@probelabs/probe 0.6.0-rc208 → 0.6.0-rc210

package/cjs/agent/ProbeAgent.cjs

@@ -30711,7 +30711,10 @@ async function delegate({
   disableTools = false,
   searchDelegate = void 0,
   schema = null,
-  enableTasks = false
+  enableTasks = false,
+  enableMcp = false,
+  mcpConfig = null,
+  mcpConfigPath = null
 }) {
   if (!task || typeof task !== "string") {
     throw new Error("Task parameter is required and must be a string");
@@ -30767,8 +30770,14 @@ async function delegate({
       allowedTools,
       disableTools,
       searchDelegate,
-      enableTasks
+      enableTasks,
       // Inherit from parent (subagent gets isolated TaskManager)
+      enableMcp,
+      // Inherit from parent (subagent creates own MCPXmlBridge)
+      mcpConfig,
+      // Inherit from parent
+      mcpConfigPath
+      // Inherit from parent
     });
     if (debug) {
       console.error(`[DELEGATE] Created subagent with session ${sessionId}`);
@@ -36739,7 +36748,7 @@ var init_vercel = __esm({
       });
     };
     delegateTool = (options = {}) => {
-      const { debug = false, timeout = 300, cwd, allowedFolders, enableBash = false, bashConfig, architectureFileName } = options;
+      const { debug = false, timeout = 300, cwd, allowedFolders, enableBash = false, bashConfig, architectureFileName, enableMcp = false, mcpConfig = null, mcpConfigPath = null } = options;
       return (0, import_ai2.tool)({
         name: "delegate",
         description: delegateDescription,
@@ -36798,7 +36807,10 @@ var init_vercel = __esm({
             enableBash,
             bashConfig,
             architectureFileName,
-            searchDelegate
+            searchDelegate,
+            enableMcp,
+            mcpConfig,
+            mcpConfigPath
           });
           return result;
         }
@@ -37325,6 +37337,38 @@ function parseSimpleCommand(command) {
       isComplex: false
     };
   }
+  const stripQuotedContent = (str) => {
+    let result = "";
+    let inQuotes2 = false;
+    let quoteChar2 = "";
+    for (let i4 = 0; i4 < str.length; i4++) {
+      const char = str[i4];
+      const nextChar = str[i4 + 1];
+      if (!inQuotes2 && char === "\\" && nextChar !== void 0) {
+        i4++;
+        continue;
+      }
+      if (inQuotes2 && quoteChar2 === '"' && char === "\\" && nextChar !== void 0) {
+        i4++;
+        continue;
+      }
+      if (!inQuotes2 && (char === '"' || char === "'")) {
+        inQuotes2 = true;
+        quoteChar2 = char;
+        continue;
+      }
+      if (inQuotes2 && char === quoteChar2) {
+        inQuotes2 = false;
+        quoteChar2 = "";
+        continue;
+      }
+      if (!inQuotes2) {
+        result += char;
+      }
+    }
+    return result;
+  };
+  const strippedForOperators = stripQuotedContent(trimmed);
   const complexPatterns = [
     /\|/,
     // Pipes
@@ -37350,7 +37394,7 @@ function parseSimpleCommand(command) {
     // Brace expansion like {a,b} or {1..10} (but not find {} placeholders)
   ];
   for (const pattern of complexPatterns) {
-    if (pattern.test(trimmed)) {
+    if (pattern.test(strippedForOperators)) {
       return {
         success: false,
         error: "Complex shell commands with pipes, operators, or redirections are not supported for security reasons",
@@ -37365,17 +37409,17 @@ function parseSimpleCommand(command) {
   let current = "";
   let inQuotes = false;
   let quoteChar = "";
-  let escaped = false;
   for (let i4 = 0; i4 < trimmed.length; i4++) {
     const char = trimmed[i4];
     const nextChar = i4 + 1 < trimmed.length ? trimmed[i4 + 1] : "";
-    if (escaped) {
-      current += char;
-      escaped = false;
+    if (!inQuotes && char === "\\" && nextChar) {
+      current += nextChar;
+      i4++;
       continue;
     }
-    if (char === "\\" && !inQuotes) {
-      escaped = true;
+    if (inQuotes && quoteChar === '"' && char === "\\" && nextChar) {
+      current += nextChar;
+      i4++;
       continue;
     }
     if (!inQuotes && (char === '"' || char === "'")) {
@@ -37708,8 +37752,97 @@ var init_bashPermissions = __esm({
         });
         return result;
       }
+      /**
+       * Split a complex command into component commands by operators
+       *
+       * ## Escape Handling (Security-Critical)
+       *
+       * This function intentionally PRESERVES escape sequences (both backslash AND
+       * escaped character) in the output. This is step 1 of a 2-step parsing process:
+       *
+       * 1. _splitComplexCommand: Splits by operators, PRESERVES escapes → `echo "test\" && b"`
+       * 2. parseCommand: Interprets escapes in each component → args: ['test" && b']
+       *
+       * This differs from stripQuotedContent() in bashCommandUtils.js which REMOVES
+       * escapes entirely (for operator detection only).
+       *
+       * The security rationale: if we stripped escapes here, `\"` would become `"`,
+       * potentially causing incorrect quote boundary detection and allowing operator
+       * injection. By preserving escapes, parseCommand() can correctly interpret them.
+       *
+       * See bashCommandUtils.js module header for the full escape handling architecture.
+       *
+       * @private
+       * @param {string} command - Complex command to split
+       * @returns {string[]} Array of component commands (with escapes preserved)
+       */
+      _splitComplexCommand(command) {
+        const components = [];
+        let current = "";
+        let inQuotes = false;
+        let quoteChar = "";
+        let i4 = 0;
+        while (i4 < command.length) {
+          const char = command[i4];
+          const nextChar = command[i4 + 1] || "";
+          if (!inQuotes && char === "\\") {
+            current += char;
+            if (nextChar) {
+              current += nextChar;
+              i4 += 2;
+            } else {
+              i4++;
+            }
+            continue;
+          }
+          if (inQuotes && quoteChar === '"' && char === "\\" && nextChar) {
+            current += char + nextChar;
+            i4 += 2;
+            continue;
+          }
+          if (!inQuotes && (char === '"' || char === "'")) {
+            inQuotes = true;
+            quoteChar = char;
+            current += char;
+            i4++;
+            continue;
+          }
+          if (inQuotes && char === quoteChar) {
+            inQuotes = false;
+            quoteChar = "";
+            current += char;
+            i4++;
+            continue;
+          }
+          if (!inQuotes) {
+            if (char === "&" && nextChar === "&" || char === "|" && nextChar === "|") {
+              if (current.trim()) {
+                components.push(current.trim());
+              }
+              current = "";
+              i4 += 2;
+              continue;
+            }
+            if (char === "|") {
+              if (current.trim()) {
+                components.push(current.trim());
+              }
+              current = "";
+              i4++;
+              continue;
+            }
+          }
+          current += char;
+          i4++;
+        }
+        if (current.trim()) {
+          components.push(current.trim());
+        }
+        return components;
+      }
       /**
        * Check a complex command against complex patterns in allow/deny lists
+       * Also supports auto-allowing commands where all components are individually allowed
        * @private
        * @param {string} command - Complex command to check
        * @returns {Object} Permission result
@@ -37764,6 +37897,85 @@ var init_bashPermissions = __esm({
             return result;
           }
         }
+        const components = this._splitComplexCommand(command);
+        if (this.debug) {
+          console.log(`[BashPermissions] Checking ${components.length} command components: ${JSON.stringify(components)}`);
+        }
+        if (components.length > 1) {
+          const componentResults = [];
+          let allAllowed = true;
+          let deniedComponent = null;
+          let deniedReason = null;
+          for (const component of components) {
+            const parsed = parseCommand(component);
+            if (parsed.error || parsed.isComplex) {
+              if (this.debug) {
+                console.log(`[BashPermissions] Component "${component}" is complex or has error: ${parsed.error}`);
+              }
+              allAllowed = false;
+              deniedComponent = component;
+              deniedReason = parsed.error || "Component contains nested complex constructs";
+              break;
+            }
+            if (matchesAnyPattern(parsed, this.denyPatterns)) {
+              if (this.debug) {
+                console.log(`[BashPermissions] Component "${component}" matches deny pattern`);
+              }
+              allAllowed = false;
+              deniedComponent = component;
+              deniedReason = "Component matches deny pattern";
+              break;
+            }
+            if (!matchesAnyPattern(parsed, this.allowPatterns)) {
+              if (this.debug) {
+                console.log(`[BashPermissions] Component "${component}" not in allow list`);
+              }
+              allAllowed = false;
+              deniedComponent = component;
+              deniedReason = "Component not in allow list";
+              break;
+            }
+            componentResults.push({ component, parsed, allowed: true });
+          }
+          if (allAllowed) {
+            if (this.debug) {
+              console.log(`[BashPermissions] ALLOWED - all ${components.length} components passed individual checks`);
+            }
+            const result = {
+              allowed: true,
+              command,
+              isComplex: true,
+              allowedByComponents: true,
+              components: componentResults
+            };
+            this.recordBashEvent("permission.allowed", {
+              command,
+              isComplex: true,
+              allowedByComponents: true,
+              componentCount: components.length
+            });
+            return result;
+          } else {
+            if (this.debug) {
+              console.log(`[BashPermissions] DENIED - component "${deniedComponent}" failed: ${deniedReason}`);
+            }
+            const result = {
+              allowed: false,
+              reason: `Component "${deniedComponent}" not allowed: ${deniedReason}`,
+              command,
+              isComplex: true,
+              failedComponent: deniedComponent
+            };
+            this.recordBashEvent("permission.denied", {
+              command,
+              reason: "component_not_allowed",
+              failedComponent: deniedComponent,
+              componentReason: deniedReason,
+              isComplex: true
+            });
+            return result;
+          }
+        }
         if (this.debug) {
           console.log(`[BashPermissions] DENIED - no matching complex pattern found`);
         }
@@ -85275,7 +85487,7 @@ var init_client2 = __esm({
             clientInfo.client.callTool({
               name: tool4.originalName,
               arguments: args
-            }),
+            }, void 0, { timeout }),
             timeoutPromise
           ]);
           const durationMs = Date.now() - startTime;
@@ -95829,7 +96041,7 @@ var init_ProbeAgent = __esm({
         this.maxIterations = options.maxIterations || null;
         this.disableMermaidValidation = !!options.disableMermaidValidation;
         this.disableJsonValidation = !!options.disableJsonValidation;
-        this.enableSkills = options.disableSkills ? false : options.enableSkills !== void 0 ? !!options.enableSkills : true;
+        this.enableSkills = options.disableSkills ? false : !!(options.allowSkills || options.enableSkills);
         if (Array.isArray(options.skillDirs)) {
           this.skillDirs = options.skillDirs;
         } else if (typeof options.skillDirs === "string") {
@@ -97724,6 +97936,9 @@ You are working with a repository located at: ${searchDirectory}
           let lastFormatErrorType = null;
           let sameFormatErrorCount = 0;
           const MAX_REPEATED_FORMAT_ERRORS = 3;
+          let lastNoToolResponse = null;
+          let sameResponseCount = 0;
+          const MAX_REPEATED_IDENTICAL_RESPONSES = 3;
           while (currentIteration < maxIterations && !completionAttempted) {
             currentIteration++;
             if (this.cancelled) throw new Error("Request was cancelled by the user");
@@ -98205,6 +98420,26 @@ ${errorXml}
                 }
                 break;
               }
+              if (lastNoToolResponse !== null && assistantResponseContent === lastNoToolResponse) {
+                sameResponseCount++;
+                if (sameResponseCount >= MAX_REPEATED_IDENTICAL_RESPONSES) {
+                  let cleanedResponse = assistantResponseContent;
+                  cleanedResponse = cleanedResponse.replace(/<thinking>[\s\S]*?<\/thinking>/gi, "").trim();
+                  cleanedResponse = cleanedResponse.replace(/<thinking>[\s\S]*$/gi, "").trim();
+                  const hasSubstantialContent = cleanedResponse.length > 50 && !cleanedResponse.includes("<api_call>") && !cleanedResponse.includes("<tool_name>") && !cleanedResponse.includes("<function>");
+                  if (hasSubstantialContent) {
+                    if (this.debug) {
+                      console.log(`[DEBUG] Same response repeated ${sameResponseCount} times - accepting as final answer (${cleanedResponse.length} chars)`);
+                    }
+                    finalResult = cleanedResponse;
+                    completionAttempted = true;
+                    break;
+                  }
+                }
+              } else {
+                lastNoToolResponse = assistantResponseContent;
+                sameResponseCount = 1;
+              }
               currentMessages.push({ role: "assistant", content: assistantResponseContent });
               const unrecognizedTool = detectUnrecognizedToolCall(assistantResponseContent, validTools);
               let reminderContent;
@@ -98277,10 +98512,35 @@ Or if your previous response already contains a complete, direct answer (not a t
 
 Note: <attempt_complete></attempt_complete> reuses your PREVIOUS assistant message as the final answer. Only use this if that message was already a valid, complete response to the user's question.`;
               }
-              currentMessages.push({
-                role: "user",
-                content: reminderContent
-              });
+              const prevUserMsgIndex = currentMessages.length - 2;
+              const prevUserMsg = currentMessages[prevUserMsgIndex];
+              const isExistingReminder = prevUserMsg && prevUserMsg.role === "user" && (prevUserMsg.content.includes("Please use one of the available tools") || prevUserMsg.content.includes("<tool_result>"));
+              if (isExistingReminder && sameResponseCount > 1) {
+                const prevAssistantIndex = prevUserMsgIndex - 1;
+                const hasSystemMessage2 = currentMessages.length > 0 && currentMessages[0].role === "system";
+                const minValidIndex = hasSystemMessage2 ? 1 : 0;
+                const canSafelyRemove = prevAssistantIndex >= minValidIndex && currentMessages[prevAssistantIndex] && currentMessages[prevAssistantIndex].role === "assistant" && currentMessages.length - 2 >= (hasSystemMessage2 ? 2 : 1);
+                if (canSafelyRemove) {
+                  currentMessages.splice(prevAssistantIndex, 2);
+                  if (this.debug) {
+                    console.log(`[DEBUG] Removed duplicate assistant+reminder pair (iteration ${currentIteration}, same response #${sameResponseCount})`);
+                  }
+                } else if (this.debug) {
+                  console.log(`[DEBUG] Skipped deduplication: pattern validation failed (prevAssistantIndex=${prevAssistantIndex}, arrayLength=${currentMessages.length})`);
+                }
+                const iterationHint = `
+
+(Attempt #${sameResponseCount}: Your previous ${sameResponseCount} responses were identical. If you have a complete answer, use <attempt_complete></attempt_complete> to finalize it.)`;
+                currentMessages.push({
+                  role: "user",
+                  content: reminderContent + iterationHint
+                });
+              } else {
+                currentMessages.push({
+                  role: "user",
+                  content: reminderContent
+                });
+              }
               if (this.debug) {
                 if (unrecognizedTool) {
                   console.log(`[DEBUG] Unrecognized tool '${unrecognizedTool}' used. Providing error feedback.`);