@probelabs/probe 0.6.0-rc255 → 0.6.0-rc257

package/cjs/agent/ProbeAgent.cjs

@@ -1844,6 +1844,7 @@ var require_ChecksumStream = __commonJS({
       checksum;
       source;
       base64Encoder;
+      pendingCallback = null;
       constructor({ expectedChecksum, checksum, source, checksumSourceLocation, base64Encoder }) {
         super();
         if (typeof source.pipe === "function") {
@@ -1858,11 +1859,20 @@ var require_ChecksumStream = __commonJS({
         this.source.pipe(this);
       }
       _read(size) {
+        if (this.pendingCallback) {
+          const callback = this.pendingCallback;
+          this.pendingCallback = null;
+          callback();
+        }
       }
       _write(chunk, encoding, callback) {
         try {
           this.checksum.update(chunk);
-          this.push(chunk);
+          const canPushMore = this.push(chunk);
+          if (!canPushMore) {
+            this.pendingCallback = callback;
+            return;
+          }
         } catch (e5) {
           return callback(e5);
         }
@@ -39852,6 +39862,10 @@ function getValidParamsForTool(toolName) {
   }
   return [];
 }
+function unescapeXmlEntities(str) {
+  if (typeof str !== "string") return str;
+  return str.replace(/&lt;/g, "<").replace(/&gt;/g, ">").replace(/&quot;/g, '"').replace(/&apos;/g, "'").replace(/&amp;/g, "&");
+}
 function parseXmlToolCall(xmlString, validTools = DEFAULT_VALID_TOOLS) {
   let earliestToolName = null;
   let earliestOpenIndex = Infinity;
@@ -39908,10 +39922,10 @@ function parseXmlToolCall(xmlString, validTools = DEFAULT_VALID_TOOLS) {
       }
       paramCloseIndex = nextTagIndex;
     }
-    let paramValue = innerContent.substring(
+    let paramValue = unescapeXmlEntities(innerContent.substring(
       paramOpenIndex + paramOpenTag.length,
       paramCloseIndex
-    ).trim();
+    ).trim());
     if (paramValue.toLowerCase() === "true") {
       paramValue = true;
     } else if (paramValue.toLowerCase() === "false") {
@@ -39925,7 +39939,7 @@ function parseXmlToolCall(xmlString, validTools = DEFAULT_VALID_TOOLS) {
     params[paramName] = paramValue;
   }
   if (toolName === "attempt_completion") {
-    params["result"] = innerContent.trim();
+    params["result"] = unescapeXmlEntities(innerContent.trim());
     if (params.command) {
       delete params.command;
     }
@@ -41035,95 +41049,102 @@ var init_bashDefaults = __esm({
       "dir",
       "pwd",
       "cd",
-      "cd:*",
       // File reading commands
       "cat",
-      "cat:*",
       "head",
-      "head:*",
       "tail",
-      "tail:*",
       "less",
       "more",
       "view",
       // File information and metadata
       "file",
-      "file:*",
       "stat",
-      "stat:*",
       "wc",
-      "wc:*",
       "du",
-      "du:*",
       "df",
-      "df:*",
       "realpath",
-      "realpath:*",
-      // Search and find commands (read-only) - find restricted to safe operations
+      // Search and find commands (read-only)
+      // Note: bare 'find' allows all find variants; dangerous ones (find -exec) are blocked by deny list
       "find",
-      "find:-name:*",
-      "find:-type:*",
-      "find:-size:*",
-      "find:-mtime:*",
-      "find:-newer:*",
-      "find:-path:*",
-      "find:-iname:*",
-      "find:-maxdepth:*",
-      "find:-mindepth:*",
-      "find:-print",
       "grep",
-      "grep:*",
       "egrep",
-      "egrep:*",
       "fgrep",
-      "fgrep:*",
       "rg",
-      "rg:*",
       "ag",
-      "ag:*",
       "ack",
-      "ack:*",
       "which",
-      "which:*",
       "whereis",
-      "whereis:*",
       "locate",
-      "locate:*",
       "type",
-      "type:*",
       "command",
-      "command:*",
       // Tree and structure visualization
       "tree",
-      "tree:*",
       // Git read-only operations
       "git:status",
       "git:log",
-      "git:log:*",
       "git:diff",
-      "git:diff:*",
       "git:show",
-      "git:show:*",
       "git:branch",
-      "git:branch:*",
       "git:tag",
-      "git:tag:*",
       "git:describe",
-      "git:describe:*",
       "git:remote",
-      "git:remote:*",
-      "git:config:*",
+      "git:config",
       "git:blame",
-      "git:blame:*",
       "git:shortlog",
       "git:reflog",
       "git:ls-files",
       "git:ls-tree",
+      "git:ls-remote",
       "git:rev-parse",
       "git:rev-list",
+      "git:cat-file",
+      "git:diff-tree",
+      "git:diff-files",
+      "git:diff-index",
+      "git:for-each-ref",
+      "git:merge-base",
+      "git:name-rev",
+      "git:count-objects",
+      "git:verify-commit",
+      "git:verify-tag",
+      "git:check-ignore",
+      "git:check-attr",
+      "git:stash:list",
+      "git:stash:show",
+      "git:worktree:list",
+      "git:notes:list",
+      "git:notes:show",
       "git:--version",
       "git:help",
-      "git:help:*",
+      // GitHub CLI (gh) read-only operations
+      "gh:--version",
+      "gh:help",
+      "gh:status",
+      "gh:auth:status",
+      "gh:issue:list",
+      "gh:issue:view",
+      "gh:issue:status",
+      "gh:pr:list",
+      "gh:pr:view",
+      "gh:pr:status",
+      "gh:pr:diff",
+      "gh:pr:checks",
+      "gh:repo:list",
+      "gh:repo:view",
+      "gh:release:list",
+      "gh:release:view",
+      "gh:run:list",
+      "gh:run:view",
+      "gh:workflow:list",
+      "gh:workflow:view",
+      "gh:gist:list",
+      "gh:gist:view",
+      "gh:search:issues",
+      "gh:search:prs",
+      "gh:search:repos",
+      "gh:search:code",
+      "gh:search:commits",
+      "gh:api",
       // Package managers (information only)
       "npm:list",
       "npm:ls",
@@ -41184,7 +41205,6 @@ var init_bashDefaults = __esm({
       "sqlite3:--version",
       // System information
       "uname",
-      "uname:*",
       "hostname",
       "whoami",
       "id",
@@ -41195,23 +41215,17 @@ var init_bashDefaults = __esm({
       "w",
       "users",
       "sleep",
-      "sleep:*",
       // Environment and shell
       "env",
       "printenv",
       "echo",
-      "echo:*",
       "printf",
-      "printf:*",
       "export",
-      "export:*",
       "set",
       "unset",
       // Process information (read-only)
       "ps",
-      "ps:*",
       "pgrep",
-      "pgrep:*",
       "jobs",
       "top:-n:1",
       // Network information (read-only)
@@ -41226,39 +41240,24 @@ var init_bashDefaults = __esm({
       // Text processing and utilities (awk removed - too powerful)
       "sed:-n:*",
       "cut",
-      "cut:*",
       "sort",
-      "sort:*",
       "uniq",
-      "uniq:*",
       "tr",
-      "tr:*",
       "column",
-      "column:*",
       "paste",
-      "paste:*",
       "join",
-      "join:*",
       "comm",
-      "comm:*",
       "diff",
-      "diff:*",
       "cmp",
-      "cmp:*",
       "patch:--dry-run:*",
       // Hashing and encoding (read-only)
       "md5sum",
-      "md5sum:*",
       "sha1sum",
-      "sha1sum:*",
       "sha256sum",
-      "sha256sum:*",
       "base64",
       "base64:-d",
       "od",
-      "od:*",
       "hexdump",
-      "hexdump:*",
       // Archive and compression (list/view only)
       "tar:-tf:*",
       "tar:-tzf:*",
@@ -41268,15 +41267,11 @@ var init_bashDefaults = __esm({
       "gunzip:-l:*",
       // Help and documentation
       "man",
-      "man:*",
       "--help",
       "help",
       "info",
-      "info:*",
       "whatis",
-      "whatis:*",
       "apropos",
-      "apropos:*",
       // Make (dry run and info)
       "make:-n",
       "make:--dry-run",
@@ -41299,36 +41294,30 @@ var init_bashDefaults = __esm({
       "rm:-rf",
       "rm:-f:/",
       "rm:/",
-      "rm:-rf:*",
       "rmdir",
       "chmod:777",
       "chmod:-R:777",
       "chown",
       "chgrp",
       "dd",
-      "dd:*",
       "shred",
-      "shred:*",
       // Dangerous find operations that can execute arbitrary commands
-      "find:-exec:*",
-      "find:*:-exec:*",
-      "find:-execdir:*",
-      "find:*:-execdir:*",
-      "find:-ok:*",
-      "find:*:-ok:*",
-      "find:-okdir:*",
-      "find:*:-okdir:*",
+      "find:-exec",
+      "find:*:-exec",
+      "find:-execdir",
+      "find:*:-execdir",
+      "find:-ok",
+      "find:*:-ok",
+      "find:-okdir",
+      "find:*:-okdir",
       // Powerful scripting tools that can execute arbitrary commands
       "awk",
-      "awk:*",
       "perl",
-      "perl:*",
       "python:-c:*",
       "node:-e:*",
       // System administration and modification
-      "sudo:*",
+      "sudo",
       "su",
-      "su:*",
       "passwd",
       "adduser",
       "useradd",
@@ -41366,11 +41355,11 @@ var init_bashDefaults = __esm({
       "composer:install",
       "composer:update",
       "composer:remove",
-      "apt:*",
-      "apt-get:*",
-      "yum:*",
-      "dnf:*",
-      "zypper:*",
+      "apt",
+      "apt-get",
+      "yum",
+      "dnf",
+      "zypper",
       "brew:install",
       "brew:uninstall",
       "brew:upgrade",
@@ -41378,11 +41367,11 @@ var init_bashDefaults = __esm({
       "conda:remove",
       "conda:update",
       // Service and system control
-      "systemctl:*",
-      "service:*",
-      "chkconfig:*",
-      "initctl:*",
-      "upstart:*",
+      "systemctl",
+      "service",
+      "chkconfig",
+      "initctl",
+      "upstart",
       // Network operations that could be dangerous
       "curl:-d:*",
       "curl:--data:*",
@@ -41391,32 +41380,21 @@ var init_bashDefaults = __esm({
       "wget:-O:/",
       "wget:--post-data:*",
       "ssh",
-      "ssh:*",
       "scp",
-      "scp:*",
       "sftp",
-      "sftp:*",
-      "rsync:*",
+      "rsync",
       "nc",
-      "nc:*",
       "netcat",
-      "netcat:*",
       "telnet",
-      "telnet:*",
       "ftp",
-      "ftp:*",
       // Process control and termination
       "kill",
-      "kill:*",
       "killall",
-      "killall:*",
       "pkill",
-      "pkill:*",
-      "nohup:*",
-      "disown:*",
+      "nohup",
+      "disown",
       // System control and shutdown
       "shutdown",
-      "shutdown:*",
       "reboot",
       "halt",
       "poweroff",
@@ -41424,50 +41402,92 @@ var init_bashDefaults = __esm({
       "telinit",
       // Kernel and module operations
       "insmod",
-      "insmod:*",
       "rmmod",
-      "rmmod:*",
       "modprobe",
-      "modprobe:*",
       "sysctl:-w:*",
       // Dangerous git operations
       "git:push",
-      "git:push:*",
       "git:force",
-      "git:reset:--hard:*",
-      "git:clean:-fd",
-      "git:rm:*",
+      "git:reset",
+      "git:clean",
+      "git:rm",
       "git:commit",
       "git:merge",
       "git:rebase",
       "git:cherry-pick",
       "git:stash:drop",
+      "git:stash:pop",
+      "git:stash:push",
+      "git:stash:clear",
+      "git:branch:-d",
+      "git:branch:-D",
+      "git:branch:--delete",
+      "git:tag:-d",
+      "git:tag:--delete",
+      "git:remote:remove",
+      "git:remote:rm",
+      "git:checkout:--force",
+      "git:checkout:-f",
+      "git:submodule:deinit",
+      "git:notes:add",
+      "git:notes:remove",
+      "git:worktree:add",
+      "git:worktree:remove",
+      // Dangerous GitHub CLI (gh) write operations
+      "gh:issue:create",
+      "gh:issue:close",
+      "gh:issue:delete",
+      "gh:issue:edit",
+      "gh:issue:reopen",
+      "gh:issue:comment",
+      "gh:pr:create",
+      "gh:pr:close",
+      "gh:pr:merge",
+      "gh:pr:edit",
+      "gh:pr:reopen",
+      "gh:pr:review",
+      "gh:pr:comment",
+      "gh:repo:create",
+      "gh:repo:delete",
+      "gh:repo:fork",
+      "gh:repo:rename",
+      "gh:repo:archive",
+      "gh:repo:clone",
+      "gh:release:create",
+      "gh:release:delete",
+      "gh:release:edit",
+      "gh:run:cancel",
+      "gh:run:rerun",
+      "gh:workflow:run",
+      "gh:workflow:enable",
+      "gh:workflow:disable",
+      "gh:gist:create",
+      "gh:gist:delete",
+      "gh:gist:edit",
+      "gh:secret:set",
+      "gh:secret:delete",
+      "gh:variable:set",
+      "gh:variable:delete",
+      "gh:label:create",
+      "gh:label:delete",
+      "gh:ssh-key:add",
+      "gh:ssh-key:delete",
       // File system mounting and partitioning
       "mount",
-      "mount:*",
       "umount",
-      "umount:*",
       "fdisk",
-      "fdisk:*",
       "parted",
-      "parted:*",
       "mkfs",
-      "mkfs:*",
       "fsck",
-      "fsck:*",
       // Cron and scheduling
       "crontab",
-      "crontab:*",
       "at",
-      "at:*",
       "batch",
-      "batch:*",
       // Compression with potential overwrite
       "tar:-xf:*",
       "unzip",
-      "unzip:*",
-      "gzip:*",
-      "gunzip:*",
+      "gzip",
+      "gunzip",
       // Build and compilation that might modify files
       "make",
       "make:install",
@@ -41480,11 +41500,8 @@ var init_bashDefaults = __esm({
       "gradle:build",
       // Docker operations that could modify state
       "docker:run",
-      "docker:run:*",
       "docker:exec",
-      "docker:exec:*",
       "docker:build",
-      "docker:build:*",
       "docker:pull",
       "docker:push",
       "docker:rm",
@@ -41498,22 +41515,15 @@ var init_bashDefaults = __esm({
       "mongo:--eval:*",
       // Text editors that could modify files
       "vi",
-      "vi:*",
       "vim",
-      "vim:*",
       "nano",
-      "nano:*",
       "emacs",
-      "emacs:*",
       "sed:-i:*",
       "perl:-i:*",
       // Potentially dangerous utilities
       "eval",
-      "eval:*",
       "exec",
-      "exec:*",
       "source",
-      "source:*",
       "bash:-c:*",
       "sh:-c:*",
       "zsh:-c:*"
@@ -41792,9 +41802,19 @@ var init_bashPermissions = __esm({
     BashPermissionChecker = class {
       /**
        * Create a permission checker
+       *
+       * Priority order (highest to lowest):
+       *   1. Custom deny  — always blocks (user explicitly blocked it)
+       *   2. Custom allow — overrides default deny (user explicitly allowed it)
+       *   3. Default deny — blocks by default
+       *   4. Allow list   — allows recognized safe commands
+       *
+       * This means `--bash-allow "git:push"` overrides the default deny for git:push
+       * without requiring `--no-default-bash-deny`.
+       *
        * @param {Object} config - Configuration options
-       * @param {string[]} [config.allow] - Additional allow patterns
-       * @param {string[]} [config.deny] - Additional deny patterns
+       * @param {string[]} [config.allow] - Additional allow patterns (override default deny)
+       * @param {string[]} [config.deny] - Additional deny patterns (always win)
        * @param {boolean} [config.disableDefaultAllow] - Disable default allow list
        * @param {boolean} [config.disableDefaultDeny] - Disable default deny list
        * @param {boolean} [config.debug] - Enable debug logging
@@ -41803,40 +41823,22 @@ var init_bashPermissions = __esm({
       constructor(config = {}) {
         this.debug = config.debug || false;
         this.tracer = config.tracer || null;
-        this.allowPatterns = [];
-        if (!config.disableDefaultAllow) {
-          this.allowPatterns.push(...DEFAULT_ALLOW_PATTERNS);
-          if (this.debug) {
-            console.log(`[BashPermissions] Added ${DEFAULT_ALLOW_PATTERNS.length} default allow patterns`);
-          }
-        }
-        if (config.allow && Array.isArray(config.allow)) {
-          this.allowPatterns.push(...config.allow);
-          if (this.debug) {
-            console.log(`[BashPermissions] Added ${config.allow.length} custom allow patterns:`, config.allow);
-          }
-        }
-        this.denyPatterns = [];
-        if (!config.disableDefaultDeny) {
-          this.denyPatterns.push(...DEFAULT_DENY_PATTERNS);
-          if (this.debug) {
-            console.log(`[BashPermissions] Added ${DEFAULT_DENY_PATTERNS.length} default deny patterns`);
-          }
-        }
-        if (config.deny && Array.isArray(config.deny)) {
-          this.denyPatterns.push(...config.deny);
-          if (this.debug) {
-            console.log(`[BashPermissions] Added ${config.deny.length} custom deny patterns:`, config.deny);
-          }
-        }
+        this.defaultAllowPatterns = config.disableDefaultAllow ? [] : [...DEFAULT_ALLOW_PATTERNS];
+        this.customAllowPatterns = config.allow && Array.isArray(config.allow) ? [...config.allow] : [];
+        this.allowPatterns = [...this.defaultAllowPatterns, ...this.customAllowPatterns];
+        this.defaultDenyPatterns = config.disableDefaultDeny ? [] : [...DEFAULT_DENY_PATTERNS];
+        this.customDenyPatterns = config.deny && Array.isArray(config.deny) ? [...config.deny] : [];
+        this.denyPatterns = [...this.defaultDenyPatterns, ...this.customDenyPatterns];
         if (this.debug) {
+          console.log(`[BashPermissions] Default allow: ${this.defaultAllowPatterns.length}, Custom allow: ${this.customAllowPatterns.length}`);
+          console.log(`[BashPermissions] Default deny: ${this.defaultDenyPatterns.length}, Custom deny: ${this.customDenyPatterns.length}`);
           console.log(`[BashPermissions] Total patterns - Allow: ${this.allowPatterns.length}, Deny: ${this.denyPatterns.length}`);
         }
         this.recordBashEvent("permissions.initialized", {
           allowPatternCount: this.allowPatterns.length,
           denyPatternCount: this.denyPatterns.length,
-          hasCustomAllowPatterns: !!(config.allow && config.allow.length > 0),
-          hasCustomDenyPatterns: !!(config.deny && config.deny.length > 0),
+          hasCustomAllowPatterns: this.customAllowPatterns.length > 0,
+          hasCustomDenyPatterns: this.customDenyPatterns.length > 0,
           disableDefaultAllow: !!config.disableDefaultAllow,
           disableDefaultDeny: !!config.disableDefaultDeny
         });
@@ -41906,8 +41908,11 @@ var init_bashPermissions = __esm({
           console.log(`[BashPermissions] Checking simple command: "${command}"`);
           console.log(`[BashPermissions] Parsed: ${parsed.command} with args: [${parsed.args.join(", ")}]`);
         }
-        if (matchesAnyPattern(parsed, this.denyPatterns)) {
-          const matchedPatterns = this.denyPatterns.filter((pattern) => matchesPattern(parsed, pattern));
+        if (matchesAnyPattern(parsed, this.customDenyPatterns)) {
+          const matchedPatterns = this.customDenyPatterns.filter((pattern) => matchesPattern(parsed, pattern));
+          if (this.debug) {
+            console.log(`[BashPermissions] DENIED - matches custom deny pattern: ${matchedPatterns[0]}`);
+          }
           const result2 = {
             allowed: false,
             reason: `Command matches deny pattern: ${matchedPatterns[0]}`,
@@ -41920,7 +41925,31 @@ var init_bashPermissions = __esm({
             parsedCommand: parsed.command,
             reason: "matches_deny_pattern",
             matchedPattern: matchedPatterns[0],
-            isComplex: false
+            isComplex: false,
+            isCustomDeny: true
+          });
+          return result2;
+        }
+        const matchesCustomAllow = matchesAnyPattern(parsed, this.customAllowPatterns);
+        if (!matchesCustomAllow && matchesAnyPattern(parsed, this.defaultDenyPatterns)) {
+          const matchedPatterns = this.defaultDenyPatterns.filter((pattern) => matchesPattern(parsed, pattern));
+          if (this.debug) {
+            console.log(`[BashPermissions] DENIED - matches default deny pattern: ${matchedPatterns[0]}`);
+          }
+          const result2 = {
+            allowed: false,
+            reason: `Command matches deny pattern: ${matchedPatterns[0]}`,
+            command,
+            parsed,
+            matchedPatterns
+          };
+          this.recordBashEvent("permission.denied", {
+            command,
+            parsedCommand: parsed.command,
+            reason: "matches_deny_pattern",
+            matchedPattern: matchedPatterns[0],
+            isComplex: false,
+            isCustomDeny: false
           });
           return result2;
         }
@@ -41945,15 +41974,21 @@ var init_bashPermissions = __esm({
           allowed: true,
           command,
           parsed,
-          isComplex: false
+          isComplex: false,
+          overriddenDeny: matchesCustomAllow && matchesAnyPattern(parsed, this.defaultDenyPatterns)
         };
         if (this.debug) {
-          console.log(`[BashPermissions] ALLOWED - command passed all checks`);
+          if (result.overriddenDeny) {
+            console.log(`[BashPermissions] ALLOWED - custom allow overrides default deny`);
+          } else {
+            console.log(`[BashPermissions] ALLOWED - command passed all checks`);
+          }
         }
         this.recordBashEvent("permission.allowed", {
           command,
           parsedCommand: parsed.command,
-          isComplex: false
+          isComplex: false,
+          overriddenDeny: result.overriddenDeny || false
         });
         return result;
       }
@@ -42122,9 +42157,19 @@ var init_bashPermissions = __esm({
               deniedReason = parsed.error || "Component contains nested complex constructs";
               break;
             }
-            if (matchesAnyPattern(parsed, this.denyPatterns)) {
+            if (matchesAnyPattern(parsed, this.customDenyPatterns)) {
+              if (this.debug) {
+                console.log(`[BashPermissions] Component "${component}" matches custom deny pattern`);
+              }
+              allAllowed = false;
+              deniedComponent = component;
+              deniedReason = "Component matches deny pattern";
+              break;
+            }
+            const componentMatchesCustomAllow = matchesAnyPattern(parsed, this.customAllowPatterns);
+            if (!componentMatchesCustomAllow && matchesAnyPattern(parsed, this.defaultDenyPatterns)) {
               if (this.debug) {
-                console.log(`[BashPermissions] Component "${component}" matches deny pattern`);
+                console.log(`[BashPermissions] Component "${component}" matches default deny pattern`);
               }
               allAllowed = false;
               deniedComponent = component;
@@ -42204,6 +42249,10 @@ var init_bashPermissions = __esm({
         return {
           allowPatterns: this.allowPatterns.length,
           denyPatterns: this.denyPatterns.length,
+          customAllowPatterns: this.customAllowPatterns.length,
+          customDenyPatterns: this.customDenyPatterns.length,
+          defaultAllowPatterns: this.defaultAllowPatterns.length,
+          defaultDenyPatterns: this.defaultDenyPatterns.length,
           totalPatterns: this.allowPatterns.length + this.denyPatterns.length
         };
       }
@@ -42586,8 +42635,8 @@ Common reasons:
 2. The command is not in the allow list (not a recognized safe command)
 
 If you believe this command should be allowed, you can:
-- Use the --bash-allow option to add specific patterns
-- Use the --no-default-bash-deny flag to remove default restrictions (not recommended)
+- Use the --bash-allow option to add specific patterns (overrides default deny list)
+  Example: --bash-allow "git:push" allows git push while keeping all other deny rules
 
 For code exploration, try these safe alternatives:
 - ls, cat, head, tail for file operations
@@ -98623,6 +98672,7 @@ __export(schemaUtils_exports, {
   replaceMermaidDiagramsInMarkdown: () => replaceMermaidDiagramsInMarkdown,
   sanitizeMarkdownEscapesInJson: () => sanitizeMarkdownEscapesInJson,
   tryAutoWrapForSimpleSchema: () => tryAutoWrapForSimpleSchema,
+  tryExtractValidJsonPrefix: () => tryExtractValidJsonPrefix,
   tryMaidAutoFix: () => tryMaidAutoFix,
   validateAndFixMermaidResponse: () => validateAndFixMermaidResponse,
   validateJsonResponse: () => validateJsonResponse,
@@ -99009,6 +99059,13 @@ function validateJsonResponse(response, options = {}) {
         errorPosition = response.indexOf(problematicToken);
       }
     }
+    const prefixResult = tryExtractValidJsonPrefix(responseToValidate, { schema, debug });
+    if (prefixResult && prefixResult.isValid) {
+      if (debug) {
+        console.log(`[DEBUG] JSON validation: Recovered valid JSON prefix (${prefixResult.extracted.length} chars) from response with trailing content`);
+      }
+      return { isValid: true, parsed: prefixResult.parsed };
+    }
     let enhancedError = error2.message;
     let errorContext = null;
     if (errorPosition !== null && errorPosition >= 0 && response && response.length > 0) {
@@ -99059,6 +99116,84 @@ ${errorContext.pointer}`);
     };
   }
 }
+function tryExtractValidJsonPrefix(response, options = {}) {
+  const { schema = null, debug = false } = options;
+  if (!response || typeof response !== "string") {
+    return null;
+  }
+  const trimmed = response.trim();
+  if (trimmed.length === 0) {
+    return null;
+  }
+  const firstChar = trimmed[0];
+  if (firstChar !== "{" && firstChar !== "[") {
+    return null;
+  }
+  try {
+    JSON.parse(trimmed);
+    return null;
+  } catch {
+  }
+  const openChar = firstChar;
+  const closeChar = openChar === "{" ? "}" : "]";
+  let depth = 0;
+  let inString = false;
+  let escapeNext = false;
+  let endPos = -1;
+  for (let i5 = 0; i5 < trimmed.length; i5++) {
+    const char = trimmed[i5];
+    if (escapeNext) {
+      escapeNext = false;
+      continue;
+    }
+    if (char === "\\" && inString) {
+      escapeNext = true;
+      continue;
+    }
+    if (char === '"') {
+      inString = !inString;
+      continue;
+    }
+    if (inString) {
+      continue;
+    }
+    if (char === openChar) {
+      depth++;
+    } else if (char === closeChar) {
+      depth--;
+      if (depth === 0) {
+        endPos = i5 + 1;
+        break;
+      }
+    }
+  }
+  if (endPos <= 0 || endPos >= trimmed.length) {
+    return null;
+  }
+  const remainder = trimmed.substring(endPos).trim();
+  if (remainder.length === 0) {
+    return null;
+  }
+  const prefix = trimmed.substring(0, endPos);
+  try {
+    const parsed = JSON.parse(prefix);
+    if (debug) {
+      console.log(`[DEBUG] tryExtractValidJsonPrefix: Extracted valid JSON prefix (${prefix.length} chars), stripped trailing content (${remainder.length} chars)`);
+    }
+    if (schema) {
+      const schemaValidation = validateJsonResponse(prefix, { debug, schema });
+      if (!schemaValidation.isValid) {
+        if (debug) {
+          console.log(`[DEBUG] tryExtractValidJsonPrefix: Prefix is valid JSON but fails schema validation: ${schemaValidation.error}`);
+        }
+        return null;
+      }
+    }
+    return { isValid: true, parsed, extracted: prefix };
+  } catch {
+    return null;
+  }
+}
 function validateXmlResponse(response) {
   const xmlPattern = /<\/?[\w\s="'.-]+>/g;
   const tags = response.match(xmlPattern);
@@ -101160,7 +101295,7 @@ function parseXmlMcpToolCall(xmlString, mcpToolNames = []) {
       let match2;
       while ((match2 = paramPattern.exec(content)) !== null) {
         const [, paramName, paramValue] = match2;
-        params[paramName] = paramValue.trim();
+        params[paramName] = unescapeXmlEntities(paramValue.trim());
       }
     }
     return { toolName, params };
@@ -101210,7 +101345,7 @@ function parseNativeXmlTool(xmlString, toolName) {
   while ((match2 = paramPattern.exec(content)) !== null) {
     const [, paramName, paramValue] = match2;
     if (paramName !== "params") {
-      params[paramName] = paramValue.trim();
+      params[paramName] = unescapeXmlEntities(paramValue.trim());
     }
   }
   if (Object.keys(params).length > 0) {
@@ -101225,6 +101360,7 @@ var init_xmlBridge = __esm({
     init_client2();
     init_config();
     init_xmlParsingUtils();
+    init_common2();
     MCPXmlBridge = class {
       constructor(options = {}) {
         this.debug = options.debug || false;
@@ -109438,10 +109574,10 @@ var init_FallbackManager = __esm({
       // Use custom provider list
     };
     DEFAULT_MODELS = {
-      anthropic: "claude-sonnet-4-5-20250929",
-      openai: "gpt-4o",
-      google: "gemini-2.0-flash-exp",
-      bedrock: "anthropic.claude-sonnet-4-20250514-v1:0"
+      anthropic: "claude-sonnet-4-6",
+      openai: "gpt-5.2",
+      google: "gemini-2.5-flash",
+      bedrock: "anthropic.claude-sonnet-4-6"
     };
     FallbackManager = class {
       /**
@@ -111960,7 +112096,7 @@ var init_ProbeAgent = __esm({
               }
               this.clientApiProvider = "claude-code";
               this.provider = null;
-              this.model = this.clientApiModel || "claude-3-5-sonnet-20241022";
+              this.model = this.clientApiModel || "claude-sonnet-4-6";
               this.apiType = "claude-code";
             } else if (codexAvailable) {
               if (this.debug) {
@@ -111969,7 +112105,7 @@ var init_ProbeAgent = __esm({
               }
               this.clientApiProvider = "codex";
               this.provider = null;
-              this.model = this.clientApiModel || "gpt-4o";
+              this.model = this.clientApiModel || "gpt-5.2";
               this.apiType = "codex";
             } else {
               throw new Error("No API key provided and neither claude nor codex command found. Please either:\n1. Set an API key: ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_GENERATIVE_AI_API_KEY, or AWS credentials\n2. Install claude command from https://docs.claude.com/en/docs/claude-code\n3. Install codex command from https://openai.com/codex");
@@ -112207,7 +112343,7 @@ var init_ProbeAgent = __esm({
         }
         if (this.clientApiProvider === "claude-code" || process.env.USE_CLAUDE_CODE === "true") {
           this.provider = null;
-          this.model = modelName || "claude-3-5-sonnet-20241022";
+          this.model = modelName || "claude-sonnet-4-6";
           this.apiType = "claude-code";
           if (this.debug) {
             console.log("[DEBUG] Claude Code engine selected - will use built-in access if available");
@@ -112574,7 +112710,7 @@ var init_ProbeAgent = __esm({
           apiKey,
           ...apiUrl && { baseURL: apiUrl }
         });
-        this.model = modelName || "claude-sonnet-4-5-20250929";
+        this.model = modelName || "claude-sonnet-4-6";
         this.apiType = "anthropic";
         if (this.debug) {
           console.log(`Using Anthropic API with model: ${this.model}${apiUrl ? ` (URL: ${apiUrl})` : ""}`);
@@ -112589,7 +112725,7 @@ var init_ProbeAgent = __esm({
           apiKey,
           ...apiUrl && { baseURL: apiUrl }
         });
-        this.model = modelName || "gpt-5-thinking";
+        this.model = modelName || "gpt-5.2";
         this.apiType = "openai";
         if (this.debug) {
           console.log(`Using OpenAI API with model: ${this.model}${apiUrl ? ` (URL: ${apiUrl})` : ""}`);
@@ -112693,7 +112829,7 @@ var init_ProbeAgent = __esm({
           config.baseURL = baseURL;
         }
         this.provider = createAmazonBedrock(config);
-        this.model = modelName || "anthropic.claude-sonnet-4-20250514-v1:0";
+        this.model = modelName || "anthropic.claude-sonnet-4-6";
         this.apiType = "bedrock";
         if (this.debug) {
           const authMethod = apiKey ? "API Key" : "AWS Credentials";
@@ -112752,7 +112888,7 @@ var init_ProbeAgent = __esm({
               allowedTools: this.allowedTools,
               // Pass tool filtering configuration
               model: this.model
-              // Pass model name (e.g., gpt-4o, o3, etc.)
+              // Pass model name (e.g., gpt-5.2, o3, etc.)
             });
             if (this.debug) {
               console.log("[DEBUG] Using Codex CLI engine with Probe tools");
@@ -113848,8 +113984,8 @@ You are working with a workspace. Available paths: ${workspaceDesc}
           let currentIteration = 0;
           let completionAttempted = false;
           let finalResult = "I was unable to complete your request due to reaching the maximum number of tool iterations.";
-          const baseMaxIterations = this.maxIterations || MAX_TOOL_ITERATIONS;
-          const maxIterations = options.schema ? baseMaxIterations + 4 : baseMaxIterations;
+          const baseMaxIterations = options._maxIterationsOverride || this.maxIterations || MAX_TOOL_ITERATIONS;
+          const maxIterations = options._maxIterationsOverride ? baseMaxIterations : options.schema ? baseMaxIterations + 4 : baseMaxIterations;
           const isClaudeCode = this.clientApiProvider === "claude-code" || process.env.USE_CLAUDE_CODE === "true";
           const isCodex = this.clientApiProvider === "codex" || process.env.USE_CODEX === "true";
           if (isClaudeCode) {
@@ -114007,9 +114143,7 @@ You are working with a workspace. Available paths: ${workspaceDesc}
             let maxResponseTokens = this.maxResponseTokens;
             if (!maxResponseTokens) {
               maxResponseTokens = 4e3;
-              if (this.model && this.model.includes("opus") || this.model && this.model.includes("sonnet") || this.model && this.model.startsWith("gpt-4-")) {
-                maxResponseTokens = 8192;
-              } else if (this.model && this.model.startsWith("gpt-4o")) {
+              if (this.model && this.model.includes("opus") || this.model && this.model.includes("sonnet") || this.model && this.model.startsWith("gpt-4") || this.model && this.model.startsWith("gpt-5")) {
                 maxResponseTokens = 8192;
               } else if (this.model && this.model.startsWith("gemini")) {
                 maxResponseTokens = 32e3;
@@ -115086,13 +115220,16 @@ Convert your previous response content into actual JSON data that follows this s
                     options.schema,
                     0
                   );
+                  const { schema: _unusedSchema1, ...schemaDefCorrectionOptions } = options;
                   finalResult = await this.answer(schemaDefinitionPrompt, [], {
-                    ...options,
+                    ...schemaDefCorrectionOptions,
                     _schemaFormatted: true,
                     _skipValidation: true,
                     // Skip validation in recursive correction calls to prevent loops
-                    _completionPromptProcessed: true
+                    _completionPromptProcessed: true,
                     // Prevent cascading completion prompts in retry calls
+                    _maxIterationsOverride: 3
+                    // Correction should complete in 1-2 iterations (issue #447)
                   });
                   finalResult = cleanSchemaResponse(finalResult);
                   validation = validateJsonResponse(finalResult);
@@ -115140,15 +115277,18 @@ Convert your previous response content into actual JSON data that follows this s
                       retryCount
                     );
                   }
+                  const { schema: _unusedSchema2, ...correctionOptions } = options;
                   finalResult = await this.answer(correctionPrompt, [], {
-                    ...options,
+                    ...correctionOptions,
                     _schemaFormatted: true,
                     _skipValidation: true,
                     // Skip validation in recursive correction calls to prevent loops
                     _disableTools: true,
                     // Only allow attempt_completion - prevent AI from using search/query tools
-                    _completionPromptProcessed: true
+                    _completionPromptProcessed: true,
                     // Prevent cascading completion prompts in retry calls
+                    _maxIterationsOverride: 3
+                    // Correction should complete in 1-2 iterations (issue #447)
                   });
                   finalResult = cleanSchemaResponse(finalResult);
                   validation = validateJsonResponse(finalResult, { debug: this.debug });