = text.slice(0, cap) + `\n…[truncated ${text.length - cap} chars]`;
-            return `# ${url.href} (HTTP ${res.status})\n\n${text || "(empty body)"}`;
+            return `# ${current.href} (HTTP ${res.status})\n\n${text || "(empty body)"}`;
         }
         catch (e) {
             return `Error fetching ${url.href}: ${e?.name === "AbortError" ? "timed out (30s)" : (e?.message ?? e)}`;

package/dist/tui/App.js

@@ -62,7 +62,7 @@ function Working() {
     const frames = "⠋⠙⠹⠸⠼⠴⠦⠧⠇⠏";
     return (_jsxs(Box, { marginTop: 1, children: [_jsx(Text, { color: "yellow", children: frames[n % frames.length] }), _jsx(Text, { dimColor: true, children: ` working ${Math.floor(n / 10)}s · esc to interrupt` })] }));
 }
-export function App({ initialStatus, model, cwd, header, onSubmit, cycleApproval, onClipboardImage }) {
+export function App({ initialStatus, model, cwd, header, onSubmit, cycleApproval, onClipboardImage, vim }) {
     const { exit } = useApp();
     const [history, setHistory] = useState([]);
     const [current, setCurrent] = useState([]);
@@ -92,6 +92,19 @@ export function App({ initialStatus, model, cwd, header, onSubmit, cycleApproval
             return [...cur, { id: nid(), kind, text }];
         });
     }, []);
+    // Type-ahead steering: hand the runner everything queued while the turn ran, showing each message
+    // inline (as a user block) at the point it gets folded into the conversation. Drained mid-turn so an
+    // addition reaches the model on its next call; whatever's still queued at turn end is the effect below.
+    const drainQueue = useCallback(() => {
+        if (!queueRef.current.length)
+            return [];
+        const batch = queueRef.current;
+        queueRef.current = [];
+        setPool([]);
+        for (const b of batch)
+            pushCurrent("user", b.line.trim() || "🖼 (image)");
+        return batch;
+    }, [pushCurrent]);
     const handleSubmit = useCallback(async (line, images) => {
         const t = line.trim();
         if ((!t && !images?.length) || prompt)
@@ -127,7 +140,7 @@ export function App({ initialStatus, model, cwd, header, onSubmit, cycleApproval
         const selectFn = (title, options) => openPrompt(title, options);
         const setApprovalFn = (m) => setStatus((s) => ({ ...s, approval: m }));
         try {
-            await onSubmit(t, { sink, confirm: confirmFn, select: selectFn, setApproval: setApprovalFn, signal: ctrl.signal, exit, approval: statusRef.current.approval }, images);
+            await onSubmit(t, { sink, confirm: confirmFn, select: selectFn, setApproval: setApprovalFn, signal: ctrl.signal, exit, approval: statusRef.current.approval, drainQueue }, images);
         }
         catch (e) {
             pushCurrent("notice", `error: ${e instanceof Error ? e.message : String(e)}`);
@@ -139,7 +152,7 @@ export function App({ initialStatus, model, cwd, header, onSubmit, cycleApproval
         setCurrent([]);
         setWorking(false);
         ctrlRef.current = null;
-    }, [working, prompt, onSubmit, pushCurrent, model, exit]);
+    }, [working, prompt, onSubmit, pushCurrent, model, exit, drainQueue]);
     // Drain the type-ahead pool: when the turn finishes (working → false) and nothing awaits a choice, COALESCE
     // every pooled message into ONE turn and send it — additions/clarifications go to the agent together, in order.
     useEffect(() => {
@@ -196,5 +209,5 @@ export function App({ initialStatus, model, cwd, header, onSubmit, cycleApproval
         else if (key.tab && key.shift && cycleApproval)
             setStatus((s) => ({ ...s, approval: cycleApproval(s.approval) }));
     });
-    return (_jsxs(Box, { flexDirection: "column", children: [_jsx(Static, { items: header ? [{ id: -1, kind: "notice", text: "" }, ...history] : history, children: (item) => (item.id === -1 ? _jsx(HeaderCard, { ...header }, "hdr") : _jsx(Block, { item: item }, item.id)) }), current.map((item) => (_jsx(Block, { item: item, open: reasoningOpen }, item.id))), working && !prompt && _jsx(Working, {}), prompt && (_jsxs(Box, { flexDirection: "column", marginTop: 1, children: [_jsx(Text, { color: "yellow", children: `  ${stripAnsi(prompt.title)}` }), prompt.options.map((o, i) => (_jsx(Text, { color: i === promptSel ? "cyan" : undefined, bold: i === promptSel, children: (i === promptSel ? " ❯ " : "   ") + `${i + 1}. ` + o.label }, i))), _jsx(Text, { dimColor: true, children: `   ↑↓ or 1–${prompt.options.length} to choose · Enter · Esc cancels` })] })), pool.length > 0 && !prompt && (_jsx(Box, { flexDirection: "column", children: pool.map((l, i) => (_jsx(Text, { color: accent(), children: `  › ${l.length > 72 ? l.slice(0, 72) + "…" : l}` }, i))) })), _jsx(InputBox, { status: status, cwd: cwd, isActive: !prompt, working: working, queued: pool.length, onSubmit: handleSubmit, onClipboardImage: onClipboardImage })] }));
+    return (_jsxs(Box, { flexDirection: "column", children: [_jsx(Static, { items: header ? [{ id: -1, kind: "notice", text: "" }, ...history] : history, children: (item) => (item.id === -1 ? _jsx(HeaderCard, { ...header }, "hdr") : _jsx(Block, { item: item }, item.id)) }), current.map((item) => (_jsx(Block, { item: item, open: reasoningOpen }, item.id))), working && !prompt && _jsx(Working, {}), prompt && (_jsxs(Box, { flexDirection: "column", marginTop: 1, children: [_jsx(Text, { color: "yellow", children: `  ${stripAnsi(prompt.title)}` }), prompt.options.map((o, i) => (_jsx(Text, { color: i === promptSel ? "cyan" : undefined, bold: i === promptSel, children: (i === promptSel ? " ❯ " : "   ") + `${i + 1}. ` + o.label }, i))), _jsx(Text, { dimColor: true, children: `   ↑↓ or 1–${prompt.options.length} to choose · Enter · Esc cancels` })] })), pool.length > 0 && !prompt && (_jsx(Box, { flexDirection: "column", children: pool.map((l, i) => (_jsx(Text, { color: accent(), children: `  › ${l.length > 72 ? l.slice(0, 72) + "…" : l}` }, i))) })), _jsx(InputBox, { status: status, cwd: cwd, isActive: !prompt, working: working, queued: pool.length, vim: vim, onSubmit: handleSubmit, onClipboardImage: onClipboardImage })] }));
 }

package/dist/tui/InputBox.js

@@ -7,6 +7,7 @@ import { Box, Text, useInput, useStdout } from "ink";
 import { useMemo, useState } from "react";
 import { fileCandidates } from "../context/mentions.js";
 import { imagePathFromPaste } from "../images.js";
+import { vimNormal } from "./vim.js";
 export const MODES = ["suggest", "auto-edit", "full-auto", "plan"];
 export const nextMode = (m) => MODES[(MODES.indexOf(m) + 1) % MODES.length];
 const tok = (n) => (n >= 1000 ? `${(n / 1000).toFixed(1)}k` : `${n}`);
@@ -84,7 +85,7 @@ function InputLine({ value, cursor }) {
     return _jsx(Text, { children: nodes });
 }
 /** Top border (session) + prompt line + bottom border (usage) + ModeBar, with an @path popup. */
-export function InputBox({ status, cwd, width, onSubmit, onClipboardImage, isActive = true, working = false, queued = 0, placeholder = "Type a task · /help · @file · Ctrl+V paste image · shift+tab mode · Esc interrupts", }) {
+export function InputBox({ status, cwd, width, onSubmit, onClipboardImage, isActive = true, working = false, queued = 0, vim = false, placeholder = "Type a task · /help · @file · Ctrl+V paste image · shift+tab mode · Esc interrupts", }) {
     const { stdout } = useStdout();
     const w = width ?? stdout?.columns ?? 80;
     const [value, setValue] = useState("");
@@ -92,6 +93,9 @@ export function InputBox({ status, cwd, width, onSubmit, onClipboardImage, isAct
     const [sel, setSel] = useState(0);
     const [dismissed, setDismissed] = useState(false);
     const [images, setImages] = useState([]);
+    const [mode, setMode] = useState("insert"); // vim only
+    const [pending, setPending] = useState(""); // vim operator-pending (d/c/g)
+    const [register, setRegister] = useState(""); // vim yank/delete register
     const set = (v, c) => {
         setValue(v);
         setCursor(c);
@@ -116,6 +120,8 @@ export function InputBox({ status, cwd, width, onSubmit, onClipboardImage, isAct
         onSubmit?.(text, images.length ? images : undefined);
         set("", 0);
         setImages([]);
+        setMode("insert"); // a fresh prompt starts in insert
+        setPending("");
     };
     const mention = activeMention(value, cursor);
     const candidates = useMemo(() => (isActive && mention && !dismissed ? fileCandidates(cwd, mention.query, 8) : []), [cwd, isActive, dismissed, mention?.query, mention?.start]);
@@ -143,8 +149,36 @@ export function InputBox({ status, cwd, width, onSubmit, onClipboardImage, isAct
             return;
         }
         if (key.escape) {
-            if (popupOpen)
+            if (popupOpen) {
                 setDismissed(true);
+                return;
+            }
+            if (vim && mode === "insert") {
+                setMode("normal");
+                setPending("");
+            }
+            return;
+        }
+        // vim NORMAL mode: printable keys are commands, not text (Enter/arrows/backspace still navigate/submit)
+        if (vim && mode === "normal") {
+            if (key.return)
+                return submit(value);
+            if (key.leftArrow)
+                return setCursor((c) => Math.max(0, c - 1));
+            if (key.rightArrow)
+                return setCursor((c) => Math.min(value.length, c + 1));
+            if (key.backspace || key.delete)
+                return setCursor((c) => Math.max(0, c - 1));
+            if (input && !key.ctrl && !key.meta) {
+                const st = vimNormal({ value, cursor, mode, pending, register }, input);
+                setValue(st.value);
+                setCursor(st.cursor);
+                setMode(st.mode);
+                setPending(st.pending);
+                setRegister(st.register);
+                setSel(0);
+                setDismissed(false);
+            }
             return;
         }
         if (key.return) {
@@ -204,5 +238,5 @@ export function InputBox({ status, cwd, width, onSubmit, onClipboardImage, isAct
             set(value.slice(0, cursor) + input + value.slice(cursor), cursor + input.length);
         }
     }, { isActive });
-    return (_jsxs(Box, { flexDirection: "column", children: [_jsx(TopBorder, { name: status.sessionName || "session", width: w }), _jsxs(Box, { children: [_jsx(Text, { color: "cyan", children: "› " }), value.length === 0 ? (_jsxs(Text, { children: [_jsx(Text, { inverse: true, children: " " }), _jsx(Text, { dimColor: true, children: placeholder })] })) : (_jsx(InputLine, { value: value, cursor: cursor }))] }), _jsx(BottomBorder, { s: status, width: w }), working ? _jsx(Text, { dimColor: true, children: `  ⌨ working — Enter queues your message${queued ? ` · ${queued} queued` : ""} · Esc interrupts` }) : null, popupOpen ? _jsx(MentionPopup, { items: candidates, selected: selIdx, query: mention.query }) : null, _jsx(ModeBar, { approval: status.approval })] }));
+    return (_jsxs(Box, { flexDirection: "column", children: [_jsx(TopBorder, { name: status.sessionName || "session", width: w }), _jsxs(Box, { children: [_jsx(Text, { color: vim ? (mode === "normal" ? "yellow" : "green") : "cyan", children: vim && mode === "normal" ? "◆ " : "› " }), value.length === 0 ? (_jsxs(Text, { children: [_jsx(Text, { inverse: true, children: " " }), _jsx(Text, { dimColor: true, children: placeholder })] })) : (_jsx(InputLine, { value: value, cursor: cursor }))] }), vim ? _jsx(Text, { dimColor: true, children: mode === "normal" ? "  -- NORMAL --  i/a insert · h l 0 $ w b e move · x dd D cw p edit" : "  -- INSERT --  Esc → normal" }) : null, _jsx(BottomBorder, { s: status, width: w }), working ? _jsx(Text, { dimColor: true, children: `  ⌨ working — Enter queues your message${queued ? ` · ${queued} queued` : ""} · Esc interrupts` }) : null, popupOpen ? _jsx(MentionPopup, { items: candidates, selected: selIdx, query: mention.query }) : null, _jsx(ModeBar, { approval: status.approval })] }));
 }

package/dist/tui/vim.js

@@ -0,0 +1,115 @@
+const isSpace = (ch) => ch === " " || ch === "\t";
+const clamp = (c, n) => Math.max(0, Math.min(n, c));
+/** Start of the next word (run of non-space), vim `w`. */
+function nextWord(v, c) {
+    const n = v.length;
+    let i = c;
+    if (i < n && !isSpace(v[i]))
+        while (i < n && !isSpace(v[i]))
+            i++;
+    while (i < n && isSpace(v[i]))
+        i++;
+    return i;
+}
+/** Start of the previous word, vim `b`. */
+function prevWord(v, c) {
+    let i = c - 1;
+    while (i > 0 && isSpace(v[i]))
+        i--;
+    while (i > 0 && !isSpace(v[i - 1]))
+        i--;
+    return Math.max(0, i);
+}
+/** End index of the current/next word, vim `e`. */
+function wordEnd(v, c) {
+    const n = v.length;
+    let i = c + 1;
+    while (i < n && isSpace(v[i]))
+        i++;
+    while (i < n - 1 && !isSpace(v[i + 1]))
+        i++;
+    return Math.min(n, i);
+}
+/** Apply one printable key in NORMAL mode, returning the next state. Special keys (Esc/Enter/arrows/
+ *  backspace) are handled by the caller. Unknown keys are no-ops. */
+export function vimNormal(st, input) {
+    const { value, cursor } = st;
+    const n = value.length;
+    const move = (c) => ({ ...st, cursor: clamp(c, n), pending: "" });
+    const toInsert = (v, c, register = st.register) => ({ value: v, cursor: clamp(c, v.length), mode: "insert", pending: "", register });
+    const toNormal = (patch) => ({ ...st, pending: "", ...patch });
+    // operator-pending: d{motion} / c{motion}
+    if (st.pending === "d" || st.pending === "c") {
+        const op = st.pending;
+        if (input === op)
+            return op === "c" ? toInsert("", 0, value) : toNormal({ value: "", cursor: 0, register: value }); // dd / cc
+        const ranges = {
+            w: [cursor, nextWord(value, cursor)],
+            e: [cursor, Math.min(n, wordEnd(value, cursor) + 1)],
+            b: [prevWord(value, cursor), cursor],
+            $: [cursor, n],
+            "0": [0, cursor],
+        };
+        const r = ranges[op === "c" && input === "w" ? "e" : input]; // cw acts like ce (vim quirk)
+        if (!r)
+            return toNormal({}); // unknown motion → cancel the operator
+        const [from, to] = r;
+        const deleted = value.slice(from, to);
+        const next = value.slice(0, from) + value.slice(to);
+        return op === "c" ? toInsert(next, from, deleted) : toNormal({ value: next, cursor: clamp(from, next.length), register: deleted });
+    }
+    if (st.pending === "g")
+        return input === "g" ? move(0) : toNormal({});
+    switch (input) {
+        // motions
+        case "h":
+            return move(cursor - 1);
+        case "l":
+            return move(cursor + 1);
+        case "0":
+            return move(0);
+        case "$":
+            return move(n);
+        case "w":
+            return move(nextWord(value, cursor));
+        case "b":
+            return move(prevWord(value, cursor));
+        case "e":
+            return move(wordEnd(value, cursor));
+        case "G":
+            return move(n);
+        // enter insert mode
+        case "i":
+            return toInsert(value, cursor);
+        case "a":
+            return toInsert(value, cursor + 1);
+        case "I":
+            return toInsert(value, value.length - value.trimStart().length);
+        case "A":
+        case "o": // single-line: open ≈ append at end
+            return toInsert(value, n);
+        // edits
+        case "x": {
+            if (!n)
+                return toNormal({});
+            return toNormal({ value: value.slice(0, cursor) + value.slice(cursor + 1), cursor: clamp(cursor, n - 1), register: value[cursor] ?? "" });
+        }
+        case "D":
+            return toNormal({ value: value.slice(0, cursor), cursor: clamp(cursor, cursor), register: value.slice(cursor) });
+        case "C":
+            return toInsert(value.slice(0, cursor), cursor, value.slice(cursor));
+        case "p":
+            return toNormal({ value: value.slice(0, cursor + 1) + st.register + value.slice(cursor + 1), cursor: cursor + st.register.length });
+        case "P":
+            return toNormal({ value: value.slice(0, cursor) + st.register + value.slice(cursor), cursor: cursor + Math.max(0, st.register.length - 1) });
+        // operators
+        case "d":
+            return { ...st, pending: "d" };
+        case "c":
+            return { ...st, pending: "c" };
+        case "g":
+            return { ...st, pending: "g" };
+        default:
+            return toNormal({}); // ignore everything else (printable keys don't insert in normal mode)
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nanhara/hara",
-  "version": "0.48.0",
+  "version": "0.62.0",
   "description": "hara — a coding agent CLI that runs like an engineering org.",
   "bin": {
     "hara": "dist/index.js"
@@ -8,8 +8,10 @@
   "type": "module",
   "files": [
     "dist",
+    "!dist/bin",
     "README.md",
     "CHANGELOG.md",
+    "SECURITY.md",
     "LICENSE",
     "CLA.md",
     "plugins"
@@ -40,7 +42,9 @@
     "prepare": "tsc",
     "dev": "tsx src/index.ts",
     "start": "node dist/index.js",
-    "test": "tsc && node --test test/*.test.mjs"
+    "test": "tsc && node --test test/*.test.mjs",
+    "build:binary": "tsc && bun scripts/build-binary.ts dist/bin/hara",
+    "build:binaries": "tsc && bun scripts/build-binary.ts dist/bin/hara-darwin-arm64 bun-darwin-arm64 && bun scripts/build-binary.ts dist/bin/hara-darwin-x64 bun-darwin-x64 && bun scripts/build-binary.ts dist/bin/hara-linux-x64 bun-linux-x64 && bun scripts/build-binary.ts dist/bin/hara-linux-arm64 bun-linux-arm64"
   },
   "publishConfig": {
     "access": "public"