@probelabs/probe 0.6.0-rc186 → 0.6.0-rc187

package/build/agent/ProbeAgent.d.ts

@@ -19,6 +19,21 @@ export interface ProbeAgentOptions {
   allowEdit?: boolean;
   /** Enable the delegate tool for task distribution to subagents */
   enableDelegate?: boolean;
+  /** Enable bash tool for command execution */
+  enableBash?: boolean;
+  /** Bash tool configuration (allow/deny patterns) */
+  bashConfig?: {
+    /** Additional allowed command patterns */
+    allow?: string[];
+    /** Additional denied command patterns */
+    deny?: string[];
+    /** Disable default allow list */
+    disableDefaultAllow?: boolean;
+    /** Disable default deny list */
+    disableDefaultDeny?: boolean;
+    /** Enable debug logging for permission checks */
+    debug?: boolean;
+  };
   /** Search directory path */
   path?: string;
   /** Force specific AI provider */

package/build/agent/ProbeAgent.js

@@ -2372,31 +2372,41 @@ When troubleshooting:
 
         // Parse tool call from response with valid tools list
         // Build validTools based on allowedTools configuration (same pattern as getSystemMessage)
+        // When _disableTools is set, only allow attempt_completion for JSON correction flows
         const validTools = [];
-        if (this.allowedTools.isEnabled('search')) validTools.push('search');
-        if (this.allowedTools.isEnabled('query')) validTools.push('query');
-        if (this.allowedTools.isEnabled('extract')) validTools.push('extract');
-        if (this.allowedTools.isEnabled('listFiles')) validTools.push('listFiles');
-        if (this.allowedTools.isEnabled('searchFiles')) validTools.push('searchFiles');
-        if (this.allowedTools.isEnabled('readImage')) validTools.push('readImage');
-        if (this.allowedTools.isEnabled('attempt_completion')) validTools.push('attempt_completion');
-
-        // Edit tools (require both allowEdit flag AND allowedTools permission)
-        if (this.allowEdit && this.allowedTools.isEnabled('implement')) {
-          validTools.push('implement', 'edit', 'create');
-        }
-        // Bash tool (require both enableBash flag AND allowedTools permission)
-        if (this.enableBash && this.allowedTools.isEnabled('bash')) {
-          validTools.push('bash');
-        }
-        // Delegate tool (require both enableDelegate flag AND allowedTools permission)
-        if (this.enableDelegate && this.allowedTools.isEnabled('delegate')) {
-          validTools.push('delegate');
+        if (options._disableTools) {
+          // Only allow attempt_completion for JSON correction - no search/query/edit tools
+          validTools.push('attempt_completion');
+          if (this.debug) {
+            console.log(`[DEBUG] Tools disabled for this call - only attempt_completion allowed`);
+          }
+        } else {
+          if (this.allowedTools.isEnabled('search')) validTools.push('search');
+          if (this.allowedTools.isEnabled('query')) validTools.push('query');
+          if (this.allowedTools.isEnabled('extract')) validTools.push('extract');
+          if (this.allowedTools.isEnabled('listFiles')) validTools.push('listFiles');
+          if (this.allowedTools.isEnabled('searchFiles')) validTools.push('searchFiles');
+          if (this.allowedTools.isEnabled('readImage')) validTools.push('readImage');
+          if (this.allowedTools.isEnabled('attempt_completion')) validTools.push('attempt_completion');
+
+          // Edit tools (require both allowEdit flag AND allowedTools permission)
+          if (this.allowEdit && this.allowedTools.isEnabled('implement')) {
+            validTools.push('implement', 'edit', 'create');
+          }
+          // Bash tool (require both enableBash flag AND allowedTools permission)
+          if (this.enableBash && this.allowedTools.isEnabled('bash')) {
+            validTools.push('bash');
+          }
+          // Delegate tool (require both enableDelegate flag AND allowedTools permission)
+          if (this.enableDelegate && this.allowedTools.isEnabled('delegate')) {
+            validTools.push('delegate');
+          }
         }
-        
+
         // Try parsing with hybrid parser that supports both native and MCP tools
+        // When _disableTools is set, skip MCP tools entirely
         const nativeTools = validTools;
-        const parsedTool = this.mcpBridge
+        const parsedTool = (this.mcpBridge && !options._disableTools)
           ? parseHybridXmlToolCall(assistantResponseContent, nativeTools, this.mcpBridge)
           : parseXmlToolCallWithThinking(assistantResponseContent, validTools);
         if (parsedTool) {
@@ -3164,7 +3174,8 @@ Convert your previous response content into actual JSON data that follows this s
               finalResult = await this.answer(correctionPrompt, [], {
                 ...options,
                 _schemaFormatted: true,
-                _skipValidation: true  // Skip validation in recursive correction calls to prevent loops
+                _skipValidation: true,  // Skip validation in recursive correction calls to prevent loops
+                _disableTools: true     // Only allow attempt_completion - prevent AI from using search/query tools
               });
               finalResult = cleanSchemaResponse(finalResult);
               

package/build/agent/index.js

@@ -3513,7 +3513,9 @@ async function delegate({
   parentSessionId = null,
   path: path9 = null,
   provider = null,
-  model = null
+  model = null,
+  enableBash = false,
+  bashConfig = null
 }) {
   if (!task || typeof task !== "string") {
     throw new Error("Task parameter is required and must be a string");
@@ -3555,7 +3557,11 @@ async function delegate({
       // Inherit from parent
       provider,
       // Inherit from parent
-      model
+      model,
+      // Inherit from parent
+      enableBash,
+      // Inherit from parent
+      bashConfig
       // Inherit from parent
     });
     if (debug) {
@@ -8455,7 +8461,7 @@ var init_vercel = __esm({
       });
     };
     delegateTool = (options = {}) => {
-      const { debug = false, timeout = 300, cwd, allowedFolders } = options;
+      const { debug = false, timeout = 300, cwd, allowedFolders, enableBash = false, bashConfig } = options;
       return tool({
         name: "delegate",
         description: delegateDescription,
@@ -8505,7 +8511,9 @@ var init_vercel = __esm({
             path: effectivePath,
             provider,
             model,
-            tracer
+            tracer,
+            enableBash,
+            bashConfig
           });
           return result;
         }
@@ -55098,18 +55106,18 @@ function createJsonCorrectionPrompt(invalidResponse, schema, errorOrValidation,
   const strengthLevels = [
     {
       prefix: "CRITICAL JSON ERROR:",
-      instruction: "You MUST fix this and return ONLY valid JSON.",
-      emphasis: "Return ONLY the corrected JSON, with no additional text or markdown formatting."
+      instruction: "You MUST fix this and respond using attempt_completion with ONLY valid JSON as the result.",
+      emphasis: "Use attempt_completion with ONLY the corrected JSON in the result field. No explanatory text, no markdown, no code blocks."
     },
     {
       prefix: "URGENT - JSON PARSING FAILED:",
-      instruction: "This is your second chance. Return ONLY valid JSON that can be parsed by JSON.parse().",
-      emphasis: "ABSOLUTELY NO explanatory text, greetings, or formatting. ONLY JSON."
+      instruction: "This is your second chance. Use attempt_completion with valid JSON that can be parsed by JSON.parse().",
+      emphasis: "ABSOLUTELY NO explanatory text or formatting. Use attempt_completion with ONLY raw JSON in the result."
     },
     {
       prefix: "FINAL ATTEMPT - CRITICAL JSON ERROR:",
-      instruction: "This is the final retry. You MUST return ONLY raw JSON without any other content.",
-      emphasis: 'EXAMPLE: {"key": "value"} NOT: ```json{"key": "value"}``` NOT: Here is the JSON: {"key": "value"}'
+      instruction: "This is the final retry. You MUST use attempt_completion with ONLY raw JSON in the result field.",
+      emphasis: 'CORRECT: <attempt_completion><result>{"key": "value"}</result></attempt_completion>\nWRONG: Here is the JSON: {"key": "value"}\nWRONG: ```json{"key": "value"}```'
     }
   ];
   const level = Math.min(retryCount, strengthLevels.length - 1);
@@ -61123,24 +61131,31 @@ You are working with a repository located at: ${searchDirectory}
               console.log(`[DEBUG] Assistant response (${assistantResponseContent.length} chars): ${assistantPreview}`);
             }
             const validTools = [];
-            if (this.allowedTools.isEnabled("search")) validTools.push("search");
-            if (this.allowedTools.isEnabled("query")) validTools.push("query");
-            if (this.allowedTools.isEnabled("extract")) validTools.push("extract");
-            if (this.allowedTools.isEnabled("listFiles")) validTools.push("listFiles");
-            if (this.allowedTools.isEnabled("searchFiles")) validTools.push("searchFiles");
-            if (this.allowedTools.isEnabled("readImage")) validTools.push("readImage");
-            if (this.allowedTools.isEnabled("attempt_completion")) validTools.push("attempt_completion");
-            if (this.allowEdit && this.allowedTools.isEnabled("implement")) {
-              validTools.push("implement", "edit", "create");
-            }
-            if (this.enableBash && this.allowedTools.isEnabled("bash")) {
-              validTools.push("bash");
-            }
-            if (this.enableDelegate && this.allowedTools.isEnabled("delegate")) {
-              validTools.push("delegate");
+            if (options._disableTools) {
+              validTools.push("attempt_completion");
+              if (this.debug) {
+                console.log(`[DEBUG] Tools disabled for this call - only attempt_completion allowed`);
+              }
+            } else {
+              if (this.allowedTools.isEnabled("search")) validTools.push("search");
+              if (this.allowedTools.isEnabled("query")) validTools.push("query");
+              if (this.allowedTools.isEnabled("extract")) validTools.push("extract");
+              if (this.allowedTools.isEnabled("listFiles")) validTools.push("listFiles");
+              if (this.allowedTools.isEnabled("searchFiles")) validTools.push("searchFiles");
+              if (this.allowedTools.isEnabled("readImage")) validTools.push("readImage");
+              if (this.allowedTools.isEnabled("attempt_completion")) validTools.push("attempt_completion");
+              if (this.allowEdit && this.allowedTools.isEnabled("implement")) {
+                validTools.push("implement", "edit", "create");
+              }
+              if (this.enableBash && this.allowedTools.isEnabled("bash")) {
+                validTools.push("bash");
+              }
+              if (this.enableDelegate && this.allowedTools.isEnabled("delegate")) {
+                validTools.push("delegate");
+              }
             }
             const nativeTools = validTools;
-            const parsedTool = this.mcpBridge ? parseHybridXmlToolCall(assistantResponseContent, nativeTools, this.mcpBridge) : parseXmlToolCallWithThinking(assistantResponseContent, validTools);
+            const parsedTool = this.mcpBridge && !options._disableTools ? parseHybridXmlToolCall(assistantResponseContent, nativeTools, this.mcpBridge) : parseXmlToolCallWithThinking(assistantResponseContent, validTools);
             if (parsedTool) {
               const { toolName, params } = parsedTool;
               if (this.debug) console.log(`[DEBUG] Parsed tool call: ${toolName} with params:`, params);
@@ -61752,8 +61767,10 @@ Convert your previous response content into actual JSON data that follows this s
                   finalResult = await this.answer(correctionPrompt, [], {
                     ...options,
                     _schemaFormatted: true,
-                    _skipValidation: true
+                    _skipValidation: true,
                     // Skip validation in recursive correction calls to prevent loops
+                    _disableTools: true
+                    // Only allow attempt_completion - prevent AI from using search/query tools
                   });
                   finalResult = cleanSchemaResponse(finalResult);
                   validation = validateJsonResponse(finalResult, { debug: this.debug });
@@ -63232,7 +63249,7 @@ Please reformat your previous response to match this schema exactly. Only return
               if (!validation.isValid) {
                 const correctionPrompt = createJsonCorrectionPrompt(result, schema, validation.error);
                 try {
-                  result = await agent.answer(correctionPrompt, [], { schema, _schemaFormatted: true });
+                  result = await agent.answer(correctionPrompt, [], { schema, _schemaFormatted: true, _disableTools: true });
                   result = cleanSchemaResponse(result);
                   const finalValidation = validateJsonResponse(result);
                   if (!finalValidation.isValid && args.debug) {
@@ -63518,11 +63535,11 @@ Please reformat your previous response to match this schema exactly. Only return
               if (appTracer) {
                 result = await appTracer.withSpan(
                   "agent.json_correction",
-                  () => agent.answer(correctionPrompt, [], { schema, _schemaFormatted: true }),
+                  () => agent.answer(correctionPrompt, [], { schema, _schemaFormatted: true, _disableTools: true }),
                   { "original_error": validation.error }
                 );
               } else {
-                result = await agent.answer(correctionPrompt, [], { schema, _schemaFormatted: true });
+                result = await agent.answer(correctionPrompt, [], { schema, _schemaFormatted: true, _disableTools: true });
               }
               result = cleanSchemaResponse(result);
               const finalValidation = validateJsonResponse(result);

package/build/agent/schemaUtils.js

@@ -787,21 +787,22 @@ export function createJsonCorrectionPrompt(invalidResponse, schema, errorOrValid
   }
 
   // Create increasingly stronger prompts based on retry attempt
+  // These prompts explicitly instruct the AI to use attempt_completion with the JSON result
   const strengthLevels = [
     {
       prefix: "CRITICAL JSON ERROR:",
-      instruction: "You MUST fix this and return ONLY valid JSON.",
-      emphasis: "Return ONLY the corrected JSON, with no additional text or markdown formatting."
+      instruction: "You MUST fix this and respond using attempt_completion with ONLY valid JSON as the result.",
+      emphasis: "Use attempt_completion with ONLY the corrected JSON in the result field. No explanatory text, no markdown, no code blocks."
     },
     {
       prefix: "URGENT - JSON PARSING FAILED:",
-      instruction: "This is your second chance. Return ONLY valid JSON that can be parsed by JSON.parse().",
-      emphasis: "ABSOLUTELY NO explanatory text, greetings, or formatting. ONLY JSON."
+      instruction: "This is your second chance. Use attempt_completion with valid JSON that can be parsed by JSON.parse().",
+      emphasis: "ABSOLUTELY NO explanatory text or formatting. Use attempt_completion with ONLY raw JSON in the result."
     },
     {
       prefix: "FINAL ATTEMPT - CRITICAL JSON ERROR:",
-      instruction: "This is the final retry. You MUST return ONLY raw JSON without any other content.",
-      emphasis: "EXAMPLE: {\"key\": \"value\"} NOT: ```json{\"key\": \"value\"}``` NOT: Here is the JSON: {\"key\": \"value\"}"
+      instruction: "This is the final retry. You MUST use attempt_completion with ONLY raw JSON in the result field.",
+      emphasis: "CORRECT: <attempt_completion><result>{\"key\": \"value\"}</result></attempt_completion>\nWRONG: Here is the JSON: {\"key\": \"value\"}\nWRONG: ```json{\"key\": \"value\"}```"
     }
   ];
 

package/build/delegate.js

@@ -176,6 +176,8 @@ const delegationManager = new DelegationManager();
  * @param {string} [options.provider] - AI provider (inherited from parent)
  * @param {string} [options.model] - AI model (inherited from parent)
  * @param {Object} [options.tracer=null] - Telemetry tracer instance
+ * @param {boolean} [options.enableBash=false] - Enable bash tool (inherited from parent)
+ * @param {Object} [options.bashConfig] - Bash configuration (inherited from parent)
  * @returns {Promise<string>} The response from the delegate agent
  */
 export async function delegate({
@@ -188,7 +190,9 @@ export async function delegate({
 	parentSessionId = null,
 	path = null,
 	provider = null,
-	model = null
+	model = null,
+	enableBash = false,
+	bashConfig = null
 }) {
 	if (!task || typeof task !== 'string') {
 		throw new Error('Task parameter is required and must be a string');
@@ -234,9 +238,11 @@ export async function delegate({
 			maxIterations: remainingIterations,
 			debug,
 			tracer,
-			path,      // Inherit from parent
-			provider,  // Inherit from parent
-			model      // Inherit from parent
+			path,       // Inherit from parent
+			provider,   // Inherit from parent
+			model,      // Inherit from parent
+			enableBash, // Inherit from parent
+			bashConfig  // Inherit from parent
 		});
 
 		if (debug) {

package/build/tools/vercel.js

@@ -239,10 +239,12 @@ export const extractTool = (options = {}) => {
  * @param {number} [options.timeout=300] - Default timeout in seconds
  * @param {string} [options.cwd] - Working directory to use if not specified in call
  * @param {string[]} [options.allowedFolders] - Allowed folders for workspace isolation
+ * @param {boolean} [options.enableBash=false] - Enable bash tool for sub-agents
+ * @param {Object} [options.bashConfig] - Bash configuration (allow/deny patterns)
  * @returns {Object} Configured delegate tool
  */
 export const delegateTool = (options = {}) => {
-	const { debug = false, timeout = 300, cwd, allowedFolders } = options;
+	const { debug = false, timeout = 300, cwd, allowedFolders, enableBash = false, bashConfig } = options;
 
 	return tool({
 		name: 'delegate',
@@ -309,7 +311,9 @@ export const delegateTool = (options = {}) => {
 				path: effectivePath,
 				provider,
 				model,
-				tracer
+				tracer,
+				enableBash,
+				bashConfig
 			});
 
 			return result;

package/cjs/agent/ProbeAgent.cjs

@@ -30422,7 +30422,9 @@ async function delegate({
   parentSessionId = null,
   path: path9 = null,
   provider = null,
-  model = null
+  model = null,
+  enableBash = false,
+  bashConfig = null
 }) {
   if (!task || typeof task !== "string") {
     throw new Error("Task parameter is required and must be a string");
@@ -30464,7 +30466,11 @@ async function delegate({
       // Inherit from parent
       provider,
       // Inherit from parent
-      model
+      model,
+      // Inherit from parent
+      enableBash,
+      // Inherit from parent
+      bashConfig
       // Inherit from parent
     });
     if (debug) {
@@ -35365,7 +35371,7 @@ var init_vercel = __esm({
       });
     };
     delegateTool = (options = {}) => {
-      const { debug = false, timeout = 300, cwd, allowedFolders } = options;
+      const { debug = false, timeout = 300, cwd, allowedFolders, enableBash = false, bashConfig } = options;
       return (0, import_ai.tool)({
         name: "delegate",
         description: delegateDescription,
@@ -35415,7 +35421,9 @@ var init_vercel = __esm({
             path: effectivePath,
             provider,
             model,
-            tracer
+            tracer,
+            enableBash,
+            bashConfig
           });
           return result;
         }
@@ -81784,18 +81792,18 @@ function createJsonCorrectionPrompt(invalidResponse, schema, errorOrValidation,
   const strengthLevels = [
     {
       prefix: "CRITICAL JSON ERROR:",
-      instruction: "You MUST fix this and return ONLY valid JSON.",
-      emphasis: "Return ONLY the corrected JSON, with no additional text or markdown formatting."
+      instruction: "You MUST fix this and respond using attempt_completion with ONLY valid JSON as the result.",
+      emphasis: "Use attempt_completion with ONLY the corrected JSON in the result field. No explanatory text, no markdown, no code blocks."
     },
     {
       prefix: "URGENT - JSON PARSING FAILED:",
-      instruction: "This is your second chance. Return ONLY valid JSON that can be parsed by JSON.parse().",
-      emphasis: "ABSOLUTELY NO explanatory text, greetings, or formatting. ONLY JSON."
+      instruction: "This is your second chance. Use attempt_completion with valid JSON that can be parsed by JSON.parse().",
+      emphasis: "ABSOLUTELY NO explanatory text or formatting. Use attempt_completion with ONLY raw JSON in the result."
     },
     {
       prefix: "FINAL ATTEMPT - CRITICAL JSON ERROR:",
-      instruction: "This is the final retry. You MUST return ONLY raw JSON without any other content.",
-      emphasis: 'EXAMPLE: {"key": "value"} NOT: ```json{"key": "value"}``` NOT: Here is the JSON: {"key": "value"}'
+      instruction: "This is the final retry. You MUST use attempt_completion with ONLY raw JSON in the result field.",
+      emphasis: 'CORRECT: <attempt_completion><result>{"key": "value"}</result></attempt_completion>\nWRONG: Here is the JSON: {"key": "value"}\nWRONG: ```json{"key": "value"}```'
     }
   ];
   const level = Math.min(retryCount, strengthLevels.length - 1);
@@ -87808,24 +87816,31 @@ You are working with a repository located at: ${searchDirectory}
               console.log(`[DEBUG] Assistant response (${assistantResponseContent.length} chars): ${assistantPreview}`);
             }
             const validTools = [];
-            if (this.allowedTools.isEnabled("search")) validTools.push("search");
-            if (this.allowedTools.isEnabled("query")) validTools.push("query");
-            if (this.allowedTools.isEnabled("extract")) validTools.push("extract");
-            if (this.allowedTools.isEnabled("listFiles")) validTools.push("listFiles");
-            if (this.allowedTools.isEnabled("searchFiles")) validTools.push("searchFiles");
-            if (this.allowedTools.isEnabled("readImage")) validTools.push("readImage");
-            if (this.allowedTools.isEnabled("attempt_completion")) validTools.push("attempt_completion");
-            if (this.allowEdit && this.allowedTools.isEnabled("implement")) {
-              validTools.push("implement", "edit", "create");
-            }
-            if (this.enableBash && this.allowedTools.isEnabled("bash")) {
-              validTools.push("bash");
-            }
-            if (this.enableDelegate && this.allowedTools.isEnabled("delegate")) {
-              validTools.push("delegate");
+            if (options._disableTools) {
+              validTools.push("attempt_completion");
+              if (this.debug) {
+                console.log(`[DEBUG] Tools disabled for this call - only attempt_completion allowed`);
+              }
+            } else {
+              if (this.allowedTools.isEnabled("search")) validTools.push("search");
+              if (this.allowedTools.isEnabled("query")) validTools.push("query");
+              if (this.allowedTools.isEnabled("extract")) validTools.push("extract");
+              if (this.allowedTools.isEnabled("listFiles")) validTools.push("listFiles");
+              if (this.allowedTools.isEnabled("searchFiles")) validTools.push("searchFiles");
+              if (this.allowedTools.isEnabled("readImage")) validTools.push("readImage");
+              if (this.allowedTools.isEnabled("attempt_completion")) validTools.push("attempt_completion");
+              if (this.allowEdit && this.allowedTools.isEnabled("implement")) {
+                validTools.push("implement", "edit", "create");
+              }
+              if (this.enableBash && this.allowedTools.isEnabled("bash")) {
+                validTools.push("bash");
+              }
+              if (this.enableDelegate && this.allowedTools.isEnabled("delegate")) {
+                validTools.push("delegate");
+              }
             }
             const nativeTools = validTools;
-            const parsedTool = this.mcpBridge ? parseHybridXmlToolCall(assistantResponseContent, nativeTools, this.mcpBridge) : parseXmlToolCallWithThinking(assistantResponseContent, validTools);
+            const parsedTool = this.mcpBridge && !options._disableTools ? parseHybridXmlToolCall(assistantResponseContent, nativeTools, this.mcpBridge) : parseXmlToolCallWithThinking(assistantResponseContent, validTools);
             if (parsedTool) {
               const { toolName, params } = parsedTool;
               if (this.debug) console.log(`[DEBUG] Parsed tool call: ${toolName} with params:`, params);
@@ -88437,8 +88452,10 @@ Convert your previous response content into actual JSON data that follows this s
                   finalResult = await this.answer(correctionPrompt, [], {
                     ...options,
                     _schemaFormatted: true,
-                    _skipValidation: true
+                    _skipValidation: true,
                     // Skip validation in recursive correction calls to prevent loops
+                    _disableTools: true
+                    // Only allow attempt_completion - prevent AI from using search/query tools
                   });
                   finalResult = cleanSchemaResponse(finalResult);
                   validation = validateJsonResponse(finalResult, { debug: this.debug });

package/cjs/index.cjs

@@ -79414,18 +79414,18 @@ function createJsonCorrectionPrompt(invalidResponse, schema, errorOrValidation,
   const strengthLevels = [
     {
       prefix: "CRITICAL JSON ERROR:",
-      instruction: "You MUST fix this and return ONLY valid JSON.",
-      emphasis: "Return ONLY the corrected JSON, with no additional text or markdown formatting."
+      instruction: "You MUST fix this and respond using attempt_completion with ONLY valid JSON as the result.",
+      emphasis: "Use attempt_completion with ONLY the corrected JSON in the result field. No explanatory text, no markdown, no code blocks."
     },
     {
       prefix: "URGENT - JSON PARSING FAILED:",
-      instruction: "This is your second chance. Return ONLY valid JSON that can be parsed by JSON.parse().",
-      emphasis: "ABSOLUTELY NO explanatory text, greetings, or formatting. ONLY JSON."
+      instruction: "This is your second chance. Use attempt_completion with valid JSON that can be parsed by JSON.parse().",
+      emphasis: "ABSOLUTELY NO explanatory text or formatting. Use attempt_completion with ONLY raw JSON in the result."
     },
     {
       prefix: "FINAL ATTEMPT - CRITICAL JSON ERROR:",
-      instruction: "This is the final retry. You MUST return ONLY raw JSON without any other content.",
-      emphasis: 'EXAMPLE: {"key": "value"} NOT: ```json{"key": "value"}``` NOT: Here is the JSON: {"key": "value"}'
+      instruction: "This is the final retry. You MUST use attempt_completion with ONLY raw JSON in the result field.",
+      emphasis: 'CORRECT: <attempt_completion><result>{"key": "value"}</result></attempt_completion>\nWRONG: Here is the JSON: {"key": "value"}\nWRONG: ```json{"key": "value"}```'
     }
   ];
   const level = Math.min(retryCount, strengthLevels.length - 1);
@@ -85438,24 +85438,31 @@ You are working with a repository located at: ${searchDirectory}
               console.log(`[DEBUG] Assistant response (${assistantResponseContent.length} chars): ${assistantPreview}`);
             }
             const validTools = [];
-            if (this.allowedTools.isEnabled("search")) validTools.push("search");
-            if (this.allowedTools.isEnabled("query")) validTools.push("query");
-            if (this.allowedTools.isEnabled("extract")) validTools.push("extract");
-            if (this.allowedTools.isEnabled("listFiles")) validTools.push("listFiles");
-            if (this.allowedTools.isEnabled("searchFiles")) validTools.push("searchFiles");
-            if (this.allowedTools.isEnabled("readImage")) validTools.push("readImage");
-            if (this.allowedTools.isEnabled("attempt_completion")) validTools.push("attempt_completion");
-            if (this.allowEdit && this.allowedTools.isEnabled("implement")) {
-              validTools.push("implement", "edit", "create");
-            }
-            if (this.enableBash && this.allowedTools.isEnabled("bash")) {
-              validTools.push("bash");
-            }
-            if (this.enableDelegate && this.allowedTools.isEnabled("delegate")) {
-              validTools.push("delegate");
+            if (options._disableTools) {
+              validTools.push("attempt_completion");
+              if (this.debug) {
+                console.log(`[DEBUG] Tools disabled for this call - only attempt_completion allowed`);
+              }
+            } else {
+              if (this.allowedTools.isEnabled("search")) validTools.push("search");
+              if (this.allowedTools.isEnabled("query")) validTools.push("query");
+              if (this.allowedTools.isEnabled("extract")) validTools.push("extract");
+              if (this.allowedTools.isEnabled("listFiles")) validTools.push("listFiles");
+              if (this.allowedTools.isEnabled("searchFiles")) validTools.push("searchFiles");
+              if (this.allowedTools.isEnabled("readImage")) validTools.push("readImage");
+              if (this.allowedTools.isEnabled("attempt_completion")) validTools.push("attempt_completion");
+              if (this.allowEdit && this.allowedTools.isEnabled("implement")) {
+                validTools.push("implement", "edit", "create");
+              }
+              if (this.enableBash && this.allowedTools.isEnabled("bash")) {
+                validTools.push("bash");
+              }
+              if (this.enableDelegate && this.allowedTools.isEnabled("delegate")) {
+                validTools.push("delegate");
+              }
             }
             const nativeTools = validTools;
-            const parsedTool = this.mcpBridge ? parseHybridXmlToolCall(assistantResponseContent, nativeTools, this.mcpBridge) : parseXmlToolCallWithThinking(assistantResponseContent, validTools);
+            const parsedTool = this.mcpBridge && !options._disableTools ? parseHybridXmlToolCall(assistantResponseContent, nativeTools, this.mcpBridge) : parseXmlToolCallWithThinking(assistantResponseContent, validTools);
             if (parsedTool) {
               const { toolName, params } = parsedTool;
               if (this.debug) console.log(`[DEBUG] Parsed tool call: ${toolName} with params:`, params);
@@ -86067,8 +86074,10 @@ Convert your previous response content into actual JSON data that follows this s
                   finalResult = await this.answer(correctionPrompt, [], {
                     ...options,
                     _schemaFormatted: true,
-                    _skipValidation: true
+                    _skipValidation: true,
                     // Skip validation in recursive correction calls to prevent loops
+                    _disableTools: true
+                    // Only allow attempt_completion - prevent AI from using search/query tools
                   });
                   finalResult = cleanSchemaResponse(finalResult);
                   validation = validateJsonResponse(finalResult, { debug: this.debug });
@@ -86448,7 +86457,9 @@ async function delegate({
   parentSessionId = null,
   path: path9 = null,
   provider = null,
-  model = null
+  model = null,
+  enableBash = false,
+  bashConfig = null
 }) {
   if (!task || typeof task !== "string") {
     throw new Error("Task parameter is required and must be a string");
@@ -86490,7 +86501,11 @@ async function delegate({
       // Inherit from parent
       provider,
       // Inherit from parent
-      model
+      model,
+      // Inherit from parent
+      enableBash,
+      // Inherit from parent
+      bashConfig
       // Inherit from parent
     });
     if (debug) {
@@ -86860,7 +86875,7 @@ var init_vercel = __esm({
       });
     };
     delegateTool = (options = {}) => {
-      const { debug = false, timeout = 300, cwd, allowedFolders } = options;
+      const { debug = false, timeout = 300, cwd, allowedFolders, enableBash = false, bashConfig } = options;
       return (0, import_ai3.tool)({
         name: "delegate",
         description: delegateDescription,
@@ -86910,7 +86925,9 @@ var init_vercel = __esm({
             path: effectivePath,
             provider,
             model,
-            tracer
+            tracer,
+            enableBash,
+            bashConfig
           });
           return result;
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@probelabs/probe",
-  "version": "0.6.0-rc186",
+  "version": "0.6.0-rc187",
   "description": "Node.js wrapper for the probe code search tool",
   "main": "src/index.js",
   "module": "src/index.js",

package/src/agent/ProbeAgent.d.ts

@@ -19,6 +19,21 @@ export interface ProbeAgentOptions {
   allowEdit?: boolean;
   /** Enable the delegate tool for task distribution to subagents */
   enableDelegate?: boolean;
+  /** Enable bash tool for command execution */
+  enableBash?: boolean;
+  /** Bash tool configuration (allow/deny patterns) */
+  bashConfig?: {
+    /** Additional allowed command patterns */
+    allow?: string[];
+    /** Additional denied command patterns */
+    deny?: string[];
+    /** Disable default allow list */
+    disableDefaultAllow?: boolean;
+    /** Disable default deny list */
+    disableDefaultDeny?: boolean;
+    /** Enable debug logging for permission checks */
+    debug?: boolean;
+  };
   /** Search directory path */
   path?: string;
   /** Force specific AI provider */

package/src/agent/ProbeAgent.js

@@ -2372,31 +2372,41 @@ When troubleshooting:
 
         // Parse tool call from response with valid tools list
         // Build validTools based on allowedTools configuration (same pattern as getSystemMessage)
+        // When _disableTools is set, only allow attempt_completion for JSON correction flows
         const validTools = [];
-        if (this.allowedTools.isEnabled('search')) validTools.push('search');
-        if (this.allowedTools.isEnabled('query')) validTools.push('query');
-        if (this.allowedTools.isEnabled('extract')) validTools.push('extract');
-        if (this.allowedTools.isEnabled('listFiles')) validTools.push('listFiles');
-        if (this.allowedTools.isEnabled('searchFiles')) validTools.push('searchFiles');
-        if (this.allowedTools.isEnabled('readImage')) validTools.push('readImage');
-        if (this.allowedTools.isEnabled('attempt_completion')) validTools.push('attempt_completion');
-
-        // Edit tools (require both allowEdit flag AND allowedTools permission)
-        if (this.allowEdit && this.allowedTools.isEnabled('implement')) {
-          validTools.push('implement', 'edit', 'create');
-        }
-        // Bash tool (require both enableBash flag AND allowedTools permission)
-        if (this.enableBash && this.allowedTools.isEnabled('bash')) {
-          validTools.push('bash');
-        }
-        // Delegate tool (require both enableDelegate flag AND allowedTools permission)
-        if (this.enableDelegate && this.allowedTools.isEnabled('delegate')) {
-          validTools.push('delegate');
+        if (options._disableTools) {
+          // Only allow attempt_completion for JSON correction - no search/query/edit tools
+          validTools.push('attempt_completion');
+          if (this.debug) {
+            console.log(`[DEBUG] Tools disabled for this call - only attempt_completion allowed`);
+          }
+        } else {
+          if (this.allowedTools.isEnabled('search')) validTools.push('search');
+          if (this.allowedTools.isEnabled('query')) validTools.push('query');
+          if (this.allowedTools.isEnabled('extract')) validTools.push('extract');
+          if (this.allowedTools.isEnabled('listFiles')) validTools.push('listFiles');
+          if (this.allowedTools.isEnabled('searchFiles')) validTools.push('searchFiles');
+          if (this.allowedTools.isEnabled('readImage')) validTools.push('readImage');
+          if (this.allowedTools.isEnabled('attempt_completion')) validTools.push('attempt_completion');
+
+          // Edit tools (require both allowEdit flag AND allowedTools permission)
+          if (this.allowEdit && this.allowedTools.isEnabled('implement')) {
+            validTools.push('implement', 'edit', 'create');
+          }
+          // Bash tool (require both enableBash flag AND allowedTools permission)
+          if (this.enableBash && this.allowedTools.isEnabled('bash')) {
+            validTools.push('bash');
+          }
+          // Delegate tool (require both enableDelegate flag AND allowedTools permission)
+          if (this.enableDelegate && this.allowedTools.isEnabled('delegate')) {
+            validTools.push('delegate');
+          }
         }
-        
+
         // Try parsing with hybrid parser that supports both native and MCP tools
+        // When _disableTools is set, skip MCP tools entirely
         const nativeTools = validTools;
-        const parsedTool = this.mcpBridge
+        const parsedTool = (this.mcpBridge && !options._disableTools)
           ? parseHybridXmlToolCall(assistantResponseContent, nativeTools, this.mcpBridge)
           : parseXmlToolCallWithThinking(assistantResponseContent, validTools);
         if (parsedTool) {
@@ -3164,7 +3174,8 @@ Convert your previous response content into actual JSON data that follows this s
               finalResult = await this.answer(correctionPrompt, [], {
                 ...options,
                 _schemaFormatted: true,
-                _skipValidation: true  // Skip validation in recursive correction calls to prevent loops
+                _skipValidation: true,  // Skip validation in recursive correction calls to prevent loops
+                _disableTools: true     // Only allow attempt_completion - prevent AI from using search/query tools
               });
               finalResult = cleanSchemaResponse(finalResult);
               

package/src/agent/index.js

@@ -520,7 +520,7 @@ class ProbeAgentMcpServer {
                 // Retry once with correction prompt
                 const correctionPrompt = createJsonCorrectionPrompt(result, schema, validation.error);
                 try {
-                  result = await agent.answer(correctionPrompt, [], { schema, _schemaFormatted: true });
+                  result = await agent.answer(correctionPrompt, [], { schema, _schemaFormatted: true, _disableTools: true });
                   result = cleanSchemaResponse(result);
                   
                   // Validate again after correction
@@ -863,11 +863,11 @@ async function main() {
             try {
               if (appTracer) {
                 result = await appTracer.withSpan('agent.json_correction',
-                  () => agent.answer(correctionPrompt, [], { schema, _schemaFormatted: true }),
+                  () => agent.answer(correctionPrompt, [], { schema, _schemaFormatted: true, _disableTools: true }),
                   { 'original_error': validation.error }
                 );
               } else {
-                result = await agent.answer(correctionPrompt, [], { schema, _schemaFormatted: true });
+                result = await agent.answer(correctionPrompt, [], { schema, _schemaFormatted: true, _disableTools: true });
               }
               result = cleanSchemaResponse(result);
               

package/src/agent/schemaUtils.js

@@ -787,21 +787,22 @@ export function createJsonCorrectionPrompt(invalidResponse, schema, errorOrValid
   }
 
   // Create increasingly stronger prompts based on retry attempt
+  // These prompts explicitly instruct the AI to use attempt_completion with the JSON result
   const strengthLevels = [
     {
       prefix: "CRITICAL JSON ERROR:",
-      instruction: "You MUST fix this and return ONLY valid JSON.",
-      emphasis: "Return ONLY the corrected JSON, with no additional text or markdown formatting."
+      instruction: "You MUST fix this and respond using attempt_completion with ONLY valid JSON as the result.",
+      emphasis: "Use attempt_completion with ONLY the corrected JSON in the result field. No explanatory text, no markdown, no code blocks."
     },
     {
       prefix: "URGENT - JSON PARSING FAILED:",
-      instruction: "This is your second chance. Return ONLY valid JSON that can be parsed by JSON.parse().",
-      emphasis: "ABSOLUTELY NO explanatory text, greetings, or formatting. ONLY JSON."
+      instruction: "This is your second chance. Use attempt_completion with valid JSON that can be parsed by JSON.parse().",
+      emphasis: "ABSOLUTELY NO explanatory text or formatting. Use attempt_completion with ONLY raw JSON in the result."
     },
     {
       prefix: "FINAL ATTEMPT - CRITICAL JSON ERROR:",
-      instruction: "This is the final retry. You MUST return ONLY raw JSON without any other content.",
-      emphasis: "EXAMPLE: {\"key\": \"value\"} NOT: ```json{\"key\": \"value\"}``` NOT: Here is the JSON: {\"key\": \"value\"}"
+      instruction: "This is the final retry. You MUST use attempt_completion with ONLY raw JSON in the result field.",
+      emphasis: "CORRECT: <attempt_completion><result>{\"key\": \"value\"}</result></attempt_completion>\nWRONG: Here is the JSON: {\"key\": \"value\"}\nWRONG: ```json{\"key\": \"value\"}```"
     }
   ];
 

package/src/delegate.js

@@ -176,6 +176,8 @@ const delegationManager = new DelegationManager();
  * @param {string} [options.provider] - AI provider (inherited from parent)
  * @param {string} [options.model] - AI model (inherited from parent)
  * @param {Object} [options.tracer=null] - Telemetry tracer instance
+ * @param {boolean} [options.enableBash=false] - Enable bash tool (inherited from parent)
+ * @param {Object} [options.bashConfig] - Bash configuration (inherited from parent)
  * @returns {Promise<string>} The response from the delegate agent
  */
 export async function delegate({
@@ -188,7 +190,9 @@ export async function delegate({
 	parentSessionId = null,
 	path = null,
 	provider = null,
-	model = null
+	model = null,
+	enableBash = false,
+	bashConfig = null
 }) {
 	if (!task || typeof task !== 'string') {
 		throw new Error('Task parameter is required and must be a string');
@@ -234,9 +238,11 @@ export async function delegate({
 			maxIterations: remainingIterations,
 			debug,
 			tracer,
-			path,      // Inherit from parent
-			provider,  // Inherit from parent
-			model      // Inherit from parent
+			path,       // Inherit from parent
+			provider,   // Inherit from parent
+			model,      // Inherit from parent
+			enableBash, // Inherit from parent
+			bashConfig  // Inherit from parent
 		});
 
 		if (debug) {

package/src/tools/vercel.js

@@ -239,10 +239,12 @@ export const extractTool = (options = {}) => {
  * @param {number} [options.timeout=300] - Default timeout in seconds
  * @param {string} [options.cwd] - Working directory to use if not specified in call
  * @param {string[]} [options.allowedFolders] - Allowed folders for workspace isolation
+ * @param {boolean} [options.enableBash=false] - Enable bash tool for sub-agents
+ * @param {Object} [options.bashConfig] - Bash configuration (allow/deny patterns)
  * @returns {Object} Configured delegate tool
  */
 export const delegateTool = (options = {}) => {
-	const { debug = false, timeout = 300, cwd, allowedFolders } = options;
+	const { debug = false, timeout = 300, cwd, allowedFolders, enableBash = false, bashConfig } = options;
 
 	return tool({
 		name: 'delegate',
@@ -309,7 +311,9 @@ export const delegateTool = (options = {}) => {
 				path: effectivePath,
 				provider,
 				model,
-				tracer
+				tracer,
+				enableBash,
+				bashConfig
 			});
 
 			return result;