@posthog/agent 2.3.643 → 2.3.655

package/dist/server/agent-server.js

@@ -513,7 +513,7 @@ var require_has_flag = __commonJS({
 var require_supports_color = __commonJS({
   "../../node_modules/supports-color/index.js"(exports2, module2) {
     "use strict";
-    var os8 = __require("os");
+    var os9 = __require("os");
     var tty = __require("tty");
     var hasFlag = require_has_flag();
     var { env } = process;
@@ -561,7 +561,7 @@ var require_supports_color = __commonJS({
         return min;
       }
       if (process.platform === "win32") {
-        const osRelease = os8.release().split(".");
+        const osRelease = os9.release().split(".");
         if (Number(osRelease[0]) >= 10 && Number(osRelease[2]) >= 10586) {
           return Number(osRelease[2]) >= 14931 ? 3 : 2;
         }
@@ -809,10 +809,10 @@ var require_src2 = __commonJS({
     var fs_1 = __require("fs");
     var debug_1 = __importDefault(require_src());
     var log = debug_1.default("@kwsites/file-exists");
-    function check(path17, isFile2, isDirectory) {
-      log(`checking %s`, path17);
+    function check(path18, isFile2, isDirectory) {
+      log(`checking %s`, path18);
       try {
-        const stat4 = fs_1.statSync(path17);
+        const stat4 = fs_1.statSync(path18);
         if (stat4.isFile() && isFile2) {
           log(`[OK] path represents a file`);
           return true;
@@ -832,8 +832,8 @@ var require_src2 = __commonJS({
         throw e;
       }
     }
-    function exists2(path17, type = exports2.READABLE) {
-      return check(path17, (type & exports2.FILE) > 0, (type & exports2.FOLDER) > 0);
+    function exists2(path18, type = exports2.READABLE) {
+      return check(path18, (type & exports2.FILE) > 0, (type & exports2.FOLDER) > 0);
     }
     exports2.exists = exists2;
     exports2.FILE = 1;
@@ -929,11 +929,11 @@ var require_tree_sitter = __commonJS({
               throw toThrow;
             };
             var scriptDirectory = "";
-            function locateFile(path17) {
+            function locateFile(path18) {
               if (Module["locateFile"]) {
-                return Module["locateFile"](path17, scriptDirectory);
+                return Module["locateFile"](path18, scriptDirectory);
               }
-              return scriptDirectory + path17;
+              return scriptDirectory + path18;
             }
             var readAsync, readBinary;
             if (ENVIRONMENT_IS_NODE) {
@@ -947,10 +947,10 @@ var require_tree_sitter = __commonJS({
               };
               readAsync = (filename, binary2 = true) => {
                 filename = isFileURI(filename) ? new URL(filename) : nodePath.normalize(filename);
-                return new Promise((resolve7, reject) => {
+                return new Promise((resolve8, reject) => {
                   fs.readFile(filename, binary2 ? void 0 : "utf8", (err2, data) => {
                     if (err2) reject(err2);
-                    else resolve7(binary2 ? data.buffer : data);
+                    else resolve8(binary2 ? data.buffer : data);
                   });
                 });
               };
@@ -991,13 +991,13 @@ var require_tree_sitter = __commonJS({
                 }
                 readAsync = (url) => {
                   if (isFileURI(url)) {
-                    return new Promise((reject, resolve7) => {
+                    return new Promise((reject, resolve8) => {
                       var xhr = new XMLHttpRequest();
                       xhr.open("GET", url, true);
                       xhr.responseType = "arraybuffer";
                       xhr.onload = () => {
                         if (xhr.status == 200 || xhr.status == 0 && xhr.response) {
-                          resolve7(xhr.response);
+                          resolve8(xhr.response);
                         }
                         reject(xhr.status);
                       };
@@ -1957,8 +1957,8 @@ var require_tree_sitter = __commonJS({
                 }
                 var libFile = locateFile(libName2);
                 if (flags2.loadAsync) {
-                  return new Promise(function(resolve7, reject) {
-                    asyncLoad(libFile, resolve7, reject);
+                  return new Promise(function(resolve8, reject) {
+                    asyncLoad(libFile, resolve8, reject);
                   });
                 }
                 if (!readBinary) {
@@ -3454,8 +3454,8 @@ var require_tree_sitter = __commonJS({
                 } else {
                   const url = input;
                   if (typeof process !== "undefined" && process.versions && process.versions.node) {
-                    const fs14 = __require("fs");
-                    bytes = Promise.resolve(fs14.readFileSync(url));
+                    const fs15 = __require("fs");
+                    bytes = Promise.resolve(fs15.readFileSync(url));
                   } else {
                     bytes = fetch(url).then((response) => response.arrayBuffer().then((buffer) => {
                       if (response.ok) {
@@ -3783,9 +3783,653 @@ ${JSON.stringify(symbolNames, null, 2)}`);
   }
 });
 
+// ../../node_modules/protocols/lib/index.js
+var require_lib = __commonJS({
+  "../../node_modules/protocols/lib/index.js"(exports2, module2) {
+    "use strict";
+    module2.exports = function protocols(input, first2) {
+      if (first2 === true) {
+        first2 = 0;
+      }
+      var prots = "";
+      if (typeof input === "string") {
+        try {
+          prots = new URL(input).protocol;
+        } catch (e) {
+        }
+      } else if (input && input.constructor === URL) {
+        prots = input.protocol;
+      }
+      var splits = prots.split(/\:|\+/).filter(Boolean);
+      if (typeof first2 === "number") {
+        return splits[first2];
+      }
+      return splits;
+    };
+  }
+});
+
+// ../../node_modules/parse-path/lib/index.js
+var require_lib2 = __commonJS({
+  "../../node_modules/parse-path/lib/index.js"(exports2, module2) {
+    "use strict";
+    var protocols = require_lib();
+    function parsePath(url) {
+      var output = {
+        protocols: [],
+        protocol: null,
+        port: null,
+        resource: "",
+        host: "",
+        user: "",
+        password: "",
+        pathname: "",
+        hash: "",
+        search: "",
+        href: url,
+        query: {},
+        parse_failed: false
+      };
+      try {
+        var parsed = new URL(url);
+        output.protocols = protocols(parsed);
+        output.protocol = output.protocols[0];
+        output.port = parsed.port;
+        output.resource = parsed.hostname;
+        output.host = parsed.host;
+        output.user = parsed.username || "";
+        output.password = parsed.password || "";
+        output.pathname = parsed.pathname;
+        output.hash = parsed.hash.slice(1);
+        output.search = parsed.search.slice(1);
+        output.href = parsed.href;
+        output.query = Object.fromEntries(parsed.searchParams);
+      } catch (e) {
+        output.protocols = ["file"];
+        output.protocol = output.protocols[0];
+        output.port = "";
+        output.resource = "";
+        output.user = "";
+        output.pathname = "";
+        output.hash = "";
+        output.search = "";
+        output.href = url;
+        output.query = {};
+        output.parse_failed = true;
+      }
+      return output;
+    }
+    module2.exports = parsePath;
+  }
+});
+
+// ../../node_modules/parse-url/dist/index.js
+var require_dist3 = __commonJS({
+  "../../node_modules/parse-url/dist/index.js"(exports2, module2) {
+    "use strict";
+    var require$$1 = require_lib2();
+    function _interopDefaultLegacy(e) {
+      return e && typeof e === "object" && "default" in e ? e : { "default": e };
+    }
+    var require$$1__default = /* @__PURE__ */ _interopDefaultLegacy(require$$1);
+    function getAugmentedNamespace(n) {
+      if (n.__esModule) return n;
+      var f = n.default;
+      if (typeof f == "function") {
+        var a = function a2() {
+          if (this instanceof a2) {
+            var args2 = [null];
+            args2.push.apply(args2, arguments);
+            var Ctor = Function.bind.apply(f, args2);
+            return new Ctor();
+          }
+          return f.apply(this, arguments);
+        };
+        a.prototype = f.prototype;
+      } else a = {};
+      Object.defineProperty(a, "__esModule", { value: true });
+      Object.keys(n).forEach(function(k) {
+        var d = Object.getOwnPropertyDescriptor(n, k);
+        Object.defineProperty(a, k, d.get ? d : {
+          enumerable: true,
+          get: function() {
+            return n[k];
+          }
+        });
+      });
+      return a;
+    }
+    var src = {};
+    var DATA_URL_DEFAULT_MIME_TYPE = "text/plain";
+    var DATA_URL_DEFAULT_CHARSET = "us-ascii";
+    var testParameter = (name2, filters) => filters.some((filter) => filter instanceof RegExp ? filter.test(name2) : filter === name2);
+    var normalizeDataURL = (urlString, { stripHash }) => {
+      const match = /^data:(?<type>[^,]*?),(?<data>[^#]*?)(?:#(?<hash>.*))?$/.exec(urlString);
+      if (!match) {
+        throw new Error(`Invalid URL: ${urlString}`);
+      }
+      let { type, data, hash } = match.groups;
+      const mediaType = type.split(";");
+      hash = stripHash ? "" : hash;
+      let isBase64 = false;
+      if (mediaType[mediaType.length - 1] === "base64") {
+        mediaType.pop();
+        isBase64 = true;
+      }
+      const mimeType = (mediaType.shift() || "").toLowerCase();
+      const attributes = mediaType.map((attribute) => {
+        let [key, value = ""] = attribute.split("=").map((string) => string.trim());
+        if (key === "charset") {
+          value = value.toLowerCase();
+          if (value === DATA_URL_DEFAULT_CHARSET) {
+            return "";
+          }
+        }
+        return `${key}${value ? `=${value}` : ""}`;
+      }).filter(Boolean);
+      const normalizedMediaType = [
+        ...attributes
+      ];
+      if (isBase64) {
+        normalizedMediaType.push("base64");
+      }
+      if (normalizedMediaType.length > 0 || mimeType && mimeType !== DATA_URL_DEFAULT_MIME_TYPE) {
+        normalizedMediaType.unshift(mimeType);
+      }
+      return `data:${normalizedMediaType.join(";")},${isBase64 ? data.trim() : data}${hash ? `#${hash}` : ""}`;
+    };
+    function normalizeUrl(urlString, options) {
+      options = {
+        defaultProtocol: "http:",
+        normalizeProtocol: true,
+        forceHttp: false,
+        forceHttps: false,
+        stripAuthentication: true,
+        stripHash: false,
+        stripTextFragment: true,
+        stripWWW: true,
+        removeQueryParameters: [/^utm_\w+/i],
+        removeTrailingSlash: true,
+        removeSingleSlash: true,
+        removeDirectoryIndex: false,
+        sortQueryParameters: true,
+        ...options
+      };
+      urlString = urlString.trim();
+      if (/^data:/i.test(urlString)) {
+        return normalizeDataURL(urlString, options);
+      }
+      if (/^view-source:/i.test(urlString)) {
+        throw new Error("`view-source:` is not supported as it is a non-standard protocol");
+      }
+      const hasRelativeProtocol = urlString.startsWith("//");
+      const isRelativeUrl = !hasRelativeProtocol && /^\.*\//.test(urlString);
+      if (!isRelativeUrl) {
+        urlString = urlString.replace(/^(?!(?:\w+:)?\/\/)|^\/\//, options.defaultProtocol);
+      }
+      const urlObject = new URL(urlString);
+      if (options.forceHttp && options.forceHttps) {
+        throw new Error("The `forceHttp` and `forceHttps` options cannot be used together");
+      }
+      if (options.forceHttp && urlObject.protocol === "https:") {
+        urlObject.protocol = "http:";
+      }
+      if (options.forceHttps && urlObject.protocol === "http:") {
+        urlObject.protocol = "https:";
+      }
+      if (options.stripAuthentication) {
+        urlObject.username = "";
+        urlObject.password = "";
+      }
+      if (options.stripHash) {
+        urlObject.hash = "";
+      } else if (options.stripTextFragment) {
+        urlObject.hash = urlObject.hash.replace(/#?:~:text.*?$/i, "");
+      }
+      if (urlObject.pathname) {
+        const protocolRegex = /\b[a-z][a-z\d+\-.]{1,50}:\/\//g;
+        let lastIndex = 0;
+        let result = "";
+        for (; ; ) {
+          const match = protocolRegex.exec(urlObject.pathname);
+          if (!match) {
+            break;
+          }
+          const protocol = match[0];
+          const protocolAtIndex = match.index;
+          const intermediate = urlObject.pathname.slice(lastIndex, protocolAtIndex);
+          result += intermediate.replace(/\/{2,}/g, "/");
+          result += protocol;
+          lastIndex = protocolAtIndex + protocol.length;
+        }
+        const remnant = urlObject.pathname.slice(lastIndex, urlObject.pathname.length);
+        result += remnant.replace(/\/{2,}/g, "/");
+        urlObject.pathname = result;
+      }
+      if (urlObject.pathname) {
+        try {
+          urlObject.pathname = decodeURI(urlObject.pathname);
+        } catch {
+        }
+      }
+      if (options.removeDirectoryIndex === true) {
+        options.removeDirectoryIndex = [/^index\.[a-z]+$/];
+      }
+      if (Array.isArray(options.removeDirectoryIndex) && options.removeDirectoryIndex.length > 0) {
+        let pathComponents = urlObject.pathname.split("/");
+        const lastComponent = pathComponents[pathComponents.length - 1];
+        if (testParameter(lastComponent, options.removeDirectoryIndex)) {
+          pathComponents = pathComponents.slice(0, -1);
+          urlObject.pathname = pathComponents.slice(1).join("/") + "/";
+        }
+      }
+      if (urlObject.hostname) {
+        urlObject.hostname = urlObject.hostname.replace(/\.$/, "");
+        if (options.stripWWW && /^www\.(?!www\.)[a-z\-\d]{1,63}\.[a-z.\-\d]{2,63}$/.test(urlObject.hostname)) {
+          urlObject.hostname = urlObject.hostname.replace(/^www\./, "");
+        }
+      }
+      if (Array.isArray(options.removeQueryParameters)) {
+        for (const key of [...urlObject.searchParams.keys()]) {
+          if (testParameter(key, options.removeQueryParameters)) {
+            urlObject.searchParams.delete(key);
+          }
+        }
+      }
+      if (options.removeQueryParameters === true) {
+        urlObject.search = "";
+      }
+      if (options.sortQueryParameters) {
+        urlObject.searchParams.sort();
+        try {
+          urlObject.search = decodeURIComponent(urlObject.search);
+        } catch {
+        }
+      }
+      if (options.removeTrailingSlash) {
+        urlObject.pathname = urlObject.pathname.replace(/\/$/, "");
+      }
+      const oldUrlString = urlString;
+      urlString = urlObject.toString();
+      if (!options.removeSingleSlash && urlObject.pathname === "/" && !oldUrlString.endsWith("/") && urlObject.hash === "") {
+        urlString = urlString.replace(/\/$/, "");
+      }
+      if ((options.removeTrailingSlash || urlObject.pathname === "/") && urlObject.hash === "" && options.removeSingleSlash) {
+        urlString = urlString.replace(/\/$/, "");
+      }
+      if (hasRelativeProtocol && !options.normalizeProtocol) {
+        urlString = urlString.replace(/^http:\/\//, "//");
+      }
+      if (options.stripProtocol) {
+        urlString = urlString.replace(/^(?:https?:)?\/\//, "");
+      }
+      return urlString;
+    }
+    var normalizeUrl$1 = /* @__PURE__ */ Object.freeze({
+      __proto__: null,
+      "default": normalizeUrl
+    });
+    var require$$0 = /* @__PURE__ */ getAugmentedNamespace(normalizeUrl$1);
+    Object.defineProperty(src, "__esModule", {
+      value: true
+    });
+    var _typeof = typeof Symbol === "function" && typeof Symbol.iterator === "symbol" ? function(obj) {
+      return typeof obj;
+    } : function(obj) {
+      return obj && typeof Symbol === "function" && obj.constructor === Symbol && obj !== Symbol.prototype ? "symbol" : typeof obj;
+    };
+    var _normalizeUrl = require$$0;
+    var _normalizeUrl2 = _interopRequireDefault(_normalizeUrl);
+    var _parsePath = require$$1__default["default"];
+    var _parsePath2 = _interopRequireDefault(_parsePath);
+    function _interopRequireDefault(obj) {
+      return obj && obj.__esModule ? obj : { default: obj };
+    }
+    var parseUrl = function parseUrl2(url) {
+      var normalize3 = arguments.length > 1 && arguments[1] !== void 0 ? arguments[1] : false;
+      var GIT_RE = /^(?:([a-zA-Z_][a-zA-Z0-9_-]{0,31})@|https?:\/\/)([\w\.\-@]+)[\/:](([\~,\.\w,\-,\_,\/,\s]|%[0-9A-Fa-f]{2})+?(?:\.git|\/)?)$/;
+      var throwErr = function throwErr2(msg) {
+        var err2 = new Error(msg);
+        err2.subject_url = url;
+        throw err2;
+      };
+      if (typeof url !== "string" || !url.trim()) {
+        throwErr("Invalid url.");
+      }
+      if (url.length > parseUrl2.MAX_INPUT_LENGTH) {
+        throwErr("Input exceeds maximum length. If needed, change the value of parseUrl.MAX_INPUT_LENGTH.");
+      }
+      if (normalize3) {
+        if ((typeof normalize3 === "undefined" ? "undefined" : _typeof(normalize3)) !== "object") {
+          normalize3 = {
+            stripHash: false
+          };
+        }
+        url = (0, _normalizeUrl2.default)(url, normalize3);
+      }
+      var parsed = (0, _parsePath2.default)(url);
+      if (parsed.parse_failed) {
+        var matched = parsed.href.match(GIT_RE);
+        if (matched) {
+          parsed.protocols = ["ssh"];
+          parsed.protocol = "ssh";
+          parsed.resource = matched[2];
+          parsed.host = matched[2];
+          parsed.user = matched[1];
+          parsed.pathname = "/" + matched[3];
+          parsed.parse_failed = false;
+        } else {
+          throwErr("URL parsing failed.");
+        }
+      }
+      return parsed;
+    };
+    parseUrl.MAX_INPUT_LENGTH = 2048;
+    var _default = src.default = parseUrl;
+    module2.exports = _default;
+  }
+});
+
+// ../../node_modules/is-ssh/lib/index.js
+var require_lib3 = __commonJS({
+  "../../node_modules/is-ssh/lib/index.js"(exports2, module2) {
+    "use strict";
+    var protocols = require_lib();
+    function isSsh(input) {
+      if (Array.isArray(input)) {
+        return input.indexOf("ssh") !== -1 || input.indexOf("rsync") !== -1;
+      }
+      if (typeof input !== "string") {
+        return false;
+      }
+      var prots = protocols(input);
+      input = input.substring(input.indexOf("://") + 3);
+      if (isSsh(prots)) {
+        return true;
+      }
+      var urlPortPattern = new RegExp(".([a-zA-Z\\d]+):(\\d+)/");
+      return !input.match(urlPortPattern) && input.indexOf("@") < input.indexOf(":");
+    }
+    module2.exports = isSsh;
+  }
+});
+
+// ../../node_modules/git-up/lib/index.js
+var require_lib4 = __commonJS({
+  "../../node_modules/git-up/lib/index.js"(exports2, module2) {
+    "use strict";
+    var parseUrl = require_dist3();
+    var isSsh = require_lib3();
+    function gitUp(input) {
+      let output = parseUrl(input);
+      output.token = "";
+      if (output.password === "x-oauth-basic") {
+        output.token = output.user;
+      } else if (output.user === "x-token-auth") {
+        output.token = output.password;
+      }
+      if (isSsh(output.protocols) || output.protocols.length === 0 && isSsh(input)) {
+        output.protocol = "ssh";
+      } else if (output.protocols.length) {
+        output.protocol = output.protocols[0];
+      } else {
+        output.protocol = "file";
+        output.protocols = ["file"];
+      }
+      output.href = output.href.replace(/\/$/, "");
+      return output;
+    }
+    module2.exports = gitUp;
+  }
+});
+
+// ../../node_modules/git-url-parse/lib/index.js
+var require_lib5 = __commonJS({
+  "../../node_modules/git-url-parse/lib/index.js"(exports2, module2) {
+    "use strict";
+    var gitUp = require_lib4();
+    function gitUrlParse2(url, refs) {
+      refs = refs || [];
+      if (typeof url !== "string") {
+        throw new Error("The url must be a string.");
+      }
+      if (!refs.every(function(item) {
+        return typeof item === "string";
+      })) {
+        throw new Error("The refs should contain only strings");
+      }
+      var shorthandRe = /^([a-z\d-]{1,39})\/([-\.\w]{1,100})$/i;
+      if (shorthandRe.test(url)) {
+        url = "https://github.com/" + url;
+      }
+      var urlInfo = gitUp(url), sourceParts = urlInfo.resource.split("."), splits = null;
+      urlInfo.toString = function(type) {
+        return gitUrlParse2.stringify(this, type);
+      };
+      urlInfo.source = sourceParts.length > 2 ? sourceParts.slice(1 - sourceParts.length).join(".") : urlInfo.source = urlInfo.resource;
+      urlInfo.git_suffix = /\.git$/.test(urlInfo.pathname);
+      urlInfo.name = decodeURIComponent((urlInfo.pathname || urlInfo.href).replace(/(^\/)|(\/$)/g, "").replace(/\.git$/, ""));
+      urlInfo.owner = decodeURIComponent(urlInfo.user);
+      switch (urlInfo.source) {
+        case "git.cloudforge.com":
+          urlInfo.owner = urlInfo.user;
+          urlInfo.organization = sourceParts[0];
+          urlInfo.source = "cloudforge.com";
+          break;
+        case "visualstudio.com":
+          if (urlInfo.resource === "vs-ssh.visualstudio.com") {
+            splits = urlInfo.name.split("/");
+            if (splits.length === 4) {
+              urlInfo.organization = splits[1];
+              urlInfo.owner = splits[2];
+              urlInfo.name = splits[3];
+              urlInfo.full_name = splits[2] + "/" + splits[3];
+            }
+            break;
+          } else {
+            splits = urlInfo.name.split("/");
+            if (splits.length === 2) {
+              urlInfo.owner = splits[1];
+              urlInfo.name = splits[1];
+              urlInfo.full_name = "_git/" + urlInfo.name;
+            } else if (splits.length === 3) {
+              urlInfo.name = splits[2];
+              if (splits[0] === "DefaultCollection") {
+                urlInfo.owner = splits[2];
+                urlInfo.organization = splits[0];
+                urlInfo.full_name = urlInfo.organization + "/_git/" + urlInfo.name;
+              } else {
+                urlInfo.owner = splits[0];
+                urlInfo.full_name = urlInfo.owner + "/_git/" + urlInfo.name;
+              }
+            } else if (splits.length === 4) {
+              urlInfo.organization = splits[0];
+              urlInfo.owner = splits[1];
+              urlInfo.name = splits[3];
+              urlInfo.full_name = urlInfo.organization + "/" + urlInfo.owner + "/_git/" + urlInfo.name;
+            }
+            break;
+          }
+        // Azure DevOps (formerly Visual Studio Team Services)
+        case "dev.azure.com":
+        case "azure.com":
+          if (urlInfo.resource === "ssh.dev.azure.com") {
+            splits = urlInfo.name.split("/");
+            if (splits.length === 4) {
+              urlInfo.organization = splits[1];
+              urlInfo.owner = splits[2];
+              urlInfo.name = splits[3];
+            }
+            break;
+          } else {
+            splits = urlInfo.name.split("/");
+            if (splits.length === 5) {
+              urlInfo.organization = splits[0];
+              urlInfo.owner = splits[1];
+              urlInfo.name = splits[4];
+              urlInfo.full_name = "_git/" + urlInfo.name;
+            } else if (splits.length === 3) {
+              urlInfo.name = splits[2];
+              if (splits[0] === "DefaultCollection") {
+                urlInfo.owner = splits[2];
+                urlInfo.organization = splits[0];
+                urlInfo.full_name = urlInfo.organization + "/_git/" + urlInfo.name;
+              } else {
+                urlInfo.owner = splits[0];
+                urlInfo.full_name = urlInfo.owner + "/_git/" + urlInfo.name;
+              }
+            } else if (splits.length === 4) {
+              urlInfo.organization = splits[0];
+              urlInfo.owner = splits[1];
+              urlInfo.name = splits[3];
+              urlInfo.full_name = urlInfo.organization + "/" + urlInfo.owner + "/_git/" + urlInfo.name;
+            }
+            if (urlInfo.query && urlInfo.query["path"]) {
+              urlInfo.filepath = urlInfo.query["path"].replace(/^\/+/g, "");
+            }
+            if (urlInfo.query && urlInfo.query["version"]) {
+              urlInfo.ref = urlInfo.query["version"].replace(/^GB/, "");
+            }
+            break;
+          }
+        default:
+          splits = urlInfo.name.split("/");
+          var nameIndex = splits.length - 1;
+          if (splits.length >= 2) {
+            var dashIndex = splits.indexOf("-", 2);
+            var blobIndex = splits.indexOf("blob", 2);
+            var treeIndex = splits.indexOf("tree", 2);
+            var commitIndex = splits.indexOf("commit", 2);
+            var issuesIndex = splits.indexOf("issues", 2);
+            var srcIndex = splits.indexOf("src", 2);
+            var rawIndex = splits.indexOf("raw", 2);
+            var editIndex = splits.indexOf("edit", 2);
+            nameIndex = dashIndex > 0 ? dashIndex - 1 : blobIndex > 0 && treeIndex > 0 ? Math.min(blobIndex - 1, treeIndex - 1) : blobIndex > 0 ? blobIndex - 1 : issuesIndex > 0 ? issuesIndex - 1 : treeIndex > 0 ? treeIndex - 1 : commitIndex > 0 ? commitIndex - 1 : srcIndex > 0 ? srcIndex - 1 : rawIndex > 0 ? rawIndex - 1 : editIndex > 0 ? editIndex - 1 : nameIndex;
+            urlInfo.owner = splits.slice(0, nameIndex).join("/");
+            urlInfo.name = splits[nameIndex];
+            if (commitIndex && issuesIndex < 0) {
+              urlInfo.commit = splits[nameIndex + 2];
+            }
+          }
+          urlInfo.ref = "";
+          urlInfo.filepathtype = "";
+          urlInfo.filepath = "";
+          var offsetNameIndex = splits.length > nameIndex && splits[nameIndex + 1] === "-" ? nameIndex + 1 : nameIndex;
+          if (splits.length > offsetNameIndex + 2 && ["raw", "src", "blob", "tree", "edit"].indexOf(splits[offsetNameIndex + 1]) >= 0) {
+            urlInfo.filepathtype = splits[offsetNameIndex + 1];
+            urlInfo.ref = splits[offsetNameIndex + 2];
+            if (splits.length > offsetNameIndex + 3) {
+              urlInfo.filepath = splits.slice(offsetNameIndex + 3).join("/");
+            }
+          }
+          urlInfo.organization = urlInfo.owner;
+          break;
+      }
+      if (!urlInfo.full_name) {
+        urlInfo.full_name = urlInfo.owner;
+        if (urlInfo.name) {
+          urlInfo.full_name && (urlInfo.full_name += "/");
+          urlInfo.full_name += urlInfo.name;
+        }
+      }
+      if (urlInfo.owner.startsWith("scm/")) {
+        urlInfo.source = "bitbucket-server";
+        urlInfo.owner = urlInfo.owner.replace("scm/", "");
+        urlInfo.organization = urlInfo.owner;
+        urlInfo.full_name = urlInfo.owner + "/" + urlInfo.name;
+      }
+      var bitbucket = /(projects|users)\/(.*?)\/repos\/(.*?)((\/.*$)|$)/;
+      var matches = bitbucket.exec(urlInfo.pathname);
+      if (matches != null) {
+        urlInfo.source = "bitbucket-server";
+        if (matches[1] === "users") {
+          urlInfo.owner = "~" + matches[2];
+        } else {
+          urlInfo.owner = matches[2];
+        }
+        urlInfo.organization = urlInfo.owner;
+        urlInfo.name = matches[3];
+        splits = matches[4].split("/");
+        if (splits.length > 1) {
+          if (["raw", "browse"].indexOf(splits[1]) >= 0) {
+            urlInfo.filepathtype = splits[1];
+            if (splits.length > 2) {
+              urlInfo.filepath = splits.slice(2).join("/");
+            }
+          } else if (splits[1] === "commits" && splits.length > 2) {
+            urlInfo.commit = splits[2];
+          }
+        }
+        urlInfo.full_name = urlInfo.owner + "/" + urlInfo.name;
+        if (urlInfo.query.at) {
+          urlInfo.ref = urlInfo.query.at;
+        } else {
+          urlInfo.ref = "";
+        }
+      }
+      if (refs.length !== 0 && urlInfo.ref) {
+        urlInfo.ref = findLongestMatchingSubstring(urlInfo.href, refs) || urlInfo.ref;
+        urlInfo.filepath = urlInfo.href.split(urlInfo.ref + "/")[1];
+      }
+      return urlInfo;
+    }
+    gitUrlParse2.stringify = function(obj, type) {
+      type = type || (obj.protocols && obj.protocols.length ? obj.protocols.join("+") : obj.protocol);
+      var port = obj.port ? ":" + obj.port : "";
+      var user = obj.user || "git";
+      var maybeGitSuffix = obj.git_suffix ? ".git" : "";
+      switch (type) {
+        case "ssh":
+          if (port) return "ssh://" + user + "@" + obj.resource + port + "/" + obj.full_name + maybeGitSuffix;
+          else return user + "@" + obj.resource + ":" + obj.full_name + maybeGitSuffix;
+        case "git+ssh":
+        case "ssh+git":
+        case "ftp":
+        case "ftps":
+          return type + "://" + user + "@" + obj.resource + port + "/" + obj.full_name + maybeGitSuffix;
+        case "http":
+        case "https":
+          var auth = obj.token ? buildToken(obj) : obj.user && (obj.protocols.includes("http") || obj.protocols.includes("https")) ? obj.user + "@" : "";
+          return type + "://" + auth + obj.resource + port + "/" + buildPath(obj) + maybeGitSuffix;
+        default:
+          return obj.href;
+      }
+    };
+    function buildToken(obj) {
+      switch (obj.source) {
+        case "bitbucket.org":
+          return "x-token-auth:" + obj.token + "@";
+        default:
+          return obj.token + "@";
+      }
+    }
+    function buildPath(obj) {
+      switch (obj.source) {
+        case "bitbucket-server":
+          return "scm/" + obj.full_name;
+        default:
+          var encoded_full_name = obj.full_name.split("/").map(function(x) {
+            return encodeURIComponent(x);
+          }).join("/");
+          return encoded_full_name;
+      }
+    }
+    function findLongestMatchingSubstring(string, array) {
+      var longestMatch = "";
+      array.forEach(function(item) {
+        if (string.includes(item) && item.length > longestMatch.length) {
+          longestMatch = item;
+        }
+      });
+      return longestMatch;
+    }
+    module2.exports = gitUrlParse2;
+  }
+});
+
 // src/server/agent-server.ts
-import { mkdir as mkdir4, writeFile as writeFile4 } from "fs/promises";
-import { basename as basename2, join as join12 } from "path";
+import { mkdir as mkdir5, writeFile as writeFile4 } from "fs/promises";
+import { basename as basename3, join as join13 } from "path";
 import { pathToFileURL } from "url";
 import {
   ClientSideConnection as ClientSideConnection2,
@@ -3799,6 +4443,24 @@ import { createReadStream } from "fs";
 import * as fs3 from "fs/promises";
 import * as path2 from "path";
 
+// ../git/dist/concurrency.js
+async function mapWithConcurrency(items, concurrency, mapper, options) {
+  if (items.length === 0)
+    return [];
+  const results = new Array(items.length);
+  let index = 0;
+  const worker = async () => {
+    while (index < items.length) {
+      if (options?.signal?.aborted)
+        return;
+      const i2 = index++;
+      results[i2] = await mapper(items[i2]);
+    }
+  };
+  await Promise.all(Array.from({ length: Math.min(concurrency, items.length) }, () => worker()));
+  return results;
+}
+
 // ../../node_modules/simple-git/dist/esm/index.js
 var import_file_exists = __toESM(require_dist(), 1);
 var import_debug = __toESM(require_src(), 1);
@@ -3836,8 +4498,8 @@ function pathspec(...paths) {
   cache.set(key, paths);
   return key;
 }
-function isPathSpec(path17) {
-  return path17 instanceof String && cache.has(path17);
+function isPathSpec(path18) {
+  return path18 instanceof String && cache.has(path18);
 }
 function toPaths(pathSpec) {
   return cache.get(pathSpec) || [];
@@ -3926,8 +4588,8 @@ function toLinesWithContent(input = "", trimmed2 = true, separator = "\n") {
 function forEachLineWithContent(input, callback) {
   return toLinesWithContent(input, true).map((line) => callback(line));
 }
-function folderExists(path17) {
-  return (0, import_file_exists.exists)(path17, import_file_exists.FOLDER);
+function folderExists(path18) {
+  return (0, import_file_exists.exists)(path18, import_file_exists.FOLDER);
 }
 function append(target, item) {
   if (Array.isArray(target)) {
@@ -4331,8 +4993,8 @@ function checkIsRepoRootTask() {
     commands,
     format: "utf-8",
     onError,
-    parser(path17) {
-      return /^\.(git)?$/.test(path17.trim());
+    parser(path18) {
+      return /^\.(git)?$/.test(path18.trim());
     }
   };
 }
@@ -4766,11 +5428,11 @@ function parseGrep(grep) {
   const paths = /* @__PURE__ */ new Set();
   const results = {};
   forEachLineWithContent(grep, (input) => {
-    const [path17, line, preview] = input.split(NULL);
-    paths.add(path17);
-    (results[path17] = results[path17] || []).push({
+    const [path18, line, preview] = input.split(NULL);
+    paths.add(path18);
+    (results[path18] = results[path18] || []).push({
       line: asNumber(line),
-      path: path17,
+      path: path18,
       preview
     });
   });
@@ -5535,14 +6197,14 @@ var init_hash_object = __esm({
     init_task();
   }
 });
-function parseInit(bare, path17, text2) {
+function parseInit(bare, path18, text2) {
   const response = String(text2).trim();
   let result;
   if (result = initResponseRegex.exec(response)) {
-    return new InitSummary(bare, path17, false, result[1]);
+    return new InitSummary(bare, path18, false, result[1]);
   }
   if (result = reInitResponseRegex.exec(response)) {
-    return new InitSummary(bare, path17, true, result[1]);
+    return new InitSummary(bare, path18, true, result[1]);
   }
   let gitDir = "";
   const tokens = response.split(" ");
@@ -5553,7 +6215,7 @@ function parseInit(bare, path17, text2) {
       break;
     }
   }
-  return new InitSummary(bare, path17, /^re/i.test(response), gitDir);
+  return new InitSummary(bare, path18, /^re/i.test(response), gitDir);
 }
 var InitSummary;
 var initResponseRegex;
@@ -5562,9 +6224,9 @@ var init_InitSummary = __esm({
   "src/lib/responses/InitSummary.ts"() {
     "use strict";
     InitSummary = class {
-      constructor(bare, path17, existing, gitDir) {
+      constructor(bare, path18, existing, gitDir) {
         this.bare = bare;
-        this.path = path17;
+        this.path = path18;
         this.existing = existing;
         this.gitDir = gitDir;
       }
@@ -5576,7 +6238,7 @@ var init_InitSummary = __esm({
 function hasBareCommand(command) {
   return command.includes(bareCommand);
 }
-function initTask(bare = false, path17, customArgs) {
+function initTask(bare = false, path18, customArgs) {
   const commands = ["init", ...customArgs];
   if (bare && !hasBareCommand(commands)) {
     commands.splice(1, 0, bareCommand);
@@ -5585,7 +6247,7 @@ function initTask(bare = false, path17, customArgs) {
     commands,
     format: "utf-8",
     parser(text2) {
-      return parseInit(commands.includes("--bare"), path17, text2);
+      return parseInit(commands.includes("--bare"), path18, text2);
     }
   };
 }
@@ -6401,12 +7063,12 @@ var init_FileStatusSummary = __esm({
     "use strict";
     fromPathRegex = /^(.+)\0(.+)$/;
     FileStatusSummary = class {
-      constructor(path17, index, working_dir) {
-        this.path = path17;
+      constructor(path18, index, working_dir) {
+        this.path = path18;
         this.index = index;
         this.working_dir = working_dir;
         if (index === "R" || working_dir === "R") {
-          const detail = fromPathRegex.exec(path17) || [null, path17, path17];
+          const detail = fromPathRegex.exec(path18) || [null, path18, path18];
           this.from = detail[2] || "";
           this.path = detail[1] || "";
         }
@@ -6437,14 +7099,14 @@ function splitLine(result, lineStr) {
     default:
       return;
   }
-  function data(index, workingDir, path17) {
+  function data(index, workingDir, path18) {
     const raw = `${index}${workingDir}`;
     const handler = parsers6.get(raw);
     if (handler) {
-      handler(result, path17);
+      handler(result, path18);
     }
     if (raw !== "##" && raw !== "!!") {
-      result.files.push(new FileStatusSummary(path17, index, workingDir));
+      result.files.push(new FileStatusSummary(path18, index, workingDir));
     }
   }
 }
@@ -6757,9 +7419,9 @@ var init_simple_git_api = __esm({
           next
         );
       }
-      hashObject(path17, write) {
+      hashObject(path18, write) {
         return this._runTask(
-          hashObjectTask(path17, write === true),
+          hashObjectTask(path18, write === true),
           trailingFunctionArgument(arguments)
         );
       }
@@ -7112,8 +7774,8 @@ var init_branch = __esm({
   }
 });
 function toPath(input) {
-  const path17 = input.trim().replace(/^["']|["']$/g, "");
-  return path17 && normalize(path17);
+  const path18 = input.trim().replace(/^["']|["']$/g, "");
+  return path18 && normalize(path18);
 }
 var parseCheckIgnore;
 var init_CheckIgnore = __esm({
@@ -7427,8 +8089,8 @@ __export(sub_module_exports, {
   subModuleTask: () => subModuleTask,
   updateSubModuleTask: () => updateSubModuleTask
 });
-function addSubModuleTask(repo, path17) {
-  return subModuleTask(["add", repo, path17]);
+function addSubModuleTask(repo, path18) {
+  return subModuleTask(["add", repo, path18]);
 }
 function initSubModuleTask(customArgs) {
   return subModuleTask(["init", ...customArgs]);
@@ -7758,8 +8420,8 @@ var require_git = __commonJS2({
       }
       return this._runTask(straightThroughStringTask2(command, this._trimmed), next);
     };
-    Git2.prototype.submoduleAdd = function(repo, path17, then) {
-      return this._runTask(addSubModuleTask2(repo, path17), trailingFunctionArgument2(arguments));
+    Git2.prototype.submoduleAdd = function(repo, path18, then) {
+      return this._runTask(addSubModuleTask2(repo, path18), trailingFunctionArgument2(arguments));
     };
     Git2.prototype.submoduleUpdate = function(args2, then) {
       return this._runTask(
@@ -8420,10 +9082,10 @@ var AsyncReaderWriterLock = class {
       this.readers++;
       return;
     }
-    return new Promise((resolve7) => {
+    return new Promise((resolve8) => {
       this.readQueue.push(() => {
         this.readers++;
-        resolve7();
+        resolve8();
       });
     });
   }
@@ -8437,11 +9099,11 @@ var AsyncReaderWriterLock = class {
       return;
     }
     this.writerWaiting = true;
-    return new Promise((resolve7) => {
+    return new Promise((resolve8) => {
       this.writeQueue.push(() => {
         this.writerWaiting = this.writeQueue.length > 0;
         this.writer = true;
-        resolve7();
+        resolve8();
       });
     });
   }
@@ -8648,12 +9310,12 @@ async function inspectGitBusyState(git) {
 
 // src/server/agent-server.ts
 import { Hono } from "hono";
-import { z as z4 } from "zod";
+import { z as z5 } from "zod";
 
 // package.json
 var package_default = {
   name: "@posthog/agent",
-  version: "2.3.643",
+  version: "2.3.655",
   repository: "https://github.com/PostHog/code",
   description: "TypeScript agent framework wrapping Claude Agent SDK with Git-based task execution for PostHog",
   exports: {
@@ -8925,17 +9587,17 @@ var Pushable = class {
   resolvers = [];
   done = false;
   push(item) {
-    const resolve7 = this.resolvers.shift();
-    if (resolve7) {
-      resolve7({ value: item, done: false });
+    const resolve8 = this.resolvers.shift();
+    if (resolve8) {
+      resolve8({ value: item, done: false });
     } else {
       this.queue.push(item);
     }
   }
   end() {
     this.done = true;
-    for (const resolve7 of this.resolvers) {
-      resolve7({ value: void 0, done: true });
+    for (const resolve8 of this.resolvers) {
+      resolve8({ value: void 0, done: true });
     }
     this.resolvers = [];
   }
@@ -8952,8 +9614,8 @@ var Pushable = class {
             done: true
           });
         }
-        return new Promise((resolve7) => {
-          this.resolvers.push(resolve7);
+        return new Promise((resolve8) => {
+          this.resolvers.push(resolve8);
         });
       }
     };
@@ -9067,20 +9729,20 @@ function nodeReadableToWebReadable(nodeStream) {
 function nodeWritableToWebWritable(nodeStream) {
   return new WritableStream2({
     write(chunk) {
-      return new Promise((resolve7, reject) => {
+      return new Promise((resolve8, reject) => {
         const ok = nodeStream.write(Buffer.from(chunk), (err2) => {
           if (err2) reject(err2);
         });
         if (ok) {
-          resolve7();
+          resolve8();
         } else {
-          nodeStream.once("drain", resolve7);
+          nodeStream.once("drain", resolve8);
         }
       });
     },
     close() {
-      return new Promise((resolve7) => {
-        nodeStream.end(resolve7);
+      return new Promise((resolve8) => {
+        nodeStream.end(resolve8);
       });
     },
     abort(reason) {
@@ -9093,9 +9755,9 @@ function nodeWritableToWebWritable(nodeStream) {
 
 // src/adapters/claude/claude-agent.ts
 import { randomUUID } from "crypto";
-import * as fs9 from "fs";
-import * as os5 from "os";
-import * as path11 from "path";
+import * as fs10 from "fs";
+import * as os6 from "os";
+import * as path12 from "path";
 import {
   RequestError as RequestError2
 } from "@agentclientprotocol/sdk";
@@ -13238,10 +13900,360 @@ async function buildWrapperContext(deps, content, langId, absPath) {
   return { wrappersByLocalName, namespaceWrappers };
 }
 
+// ../git/dist/signed-commit.js
+import * as childProcess3 from "child_process";
+
+// ../git/dist/gh.js
+import * as childProcess from "child_process";
+function execGh(args2, options = {}) {
+  const env = options.env ? { ...process.env, ...options.env } : process.env;
+  return new Promise((resolve8) => {
+    const child = childProcess.execFile("gh", args2, { cwd: options.cwd, env, timeout: options.timeoutMs ?? 0 }, (error, stdout, stderr) => {
+      if (!error) {
+        resolve8({ stdout, stderr, exitCode: 0 });
+        return;
+      }
+      const err2 = error;
+      const timedOut = err2.killed === true && !!options.timeoutMs;
+      const exitCode = typeof err2.code === "number" ? err2.code : err2.code === "ENOENT" ? 127 : 1;
+      resolve8({
+        stdout: stdout ?? err2.stdout ?? "",
+        stderr: stderr ?? err2.stderr ?? "",
+        exitCode,
+        error: timedOut ? `gh timed out after ${options.timeoutMs}ms` : err2.message
+      });
+    });
+    if (options.input !== void 0) {
+      child.stdin?.end(options.input);
+    }
+  });
+}
+var TRANSIENT_GH_PATTERNS = [
+  /HTTP 5\d\d/,
+  /HTTP 499/,
+  /\btimed out\b/i,
+  /\bETIMEDOUT\b/,
+  /\bECONNRESET\b/,
+  /\bECONNREFUSED\b/,
+  /\bEAI_AGAIN\b/,
+  /connection reset/i
+];
+function isTransientGhFailure(res) {
+  if (res.exitCode === 0) {
+    return false;
+  }
+  const text2 = `${res.stderr} ${res.error ?? ""} ${res.stdout}`;
+  return TRANSIENT_GH_PATTERNS.some((re) => re.test(text2));
+}
+var sleep = (ms) => new Promise((resolve8) => setTimeout(resolve8, ms));
+async function execGhWithRetry(args2, options = {}, retry = {}, exec = execGh) {
+  const maxAttempts = retry.maxAttempts ?? 3;
+  const backoffMs = retry.backoffMs ?? 500;
+  let res = await exec(args2, options);
+  for (let attempt = 2; attempt <= maxAttempts && isTransientGhFailure(res); attempt++) {
+    await sleep(backoffMs * 2 ** (attempt - 2));
+    res = await exec(args2, options);
+  }
+  return res;
+}
+
+// ../git/dist/trailers.js
+function buildPostHogTrailers(taskId) {
+  const trailers = ["Generated-By: PostHog Code"];
+  if (taskId)
+    trailers.push(`Task-Id: ${taskId}`);
+  return trailers;
+}
+
+// ../git/dist/utils.js
+var import_git_url_parse = __toESM(require_lib5(), 1);
+import * as childProcess2 from "child_process";
+import * as fs5 from "fs/promises";
+import * as os from "os";
+import * as path5 from "path";
+function parseGithubUrl(url) {
+  if (!url)
+    return null;
+  let parsed;
+  try {
+    parsed = (0, import_git_url_parse.default)(url.trim());
+  } catch {
+    return null;
+  }
+  const resource = parsed.resource.toLowerCase();
+  if (resource !== "github.com" && resource !== "ssh.github.com")
+    return null;
+  const raw = parsed.pathname.split("/");
+  if (raw[0] !== "")
+    return null;
+  const parts2 = raw[raw.length - 1] === "" ? raw.slice(1, -1) : raw.slice(1);
+  if (parts2.length < 2 || parts2.some((p) => p === ""))
+    return null;
+  const [owner, repoRaw, segment, num] = parts2;
+  const repo = repoRaw.replace(/\.git$/, "");
+  if (segment === "issues" || segment === "pull") {
+    const number = Number(num);
+    if (!Number.isInteger(number) || number <= 0)
+      return null;
+    return {
+      kind: segment === "pull" ? "pr" : "issue",
+      owner,
+      repo,
+      number
+    };
+  }
+  return { kind: "repo", owner, repo };
+}
+
+// ../git/dist/signed-commit.js
+var DEFAULT_MAX_PAYLOAD_BYTES = 35 * 1024 * 1024;
+var MAX_GIT_BUFFER = 256 * 1024 * 1024;
+var GH_GRAPHQL_TIMEOUT_MS = 3e4;
+var OversizedFileError = class extends Error {
+  path;
+  bytes;
+  maxBytes;
+  constructor(path18, bytes, maxBytes) {
+    super(`File '${path18}' (~${Math.round(bytes / 1024 / 1024)}MB once base64-encoded) exceeds the per-commit request limit (~${Math.round(maxBytes / 1024 / 1024)}MB). A single file cannot be split across createCommitOnBranch requests; use Git LFS or a local signing key for this change.`);
+    this.path = path18;
+    this.bytes = bytes;
+    this.maxBytes = maxBytes;
+    this.name = "OversizedFileError";
+  }
+};
+function runGit(args2, cwd) {
+  return new Promise((resolve8) => {
+    childProcess3.execFile("git", args2, { cwd, maxBuffer: MAX_GIT_BUFFER, encoding: "buffer" }, (error, stdout, stderr) => {
+      const err2 = error;
+      const exitCode = err2 && typeof err2.code === "number" ? err2.code : err2 ? 1 : 0;
+      resolve8({
+        stdout: stdout ?? Buffer.alloc(0),
+        stderr: (stderr ?? Buffer.alloc(0)).toString("utf8"),
+        exitCode
+      });
+    });
+  });
+}
+async function gitText(args2, cwd) {
+  const r = await runGit(args2, cwd);
+  if (r.exitCode !== 0) {
+    throw new Error(`git ${args2.join(" ")} failed: ${r.stderr.trim()}`);
+  }
+  return r.stdout.toString("utf8").trim();
+}
+async function resolveRepoNameWithOwner(ctx) {
+  const url = await gitText(["remote", "get-url", "origin"], ctx.cwd);
+  const parsed = parseGithubUrl(url);
+  if (!parsed) {
+    throw new Error(`Could not parse owner/repo from origin remote: ${url}`);
+  }
+  return `${parsed.owner}/${parsed.repo}`;
+}
+async function resolveBaseBranch(ctx) {
+  if (ctx.baseBranch)
+    return ctx.baseBranch;
+  const r = await runGit(["symbolic-ref", "--short", "refs/remotes/origin/HEAD"], ctx.cwd);
+  if (r.exitCode !== 0)
+    return null;
+  return r.stdout.toString("utf8").trim().replace(/^origin\//, "") || null;
+}
+async function resolveBranchName(ctx, input) {
+  const branch = input.branch ? input.branch.replace(/^refs\/heads\//, "") : await resolveCurrentBranch(ctx);
+  const baseBranch = await resolveBaseBranch(ctx);
+  if (baseBranch && branch === baseBranch) {
+    throw new Error(`Refusing to commit directly to base branch '${baseBranch}'. Pass a 'branch' name prefixed with posthog-code/.`);
+  }
+  return branch;
+}
+async function resolveCurrentBranch(ctx) {
+  const current2 = await gitText(["rev-parse", "--abbrev-ref", "HEAD"], ctx.cwd);
+  if (!current2 || current2 === "HEAD") {
+    throw new Error("Detached HEAD \u2014 pass a `branch` to git_signed_commit (e.g. posthog-code/...).");
+  }
+  return current2;
+}
+async function remoteTip(ctx, branch) {
+  const out2 = await gitText(["ls-remote", "--heads", "origin", branch], ctx.cwd);
+  if (!out2)
+    return null;
+  return out2.split("	")[0]?.trim() || null;
+}
+async function createRef(ctx, repo, branch, sha) {
+  const res = await execGh([
+    "api",
+    "-X",
+    "POST",
+    `/repos/${repo}/git/refs`,
+    "-f",
+    `ref=refs/heads/${branch}`,
+    "-f",
+    `sha=${sha}`
+  ], { cwd: ctx.cwd, env: ghTokenEnv(ctx.token) });
+  if (res.exitCode !== 0) {
+    throw new Error(`Failed to create branch '${branch}': ${res.stderr || res.error}`);
+  }
+}
+var GITHUB_TOKEN_ENV_VARS = ["GH_TOKEN", "GITHUB_TOKEN"];
+function readGithubTokenFromEnv(env = process.env) {
+  for (const name2 of GITHUB_TOKEN_ENV_VARS) {
+    if (env[name2])
+      return env[name2];
+  }
+  return void 0;
+}
+function ghTokenEnv(token) {
+  return Object.fromEntries(GITHUB_TOKEN_ENV_VARS.map((name2) => [name2, token]));
+}
+var STAGED_READ_CONCURRENCY = 16;
+async function buildFileChanges(ctx, baseOid) {
+  const diff = await runGit(["diff", "--cached", "-z", "--no-renames", "--name-status", baseOid], ctx.cwd);
+  if (diff.exitCode !== 0) {
+    throw new Error(`git diff --cached failed: ${diff.stderr.trim()}`);
+  }
+  const tokens = diff.stdout.toString("utf8").split("\0").filter(Boolean);
+  const addPaths = [];
+  const deletions = [];
+  for (let i2 = 0; i2 + 1 < tokens.length; i2 += 2) {
+    const path18 = tokens[i2 + 1];
+    if (tokens[i2].startsWith("D")) {
+      deletions.push({ path: path18 });
+    } else {
+      addPaths.push(path18);
+    }
+  }
+  const additions = await mapWithConcurrency(addPaths, STAGED_READ_CONCURRENCY, async (path18) => {
+    const r = await runGit(["show", `:${path18}`], ctx.cwd);
+    if (r.exitCode !== 0) {
+      throw new Error(`Failed to read staged file '${path18}': ${r.stderr.trim()}`);
+    }
+    return { path: path18, contents: r.stdout.toString("base64") };
+  });
+  return { additions, deletions };
+}
+function additionBytes(a) {
+  return a.contents.length + a.path.length + 32;
+}
+function chunkFileChanges(changes, maxBytes) {
+  for (const a of changes.additions) {
+    const bytes = additionBytes(a);
+    if (bytes > maxBytes)
+      throw new OversizedFileError(a.path, bytes, maxBytes);
+  }
+  if (changes.additions.length === 0) {
+    return [{ additions: [], deletions: changes.deletions }];
+  }
+  const chunks = [];
+  let cur = { additions: [], deletions: [...changes.deletions] };
+  let curBytes = changes.deletions.reduce((n, d) => n + d.path.length + 16, 0);
+  for (const a of changes.additions) {
+    const bytes = additionBytes(a);
+    if (cur.additions.length > 0 && curBytes + bytes > maxBytes) {
+      chunks.push(cur);
+      cur = { additions: [], deletions: [] };
+      curBytes = 0;
+    }
+    cur.additions.push(a);
+    curBytes += bytes;
+  }
+  chunks.push(cur);
+  return chunks;
+}
+var CREATE_COMMIT_MUTATION = `mutation($input: CreateCommitOnBranchInput!) {
+  createCommitOnBranch(input: $input) { commit { oid url } }
+}`;
+async function createCommitOnBranch(ctx, repo, branch, expectedHeadOid, headline, body2, changes) {
+  const payload = JSON.stringify({
+    query: CREATE_COMMIT_MUTATION,
+    variables: {
+      input: {
+        branch: { repositoryNameWithOwner: repo, branchName: branch },
+        expectedHeadOid,
+        message: { headline, body: body2 },
+        fileChanges: changes
+      }
+    }
+  });
+  const res = await execGhWithRetry(["api", "graphql", "--input", "-"], {
+    cwd: ctx.cwd,
+    input: payload,
+    env: ghTokenEnv(ctx.token),
+    // Bound each attempt so a stalled connection can't hang the tool forever.
+    timeoutMs: GH_GRAPHQL_TIMEOUT_MS
+  }, { maxAttempts: 3 });
+  if (res.exitCode !== 0) {
+    throw new Error(`createCommitOnBranch failed: ${res.stderr || res.error || res.stdout}`);
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(res.stdout);
+  } catch {
+    throw new Error(`createCommitOnBranch returned non-JSON: ${res.stdout.slice(0, 500)}`);
+  }
+  if (parsed.errors) {
+    throw new Error(`createCommitOnBranch errors: ${JSON.stringify(parsed.errors)}`);
+  }
+  const commit = parsed.data?.createCommitOnBranch?.commit;
+  if (!commit?.oid) {
+    throw new Error(`createCommitOnBranch returned no commit: ${res.stdout}`);
+  }
+  return commit;
+}
+async function syncLocalCheckout(ctx, branch, newOid) {
+  const steps = [
+    ["fetch", ["fetch", "--no-tags", "origin", branch]],
+    ["update-ref", ["update-ref", `refs/heads/${branch}`, newOid]],
+    ["symbolic-ref", ["symbolic-ref", "HEAD", `refs/heads/${branch}`]],
+    ["reset", ["reset", "-q"]]
+  ];
+  for (const [label, args2] of steps) {
+    const r = await runGit(args2, ctx.cwd);
+    if (r.exitCode !== 0) {
+      process.stderr.write(`[signed-commit] local sync step '${label}' failed after committing ${newOid}: ${r.stderr.trim()}
+`);
+    }
+  }
+}
+async function createSignedCommit(ctx, input) {
+  const [repo, branch] = await Promise.all([
+    resolveRepoNameWithOwner(ctx),
+    resolveBranchName(ctx, input)
+  ]);
+  if (input.paths && input.paths.length > 0) {
+    const r = await runGit(["add", "--", ...input.paths], ctx.cwd);
+    if (r.exitCode !== 0) {
+      throw new Error(`git add failed: ${r.stderr.trim()}`);
+    }
+  }
+  let tip = await remoteTip(ctx, branch);
+  if (tip === null) {
+    const baseSha = await gitText(["rev-parse", "HEAD"], ctx.cwd);
+    await createRef(ctx, repo, branch, baseSha);
+    tip = baseSha;
+  } else {
+    await runGit(["fetch", "--no-tags", "origin", branch], ctx.cwd);
+  }
+  const changes = await buildFileChanges(ctx, tip);
+  if (changes.additions.length === 0 && changes.deletions.length === 0) {
+    throw new Error("No staged changes to commit. Stage files with `git add` first (or pass `paths`).");
+  }
+  const chunks = chunkFileChanges(changes, DEFAULT_MAX_PAYLOAD_BYTES);
+  const body2 = [input.body, buildPostHogTrailers(ctx.taskId).join("\n")].filter(Boolean).join("\n\n");
+  const commits = [];
+  let expectedHeadOid = tip;
+  for (let i2 = 0; i2 < chunks.length; i2++) {
+    const headline = chunks.length > 1 ? `${input.message} \u2014 part ${i2 + 1}/${chunks.length}` : input.message;
+    const commit = await createCommitOnBranch(ctx, repo, branch, expectedHeadOid, headline, body2, chunks[i2]);
+    commits.push({ sha: commit.oid, url: commit.url });
+    expectedHeadOid = commit.oid;
+  }
+  await syncLocalCheckout(ctx, branch, expectedHeadOid);
+  return { branch, commits };
+}
+
 // src/utils/common.ts
 async function withTimeout(operation, timeoutMs) {
   const timeoutPromise = new Promise(
-    (resolve7) => setTimeout(() => resolve7({ result: "timeout" }), timeoutMs)
+    (resolve8) => setTimeout(() => resolve8({ result: "timeout" }), timeoutMs)
   );
   const operationPromise = operation.then((value) => ({
     result: "success",
@@ -13251,6 +14263,12 @@ async function withTimeout(operation, timeoutMs) {
 }
 var IS_ROOT = typeof process !== "undefined" && (process.geteuid?.() ?? process.getuid?.()) === 0;
 var ALLOW_BYPASS = !IS_ROOT || !!process.env.IS_SANDBOX;
+function isCloudRun(meta) {
+  return !!process.env.IS_SANDBOX || !!meta?.taskRunId;
+}
+function resolveGithubToken() {
+  return readGithubTokenFromEnv();
+}
 function unreachable(value, logger) {
   let valueAsString;
   try {
@@ -13408,8 +14426,82 @@ var BaseAcpAgent = class {
   }
 };
 
+// src/adapters/signed-commit-shared.ts
+import { z } from "zod";
+
+// src/adapters/local-tools/registry.ts
+var LOCAL_TOOLS_MCP_NAME = "posthog-local";
+function defineLocalTool(def) {
+  return def;
+}
+function qualifiedLocalToolName(toolName) {
+  return `mcp__${LOCAL_TOOLS_MCP_NAME}__${toolName}`;
+}
+
+// src/adapters/signed-commit-shared.ts
+var SIGNED_COMMIT_TOOL_NAME = "git_signed_commit";
+var SIGNED_COMMIT_QUALIFIED_TOOL_NAME = qualifiedLocalToolName(
+  SIGNED_COMMIT_TOOL_NAME
+);
+var SIGNED_COMMIT_TOOL_DESCRIPTION = "Create a GitHub-signed (Verified) commit on the branch. Stage files with `git add` first (or pass `paths`), then call this instead of `git commit`/`git push` \u2014 those are blocked because all commits must be signed. The commit is created via GitHub's API and your local checkout is kept in sync. For a new branch, pass `branch` (prefixed with `posthog-code/`) and the tool creates it on the remote.";
+var signedCommitToolSchema = {
+  message: z.string().describe("Commit headline (first line)."),
+  body: z.string().optional().describe("Optional extended commit body."),
+  branch: z.string().optional().describe(
+    "Target branch; defaults to the current branch. Use a posthog-code/ prefix for new branches."
+  ),
+  paths: z.array(z.string()).optional().describe(
+    "Files to stage before committing; defaults to already-staged files."
+  )
+};
+function formatSignedCommitResult(result) {
+  const list = result.commits.map((c) => `- ${c.sha} ${c.url}`).join("\n");
+  return `Created ${result.commits.length} signed commit(s) on ${result.branch}:
+${list}`;
+}
+async function runSignedCommitTool(ctx, args2) {
+  try {
+    const result = await createSignedCommit(ctx, args2);
+    return {
+      content: [{ type: "text", text: formatSignedCommitResult(result) }]
+    };
+  } catch (err2) {
+    const message = err2 instanceof Error ? err2.message : String(err2);
+    return {
+      content: [
+        { type: "text", text: `${SIGNED_COMMIT_TOOL_NAME} failed: ${message}` }
+      ],
+      isError: true
+    };
+  }
+}
+
+// src/adapters/local-tools/tools/signed-commit.ts
+var signedCommitTool = defineLocalTool({
+  name: SIGNED_COMMIT_TOOL_NAME,
+  description: SIGNED_COMMIT_TOOL_DESCRIPTION,
+  schema: signedCommitToolSchema,
+  alwaysLoad: true,
+  isEnabled: (ctx, meta) => isCloudRun(meta) && !!ctx.token,
+  handler: (ctx, args2) => runSignedCommitTool(
+    { cwd: ctx.cwd, token: ctx.token ?? "", taskId: ctx.taskId },
+    args2
+  )
+});
+
+// src/adapters/local-tools/index.ts
+var LOCAL_TOOLS = [signedCommitTool];
+function enabledLocalTools(ctx, meta) {
+  return LOCAL_TOOLS.filter((t) => t.isEnabled(ctx, meta));
+}
+
+// src/adapters/session-meta.ts
+function resolveTaskId(meta) {
+  return meta?.taskId ?? meta?.persistence?.taskId;
+}
+
 // src/adapters/claude/conversion/acp-to-sdk.ts
-import * as path5 from "path";
+import * as path6 from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
 var PDF_EXTENSIONS = /* @__PURE__ */ new Set(["pdf"]);
 var COMMON_IMAGE_EXTENSIONS = /* @__PURE__ */ new Set([
@@ -13439,7 +14531,7 @@ function sdkText(value) {
 function formatUriAsLink(uri) {
   try {
     if (uri.startsWith("zed://")) {
-      const name2 = path5.basename(uri) || uri;
+      const name2 = path6.basename(uri) || uri;
       return `[@${name2}](${uri})`;
     }
     return uri;
@@ -13448,7 +14540,7 @@ function formatUriAsLink(uri) {
   }
 }
 function readToolGuidanceForPath(filePath) {
-  const ext = path5.extname(filePath).slice(1).toLowerCase();
+  const ext = path6.extname(filePath).slice(1).toLowerCase();
   if (PDF_EXTENSIONS.has(ext)) {
     return 'Optional `pages` string (e.g. "1-5") per Read call instead of loading the entire PDF.';
   }
@@ -13460,7 +14552,7 @@ function readToolGuidanceForPath(filePath) {
 function workspacePromptFromFileUri(uri) {
   try {
     const filePath = fileURLToPath2(uri);
-    const name2 = path5.basename(filePath) || filePath;
+    const name2 = path6.basename(filePath) || filePath;
     return [
       "Attached workspace file \u2014 use Read with required `file_path`:",
       `- file_path: ${filePath}`,
@@ -13586,8 +14678,8 @@ var ToolContentBuilder = class {
     this.items.push({ type: "content", content: image(data, mimeType, uri) });
     return this;
   }
-  diff(path17, oldText, newText) {
-    this.items.push({ type: "diff", path: path17, oldText, newText });
+  diff(path18, oldText, newText) {
+    this.items.push({ type: "diff", path: path18, oldText, newText });
     return this;
   }
   build() {
@@ -13806,6 +14898,60 @@ var createSubagentRewriteHook = (logger, registeredAgents) => async (input, _too
     }
   };
 };
+var GIT_VALUE_FLAGS = /* @__PURE__ */ new Set([
+  "-C",
+  "-c",
+  "--git-dir",
+  "--work-tree",
+  "--namespace",
+  "--exec-path"
+]);
+function gitSubcommand(segment) {
+  const tokens = segment.trim().split(/\s+/).filter(Boolean);
+  if (tokens.length === 0) return null;
+  const head = tokens[0].split("/").pop();
+  if (head !== "git") return null;
+  let skipNext = false;
+  for (const tok of tokens.slice(1)) {
+    if (skipNext) {
+      skipNext = false;
+      continue;
+    }
+    if (GIT_VALUE_FLAGS.has(tok)) {
+      skipNext = true;
+      continue;
+    }
+    if (tok.startsWith("-")) continue;
+    return tok;
+  }
+  return null;
+}
+function blocksUnsignedGit(command) {
+  if (!command.includes("git")) return false;
+  return command.split(/&&|\|\||[;\n|]/).some((segment) => {
+    const sub = gitSubcommand(segment);
+    return sub === "commit" || sub === "push";
+  });
+}
+var createSignedCommitGuardHook = (logger) => async (input, _toolUseID) => {
+  if (input.hook_event_name !== "PreToolUse") return { continue: true };
+  if (input.tool_name !== "Bash") return { continue: true };
+  const command = input.tool_input?.command;
+  if (!command || !blocksUnsignedGit(command)) {
+    return { continue: true };
+  }
+  logger.info(
+    `[SignedCommitGuard] Blocking unsigned git command: ${command}`
+  );
+  return {
+    continue: true,
+    hookSpecificOutput: {
+      hookEventName: "PreToolUse",
+      permissionDecision: "deny",
+      permissionDecisionReason: `Commits must be signed: \`git commit\` and \`git push\` are disabled here. Stage changes with \`git add\`, then call the \`git_signed_commit\` tool (${SIGNED_COMMIT_QUALIFIED_TOOL_NAME}) with a \`message\` to create a signed commit on the branch.`
+    }
+  };
+};
 var createPreToolUseHook = (settingsManager, logger) => async (input, _toolUseID) => {
   if (input.hook_event_name !== "PreToolUse") {
     return { continue: true };
@@ -13859,8 +15005,8 @@ var createPreToolUseHook = (settingsManager, logger) => async (input, _toolUseID
 };
 
 // src/adapters/claude/conversion/tool-use-to-acp.ts
-import fs5 from "fs";
-import path6 from "path";
+import fs6 from "fs";
+import path7 from "path";
 
 // src/adapters/claude/mcp/tool-metadata.ts
 var mcpToolMetadataCache = /* @__PURE__ */ new Map();
@@ -13870,7 +15016,7 @@ function buildToolKey(serverName, toolName) {
   return `mcp__${serverName}__${toolName}`;
 }
 function delay2(ms) {
-  return new Promise((resolve7) => setTimeout(resolve7, ms));
+  return new Promise((resolve8) => setTimeout(resolve8, ms));
 }
 async function fetchMcpToolMetadata(q, logger = new Logger({ debug: false, prefix: "[McpToolMetadata]" })) {
   let retries = 0;
@@ -13890,14 +15036,14 @@ async function fetchMcpToolMetadata(q, logger = new Logger({ debug: false, prefi
         continue;
       }
       let readOnlyCount = 0;
-      for (const tool of server.tools) {
-        const toolKey = buildToolKey(server.name, tool.name);
-        const readOnly = tool.annotations?.readOnly === true;
+      for (const tool2 of server.tools) {
+        const toolKey = buildToolKey(server.name, tool2.name);
+        const readOnly = tool2.annotations?.readOnly === true;
         const existing = mcpToolMetadataCache.get(toolKey);
         mcpToolMetadataCache.set(toolKey, {
           readOnly,
-          name: tool.name,
-          description: tool.description,
+          name: tool2.name,
+          description: tool2.description,
           approvalState: existing?.approvalState
         });
         if (readOnly) readOnlyCount++;
@@ -13965,10 +15111,10 @@ function stripSystemReminders(value) {
 }
 function toDisplayPath(filePath, cwd) {
   if (!cwd) return filePath;
-  const resolvedCwd = path6.resolve(cwd);
-  const resolvedFile = path6.resolve(filePath);
-  if (resolvedFile.startsWith(resolvedCwd + path6.sep) || resolvedFile === resolvedCwd) {
-    return path6.relative(resolvedCwd, resolvedFile);
+  const resolvedCwd = path7.resolve(cwd);
+  const resolvedFile = path7.resolve(filePath);
+  if (resolvedFile.startsWith(resolvedCwd + path7.sep) || resolvedFile === resolvedCwd) {
+    return path7.relative(resolvedCwd, resolvedFile);
   }
   return filePath;
 }
@@ -14093,7 +15239,7 @@ function toolInfoFromToolUse(toolUse, options) {
           oldContent = options.cachedFileContent[writeFilePath];
         } else {
           try {
-            oldContent = fs5.readFileSync(writeFilePath, "utf-8");
+            oldContent = fs6.readFileSync(writeFilePath, "utf-8");
           } catch {
           }
         }
@@ -14507,7 +15653,7 @@ function resolveFileContent(filePath, oldText, cachedFileContent) {
     }
   }
   try {
-    const content = fs5.readFileSync(filePath, "utf-8");
+    const content = fs6.readFileSync(filePath, "utf-8");
     if (content.includes(oldText)) {
       return content;
     }
@@ -15160,20 +16306,45 @@ async function handleUserAssistantMessage(message, context) {
   return {};
 }
 
+// src/adapters/claude/mcp/local-tools.ts
+import {
+  createSdkMcpServer,
+  tool
+} from "@anthropic-ai/claude-agent-sdk";
+function createLocalToolsMcpServer(ctx, meta) {
+  const tools = enabledLocalTools(ctx, meta);
+  if (tools.length === 0) {
+    return void 0;
+  }
+  return createSdkMcpServer({
+    name: LOCAL_TOOLS_MCP_NAME,
+    version: "1.0.0",
+    tools: tools.map(
+      (t) => tool(
+        t.name,
+        t.description,
+        t.schema,
+        async (args2) => t.handler(ctx, args2),
+        { alwaysLoad: t.alwaysLoad ?? false }
+      )
+    )
+  });
+}
+
 // src/adapters/claude/plan/utils.ts
-import * as os from "os";
-import * as path7 from "path";
+import * as os2 from "os";
+import * as path8 from "path";
 function getClaudeConfigDir() {
-  return process.env.CLAUDE_CONFIG_DIR || path7.join(os.homedir(), ".claude");
+  return process.env.CLAUDE_CONFIG_DIR || path8.join(os2.homedir(), ".claude");
 }
 function getClaudePlansDir() {
-  return path7.join(getClaudeConfigDir(), "plans");
+  return path8.join(getClaudeConfigDir(), "plans");
 }
 function isClaudePlanFilePath(filePath) {
   if (!filePath) return false;
-  const resolved = path7.resolve(filePath);
-  const plansDir = path7.resolve(getClaudePlansDir());
-  return resolved === plansDir || resolved.startsWith(plansDir + path7.sep);
+  const resolved = path8.resolve(filePath);
+  const plansDir = path8.resolve(getClaudePlansDir());
+  return resolved === plansDir || resolved.startsWith(plansDir + path8.sep);
 }
 function isPlanReady(plan) {
   if (!plan) return false;
@@ -15204,21 +16375,21 @@ function getLatestAssistantText(notifications) {
 }
 
 // src/adapters/claude/questions/utils.ts
-import { z } from "zod";
+import { z as z2 } from "zod";
 var OPTION_PREFIX = "option_";
-var QuestionOptionSchema = z.object({
-  label: z.string(),
-  description: z.string().optional()
+var QuestionOptionSchema = z2.object({
+  label: z2.string(),
+  description: z2.string().optional()
 });
-var QuestionItemSchema = z.object({
-  question: z.string(),
-  header: z.string().optional(),
-  options: z.array(QuestionOptionSchema),
-  multiSelect: z.boolean().optional(),
-  completed: z.boolean().optional()
+var QuestionItemSchema = z2.object({
+  question: z2.string(),
+  header: z2.string().optional(),
+  options: z2.array(QuestionOptionSchema),
+  multiSelect: z2.boolean().optional(),
+  completed: z2.boolean().optional()
 });
-var QuestionMetaSchema = z.object({
-  questions: z.array(QuestionItemSchema)
+var QuestionMetaSchema = z2.object({
+  questions: z2.array(QuestionItemSchema)
 });
 function normalizeAskUserQuestionInput(input) {
   if (input.questions && input.questions.length > 0) {
@@ -15990,14 +17161,14 @@ function getAvailableSlashCommands(commands) {
 }
 
 // src/adapters/claude/session/mcp-config.ts
-import * as fs6 from "fs";
-import * as os2 from "os";
-import * as path8 from "path";
-function loadUserClaudeJsonMcpServers(cwd, logger, homeDir = os2.homedir()) {
-  const claudeJsonPath = path8.join(homeDir, ".claude.json");
+import * as fs7 from "fs";
+import * as os3 from "os";
+import * as path9 from "path";
+function loadUserClaudeJsonMcpServers(cwd, logger, homeDir = os3.homedir()) {
+  const claudeJsonPath = path9.join(homeDir, ".claude.json");
   let raw;
   try {
-    raw = fs6.readFileSync(claudeJsonPath, "utf8");
+    raw = fs7.readFileSync(claudeJsonPath, "utf8");
   } catch {
     return {};
   }
@@ -16148,9 +17319,9 @@ function resolveModelPreference(preference, options) {
 
 // src/adapters/claude/session/options.ts
 import { spawn as spawn3 } from "child_process";
-import * as fs7 from "fs";
-import * as os3 from "os";
-import * as path9 from "path";
+import * as fs8 from "fs";
+import * as os4 from "os";
+import * as path10 from "path";
 
 // src/adapters/claude/session/instructions.ts
 var BRANCH_NAMING = `
@@ -16225,28 +17396,27 @@ ${bedrockFallbackHeader}` : bedrockFallbackHeader;
     ANTHROPIC_CUSTOM_HEADERS: customHeaders
   };
 }
-function buildHooks(userHooks, onModeChange, settingsManager, logger, enrichmentDeps, enrichedReadCache, registeredAgents) {
+function buildHooks(userHooks, onModeChange, settingsManager, logger, enrichmentDeps, enrichedReadCache, registeredAgents, cloudMode) {
   const postToolUseHooks = [createPostToolUseHook({ onModeChange })];
   if (enrichmentDeps && enrichedReadCache) {
     postToolUseHooks.push(
       createReadEnrichmentHook(enrichmentDeps, enrichedReadCache)
     );
   }
+  const preToolUseHooks = [
+    createPreToolUseHook(settingsManager, logger),
+    createSubagentRewriteHook(logger, registeredAgents)
+  ];
+  if (cloudMode) {
+    preToolUseHooks.push(createSignedCommitGuardHook(logger));
+  }
   return {
     ...userHooks,
     PostToolUse: [
       ...userHooks?.PostToolUse || [],
       { hooks: postToolUseHooks }
     ],
-    PreToolUse: [
-      ...userHooks?.PreToolUse || [],
-      {
-        hooks: [
-          createPreToolUseHook(settingsManager, logger),
-          createSubagentRewriteHook(logger, registeredAgents)
-        ]
-      }
-    ]
+    PreToolUse: [...userHooks?.PreToolUse || [], { hooks: preToolUseHooks }]
   };
 }
 var PH_EXPLORE_AGENT = {
@@ -16358,12 +17528,12 @@ function buildSpawnWrapper(sessionId, onProcessSpawned, onProcessExited, logger)
   };
 }
 function ensureLocalSettings(cwd) {
-  const claudeDir = path9.join(cwd, ".claude");
-  const localSettingsPath = path9.join(claudeDir, "settings.local.json");
+  const claudeDir = path10.join(cwd, ".claude");
+  const localSettingsPath = path10.join(claudeDir, "settings.local.json");
   try {
-    if (!fs7.existsSync(localSettingsPath)) {
-      fs7.mkdirSync(claudeDir, { recursive: true });
-      fs7.writeFileSync(localSettingsPath, "{}\n", { flag: "wx" });
+    if (!fs8.existsSync(localSettingsPath)) {
+      fs8.mkdirSync(claudeDir, { recursive: true });
+      fs8.writeFileSync(localSettingsPath, "{}\n", { flag: "wx" });
     }
   } catch {
   }
@@ -16404,7 +17574,8 @@ function buildSessionOptions(params) {
       params.logger,
       params.enrichmentDeps,
       params.enrichedReadCache,
-      registeredAgentNames
+      registeredAgentNames,
+      params.cloudMode ?? false
     ),
     outputFormat: params.outputFormat,
     abortController: getAbortController(
@@ -16439,18 +17610,18 @@ function buildSessionOptions(params) {
   return options;
 }
 function clearStatsigCache() {
-  const statsigPath = path9.join(
-    process.env.CLAUDE_CONFIG_DIR || path9.join(os3.homedir(), ".claude"),
+  const statsigPath = path10.join(
+    process.env.CLAUDE_CONFIG_DIR || path10.join(os4.homedir(), ".claude"),
     "statsig"
   );
-  fs7.rm(statsigPath, { recursive: true, force: true }, () => {
+  fs8.rm(statsigPath, { recursive: true, force: true }, () => {
   });
 }
 
 // src/adapters/claude/session/settings.ts
-import * as fs8 from "fs";
-import * as os4 from "os";
-import * as path10 from "path";
+import * as fs9 from "fs";
+import * as os5 from "os";
+import * as path11 from "path";
 import { minimatch } from "minimatch";
 
 // src/utils/async-mutex.ts
@@ -16462,8 +17633,8 @@ var AsyncMutex = class {
       this.locked = true;
       return;
     }
-    return new Promise((resolve7) => {
-      this.queue.push(resolve7);
+    return new Promise((resolve8) => {
+      this.queue.push(resolve8);
     });
   }
   release() {
@@ -16531,13 +17702,13 @@ function parseRule(rule) {
 function normalizePath(filePath, cwd) {
   let resolved = filePath;
   if (resolved.startsWith("~/")) {
-    resolved = path10.join(os4.homedir(), resolved.slice(2));
+    resolved = path11.join(os5.homedir(), resolved.slice(2));
   } else if (resolved.startsWith("./")) {
-    resolved = path10.join(cwd, resolved.slice(2));
-  } else if (!path10.isAbsolute(resolved)) {
-    resolved = path10.join(cwd, resolved);
+    resolved = path11.join(cwd, resolved.slice(2));
+  } else if (!path11.isAbsolute(resolved)) {
+    resolved = path11.join(cwd, resolved);
   }
-  return path10.normalize(resolved).replace(/\\/g, "/");
+  return path11.normalize(resolved).replace(/\\/g, "/");
 }
 function matchesGlob(pattern, filePath, cwd) {
   const normalizedPattern = normalizePath(pattern, cwd);
@@ -16584,11 +17755,11 @@ function formatRule(rule) {
 }
 async function writeFileAtomic(filePath, data) {
   const tmpPath = `${filePath}.${process.pid}.${Date.now()}.tmp`;
-  await fs8.promises.writeFile(tmpPath, data);
+  await fs9.promises.writeFile(tmpPath, data);
   try {
-    await fs8.promises.rename(tmpPath, filePath);
+    await fs9.promises.rename(tmpPath, filePath);
   } catch (error) {
-    await fs8.promises.rm(tmpPath, { force: true });
+    await fs9.promises.rm(tmpPath, { force: true });
     throw error;
   }
 }
@@ -16597,7 +17768,7 @@ async function loadSettingsFile(filePath) {
     return {};
   }
   try {
-    const content = await fs8.promises.readFile(filePath, "utf-8");
+    const content = await fs9.promises.readFile(filePath, "utf-8");
     return JSON.parse(content);
   } catch (error) {
     if (error instanceof Error && "code" in error && error.code === "ENOENT") {
@@ -16612,7 +17783,7 @@ async function loadSettingsFile(filePath) {
 }
 async function readSettingsFileForUpdate(filePath) {
   try {
-    const content = await fs8.promises.readFile(filePath, "utf-8");
+    const content = await fs9.promises.readFile(filePath, "utf-8");
     return JSON.parse(content);
   } catch (error) {
     if (error instanceof Error && "code" in error && error.code === "ENOENT") {
@@ -16658,11 +17829,11 @@ var SettingsManager = class {
     return this.initPromise;
   }
   getUserSettingsPath() {
-    const configDir = process.env.CLAUDE_CONFIG_DIR || path10.join(os4.homedir(), ".claude");
-    return path10.join(configDir, "settings.json");
+    const configDir = process.env.CLAUDE_CONFIG_DIR || path11.join(os5.homedir(), ".claude");
+    return path11.join(configDir, "settings.json");
   }
   getProjectSettingsPath() {
-    return path10.join(this.cwd, ".claude", "settings.json");
+    return path11.join(this.cwd, ".claude", "settings.json");
   }
   /**
    * Local settings are anchored to the primary worktree so every worktree of
@@ -16670,7 +17841,7 @@ var SettingsManager = class {
    * avoids re-prompting for the same permission in every worktree.
    */
   getLocalSettingsPath() {
-    return path10.join(this.repoRoot, ".claude", "settings.local.json");
+    return path11.join(this.repoRoot, ".claude", "settings.local.json");
   }
   async loadAllSettings() {
     this.repoRoot = await resolveMainRepoPath(this.cwd);
@@ -16728,8 +17899,8 @@ var SettingsManager = class {
         merged.model = settings.model;
       }
       if (settings.posthogApprovedExecTools) {
-        for (const tool of settings.posthogApprovedExecTools) {
-          posthogApprovedExecTools.add(tool);
+        for (const tool2 of settings.posthogApprovedExecTools) {
+          posthogApprovedExecTools.add(tool2);
         }
       }
     }
@@ -16797,7 +17968,7 @@ var SettingsManager = class {
       }
       permissions.allow = Array.from(current2);
       const next = { ...existing, permissions };
-      await fs8.promises.mkdir(path10.dirname(filePath), { recursive: true });
+      await fs9.promises.mkdir(path11.dirname(filePath), { recursive: true });
       await writeFileAtomic(filePath, `${JSON.stringify(next, null, 2)}
 `);
       this.localSettings = next;
@@ -16830,7 +18001,7 @@ var SettingsManager = class {
         ...existing,
         posthogApprovedExecTools: Array.from(current2)
       };
-      await fs8.promises.mkdir(path10.dirname(filePath), { recursive: true });
+      await fs9.promises.mkdir(path11.dirname(filePath), { recursive: true });
       await writeFileAtomic(filePath, `${JSON.stringify(next, null, 2)}
 `);
       this.localSettings = next;
@@ -16936,7 +18107,7 @@ var ClaudeAcpAgent = class extends BaseAcpAgent {
     };
   }
   async newSession(params) {
-    if (fs9.existsSync(path11.resolve(os5.homedir(), ".claude.json.backup")) && !fs9.existsSync(path11.resolve(os5.homedir(), ".claude.json"))) {
+    if (fs10.existsSync(path12.resolve(os6.homedir(), ".claude.json.backup")) && !fs10.existsSync(path12.resolve(os6.homedir(), ".claude.json"))) {
       throw RequestError2.authRequired();
     }
     const response = await this.createSession(params, {
@@ -17034,8 +18205,8 @@ var ClaudeAcpAgent = class extends BaseAcpAgent {
     if (this.session.promptRunning) {
       this.session.input.push(userMessage);
       const order = this.session.nextPendingOrder++;
-      const cancelled = await new Promise((resolve7) => {
-        this.session.pendingMessages.set(promptUuid, { resolve: resolve7, order });
+      const cancelled = await new Promise((resolve8) => {
+        this.session.pendingMessages.set(promptUuid, { resolve: resolve8, order });
       });
       if (cancelled) {
         return { stopReason: "cancelled" };
@@ -17557,7 +18728,8 @@ var ClaudeAcpAgent = class extends BaseAcpAgent {
     const { resume, forkSession } = creationOpts;
     const isResume = !!resume;
     const meta = params._meta;
-    const taskId = meta?.persistence?.taskId;
+    const taskId = resolveTaskId(meta);
+    const cloudRun = isCloudRun(meta);
     const effort = meta?.claudeCode?.options?.effort;
     let sessionId;
     if (forkSession) {
@@ -17572,6 +18744,17 @@ var ClaudeAcpAgent = class extends BaseAcpAgent {
     await settingsManager.initialize();
     const earlyModelId = settingsManager.getSettings().model || meta?.model || "";
     const mcpServers = supportsMcpInjection(earlyModelId) ? parseMcpServers(params) : {};
+    const localToolsServer = createLocalToolsMcpServer(
+      { cwd, token: resolveGithubToken(), taskId },
+      meta
+    );
+    if (localToolsServer) {
+      mcpServers[LOCAL_TOOLS_MCP_NAME] = localToolsServer;
+    } else if (cloudRun) {
+      this.logger.warn(
+        "Cloud run registered no local tools \u2014 missing GH_TOKEN/GITHUB_TOKEN? signed commits unavailable"
+      );
+    }
     const systemPrompt = buildSystemPrompt(meta?.systemPrompt);
     if (meta?.mcpToolApprovals) {
       setMcpToolApprovalStates(meta.mcpToolApprovals);
@@ -17607,7 +18790,8 @@ var ClaudeAcpAgent = class extends BaseAcpAgent {
       onProcessExited: this.options?.onProcessExited,
       effort,
       enrichmentDeps: this.enrichment?.deps,
-      enrichedReadCache: this.enrichedReadCache
+      enrichedReadCache: this.enrichedReadCache,
+      cloudMode: cloudRun
     });
     const abortController = options.abortController;
     const q = query({ prompt: input, options });
@@ -17939,7 +19123,7 @@ var ClaudeAcpAgent = class extends BaseAcpAgent {
    */
   deferBackgroundFetches(q) {
     Promise.all([
-      new Promise((resolve7) => setTimeout(resolve7, 10)).then(
+      new Promise((resolve8) => setTimeout(resolve8, 10)).then(
         () => this.sendAvailableCommandsUpdate()
       ),
       fetchMcpToolMetadata(q, this.logger).then(() => {
@@ -18217,9 +19401,9 @@ function resetUsage(state) {
 }
 
 // src/adapters/codex/settings.ts
-import * as fs10 from "fs";
-import * as os6 from "os";
-import * as path12 from "path";
+import * as fs11 from "fs";
+import * as os7 from "os";
+import * as path13 from "path";
 var CodexSettingsManager = class {
   cwd;
   settings = { mcpServerNames: [] };
@@ -18230,12 +19414,12 @@ var CodexSettingsManager = class {
   async initialize() {
   }
   getConfigPath() {
-    return path12.join(os6.homedir(), ".codex", "config.toml");
+    return path13.join(os7.homedir(), ".codex", "config.toml");
   }
   loadSettings() {
     const configPath = this.getConfigPath();
     try {
-      const content = fs10.readFileSync(configPath, "utf-8");
+      const content = fs11.readFileSync(configPath, "utf-8");
       this.settings = parseCodexToml(content, this.cwd);
     } catch {
       this.settings = { mcpServerNames: [] };
@@ -18293,7 +19477,7 @@ function parseCodexToml(content, cwd) {
 // src/adapters/codex/spawn.ts
 import { spawn as spawn4 } from "child_process";
 import { existsSync as existsSync4 } from "fs";
-import { delimiter, dirname as dirname5 } from "path";
+import { delimiter, dirname as dirname6 } from "path";
 function buildConfigArgs(options) {
   const args2 = [];
   args2.push("-c", `features.remote_models=false`);
@@ -18344,7 +19528,7 @@ function spawnCodexProcess(options) {
   }
   const { command, args: args2 } = findCodexBinary(options);
   if (options.binaryPath && existsSync4(options.binaryPath)) {
-    const binDir = dirname5(options.binaryPath);
+    const binDir = dirname6(options.binaryPath);
     env.PATH = `${binDir}${delimiter}${env.PATH ?? ""}`;
   }
   logger.info("Spawning codex-acp process", {
@@ -18449,8 +19633,7 @@ function getCurrentPermissionMode(currentModeId, fallbackMode) {
 var STRUCTURED_OUTPUT_INSTRUCTIONS = `
 
 When you have completed the task, call the \`${STRUCTURED_OUTPUT_TOOL_NAME}\` tool with the final structured result. The tool's input schema matches the required output format for this task. Do not describe the result in a plain message \u2014 submitting it via the tool is required for the task to be considered complete.`;
-function resolveStructuredOutputMcpScript() {
-  const rel = "adapters/codex/structured-output-mcp-server.js";
+function resolveBundledMcpScript(rel) {
   let dir = import.meta.dirname ?? __dirname;
   for (let i2 = 0; i2 < 5; i2++) {
     const candidate = resolvePath(dir, rel);
@@ -18462,7 +19645,9 @@ function resolveStructuredOutputMcpScript() {
   );
 }
 function buildStructuredOutputMcpServer(jsonSchema) {
-  const scriptPath = resolveStructuredOutputMcpScript();
+  const scriptPath = resolveBundledMcpScript(
+    "adapters/codex/structured-output-mcp-server.js"
+  );
   const schemaBase64 = Buffer.from(JSON.stringify(jsonSchema)).toString(
     "base64"
   );
@@ -18473,6 +19658,30 @@ function buildStructuredOutputMcpServer(jsonSchema) {
     env: [{ name: "POSTHOG_OUTPUT_SCHEMA", value: schemaBase64 }]
   };
 }
+function buildLocalToolsMcpServer(ctx, enabledNames) {
+  const scriptPath = resolveBundledMcpScript(
+    "adapters/codex/local-tools-mcp-server.js"
+  );
+  const ctxBase64 = Buffer.from(JSON.stringify(ctx)).toString("base64");
+  const env = [
+    { name: "POSTHOG_LOCAL_TOOLS_CTX", value: ctxBase64 },
+    { name: "POSTHOG_LOCAL_TOOLS_ENABLED", value: enabledNames.join(",") }
+  ];
+  if (ctx.token) {
+    env.push(
+      ...Object.entries(ghTokenEnv(ctx.token)).map(([name2, value]) => ({
+        name: name2,
+        value
+      }))
+    );
+  }
+  return {
+    name: LOCAL_TOOLS_MCP_NAME,
+    command: process.execPath,
+    args: [scriptPath],
+    env
+  };
+}
 var CodexAcpAgent = class extends BaseAcpAgent {
   adapterName = "codex";
   codexProcess;
@@ -18560,14 +19769,17 @@ var CodexAcpAgent = class extends BaseAcpAgent {
   async newSession(params) {
     const meta = params._meta;
     const requestedPermissionMode = toCodexPermissionMode(meta?.permissionMode);
-    const injectedParams = this.applyStructuredOutput(params, meta);
+    const injectedParams = this.applyLocalTools(
+      this.applyStructuredOutput(params, meta),
+      meta
+    );
     const response = await this.codexConnection.newSession(injectedParams);
     response.configOptions = normalizeCodexConfigOptions(
       response.configOptions
     );
     this.sessionState = createSessionState(response.sessionId, params.cwd, {
       taskRunId: meta?.taskRunId,
-      taskId: meta?.taskId ?? meta?.persistence?.taskId,
+      taskId: resolveTaskId(meta),
       modeId: response.modes?.currentModeId ?? "auto",
       modelId: response.models?.currentModelId,
       permissionMode: requestedPermissionMode
@@ -18594,7 +19806,10 @@ var CodexAcpAgent = class extends BaseAcpAgent {
   }
   async loadSession(params) {
     const meta = params._meta;
-    const injectedParams = this.applyStructuredOutput(params, meta);
+    const injectedParams = this.applyLocalTools(
+      this.applyStructuredOutput(params, meta),
+      meta
+    );
     const response = await this.codexConnection.loadSession(injectedParams);
     response.configOptions = normalizeCodexConfigOptions(
       response.configOptions
@@ -18605,7 +19820,7 @@ var CodexAcpAgent = class extends BaseAcpAgent {
     );
     this.sessionState = createSessionState(params.sessionId, params.cwd, {
       taskRunId: meta?.taskRunId,
-      taskId: meta?.taskId ?? meta?.persistence?.taskId,
+      taskId: resolveTaskId(meta),
       modeId: response.modes?.currentModeId ?? "auto",
       permissionMode: currentPermissionMode
     });
@@ -18622,13 +19837,16 @@ var CodexAcpAgent = class extends BaseAcpAgent {
   }
   async unstable_resumeSession(params) {
     const meta = params._meta;
-    const injectedParams = this.applyStructuredOutput(
-      {
-        sessionId: params.sessionId,
-        cwd: params.cwd,
-        mcpServers: params.mcpServers ?? [],
-        _meta: params._meta
-      },
+    const injectedParams = this.applyLocalTools(
+      this.applyStructuredOutput(
+        {
+          sessionId: params.sessionId,
+          cwd: params.cwd,
+          mcpServers: params.mcpServers ?? [],
+          _meta: params._meta
+        },
+        meta
+      ),
       meta
     );
     const loadResponse = await this.codexConnection.loadSession(injectedParams);
@@ -18641,7 +19859,7 @@ var CodexAcpAgent = class extends BaseAcpAgent {
     );
     this.sessionState = createSessionState(params.sessionId, params.cwd, {
       taskRunId: meta?.taskRunId,
-      taskId: meta?.taskId ?? meta?.persistence?.taskId,
+      taskId: resolveTaskId(meta),
       modeId: loadResponse.modes?.currentModeId ?? "auto",
       permissionMode: currentPermissionMode
     });
@@ -18662,12 +19880,15 @@ var CodexAcpAgent = class extends BaseAcpAgent {
   }
   async unstable_forkSession(params) {
     const meta = params._meta;
-    const injectedParams = this.applyStructuredOutput(
-      {
-        cwd: params.cwd,
-        mcpServers: params.mcpServers ?? [],
-        _meta: params._meta
-      },
+    const injectedParams = this.applyLocalTools(
+      this.applyStructuredOutput(
+        {
+          cwd: params.cwd,
+          mcpServers: params.mcpServers ?? [],
+          _meta: params._meta
+        },
+        meta
+      ),
       meta
     );
     const newResponse = await this.codexConnection.newSession(injectedParams);
@@ -18677,7 +19898,7 @@ var CodexAcpAgent = class extends BaseAcpAgent {
     const requestedPermissionMode = toCodexPermissionMode(meta?.permissionMode);
     this.sessionState = createSessionState(newResponse.sessionId, params.cwd, {
       taskRunId: meta?.taskRunId,
-      taskId: meta?.taskId ?? meta?.persistence?.taskId,
+      taskId: resolveTaskId(meta),
       modeId: newResponse.modes?.currentModeId ?? "auto",
       permissionMode: requestedPermissionMode
     });
@@ -18714,6 +19935,41 @@ var CodexAcpAgent = class extends BaseAcpAgent {
       }
     };
   }
+  /**
+   * Injects the stdio general local-tools MCP server. Tools self-gate via the
+   * registry (e.g. signed-commit is cloud-only and needs a GH token), so the
+   * server is only injected when at least one tool's gate passes. Their
+   * instructions already live in the shared cloud system prompt, so only the
+   * server needs injecting here.
+   */
+  applyLocalTools(request, meta) {
+    const cwd = request.cwd;
+    if (!cwd) {
+      return request;
+    }
+    const ctx = {
+      cwd,
+      token: resolveGithubToken(),
+      taskId: resolveTaskId(meta)
+    };
+    const tools = enabledLocalTools(ctx, meta);
+    if (tools.length === 0) {
+      if (isCloudRun(meta)) {
+        this.logger.warn(
+          "Cloud run registered no local tools \u2014 missing GH_TOKEN/GITHUB_TOKEN? signed commits unavailable"
+        );
+      }
+      return request;
+    }
+    const mcpServer = buildLocalToolsMcpServer(
+      ctx,
+      tools.map((t) => t.name)
+    );
+    return {
+      ...request,
+      mcpServers: [...request.mcpServers ?? [], mcpServer]
+    };
+  }
   async applyInitialPermissionMode(sessionId, permissionMode, currentModeId) {
     if (!permissionMode) {
       return;
@@ -19085,20 +20341,20 @@ function createCodexConnection(config) {
 }
 
 // src/handoff-checkpoint.ts
-import { mkdtemp as mkdtemp2, readFile as readFile4, rm as rm4, writeFile as writeFile2 } from "fs/promises";
+import { mkdtemp as mkdtemp2, readFile as readFile4, rm as rm5, writeFile as writeFile2 } from "fs/promises";
 import { tmpdir as tmpdir2 } from "os";
-import { dirname as dirname6, join as join10 } from "path";
+import { dirname as dirname7, join as join11 } from "path";
 
 // ../git/dist/handoff.js
 import { spawn as spawn5 } from "child_process";
-import { copyFile, mkdtemp, readFile as readFile3, rm as rm3, stat as stat3 } from "fs/promises";
+import { copyFile as copyFile2, mkdtemp, readFile as readFile3, rm as rm4, stat as stat3 } from "fs/promises";
 import { tmpdir } from "os";
-import path14 from "path";
+import path15 from "path";
 
 // ../git/dist/sagas/checkpoint.js
 import { randomUUID as randomUUID2 } from "crypto";
-import * as fs11 from "fs/promises";
-import * as path13 from "path";
+import * as fs12 from "fs/promises";
+import * as path14 from "path";
 
 // ../shared/dist/index.js
 var CLOUD_PROMPT_PREFIX = "__twig_cloud_prompt_v1__:";
@@ -19384,7 +20640,7 @@ async function createWorktreeTree(git, baseDir, head) {
     const treeHash = await tempGit.raw(["write-tree"]);
     return treeHash.trim();
   } finally {
-    await fs11.rm(tempIndexPath, { force: true }).catch(() => {
+    await fs12.rm(tempIndexPath, { force: true }).catch(() => {
     });
   }
 }
@@ -19482,7 +20738,7 @@ async function createMetaTree(git, baseDir, indexTree, worktreeTree) {
     const metaTree = await tempGit.raw(["write-tree"]);
     return metaTree.trim();
   } finally {
-    await fs11.rm(tempIndexPath, { force: true }).catch(() => {
+    await fs12.rm(tempIndexPath, { force: true }).catch(() => {
     });
   }
 }
@@ -19499,12 +20755,12 @@ function formatCheckpointMessage(meta) {
 async function getGitCommonDir(git, baseDir) {
   const raw = await git.raw(["rev-parse", "--git-common-dir"]);
   const dir = raw.trim() || ".git";
-  return path13.isAbsolute(dir) ? dir : path13.resolve(baseDir, dir);
+  return path14.isAbsolute(dir) ? dir : path14.resolve(baseDir, dir);
 }
 async function createTempIndexGit(git, baseDir, label) {
-  const tmpDir = path13.join(await getGitCommonDir(git, baseDir), "posthog-code-tmp");
-  await fs11.mkdir(tmpDir, { recursive: true });
-  const tempIndexPath = path13.join(tmpDir, `${label}-${Date.now()}-${randomUUID2()}`);
+  const tmpDir = path14.join(await getGitCommonDir(git, baseDir), "posthog-code-tmp");
+  await fs12.mkdir(tmpDir, { recursive: true });
+  const tempIndexPath = path14.join(tmpDir, `${label}-${Date.now()}-${randomUUID2()}`);
   const tempGit = createGitClient(baseDir).env({
     ...process.env,
     GIT_INDEX_FILE: tempIndexPath
@@ -19559,7 +20815,7 @@ var GitHandoffTracker = class {
         packBaseline ? `^${packBaseline}` : null
       ].filter((ref) => !!ref);
       const headRef = checkpoint.head ? `${HANDOFF_HEAD_REF_PREFIX}${checkpoint.checkpointId}` : void 0;
-      const packPrefix = path14.join(tempDir, checkpoint.checkpointId);
+      const packPrefix = path15.join(tempDir, checkpoint.checkpointId);
       const [headPack, indexFile, tracking] = await Promise.all([
         this.captureObjectPack(packPrefix, packRefs),
         this.statFileArtifact(reconciledIndex.indexFilePath),
@@ -19628,14 +20884,14 @@ var GitHandoffTracker = class {
 `);
     const packPath = `${packPrefix}-${hash.trim()}.pack`;
     const rawBytes = await this.getFileSize(packPath);
-    await rm3(`${packPath}.idx`, { force: true }).catch(() => {
+    await rm4(`${packPath}.idx`, { force: true }).catch(() => {
     });
     return { path: packPath, rawBytes };
   }
   async reconcileHandoffIndex(git, head, indexTree, tempDir, checkpointId) {
     const realIndexPath = await this.getGitPath(git, "index");
-    const tempIndexPath = path14.join(tempDir, `${checkpointId}.index`);
-    await copyFile(realIndexPath, tempIndexPath);
+    const tempIndexPath = path15.join(tempDir, `${checkpointId}.index`);
+    await copyFile2(realIndexPath, tempIndexPath);
     const largePaths = await this.listLargeBlobsInTree(indexTree, MAX_HANDOFF_FILE_BYTES);
     if (largePaths.length === 0) {
       return { indexTree, indexFilePath: tempIndexPath };
@@ -19718,7 +20974,7 @@ var GitHandoffTracker = class {
   }
   async restoreIndexFile(git, indexPath) {
     const gitIndexPath = await this.getGitPath(git, "index");
-    await copyFile(indexPath, gitIndexPath);
+    await copyFile2(indexPath, gitIndexPath);
   }
   async unpackPackFile(packPath) {
     const content = await readFile3(packPath);
@@ -19856,7 +21112,7 @@ var GitHandoffTracker = class {
   async getGitPath(git, gitPath) {
     const raw = await git.raw(["rev-parse", "--git-path", gitPath]);
     const resolved = raw.trim();
-    return path14.isAbsolute(resolved) ? resolved : path14.resolve(this.repositoryPath, resolved);
+    return path15.isAbsolute(resolved) ? resolved : path15.resolve(this.repositoryPath, resolved);
   }
   async getFileSize(filePath) {
     return (await stat3(filePath)).size;
@@ -19869,7 +21125,7 @@ var GitHandoffTracker = class {
     await this.runGitProcess(args2, input);
   }
   async runGitProcessAllowingFailure(args2) {
-    return new Promise((resolve7, reject) => {
+    return new Promise((resolve8, reject) => {
       const child = spawn5("git", args2, {
         cwd: this.repositoryPath,
         stdio: ["ignore", "ignore", "pipe"]
@@ -19888,12 +21144,12 @@ var GitHandoffTracker = class {
           reject(new Error(stderr || `git ${args2.join(" ")} failed with code ${code}`));
           return;
         }
-        resolve7(code);
+        resolve8(code);
       });
     });
   }
   async runGitWithEnv(env, args2) {
-    return new Promise((resolve7, reject) => {
+    return new Promise((resolve8, reject) => {
       const child = spawn5("git", args2, {
         cwd: this.repositoryPath,
         stdio: ["ignore", "pipe", "pipe"],
@@ -19910,7 +21166,7 @@ var GitHandoffTracker = class {
       child.on("error", reject);
       child.on("close", (code) => {
         if (code === 0) {
-          resolve7(stdout);
+          resolve8(stdout);
           return;
         }
         reject(new Error(stderr || `git ${args2.join(" ")} failed with code ${code}`));
@@ -19918,7 +21174,7 @@ var GitHandoffTracker = class {
     });
   }
   runGitProcess(args2, input) {
-    return new Promise((resolve7, reject) => {
+    return new Promise((resolve8, reject) => {
       const child = spawn5("git", args2, {
         cwd: this.repositoryPath,
         stdio: "pipe"
@@ -19934,7 +21190,7 @@ var GitHandoffTracker = class {
       child.on("error", reject);
       child.on("close", (code) => {
         if (code === 0) {
-          resolve7({ stdout, stderr });
+          resolve8({ stdout, stderr });
           return;
         }
         reject(new Error(stderr || `git ${args2.join(" ")} failed with code ${code}`));
@@ -19946,7 +21202,7 @@ var GitHandoffTracker = class {
   }
 };
 function joinTempPrefix(checkpointId) {
-  return path14.join(tmpdir(), `posthog-code-handoff-${checkpointId}-`);
+  return path15.join(tmpdir(), `posthog-code-handoff-${checkpointId}-`);
 }
 async function getCurrentBranchName(git) {
   try {
@@ -20034,10 +21290,10 @@ var HandoffCheckpointTracker = class {
         indexArtifactPath: uploads.index?.storagePath
       };
     } finally {
-      const tempDir = capture.headPack?.path ? dirname6(capture.headPack.path) : dirname6(capture.indexFile.path);
+      const tempDir = capture.headPack?.path ? dirname7(capture.headPack.path) : dirname7(capture.indexFile.path);
       await this.removeIfPresent(capture.headPack?.path);
       await this.removeIfPresent(capture.indexFile.path);
-      await rm4(tempDir, { recursive: true, force: true }).catch(() => {
+      await rm5(tempDir, { recursive: true, force: true }).catch(() => {
       });
     }
   }
@@ -20049,10 +21305,10 @@ var HandoffCheckpointTracker = class {
     }
     const gitTracker = this.createGitTracker();
     const tmpDir = await mkdtemp2(
-      join10(tmpdir2(), `posthog-code-handoff-${checkpoint.checkpointId}-`)
+      join11(tmpdir2(), `posthog-code-handoff-${checkpoint.checkpointId}-`)
     );
-    const packPath = join10(tmpDir, `${checkpoint.checkpointId}.pack`);
-    const indexPath = join10(tmpDir, `${checkpoint.checkpointId}.index`);
+    const packPath = join11(tmpDir, `${checkpoint.checkpointId}.pack`);
+    const indexPath = join11(tmpDir, `${checkpoint.checkpointId}.index`);
     try {
       const downloads = await this.downloadArtifacts([
         {
@@ -20084,7 +21340,7 @@ var HandoffCheckpointTracker = class {
     } finally {
       await this.removeIfPresent(packPath);
       await this.removeIfPresent(indexPath);
-      await rm4(tmpDir, { recursive: true, force: true }).catch(() => {
+      await rm5(tmpDir, { recursive: true, force: true }).catch(() => {
       });
     }
   }
@@ -20215,7 +21471,7 @@ var HandoffCheckpointTracker = class {
     if (!filePath) {
       return;
     }
-    await rm4(filePath, { force: true }).catch(() => {
+    await rm5(filePath, { force: true }).catch(() => {
     });
   }
 };
@@ -20462,9 +21718,9 @@ function extractCreatedPrUrl(input) {
 
 // src/adapters/claude/session/jsonl-hydration.ts
 import { randomUUID as randomUUID3 } from "crypto";
-import * as fs12 from "fs/promises";
-import * as os7 from "os";
-import * as path15 from "path";
+import * as fs13 from "fs/promises";
+import * as os8 from "os";
+import * as path16 from "path";
 var CHARS_PER_TOKEN = 4;
 var DEFAULT_MAX_TOKENS = 15e4;
 function estimateTurnTokens(turn) {
@@ -20771,9 +22027,9 @@ ${toolSummary}`);
 }
 
 // src/session-log-writer.ts
-import fs13 from "fs";
+import fs14 from "fs";
 import fsp from "fs/promises";
-import path16 from "path";
+import path17 from "path";
 var SessionLogWriter = class _SessionLogWriter {
   static FLUSH_DEBOUNCE_MS = 500;
   static FLUSH_MAX_INTERVAL_MS = 5e3;
@@ -20809,13 +22065,13 @@ var SessionLogWriter = class _SessionLogWriter {
     this.sessions.set(sessionId, { context, currentTurnMessages: [] });
     this.lastFlushAttemptTime.set(sessionId, Date.now());
     if (this.localCachePath) {
-      const sessionDir = path16.join(
+      const sessionDir = path17.join(
         this.localCachePath,
         "sessions",
         context.runId
       );
       try {
-        fs13.mkdirSync(sessionDir, { recursive: true });
+        fs14.mkdirSync(sessionDir, { recursive: true });
       } catch (error) {
         this.logger.warn("Failed to create local cache directory", {
           sessionDir,
@@ -21067,14 +22323,14 @@ var SessionLogWriter = class _SessionLogWriter {
     if (!this.localCachePath) return;
     const session = this.sessions.get(sessionId);
     if (!session) return;
-    const logPath = path16.join(
+    const logPath = path17.join(
       this.localCachePath,
       "sessions",
       session.context.runId,
       "logs.ndjson"
     );
     try {
-      fs13.appendFileSync(logPath, `${JSON.stringify(entry)}
+      fs14.appendFileSync(logPath, `${JSON.stringify(entry)}
 `);
     } catch (error) {
       this.logger.warn("Failed to write to local cache", {
@@ -21086,13 +22342,13 @@ var SessionLogWriter = class _SessionLogWriter {
     }
   }
   static async cleanupOldSessions(localCachePath) {
-    const sessionsDir = path16.join(localCachePath, "sessions");
+    const sessionsDir = path17.join(localCachePath, "sessions");
     let deleted = 0;
     try {
       const entries = await fsp.readdir(sessionsDir);
       const now = Date.now();
       for (const entry of entries) {
-        const entryPath = path16.join(sessionsDir, entry);
+        const entryPath = path17.join(sessionsDir, entry);
         try {
           const stats = await fsp.stat(entryPath);
           if (stats.isDirectory() && now - stats.birthtimeMs > _SessionLogWriter.SESSIONS_MAX_AGE_MS) {
@@ -21109,11 +22365,11 @@ var SessionLogWriter = class _SessionLogWriter {
 };
 
 // src/server/agentsh-runtime.ts
-import { execFile as execFile2 } from "child_process";
+import { execFile as execFile5 } from "child_process";
 import { readFile as readFile5 } from "fs/promises";
 import { promisify as promisify2 } from "util";
 var AGENTSH_SESSION_ID_FILE = "/tmp/agentsh-session-id";
-var execFileAsync2 = promisify2(execFile2);
+var execFileAsync2 = promisify2(execFile5);
 function errorMessage(error) {
   return error instanceof Error ? error.message : String(error);
 }
@@ -21130,7 +22386,7 @@ async function getAgentshVersion() {
 }
 async function resolveAgentshRuntimeInfo({
   sessionIdPath = AGENTSH_SESSION_ID_FILE,
-  readSessionId = async (path17) => readFile5(path17, "utf8"),
+  readSessionId = async (path18) => readFile5(path18, "utf8"),
   getVersion = getAgentshVersion
 } = {}) {
   let sessionId;
@@ -21184,20 +22440,20 @@ function normalizeCloudPromptContent(content) {
 
 // src/server/jwt.ts
 import jwt from "jsonwebtoken";
-import { z as z2 } from "zod";
+import { z as z3 } from "zod";
 var SANDBOX_CONNECTION_AUDIENCE = "posthog:sandbox_connection";
-var userDataSchema = z2.object({
-  run_id: z2.string(),
-  task_id: z2.string(),
-  team_id: z2.number(),
-  user_id: z2.number(),
-  distinct_id: z2.string(),
-  mode: z2.enum(["interactive", "background"]).optional().default("interactive")
+var userDataSchema = z3.object({
+  run_id: z3.string(),
+  task_id: z3.string(),
+  team_id: z3.number(),
+  user_id: z3.number(),
+  distinct_id: z3.string(),
+  mode: z3.enum(["interactive", "background"]).optional().default("interactive")
 });
 var jwtPayloadSchema = userDataSchema.extend({
-  exp: z2.number(),
-  iat: z2.number().optional(),
-  aud: z2.string().optional()
+  exp: z3.number(),
+  iat: z3.number().optional(),
+  aud: z3.string().optional()
 });
 var JwtValidationError = class extends Error {
   constructor(message, code) {
@@ -21235,49 +22491,49 @@ function validateJwt(token, publicKey) {
 }
 
 // src/server/schemas.ts
-import { z as z3 } from "zod/v4";
-var httpHeaderSchema = z3.object({
-  name: z3.string(),
-  value: z3.string()
+import { z as z4 } from "zod/v4";
+var httpHeaderSchema = z4.object({
+  name: z4.string(),
+  value: z4.string()
 });
-var nullishString = z3.string().nullish().transform((value) => value ?? null);
-var handoffLocalGitStateSchema = z3.object({
+var nullishString = z4.string().nullish().transform((value) => value ?? null);
+var handoffLocalGitStateSchema = z4.object({
   head: nullishString,
   branch: nullishString,
   upstreamHead: nullishString,
   upstreamRemote: nullishString,
   upstreamMergeRef: nullishString
 });
-var remoteMcpServerSchema = z3.object({
-  type: z3.enum(["http", "sse"]),
-  name: z3.string().min(1, "MCP server name is required"),
-  url: z3.url({ error: "MCP server url must be a valid URL" }),
-  headers: z3.array(httpHeaderSchema).default([])
+var remoteMcpServerSchema = z4.object({
+  type: z4.enum(["http", "sse"]),
+  name: z4.string().min(1, "MCP server name is required"),
+  url: z4.url({ error: "MCP server url must be a valid URL" }),
+  headers: z4.array(httpHeaderSchema).default([])
 });
-var mcpServersSchema = z3.array(remoteMcpServerSchema);
-var claudeCodeConfigSchema = z3.object({
-  systemPrompt: z3.union([
-    z3.string(),
-    z3.object({
-      type: z3.literal("preset"),
-      preset: z3.literal("claude_code"),
-      append: z3.string().optional()
+var mcpServersSchema = z4.array(remoteMcpServerSchema);
+var claudeCodeConfigSchema = z4.object({
+  systemPrompt: z4.union([
+    z4.string(),
+    z4.object({
+      type: z4.literal("preset"),
+      preset: z4.literal("claude_code"),
+      append: z4.string().optional()
     })
   ]).optional(),
-  plugins: z3.array(z3.object({ type: z3.literal("local"), path: z3.string() })).optional()
+  plugins: z4.array(z4.object({ type: z4.literal("local"), path: z4.string() })).optional()
 });
-var jsonRpcRequestSchema = z3.object({
-  jsonrpc: z3.literal("2.0"),
-  method: z3.string(),
-  params: z3.record(z3.string(), z3.unknown()).optional(),
-  id: z3.union([z3.string(), z3.number()]).optional()
+var jsonRpcRequestSchema = z4.object({
+  jsonrpc: z4.literal("2.0"),
+  method: z4.string(),
+  params: z4.record(z4.string(), z4.unknown()).optional(),
+  id: z4.union([z4.string(), z4.number()]).optional()
 });
-var userMessageParamsSchema = z3.object({
-  content: z3.union([
-    z3.string().min(1, "Content is required"),
-    z3.array(z3.record(z3.string(), z3.unknown())).min(1, "Content is required")
+var userMessageParamsSchema = z4.object({
+  content: z4.union([
+    z4.string().min(1, "Content is required"),
+    z4.array(z4.record(z4.string(), z4.unknown())).min(1, "Content is required")
   ]).optional(),
-  artifacts: z3.array(z3.record(z3.string(), z3.unknown())).optional()
+  artifacts: z4.array(z4.record(z4.string(), z4.unknown())).optional()
 }).refine(
   (params) => {
     const hasContent = typeof params.content === "string" ? params.content.trim().length > 0 : Array.isArray(params.content) && params.content.length > 0;
@@ -21286,27 +22542,27 @@ var userMessageParamsSchema = z3.object({
   },
   { error: "Either content or artifacts are required" }
 );
-var permissionResponseParamsSchema = z3.object({
-  requestId: z3.string().min(1, "requestId is required"),
-  optionId: z3.string().min(1, "optionId is required"),
-  customInput: z3.string().optional(),
-  answers: z3.record(z3.string(), z3.string()).optional()
+var permissionResponseParamsSchema = z4.object({
+  requestId: z4.string().min(1, "requestId is required"),
+  optionId: z4.string().min(1, "optionId is required"),
+  customInput: z4.string().optional(),
+  answers: z4.record(z4.string(), z4.string()).optional()
 });
-var setConfigOptionParamsSchema = z3.object({
-  configId: z3.string().min(1, "configId is required"),
-  value: z3.string().min(1, "value is required")
+var setConfigOptionParamsSchema = z4.object({
+  configId: z4.string().min(1, "configId is required"),
+  value: z4.string().min(1, "value is required")
 });
-var refreshSessionParamsSchema = z3.object({
+var refreshSessionParamsSchema = z4.object({
   mcpServers: mcpServersSchema
 });
-var closeParamsSchema = z3.object({
+var closeParamsSchema = z4.object({
   localGitState: handoffLocalGitStateSchema.optional()
 }).optional();
 var commandParamsSchemas = {
   user_message: userMessageParamsSchema,
   "posthog/user_message": userMessageParamsSchema,
-  cancel: z3.object({}).optional(),
-  "posthog/cancel": z3.object({}).optional(),
+  cancel: z4.object({}).optional(),
+  "posthog/cancel": z4.object({}).optional(),
   close: closeParamsSchema,
   "posthog/close": closeParamsSchema,
   permission_response: permissionResponseParamsSchema,
@@ -21330,7 +22586,7 @@ function validateCommandParams(method, params) {
 }
 
 // src/server/agent-server.ts
-var agentErrorClassificationSchema = z4.enum([
+var agentErrorClassificationSchema = z5.enum([
   "upstream_stream_terminated",
   "upstream_connection_error",
   "upstream_provider_failure",
@@ -21342,8 +22598,8 @@ var upstreamProviderFailureClassifications = /* @__PURE__ */ new Set([
   "upstream_connection_error",
   "upstream_provider_failure"
 ]);
-var errorWithClassificationSchema = z4.object({
-  data: z4.object({ classification: agentErrorClassificationSchema })
+var errorWithClassificationSchema = z5.object({
+  data: z5.object({ classification: agentErrorClassificationSchema })
 });
 var SSE_KEEPALIVE_INTERVAL_MS = 25e3;
 var NdJsonTap = class {
@@ -21664,7 +22920,7 @@ var AgentServer = class {
     return app;
   }
   async start() {
-    await new Promise((resolve7) => {
+    await new Promise((resolve8) => {
       this.server = serve(
         {
           fetch: this.app.fetch,
@@ -21674,7 +22930,7 @@ var AgentServer = class {
           this.logger.debug(
             `HTTP server listening on port ${this.config.port}`
           );
-          resolve7();
+          resolve8();
         }
       );
     });
@@ -22000,6 +23256,7 @@ var AgentServer = class {
       _meta: {
         sessionId: payload.run_id,
         taskRunId: payload.run_id,
+        taskId: payload.task_id,
         systemPrompt: sessionSystemPrompt,
         ...this.config.model && { model: this.config.model },
         allowedDomains: this.config.allowedDomains,
@@ -22393,15 +23650,15 @@ Continue from where you left off. The user is waiting for your response.`
       throw new Error(`Failed to download artifact ${artifact.name}`);
     }
     const safeName = this.getSafeArtifactName(artifact.name);
-    const artifactDir = join12(
+    const artifactDir = join13(
       this.config.repositoryPath ?? "/tmp/workspace",
       ".posthog",
       "attachments",
       runId,
       artifact.id ?? safeName
     );
-    await mkdir4(artifactDir, { recursive: true });
-    const artifactPath = join12(artifactDir, safeName);
+    await mkdir5(artifactDir, { recursive: true });
+    const artifactPath = join13(artifactDir, safeName);
     await writeFile4(artifactPath, Buffer.from(data));
     return resourceLink(pathToFileURL(artifactPath).toString(), artifact.name, {
       ...artifact.content_type ? { mimeType: artifact.content_type } : {},
@@ -22409,7 +23666,7 @@ Continue from where you left off. The user is waiting for your response.`
     });
   }
   getSafeArtifactName(name2) {
-    const baseName = basename2(name2).trim();
+    const baseName = basename3(name2).trim();
     const normalizedName = baseName.replace(/[^\w.-]/g, "_");
     return normalizedName.length > 0 ? normalizedName : "attachment";
   }
@@ -22483,24 +23740,21 @@ You MUST NOT create a new branch, close the existing PR, or create a new PR.`;
   buildCloudSystemPrompt(prUrl) {
     const taskId = this.config.taskId;
     const shouldAutoCreatePr = this.shouldAutoPublishCloudChanges();
-    const attributionInstructions = `
-## Attribution
-Do NOT use Claude Code's default attribution (no "Co-Authored-By" trailers, no "Generated with [Claude Code]" lines).
+    const signedCommitInstructions = `
+## Committing (signed commits required)
+Commits MUST be signed. \`git commit\` and \`git push\` are blocked in this environment.
+To commit: stage your changes with \`git add\`, then call the \`git_signed_commit\` tool (full
+name \`${SIGNED_COMMIT_QUALIFIED_TOOL_NAME}\`) with a \`message\` (and optional \`body\`/\`paths\`).
+It creates a GitHub-signed ("Verified") commit on the branch and keeps your local checkout in
+sync. To start a new branch, pass \`branch\` (prefixed with \`posthog-code/\`) \u2014 the tool creates
+it on the remote for you.
 
-If you create a commit, add the following trailers to the commit message (after a blank line at the end):
+## Attribution
+Do NOT add "Co-Authored-By" trailers or "Generated with [Claude Code]" lines to your
+commit messages. The \`git_signed_commit\` tool automatically appends the only trailers
+we want:
   Generated-By: PostHog Code
-  Task-Id: ${taskId}
-
-Example:
-\`\`\`
-git commit -m "$(cat <<'EOF'
-fix: resolve login redirect loop
-
-Generated-By: PostHog Code
-Task-Id: ${taskId}
-EOF
-)"
-\`\`\``;
+  Task-Id: ${taskId}`;
     if (prUrl) {
       if (!shouldAutoCreatePr) {
         return `
@@ -22513,7 +23767,7 @@ Do the requested work, but stop with local changes ready for review.
 Important:
 - Do NOT create new commits, push to the branch, or update the pull request unless the user explicitly asks.
 - Do NOT create a new branch or a new pull request.
-${attributionInstructions}
+${signedCommitInstructions}
 `;
       }
       return `
@@ -22523,9 +23777,8 @@ This task already has an open pull request: ${prUrl}
 
 After completing the requested changes:
 1. Check out the existing PR branch with \`gh pr checkout ${prUrl}\`
-2. Stage and commit all changes with a clear commit message
-3. Push to the existing PR branch
-4. For every PR review comment or review thread you addressed, treat the thread as done only after BOTH of these:
+2. Stage your changes with \`git add\`, then call the \`git_signed_commit\` tool with a clear \`message\` (do NOT use \`git commit\`/\`git push\` \u2014 they are blocked). This commits to the existing PR branch.
+3. For every PR review comment or review thread you addressed, treat the thread as done only after BOTH of these:
    - Reply on the thread with a short note describing what changed (reference the commit SHA when useful) using \`gh api -X POST /repos/{owner}/{repo}/pulls/{n}/comments/{id}/replies -f body='...'\`.
    - Resolve the thread via the \`resolveReviewThread\` GraphQL mutation: \`gh api graphql -f query='mutation($id:ID!){resolveReviewThread(input:{threadId:$id}){thread{isResolved}}}' -f id="<thread-node-id>"\`.
    List unresolved threads first with \`gh api graphql -f query='{repository(owner:"<owner>",name:"<repo>"){pullRequest(number:<n>){reviewThreads(first:100){nodes{id isResolved comments(first:1){nodes{body}}}}}}}'\` so you can resolve each one you fixed.
@@ -22533,7 +23786,7 @@ After completing the requested changes:
 Important:
 - Do NOT create a new branch or a new pull request.
 - Do NOT push fixes for review comments without replying to and resolving each related thread.
-${attributionInstructions}
+${signedCommitInstructions}
 `;
     }
     if (!this.config.repositoryPath) {
@@ -22544,7 +23797,7 @@ When the user asks for code changes:
 When the user explicitly asks to clone or work in a GitHub repository:
 - Clone the repository into /tmp/workspace/repos/<owner>/<repo> using \`gh repo clone <owner>/<repo> /tmp/workspace/repos/<owner>/<repo>\`
 - Work from inside that cloned repository for follow-up code changes
-- If the user explicitly asks you to open or update a pull request, create a branch, commit the requested changes, push it, and open a draft pull request from inside the clone. Before opening the PR, check the cloned repo for a PR template at \`.github/pull_request_template.md\` (or variants; fall back to the org's \`.github\` repo via \`gh api\`) and use it as the body structure, and search for matching open issues with \`gh issue list --search\` to include \`Closes #<n>\` / \`Refs #<n>\` links.
+- If the user explicitly asks you to open or update a pull request, create a branch, stage your changes with \`git add\` and commit them with the \`git_signed_commit\` tool (do NOT use \`git commit\`/\`git push\` \u2014 they are blocked), and open a draft pull request from inside the clone. Before opening the PR, check the cloned repo for a PR template at \`.github/pull_request_template.md\` (or variants; fall back to the org's \`.github\` repo via \`gh api\`) and use it as the body structure, and search for matching open issues with \`gh issue list --search\` to include \`Closes #<n>\` / \`Refs #<n>\` links.
 - Do NOT create branches, commits, push changes, or open pull requests unless the user explicitly asks for that`;
       return `
 # Cloud Task Execution \u2014 No Repository Mode
@@ -22563,7 +23816,7 @@ ${publishInstructions}
 
 Important:
 - Prefer using MCP tools to answer questions with real data over giving generic advice.
-${attributionInstructions}
+${signedCommitInstructions}
 `;
     }
     if (!shouldAutoCreatePr) {
@@ -22574,21 +23827,20 @@ Do the requested work, but stop with local changes ready for review.
 
 Important:
 - Do NOT create a branch, commit, push, or open a pull request unless the user explicitly asks.
-${attributionInstructions}
+${signedCommitInstructions}
 `;
     }
     return `
 # Cloud Task Execution
 
 After completing the requested changes:
-1. Create a new branch prefixed with \`posthog-code/\` (e.g. \`posthog-code/fix-login-redirect\`) based on the work done
-2. Stage and commit all changes with a clear commit message
-3. Push the branch to origin
-4. Before opening the PR, prepare the body:
+1. Pick a new branch name prefixed with \`posthog-code/\` (e.g. \`posthog-code/fix-login-redirect\`)
+2. Stage your changes with \`git add\`, then call the \`git_signed_commit\` tool with \`branch\` set to that name and a clear \`message\` (do NOT use \`git commit\`/\`git push\` \u2014 they are blocked). The tool creates the branch on the remote and a signed commit on it.
+3. Before opening the PR, prepare the body:
    - Check the repo for a PR template at \`.github/pull_request_template.md\` (also try \`.github/PULL_REQUEST_TEMPLATE.md\`, \`docs/pull_request_template.md\`, and root variants). If one exists, use its exact section headings as the PR body \u2014 do NOT fall back to a generic Summary/Test plan format.
    - If no repo-level template exists, check the org's \`.github\` repo via \`gh api /repos/<owner>/.github/contents/.github/pull_request_template.md\` (and other common paths) and use that as a fallback.
    - Search for matching open issues with \`gh issue list --state open --search '<keywords>'\` (derive keywords from the branch name, commits, and changed files; \`gh issue view <n>\` to confirm relevance). For every issue this PR would resolve, include a \`Closes #<n>\` line in the body so GitHub auto-links and auto-closes it on merge. For issues that are related but not fully resolved, use \`Refs #<n>\` instead.
-5. Create a draft pull request using \`gh pr create --draft${this.config.baseBranch ? ` --base ${this.config.baseBranch}` : ""}\` with a descriptive title and the body prepared above. Add the following footer at the end of the PR description:
+4. Create a draft pull request using \`gh pr create --draft${this.config.baseBranch ? ` --base ${this.config.baseBranch}` : ""}\` with a descriptive title and the body prepared above. Add the following footer at the end of the PR description:
 \`\`\`
 ---
 *Created with [PostHog Code](https://posthog.com/code?ref=pr)*
@@ -22596,7 +23848,7 @@ After completing the requested changes:
 
 Important:
 - Always create the PR as a draft. Do not ask for confirmation.
-${attributionInstructions}
+${signedCommitInstructions}
 `;
   }
   async getCurrentGitBranch() {
@@ -23052,8 +24304,8 @@ ${attributionInstructions}
       options: params.options,
       toolCall: params.toolCall
     });
-    return new Promise((resolve7) => {
-      this.pendingPermissions.set(requestId, { resolve: resolve7 });
+    return new Promise((resolve8) => {
+      this.pendingPermissions.set(requestId, { resolve: resolve8 });
     });
   }
   resolvePermission(requestId, optionId, customInput, answers) {
@@ -23075,4 +24327,17 @@ export {
   SSE_KEEPALIVE_INTERVAL_MS,
   UPSTREAM_PROVIDER_FAILURE_MESSAGE
 };
+/*! Bundled license information:
+
+git-url-parse/lib/index.js:
+  (*!
+   * buildToken
+   * Builds OAuth token prefix (helper function)
+   *
+   * @name buildToken
+   * @function
+   * @param {GitUrl} obj The parsed Git url object.
+   * @return {String} token prefix
+   *)
+*/
 //# sourceMappingURL=agent-server.js.map