@probelabs/probe 0.6.0-rc199 → 0.6.0-rc200

package/cjs/agent/ProbeAgent.cjs

@@ -30505,7 +30505,9 @@ async function delegate({
       debug,
       tracer,
       path: path9,
-      // Inherit from parent
+      // Workspace root (from delegateTool)
+      cwd: path9,
+      // Explicitly set cwd to workspace root to prevent path doubling
       provider,
       // Inherit from parent
       model,
@@ -34821,2320 +34823,2367 @@ var init_zod = __esm({
   }
 });
 
-// src/tools/common.js
-function buildToolTagPattern(tools2 = DEFAULT_VALID_TOOLS) {
-  const allTools = [...tools2];
-  if (allTools.includes("attempt_completion") && !allTools.includes("attempt_complete")) {
-    allTools.push("attempt_complete");
-  }
-  const escaped = allTools.map((t4) => t4.replace(/[.*+?^${}()|[\]\\]/g, "\\$&"));
-  return new RegExp(`<(${escaped.join("|")})>`);
-}
-function getValidParamsForTool(toolName) {
-  const schemaMap = {
-    search: searchSchema,
-    query: querySchema,
-    extract: extractSchema,
-    delegate: delegateSchema,
-    bash: bashSchema,
-    attempt_completion: attemptCompletionSchema
-  };
-  const schema = schemaMap[toolName];
-  if (!schema) {
-    return ["path", "directory", "pattern", "recursive", "includeHidden", "task", "files", "autoCommits", "result"];
-  }
-  if (toolName === "attempt_completion") {
-    return ["result"];
-  }
-  if (schema && schema._def && schema._def.shape) {
-    return Object.keys(schema._def.shape());
-  }
-  return [];
-}
-function parseXmlToolCall(xmlString, validTools = DEFAULT_VALID_TOOLS) {
-  for (const toolName of validTools) {
-    const openTag = `<${toolName}>`;
-    const closeTag = `</${toolName}>`;
-    const openIndex = xmlString.indexOf(openTag);
-    if (openIndex === -1) {
-      continue;
-    }
-    let closeIndex;
-    if (toolName === "attempt_completion") {
-      closeIndex = xmlString.lastIndexOf(closeTag);
-      if (closeIndex !== -1 && closeIndex <= openIndex + openTag.length) {
-        closeIndex = -1;
-      }
-    } else {
-      closeIndex = xmlString.indexOf(closeTag, openIndex + openTag.length);
-    }
-    let hasClosingTag = closeIndex !== -1;
-    if (closeIndex === -1) {
-      closeIndex = xmlString.length;
-    }
-    const innerContent = xmlString.substring(
-      openIndex + openTag.length,
-      closeIndex
-    );
-    const params = {};
-    const validParams = getValidParamsForTool(toolName);
-    for (const paramName of validParams) {
-      const paramOpenTag = `<${paramName}>`;
-      const paramCloseTag = `</${paramName}>`;
-      const paramOpenIndex = innerContent.indexOf(paramOpenTag);
-      if (paramOpenIndex === -1) {
-        continue;
-      }
-      let paramCloseIndex = innerContent.indexOf(paramCloseTag, paramOpenIndex + paramOpenTag.length);
-      if (paramCloseIndex === -1) {
-        let nextTagIndex = innerContent.length;
-        for (const nextParam of validParams) {
-          const nextOpenTag = `<${nextParam}>`;
-          const nextIndex = innerContent.indexOf(nextOpenTag, paramOpenIndex + paramOpenTag.length);
-          if (nextIndex !== -1 && nextIndex < nextTagIndex) {
-            nextTagIndex = nextIndex;
-          }
-        }
-        paramCloseIndex = nextTagIndex;
-      }
-      let paramValue = innerContent.substring(
-        paramOpenIndex + paramOpenTag.length,
-        paramCloseIndex
-      ).trim();
-      if (paramValue.toLowerCase() === "true") {
-        paramValue = true;
-      } else if (paramValue.toLowerCase() === "false") {
-        paramValue = false;
-      } else if (!isNaN(paramValue) && paramValue.trim() !== "") {
-        const num = Number(paramValue);
-        if (Number.isFinite(num)) {
-          paramValue = num;
-        }
-      }
-      params[paramName] = paramValue;
-    }
-    if (toolName === "attempt_completion") {
-      params["result"] = innerContent.trim();
-      if (params.command) {
-        delete params.command;
-      }
-    }
-    return { toolName, params };
-  }
-  return null;
-}
-function createMessagePreview(message, charsPerSide = 200) {
-  if (message === null || message === void 0) {
-    return "null/undefined";
-  }
-  if (typeof message !== "string") {
-    return "null/undefined";
-  }
-  const totalChars = charsPerSide * 2;
-  if (message.length <= totalChars) {
-    return message;
-  }
-  const start = message.substring(0, charsPerSide);
-  const end = message.substring(message.length - charsPerSide);
-  return `${start}...${end}`;
-}
-function parseTargets(targets) {
-  if (!targets || typeof targets !== "string") {
-    return [];
+// src/tools/edit.js
+function isPathAllowed(filePath, allowedFolders) {
+  if (!allowedFolders || allowedFolders.length === 0) {
+    const resolvedPath3 = (0, import_path5.resolve)(filePath);
+    const cwd = (0, import_path5.resolve)(process.cwd());
+    return resolvedPath3 === cwd || resolvedPath3.startsWith(cwd + import_path5.sep);
   }
-  return targets.split(/[\s,]+/).filter((f4) => f4.length > 0);
-}
-function parseAndResolvePaths(pathStr, cwd) {
-  if (!pathStr) return [];
-  const paths = pathStr.split(",").map((p4) => p4.trim()).filter((p4) => p4.length > 0);
-  return paths.map((p4) => {
-    if ((0, import_path5.isAbsolute)(p4)) {
-      return p4;
-    }
-    return cwd ? (0, import_path5.resolve)(cwd, p4) : p4;
+  const resolvedPath2 = (0, import_path5.resolve)(filePath);
+  return allowedFolders.some((folder) => {
+    const allowedPath = (0, import_path5.resolve)(folder);
+    return resolvedPath2 === allowedPath || resolvedPath2.startsWith(allowedPath + import_path5.sep);
   });
 }
-function resolveTargetPath(target, cwd) {
-  const searchStart = target.length > 2 && target[1] === ":" && /[a-zA-Z]/.test(target[0]) ? 2 : 0;
-  const colonIdx = target.indexOf(":", searchStart);
-  const hashIdx = target.indexOf("#");
-  let filePart, suffix;
-  if (colonIdx !== -1 && (hashIdx === -1 || colonIdx < hashIdx)) {
-    filePart = target.substring(0, colonIdx);
-    suffix = target.substring(colonIdx);
-  } else if (hashIdx !== -1) {
-    filePart = target.substring(0, hashIdx);
-    suffix = target.substring(hashIdx);
-  } else {
-    filePart = target;
-    suffix = "";
-  }
-  if (!(0, import_path5.isAbsolute)(filePart) && cwd) {
-    filePart = (0, import_path5.resolve)(cwd, filePart);
-  }
-  return filePart + suffix;
+function parseFileToolOptions(options = {}) {
+  return {
+    debug: options.debug || false,
+    allowedFolders: options.allowedFolders || [],
+    cwd: options.cwd
+  };
 }
-var import_path5, searchSchema, querySchema, extractSchema, delegateSchema, bashSchema, attemptCompletionSchema, searchToolDefinition, queryToolDefinition, extractToolDefinition, delegateToolDefinition, attemptCompletionToolDefinition, bashToolDefinition, searchDescription, queryDescription, extractDescription, delegateDescription, DEFAULT_VALID_TOOLS;
-var init_common2 = __esm({
-  "src/tools/common.js"() {
+var import_ai, import_fs4, import_path5, import_fs5, editTool, createTool, editSchema, createSchema, editDescription, createDescription, editToolDefinition, createToolDefinition;
+var init_edit = __esm({
+  "src/tools/edit.js"() {
     "use strict";
-    init_zod();
+    import_ai = require("ai");
+    import_fs4 = require("fs");
     import_path5 = require("path");
-    searchSchema = external_exports.object({
-      query: external_exports.string().describe("Search query with Elasticsearch syntax. Use quotes for exact matches, AND/OR for boolean logic, - for negation."),
-      path: external_exports.string().optional().default(".").describe('Path to search in. For dependencies use "go:github.com/owner/repo", "js:package_name", or "rust:cargo_name" etc.')
-    });
-    querySchema = external_exports.object({
-      pattern: external_exports.string().describe("AST pattern to search for. Use $NAME for variable names, $$$PARAMS for parameter lists, etc."),
-      path: external_exports.string().optional().default(".").describe("Path to search in"),
-      language: external_exports.string().optional().default("rust").describe("Programming language to use for parsing"),
-      allow_tests: external_exports.boolean().optional().default(true).describe("Allow test files in search results")
-    });
-    extractSchema = external_exports.object({
-      targets: external_exports.string().optional().describe('File paths or symbols to extract from. Formats: "file.js" (whole file), "file.js:42" (line 42), "file.js:10-20" (lines 10-20), "file.js#funcName" (symbol). Multiple targets separated by spaces.'),
-      input_content: external_exports.string().optional().describe("Text content to extract file paths from (alternative to targets)"),
-      allow_tests: external_exports.boolean().optional().default(true).describe("Include test files in extraction results")
-    });
-    delegateSchema = external_exports.object({
-      task: external_exports.string().describe("The task to delegate to a subagent. Be specific about what needs to be accomplished.")
-    });
-    bashSchema = external_exports.object({
-      command: external_exports.string().describe("The bash command to execute"),
-      workingDirectory: external_exports.string().optional().describe("Directory to execute the command in (optional)"),
-      timeout: external_exports.number().optional().describe("Command timeout in milliseconds (optional)"),
-      env: external_exports.record(external_exports.string()).optional().describe("Additional environment variables (optional)")
-    });
-    attemptCompletionSchema = {
-      // Custom validation that requires result parameter but allows direct XML response
-      safeParse: (params) => {
-        if (!params || typeof params !== "object") {
-          return {
-            success: false,
-            error: {
-              issues: [{
-                code: "invalid_type",
-                expected: "object",
-                received: typeof params,
-                path: [],
-                message: "Expected object"
-              }]
-            }
-          };
-        }
-        if (!("result" in params)) {
-          return {
-            success: false,
-            error: {
-              issues: [{
-                code: "invalid_type",
-                expected: "string",
-                received: "undefined",
-                path: ["result"],
-                message: "Required"
-              }]
-            }
-          };
-        }
-        if (typeof params.result !== "string") {
-          return {
-            success: false,
-            error: {
-              issues: [{
-                code: "invalid_type",
-                expected: "string",
-                received: typeof params.result,
-                path: ["result"],
-                message: "Expected string"
-              }]
-            }
-          };
-        }
-        const filteredData = { result: params.result };
-        return {
-          success: true,
-          data: filteredData
-        };
-      }
-    };
-    searchToolDefinition = `
-## search
-Description: Search code in the repository using Elasticsearch query syntax (except field based queries, e.g. "filename:..." NOT supported).
-
-You need to focus on main keywords when constructing the query, and always use elastic search syntax like OR AND and brackets to group keywords.
+    import_fs5 = require("fs");
+    editTool = (options = {}) => {
+      const { debug, allowedFolders, cwd } = parseFileToolOptions(options);
+      return (0, import_ai.tool)({
+        name: "edit",
+        description: `Edit files using exact string replacement (Claude Code style).
 
-**Session Management & Caching:**
-- Ensure not to re-read the same symbols twice - reuse context from previous tool calls
-- Probe returns a session ID on first run - reuse it for subsequent calls to avoid redundant searches
-- Once data is returned, it's cached and won't return on next runs (this is expected behavior)
+This tool performs exact string replacements in files. It requires the old_string to match exactly what's in the file, including all whitespace and indentation.
 
 Parameters:
-- query: (required) Search query with Elasticsearch syntax. Use quotes for exact matches ("functionName"), AND/OR for boolean logic, - for negation, + for important terms.
-- path: (optional, default: '.') Path to search in. All dependencies located in /dep folder, under language sub folders, like this: "/dep/go/github.com/owner/repo", "/dep/js/package_name", or "/dep/rust/cargo_name" etc.
-
-**Workflow:** Always start with search, then use extract for detailed context when needed.
-
-Usage Example:
-
-<examples>
-
-User: Where is the login logic?
-Assistant workflow:
-1. <search>
-<query>login AND auth AND token</query>
-<path>.</path>
-</search>
-2. Now lets look closer: <extract>
-<targets>session.rs#AuthService.login auth.rs:2-100</targets>
-</extract>
-
-User: How to calculate the total amount in the payments module?
-<search>
-<query>calculate AND payment</query>
-<path>src/utils</path>
-</search>
-
-User: How do the user authentication and authorization work?
-<search>
-<query>+user AND (authentication OR authorization OR authz)</query>
-<path>.</path>
-</search>
+- file_path: Path to the file to edit (absolute or relative)
+- old_string: Exact text to find and replace (must be unique in the file unless replace_all is true)
+- new_string: Text to replace with
+- replace_all: (optional) Replace all occurrences instead of requiring uniqueness
 
-User: Find all react imports in the project.
-<search>
-<query>"import" AND "react"</query>
-<path>.</path>
-</search>
+Important:
+- The old_string must match EXACTLY including whitespace
+- If old_string appears multiple times and replace_all is false, the edit will fail
+- Use larger context around the string to ensure uniqueness when needed`,
+        inputSchema: {
+          type: "object",
+          properties: {
+            file_path: {
+              type: "string",
+              description: "Path to the file to edit"
+            },
+            old_string: {
+              type: "string",
+              description: "Exact text to find and replace"
+            },
+            new_string: {
+              type: "string",
+              description: "Text to replace with"
+            },
+            replace_all: {
+              type: "boolean",
+              description: "Replace all occurrences (default: false)",
+              default: false
+            }
+          },
+          required: ["file_path", "old_string", "new_string"]
+        },
+        execute: async ({ file_path, old_string, new_string, replace_all = false }) => {
+          try {
+            if (!file_path || typeof file_path !== "string" || file_path.trim() === "") {
+              return `Error editing file: Invalid file_path - must be a non-empty string`;
+            }
+            if (old_string === void 0 || old_string === null || typeof old_string !== "string") {
+              return `Error editing file: Invalid old_string - must be a string`;
+            }
+            if (new_string === void 0 || new_string === null || typeof new_string !== "string") {
+              return `Error editing file: Invalid new_string - must be a string`;
+            }
+            const resolvedPath2 = (0, import_path5.isAbsolute)(file_path) ? file_path : (0, import_path5.resolve)(cwd || process.cwd(), file_path);
+            if (debug) {
+              console.error(`[Edit] Attempting to edit file: ${resolvedPath2}`);
+            }
+            if (!isPathAllowed(resolvedPath2, allowedFolders)) {
+              return `Error editing file: Permission denied - ${file_path} is outside allowed directories`;
+            }
+            if (!(0, import_fs5.existsSync)(resolvedPath2)) {
+              return `Error editing file: File not found - ${file_path}`;
+            }
+            const content = await import_fs4.promises.readFile(resolvedPath2, "utf-8");
+            if (!content.includes(old_string)) {
+              return `Error editing file: String not found - the specified old_string was not found in ${file_path}`;
+            }
+            const occurrences = content.split(old_string).length - 1;
+            if (!replace_all && occurrences > 1) {
+              return `Error editing file: Multiple occurrences found - the old_string appears ${occurrences} times. Use replace_all: true to replace all occurrences, or provide more context to make the string unique.`;
+            }
+            let newContent;
+            if (replace_all) {
+              newContent = content.replaceAll(old_string, new_string);
+            } else {
+              newContent = content.replace(old_string, new_string);
+            }
+            if (newContent === content) {
+              return `Error editing file: No changes made - old_string and new_string might be the same`;
+            }
+            await import_fs4.promises.writeFile(resolvedPath2, newContent, "utf-8");
+            const replacedCount = replace_all ? occurrences : 1;
+            if (debug) {
+              console.error(`[Edit] Successfully edited ${resolvedPath2}, replaced ${replacedCount} occurrence(s)`);
+            }
+            return `Successfully edited ${file_path} (${replacedCount} replacement${replacedCount !== 1 ? "s" : ""})`;
+          } catch (error2) {
+            console.error("[Edit] Error:", error2);
+            return `Error editing file: ${error2.message}`;
+          }
+        }
+      });
+    };
+    createTool = (options = {}) => {
+      const { debug, allowedFolders, cwd } = parseFileToolOptions(options);
+      return (0, import_ai.tool)({
+        name: "create",
+        description: `Create new files with specified content.
 
-User: Find how decompound library works?
-<search>
-<query>decompound</query>
-<path>/dep/rust/decompound</path>
-</search>
+This tool creates new files in the filesystem. It will create parent directories if they don't exist.
 
-</examples>
-`;
-    queryToolDefinition = `
-## query
-Description: Search code using ast-grep structural pattern matching. Use this tool to find specific code structures like functions, classes, or methods.
 Parameters:
-- pattern: (required) AST pattern to search for. Use $NAME for variable names, $$$PARAMS for parameter lists, etc.
-- path: (optional, default: '.') Path to search in.
-- language: (optional, default: 'rust') Programming language to use for parsing.
-- allow_tests: (optional, default: true) Allow test files in search results (true/false).
-Usage Example:
-
-<examples>
-
-<query>
-<pattern>function $FUNC($$$PARAMS) { $$$BODY }</pattern>
-<path>src/parser</path>
-<language>js</language>
-</query>
+- file_path: Path where the file should be created (absolute or relative)
+- content: Content to write to the file
+- overwrite: (optional) Whether to overwrite if file exists (default: false)
 
-</examples>
-`;
-    extractToolDefinition = `
-## extract
-Description: Extract code blocks from files based on file paths and optional line numbers. Use this tool to see complete context after finding relevant files. It can be used to read full files as well.
-Full file extraction should be the LAST RESORT! Always prefer search.
+Important:
+- By default, will fail if the file already exists
+- Set overwrite: true to replace existing files
+- Parent directories will be created automatically if needed`,
+        inputSchema: {
+          type: "object",
+          properties: {
+            file_path: {
+              type: "string",
+              description: "Path where the file should be created"
+            },
+            content: {
+              type: "string",
+              description: "Content to write to the file"
+            },
+            overwrite: {
+              type: "boolean",
+              description: "Overwrite if file exists (default: false)",
+              default: false
+            }
+          },
+          required: ["file_path", "content"]
+        },
+        execute: async ({ file_path, content, overwrite = false }) => {
+          try {
+            if (!file_path || typeof file_path !== "string" || file_path.trim() === "") {
+              return `Error creating file: Invalid file_path - must be a non-empty string`;
+            }
+            if (content === void 0 || content === null || typeof content !== "string") {
+              return `Error creating file: Invalid content - must be a string`;
+            }
+            const resolvedPath2 = (0, import_path5.isAbsolute)(file_path) ? file_path : (0, import_path5.resolve)(cwd || process.cwd(), file_path);
+            if (debug) {
+              console.error(`[Create] Attempting to create file: ${resolvedPath2}`);
+            }
+            if (!isPathAllowed(resolvedPath2, allowedFolders)) {
+              return `Error creating file: Permission denied - ${file_path} is outside allowed directories`;
+            }
+            if ((0, import_fs5.existsSync)(resolvedPath2) && !overwrite) {
+              return `Error creating file: File already exists - ${file_path}. Use overwrite: true to replace it.`;
+            }
+            const dir = (0, import_path5.dirname)(resolvedPath2);
+            await import_fs4.promises.mkdir(dir, { recursive: true });
+            await import_fs4.promises.writeFile(resolvedPath2, content, "utf-8");
+            const action = (0, import_fs5.existsSync)(resolvedPath2) && overwrite ? "overwrote" : "created";
+            const bytes = Buffer.byteLength(content, "utf-8");
+            if (debug) {
+              console.error(`[Create] Successfully ${action} ${resolvedPath2}`);
+            }
+            return `Successfully ${action} ${file_path} (${bytes} bytes)`;
+          } catch (error2) {
+            console.error("[Create] Error:", error2);
+            return `Error creating file: ${error2.message}`;
+          }
+        }
+      });
+    };
+    editSchema = {
+      type: "object",
+      properties: {
+        file_path: {
+          type: "string",
+          description: "Path to the file to edit"
+        },
+        old_string: {
+          type: "string",
+          description: "Exact text to find and replace"
+        },
+        new_string: {
+          type: "string",
+          description: "Text to replace with"
+        },
+        replace_all: {
+          type: "boolean",
+          description: "Replace all occurrences (default: false)"
+        }
+      },
+      required: ["file_path", "old_string", "new_string"]
+    };
+    createSchema = {
+      type: "object",
+      properties: {
+        file_path: {
+          type: "string",
+          description: "Path where the file should be created"
+        },
+        content: {
+          type: "string",
+          description: "Content to write to the file"
+        },
+        overwrite: {
+          type: "boolean",
+          description: "Overwrite if file exists (default: false)"
+        }
+      },
+      required: ["file_path", "content"]
+    };
+    editDescription = "Edit files using exact string replacement. Requires exact match including whitespace.";
+    createDescription = "Create new files with specified content. Will create parent directories if needed.";
+    editToolDefinition = `
+## edit
+Description: ${editDescription}
 
-**Multiple Extraction:** You can extract multiple symbols/files in one call by providing multiple file paths separated by spaces.
+When to use:
+- For precise, surgical edits to existing files
+- When you need to change specific lines or blocks of code
+- For renaming functions, variables, or updating configuration values
+- When the exact text to replace is known and unique (or use replace_all for multiple occurrences)
 
-**Session Awareness:** Reuse context from previous tool calls. Don't re-extract the same symbols you already have.
+When NOT to use:
+- For creating new files (use 'create' tool instead)
+- When you cannot determine the exact text to replace
+- When changes span multiple locations that would be better handled together
 
 Parameters:
-- targets: (required) File paths or symbols to extract from. Formats: "file.js" (whole file), "file.js:42" (code block at line 42), "file.js:10-20" (lines 10-20), "file.js#funcName" (specific symbol). Multiple targets separated by spaces.
-- input_content: (optional) Text content to extract file paths from (alternative to targets for processing diffs/logs).
-- allow_tests: (optional, default: true) Include test files in extraction results.
-
-Usage Example:
-
-<examples>
+- file_path: (required) Path to the file to edit
+- old_string: (required) Exact text to find and replace (must match including whitespace, newlines, and indentation)
+- new_string: (required) Text to replace with
+- replace_all: (optional, default: false) Replace all occurrences if the string appears multiple times
 
-User: Where is the login logic? (After search found relevant files)
-<extract>
-<targets>session.rs#AuthService.login auth.rs:2-100 config.rs#DatabaseConfig</targets>
-</extract>
+Important notes:
+- The old_string MUST match EXACTLY, including all whitespace, indentation, and line breaks
+- If old_string appears multiple times and replace_all is false, the tool will fail
+- Always verify the exact formatting of the text you want to replace
 
-User: How does error handling work? (After search identified files)
-<extract>
-<targets>error.rs#ErrorType utils.rs#handle_error src/main.rs:50-80</targets>
-</extract>
-
-User: How RankManager works
-<extract>
-<targets>src/search/ranking.rs#RankManager</targets>
-</extract>
-
-User: Lets read the whole file
-<extract>
-<targets>src/search/ranking.rs</targets>
-</extract>
-
-User: Read the first 10 lines of the file
-<extract>
-<targets>src/search/ranking.rs:1-10</targets>
-</extract>
-
-User: Read file inside the dependency
-<extract>
-<targets>/dep/go/github.com/gorilla/mux/router.go</targets>
-</extract>
-
-</examples>
-`;
-    delegateToolDefinition = `
-## delegate
-Description: Automatically delegate big distinct tasks to specialized probe subagents within the agentic loop. Use this when you recognize that a user's request involves multiple large, distinct components that would benefit from parallel processing or specialized focus. The AI agent should automatically identify opportunities for task separation and use delegation without explicit user instruction.
-
-Parameters:
-- task: (required) A complete, self-contained task that can be executed independently by a subagent. Should be specific and focused on one area of expertise.
-
-Usage Pattern:
-When the AI agent encounters complex multi-part requests, it should automatically break them down and delegate:
+Examples:
+<edit>
+<file_path>src/main.js</file_path>
+<old_string>function oldName() {
+  return 42;
+}</old_string>
+<new_string>function newName() {
+  return 42;
+}</new_string>
+</edit>
 
-<delegate>
-<task>Analyze all authentication and authorization code in the codebase for security vulnerabilities and provide specific remediation recommendations</task>
-</delegate>
+<edit>
+<file_path>config.json</file_path>
+<old_string>"debug": false</old_string>
+<new_string>"debug": true</new_string>
+<replace_all>true</replace_all>
+</edit>`;
+    createToolDefinition = `
+## create
+Description: ${createDescription}
 
-<delegate>
-<task>Review database queries and API endpoints for performance bottlenecks and suggest optimization strategies</task>
-</delegate>
+When to use:
+- For creating brand new files from scratch
+- When you need to add configuration files, documentation, or new modules
+- For generating boilerplate code or templates
+- When you have the complete content ready to write
 
-The agent uses this tool automatically when it identifies that work can be separated into distinct, parallel tasks for more efficient processing.
-`;
-    attemptCompletionToolDefinition = `
-## attempt_completion
-Description: Use this tool ONLY when the task is fully complete and you have received confirmation of success for all previous tool uses. Presents the final result to the user. You can provide your response directly inside the XML tags without any parameter wrapper.
-Parameters:
-- No validation required - provide your complete answer directly inside the XML tags.
-Usage Example:
-<attempt_completion>
-I have refactored the search module according to the requirements and verified the tests pass. The module now uses the new BM25 ranking algorithm and has improved error handling.
-</attempt_completion>
-`;
-    bashToolDefinition = `
-## bash
-Description: Execute bash commands for system exploration and development tasks. This tool has built-in security with allow/deny lists. By default, only safe read-only commands are allowed for code exploration.
+When NOT to use:
+- For editing existing files (use 'edit' tool instead)
+- When a file already exists unless you explicitly want to overwrite it
 
 Parameters:
-- command: (required) The bash command to execute
-- workingDirectory: (optional) Directory to execute the command in
-- timeout: (optional) Command timeout in milliseconds
-- env: (optional) Additional environment variables as an object
-
-Security: Commands are filtered through allow/deny lists for safety:
-- Allowed by default: ls, cat, git status, npm list, find, grep, etc.
-- Denied by default: rm -rf, sudo, npm install, dangerous system commands
-
-Usage Examples:
-
-<examples>
-
-User: What files are in the src directory?
-<bash>
-<command>ls -la src/</command>
-</bash>
-
-User: Show me the git status
-<bash>
-<command>git status</command>
-</bash>
-
-User: Find all TypeScript files
-<bash>
-<command>find . -name "*.ts" -type f</command>
-</bash>
-
-User: Check installed npm packages
-<bash>
-<command>npm list --depth=0</command>
-</bash>
+- file_path: (required) Path where the file should be created
+- content: (required) Complete content to write to the file
+- overwrite: (optional, default: false) Whether to overwrite if file already exists
 
-User: Search for TODO comments in code
-<bash>
-<command>grep -r "TODO" src/</command>
-</bash>
+Important notes:
+- Parent directories will be created automatically if they don't exist
+- The tool will fail if the file already exists and overwrite is false
+- Be careful with the overwrite option as it completely replaces existing files
 
-User: Show recent git commits
-<bash>
-<command>git log --oneline -10</command>
-</bash>
+Examples:
+<create>
+<file_path>src/newFile.js</file_path>
+<content>export function hello() {
+  return "Hello, world!";
+}</content>
+</create>
 
-User: Check system info
-<bash>
-<command>uname -a</command>
-</bash>
+<create>
+<file_path>README.md</file_path>
+<content># My Project
 
-</examples>
-`;
-    searchDescription = "Search code in the repository using Elasticsearch-like query syntax. Use this tool first for any code-related questions.";
-    queryDescription = "Search code using ast-grep structural pattern matching. Use this tool to find specific code structures like functions, classes, or methods.";
-    extractDescription = "Extract code blocks from files based on file paths and optional line numbers. Use this tool to see complete context after finding relevant files.";
-    delegateDescription = "Automatically delegate big distinct tasks to specialized probe subagents within the agentic loop. Used by AI agents to break down complex requests into focused, parallel tasks.";
-    DEFAULT_VALID_TOOLS = [
-      "search",
-      "query",
-      "extract",
-      "delegate",
-      "listFiles",
-      "searchFiles",
-      "implement",
-      "bash",
-      "attempt_completion"
-    ];
+This is a new project.</content>
+<overwrite>true</overwrite>
+</create>`;
   }
 });
 
-// src/tools/vercel.js
-var import_ai, searchTool, queryTool, extractTool, delegateTool;
-var init_vercel = __esm({
-  "src/tools/vercel.js"() {
-    "use strict";
-    import_ai = require("ai");
-    init_search();
-    init_query();
-    init_extract();
-    init_delegate();
-    init_common2();
-    searchTool = (options = {}) => {
-      const { sessionId, maxTokens = 1e4, debug = false, outline = false } = options;
-      return (0, import_ai.tool)({
-        name: "search",
-        description: searchDescription,
-        inputSchema: searchSchema,
-        execute: async ({ query: searchQuery, path: path9, allow_tests, exact, maxTokens: paramMaxTokens, language }) => {
-          try {
-            const effectiveMaxTokens = paramMaxTokens || maxTokens;
-            let searchPaths;
-            if (path9) {
-              searchPaths = parseAndResolvePaths(path9, options.cwd);
-            }
-            if (!searchPaths || searchPaths.length === 0) {
-              searchPaths = [options.cwd || "."];
-            }
-            const searchPath = searchPaths.join(" ");
-            if (debug) {
-              console.error(`Executing search with query: "${searchQuery}", path: "${searchPath}", exact: ${exact ? "true" : "false"}, language: ${language || "all"}, session: ${sessionId || "none"}`);
-            }
-            const searchOptions = {
-              query: searchQuery,
-              path: searchPath,
-              cwd: options.cwd,
-              // Working directory for resolving relative paths
-              allowTests: allow_tests ?? true,
-              exact,
-              json: false,
-              maxTokens: effectiveMaxTokens,
-              session: sessionId,
-              // Pass session ID if provided
-              language
-              // Pass language parameter if provided
-            };
-            if (outline) {
-              searchOptions.format = "outline-xml";
-            }
-            const results = await search(searchOptions);
-            return results;
-          } catch (error2) {
-            console.error("Error executing search command:", error2);
-            return `Error executing search command: ${error2.message}`;
-          }
-        }
-      });
-    };
-    queryTool = (options = {}) => {
-      const { debug = false } = options;
-      return (0, import_ai.tool)({
-        name: "query",
-        description: queryDescription,
-        inputSchema: querySchema,
-        execute: async ({ pattern, path: path9, language, allow_tests }) => {
-          try {
-            let queryPaths;
-            if (path9) {
-              queryPaths = parseAndResolvePaths(path9, options.cwd);
-            }
-            if (!queryPaths || queryPaths.length === 0) {
-              queryPaths = [options.cwd || "."];
-            }
-            const queryPath = queryPaths.join(" ");
-            if (debug) {
-              console.error(`Executing query with pattern: "${pattern}", path: "${queryPath}", language: ${language || "auto"}`);
-            }
-            const results = await query({
-              pattern,
-              path: queryPath,
-              cwd: options.cwd,
-              // Working directory for resolving relative paths
-              language,
-              allowTests: allow_tests ?? true,
-              json: false
-            });
-            return results;
-          } catch (error2) {
-            console.error("Error executing query command:", error2);
-            return `Error executing query command: ${error2.message}`;
-          }
-        }
-      });
-    };
-    extractTool = (options = {}) => {
-      const { debug = false, outline = false } = options;
-      return (0, import_ai.tool)({
-        name: "extract",
-        description: extractDescription,
-        inputSchema: extractSchema,
-        execute: async ({ targets, input_content, line, end_line, allow_tests, context_lines, format: format2 }) => {
-          try {
-            const effectiveCwd = options.cwd || ".";
-            if (debug) {
-              if (targets) {
-                console.error(`Executing extract with targets: "${targets}", cwd: "${effectiveCwd}", context lines: ${context_lines || 10}`);
-              } else if (input_content) {
-                console.error(`Executing extract with input content, cwd: "${effectiveCwd}", context lines: ${context_lines || 10}`);
-              }
-            }
-            let tempFilePath = null;
-            let extractOptions = { cwd: effectiveCwd };
-            if (input_content) {
-              const { writeFileSync: writeFileSync2, unlinkSync } = await import("fs");
-              const { join: join3 } = await import("path");
-              const { tmpdir } = await import("os");
-              const { randomUUID: randomUUID6 } = await import("crypto");
-              tempFilePath = join3(tmpdir(), `probe-extract-${randomUUID6()}.txt`);
-              writeFileSync2(tempFilePath, input_content);
-              if (debug) {
-                console.error(`Created temporary file for input content: ${tempFilePath}`);
-              }
-              let effectiveFormat = format2;
-              if (outline && format2 === "outline-xml") {
-                effectiveFormat = "xml";
-              }
-              extractOptions = {
-                inputFile: tempFilePath,
-                cwd: effectiveCwd,
-                allowTests: allow_tests ?? true,
-                contextLines: context_lines,
-                format: effectiveFormat
-              };
-            } else if (targets) {
-              const parsedTargets = parseTargets(targets);
-              const files = parsedTargets.map((target) => resolveTargetPath(target, effectiveCwd));
-              let effectiveFormat = format2;
-              if (outline && format2 === "outline-xml") {
-                effectiveFormat = "xml";
-              }
-              extractOptions = {
-                files,
-                cwd: effectiveCwd,
-                allowTests: allow_tests ?? true,
-                contextLines: context_lines,
-                format: effectiveFormat
-              };
-            } else {
-              throw new Error("Either targets or input_content must be provided");
-            }
-            const results = await extract(extractOptions);
-            if (tempFilePath) {
-              const { unlinkSync } = await import("fs");
-              try {
-                unlinkSync(tempFilePath);
-                if (debug) {
-                  console.error(`Removed temporary file: ${tempFilePath}`);
-                }
-              } catch (cleanupError) {
-                console.error(`Warning: Failed to remove temporary file: ${cleanupError.message}`);
-              }
-            }
-            return results;
-          } catch (error2) {
-            console.error("Error executing extract command:", error2);
-            return `Error executing extract command: ${error2.message}`;
+// src/tools/common.js
+function buildToolTagPattern(tools2 = DEFAULT_VALID_TOOLS) {
+  const allTools = [...tools2];
+  if (allTools.includes("attempt_completion") && !allTools.includes("attempt_complete")) {
+    allTools.push("attempt_complete");
+  }
+  const escaped = allTools.map((t4) => t4.replace(/[.*+?^${}()|[\]\\]/g, "\\$&"));
+  return new RegExp(`<(${escaped.join("|")})>`);
+}
+function getValidParamsForTool(toolName) {
+  const schemaMap = {
+    search: searchSchema,
+    query: querySchema,
+    extract: extractSchema,
+    delegate: delegateSchema,
+    bash: bashSchema,
+    attempt_completion: attemptCompletionSchema,
+    edit: editSchema,
+    create: createSchema
+  };
+  const schema = schemaMap[toolName];
+  if (!schema) {
+    return ["path", "directory", "pattern", "recursive", "includeHidden", "task", "files", "autoCommits", "result"];
+  }
+  if (toolName === "attempt_completion") {
+    return ["result"];
+  }
+  if (schema._def && schema._def.shape) {
+    return Object.keys(schema._def.shape());
+  }
+  if (schema.properties) {
+    return Object.keys(schema.properties);
+  }
+  return [];
+}
+function parseXmlToolCall(xmlString, validTools = DEFAULT_VALID_TOOLS) {
+  for (const toolName of validTools) {
+    const openTag = `<${toolName}>`;
+    const closeTag = `</${toolName}>`;
+    const openIndex = xmlString.indexOf(openTag);
+    if (openIndex === -1) {
+      continue;
+    }
+    let closeIndex;
+    if (toolName === "attempt_completion") {
+      closeIndex = xmlString.lastIndexOf(closeTag);
+      if (closeIndex !== -1 && closeIndex <= openIndex + openTag.length) {
+        closeIndex = -1;
+      }
+    } else {
+      closeIndex = xmlString.indexOf(closeTag, openIndex + openTag.length);
+    }
+    let hasClosingTag = closeIndex !== -1;
+    if (closeIndex === -1) {
+      closeIndex = xmlString.length;
+    }
+    const innerContent = xmlString.substring(
+      openIndex + openTag.length,
+      closeIndex
+    );
+    const params = {};
+    const validParams = getValidParamsForTool(toolName);
+    for (const paramName of validParams) {
+      const paramOpenTag = `<${paramName}>`;
+      const paramCloseTag = `</${paramName}>`;
+      const paramOpenIndex = innerContent.indexOf(paramOpenTag);
+      if (paramOpenIndex === -1) {
+        continue;
+      }
+      let paramCloseIndex = innerContent.indexOf(paramCloseTag, paramOpenIndex + paramOpenTag.length);
+      if (paramCloseIndex === -1) {
+        let nextTagIndex = innerContent.length;
+        for (const nextParam of validParams) {
+          const nextOpenTag = `<${nextParam}>`;
+          const nextIndex = innerContent.indexOf(nextOpenTag, paramOpenIndex + paramOpenTag.length);
+          if (nextIndex !== -1 && nextIndex < nextTagIndex) {
+            nextTagIndex = nextIndex;
           }
         }
-      });
-    };
-    delegateTool = (options = {}) => {
-      const { debug = false, timeout = 300, cwd, allowedFolders, enableBash = false, bashConfig } = options;
-      return (0, import_ai.tool)({
-        name: "delegate",
-        description: delegateDescription,
-        inputSchema: delegateSchema,
-        execute: async ({ task, currentIteration, maxIterations, parentSessionId, path: path9, provider, model, tracer }) => {
-          if (!task || typeof task !== "string") {
-            throw new Error("Task parameter is required and must be a non-empty string");
-          }
-          if (task.trim().length === 0) {
-            throw new Error("Task parameter cannot be empty or whitespace only");
-          }
-          if (currentIteration !== void 0 && (typeof currentIteration !== "number" || currentIteration < 0)) {
-            throw new Error("currentIteration must be a non-negative number");
-          }
-          if (maxIterations !== void 0 && (typeof maxIterations !== "number" || maxIterations < 1)) {
-            throw new Error("maxIterations must be a positive number");
-          }
-          if (parentSessionId !== void 0 && parentSessionId !== null && typeof parentSessionId !== "string") {
-            throw new TypeError("parentSessionId must be a string, null, or undefined");
-          }
-          if (path9 !== void 0 && path9 !== null && typeof path9 !== "string") {
-            throw new TypeError("path must be a string, null, or undefined");
-          }
-          if (provider !== void 0 && provider !== null && typeof provider !== "string") {
-            throw new TypeError("provider must be a string, null, or undefined");
-          }
-          if (model !== void 0 && model !== null && typeof model !== "string") {
-            throw new TypeError("model must be a string, null, or undefined");
-          }
-          const effectivePath = path9 || cwd || allowedFolders && allowedFolders[0];
-          if (debug) {
-            console.error(`Executing delegate with task: "${task.substring(0, 100)}${task.length > 100 ? "..." : ""}"`);
-            if (parentSessionId) {
-              console.error(`Parent session: ${parentSessionId}`);
-            }
-            if (effectivePath && effectivePath !== path9) {
-              console.error(`Using inherited path: ${effectivePath}`);
-            }
-          }
-          const result = await delegate({
-            task,
-            timeout,
-            debug,
-            currentIteration: currentIteration || 0,
-            maxIterations: maxIterations || 30,
-            parentSessionId,
-            path: effectivePath,
-            provider,
-            model,
-            tracer,
-            enableBash,
-            bashConfig
-          });
-          return result;
+        paramCloseIndex = nextTagIndex;
+      }
+      let paramValue = innerContent.substring(
+        paramOpenIndex + paramOpenTag.length,
+        paramCloseIndex
+      ).trim();
+      if (paramValue.toLowerCase() === "true") {
+        paramValue = true;
+      } else if (paramValue.toLowerCase() === "false") {
+        paramValue = false;
+      } else if (!isNaN(paramValue) && paramValue.trim() !== "") {
+        const num = Number(paramValue);
+        if (Number.isFinite(num)) {
+          paramValue = num;
         }
-      });
-    };
+      }
+      params[paramName] = paramValue;
+    }
+    if (toolName === "attempt_completion") {
+      params["result"] = innerContent.trim();
+      if (params.command) {
+        delete params.command;
+      }
+    }
+    return { toolName, params };
   }
-});
-
-// src/agent/bashDefaults.js
-var DEFAULT_ALLOW_PATTERNS, DEFAULT_DENY_PATTERNS;
-var init_bashDefaults = __esm({
-  "src/agent/bashDefaults.js"() {
-    "use strict";
-    DEFAULT_ALLOW_PATTERNS = [
-      // Basic navigation and listing
-      "ls",
-      "dir",
-      "pwd",
-      "cd",
-      "cd:*",
-      // File reading commands
-      "cat",
-      "cat:*",
-      "head",
-      "head:*",
-      "tail",
-      "tail:*",
-      "less",
-      "more",
-      "view",
-      // File information and metadata
-      "file",
-      "file:*",
-      "stat",
-      "stat:*",
-      "wc",
-      "wc:*",
-      "du",
-      "du:*",
-      "df",
-      "df:*",
-      "realpath",
-      "realpath:*",
-      // Search and find commands (read-only) - find restricted to safe operations
-      "find",
-      "find:-name:*",
-      "find:-type:*",
-      "find:-size:*",
-      "find:-mtime:*",
-      "find:-newer:*",
-      "find:-path:*",
-      "find:-iname:*",
-      "find:-maxdepth:*",
-      "find:-mindepth:*",
-      "find:-print",
-      "grep",
-      "grep:*",
-      "egrep",
-      "egrep:*",
-      "fgrep",
-      "fgrep:*",
-      "rg",
-      "rg:*",
-      "ag",
-      "ag:*",
-      "ack",
-      "ack:*",
-      "which",
-      "which:*",
-      "whereis",
-      "whereis:*",
-      "locate",
-      "locate:*",
-      "type",
-      "type:*",
-      "command",
-      "command:*",
-      // Tree and structure visualization
-      "tree",
-      "tree:*",
-      // Git read-only operations
-      "git:status",
-      "git:log",
-      "git:log:*",
-      "git:diff",
-      "git:diff:*",
-      "git:show",
-      "git:show:*",
-      "git:branch",
-      "git:branch:*",
-      "git:tag",
-      "git:tag:*",
-      "git:describe",
-      "git:describe:*",
-      "git:remote",
-      "git:remote:*",
-      "git:config:*",
-      "git:blame",
-      "git:blame:*",
-      "git:shortlog",
-      "git:reflog",
-      "git:ls-files",
-      "git:ls-tree",
-      "git:rev-parse",
-      "git:rev-list",
-      "git:--version",
-      "git:help",
-      "git:help:*",
-      // Package managers (information only)
-      "npm:list",
-      "npm:ls",
-      "npm:view",
-      "npm:info",
-      "npm:show",
-      "npm:outdated",
-      "npm:audit",
-      "npm:--version",
-      "yarn:list",
-      "yarn:info",
-      "yarn:--version",
-      "pnpm:list",
-      "pnpm:--version",
-      "pip:list",
-      "pip:show",
-      "pip:--version",
-      "pip3:list",
-      "pip3:show",
-      "pip3:--version",
-      "gem:list",
-      "gem:--version",
-      "bundle:list",
-      "bundle:show",
-      "bundle:--version",
-      "composer:show",
-      "composer:--version",
-      // Language and runtime versions
-      "node:--version",
-      "node:-v",
-      "python:--version",
-      "python:-V",
-      "python3:--version",
-      "python3:-V",
-      "ruby:--version",
-      "ruby:-v",
-      "go:version",
-      "go:env",
-      "go:list",
-      "go:mod:graph",
-      "rustc:--version",
-      "cargo:--version",
-      "cargo:tree",
-      "cargo:metadata",
-      "java:--version",
-      "java:-version",
-      "javac:--version",
-      "mvn:--version",
-      "gradle:--version",
-      "php:--version",
-      "dotnet:--version",
-      "dotnet:list",
-      // Database client versions (connection info only)
-      "psql:--version",
-      "mysql:--version",
-      "redis-cli:--version",
-      "mongo:--version",
-      "sqlite3:--version",
-      // System information
-      "uname",
-      "uname:*",
-      "hostname",
-      "whoami",
-      "id",
-      "groups",
-      "date",
-      "cal",
-      "uptime",
-      "w",
-      "users",
-      "sleep",
-      "sleep:*",
-      // Environment and shell
-      "env",
-      "printenv",
-      "echo",
-      "echo:*",
-      "printf",
-      "printf:*",
-      "export",
-      "export:*",
-      "set",
-      "unset",
-      // Process information (read-only)
-      "ps",
-      "ps:*",
-      "pgrep",
-      "pgrep:*",
-      "jobs",
-      "top:-n:1",
-      // Network information (read-only)
-      "ifconfig",
-      "ip:addr",
-      "ip:link",
-      "hostname:-I",
-      "ping:-c:*",
-      "traceroute",
-      "nslookup",
-      "dig",
-      // Text processing and utilities (awk removed - too powerful)
-      "sed:-n:*",
-      "cut",
-      "cut:*",
-      "sort",
-      "sort:*",
-      "uniq",
-      "uniq:*",
-      "tr",
-      "tr:*",
-      "column",
-      "column:*",
-      "paste",
-      "paste:*",
-      "join",
-      "join:*",
-      "comm",
-      "comm:*",
-      "diff",
-      "diff:*",
-      "cmp",
-      "cmp:*",
-      "patch:--dry-run:*",
-      // Hashing and encoding (read-only)
-      "md5sum",
-      "md5sum:*",
-      "sha1sum",
-      "sha1sum:*",
-      "sha256sum",
-      "sha256sum:*",
-      "base64",
-      "base64:-d",
-      "od",
-      "od:*",
-      "hexdump",
-      "hexdump:*",
-      // Archive and compression (list/view only)
-      "tar:-tf:*",
-      "tar:-tzf:*",
-      "unzip:-l:*",
-      "zip:-l:*",
-      "gzip:-l:*",
-      "gunzip:-l:*",
-      // Help and documentation
-      "man",
-      "man:*",
-      "--help",
-      "help",
-      "info",
-      "info:*",
-      "whatis",
-      "whatis:*",
-      "apropos",
-      "apropos:*",
-      // Make (dry run and info)
-      "make:-n",
-      "make:--dry-run",
-      "make:-p",
-      "make:--print-data-base",
-      // Docker (read-only operations)
-      "docker:ps",
-      "docker:images",
-      "docker:version",
-      "docker:info",
-      "docker:logs:*",
-      "docker:inspect:*",
-      // Test runners (list/info only)
-      "jest:--listTests",
-      "mocha:--help",
-      "pytest:--collect-only"
-    ];
-    DEFAULT_DENY_PATTERNS = [
-      // Dangerous file operations
-      "rm:-rf",
-      "rm:-f:/",
-      "rm:/",
-      "rm:-rf:*",
-      "rmdir",
-      "chmod:777",
-      "chmod:-R:777",
-      "chown",
-      "chgrp",
-      "dd",
-      "dd:*",
-      "shred",
-      "shred:*",
-      // Dangerous find operations that can execute arbitrary commands
-      "find:-exec:*",
-      "find:*:-exec:*",
-      "find:-execdir:*",
-      "find:*:-execdir:*",
-      "find:-ok:*",
-      "find:*:-ok:*",
-      "find:-okdir:*",
-      "find:*:-okdir:*",
-      // Powerful scripting tools that can execute arbitrary commands
-      "awk",
-      "awk:*",
-      "perl",
-      "perl:*",
-      "python:-c:*",
-      "node:-e:*",
-      // System administration and modification
-      "sudo:*",
-      "su",
-      "su:*",
-      "passwd",
-      "adduser",
-      "useradd",
-      "userdel",
-      "usermod",
-      "groupadd",
-      "groupdel",
-      "visudo",
-      // Package installation and removal
-      "npm:install",
-      "npm:i",
-      "npm:uninstall",
-      "npm:publish",
-      "npm:unpublish",
-      "npm:link",
-      "npm:update",
-      "yarn:install",
-      "yarn:add",
-      "yarn:remove",
-      "yarn:upgrade",
-      "pnpm:install",
-      "pnpm:add",
-      "pnpm:remove",
-      "pip:install",
-      "pip:uninstall",
-      "pip:upgrade",
-      "pip3:install",
-      "pip3:uninstall",
-      "pip3:upgrade",
-      "gem:install",
-      "gem:uninstall",
-      "gem:update",
-      "bundle:install",
-      "bundle:update",
-      "composer:install",
-      "composer:update",
-      "composer:remove",
-      "apt:*",
-      "apt-get:*",
-      "yum:*",
-      "dnf:*",
-      "zypper:*",
-      "brew:install",
-      "brew:uninstall",
-      "brew:upgrade",
-      "conda:install",
-      "conda:remove",
-      "conda:update",
-      // Service and system control
-      "systemctl:*",
-      "service:*",
-      "chkconfig:*",
-      "initctl:*",
-      "upstart:*",
-      // Network operations that could be dangerous
-      "curl:-d:*",
-      "curl:--data:*",
-      "curl:-X:POST:*",
-      "curl:-X:PUT:*",
-      "wget:-O:/",
-      "wget:--post-data:*",
-      "ssh",
-      "ssh:*",
-      "scp",
-      "scp:*",
-      "sftp",
-      "sftp:*",
-      "rsync:*",
-      "nc",
-      "nc:*",
-      "netcat",
-      "netcat:*",
-      "telnet",
-      "telnet:*",
-      "ftp",
-      "ftp:*",
-      // Process control and termination
-      "kill",
-      "kill:*",
-      "killall",
-      "killall:*",
-      "pkill",
-      "pkill:*",
-      "nohup:*",
-      "disown:*",
-      // System control and shutdown
-      "shutdown",
-      "shutdown:*",
-      "reboot",
-      "halt",
-      "poweroff",
-      "init",
-      "telinit",
-      // Kernel and module operations
-      "insmod",
-      "insmod:*",
-      "rmmod",
-      "rmmod:*",
-      "modprobe",
-      "modprobe:*",
-      "sysctl:-w:*",
-      // Dangerous git operations
-      "git:push",
-      "git:push:*",
-      "git:force",
-      "git:reset:--hard:*",
-      "git:clean:-fd",
-      "git:rm:*",
-      "git:commit",
-      "git:merge",
-      "git:rebase",
-      "git:cherry-pick",
-      "git:stash:drop",
-      // File system mounting and partitioning
-      "mount",
-      "mount:*",
-      "umount",
-      "umount:*",
-      "fdisk",
-      "fdisk:*",
-      "parted",
-      "parted:*",
-      "mkfs",
-      "mkfs:*",
-      "fsck",
-      "fsck:*",
-      // Cron and scheduling
-      "crontab",
-      "crontab:*",
-      "at",
-      "at:*",
-      "batch",
-      "batch:*",
-      // Compression with potential overwrite
-      "tar:-xf:*",
-      "unzip",
-      "unzip:*",
-      "gzip:*",
-      "gunzip:*",
-      // Build and compilation that might modify files
-      "make",
-      "make:install",
-      "make:clean",
-      "cargo:build",
-      "cargo:install",
-      "npm:run:build",
-      "yarn:build",
-      "mvn:install",
-      "gradle:build",
-      // Docker operations that could modify state
-      "docker:run",
-      "docker:run:*",
-      "docker:exec",
-      "docker:exec:*",
-      "docker:build",
-      "docker:build:*",
-      "docker:pull",
-      "docker:push",
-      "docker:rm",
-      "docker:rmi",
-      "docker:stop",
-      "docker:start",
-      // Database operations
-      "mysql:-e:DROP",
-      "psql:-c:DROP",
-      "redis-cli:FLUSHALL",
-      "mongo:--eval:*",
-      // Text editors that could modify files
-      "vi",
-      "vi:*",
-      "vim",
-      "vim:*",
-      "nano",
-      "nano:*",
-      "emacs",
-      "emacs:*",
-      "sed:-i:*",
-      "perl:-i:*",
-      // Potentially dangerous utilities
-      "eval",
-      "eval:*",
-      "exec",
-      "exec:*",
-      "source",
-      "source:*",
-      "bash:-c:*",
-      "sh:-c:*",
-      "zsh:-c:*"
-    ];
-  }
-});
-
-// src/agent/bashCommandUtils.js
-function parseSimpleCommand(command) {
-  if (!command || typeof command !== "string") {
-    return {
-      success: false,
-      error: "Command must be a non-empty string",
-      command: null,
-      args: [],
-      isComplex: false
-    };
-  }
-  const trimmed = command.trim();
-  if (!trimmed) {
-    return {
-      success: false,
-      error: "Command cannot be empty",
-      command: null,
-      args: [],
-      isComplex: false
-    };
-  }
-  const complexPatterns = [
-    /\|/,
-    // Pipes
-    /&&/,
-    // Logical AND
-    /\|\|/,
-    // Logical OR
-    /(?<!\\);/,
-    // Command separator (but not escaped \;)
-    /&$/,
-    // Background execution
-    /\$\(/,
-    // Command substitution $()
-    /`/,
-    // Command substitution ``
-    />/,
-    // Redirection >
-    /</,
-    // Redirection <
-    /\*\*/,
-    // Glob patterns (potentially dangerous)
-    /^\s*\{.*,.*\}|\{.*\.\.\.*\}/
-    // Brace expansion like {a,b} or {1..10} (but not find {} placeholders)
-  ];
-  for (const pattern of complexPatterns) {
-    if (pattern.test(trimmed)) {
-      return {
-        success: false,
-        error: "Complex shell commands with pipes, operators, or redirections are not supported for security reasons",
-        command: null,
-        args: [],
-        isComplex: true,
-        detected: pattern.toString()
-      };
-    }
-  }
-  const args = [];
-  let current = "";
-  let inQuotes = false;
-  let quoteChar = "";
-  let escaped = false;
-  for (let i4 = 0; i4 < trimmed.length; i4++) {
-    const char = trimmed[i4];
-    const nextChar = i4 + 1 < trimmed.length ? trimmed[i4 + 1] : "";
-    if (escaped) {
-      current += char;
-      escaped = false;
-      continue;
-    }
-    if (char === "\\" && !inQuotes) {
-      escaped = true;
-      continue;
-    }
-    if (!inQuotes && (char === '"' || char === "'")) {
-      inQuotes = true;
-      quoteChar = char;
-    } else if (inQuotes && char === quoteChar) {
-      inQuotes = false;
-      quoteChar = "";
-    } else if (!inQuotes && char === " ") {
-      if (current.trim()) {
-        args.push(current.trim());
-        current = "";
-      }
-    } else {
-      current += char;
-    }
-  }
-  if (current.trim()) {
-    args.push(current.trim());
+  return null;
+}
+function createMessagePreview(message, charsPerSide = 200) {
+  if (message === null || message === void 0) {
+    return "null/undefined";
   }
-  if (inQuotes) {
-    return {
-      success: false,
-      error: `Unclosed quote in command: ${quoteChar}`,
-      command: null,
-      args: [],
-      isComplex: false
-    };
+  if (typeof message !== "string") {
+    return "null/undefined";
   }
-  if (args.length === 0) {
-    return {
-      success: false,
-      error: "No command found after parsing",
-      command: null,
-      args: [],
-      isComplex: false
-    };
+  const totalChars = charsPerSide * 2;
+  if (message.length <= totalChars) {
+    return message;
   }
-  const [baseCommand, ...commandArgs] = args;
-  return {
-    success: true,
-    error: null,
-    command: baseCommand,
-    args: commandArgs,
-    fullArgs: args,
-    isComplex: false,
-    original: command
-  };
-}
-function isComplexCommand(command) {
-  const result = parseSimpleCommand(command);
-  return result.isComplex;
+  const start = message.substring(0, charsPerSide);
+  const end = message.substring(message.length - charsPerSide);
+  return `${start}...${end}`;
 }
-function isComplexPattern(pattern) {
-  if (!pattern || typeof pattern !== "string") return false;
-  const operatorPatterns = [
-    /\|/,
-    // Pipes
-    /&&/,
-    // Logical AND
-    /\|\|/,
-    // Logical OR
-    /;/,
-    // Command separator
-    /&$/,
-    // Background execution
-    /\$\(/,
-    // Command substitution $()
-    /`/,
-    // Command substitution ``
-    />/,
-    // Redirection >
-    /</
-    // Redirection <
-  ];
-  return operatorPatterns.some((p4) => p4.test(pattern));
+function parseTargets(targets) {
+  if (!targets || typeof targets !== "string") {
+    return [];
+  }
+  return targets.split(/[\s,]+/).filter((f4) => f4.length > 0);
 }
-function globToRegex(pattern) {
-  let escaped = pattern.replace(/[.+?^${}()|[\]\\]/g, "\\$&");
-  escaped = escaped.replace(/\*/g, ".*?");
-  return new RegExp("^" + escaped + "$", "i");
+function parseAndResolvePaths(pathStr, cwd) {
+  if (!pathStr) return [];
+  const paths = pathStr.split(",").map((p4) => p4.trim()).filter((p4) => p4.length > 0);
+  return paths.map((p4) => {
+    if ((0, import_path6.isAbsolute)(p4)) {
+      return p4;
+    }
+    return cwd ? (0, import_path6.resolve)(cwd, p4) : p4;
+  });
 }
-function matchesComplexPattern(command, pattern) {
-  if (!command || !pattern) return false;
-  const normalizedCommand = command.trim().replace(/\s+/g, " ");
-  const normalizedPattern = pattern.trim().replace(/\s+/g, " ");
-  try {
-    const regex = globToRegex(normalizedPattern);
-    return regex.test(normalizedCommand);
-  } catch (e4) {
-    return normalizedCommand === normalizedPattern;
+function resolveTargetPath(target, cwd) {
+  const searchStart = target.length > 2 && target[1] === ":" && /[a-zA-Z]/.test(target[0]) ? 2 : 0;
+  const colonIdx = target.indexOf(":", searchStart);
+  const hashIdx = target.indexOf("#");
+  let filePart, suffix;
+  if (colonIdx !== -1 && (hashIdx === -1 || colonIdx < hashIdx)) {
+    filePart = target.substring(0, colonIdx);
+    suffix = target.substring(colonIdx);
+  } else if (hashIdx !== -1) {
+    filePart = target.substring(0, hashIdx);
+    suffix = target.substring(hashIdx);
+  } else {
+    filePart = target;
+    suffix = "";
   }
+  if (!(0, import_path6.isAbsolute)(filePart) && cwd) {
+    filePart = (0, import_path6.resolve)(cwd, filePart);
+  }
+  return filePart + suffix;
 }
-function parseCommand(command) {
-  const result = parseSimpleCommand(command);
-  if (!result.success) {
-    return {
-      command: "",
-      args: [],
-      error: result.error,
-      isComplex: result.isComplex
+var import_path6, searchSchema, querySchema, extractSchema, delegateSchema, bashSchema, attemptCompletionSchema, searchToolDefinition, queryToolDefinition, extractToolDefinition, delegateToolDefinition, attemptCompletionToolDefinition, bashToolDefinition, searchDescription, queryDescription, extractDescription, delegateDescription, DEFAULT_VALID_TOOLS;
+var init_common2 = __esm({
+  "src/tools/common.js"() {
+    "use strict";
+    init_zod();
+    import_path6 = require("path");
+    init_edit();
+    searchSchema = external_exports.object({
+      query: external_exports.string().describe("Search query with Elasticsearch syntax. Use quotes for exact matches, AND/OR for boolean logic, - for negation."),
+      path: external_exports.string().optional().default(".").describe('Path to search in. For dependencies use "go:github.com/owner/repo", "js:package_name", or "rust:cargo_name" etc.')
+    });
+    querySchema = external_exports.object({
+      pattern: external_exports.string().describe("AST pattern to search for. Use $NAME for variable names, $$$PARAMS for parameter lists, etc."),
+      path: external_exports.string().optional().default(".").describe("Path to search in"),
+      language: external_exports.string().optional().default("rust").describe("Programming language to use for parsing"),
+      allow_tests: external_exports.boolean().optional().default(true).describe("Allow test files in search results")
+    });
+    extractSchema = external_exports.object({
+      targets: external_exports.string().optional().describe('File paths or symbols to extract from. Formats: "file.js" (whole file), "file.js:42" (line 42), "file.js:10-20" (lines 10-20), "file.js#funcName" (symbol). Multiple targets separated by spaces.'),
+      input_content: external_exports.string().optional().describe("Text content to extract file paths from (alternative to targets)"),
+      allow_tests: external_exports.boolean().optional().default(true).describe("Include test files in extraction results")
+    });
+    delegateSchema = external_exports.object({
+      task: external_exports.string().describe("The task to delegate to a subagent. Be specific about what needs to be accomplished.")
+    });
+    bashSchema = external_exports.object({
+      command: external_exports.string().describe("The bash command to execute"),
+      workingDirectory: external_exports.string().optional().describe("Directory to execute the command in (optional)"),
+      timeout: external_exports.number().optional().describe("Command timeout in milliseconds (optional)"),
+      env: external_exports.record(external_exports.string()).optional().describe("Additional environment variables (optional)")
+    });
+    attemptCompletionSchema = {
+      // Custom validation that requires result parameter but allows direct XML response
+      safeParse: (params) => {
+        if (!params || typeof params !== "object") {
+          return {
+            success: false,
+            error: {
+              issues: [{
+                code: "invalid_type",
+                expected: "object",
+                received: typeof params,
+                path: [],
+                message: "Expected object"
+              }]
+            }
+          };
+        }
+        if (!("result" in params)) {
+          return {
+            success: false,
+            error: {
+              issues: [{
+                code: "invalid_type",
+                expected: "string",
+                received: "undefined",
+                path: ["result"],
+                message: "Required"
+              }]
+            }
+          };
+        }
+        if (typeof params.result !== "string") {
+          return {
+            success: false,
+            error: {
+              issues: [{
+                code: "invalid_type",
+                expected: "string",
+                received: typeof params.result,
+                path: ["result"],
+                message: "Expected string"
+              }]
+            }
+          };
+        }
+        const filteredData = { result: params.result };
+        return {
+          success: true,
+          data: filteredData
+        };
+      }
     };
-  }
-  return {
-    command: result.command,
-    args: result.args,
-    error: null,
-    isComplex: result.isComplex
-  };
-}
-function parseCommandForExecution(command) {
-  const result = parseSimpleCommand(command);
-  if (!result.success) {
-    return null;
-  }
-  return result.fullArgs;
-}
-var init_bashCommandUtils = __esm({
-  "src/agent/bashCommandUtils.js"() {
-    "use strict";
+    searchToolDefinition = `
+## search
+Description: Search code in the repository using Elasticsearch query syntax (except field based queries, e.g. "filename:..." NOT supported).
+
+You need to focus on main keywords when constructing the query, and always use elastic search syntax like OR AND and brackets to group keywords.
+
+**Session Management & Caching:**
+- Ensure not to re-read the same symbols twice - reuse context from previous tool calls
+- Probe returns a session ID on first run - reuse it for subsequent calls to avoid redundant searches
+- Once data is returned, it's cached and won't return on next runs (this is expected behavior)
+
+Parameters:
+- query: (required) Search query with Elasticsearch syntax. Use quotes for exact matches ("functionName"), AND/OR for boolean logic, - for negation, + for important terms.
+- path: (optional, default: '.') Path to search in. All dependencies located in /dep folder, under language sub folders, like this: "/dep/go/github.com/owner/repo", "/dep/js/package_name", or "/dep/rust/cargo_name" etc.
+
+**Workflow:** Always start with search, then use extract for detailed context when needed.
+
+Usage Example:
+
+<examples>
+
+User: Where is the login logic?
+Assistant workflow:
+1. <search>
+<query>login AND auth AND token</query>
+<path>.</path>
+</search>
+2. Now lets look closer: <extract>
+<targets>session.rs#AuthService.login auth.rs:2-100</targets>
+</extract>
+
+User: How to calculate the total amount in the payments module?
+<search>
+<query>calculate AND payment</query>
+<path>src/utils</path>
+</search>
+
+User: How do the user authentication and authorization work?
+<search>
+<query>+user AND (authentication OR authorization OR authz)</query>
+<path>.</path>
+</search>
+
+User: Find all react imports in the project.
+<search>
+<query>"import" AND "react"</query>
+<path>.</path>
+</search>
+
+User: Find how decompound library works?
+<search>
+<query>decompound</query>
+<path>/dep/rust/decompound</path>
+</search>
+
+</examples>
+`;
+    queryToolDefinition = `
+## query
+Description: Search code using ast-grep structural pattern matching. Use this tool to find specific code structures like functions, classes, or methods.
+Parameters:
+- pattern: (required) AST pattern to search for. Use $NAME for variable names, $$$PARAMS for parameter lists, etc.
+- path: (optional, default: '.') Path to search in.
+- language: (optional, default: 'rust') Programming language to use for parsing.
+- allow_tests: (optional, default: true) Allow test files in search results (true/false).
+Usage Example:
+
+<examples>
+
+<query>
+<pattern>function $FUNC($$$PARAMS) { $$$BODY }</pattern>
+<path>src/parser</path>
+<language>js</language>
+</query>
+
+</examples>
+`;
+    extractToolDefinition = `
+## extract
+Description: Extract code blocks from files based on file paths and optional line numbers. Use this tool to see complete context after finding relevant files. It can be used to read full files as well.
+Full file extraction should be the LAST RESORT! Always prefer search.
+
+**Multiple Extraction:** You can extract multiple symbols/files in one call by providing multiple file paths separated by spaces.
+
+**Session Awareness:** Reuse context from previous tool calls. Don't re-extract the same symbols you already have.
+
+Parameters:
+- targets: (required) File paths or symbols to extract from. Formats: "file.js" (whole file), "file.js:42" (code block at line 42), "file.js:10-20" (lines 10-20), "file.js#funcName" (specific symbol). Multiple targets separated by spaces.
+- input_content: (optional) Text content to extract file paths from (alternative to targets for processing diffs/logs).
+- allow_tests: (optional, default: true) Include test files in extraction results.
+
+Usage Example:
+
+<examples>
+
+User: Where is the login logic? (After search found relevant files)
+<extract>
+<targets>session.rs#AuthService.login auth.rs:2-100 config.rs#DatabaseConfig</targets>
+</extract>
+
+User: How does error handling work? (After search identified files)
+<extract>
+<targets>error.rs#ErrorType utils.rs#handle_error src/main.rs:50-80</targets>
+</extract>
+
+User: How RankManager works
+<extract>
+<targets>src/search/ranking.rs#RankManager</targets>
+</extract>
+
+User: Lets read the whole file
+<extract>
+<targets>src/search/ranking.rs</targets>
+</extract>
+
+User: Read the first 10 lines of the file
+<extract>
+<targets>src/search/ranking.rs:1-10</targets>
+</extract>
+
+User: Read file inside the dependency
+<extract>
+<targets>/dep/go/github.com/gorilla/mux/router.go</targets>
+</extract>
+
+</examples>
+`;
+    delegateToolDefinition = `
+## delegate
+Description: Automatically delegate big distinct tasks to specialized probe subagents within the agentic loop. Use this when you recognize that a user's request involves multiple large, distinct components that would benefit from parallel processing or specialized focus. The AI agent should automatically identify opportunities for task separation and use delegation without explicit user instruction.
+
+Parameters:
+- task: (required) A complete, self-contained task that can be executed independently by a subagent. Should be specific and focused on one area of expertise.
+
+Usage Pattern:
+When the AI agent encounters complex multi-part requests, it should automatically break them down and delegate:
+
+<delegate>
+<task>Analyze all authentication and authorization code in the codebase for security vulnerabilities and provide specific remediation recommendations</task>
+</delegate>
+
+<delegate>
+<task>Review database queries and API endpoints for performance bottlenecks and suggest optimization strategies</task>
+</delegate>
+
+The agent uses this tool automatically when it identifies that work can be separated into distinct, parallel tasks for more efficient processing.
+`;
+    attemptCompletionToolDefinition = `
+## attempt_completion
+Description: Use this tool ONLY when the task is fully complete and you have received confirmation of success for all previous tool uses. Presents the final result to the user. You can provide your response directly inside the XML tags without any parameter wrapper.
+Parameters:
+- No validation required - provide your complete answer directly inside the XML tags.
+Usage Example:
+<attempt_completion>
+I have refactored the search module according to the requirements and verified the tests pass. The module now uses the new BM25 ranking algorithm and has improved error handling.
+</attempt_completion>
+`;
+    bashToolDefinition = `
+## bash
+Description: Execute bash commands for system exploration and development tasks. This tool has built-in security with allow/deny lists. By default, only safe read-only commands are allowed for code exploration.
+
+Parameters:
+- command: (required) The bash command to execute
+- workingDirectory: (optional) Directory to execute the command in
+- timeout: (optional) Command timeout in milliseconds
+- env: (optional) Additional environment variables as an object
+
+Security: Commands are filtered through allow/deny lists for safety:
+- Allowed by default: ls, cat, git status, npm list, find, grep, etc.
+- Denied by default: rm -rf, sudo, npm install, dangerous system commands
+
+Usage Examples:
+
+<examples>
+
+User: What files are in the src directory?
+<bash>
+<command>ls -la src/</command>
+</bash>
+
+User: Show me the git status
+<bash>
+<command>git status</command>
+</bash>
+
+User: Find all TypeScript files
+<bash>
+<command>find . -name "*.ts" -type f</command>
+</bash>
+
+User: Check installed npm packages
+<bash>
+<command>npm list --depth=0</command>
+</bash>
+
+User: Search for TODO comments in code
+<bash>
+<command>grep -r "TODO" src/</command>
+</bash>
+
+User: Show recent git commits
+<bash>
+<command>git log --oneline -10</command>
+</bash>
+
+User: Check system info
+<bash>
+<command>uname -a</command>
+</bash>
+
+</examples>
+`;
+    searchDescription = "Search code in the repository using Elasticsearch-like query syntax. Use this tool first for any code-related questions.";
+    queryDescription = "Search code using ast-grep structural pattern matching. Use this tool to find specific code structures like functions, classes, or methods.";
+    extractDescription = "Extract code blocks from files based on file paths and optional line numbers. Use this tool to see complete context after finding relevant files.";
+    delegateDescription = "Automatically delegate big distinct tasks to specialized probe subagents within the agentic loop. Used by AI agents to break down complex requests into focused, parallel tasks.";
+    DEFAULT_VALID_TOOLS = [
+      "search",
+      "query",
+      "extract",
+      "delegate",
+      "listFiles",
+      "searchFiles",
+      "implement",
+      "bash",
+      "attempt_completion"
+    ];
   }
 });
 
-// src/agent/bashPermissions.js
-function matchesPattern(parsedCommand, pattern) {
-  if (!parsedCommand || !pattern) return false;
-  const { command, args } = parsedCommand;
-  if (!command) return false;
-  const patternParts = pattern.split(":");
-  const commandName = patternParts[0];
-  if (commandName === "*") {
-    return true;
-  } else if (commandName !== command) {
-    return false;
-  }
-  if (patternParts.length === 1) {
-    return true;
-  }
-  for (let i4 = 1; i4 < patternParts.length; i4++) {
-    const patternArg = patternParts[i4];
-    const argIndex = i4 - 1;
-    if (patternArg === "*") {
-      continue;
-    }
-    if (argIndex >= args.length) {
-      return false;
-    }
-    const actualArg = args[argIndex];
-    if (patternArg !== actualArg) {
-      return false;
-    }
-  }
-  return true;
-}
-function matchesAnyPattern(parsedCommand, patterns) {
-  if (!patterns || patterns.length === 0) return false;
-  return patterns.some((pattern) => matchesPattern(parsedCommand, pattern));
-}
-var BashPermissionChecker;
-var init_bashPermissions = __esm({
-  "src/agent/bashPermissions.js"() {
+// src/tools/vercel.js
+var import_ai2, searchTool, queryTool, extractTool, delegateTool;
+var init_vercel = __esm({
+  "src/tools/vercel.js"() {
     "use strict";
-    init_bashDefaults();
-    init_bashCommandUtils();
-    BashPermissionChecker = class {
-      /**
-       * Create a permission checker
-       * @param {Object} config - Configuration options
-       * @param {string[]} [config.allow] - Additional allow patterns
-       * @param {string[]} [config.deny] - Additional deny patterns
-       * @param {boolean} [config.disableDefaultAllow] - Disable default allow list
-       * @param {boolean} [config.disableDefaultDeny] - Disable default deny list
-       * @param {boolean} [config.debug] - Enable debug logging
-       */
-      constructor(config = {}) {
-        this.debug = config.debug || false;
-        this.allowPatterns = [];
-        if (!config.disableDefaultAllow) {
-          this.allowPatterns.push(...DEFAULT_ALLOW_PATTERNS);
-          if (this.debug) {
-            console.log(`[BashPermissions] Added ${DEFAULT_ALLOW_PATTERNS.length} default allow patterns`);
-          }
-        }
-        if (config.allow && Array.isArray(config.allow)) {
-          this.allowPatterns.push(...config.allow);
-          if (this.debug) {
-            console.log(`[BashPermissions] Added ${config.allow.length} custom allow patterns:`, config.allow);
-          }
-        }
-        this.denyPatterns = [];
-        if (!config.disableDefaultDeny) {
-          this.denyPatterns.push(...DEFAULT_DENY_PATTERNS);
-          if (this.debug) {
-            console.log(`[BashPermissions] Added ${DEFAULT_DENY_PATTERNS.length} default deny patterns`);
-          }
-        }
-        if (config.deny && Array.isArray(config.deny)) {
-          this.denyPatterns.push(...config.deny);
-          if (this.debug) {
-            console.log(`[BashPermissions] Added ${config.deny.length} custom deny patterns:`, config.deny);
-          }
-        }
-        if (this.debug) {
-          console.log(`[BashPermissions] Total patterns - Allow: ${this.allowPatterns.length}, Deny: ${this.denyPatterns.length}`);
-        }
-      }
-      /**
-       * Check if a simple command is allowed (complex commands allowed if they match patterns)
-       * @param {string} command - Command to check
-       * @returns {Object} Permission result
-       */
-      check(command) {
-        if (!command || typeof command !== "string") {
-          return {
-            allowed: false,
-            reason: "Invalid or empty command",
-            command
-          };
-        }
-        const commandIsComplex = isComplexCommand(command);
-        if (commandIsComplex) {
-          return this._checkComplexCommand(command);
-        }
-        const parsed = parseCommand(command);
-        if (parsed.error) {
-          return {
-            allowed: false,
-            reason: parsed.error,
-            command
-          };
-        }
-        if (!parsed.command) {
-          return {
-            allowed: false,
-            reason: "No valid command found",
-            command
-          };
-        }
-        if (this.debug) {
-          console.log(`[BashPermissions] Checking simple command: "${command}"`);
-          console.log(`[BashPermissions] Parsed: ${parsed.command} with args: [${parsed.args.join(", ")}]`);
-        }
-        if (matchesAnyPattern(parsed, this.denyPatterns)) {
-          const matchedPatterns = this.denyPatterns.filter((pattern) => matchesPattern(parsed, pattern));
-          return {
-            allowed: false,
-            reason: `Command matches deny pattern: ${matchedPatterns[0]}`,
-            command,
-            parsed,
-            matchedPatterns
-          };
-        }
-        if (this.allowPatterns.length > 0) {
-          if (!matchesAnyPattern(parsed, this.allowPatterns)) {
-            return {
-              allowed: false,
-              reason: "Command not in allow list",
-              command,
-              parsed
-            };
-          }
-        }
-        const result = {
-          allowed: true,
-          command,
-          parsed,
-          isComplex: false
-        };
-        if (this.debug) {
-          console.log(`[BashPermissions] ALLOWED - command passed all checks`);
-        }
-        return result;
-      }
-      /**
-       * Check a complex command against complex patterns in allow/deny lists
-       * @private
-       * @param {string} command - Complex command to check
-       * @returns {Object} Permission result
-       */
-      _checkComplexCommand(command) {
-        if (this.debug) {
-          console.log(`[BashPermissions] Checking complex command: "${command}"`);
-        }
-        const complexAllowPatterns = this.allowPatterns.filter((p4) => isComplexPattern(p4));
-        const complexDenyPatterns = this.denyPatterns.filter((p4) => isComplexPattern(p4));
-        if (this.debug) {
-          console.log(`[BashPermissions] Complex allow patterns: ${complexAllowPatterns.length}`);
-          console.log(`[BashPermissions] Complex deny patterns: ${complexDenyPatterns.length}`);
-        }
-        for (const pattern of complexDenyPatterns) {
-          if (matchesComplexPattern(command, pattern)) {
-            if (this.debug) {
-              console.log(`[BashPermissions] DENIED - matches complex deny pattern: ${pattern}`);
+    import_ai2 = require("ai");
+    init_search();
+    init_query();
+    init_extract();
+    init_delegate();
+    init_common2();
+    searchTool = (options = {}) => {
+      const { sessionId, maxTokens = 1e4, debug = false, outline = false } = options;
+      return (0, import_ai2.tool)({
+        name: "search",
+        description: searchDescription,
+        inputSchema: searchSchema,
+        execute: async ({ query: searchQuery, path: path9, allow_tests, exact, maxTokens: paramMaxTokens, language }) => {
+          try {
+            const effectiveMaxTokens = paramMaxTokens || maxTokens;
+            let searchPaths;
+            if (path9) {
+              searchPaths = parseAndResolvePaths(path9, options.cwd);
             }
-            return {
-              allowed: false,
-              reason: `Command matches deny pattern: ${pattern}`,
-              command,
-              isComplex: true,
-              matchedPatterns: [pattern]
+            if (!searchPaths || searchPaths.length === 0) {
+              searchPaths = [options.cwd || "."];
+            }
+            const searchPath = searchPaths.join(" ");
+            if (debug) {
+              console.error(`Executing search with query: "${searchQuery}", path: "${searchPath}", exact: ${exact ? "true" : "false"}, language: ${language || "all"}, session: ${sessionId || "none"}`);
+            }
+            const searchOptions = {
+              query: searchQuery,
+              path: searchPath,
+              cwd: options.cwd,
+              // Working directory for resolving relative paths
+              allowTests: allow_tests ?? true,
+              exact,
+              json: false,
+              maxTokens: effectiveMaxTokens,
+              session: sessionId,
+              // Pass session ID if provided
+              language
+              // Pass language parameter if provided
             };
+            if (outline) {
+              searchOptions.format = "outline-xml";
+            }
+            const results = await search(searchOptions);
+            return results;
+          } catch (error2) {
+            console.error("Error executing search command:", error2);
+            return `Error executing search command: ${error2.message}`;
           }
         }
-        for (const pattern of complexAllowPatterns) {
-          if (matchesComplexPattern(command, pattern)) {
-            if (this.debug) {
-              console.log(`[BashPermissions] ALLOWED - matches complex allow pattern: ${pattern}`);
+      });
+    };
+    queryTool = (options = {}) => {
+      const { debug = false } = options;
+      return (0, import_ai2.tool)({
+        name: "query",
+        description: queryDescription,
+        inputSchema: querySchema,
+        execute: async ({ pattern, path: path9, language, allow_tests }) => {
+          try {
+            let queryPaths;
+            if (path9) {
+              queryPaths = parseAndResolvePaths(path9, options.cwd);
             }
-            return {
-              allowed: true,
-              command,
-              isComplex: true,
-              matchedPattern: pattern
-            };
+            if (!queryPaths || queryPaths.length === 0) {
+              queryPaths = [options.cwd || "."];
+            }
+            const queryPath = queryPaths.join(" ");
+            if (debug) {
+              console.error(`Executing query with pattern: "${pattern}", path: "${queryPath}", language: ${language || "auto"}`);
+            }
+            const results = await query({
+              pattern,
+              path: queryPath,
+              cwd: options.cwd,
+              // Working directory for resolving relative paths
+              language,
+              allowTests: allow_tests ?? true,
+              json: false
+            });
+            return results;
+          } catch (error2) {
+            console.error("Error executing query command:", error2);
+            return `Error executing query command: ${error2.message}`;
           }
         }
-        if (this.debug) {
-          console.log(`[BashPermissions] DENIED - no matching complex pattern found`);
-        }
-        return {
-          allowed: false,
-          reason: 'Complex shell commands require explicit allow patterns (e.g., "cd * && git *")',
-          command,
-          isComplex: true
-        };
-      }
-      /**
-       * Get configuration summary
-       * @returns {Object} Configuration info
-       */
-      getConfig() {
-        return {
-          allowPatterns: this.allowPatterns.length,
-          denyPatterns: this.denyPatterns.length,
-          totalPatterns: this.allowPatterns.length + this.denyPatterns.length
-        };
-      }
-    };
-  }
-});
-
-// src/agent/bashExecutor.js
-async function executeBashCommand(command, options = {}) {
-  const {
-    workingDirectory = process.cwd(),
-    timeout = 12e4,
-    // 2 minutes default
-    env = {},
-    maxBuffer = 10 * 1024 * 1024,
-    // 10MB
-    debug = false
-  } = options;
-  let cwd = workingDirectory;
-  try {
-    cwd = (0, import_path6.resolve)(cwd);
-    if (!(0, import_fs4.existsSync)(cwd)) {
-      throw new Error(`Working directory does not exist: ${cwd}`);
-    }
-  } catch (error2) {
-    return {
-      success: false,
-      error: `Invalid working directory: ${error2.message}`,
-      stdout: "",
-      stderr: "",
-      exitCode: 1,
-      command,
-      workingDirectory: cwd,
-      duration: 0
-    };
-  }
-  const startTime = Date.now();
-  if (debug) {
-    console.log(`[BashExecutor] Executing command: "${command}"`);
-    console.log(`[BashExecutor] Working directory: "${cwd}"`);
-    console.log(`[BashExecutor] Timeout: ${timeout}ms`);
-  }
-  return new Promise((resolve6, reject2) => {
-    const processEnv = {
-      ...process.env,
-      ...env
+      });
     };
-    const isComplex = isComplexCommand(command);
-    let cmd, cmdArgs, useShell;
-    if (isComplex) {
-      cmd = "sh";
-      cmdArgs = ["-c", command];
-      useShell = false;
-      if (debug) {
-        console.log(`[BashExecutor] Complex command - using sh -c`);
-      }
-    } else {
-      const args = parseCommandForExecution(command);
-      if (!args || args.length === 0) {
-        resolve6({
-          success: false,
-          error: "Failed to parse command",
-          stdout: "",
-          stderr: "",
-          exitCode: 1,
-          command,
-          workingDirectory: cwd,
-          duration: Date.now() - startTime
-        });
-        return;
-      }
-      [cmd, ...cmdArgs] = args;
-      useShell = false;
-    }
-    const child = (0, import_child_process6.spawn)(cmd, cmdArgs, {
-      cwd,
-      env: processEnv,
-      stdio: ["ignore", "pipe", "pipe"],
-      // stdin ignored, capture stdout/stderr
-      shell: useShell,
-      // false for security
-      windowsHide: true
-    });
-    let stdout = "";
-    let stderr = "";
-    let killed = false;
-    let timeoutHandle;
-    if (timeout > 0) {
-      timeoutHandle = setTimeout(() => {
-        if (!killed) {
-          killed = true;
-          child.kill("SIGTERM");
-          setTimeout(() => {
-            if (child.exitCode === null) {
-              child.kill("SIGKILL");
+    extractTool = (options = {}) => {
+      const { debug = false, outline = false } = options;
+      return (0, import_ai2.tool)({
+        name: "extract",
+        description: extractDescription,
+        inputSchema: extractSchema,
+        execute: async ({ targets, input_content, line, end_line, allow_tests, context_lines, format: format2 }) => {
+          try {
+            const effectiveCwd = options.cwd || ".";
+            if (debug) {
+              if (targets) {
+                console.error(`Executing extract with targets: "${targets}", cwd: "${effectiveCwd}", context lines: ${context_lines || 10}`);
+              } else if (input_content) {
+                console.error(`Executing extract with input content, cwd: "${effectiveCwd}", context lines: ${context_lines || 10}`);
+              }
             }
-          }, 5e3);
-        }
-      }, timeout);
-    }
-    child.stdout.on("data", (data2) => {
-      const chunk = data2.toString();
-      if (stdout.length + chunk.length <= maxBuffer) {
-        stdout += chunk;
-      } else {
-        if (!killed) {
-          killed = true;
-          child.kill("SIGTERM");
-        }
-      }
-    });
-    child.stderr.on("data", (data2) => {
-      const chunk = data2.toString();
-      if (stderr.length + chunk.length <= maxBuffer) {
-        stderr += chunk;
-      } else {
-        if (!killed) {
-          killed = true;
-          child.kill("SIGTERM");
-        }
-      }
-    });
-    child.on("close", (code, signal) => {
-      if (timeoutHandle) {
-        clearTimeout(timeoutHandle);
-      }
-      const duration = Date.now() - startTime;
-      if (debug) {
-        console.log(`[BashExecutor] Command completed - Code: ${code}, Signal: ${signal}, Duration: ${duration}ms`);
-        console.log(`[BashExecutor] Stdout length: ${stdout.length}, Stderr length: ${stderr.length}`);
-      }
-      let success = true;
-      let error2 = "";
-      if (killed) {
-        success = false;
-        if (stdout.length + stderr.length > maxBuffer) {
-          error2 = `Command output exceeded maximum buffer size (${maxBuffer} bytes)`;
-        } else {
-          error2 = `Command timed out after ${timeout}ms`;
+            let tempFilePath = null;
+            let extractOptions = { cwd: effectiveCwd };
+            if (input_content) {
+              const { writeFileSync: writeFileSync2, unlinkSync } = await import("fs");
+              const { join: join3 } = await import("path");
+              const { tmpdir } = await import("os");
+              const { randomUUID: randomUUID6 } = await import("crypto");
+              tempFilePath = join3(tmpdir(), `probe-extract-${randomUUID6()}.txt`);
+              writeFileSync2(tempFilePath, input_content);
+              if (debug) {
+                console.error(`Created temporary file for input content: ${tempFilePath}`);
+              }
+              let effectiveFormat = format2;
+              if (outline && format2 === "outline-xml") {
+                effectiveFormat = "xml";
+              }
+              extractOptions = {
+                inputFile: tempFilePath,
+                cwd: effectiveCwd,
+                allowTests: allow_tests ?? true,
+                contextLines: context_lines,
+                format: effectiveFormat
+              };
+            } else if (targets) {
+              const parsedTargets = parseTargets(targets);
+              const files = parsedTargets.map((target) => resolveTargetPath(target, effectiveCwd));
+              let effectiveFormat = format2;
+              if (outline && format2 === "outline-xml") {
+                effectiveFormat = "xml";
+              }
+              extractOptions = {
+                files,
+                cwd: effectiveCwd,
+                allowTests: allow_tests ?? true,
+                contextLines: context_lines,
+                format: effectiveFormat
+              };
+            } else {
+              throw new Error("Either targets or input_content must be provided");
+            }
+            const results = await extract(extractOptions);
+            if (tempFilePath) {
+              const { unlinkSync } = await import("fs");
+              try {
+                unlinkSync(tempFilePath);
+                if (debug) {
+                  console.error(`Removed temporary file: ${tempFilePath}`);
+                }
+              } catch (cleanupError) {
+                console.error(`Warning: Failed to remove temporary file: ${cleanupError.message}`);
+              }
+            }
+            return results;
+          } catch (error2) {
+            console.error("Error executing extract command:", error2);
+            return `Error executing extract command: ${error2.message}`;
+          }
         }
-      } else if (code !== 0) {
-        success = false;
-        error2 = `Command exited with code ${code}`;
-      }
-      resolve6({
-        success,
-        error: error2,
-        stdout: stdout.trim(),
-        stderr: stderr.trim(),
-        exitCode: code,
-        signal,
-        command,
-        workingDirectory: cwd,
-        duration,
-        killed
       });
-    });
-    child.on("error", (error2) => {
-      if (timeoutHandle) {
-        clearTimeout(timeoutHandle);
-      }
-      if (debug) {
-        console.log(`[BashExecutor] Spawn error:`, error2);
-      }
-      resolve6({
-        success: false,
-        error: `Failed to execute command: ${error2.message}`,
-        stdout: "",
-        stderr: "",
-        exitCode: 1,
-        command,
-        workingDirectory: cwd,
-        duration: Date.now() - startTime
+    };
+    delegateTool = (options = {}) => {
+      const { debug = false, timeout = 300, cwd, allowedFolders, enableBash = false, bashConfig } = options;
+      return (0, import_ai2.tool)({
+        name: "delegate",
+        description: delegateDescription,
+        inputSchema: delegateSchema,
+        execute: async ({ task, currentIteration, maxIterations, parentSessionId, path: path9, provider, model, tracer }) => {
+          if (!task || typeof task !== "string") {
+            throw new Error("Task parameter is required and must be a non-empty string");
+          }
+          if (task.trim().length === 0) {
+            throw new Error("Task parameter cannot be empty or whitespace only");
+          }
+          if (currentIteration !== void 0 && (typeof currentIteration !== "number" || currentIteration < 0)) {
+            throw new Error("currentIteration must be a non-negative number");
+          }
+          if (maxIterations !== void 0 && (typeof maxIterations !== "number" || maxIterations < 1)) {
+            throw new Error("maxIterations must be a positive number");
+          }
+          if (parentSessionId !== void 0 && parentSessionId !== null && typeof parentSessionId !== "string") {
+            throw new TypeError("parentSessionId must be a string, null, or undefined");
+          }
+          if (path9 !== void 0 && path9 !== null && typeof path9 !== "string") {
+            throw new TypeError("path must be a string, null, or undefined");
+          }
+          if (provider !== void 0 && provider !== null && typeof provider !== "string") {
+            throw new TypeError("provider must be a string, null, or undefined");
+          }
+          if (model !== void 0 && model !== null && typeof model !== "string") {
+            throw new TypeError("model must be a string, null, or undefined");
+          }
+          const workspaceRoot = allowedFolders && allowedFolders[0];
+          const effectivePath = path9 || workspaceRoot || cwd;
+          if (debug) {
+            console.error(`Executing delegate with task: "${task.substring(0, 100)}${task.length > 100 ? "..." : ""}"`);
+            if (parentSessionId) {
+              console.error(`Parent session: ${parentSessionId}`);
+            }
+            if (effectivePath && effectivePath !== path9) {
+              console.error(`Using workspace root: ${effectivePath} (cwd was: ${cwd || "not set"})`);
+            }
+          }
+          const result = await delegate({
+            task,
+            timeout,
+            debug,
+            currentIteration: currentIteration || 0,
+            maxIterations: maxIterations || 30,
+            parentSessionId,
+            path: effectivePath,
+            provider,
+            model,
+            tracer,
+            enableBash,
+            bashConfig
+          });
+          return result;
+        }
       });
-    });
-  });
-}
-function formatExecutionResult(result, includeMetadata = false) {
-  if (!result) {
-    return "No result available";
+    };
+  }
+});
+
+// src/agent/bashDefaults.js
+var DEFAULT_ALLOW_PATTERNS, DEFAULT_DENY_PATTERNS;
+var init_bashDefaults = __esm({
+  "src/agent/bashDefaults.js"() {
+    "use strict";
+    DEFAULT_ALLOW_PATTERNS = [
+      // Basic navigation and listing
+      "ls",
+      "dir",
+      "pwd",
+      "cd",
+      "cd:*",
+      // File reading commands
+      "cat",
+      "cat:*",
+      "head",
+      "head:*",
+      "tail",
+      "tail:*",
+      "less",
+      "more",
+      "view",
+      // File information and metadata
+      "file",
+      "file:*",
+      "stat",
+      "stat:*",
+      "wc",
+      "wc:*",
+      "du",
+      "du:*",
+      "df",
+      "df:*",
+      "realpath",
+      "realpath:*",
+      // Search and find commands (read-only) - find restricted to safe operations
+      "find",
+      "find:-name:*",
+      "find:-type:*",
+      "find:-size:*",
+      "find:-mtime:*",
+      "find:-newer:*",
+      "find:-path:*",
+      "find:-iname:*",
+      "find:-maxdepth:*",
+      "find:-mindepth:*",
+      "find:-print",
+      "grep",
+      "grep:*",
+      "egrep",
+      "egrep:*",
+      "fgrep",
+      "fgrep:*",
+      "rg",
+      "rg:*",
+      "ag",
+      "ag:*",
+      "ack",
+      "ack:*",
+      "which",
+      "which:*",
+      "whereis",
+      "whereis:*",
+      "locate",
+      "locate:*",
+      "type",
+      "type:*",
+      "command",
+      "command:*",
+      // Tree and structure visualization
+      "tree",
+      "tree:*",
+      // Git read-only operations
+      "git:status",
+      "git:log",
+      "git:log:*",
+      "git:diff",
+      "git:diff:*",
+      "git:show",
+      "git:show:*",
+      "git:branch",
+      "git:branch:*",
+      "git:tag",
+      "git:tag:*",
+      "git:describe",
+      "git:describe:*",
+      "git:remote",
+      "git:remote:*",
+      "git:config:*",
+      "git:blame",
+      "git:blame:*",
+      "git:shortlog",
+      "git:reflog",
+      "git:ls-files",
+      "git:ls-tree",
+      "git:rev-parse",
+      "git:rev-list",
+      "git:--version",
+      "git:help",
+      "git:help:*",
+      // Package managers (information only)
+      "npm:list",
+      "npm:ls",
+      "npm:view",
+      "npm:info",
+      "npm:show",
+      "npm:outdated",
+      "npm:audit",
+      "npm:--version",
+      "yarn:list",
+      "yarn:info",
+      "yarn:--version",
+      "pnpm:list",
+      "pnpm:--version",
+      "pip:list",
+      "pip:show",
+      "pip:--version",
+      "pip3:list",
+      "pip3:show",
+      "pip3:--version",
+      "gem:list",
+      "gem:--version",
+      "bundle:list",
+      "bundle:show",
+      "bundle:--version",
+      "composer:show",
+      "composer:--version",
+      // Language and runtime versions
+      "node:--version",
+      "node:-v",
+      "python:--version",
+      "python:-V",
+      "python3:--version",
+      "python3:-V",
+      "ruby:--version",
+      "ruby:-v",
+      "go:version",
+      "go:env",
+      "go:list",
+      "go:mod:graph",
+      "rustc:--version",
+      "cargo:--version",
+      "cargo:tree",
+      "cargo:metadata",
+      "java:--version",
+      "java:-version",
+      "javac:--version",
+      "mvn:--version",
+      "gradle:--version",
+      "php:--version",
+      "dotnet:--version",
+      "dotnet:list",
+      // Database client versions (connection info only)
+      "psql:--version",
+      "mysql:--version",
+      "redis-cli:--version",
+      "mongo:--version",
+      "sqlite3:--version",
+      // System information
+      "uname",
+      "uname:*",
+      "hostname",
+      "whoami",
+      "id",
+      "groups",
+      "date",
+      "cal",
+      "uptime",
+      "w",
+      "users",
+      "sleep",
+      "sleep:*",
+      // Environment and shell
+      "env",
+      "printenv",
+      "echo",
+      "echo:*",
+      "printf",
+      "printf:*",
+      "export",
+      "export:*",
+      "set",
+      "unset",
+      // Process information (read-only)
+      "ps",
+      "ps:*",
+      "pgrep",
+      "pgrep:*",
+      "jobs",
+      "top:-n:1",
+      // Network information (read-only)
+      "ifconfig",
+      "ip:addr",
+      "ip:link",
+      "hostname:-I",
+      "ping:-c:*",
+      "traceroute",
+      "nslookup",
+      "dig",
+      // Text processing and utilities (awk removed - too powerful)
+      "sed:-n:*",
+      "cut",
+      "cut:*",
+      "sort",
+      "sort:*",
+      "uniq",
+      "uniq:*",
+      "tr",
+      "tr:*",
+      "column",
+      "column:*",
+      "paste",
+      "paste:*",
+      "join",
+      "join:*",
+      "comm",
+      "comm:*",
+      "diff",
+      "diff:*",
+      "cmp",
+      "cmp:*",
+      "patch:--dry-run:*",
+      // Hashing and encoding (read-only)
+      "md5sum",
+      "md5sum:*",
+      "sha1sum",
+      "sha1sum:*",
+      "sha256sum",
+      "sha256sum:*",
+      "base64",
+      "base64:-d",
+      "od",
+      "od:*",
+      "hexdump",
+      "hexdump:*",
+      // Archive and compression (list/view only)
+      "tar:-tf:*",
+      "tar:-tzf:*",
+      "unzip:-l:*",
+      "zip:-l:*",
+      "gzip:-l:*",
+      "gunzip:-l:*",
+      // Help and documentation
+      "man",
+      "man:*",
+      "--help",
+      "help",
+      "info",
+      "info:*",
+      "whatis",
+      "whatis:*",
+      "apropos",
+      "apropos:*",
+      // Make (dry run and info)
+      "make:-n",
+      "make:--dry-run",
+      "make:-p",
+      "make:--print-data-base",
+      // Docker (read-only operations)
+      "docker:ps",
+      "docker:images",
+      "docker:version",
+      "docker:info",
+      "docker:logs:*",
+      "docker:inspect:*",
+      // Test runners (list/info only)
+      "jest:--listTests",
+      "mocha:--help",
+      "pytest:--collect-only"
+    ];
+    DEFAULT_DENY_PATTERNS = [
+      // Dangerous file operations
+      "rm:-rf",
+      "rm:-f:/",
+      "rm:/",
+      "rm:-rf:*",
+      "rmdir",
+      "chmod:777",
+      "chmod:-R:777",
+      "chown",
+      "chgrp",
+      "dd",
+      "dd:*",
+      "shred",
+      "shred:*",
+      // Dangerous find operations that can execute arbitrary commands
+      "find:-exec:*",
+      "find:*:-exec:*",
+      "find:-execdir:*",
+      "find:*:-execdir:*",
+      "find:-ok:*",
+      "find:*:-ok:*",
+      "find:-okdir:*",
+      "find:*:-okdir:*",
+      // Powerful scripting tools that can execute arbitrary commands
+      "awk",
+      "awk:*",
+      "perl",
+      "perl:*",
+      "python:-c:*",
+      "node:-e:*",
+      // System administration and modification
+      "sudo:*",
+      "su",
+      "su:*",
+      "passwd",
+      "adduser",
+      "useradd",
+      "userdel",
+      "usermod",
+      "groupadd",
+      "groupdel",
+      "visudo",
+      // Package installation and removal
+      "npm:install",
+      "npm:i",
+      "npm:uninstall",
+      "npm:publish",
+      "npm:unpublish",
+      "npm:link",
+      "npm:update",
+      "yarn:install",
+      "yarn:add",
+      "yarn:remove",
+      "yarn:upgrade",
+      "pnpm:install",
+      "pnpm:add",
+      "pnpm:remove",
+      "pip:install",
+      "pip:uninstall",
+      "pip:upgrade",
+      "pip3:install",
+      "pip3:uninstall",
+      "pip3:upgrade",
+      "gem:install",
+      "gem:uninstall",
+      "gem:update",
+      "bundle:install",
+      "bundle:update",
+      "composer:install",
+      "composer:update",
+      "composer:remove",
+      "apt:*",
+      "apt-get:*",
+      "yum:*",
+      "dnf:*",
+      "zypper:*",
+      "brew:install",
+      "brew:uninstall",
+      "brew:upgrade",
+      "conda:install",
+      "conda:remove",
+      "conda:update",
+      // Service and system control
+      "systemctl:*",
+      "service:*",
+      "chkconfig:*",
+      "initctl:*",
+      "upstart:*",
+      // Network operations that could be dangerous
+      "curl:-d:*",
+      "curl:--data:*",
+      "curl:-X:POST:*",
+      "curl:-X:PUT:*",
+      "wget:-O:/",
+      "wget:--post-data:*",
+      "ssh",
+      "ssh:*",
+      "scp",
+      "scp:*",
+      "sftp",
+      "sftp:*",
+      "rsync:*",
+      "nc",
+      "nc:*",
+      "netcat",
+      "netcat:*",
+      "telnet",
+      "telnet:*",
+      "ftp",
+      "ftp:*",
+      // Process control and termination
+      "kill",
+      "kill:*",
+      "killall",
+      "killall:*",
+      "pkill",
+      "pkill:*",
+      "nohup:*",
+      "disown:*",
+      // System control and shutdown
+      "shutdown",
+      "shutdown:*",
+      "reboot",
+      "halt",
+      "poweroff",
+      "init",
+      "telinit",
+      // Kernel and module operations
+      "insmod",
+      "insmod:*",
+      "rmmod",
+      "rmmod:*",
+      "modprobe",
+      "modprobe:*",
+      "sysctl:-w:*",
+      // Dangerous git operations
+      "git:push",
+      "git:push:*",
+      "git:force",
+      "git:reset:--hard:*",
+      "git:clean:-fd",
+      "git:rm:*",
+      "git:commit",
+      "git:merge",
+      "git:rebase",
+      "git:cherry-pick",
+      "git:stash:drop",
+      // File system mounting and partitioning
+      "mount",
+      "mount:*",
+      "umount",
+      "umount:*",
+      "fdisk",
+      "fdisk:*",
+      "parted",
+      "parted:*",
+      "mkfs",
+      "mkfs:*",
+      "fsck",
+      "fsck:*",
+      // Cron and scheduling
+      "crontab",
+      "crontab:*",
+      "at",
+      "at:*",
+      "batch",
+      "batch:*",
+      // Compression with potential overwrite
+      "tar:-xf:*",
+      "unzip",
+      "unzip:*",
+      "gzip:*",
+      "gunzip:*",
+      // Build and compilation that might modify files
+      "make",
+      "make:install",
+      "make:clean",
+      "cargo:build",
+      "cargo:install",
+      "npm:run:build",
+      "yarn:build",
+      "mvn:install",
+      "gradle:build",
+      // Docker operations that could modify state
+      "docker:run",
+      "docker:run:*",
+      "docker:exec",
+      "docker:exec:*",
+      "docker:build",
+      "docker:build:*",
+      "docker:pull",
+      "docker:push",
+      "docker:rm",
+      "docker:rmi",
+      "docker:stop",
+      "docker:start",
+      // Database operations
+      "mysql:-e:DROP",
+      "psql:-c:DROP",
+      "redis-cli:FLUSHALL",
+      "mongo:--eval:*",
+      // Text editors that could modify files
+      "vi",
+      "vi:*",
+      "vim",
+      "vim:*",
+      "nano",
+      "nano:*",
+      "emacs",
+      "emacs:*",
+      "sed:-i:*",
+      "perl:-i:*",
+      // Potentially dangerous utilities
+      "eval",
+      "eval:*",
+      "exec",
+      "exec:*",
+      "source",
+      "source:*",
+      "bash:-c:*",
+      "sh:-c:*",
+      "zsh:-c:*"
+    ];
   }
-  let output = "";
-  if (includeMetadata) {
-    output += `Command: ${result.command}
-`;
-    output += `Working directory: ${result.workingDirectory}
-`;
-    output += `Duration: ${result.duration}ms
-`;
-    output += `Exit Code: ${result.exitCode}
-`;
-    if (result.signal) {
-      output += `Signal: ${result.signal}
-`;
+});
+
+// src/agent/bashCommandUtils.js
+function parseSimpleCommand(command) {
+  if (!command || typeof command !== "string") {
+    return {
+      success: false,
+      error: "Command must be a non-empty string",
+      command: null,
+      args: [],
+      isComplex: false
+    };
+  }
+  const trimmed = command.trim();
+  if (!trimmed) {
+    return {
+      success: false,
+      error: "Command cannot be empty",
+      command: null,
+      args: [],
+      isComplex: false
+    };
+  }
+  const complexPatterns = [
+    /\|/,
+    // Pipes
+    /&&/,
+    // Logical AND
+    /\|\|/,
+    // Logical OR
+    /(?<!\\);/,
+    // Command separator (but not escaped \;)
+    /&$/,
+    // Background execution
+    /\$\(/,
+    // Command substitution $()
+    /`/,
+    // Command substitution ``
+    />/,
+    // Redirection >
+    /</,
+    // Redirection <
+    /\*\*/,
+    // Glob patterns (potentially dangerous)
+    /^\s*\{.*,.*\}|\{.*\.\.\.*\}/
+    // Brace expansion like {a,b} or {1..10} (but not find {} placeholders)
+  ];
+  for (const pattern of complexPatterns) {
+    if (pattern.test(trimmed)) {
+      return {
+        success: false,
+        error: "Complex shell commands with pipes, operators, or redirections are not supported for security reasons",
+        command: null,
+        args: [],
+        isComplex: true,
+        detected: pattern.toString()
+      };
     }
-    output += "\n";
   }
-  if (result.stdout) {
-    if (includeMetadata) {
-      output += "--- STDOUT ---\n";
+  const args = [];
+  let current = "";
+  let inQuotes = false;
+  let quoteChar = "";
+  let escaped = false;
+  for (let i4 = 0; i4 < trimmed.length; i4++) {
+    const char = trimmed[i4];
+    const nextChar = i4 + 1 < trimmed.length ? trimmed[i4 + 1] : "";
+    if (escaped) {
+      current += char;
+      escaped = false;
+      continue;
     }
-    output += result.stdout;
-    if (includeMetadata && result.stderr) {
-      output += "\n";
+    if (char === "\\" && !inQuotes) {
+      escaped = true;
+      continue;
     }
-  }
-  if (result.stderr) {
-    if (includeMetadata) {
-      if (result.stdout) output += "\n";
-      output += "--- STDERR ---\n";
-    } else if (result.stdout) {
-      output += "\n--- STDERR ---\n";
+    if (!inQuotes && (char === '"' || char === "'")) {
+      inQuotes = true;
+      quoteChar = char;
+    } else if (inQuotes && char === quoteChar) {
+      inQuotes = false;
+      quoteChar = "";
+    } else if (!inQuotes && char === " ") {
+      if (current.trim()) {
+        args.push(current.trim());
+        current = "";
+      }
+    } else {
+      current += char;
     }
-    output += result.stderr;
   }
-  if (!result.success && result.error && !result.stderr) {
-    if (output) output += "\n";
-    output += `Error: ${result.error}`;
+  if (current.trim()) {
+    args.push(current.trim());
   }
-  if (!result.success && result.exitCode !== void 0 && result.exitCode !== 0) {
-    if (output) output += "\n";
-    output += `Exit code: ${result.exitCode}`;
+  if (inQuotes) {
+    return {
+      success: false,
+      error: `Unclosed quote in command: ${quoteChar}`,
+      command: null,
+      args: [],
+      isComplex: false
+    };
+  }
+  if (args.length === 0) {
+    return {
+      success: false,
+      error: "No command found after parsing",
+      command: null,
+      args: [],
+      isComplex: false
+    };
+  }
+  const [baseCommand, ...commandArgs] = args;
+  return {
+    success: true,
+    error: null,
+    command: baseCommand,
+    args: commandArgs,
+    fullArgs: args,
+    isComplex: false,
+    original: command
+  };
+}
+function isComplexCommand(command) {
+  const result = parseSimpleCommand(command);
+  return result.isComplex;
+}
+function isComplexPattern(pattern) {
+  if (!pattern || typeof pattern !== "string") return false;
+  const operatorPatterns = [
+    /\|/,
+    // Pipes
+    /&&/,
+    // Logical AND
+    /\|\|/,
+    // Logical OR
+    /;/,
+    // Command separator
+    /&$/,
+    // Background execution
+    /\$\(/,
+    // Command substitution $()
+    /`/,
+    // Command substitution ``
+    />/,
+    // Redirection >
+    /</
+    // Redirection <
+  ];
+  return operatorPatterns.some((p4) => p4.test(pattern));
+}
+function globToRegex(pattern) {
+  let escaped = pattern.replace(/[.+?^${}()|[\]\\]/g, "\\$&");
+  escaped = escaped.replace(/\*/g, ".*?");
+  return new RegExp("^" + escaped + "$", "i");
+}
+function matchesComplexPattern(command, pattern) {
+  if (!command || !pattern) return false;
+  const normalizedCommand = command.trim().replace(/\s+/g, " ");
+  const normalizedPattern = pattern.trim().replace(/\s+/g, " ");
+  try {
+    const regex = globToRegex(normalizedPattern);
+    return regex.test(normalizedCommand);
+  } catch (e4) {
+    return normalizedCommand === normalizedPattern;
   }
-  return output || (result.success ? "Command completed successfully (no output)" : "Command failed (no output)");
 }
-function validateExecutionOptions(options = {}) {
-  const errors = [];
-  const warnings = [];
-  if (options.timeout !== void 0) {
-    if (typeof options.timeout !== "number" || options.timeout < 0) {
-      errors.push("timeout must be a non-negative number");
-    } else if (options.timeout > 6e5) {
-      warnings.push("timeout is very high (>10 minutes)");
-    }
-  }
-  if (options.maxBuffer !== void 0) {
-    if (typeof options.maxBuffer !== "number" || options.maxBuffer < 1024) {
-      errors.push("maxBuffer must be at least 1024 bytes");
-    } else if (options.maxBuffer > 100 * 1024 * 1024) {
-      warnings.push("maxBuffer is very high (>100MB)");
-    }
-  }
-  if (options.workingDirectory) {
-    if (typeof options.workingDirectory !== "string") {
-      errors.push("workingDirectory must be a string");
-    } else if (!(0, import_fs4.existsSync)(options.workingDirectory)) {
-      errors.push(`workingDirectory does not exist: ${options.workingDirectory}`);
-    }
-  }
-  if (options.env && typeof options.env !== "object") {
-    errors.push("env must be an object");
+function parseCommand(command) {
+  const result = parseSimpleCommand(command);
+  if (!result.success) {
+    return {
+      command: "",
+      args: [],
+      error: result.error,
+      isComplex: result.isComplex
+    };
   }
   return {
-    valid: errors.length === 0,
-    errors,
-    warnings
+    command: result.command,
+    args: result.args,
+    error: null,
+    isComplex: result.isComplex
   };
 }
-var import_child_process6, import_path6, import_fs4;
-var init_bashExecutor = __esm({
-  "src/agent/bashExecutor.js"() {
+function parseCommandForExecution(command) {
+  const result = parseSimpleCommand(command);
+  if (!result.success) {
+    return null;
+  }
+  return result.fullArgs;
+}
+var init_bashCommandUtils = __esm({
+  "src/agent/bashCommandUtils.js"() {
     "use strict";
-    import_child_process6 = require("child_process");
-    import_path6 = require("path");
-    import_fs4 = require("fs");
-    init_bashCommandUtils();
   }
 });
 
-// src/tools/bash.js
-var import_ai2, import_path7, bashTool;
-var init_bash = __esm({
-  "src/tools/bash.js"() {
+// src/agent/bashPermissions.js
+function matchesPattern(parsedCommand, pattern) {
+  if (!parsedCommand || !pattern) return false;
+  const { command, args } = parsedCommand;
+  if (!command) return false;
+  const patternParts = pattern.split(":");
+  const commandName = patternParts[0];
+  if (commandName === "*") {
+    return true;
+  } else if (commandName !== command) {
+    return false;
+  }
+  if (patternParts.length === 1) {
+    return true;
+  }
+  for (let i4 = 1; i4 < patternParts.length; i4++) {
+    const patternArg = patternParts[i4];
+    const argIndex = i4 - 1;
+    if (patternArg === "*") {
+      continue;
+    }
+    if (argIndex >= args.length) {
+      return false;
+    }
+    const actualArg = args[argIndex];
+    if (patternArg !== actualArg) {
+      return false;
+    }
+  }
+  return true;
+}
+function matchesAnyPattern(parsedCommand, patterns) {
+  if (!patterns || patterns.length === 0) return false;
+  return patterns.some((pattern) => matchesPattern(parsedCommand, pattern));
+}
+var BashPermissionChecker;
+var init_bashPermissions = __esm({
+  "src/agent/bashPermissions.js"() {
     "use strict";
-    import_ai2 = require("ai");
-    import_path7 = require("path");
-    init_bashPermissions();
-    init_bashExecutor();
-    bashTool = (options = {}) => {
-      const {
-        bashConfig = {},
-        debug = false,
-        cwd,
-        allowedFolders = []
-      } = options;
-      const permissionChecker = new BashPermissionChecker({
-        allow: bashConfig.allow,
-        deny: bashConfig.deny,
-        disableDefaultAllow: bashConfig.disableDefaultAllow,
-        disableDefaultDeny: bashConfig.disableDefaultDeny,
-        debug
-      });
-      const getDefaultWorkingDirectory = () => {
-        if (bashConfig.workingDirectory) {
-          return bashConfig.workingDirectory;
+    init_bashDefaults();
+    init_bashCommandUtils();
+    BashPermissionChecker = class {
+      /**
+       * Create a permission checker
+       * @param {Object} config - Configuration options
+       * @param {string[]} [config.allow] - Additional allow patterns
+       * @param {string[]} [config.deny] - Additional deny patterns
+       * @param {boolean} [config.disableDefaultAllow] - Disable default allow list
+       * @param {boolean} [config.disableDefaultDeny] - Disable default deny list
+       * @param {boolean} [config.debug] - Enable debug logging
+       */
+      constructor(config = {}) {
+        this.debug = config.debug || false;
+        this.allowPatterns = [];
+        if (!config.disableDefaultAllow) {
+          this.allowPatterns.push(...DEFAULT_ALLOW_PATTERNS);
+          if (this.debug) {
+            console.log(`[BashPermissions] Added ${DEFAULT_ALLOW_PATTERNS.length} default allow patterns`);
+          }
         }
-        if (cwd) {
-          return cwd;
+        if (config.allow && Array.isArray(config.allow)) {
+          this.allowPatterns.push(...config.allow);
+          if (this.debug) {
+            console.log(`[BashPermissions] Added ${config.allow.length} custom allow patterns:`, config.allow);
+          }
         }
-        if (allowedFolders && allowedFolders.length > 0) {
-          return allowedFolders[0];
+        this.denyPatterns = [];
+        if (!config.disableDefaultDeny) {
+          this.denyPatterns.push(...DEFAULT_DENY_PATTERNS);
+          if (this.debug) {
+            console.log(`[BashPermissions] Added ${DEFAULT_DENY_PATTERNS.length} default deny patterns`);
+          }
         }
-        return process.cwd();
-      };
-      return (0, import_ai2.tool)({
-        name: "bash",
-        description: `Execute bash commands for system exploration and development tasks.
-
-Security: This tool has built-in security with allow/deny lists. By default, only safe read-only commands are allowed for code exploration.
-
-Parameters:
-- command: (required) The bash command to execute
-- workingDirectory: (optional) Directory to execute command in
-- timeout: (optional) Command timeout in milliseconds
-- env: (optional) Additional environment variables
-
-Examples of allowed commands by default:
-- File exploration: ls, cat, head, tail, find, grep
-- Git operations: git status, git log, git diff, git show
-- Package info: npm list, pip list, cargo --version
-- System info: whoami, pwd, uname, date
-
-Dangerous commands are blocked by default (rm -rf, sudo, npm install, etc.)`,
-        inputSchema: {
-          type: "object",
-          properties: {
-            command: {
-              type: "string",
-              description: "The bash command to execute"
-            },
-            workingDirectory: {
-              type: "string",
-              description: "Directory to execute the command in (optional)"
-            },
-            timeout: {
-              type: "number",
-              description: "Command timeout in milliseconds (optional)",
-              minimum: 1e3,
-              maximum: 6e5
-            },
-            env: {
-              type: "object",
-              description: "Additional environment variables (optional)",
-              additionalProperties: {
-                type: "string"
-              }
-            }
-          },
-          required: ["command"],
-          additionalProperties: false
-        },
-        execute: async ({ command, workingDirectory, timeout, env }) => {
-          try {
-            if (command === null || command === void 0 || typeof command !== "string") {
-              return "Error: Command is required and must be a string";
-            }
-            if (command.trim().length === 0) {
-              return "Error: Command cannot be empty";
-            }
-            const permissionResult = permissionChecker.check(command.trim());
-            if (!permissionResult.allowed) {
-              if (debug) {
-                console.log(`[BashTool] Permission denied for command: "${command}"`);
-                console.log(`[BashTool] Reason: ${permissionResult.reason}`);
-              }
-              return `Permission denied: ${permissionResult.reason}
-
-This command is not allowed by the current security policy. 
-
-Common reasons:
-1. The command is in the deny list (potentially dangerous)
-2. The command is not in the allow list (not a recognized safe command)
-
-If you believe this command should be allowed, you can:
-- Use the --bash-allow option to add specific patterns
-- Use the --no-default-bash-deny flag to remove default restrictions (not recommended)
-
-For code exploration, try these safe alternatives:
-- ls, cat, head, tail for file operations
-- find, grep, rg for searching
-- git status, git log, git show for git operations
-- npm list, pip list for package information`;
-            }
-            const defaultDir = getDefaultWorkingDirectory();
-            const workingDir = workingDirectory ? (0, import_path7.isAbsolute)(workingDirectory) ? (0, import_path7.resolve)(workingDirectory) : (0, import_path7.resolve)(defaultDir, workingDirectory) : defaultDir;
-            if (allowedFolders && allowedFolders.length > 0) {
-              const resolvedWorkingDir = (0, import_path7.resolve)(workingDir);
-              const isAllowed = allowedFolders.some((folder) => {
-                const resolvedFolder = (0, import_path7.resolve)(folder);
-                return resolvedWorkingDir === resolvedFolder || resolvedWorkingDir.startsWith(resolvedFolder + import_path7.sep);
-              });
-              if (!isAllowed) {
-                return `Error: Working directory "${workingDir}" is not within allowed folders: ${allowedFolders.join(", ")}`;
-              }
-            }
-            const executionOptions = {
-              workingDirectory: workingDir,
-              timeout: timeout || bashConfig.timeout || 12e4,
-              env: { ...bashConfig.env, ...env },
-              maxBuffer: bashConfig.maxBuffer,
-              debug
+        if (config.deny && Array.isArray(config.deny)) {
+          this.denyPatterns.push(...config.deny);
+          if (this.debug) {
+            console.log(`[BashPermissions] Added ${config.deny.length} custom deny patterns:`, config.deny);
+          }
+        }
+        if (this.debug) {
+          console.log(`[BashPermissions] Total patterns - Allow: ${this.allowPatterns.length}, Deny: ${this.denyPatterns.length}`);
+        }
+      }
+      /**
+       * Check if a simple command is allowed (complex commands allowed if they match patterns)
+       * @param {string} command - Command to check
+       * @returns {Object} Permission result
+       */
+      check(command) {
+        if (!command || typeof command !== "string") {
+          return {
+            allowed: false,
+            reason: "Invalid or empty command",
+            command
+          };
+        }
+        const commandIsComplex = isComplexCommand(command);
+        if (commandIsComplex) {
+          return this._checkComplexCommand(command);
+        }
+        const parsed = parseCommand(command);
+        if (parsed.error) {
+          return {
+            allowed: false,
+            reason: parsed.error,
+            command
+          };
+        }
+        if (!parsed.command) {
+          return {
+            allowed: false,
+            reason: "No valid command found",
+            command
+          };
+        }
+        if (this.debug) {
+          console.log(`[BashPermissions] Checking simple command: "${command}"`);
+          console.log(`[BashPermissions] Parsed: ${parsed.command} with args: [${parsed.args.join(", ")}]`);
+        }
+        if (matchesAnyPattern(parsed, this.denyPatterns)) {
+          const matchedPatterns = this.denyPatterns.filter((pattern) => matchesPattern(parsed, pattern));
+          return {
+            allowed: false,
+            reason: `Command matches deny pattern: ${matchedPatterns[0]}`,
+            command,
+            parsed,
+            matchedPatterns
+          };
+        }
+        if (this.allowPatterns.length > 0) {
+          if (!matchesAnyPattern(parsed, this.allowPatterns)) {
+            return {
+              allowed: false,
+              reason: "Command not in allow list",
+              command,
+              parsed
             };
-            const validation = validateExecutionOptions(executionOptions);
-            if (!validation.valid) {
-              return `Error: Invalid execution options: ${validation.errors.join(", ")}`;
-            }
-            if (validation.warnings.length > 0 && debug) {
-              console.log("[BashTool] Warnings:", validation.warnings);
-            }
-            if (debug) {
-              console.log(`[BashTool] Executing command: "${command}"`);
-              console.log(`[BashTool] Working directory: "${workingDir}"`);
-              console.log(`[BashTool] Timeout: ${executionOptions.timeout}ms`);
+          }
+        }
+        const result = {
+          allowed: true,
+          command,
+          parsed,
+          isComplex: false
+        };
+        if (this.debug) {
+          console.log(`[BashPermissions] ALLOWED - command passed all checks`);
+        }
+        return result;
+      }
+      /**
+       * Check a complex command against complex patterns in allow/deny lists
+       * @private
+       * @param {string} command - Complex command to check
+       * @returns {Object} Permission result
+       */
+      _checkComplexCommand(command) {
+        if (this.debug) {
+          console.log(`[BashPermissions] Checking complex command: "${command}"`);
+        }
+        const complexAllowPatterns = this.allowPatterns.filter((p4) => isComplexPattern(p4));
+        const complexDenyPatterns = this.denyPatterns.filter((p4) => isComplexPattern(p4));
+        if (this.debug) {
+          console.log(`[BashPermissions] Complex allow patterns: ${complexAllowPatterns.length}`);
+          console.log(`[BashPermissions] Complex deny patterns: ${complexDenyPatterns.length}`);
+        }
+        for (const pattern of complexDenyPatterns) {
+          if (matchesComplexPattern(command, pattern)) {
+            if (this.debug) {
+              console.log(`[BashPermissions] DENIED - matches complex deny pattern: ${pattern}`);
             }
-            const result = await executeBashCommand(command.trim(), executionOptions);
-            if (debug) {
-              console.log(`[BashTool] Command completed - Success: ${result.success}, Duration: ${result.duration}ms`);
+            return {
+              allowed: false,
+              reason: `Command matches deny pattern: ${pattern}`,
+              command,
+              isComplex: true,
+              matchedPatterns: [pattern]
+            };
+          }
+        }
+        for (const pattern of complexAllowPatterns) {
+          if (matchesComplexPattern(command, pattern)) {
+            if (this.debug) {
+              console.log(`[BashPermissions] ALLOWED - matches complex allow pattern: ${pattern}`);
             }
-            const formattedResult = formatExecutionResult(result, debug);
-            if (!result.success) {
-              let errorInfo = `
+            return {
+              allowed: true,
+              command,
+              isComplex: true,
+              matchedPattern: pattern
+            };
+          }
+        }
+        if (this.debug) {
+          console.log(`[BashPermissions] DENIED - no matching complex pattern found`);
+        }
+        return {
+          allowed: false,
+          reason: 'Complex shell commands require explicit allow patterns (e.g., "cd * && git *")',
+          command,
+          isComplex: true
+        };
+      }
+      /**
+       * Get configuration summary
+       * @returns {Object} Configuration info
+       */
+      getConfig() {
+        return {
+          allowPatterns: this.allowPatterns.length,
+          denyPatterns: this.denyPatterns.length,
+          totalPatterns: this.allowPatterns.length + this.denyPatterns.length
+        };
+      }
+    };
+  }
+});
 
-Command failed with exit code ${result.exitCode}`;
-              if (result.killed) {
-                errorInfo += ` (${result.error})`;
-              }
-              return formattedResult + errorInfo;
-            }
-            return formattedResult;
-          } catch (error2) {
-            if (debug) {
-              console.error("[BashTool] Execution error:", error2);
+// src/agent/bashExecutor.js
+async function executeBashCommand(command, options = {}) {
+  const {
+    workingDirectory = process.cwd(),
+    timeout = 12e4,
+    // 2 minutes default
+    env = {},
+    maxBuffer = 10 * 1024 * 1024,
+    // 10MB
+    debug = false
+  } = options;
+  let cwd = workingDirectory;
+  try {
+    cwd = (0, import_path7.resolve)(cwd);
+    if (!(0, import_fs6.existsSync)(cwd)) {
+      throw new Error(`Working directory does not exist: ${cwd}`);
+    }
+  } catch (error2) {
+    return {
+      success: false,
+      error: `Invalid working directory: ${error2.message}`,
+      stdout: "",
+      stderr: "",
+      exitCode: 1,
+      command,
+      workingDirectory: cwd,
+      duration: 0
+    };
+  }
+  const startTime = Date.now();
+  if (debug) {
+    console.log(`[BashExecutor] Executing command: "${command}"`);
+    console.log(`[BashExecutor] Working directory: "${cwd}"`);
+    console.log(`[BashExecutor] Timeout: ${timeout}ms`);
+  }
+  return new Promise((resolve6, reject2) => {
+    const processEnv = {
+      ...process.env,
+      ...env
+    };
+    const isComplex = isComplexCommand(command);
+    let cmd, cmdArgs, useShell;
+    if (isComplex) {
+      cmd = "sh";
+      cmdArgs = ["-c", command];
+      useShell = false;
+      if (debug) {
+        console.log(`[BashExecutor] Complex command - using sh -c`);
+      }
+    } else {
+      const args = parseCommandForExecution(command);
+      if (!args || args.length === 0) {
+        resolve6({
+          success: false,
+          error: "Failed to parse command",
+          stdout: "",
+          stderr: "",
+          exitCode: 1,
+          command,
+          workingDirectory: cwd,
+          duration: Date.now() - startTime
+        });
+        return;
+      }
+      [cmd, ...cmdArgs] = args;
+      useShell = false;
+    }
+    const child = (0, import_child_process6.spawn)(cmd, cmdArgs, {
+      cwd,
+      env: processEnv,
+      stdio: ["ignore", "pipe", "pipe"],
+      // stdin ignored, capture stdout/stderr
+      shell: useShell,
+      // false for security
+      windowsHide: true
+    });
+    let stdout = "";
+    let stderr = "";
+    let killed = false;
+    let timeoutHandle;
+    if (timeout > 0) {
+      timeoutHandle = setTimeout(() => {
+        if (!killed) {
+          killed = true;
+          child.kill("SIGTERM");
+          setTimeout(() => {
+            if (child.exitCode === null) {
+              child.kill("SIGKILL");
             }
-            return `Error executing bash command: ${error2.message}`;
-          }
+          }, 5e3);
+        }
+      }, timeout);
+    }
+    child.stdout.on("data", (data2) => {
+      const chunk = data2.toString();
+      if (stdout.length + chunk.length <= maxBuffer) {
+        stdout += chunk;
+      } else {
+        if (!killed) {
+          killed = true;
+          child.kill("SIGTERM");
+        }
+      }
+    });
+    child.stderr.on("data", (data2) => {
+      const chunk = data2.toString();
+      if (stderr.length + chunk.length <= maxBuffer) {
+        stderr += chunk;
+      } else {
+        if (!killed) {
+          killed = true;
+          child.kill("SIGTERM");
+        }
+      }
+    });
+    child.on("close", (code, signal) => {
+      if (timeoutHandle) {
+        clearTimeout(timeoutHandle);
+      }
+      const duration = Date.now() - startTime;
+      if (debug) {
+        console.log(`[BashExecutor] Command completed - Code: ${code}, Signal: ${signal}, Duration: ${duration}ms`);
+        console.log(`[BashExecutor] Stdout length: ${stdout.length}, Stderr length: ${stderr.length}`);
+      }
+      let success = true;
+      let error2 = "";
+      if (killed) {
+        success = false;
+        if (stdout.length + stderr.length > maxBuffer) {
+          error2 = `Command output exceeded maximum buffer size (${maxBuffer} bytes)`;
+        } else {
+          error2 = `Command timed out after ${timeout}ms`;
         }
+      } else if (code !== 0) {
+        success = false;
+        error2 = `Command exited with code ${code}`;
+      }
+      resolve6({
+        success,
+        error: error2,
+        stdout: stdout.trim(),
+        stderr: stderr.trim(),
+        exitCode: code,
+        signal,
+        command,
+        workingDirectory: cwd,
+        duration,
+        killed
       });
-    };
+    });
+    child.on("error", (error2) => {
+      if (timeoutHandle) {
+        clearTimeout(timeoutHandle);
+      }
+      if (debug) {
+        console.log(`[BashExecutor] Spawn error:`, error2);
+      }
+      resolve6({
+        success: false,
+        error: `Failed to execute command: ${error2.message}`,
+        stdout: "",
+        stderr: "",
+        exitCode: 1,
+        command,
+        workingDirectory: cwd,
+        duration: Date.now() - startTime
+      });
+    });
+  });
+}
+function formatExecutionResult(result, includeMetadata = false) {
+  if (!result) {
+    return "No result available";
   }
-});
-
-// src/tools/edit.js
-function isPathAllowed(filePath, allowedFolders) {
-  if (!allowedFolders || allowedFolders.length === 0) {
-    const resolvedPath3 = (0, import_path8.resolve)(filePath);
-    const cwd = (0, import_path8.resolve)(process.cwd());
-    return resolvedPath3 === cwd || resolvedPath3.startsWith(cwd + import_path8.sep);
+  let output = "";
+  if (includeMetadata) {
+    output += `Command: ${result.command}
+`;
+    output += `Working directory: ${result.workingDirectory}
+`;
+    output += `Duration: ${result.duration}ms
+`;
+    output += `Exit Code: ${result.exitCode}
+`;
+    if (result.signal) {
+      output += `Signal: ${result.signal}
+`;
+    }
+    output += "\n";
   }
-  const resolvedPath2 = (0, import_path8.resolve)(filePath);
-  return allowedFolders.some((folder) => {
-    const allowedPath = (0, import_path8.resolve)(folder);
-    return resolvedPath2 === allowedPath || resolvedPath2.startsWith(allowedPath + import_path8.sep);
-  });
+  if (result.stdout) {
+    if (includeMetadata) {
+      output += "--- STDOUT ---\n";
+    }
+    output += result.stdout;
+    if (includeMetadata && result.stderr) {
+      output += "\n";
+    }
+  }
+  if (result.stderr) {
+    if (includeMetadata) {
+      if (result.stdout) output += "\n";
+      output += "--- STDERR ---\n";
+    } else if (result.stdout) {
+      output += "\n--- STDERR ---\n";
+    }
+    output += result.stderr;
+  }
+  if (!result.success && result.error && !result.stderr) {
+    if (output) output += "\n";
+    output += `Error: ${result.error}`;
+  }
+  if (!result.success && result.exitCode !== void 0 && result.exitCode !== 0) {
+    if (output) output += "\n";
+    output += `Exit code: ${result.exitCode}`;
+  }
+  return output || (result.success ? "Command completed successfully (no output)" : "Command failed (no output)");
 }
-function parseFileToolOptions(options = {}) {
+function validateExecutionOptions(options = {}) {
+  const errors = [];
+  const warnings = [];
+  if (options.timeout !== void 0) {
+    if (typeof options.timeout !== "number" || options.timeout < 0) {
+      errors.push("timeout must be a non-negative number");
+    } else if (options.timeout > 6e5) {
+      warnings.push("timeout is very high (>10 minutes)");
+    }
+  }
+  if (options.maxBuffer !== void 0) {
+    if (typeof options.maxBuffer !== "number" || options.maxBuffer < 1024) {
+      errors.push("maxBuffer must be at least 1024 bytes");
+    } else if (options.maxBuffer > 100 * 1024 * 1024) {
+      warnings.push("maxBuffer is very high (>100MB)");
+    }
+  }
+  if (options.workingDirectory) {
+    if (typeof options.workingDirectory !== "string") {
+      errors.push("workingDirectory must be a string");
+    } else if (!(0, import_fs6.existsSync)(options.workingDirectory)) {
+      errors.push(`workingDirectory does not exist: ${options.workingDirectory}`);
+    }
+  }
+  if (options.env && typeof options.env !== "object") {
+    errors.push("env must be an object");
+  }
   return {
-    debug: options.debug || false,
-    allowedFolders: options.allowedFolders || [],
-    cwd: options.cwd
+    valid: errors.length === 0,
+    errors,
+    warnings
   };
 }
-var import_ai3, import_fs5, import_path8, import_fs6, editTool, createTool, editDescription, createDescription, editToolDefinition, createToolDefinition;
-var init_edit = __esm({
-  "src/tools/edit.js"() {
+var import_child_process6, import_path7, import_fs6;
+var init_bashExecutor = __esm({
+  "src/agent/bashExecutor.js"() {
     "use strict";
-    import_ai3 = require("ai");
-    import_fs5 = require("fs");
-    import_path8 = require("path");
+    import_child_process6 = require("child_process");
+    import_path7 = require("path");
     import_fs6 = require("fs");
-    editTool = (options = {}) => {
-      const { debug, allowedFolders, cwd } = parseFileToolOptions(options);
-      return (0, import_ai3.tool)({
-        name: "edit",
-        description: `Edit files using exact string replacement (Claude Code style).
-
-This tool performs exact string replacements in files. It requires the old_string to match exactly what's in the file, including all whitespace and indentation.
-
-Parameters:
-- file_path: Path to the file to edit (absolute or relative)
-- old_string: Exact text to find and replace (must be unique in the file unless replace_all is true)
-- new_string: Text to replace with
-- replace_all: (optional) Replace all occurrences instead of requiring uniqueness
+    init_bashCommandUtils();
+  }
+});
 
-Important:
-- The old_string must match EXACTLY including whitespace
-- If old_string appears multiple times and replace_all is false, the edit will fail
-- Use larger context around the string to ensure uniqueness when needed`,
-        inputSchema: {
-          type: "object",
-          properties: {
-            file_path: {
-              type: "string",
-              description: "Path to the file to edit"
-            },
-            old_string: {
-              type: "string",
-              description: "Exact text to find and replace"
-            },
-            new_string: {
-              type: "string",
-              description: "Text to replace with"
-            },
-            replace_all: {
-              type: "boolean",
-              description: "Replace all occurrences (default: false)",
-              default: false
-            }
-          },
-          required: ["file_path", "old_string", "new_string"]
-        },
-        execute: async ({ file_path, old_string, new_string, replace_all = false }) => {
-          try {
-            if (!file_path || typeof file_path !== "string" || file_path.trim() === "") {
-              return `Error editing file: Invalid file_path - must be a non-empty string`;
-            }
-            if (old_string === void 0 || old_string === null || typeof old_string !== "string") {
-              return `Error editing file: Invalid old_string - must be a string`;
-            }
-            if (new_string === void 0 || new_string === null || typeof new_string !== "string") {
-              return `Error editing file: Invalid new_string - must be a string`;
-            }
-            const resolvedPath2 = (0, import_path8.isAbsolute)(file_path) ? file_path : (0, import_path8.resolve)(cwd || process.cwd(), file_path);
-            if (debug) {
-              console.error(`[Edit] Attempting to edit file: ${resolvedPath2}`);
-            }
-            if (!isPathAllowed(resolvedPath2, allowedFolders)) {
-              return `Error editing file: Permission denied - ${file_path} is outside allowed directories`;
-            }
-            if (!(0, import_fs6.existsSync)(resolvedPath2)) {
-              return `Error editing file: File not found - ${file_path}`;
-            }
-            const content = await import_fs5.promises.readFile(resolvedPath2, "utf-8");
-            if (!content.includes(old_string)) {
-              return `Error editing file: String not found - the specified old_string was not found in ${file_path}`;
-            }
-            const occurrences = content.split(old_string).length - 1;
-            if (!replace_all && occurrences > 1) {
-              return `Error editing file: Multiple occurrences found - the old_string appears ${occurrences} times. Use replace_all: true to replace all occurrences, or provide more context to make the string unique.`;
-            }
-            let newContent;
-            if (replace_all) {
-              newContent = content.replaceAll(old_string, new_string);
-            } else {
-              newContent = content.replace(old_string, new_string);
-            }
-            if (newContent === content) {
-              return `Error editing file: No changes made - old_string and new_string might be the same`;
-            }
-            await import_fs5.promises.writeFile(resolvedPath2, newContent, "utf-8");
-            const replacedCount = replace_all ? occurrences : 1;
-            if (debug) {
-              console.error(`[Edit] Successfully edited ${resolvedPath2}, replaced ${replacedCount} occurrence(s)`);
-            }
-            return `Successfully edited ${file_path} (${replacedCount} replacement${replacedCount !== 1 ? "s" : ""})`;
-          } catch (error2) {
-            console.error("[Edit] Error:", error2);
-            return `Error editing file: ${error2.message}`;
-          }
-        }
+// src/tools/bash.js
+var import_ai3, import_path8, bashTool;
+var init_bash = __esm({
+  "src/tools/bash.js"() {
+    "use strict";
+    import_ai3 = require("ai");
+    import_path8 = require("path");
+    init_bashPermissions();
+    init_bashExecutor();
+    bashTool = (options = {}) => {
+      const {
+        bashConfig = {},
+        debug = false,
+        cwd,
+        allowedFolders = []
+      } = options;
+      const permissionChecker = new BashPermissionChecker({
+        allow: bashConfig.allow,
+        deny: bashConfig.deny,
+        disableDefaultAllow: bashConfig.disableDefaultAllow,
+        disableDefaultDeny: bashConfig.disableDefaultDeny,
+        debug
       });
-    };
-    createTool = (options = {}) => {
-      const { debug, allowedFolders, cwd } = parseFileToolOptions(options);
+      const getDefaultWorkingDirectory = () => {
+        if (bashConfig.workingDirectory) {
+          return bashConfig.workingDirectory;
+        }
+        if (cwd) {
+          return cwd;
+        }
+        if (allowedFolders && allowedFolders.length > 0) {
+          return allowedFolders[0];
+        }
+        return process.cwd();
+      };
       return (0, import_ai3.tool)({
-        name: "create",
-        description: `Create new files with specified content.
+        name: "bash",
+        description: `Execute bash commands for system exploration and development tasks.
 
-This tool creates new files in the filesystem. It will create parent directories if they don't exist.
+Security: This tool has built-in security with allow/deny lists. By default, only safe read-only commands are allowed for code exploration.
 
 Parameters:
-- file_path: Path where the file should be created (absolute or relative)
-- content: Content to write to the file
-- overwrite: (optional) Whether to overwrite if file exists (default: false)
+- command: (required) The bash command to execute
+- workingDirectory: (optional) Directory to execute command in
+- timeout: (optional) Command timeout in milliseconds
+- env: (optional) Additional environment variables
 
-Important:
-- By default, will fail if the file already exists
-- Set overwrite: true to replace existing files
-- Parent directories will be created automatically if needed`,
+Examples of allowed commands by default:
+- File exploration: ls, cat, head, tail, find, grep
+- Git operations: git status, git log, git diff, git show
+- Package info: npm list, pip list, cargo --version
+- System info: whoami, pwd, uname, date
+
+Dangerous commands are blocked by default (rm -rf, sudo, npm install, etc.)`,
         inputSchema: {
           type: "object",
           properties: {
-            file_path: {
+            command: {
               type: "string",
-              description: "Path where the file should be created"
+              description: "The bash command to execute"
             },
-            content: {
+            workingDirectory: {
               type: "string",
-              description: "Content to write to the file"
+              description: "Directory to execute the command in (optional)"
             },
-            overwrite: {
-              type: "boolean",
-              description: "Overwrite if file exists (default: false)",
-              default: false
+            timeout: {
+              type: "number",
+              description: "Command timeout in milliseconds (optional)",
+              minimum: 1e3,
+              maximum: 6e5
+            },
+            env: {
+              type: "object",
+              description: "Additional environment variables (optional)",
+              additionalProperties: {
+                type: "string"
+              }
             }
           },
-          required: ["file_path", "content"]
+          required: ["command"],
+          additionalProperties: false
         },
-        execute: async ({ file_path, content, overwrite = false }) => {
+        execute: async ({ command, workingDirectory, timeout, env }) => {
           try {
-            if (!file_path || typeof file_path !== "string" || file_path.trim() === "") {
-              return `Error creating file: Invalid file_path - must be a non-empty string`;
+            if (command === null || command === void 0 || typeof command !== "string") {
+              return "Error: Command is required and must be a string";
             }
-            if (content === void 0 || content === null || typeof content !== "string") {
-              return `Error creating file: Invalid content - must be a string`;
+            if (command.trim().length === 0) {
+              return "Error: Command cannot be empty";
             }
-            const resolvedPath2 = (0, import_path8.isAbsolute)(file_path) ? file_path : (0, import_path8.resolve)(cwd || process.cwd(), file_path);
-            if (debug) {
-              console.error(`[Create] Attempting to create file: ${resolvedPath2}`);
+            const permissionResult = permissionChecker.check(command.trim());
+            if (!permissionResult.allowed) {
+              if (debug) {
+                console.log(`[BashTool] Permission denied for command: "${command}"`);
+                console.log(`[BashTool] Reason: ${permissionResult.reason}`);
+              }
+              return `Permission denied: ${permissionResult.reason}
+
+This command is not allowed by the current security policy. 
+
+Common reasons:
+1. The command is in the deny list (potentially dangerous)
+2. The command is not in the allow list (not a recognized safe command)
+
+If you believe this command should be allowed, you can:
+- Use the --bash-allow option to add specific patterns
+- Use the --no-default-bash-deny flag to remove default restrictions (not recommended)
+
+For code exploration, try these safe alternatives:
+- ls, cat, head, tail for file operations
+- find, grep, rg for searching
+- git status, git log, git show for git operations
+- npm list, pip list for package information`;
             }
-            if (!isPathAllowed(resolvedPath2, allowedFolders)) {
-              return `Error creating file: Permission denied - ${file_path} is outside allowed directories`;
+            const defaultDir = getDefaultWorkingDirectory();
+            const workingDir = workingDirectory ? (0, import_path8.isAbsolute)(workingDirectory) ? (0, import_path8.resolve)(workingDirectory) : (0, import_path8.resolve)(defaultDir, workingDirectory) : defaultDir;
+            if (allowedFolders && allowedFolders.length > 0) {
+              const resolvedWorkingDir = (0, import_path8.resolve)(workingDir);
+              const isAllowed = allowedFolders.some((folder) => {
+                const resolvedFolder = (0, import_path8.resolve)(folder);
+                return resolvedWorkingDir === resolvedFolder || resolvedWorkingDir.startsWith(resolvedFolder + import_path8.sep);
+              });
+              if (!isAllowed) {
+                return `Error: Working directory "${workingDir}" is not within allowed folders: ${allowedFolders.join(", ")}`;
+              }
             }
-            if ((0, import_fs6.existsSync)(resolvedPath2) && !overwrite) {
-              return `Error creating file: File already exists - ${file_path}. Use overwrite: true to replace it.`;
+            const executionOptions = {
+              workingDirectory: workingDir,
+              timeout: timeout || bashConfig.timeout || 12e4,
+              env: { ...bashConfig.env, ...env },
+              maxBuffer: bashConfig.maxBuffer,
+              debug
+            };
+            const validation = validateExecutionOptions(executionOptions);
+            if (!validation.valid) {
+              return `Error: Invalid execution options: ${validation.errors.join(", ")}`;
+            }
+            if (validation.warnings.length > 0 && debug) {
+              console.log("[BashTool] Warnings:", validation.warnings);
             }
-            const dir = (0, import_path8.dirname)(resolvedPath2);
-            await import_fs5.promises.mkdir(dir, { recursive: true });
-            await import_fs5.promises.writeFile(resolvedPath2, content, "utf-8");
-            const action = (0, import_fs6.existsSync)(resolvedPath2) && overwrite ? "overwrote" : "created";
-            const bytes = Buffer.byteLength(content, "utf-8");
             if (debug) {
-              console.error(`[Create] Successfully ${action} ${resolvedPath2}`);
+              console.log(`[BashTool] Executing command: "${command}"`);
+              console.log(`[BashTool] Working directory: "${workingDir}"`);
+              console.log(`[BashTool] Timeout: ${executionOptions.timeout}ms`);
             }
-            return `Successfully ${action} ${file_path} (${bytes} bytes)`;
+            const result = await executeBashCommand(command.trim(), executionOptions);
+            if (debug) {
+              console.log(`[BashTool] Command completed - Success: ${result.success}, Duration: ${result.duration}ms`);
+            }
+            const formattedResult = formatExecutionResult(result, debug);
+            if (!result.success) {
+              let errorInfo = `
+
+Command failed with exit code ${result.exitCode}`;
+              if (result.killed) {
+                errorInfo += ` (${result.error})`;
+              }
+              return formattedResult + errorInfo;
+            }
+            return formattedResult;
           } catch (error2) {
-            console.error("[Create] Error:", error2);
-            return `Error creating file: ${error2.message}`;
+            if (debug) {
+              console.error("[BashTool] Execution error:", error2);
+            }
+            return `Error executing bash command: ${error2.message}`;
           }
         }
       });
     };
-    editDescription = "Edit files using exact string replacement. Requires exact match including whitespace.";
-    createDescription = "Create new files with specified content. Will create parent directories if needed.";
-    editToolDefinition = `
-## edit
-Description: ${editDescription}
-
-When to use:
-- For precise, surgical edits to existing files
-- When you need to change specific lines or blocks of code
-- For renaming functions, variables, or updating configuration values
-- When the exact text to replace is known and unique (or use replace_all for multiple occurrences)
-
-When NOT to use:
-- For creating new files (use 'create' tool instead)
-- When you cannot determine the exact text to replace
-- When changes span multiple locations that would be better handled together
-
-Parameters:
-- file_path: (required) Path to the file to edit
-- old_string: (required) Exact text to find and replace (must match including whitespace, newlines, and indentation)
-- new_string: (required) Text to replace with
-- replace_all: (optional, default: false) Replace all occurrences if the string appears multiple times
-
-Important notes:
-- The old_string MUST match EXACTLY, including all whitespace, indentation, and line breaks
-- If old_string appears multiple times and replace_all is false, the tool will fail
-- Always verify the exact formatting of the text you want to replace
-
-Examples:
-<edit>
-<file_path>src/main.js</file_path>
-<old_string>function oldName() {
-  return 42;
-}</old_string>
-<new_string>function newName() {
-  return 42;
-}</new_string>
-</edit>
-
-<edit>
-<file_path>config.json</file_path>
-<old_string>"debug": false</old_string>
-<new_string>"debug": true</new_string>
-<replace_all>true</replace_all>
-</edit>`;
-    createToolDefinition = `
-## create
-Description: ${createDescription}
-
-When to use:
-- For creating brand new files from scratch
-- When you need to add configuration files, documentation, or new modules
-- For generating boilerplate code or templates
-- When you have the complete content ready to write
-
-When NOT to use:
-- For editing existing files (use 'edit' tool instead)
-- When a file already exists unless you explicitly want to overwrite it
-
-Parameters:
-- file_path: (required) Path where the file should be created
-- content: (required) Complete content to write to the file
-- overwrite: (optional, default: false) Whether to overwrite if file already exists
-
-Important notes:
-- Parent directories will be created automatically if they don't exist
-- The tool will fail if the file already exists and overwrite is false
-- Be careful with the overwrite option as it completely replaces existing files
-
-Examples:
-<create>
-<file_path>src/newFile.js</file_path>
-<content>export function hello() {
-  return "Hello, world!";
-}</content>
-</create>
-
-<create>
-<file_path>README.md</file_path>
-<content># My Project
-
-This is a new project.</content>
-<overwrite>true</overwrite>
-</create>`;
   }
 });