@sdsrs/code-graph 0.47.1 → 0.49.0

package/claude-plugin/scripts/pre-grep-guide.js

@@ -12,15 +12,26 @@
 //   2. Args include an indexed source-tree path (src/ tests/ lib/ scripts/ ...)
 //   3. Not searching only a config/lockfile (Cargo.toml/.gitignore/*.md/*.json)
 //   4. Command doesn't already invoke code-graph-mcp (no double-suggest)
-//   5. .code-graph/index.db exists in CWD
+//   5. .code-graph/index.db exists in CWD or a parent up to $HOME (v0.48: the
+//      hook's cwd follows the persistent shell — after `cd backend/` every
+//      gate used to fail silently for the rest of the session; daagu
+//      2026-06-11 replay: 38/40 head-greps dark to this)
 //   6. Same command-hash not hinted within last 60s (per-command cooldown)
 //
-// BLOCK fires when shouldHint AND (shouldBlock):
-//   7. No precision flag in the command (-l / -A / -B / -C / --include / --exclude)
-//   8. Pattern looks identifier-like (CamelCase ≥4ch, or snake_case with _, or
-//      a declaration anchor like `fn X` / `class X` / `def X`)
-//   9. Pattern is not a bare marker word (TODO/FIXME/XXX/HACK/WARN/ERROR/NOTE)
+// BLOCK fires when shouldHint AND (classifyBlock, v0.49 intent-aware):
+//   7. Pattern looks identifier-like (CamelCase ≥4ch, or snake_case with _, or
+//      a declaration anchor like `fn X` / `class X` / `def X`), quoted
+//   8. Pattern is not a bare marker word (TODO/FIXME/XXX/HACK/WARN/ERROR/NOTE)
+//   9. No unanswerable-intent flag (-L / -v / --exclude*) — those stay hint
 //  10. CODE_GRAPH_NO_BLOCK_GREP != "1" (block escape, independent of QUIET_HOOKS)
+//  Mode: context flags (-A/-B/-C) + declaration anchors → 'show' (deny carries
+//  the symbol BODIES via `cg show`); context flags without named decls → hint;
+//  everything else (incl. -l / --include) → 'grep' (deny carries the hits).
+//
+// A `CODE_GRAPH_NO_BLOCK_GREP=1`-prefixed grep that would otherwise hint is
+// recorded as `action:'bypass'` and allowed silently (v0.48) — previously the
+// bare KEY=VALUE prefix failed GREP_HEAD and the escape was invisible to the
+// conversion funnel (daagu 2026-06-11: 14 bypassed greps, 0 recorded).
 //
 // Exits silently otherwise — zero noise for build greps, log filters, config
 // lookups, or the rare legitimate use of raw grep on indexed source.
@@ -30,11 +41,14 @@ const path = require('path');
 const crypto = require('crypto');
 const { cgTmpDir } = require('./tmp-dir');
 const { recordRecommendation } = require('./recommendation-log');
-const { runGrepAnswer } = require('./cg-answer');
+const { runGrepAnswer, runShowAnswer, sanitizeSearchPath } = require('./cg-answer');
 
 // --- Pure logic (testable) ---
 
-const GREP_HEAD = /^\s*(?:env\s+\S+=\S+\s+)*(grep|rg|ag)\b/;
+// v0.48: also match bare `KEY=VALUE grep` prefixes (no `env` verb) — the shape
+// the deny message itself teaches (`CODE_GRAPH_NO_BLOCK_GREP=1 grep …`). With
+// the old `env`-only form those commands failed gate 1 and were invisible.
+const GREP_HEAD = /^\s*(?:env\s+)?(?:[A-Za-z_][A-Za-z0-9_]*=\S*\s+)*(grep|rg|ag)\b/;
 // Source-tree prefix list. Expanded v0.27+ Phase C: original `src/tests/lib/...`
 // missed real-world backend conventions where the prefix list term is preceded
 // by something else (`backend/app/...` — `app/` doesn't match because `/` isn't
@@ -71,17 +85,21 @@ function shouldHint(cmd) {
   return true;
 }
 
-// v0.32.0 block tier — strictly narrower than shouldHint. The disqualifying
-// flags (-l, -A, -B, -C, --include, --exclude) mean the user is already doing
-// precise filtering and a blanket "use cg" suggestion would be wrong. The
-// identifier-like check restricts blocks to "I'm looking for a symbol" — the
-// exact use case cg replaces. Marker-only patterns (TODO/FIXME) are legit raw
-// text scans with no cg equivalent.
-// Match any short-flag cluster containing l/L/A/B/C (e.g. `-l`, `-rl`, `-rln`,
-// `-A`, `-rA3`). Combined flag clusters are common in real-world usage and the
-// "precision intent" applies as soon as ANY of these letters appears.
-const BLOCK_DISQUALIFYING_FLAGS =
-  /(?:^|\s)-[a-zA-Z]*[lLABC][a-zA-Z]*(?:\s|=|\d|$)|--(?:files-with-matches|files-without-match|include|exclude|exclude-dir|after-context|before-context|context)\b/;
+// v0.49 intent-aware block tiers. The v0.32 rationale ("precision flags mean
+// the user is filtering — a blanket *suggestion* would be wrong") was written
+// for the suggestion era; in the answer era the deny CARRIES the result, so a
+// flag only disqualifies when the answer cannot honor its intent. 2026-06-12
+// daagu replay: 22/128 head-greps were `rg "def X|class Y" -A 25` — function-
+// body reads the old rule exempted to (ignored) hints; `cg show` answers them.
+//
+// Context flags (-A/-B/-C): intent = read surrounding code. Answerable via
+// `show` only when the pattern names declarations; bare-identifier + context
+// stays hint (a grep-style answer can't honor ±N lines).
+const CONTEXT_FLAG =
+  /(?:^|\s)-[a-zA-Z]*[ABC][a-zA-Z]*(?:\s|=|\d|$)|--(?:after-context|before-context|context)\b/;
+// Intents the cg answer cannot honor: inverted file lists, exclusion scoping.
+const UNANSWERABLE_FLAGS =
+  /(?:^|\s)-[a-zA-Z]*[Lv][a-zA-Z]*(?:\s|=|\d|$)|--(?:files-without-match|invert-match|exclude|exclude-dir)\b/;
 // v0.32.1: drop the `type` declaration keyword (too common in English prose
 // like "# type checking") and anchor declaration anchors to pattern start
 // (otherwise `"some type X"` matches). CamelCase and snake_case still match
@@ -99,8 +117,8 @@ const MARKER_ONLY =
 // symbol-shaped target".
 function extractPatterns(cmd) {
   if (!cmd || typeof cmd !== 'string') return [];
-  // Strip leading verb + env prefix
-  const stripped = cmd.replace(/^\s*(?:env\s+\S+=\S+\s+)*(?:grep|rg|ag)\s+/, '');
+  // Strip leading verb + env/assignment prefix (kept in sync with GREP_HEAD)
+  const stripped = cmd.replace(/^\s*(?:env\s+)?(?:[A-Za-z_][A-Za-z0-9_]*=\S*\s+)*(?:grep|rg|ag)\s+/, '');
   // Collect every quoted argument — first one is the pattern in standard grep
   // usage; subsequent ones (e.g. `-e "second"`) are also patterns or filter
   // expressions and worth screening too.
@@ -108,13 +126,41 @@ function extractPatterns(cmd) {
   return matches.map(m => m[1] !== undefined ? m[1] : m[2]);
 }
 
-function shouldBlock(cmd) {
-  if (!shouldHint(cmd)) return false;             // narrower than hint
-  if (BLOCK_DISQUALIFYING_FLAGS.test(cmd)) return false;
-  if (MARKER_ONLY.test(cmd)) return false;        // bare TODO/FIXME — no cg equivalent
+// Declaration anchors inside a pattern (`def cascade_failure|class TaskState`)
+// name the exact symbols the model wants to READ — extract them for `show`.
+const DECL_SYMBOL = /(?:fn|def|class|function|struct|impl|trait)\s+([A-Za-z_][A-Za-z0-9_]*)/g;
+
+function extractDeclSymbols(patterns) {
+  const out = [];
+  for (const p of patterns) {
+    for (const m of p.matchAll(DECL_SYMBOL)) {
+      if (!out.includes(m[1])) out.push(m[1]);
+    }
+  }
+  return out;
+}
+
+/// Block-tier classification (strictly narrower than shouldHint):
+///   {mode:'show', symbols} — declaration anchors + context flags → deliver bodies
+///   {mode:'grep'}          — symbol search (incl. -l / --include) → deliver hits
+///   null                   — hint tier (marker scans, unquoted, unanswerable flags)
+function classifyBlock(cmd) {
+  if (!shouldHint(cmd)) return null;              // narrower than hint
+  if (UNANSWERABLE_FLAGS.test(cmd)) return null;  // intent the answer can't honor
+  if (MARKER_ONLY.test(cmd)) return null;         // bare TODO/FIXME — no cg equivalent
   const patterns = extractPatterns(cmd);
-  if (patterns.length === 0) return false;        // unquoted pattern — conservative, hint
-  return patterns.some(p => IDENTIFIER_LIKE.test(p));
+  if (patterns.length === 0) return null;         // unquoted pattern — conservative, hint
+  if (!patterns.some(p => IDENTIFIER_LIKE.test(p))) return null;
+  if (CONTEXT_FLAG.test(cmd)) {
+    const symbols = extractDeclSymbols(patterns);
+    if (symbols.length === 0) return null;        // context read without named decls
+    return { mode: 'show', symbols: symbols.slice(0, 3) };
+  }
+  return { mode: 'grep' };
+}
+
+function shouldBlock(cmd) {
+  return classifyBlock(cmd) !== null;
 }
 
 // v0.47.1 — CC harness steers Bash toward ABSOLUTE paths (cd in compound
@@ -131,6 +177,71 @@ function normalizeCommandPaths(cmd, cwd) {
   return cmd.split(cwd.endsWith('/') ? cwd : cwd + '/').join('');
 }
 
+// v0.48 — subdir-cwd fix; v0.49 — extracted to project-root.js so the read
+// hook shares it. Re-exported below for test/back-compat.
+const { resolveProjectRoot } = require('./project-root');
+
+// v0.48 — companion to resolveProjectRoot: when the shell sits in a subdir,
+// bare relative path args (`app --include=*.py` from backend/) are
+// subdir-relative and never match the root-relative SRC_PATH prefixes. Rebase
+// each candidate token onto the project root; a token only counts as a path
+// when the rebased form EXISTS under the root — quoted patterns, flags,
+// operators, absolute and traversal tokens are never touched. Existence is the
+// workhorse gate: it keeps unquoted pattern words from masquerading as paths
+// (the exact shape that would re-create the answered:false glob failure).
+function rebaseRelativePaths(cmd, relPrefix, rootDir, exists = fs.existsSync) {
+  if (!cmd || typeof cmd !== 'string' || !relPrefix || !rootDir) return cmd;
+  const prefix = relPrefix.split(path.sep).join('/');
+  // Shell sits outside any known source dir (docs/, target/, …) — don't guess.
+  if (!SRC_PATH_TOKEN.test(prefix + '/')) return cmd;
+  let verbSeen = false;
+  return cmd.split(/(\s+)/).map((tok) => {
+    if (!tok || /^\s+$/.test(tok)) return tok;
+    if (!verbSeen) {
+      if (/^(?:env|[A-Za-z_][A-Za-z0-9_]*=\S*)$/.test(tok)) return tok;
+      verbSeen = true; // the verb itself (grep/rg/ag) — never a path
+      return tok;
+    }
+    if (/^["']/.test(tok)) return tok;          // quoted → pattern
+    if (tok.startsWith('-')) return tok;         // flag
+    if (tok.startsWith('/')) return tok;         // absolute (foreign — root strip already ran)
+    if (tok.includes('..')) return tok;          // traversal
+    if (/[|;&<>=\\$`'"]/.test(tok)) return tok;  // operators / redirects / assignments / escapes
+    const candidate = prefix + '/' + tok;
+    // Probe existence on the glob-truncated form: `app/…/llm_engine/*.py`
+    // must still rebase (its dir exists) or the deny-answer would run a
+    // subdir-relative path from the root and fail (answered:false again).
+    const probe = sanitizeSearchPath(candidate);
+    try {
+      if (!probe || !exists(path.join(rootDir, probe))) return tok;
+    } catch { return tok; }
+    return candidate;
+  }).join('');
+}
+
+// v0.48 — bypass detection on the RAW command. (The deny copy stopped teaching
+// the escape in v0.49, but models that already know it — or learned it from a
+// session summary — must stay visible to the funnel.)
+function commandHasBypass(cmd) {
+  return typeof cmd === 'string' && /(?:^|\s)CODE_GRAPH_NO_BLOCK_GREP=1(?:\s|$)/.test(cmd);
+}
+
+// v0.49 — `sed -n X,Yp file.py` is a Read the Read hook can't see; the
+// 2026-06-12 night used it heavily for structure exploration (four sed-range
+// reads of stock_picker/ in 3 min). Extract targets so they count toward the
+// shared read-fanout state.
+const SED_RANGE = /(?:^|[|;&]\s*)sed\s+-n\s+(?:['"]\d+,\d+p['"]|\d+,\d+p)\s+("[^"]+"|'[^']+'|[^\s;|&]+)/g;
+
+function extractSedReadTargets(cmd) {
+  if (!cmd || typeof cmd !== 'string' || cmd.length > 2000) return [];
+  const out = [];
+  for (const m of cmd.matchAll(SED_RANGE)) {
+    const tok = m[1].replace(/^["']|["']$/g, '');
+    if (tok && !out.includes(tok)) out.push(tok);
+  }
+  return out;
+}
+
 // v0.47.0 — pull the first source-tree path token out of the denied command so
 // the inline answer can scope its search the same way the raw grep would have.
 function extractSearchPath(cmd) {
@@ -182,20 +293,26 @@ function buildHint() {
 function buildBlockReason() {
   // Shown to Claude via PreToolUse `decision: block` reason. Must give a
   // concrete alternate command Claude can re-issue without further thinking.
+  // v0.49 — NO escape-hatch line anywhere in deny copy: the daagu 2026-06-12
+  // night proved even the "THIS command only" scoping reads as a teachable
+  // permanent prefix (adopted in 8s, reused 11×, incl. on the exact identifier
+  // searches this hook targets). The env opt-out stays documented in README.
   return [
     '[code-graph] Raw `grep -rn` on indexed source — denied by code-graph hook.',
     'Use the AST-aware equivalent (returns containing fn/module per hit, repo-wide):',
     '  code-graph-mcp grep "<pattern>" <path>          # FTS + AST context per hit',
     '  code-graph-mcp ast-search "<pattern>" --type fn # filter by node type',
     '  code-graph-mcp callgraph SYMBOL                 # callers + callees',
-    'For raw-text scans (log/comment/marker), re-run with `CODE_GRAPH_NO_BLOCK_GREP=1` prepended.',
   ].join('\n');
 }
 
 // v0.47.0 — deny WITH the answer inline. Hint-only had ~0% transfer and a bare
 // deny still asks the model to initiate a new tool call; embedding the actual
-// results removes that choice entirely. Keep the escape hatch line — raw-text
-// regex (BRE alternation, log scans) remains a legitimate need.
+// results removes that choice entirely.
+// v0.48 — NO escape-hatch line here: the model already has the results, and
+// advertising the bypass taught it a permanent prefix within 5 seconds (daagu
+// 2026-06-11: one deny → 14 bypassed greps). The static deny keeps a scoped
+// escape because there we give no answer.
 function buildBlockReasonWithAnswer(pattern, searchPath, answer) {
   const cmdShown = `code-graph-mcp grep "${pattern}"${searchPath ? ` ${searchPath}` : ''}`;
   const lines = [
@@ -208,11 +325,41 @@ function buildBlockReasonWithAnswer(pattern, searchPath, answer) {
   }
   lines.push(
     'Each hit shows its containing fn/module — use these results directly instead of re-running the search.',
-    'For raw-text regex (alternation, log/comment scans), re-run with `CODE_GRAPH_NO_BLOCK_GREP=1` prepended.',
   );
   return lines.join('\n');
 }
 
+// v0.49 — show-mode deny: the model grepped for symbol DEFINITIONS with
+// context flags (-A/-B/-C = "show me the body"); the answer IS the bodies,
+// fetched via `code-graph-mcp show`. answer.text already carries per-symbol
+// `$ code-graph-mcp show <sym>` headers.
+function buildShowDenyReason(answer) {
+  const lines = [
+    '[code-graph] Raw grep for symbol definitions — denied; here are the definitions from the AST index:',
+    answer.text,
+  ];
+  if (answer.truncated) {
+    lines.push('(truncated — re-run the `code-graph-mcp show <symbol>` command above for full source)');
+  }
+  lines.push('Use these directly instead of re-running the search.');
+  return lines.join('\n');
+}
+
+// v0.49 — plain `grep` speaks BRE: alternation/grouping arrive escaped
+// (`a\|b`, `\(x\)`) and 0-hit against cg grep's rust-regex dialect, wasting
+// the answer on the ALLOW fallthrough (2026-06-12: both answered:false denies
+// were dialect/path-shape misses). Unescape for plain grep only — rg/ag and
+// grep -E/-P are already extended.
+function translateBreToRg(cmd, pattern) {
+  if (typeof pattern !== 'string' || !pattern) return pattern;
+  const verb = (cmd.match(GREP_HEAD) || [])[1];
+  if (verb !== 'grep') return pattern;
+  if (/(?:^|\s)-[a-zA-Z]*[EP][a-zA-Z]*(?:\s|=|\d|$)|--(?:extended-regexp|perl-regexp)\b/.test(cmd)) {
+    return pattern;
+  }
+  return pattern.replace(/\\([|(){}+?])/g, '$1');
+}
+
 // v0.47.0 — cg grep found nothing. Regex-dialect differences (BRE `\|` vs
 // ripgrep) mean 0 hits is NOT proof of absence, so denying here could mislead.
 // Let the raw grep through with an honest one-liner.
@@ -245,9 +392,11 @@ function isAnswerDisabled(env = process.env) {
 
 function runMain() {
   if (isSilenced()) return;
-  const cwd = process.cwd();
-  const dbPath = path.join(cwd, '.code-graph', 'index.db');
-  if (!fs.existsSync(dbPath)) return;  // no index — no hint
+  // v0.48 — process.cwd() follows the persistent shell; resolve the project
+  // root by walking up so `cd backend/` no longer darkens the whole session.
+  const shellCwd = process.cwd();
+  const root = resolveProjectRoot(shellCwd);
+  if (root === null) return;  // no index anywhere up to $HOME — no hint
 
   let input;
   try {
@@ -258,28 +407,72 @@ function runMain() {
   } catch { return; }
 
   const rawCmd = (input.tool_input && input.tool_input.command) || '';
-  // v0.47.1 — match against the cwd-stripped form so absolute paths under the
-  // project root behave exactly like their relative spelling. Cooldown stays
-  // keyed on the raw command (what Claude actually sent).
-  const cmd = normalizeCommandPaths(rawCmd, cwd);
+
+  // v0.49 — sed-range reads count toward the read-fanout state (the Read hook
+  // never sees Bash-side file reads). A fired fanout hint already delivered an
+  // overview — skip grep hinting for this command to avoid double output.
+  const sedTargets = extractSedReadTargets(rawCmd);
+  if (sedTargets.length > 0) {
+    const readGuide = require('./pre-read-guide');
+    let fanoutFired = false;
+    for (const t of sedTargets) {
+      if (!readGuide.isSourceFile(t)) continue;
+      const abs = path.isAbsolute(t) ? t : path.resolve(shellCwd, t);
+      if (readGuide.trackReadAndMaybeHint(root, path.relative(root, abs))) {
+        fanoutFired = true;
+      }
+    }
+    if (fanoutFired) return;
+  }
+
+  // v0.47.1 — match against the root-stripped form so absolute paths under the
+  // project root behave exactly like their relative spelling. v0.48 — then
+  // rebase bare subdir-relative tokens onto the root. Cooldown stays keyed on
+  // the raw command (what Claude actually sent).
+  let cmd = normalizeCommandPaths(rawCmd, root);
+  const relPrefix = path.relative(root, shellCwd);
+  if (relPrefix) cmd = rebaseRelativePaths(cmd, relPrefix, root);
   if (!shouldHint(cmd)) return;
+
+  // v0.48 — deliberate escape: record it (funnel visibility) and stay silent.
+  // Before GREP_HEAD accepted bare KEY=VALUE prefixes these were invisible.
+  if (commandHasBypass(rawCmd)) {
+    recordRecommendation(root, { hook: 'grep', action: 'bypass' });
+    return;
+  }
+
   if (isOnCooldown(rawCmd)) return;
 
   markCooldown(rawCmd);
 
-  if (!isBlockDisabled() && shouldBlock(cmd)) {
+  const block = isBlockDisabled() ? null : classifyBlock(cmd);
+  if (block) {
     // v0.47.0 — run the AST-aware equivalent inside the hook and embed the
     // results in the deny reason ("answer in the deny"). Degrades to the
     // v0.46 static deny on any failure; downgrades to allow+FYI on 0 hits
     // (regex-dialect differences mean 0 hits ≠ proof of absence).
+    // v0.49 — intent-aware: declaration+context greps get `show` bodies,
+    // falling back to the grep answer, then the static deny.
     let answer = { status: 'unavailable' };
-    const pattern = pickBlockPattern(cmd);
-    if (!isAnswerDisabled() && pattern) {
-      answer = runGrepAnswer({ cwd, pattern, searchPath: extractSearchPath(cmd) });
+    const pattern = translateBreToRg(cmd, pickBlockPattern(cmd));
+    // v0.48 — glob-truncated once, shared by the run and the deny message
+    // (a literal `dir/*.py` argv made rg exit 1 → answered:false static deny).
+    const searchPath = sanitizeSearchPath(extractSearchPath(cmd));
+    let answeredMode = block.mode;
+    if (!isAnswerDisabled()) {
+      if (block.mode === 'show') {
+        answer = runShowAnswer({ cwd: root, symbols: block.symbols });
+        if (answer.status !== 'hits' && pattern) {
+          answeredMode = 'grep';
+          answer = runGrepAnswer({ cwd: root, pattern, searchPath });
+        }
+      } else if (pattern) {
+        answer = runGrepAnswer({ cwd: root, pattern, searchPath });
+      }
     }
 
     if (answer.status === 'no-hits') {
-      recordRecommendation(cwd, { hook: 'grep', action: 'hint', fallthrough: 'no-hits' });
+      recordRecommendation(root, { hook: 'grep', action: 'hint', fallthrough: 'no-hits' });
       process.stdout.write(buildNoHitsFyi(pattern) + '\n');
       return;
     }
@@ -289,22 +482,27 @@ function runMain() {
     // ignored by Claude Code — the grep ran anyway. The hookSpecificOutput form
     // is the documented modern path. Exit 0 — this is a routing decision, not
     // a hook failure (exit 2 would mark the tool call as "hook errored").
-    recordRecommendation(cwd, {
-      hook: 'grep', action: 'deny', answered: answer.status === 'hits',
+    const answered = answer.status === 'hits';
+    recordRecommendation(root, {
+      hook: 'grep', action: 'deny', answered,
+      // mode segments which answer type converts (show=bodies, grep=hits).
+      ...(answered ? { mode: answeredMode } : {}),
     });
     process.stdout.write(JSON.stringify({
       hookSpecificOutput: {
         hookEventName: 'PreToolUse',
         permissionDecision: 'deny',
-        permissionDecisionReason: answer.status === 'hits'
-          ? buildBlockReasonWithAnswer(pattern, extractSearchPath(cmd), answer)
-          : buildBlockReason(),
+        permissionDecisionReason: !answered
+          ? buildBlockReason()
+          : answeredMode === 'show'
+            ? buildShowDenyReason(answer)
+            : buildBlockReasonWithAnswer(pattern, searchPath, answer),
       },
     }) + '\n');
     return;
   }
 
-  recordRecommendation(cwd, { hook: 'grep', action: 'hint' });
+  recordRecommendation(root, { hook: 'grep', action: 'hint' });
   process.stdout.write(buildHint() + '\n');
 }
 
@@ -315,9 +513,17 @@ if (require.main === module) {
 module.exports = {
   shouldHint,
   shouldBlock,
+  classifyBlock,         // v0.49 — intent-aware block tiers
+  extractDeclSymbols,    // v0.49 — show-mode symbol extraction
+  translateBreToRg,      // v0.49 — BRE→rust-regex dialect bridge
+  buildShowDenyReason,   // v0.49 — show-mode deny copy
+  extractSedReadTargets, // v0.49 — sed-range reads feed the read-fanout state
   extractPatterns,    // v0.32.1 — exposed for tests
   extractSearchPath,  // v0.47.0 — deny-with-answer
   normalizeCommandPaths, // v0.47.1 — abs-path matcher fix
+  resolveProjectRoot,    // v0.48 — subdir-cwd dark fix
+  rebaseRelativePaths,   // v0.48 — subdir-cwd dark fix
+  commandHasBypass,      // v0.48 — bypass funnel visibility
   pickBlockPattern,
   buildHint,
   buildBlockReason,