@visorcraft/idlehands 2.0.1 → 2.1.0

package/dist/agent/tool-name-alias.js

@@ -0,0 +1,140 @@
+/**
+ * Tool Name Aliasing
+ *
+ * Local and third-party models frequently hallucinate tool names — calling
+ * `bash` instead of `exec`, `file_read` instead of `read_file`, etc.
+ * This module maps common aliases to the canonical Idle Hands tool names.
+ *
+ * Inspired by ZeroClaw's `map_tool_name_alias()`.
+ */
+const ALIAS_MAP = {
+    // ── exec ──────────────────────────────────────────────────────────────
+    shell: 'exec',
+    bash: 'exec',
+    sh: 'exec',
+    command: 'exec',
+    cmd: 'exec',
+    run: 'exec',
+    execute: 'exec',
+    terminal: 'exec',
+    run_command: 'exec',
+    run_shell: 'exec',
+    execute_command: 'exec',
+    // ── read_file ─────────────────────────────────────────────────────────
+    file_read: 'read_file',
+    fileread: 'read_file',
+    readfile: 'read_file',
+    cat: 'read_file',
+    view_file: 'read_file',
+    open_file: 'read_file',
+    get_file: 'read_file',
+    show_file: 'read_file',
+    // ── read_files ────────────────────────────────────────────────────────
+    file_reads: 'read_files',
+    batch_read: 'read_files',
+    // ── write_file ────────────────────────────────────────────────────────
+    file_write: 'write_file',
+    filewrite: 'write_file',
+    writefile: 'write_file',
+    create_file: 'write_file',
+    save_file: 'write_file',
+    // ── edit_file ─────────────────────────────────────────────────────────
+    file_edit: 'edit_file',
+    fileedit: 'edit_file',
+    editfile: 'edit_file',
+    replace: 'edit_file',
+    str_replace: 'edit_file',
+    str_replace_editor: 'edit_file',
+    search_replace: 'edit_file',
+    // ── edit_range ────────────────────────────────────────────────────────
+    range_edit: 'edit_range',
+    replace_range: 'edit_range',
+    replace_lines: 'edit_range',
+    edit_lines: 'edit_range',
+    // ── insert_file ───────────────────────────────────────────────────────
+    file_insert: 'insert_file',
+    insert: 'insert_file',
+    append_file: 'insert_file',
+    prepend_file: 'insert_file',
+    // ── list_dir ──────────────────────────────────────────────────────────
+    file_list: 'list_dir',
+    filelist: 'list_dir',
+    listfiles: 'list_dir',
+    list_files: 'list_dir',
+    ls: 'list_dir',
+    listdir: 'list_dir',
+    directory_list: 'list_dir',
+    list_directory: 'list_dir',
+    // ── search_files ──────────────────────────────────────────────────────
+    search: 'search_files',
+    grep: 'search_files',
+    find_files: 'search_files',
+    file_search: 'search_files',
+    ripgrep: 'search_files',
+    rg: 'search_files',
+    // ── apply_patch ───────────────────────────────────────────────────────
+    patch: 'apply_patch',
+    diff: 'apply_patch',
+    apply_diff: 'apply_patch',
+    // ── spawn_task ────────────────────────────────────────────────────────
+    delegate: 'spawn_task',
+    sub_agent: 'spawn_task',
+    subagent: 'spawn_task',
+    // ── vault_search ──────────────────────────────────────────────────────
+    memory_recall: 'vault_search',
+    recall: 'vault_search',
+    // ── vault_note ────────────────────────────────────────────────────────
+    memory_store: 'vault_note',
+    store: 'vault_note',
+};
+/**
+ * Resolve a tool name alias to the canonical Idle Hands tool name.
+ * Returns the canonical name if an alias is found, or the original name
+ * if no alias matches (case-insensitive lookup).
+ */
+export function resolveToolAlias(name) {
+    const normalized = name.trim().toLowerCase();
+    const canonical = ALIAS_MAP[normalized];
+    if (canonical) {
+        return { resolved: canonical, wasAliased: true };
+    }
+    // Also check with underscores/hyphens normalized
+    const dehyphenated = normalized.replace(/-/g, '_');
+    const canonical2 = ALIAS_MAP[dehyphenated];
+    if (canonical2) {
+        return { resolved: canonical2, wasAliased: true };
+    }
+    return { resolved: name, wasAliased: false };
+}
+/**
+ * Default parameter name for a given tool, used when parsing shortened
+ * tool call formats (e.g., `shell>ls` → `{command: "ls"}`).
+ */
+export function defaultParamForTool(toolName) {
+    const resolved = resolveToolAlias(toolName).resolved;
+    switch (resolved) {
+        case 'exec':
+            return 'command';
+        case 'read_file':
+        case 'read_files':
+        case 'write_file':
+        case 'edit_file':
+        case 'edit_range':
+        case 'insert_file':
+        case 'list_dir':
+            return 'path';
+        case 'search_files':
+            return 'pattern';
+        case 'apply_patch':
+            return 'patch';
+        case 'vault_search':
+            return 'query';
+        case 'vault_note':
+            return 'key';
+        case 'spawn_task':
+            return 'task';
+        default:
+            return 'input';
+    }
+}
+//# sourceMappingURL=tool-name-alias.js.map

package/dist/agent/tool-name-alias.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-name-alias.js","sourceRoot":"","sources":["../../src/agent/tool-name-alias.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,SAAS,GAA2B;IACxC,yEAAyE;IACzE,KAAK,EAAE,MAAM;IACb,IAAI,EAAE,MAAM;IACZ,EAAE,EAAE,MAAM;IACV,OAAO,EAAE,MAAM;IACf,GAAG,EAAE,MAAM;IACX,GAAG,EAAE,MAAM;IACX,OAAO,EAAE,MAAM;IACf,QAAQ,EAAE,MAAM;IAChB,WAAW,EAAE,MAAM;IACnB,SAAS,EAAE,MAAM;IACjB,eAAe,EAAE,MAAM;IAEvB,yEAAyE;IACzE,SAAS,EAAE,WAAW;IACtB,QAAQ,EAAE,WAAW;IACrB,QAAQ,EAAE,WAAW;IACrB,GAAG,EAAE,WAAW;IAChB,SAAS,EAAE,WAAW;IACtB,SAAS,EAAE,WAAW;IACtB,QAAQ,EAAE,WAAW;IACrB,SAAS,EAAE,WAAW;IAEtB,yEAAyE;IACzE,UAAU,EAAE,YAAY;IACxB,UAAU,EAAE,YAAY;IAExB,yEAAyE;IACzE,UAAU,EAAE,YAAY;IACxB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IACvB,WAAW,EAAE,YAAY;IACzB,SAAS,EAAE,YAAY;IAEvB,yEAAyE;IACzE,SAAS,EAAE,WAAW;IACtB,QAAQ,EAAE,WAAW;IACrB,QAAQ,EAAE,WAAW;IACrB,OAAO,EAAE,WAAW;IACpB,WAAW,EAAE,WAAW;IACxB,kBAAkB,EAAE,WAAW;IAC/B,cAAc,EAAE,WAAW;IAE3B,yEAAyE;IACzE,UAAU,EAAE,YAAY;IACxB,aAAa,EAAE,YAAY;IAC3B,aAAa,EAAE,YAAY;IAC3B,UAAU,EAAE,YAAY;IAExB,yEAAyE;IACzE,WAAW,EAAE,aAAa;IAC1B,MAAM,EAAE,aAAa;IACrB,WAAW,EAAE,aAAa;IAC1B,YAAY,EAAE,aAAa;IAE3B,yEAAyE;IACzE,SAAS,EAAE,UAAU;IACrB,QAAQ,EAAE,UAAU;IACpB,SAAS,EAAE,UAAU;IACrB,UAAU,EAAE,UAAU;IACtB,EAAE,EAAE,UAAU;IACd,OAAO,EAAE,UAAU;IACnB,cAAc,EAAE,UAAU;IAC1B,cAAc,EAAE,UAAU;IAE1B,yEAAyE;IACzE,MAAM,EAAE,cAAc;IACtB,IAAI,EAAE,cAAc;IACpB,UAAU,EAAE,cAAc;IAC1B,WAAW,EAAE,cAAc;IAC3B,OAAO,EAAE,cAAc;IACvB,EAAE,EAAE,cAAc;IAElB,yEAAyE;IACzE,KAAK,EAAE,aAAa;IACpB,IAAI,EAAE,aAAa;IACnB,UAAU,EAAE,aAAa;IAEzB,yEAAyE;IACzE,QAAQ,EAAE,YAAY;IACtB,SAAS,EAAE,YAAY;IACvB,QAAQ,EAAE,YAAY;IAEtB,yEAAyE;IACzE,aAAa,EAAE,cAAc;IAC7B,MAAM,EAAE,cAAc;IAEtB,yEAAyE;IACzE,YAAY,EAAE,YAAY;IAC1B,KAAK,EAAE,YAAY;CACpB,CAAC;AAEF;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAY;IAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC7C,MAAM,SAAS,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;IACxC,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;IACnD,CAAC;IACD,iDAAiD;IACjD,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACnD,MAAM,UAAU,GAAG,SAAS,CAAC,YAAY,CAAC,CAAC;IAC3C,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;IACpD,CAAC;IACD,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAgB;IAClD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC;IACrD,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,MAAM;YACT,OAAO,SAAS,CAAC;QACnB,KAAK,WAAW,CAAC;QACjB,KAAK,YAAY,CAAC;QAClB,KAAK,YAAY,CAAC;QAClB,KAAK,WAAW,CAAC;QACjB,KAAK,YAAY,CAAC;QAClB,KAAK,aAAa,CAAC;QACnB,KAAK,UAAU;YACb,OAAO,MAAM,CAAC;QAChB,KAAK,cAAc;YACjB,OAAO,SAAS,CAAC;QACnB,KAAK,aAAa;YAChB,OAAO,OAAO,CAAC;QACjB,KAAK,cAAc;YACjB,OAAO,OAAO,CAAC;QACjB,KAAK,YAAY;YACf,OAAO,KAAK,CAAC;QACf,KAAK,YAAY;YACf,OAAO,MAAM,CAAC;QAChB;YACE,OAAO,OAAO,CAAC;IACnB,CAAC;AACH,CAAC"}

package/dist/agent.js

@@ -9,6 +9,11 @@ import { reviewArtifactKeys, looksLikeCodeReviewRequest, looksLikeReviewRetrieva
 import { capApprovalMode, ensureInformativeAssistantText, isContextWindowExceededError, makeAbortController, userContentToText, userDisallowsDelegation, } from './agent/session-utils.js';
 import { buildSubAgentContextBlock, extractLensBody } from './agent/subagent-context.js';
 import { parseToolCallsFromContent, getMissingRequiredParams, getArgValidationIssues, stripMarkdownFences, parseJsonArgs, } from './agent/tool-calls.js';
+import { resolveToolAlias } from './agent/tool-name-alias.js';
+import { buildDefaultSystemPrompt } from './agent/prompt-builder.js';
+import { LeakDetector } from './security/leak-detector.js';
+import { PromptGuard } from './security/prompt-guard.js';
+import { ResponseCache } from './agent/response-cache.js';
 import { ToolLoopGuard } from './agent/tool-loop-guard.js';
 import { isLspTool, isMutationTool, isReadOnlyTool, planModeSummary } from './agent/tool-policy.js';
 import { buildToolsSchema } from './agent/tools-schema.js';
@@ -33,32 +38,10 @@ import * as tools from './tools.js';
 import { stateDir, timestampedId } from './utils.js';
 import { VaultStore } from './vault.js';
 export { parseToolCallsFromContent };
-const SYSTEM_PROMPT = `You are a coding agent with filesystem and shell access. Execute the user's request using the provided tools.
-
-Rules:
-- Work in the current directory. Use relative paths for all file operations.
-- Do the work directly. Do NOT use spawn_task to delegate the user's primary request — only use it for genuinely independent subtasks that benefit from parallel execution.
-- Never use spawn_task to bypass confirmation/safety restrictions (for example blocked package installs). If a command is blocked, adapt the plan or ask the user for approval mode changes.
-- Read the target file before editing. You need the exact text for search/replace.
-- Use read_file with search=... to jump to relevant code; avoid reading whole files.
-- Never call read_file/read_files/list_dir twice in a row with identical arguments (same path/options). Reuse the previous result instead.
-- Prefer apply_patch or edit_range for code edits (token-efficient). Use edit_file only when exact old_text replacement is necessary.
-- Tool-call arguments MUST be strict JSON (double-quoted keys/strings, no comments, no trailing commas).
-- edit_range example: {"path":"src/foo.ts","start_line":10,"end_line":14,"replacement":"line A\nline B"}
-- apply_patch example: {"patch":"--- a/src/foo.ts\n+++ b/src/foo.ts\n@@ -10,2 +10,2 @@\n-old\n+new","files":["src/foo.ts"]}
-- write_file is for new files or explicit full rewrites only. Existing non-empty files require overwrite=true/force=true.
-- Use insert_file for insertions (prepend/append/line).
-- Use exec to run commands, tests, builds; check results before reporting success.
-- When running commands in a subdirectory, use exec's cwd parameter — NOT "cd /path && cmd". Each exec call is a fresh shell; cd does not persist.
-- Batch work: read all files you need, then apply all edits, then verify.
-- Be concise. Report what you changed and why.
-- Do NOT read every file in a directory. Use search_files or exec with grep to locate relevant code first, then read only the files that match.
-- If search_files returns 0 matches, try a broader pattern or use: exec grep -rn "keyword" path/
-- Anton (the autonomous task runner) is ONLY activated when the user explicitly invokes /anton. Never self-activate as Anton or start processing task files on your own.
-
-Tool call format:
-- Use tool_calls. Do not write JSON tool invocations in your message text.
-`;
+// System prompt is now built dynamically by the modular prompt builder.
+// See src/agent/prompt-builder.ts for section definitions.
+// The old monolithic SYSTEM_PROMPT is replaced by buildDefaultSystemPrompt().
+const SYSTEM_PROMPT = buildDefaultSystemPrompt();
 export async function createSession(opts) {
     const cfg = opts.config;
     const projectDir = cfg.dir ?? process.cwd();
@@ -145,11 +128,13 @@ export async function createSession(opts) {
     // whether the harness wants a higher value — harness.defaults.max_tokens wins
     // when it's larger than the base default (16384), unless the user explicitly
     // configured a value in their config file or CLI.
-    let { maxTokens, temperature, topP } = deriveGenerationParams({
+    let { maxTokens, temperature, topP, frequencyPenalty, presencePenalty } = deriveGenerationParams({
         harness,
         configuredMaxTokens: cfg.max_tokens,
         configuredTemperature: cfg.temperature,
         configuredTopP: cfg.top_p,
+        configuredFrequencyPenalty: cfg.frequency_penalty,
+        configuredPresencePenalty: cfg.presence_penalty,
         baseMaxTokens: BASE_MAX_TOKENS,
     });
     const harnessVaultMode = harness.defaults?.trifecta?.vaultMode || 'off';
@@ -1214,11 +1199,13 @@ export async function createSession(opts) {
             previousContextWindow: contextWindow,
             modelMeta: nextMeta,
         });
-        ({ maxTokens, temperature, topP } = deriveGenerationParams({
+        ({ maxTokens, temperature, topP, frequencyPenalty, presencePenalty } = deriveGenerationParams({
             harness,
             configuredMaxTokens: cfg.max_tokens,
             configuredTemperature: cfg.temperature,
             configuredTopP: cfg.top_p,
+            configuredFrequencyPenalty: cfg.frequency_penalty,
+            configuredPresencePenalty: cfg.presence_penalty,
             baseMaxTokens: BASE_MAX_TOKENS,
         }));
         // Update system prompt for the new model/harness
@@ -1414,6 +1401,41 @@ export async function createSession(opts) {
             }
             sessionMetaPending = null;
         }
+        // ── Auto vault context injection ─────────────────────────────────
+        // Search the vault for entries relevant to the user's instruction and
+        // prepend them to the user message so the model has context without
+        // needing to call vault_search. Inspired by ZeroClaw's build_context().
+        if (vault && vaultEnabled) {
+            try {
+                const queryText = typeof instruction === 'string'
+                    ? instruction
+                    : instruction
+                        .filter((p) => p.type === 'text')
+                        .map((p) => p.text)
+                        .join(' ');
+                const vaultQuery = queryText.trim().slice(0, 200);
+                if (vaultQuery.length >= 10) {
+                    const vaultHits = await vault.search(vaultQuery, 4);
+                    if (vaultHits.length > 0) {
+                        const vaultLines = vaultHits.map((r) => {
+                            const title = r.kind === 'note' ? `note:${r.key}` : `tool:${r.tool || r.key || 'unknown'}`;
+                            const body = (r.value ?? r.snippet ?? r.content ?? '').replace(/\s+/g, ' ').slice(0, 160);
+                            return `- ${title}: ${body}`;
+                        });
+                        const vaultBlock = `[Vault context]\n${vaultLines.join('\n')}\n`;
+                        if (typeof userContent === 'string') {
+                            userContent = `${vaultBlock}\n${userContent}`;
+                        }
+                        else {
+                            userContent = [{ type: 'text', text: vaultBlock }, ...userContent];
+                        }
+                    }
+                }
+            }
+            catch {
+                // Vault search is best-effort; don't fail the turn
+            }
+        }
         messages.push({ role: 'user', content: userContent });
         const hookObj = typeof hooks === 'function' ? { onToken: hooks } : (hooks ?? {});
         let turns = 0;
@@ -1709,6 +1731,21 @@ export async function createSession(opts) {
         const toolLoopWarningKeys = new Set();
         let forceToollessRecoveryTurn = false;
         let toollessRecoveryUsed = false;
+        // ── Security: credential leak detection + prompt injection guard ──
+        const leakDetector = new LeakDetector();
+        const promptGuard = new PromptGuard('warn');
+        // ── Performance: response cache for repeated identical prompts ──
+        let responseCache;
+        try {
+            responseCache = new ResponseCache({
+                cacheDir: path.join(projectDir, '.idlehands', 'cache'),
+                ttlMinutes: 60,
+                maxEntries: 200,
+            });
+        }
+        catch {
+            // Cache init failure is non-fatal — proceed without caching
+        }
         // Prevent repeating the same "stop rerunning" reminder every turn.
         const readOnlyExecHintedSigs = new Set();
         // Tool loop recovery: poisoned results and selective tool suppression.
@@ -1985,22 +2022,65 @@ export async function createSession(opts) {
                             ? []
                             : getToolsSchema().filter((t) => !suppressedTools.has(t.function.name));
                         const toolChoiceForTurn = cfg.no_tools || forceToollessRecoveryTurn ? 'none' : 'auto';
-                        resp = await client.chatStream({
-                            model,
-                            messages,
-                            tools: toolsForTurn,
-                            tool_choice: toolChoiceForTurn,
-                            temperature,
-                            top_p: topP,
-                            max_tokens: maxTokens,
-                            extra: { cache_prompt: cfg.cache_prompt ?? true },
-                            signal: ac.signal,
-                            requestId: `r${reqCounter}`,
-                            onToken: hookObj.onToken,
-                            onFirstDelta,
-                        });
+                        // ── Response cache: check for cached response ──────────────
+                        // Only cache tool-less turns (final answers, explanations) since
+                        // tool-calling turns have side effects that shouldn't be replayed.
+                        const cacheableRequest = toolsForTurn.length === 0 && !!responseCache;
+                        const lastUserMsg = messages.filter((m) => m.role === 'user').pop();
+                        const userPromptForCache = typeof lastUserMsg?.content === 'string' ? lastUserMsg.content : '';
+                        const systemPromptForCache = messages.find((m) => m.role === 'system')?.content ?? '';
+                        if (cacheableRequest && userPromptForCache.length >= 10) {
+                            const cached = responseCache.get(model, systemPromptForCache, userPromptForCache);
+                            if (cached) {
+                                resp = {
+                                    id: 'cache-hit',
+                                    choices: [{
+                                            index: 0,
+                                            message: { role: 'assistant', content: cached },
+                                            finish_reason: 'stop',
+                                        }],
+                                };
+                                if (cfg.verbose)
+                                    console.log('[response-cache] cache hit, skipping API call');
+                            }
+                        }
+                        if (!resp) {
+                            resp = await client.chatStream({
+                                model,
+                                messages,
+                                tools: toolsForTurn,
+                                tool_choice: toolChoiceForTurn,
+                                temperature,
+                                top_p: topP,
+                                max_tokens: maxTokens,
+                                extra: {
+                                    cache_prompt: cfg.cache_prompt ?? true,
+                                    // Speculative decoding: draft model params for llama-server
+                                    ...(cfg.draft_model ? { draft_model: cfg.draft_model } : {}),
+                                    ...(cfg.draft_n ? { speculative: { n: cfg.draft_n, p_min: cfg.draft_p_min ?? 0.5 } } : {}),
+                                    ...(frequencyPenalty && { frequency_penalty: frequencyPenalty }),
+                                    ...(presencePenalty && { presence_penalty: presencePenalty }),
+                                },
+                                signal: ac.signal,
+                                requestId: `r${reqCounter}`,
+                                onToken: hookObj.onToken,
+                                onFirstDelta,
+                            });
+                        } // end if (!resp) — cache miss path
                         // Successful response resets overflow recovery budget.
                         overflowCompactionAttempts = 0;
+                        // ── Response cache: store cacheable responses ─────────────
+                        if (cacheableRequest && userPromptForCache.length >= 10 && resp.id !== 'cache-hit') {
+                            const respContent = resp.choices?.[0]?.message?.content;
+                            if (respContent && typeof respContent === 'string') {
+                                try {
+                                    responseCache.set(model, systemPromptForCache, userPromptForCache, respContent, resp.usage?.completion_tokens ?? 0);
+                                }
+                                catch {
+                                    // Cache write failure is non-fatal
+                                }
+                            }
+                        }
                     }
                     catch (e) {
                         if (isContextWindowExceededError(e) &&
@@ -2535,7 +2615,13 @@ export async function createSession(opts) {
                         throw new AgentLoopBreak('critical tool-loop persisted after one tools-disabled recovery turn. Stopping to avoid infinite loop.');
                     }
                     const runOne = async (tc) => {
-                        const name = tc.function.name;
+                        // Resolve tool name aliases (bash→exec, file_read→read_file, etc.)
+                        const rawName = tc.function.name;
+                        const { resolved: name, wasAliased } = resolveToolAlias(rawName);
+                        if (wasAliased) {
+                            // Patch the tool call in-place so downstream code (loop guard, etc.) sees the canonical name
+                            tc.function.name = name;
+                        }
                         const rawArgs = tc.function.arguments ?? '{}';
                         const callId = resolveCallId(tc);
                         toolNameByCallId.set(callId, name);
@@ -2850,6 +2936,19 @@ export async function createSession(opts) {
                                 content += `\n\n[WARNING: You have read this exact same resource ${consec}x consecutively with identical arguments. The content has NOT changed. Do NOT read it again. Use the information above and move on to the next step.]`;
                             }
                         }
+                        // ── Early truncation pass ──────────────────────────────────
+                        // Cap extremely large tool output (>50KB) early to avoid
+                        // running leak detection, loop guard, and other processing
+                        // on megabytes of npm install / build output. The final
+                        // precise truncation still happens before return.
+                        const EARLY_TRUNCATION_LIMIT = 50_000;
+                        if (content.length > EARLY_TRUNCATION_LIMIT) {
+                            const headLen = Math.floor(EARLY_TRUNCATION_LIMIT * 0.8);
+                            const tailLen = EARLY_TRUNCATION_LIMIT - headLen - 100;
+                            content = content.slice(0, headLen) +
+                                `\n\n[...${content.length - headLen - tailLen} chars truncated for processing efficiency...]\n\n` +
+                                content.slice(-tailLen);
+                        }
                         // Hook: onToolResult (Phase 8.5 + Phase 7 rich display)
                         let toolSuccess = true;
                         let summary = reusedCachedReadOnlyExec
@@ -2990,6 +3089,10 @@ export async function createSession(opts) {
                                 }
                             }
                         }
+                        // ── Credential leak scrubbing ─────────────────────────────
+                        // Scan tool output for credential leaks before passing back
+                        // to the model (and potentially to a chat channel).
+                        content = leakDetector.redactIfNeeded(content);
                         // Context-aware truncation: cap oversized tool results before returning
                         // to prevent blowing out the context window on subsequent LLM calls.
                         const truncated = truncateToolResultContent(content, contextWindow);