@probelabs/probe 0.6.0-rc209 → 0.6.0-rc210

package/cjs/index.cjs

@@ -95328,6 +95328,9 @@ You are working with a repository located at: ${searchDirectory}
           let lastFormatErrorType = null;
           let sameFormatErrorCount = 0;
           const MAX_REPEATED_FORMAT_ERRORS = 3;
+          let lastNoToolResponse = null;
+          let sameResponseCount = 0;
+          const MAX_REPEATED_IDENTICAL_RESPONSES = 3;
           while (currentIteration < maxIterations && !completionAttempted) {
             currentIteration++;
             if (this.cancelled) throw new Error("Request was cancelled by the user");
@@ -95809,6 +95812,26 @@ ${errorXml}
                 }
                 break;
               }
+              if (lastNoToolResponse !== null && assistantResponseContent === lastNoToolResponse) {
+                sameResponseCount++;
+                if (sameResponseCount >= MAX_REPEATED_IDENTICAL_RESPONSES) {
+                  let cleanedResponse = assistantResponseContent;
+                  cleanedResponse = cleanedResponse.replace(/<thinking>[\s\S]*?<\/thinking>/gi, "").trim();
+                  cleanedResponse = cleanedResponse.replace(/<thinking>[\s\S]*$/gi, "").trim();
+                  const hasSubstantialContent = cleanedResponse.length > 50 && !cleanedResponse.includes("<api_call>") && !cleanedResponse.includes("<tool_name>") && !cleanedResponse.includes("<function>");
+                  if (hasSubstantialContent) {
+                    if (this.debug) {
+                      console.log(`[DEBUG] Same response repeated ${sameResponseCount} times - accepting as final answer (${cleanedResponse.length} chars)`);
+                    }
+                    finalResult = cleanedResponse;
+                    completionAttempted = true;
+                    break;
+                  }
+                }
+              } else {
+                lastNoToolResponse = assistantResponseContent;
+                sameResponseCount = 1;
+              }
               currentMessages.push({ role: "assistant", content: assistantResponseContent });
               const unrecognizedTool = detectUnrecognizedToolCall(assistantResponseContent, validTools);
               let reminderContent;
@@ -95881,10 +95904,35 @@ Or if your previous response already contains a complete, direct answer (not a t
 
 Note: <attempt_complete></attempt_complete> reuses your PREVIOUS assistant message as the final answer. Only use this if that message was already a valid, complete response to the user's question.`;
               }
-              currentMessages.push({
-                role: "user",
-                content: reminderContent
-              });
+              const prevUserMsgIndex = currentMessages.length - 2;
+              const prevUserMsg = currentMessages[prevUserMsgIndex];
+              const isExistingReminder = prevUserMsg && prevUserMsg.role === "user" && (prevUserMsg.content.includes("Please use one of the available tools") || prevUserMsg.content.includes("<tool_result>"));
+              if (isExistingReminder && sameResponseCount > 1) {
+                const prevAssistantIndex = prevUserMsgIndex - 1;
+                const hasSystemMessage2 = currentMessages.length > 0 && currentMessages[0].role === "system";
+                const minValidIndex = hasSystemMessage2 ? 1 : 0;
+                const canSafelyRemove = prevAssistantIndex >= minValidIndex && currentMessages[prevAssistantIndex] && currentMessages[prevAssistantIndex].role === "assistant" && currentMessages.length - 2 >= (hasSystemMessage2 ? 2 : 1);
+                if (canSafelyRemove) {
+                  currentMessages.splice(prevAssistantIndex, 2);
+                  if (this.debug) {
+                    console.log(`[DEBUG] Removed duplicate assistant+reminder pair (iteration ${currentIteration}, same response #${sameResponseCount})`);
+                  }
+                } else if (this.debug) {
+                  console.log(`[DEBUG] Skipped deduplication: pattern validation failed (prevAssistantIndex=${prevAssistantIndex}, arrayLength=${currentMessages.length})`);
+                }
+                const iterationHint = `
+
+(Attempt #${sameResponseCount}: Your previous ${sameResponseCount} responses were identical. If you have a complete answer, use <attempt_complete></attempt_complete> to finalize it.)`;
+                currentMessages.push({
+                  role: "user",
+                  content: reminderContent + iterationHint
+                });
+              } else {
+                currentMessages.push({
+                  role: "user",
+                  content: reminderContent
+                });
+              }
               if (this.debug) {
                 if (unrecognizedTool) {
                   console.log(`[DEBUG] Unrecognized tool '${unrecognizedTool}' used. Providing error feedback.`);
@@ -96656,7 +96704,10 @@ async function delegate({
   disableTools = false,
   searchDelegate = void 0,
   schema = null,
-  enableTasks = false
+  enableTasks = false,
+  enableMcp = false,
+  mcpConfig = null,
+  mcpConfigPath = null
 }) {
   if (!task || typeof task !== "string") {
     throw new Error("Task parameter is required and must be a string");
@@ -96712,8 +96763,14 @@ async function delegate({
       allowedTools,
       disableTools,
       searchDelegate,
-      enableTasks
+      enableTasks,
       // Inherit from parent (subagent gets isolated TaskManager)
+      enableMcp,
+      // Inherit from parent (subagent creates own MCPXmlBridge)
+      mcpConfig,
+      // Inherit from parent
+      mcpConfigPath
+      // Inherit from parent
     });
     if (debug) {
       console.error(`[DELEGATE] Created subagent with session ${sessionId}`);
@@ -97271,7 +97328,7 @@ var init_vercel = __esm({
       });
     };
     delegateTool = (options = {}) => {
-      const { debug = false, timeout = 300, cwd, allowedFolders, enableBash = false, bashConfig, architectureFileName } = options;
+      const { debug = false, timeout = 300, cwd, allowedFolders, enableBash = false, bashConfig, architectureFileName, enableMcp = false, mcpConfig = null, mcpConfigPath = null } = options;
       return (0, import_ai4.tool)({
         name: "delegate",
         description: delegateDescription,
@@ -97330,7 +97387,10 @@ var init_vercel = __esm({
             enableBash,
             bashConfig,
             architectureFileName,
-            searchDelegate
+            searchDelegate,
+            enableMcp,
+            mcpConfig,
+            mcpConfigPath
           });
           return result;
         }
@@ -97857,6 +97917,38 @@ function parseSimpleCommand(command) {
       isComplex: false
     };
   }
+  const stripQuotedContent = (str) => {
+    let result = "";
+    let inQuotes2 = false;
+    let quoteChar2 = "";
+    for (let i4 = 0; i4 < str.length; i4++) {
+      const char = str[i4];
+      const nextChar = str[i4 + 1];
+      if (!inQuotes2 && char === "\\" && nextChar !== void 0) {
+        i4++;
+        continue;
+      }
+      if (inQuotes2 && quoteChar2 === '"' && char === "\\" && nextChar !== void 0) {
+        i4++;
+        continue;
+      }
+      if (!inQuotes2 && (char === '"' || char === "'")) {
+        inQuotes2 = true;
+        quoteChar2 = char;
+        continue;
+      }
+      if (inQuotes2 && char === quoteChar2) {
+        inQuotes2 = false;
+        quoteChar2 = "";
+        continue;
+      }
+      if (!inQuotes2) {
+        result += char;
+      }
+    }
+    return result;
+  };
+  const strippedForOperators = stripQuotedContent(trimmed);
   const complexPatterns = [
     /\|/,
     // Pipes
@@ -97882,7 +97974,7 @@ function parseSimpleCommand(command) {
     // Brace expansion like {a,b} or {1..10} (but not find {} placeholders)
   ];
   for (const pattern of complexPatterns) {
-    if (pattern.test(trimmed)) {
+    if (pattern.test(strippedForOperators)) {
       return {
         success: false,
         error: "Complex shell commands with pipes, operators, or redirections are not supported for security reasons",
@@ -97897,17 +97989,17 @@ function parseSimpleCommand(command) {
   let current = "";
   let inQuotes = false;
   let quoteChar = "";
-  let escaped = false;
   for (let i4 = 0; i4 < trimmed.length; i4++) {
     const char = trimmed[i4];
     const nextChar = i4 + 1 < trimmed.length ? trimmed[i4 + 1] : "";
-    if (escaped) {
-      current += char;
-      escaped = false;
+    if (!inQuotes && char === "\\" && nextChar) {
+      current += nextChar;
+      i4++;
       continue;
     }
-    if (char === "\\" && !inQuotes) {
-      escaped = true;
+    if (inQuotes && quoteChar === '"' && char === "\\" && nextChar) {
+      current += nextChar;
+      i4++;
       continue;
     }
     if (!inQuotes && (char === '"' || char === "'")) {
@@ -98240,8 +98332,97 @@ var init_bashPermissions = __esm({
         });
         return result;
       }
+      /**
+       * Split a complex command into component commands by operators
+       *
+       * ## Escape Handling (Security-Critical)
+       *
+       * This function intentionally PRESERVES escape sequences (both backslash AND
+       * escaped character) in the output. This is step 1 of a 2-step parsing process:
+       *
+       * 1. _splitComplexCommand: Splits by operators, PRESERVES escapes → `echo "test\" && b"`
+       * 2. parseCommand: Interprets escapes in each component → args: ['test" && b']
+       *
+       * This differs from stripQuotedContent() in bashCommandUtils.js which REMOVES
+       * escapes entirely (for operator detection only).
+       *
+       * The security rationale: if we stripped escapes here, `\"` would become `"`,
+       * potentially causing incorrect quote boundary detection and allowing operator
+       * injection. By preserving escapes, parseCommand() can correctly interpret them.
+       *
+       * See bashCommandUtils.js module header for the full escape handling architecture.
+       *
+       * @private
+       * @param {string} command - Complex command to split
+       * @returns {string[]} Array of component commands (with escapes preserved)
+       */
+      _splitComplexCommand(command) {
+        const components = [];
+        let current = "";
+        let inQuotes = false;
+        let quoteChar = "";
+        let i4 = 0;
+        while (i4 < command.length) {
+          const char = command[i4];
+          const nextChar = command[i4 + 1] || "";
+          if (!inQuotes && char === "\\") {
+            current += char;
+            if (nextChar) {
+              current += nextChar;
+              i4 += 2;
+            } else {
+              i4++;
+            }
+            continue;
+          }
+          if (inQuotes && quoteChar === '"' && char === "\\" && nextChar) {
+            current += char + nextChar;
+            i4 += 2;
+            continue;
+          }
+          if (!inQuotes && (char === '"' || char === "'")) {
+            inQuotes = true;
+            quoteChar = char;
+            current += char;
+            i4++;
+            continue;
+          }
+          if (inQuotes && char === quoteChar) {
+            inQuotes = false;
+            quoteChar = "";
+            current += char;
+            i4++;
+            continue;
+          }
+          if (!inQuotes) {
+            if (char === "&" && nextChar === "&" || char === "|" && nextChar === "|") {
+              if (current.trim()) {
+                components.push(current.trim());
+              }
+              current = "";
+              i4 += 2;
+              continue;
+            }
+            if (char === "|") {
+              if (current.trim()) {
+                components.push(current.trim());
+              }
+              current = "";
+              i4++;
+              continue;
+            }
+          }
+          current += char;
+          i4++;
+        }
+        if (current.trim()) {
+          components.push(current.trim());
+        }
+        return components;
+      }
       /**
        * Check a complex command against complex patterns in allow/deny lists
+       * Also supports auto-allowing commands where all components are individually allowed
        * @private
        * @param {string} command - Complex command to check
        * @returns {Object} Permission result
@@ -98296,6 +98477,85 @@ var init_bashPermissions = __esm({
             return result;
           }
         }
+        const components = this._splitComplexCommand(command);
+        if (this.debug) {
+          console.log(`[BashPermissions] Checking ${components.length} command components: ${JSON.stringify(components)}`);
+        }
+        if (components.length > 1) {
+          const componentResults = [];
+          let allAllowed = true;
+          let deniedComponent = null;
+          let deniedReason = null;
+          for (const component of components) {
+            const parsed = parseCommand(component);
+            if (parsed.error || parsed.isComplex) {
+              if (this.debug) {
+                console.log(`[BashPermissions] Component "${component}" is complex or has error: ${parsed.error}`);
+              }
+              allAllowed = false;
+              deniedComponent = component;
+              deniedReason = parsed.error || "Component contains nested complex constructs";
+              break;
+            }
+            if (matchesAnyPattern(parsed, this.denyPatterns)) {
+              if (this.debug) {
+                console.log(`[BashPermissions] Component "${component}" matches deny pattern`);
+              }
+              allAllowed = false;
+              deniedComponent = component;
+              deniedReason = "Component matches deny pattern";
+              break;
+            }
+            if (!matchesAnyPattern(parsed, this.allowPatterns)) {
+              if (this.debug) {
+                console.log(`[BashPermissions] Component "${component}" not in allow list`);
+              }
+              allAllowed = false;
+              deniedComponent = component;
+              deniedReason = "Component not in allow list";
+              break;
+            }
+            componentResults.push({ component, parsed, allowed: true });
+          }
+          if (allAllowed) {
+            if (this.debug) {
+              console.log(`[BashPermissions] ALLOWED - all ${components.length} components passed individual checks`);
+            }
+            const result = {
+              allowed: true,
+              command,
+              isComplex: true,
+              allowedByComponents: true,
+              components: componentResults
+            };
+            this.recordBashEvent("permission.allowed", {
+              command,
+              isComplex: true,
+              allowedByComponents: true,
+              componentCount: components.length
+            });
+            return result;
+          } else {
+            if (this.debug) {
+              console.log(`[BashPermissions] DENIED - component "${deniedComponent}" failed: ${deniedReason}`);
+            }
+            const result = {
+              allowed: false,
+              reason: `Component "${deniedComponent}" not allowed: ${deniedReason}`,
+              command,
+              isComplex: true,
+              failedComponent: deniedComponent
+            };
+            this.recordBashEvent("permission.denied", {
+              command,
+              reason: "component_not_allowed",
+              failedComponent: deniedComponent,
+              componentReason: deniedReason,
+              isComplex: true
+            });
+            return result;
+          }
+        }
         if (this.debug) {
           console.log(`[BashPermissions] DENIED - no matching complex pattern found`);
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@probelabs/probe",
-  "version": "0.6.0-rc209",
+  "version": "0.6.0-rc210",
   "description": "Node.js wrapper for the probe code search tool",
   "main": "src/index.js",
   "module": "src/index.js",

package/src/agent/ProbeAgent.js

@@ -2587,6 +2587,11 @@ Follow these instructions carefully:
       let sameFormatErrorCount = 0;
       const MAX_REPEATED_FORMAT_ERRORS = 3;
 
+      // Circuit breaker for repeated identical responses without tool calls
+      let lastNoToolResponse = null;
+      let sameResponseCount = 0;
+      const MAX_REPEATED_IDENTICAL_RESPONSES = 3;
+
       // Tool iteration loop (only for non-CLI engines like Vercel/Anthropic/OpenAI)
       while (currentIteration < maxIterations && !completionAttempted) {
         currentIteration++;
@@ -3224,6 +3229,36 @@ Follow these instructions carefully:
             break;
           }
 
+          // Check for repeated identical responses - if AI gives same response 3 times,
+          // accept it as the final answer instead of continuing the loop
+          if (lastNoToolResponse !== null && assistantResponseContent === lastNoToolResponse) {
+            sameResponseCount++;
+            if (sameResponseCount >= MAX_REPEATED_IDENTICAL_RESPONSES) {
+              // Clean up the response - remove thinking tags
+              let cleanedResponse = assistantResponseContent;
+              cleanedResponse = cleanedResponse.replace(/<thinking>[\s\S]*?<\/thinking>/gi, '').trim();
+              cleanedResponse = cleanedResponse.replace(/<thinking>[\s\S]*$/gi, '').trim();
+
+              const hasSubstantialContent = cleanedResponse.length > 50 &&
+                !cleanedResponse.includes('<api_call>') &&
+                !cleanedResponse.includes('<tool_name>') &&
+                !cleanedResponse.includes('<function>');
+
+              if (hasSubstantialContent) {
+                if (this.debug) {
+                  console.log(`[DEBUG] Same response repeated ${sameResponseCount} times - accepting as final answer (${cleanedResponse.length} chars)`);
+                }
+                finalResult = cleanedResponse;
+                completionAttempted = true;
+                break;
+              }
+            }
+          } else {
+            // Different response, reset counter
+            lastNoToolResponse = assistantResponseContent;
+            sameResponseCount = 1;
+          }
+
           // Add assistant response and ask for tool usage
           currentMessages.push({ role: 'assistant', content: assistantResponseContent });
 
@@ -3313,10 +3348,56 @@ Or if your previous response already contains a complete, direct answer (not a t
 Note: <attempt_complete></attempt_complete> reuses your PREVIOUS assistant message as the final answer. Only use this if that message was already a valid, complete response to the user's question.`;
           }
 
-          currentMessages.push({
-            role: 'user',
-            content: reminderContent
-          });
+          // Check if we should replace the previous reminder instead of appending
+          // After pushing assistant message, the previous user message (if a reminder) is at length - 2
+          // Message pattern: [..., prev_assistant, prev_user_reminder, current_assistant]
+          const prevUserMsgIndex = currentMessages.length - 2;
+          const prevUserMsg = currentMessages[prevUserMsgIndex];
+          const isExistingReminder = prevUserMsg && prevUserMsg.role === 'user' &&
+            (prevUserMsg.content.includes('Please use one of the available tools') ||
+             prevUserMsg.content.includes('<tool_result>'));
+
+          if (isExistingReminder && sameResponseCount > 1) {
+            // Replace the previous reminder with updated content and remove duplicated assistant message
+            // This prevents context bloat from repeated identical exchanges
+            // Pattern: [..., prev_assistant, prev_user_reminder, current_assistant] -> [..., current_assistant, new_reminder]
+            const prevAssistantIndex = prevUserMsgIndex - 1;
+
+            // Validate the expected pattern before splicing:
+            // 1. prevAssistantIndex must be valid (>= 0)
+            // 2. If there's a system message at index 0, don't remove it (prevAssistantIndex > 0)
+            // 3. Must be an assistant message at prevAssistantIndex
+            // 4. After removal, array should have at least 2 messages (current assistant + new reminder)
+            const hasSystemMessage = currentMessages.length > 0 && currentMessages[0].role === 'system';
+            const minValidIndex = hasSystemMessage ? 1 : 0;
+            const canSafelyRemove = prevAssistantIndex >= minValidIndex &&
+              currentMessages[prevAssistantIndex] &&
+              currentMessages[prevAssistantIndex].role === 'assistant' &&
+              (currentMessages.length - 2) >= (hasSystemMessage ? 2 : 1); // After removal: at least system+assistant or just assistant
+
+            if (canSafelyRemove) {
+              // Remove the duplicate assistant and old reminder (2 messages starting at prevAssistantIndex)
+              currentMessages.splice(prevAssistantIndex, 2);
+              if (this.debug) {
+                console.log(`[DEBUG] Removed duplicate assistant+reminder pair (iteration ${currentIteration}, same response #${sameResponseCount})`);
+              }
+            } else if (this.debug) {
+              console.log(`[DEBUG] Skipped deduplication: pattern validation failed (prevAssistantIndex=${prevAssistantIndex}, arrayLength=${currentMessages.length})`);
+            }
+
+            // Add iteration context to help the AI understand this is a repeated attempt
+            const iterationHint = `\n\n(Attempt #${sameResponseCount}: Your previous ${sameResponseCount} responses were identical. If you have a complete answer, use <attempt_complete></attempt_complete> to finalize it.)`;
+            currentMessages.push({
+              role: 'user',
+              content: reminderContent + iterationHint
+            });
+          } else {
+            currentMessages.push({
+              role: 'user',
+              content: reminderContent
+            });
+          }
+
           if (this.debug) {
             if (unrecognizedTool) {
               console.log(`[DEBUG] Unrecognized tool '${unrecognizedTool}' used. Providing error feedback.`);

package/src/agent/bashCommandUtils.js

@@ -1,10 +1,36 @@
 /**
  * Unified command parsing utilities for bash tool
- * 
+ *
  * This module provides a single source of truth for parsing shell commands.
  * It supports only simple commands (no pipes, operators, or substitutions)
  * to align with the executor's capabilities.
- * 
+ *
+ * ## Escape Handling Architecture
+ *
+ * There are THREE different escape handling behaviors in the bash permission system,
+ * each serving a distinct purpose:
+ *
+ * 1. **stripQuotedContent()** (in parseSimpleCommand): SKIPS both backslash AND next char
+ *    - Purpose: Detect operators (|, &&, ||) that exist OUTSIDE quoted strings
+ *    - Output is never used for execution, only for operator detection
+ *    - Example: `echo "a && b"` → strips quoted content → no `&&` detected outside quotes
+ *
+ * 2. **parseSimpleCommand()** main loop: STRIPS backslash, KEEPS escaped char
+ *    - Purpose: Extract actual argument values that would be passed to the command
+ *    - Matches bash behavior where `\"` inside double quotes becomes `"`
+ *    - Example: `echo "he said \"hi\""` → args: ['he said "hi"']
+ *
+ * 3. **_splitComplexCommand()** (in bashPermissions.js): PRESERVES both backslash AND next char
+ *    - Purpose: Split complex commands by operators while preserving escape sequences
+ *    - Output is passed to parseCommand() which will then interpret the escapes
+ *    - Example: `echo "test\" && b" && cmd` → components passed to parseCommand for final parsing
+ *
+ * This design ensures:
+ * - Commands with operators inside quotes (e.g., `echo "a && b"`) are NOT incorrectly
+ *   flagged as complex commands
+ * - Escaped quotes (e.g., `\"`) don't prematurely end quoted sections
+ * - Each component gets proper escape interpretation in the final parsing step
+ *
  * @module bashCommandUtils
  */
 
@@ -38,7 +64,64 @@ export function parseSimpleCommand(command) {
     };
   }
 
+  // Strip quoted content before checking for complex operators
+  // This prevents detecting operators inside quotes (e.g., echo "a && b")
+  //
+  // IMPORTANT: This function is ONLY used to detect operators, NOT for argument parsing.
+  // It REMOVES both backslash AND escaped character from the output, unlike parseSimpleCommand
+  // which interprets escapes. This is intentional - we only care about finding operators
+  // that exist outside of quoted strings. See module header for architecture details.
+  const stripQuotedContent = (str) => {
+    let result = '';
+    let inQuotes = false;
+    let quoteChar = '';
+
+    for (let i = 0; i < str.length; i++) {
+      const char = str[i];
+      const nextChar = str[i + 1];
+
+      // Handle escape sequences outside quotes - skip both chars (not operators)
+      if (!inQuotes && char === '\\' && nextChar !== undefined) {
+        // Skip the backslash and next char - they can't be operators
+        i++;
+        continue;
+      }
+
+      // Handle escape sequences inside double quotes
+      // In bash, only ", $, `, \, and newline are escapable in double quotes
+      if (inQuotes && quoteChar === '"' && char === '\\' && nextChar !== undefined) {
+        // Skip both the backslash and the escaped character (stays inside quotes)
+        i++;
+        continue;
+      }
+
+      // Start of quoted section
+      if (!inQuotes && (char === '"' || char === "'")) {
+        inQuotes = true;
+        quoteChar = char;
+        continue;
+      }
+
+      // End of quoted section
+      if (inQuotes && char === quoteChar) {
+        inQuotes = false;
+        quoteChar = '';
+        continue;
+      }
+
+      // Only add characters that are outside quotes
+      if (!inQuotes) {
+        result += char;
+      }
+    }
+
+    return result;
+  };
+
   // Check for complex shell constructs that we don't support
+  // Use stripped version (without quoted content) for operator detection
+  const strippedForOperators = stripQuotedContent(trimmed);
+
   const complexPatterns = [
     /\|/,           // Pipes
     /&&/,           // Logical AND
@@ -54,7 +137,7 @@ export function parseSimpleCommand(command) {
   ];
 
   for (const pattern of complexPatterns) {
-    if (pattern.test(trimmed)) {
+    if (pattern.test(strippedForOperators)) {
       return {
         success: false,
         error: 'Complex shell commands with pipes, operators, or redirections are not supported for security reasons',
@@ -71,22 +154,25 @@ export function parseSimpleCommand(command) {
   let current = '';
   let inQuotes = false;
   let quoteChar = '';
-  let escaped = false;
 
   for (let i = 0; i < trimmed.length; i++) {
     const char = trimmed[i];
     const nextChar = i + 1 < trimmed.length ? trimmed[i + 1] : '';
-    
-    if (escaped) {
-      // Handle escaped characters
-      current += char;
-      escaped = false;
+
+    // Handle escapes outside quotes
+    if (!inQuotes && char === '\\' && nextChar) {
+      // Add the escaped character (skip the backslash)
+      current += nextChar;
+      i++; // Skip next character
       continue;
     }
 
-    if (char === '\\' && !inQuotes) {
-      // Escape next character
-      escaped = true;
+    // Handle escapes inside double quotes (single quotes don't process escapes)
+    if (inQuotes && quoteChar === '"' && char === '\\' && nextChar) {
+      // In double quotes, backslash escapes certain characters
+      // Add the escaped character to current
+      current += nextChar;
+      i++; // Skip next character
       continue;
     }