@within-7/minto 0.1.7 → 0.3.0

package/dist/tools/BashTool/prompt.js

@@ -7,13 +7,15 @@ import { LSTool } from "../lsTool/lsTool.js";
 const MAX_OUTPUT_LENGTH = 3e4;
 const MAX_RENDERED_LINES = 5;
 const BANNED_COMMANDS = [
-  "alias",
+  // Network tools - data exfiltration risk
   "curl",
   "curlie",
   "wget",
   "axel",
   "aria2c",
   "nc",
+  "netcat",
+  "ncat",
   "telnet",
   "lynx",
   "w3m",
@@ -21,10 +23,339 @@ const BANNED_COMMANDS = [
   "httpie",
   "xh",
   "http-prompt",
+  "ftp",
+  "sftp",
+  "scp",
+  "rsync",
+  "socat",
+  "nmap",
+  "tcpdump",
+  "wireshark",
+  "tshark",
+  // Browsers - could open external content
   "chrome",
+  "chromium",
   "firefox",
-  "safari"
+  "safari",
+  "opera",
+  "brave",
+  "open",
+  // macOS open command could launch apps/URLs
+  // Privilege escalation - dangerous system access
+  "sudo",
+  "su",
+  "doas",
+  "pkexec",
+  "gksudo",
+  "kdesudo",
+  // Shell execution - could bypass restrictions
+  "eval",
+  "source",
+  "exec",
+  "bash",
+  "sh",
+  "zsh",
+  "fish",
+  "csh",
+  "tcsh",
+  "ksh",
+  "dash",
+  "ash",
+  "xargs",
+  // Can execute arbitrary commands
+  "parallel",
+  // GNU parallel can execute commands
+  "xonsh",
+  "powershell",
+  "pwsh",
+  "cmd",
+  // Dangerous file operations - data loss risk
+  "rm",
+  "rmdir",
+  "shred",
+  "srm",
+  "wipe",
+  "dd",
+  // Can overwrite disks
+  "mkfs",
+  // Can format disks
+  "fdisk",
+  "parted",
+  "wipefs",
+  // System modification - could damage system
+  "chmod",
+  "chown",
+  "chgrp",
+  "chattr",
+  "setfacl",
+  "shutdown",
+  "reboot",
+  "poweroff",
+  "halt",
+  "init",
+  "systemctl",
+  "service",
+  "launchctl",
+  // macOS service control
+  // Process control - could affect system stability
+  "kill",
+  "killall",
+  "pkill",
+  // Aliases and functions - could hide malicious commands
+  "alias",
+  "unalias",
+  "function",
+  // Cron/scheduling - persistent access
+  "crontab",
+  "at",
+  "atq",
+  "atrm",
+  // User management - privilege escalation
+  "useradd",
+  "userdel",
+  "usermod",
+  "groupadd",
+  "groupdel",
+  "groupmod",
+  "passwd",
+  "chpasswd",
+  // Package managers - could install malware
+  "apt",
+  "apt-get",
+  "aptitude",
+  "dpkg",
+  "yum",
+  "dnf",
+  "rpm",
+  "pacman",
+  "brew",
+  "port",
+  // MacPorts
+  "pip",
+  "pip3",
+  "npm",
+  "yarn",
+  "pnpm",
+  "gem",
+  "cargo",
+  "go",
+  // go install could install packages
+  // Compilers/interpreters with execution capability
+  "python",
+  "python3",
+  "python2",
+  "ruby",
+  "perl",
+  "php",
+  "node",
+  "deno",
+  "bun",
+  "lua",
+  "awk",
+  "gawk",
+  "mawk",
+  "nawk",
+  "sed",
+  // Can execute commands with e flag
+  // Container/VM - could escape sandbox
+  "docker",
+  "podman",
+  "kubectl",
+  "vagrant",
+  "virsh",
+  "qemu",
+  "virtualbox",
+  "vboxmanage",
+  // System info that could aid attacks
+  "env",
+  // Exposes environment variables including secrets
+  // Encryption/keys - could exfiltrate secrets
+  "gpg",
+  "openssl",
+  "ssh-keygen",
+  "ssh-agent",
+  "ssh-add"
+];
+const DANGEROUS_PATTERN_METADATA = [
+  // CRITICAL: Command Injection & Execution Bypass
+  {
+    pattern: /\$\([^)]+\)/,
+    name: "command substitution $(...)",
+    severity: "critical"
+  },
+  {
+    pattern: /`[^`]+`/,
+    name: "backtick command substitution",
+    severity: "critical"
+  },
+  {
+    pattern: /;\s*(rm|chmod|chown|dd|mkfs)\b/i,
+    name: "chained destructive command",
+    severity: "critical"
+  },
+  {
+    pattern: /&&\s*(rm|chmod|chown|dd|mkfs)\b/i,
+    name: "conditional destructive command",
+    severity: "critical"
+  },
+  {
+    pattern: /\|\s*bash\b/i,
+    name: "pipe to bash",
+    severity: "critical"
+  },
+  {
+    pattern: /\|\s*sh\b/i,
+    name: "pipe to sh",
+    severity: "critical"
+  },
+  {
+    pattern: /curl.*\|\s*(bash|sh)\b/i,
+    name: "curl pipe to shell",
+    severity: "critical"
+  },
+  {
+    pattern: /wget.*\|\s*(bash|sh)\b/i,
+    name: "wget pipe to shell",
+    severity: "critical"
+  },
+  {
+    pattern: /eval\s+['"$]/,
+    name: "eval with dynamic input",
+    severity: "critical"
+  },
+  // CRITICAL: Destructive Operations
+  {
+    pattern: /\brm\s+-rf\s+\/(?!\S)/,
+    name: "rm -rf /",
+    severity: "critical"
+  },
+  {
+    pattern: />\s*\/dev\/sd[a-z]/i,
+    name: "write to block device",
+    severity: "critical"
+  },
+  {
+    pattern: />\s*\/dev\/nvme/i,
+    name: "write to NVMe device",
+    severity: "critical"
+  },
+  {
+    pattern: />\s*\/etc\/(passwd|shadow|sudoers)/i,
+    name: "overwrite critical system files",
+    severity: "critical"
+  },
+  {
+    pattern: />\s*\/boot\//i,
+    name: "overwrite boot files",
+    severity: "critical"
+  },
+  // CRITICAL: Fork Bomb & DoS
+  {
+    pattern: /:\(\)\s*\{\s*:\s*\|\s*:\s*&\s*\}\s*;?\s*:/,
+    name: "fork bomb pattern ()",
+    severity: "critical"
+  },
+  {
+    pattern: /\.\s*\(\)\s*\{\s*\.\s*\|\s*\.\s*&\s*\}\s*;?\s*\./,
+    name: "fork bomb pattern (.)",
+    severity: "critical"
+  },
+  // HIGH: Reverse Shell & Data Exfiltration
+  {
+    pattern: /\$\(\s*<\s*\/dev\/tcp/i,
+    name: "TCP socket connection",
+    severity: "high"
+  },
+  {
+    pattern: /\/dev\/tcp\//i,
+    name: "direct TCP device access",
+    severity: "high"
+  },
+  {
+    pattern: /\/dev\/udp\//i,
+    name: "direct UDP device access",
+    severity: "high"
+  },
+  {
+    pattern: /mkfifo.*nc/i,
+    name: "named pipe with netcat",
+    severity: "high"
+  },
+  {
+    pattern: /bash\s+-i\s+>&\s*\/dev\/tcp/i,
+    name: "interactive bash reverse shell",
+    severity: "high"
+  },
+  // HIGH: Data Encoding & Obfuscation
+  {
+    pattern: /base64\s+(-d|--decode).*\|\s*(bash|sh|eval)/i,
+    name: "base64 decode and execute",
+    severity: "high"
+  },
+  {
+    pattern: /xxd\s+-r.*\|\s*(bash|sh|eval)/i,
+    name: "hex decode and execute",
+    severity: "high"
+  },
+  // HIGH: System & Security Manipulation
+  {
+    pattern: /HISTFILE=/i,
+    name: "history file manipulation",
+    severity: "high"
+  },
+  {
+    pattern: /unset\s+HISTFILE/i,
+    name: "disable command history",
+    severity: "high"
+  },
+  {
+    pattern: /history\s+-c/i,
+    name: "clear command history",
+    severity: "high"
+  },
+  {
+    pattern: /LD_PRELOAD=/i,
+    name: "library preload injection",
+    severity: "high"
+  },
+  {
+    pattern: /LD_LIBRARY_PATH=/i,
+    name: "library path injection",
+    severity: "high"
+  },
+  {
+    pattern: /DYLD_INSERT_LIBRARIES=/i,
+    name: "macOS library injection",
+    severity: "high"
+  },
+  // MEDIUM: Suspicious Command Patterns
+  {
+    pattern: /\$\{[^}]*\}/,
+    name: "variable expansion",
+    severity: "medium"
+  }
 ];
+function detectDangerousPatterns(command) {
+  const matches = [];
+  for (const { pattern, name, severity } of DANGEROUS_PATTERN_METADATA) {
+    const match = command.match(pattern);
+    if (match) {
+      matches.push({
+        pattern: pattern.toString(),
+        name,
+        match: match[0],
+        severity
+      });
+    }
+  }
+  return matches;
+}
+function matchesDangerousPattern(command) {
+  const criticalMatches = detectDangerousPatterns(command).filter(
+    (m) => m.severity === "critical"
+  );
+  return criticalMatches.length > 0;
+}
 const PROMPT = `Executes a given bash command in a persistent shell session with optional timeout, ensuring proper handling and security measures.
 
 Before executing the command, please follow these steps:
@@ -175,6 +506,8 @@ export {
   BANNED_COMMANDS,
   MAX_OUTPUT_LENGTH,
   MAX_RENDERED_LINES,
-  PROMPT
+  PROMPT,
+  detectDangerousPatterns,
+  matchesDangerousPattern
 };
 //# sourceMappingURL=prompt.js.map

package/dist/tools/BashTool/prompt.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/tools/BashTool/prompt.ts"],
-  "sourcesContent": ["import { PRODUCT_NAME, PRODUCT_URL } from '@constants/product'\nimport { TOOL_NAME as TASK_TOOL_NAME } from '@tools/TaskTool/constants'\nimport { FileReadTool } from '@tools/FileReadTool/FileReadTool'\nimport { TOOL_NAME_FOR_PROMPT as GLOB_TOOL_NAME } from '@tools/GlobTool/prompt'\nimport { TOOL_NAME_FOR_PROMPT as GREP_TOOL_NAME } from '@tools/GrepTool/prompt'\nimport { LSTool } from '@tools/lsTool/lsTool'\n\nexport const MAX_OUTPUT_LENGTH = 30000\nexport const MAX_RENDERED_LINES = 5\nexport const BANNED_COMMANDS = [\n  'alias',\n  'curl',\n  'curlie',\n  'wget',\n  'axel',\n  'aria2c',\n  'nc',\n  'telnet',\n  'lynx',\n  'w3m',\n  'links',\n  'httpie',\n  'xh',\n  'http-prompt',\n  'chrome',\n  'firefox',\n  'safari',\n]\n\nexport const PROMPT = `Executes a given bash command in a persistent shell session with optional timeout, ensuring proper handling and security measures.\n\nBefore executing the command, please follow these steps:\n\n1. Directory Verification:\n   - If the command will create new directories or files, first use the LS tool to verify the parent directory exists and is the correct location\n   - For example, before running \"mkdir foo/bar\", first use LS to check that \"foo\" exists and is the intended parent directory\n\n2. Security Check:\n   - For security and to limit the threat of a prompt injection attack, some commands are limited or banned. If you use a disallowed command, you will receive an error message explaining the restriction. Explain the error to the User.\n   - Verify that the command is not one of the banned commands: ${BANNED_COMMANDS.join(', ')}.\n\n3. Command Execution:\n   - After ensuring proper quoting, execute the command.\n   - Capture the output of the command.\n\n4. Output Processing:\n   - If the output exceeds ${MAX_OUTPUT_LENGTH} characters, output will be truncated before being returned to you.\n   - Prepare the output for display to the user.\n\n5. Return Result:\n   - Provide the processed output of the command.\n   - If any errors occurred during execution, include those in the output.\n\nUsage notes:\n  - The command argument is required.\n  - You can specify an optional timeout in milliseconds (up to 600000ms / 10 minutes). If not specified, commands will timeout after 30 minutes.\n  - You can set run_in_background to true to run the command in the background. This is useful for long-running processes like dev servers, build watches, or monitoring tasks. When running in background, you will receive a shell_id that can be used with BashOutputTool and KillShellTool to monitor and manage the task.\n  - VERY IMPORTANT: You MUST avoid using search commands like \\`find\\` and \\`grep\\`. Instead use ${GREP_TOOL_NAME}, ${GLOB_TOOL_NAME}, or ${TASK_TOOL_NAME} to search. You MUST avoid read tools like \\`cat\\`, \\`head\\`, \\`tail\\`, and \\`ls\\`, and use ${FileReadTool.name} and ${LSTool.name} to read files.\n  - When issuing multiple commands, use the ';' or '&&' operator to separate them. DO NOT use newlines (newlines are ok in quoted strings).\n  - IMPORTANT: All commands share the same shell session. Shell state (environment variables, virtual environments, current directory, etc.) persist between commands. For example, if you set an environment variable as part of a command, the environment variable will persist for subsequent commands.\n  - Try to maintain your current working directory throughout the session by using absolute paths and avoiding usage of \\`cd\\`. You may use \\`cd\\` if the User explicitly requests it.\n  <good-example>\n  pytest /foo/bar/tests\n  </good-example>\n  <bad-example>\n  cd /foo/bar && pytest tests\n  </bad-example>\n\n# Committing changes with git\n\nWhen the user asks you to create a new git commit, follow these steps carefully:\n\n1. Start with a single message that contains exactly three tool_use blocks that do the following (it is VERY IMPORTANT that you send these tool_use blocks in a single message, otherwise it will feel slow to the user!):\n   - Run a git status command to see all untracked files.\n   - Run a git diff command to see both staged and unstaged changes that will be committed.\n   - Run a git log command to see recent commit messages, so that you can follow this repository's commit message style.\n\n2. Use the git context at the start of this conversation to determine which files are relevant to your commit. Add relevant untracked files to the staging area. Do not commit files that were already modified at the start of this conversation, if they are not relevant to your commit.\n\n3. Analyze all staged changes (both previously staged and newly added) and draft a commit message. Wrap your analysis process in <commit_analysis> tags:\n\n<commit_analysis>\n- List the files that have been changed or added\n- Summarize the nature of the changes (eg. new feature, enhancement to an existing feature, bug fix, refactoring, test, docs, etc.)\n- Brainstorm the purpose or motivation behind these changes\n- Do not use tools to explore code, beyond what is available in the git context\n- Assess the impact of these changes on the overall project\n- Check for any sensitive information that shouldn't be committed\n- Draft a concise (1-2 sentences) commit message that focuses on the \"why\" rather than the \"what\"\n- Ensure your language is clear, concise, and to the point\n- Ensure the message accurately reflects the changes and their purpose (i.e. \"add\" means a wholly new feature, \"update\" means an enhancement to an existing feature, \"fix\" means a bug fix, etc.)\n- Ensure the message is not generic (avoid words like \"Update\" or \"Fix\" without context)\n- Review the draft message to ensure it accurately reflects the changes and their purpose\n</commit_analysis>\n\n4. Create the commit with a message ending with:\n\uD83E\uDD16 Generated with ${PRODUCT_NAME} & {MODEL_NAME}\nCo-Authored-By: ${PRODUCT_NAME} <noreply@${PRODUCT_NAME}.com>\n\n- In order to ensure good formatting, ALWAYS pass the commit message via a HEREDOC, a la this example:\n<example>\ngit commit -m \"$(cat <<'EOF'\n   Commit message here.\n\n   \uD83E\uDD16 Generated with ${PRODUCT_NAME} & {MODEL_NAME}\n   Co-Authored-By: ${PRODUCT_NAME} <noreply@${PRODUCT_NAME}.com>\n   EOF\n   )\"\n</example>\n\n5. If the commit fails due to pre-commit hook changes, retry the commit ONCE to include these automated changes. If it fails again, it usually means a pre-commit hook is preventing the commit. If the commit succeeds but you notice that files were modified by the pre-commit hook, you MUST amend your commit to include them.\n\n6. Finally, run git status to make sure the commit succeeded.\n\nImportant notes:\n- When possible, combine the \"git add\" and \"git commit\" commands into a single \"git commit -am\" command, to speed things up\n- However, be careful not to stage files (e.g. with \\`git add .\\`) for commits that aren't part of the change, they may have untracked files they want to keep around, but not commit.\n- NEVER update the git config\n- DO NOT push to the remote repository\n- IMPORTANT: Never use git commands with the -i flag (like git rebase -i or git add -i) since they require interactive input which is not supported.\n- If there are no changes to commit (i.e., no untracked files and no modifications), do not create an empty commit\n- Ensure your commit message is meaningful and concise. It should explain the purpose of the changes, not just describe them.\n- Return an empty response - the user will see the git output directly\n\n# Creating pull requests\nUse the gh command via the Bash tool for ALL GitHub-related tasks including working with issues, pull requests, checks, and releases. If given a Github URL use the gh command to get the information needed.\n\nIMPORTANT: When the user asks you to create a pull request, follow these steps carefully:\n\n1. Understand the current state of the branch. Remember to send a single message that contains multiple tool_use blocks (it is VERY IMPORTANT that you do this in a single message, otherwise it will feel slow to the user!):\n   - Run a git status command to see all untracked files.\n   - Run a git diff command to see both staged and unstaged changes that will be committed.\n   - Check if the current branch tracks a remote branch and is up to date with the remote, so you know if you need to push to the remote\n   - Run a git log command and \\`git diff main...HEAD\\` to understand the full commit history for the current branch (from the time it diverged from the \\`main\\` branch.)\n\n2. Create new branch if needed\n\n3. Commit changes if needed\n\n4. Push to remote with -u flag if needed\n\n5. Analyze all changes that will be included in the pull request, making sure to look at all relevant commits (not just the latest commit, but all commits that will be included in the pull request!), and draft a pull request summary. Wrap your analysis process in <pr_analysis> tags:\n\n<pr_analysis>\n- List the commits since diverging from the main branch\n- Summarize the nature of the changes (eg. new feature, enhancement to an existing feature, bug fix, refactoring, test, docs, etc.)\n- Brainstorm the purpose or motivation behind these changes\n- Assess the impact of these changes on the overall project\n- Do not use tools to explore code, beyond what is available in the git context\n- Check for any sensitive information that shouldn't be committed\n- Draft a concise (1-2 bullet points) pull request summary that focuses on the \"why\" rather than the \"what\"\n- Ensure the summary accurately reflects all changes since diverging from the main branch\n- Ensure your language is clear, concise, and to the point\n- Ensure the summary accurately reflects the changes and their purpose (ie. \"add\" means a wholly new feature, \"update\" means an enhancement to an existing feature, \"fix\" means a bug fix, etc.)\n- Ensure the summary is not generic (avoid words like \"Update\" or \"Fix\" without context)\n- Review the draft summary to ensure it accurately reflects the changes and their purpose\n</pr_analysis>\n\n6. Create PR using gh pr create with the format below. Use a HEREDOC to pass the body to ensure correct formatting.\n<example>\ngh pr create --title \"the pr title\" --body \"$(cat <<'EOF'\n## Summary\n<1-3 bullet points>\n\n## Test plan\n[Checklist of TODOs for testing the pull request...]\n\n\uD83E\uDD16 Generated with [${PRODUCT_NAME}](${PRODUCT_URL}) & {MODEL_NAME}\nEOF\n)\"\n</example>\n\nImportant:\n- Return an empty response - the user will see the gh output directly\n- Never update git config`\n"],
-  "mappings": "AAAA,SAAS,cAAc,mBAAmB;AAC1C,SAAS,aAAa,sBAAsB;AAC5C,SAAS,oBAAoB;AAC7B,SAAS,wBAAwB,sBAAsB;AACvD,SAAS,wBAAwB,sBAAsB;AACvD,SAAS,cAAc;AAEhB,MAAM,oBAAoB;AAC1B,MAAM,qBAAqB;AAC3B,MAAM,kBAAkB;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEO,MAAM,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kEAU4C,gBAAgB,KAAK,IAAI,CAAC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,6BAO/D,iBAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mGAWqD,cAAc,KAAK,cAAc,QAAQ,cAAc,+FAA+F,aAAa,IAAI,QAAQ,OAAO,IAAI;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,2BAuCzQ,YAAY;AAAA,kBACd,YAAY,aAAa,YAAY;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,8BAOhC,YAAY;AAAA,qBACd,YAAY,aAAa,YAAY;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,4BA8DrC,YAAY,KAAK,WAAW;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;",
+  "sourcesContent": ["import { PRODUCT_NAME, PRODUCT_URL } from '@constants/product'\nimport { TOOL_NAME as TASK_TOOL_NAME } from '@tools/TaskTool/constants'\nimport { FileReadTool } from '@tools/FileReadTool/FileReadTool'\nimport { TOOL_NAME_FOR_PROMPT as GLOB_TOOL_NAME } from '@tools/GlobTool/prompt'\nimport { TOOL_NAME_FOR_PROMPT as GREP_TOOL_NAME } from '@tools/GrepTool/prompt'\nimport { LSTool } from '@tools/lsTool/lsTool'\n\nexport const MAX_OUTPUT_LENGTH = 30000\nexport const MAX_RENDERED_LINES = 5\n\n/**\n * Banned commands for security\n *\n * Categories:\n * - Network tools: Could be used for data exfiltration or network attacks\n * - System modification: Could damage the system or escalate privileges\n * - Shell execution: Could bypass command restrictions\n * - Browsers: Could open external content\n * - Dangerous file operations: Could cause data loss\n */\nexport const BANNED_COMMANDS = [\n  // Network tools - data exfiltration risk\n  'curl',\n  'curlie',\n  'wget',\n  'axel',\n  'aria2c',\n  'nc',\n  'netcat',\n  'ncat',\n  'telnet',\n  'lynx',\n  'w3m',\n  'links',\n  'httpie',\n  'xh',\n  'http-prompt',\n  'ftp',\n  'sftp',\n  'scp',\n  'rsync',\n  'socat',\n  'nmap',\n  'tcpdump',\n  'wireshark',\n  'tshark',\n\n  // Browsers - could open external content\n  'chrome',\n  'chromium',\n  'firefox',\n  'safari',\n  'opera',\n  'brave',\n  'open', // macOS open command could launch apps/URLs\n\n  // Privilege escalation - dangerous system access\n  'sudo',\n  'su',\n  'doas',\n  'pkexec',\n  'gksudo',\n  'kdesudo',\n\n  // Shell execution - could bypass restrictions\n  'eval',\n  'source',\n  'exec',\n  'bash',\n  'sh',\n  'zsh',\n  'fish',\n  'csh',\n  'tcsh',\n  'ksh',\n  'dash',\n  'ash',\n  'xargs', // Can execute arbitrary commands\n  'parallel', // GNU parallel can execute commands\n  'xonsh',\n  'powershell',\n  'pwsh',\n  'cmd',\n\n  // Dangerous file operations - data loss risk\n  'rm',\n  'rmdir',\n  'shred',\n  'srm',\n  'wipe',\n  'dd', // Can overwrite disks\n  'mkfs', // Can format disks\n  'fdisk',\n  'parted',\n  'wipefs',\n\n  // System modification - could damage system\n  'chmod',\n  'chown',\n  'chgrp',\n  'chattr',\n  'setfacl',\n  'shutdown',\n  'reboot',\n  'poweroff',\n  'halt',\n  'init',\n  'systemctl',\n  'service',\n  'launchctl', // macOS service control\n\n  // Process control - could affect system stability\n  'kill',\n  'killall',\n  'pkill',\n\n  // Aliases and functions - could hide malicious commands\n  'alias',\n  'unalias',\n  'function',\n\n  // Cron/scheduling - persistent access\n  'crontab',\n  'at',\n  'atq',\n  'atrm',\n\n  // User management - privilege escalation\n  'useradd',\n  'userdel',\n  'usermod',\n  'groupadd',\n  'groupdel',\n  'groupmod',\n  'passwd',\n  'chpasswd',\n\n  // Package managers - could install malware\n  'apt',\n  'apt-get',\n  'aptitude',\n  'dpkg',\n  'yum',\n  'dnf',\n  'rpm',\n  'pacman',\n  'brew',\n  'port', // MacPorts\n  'pip',\n  'pip3',\n  'npm',\n  'yarn',\n  'pnpm',\n  'gem',\n  'cargo',\n  'go', // go install could install packages\n\n  // Compilers/interpreters with execution capability\n  'python',\n  'python3',\n  'python2',\n  'ruby',\n  'perl',\n  'php',\n  'node',\n  'deno',\n  'bun',\n  'lua',\n  'awk',\n  'gawk',\n  'mawk',\n  'nawk',\n  'sed', // Can execute commands with e flag\n\n  // Container/VM - could escape sandbox\n  'docker',\n  'podman',\n  'kubectl',\n  'vagrant',\n  'virsh',\n  'qemu',\n  'virtualbox',\n  'vboxmanage',\n\n  // System info that could aid attacks\n  'env', // Exposes environment variables including secrets\n\n  // Encryption/keys - could exfiltrate secrets\n  'gpg',\n  'openssl',\n  'ssh-keygen',\n  'ssh-agent',\n  'ssh-add',\n]\n\n/**\n * Detailed dangerous pattern match information\n */\nexport interface DangerousPatternMatch {\n  pattern: string\n  name: string\n  match: string\n  severity: 'critical' | 'high' | 'medium'\n}\n\n/**\n * Mapping of dangerous patterns with metadata\n */\nconst DANGEROUS_PATTERN_METADATA: Array<{\n  pattern: RegExp\n  name: string\n  severity: 'critical' | 'high' | 'medium'\n}> = [\n  // CRITICAL: Command Injection & Execution Bypass\n  {\n    pattern: /\\$\\([^)]+\\)/,\n    name: 'command substitution $(...)',\n    severity: 'critical',\n  },\n  {\n    pattern: /`[^`]+`/,\n    name: 'backtick command substitution',\n    severity: 'critical',\n  },\n  {\n    pattern: /;\\s*(rm|chmod|chown|dd|mkfs)\\b/i,\n    name: 'chained destructive command',\n    severity: 'critical',\n  },\n  {\n    pattern: /&&\\s*(rm|chmod|chown|dd|mkfs)\\b/i,\n    name: 'conditional destructive command',\n    severity: 'critical',\n  },\n  {\n    pattern: /\\|\\s*bash\\b/i,\n    name: 'pipe to bash',\n    severity: 'critical',\n  },\n  {\n    pattern: /\\|\\s*sh\\b/i,\n    name: 'pipe to sh',\n    severity: 'critical',\n  },\n  {\n    pattern: /curl.*\\|\\s*(bash|sh)\\b/i,\n    name: 'curl pipe to shell',\n    severity: 'critical',\n  },\n  {\n    pattern: /wget.*\\|\\s*(bash|sh)\\b/i,\n    name: 'wget pipe to shell',\n    severity: 'critical',\n  },\n  {\n    pattern: /eval\\s+['\"$]/,\n    name: 'eval with dynamic input',\n    severity: 'critical',\n  },\n\n  // CRITICAL: Destructive Operations\n  {\n    pattern: /\\brm\\s+-rf\\s+\\/(?!\\S)/,\n    name: 'rm -rf /',\n    severity: 'critical',\n  },\n  {\n    pattern: />\\s*\\/dev\\/sd[a-z]/i,\n    name: 'write to block device',\n    severity: 'critical',\n  },\n  {\n    pattern: />\\s*\\/dev\\/nvme/i,\n    name: 'write to NVMe device',\n    severity: 'critical',\n  },\n  {\n    pattern: />\\s*\\/etc\\/(passwd|shadow|sudoers)/i,\n    name: 'overwrite critical system files',\n    severity: 'critical',\n  },\n  {\n    pattern: />\\s*\\/boot\\//i,\n    name: 'overwrite boot files',\n    severity: 'critical',\n  },\n\n  // CRITICAL: Fork Bomb & DoS\n  {\n    pattern: /:\\(\\)\\s*\\{\\s*:\\s*\\|\\s*:\\s*&\\s*\\}\\s*;?\\s*:/,\n    name: 'fork bomb pattern ()',\n    severity: 'critical',\n  },\n  {\n    pattern: /\\.\\s*\\(\\)\\s*\\{\\s*\\.\\s*\\|\\s*\\.\\s*&\\s*\\}\\s*;?\\s*\\./,\n    name: 'fork bomb pattern (.)',\n    severity: 'critical',\n  },\n\n  // HIGH: Reverse Shell & Data Exfiltration\n  {\n    pattern: /\\$\\(\\s*<\\s*\\/dev\\/tcp/i,\n    name: 'TCP socket connection',\n    severity: 'high',\n  },\n  {\n    pattern: /\\/dev\\/tcp\\//i,\n    name: 'direct TCP device access',\n    severity: 'high',\n  },\n  {\n    pattern: /\\/dev\\/udp\\//i,\n    name: 'direct UDP device access',\n    severity: 'high',\n  },\n  {\n    pattern: /mkfifo.*nc/i,\n    name: 'named pipe with netcat',\n    severity: 'high',\n  },\n  {\n    pattern: /bash\\s+-i\\s+>&\\s*\\/dev\\/tcp/i,\n    name: 'interactive bash reverse shell',\n    severity: 'high',\n  },\n\n  // HIGH: Data Encoding & Obfuscation\n  {\n    pattern: /base64\\s+(-d|--decode).*\\|\\s*(bash|sh|eval)/i,\n    name: 'base64 decode and execute',\n    severity: 'high',\n  },\n  {\n    pattern: /xxd\\s+-r.*\\|\\s*(bash|sh|eval)/i,\n    name: 'hex decode and execute',\n    severity: 'high',\n  },\n\n  // HIGH: System & Security Manipulation\n  {\n    pattern: /HISTFILE=/i,\n    name: 'history file manipulation',\n    severity: 'high',\n  },\n  {\n    pattern: /unset\\s+HISTFILE/i,\n    name: 'disable command history',\n    severity: 'high',\n  },\n  {\n    pattern: /history\\s+-c/i,\n    name: 'clear command history',\n    severity: 'high',\n  },\n  {\n    pattern: /LD_PRELOAD=/i,\n    name: 'library preload injection',\n    severity: 'high',\n  },\n  {\n    pattern: /LD_LIBRARY_PATH=/i,\n    name: 'library path injection',\n    severity: 'high',\n  },\n  {\n    pattern: /DYLD_INSERT_LIBRARIES=/i,\n    name: 'macOS library injection',\n    severity: 'high',\n  },\n\n  // MEDIUM: Suspicious Command Patterns\n  {\n    pattern: /\\$\\{[^}]*\\}/,\n    name: 'variable expansion',\n    severity: 'medium',\n  },\n]\n\n/**\n * Check if a command matches any dangerous pattern and return detailed information\n */\nexport function detectDangerousPatterns(\n  command: string,\n): DangerousPatternMatch[] {\n  const matches: DangerousPatternMatch[] = []\n\n  for (const { pattern, name, severity } of DANGEROUS_PATTERN_METADATA) {\n    const match = command.match(pattern)\n    if (match) {\n      matches.push({\n        pattern: pattern.toString(),\n        name,\n        match: match[0],\n        severity,\n      })\n    }\n  }\n\n  return matches\n}\n\n/**\n * Check if a command matches any dangerous pattern (backward compatible)\n */\nexport function matchesDangerousPattern(command: string): boolean {\n  const criticalMatches = detectDangerousPatterns(command).filter(\n    m => m.severity === 'critical',\n  )\n  return criticalMatches.length > 0\n}\n\nexport const PROMPT = `Executes a given bash command in a persistent shell session with optional timeout, ensuring proper handling and security measures.\n\nBefore executing the command, please follow these steps:\n\n1. Directory Verification:\n   - If the command will create new directories or files, first use the LS tool to verify the parent directory exists and is the correct location\n   - For example, before running \"mkdir foo/bar\", first use LS to check that \"foo\" exists and is the intended parent directory\n\n2. Security Check:\n   - For security and to limit the threat of a prompt injection attack, some commands are limited or banned. If you use a disallowed command, you will receive an error message explaining the restriction. Explain the error to the User.\n   - Verify that the command is not one of the banned commands: ${BANNED_COMMANDS.join(', ')}.\n\n3. Command Execution:\n   - After ensuring proper quoting, execute the command.\n   - Capture the output of the command.\n\n4. Output Processing:\n   - If the output exceeds ${MAX_OUTPUT_LENGTH} characters, output will be truncated before being returned to you.\n   - Prepare the output for display to the user.\n\n5. Return Result:\n   - Provide the processed output of the command.\n   - If any errors occurred during execution, include those in the output.\n\nUsage notes:\n  - The command argument is required.\n  - You can specify an optional timeout in milliseconds (up to 600000ms / 10 minutes). If not specified, commands will timeout after 30 minutes.\n  - You can set run_in_background to true to run the command in the background. This is useful for long-running processes like dev servers, build watches, or monitoring tasks. When running in background, you will receive a shell_id that can be used with BashOutputTool and KillShellTool to monitor and manage the task.\n  - VERY IMPORTANT: You MUST avoid using search commands like \\`find\\` and \\`grep\\`. Instead use ${GREP_TOOL_NAME}, ${GLOB_TOOL_NAME}, or ${TASK_TOOL_NAME} to search. You MUST avoid read tools like \\`cat\\`, \\`head\\`, \\`tail\\`, and \\`ls\\`, and use ${FileReadTool.name} and ${LSTool.name} to read files.\n  - When issuing multiple commands, use the ';' or '&&' operator to separate them. DO NOT use newlines (newlines are ok in quoted strings).\n  - IMPORTANT: All commands share the same shell session. Shell state (environment variables, virtual environments, current directory, etc.) persist between commands. For example, if you set an environment variable as part of a command, the environment variable will persist for subsequent commands.\n  - Try to maintain your current working directory throughout the session by using absolute paths and avoiding usage of \\`cd\\`. You may use \\`cd\\` if the User explicitly requests it.\n  <good-example>\n  pytest /foo/bar/tests\n  </good-example>\n  <bad-example>\n  cd /foo/bar && pytest tests\n  </bad-example>\n\n# Committing changes with git\n\nWhen the user asks you to create a new git commit, follow these steps carefully:\n\n1. Start with a single message that contains exactly three tool_use blocks that do the following (it is VERY IMPORTANT that you send these tool_use blocks in a single message, otherwise it will feel slow to the user!):\n   - Run a git status command to see all untracked files.\n   - Run a git diff command to see both staged and unstaged changes that will be committed.\n   - Run a git log command to see recent commit messages, so that you can follow this repository's commit message style.\n\n2. Use the git context at the start of this conversation to determine which files are relevant to your commit. Add relevant untracked files to the staging area. Do not commit files that were already modified at the start of this conversation, if they are not relevant to your commit.\n\n3. Analyze all staged changes (both previously staged and newly added) and draft a commit message. Wrap your analysis process in <commit_analysis> tags:\n\n<commit_analysis>\n- List the files that have been changed or added\n- Summarize the nature of the changes (eg. new feature, enhancement to an existing feature, bug fix, refactoring, test, docs, etc.)\n- Brainstorm the purpose or motivation behind these changes\n- Do not use tools to explore code, beyond what is available in the git context\n- Assess the impact of these changes on the overall project\n- Check for any sensitive information that shouldn't be committed\n- Draft a concise (1-2 sentences) commit message that focuses on the \"why\" rather than the \"what\"\n- Ensure your language is clear, concise, and to the point\n- Ensure the message accurately reflects the changes and their purpose (i.e. \"add\" means a wholly new feature, \"update\" means an enhancement to an existing feature, \"fix\" means a bug fix, etc.)\n- Ensure the message is not generic (avoid words like \"Update\" or \"Fix\" without context)\n- Review the draft message to ensure it accurately reflects the changes and their purpose\n</commit_analysis>\n\n4. Create the commit with a message ending with:\n\uD83E\uDD16 Generated with ${PRODUCT_NAME} & {MODEL_NAME}\nCo-Authored-By: ${PRODUCT_NAME} <noreply@${PRODUCT_NAME}.com>\n\n- In order to ensure good formatting, ALWAYS pass the commit message via a HEREDOC, a la this example:\n<example>\ngit commit -m \"$(cat <<'EOF'\n   Commit message here.\n\n   \uD83E\uDD16 Generated with ${PRODUCT_NAME} & {MODEL_NAME}\n   Co-Authored-By: ${PRODUCT_NAME} <noreply@${PRODUCT_NAME}.com>\n   EOF\n   )\"\n</example>\n\n5. If the commit fails due to pre-commit hook changes, retry the commit ONCE to include these automated changes. If it fails again, it usually means a pre-commit hook is preventing the commit. If the commit succeeds but you notice that files were modified by the pre-commit hook, you MUST amend your commit to include them.\n\n6. Finally, run git status to make sure the commit succeeded.\n\nImportant notes:\n- When possible, combine the \"git add\" and \"git commit\" commands into a single \"git commit -am\" command, to speed things up\n- However, be careful not to stage files (e.g. with \\`git add .\\`) for commits that aren't part of the change, they may have untracked files they want to keep around, but not commit.\n- NEVER update the git config\n- DO NOT push to the remote repository\n- IMPORTANT: Never use git commands with the -i flag (like git rebase -i or git add -i) since they require interactive input which is not supported.\n- If there are no changes to commit (i.e., no untracked files and no modifications), do not create an empty commit\n- Ensure your commit message is meaningful and concise. It should explain the purpose of the changes, not just describe them.\n- Return an empty response - the user will see the git output directly\n\n# Creating pull requests\nUse the gh command via the Bash tool for ALL GitHub-related tasks including working with issues, pull requests, checks, and releases. If given a Github URL use the gh command to get the information needed.\n\nIMPORTANT: When the user asks you to create a pull request, follow these steps carefully:\n\n1. Understand the current state of the branch. Remember to send a single message that contains multiple tool_use blocks (it is VERY IMPORTANT that you do this in a single message, otherwise it will feel slow to the user!):\n   - Run a git status command to see all untracked files.\n   - Run a git diff command to see both staged and unstaged changes that will be committed.\n   - Check if the current branch tracks a remote branch and is up to date with the remote, so you know if you need to push to the remote\n   - Run a git log command and \\`git diff main...HEAD\\` to understand the full commit history for the current branch (from the time it diverged from the \\`main\\` branch.)\n\n2. Create new branch if needed\n\n3. Commit changes if needed\n\n4. Push to remote with -u flag if needed\n\n5. Analyze all changes that will be included in the pull request, making sure to look at all relevant commits (not just the latest commit, but all commits that will be included in the pull request!), and draft a pull request summary. Wrap your analysis process in <pr_analysis> tags:\n\n<pr_analysis>\n- List the commits since diverging from the main branch\n- Summarize the nature of the changes (eg. new feature, enhancement to an existing feature, bug fix, refactoring, test, docs, etc.)\n- Brainstorm the purpose or motivation behind these changes\n- Assess the impact of these changes on the overall project\n- Do not use tools to explore code, beyond what is available in the git context\n- Check for any sensitive information that shouldn't be committed\n- Draft a concise (1-2 bullet points) pull request summary that focuses on the \"why\" rather than the \"what\"\n- Ensure the summary accurately reflects all changes since diverging from the main branch\n- Ensure your language is clear, concise, and to the point\n- Ensure the summary accurately reflects the changes and their purpose (ie. \"add\" means a wholly new feature, \"update\" means an enhancement to an existing feature, \"fix\" means a bug fix, etc.)\n- Ensure the summary is not generic (avoid words like \"Update\" or \"Fix\" without context)\n- Review the draft summary to ensure it accurately reflects the changes and their purpose\n</pr_analysis>\n\n6. Create PR using gh pr create with the format below. Use a HEREDOC to pass the body to ensure correct formatting.\n<example>\ngh pr create --title \"the pr title\" --body \"$(cat <<'EOF'\n## Summary\n<1-3 bullet points>\n\n## Test plan\n[Checklist of TODOs for testing the pull request...]\n\n\uD83E\uDD16 Generated with [${PRODUCT_NAME}](${PRODUCT_URL}) & {MODEL_NAME}\nEOF\n)\"\n</example>\n\nImportant:\n- Return an empty response - the user will see the gh output directly\n- Never update git config`\n"],
+  "mappings": "AAAA,SAAS,cAAc,mBAAmB;AAC1C,SAAS,aAAa,sBAAsB;AAC5C,SAAS,oBAAoB;AAC7B,SAAS,wBAAwB,sBAAsB;AACvD,SAAS,wBAAwB,sBAAsB;AACvD,SAAS,cAAc;AAEhB,MAAM,oBAAoB;AAC1B,MAAM,qBAAqB;AAY3B,MAAM,kBAAkB;AAAA;AAAA,EAE7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA;AAAA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAeA,MAAM,6BAID;AAAA;AAAA,EAEH;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA;AAAA,EAGA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA;AAAA,EAGA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA;AAAA,EAGA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA;AAAA,EAGA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA;AAAA,EAGA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AAAA;AAAA,EAGA;AAAA,IACE,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,EACZ;AACF;AAKO,SAAS,wBACd,SACyB;AACzB,QAAM,UAAmC,CAAC;AAE1C,aAAW,EAAE,SAAS,MAAM,SAAS,KAAK,4BAA4B;AACpE,UAAM,QAAQ,QAAQ,MAAM,OAAO;AACnC,QAAI,OAAO;AACT,cAAQ,KAAK;AAAA,QACX,SAAS,QAAQ,SAAS;AAAA,QAC1B;AAAA,QACA,OAAO,MAAM,CAAC;AAAA,QACd;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO;AACT;AAKO,SAAS,wBAAwB,SAA0B;AAChE,QAAM,kBAAkB,wBAAwB,OAAO,EAAE;AAAA,IACvD,OAAK,EAAE,aAAa;AAAA,EACtB;AACA,SAAO,gBAAgB,SAAS;AAClC;AAEO,MAAM,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kEAU4C,gBAAgB,KAAK,IAAI,CAAC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,6BAO/D,iBAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mGAWqD,cAAc,KAAK,cAAc,QAAQ,cAAc,+FAA+F,aAAa,IAAI,QAAQ,OAAO,IAAI;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,2BAuCzQ,YAAY;AAAA,kBACd,YAAY,aAAa,YAAY;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,8BAOhC,YAAY;AAAA,qBACd,YAAY,aAAa,YAAY;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,4BA8DrC,YAAY,KAAK,WAAW;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;",
   "names": []
 }

package/dist/tools/FileEditTool/FileEditTool.js

@@ -1,4 +1,4 @@
-import { existsSync, mkdirSync, readFileSync, statSync } from "fs";
+import { existsSync, lstatSync, mkdirSync, readFileSync, statSync } from "fs";
 import { Box, Text } from "ink";
 import { dirname, isAbsolute, relative, resolve, sep } from "path";
 import * as React from "react";
@@ -22,7 +22,10 @@ import { recordFileEdit } from "../../services/fileFreshness.js";
 import { NotebookEditTool } from "../NotebookEditTool/NotebookEditTool.js";
 import { DESCRIPTION } from "./prompt.js";
 import { applyEdit } from "./utils.js";
-import { hasWritePermission } from "../../utils/permissions/filesystem.js";
+import {
+  hasWritePermission,
+  pathInOriginalCwd
+} from "../../utils/permissions/filesystem.js";
 import { PROJECT_FILE } from "../../constants/product.js";
 const inputSchema = z.strictObject({
   file_path: z.string().describe("The absolute path to the file to modify"),
@@ -57,8 +60,12 @@ const FileEditTool = {
   renderToolUseMessage(input, { verbose }) {
     return `file_path: ${verbose ? input.file_path : relative(getCwd(), input.file_path)}`;
   },
-  renderToolResultMessage({ filePath, structuredPatch }) {
-    const verbose = false;
+  renderToolResultMessage(output, options) {
+    const verbose = options?.verbose ?? false;
+    if (!output) {
+      return /* @__PURE__ */ React.createElement(Box, { justifyContent: "space-between", width: "100%" }, /* @__PURE__ */ React.createElement(Box, { flexDirection: "row" }, /* @__PURE__ */ React.createElement(Text, null, "\xA0\xA0\u23BF \xA0"), /* @__PURE__ */ React.createElement(Text, { color: getTheme().secondaryText }, "Edit completed")));
+    }
+    const { filePath, structuredPatch } = output;
     return /* @__PURE__ */ React.createElement(
       FileEditToolUpdatedMessage,
       {
@@ -94,6 +101,24 @@ const FileEditTool = {
       };
     }
     const fullFilePath = isAbsolute(file_path) ? file_path : resolve(getCwd(), file_path);
+    if (!pathInOriginalCwd(fullFilePath) && !hasWritePermission(fullFilePath)) {
+      return {
+        result: false,
+        message: "Path traversal detected - file must be within the project directory or an allowed write location."
+      };
+    }
+    if (existsSync(fullFilePath)) {
+      try {
+        const lstats = lstatSync(fullFilePath);
+        if (lstats.isSymbolicLink()) {
+          return {
+            result: false,
+            message: "Cannot edit symbolic links for security reasons. Edit the target file directly."
+          };
+        }
+      } catch {
+      }
+    }
     if (existsSync(fullFilePath) && old_string === "") {
       return {
         result: false,

package/dist/tools/FileEditTool/FileEditTool.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/tools/FileEditTool/FileEditTool.tsx"],
-  "sourcesContent": ["import { Hunk } from 'diff'\nimport { existsSync, mkdirSync, readFileSync, statSync } from 'fs'\nimport { Box, Text } from 'ink'\nimport { dirname, isAbsolute, relative, resolve, sep } from 'path'\nimport * as React from 'react'\nimport { z } from 'zod'\nimport { FileEditToolUpdatedMessage } from '@components/FileEditToolUpdatedMessage'\nimport { StructuredDiff } from '@components/StructuredDiff'\nimport { FallbackToolUseRejectedMessage } from '@components/FallbackToolUseRejectedMessage'\nimport { Tool, ValidationResult } from '@tool'\nimport { intersperse } from '@utils/array'\nimport {\n  addLineNumbers,\n  detectFileEncoding,\n  detectLineEndings,\n  findSimilarFile,\n  writeTextContent,\n} from '@utils/file'\nimport { logError } from '@utils/log'\nimport { getCwd } from '@utils/state'\nimport { getTheme } from '@utils/theme'\nimport { emitReminderEvent } from '@services/systemReminder'\nimport { recordFileEdit } from '@services/fileFreshness'\nimport { NotebookEditTool } from '@tools/NotebookEditTool/NotebookEditTool'\nimport { DESCRIPTION } from './prompt'\nimport { applyEdit } from './utils'\nimport { hasWritePermission } from '@utils/permissions/filesystem'\nimport { PROJECT_FILE } from '@constants/product'\n\nconst inputSchema = z.strictObject({\n  file_path: z.string().describe('The absolute path to the file to modify'),\n  old_string: z.string().describe('The text to replace'),\n  new_string: z.string().describe('The text to replace it with'),\n})\n\nexport type In = typeof inputSchema\n\n// Number of lines of context to include before/after the change in our result message\nconst N_LINES_SNIPPET = 4\n\nexport const FileEditTool = {\n  name: 'Edit',\n  async description() {\n    return 'A tool for editing files'\n  },\n  async prompt() {\n    return DESCRIPTION\n  },\n  inputSchema,\n  userFacingName() {\n    return 'Edit'\n  },\n  async isEnabled() {\n    return true\n  },\n  isReadOnly() {\n    return false\n  },\n  isConcurrencySafe() {\n    return false // FileEdit modifies files, not safe for concurrent execution\n  },\n  needsPermissions({ file_path }) {\n    return !hasWritePermission(file_path)\n  },\n  renderToolUseMessage(input, { verbose }) {\n    return `file_path: ${verbose ? input.file_path : relative(getCwd(), input.file_path)}`\n  },\n  renderToolResultMessage({ filePath, structuredPatch }) {\n    const verbose = false // Set default value for verbose\n    return (\n      <FileEditToolUpdatedMessage\n        filePath={filePath}\n        structuredPatch={structuredPatch}\n        verbose={verbose}\n      />\n    )\n  },\n  renderToolUseRejectedMessage(\n    { file_path, old_string, new_string }: any = {},\n    { columns, verbose }: any = {},\n  ) {\n    try {\n      if (!file_path) {\n        return <FallbackToolUseRejectedMessage />\n      }\n      const { patch } = applyEdit(file_path, old_string, new_string)\n      return (\n        <Box flexDirection=\"column\">\n          <Text>\n            {'  '}\u23BF{' '}\n            <Text color={getTheme().error}>\n              User rejected {old_string === '' ? 'write' : 'update'} to{' '}\n            </Text>\n            <Text bold>\n              {verbose ? file_path : relative(getCwd(), file_path)}\n            </Text>\n          </Text>\n          {intersperse(\n            patch.map(patch => (\n              <Box flexDirection=\"column\" paddingLeft={5} key={patch.newStart}>\n                <StructuredDiff patch={patch} dim={true} width={columns - 12} />\n              </Box>\n            )),\n            i => (\n              <Box paddingLeft={5} key={`ellipsis-${i}`}>\n                <Text color={getTheme().secondaryText}>...</Text>\n              </Box>\n            ),\n          )}\n        </Box>\n      )\n    } catch (e) {\n      // Handle the case where while we were showing the diff, the user manually made the change.\n      // TODO: Find a way to show the diff in this case\n      logError(e)\n      return (\n        <Box flexDirection=\"column\">\n          <Text>{'  '}\u23BF (No changes)</Text>\n        </Box>\n      )\n    }\n  },\n  async validateInput(\n    { file_path, old_string, new_string },\n    { readFileTimestamps },\n  ) {\n    if (old_string === new_string) {\n      return {\n        result: false,\n        message:\n          'No changes to make: old_string and new_string are exactly the same.',\n        meta: {\n          old_string,\n        },\n      } as ValidationResult\n    }\n\n    const fullFilePath = isAbsolute(file_path)\n      ? file_path\n      : resolve(getCwd(), file_path)\n\n    if (existsSync(fullFilePath) && old_string === '') {\n      return {\n        result: false,\n        message: 'Cannot create new file - file already exists.',\n      }\n    }\n\n    if (!existsSync(fullFilePath) && old_string === '') {\n      return {\n        result: true,\n      }\n    }\n\n    if (!existsSync(fullFilePath)) {\n      // Try to find a similar file with a different extension\n      const similarFilename = findSimilarFile(fullFilePath)\n      let message = 'File does not exist.'\n\n      // If we found a similar file, suggest it to the assistant\n      if (similarFilename) {\n        message += ` Did you mean ${similarFilename}?`\n      }\n\n      return {\n        result: false,\n        message,\n      }\n    }\n\n    if (fullFilePath.endsWith('.ipynb')) {\n      return {\n        result: false,\n        message: `File is a Jupyter Notebook. Use the ${NotebookEditTool.name} to edit this file.`,\n      }\n    }\n\n    const readTimestamp = readFileTimestamps[fullFilePath]\n    if (!readTimestamp) {\n      return {\n        result: false,\n        message:\n          'File has not been read yet. Read it first before writing to it.',\n        meta: {\n          isFilePathAbsolute: String(isAbsolute(file_path)),\n        },\n      }\n    }\n\n    // Check if file exists and get its last modified time\n    const stats = statSync(fullFilePath)\n    const lastWriteTime = stats.mtimeMs\n    if (lastWriteTime > readTimestamp) {\n      return {\n        result: false,\n        message:\n          'File has been modified since read, either by the user or by a linter. Read it again before attempting to write it.',\n      }\n    }\n\n    const enc = detectFileEncoding(fullFilePath)\n    const file = readFileSync(fullFilePath, enc)\n    if (!file.includes(old_string)) {\n      return {\n        result: false,\n        message: `String to replace not found in file.`,\n        meta: {\n          isFilePathAbsolute: String(isAbsolute(file_path)),\n        },\n      }\n    }\n\n    const matches = file.split(old_string).length - 1\n    if (matches > 1) {\n      return {\n        result: false,\n        message: `Found ${matches} matches of the string to replace. For safety, this tool only supports replacing exactly one occurrence at a time. Add more lines of context to your edit and try again.`,\n        meta: {\n          isFilePathAbsolute: String(isAbsolute(file_path)),\n        },\n      }\n    }\n\n    return { result: true }\n  },\n  async *call({ file_path, old_string, new_string }, { readFileTimestamps }) {\n    const { patch, updatedFile } = applyEdit(file_path, old_string, new_string)\n\n    const fullFilePath = isAbsolute(file_path)\n      ? file_path\n      : resolve(getCwd(), file_path)\n    const dir = dirname(fullFilePath)\n    mkdirSync(dir, { recursive: true })\n    const enc = existsSync(fullFilePath)\n      ? detectFileEncoding(fullFilePath)\n      : 'utf8'\n    const endings = existsSync(fullFilePath)\n      ? detectLineEndings(fullFilePath)\n      : 'LF'\n    const originalFile = existsSync(fullFilePath)\n      ? readFileSync(fullFilePath, enc)\n      : ''\n    writeTextContent(fullFilePath, updatedFile, enc, endings)\n\n    // Record Agent edit operation for file freshness tracking\n    recordFileEdit(fullFilePath, updatedFile)\n\n    // Update read timestamp, to invalidate stale writes\n    readFileTimestamps[fullFilePath] = statSync(fullFilePath).mtimeMs\n\n    // Log when editing CLAUDE.md\n    if (fullFilePath.endsWith(`${sep}${PROJECT_FILE}`)) {\n    }\n\n    // Emit file edited event for system reminders\n    emitReminderEvent('file:edited', {\n      filePath: fullFilePath,\n      oldString: old_string,\n      newString: new_string,\n      timestamp: Date.now(),\n      operation:\n        old_string === '' ? 'create' : new_string === '' ? 'delete' : 'update',\n    })\n\n    const data = {\n      filePath: file_path,\n      oldString: old_string,\n      newString: new_string,\n      originalFile,\n      structuredPatch: patch,\n    }\n    yield {\n      type: 'result',\n      data,\n      resultForAssistant: this.renderResultForAssistant(data),\n    }\n  },\n  renderResultForAssistant({ filePath, originalFile, oldString, newString }) {\n    const { snippet, startLine } = getSnippet(\n      originalFile || '',\n      oldString,\n      newString,\n    )\n    return `The file ${filePath} has been updated. Here's the result of running \\`cat -n\\` on a snippet of the edited file:\n${addLineNumbers({\n  content: snippet,\n  startLine,\n})}`\n  },\n} satisfies Tool<\n  typeof inputSchema,\n  {\n    filePath: string\n    oldString: string\n    newString: string\n    originalFile: string\n    structuredPatch: Hunk[]\n  }\n>\n\nexport function getSnippet(\n  initialText: string,\n  oldStr: string,\n  newStr: string,\n): { snippet: string; startLine: number } {\n  const before = initialText.split(oldStr)[0] ?? ''\n  const replacementLine = before.split(/\\r?\\n/).length - 1\n  const newFileLines = initialText.replace(oldStr, newStr).split(/\\r?\\n/)\n  // Calculate the start and end line numbers for the snippet\n  const startLine = Math.max(0, replacementLine - N_LINES_SNIPPET)\n  const endLine =\n    replacementLine + N_LINES_SNIPPET + newStr.split(/\\r?\\n/).length\n  // Get snippet\n  const snippetLines = newFileLines.slice(startLine, endLine + 1)\n  const snippet = snippetLines.join('\\n')\n  return { snippet, startLine: startLine + 1 }\n}\n"],
-  "mappings": "AACA,SAAS,YAAY,WAAW,cAAc,gBAAgB;AAC9D,SAAS,KAAK,YAAY;AAC1B,SAAS,SAAS,YAAY,UAAU,SAAS,WAAW;AAC5D,YAAY,WAAW;AACvB,SAAS,SAAS;AAClB,SAAS,kCAAkC;AAC3C,SAAS,sBAAsB;AAC/B,SAAS,sCAAsC;AAE/C,SAAS,mBAAmB;AAC5B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,gBAAgB;AACzB,SAAS,cAAc;AACvB,SAAS,gBAAgB;AACzB,SAAS,yBAAyB;AAClC,SAAS,sBAAsB;AAC/B,SAAS,wBAAwB;AACjC,SAAS,mBAAmB;AAC5B,SAAS,iBAAiB;AAC1B,SAAS,0BAA0B;AACnC,SAAS,oBAAoB;AAE7B,MAAM,cAAc,EAAE,aAAa;AAAA,EACjC,WAAW,EAAE,OAAO,EAAE,SAAS,yCAAyC;AAAA,EACxE,YAAY,EAAE,OAAO,EAAE,SAAS,qBAAqB;AAAA,EACrD,YAAY,EAAE,OAAO,EAAE,SAAS,6BAA6B;AAC/D,CAAC;AAKD,MAAM,kBAAkB;AAEjB,MAAM,eAAe;AAAA,EAC1B,MAAM;AAAA,EACN,MAAM,cAAc;AAClB,WAAO;AAAA,EACT;AAAA,EACA,MAAM,SAAS;AACb,WAAO;AAAA,EACT;AAAA,EACA;AAAA,EACA,iBAAiB;AACf,WAAO;AAAA,EACT;AAAA,EACA,MAAM,YAAY;AAChB,WAAO;AAAA,EACT;AAAA,EACA,aAAa;AACX,WAAO;AAAA,EACT;AAAA,EACA,oBAAoB;AAClB,WAAO;AAAA,EACT;AAAA,EACA,iBAAiB,EAAE,UAAU,GAAG;AAC9B,WAAO,CAAC,mBAAmB,SAAS;AAAA,EACtC;AAAA,EACA,qBAAqB,OAAO,EAAE,QAAQ,GAAG;AACvC,WAAO,cAAc,UAAU,MAAM,YAAY,SAAS,OAAO,GAAG,MAAM,SAAS,CAAC;AAAA,EACtF;AAAA,EACA,wBAAwB,EAAE,UAAU,gBAAgB,GAAG;AACrD,UAAM,UAAU;AAChB,WACE;AAAA,MAAC;AAAA;AAAA,QACC;AAAA,QACA;AAAA,QACA;AAAA;AAAA,IACF;AAAA,EAEJ;AAAA,EACA,6BACE,EAAE,WAAW,YAAY,WAAW,IAAS,CAAC,GAC9C,EAAE,SAAS,QAAQ,IAAS,CAAC,GAC7B;AACA,QAAI;AACF,UAAI,CAAC,WAAW;AACd,eAAO,oCAAC,oCAA+B;AAAA,MACzC;AACA,YAAM,EAAE,MAAM,IAAI,UAAU,WAAW,YAAY,UAAU;AAC7D,aACE,oCAAC,OAAI,eAAc,YACjB,oCAAC,YACE,MAAK,UAAE,KACR,oCAAC,QAAK,OAAO,SAAS,EAAE,SAAO,kBACd,eAAe,KAAK,UAAU,UAAS,OAAI,GAC5D,GACA,oCAAC,QAAK,MAAI,QACP,UAAU,YAAY,SAAS,OAAO,GAAG,SAAS,CACrD,CACF,GACC;AAAA,QACC,MAAM,IAAI,CAAAA,WACR,oCAAC,OAAI,eAAc,UAAS,aAAa,GAAG,KAAKA,OAAM,YACrD,oCAAC,kBAAe,OAAOA,QAAO,KAAK,MAAM,OAAO,UAAU,IAAI,CAChE,CACD;AAAA,QACD,OACE,oCAAC,OAAI,aAAa,GAAG,KAAK,YAAY,CAAC,MACrC,oCAAC,QAAK,OAAO,SAAS,EAAE,iBAAe,KAAG,CAC5C;AAAA,MAEJ,CACF;AAAA,IAEJ,SAAS,GAAG;AAGV,eAAS,CAAC;AACV,aACE,oCAAC,OAAI,eAAc,YACjB,oCAAC,YAAM,MAAK,qBAAc,CAC5B;AAAA,IAEJ;AAAA,EACF;AAAA,EACA,MAAM,cACJ,EAAE,WAAW,YAAY,WAAW,GACpC,EAAE,mBAAmB,GACrB;AACA,QAAI,eAAe,YAAY;AAC7B,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SACE;AAAA,QACF,MAAM;AAAA,UACJ;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,UAAM,eAAe,WAAW,SAAS,IACrC,YACA,QAAQ,OAAO,GAAG,SAAS;AAE/B,QAAI,WAAW,YAAY,KAAK,eAAe,IAAI;AACjD,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS;AAAA,MACX;AAAA,IACF;AAEA,QAAI,CAAC,WAAW,YAAY,KAAK,eAAe,IAAI;AAClD,aAAO;AAAA,QACL,QAAQ;AAAA,MACV;AAAA,IACF;AAEA,QAAI,CAAC,WAAW,YAAY,GAAG;AAE7B,YAAM,kBAAkB,gBAAgB,YAAY;AACpD,UAAI,UAAU;AAGd,UAAI,iBAAiB;AACnB,mBAAW,iBAAiB,eAAe;AAAA,MAC7C;AAEA,aAAO;AAAA,QACL,QAAQ;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,QAAI,aAAa,SAAS,QAAQ,GAAG;AACnC,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS,uCAAuC,iBAAiB,IAAI;AAAA,MACvE;AAAA,IACF;AAEA,UAAM,gBAAgB,mBAAmB,YAAY;AACrD,QAAI,CAAC,eAAe;AAClB,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SACE;AAAA,QACF,MAAM;AAAA,UACJ,oBAAoB,OAAO,WAAW,SAAS,CAAC;AAAA,QAClD;AAAA,MACF;AAAA,IACF;AAGA,UAAM,QAAQ,SAAS,YAAY;AACnC,UAAM,gBAAgB,MAAM;AAC5B,QAAI,gBAAgB,eAAe;AACjC,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SACE;AAAA,MACJ;AAAA,IACF;AAEA,UAAM,MAAM,mBAAmB,YAAY;AAC3C,UAAM,OAAO,aAAa,cAAc,GAAG;AAC3C,QAAI,CAAC,KAAK,SAAS,UAAU,GAAG;AAC9B,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS;AAAA,QACT,MAAM;AAAA,UACJ,oBAAoB,OAAO,WAAW,SAAS,CAAC;AAAA,QAClD;AAAA,MACF;AAAA,IACF;AAEA,UAAM,UAAU,KAAK,MAAM,UAAU,EAAE,SAAS;AAChD,QAAI,UAAU,GAAG;AACf,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS,SAAS,OAAO;AAAA,QACzB,MAAM;AAAA,UACJ,oBAAoB,OAAO,WAAW,SAAS,CAAC;AAAA,QAClD;AAAA,MACF;AAAA,IACF;AAEA,WAAO,EAAE,QAAQ,KAAK;AAAA,EACxB;AAAA,EACA,OAAO,KAAK,EAAE,WAAW,YAAY,WAAW,GAAG,EAAE,mBAAmB,GAAG;AACzE,UAAM,EAAE,OAAO,YAAY,IAAI,UAAU,WAAW,YAAY,UAAU;AAE1E,UAAM,eAAe,WAAW,SAAS,IACrC,YACA,QAAQ,OAAO,GAAG,SAAS;AAC/B,UAAM,MAAM,QAAQ,YAAY;AAChC,cAAU,KAAK,EAAE,WAAW,KAAK,CAAC;AAClC,UAAM,MAAM,WAAW,YAAY,IAC/B,mBAAmB,YAAY,IAC/B;AACJ,UAAM,UAAU,WAAW,YAAY,IACnC,kBAAkB,YAAY,IAC9B;AACJ,UAAM,eAAe,WAAW,YAAY,IACxC,aAAa,cAAc,GAAG,IAC9B;AACJ,qBAAiB,cAAc,aAAa,KAAK,OAAO;AAGxD,mBAAe,cAAc,WAAW;AAGxC,uBAAmB,YAAY,IAAI,SAAS,YAAY,EAAE;AAG1D,QAAI,aAAa,SAAS,GAAG,GAAG,GAAG,YAAY,EAAE,GAAG;AAAA,IACpD;AAGA,sBAAkB,eAAe;AAAA,MAC/B,UAAU;AAAA,MACV,WAAW;AAAA,MACX,WAAW;AAAA,MACX,WAAW,KAAK,IAAI;AAAA,MACpB,WACE,eAAe,KAAK,WAAW,eAAe,KAAK,WAAW;AAAA,IAClE,CAAC;AAED,UAAM,OAAO;AAAA,MACX,UAAU;AAAA,MACV,WAAW;AAAA,MACX,WAAW;AAAA,MACX;AAAA,MACA,iBAAiB;AAAA,IACnB;AACA,UAAM;AAAA,MACJ,MAAM;AAAA,MACN;AAAA,MACA,oBAAoB,KAAK,yBAAyB,IAAI;AAAA,IACxD;AAAA,EACF;AAAA,EACA,yBAAyB,EAAE,UAAU,cAAc,WAAW,UAAU,GAAG;AACzE,UAAM,EAAE,SAAS,UAAU,IAAI;AAAA,MAC7B,gBAAgB;AAAA,MAChB;AAAA,MACA;AAAA,IACF;AACA,WAAO,YAAY,QAAQ;AAAA,EAC7B,eAAe;AAAA,MACf,SAAS;AAAA,MACT;AAAA,IACF,CAAC,CAAC;AAAA,EACA;AACF;AAWO,SAAS,WACd,aACA,QACA,QACwC;AACxC,QAAM,SAAS,YAAY,MAAM,MAAM,EAAE,CAAC,KAAK;AAC/C,QAAM,kBAAkB,OAAO,MAAM,OAAO,EAAE,SAAS;AACvD,QAAM,eAAe,YAAY,QAAQ,QAAQ,MAAM,EAAE,MAAM,OAAO;AAEtE,QAAM,YAAY,KAAK,IAAI,GAAG,kBAAkB,eAAe;AAC/D,QAAM,UACJ,kBAAkB,kBAAkB,OAAO,MAAM,OAAO,EAAE;AAE5D,QAAM,eAAe,aAAa,MAAM,WAAW,UAAU,CAAC;AAC9D,QAAM,UAAU,aAAa,KAAK,IAAI;AACtC,SAAO,EAAE,SAAS,WAAW,YAAY,EAAE;AAC7C;",
+  "sourcesContent": ["import { Hunk } from 'diff'\nimport { existsSync, lstatSync, mkdirSync, readFileSync, statSync } from 'fs'\nimport { Box, Text } from 'ink'\nimport { dirname, isAbsolute, relative, resolve, sep } from 'path'\nimport * as React from 'react'\nimport { z } from 'zod'\nimport { FileEditToolUpdatedMessage } from '@components/FileEditToolUpdatedMessage'\nimport { StructuredDiff } from '@components/StructuredDiff'\nimport { FallbackToolUseRejectedMessage } from '@components/FallbackToolUseRejectedMessage'\nimport { Tool, ValidationResult } from '@tool'\nimport { intersperse } from '@utils/array'\nimport {\n  addLineNumbers,\n  detectFileEncoding,\n  detectLineEndings,\n  findSimilarFile,\n  writeTextContent,\n} from '@utils/file'\nimport { logError } from '@utils/log'\nimport { getCwd } from '@utils/state'\nimport { getTheme } from '@utils/theme'\nimport { emitReminderEvent } from '@services/systemReminder'\nimport { recordFileEdit } from '@services/fileFreshness'\nimport { NotebookEditTool } from '@tools/NotebookEditTool/NotebookEditTool'\nimport { DESCRIPTION } from './prompt'\nimport { applyEdit } from './utils'\nimport {\n  hasWritePermission,\n  pathInOriginalCwd,\n} from '@utils/permissions/filesystem'\nimport { PROJECT_FILE } from '@constants/product'\n\nconst inputSchema = z.strictObject({\n  file_path: z.string().describe('The absolute path to the file to modify'),\n  old_string: z.string().describe('The text to replace'),\n  new_string: z.string().describe('The text to replace it with'),\n})\n\nexport type In = typeof inputSchema\n\n// Number of lines of context to include before/after the change in our result message\nconst N_LINES_SNIPPET = 4\n\nexport const FileEditTool = {\n  name: 'Edit',\n  async description() {\n    return 'A tool for editing files'\n  },\n  async prompt() {\n    return DESCRIPTION\n  },\n  inputSchema,\n  userFacingName() {\n    return 'Edit'\n  },\n  async isEnabled() {\n    return true\n  },\n  isReadOnly() {\n    return false\n  },\n  isConcurrencySafe() {\n    return false // FileEdit modifies files, not safe for concurrent execution\n  },\n  needsPermissions({ file_path }) {\n    return !hasWritePermission(file_path)\n  },\n  renderToolUseMessage(input, { verbose }) {\n    return `file_path: ${verbose ? input.file_path : relative(getCwd(), input.file_path)}`\n  },\n  renderToolResultMessage(output, options?: { verbose?: boolean }) {\n    const verbose = options?.verbose ?? false\n\n    // Guard against undefined or null output\n    if (!output) {\n      return (\n        <Box justifyContent=\"space-between\" width=\"100%\">\n          <Box flexDirection=\"row\">\n            <Text>&nbsp;&nbsp;\u23BF &nbsp;</Text>\n            <Text color={getTheme().secondaryText}>Edit completed</Text>\n          </Box>\n        </Box>\n      )\n    }\n\n    const { filePath, structuredPatch } = output\n    return (\n      <FileEditToolUpdatedMessage\n        filePath={filePath}\n        structuredPatch={structuredPatch}\n        verbose={verbose}\n      />\n    )\n  },\n  renderToolUseRejectedMessage(\n    { file_path, old_string, new_string }: any = {},\n    { columns, verbose }: any = {},\n  ) {\n    try {\n      if (!file_path) {\n        return <FallbackToolUseRejectedMessage />\n      }\n      const { patch } = applyEdit(file_path, old_string, new_string)\n      return (\n        <Box flexDirection=\"column\">\n          <Text>\n            {'  '}\u23BF{' '}\n            <Text color={getTheme().error}>\n              User rejected {old_string === '' ? 'write' : 'update'} to{' '}\n            </Text>\n            <Text bold>\n              {verbose ? file_path : relative(getCwd(), file_path)}\n            </Text>\n          </Text>\n          {intersperse(\n            patch.map(patch => (\n              <Box flexDirection=\"column\" paddingLeft={5} key={patch.newStart}>\n                <StructuredDiff patch={patch} dim={true} width={columns - 12} />\n              </Box>\n            )),\n            i => (\n              <Box paddingLeft={5} key={`ellipsis-${i}`}>\n                <Text color={getTheme().secondaryText}>...</Text>\n              </Box>\n            ),\n          )}\n        </Box>\n      )\n    } catch (e) {\n      // Handle the case where while we were showing the diff, the user manually made the change.\n      // TODO: Find a way to show the diff in this case\n      logError(e)\n      return (\n        <Box flexDirection=\"column\">\n          <Text>{'  '}\u23BF (No changes)</Text>\n        </Box>\n      )\n    }\n  },\n  async validateInput(\n    { file_path, old_string, new_string },\n    { readFileTimestamps },\n  ) {\n    if (old_string === new_string) {\n      return {\n        result: false,\n        message:\n          'No changes to make: old_string and new_string are exactly the same.',\n        meta: {\n          old_string,\n        },\n      } as ValidationResult\n    }\n\n    const fullFilePath = isAbsolute(file_path)\n      ? file_path\n      : resolve(getCwd(), file_path)\n\n    // Security check: Ensure path is within allowed directory\n    if (!pathInOriginalCwd(fullFilePath) && !hasWritePermission(fullFilePath)) {\n      return {\n        result: false,\n        message:\n          'Path traversal detected - file must be within the project directory or an allowed write location.',\n      }\n    }\n\n    // Security check: Check for symlinks that could escape directory boundaries\n    if (existsSync(fullFilePath)) {\n      try {\n        const lstats = lstatSync(fullFilePath)\n        if (lstats.isSymbolicLink()) {\n          return {\n            result: false,\n            message:\n              'Cannot edit symbolic links for security reasons. Edit the target file directly.',\n          }\n        }\n      } catch {\n        // If we can't stat the file, let other checks handle it\n      }\n    }\n\n    if (existsSync(fullFilePath) && old_string === '') {\n      return {\n        result: false,\n        message: 'Cannot create new file - file already exists.',\n      }\n    }\n\n    if (!existsSync(fullFilePath) && old_string === '') {\n      return {\n        result: true,\n      }\n    }\n\n    if (!existsSync(fullFilePath)) {\n      // Try to find a similar file with a different extension\n      const similarFilename = findSimilarFile(fullFilePath)\n      let message = 'File does not exist.'\n\n      // If we found a similar file, suggest it to the assistant\n      if (similarFilename) {\n        message += ` Did you mean ${similarFilename}?`\n      }\n\n      return {\n        result: false,\n        message,\n      }\n    }\n\n    if (fullFilePath.endsWith('.ipynb')) {\n      return {\n        result: false,\n        message: `File is a Jupyter Notebook. Use the ${NotebookEditTool.name} to edit this file.`,\n      }\n    }\n\n    const readTimestamp = readFileTimestamps[fullFilePath]\n    if (!readTimestamp) {\n      return {\n        result: false,\n        message:\n          'File has not been read yet. Read it first before writing to it.',\n        meta: {\n          isFilePathAbsolute: String(isAbsolute(file_path)),\n        },\n      }\n    }\n\n    // Check if file exists and get its last modified time\n    const stats = statSync(fullFilePath)\n    const lastWriteTime = stats.mtimeMs\n    if (lastWriteTime > readTimestamp) {\n      return {\n        result: false,\n        message:\n          'File has been modified since read, either by the user or by a linter. Read it again before attempting to write it.',\n      }\n    }\n\n    const enc = detectFileEncoding(fullFilePath)\n    const file = readFileSync(fullFilePath, enc)\n    if (!file.includes(old_string)) {\n      return {\n        result: false,\n        message: `String to replace not found in file.`,\n        meta: {\n          isFilePathAbsolute: String(isAbsolute(file_path)),\n        },\n      }\n    }\n\n    const matches = file.split(old_string).length - 1\n    if (matches > 1) {\n      return {\n        result: false,\n        message: `Found ${matches} matches of the string to replace. For safety, this tool only supports replacing exactly one occurrence at a time. Add more lines of context to your edit and try again.`,\n        meta: {\n          isFilePathAbsolute: String(isAbsolute(file_path)),\n        },\n      }\n    }\n\n    return { result: true }\n  },\n  async *call({ file_path, old_string, new_string }, { readFileTimestamps }) {\n    const { patch, updatedFile } = applyEdit(file_path, old_string, new_string)\n\n    const fullFilePath = isAbsolute(file_path)\n      ? file_path\n      : resolve(getCwd(), file_path)\n    const dir = dirname(fullFilePath)\n    mkdirSync(dir, { recursive: true })\n    const enc = existsSync(fullFilePath)\n      ? detectFileEncoding(fullFilePath)\n      : 'utf8'\n    const endings = existsSync(fullFilePath)\n      ? detectLineEndings(fullFilePath)\n      : 'LF'\n    const originalFile = existsSync(fullFilePath)\n      ? readFileSync(fullFilePath, enc)\n      : ''\n    writeTextContent(fullFilePath, updatedFile, enc, endings)\n\n    // Record Agent edit operation for file freshness tracking\n    recordFileEdit(fullFilePath, updatedFile)\n\n    // Update read timestamp, to invalidate stale writes\n    readFileTimestamps[fullFilePath] = statSync(fullFilePath).mtimeMs\n\n    // Log when editing CLAUDE.md\n    if (fullFilePath.endsWith(`${sep}${PROJECT_FILE}`)) {\n    }\n\n    // Emit file edited event for system reminders\n    emitReminderEvent('file:edited', {\n      filePath: fullFilePath,\n      oldString: old_string,\n      newString: new_string,\n      timestamp: Date.now(),\n      operation:\n        old_string === '' ? 'create' : new_string === '' ? 'delete' : 'update',\n    })\n\n    const data = {\n      filePath: file_path,\n      oldString: old_string,\n      newString: new_string,\n      originalFile,\n      structuredPatch: patch,\n    }\n    yield {\n      type: 'result',\n      data,\n      resultForAssistant: this.renderResultForAssistant(data),\n    }\n  },\n  renderResultForAssistant({ filePath, originalFile, oldString, newString }) {\n    const { snippet, startLine } = getSnippet(\n      originalFile || '',\n      oldString,\n      newString,\n    )\n    return `The file ${filePath} has been updated. Here's the result of running \\`cat -n\\` on a snippet of the edited file:\n${addLineNumbers({\n  content: snippet,\n  startLine,\n})}`\n  },\n} satisfies Tool<\n  typeof inputSchema,\n  {\n    filePath: string\n    oldString: string\n    newString: string\n    originalFile: string\n    structuredPatch: Hunk[]\n  }\n>\n\nexport function getSnippet(\n  initialText: string,\n  oldStr: string,\n  newStr: string,\n): { snippet: string; startLine: number } {\n  const before = initialText.split(oldStr)[0] ?? ''\n  const replacementLine = before.split(/\\r?\\n/).length - 1\n  const newFileLines = initialText.replace(oldStr, newStr).split(/\\r?\\n/)\n  // Calculate the start and end line numbers for the snippet\n  const startLine = Math.max(0, replacementLine - N_LINES_SNIPPET)\n  const endLine =\n    replacementLine + N_LINES_SNIPPET + newStr.split(/\\r?\\n/).length\n  // Get snippet\n  const snippetLines = newFileLines.slice(startLine, endLine + 1)\n  const snippet = snippetLines.join('\\n')\n  return { snippet, startLine: startLine + 1 }\n}\n"],
+  "mappings": "AACA,SAAS,YAAY,WAAW,WAAW,cAAc,gBAAgB;AACzE,SAAS,KAAK,YAAY;AAC1B,SAAS,SAAS,YAAY,UAAU,SAAS,WAAW;AAC5D,YAAY,WAAW;AACvB,SAAS,SAAS;AAClB,SAAS,kCAAkC;AAC3C,SAAS,sBAAsB;AAC/B,SAAS,sCAAsC;AAE/C,SAAS,mBAAmB;AAC5B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,gBAAgB;AACzB,SAAS,cAAc;AACvB,SAAS,gBAAgB;AACzB,SAAS,yBAAyB;AAClC,SAAS,sBAAsB;AAC/B,SAAS,wBAAwB;AACjC,SAAS,mBAAmB;AAC5B,SAAS,iBAAiB;AAC1B;AAAA,EACE;AAAA,EACA;AAAA,OACK;AACP,SAAS,oBAAoB;AAE7B,MAAM,cAAc,EAAE,aAAa;AAAA,EACjC,WAAW,EAAE,OAAO,EAAE,SAAS,yCAAyC;AAAA,EACxE,YAAY,EAAE,OAAO,EAAE,SAAS,qBAAqB;AAAA,EACrD,YAAY,EAAE,OAAO,EAAE,SAAS,6BAA6B;AAC/D,CAAC;AAKD,MAAM,kBAAkB;AAEjB,MAAM,eAAe;AAAA,EAC1B,MAAM;AAAA,EACN,MAAM,cAAc;AAClB,WAAO;AAAA,EACT;AAAA,EACA,MAAM,SAAS;AACb,WAAO;AAAA,EACT;AAAA,EACA;AAAA,EACA,iBAAiB;AACf,WAAO;AAAA,EACT;AAAA,EACA,MAAM,YAAY;AAChB,WAAO;AAAA,EACT;AAAA,EACA,aAAa;AACX,WAAO;AAAA,EACT;AAAA,EACA,oBAAoB;AAClB,WAAO;AAAA,EACT;AAAA,EACA,iBAAiB,EAAE,UAAU,GAAG;AAC9B,WAAO,CAAC,mBAAmB,SAAS;AAAA,EACtC;AAAA,EACA,qBAAqB,OAAO,EAAE,QAAQ,GAAG;AACvC,WAAO,cAAc,UAAU,MAAM,YAAY,SAAS,OAAO,GAAG,MAAM,SAAS,CAAC;AAAA,EACtF;AAAA,EACA,wBAAwB,QAAQ,SAAiC;AAC/D,UAAM,UAAU,SAAS,WAAW;AAGpC,QAAI,CAAC,QAAQ;AACX,aACE,oCAAC,OAAI,gBAAe,iBAAgB,OAAM,UACxC,oCAAC,OAAI,eAAc,SACjB,oCAAC,YAAK,qBAAoB,GAC1B,oCAAC,QAAK,OAAO,SAAS,EAAE,iBAAe,gBAAc,CACvD,CACF;AAAA,IAEJ;AAEA,UAAM,EAAE,UAAU,gBAAgB,IAAI;AACtC,WACE;AAAA,MAAC;AAAA;AAAA,QACC;AAAA,QACA;AAAA,QACA;AAAA;AAAA,IACF;AAAA,EAEJ;AAAA,EACA,6BACE,EAAE,WAAW,YAAY,WAAW,IAAS,CAAC,GAC9C,EAAE,SAAS,QAAQ,IAAS,CAAC,GAC7B;AACA,QAAI;AACF,UAAI,CAAC,WAAW;AACd,eAAO,oCAAC,oCAA+B;AAAA,MACzC;AACA,YAAM,EAAE,MAAM,IAAI,UAAU,WAAW,YAAY,UAAU;AAC7D,aACE,oCAAC,OAAI,eAAc,YACjB,oCAAC,YACE,MAAK,UAAE,KACR,oCAAC,QAAK,OAAO,SAAS,EAAE,SAAO,kBACd,eAAe,KAAK,UAAU,UAAS,OAAI,GAC5D,GACA,oCAAC,QAAK,MAAI,QACP,UAAU,YAAY,SAAS,OAAO,GAAG,SAAS,CACrD,CACF,GACC;AAAA,QACC,MAAM,IAAI,CAAAA,WACR,oCAAC,OAAI,eAAc,UAAS,aAAa,GAAG,KAAKA,OAAM,YACrD,oCAAC,kBAAe,OAAOA,QAAO,KAAK,MAAM,OAAO,UAAU,IAAI,CAChE,CACD;AAAA,QACD,OACE,oCAAC,OAAI,aAAa,GAAG,KAAK,YAAY,CAAC,MACrC,oCAAC,QAAK,OAAO,SAAS,EAAE,iBAAe,KAAG,CAC5C;AAAA,MAEJ,CACF;AAAA,IAEJ,SAAS,GAAG;AAGV,eAAS,CAAC;AACV,aACE,oCAAC,OAAI,eAAc,YACjB,oCAAC,YAAM,MAAK,qBAAc,CAC5B;AAAA,IAEJ;AAAA,EACF;AAAA,EACA,MAAM,cACJ,EAAE,WAAW,YAAY,WAAW,GACpC,EAAE,mBAAmB,GACrB;AACA,QAAI,eAAe,YAAY;AAC7B,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SACE;AAAA,QACF,MAAM;AAAA,UACJ;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,UAAM,eAAe,WAAW,SAAS,IACrC,YACA,QAAQ,OAAO,GAAG,SAAS;AAG/B,QAAI,CAAC,kBAAkB,YAAY,KAAK,CAAC,mBAAmB,YAAY,GAAG;AACzE,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SACE;AAAA,MACJ;AAAA,IACF;AAGA,QAAI,WAAW,YAAY,GAAG;AAC5B,UAAI;AACF,cAAM,SAAS,UAAU,YAAY;AACrC,YAAI,OAAO,eAAe,GAAG;AAC3B,iBAAO;AAAA,YACL,QAAQ;AAAA,YACR,SACE;AAAA,UACJ;AAAA,QACF;AAAA,MACF,QAAQ;AAAA,MAER;AAAA,IACF;AAEA,QAAI,WAAW,YAAY,KAAK,eAAe,IAAI;AACjD,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS;AAAA,MACX;AAAA,IACF;AAEA,QAAI,CAAC,WAAW,YAAY,KAAK,eAAe,IAAI;AAClD,aAAO;AAAA,QACL,QAAQ;AAAA,MACV;AAAA,IACF;AAEA,QAAI,CAAC,WAAW,YAAY,GAAG;AAE7B,YAAM,kBAAkB,gBAAgB,YAAY;AACpD,UAAI,UAAU;AAGd,UAAI,iBAAiB;AACnB,mBAAW,iBAAiB,eAAe;AAAA,MAC7C;AAEA,aAAO;AAAA,QACL,QAAQ;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,QAAI,aAAa,SAAS,QAAQ,GAAG;AACnC,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS,uCAAuC,iBAAiB,IAAI;AAAA,MACvE;AAAA,IACF;AAEA,UAAM,gBAAgB,mBAAmB,YAAY;AACrD,QAAI,CAAC,eAAe;AAClB,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SACE;AAAA,QACF,MAAM;AAAA,UACJ,oBAAoB,OAAO,WAAW,SAAS,CAAC;AAAA,QAClD;AAAA,MACF;AAAA,IACF;AAGA,UAAM,QAAQ,SAAS,YAAY;AACnC,UAAM,gBAAgB,MAAM;AAC5B,QAAI,gBAAgB,eAAe;AACjC,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SACE;AAAA,MACJ;AAAA,IACF;AAEA,UAAM,MAAM,mBAAmB,YAAY;AAC3C,UAAM,OAAO,aAAa,cAAc,GAAG;AAC3C,QAAI,CAAC,KAAK,SAAS,UAAU,GAAG;AAC9B,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS;AAAA,QACT,MAAM;AAAA,UACJ,oBAAoB,OAAO,WAAW,SAAS,CAAC;AAAA,QAClD;AAAA,MACF;AAAA,IACF;AAEA,UAAM,UAAU,KAAK,MAAM,UAAU,EAAE,SAAS;AAChD,QAAI,UAAU,GAAG;AACf,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS,SAAS,OAAO;AAAA,QACzB,MAAM;AAAA,UACJ,oBAAoB,OAAO,WAAW,SAAS,CAAC;AAAA,QAClD;AAAA,MACF;AAAA,IACF;AAEA,WAAO,EAAE,QAAQ,KAAK;AAAA,EACxB;AAAA,EACA,OAAO,KAAK,EAAE,WAAW,YAAY,WAAW,GAAG,EAAE,mBAAmB,GAAG;AACzE,UAAM,EAAE,OAAO,YAAY,IAAI,UAAU,WAAW,YAAY,UAAU;AAE1E,UAAM,eAAe,WAAW,SAAS,IACrC,YACA,QAAQ,OAAO,GAAG,SAAS;AAC/B,UAAM,MAAM,QAAQ,YAAY;AAChC,cAAU,KAAK,EAAE,WAAW,KAAK,CAAC;AAClC,UAAM,MAAM,WAAW,YAAY,IAC/B,mBAAmB,YAAY,IAC/B;AACJ,UAAM,UAAU,WAAW,YAAY,IACnC,kBAAkB,YAAY,IAC9B;AACJ,UAAM,eAAe,WAAW,YAAY,IACxC,aAAa,cAAc,GAAG,IAC9B;AACJ,qBAAiB,cAAc,aAAa,KAAK,OAAO;AAGxD,mBAAe,cAAc,WAAW;AAGxC,uBAAmB,YAAY,IAAI,SAAS,YAAY,EAAE;AAG1D,QAAI,aAAa,SAAS,GAAG,GAAG,GAAG,YAAY,EAAE,GAAG;AAAA,IACpD;AAGA,sBAAkB,eAAe;AAAA,MAC/B,UAAU;AAAA,MACV,WAAW;AAAA,MACX,WAAW;AAAA,MACX,WAAW,KAAK,IAAI;AAAA,MACpB,WACE,eAAe,KAAK,WAAW,eAAe,KAAK,WAAW;AAAA,IAClE,CAAC;AAED,UAAM,OAAO;AAAA,MACX,UAAU;AAAA,MACV,WAAW;AAAA,MACX,WAAW;AAAA,MACX;AAAA,MACA,iBAAiB;AAAA,IACnB;AACA,UAAM;AAAA,MACJ,MAAM;AAAA,MACN;AAAA,MACA,oBAAoB,KAAK,yBAAyB,IAAI;AAAA,IACxD;AAAA,EACF;AAAA,EACA,yBAAyB,EAAE,UAAU,cAAc,WAAW,UAAU,GAAG;AACzE,UAAM,EAAE,SAAS,UAAU,IAAI;AAAA,MAC7B,gBAAgB;AAAA,MAChB;AAAA,MACA;AAAA,IACF;AACA,WAAO,YAAY,QAAQ;AAAA,EAC7B,eAAe;AAAA,MACf,SAAS;AAAA,MACT;AAAA,IACF,CAAC,CAAC;AAAA,EACA;AACF;AAWO,SAAS,WACd,aACA,QACA,QACwC;AACxC,QAAM,SAAS,YAAY,MAAM,MAAM,EAAE,CAAC,KAAK;AAC/C,QAAM,kBAAkB,OAAO,MAAM,OAAO,EAAE,SAAS;AACvD,QAAM,eAAe,YAAY,QAAQ,QAAQ,MAAM,EAAE,MAAM,OAAO;AAEtE,QAAM,YAAY,KAAK,IAAI,GAAG,kBAAkB,eAAe;AAC/D,QAAM,UACJ,kBAAkB,kBAAkB,OAAO,MAAM,OAAO,EAAE;AAE5D,QAAM,eAAe,aAAa,MAAM,WAAW,UAAU,CAAC;AAC9D,QAAM,UAAU,aAAa,KAAK,IAAI;AACtC,SAAO,EAAE,SAAS,WAAW,YAAY,EAAE;AAC7C;",
   "names": ["patch"]
 }

package/dist/tools/FileEditTool/prompt.js

@@ -1,12 +1,15 @@
 import { NotebookEditTool } from "../NotebookEditTool/NotebookEditTool.js";
-const DESCRIPTION = `This is a tool for editing files. For moving or renaming files, you should generally use the Bash tool with the 'mv' command instead. For larger edits, use the Write tool to overwrite files. For Jupyter notebooks (.ipynb files), use the ${NotebookEditTool.name} instead.
+import { FileWriteTool } from "../FileWriteTool/FileWriteTool.js";
+import { FileReadTool } from "../FileReadTool/FileReadTool.js";
+import { LSTool } from "../lsTool/lsTool.js";
+const DESCRIPTION = `This is a tool for editing files. For moving or renaming files, you should generally use the Bash tool with the 'mv' command instead. For larger edits, use the ${FileWriteTool.name} tool to overwrite files. For Jupyter notebooks (.ipynb files), use the ${NotebookEditTool.name} instead.
 
 Before using this tool:
 
-1. Use the View tool to understand the file's contents and context
+1. Use the ${FileReadTool.name} tool to understand the file's contents and context
 
 2. Verify the directory path is correct (only applicable when creating new files):
-   - Use the LS tool to verify the parent directory exists and is the correct location
+   - Use the ${LSTool.name} tool to verify the parent directory exists and is the correct location
 
 To make a file edit, provide the following:
 1. file_path: The absolute path to the file to modify (must be absolute, not relative)

package/dist/tools/FileEditTool/prompt.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/tools/FileEditTool/prompt.ts"],
-  "sourcesContent": ["import { NotebookEditTool } from '@tools/NotebookEditTool/NotebookEditTool'\n\nexport const DESCRIPTION = `This is a tool for editing files. For moving or renaming files, you should generally use the Bash tool with the 'mv' command instead. For larger edits, use the Write tool to overwrite files. For Jupyter notebooks (.ipynb files), use the ${NotebookEditTool.name} instead.\n\nBefore using this tool:\n\n1. Use the View tool to understand the file's contents and context\n\n2. Verify the directory path is correct (only applicable when creating new files):\n   - Use the LS tool to verify the parent directory exists and is the correct location\n\nTo make a file edit, provide the following:\n1. file_path: The absolute path to the file to modify (must be absolute, not relative)\n2. old_string: The text to replace (must be unique within the file, and must match the file contents exactly, including all whitespace and indentation)\n3. new_string: The edited text to replace the old_string\n\nThe tool will replace ONE occurrence of old_string with new_string in the specified file.\n\nCRITICAL REQUIREMENTS FOR USING THIS TOOL:\n\n1. UNIQUENESS: The old_string MUST uniquely identify the specific instance you want to change. This means:\n   - Include AT LEAST 3-5 lines of context BEFORE the change point\n   - Include AT LEAST 3-5 lines of context AFTER the change point\n   - Include all whitespace, indentation, and surrounding code exactly as it appears in the file\n\n2. SINGLE INSTANCE: This tool can only change ONE instance at a time. If you need to change multiple instances:\n   - Make separate calls to this tool for each instance\n   - Each call must uniquely identify its specific instance using extensive context\n\n3. VERIFICATION: Before using this tool:\n   - Check how many instances of the target text exist in the file\n   - If multiple instances exist, gather enough context to uniquely identify each one\n   - Plan separate tool calls for each instance\n\nWARNING: If you do not follow these requirements:\n   - The tool will fail if old_string matches multiple locations\n   - The tool will fail if old_string doesn't match exactly (including whitespace)\n   - You may change the wrong instance if you don't include enough context\n\nWhen making edits:\n   - Ensure the edit results in idiomatic, correct code\n   - Do not leave the code in a broken state\n   - Always use absolute file paths (starting with /)\n\nIf you want to create a new file, use:\n   - A new file path, including dir name if needed\n   - An empty old_string\n   - The new file's contents as new_string\n\nRemember: when making multiple file edits in a row to the same file, you should prefer to send all edits in a single message with multiple calls to this tool, rather than multiple messages with a single call each.\n`\n"],
-  "mappings": "AAAA,SAAS,wBAAwB;AAE1B,MAAM,cAAc,gPAAgP,iBAAiB,IAAI;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;",
+  "sourcesContent": ["import { NotebookEditTool } from '@tools/NotebookEditTool/NotebookEditTool'\nimport { FileWriteTool } from '@tools/FileWriteTool/FileWriteTool'\nimport { FileReadTool } from '@tools/FileReadTool/FileReadTool'\nimport { LSTool } from '@tools/lsTool/lsTool'\n\nexport const DESCRIPTION = `This is a tool for editing files. For moving or renaming files, you should generally use the Bash tool with the 'mv' command instead. For larger edits, use the ${FileWriteTool.name} tool to overwrite files. For Jupyter notebooks (.ipynb files), use the ${NotebookEditTool.name} instead.\n\nBefore using this tool:\n\n1. Use the ${FileReadTool.name} tool to understand the file's contents and context\n\n2. Verify the directory path is correct (only applicable when creating new files):\n   - Use the ${LSTool.name} tool to verify the parent directory exists and is the correct location\n\nTo make a file edit, provide the following:\n1. file_path: The absolute path to the file to modify (must be absolute, not relative)\n2. old_string: The text to replace (must be unique within the file, and must match the file contents exactly, including all whitespace and indentation)\n3. new_string: The edited text to replace the old_string\n\nThe tool will replace ONE occurrence of old_string with new_string in the specified file.\n\nCRITICAL REQUIREMENTS FOR USING THIS TOOL:\n\n1. UNIQUENESS: The old_string MUST uniquely identify the specific instance you want to change. This means:\n   - Include AT LEAST 3-5 lines of context BEFORE the change point\n   - Include AT LEAST 3-5 lines of context AFTER the change point\n   - Include all whitespace, indentation, and surrounding code exactly as it appears in the file\n\n2. SINGLE INSTANCE: This tool can only change ONE instance at a time. If you need to change multiple instances:\n   - Make separate calls to this tool for each instance\n   - Each call must uniquely identify its specific instance using extensive context\n\n3. VERIFICATION: Before using this tool:\n   - Check how many instances of the target text exist in the file\n   - If multiple instances exist, gather enough context to uniquely identify each one\n   - Plan separate tool calls for each instance\n\nWARNING: If you do not follow these requirements:\n   - The tool will fail if old_string matches multiple locations\n   - The tool will fail if old_string doesn't match exactly (including whitespace)\n   - You may change the wrong instance if you don't include enough context\n\nWhen making edits:\n   - Ensure the edit results in idiomatic, correct code\n   - Do not leave the code in a broken state\n   - Always use absolute file paths (starting with /)\n\nIf you want to create a new file, use:\n   - A new file path, including dir name if needed\n   - An empty old_string\n   - The new file's contents as new_string\n\nRemember: when making multiple file edits in a row to the same file, you should prefer to send all edits in a single message with multiple calls to this tool, rather than multiple messages with a single call each.\n`\n"],
+  "mappings": "AAAA,SAAS,wBAAwB;AACjC,SAAS,qBAAqB;AAC9B,SAAS,oBAAoB;AAC7B,SAAS,cAAc;AAEhB,MAAM,cAAc,mKAAmK,cAAc,IAAI,2EAA2E,iBAAiB,IAAI;AAAA;AAAA;AAAA;AAAA,aAInS,aAAa,IAAI;AAAA;AAAA;AAAA,eAGf,OAAO,IAAI;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;",
   "names": []
 }