@phren/agent 0.1.0 → 0.1.2

package/dist/agent-loop.js

@@ -9,7 +9,6 @@ import { injectPlanPrompt, requestPlanApproval } from "./plan.js";
 import { detectLintCommand, detectTestCommand, runPostEditCheck } from "./tools/lint-test.js";
 import { createCheckpoint } from "./checkpoint.js";
 const MAX_TOOL_CONCURRENCY = 5;
-const MAX_LINT_TEST_RETRIES = 3;
 export function createSession(contextLimit) {
     return {
         messages: [],
@@ -76,7 +75,7 @@ async function consumeStream(stream, costTracker, onTextDelta) {
                 try {
                     input = JSON.parse(jsonStr);
                 }
-                catch (e) {
+                catch {
                     process.stderr.write(`\x1b[33m[warning] Malformed tool_use JSON for ${tool.name} (${tool.id}), skipping block\x1b[0m\n`);
                     continue;
                 }
@@ -105,7 +104,6 @@ export async function runTurn(userInput, session, config, hooks) {
     const toolDefs = registry.getDefinitions();
     const spinner = createSpinner();
     const useStream = typeof provider.chatStream === "function";
-    const write = hooks?.onTextDelta ?? process.stdout.write.bind(process.stdout);
     const status = hooks?.onStatus ?? ((msg) => process.stderr.write(msg));
     // Plan mode: modify system prompt for first turn
     let planPending = config.plan && session.turns === 0;

package/dist/checkpoint.js

@@ -67,37 +67,3 @@ export function createCheckpoint(cwd, label) {
         return null;
     }
 }
-/** Rollback to a checkpoint by discarding current changes and applying the stash. */
-export function rollbackToCheckpoint(cwd, ref) {
-    if (!isGitRepo(cwd))
-        return false;
-    try {
-        // Discard current working tree changes
-        execFileSync("git", ["checkout", "."], {
-            cwd,
-            encoding: "utf-8",
-            stdio: ["ignore", "pipe", "pipe"],
-        });
-        // Apply the stash ref
-        execFileSync("git", ["stash", "apply", ref], {
-            cwd,
-            encoding: "utf-8",
-            stdio: ["ignore", "pipe", "pipe"],
-        });
-        return true;
-    }
-    catch {
-        return false;
-    }
-}
-/** List stored checkpoints. */
-export function listCheckpoints(cwd) {
-    return loadStore(cwd).checkpoints;
-}
-/** Get the latest checkpoint ref. */
-export function getLatestCheckpoint(cwd) {
-    const store = loadStore(cwd);
-    return store.checkpoints.length > 0
-        ? store.checkpoints[store.checkpoints.length - 1].ref
-        : null;
-}

package/dist/index.js

@@ -8,6 +8,9 @@ import { editFileTool } from "./tools/edit-file.js";
 import { shellTool } from "./tools/shell.js";
 import { globTool } from "./tools/glob.js";
 import { grepTool } from "./tools/grep.js";
+import { createWebFetchTool } from "./tools/web-fetch.js";
+import { createWebSearchTool } from "./tools/web-search.js";
+import { createPhrenAddTaskTool } from "./tools/phren-add-task.js";
 import { createPhrenSearchTool } from "./tools/phren-search.js";
 import { createPhrenFindingTool } from "./tools/phren-finding.js";
 import { createPhrenGetTasksTool, createPhrenCompleteTaskTool } from "./tools/phren-tasks.js";
@@ -84,7 +87,10 @@ export async function runAgentCli(raw) {
             contextSnippet += `\n\n## Agent context (${phrenCtx.project})\n\n${projectCtx}`;
         }
     }
-    const systemPrompt = buildSystemPrompt(contextSnippet, priorSummary);
+    const systemPrompt = buildSystemPrompt(contextSnippet, priorSummary, {
+        name: provider.name,
+        model: provider.model,
+    });
     // Dry run: print system prompt and exit
     if (args.dryRun) {
         console.log("=== System Prompt ===");
@@ -111,8 +117,11 @@ export async function runAgentCli(raw) {
         registry.register(createPhrenFindingTool(phrenCtx, sessionId));
         registry.register(createPhrenGetTasksTool(phrenCtx));
         registry.register(createPhrenCompleteTaskTool(phrenCtx, sessionId));
+        registry.register(createPhrenAddTaskTool(phrenCtx, sessionId));
     }
-    // Git tools
+    // Web tools
+    registry.register(createWebFetchTool());
+    registry.register(createWebSearchTool());
     registry.register(gitStatusTool);
     registry.register(gitDiffTool);
     registry.register(gitCommitTool);

package/dist/multi/model-picker.js

@@ -85,7 +85,6 @@ export function showModelPicker(provider, currentModel, w) {
             const m = models[i];
             const selected = i === cursor;
             const arrow = selected ? s.cyan("▸") : " ";
-            const label = selected ? s.bold(m.label) : s.dim(m.label);
             const padded = m.label + " ".repeat(maxLabel - m.label.length);
             const labelStr = selected ? s.bold(padded) : s.dim(padded);
             const meter = renderReasoningMeter(reasoningState[i], m.reasoningRange);
@@ -97,7 +96,6 @@ export function showModelPicker(provider, currentModel, w) {
     // Initial draw
     drawPicker();
     return new Promise((resolve) => {
-        const wasRaw = process.stdin.isRaw;
         function onKey(_ch, key) {
             if (!key)
                 return;

package/dist/multi/provider-manager.js

@@ -92,34 +92,11 @@ export function removeCustomModel(id) {
 export function getCustomModels() {
     return loadConfig().customModels;
 }
-/** Get all models for a provider (built-in + custom). */
-export async function getAllModelsForProvider(provider, currentModel) {
-    // Import dynamically to avoid circular dep
-    const { getAvailableModels } = await import("./model-picker.js");
-    const builtIn = getAvailableModels(provider, currentModel);
-    // Add custom models for this provider
-    const custom = getCustomModels().filter((m) => m.provider === provider);
-    for (const c of custom) {
-        if (!builtIn.some((b) => b.id === c.id)) {
-            builtIn.push({
-                id: c.id,
-                provider: provider,
-                label: c.label + " ★",
-                reasoning: c.reasoning,
-                reasoningRange: c.reasoningRange,
-                contextWindow: c.contextWindow,
-            });
-        }
-    }
-    return builtIn;
-}
 // ── Format helpers for CLI display ──────────────────────────────────────────
 const DIM = "\x1b[2m";
 const BOLD = "\x1b[1m";
 const GREEN = "\x1b[32m";
 const RED = "\x1b[31m";
-const CYAN = "\x1b[36m";
-const YELLOW = "\x1b[33m";
 const RESET = "\x1b[0m";
 export function formatProviderList() {
     const statuses = getProviderStatuses();

package/dist/multi/syntax-highlight.js

@@ -6,7 +6,6 @@
 const ESC = "\x1b[";
 const RESET = `${ESC}0m`;
 const BOLD = `${ESC}1m`;
-const DIM = `${ESC}2m`;
 const MAGENTA = `${ESC}35m`;
 const GREEN = `${ESC}32m`;
 const YELLOW = `${ESC}33m`;

package/dist/multi/tui-multi.js

@@ -93,11 +93,11 @@ function formatToolEnd(toolName, input, output, isError, durationMs) {
     const icon = isError ? s.red("x") : s.green("ok");
     const preview = JSON.stringify(input).slice(0, 50);
     const header = s.dim(`  ${toolName}(${preview})`) + ` ${icon} ${s.dim(dur)}`;
-    const outputLines = output.split("\n").slice(0, 4);
+    const allLines = output.split("\n");
     const w = cols();
-    const body = outputLines.map((l) => s.dim(`  | ${l.slice(0, w - 6)}`)).join("\n");
-    const more = output.split("\n").length > 4 ? s.dim(`  | ... (${output.split("\n").length} lines)`) : "";
-    return `${header}\n${body}${more ? "\n" + more : ""}`;
+    const body = allLines.slice(0, 4).map((l) => s.dim(`  | ${l.slice(0, w - 6)}`)).join("\n");
+    const more = allLines.length > 4 ? `\n${s.dim(`  | ... (${allLines.length} lines)`)}` : "";
+    return `${header}\n${body}${more}`;
 }
 // ── Main TUI ─────────────────────────────────────────────────────────────────
 export async function startMultiTui(spawner, config) {
@@ -603,8 +603,6 @@ export async function startMultiTui(spawner, config) {
         });
         // Handle terminal resize
         process.stdout.on("resize", () => render());
-        // Initial render
-        render();
         // Register panes for any agents that already exist
         for (const agent of spawner.listAgents()) {
             getOrCreatePane(agent.id);

package/dist/permissions/allowlist.js

@@ -58,7 +58,3 @@ export function addAllow(toolName, input, scope) {
 export function clearAllowlist() {
     sessionAllowlist.length = 0;
 }
-/** Get a snapshot of the current allowlist (for display). */
-export function getAllowlist() {
-    return sessionAllowlist;
-}

package/dist/permissions/privacy.js

@@ -0,0 +1,248 @@
+/**
+ * Privacy safeguards — scrub sensitive data from tool outputs, findings, and LLM context.
+ *
+ * Prevents accidental leakage of:
+ * - API keys and tokens in tool output (e.g., from reading .env files)
+ * - Passwords and connection strings
+ * - PII patterns (emails, IPs shown in logs)
+ * - Private keys and certificates
+ *
+ * Applied at three layers:
+ * 1. Tool output → before sending to LLM (scrubToolOutput)
+ * 2. Findings → before saving to phren (scrubFinding)
+ * 3. Session summaries → before persisting (scrubSummary)
+ */
+// ── Secret patterns ──────────────────────────────────────────────────────
+/** Patterns that match common API key/token formats. */
+const SECRET_PATTERNS = [
+    // Generic API keys (long hex/base64 strings prefixed by common env var names)
+    { pattern: /(?:api[_-]?key|api[_-]?secret|api[_-]?token)\s*[:=]\s*["']?([A-Za-z0-9_\-/.+=]{20,})["']?/gi, label: "API_KEY" },
+    // AWS keys
+    { pattern: /AKIA[0-9A-Z]{16}/g, label: "AWS_ACCESS_KEY" },
+    { pattern: /(?:aws[_-]?secret[_-]?access[_-]?key)\s*[:=]\s*["']?([A-Za-z0-9/+=]{30,})["']?/gi, label: "AWS_SECRET" },
+    // Bearer tokens
+    { pattern: /Bearer\s+[A-Za-z0-9_\-/.+=]{20,}/g, label: "BEARER_TOKEN" },
+    // GitHub tokens
+    { pattern: /gh[pousr]_[A-Za-z0-9_]{36,}/g, label: "GITHUB_TOKEN" },
+    // Anthropic keys
+    { pattern: /sk-ant-[A-Za-z0-9_\-]{20,}/g, label: "ANTHROPIC_KEY" },
+    // OpenAI keys
+    { pattern: /sk-[A-Za-z0-9]{20,}/g, label: "OPENAI_KEY" },
+    // Generic password assignments
+    { pattern: /(?:password|passwd|pwd)\s*[:=]\s*["']?([^\s"']{8,})["']?/gi, label: "PASSWORD" },
+    // Connection strings with passwords
+    { pattern: /:\/\/[^:]+:([^@\s]{8,})@/g, label: "CONNECTION_PASSWORD" },
+    // Private key blocks
+    { pattern: /-----BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY-----[\s\S]*?-----END\s+(?:RSA\s+)?PRIVATE\s+KEY-----/g, label: "PRIVATE_KEY" },
+    // JWT tokens
+    { pattern: /eyJ[A-Za-z0-9_-]{10,}\.eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}/g, label: "JWT" },
+    // Slack tokens
+    { pattern: /xox[bpras]-[0-9]{10,}-[A-Za-z0-9-]+/g, label: "SLACK_TOKEN" },
+    // Env variable assignments with secret-ish names
+    { pattern: /(?:SECRET|TOKEN|PASSWORD|PRIVATE_KEY|AUTH|CREDENTIAL)[A-Z_]*\s*=\s*["']?([^\s"']{8,})["']?/gi, label: "SECRET_VAR" },
+];
+/** Patterns for PII that shouldn't be stored in findings. */
+const PII_PATTERNS = [
+    // Email addresses (only redact in contexts where they're likely PII, not code)
+    { pattern: /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b/g, label: "EMAIL" },
+    // IP addresses (v4) — only in log-like contexts
+    { pattern: /\b(?:25[0-5]|2[0-4]\d|[01]?\d\d?)(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d\d?)){3}\b/g, label: "IP_ADDRESS" },
+];
+// ── Scrubbing functions ──────────────────────────────────────────────────
+/**
+ * Scrub sensitive data from tool output before it's sent to the LLM.
+ * This is the primary privacy gate — catches secrets in file reads, command output, etc.
+ */
+export function scrubToolOutput(toolName, output) {
+    // Don't scrub short outputs (unlikely to contain full secrets)
+    if (output.length < 20)
+        return output;
+    let scrubbed = output;
+    for (const { pattern, label } of SECRET_PATTERNS) {
+        // Reset regex state for global patterns
+        pattern.lastIndex = 0;
+        scrubbed = scrubbed.replace(pattern, `[REDACTED:${label}]`);
+    }
+    return scrubbed;
+}
+/**
+ * Check if a string contains likely secrets. Returns true if secrets detected.
+ * Use this as a gate before saving to persistent storage.
+ */
+export function containsSecrets(text) {
+    for (const { pattern } of SECRET_PATTERNS) {
+        pattern.lastIndex = 0;
+        if (pattern.test(text))
+            return true;
+    }
+    return false;
+}
+/**
+ * Scrub sensitive data from a finding before saving to phren.
+ * More aggressive than tool output scrubbing — also catches PII.
+ */
+export function scrubFinding(finding) {
+    let scrubbed = finding;
+    // Secret patterns
+    for (const { pattern, label } of SECRET_PATTERNS) {
+        pattern.lastIndex = 0;
+        scrubbed = scrubbed.replace(pattern, `[REDACTED:${label}]`);
+    }
+    // PII patterns (only in findings, not tool outputs where they may be needed)
+    for (const { pattern, label } of PII_PATTERNS) {
+        pattern.lastIndex = 0;
+        scrubbed = scrubbed.replace(pattern, `[REDACTED:${label}]`);
+    }
+    return scrubbed;
+}
+/**
+ * Scrub a session summary before persisting.
+ */
+export function scrubSummary(summary) {
+    return scrubFinding(summary);
+}
+/**
+ * Check if tool output looks like it came from reading a sensitive file
+ * (e.g., .env, credentials). Returns true if the content appears to be
+ * mostly key-value secrets.
+ */
+export function looksLikeSecretsFile(output) {
+    const lines = output.split("\n").filter(l => l.trim() && !l.startsWith("#"));
+    if (lines.length < 2)
+        return false;
+    let secretLines = 0;
+    for (const line of lines) {
+        // Count lines that look like KEY=secret_value
+        if (/^[A-Z_]{2,}=\S+/.test(line)) {
+            for (const { pattern } of SECRET_PATTERNS) {
+                pattern.lastIndex = 0;
+                if (pattern.test(line)) {
+                    secretLines++;
+                    break;
+                }
+            }
+        }
+    }
+    // If >50% of non-comment lines are secrets, it's probably a secrets file
+    return secretLines / lines.length > 0.5;
+}
+/**
+ * Validate that a finding doesn't contain obvious secrets before saving.
+ * Returns an error message if the finding should be rejected, null if OK.
+ */
+export function validateFindingSafety(finding) {
+    if (containsSecrets(finding)) {
+        return "Finding contains detected secrets (API keys, tokens, passwords). Secrets should never be stored in findings. The sensitive values have been redacted.";
+    }
+    return null;
+}
+/**
+ * Patterns that indicate prompt injection — text trying to override AI instructions.
+ * Each entry: [regex, flag label].
+ */
+const PROMPT_INJECTION_PATTERNS = [
+    // Direct instruction override attempts
+    [/\b(?:ignore|disregard|forget|override)\s+(?:all\s+)?(?:previous|prior|above|earlier|your|the|safety|system)\b/i, "prompt_injection:instruction_override"],
+    [/\byou\s+(?:must|should|shall|will|are\s+(?:now|required\s+to))\b/i, "prompt_injection:directive"],
+    [/\byour\s+new\s+(?:instructions?|role|purpose|directive)\b/i, "prompt_injection:role_reassignment"],
+    [/\bas\s+an?\s+(?:AI|language\s+model|assistant|LLM)\b/i, "prompt_injection:identity_framing"],
+    [/\bforget\s+everything\b/i, "prompt_injection:memory_wipe"],
+    // System prompt markers (ChatML, Llama, etc.)
+    [/\[INST\]|\[\/INST\]/i, "prompt_injection:chatml_inst"],
+    [/<<SYS>>|<<\/SYS>>/i, "prompt_injection:llama_sys"],
+    [/<\|im_start\|>|<\|im_end\|>/i, "prompt_injection:chatml_marker"],
+    [/^system\s*:/im, "prompt_injection:system_prefix"],
+    [/SYSTEM\s*:\s*you\s+are/i, "prompt_injection:system_role"],
+    // Jailbreak-style keywords
+    [/\b(?:DAN|do\s+anything\s+now|jailbreak)\b/i, "prompt_injection:jailbreak_keyword"],
+];
+/**
+ * Patterns for dangerous executable instructions embedded in findings.
+ */
+const DANGEROUS_COMMAND_PATTERNS = [
+    // Pipe-to-shell patterns
+    [/\bcurl\s+[^\s|]*\s*\|\s*(?:sh|bash|zsh|eval)\b/i, "dangerous_command:curl_pipe_shell"],
+    [/\bwget\s+[^\s|]*\s*\|\s*(?:sh|bash|zsh|eval)\b/i, "dangerous_command:wget_pipe_shell"],
+    // Dangerous eval/exec
+    [/\beval\s*\(\s*['"`].*['"`]\s*\)/i, "dangerous_command:eval_literal"],
+    [/\bexec\s*\(\s*['"`].*['"`]\s*\)/i, "dangerous_command:exec_literal"],
+    // Destructive commands
+    [/\brm\s+-rf\s+[/~]/i, "dangerous_command:rm_rf_root"],
+    [/\bdd\s+.*\bof=\/dev\//i, "dangerous_command:dd_device"],
+    [/\bmkfs\b/i, "dangerous_command:mkfs"],
+    // Instructions to always run dangerous commands
+    [/\b(?:always|first)\s+run\s+[`"'].*(?:curl|wget|rm\s+-rf|chmod\s+777|sudo)/i, "dangerous_command:instruction_to_run"],
+];
+/**
+ * Patterns for authority/permission escalation claims.
+ */
+const AUTHORITY_ESCALATION_PATTERNS = [
+    [/\b(?:user|admin|owner)\s+has\s+(?:authorized|approved|granted|confirmed)\b/i, "authority_escalation:false_authorization"],
+    [/\bfull\s+(?:access|permission|control)\s+(?:granted|given|enabled)\b/i, "authority_escalation:false_access"],
+    [/\bskip\s+(?:validation|verification|safety|security|auth)\b/i, "authority_escalation:skip_safety"],
+    [/\bno\s+need\s+to\s+(?:ask|confirm|verify|validate|check)\b/i, "authority_escalation:skip_confirmation"],
+    [/\bauto[-\s]?(?:approve|accept|confirm)\s+(?:all|every)\b/i, "authority_escalation:auto_approve"],
+    [/\bdisable\s+(?:safety|security|protection|guard|check|filter)\b/i, "authority_escalation:disable_safety"],
+];
+/**
+ * Patterns for self-replication — findings that instruct saving more findings.
+ */
+const SELF_REPLICATION_PATTERNS = [
+    [/\b(?:save|add|create|write|store|append)\s+(?:this\s+)?(?:finding|memory|memories|findings)\b/i, "self_replication:save_finding"],
+    [/\badd_finding\b/i, "self_replication:tool_invocation"],
+    [/\bremember\s+to\s+always\b/i, "self_replication:persistent_instruction"],
+    [/\b(?:when|if)\s+you\s+see\s+this\b/i, "self_replication:conditional_trigger"],
+    [/\bspread\s+(?:this|the)\s+(?:message|finding|memory)\b/i, "self_replication:spread_instruction"],
+];
+/**
+ * Check a finding for integrity issues — prompt injection, dangerous commands,
+ * authority escalation, and self-replication attempts.
+ *
+ * Returns a structured result with risk level and triggered flags.
+ * Risk levels:
+ * - "none": no issues detected
+ * - "low": one minor flag, likely benign but noted
+ * - "medium": multiple flags or a single concerning pattern
+ * - "high": strong prompt injection or dangerous command pattern
+ */
+export function checkFindingIntegrity(finding) {
+    const flags = [];
+    // Check all pattern categories
+    for (const [pattern, flag] of PROMPT_INJECTION_PATTERNS) {
+        pattern.lastIndex = 0;
+        if (pattern.test(finding))
+            flags.push(flag);
+    }
+    for (const [pattern, flag] of DANGEROUS_COMMAND_PATTERNS) {
+        pattern.lastIndex = 0;
+        if (pattern.test(finding))
+            flags.push(flag);
+    }
+    for (const [pattern, flag] of AUTHORITY_ESCALATION_PATTERNS) {
+        pattern.lastIndex = 0;
+        if (pattern.test(finding))
+            flags.push(flag);
+    }
+    for (const [pattern, flag] of SELF_REPLICATION_PATTERNS) {
+        pattern.lastIndex = 0;
+        if (pattern.test(finding))
+            flags.push(flag);
+    }
+    if (flags.length === 0) {
+        return { safe: true, risk: "none", flags: [] };
+    }
+    // Determine risk level based on count and severity
+    const hasHighSeverity = flags.some(f => f.startsWith("prompt_injection:") || f.startsWith("dangerous_command:") || f.startsWith("authority_escalation:disable_safety"));
+    const hasMediumSeverity = flags.some(f => f.startsWith("authority_escalation:") || f.startsWith("self_replication:"));
+    let risk;
+    if (hasHighSeverity || flags.length >= 3) {
+        risk = "high";
+    }
+    else if (hasMediumSeverity || flags.length >= 2) {
+        risk = "medium";
+    }
+    else {
+        risk = "low";
+    }
+    return { safe: risk !== "high", risk, flags };
+}

package/dist/system-prompt.js

@@ -1,6 +1,7 @@
-export function buildSystemPrompt(phrenContext, priorSummary) {
+export function buildSystemPrompt(phrenContext, priorSummary, providerInfo) {
+    const modelNote = providerInfo ? ` You are running on ${providerInfo.name}${providerInfo.model ? ` (model: ${providerInfo.model})` : ""}.` : "";
     const parts = [
-        `You are phren-agent, a coding assistant with persistent memory powered by phren. You retain knowledge across sessions — past decisions, discovered patterns, and project context are all searchable. Use this memory to avoid repeating mistakes and to build on prior work.`,
+        `You are phren-agent, a coding assistant with persistent memory powered by phren.${modelNote} You retain knowledge across sessions — past decisions, discovered patterns, and project context are all searchable. Use this memory to avoid repeating mistakes and to build on prior work.`,
         "",
         "## Workflow",
         "1. **Orient** — Before starting, search phren for relevant findings (`phren_search`) and check active tasks (`phren_get_tasks`). Past sessions may have context that saves time.",

package/dist/tools/phren-add-task.js

@@ -0,0 +1,49 @@
+import { addTasks } from "@phren/cli/data/tasks";
+export function createPhrenAddTaskTool(ctx, sessionId) {
+    return {
+        name: "phren_add_task",
+        description: "Add a new task to the phren task list for a project. " +
+            "Use this to track work items discovered during execution that should be addressed later. " +
+            "Good tasks: TODOs found in code, follow-up work, bugs to fix, tech debt. " +
+            "Bad tasks: obvious next steps, tasks you'll complete in this session.",
+        input_schema: {
+            type: "object",
+            properties: {
+                item: {
+                    type: "string",
+                    description: "Task description. Be specific — include file paths, function names, or error context.",
+                },
+                project: {
+                    type: "string",
+                    description: "Project name. Omit to use current project.",
+                },
+                priority: {
+                    type: "string",
+                    enum: ["high", "medium", "low"],
+                    description: "Task priority. Default: medium.",
+                },
+            },
+            required: ["item"],
+        },
+        async execute(input) {
+            const item = input.item;
+            const project = input.project || ctx.project;
+            const priority = input.priority || "medium";
+            if (!project)
+                return { output: "No project context. Specify a project name.", is_error: true };
+            try {
+                // Format with priority prefix if not medium
+                const taskText = priority !== "medium" ? `[${priority}] ${item}` : item;
+                const result = addTasks(ctx.phrenPath, project, [taskText]);
+                if (result.ok) {
+                    return { output: `Task added to ${project}: ${item}` };
+                }
+                return { output: result.error ?? "Failed to add task.", is_error: true };
+            }
+            catch (err) {
+                const msg = err instanceof Error ? err.message : String(err);
+                return { output: `Failed: ${msg}`, is_error: true };
+            }
+        },
+    };
+}

package/dist/tools/web-fetch.js

@@ -0,0 +1,40 @@
+export function createWebFetchTool() {
+    return {
+        name: "web_fetch",
+        description: "Fetch a URL and return its text content. Use for reading documentation, API references, or web pages. Returns plain text (HTML tags stripped). Max 50KB response.",
+        input_schema: {
+            type: "object",
+            properties: {
+                url: { type: "string", description: "The URL to fetch." },
+                max_length: { type: "number", description: "Max response length in characters. Default: 50000." },
+            },
+            required: ["url"],
+        },
+        async execute(input) {
+            const url = input.url;
+            const maxLen = input.max_length || 50_000;
+            try {
+                const res = await fetch(url, {
+                    headers: { "User-Agent": "phren-agent/0.1" },
+                    signal: AbortSignal.timeout(15_000),
+                });
+                if (!res.ok)
+                    return { output: `HTTP ${res.status}: ${res.statusText}`, is_error: true };
+                let text = await res.text();
+                // Strip HTML tags for readability
+                text = text.replace(/<script[^>]*>[\s\S]*?<\/script>/gi, "");
+                text = text.replace(/<style[^>]*>[\s\S]*?<\/style>/gi, "");
+                text = text.replace(/<[^>]+>/g, " ");
+                text = text.replace(/\s{2,}/g, " ").trim();
+                if (text.length > maxLen) {
+                    text = text.slice(0, maxLen) + `\n\n[truncated at ${maxLen} chars]`;
+                }
+                return { output: text };
+            }
+            catch (err) {
+                const msg = err instanceof Error ? err.message : String(err);
+                return { output: `Fetch failed: ${msg}`, is_error: true };
+            }
+        },
+    };
+}

package/dist/tools/web-search.js

@@ -0,0 +1,93 @@
+export function createWebSearchTool() {
+    return {
+        name: "web_search",
+        description: "Search the web for documentation, error messages, library APIs, or any technical information. " +
+            "Returns a list of search results with titles, URLs, and snippets. " +
+            "Use this when you need external information not available in the codebase or phren knowledge base.",
+        input_schema: {
+            type: "object",
+            properties: {
+                query: {
+                    type: "string",
+                    description: "Search query. Be specific — include error messages, library names, or version numbers.",
+                },
+                limit: {
+                    type: "number",
+                    description: "Max results to return. Default: 5.",
+                },
+            },
+            required: ["query"],
+        },
+        async execute(input) {
+            const query = input.query;
+            const limit = Math.min(input.limit || 5, 10);
+            try {
+                const results = await searchDuckDuckGo(query, limit);
+                if (results.length === 0) {
+                    return { output: "No search results found." };
+                }
+                const formatted = results.map((r, i) => `${i + 1}. **${r.title}**\n   ${r.url}\n   ${r.snippet}`).join("\n\n");
+                return { output: formatted };
+            }
+            catch (err) {
+                const msg = err instanceof Error ? err.message : String(err);
+                return { output: `Search failed: ${msg}`, is_error: true };
+            }
+        },
+    };
+}
+async function searchDuckDuckGo(query, limit) {
+    const encoded = encodeURIComponent(query);
+    const url = `https://html.duckduckgo.com/html/?q=${encoded}`;
+    const res = await fetch(url, {
+        headers: {
+            "User-Agent": "phren-agent/0.1 (search tool)",
+            "Accept": "text/html",
+        },
+        signal: AbortSignal.timeout(10_000),
+    });
+    if (!res.ok) {
+        throw new Error(`Search returned HTTP ${res.status}`);
+    }
+    const html = await res.text();
+    return parseSearchResults(html, limit);
+}
+function parseSearchResults(html, limit) {
+    const results = [];
+    // DuckDuckGo HTML results are in <div class="result"> blocks
+    // Extract links and snippets using regex (no DOM parser dependency)
+    const resultBlocks = html.match(/<div class="links_main[\s\S]*?<\/div>\s*<\/div>/gi) || [];
+    for (const block of resultBlocks) {
+        if (results.length >= limit)
+            break;
+        // Extract URL from the result link
+        const urlMatch = block.match(/<a[^>]*class="result__a"[^>]*href="([^"]*)"[^>]*>/i);
+        const titleMatch = block.match(/<a[^>]*class="result__a"[^>]*>([\s\S]*?)<\/a>/i);
+        const snippetMatch = block.match(/<a[^>]*class="result__snippet"[^>]*>([\s\S]*?)<\/a>/i);
+        if (!urlMatch || !titleMatch)
+            continue;
+        let href = urlMatch[1];
+        // DuckDuckGo wraps URLs through their redirect — extract the actual URL
+        const uddgMatch = href.match(/uddg=([^&]+)/);
+        if (uddgMatch) {
+            href = decodeURIComponent(uddgMatch[1]);
+        }
+        const title = stripHtml(titleMatch[1]).trim();
+        const snippet = snippetMatch ? stripHtml(snippetMatch[1]).trim() : "";
+        if (title && href) {
+            results.push({ title, url: href, snippet });
+        }
+    }
+    return results;
+}
+function stripHtml(html) {
+    return html
+        .replace(/<[^>]+>/g, "")
+        .replace(/&amp;/g, "&")
+        .replace(/&lt;/g, "<")
+        .replace(/&gt;/g, ">")
+        .replace(/&quot;/g, '"')
+        .replace(/&#x27;/g, "'")
+        .replace(/&nbsp;/g, " ")
+        .replace(/\s{2,}/g, " ");
+}

package/dist/tui.js

@@ -46,6 +46,19 @@ const PERMISSION_LABELS = {
     "auto-confirm": "auto",
     "full-auto": "full-auto",
 };
+const PERMISSION_ICONS = {
+    "suggest": "○",
+    "auto-confirm": "◐",
+    "full-auto": "●",
+};
+const PERMISSION_COLORS = {
+    "suggest": s.cyan,
+    "auto-confirm": s.green,
+    "full-auto": s.yellow,
+};
+function permTag(mode) {
+    return PERMISSION_COLORS[mode](`${PERMISSION_ICONS[mode]} ${mode}`);
+}
 // ── Status bar ───────────────────────────────────────────────────────────────
 function renderStatusBar(provider, project, turns, cost, permMode, agentCount) {
     const modeLabel = permMode ? PERMISSION_LABELS[permMode] : "";
@@ -84,10 +97,9 @@ function formatDuration(ms) {
     return `${mins}m ${secs}s`;
 }
 function formatToolInput(name, input) {
-    // Show the most relevant input field for each tool type
     switch (name) {
-        case "read_file": return input.file_path ?? "";
-        case "write_file": return input.file_path ?? "";
+        case "read_file":
+        case "write_file":
         case "edit_file": return input.file_path ?? "";
         case "shell": return (input.command ?? "").slice(0, 60);
         case "glob": return input.pattern ?? "";
@@ -149,6 +161,10 @@ export async function startTui(config, spawner) {
     let menuFilterActive = false;
     let menuFilterBuf = "";
     let ctrlCCount = 0;
+    // Input history
+    const inputHistory = [];
+    let historyIndex = -1;
+    let savedInput = "";
     // ── Menu rendering ─────────────────────────────────────────────────────
     async function renderMenu() {
         const mod = await loadMenuModule();
@@ -190,25 +206,17 @@ export async function startTui(config, spawner) {
         if (!isTTY)
             return;
         const mode = config.registry.permissionConfig.mode;
-        const modeIcon = mode === "full-auto" ? "●" : mode === "auto-confirm" ? "◐" : "○";
-        const modeColor = mode === "full-auto" ? s.yellow : mode === "auto-confirm" ? s.green : s.cyan;
+        const color = PERMISSION_COLORS[mode];
+        const icon = PERMISSION_ICONS[mode];
         const rows = process.stdout.rows || 24;
         const c = cols();
         if (!skipNewline)
             w.write("\n");
-        // Separator line + prompt on last 2 rows
-        const permLabel = PERMISSION_LABELS[mode];
-        const separator = s.dim("─".repeat(c));
-        const rightHints = s.dim(`${bashMode ? "! bash" : permLabel} · shift+tab to cycle · esc to interrupt`);
-        const rightLen = stripAnsi(rightHints).length;
-        const sepLine = s.dim("─".repeat(Math.max(1, c - rightLen - 1))) + " " + rightHints;
-        w.write(`${ESC}${rows - 1};1H${ESC}2K${sepLine}`);
-        if (bashMode) {
-            w.write(`${ESC}${rows};1H${ESC}2K${s.yellow("!")} `);
-        }
-        else {
-            w.write(`${ESC}${rows};1H${ESC}2K${modeColor(modeIcon)} ${s.dim("▸")} `);
-        }
+        const sepLine = s.dim("─".repeat(c));
+        const permLine = `  ${color(`${icon} ${PERMISSION_LABELS[mode]} permissions`)} ${s.dim("(shift+tab to cycle)")}`;
+        w.write(`${ESC}${rows - 2};1H${ESC}2K${sepLine}`);
+        w.write(`${ESC}${rows - 1};1H${ESC}2K${permLine}`);
+        w.write(`${ESC}${rows};1H${ESC}2K${bashMode ? `${s.yellow("!")} ` : `${color(icon)} ${s.dim("▸")} `}`);
     }
     // Terminal cleanup: restore state on exit
     function cleanupTerminal() {
@@ -230,26 +238,23 @@ export async function startTui(config, spawner) {
         const project = config.phrenCtx?.project;
         const cwd = process.cwd().replace(os.homedir(), "~");
         const permMode = config.registry.permissionConfig.mode;
-        const modeColor = permMode === "full-auto" ? s.yellow : permMode === "auto-confirm" ? s.green : s.cyan;
-        // Try to show the phren character art alongside info
         let artLines = [];
         try {
             const { PHREN_ART } = await import("@phren/cli/phren-art");
             artLines = PHREN_ART.filter((l) => l.trim());
         }
         catch { /* art not available */ }
+        const info = [
+            `${s.brand("◆ phren agent")}  ${s.dim(`v${AGENT_VERSION}`)}`,
+            `${s.dim(config.provider.name)}${project ? s.dim(` · ${project}`) : ""}`,
+            `${s.dim(cwd)}`,
+            ``,
+            `${permTag(permMode)} ${s.dim("permissions (shift+tab to cycle)")}`,
+            ``,
+            `${s.dim("Tab")} memory  ${s.dim("Shift+Tab")} perms  ${s.dim("/help")} cmds  ${s.dim("Ctrl+D")} exit`,
+        ];
         if (artLines.length > 0) {
-            // Art on left, info on right
-            const info = [
-                `${s.brand("◆ phren agent")}  ${s.dim("v${AGENT_VERSION}")}`,
-                `${s.dim(config.provider.name)}${project ? s.dim(` · ${project}`) : ""}`,
-                `${s.dim(cwd)}`,
-                ``,
-                `${modeColor(`${permMode === "full-auto" ? "●" : permMode === "auto-confirm" ? "◐" : "○"} ${permMode}`)} ${s.dim("permissions (shift+tab to cycle)")}`,
-                ``,
-                `${s.dim("Tab")} memory  ${s.dim("Shift+Tab")} perms  ${s.dim("/help")} cmds  ${s.dim("Ctrl+D")} exit`,
-            ];
-            const maxArtWidth = 26; // phren art is ~24 chars wide
+            const maxArtWidth = 26;
             for (let i = 0; i < Math.max(artLines.length, info.length); i++) {
                 const artPart = i < artLines.length ? artLines[i] : "";
                 const infoPart = i < info.length ? info[i] : "";
@@ -258,11 +263,7 @@ export async function startTui(config, spawner) {
             }
         }
         else {
-            // Fallback: text-only banner
-            w.write(`\n  ${s.brand("◆ phren agent")}  ${s.dim("v${AGENT_VERSION}")}\n`);
-            w.write(`  ${s.dim(config.provider.name)}${project ? s.dim(` · ${project}`) : ""}  ${s.dim(cwd)}\n`);
-            w.write(`  ${modeColor(`${permMode === "full-auto" ? "●" : permMode === "auto-confirm" ? "◐" : "○"} ${permMode}`)} ${s.dim("permissions (shift+tab to cycle)")}\n\n`);
-            w.write(`  ${s.dim("Tab")} memory  ${s.dim("Shift+Tab")} perms  ${s.dim("/help")} cmds  ${s.dim("Ctrl+D")} exit\n\n`);
+            w.write(`\n  ${info[0]}\n  ${info[1]}  ${info[2]}\n  ${info[4]}\n\n  ${info[6]}\n\n`);
         }
         w.write("\n");
     }
@@ -339,16 +340,11 @@ export async function startTui(config, spawner) {
         }
         // Shift+Tab — cycle permission mode (works in chat mode, not during filter)
         if (key.shift && key.name === "tab" && !menuFilterActive && tuiMode === "chat") {
-            const current = config.registry.permissionConfig.mode;
-            const next = nextPermissionMode(current);
+            const next = nextPermissionMode(config.registry.permissionConfig.mode);
             config.registry.setPermissions({ ...config.registry.permissionConfig, mode: next });
             savePermissionMode(next);
-            const modeColor = next === "full-auto" ? s.yellow : next === "auto-confirm" ? s.green : s.cyan;
-            const modeIcon = next === "full-auto" ? "●" : next === "auto-confirm" ? "◐" : "○";
-            w.write(`  ${modeColor(`${modeIcon} ${next}`)}\n`);
-            statusBar();
-            if (!running)
-                prompt();
+            // Just update bottom bar in-place — no scrollback output
+            prompt(true);
             return;
         }
         // Tab — toggle mode (not during agent run or filter)
@@ -430,20 +426,40 @@ export async function startTui(config, spawner) {
                 prompt();
                 return;
             }
+            // Push to history
+            if (inputHistory[inputHistory.length - 1] !== line) {
+                inputHistory.push(line);
+            }
+            historyIndex = -1;
             // Bash mode: ! prefix runs shell directly
             if (line.startsWith("!") || bashMode) {
                 const cmd = bashMode ? line : line.slice(1).trim();
                 bashMode = false;
                 if (cmd) {
-                    try {
-                        const output = execSync(cmd, { encoding: "utf-8", timeout: 30_000, cwd: process.cwd(), stdio: ["ignore", "pipe", "pipe"] });
-                        w.write(output);
-                        if (!output.endsWith("\n"))
-                            w.write("\n");
+                    // Handle cd specially — change process cwd
+                    const cdMatch = cmd.match(/^cd\s+(.*)/);
+                    if (cdMatch) {
+                        try {
+                            const target = cdMatch[1].trim().replace(/^~/, os.homedir());
+                            const resolved = require("path").resolve(process.cwd(), target);
+                            process.chdir(resolved);
+                            w.write(s.dim(process.cwd()) + "\n");
+                        }
+                        catch (err) {
+                            w.write(s.red(err.message) + "\n");
+                        }
                     }
-                    catch (err) {
-                        const e = err;
-                        w.write(s.red(e.stderr || e.message || "Command failed") + "\n");
+                    else {
+                        try {
+                            const output = execSync(cmd, { encoding: "utf-8", timeout: 30_000, cwd: process.cwd(), stdio: ["ignore", "pipe", "pipe"] });
+                            w.write(output);
+                            if (!output.endsWith("\n"))
+                                w.write("\n");
+                        }
+                        catch (err) {
+                            const e = err;
+                            w.write(s.red(e.stderr || e.message || "Command failed") + "\n");
+                        }
                     }
                 }
                 prompt();
@@ -464,6 +480,20 @@ export async function startTui(config, spawner) {
                 providerName: config.provider.name,
                 currentModel: config.provider.model,
                 spawner,
+                onModelChange: (result) => {
+                    // Live model switch — re-resolve provider with new model
+                    try {
+                        const { resolveProvider } = require("./providers/resolve.js");
+                        const newProvider = resolveProvider(config.provider.name, result.model);
+                        config.provider = newProvider;
+                        // Rebuild system prompt with new model info
+                        const { buildSystemPrompt } = require("./system-prompt.js");
+                        config.systemPrompt = buildSystemPrompt(config.systemPrompt.split("\n## Last session")[0], // preserve context, strip old summary
+                        null, { name: newProvider.name, model: result.model });
+                        statusBar();
+                    }
+                    catch { /* keep current provider on error */ }
+                },
             })) {
                 prompt();
                 return;
@@ -479,6 +509,40 @@ export async function startTui(config, spawner) {
             runAgentTurn(line);
             return;
         }
+        // Up arrow — previous history
+        if (key.name === "up" && !running && tuiMode === "chat") {
+            if (inputHistory.length === 0)
+                return;
+            if (historyIndex === -1) {
+                savedInput = inputLine;
+                historyIndex = inputHistory.length - 1;
+            }
+            else if (historyIndex > 0) {
+                historyIndex--;
+            }
+            inputLine = inputHistory[historyIndex];
+            w.write(`${ESC}2K\r`);
+            prompt(true);
+            w.write(inputLine);
+            return;
+        }
+        // Down arrow — next history or restore saved
+        if (key.name === "down" && !running && tuiMode === "chat") {
+            if (historyIndex === -1)
+                return;
+            if (historyIndex < inputHistory.length - 1) {
+                historyIndex++;
+                inputLine = inputHistory[historyIndex];
+            }
+            else {
+                historyIndex = -1;
+                inputLine = savedInput;
+            }
+            w.write(`${ESC}2K\r`);
+            prompt(true);
+            w.write(inputLine);
+            return;
+        }
         // Backspace
         if (key.name === "backspace") {
             if (inputLine.length > 0) {
@@ -501,6 +565,7 @@ export async function startTui(config, spawner) {
     });
     // TUI hooks — render streaming text with markdown, compact tool output
     let textBuffer = "";
+    let firstDelta = true;
     function flushTextBuffer() {
         if (!textBuffer)
             return;
@@ -509,6 +574,10 @@ export async function startTui(config, spawner) {
     }
     const tuiHooks = {
         onTextDelta: (text) => {
+            if (firstDelta) {
+                w.write(`${ESC}2K\r`); // clear thinking timer line
+                firstDelta = false;
+            }
             textBuffer += text;
             // Flush on paragraph boundaries (double newline) or single newline for streaming feel
             if (textBuffer.includes("\n\n") || textBuffer.endsWith("\n")) {
@@ -551,13 +620,21 @@ export async function startTui(config, spawner) {
     };
     async function runAgentTurn(userInput) {
         running = true;
-        w.write(`${ESC}2K  ${s.dim("◌ thinking...")}\r`);
+        firstDelta = true;
+        const thinkStart = Date.now();
+        const thinkTimer = setInterval(() => {
+            const elapsed = ((Date.now() - thinkStart) / 1000).toFixed(1);
+            w.write(`${ESC}2K  ${s.dim(`◌ thinking... ${elapsed}s`)}\r`);
+        }, 100);
         try {
             await runTurn(userInput, session, config, tuiHooks);
+            clearInterval(thinkTimer);
             statusBar();
         }
         catch (err) {
+            clearInterval(thinkTimer);
             const msg = err instanceof Error ? err.message : String(err);
+            w.write(`${ESC}2K\r`);
             w.write(s.red(`  Error: ${msg}\n`));
         }
         running = false;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@phren/agent",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "Coding agent with persistent memory — powered by phren",
   "type": "module",
   "bin": {
@@ -13,7 +13,7 @@
     "dist"
   ],
   "dependencies": {
-    "@phren/cli": "0.1.0"
+    "@phren/cli": "0.1.2"
   },
   "engines": {
     "node": ">=20.0.0"