@vellumai/assistant 0.3.4 → 0.3.6

package/src/tools/executor.ts

@@ -1,4 +1,5 @@
-import { readFileSync, existsSync, statSync } from 'node:fs';
+import { readFileSync } from 'node:fs';
+import { pathExists, safeStatSync } from '../util/fs.js';
 import { getTool, getAllTools } from './registry.js';
 import type { ToolContext, ToolExecutionResult, ToolLifecycleEvent } from './types.js';
 import { RiskLevel } from '../permissions/types.js';
@@ -20,6 +21,7 @@ import { getTaskRunRules } from '../tasks/ephemeral-permissions.js';
 import { safeTimeoutMs, executeWithTimeout } from './execution-timeout.js';
 import { buildPolicyContext } from './policy-context.js';
 import { resolveExecutionTarget } from './execution-target.js';
+import { isToolBlocked } from '../security/parental-control-store.js';
 
 const log = getLogger('tool-executor');
 
@@ -52,6 +54,61 @@ export class ToolExecutor {
       startedAtMs: startTime,
     });
 
+    // Bail out immediately if the session was aborted before this tool started.
+    // Individual tool implementations check the signal themselves for mid-run
+    // cancellation, but a pre-execution check prevents expensive permission
+    // lookups and prompter interactions after the user has already cancelled.
+    if (context.signal?.aborted) {
+      const durationMs = Date.now() - startTime;
+      emitLifecycleEvent(context, {
+        type: 'error',
+        toolName: name,
+        executionTarget,
+        input,
+        workingDir: context.workingDir,
+        sessionId: context.sessionId,
+        conversationId: context.conversationId,
+        requestId: context.requestId,
+        riskLevel,
+        decision: 'error',
+        durationMs,
+        errorMessage: 'Cancelled',
+        isExpected: true,
+        errorCategory: 'tool_failure',
+      });
+      return { content: 'Cancelled', isError: true };
+    }
+
+    // Reject tools blocked by parental control settings before any permission check.
+    if (isToolBlocked(name)) {
+      log.warn(
+        {
+          toolName: name,
+          sessionId: context.sessionId,
+          conversationId: context.conversationId,
+          principal: context.principal,
+          reason: 'blocked_by_parental_controls',
+        },
+        'Parental control blocked tool invocation',
+      );
+      const durationMs = Date.now() - startTime;
+      emitLifecycleEvent(context, {
+        type: 'permission_denied',
+        toolName: name,
+        executionTarget,
+        input,
+        workingDir: context.workingDir,
+        sessionId: context.sessionId,
+        conversationId: context.conversationId,
+        requestId: context.requestId,
+        riskLevel,
+        decision: 'deny',
+        reason: 'Blocked by parental control settings',
+        durationMs,
+      });
+      return { content: 'This tool is blocked by parental control settings.', isError: true };
+    }
+
     // Gate tools not active for the current turn
     if (context.allowedToolNames && !context.allowedToolNames.has(name)) {
       const msg = `Tool "${name}" is not currently active. Load the skill that provides this tool first.`;
@@ -129,14 +186,14 @@ export class ToolExecutor {
 
     try {
       // Check permissions
-      const risk = await classifyRisk(name, input, context.workingDir);
+      const risk = await classifyRisk(name, input, context.workingDir, undefined, undefined, context.signal);
       riskLevel = risk;
 
       // Build principal context from tool metadata so policy rules can
       // distinguish skill-provided tools from core built-ins. Also includes
       // ephemeral rules when executing within a task run.
       const policyContext = buildPolicyContext(tool, context);
-      const result = await check(name, input, context.workingDir, policyContext);
+      const result = await check(name, input, context.workingDir, policyContext, undefined, context.signal);
 
       // Private threads force prompting for side-effect tools even when a
       // trust/allow rule would auto-allow. Deny decisions are preserved —
@@ -198,7 +255,7 @@ export class ToolExecutor {
         }
 
         // Need user approval
-        const allowlistOptions = await generateAllowlistOptions(name, input);
+        const allowlistOptions = await generateAllowlistOptions(name, input, context.signal);
         const scopeOptions = generateScopeOptions(context.workingDir, name);
 
         // Compute preview diff for file tools so the user sees what will change
@@ -256,6 +313,7 @@ export class ToolExecutor {
           context.conversationId,
           executionTarget,
           persistentDecisionsAllowed,
+          context.signal,
         );
 
         decision = response.decision;
@@ -575,6 +633,7 @@ export class ToolExecutor {
               context.conversationId,
               executionTarget,
               false, // no persistent decisions
+              context.signal,
             );
 
             if (response.decision === 'deny' || response.decision === 'always_deny') {
@@ -790,10 +849,10 @@ function computePreviewDiff(
       const pathCheck = sandboxPolicy(rawPath, workingDir, { mustExist: false });
       if (!pathCheck.ok) return undefined;
       const filePath = pathCheck.resolved;
-      const isNewFile = !existsSync(filePath);
+      const isNewFile = !pathExists(filePath);
       if (!isNewFile) {
-        const stat = statSync(filePath);
-        if (stat.size > MAX_FILE_SIZE_BYTES) return undefined;
+        const stat = safeStatSync(filePath);
+        if (!stat || stat.size > MAX_FILE_SIZE_BYTES) return undefined;
       }
       const oldContent = isNewFile ? '' : readFileSync(filePath, 'utf-8');
       return { filePath, oldContent, newContent: content, isNewFile };
@@ -807,8 +866,8 @@ function computePreviewDiff(
       const pathCheck = sandboxPolicy(rawPath, workingDir);
       if (!pathCheck.ok) return undefined;
       const filePath = pathCheck.resolved;
-      if (!existsSync(filePath)) return undefined;
-      const stat = statSync(filePath);
+      const stat = safeStatSync(filePath);
+      if (!stat) return undefined;
       if (stat.size > MAX_FILE_SIZE_BYTES) return undefined;
       const content = readFileSync(filePath, 'utf-8');
       const replaceAll = input.replace_all === true;

package/src/tools/host-terminal/cli-discover.ts

@@ -139,7 +139,7 @@ class CliDiscoverTool implements Tool {
       if (checkAuth && AUTH_CHECK_COMMANDS[name]) {
         const [cmd, ...args] = AUTH_CHECK_COMMANDS[name];
         const authOutput = await runQuick(cmd, args);
-        result.authenticated = authOutput !== null && authOutput.length > 0;
+        result.authenticated = authOutput != null && authOutput.length > 0;
         if (authOutput) {
           // Keep auth info brief — first line, max 200 chars
           result.authInfo = truncate(authOutput.split('\n')[0], 200, '');

package/src/tools/network/script-proxy/http-forwarder.ts

@@ -132,7 +132,7 @@ export function forwardHttpRequest(
   if (policyCallback) {
     policyCallback(hostname, parsed.port ? Number(parsed.port) : null, path, 'http')
       .then((extraHeaders) => {
-        if (extraHeaders === null) {
+        if (extraHeaders == null) {
           clientRes.writeHead(403, { 'Content-Type': 'text/plain' });
           clientRes.end('Forbidden');
           return;

package/src/tools/network/script-proxy/mitm-handler.ts

@@ -200,7 +200,7 @@ async function processRequest(
       port,
     });
 
-    if (rewriteResult === null) {
+    if (rewriteResult == null) {
       const body = 'Forbidden';
       tlsSocket.write(
         `HTTP/1.1 403 Forbidden\r\nContent-Length: ${body.length}\r\nContent-Type: text/plain\r\n\r\n${body}`,

package/src/tools/network/script-proxy/server.ts

@@ -111,7 +111,7 @@ export function createProxyServer(config: ProxyServerConfig = {}): Server {
 
       config.policyCallback(connectTarget.host, connectTarget.port === 443 ? null : connectTarget.port, '/', 'https')
         .then((extraHeaders) => {
-          if (extraHeaders === null) {
+          if (extraHeaders == null) {
             clientSocket.write('HTTP/1.1 403 Forbidden\r\n\r\n');
             clientSocket.destroy();
             return;

package/src/tools/network/script-proxy/session-manager.ts

@@ -21,6 +21,7 @@ import type { CredentialInjectionTemplate } from '../../credentials/policy-types
 import { getSecureKey } from '../../../security/secure-keys.js';
 import { buildDecisionTrace, stripQueryString } from './logging.js';
 import { getLogger } from '../../../util/logger.js';
+import { silentlyWithLog } from '../../../util/silently.js';
 
 const log = getLogger('proxy-session');
 
@@ -63,12 +64,12 @@ function cloneSession(s: ProxySession): ProxySession {
 }
 
 function resetIdleTimer(managed: ManagedSession): void {
-  if (managed.idleTimer !== null) {
+  if (managed.idleTimer != null) {
     clearTimeout(managed.idleTimer);
   }
   managed.idleTimer = setTimeout(() => {
     if (managed.session.status === 'active') {
-      stopSession(managed.session.id).catch(() => {});
+      silentlyWithLog(stopSession(managed.session.id), 'idle session cleanup');
     }
   }, managed.config.idleTimeoutMs);
 }
@@ -343,7 +344,7 @@ export async function stopSession(sessionId: ProxySessionId): Promise<void> {
   managed.session.status = 'stopping';
 
   const doStop = async () => {
-    if (managed.idleTimer !== null) {
+    if (managed.idleTimer != null) {
       clearTimeout(managed.idleTimer);
       managed.idleTimer = null;
     }
@@ -375,7 +376,7 @@ export function getSessionEnv(
 ): ProxyEnvVars {
   const managed = sessions.get(sessionId);
   if (!managed) throw new Error(`Session not found: ${sessionId}`);
-  if (managed.session.status !== 'active' || managed.session.port === null) {
+  if (managed.session.status !== 'active' || managed.session.port == null) {
     throw new Error(`Session ${sessionId} is not active`);
   }
 
@@ -529,6 +530,6 @@ export function getSessionsForConversation(conversationId: string): ProxySession
  */
 export async function stopAllSessions(): Promise<void> {
   const ids = [...sessions.keys()];
-  await Promise.all(ids.map((id) => stopSession(id).catch(() => {})));
+  await Promise.all(ids.map((id) => stopSession(id).catch((err: unknown) => log.debug({ err, id }, 'session shutdown error'))));
   sessions.clear();
 }

package/src/tools/network/web-fetch.ts

@@ -63,6 +63,7 @@ type WebFetchRequestExecutor = (
 type ExecuteWebFetchOptions = {
   resolveHostAddresses?: ResolveHostAddresses;
   requestExecutor?: WebFetchRequestExecutor;
+  signal?: AbortSignal;
 };
 
 type NodeHttpResponseLike = {
@@ -451,6 +452,17 @@ export async function executeWebFetch(
     controller.abort();
   }, timeoutSeconds * 1000);
 
+  // Forward external cancellation signal to our controller
+  const externalSignal = options?.signal;
+  const onExternalAbort = () => controller.abort();
+  if (externalSignal) {
+    if (externalSignal.aborted) {
+      controller.abort();
+    } else {
+      externalSignal.addEventListener('abort', onExternalAbort, { once: true });
+    }
+  }
+
   try {
     log.debug({ url: safeRequestedUrl, timeoutSeconds, maxChars, startIndex, rawMode }, 'Fetching webpage');
 
@@ -651,6 +663,9 @@ export async function executeWebFetch(
     };
   } catch (err) {
     if (err instanceof Error && err.name === 'AbortError') {
+      if (externalSignal?.aborted) {
+        return { content: 'Error: web fetch was cancelled', isError: true };
+      }
       return { content: `Error: web fetch timed out after ${timeoutSeconds}s`, isError: true };
     }
 
@@ -659,6 +674,7 @@ export async function executeWebFetch(
     return { content: `Error: Web fetch failed: ${msg}`, isError: true };
   } finally {
     clearTimeout(timeoutHandle);
+    externalSignal?.removeEventListener('abort', onExternalAbort);
   }
 }
 
@@ -705,8 +721,8 @@ class WebFetchTool implements Tool {
     };
   }
 
-  async execute(input: Record<string, unknown>, _context: ToolContext): Promise<ToolExecutionResult> {
-    return executeWebFetch(input);
+  async execute(input: Record<string, unknown>, context: ToolContext): Promise<ToolExecutionResult> {
+    return executeWebFetch(input, { signal: context.signal });
   }
 }
 

package/src/tools/network/web-search.ts

@@ -115,6 +115,7 @@ async function executeBraveSearch(
   offset: number,
   freshness: string | undefined,
   apiKey: string,
+  signal?: AbortSignal,
 ): Promise<ToolExecutionResult> {
   const params = new URLSearchParams({
     q: query,
@@ -136,6 +137,7 @@ async function executeBraveSearch(
         'Accept-Encoding': 'gzip',
         'X-Subscription-Token': apiKey,
       },
+      signal,
     });
 
     if (response.ok) {
@@ -170,6 +172,7 @@ async function executeBraveSearch(
 async function executePerplexitySearch(
   query: string,
   apiKey: string,
+  signal?: AbortSignal,
 ): Promise<ToolExecutionResult> {
   for (let attempt = 0; attempt <= DEFAULT_MAX_RETRIES; attempt++) {
     const response = await fetch(PERPLEXITY_API_URL, {
@@ -184,6 +187,7 @@ async function executePerplexitySearch(
           { role: 'user', content: query },
         ],
       }),
+      signal,
     });
 
     if (response.ok) {
@@ -249,7 +253,7 @@ class WebSearchTool implements Tool {
     };
   }
 
-  async execute(input: Record<string, unknown>, _context: ToolContext): Promise<ToolExecutionResult> {
+  async execute(input: Record<string, unknown>, context: ToolContext): Promise<ToolExecutionResult> {
     const query = input.query;
     if (!query || typeof query !== 'string') {
       return { content: 'Error: query is required and must be a string', isError: true };
@@ -268,7 +272,7 @@ class WebSearchTool implements Tool {
         apiKey = fallbackKey;
       } else {
         return {
-          content: 'Error: No web search API key configured. Set PERPLEXITY_API_KEY or BRAVE_API_KEY environment variable, or configure a key in settings.',
+          content: 'Error: No web search API key configured. Set a PERPLEXITY_API_KEY or BRAVE_API_KEY environment variable, or configure it from the Settings page under API Keys.',
           isError: true,
         };
       }
@@ -281,10 +285,10 @@ class WebSearchTool implements Tool {
         const count = typeof input.count === 'number' ? Math.min(20, Math.max(1, Math.round(input.count))) : 10;
         const offset = typeof input.offset === 'number' ? Math.min(9, Math.max(0, Math.round(input.offset))) : 0;
         const freshness = typeof input.freshness === 'string' ? input.freshness : undefined;
-        return await executeBraveSearch(query, count, offset, freshness, apiKey);
+        return await executeBraveSearch(query, count, offset, freshness, apiKey, context.signal);
       }
 
-      return await executePerplexitySearch(query, apiKey);
+      return await executePerplexitySearch(query, apiKey, context.signal);
     } catch (err) {
       const msg = err instanceof Error ? err.message : String(err);
       log.error({ err }, 'Web search failed');

package/src/tools/reminder/reminder-store.ts

@@ -2,6 +2,7 @@ import { and, asc, eq, lte } from 'drizzle-orm';
 import { v4 as uuid } from 'uuid';
 import { getDb } from '../../memory/db.js';
 import { reminders } from '../../memory/schema.js';
+import { createRowMapper, cast } from '../../util/row-mapper.js';
 
 export interface ReminderRow {
   id: string;
@@ -16,6 +17,19 @@ export interface ReminderRow {
   updatedAt: number;
 }
 
+const parseRow = createRowMapper<typeof reminders.$inferSelect, ReminderRow>({
+  id: 'id',
+  label: 'label',
+  message: 'message',
+  fireAt: 'fireAt',
+  mode: { from: 'mode', transform: cast<ReminderRow['mode']>() },
+  status: { from: 'status', transform: cast<ReminderRow['status']>() },
+  firedAt: 'firedAt',
+  conversationId: 'conversationId',
+  createdAt: 'createdAt',
+  updatedAt: 'updatedAt',
+});
+
 export function insertReminder(params: {
   label: string;
   message: string;
@@ -131,18 +145,3 @@ export function setReminderConversationId(id: string, conversationId: string): v
     .where(eq(reminders.id, id))
     .run();
 }
-
-function parseRow(row: typeof reminders.$inferSelect): ReminderRow {
-  return {
-    id: row.id,
-    label: row.label,
-    message: row.message,
-    fireAt: row.fireAt,
-    mode: row.mode as ReminderRow['mode'],
-    status: row.status as ReminderRow['status'],
-    firedAt: row.firedAt,
-    conversationId: row.conversationId,
-    createdAt: row.createdAt,
-    updatedAt: row.updatedAt,
-  };
-}

package/src/tools/schedule/create.ts

@@ -66,6 +66,7 @@ export async function executeScheduleCreate(
     return {
       content: [
         `Schedule created successfully.`,
+        `  ID: ${job.id}`,
         `  Name: ${job.name}`,
         `  Syntax: ${job.syntax}`,
         `  Schedule: ${scheduleDescription}${job.timezone ? ` (${job.timezone})` : ''}`,

package/src/tools/schedule/list.ts

@@ -27,6 +27,7 @@ export async function executeScheduleList(
     const runs = getScheduleRuns(jobId, 5);
     const lines = [
       `Schedule: ${job.name}`,
+      `  ID: ${job.id}`,
       `  Syntax: ${job.syntax}`,
       `  Expression: ${job.expression}`,
       `  Schedule: ${describeSchedule(job)}${job.timezone ? ` (${job.timezone})` : ''}`,
@@ -62,7 +63,7 @@ export async function executeScheduleList(
   for (const job of jobs) {
     const status = job.enabled ? 'enabled' : 'disabled';
     const next = job.enabled ? formatLocalDate(job.nextRunAt) : 'n/a';
-    lines.push(`  - [${status}] ${job.name} ([${job.syntax}] ${describeSchedule(job)}) — next: ${next}`);
+    lines.push(`  - [${status}] ${job.name} (id: ${job.id}) ([${job.syntax}] ${describeSchedule(job)}) — next: ${next}`);
   }
 
   return { content: lines.join('\n'), isError: false };

package/src/tools/shared/filesystem/file-ops-service.ts

@@ -1,6 +1,7 @@
-import { existsSync, mkdirSync, readFileSync, statSync, writeFileSync } from 'node:fs';
+import { readFileSync, statSync, writeFileSync } from 'node:fs';
 import { dirname } from 'node:path';
 
+import { pathExists, ensureDir } from '../../../util/fs.js';
 import type { PathResult, PathFailureReason } from './path-policy.js';
 import { checkFileSizeOnDisk, checkContentSize } from './size-guard.js';
 import { applyEdit } from './edit-engine.js';
@@ -55,7 +56,7 @@ export class FileSystemOps {
     }
     const filePath = pathCheck.resolved;
 
-    if (!existsSync(filePath)) {
+    if (!pathExists(filePath)) {
       return { ok: false, error: Err.notFound(filePath) };
     }
 
@@ -108,13 +109,10 @@ export class FileSystemOps {
     }
 
     try {
-      const dir = dirname(filePath);
-      if (!existsSync(dir)) {
-        mkdirSync(dir, { recursive: true });
-      }
+      ensureDir(dirname(filePath));
 
       let oldContent = '';
-      const isNewFile = !existsSync(filePath);
+      const isNewFile = !pathExists(filePath);
       if (!isNewFile) {
         try {
           oldContent = readFileSync(filePath, 'utf-8');

package/src/tools/skills/skill-script-runner.ts

@@ -1,8 +1,9 @@
 import type { ToolExecutionResult, ToolContext, ExecutionTarget } from '../types.js';
 import type { SkillToolScript } from './script-contract.js';
-import { join, resolve } from 'node:path';
+import { basename, join, resolve } from 'node:path';
 import { runSkillToolScriptSandbox } from './sandbox-runner.js';
 import { computeSkillVersionHash } from '../../skills/version-hash.js';
+import { bundledToolRegistry } from '../../config/bundled-tool-registry.js';
 
 export interface RunSkillToolScriptOptions {
   /** Where to execute: 'host' runs in-process, 'sandbox' runs in an isolated subprocess. */
@@ -17,6 +18,10 @@ export interface RunSkillToolScriptOptions {
    *  to `computeSkillVersionHash` from the version-hash module. Provided as an
    *  option to support testing and custom resolution strategies. */
   skillDirHashResolver?: (skillDir: string) => string;
+  /** Whether this is a bundled (first-party) skill. When true and running inside
+   *  a compiled binary, the runner uses the pre-imported bundled tool registry
+   *  instead of a dynamic filesystem import. */
+  bundled?: boolean;
 }
 
 /**
@@ -65,20 +70,30 @@ export async function runSkillToolScript(
     }
   }
 
-  let module: SkillToolScript;
-  try {
-    module = await import(scriptPath);
-  } catch (err) {
-    const message = err instanceof Error ? err.message : String(err);
-    return { content: `Failed to load skill tool script "${executorPath}": ${message}`, isError: true };
+  // For bundled skills, use the pre-imported registry instead of dynamic import.
+  // In compiled binaries the scripts' relative imports (e.g. ../../../../tools/...)
+  // can't resolve because those modules are inside the virtual /$bunfs/ filesystem.
+  let module: SkillToolScript | undefined;
+  if (options?.bundled) {
+    const registryKey = `${basename(skillDir)}:${executorPath}`;
+    module = bundledToolRegistry.get(registryKey);
+  }
+
+  if (!module) {
+    try {
+      module = await import(scriptPath);
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      return { content: `Failed to load skill tool script "${executorPath}": ${message}`, isError: true };
+    }
   }
 
-  if (typeof module.run !== 'function') {
+  if (typeof module!.run !== 'function') {
     return { content: `Skill tool script "${executorPath}" does not export a "run" function`, isError: true };
   }
 
   try {
-    return await module.run(input, context);
+    return await module!.run(input, context);
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
     return { content: `Skill tool script "${executorPath}" threw an error: ${message}`, isError: true };

package/src/tools/skills/skill-tool-factory.ts

@@ -45,6 +45,7 @@ export function createSkillTool(
       return runSkillToolScript(skillDir, entry.executor, input, context, {
         target: entry.execution_target,
         expectedSkillVersionHash: versionHash,
+        bundled,
       });
     },
   };

package/src/tools/tasks/work-item-enqueue.ts

@@ -126,7 +126,7 @@ export async function executeTaskListAdd(
       if (workItem.notes) {
         lines.push(`  Notes: ${workItem.notes}`);
       }
-      if (workItem.sortIndex !== null) {
+      if (workItem.sortIndex !== undefined) {
         lines.push(`  Sort index: ${workItem.sortIndex}`);
       }
 
@@ -221,7 +221,7 @@ export async function executeTaskListAdd(
     if (workItem.notes) {
       lines.push(`  Notes: ${workItem.notes}`);
     }
-    if (workItem.sortIndex !== null) {
+    if (workItem.sortIndex !== undefined) {
       lines.push(`  Sort index: ${workItem.sortIndex}`);
     }
 

package/src/tools/terminal/evaluate-typescript.ts

@@ -8,6 +8,7 @@ import type { ToolDefinition } from '../../providers/types.js';
 import { registerTool } from '../registry.js';
 import { getConfig } from '../../config/loader.js';
 import { getLogger } from '../../util/logger.js';
+import { parseJsonSafe } from '../../util/json.js';
 import { wrapCommand } from './sandbox.js';
 import { buildSanitizedEnv } from './safe-env.js';
 
@@ -126,9 +127,7 @@ export class EvaluateTypescriptTool implements Tool {
     if (Buffer.byteLength(mockInputJson) > MAX_MOCK_INPUT_BYTES) {
       return { content: `Error: mock_input_json exceeds maximum size of ${MAX_MOCK_INPUT_BYTES} bytes`, isError: true };
     }
-    try {
-      JSON.parse(mockInputJson);
-    } catch {
+    if (parseJsonSafe(mockInputJson) === undefined && mockInputJson.trim() !== 'null') {
       return { content: 'Error: mock_input_json must be valid JSON', isError: true };
     }
 
@@ -170,7 +169,7 @@ export class EvaluateTypescriptTool implements Tool {
     timeoutSec: number,
     timeoutMs: number,
     maxOutputChars: number,
-    _context: ToolContext,
+    context: ToolContext,
   ): Promise<EvalResult> {
     return new Promise<EvalResult>((resolve) => {
       const startTime = Date.now();
@@ -198,11 +197,24 @@ export class EvaluateTypescriptTool implements Tool {
         child.kill('SIGKILL');
       }, timeoutMs);
 
+      // Cooperative cancellation via AbortSignal
+      const onAbort = () => {
+        child.kill('SIGKILL');
+      };
+      if (context.signal) {
+        if (context.signal.aborted) {
+          child.kill('SIGKILL');
+        } else {
+          context.signal.addEventListener('abort', onAbort, { once: true });
+        }
+      }
+
       child.stdout.on('data', (data: Buffer) => stdoutChunks.push(data));
       child.stderr.on('data', (data: Buffer) => stderrChunks.push(data));
 
       child.on('close', (code) => {
         clearTimeout(timer);
+        context.signal?.removeEventListener('abort', onAbort);
         const durationMs = Date.now() - startTime;
 
         let stdout = Buffer.concat(stdoutChunks).toString();
@@ -222,14 +234,10 @@ export class EvaluateTypescriptTool implements Tool {
             const lineStart = stdout.lastIndexOf('\n', markerIdx) + 1;
             const lineEnd = stdout.indexOf('\n', markerIdx);
             const line = stdout.slice(lineStart, lineEnd === -1 ? undefined : lineEnd);
-            try {
-              const parsed = JSON.parse(line);
-              if (parsed && typeof parsed === 'object' && '__eval_result' in parsed) {
-                result = parsed.__eval_result;
-                break;
-              }
-            } catch {
-              // malformed line — continue scanning earlier occurrences
+            const parsed = parseJsonSafe<Record<string, unknown>>(line);
+            if (parsed && typeof parsed === 'object' && '__eval_result' in parsed) {
+              result = parsed.__eval_result;
+              break;
             }
             searchFrom = lineStart;
           }
@@ -256,6 +264,7 @@ export class EvaluateTypescriptTool implements Tool {
 
       child.on('error', (err) => {
         clearTimeout(timer);
+        context.signal?.removeEventListener('abort', onAbort);
         const durationMs = Date.now() - startTime;
         resolve({
           ok: false,