npm - @nomad-e/bluma-cli - Versions diffs - 0.1.74 → 0.1.76 - Mend

@nomad-e/bluma-cli 0.1.74 → 0.1.76

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md +115 -27
package/dist/config/native_tools.json +27 -4
package/dist/main.js +550 -304
package/package.json +1 -1

package/dist/main.js CHANGED Viewed

@@ -299,21 +299,22 @@ function assessCommandSafety(command, policy = getSandboxPolicy()) {
       return { allowed: false, risk: "blocked", reason: entry.reason };
     }
   }
+  const skipConfirmation = ruleDecision === "allow";
   if (HIGH_RISK_COMMAND_PATTERNS.some((pattern) => pattern.test(trimmed))) {
     return {
       allowed: true,
       risk: policy.isSandbox ? "high" : "high",
-      reason: policy.isSandbox ? "High-risk command allowed inside the workspace sandbox." : "High-risk command requires explicit approval outside sandbox mode."
+      reason: skipConfirmation ? "Command allowed by permission rules engine." : policy.isSandbox ? "High-risk command allowed inside the workspace sandbox." : "High-risk command requires explicit approval outside sandbox mode."
     };
   }
   if (MODERATE_RISK_COMMAND_PATTERNS.some((pattern) => pattern.test(trimmed))) {
     return {
       allowed: true,
       risk: "moderate",
-      reason: policy.isSandbox ? "Workspace mutation command allowed inside the sandbox." : "Workspace mutation command requires confirmation outside sandbox mode."
+      reason: skipConfirmation ? "Command allowed by permission rules engine." : policy.isSandbox ? "Workspace mutation command allowed inside the sandbox." : "Workspace mutation command requires confirmation outside sandbox mode."
     };
   }
-  if (ruleDecision === "allow") {
+  if (skipConfirmation) {
     return { allowed: true, risk: "safe", reason: "Command allowed by permission rules engine." };
   }
   return { allowed: true, risk: "safe" };
@@ -327,7 +328,7 @@ var init_sandbox_policy = __esm({
     BLOCKED_COMMAND_PATTERNS = [
       { pattern: /\bsudo\b/, reason: "Privilege escalation is not allowed." },
       { pattern: /\bsu\b\s/, reason: "User switching is not allowed." },
-      { pattern: /\brm\s+-rf\s+\/\b/, reason: "Deleting root filesystem is blocked." },
+      { pattern: /\brm\s+-rf\s+\/(?:\s*(?:$|[;&|]))/, reason: "Deleting root filesystem is blocked." },
       { pattern: /\bcurl\b.*\|\s*(bash|sh|zsh)/i, reason: "Pipe-to-shell execution is blocked." },
       { pattern: /\bwget\b.*\|\s*(bash|sh|zsh)/i, reason: "Pipe-to-shell execution is blocked." },
       { pattern: /\beval\b\s*\(/, reason: "Eval execution is blocked." },
@@ -2367,7 +2368,7 @@ var getSlashCommands = () => [
   },
   {
     name: "/review",
-    description: "review coordinator \u2014 spawn specialized QA reviewers in parallel (security, logic, perf, quality, tests, architecture)",
+    description: "review changes directly or use /review mason for parallel specialist reviewers (slower, deeper)",
     category: "agent"
   },
   {
@@ -4770,8 +4771,12 @@ var renderAskUserQuestion = ({ args }) => {
   const parsed = parseArgs(args);
   const qs = Array.isArray(parsed.questions) ? parsed.questions : [];
   const q0 = qs[0];
-  const qtext = typeof q0?.question === "string" ? truncate2(q0.question, 100) : "(question)";
-  return /* @__PURE__ */ jsx8(Box8, { flexDirection: "column", children: /* @__PURE__ */ jsx8(Text8, { dimColor: true, wrap: "wrap", children: qtext }) });
+  const options = Array.isArray(q0?.options) ? q0.options.length : 0;
+  return /* @__PURE__ */ jsx8(Box8, { flexDirection: "column", children: /* @__PURE__ */ jsxs8(Text8, { dimColor: true, wrap: "wrap", children: [
+    "Awaiting user answer",
+    qs.length > 0 ? ` \xB7 ${qs.length} question${qs.length === 1 ? "" : "s"}` : "",
+    options > 0 ? ` \xB7 ${options} option${options === 1 ? "" : "s"}` : ""
+  ] }) });
 };
 var renderPlanMode = ({ args }) => {
   const parsed = parseArgs(args);
@@ -6980,9 +6985,106 @@ async function readArtifact(args) {
 import https from "https";
 import http from "http";
 var DEFAULT_SOURCES = ["reddit", "github", "stackoverflow"];
-var MAX_RESULTS_DEFAULT = 5;
+var MAX_RESULTS_DEFAULT = 10;
+var MAX_USES_DEFAULT = 8;
 var REQUEST_TIMEOUT = 15e3;
 var MAX_CONTENT_LENGTH = 4e3;
+function validateInput(args) {
+  if (!args.query || typeof args.query !== "string") {
+    return { valid: false, error: "query is required and must be a string" };
+  }
+  if (args.query.trim().length < 2) {
+    return { valid: false, error: "query must be at least 2 characters long" };
+  }
+  if (args.query.length > 500) {
+    return { valid: false, error: "query must be less than 500 characters" };
+  }
+  if (args.allowed_domains && args.blocked_domains && args.allowed_domains.length > 0 && args.blocked_domains.length > 0) {
+    return {
+      valid: false,
+      error: "Cannot specify both allowed_domains and blocked_domains in the same request"
+    };
+  }
+  if (args.sources && args.sources.length > 0) {
+    const validSources = ["reddit", "github", "stackoverflow", "x"];
+    for (const source of args.sources) {
+      if (!validSources.includes(source)) {
+        return {
+          valid: false,
+          error: `Invalid source: ${source}. Valid sources are: ${validSources.join(", ")}`
+        };
+      }
+    }
+  }
+  if (args.max_results !== void 0) {
+    if (typeof args.max_results !== "number" || args.max_results < 1) {
+      return { valid: false, error: "max_results must be a positive integer" };
+    }
+    if (args.max_results > 50) {
+      return { valid: false, error: "max_results cannot exceed 50" };
+    }
+  }
+  if (args.max_uses !== void 0) {
+    if (typeof args.max_uses !== "number" || args.max_uses < 1) {
+      return { valid: false, error: "max_uses must be a positive integer" };
+    }
+    if (args.max_uses > 20) {
+      return { valid: false, error: "max_uses cannot exceed 20" };
+    }
+  }
+  const domainRegex = /^[a-zA-Z0-9][a-zA-Z0-9.-]*\.[a-zA-Z]{2,}$/;
+  if (args.allowed_domains) {
+    for (const domain of args.allowed_domains) {
+      if (!domainRegex.test(domain)) {
+        return { valid: false, error: `Invalid domain format: ${domain}` };
+      }
+    }
+  }
+  if (args.blocked_domains) {
+    for (const domain of args.blocked_domains) {
+      if (!domainRegex.test(domain)) {
+        return { valid: false, error: `Invalid domain format: ${domain}` };
+      }
+    }
+  }
+  return { valid: true };
+}
+function extractDomain(url) {
+  try {
+    const urlObj = new URL(url);
+    const hostname = urlObj.hostname.toLowerCase();
+    const parts = hostname.split(".");
+    if (parts.length >= 2) {
+      return parts.slice(-2).join(".");
+    }
+    return hostname;
+  } catch {
+    return null;
+  }
+}
+function passesDomainFilter(url, allowedDomains, blockedDomains) {
+  const domain = extractDomain(url);
+  if (!domain) {
+    return { passes: false, reason: "Could not extract domain from URL" };
+  }
+  if (allowedDomains && allowedDomains.length > 0) {
+    const isAllowed = allowedDomains.some(
+      (allowed) => domain === allowed.toLowerCase() || domain.endsWith("." + allowed.toLowerCase())
+    );
+    if (!isAllowed) {
+      return { passes: false, reason: `Domain ${domain} not in allowed list` };
+    }
+  }
+  if (blockedDomains && blockedDomains.length > 0) {
+    const isBlocked = blockedDomains.some(
+      (blocked) => domain === blocked.toLowerCase() || domain.endsWith("." + blocked.toLowerCase())
+    );
+    if (isBlocked) {
+      return { passes: false, reason: `Domain ${domain} is in blocked list` };
+    }
+  }
+  return { passes: true };
+}
 function httpGet(url, customHeaders) {
   return new Promise((resolve2, reject) => {
     const protocol = url.startsWith("https") ? https : http;
@@ -7028,17 +7130,29 @@ function cleanContent(text, maxLength = MAX_CONTENT_LENGTH) {
   }
   return cleaned;
 }
-async function searchReddit(query, limit) {
+async function searchReddit(query, limit, allowedDomains, blockedDomains) {
   const results = [];
+  const warnings = [];
   try {
     const subreddits = "programming+webdev+javascript+typescript+python+node+reactjs+learnprogramming+rust+golang+devops";
     const encodedQuery = encodeURIComponent(query);
-    const url = `https://www.reddit.com/r/${subreddits}/search.json?q=${encodedQuery}&sort=relevance&limit=${limit}&restrict_sr=on`;
+    const url = `https://www.reddit.com/r/${subreddits}/search.json?q=${encodedQuery}&sort=relevance&limit=${limit * 2}&restrict_sr=on`;
+    const domainCheck = passesDomainFilter(url, allowedDomains, blockedDomains);
+    if (!domainCheck.passes) {
+      warnings.push(`Reddit search skipped: ${domainCheck.reason}`);
+      return results;
+    }
     const response = await httpGet(url);
     const data = JSON.parse(response);
     if (data.data?.children) {
-      for (const child of data.data.children.slice(0, limit)) {
+      for (const child of data.data.children.slice(0, limit * 2)) {
+        if (results.length >= limit) break;
         const post = child.data;
+        const postUrl = `https://reddit.com${post.permalink}`;
+        const urlCheck = passesDomainFilter(postUrl, allowedDomains, blockedDomains);
+        if (!urlCheck.passes) {
+          continue;
+        }
         let content = `# ${post.title}
 `;
@@ -7070,7 +7184,7 @@ ${cleanContent(post.selftext, 2e3)}
         }
         results.push({
           title: post.title || "",
-          url: `https://reddit.com${post.permalink}`,
+          url: postUrl,
           source: "reddit",
           content: cleanContent(content),
           score: post.score,
@@ -7084,18 +7198,34 @@ ${cleanContent(post.selftext, 2e3)}
     }
   } catch (error) {
     console.error(`[search_web] Reddit error: ${error.message}`);
+    if (error.message.includes("403") || error.message.includes("429")) {
+      warnings.push("Reddit rate limit encountered - results may be incomplete");
+    }
   }
   return results;
 }
-async function searchGitHub(query, limit) {
+async function searchGitHub(query, limit, allowedDomains, blockedDomains) {
   const results = [];
+  const warnings = [];
   try {
     const encodedQuery = encodeURIComponent(query);
-    const url = `https://api.github.com/search/issues?q=${encodedQuery}+is:issue&sort=reactions&order=desc&per_page=${limit}`;
-    const response = await httpGet(url);
+    const url = `https://api.github.com/search/issues?q=${encodedQuery}+is:issue&sort=reactions&order=desc&per_page=${limit * 2}`;
+    const domainCheck = passesDomainFilter(url, allowedDomains, blockedDomains);
+    if (!domainCheck.passes) {
+      warnings.push(`GitHub search skipped: ${domainCheck.reason}`);
+      return results;
+    }
+    const response = await httpGet(url, {
+      "Accept": "application/vnd.github+json"
+    });
     const data = JSON.parse(response);
     if (data.items) {
-      for (const item of data.items.slice(0, limit)) {
+      for (const item of data.items.slice(0, limit * 2)) {
+        if (results.length >= limit) break;
+        const urlCheck = passesDomainFilter(item.html_url, allowedDomains, blockedDomains);
+        if (!urlCheck.passes) {
+          continue;
+        }
         let content = `# ${item.title}
 `;
@@ -7130,18 +7260,32 @@ ${cleanContent(item.body, 2500)}
     }
   } catch (error) {
     console.error(`[search_web] GitHub error: ${error.message}`);
+    if (error.message.includes("403")) {
+      warnings.push("GitHub API rate limit may have been reached");
+    }
   }
   return results;
 }
-async function searchStackOverflow(query, limit) {
+async function searchStackOverflow(query, limit, allowedDomains, blockedDomains) {
   const results = [];
+  const warnings = [];
   try {
     const encodedQuery = encodeURIComponent(query);
-    const url = `https://api.stackexchange.com/2.3/search/advanced?order=desc&sort=relevance&q=${encodedQuery}&site=stackoverflow&pagesize=${limit}&filter=withbody`;
+    const url = `https://api.stackexchange.com/2.3/search/advanced?order=desc&sort=relevance&q=${encodedQuery}&site=stackoverflow&pagesize=${limit * 2}&filter=withbody`;
+    const domainCheck = passesDomainFilter(url, allowedDomains, blockedDomains);
+    if (!domainCheck.passes) {
+      warnings.push(`StackOverflow search skipped: ${domainCheck.reason}`);
+      return results;
+    }
     const response = await httpGet(url);
     const data = JSON.parse(response);
     if (data.items) {
-      for (const item of data.items.slice(0, limit)) {
+      for (const item of data.items.slice(0, limit * 2)) {
+        if (results.length >= limit) break;
+        const urlCheck = passesDomainFilter(item.link, allowedDomains, blockedDomains);
+        if (!urlCheck.passes) {
+          continue;
+        }
         let content = `# ${item.title}
 `;
@@ -7195,64 +7339,96 @@ ${cleanContent(cleanAnswer, 2e3)}
   }
   return results;
 }
-async function searchWeb(args) {
+async function searchX(query, limit, allowedDomains, blockedDomains) {
+  const results = [];
+  const warnings = [];
+  warnings.push("X (Twitter) search is not available - API requires authentication");
   try {
-    const {
-      query,
-      sources = DEFAULT_SOURCES,
-      max_results = MAX_RESULTS_DEFAULT
-    } = args;
-    if (!query || typeof query !== "string") {
-      return {
-        success: false,
-        query: query || "",
-        results: [],
-        sources_searched: [],
-        total_results: 0,
-        error: "query is required and must be a string"
-      };
-    }
-    const allResults = [];
-    const sourcesSearched = [];
-    const resultsPerSource = Math.ceil(max_results / sources.length);
-    const searches = [];
-    for (const source of sources) {
-      sourcesSearched.push(source);
-      switch (source) {
-        case "reddit":
-          searches.push(searchReddit(query, resultsPerSource));
-          break;
-        case "github":
-          searches.push(searchGitHub(query, resultsPerSource));
-          break;
-        case "stackoverflow":
-          searches.push(searchStackOverflow(query, resultsPerSource));
-          break;
-      }
-    }
-    const searchResults = await Promise.all(searches);
-    for (const results of searchResults) {
-      allResults.push(...results);
+    const encodedQuery = encodeURIComponent(`${query} site:twitter.com OR site:x.com`);
+    const url = `https://www.google.com/search?q=${encodedQuery}&num=${limit}`;
+    const domainCheck = passesDomainFilter(url, allowedDomains, blockedDomains);
+    if (!domainCheck.passes) {
+      warnings.push(`X search skipped: ${domainCheck.reason}`);
+      return results;
     }
-    allResults.sort((a, b) => (b.score || 0) - (a.score || 0));
-    const limitedResults = allResults.slice(0, max_results);
-    return {
-      success: true,
-      query,
-      results: limitedResults,
-      sources_searched: sourcesSearched,
-      total_results: limitedResults.length
-    };
   } catch (error) {
+    console.error(`[search_web] X error: ${error.message}`);
+  }
+  return results;
+}
+async function searchWeb(args) {
+  const startTime = performance.now();
+  const warnings = [];
+  let searchesPerformed = 0;
+  const validation = validateInput(args);
+  if (!validation.valid) {
     return {
       success: false,
       query: args.query || "",
       results: [],
       sources_searched: [],
       total_results: 0,
-      error: `Unexpected error: ${error.message}`
+      duration_seconds: 0,
+      searches_performed: 0,
+      error: validation.error
     };
   }
+  const {
+    query,
+    sources = DEFAULT_SOURCES,
+    max_results = MAX_RESULTS_DEFAULT,
+    allowed_domains,
+    blocked_domains,
+    max_uses = MAX_USES_DEFAULT
+  } = args;
+  if (sources.length > max_uses) {
+    warnings.push(`Requested ${sources.length} sources but max_uses is ${max_uses} - limiting to ${max_uses} sources`);
+  }
+  const allResults = [];
+  const sourcesSearched = [];
+  const limitedSources = sources.slice(0, max_uses);
+  const resultsPerSource = Math.ceil(max_results / limitedSources.length);
+  const searches = [];
+  for (const source of limitedSources) {
+    sourcesSearched.push(source);
+    switch (source) {
+      case "reddit":
+        searches.push(searchReddit(query, resultsPerSource, allowed_domains, blocked_domains));
+        break;
+      case "github":
+        searches.push(searchGitHub(query, resultsPerSource, allowed_domains, blocked_domains));
+        break;
+      case "stackoverflow":
+        searches.push(searchStackOverflow(query, resultsPerSource, allowed_domains, blocked_domains));
+        break;
+      case "x":
+        searches.push(searchX(query, resultsPerSource, allowed_domains, blocked_domains));
+        break;
+    }
+  }
+  const searchResults = await Promise.all(searches);
+  searchesPerformed = searchResults.length;
+  for (const results of searchResults) {
+    allResults.push(...results);
+  }
+  allResults.sort((a, b) => (b.score || 0) - (a.score || 0));
+  const limitedResults = allResults.slice(0, max_results);
+  const endTime = performance.now();
+  const durationSeconds = (endTime - startTime) / 1e3;
+  if (limitedResults.length === 0) {
+    warnings.push("No results found - try adjusting your query or domain filters");
+  }
+  return {
+    success: true,
+    query,
+    results: limitedResults,
+    sources_searched: sourcesSearched,
+    total_results: limitedResults.length,
+    duration_seconds: Math.round(durationSeconds * 100) / 100,
+    // 2 casas decimais
+    searches_performed: searchesPerformed,
+    warnings: warnings.length > 0 ? warnings : void 0
+  };
 }
 // src/app/agent/tools/natives/load_skill.ts
@@ -13036,7 +13212,7 @@ You are the **BluMa Coordinator** \u2014 a **Product Owner + Engineering Manager
 ## 0. Core Philosophy: Team > Solo
-**One AI is good. A coordinated team of 3-7 AIs is exponentially better.**
+**One AI is good. A coordinated team of 3-7 AIs can be better when the task truly benefits from delegation.**
 Think of yourself as a **rigorous PO** who:
 - Receives a request from the user (the "client")
@@ -13044,7 +13220,7 @@ Think of yourself as a **rigorous PO** who:
 - Assigns each task to the right specialist worker
 - Coordinates their work in parallel
 - Verifies quality before delivering to the client
-- **Always prefers team execution over solo work** for anything non-trivial
+- **Prefer team execution** when the task is non-trivial, parallelizable, risky, or needs independent verification
 **Why this matters:**
 - **Quality**: Each worker focuses deeply on one aspect \u2192 fewer mistakes
@@ -13054,14 +13230,15 @@ Think of yourself as a **rigorous PO** who:
 - **CEO appreciation**: Systematic, professional approach that scales
 **Default behavior**: When a task arrives, your first instinct should be:
-> "How can I break this into parallel worker tasks?"
+> "Can I answer or handle this directly?"
-Not: "How do I do this myself?"
+Only if the answer is no, ask:
+> "How can I break this into parallel worker tasks?"
 ## 1. Your Role
 You do **NOT execute tasks directly** (except trivial reads). Your job is to:
-- **Orchestrate workers** to research, implement, and verify changes
+- **Orchestrate workers** to research, implement, and verify changes when that materially improves speed, quality, or confidence
 - **Synthesize results** and communicate with the user
 - **Answer questions directly** when possible \u2014 don't delegate work you can handle without tools
 - **Read-only tools** (\`read_file_lines\`, \`grep\`, etc.) are fine for **light** coordinator checks (e.g. verify a path before writing a worker spec); heavy exploration belongs in workers
@@ -14233,7 +14410,7 @@ Use **both** API **reasoning** (when available) **and** the \`message\` tool. Re
 - Never claim success without tool output that proves it.
 - **Stay audible:** Your **default** in multi-step work is to call \`message\` with \`message_type: "info"\` **early and often** \u2014 not optional polish. **Bias toward sending \`info\`** after discoveries, failures, and before long tool chains; **several \`info\` calls per turn** is normal and expected. Do **not** hide behind tools or reasoning only; \`info\` is how the user follows along.
 - **Ask when uncertain:** Use \`ask_user_question\` when you encounter ambiguity, need clarification, or face multiple valid approaches. Do not assume \u2014 ask the user to make decisions about their preferences, requirements, or implementation choices. This tool is your primary mechanism for resolving uncertainty.
-- **Team-first mindset:** For any non-trivial task, prefer spawning parallel workers over doing it yourself. One AI is good; a coordinated team of 3-7 workers is exponentially better. Break work into research \u2192 implementation \u2192 verification phases, each handled by specialist workers. You are the PO \u2014 orchestrate, synthesize, verify, deliver.
+- **Worker policy:** Use workers surgically, not by default. Do the work directly when the task is simple, local, or already well-scoped. Spawn workers when the task is genuinely non-trivial, parallelizable, risky, or needs independent verification. Break larger efforts into research \u2192 implementation \u2192 verification phases when that creates real value. You are the PO \u2014 orchestrate when it helps, synthesize, verify, deliver.
 - **Engineer mindset \u2014 question anomalies:** When something seems wrong (memory loss, unexpected behavior, aggressive defaults), **investigate deeply**. Do not accept "it's working as designed". Trace the code, find the root cause, and **have courage to revert** if a feature breaks core functionality. Protect the session, memory, and stability above all.
 - **Courage to reverse:** If you discover a path is wrong (e.g., a "feature" that destroys context, a default that's too aggressive), **stop immediately**, explain why it's broken, and revert/remove it. Better to undo a bad change than to let it cause harm. This is what separates a **thinking engineer** from a **blind executor**.
 - Large efforts: \`todo\`; parallel subtasks: \`spawn_agent\` with a clear scope + \`wait_agent\` / \`list_agents\`.
@@ -14567,6 +14744,46 @@ Next steps: ${anchor.nextSteps}`;
 }
 // src/app/agent/core/context-api/context_manager.ts
+function isValidJsonArguments(value) {
+  if (typeof value !== "string") return false;
+  try {
+    JSON.parse(value);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function sanitizeConversationForProvider(conversationHistory) {
+  const cleaned = [];
+  const issues = [];
+  let droppingCorruptTurn = false;
+  for (let index = 0; index < conversationHistory.length; index += 1) {
+    const msg = conversationHistory[index];
+    if (droppingCorruptTurn) {
+      if (msg?.role === "assistant") {
+        continue;
+      }
+      droppingCorruptTurn = false;
+    }
+    const toolCalls = Array.isArray(msg?.tool_calls) ? msg.tool_calls : null;
+    if (msg?.role === "assistant" && toolCalls && toolCalls.length > 0) {
+      const invalidCalls = toolCalls.filter(
+        (call) => !isValidJsonArguments(call?.function?.arguments)
+      );
+      if (invalidCalls.length > 0) {
+        issues.push({
+          index,
+          reason: "assistant tool_calls had invalid JSON arguments",
+          toolNames: invalidCalls.map((call) => String(call?.function?.name ?? "unknown"))
+        });
+        droppingCorruptTurn = true;
+        continue;
+      }
+    }
+    cleaned.push(conversationHistory[index]);
+  }
+  return { messages: cleaned, issues };
+}
 function partitionConversationIntoTurnSlices(conversationHistory) {
   const turns = [];
   let current = [];
@@ -14602,13 +14819,15 @@ async function createApiContextWindow(fullHistory, currentAnchor, compressedTurn
   const tokenBudget = options?.tokenBudget ?? CONTEXT_TOKEN_BUDGET;
   const compressThreshold = options?.compressThreshold ?? COMPRESS_THRESHOLD;
   const keepRecentTurns = options?.keepRecentTurns ?? KEEP_RECENT_TURNS;
+  const sanitized = sanitizeConversationForProvider(fullHistory);
+  const safeHistory = sanitized.messages;
   const systemMessages = [];
   let historyStartIndex = 0;
-  while (historyStartIndex < fullHistory.length && fullHistory[historyStartIndex].role === "system") {
-    systemMessages.push(fullHistory[historyStartIndex]);
+  while (historyStartIndex < safeHistory.length && safeHistory[historyStartIndex].role === "system") {
+    systemMessages.push(safeHistory[historyStartIndex]);
     historyStartIndex++;
   }
-  const conversationHistory = fullHistory.slice(historyStartIndex);
+  const conversationHistory = safeHistory.slice(historyStartIndex);
   const turnSlices = partitionConversationIntoTurnSlices(conversationHistory);
   const n = turnSlices.length;
   const recentStart = Math.max(0, n - keepRecentTurns);
@@ -14654,6 +14873,29 @@ async function createApiContextWindow(fullHistory, currentAnchor, compressedTurn
 init_runtime_config();
 import os23 from "os";
 import OpenAI from "openai";
+// src/app/agent/core/llm/streaming_delta.ts
+function extractStreamingDelta(previous, next) {
+  const prev = String(previous ?? "");
+  const curr = String(next ?? "");
+  if (!curr) return "";
+  if (!prev) return curr;
+  if (curr.startsWith(prev)) {
+    return curr.slice(prev.length);
+  }
+  if (prev.startsWith(curr)) {
+    return "";
+  }
+  const maxOverlap = Math.min(prev.length, curr.length);
+  for (let overlap = maxOverlap; overlap > 0; overlap -= 1) {
+    if (prev.slice(-overlap) === curr.slice(0, overlap)) {
+      return curr.slice(overlap);
+    }
+  }
+  return curr;
+}
+// src/app/agent/core/llm/llm.ts
 function defaultBlumaUserContextInput(sessionId, userMessage) {
   const msg = String(userMessage || "").slice(0, 300);
   return {
@@ -14845,12 +15087,17 @@ var LLMService = class {
       { headers: this.requestHeaders(params.userContext) }
     );
     const toolCallsAccumulator = /* @__PURE__ */ new Map();
+    let reasoningSnapshot = "";
     for await (const chunk of stream) {
       const choice = chunk.choices[0];
       if (!choice) continue;
       const delta = choice.delta;
       applyDeltaToolCallsToAccumulator(toolCallsAccumulator, delta?.tool_calls);
-      const reasoning = delta?.reasoning_content || delta?.reasoning || "";
+      const rawReasoning = delta?.reasoning_content || delta?.reasoning || "";
+      const reasoning = extractStreamingDelta(reasoningSnapshot, rawReasoning);
+      if (reasoning) {
+        reasoningSnapshot += reasoning;
+      }
       const fullToolCalls = choice.finish_reason === "tool_calls" ? Array.from(toolCallsAccumulator.values()) : void 0;
       yield {
         delta: delta?.content || "",
@@ -14873,6 +15120,33 @@ var LLMService = class {
   }
 };
+// src/app/agent/core/llm/llm_errors.ts
+function formatLlmUiError(error) {
+  const rawMessage = error instanceof Error ? error.message : typeof error === "string" ? error : "Unknown error during LLM request.";
+  const lower = rawMessage.toLowerCase();
+  let message2 = "Ocorreu um erro inesperado ao contactar o modelo.";
+  let hint = "Tente novamente. Se continuar, verifique a liga\xE7\xE3o ao FactorRouter.";
+  if (lower.includes("timeout") || lower.includes("etimedout") || lower.includes("upstream_timeout")) {
+    message2 = "O BluMa demorou demasiado a responder.";
+    hint = "Aumente o timeout do pedido ou tente novamente.";
+  } else if (lower.includes("connection") || lower.includes("econnrefused") || lower.includes("ehostunreach") || lower.includes("enotfound")) {
+    message2 = "N\xE3o foi poss\xEDvel conectar ao servi\xE7o do modelo.";
+    hint = "Verifique a rede, o FactorRouter_URL e o estado do gateway.";
+  } else if (lower.includes("401") || lower.includes("403") || lower.includes("unauthorized") || lower.includes("forbidden")) {
+    message2 = "Falha de autentica\xE7\xE3o/autoriza\xE7\xE3o ao contactar o modelo.";
+    hint = "Verifique o FactorRouter_KEY e as permiss\xF5es da conta.";
+  } else if (lower.includes("api")) {
+    message2 = "Erro de comunica\xE7\xE3o com a API do modelo.";
+    hint = "Verifique credenciais e o estado do servi\xE7o upstream.";
+  }
+  return {
+    message: message2,
+    details: "See server logs for technical details.",
+    hint,
+    rawMessage
+  };
+}
 // src/app/agent/core/llm/tool_call_normalizer.ts
 import { randomUUID } from "crypto";
 var ToolCallNormalizer = class {
@@ -15028,7 +15302,15 @@ var ToolCallNormalizer = class {
    * Valida se um tool call normalizado é válido
    */
   static isValidToolCall(call) {
-    return !!(call.id && call.type === "function" && call.function?.name && typeof call.function.arguments === "string");
+    if (!(call.id && call.type === "function" && call.function?.name && typeof call.function.arguments === "string")) {
+      return false;
+    }
+    try {
+      JSON.parse(call.function.arguments);
+      return true;
+    } catch {
+      return false;
+    }
   }
 };
@@ -15312,7 +15594,8 @@ function buildTurnStartBackendMessage(params) {
 }
 // src/app/agent/bluma/core/bluma.ts
-var BluMaAgent = class {
+var BluMaAgent = class _BluMaAgent {
+  static MAX_INVALID_TOOL_CALL_RETRIES = 3;
   llm;
   sessionId;
   sessionFile = "";
@@ -15331,8 +15614,10 @@ var BluMaAgent = class {
   factorRouterTurnClosed = false;
   /** Passos seguidos sem tool_calls nem texto visível (só raciocínio) — evita loop lento no mesmo turno. */
   emptyAssistantReplySteps = 0;
-  /** Passos seguidos com texto do assistente sem tool_calls (violação de protocolo) — evita loop até timeout do job. */
-  directTextProtocolSteps = 0;
+  /** Reintentos consecutivos por tool call inválido. */
+  invalidToolCallRetrySteps = 0;
+  /** Deduplicação de reasoning chunks no streaming — evita repetição. */
+  lastReasoningChunkRef = "";
   constructor(sessionId, eventBus, llm, mcpClient, feedbackSystem) {
     this.sessionId = sessionId;
     this.eventBus = eventBus;
@@ -15375,6 +15660,33 @@ var BluMaAgent = class {
     if (!this.sessionFile) return;
     void saveSessionHistory(this.sessionFile, this.history, this.getMemorySnapshot());
   }
+  async handleInvalidToolCallRetry(message2) {
+    this.invalidToolCallRetrySteps += 1;
+    if (this.history[this.history.length - 1] === message2) {
+      this.history.pop();
+    }
+    if (this.invalidToolCallRetrySteps >= _BluMaAgent.MAX_INVALID_TOOL_CALL_RETRIES) {
+      this.eventBus.emit("backend_message", {
+        type: "error",
+        message: "The model kept returning invalid tool calls. Closing the turn to avoid a retry loop."
+      });
+      this.eventBus.emit("backend_message", {
+        type: "log",
+        message: "Invalid tool call retry limit reached",
+        payload: String(this.invalidToolCallRetrySteps)
+      });
+      await this.notifyFactorTurnEndIfNeeded("invalid_tool_calls_exhausted");
+      this.eventBus.emit("backend_message", { type: "done", status: "failed" });
+      this.invalidToolCallRetrySteps = 0;
+      return;
+    }
+    this.history.push({
+      role: "system",
+      content: "Previous assistant tool_calls were invalid. Retry with valid JSON arguments only, or answer without tools."
+    });
+    this.persistSession();
+    await this._continueConversation();
+  }
   async initialize() {
     await this.mcpClient.nativeToolInvoker.initialize();
     await this.mcpClient.initialize();
@@ -15483,7 +15795,7 @@ var BluMaAgent = class {
     const userContent = buildUserMessageContent(inputText, process.cwd());
     this.history.push({ role: "user", content: userContent });
     this.emptyAssistantReplySteps = 0;
-    this.directTextProtocolSteps = 0;
+    this.invalidToolCallRetrySteps = 0;
     this.eventBus.emit(
       "backend_message",
       buildTurnStartBackendMessage({
@@ -15529,15 +15841,18 @@ var BluMaAgent = class {
       }
     } catch (parseError) {
       this.eventBus.emit("backend_message", {
-        type: "error",
-        message: `Failed to parse tool arguments: ${parseError.message}`
+        type: "info",
+        message: "O BluMa encontrou um erro ao processar. A tentar recuperar a sess\xE3o..."
       });
       toolResultContent = JSON.stringify({
-        error: "Invalid tool arguments format",
-        details: `The arguments could not be parsed as JSON: ${parseError.message}`,
-        raw_arguments: toolCall.function.arguments
+        error: "Tool arguments could not be parsed",
+        recovery: "Session recovered automatically"
       });
       this.history.push({ role: "tool", tool_call_id: toolCall.id, content: toolResultContent });
+      this.history.push({
+        role: "system",
+        content: "The previous tool call had invalid JSON arguments. Please retry with properly formatted JSON arguments."
+      });
       this.persistSession();
       return true;
     }
@@ -15697,13 +16012,12 @@ var BluMaAgent = class {
         parsed.push({ toolCall, toolName: toolCall.function.name, toolArgs });
       } catch (parseError) {
         const toolResultContent = JSON.stringify({
-          error: "Invalid tool arguments format",
-          details: String(parseError?.message || parseError),
-          raw_arguments: toolCall.function.arguments
+          error: "Tool arguments could not be parsed",
+          recovery: "Session recovered automatically"
         });
         this.eventBus.emit("backend_message", {
-          type: "error",
-          message: `Failed to parse tool arguments: ${parseError.message}`
+          type: "info",
+          message: "O BluMa encontrou um erro ao processar. A tentar recuperar a sess\xE3o..."
         });
         this.history.push({ role: "tool", tool_call_id: toolCall.id, content: toolResultContent });
         this.persistSession();
@@ -15918,6 +16232,11 @@ ${editData.error.display}`;
           message: `Received follow-up from coordinator (priority: ${mailboxUpdate.followUp.priority})`
         });
       }
+      const sanitized = sanitizeConversationForProvider(this.history);
+      if (sanitized.issues.length > 0) {
+        this.history = sanitized.messages;
+        this.persistSession();
+      }
       const { messages: contextWindow, newAnchor, newCompressedTurnSliceCount } = await createApiContextWindow(
         this.history,
         this.sessionAnchor,
@@ -15935,8 +16254,18 @@ ${editData.error.display}`;
         await this._handleNonStreamingResponse(contextWindow);
       }
     } catch (error) {
-      const errorMessage = error instanceof Error ? error.message : "An unknown API error occurred.";
-      this.eventBus.emit("backend_message", { type: "error", message: errorMessage });
+      const uiError = formatLlmUiError(error);
+      this.eventBus.emit("backend_message", {
+        type: "error",
+        message: uiError.message,
+        details: uiError.details,
+        hint: uiError.hint
+      });
+      this.eventBus.emit("backend_message", {
+        type: "log",
+        message: "LLM request failed",
+        payload: uiError.rawMessage
+      });
       await this.notifyFactorTurnEndIfNeeded("llm_error");
       this.eventBus.emit("backend_message", { type: "done", status: "failed" });
     } finally {
@@ -15956,13 +16285,12 @@ ${editData.error.display}`;
       });
     } else if (this.emptyAssistantReplySteps >= 6) {
       this.eventBus.emit("backend_message", {
-        type: "error",
-        message: "The assistant produced no tool calls or visible text after several steps. Try again or use /effort low."
+        type: "info",
+        message: "O BluMa est\xE1 a ter dificuldade em processar. Tente novamente ou use /effort low para respostas mais r\xE1pidas."
       });
       await this.notifyFactorTurnEndIfNeeded("empty_reply_exhausted");
       this.eventBus.emit("backend_message", { type: "done", status: "failed" });
       this.emptyAssistantReplySteps = 0;
-      this.directTextProtocolSteps = 0;
       return;
     }
     await this._continueConversation();
@@ -15994,6 +16322,7 @@ ${editData.error.display}`;
       parallel_tool_calls: true,
       userContext: this.getLlmUserContext()
     });
+    this.lastReasoningChunkRef = "";
     for await (const chunk of stream) {
       if (this.isInterrupted) {
         this.eventBus.emit("stream_end", {});
@@ -16005,7 +16334,11 @@ ${editData.error.display}`;
           this.eventBus.emit("stream_start", {});
           hasEmittedStart = true;
         }
-        this.eventBus.emit("stream_reasoning_chunk", { delta: chunk.reasoning });
+        const reasoningKey = chunk.reasoning.trim().replace(/\s+/g, " ");
+        if (reasoningKey !== this.lastReasoningChunkRef) {
+          this.lastReasoningChunkRef = reasoningKey;
+          this.eventBus.emit("stream_reasoning_chunk", { delta: chunk.reasoning });
+        }
       }
       if (chunk.delta) {
         if (!hasEmittedStart) {
@@ -16044,16 +16377,12 @@ ${editData.error.display}`;
     this.history.push(normalizedMessage);
     if (normalizedMessage.tool_calls && normalizedMessage.tool_calls.length > 0) {
       this.emptyAssistantReplySteps = 0;
-      this.directTextProtocolSteps = 0;
+      this.invalidToolCallRetrySteps = 0;
       const validToolCalls = normalizedMessage.tool_calls.filter(
         (call) => ToolCallNormalizer.isValidToolCall(call)
       );
       if (validToolCalls.length === 0) {
-        this.eventBus.emit("backend_message", {
-          type: "error",
-          message: "Model returned invalid tool calls. Retrying..."
-        });
-        await this._continueConversation();
+        await this.handleInvalidToolCallRetry(normalizedMessage);
         return;
       }
       const needsConfirmation = validToolCalls.some(
@@ -16084,28 +16413,10 @@ ${editData.error.display}`;
       }
     } else if (trimmedText) {
       this.emptyAssistantReplySteps = 0;
-      this.directTextProtocolSteps += 1;
-      const MAX_DIRECT_TEXT_PROTOCOL = 3;
-      if (!hasEmittedStart) {
-        this.eventBus.emit("backend_message", { type: "assistant_message", content: accumulatedContent });
-      }
-      if (this.directTextProtocolSteps >= MAX_DIRECT_TEXT_PROTOCOL) {
-        this.eventBus.emit("backend_message", {
-          type: "error",
-          message: 'Agent kept answering with plain assistant text instead of the `message` tool with message_type "result". Turn forcibly closed to avoid job timeout; fix prompts or model routing.'
-        });
-        await this.notifyFactorTurnEndIfNeeded("protocol_direct_text_exhausted");
-        this.emitTurnCompleted();
-        this.emptyAssistantReplySteps = 0;
-        this.directTextProtocolSteps = 0;
-        return;
-      }
-      const feedback = this.feedbackSystem.generateFeedback({
-        event: "protocol_violation_direct_text",
-        details: { violationContent: accumulatedContent }
-      });
-      this.history.push({ role: "system", content: feedback.correction });
-      await this._continueConversation();
+      this.eventBus.emit("backend_message", { type: "assistant_message", content: accumulatedContent });
+      await this.notifyFactorTurnEndIfNeeded("assistant_text_without_tool_call");
+      this.emitTurnCompleted();
+      return;
     } else {
       await this.continueAfterEmptyAssistantResponse();
     }
@@ -16135,16 +16446,12 @@ ${editData.error.display}`;
     this.history.push(message2);
     if (message2.tool_calls && message2.tool_calls.length > 0) {
       this.emptyAssistantReplySteps = 0;
-      this.directTextProtocolSteps = 0;
+      this.invalidToolCallRetrySteps = 0;
       const validToolCalls = message2.tool_calls.filter(
         (call) => ToolCallNormalizer.isValidToolCall(call)
       );
       if (validToolCalls.length === 0) {
-        this.eventBus.emit("backend_message", {
-          type: "error",
-          message: "Model returned invalid tool calls. Retrying..."
-        });
-        await this._continueConversation();
+        await this.handleInvalidToolCallRetry(message2);
         return;
       }
       const needsConfirmation = validToolCalls.some(
@@ -16175,27 +16482,11 @@ ${editData.error.display}`;
       }
     } else if (typeof message2.content === "string" && message2.content.trim()) {
       this.emptyAssistantReplySteps = 0;
-      this.directTextProtocolSteps += 1;
-      const MAX_DIRECT_TEXT_PROTOCOL = 3;
+      this.invalidToolCallRetrySteps = 0;
       this.eventBus.emit("backend_message", { type: "assistant_message", content: message2.content });
-      if (this.directTextProtocolSteps >= MAX_DIRECT_TEXT_PROTOCOL) {
-        this.eventBus.emit("backend_message", {
-          type: "error",
-          message: 'Agent kept answering with plain assistant text instead of the `message` tool with message_type "result". Turn forcibly closed to avoid job timeout.'
-        });
-        await this.notifyFactorTurnEndIfNeeded("protocol_direct_text_exhausted");
-        this.emitTurnCompleted();
-        this.emptyAssistantReplySteps = 0;
-        this.directTextProtocolSteps = 0;
-        return;
-      }
-      const feedback = this.feedbackSystem.generateFeedback({
-        event: "protocol_violation_direct_text",
-        details: { violationContent: message2.content }
-      });
-      this.eventBus.emit("backend_message", { type: "protocol_violation", message: feedback.message, content: message2.content });
-      this.history.push({ role: "system", content: feedback.correction });
-      await this._continueConversation();
+      await this.notifyFactorTurnEndIfNeeded("assistant_text_without_tool_call");
+      this.emitTurnCompleted();
+      return;
     } else {
       await this.continueAfterEmptyAssistantResponse();
     }
@@ -16993,11 +17284,13 @@ var BaseLLMSubAgent = class {
   /** Um turnId por execute(); reutilizado em todo o loop de tools do subagente. */
   subagentTurnContext = null;
   lastActivityTimestamp = Date.now();
+  terminalEventEmitted = false;
   async execute(input, ctx) {
     workerLog.info("Worker started", { id: this.id, pid: process.pid });
     this.emitEvent("worker_heartbeat", { status: "started", timestamp: Date.now(), pid: process.pid, id: this.id });
     this.ctx = ctx;
     this.isInterrupted = false;
+    this.terminalEventEmitted = false;
     this.ctx.eventBus.on("user_interrupt", () => {
       this.isInterrupted = true;
     });
@@ -17060,13 +17353,15 @@ var BaseLLMSubAgent = class {
             this.emitEvent("error", {
               message: `Subagent tool "${message2.tool_calls[0].function.name}" requires confirmation outside sandbox mode.`
             });
-            this.emitEvent("done", { status: "blocked_confirmation" });
+            this.emitDoneOnce("blocked_confirmation");
             break;
           }
           await this._handleToolExecution({ type: "user_decision_execute", tool_calls: message2.tool_calls });
-        } else if (message2.content) {
+        } else if (typeof message2.content === "string" && message2.content.trim()) {
           this.emitEvent("assistant_message", { content: message2.content });
-          this.emitEvent("protocol_violation", { message: "Direct text emission detected from subagent.", content: message2.content });
+          this.emitEvent("info", { message: "SubAgent returned plain text without tool_calls. Closing turn." });
+          this.emitDoneOnce("completed");
+          break;
         } else {
           this.emitEvent("info", { message: "SubAgent is thinking... continuing reasoning cycle." });
         }
@@ -17074,8 +17369,9 @@ var BaseLLMSubAgent = class {
       }
       if (turnCount >= MAX_TURNS) {
         this.emitEvent("info", { message: `Worker reached max turns limit (${MAX_TURNS}).` });
-        this.emitEvent("done", { status: "max_turns_reached" });
+        this.emitDoneOnce("max_turns_reached");
       }
+      this.emitDoneOnce("completed");
       return { history: this.history, turns: turnCount, status: this.isInterrupted ? "cancelled" : "completed" };
     };
     const timeoutPromise = new Promise((_, reject) => {
@@ -17088,7 +17384,7 @@ var BaseLLMSubAgent = class {
       if (error.message?.includes("timed out")) {
         workerLog.warn("Worker timed out", { id: this.id, turns: turnCount });
         this.emitEvent("error", { message: error.message });
-        this.emitEvent("done", { status: "timeout" });
+        this.emitDoneOnce("timeout");
       } else {
         this.emitEvent("error", { message: error.message });
       }
@@ -17189,9 +17485,11 @@ ${editData.error.display}`;
         if (!lastToolName.includes("agent_end_turn") && !this.isInterrupted) {
           await this._continueConversation();
         }
-      } else if (message2.content) {
+      } else if (typeof message2.content === "string" && message2.content.trim()) {
         this.emitEvent("assistant_message", { content: message2.content });
-        this.emitEvent("protocol_violation", { message: "Direct text emission detected from subagent.", content: message2.content });
+        this.emitEvent("info", { message: "SubAgent returned plain text without tool_calls. Closing turn." });
+        this.emitEvent("done", { status: "completed" });
+        return;
       } else {
         this.emitEvent("info", { message: "SubAgent is thinking... continuing reasoning cycle." });
       }
@@ -17247,7 +17545,7 @@ ${editData.error.display}`;
         result: toolResultContent
       });
       if (toolName.includes("agent_end_turn")) {
-        this.emitEvent("done", { status: "completed" });
+        this.emitDoneOnce("completed");
       }
     } else {
       toolResultContent = "Tool execution was declined.";
@@ -17286,7 +17584,12 @@ ${editData.error.display}`;
     } catch {
     }
     this.isInterrupted = true;
-    this.emitEvent("done", { status: "shutdown", reason });
+    this.emitDoneOnce("shutdown", { reason });
+  }
+  emitDoneOnce(status, extra = {}) {
+    if (this.terminalEventEmitted) return;
+    this.terminalEventEmitted = true;
+    this.emitEvent("done", { status, ...extra });
   }
   /**
    * Verifica mailbox por follow-ups do coordinator
@@ -18558,23 +18861,12 @@ var ToolResultDisplayComponent = ({
   if (toolName.includes("ask_user_question")) {
     const success = parsed?.success === true;
     const selectedLabel = typeof parsed?.selected_label === "string" ? parsed.selected_label : "";
-    const selectedIndex = typeof parsed?.selected_index === "number" ? parsed.selected_index : null;
-    const questionIndex = typeof parsed?.question_index === "number" ? parsed.question_index : 0;
-    const qs = Array.isArray(args?.questions) ? args.questions : [];
-    const q = qs[questionIndex];
-    const questionText = typeof q?.question === "string" ? q.question : "";
     if (success && selectedLabel) {
-      return /* @__PURE__ */ jsx13(ResultGutter, { children: /* @__PURE__ */ jsxs13(Box13, { flexDirection: "column", children: [
-        /* @__PURE__ */ jsxs13(Text13, { dimColor: true, children: [
-          /* @__PURE__ */ jsx13(Text13, { bold: true, children: "Response" }),
-          " \xB7 ",
-          selectedLabel
-        ] }),
-        questionText ? /* @__PURE__ */ jsxs13(Text13, { dimColor: true, wrap: "wrap", children: [
-          truncate3(questionText, 140),
-          selectedIndex !== null ? ` \xB7 option ${selectedIndex + 1}` : ""
-        ] }) : null
-      ] }) });
+      return /* @__PURE__ */ jsx13(ResultGutter, { children: /* @__PURE__ */ jsx13(Box13, { flexDirection: "column", children: /* @__PURE__ */ jsxs13(Text13, { dimColor: true, children: [
+        /* @__PURE__ */ jsx13(Text13, { bold: true, children: "Response" }),
+        " \xB7 ",
+        selectedLabel
+      ] }) }) });
     }
     if (parsed?.cancelled === true) {
       return /* @__PURE__ */ jsx13(ResultGutter, { children: /* @__PURE__ */ jsxs13(Text13, { dimColor: true, children: [
@@ -20741,183 +21033,137 @@ Report the release version, tag, changelog summary, and verification results whe
       );
     }
     if (cmd === "review") {
-      const target = args.join(" ") || "";
+      const normalizedArgs = args.map((a) => a.toLowerCase());
+      const hasMasonPrefix = normalizedArgs[0] === "mason" || normalizedArgs[0] === "with" && normalizedArgs[1] === "mason";
+      const reviewMode = hasMasonPrefix ? "mason" : "direct";
+      const targetArgs = hasMasonPrefix ? normalizedArgs[0] === "mason" ? args.slice(1) : args.slice(2) : args;
+      const target = targetArgs.join(" ") || "";
       const isPR = target && /^\d+$/.test(target);
       (async () => {
         try {
           const reviewTarget = isPR ? `PR #${target}` : target === "local" || target === "local changes" ? "current local changes (git diff HEAD)" : target ? `the file/module: ${target}` : "current local changes (git diff HEAD)";
-          await agentRef.current?.processTurn({
-            content: `## REVIEW COORDINATOR MODE \u2014 Lead a Team of Senior QA Reviewers
+          const reviewPrompt = reviewMode === "mason" ? `## REVIEW COORDINATOR MODE \u2014 Mason Specialists
-You are now the **Review Coordinator** \u2014 a Principal Engineer leading a team of senior, picky QA reviewers. Your job is to orchestrate a **thorough, line-by-line code review** where NOTHING slips through.
+You are now the **Review Coordinator** for a slower, deeper pass with Mason senior specialists.
-**NEVER be afraid to coordinate.** Spawning specialized reviewers is how you catch bugs that a single reviewer would miss.
+This mode is intentionally heavier:
+- You may coordinate specialized reviewers in parallel
+- Each reviewer should focus on one area of risk
+- This can take longer, but it should surface deeper issues
 **Review Target:** ${reviewTarget}
 ### COORDINATOR REVIEW WORKFLOW
-#### Step 1: Triage (you do this \u2014 quick, ~30s)
+#### Step 1: Triage
 1. Gather the diff/changes:
    ${isPR ? `- Run \`gh pr view ${target}\` for PR details` : ""}
    ${isPR ? `- Run \`gh pr diff ${target}\` for the full diff` : ""}
    ${!isPR && target !== "local" && target !== "local changes" ? `- Read the file: ${target}` : ""}
    ${target === "local" || target === "local changes" ? `- Run \`git diff HEAD\` for unstaged changes` : ""}
    ${target === "local" || target === "local changes" ? `- Run \`git diff --cached HEAD\` for staged changes` : ""}
-2. Understand the SCOPE: how many files changed, what areas are affected
+2. Identify the risk surface and decide which specialist areas are worth parallelizing
-#### Step 2: Spawn 3 Parallel Review Workers
-Launch exactly **3 workers in parallel** \u2014 one for each core area.
+#### Step 2: Parallel Specialists
+If the scope justifies it, spawn specialized reviewers in parallel:
+- Security
+- Logic & Correctness
+- Code Quality
-**IMPORTANT:** Each worker MUST read EVERY changed file line by line. Do NOT report until you have examined all files. List each file you reviewed in your report.
+If the scope is small, do not force parallelism. Use judgment.
-**Worker 1 \u2014 Security Reviewer:**
-\`\`\`
-spawn_agent({
-  task: "SECURITY REVIEW: Thoroughly review ${reviewTarget} for security vulnerabilities.
-You are a Senior Security Engineer. Read EVERY changed file line by line. Do NOT report until you have examined all files.
-Look for:
-- Injection vulnerabilities (SQL, XSS, command injection, template injection)
-- Authentication/authorization flaws (missing auth checks, privilege escalation)
-- Sensitive data exposure (secrets in logs, PII leaks, hardcoded credentials)
-- Insecure defaults (missing TLS, weak crypto, permissive CORS)
-- Input validation gaps (missing sanitization, type confusion)
-- Dependency vulnerabilities (outdated packages, known CVEs)
-- Path traversal, SSRF, CSRF, race conditions
-For EACH issue found:
-- Severity: CRITICAL / HIGH / MEDIUM / LOW
-- File:line number
-- Exact code snippet
-- Why it's vulnerable
-- How to exploit it (brief)
-- Recommended fix
-Be PICKY. If something looks suspicious, flag it.
-Do NOT modify files. Report only.
-At the end of your report, list ALL files you reviewed.",
-  title: "Security Review",
-  agent_type: "reviewer"
-})
-\`\`\`
+#### Step 3: Synthesize
+Wait for all reviewers that you spawned, then synthesize the findings into a single review report.
-**Worker 2 \u2014 Logic & Correctness:**
-\`\`\`
-spawn_agent({
-  task: "LOGIC REVIEW: Thoroughly review ${reviewTarget} for bugs and logic errors.
-You are a Senior QA Engineer who finds bugs for a living. Read EVERY changed file line by line. Do NOT report until you have examined all files.
-Look for:
-- Logic errors (wrong conditions, off-by-one, inverted boolean, wrong operator)
-- Null/undefined handling (missing null checks, unsafe property access)
-- State management issues (stale state, missing initialization, race conditions)
-- Async bugs (unawaited promises, missing error handling, promise rejections)
-- Edge cases (empty arrays, zero values, negative numbers, boundary conditions)
-- Wrong assumptions (code assumes X but Y can happen)
-- Dead code (unreachable branches, unused variables, commented-out logic)
-- Error handling gaps (swallowed errors, missing catch blocks, generic catches)
-For EACH issue found:
-- Severity: BLOCKER / MAJOR / MINOR
-- File:line number
-- What the code does vs what it SHOULD do
-- How to trigger the bug
-- Recommended fix
-Be RELENTLESS. Question every assumption.
-Do NOT modify files. Report only.
-At the end of your report, list ALL files you reviewed.",
-  title: "Logic & Correctness Review",
-  agent_type: "reviewer"
-})
-\`\`\`
+#### Step 4: Produce the Review Report
+Compile a comprehensive review report:
-**Worker 3 \u2014 Code Quality:**
-\`\`\`
-spawn_agent({
-  task: "CODE QUALITY REVIEW: Thoroughly review ${reviewTarget} for code quality and convention violations.
+**REVIEW REPORT for ${reviewTarget}**
-You are a Staff Engineer obsessed with clean code. Read EVERY changed file line by line. Do NOT report until you have examined all files.
+\u{1F534} CRITICAL / BLOCKER (must fix before merge):
+- [List critical findings]
-Look for:
-- Naming issues (misleading names, abbreviations, inconsistent casing)
-- Function length and complexity (too long, too many responsibilities, deep nesting)
-- DRY violations (duplicated logic that should be extracted)
-- SOLID violations (tight coupling, god classes, leaking abstractions)
-- Style inconsistencies (formatting, import order, naming conventions)
-- Missing or wrong comments (no docs for complex logic, outdated comments)
-- Type safety issues (any usage, missing type annotations, wrong types)
-- Error message quality (unhelpful messages, missing context)
-- API design (inconsistent interfaces, breaking changes, missing deprecation)
+\u{1F7E1} HIGH / MAJOR (should fix):
+- [List high findings]
-For EACH issue found:
-- File:line number
-- What's wrong
-- Suggested improvement with before/after code
+\u{1F7E2} MEDIUM / MINOR (nice to fix):
+- [List medium findings]
-Be PICKY about readability. Code is read 10x more than written.
+\u2139\uFE0F OBSERVATIONS (no action needed):
+- [List observations]
-Do NOT modify files. Report only.
+\u2705 POSITIVE FINDINGS:
+- [List strong points]
-At the end of your report, list ALL files you reviewed.",
-  title: "Code Quality Review",
-  agent_type: "reviewer"
-})
-\`\`\`
+**Review Summary:**
+- Total issues found: X critical, Y high, Z medium
+- Reviewers used: [list workers or "direct review"]
+- Recommendation: APPROVE / APPROVE WITH COMMENTS / REQUEST CHANGES
+- Confidence level: HIGH / MEDIUM / LOW
+### COORDINATOR RULES
+- Be selective: do not spawn workers unless the scope justifies it
+- If workers fail, finish the review yourself
+- Never rubber-stamp
+- Never fabricate results
-#### Step 3: Wait for Workers + Synthesize
-Wait for ALL 3 workers to complete. Use wait_agent with a large timeout (600000ms).
+Start coordinating now.` : `## REVIEW MODE \u2014 Direct Senior Review
-**If workers fail or sessions disappear:**
-- This can happen with fast-completing workers
-- Simply perform the review yourself by reading the changed files
-- Report: "Workers completed/unavailable \u2014 performing review directly"
-- Do NOT waste time retrying \u2014 just do the review
+You are a senior engineer performing a direct code review. Do the review yourself using the available tools and your own judgment.
-**NEVER write** "the review looks good" \u2014 that's lazy.
-**ALWAYS synthesize**: Group findings by severity, cross-reference between reviewers, identify patterns.
+**Do not spawn parallel reviewers by default.** Only use extra agents if the scope is genuinely large and you need them.
-#### Step 4: Produce the Review Report
-Compile a comprehensive review report:
+**Review Target:** ${reviewTarget}
+### REVIEW WORKFLOW
+#### Step 1: Triage
+1. Gather the diff/changes:
+   ${isPR ? `- Run \`gh pr view ${target}\` for PR details` : ""}
+   ${isPR ? `- Run \`gh pr diff ${target}\` for the full diff` : ""}
+   ${!isPR && target !== "local" && target !== "local changes" ? `- Read the file: ${target}` : ""}
+   ${target === "local" || target === "local changes" ? `- Run \`git diff HEAD\` for unstaged changes` : ""}
+   ${target === "local" || target === "local changes" ? `- Run \`git diff --cached HEAD\` for staged changes` : ""}
+2. Understand the scope and the main risk areas
+#### Step 2: Review Directly
+Read the changed files carefully yourself. Focus on:
+- Correctness and regressions
+- Security and data handling
+- Tests and edge cases
+- Clarity and maintainability
+If the diff is large, you may use helpers, but keep the review centered on your own synthesis.
+#### Step 3: Produce the Review Report
+Compile a concise but rigorous review report:
 **REVIEW REPORT for ${reviewTarget}**
 \u{1F534} CRITICAL / BLOCKER (must fix before merge):
-- [List all critical findings]
+- [List critical findings]
 \u{1F7E1} HIGH / MAJOR (should fix):
-- [List all high findings]
+- [List high findings]
 \u{1F7E2} MEDIUM / MINOR (nice to fix):
-- [List all medium findings]
+- [List medium findings]
 \u2139\uFE0F OBSERVATIONS (no action needed):
-- [List observations, style notes]
+- [List observations]
-\u2705 POSITIVE FINDINGS (what's good):
-- [List well-written code, good patterns]
+\u2705 POSITIVE FINDINGS:
+- [List strong points]
 **Review Summary:**
 - Total issues found: X critical, Y high, Z medium
-- Reviewers used: [list workers or "direct review"]
+- Reviewers used: direct review
 - Recommendation: APPROVE / APPROVE WITH COMMENTS / REQUEST CHANGES
 - Confidence level: HIGH / MEDIUM / LOW
-### COORDINATOR RULES
-- **You are the brain, reviewers are the eyes** \u2014 synthesize, don't just copy-paste
-- **Spawn 3 workers in parallel** \u2014 Security, Logic, Code Quality
-- **If workers fail, do the review yourself** \u2014 no drama, just deliver
-- **NEVER rubber-stamp** \u2014 your job is to find issues
-- **NEVER fabricate results** \u2014 report truth
-Start coordinating now. Triage the changes, then spawn your 3 reviewers.`
+Start the review now.`;
+          await agentRef.current?.processTurn({
+            content: reviewPrompt
           });
         } catch (e) {
           setHistory((prev) => prev.concat({